WIP Update lib to 2.37

ModernKeePassLib/Cryptography/CryptoUtil.cs

@@ -0,0 +1,191 @@
+/*
+  KeePass Password Safe - The Open-Source Password Manager
+  Copyright (C) 2003-2017 Dominik Reichl <dominik.reichl@t-online.de>
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Reflection;
+using System.Text;
+
+using Windows.Security.Cryptography;
+using Windows.Security.Cryptography.Core;
+using ModernKeePassLib.Native;
+using ModernKeePassLib.Utility;
+
+namespace ModernKeePassLib.Cryptography
+{
+	public static class CryptoUtil
+	{
+		public static byte[] HashSha256(byte[] pbData)
+		{
+			if(pbData == null) throw new ArgumentNullException("pbData");
+
+			return HashSha256(pbData, 0, pbData.Length);
+		}
+
+		public static byte[] HashSha256(byte[] pbData, int iOffset, int cbCount)
+		{
+			if(pbData == null) throw new ArgumentNullException("pbData");
+
+#if DEBUG
+			byte[] pbCopy = new byte[pbData.Length];
+			Array.Copy(pbData, pbCopy, pbData.Length);
+#endif
+
+			byte[] pbHash;
+
+#if ModernKeePassLib
+            var h = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha256).CreateHash();
+            CryptographicBuffer.CopyToByteArray(h.GetValueAndReset(), out pbHash);
+#else
+            using(SHA256Managed h = new SHA256Managed())
+			{
+				pbHash = h.ComputeHash(pbData, iOffset, cbCount);
+			}
+#endif
+
+#if DEBUG
+            // Ensure the data has not been modified
+            Debug.Assert(MemUtil.ArraysEqual(pbData, pbCopy));
+
+			Debug.Assert((pbHash != null) && (pbHash.Length == 32));
+			byte[] pbZero = new byte[32];
+			Debug.Assert(!MemUtil.ArraysEqual(pbHash, pbZero));
+#endif
+
+			return pbHash;
+		}
+
+		/// <summary>
+		/// Create a cryptographic key of length <paramref name="cbOut" />
+		/// (in bytes) from <paramref name="pbIn" />.
+		/// </summary>
+		public static byte[] ResizeKey(byte[] pbIn, int iInOffset,
+			int cbIn, int cbOut)
+		{
+			if(pbIn == null) throw new ArgumentNullException("pbIn");
+			if(cbOut < 0) throw new ArgumentOutOfRangeException("cbOut");
+
+			if(cbOut == 0) return MemUtil.EmptyByteArray;
+
+			byte[] pbHash;
+			if(cbOut <= 32) pbHash = HashSha256(pbIn, iInOffset, cbIn);
+			else
+			{
+#if ModernKeePassLib
+                var h = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha512).CreateHash();
+			    CryptographicBuffer.CopyToByteArray(h.GetValueAndReset(), out pbHash);
+#else
+                using(SHA512Managed h = new SHA512Managed())
+				{
+					pbHash = h.ComputeHash(pbIn, iInOffset, cbIn);
+				}
+#endif
+            }
+
+			if(cbOut == pbHash.Length) return pbHash;
+
+			byte[] pbRet = new byte[cbOut];
+			if(cbOut < pbHash.Length)
+				Array.Copy(pbHash, pbRet, cbOut);
+			else
+			{
+				int iPos = 0;
+				ulong r = 0;
+				while(iPos < cbOut)
+				{
+					Debug.Assert(pbHash.Length == 64);
+				    byte[] pbR = MemUtil.UInt64ToBytes(r);
+#if ModernKeePassLib
+                    var h = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha256).CreateHash(CryptographicBuffer.CreateFromByteArray(pbR));
+                    byte[] pbPart;
+                    CryptographicBuffer.CopyToByteArray(h.GetValueAndReset(), out pbPart);
+				    int cbCopy = Math.Min(cbOut - iPos, pbPart.Length);
+				    Debug.Assert(cbCopy > 0);
+                    Array.Copy(pbPart, 0, pbRet, iPos, cbCopy);
+				    iPos += cbCopy;
+				    ++r;
+
+				    MemUtil.ZeroByteArray(pbPart);
+#else
+                    using (HMACSHA256 h = new HMACSHA256(pbHash))
+					{
+						byte[] pbR = MemUtil.UInt64ToBytes(r);
+						byte[] pbPart = h.ComputeHash(pbR);
+
+						int cbCopy = Math.Min(cbOut - iPos, pbPart.Length);
+						Debug.Assert(cbCopy > 0);
+
+						Array.Copy(pbPart, 0, pbRet, iPos, cbCopy);
+						iPos += cbCopy;
+						++r;
+
+						MemUtil.ZeroByteArray(pbPart);
+					}
+#endif
+				}
+				Debug.Assert(iPos == cbOut);
+			}
+
+#if DEBUG
+			byte[] pbZero = new byte[pbHash.Length];
+			Debug.Assert(!MemUtil.ArraysEqual(pbHash, pbZero));
+#endif
+			MemUtil.ZeroByteArray(pbHash);
+			return pbRet;
+		}
+
+#if !ModernKeePassLib
+        private static bool? g_obAesCsp = null;
+		internal static SymmetricAlgorithm CreateAes()
+		{
+			if(g_obAesCsp.HasValue)
+				return (g_obAesCsp.Value ? CreateAesCsp() : new RijndaelManaged());
+
+			SymmetricAlgorithm a = CreateAesCsp();
+			g_obAesCsp = (a != null);
+			return (a ?? new RijndaelManaged());
+		}
+
+		private static SymmetricAlgorithm CreateAesCsp()
+		{
+			try
+			{
+				// On Windows, the CSP implementation is only minimally
+				// faster (and for key derivations it's not used anyway,
+				// as KeePass uses a native implementation based on
+				// CNG/BCrypt, which is much faster)
+				if(!NativeLib.IsUnix()) return null;
+
+				string strFqn = Assembly.CreateQualifiedName(
+					"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
+					"System.Security.Cryptography.AesCryptoServiceProvider");
+
+				Type t = Type.GetType(strFqn);
+				if(t == null) return null;
+
+				return (Activator.CreateInstance(t) as SymmetricAlgorithm);
+			}
+			catch(Exception) { Debug.Assert(false); }
+
+			return null;
+		}
+#endif
+    }
+}