|
using System.Diagnostics.Contracts;
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
// <OWNER>Microsoft</OWNER>
//
//
// RijndaelManaged.cs
//
namespace System.Security.Cryptography
{
[System.Runtime.InteropServices.ComVisible(true)]
public sealed class RijndaelManaged : Rijndael {
public RijndaelManaged () {
#if FEATURE_CRYPTO
// .NET Framework 2.0 - 4.7.2 rejected all managed implementations when in FIPS mode
// because the implementations are not certified. For applications which needed to
// have FIPS mode enabled but also process data encrypted with Rijndael not in its AES
// guise there was no good option (the most plausible scenario is decrypting previously
// encrypted data, since FIPS policies mainly restrict applying algorithms to plaintext).
//
// "Rijndael" in full format is not a FIPS-Approved algorithm, and an application or
// library will have to determine on its own if Rijndael would be prohibited in context.
if (CryptoConfig.AllowOnlyFipsAlgorithms && AppContextSwitches.UseLegacyFipsThrow)
throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NonCompliantFIPSAlgorithm"));
Contract.EndContractBlock();
#endif // FEATURE_CRYPTO
}
// #CoreCLRRijndaelModes
//
// On CoreCLR we limit the supported cipher modes and padding modes for the AES algorithm to a
// single hard coded value. This allows us to remove a lot of code by removing support for the
// uncommon cases and forcing everyone to use the same common padding and ciper modes:
//
// - CipherMode: CipherMode.CBC
// - PaddingMode: PaddingMode.PKCS7
public override ICryptoTransform CreateEncryptor (byte[] rgbKey, byte[] rgbIV) {
return NewEncryptor(rgbKey,
ModeValue,
rgbIV,
FeedbackSizeValue,
RijndaelManagedTransformMode.Encrypt);
}
public override ICryptoTransform CreateDecryptor (byte[] rgbKey, byte[] rgbIV) {
return NewEncryptor(rgbKey,
ModeValue,
rgbIV,
FeedbackSizeValue,
RijndaelManagedTransformMode.Decrypt);
}
public override void GenerateKey () {
KeyValue = Utils.GenerateRandom(KeySizeValue / 8);
}
public override void GenerateIV () {
IVValue = Utils.GenerateRandom(BlockSizeValue / 8);
}
private ICryptoTransform NewEncryptor (byte[] rgbKey,
CipherMode mode,
byte[] rgbIV,
int feedbackSize,
RijndaelManagedTransformMode encryptMode) {
// Build the key if one does not already exist
if (rgbKey == null) {
rgbKey = Utils.GenerateRandom(KeySizeValue / 8);
}
// If not ECB mode, make sure we have an IV. In CoreCLR we do not support ECB, so we must have
// an IV in all cases.
#if !FEATURE_CRYPTO
if (mode != CipherMode.ECB) {
#endif // !FEATURE_CRYPTO
if (rgbIV == null) {
rgbIV = Utils.GenerateRandom(BlockSizeValue / 8);
}
#if !FEATURE_CRYPTO
}
#endif // !FEATURE_CRYPTO
// Create the encryptor/decryptor object
return new RijndaelManagedTransform (rgbKey,
mode,
rgbIV,
BlockSizeValue,
feedbackSize,
PaddingValue,
encryptMode);
}
}
}
|