Preface
This article is about using the .NET framework to create an encryption provider and integrate it using the same mechanism provided by the .NET platform. This article is not about the Twofish cipher itself but is used as an example cipher that can can be integrated in such a manner.
Introduction
The .NET framework supports various encryption providers such as the AES winner Rijndael. But it is possible to use the same framework to add custom encryption providers and use them in the same manner as the .NET provided ones. It is not necessary to just use it for encryption as the same framework can also be used for any form of encoding mechanism such as compression or MIME encoding. Also these transformations can be connected together via the streams so that it is possible to cascade these transformations i.e. memory -> compress -> encrypt -> encode, in a very simple manner. This technique will be familiar to people who have used Crypto++. For this purpose the .NET framework provides a base class SymmetricAlgorithm
and an interface ICryptoTransform
.
Investigation
To investigate how the .NET framework used the SymmetricAlgorithm
class and ICryptoTransform
interface I created a simple class XOR
which does a byte by byte eXclusiveOR on a block of data. A very basic and very poor encryption system but it at least lets one work out if we are using the supplied classes and interfaces correctly. I have also included this in the install but it is just a bunch of methods/properties and lots of trace statements.
Discovery
byte[] ICryptoTransform
.TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount);
- This method does not like when you return null, throws an exception, when there is no data to return. You will usually have this case when this method is called but inputCount is 0, instead you have to return new byte[0]
. This is not documented in the help files (yet).
public virtual SymmetricAlgorithm.CipherMode Mode {get; set;}
- The framework does not use this property itself to implement the various cipher modes - you must read this property when you are transforming data and act accordingly.
Twofish
Now armed with the new found knowledge I proceeded to implement the Twofish cipher in C#. I based my implementation on the reference C implementation of the Twofish cipher which can be found at Counterpane Internet Security as I do not think the optimised C implementation would port as well. I have tested the code so that it works in EBC mode and I have also implemented CBC mode as well.
Cascade
As I mentioned before it is possible to cascade these transforms such that with one call you can compress -> encrypt -> encode. In the install I have shown how one may cascade the Twofish cipher and the .NET provided Base64 transforms FromBase64Transform
and ToBase64Transform
. I haven't shown the compression step as I have yet to implement that transform.
Twofish fish = new Twofish();
System.IO.MemoryStream ms = new System.IO.MemoryStream();
ICryptoTransform encode = new ToBase64Transform();
ICryptoTransform encrypt = fish.CreateEncryptor( Key, IV);
CryptoStream cryptostreamEncode = new CryptoStream( ms, encode,
CryptoStreamMode.Write);
CryptoStream cryptostream = new CryptoStream( cryptostreamEncode, encrypt,
CryptoStreamMode.Write);
CryptoStream cryptostream = new
CryptoStream(new CryptoStream( ms,encode, CryptoStreamMode.Write),
encrypt, CryptoStreamMode.Write);
Outstanding Issues
- I have not created any random key or IV mechanism that would normally be implemented in the
GenerateIV()
and GenerateKey()
overrides.
- Need further testing to test the CBC mode and to add other cipher modes.
- Integrate a compression algorithm into a class that supports
ICryptoTransform
interface
- Optimise the code. As I mentioned before I am not too sure how to go about optimising C# code so any tips appreciated.
- The uninstall does not remove any produced files due to compilation.
History
First revision - 17 July 2002