|
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//------------------------------------------------------------
namespace System.IdentityModel
{
using System.Diagnostics;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
class RijndaelCryptoServiceProvider : Rijndael
{
public RijndaelCryptoServiceProvider()
{
}
public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)
{
if (rgbKey == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rgbKey");
if (rgbIV == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rgbIV");
if (this.ModeValue != CipherMode.CBC)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.AESCipherModeNotSupported, this.ModeValue)));
return new RijndaelCryptoTransform(rgbKey, rgbIV, this.PaddingValue, this.BlockSizeValue, true);
}
public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)
{
if (rgbKey == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rgbKey");
if (rgbIV == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("rgbIV");
if (this.ModeValue != CipherMode.CBC)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.AESCipherModeNotSupported, this.ModeValue)));
return new RijndaelCryptoTransform(rgbKey, rgbIV, this.PaddingValue, this.BlockSizeValue, false);
}
public override void GenerateKey()
{
this.KeyValue = new byte[this.KeySizeValue / 8];
CryptoHelper.RandomNumberGenerator.GetBytes(this.KeyValue);
}
public override void GenerateIV()
{
// IV is always 16 bytes/128 bits because block size is always 128 bits
this.IVValue = new byte[this.BlockSizeValue / 8];
CryptoHelper.RandomNumberGenerator.GetBytes(this.IVValue);
}
class RijndaelCryptoTransform : ICryptoTransform
{
SafeProvHandle provHandle = SafeProvHandle.InvalidHandle;
SafeKeyHandle keyHandle = SafeKeyHandle.InvalidHandle;
PaddingMode paddingMode;
byte[] depadBuffer = null;
int blockSize;
bool encrypt;
public unsafe RijndaelCryptoTransform(byte[] rgbKey, byte[] rgbIV, PaddingMode paddingMode, int blockSizeBits, bool encrypt)
{
if (rgbKey.Length != 16 && rgbKey.Length != 24 && rgbKey.Length != 32)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.AESKeyLengthNotSupported, rgbKey.Length * 8)));
if (rgbIV.Length != 16)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.AESIVLengthNotSupported, rgbIV.Length * 8)));
if (paddingMode != PaddingMode.PKCS7 && paddingMode != PaddingMode.ISO10126)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.AESPaddingModeNotSupported, paddingMode)));
this.paddingMode = paddingMode;
DiagnosticUtility.DebugAssert((blockSizeBits % 8) == 0, "Bits must be byte aligned.");
this.blockSize = blockSizeBits / 8;
this.encrypt = encrypt;
SafeProvHandle provHandle = null;
SafeKeyHandle keyHandle = null;
try
{
#pragma warning suppress 56523
ThrowIfFalse(SR.AESCryptAcquireContextFailed, NativeMethods.CryptAcquireContextW(out provHandle, null, null, NativeMethods.PROV_RSA_AES, NativeMethods.CRYPT_VERIFYCONTEXT));
// (BLOBHEADER + keyLen) + Key
int cbData = PLAINTEXTKEYBLOBHEADER.SizeOf + rgbKey.Length;
byte[] pbData = new byte[cbData];
Buffer.BlockCopy(rgbKey, 0, pbData, PLAINTEXTKEYBLOBHEADER.SizeOf, rgbKey.Length);
fixed (void* pbDataPtr = &pbData[0])
{
PLAINTEXTKEYBLOBHEADER* pbhdr = (PLAINTEXTKEYBLOBHEADER*)pbDataPtr;
pbhdr->bType = NativeMethods.PLAINTEXTKEYBLOB;
pbhdr->bVersion = NativeMethods.CUR_BLOB_VERSION;
pbhdr->reserved = 0;
if (rgbKey.Length == 16)
pbhdr->aiKeyAlg = NativeMethods.CALG_AES_128;
else if (rgbKey.Length == 24)
pbhdr->aiKeyAlg = NativeMethods.CALG_AES_192;
else
pbhdr->aiKeyAlg = NativeMethods.CALG_AES_256;
pbhdr->keyLength = rgbKey.Length;
keyHandle = SafeKeyHandle.SafeCryptImportKey(provHandle, pbDataPtr, cbData);
}
#if DEBUG
uint ivLen = 0;
#pragma warning suppress 56523 // win32 error checked in ThrowIfFalse() method
ThrowIfFalse(SR.AESCryptGetKeyParamFailed, NativeMethods.CryptGetKeyParam(keyHandle, NativeMethods.KP_IV, IntPtr.Zero, ref ivLen, 0));
DiagnosticUtility.DebugAssert(rgbIV.Length == ivLen, "Mismatch iv size");
#endif
fixed (void* pbIVPtr = &rgbIV[0])
{
#pragma warning suppress 56523
ThrowIfFalse(SR.AESCryptSetKeyParamFailed, NativeMethods.CryptSetKeyParam(keyHandle, NativeMethods.KP_IV, pbIVPtr, 0));
}
// Save
this.keyHandle = keyHandle;
this.provHandle = provHandle;
