devolutions-crypto 0.9.2

An abstraction layer for the cryptography used by Devolutions
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244

using System;
using System.IO;

namespace Devolutions.Cryptography
{
    public class DecryptionStream
        : Stream, IDisposable
    {
        private UIntPtr _native_ptr = UIntPtr.Zero;
        private readonly int _chunkLength;
        private readonly int _tagLength;
        private bool _finalBlockTransformed = false;
        private readonly bool _leaveOpen;

        public int ChunkLength { get { return _chunkLength; } }

        public int TagLength { get { return _tagLength; } }

        public bool HasFlushedFinalBlock
        {
            get { return _finalBlockTransformed; }
        }

        private readonly byte[] _inputBuffer;

        private int _inputBufferOffset = 0;
        private bool _disposed = false;

        private readonly Stream _outputStream;

        public DecryptionStream(byte[] key, byte[] aad, byte[] header, bool asymmetric, Stream outputStream)
            : this(key, aad, header, asymmetric, outputStream, false) { }

        public DecryptionStream(byte[] key, byte[] aad, byte[] header, bool asymmetric, Stream outputStream, bool leaveOpen)
        {
            _outputStream = outputStream;
            _leaveOpen = leaveOpen;

            long result = Native.NewOnlineDecryptor(key, (UIntPtr)key.Length, aad, (UIntPtr)aad.Length, header, (UIntPtr)header.Length, asymmetric, ref _native_ptr);

            if (result < 0)
            {
                Utils.HandleError(result);
            }

            long tagSize = Native.OnlineDecryptorGetTagSize(_native_ptr);

            if (tagSize < 0)
            {
                Utils.HandleError(tagSize);
            }

            long chunkLength = Native.OnlineDecryptorGetChunkSize(_native_ptr);

            if (tagSize < 0)
            {
                Utils.HandleError(chunkLength);
            }

            _tagLength = (int)tagSize;
            _chunkLength = (int)chunkLength + _tagLength;

            _inputBuffer = new byte[_chunkLength];
        }

        public byte[] GetHeader()
        {
            long headerSize = Native.OnlineDecryptorGetHeaderSize(_native_ptr);

            if (headerSize < 0)
            {
                Utils.HandleError(headerSize);
            }

            byte[] header = new byte[headerSize];

            long result = Native.OnlineDecryptorGetHeader(_native_ptr, header, (UIntPtr)headerSize);

            if (result < 0)
            {
                Utils.HandleError(result);
            }

            return header;
        }

        public override bool CanRead => false;

        public override bool CanSeek => false;

        public override bool CanWrite => true;

        public override long Length => throw new NotSupportedException();

        public override long Position { get => throw new NotSupportedException(); set => throw new NotSupportedException(); }

        public void FlushFinalBlock()
        {
            if (HasFlushedFinalBlock)
            {
                throw new NotSupportedException();
            }

            if (_inputBufferOffset > 0)
            {
                byte[] outputBuffer = DecryptLastChunk();

                _outputStream.Write(outputBuffer, 0, outputBuffer.Length);
            }

            Array.Clear(_inputBuffer, 0, _inputBuffer.Length);

            _finalBlockTransformed = true;
        }

        public override void Flush()
        {
            return;
        }

        public override int Read(byte[] buffer, int offset, int count)
        {
            throw new NotSupportedException();
        }

        public override long Seek(long offset, SeekOrigin origin)
        {
            throw new NotSupportedException();
        }

        public override void SetLength(long value)
        {
            throw new NotSupportedException();
        }

        public override void Write(byte[] buffer, int offset, int count)
        {
            if (HasFlushedFinalBlock)
            {
                // Cannot write as stream is already closed
                return;
            };

            while (count > ChunkLength - _inputBufferOffset)
            {
                // Here we write every finished blocks
                int countToAdd = ChunkLength - _inputBufferOffset;
                Buffer.BlockCopy(buffer, offset, _inputBuffer, _inputBufferOffset, countToAdd);

                // Encrypt the buffer
                byte[] outputBuffer = DecryptChunk();

                // Write the output to the stream
                _outputStream.Write(outputBuffer, 0, outputBuffer.Length);

                count -= countToAdd;
                offset += countToAdd;
                _inputBufferOffset = 0;
            }

            if (count > 0)
            {
                Buffer.BlockCopy(buffer, offset, _inputBuffer, _inputBufferOffset, count);

                _inputBufferOffset += count;
            }
        }

        private byte[] DecryptChunk()
        {
            byte[] aad = new byte[0];
            byte[] outputBuffer = new byte[ChunkLength - TagLength];

            long result = Native.OnlineDecryptorNextChunk(_native_ptr, _inputBuffer, (UIntPtr)ChunkLength, aad, UIntPtr.Zero, outputBuffer, (UIntPtr)outputBuffer.Length);

            if (result < 0)
            {
                Utils.HandleError(result);
            }

            return outputBuffer;
        }

        private byte[] DecryptLastChunk()
        {
            byte[] aad = new byte[0];
            byte[] outputBuffer = new byte[_inputBufferOffset - TagLength];

            long result = Native.OnlineDecryptorLastChunk(_native_ptr, _inputBuffer, (UIntPtr)_inputBufferOffset, aad, UIntPtr.Zero, outputBuffer, (UIntPtr)outputBuffer.Length);

            if (result < 0)
            {
                Utils.HandleError(result);
            }

            // Here, the pointer is freed, so let's set it to 0
            _native_ptr = UIntPtr.Zero;

            return outputBuffer;
        }

        public new void Dispose()
        {
            base.Dispose();

            Dispose(disposing: true);
            GC.SuppressFinalize(this);
        }

        protected override void Dispose(bool disposing)
        {
            if (!_disposed)
            {
                if (disposing)
                {
                    if (!HasFlushedFinalBlock)
                    {
                        FlushFinalBlock();
                    };

                    if (!_leaveOpen)
                    {
                        _outputStream.Close();
                    }
                }
                base.Dispose(disposing: disposing);

                // If the ptr has not been freed yet, do it now
                FreeNativeObject();

                _disposed = true;
            }
        }

        private void FreeNativeObject()
        {
            if (_native_ptr != UIntPtr.Zero)
            {
                Native.FreeOnlineDecryptor(_native_ptr);
                _native_ptr = UIntPtr.Zero;
            }
        }
    }
}