Quantcast
Channel: CLR Security
Viewing all 70 articles
Browse latest View live

Updated Wiki: Security.Cryptography.dll

November 14, 2014, 5:46 pm
$
0
0

Security.Cryptography.dll

Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework cryptography APIs. All of the CNG APIs provided in this library require Windows Vista or greater to run. AuthenticatedAesCng additionally requires Windows Vista SP1 or greater. The library itself is built upon the .NET Framework version 3.5. The sources are provided in a Visual Studio 2013 project.

Download

Security.Cryptography 1.7.2

Class Reference

Security.Cryptography.AesCng - A managed wrapper around the CNG implementation of the AES algorithm.
Security.Cryptography.AuthenticatedAes - Base class for implementations of the authenticated AES algorithm.
Security.Cryptography.AuthenticatedAesCng - A managed wrapper around the CNG implementation of the authenticated AES algorithm.
Security.Cryptography.AuthenticatedSymmetricAlgorithm - Base class for authenticated symmetric algorithms to derive from.
Security.Cryptography.CngAlgorithm2 - A set of additional CngAlgorithm objects for algorithms not in the framework's CngAlgorithm type.
Security.Cryptography.CngChainingMode - Pseudo-enumeration of chaining modes supported by CNG.
Security.Cryptography.CngProvider2 - A set of additional CngProvider objects for providers not in the framework's CngProvider type.
Security.Cryptography.CngProviderCollection - Enumerates over the installed CNG providers on the machine
Security.Cryptography.CryptoConfig2 - Provides CryptoConfig like access to all of the algorithms included in standard CryptoConfig, as well as the algorithms in the .NET 3.5 System.Core.dll assembly and in the Security.Cryptography.dll assembly.
Security.Cryptography.HMACSHA256Cng - A managed wrapper around the CNG implementation of HMAC SHA256.
Security.Cryptography.HMACSHA384Cng - A managed wrapper around the CNG implementation of HMAC SHA384.
Security.Cryptography.HMACSHA512Cng - A managed wrapper around the CNG implementation of HMAC SHA512.
Security.Cryptography.IAuthenticatedCryptoTransform - Interface for crypto transforms that support generating an authentication tag.
Security.Cryptography.ICngAlgorithm - Interface for algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICngAsymmetricAlgorithm - Interface for asymmetric algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICngSymmetricAlgorithm - Interface for symmetric algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICryptoTransform2 - Extended crypto transform interface which provides additional information about the transform's capabilities.
Security.Cryptography.Oid2 - An enhanced OID class.
Security.Cryptography.OidGroup - Enumeration of recognized OID categories
Security.Cryptography.OidRegistrationOptions - Flags for use when registering a new OID on the machine
Security.Cryptography.RNGCng - A managed wrapper around the CNG random number generator
Security.Cryptography.RSACng - A managed wrapper around the CNG implementation of the RSA algorithm
Security.Cryptography.RSAPKCS1SHA256SignatureDescription - A signature description class for RSA-SHA256 signatures.
Security.Cryptography.TripleDESCng - A managed wrapper around the CNG implementation of the 3DES algorithm

Security.Cryptography.X509Certificates.AlternateNameType - Types of alternate names exposed by X509 certificates
Security.Cryptography.X509Certificates.SafeCertContextHandle - Safe handle class which exposes an X509 certificate's CERT_CONTEXT
Security.Cryptography.X509Certificates.X509AlternateName - Base type for alternate name data exposed on an X509 certificate
Security.Cryptography.X509Certificates.X509AlternateNameBlob - Exposes alternate name data stored as a blob
Security.Cryptography.X509Certificates.X509AlternateNameIPAddress - Exposes alterante name data stored as an IP address
Security.Cryptography.X509Certificates.X509AlternateNameOther - Exposes other alternate name data, along with an identification OID
Security.Cryptography.X509Certificates.X509AlternateNameString - Exposes alternate name data stored as a string
Security.Cryptography.X509Certificates.X509CertificateCreationOptions - Flags for use when creating a new X509 certificate
Security.Cryptography.X509Certificates.X509CertificateCreationParameters - Configuration parameters for use when creating a new X509 certificate
Security.Cryptography.X509Certificates.X509CertificateSignatureAlgorithm - Algorithms which can be used to sign a new X509 certificate

Security.Cryptography.Xml.TransformFactory - A factory to aid in programmatically creating XML digital signature transforms.
Security.Cryptography.Xml.XmlDsigXPathWithNamespacesTransform - An alternate implementation of the XmlDsigXPathTransform which allows the XPath expression to use all XML namespaces in scope for the XPath node in the transform.

