C# version of OpenSSL EVP_BytesToKey method?

by

I found this pseudo-code explanation of the EVP_BytesToKey method (in /doc/ssleay.txt of the openssl source):

/* M[] is an array of message digests
 * MD() is the message digest function */
M[0]=MD(data . salt);
for (i=1; i<count; i++) M[0]=MD(M[0]);

i=1
while (data still needed for key and iv)
    {
    M[i]=MD(M[i-1] . data . salt);
    for (i=1; i<count; i++) M[i]=MD(M[i]);
    i++;
    }

If the salt is NULL, it is not used.
The digests are concatenated together.
M = M[0] . M[1] . M[2] .......

So based on that I was able to come up with this C# method (which seems to work for my purposes and assumes 32-byte key and 16-byte iv):

private static void DeriveKeyAndIV(byte[] data, byte[] salt, int count, out byte[] key, out byte[] iv)
{
    List<byte> hashList = new List<byte>();
    byte[] currentHash = new byte[0];

    int preHashLength = data.Length + ((salt != null) ? salt.Length : 0);
    byte[] preHash = new byte[preHashLength];

    System.Buffer.BlockCopy(data, 0, preHash, 0, data.Length);
    if (salt != null)
        System.Buffer.BlockCopy(salt, 0, preHash, data.Length, salt.Length);

    MD5 hash = MD5.Create();
    currentHash = hash.ComputeHash(preHash);          

    for (int i = 1; i < count; i++)
    {
        currentHash = hash.ComputeHash(currentHash);            
    }

    hashList.AddRange(currentHash);

    while (hashList.Count < 48) // for 32-byte key and 16-byte iv
    {
        preHashLength = currentHash.Length + data.Length + ((salt != null) ? salt.Length : 0);
        preHash = new byte[preHashLength];

        System.Buffer.BlockCopy(currentHash, 0, preHash, 0, currentHash.Length);
        System.Buffer.BlockCopy(data, 0, preHash, currentHash.Length, data.Length);
        if (salt != null)
            System.Buffer.BlockCopy(salt, 0, preHash, currentHash.Length + data.Length, salt.Length);

        currentHash = hash.ComputeHash(preHash);            

        for (int i = 1; i < count; i++)
        {
            currentHash = hash.ComputeHash(currentHash);
        }

        hashList.AddRange(currentHash);
    }
    hash.Clear();
    key = new byte[32];
    iv = new byte[16];
    hashList.CopyTo(0, key, 0, 32);
    hashList.CopyTo(32, iv, 0, 16);
}

UPDATE: Here’s more/less the same implementation but uses the .NET DeriveBytes interface: https://gist.github.com/1339719

OpenSSL 1.1.0c changed the digest algorithm used in some internal components. Formerly, MD5 was used, and 1.1.0 switched to SHA256. Be careful the change is not affecting you in both EVP_BytesToKey and commands like openssl enc.

More Related Contents:

  1. OpenSSL encryption using .NET classes
  2. Encrypt and decrypt a string in C#? [closed]
  3. Calculate MD5 checksum for a file
  4. How can I sign a file using RSA and SHA256 with .NET?
  5. MD5 hash with salt for keeping password in DB in C#
  6. Encrypting/Decrypting large files (.NET)
  7. Why does a bad password cause “Padding is invalid and cannot be removed”?
  8. Best way to store encryption keys in .NET C#
  9. Password encryption/decryption code in .NET
  10. Programmatically encrypting a config-file in .NET
  11. “Padding is invalid and cannot be removed” using AesManaged
  12. Problem Updating to .Net 6 – Encrypting String
  13. How to convert SecureString to System.String?
  14. Encrypting Web.Config
  15. CryptographicException “Key not valid for use in specified state.” while trying to export RSAParameters of a X509 private key
  16. Encrypt SQLite database in C#
  17. Encryption compatible between Android and C#
  18. AES encryption on large files
  19. How do I get the path of the assembly the code is in?
  20. What is [Serializable] and when should I use it?
  21. BackgroundWorker RunWorkerCompleted Event
  22. What is the difference between Linq to XML Descendants and Elements
  23. what is the max limit of data into list in c#?
  24. How to programmatically click a button in WPF?
  25. How can I prevent synchronous continuations on a Task?
  26. Ignoring null fields in Json.net
  27. How do I unsubscribe all handlers from an event for a particular class in C#?
  28. How to use dependency injection in WinForms
  29. What is the fastest way to read data from a DbDataReader?
  30. Overriding Default Primitive Type Handling in Json.Net

Leave a Comment