github
/
v2rayN
mirror of https://github.com/2dust/v2rayN
1
0
Fork 0
Code Issues Releases Wiki Activity

AesUtils重新修改 (#6165) 

* Create AesUtils.cs

新增AesUtils,替换掉DesUtils,提高安全性。
细节:
1.使用AES代替DES
2.正确使用IV调用方式
3.使用SHA256代替MD5进行密钥派生
4.使用PBKDF进行迭代生成密钥。

* Update AesUtils.cs

1.将默认密钥规则设置为与DES一致
2.经过本地测试
pull/6168/head
cryptochecktool 2024-11-26 19:54:46 +08:00 committed by GitHub
parent ac1a357740
commit 672b8c48ac
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 128 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
v2rayN/ServiceLib/Common/AesUtils.cs Normal file
View File

@ -0,0 +1,128 @@
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace ServiceLib.Common
{
public class AesUtils
{
private const int KeySize = 256; // AES-256
private const int IvSize = 16; // AES block size
private const int Iterations = 10000;
private static readonly byte[] Salt = Encoding.ASCII.GetBytes("saltysalt".PadRight(16, ' ')); // google浏览器默认盐值
private static readonly string DefaultPassword =Utils.GetHomePath() + "AesUtils";
/// <summary>
/// Encrypt
/// </summary>
/// <param name="text">Plain text</param>
/// <param name="password">Password for key derivation or direct key in ASCII bytes</param>
/// <returns>Base64 encoded cipher text with IV</returns>
public static string Encrypt(string text, string password = null)
{
if (string.IsNullOrEmpty(text))
return string.Empty;
byte[] plaintext = Encoding.UTF8.GetBytes(text);
byte[] key = GetKey(password);
byte[] iv = GenerateIv();
using (Aes aes = Aes.Create())
{
aes.Key = key;
aes.IV = iv;
using (MemoryStream ms = new MemoryStream())
{
ms.Write(iv, 0, iv.Length);
using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(plaintext, 0, plaintext.Length);
cs.FlushFinalBlock();
}
byte[] cipherTextWithIv = ms.ToArray();
return Convert.ToBase64String(cipherTextWithIv);
}
}
}
/// <summary>
/// Decrypt
/// </summary>
/// <param name="cipherTextWithIv">Base64 encoded cipher text with IV</param>
/// <param name="password">Password for key derivation or direct key in ASCII bytes</param>
/// <returns>Plain text</returns>
public static string Decrypt(string cipherTextWithIv, string password = null)
{
if (string.IsNullOrEmpty(cipherTextWithIv))
return string.Empty;
byte[] cipherTextWithIvBytes = Convert.FromBase64String(cipherTextWithIv);
byte[] key = GetKey(password);
byte[] iv = new byte[IvSize];
Buffer.BlockCopy(cipherTextWithIvBytes, 0, iv, 0, IvSize);
byte[] cipherText = new byte[cipherTextWithIvBytes.Length - IvSize];
Buffer.BlockCopy(cipherTextWithIvBytes, IvSize, cipherText, 0, cipherText.Length);
using (Aes aes = Aes.Create())
{
aes.Key = key;
aes.IV = iv;
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherText, 0, cipherText.Length);
cs.FlushFinalBlock();
}
byte[] plainText = ms.ToArray();
return Encoding.UTF8.GetString(plainText);
}
}
}
private static byte[] GetKey(string password)
{
if (string.IsNullOrEmpty(password))
{
return GetDefaultKey();
}
else
{
byte[] key = Encoding.ASCII.GetBytes(password);
if (key.Length != KeySize / 8)
{
throw new ArgumentException($"Password bytes length must be {KeySize / 8} bytes.");
}
return key;
}
}
private static byte[] GetDefaultKey()
{
using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(DefaultPassword, Salt, Iterations, HashAlgorithmName.SHA256))
{
return pbkdf2.GetBytes(KeySize / 8);
}
}
private static byte[] GenerateIv()
{
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
{
byte[] iv = new byte[IvSize];
rng.GetBytes(iv);
return iv;
}
}
}
}