System.Security.Cryptography.CngProvider - A set of extension methods for the CngProvider type
System.Security.Cryptography.CngKey - A set of extension methods for the CngKey type

System.Security.Cryptography.X509Certificates.X509Certificate - A set of extension methods for the X509Certificate type
System.Security.Cryptography.X509Certificates.X509Certificate2 - A set of extension methods for the X509Certificate2 type

System.Security.Cryptography.Xml.EncryptedXml - A set of extension methods for the EncryptedXml type
Search

Updated Wiki: Security.Cryptography.dll

November 14, 2014, 5:51 pm
$
0
0

Security.Cryptography.dll

Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework cryptography APIs. All of the CNG APIs provided in this library require Windows Vista or greater to run. AuthenticatedAesCng additionally requires Windows Vista SP1 or greater. The library itself is built upon the .NET Framework version 3.5. The sources are provided in a Visual Studio 2013 project.

Download

Security.Cryptography 1.7.2

Class Reference

Security.Cryptography.AesCng - A managed wrapper around the CNG implementation of the AES algorithm.
Security.Cryptography.AuthenticatedAes - Base class for implementations of the authenticated AES algorithm.
Security.Cryptography.AuthenticatedAesCng - A managed wrapper around the CNG implementation of the authenticated AES algorithm.
Security.Cryptography.AuthenticatedSymmetricAlgorithm - Base class for authenticated symmetric algorithms to derive from.
Security.Cryptography.CngAlgorithm2 - A set of additional CngAlgorithm objects for algorithms not in the framework's CngAlgorithm type.
Security.Cryptography.CngChainingMode - Pseudo-enumeration of chaining modes supported by CNG.
Security.Cryptography.CngProvider2 - A set of additional CngProvider objects for providers not in the framework's CngProvider type.
Security.Cryptography.CngProviderCollection - Enumerates over the installed CNG providers on the machine
Security.Cryptography.CryptoConfig2 - Provides CryptoConfig like access to all of the algorithms included in standard CryptoConfig, as well as the algorithms in the .NET 3.5 System.Core.dll assembly and in the Security.Cryptography.dll assembly.
Security.Cryptography.HMACSHA256Cng - A managed wrapper around the CNG implementation of HMAC SHA256.
Security.Cryptography.HMACSHA384Cng - A managed wrapper around the CNG implementation of HMAC SHA384.
Security.Cryptography.HMACSHA512Cng - A managed wrapper around the CNG implementation of HMAC SHA512.
Security.Cryptography.IAuthenticatedCryptoTransform - Interface for crypto transforms that support generating an authentication tag.
Security.Cryptography.ICngAlgorithm - Interface for algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICngAsymmetricAlgorithm - Interface for asymmetric algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICngSymmetricAlgorithm - Interface for symmetric algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICryptoTransform2 - Extended crypto transform interface which provides additional information about the transform's capabilities.
Security.Cryptography.Oid2 - An enhanced OID class.
Security.Cryptography.OidGroup - Enumeration of recognized OID categories
Security.Cryptography.OidRegistrationOptions - Flags for use when registering a new OID on the machine
Security.Cryptography.BCryptPBKDF2 - A managed wrapper around the CNG password-based key derivation function PBKDF2
Security.Cryptography.RNGCng - A managed wrapper around the CNG random number generator
Security.Cryptography.RSACng - A managed wrapper around the CNG implementation of the RSA algorithm
Security.Cryptography.RSAPKCS1SHA256SignatureDescription - A signature description class for RSA-SHA256 signatures.
Security.Cryptography.TripleDESCng - A managed wrapper around the CNG implementation of the 3DES algorithm

