From 8ce7ff07fcef7ee9ee80cb184f080c0e3167591f Mon Sep 17 00:00:00 2001 From: Jamie Date: Thu, 6 Apr 2017 21:55:44 +0100 Subject: [PATCH] Update StringCipher.cs --- Ombi/Ombi.Helpers/StringCipher.cs | 113 +++++++++++------------------- 1 file changed, 39 insertions(+), 74 deletions(-) diff --git a/Ombi/Ombi.Helpers/StringCipher.cs b/Ombi/Ombi.Helpers/StringCipher.cs index 152dc3f0d..df10fcb6a 100644 --- a/Ombi/Ombi.Helpers/StringCipher.cs +++ b/Ombi/Ombi.Helpers/StringCipher.cs @@ -1,19 +1,12 @@ -using System; +using System; using System.IO; -using System.Linq; using System.Security.Cryptography; using System.Text; namespace Ombi.Helpers { - public class StringCipher + public static class StringCipher { - // This constant determines the number of iterations for the password bytes generation function. - private const int DerivationIterations = 1000; - // This constant is used to determine the keysize of the encryption algorithm in bits. - // We divide this by 8 within the code below to get the equivalent number of bytes. - private const int Keysize = 256; - /// /// Decrypts the specified cipher text. /// @@ -22,39 +15,32 @@ namespace Ombi.Helpers /// public static string Decrypt(string cipherText, string passPhrase) { - // Get the complete stream of bytes that represent: - // [32 bytes of Salt] + [32 bytes of IV] + [n bytes of CipherText] - var cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherText); - // Get the saltbytes by extracting the first 32 bytes from the supplied cipherText bytes. - var saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray(); - // Get the IV bytes by extracting the next 32 bytes from the supplied cipherText bytes. - var ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray(); - // Get the actual cipher text bytes by removing the first 64 bytes from the cipherText string. - var cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray(); + var fullCipher = Convert.FromBase64String(cipherText); + + var iv = new byte[16]; + var cipher = new byte[16]; + + Buffer.BlockCopy(fullCipher, 0, iv, 0, iv.Length); + Buffer.BlockCopy(fullCipher, iv.Length, cipher, 0, iv.Length); + var key = Encoding.UTF8.GetBytes(passPhrase); - using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations)) + using (var aesAlg = Aes.Create()) { - var keyBytes = password.GetBytes(Keysize / 8); - var aes = Aes.Create(); - using (var symmetricKey = new RijndaelManaged()) + using (var decryptor = aesAlg.CreateDecryptor(key, iv)) { - symmetricKey.BlockSize = 256; - symmetricKey.Mode = CipherMode.CBC; - symmetricKey.Padding = PaddingMode.PKCS7; - using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes)) + string result; + using (var msDecrypt = new MemoryStream(cipher)) { - using (var memoryStream = new MemoryStream(cipherTextBytes)) + using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) { - using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)) + using (var srDecrypt = new StreamReader(csDecrypt)) { - var plainTextBytes = new byte[cipherTextBytes.Length]; - var decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length); - memoryStream.Close(); - cryptoStream.Close(); - return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount); + result = srDecrypt.ReadToEnd(); } } } + + return result; } } } @@ -67,54 +53,33 @@ namespace Ombi.Helpers /// public static string Encrypt(string plainText, string passPhrase) { - // Salt and IV is randomly generated each time, but is preprended to encrypted cipher text - // so that the same Salt and IV values can be used when decrypting. - var saltStringBytes = Generate256BitsOfRandomEntropy(); - var ivStringBytes = Generate256BitsOfRandomEntropy(); - var plainTextBytes = Encoding.UTF8.GetBytes(plainText); - using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations)) + var key = Encoding.UTF8.GetBytes(passPhrase); + + using (var aesAlg = Aes.Create()) { - var keyBytes = password.GetBytes(Keysize / 8); - using (var symmetricKey = new RijndaelManaged()) + using (var encryptor = aesAlg.CreateEncryptor(key, aesAlg.IV)) { - symmetricKey.BlockSize = 256; - symmetricKey.Mode = CipherMode.CBC; - symmetricKey.Padding = PaddingMode.PKCS7; - using (var encryptor = symmetricKey.CreateEncryptor(keyBytes, ivStringBytes)) + using (var msEncrypt = new MemoryStream()) { - using (var memoryStream = new MemoryStream()) + using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) + using (var swEncrypt = new StreamWriter(csEncrypt)) { - using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)) - { - cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length); - cryptoStream.FlushFinalBlock(); - // Create the final bytes as a concatenation of the random salt bytes, the random iv bytes and the cipher bytes. - var cipherTextBytes = saltStringBytes; - cipherTextBytes = cipherTextBytes.Concat(ivStringBytes).ToArray(); - cipherTextBytes = cipherTextBytes.Concat(memoryStream.ToArray()).ToArray(); - memoryStream.Close(); - cryptoStream.Close(); - return Convert.ToBase64String(cipherTextBytes); - } + swEncrypt.Write(plainText); } + + var iv = aesAlg.IV; + + var decryptedContent = msEncrypt.ToArray(); + + var result = new byte[iv.Length + decryptedContent.Length]; + + Buffer.BlockCopy(iv, 0, result, 0, iv.Length); + Buffer.BlockCopy(decryptedContent, 0, result, iv.Length, decryptedContent.Length); + + return Convert.ToBase64String(result); } } } } - - /// - /// Generate256s the bits of random entropy. - /// - /// - private static byte[] Generate256BitsOfRandomEntropy() - { - var randomBytes = new byte[32]; // 32 Bytes will give us 256 bits. - using (var rngCsp = new RNGCryptoServiceProvider()) - { - // Fill the array with cryptographically secure random bytes. - rngCsp.GetBytes(randomBytes); - } - return randomBytes; - } } -} \ No newline at end of file +}