keyHandle = null;
provHandle = null;
}
finally
{
if (keyHandle != null)
keyHandle.Close();
if (provHandle != null)
provHandle.Close();
}
}
public bool CanReuseTransform
{
get { return true; }
}
public bool CanTransformMultipleBlocks
{
get { return true; }
}
public int InputBlockSize
{
get { return this.blockSize; }
}
public int OutputBlockSize
{
get { return this.blockSize; }
}
public void Dispose()
{
try
{
this.keyHandle.Close();
}
finally
{
this.provHandle.Close();
}
}
public int TransformBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
{
if (inputBuffer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("inputBuffer");
if (outputBuffer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("outputBuffer");
if (inputOffset < 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("inputOffset", SR.GetString(SR.ValueMustBeNonNegative)));
if (inputCount <= 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("inputCount", SR.GetString(SR.ValueMustBeGreaterThanZero)));
if (outputOffset < 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("outputOffset", SR.GetString(SR.ValueMustBeNonNegative)));
if ((inputCount % this.blockSize) != 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.AESInvalidInputBlockSize, inputCount, this.blockSize)));
if ((inputBuffer.Length - inputCount) < inputOffset)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("inputOffset", SR.GetString(SR.ValueMustBeInRange, 0, inputBuffer.Length - inputCount - 1)));
if (outputBuffer.Length < outputOffset)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("outputOffset", SR.GetString(SR.ValueMustBeInRange, 0, outputBuffer.Length - 1)));
if (this.encrypt)
{
return EncryptData(inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset, false);
}
else
{
if (this.paddingMode == PaddingMode.PKCS7)
{
return DecryptData(inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset, false);
}
else
{
// OK, now we're in the special case. Check to see if this is the *first* block we've seen
// If so, buffer it and return null zero bytes
if (this.depadBuffer == null)
{
this.depadBuffer = new byte[this.blockSize];
// copy the last InputBlockSize bytes to m_depadBuffer everything else gets processed and returned
int inputToProcess = inputCount - this.blockSize;
Buffer.BlockCopy(inputBuffer, inputOffset + inputToProcess, this.depadBuffer, 0, this.blockSize);
return ((inputToProcess <= 0) ? 0 : DecryptData(inputBuffer, inputOffset, inputToProcess, outputBuffer, outputOffset, false));
}
else
{
// we already have a depad buffer, so we need to decrypt that info first & copy it out
int dwCount = DecryptData(this.depadBuffer, 0, this.depadBuffer.Length, outputBuffer, outputOffset, false);
outputOffset += dwCount;
int inputToProcess = inputCount - this.blockSize;
Buffer.BlockCopy(inputBuffer, inputOffset + inputToProcess, this.depadBuffer, 0, this.blockSize);
return dwCount + ((inputToProcess <= 0) ? 0 : DecryptData(inputBuffer, inputOffset, inputToProcess, outputBuffer, outputOffset, false));
}
}
}
}
public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
{
if (inputBuffer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("inputBuffer");
if (inputOffset < 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("inputOffset", SR.GetString(SR.ValueMustBeNonNegative)));
if (inputCount < 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("inputCount", SR.GetString(SR.ValueMustBeNonNegative)));
if ((inputBuffer.Length - inputCount) < inputOffset)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("inputOffset", SR.GetString(SR.ValueMustBeInRange, 0, inputBuffer.Length - inputCount - 1)));
if (this.encrypt)
{
int padding = this.blockSize - (inputCount % this.blockSize);
int outputCount = inputCount + padding;
if (this.paddingMode == PaddingMode.ISO10126)
outputCount += this.blockSize;
byte[] outputBuffer = new byte[outputCount];
int dwCount = EncryptData(inputBuffer, inputOffset, inputCount, outputBuffer, 0, true);
return TruncateBuffer(outputBuffer, dwCount);
}
else
{
if (this.paddingMode == PaddingMode.PKCS7)
{
byte[] outputBuffer = new byte[inputCount];
int dwCount = DecryptData(inputBuffer, inputOffset, inputCount, outputBuffer, 0, true);