Security.Cryptography.X509Certificates.AlternateNameType - Types of alternate names exposed by X509 certificates
Security.Cryptography.X509Certificates.SafeCertContextHandle - Safe handle class which exposes an X509 certificate's CERT_CONTEXT
Security.Cryptography.X509Certificates.X509AlternateName - Base type for alternate name data exposed on an X509 certificate
Security.Cryptography.X509Certificates.X509AlternateNameBlob - Exposes alternate name data stored as a blob
Security.Cryptography.X509Certificates.X509AlternateNameIPAddress - Exposes alterante name data stored as an IP address
Security.Cryptography.X509Certificates.X509AlternateNameOther - Exposes other alternate name data, along with an identification OID
Security.Cryptography.X509Certificates.X509AlternateNameString - Exposes alternate name data stored as a string
Security.Cryptography.X509Certificates.X509CertificateCreationOptions - Flags for use when creating a new X509 certificate
Security.Cryptography.X509Certificates.X509CertificateCreationParameters - Configuration parameters for use when creating a new X509 certificate
Security.Cryptography.X509Certificates.X509CertificateSignatureAlgorithm - Algorithms which can be used to sign a new X509 certificate

Security.Cryptography.Xml.TransformFactory - A factory to aid in programmatically creating XML digital signature transforms.
Security.Cryptography.Xml.XmlDsigXPathWithNamespacesTransform - An alternate implementation of the XmlDsigXPathTransform which allows the XPath expression to use all XML namespaces in scope for the XPath node in the transform.

System.Security.Cryptography.CngProvider - A set of extension methods for the CngProvider type
System.Security.Cryptography.CngKey - A set of extension methods for the CngKey type

System.Security.Cryptography.X509Certificates.X509Certificate - A set of extension methods for the X509Certificate type
System.Security.Cryptography.X509Certificates.X509Certificate2 - A set of extension methods for the X509Certificate2 type

System.Security.Cryptography.Xml.EncryptedXml - A set of extension methods for the EncryptedXml type

Updated Wiki: Home

November 14, 2014, 5:52 pm
$
0
0
Introduction

Welcome to the CLR security team's Codeplex site. On this site you'll find a set of projects that extend the security APIs shipped with the .NET framework to provide additional functionality. We also have some tools to help in debugging security related problems in your code.

The latest rollup package of all of the assemblies on this site can be found here: CLR Security June 2010 Release. Note that this release will be the final release of the CLR Security CodePlex project which supports Visual Studio 2008 and the .NET Framework v3.5.

Project Description: Security.dll
Security.dll provides a set of extension methods to ease working with the Code Access Security system in the .NET Framework. Within this project you will find:
  • Methods to create partially trusted instances of objects
  • Methods to determine the grant set of an assembly or AppDomain
  • Methods to help in creating and examining simple sandbox domains
  • Methods to make working with classes like Evidence and SecurityElement easier
Download Security 1.2

Project Description: Security.Cryptography.dll
Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework cryptography APIs. Within this project you will find:
  • A CNG implementation of the AES, RSA, HMACSHA2, and TripleDES encryption algorithms
  • A CNG implementation of a random number generator
  • A CNG implementation of the PBKDF2 key derivation algorithm
  • A CNG implementation of authenticated symmetric encryption.
  • A class that allows dynamically creating algorithms both from this library as well as all of the algorithms that ship with .NET 3.5
  • An enumerator over all of the installed CNG providers on the current machine
  • Extension methods that allow access to all of the keys installed in a CNG provider, as well as all of the algorithms the provider supports
  • Extension methods to access X509Certificates that store their key with CNG, as well as create self signed X509Certificates.
  • Other utility types and methods
Download Security.Cryptography 1.7.2

Project Description: Security.Cryptography.Debug.dll
Have you ever run into an indecipherable cryptographic exception complaining about "Padding is invalid and cannot be removed" when using the .NET Framework's symmetric algorithms? Since nearly all bugs relating to symmetric algorithms tend to result in this same exception, it can be incredibly difficult to track down exactly what went wrong to cause the exception. Security.Cryptography.Debug.dll is a tool that can be used in these circumstances in order to help you figure out the root cause of your cryptographic exception.

Download Security.Cryptography.Debug 1.1

Project Description: PTRunner.exe
PTRunner is a host application which runs programs in a sandbox. It allows you to choose from a set of standard CLR sandboxes (such as Execution, Internet and LocalIntranet), or provide your own custom permission sets. Additionally, PTRunner allows you to expose a set of fully trusted assemblies to the code in the sandboxed AppDomain.

PTRunner is a .NET 4.0 application, and requires the .NET Framework v4.0 beta 1 in order to run.

