Update StringCipher.cs

pull/1358/head
Jamie 8 years ago committed by GitHub
parent 1e4f0d9e1b
commit 8ce7ff07fc

@ -1,19 +1,12 @@
using System; using System;
using System.IO; using System.IO;
using System.Linq;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text; using System.Text;
namespace Ombi.Helpers namespace Ombi.Helpers
{ {
public class StringCipher public static class StringCipher
{ {
// This constant determines the number of iterations for the password bytes generation function.
private const int DerivationIterations = 1000;
// This constant is used to determine the keysize of the encryption algorithm in bits.
// We divide this by 8 within the code below to get the equivalent number of bytes.
private const int Keysize = 256;
/// <summary> /// <summary>
/// Decrypts the specified cipher text. /// Decrypts the specified cipher text.
/// </summary> /// </summary>
@ -22,39 +15,32 @@ namespace Ombi.Helpers
/// <returns></returns> /// <returns></returns>
public static string Decrypt(string cipherText, string passPhrase) public static string Decrypt(string cipherText, string passPhrase)
{ {
// Get the complete stream of bytes that represent: var fullCipher = Convert.FromBase64String(cipherText);
// [32 bytes of Salt] + [32 bytes of IV] + [n bytes of CipherText]
var cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherText); var iv = new byte[16];
// Get the saltbytes by extracting the first 32 bytes from the supplied cipherText bytes. var cipher = new byte[16];
var saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray();
// Get the IV bytes by extracting the next 32 bytes from the supplied cipherText bytes. Buffer.BlockCopy(fullCipher, 0, iv, 0, iv.Length);
var ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray(); Buffer.BlockCopy(fullCipher, iv.Length, cipher, 0, iv.Length);
// Get the actual cipher text bytes by removing the first 64 bytes from the cipherText string. var key = Encoding.UTF8.GetBytes(passPhrase);
var cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray();
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations)) using (var aesAlg = Aes.Create())
{ {
var keyBytes = password.GetBytes(Keysize / 8); using (var decryptor = aesAlg.CreateDecryptor(key, iv))
var aes = Aes.Create();
using (var symmetricKey = new RijndaelManaged())
{ {
symmetricKey.BlockSize = 256; string result;
symmetricKey.Mode = CipherMode.CBC; using (var msDecrypt = new MemoryStream(cipher))
symmetricKey.Padding = PaddingMode.PKCS7;
using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes))
{ {
using (var memoryStream = new MemoryStream(cipherTextBytes)) using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{ {
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)) using (var srDecrypt = new StreamReader(csDecrypt))
{ {
var plainTextBytes = new byte[cipherTextBytes.Length]; result = srDecrypt.ReadToEnd();
var decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
} }
} }
} }
return result;
} }
} }
} }
@ -67,54 +53,33 @@ namespace Ombi.Helpers
/// <returns></returns> /// <returns></returns>
public static string Encrypt(string plainText, string passPhrase) public static string Encrypt(string plainText, string passPhrase)
{ {
// Salt and IV is randomly generated each time, but is preprended to encrypted cipher text var key = Encoding.UTF8.GetBytes(passPhrase);
// so that the same Salt and IV values can be used when decrypting.
var saltStringBytes = Generate256BitsOfRandomEntropy(); using (var aesAlg = Aes.Create())
var ivStringBytes = Generate256BitsOfRandomEntropy();
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{ {
var keyBytes = password.GetBytes(Keysize / 8); using (var encryptor = aesAlg.CreateEncryptor(key, aesAlg.IV))
using (var symmetricKey = new RijndaelManaged())
{ {
symmetricKey.BlockSize = 256; using (var msEncrypt = new MemoryStream())
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (var encryptor = symmetricKey.CreateEncryptor(keyBytes, ivStringBytes))
{ {
using (var memoryStream = new MemoryStream()) using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
using (var swEncrypt = new StreamWriter(csEncrypt))
{ {
using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)) swEncrypt.Write(plainText);
{
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
// Create the final bytes as a concatenation of the random salt bytes, the random iv bytes and the cipher bytes.
var cipherTextBytes = saltStringBytes;
cipherTextBytes = cipherTextBytes.Concat(ivStringBytes).ToArray();
cipherTextBytes = cipherTextBytes.Concat(memoryStream.ToArray()).ToArray();
memoryStream.Close();
cryptoStream.Close();
return Convert.ToBase64String(cipherTextBytes);
}
} }
var iv = aesAlg.IV;
var decryptedContent = msEncrypt.ToArray();
var result = new byte[iv.Length + decryptedContent.Length];
Buffer.BlockCopy(iv, 0, result, 0, iv.Length);
Buffer.BlockCopy(decryptedContent, 0, result, iv.Length, decryptedContent.Length);
return Convert.ToBase64String(result);
} }
} }
} }
} }
/// <summary>
/// Generate256s the bits of random entropy.
/// </summary>
/// <returns></returns>
private static byte[] Generate256BitsOfRandomEntropy()
{
var randomBytes = new byte[32]; // 32 Bytes will give us 256 bits.
using (var rngCsp = new RNGCryptoServiceProvider())
{
// Fill the array with cryptographically secure random bytes.
rngCsp.GetBytes(randomBytes);
}
return randomBytes;
}
} }
} }
Loading…
Cancel
Save