return TruncateBuffer(outputBuffer, dwCount);
}
else
{
// OK, now we're in the special case. Check to see if this is the *first* block we've seen
// If so, buffer it and return null zero bytes
if (this.depadBuffer == null)
{
byte[] outputBuffer = new byte[inputCount];
int dwCount = DecryptData(inputBuffer, inputOffset, inputCount, outputBuffer, 0, true);
return TruncateBuffer(outputBuffer, dwCount);
}
else
{
byte[] outputBuffer = new byte[this.depadBuffer.Length + inputCount];
// we already have a depad buffer, so we need to decrypt that info first & copy it out
int dwCount = DecryptData(this.depadBuffer, 0, this.depadBuffer.Length, outputBuffer, 0, false);
dwCount += DecryptData(inputBuffer, inputOffset, inputCount, outputBuffer, dwCount, true);
return TruncateBuffer(outputBuffer, dwCount);
}
}
}
}
unsafe int EncryptData(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset, bool final)
{
if ((outputBuffer.Length - outputOffset) < inputCount)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("outputBuffer", SR.GetString(SR.AESInsufficientOutputBuffer, outputBuffer.Length - outputOffset, inputCount)));
bool doPadding = final && (this.paddingMode == PaddingMode.ISO10126);
byte[] tempBuffer = outputBuffer;
int tempOffset = outputOffset;
int dwCount = inputCount;
bool throwing = true;
Buffer.BlockCopy(inputBuffer, inputOffset, tempBuffer, tempOffset, inputCount);
try
{
if (doPadding)
DoPadding(ref tempBuffer, ref tempOffset, ref dwCount);
fixed (void* tempBufferPtr = &tempBuffer[tempOffset])
{
#pragma warning suppress 56523
ThrowIfFalse(SR.AESCryptEncryptFailed, NativeMethods.CryptEncrypt(keyHandle, IntPtr.Zero, final, 0, tempBufferPtr, ref dwCount, tempBuffer.Length - tempOffset));
}
throwing = false;
}
finally
{
if (throwing)
Array.Clear(tempBuffer, tempOffset, inputCount);
}
// Chop off native padding.
if (doPadding)
dwCount -= this.blockSize;
if (tempBuffer != outputBuffer)
Buffer.BlockCopy(tempBuffer, tempOffset, outputBuffer, outputOffset, dwCount);
return dwCount;
}
unsafe int DecryptData(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset, bool final)
{
bool bFinal = final && (this.paddingMode == PaddingMode.PKCS7);
int dwCount = inputCount;
if (dwCount > 0)
{
Buffer.BlockCopy(inputBuffer, inputOffset, outputBuffer, outputOffset, inputCount);
fixed (void* outputBufferPtr = &outputBuffer[outputOffset])
{
#pragma warning suppress 56523
ThrowIfFalse(SR.AESCryptDecryptFailed, NativeMethods.CryptDecrypt(keyHandle, IntPtr.Zero, bFinal, 0, outputBufferPtr, ref dwCount));
}
}
if (!bFinal && final)
{
byte padSize = outputBuffer[outputOffset + dwCount - 1];
DiagnosticUtility.DebugAssert(padSize <= this.blockSize, "Invalid padding size.");
dwCount -= padSize;
}
return dwCount;
}
// Since the CSP only provides PKCS7 padding. For other padding, we do it manually.
void DoPadding(ref byte[] tempBuffer, ref int tempOffset, ref int dwCount)
{
int lonelyBytes = dwCount % this.blockSize;
int padSize = this.blockSize - lonelyBytes;
// Random with last byte indicating padSize
byte[] padBytes = new byte[padSize];
CryptoHelper.RandomNumberGenerator.GetBytes(padBytes);
padBytes[padSize - 1] = (byte)padSize;
// inline if can hold manual padding and native padding (1 block)
int requiredSize = dwCount + padSize + this.blockSize;
if (tempBuffer.Length >= (tempOffset + requiredSize))
{
Buffer.BlockCopy(padBytes, 0, tempBuffer, tempOffset + dwCount, padSize);
}
else
{
byte[] ret = new byte[requiredSize];
Buffer.BlockCopy(tempBuffer, tempOffset, ret, 0, dwCount);
Buffer.BlockCopy(padBytes, 0, ret, dwCount, padSize);
Array.Clear(tempBuffer, tempOffset, dwCount);
tempBuffer = ret;
tempOffset = 0;
}
dwCount += padSize;
}
byte[] TruncateBuffer(byte[] buffer, int len)
{
if (len == buffer.Length)
return buffer;
// Truncate
byte[] tempBuffer = new byte[len];
Buffer.BlockCopy(buffer, 0, tempBuffer, 0, len);
if (!this.encrypt)
Array.Clear(buffer, 0, buffer.Length);
return tempBuffer;
}
static void ThrowIfFalse(string sr, bool ret)
{
if (!ret)
{
int err = Marshal.GetLastWin32Error();
string reason = (err != 0) ? new Win32Exception(err).Message : String.Empty;
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(sr, reason)));
}
}
}
}
}
|