Download PTRunner 1.0

New Post: NuGet Package

November 18, 2014, 11:39 am
$
0
0
How come no one made a nuget package for the lib yet? If community and developers don't mind, our company can create a package and automate the updates to nuget. I am writing to make sure there isn't nuget package already for CLR Security and that I would not violate any licenses if we create a NuGet for this project.

Created Unassigned: Not compatible with "Microsoft Platform Crypto Provider" for TPM device [10876]

January 30, 2015, 5:04 am
$
0
0
Hi,

When I use your Cng implementation for creating a selg signed certificate for a TPM device...I encountered the following exception in your code X509Native.cs :

// Setup a CRYPT_KEY_PROV_INFO for the key
CRYPT_KEY_PROV_INFO keyProvInfo = new CRYPT_KEY_PROV_INFO();
keyProvInfo.pwszProvName = key.Provider.Provider;
keyProvInfo.pwszContainerName = key.UniqueName;
keyProvInfo.dwProvType = 0; // NCRYPT
keyProvInfo.dwFlags = 0;
keyProvInfo.cProvParam = 0;
keyProvInfo.rgProvParam = IntPtr.Zero;
keyProvInfo.dwKeySpec = 0;

The key.UniqueName is not defined and threw an exception of type System.Security.Cryptography.CryptographicException' string {System.Security.Cryptography.CryptographicException}

That's the same things for key.IsEphemeral and key.KeyName

Created Unassigned: CryptographicException thrown if the stream is disposed before it has been fully read in full. [10904]

March 20, 2015, 7:52 am
$
0
0
Hi,

We've experienced a scenario where by people who are aborting download of an encrypted file cause an exception to be thrown.

```
at Security.Cryptography.BCryptNative.SymmetricDecrypt(SafeBCryptKeyHandle key, Byte[] input, Byte[] chainData, BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO& authenticationInfo) in t:\gregz\work\pw_hashing\clrsecurity\svn\Security.Cryptography\src\BCryptNative.cs:line 1001
at Security.Cryptography.BCryptAuthenticatedSymmetricCryptoTransform.CngTransform(Byte[] input, Int32 inputOffset, Int32 inputCount) in t:\gregz\work\pw_hashing\clrsecurity\svn\Security.Cryptography\src\BCryptAuthenticatedSymmetricCryptoTransform.cs:line 392
at Security.Cryptography.BCryptAuthenticatedSymmetricCryptoTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) in t:\gregz\work\pw_hashing\clrsecurity\svn\Security.Cryptography\src\BCryptAuthenticatedSymmetricCryptoTransform.cs:line 349
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at System.IO.StreamReader.Dispose(Boolean disposing)
at System.IO.TextReader.Dispose()
at CryptographyException.UnitTest1.TestMethod1()
```

I have attached a scaled down example to demonstrate the problem - it just reads the first 100 bytes of a file and then lets the dispose trigger. You'll see that it throws the CryptographicException as part of the TransformFinalBlock call that is triggered by the CryptoStream.Dispose() call.

I would grateful if you could advise on a fix for this scenario.

Created Unassigned: Win7/2008 detection may break on X86 due to floating-point rounding errors [10922]

April 15, 2015, 3:45 am
$
0
0
Commit 75777 implemented PBKDF2 for Win7/2008. The platform check uses double math to compare the version and may fail depending on how the JIT optimizes the code.

Commented Unassigned: Win7/2008 detection may break on X86 due to floating-point rounding errors [10922]

April 15, 2015, 3:49 am
$
0
0
Commit 75777 implemented PBKDF2 for Win7/2008. The platform check uses double math to compare the version and may fail depending on how the JIT optimizes the code.
Comments: ** Comment from web user: nrieck **

Attached patch would be one of the ways to fix the issue.

Search

New Post: CLR Security on Linux with .NET opensourced?

April 23, 2015, 8:02 am
$
0
0
With .NET open sourced what are the plan for this project? Obviously the role of strong crypto has increased in the current cyber climate but CLR Security P/Invokes into bcrypt/ncrypt in Windows for Suite B ciphers.

How will this project work on .NET for Linux when it sees the light of day?

New Comment on "Security.Cryptography.RSAPKCS1SHA256SignatureDescription"

May 17, 2015, 2:05 am
$
0
0
when i try to edit the file " machine.config " (C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG) and open it with notepad i cant found where to put the configuration above so added it before the end of the file like that http://postimg.org/image/65mq59r3d/ is it truee ??

Created Unassigned: XmlDsigXPathWithNamespacesTransform is not preserving whitespace [10999]

September 1, 2015, 9:17 am
$
0
0
When using the provided XmlDsigXPathWithNamespacesTransform class to verify a signature, the whitespace is stripped out of the document when loading into a XmlDocument before canonicalization.

This leads to invalid signature, because hashs end up being different. The whitespace is preserved during canonicalization when signing with other libraries as per the specs (summary here: http://www.di-mgt.com.au/xmldsig.html#c14n).

The PreserveWhitespace property of the XmlDocument class having a default value of false, it needs to be set explicitely to true when loading the input document to process.

```
/// <summary>
/// Load input nodes to process
/// </summary>
public override void LoadInput(object obj)
{
if (obj == null)
throw new ArgumentNullException("obj");

// Canonicalize the input into a stream
XmlDsigC14NTransform canonicalization = new XmlDsigC14NTransform(true);
canonicalization.LoadInput(obj);
Stream canonicalizedInput = canonicalization.GetOutput(typeof(Stream)) as Stream;

// Load the canonicalized input into a document to transform
XmlDocument document = new XmlDocument();
document.PreserveWhitespace = true; // <----- this is necessary
document.Load(canonicalizedInput);
m_inputNodes = document;
}
```

With this fix applied the transformed reference contents become correct, therefore the hash matches what's been calculated during the signature creation and the validation succeeds.

New Post: NuGet Package

September 8, 2015, 8:28 am
$
0
0
I agree, this should be wrapped in a nuget package. Anyone know if it has been published as such yet?

New Post: FIPS Validation ?

October 13, 2015, 10:44 am
$
0
0
I want to use this code, but I am not a cryptographer. Is this on a FIPS validation path? Access to the source code does me know good, as I am not up to the task of vetting this.

Thoughts?

Created Unassigned: CreateSelfSignedCertificate on any non-RSA key fails with 'The parameter is incorrect.' [11039]

December 18, 2015, 9:54 am
$
0
0
This vague error occurs for all CngAlgorithms except RSA:

using (var key = CngKey.Create(CngAlgorithm.ECDsaP521, null, new CngKeyCreationParameters { ExportPolicy = CngExportPolicies.AllowExport, KeyUsage = CngKeyUsages.Signing }))
{
var test = key.CreateSelfSignedCertificate(new X500DistinguishedName("CN=John Doe"));
}

Created Unassigned: 1.7.2 version is 1.7.1 in dll [11061]

February 17, 2016, 8:35 am
$
0
0
I have just downloaded 1.7.2 zip package and looks like dll have file version 1.7.1
Probably it should be equal to release number. It makes confusion when improting dll to project.
Search

Created Unassigned: NuGet package [11062]

February 17, 2016, 8:35 am
$
0
0
Please build NuGet package for this library. It will be easy to integrate it to modern project structure.

New Post: MSFT: What is the roadmap / future of this project ?

February 17, 2016, 8:39 am

New Post: Migrate to Github

February 17, 2016, 8:43 am
$
0
0
If project alive why not migrate it to new Microsoft Open Source accounts to github and git.
  1. Not so much people familiar with Codeplex pipeline.
  2. It will be easy to contribute for MS employees and others.
  3. It's good project it should be more visible for community

New Post: Migrate to Github

February 23, 2016, 8:22 am
$
0
0
This project is/was partially an incubation ground for new features. Right now the efforts are in taking the lessons learned here and moving the components into the .NET Framework.

This project has heavily influenced the implementation of the cryptography stack in .NET Core:
https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Cng
https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Algorithms

So, in effect, the project is moving to github, one piece at a time.

New Post: MSFT: What is the roadmap / future of this project ?

February 23, 2016, 8:41 am
$
0
0
This project doesn't have a clear roadmap because right now the focus is getting functionality from this project into the .NET Framework.

GCM support is definitely on the radar for .NET Framework. Unfortunately the API integration wasn't quite as simple as copying code from here to there :).

EAX and OCB are harder, because Windows doesn't have direct support for them (https://msdn.microsoft.com/en-us/library/windows/desktop/aa376211%28v=vs.85%29.aspx#BCRYPT_CHAINING_MODE).

Tech from this project has started making its way into .NET Core: https://github.com/dotnet/corefx/
Viewing all 70 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>