public void TestAesKdf()
        {
            // Up to KeePass 2.34, the OtpKeyProv plugin used the public
            // CompositeKey.TransformKeyManaged method (and a finalizing
            // SHA-256 computation), which became an internal method of
            // the AesKdf class in KeePass 2.35, thus OtpKeyProv now
            // uses the AesKdf class; here we ensure that the results
            // are the same
            var r     = CryptoRandom.NewWeakRandom();
            var pbKey = new byte[32];

            r.NextBytes(pbKey);
            var pbSeed = new byte[32];

            r.NextBytes(pbSeed);
            var uRounds = (ulong)r.Next(1, 0x7FFF);

            var pbMan = new byte[pbKey.Length];

            Array.Copy(pbKey, pbMan, pbKey.Length);
            Assert.True(AesKdf.TransformKeyManaged(pbMan, pbSeed, uRounds));
            pbMan = CryptoUtil.HashSha256(pbMan);

            var kdf = new AesKdf();
            var p   = kdf.GetDefaultParameters();

            p.SetUInt64(AesKdf.ParamRounds, uRounds);
            p.SetByteArray(AesKdf.ParamSeed, pbSeed);
            var pbKdf = kdf.Transform(pbKey, p);

            Assert.True(MemUtil.ArraysEqual(pbMan, pbKdf));
        }
        public void TestIsRandomStringProtected()
        {
            var r   = CryptoRandom.NewWeakRandom();
            var str = string.Empty;
            var ps  = new ProtectedString();

            for (var i = 0; i < 100; ++i)
            {
                var bProt = ((r.Next() % 4) != 0);
                ps = ps.WithProtection(bProt);

                var x  = r.Next(str.Length + 1);
                var c  = r.Next(20);
                var ch = (char)r.Next(1, 256);

                var strIns = new string(ch, c);
                str = str.Insert(x, strIns);
                ps  = ps.Insert(x, strIns);

                Assert.That(ps.IsProtected, Is.EqualTo(bProt));
                Assert.That(ps.ReadString(), Is.EqualTo(str));

                ps = ps.WithProtection(bProt);

                x = r.Next(str.Length);
                c = r.Next(str.Length - x + 1);

                str = str.Remove(x, c);
                ps  = ps.Remove(x, c);

                Assert.That(ps.IsProtected, Is.EqualTo(bProt));
                Assert.That(ps.ReadString(), Is.EqualTo(str));
            }
        }
        public void TestSha256()
        {
            var r      = CryptoRandom.NewWeakRandom();
            var pbData = new byte[517];

            r.NextBytes(pbData);

            byte[] pbH1;
            using (var h1 = new SHA256Managed())
            {
                var i = 0;
                while (i != pbData.Length)
                {
                    var cb = r.Next(pbData.Length - i) + 1;
                    h1.TransformBlock(pbData, i, cb, pbData, i);
                    i += cb;
                }
                h1.TransformFinalBlock(MemUtil.EmptyByteArray, 0, 0);
                pbH1 = h1.Hash;
            }

            byte[] pbH2;
            using (var h2 = new SHA256Managed())
            {
                pbH2 = h2.ComputeHash(pbData);
            }

            Assert.That(MemUtil.ArraysEqual(pbH1, pbH2), Is.True);
        }
Beispiel #4
0
        /// <summary>
        /// Common program initialization function that can also be
        /// used by applications that use KeePass as a library
        /// (like e.g. KPScript).
        /// </summary>
        public static bool CommonInit()
        {
            m_bDesignMode = false;             // Again, for the ones not calling Main

            m_rndGlobal = CryptoRandom.NewWeakRandom();

            InitEnvSecurity();
            MonoWorkarounds.Initialize();

            // try { NativeMethods.SetProcessDPIAware(); }
            // catch(Exception) { }

            // Do not run as AppX, because of compatibility problems
            // (unless we're a special compatibility build)
            if (WinUtil.IsAppX && !IsBuildType(
                    "CDE75CF0D4CA04D577A5A2E6BF5D19BFD5DDBBCF89D340FBBB0E4592C04496F1"))
            {
                return(false);
            }

            try { SelfTest.TestFipsComplianceProblems(); }
            catch (Exception exFips)
            {
                MessageService.ShowWarning(KPRes.SelfTestFailed, exFips);
                return(false);
            }

            // Set global localized strings
            PwDatabase.LocalizedAppName = PwDefs.ShortProductName;
            KdbxFile.DetermineLanguageId();

            m_appConfig = AppConfigSerializer.Load();
            if (m_appConfig.Logging.Enabled)
            {
                AppLogEx.Open(PwDefs.ShortProductName);
            }

            AppPolicy.Current = m_appConfig.Security.Policy.CloneDeep();

            if (m_appConfig.Security.ProtectProcessWithDacl)
            {
                KeePassLib.Native.NativeMethods.ProtectProcessWithDacl();
            }

            m_appConfig.Apply(AceApplyFlags.All);

            m_ecasTriggers = m_appConfig.Application.TriggerSystem;
            m_ecasTriggers.SetToInitialState();

            string strHelpFile = UrlUtil.StripExtension(WinUtil.GetExecutable()) + ".chm";

            AppHelp.LocalHelpFile = strHelpFile;

            // InitEnvWorkarounds();
            LoadTranslation();

            CustomResourceManager.Override(typeof(KeePass.Properties.Resources));

            return(true);
        }
        public void TestSalsa20Cipher()
        {
            var r = CryptoRandom.NewWeakRandom();

            // Test values from official set 6, vector 3
            var pbKey = new byte[] {
                0x0F, 0x62, 0xB5, 0x08, 0x5B, 0xAE, 0x01, 0x54,
                0xA7, 0xFA, 0x4D, 0xA0, 0xF3, 0x46, 0x99, 0xEC,
                0x3F, 0x92, 0xE5, 0x38, 0x8B, 0xDE, 0x31, 0x84,
                0xD7, 0x2A, 0x7D, 0xD0, 0x23, 0x76, 0xC9, 0x1C
            };
            var pbIv = new byte[] { 0x28, 0x8F, 0xF6, 0x5D,
                                    0xC4, 0x2B, 0x92, 0xF9 };
            var pbExpected = new byte[] {
                0x5E, 0x5E, 0x71, 0xF9, 0x01, 0x99, 0x34, 0x03,
                0x04, 0xAB, 0xB2, 0x2A, 0x37, 0xB6, 0x62, 0x5B
            };

            var pb = new byte[16];
            var c  = new Salsa20Cipher(pbKey, pbIv);

            c.Encrypt(pb, 0, pb.Length);
            Assert.That(MemUtil.ArraysEqual(pb, pbExpected), Is.True);

            // Extended test
            var pbExpected2 = new byte[] {
                0xAB, 0xF3, 0x9A, 0x21, 0x0E, 0xEE, 0x89, 0x59,
                0x8B, 0x71, 0x33, 0x37, 0x70, 0x56, 0xC2, 0xFE
            };
            var pbExpected3 = new byte[] {
                0x1B, 0xA8, 0x9D, 0xBD, 0x3F, 0x98, 0x83, 0x97,
                0x28, 0xF5, 0x67, 0x91, 0xD5, 0xB7, 0xCE, 0x23
            };

            var nPos = Salsa20ToPos(c, r, pb.Length, 65536);

            Array.Clear(pb, 0, pb.Length);
            c.Encrypt(pb, 0, pb.Length);
            Assert.That(MemUtil.ArraysEqual(pb, pbExpected2), Is.True);

            Salsa20ToPos(c, r, nPos + pb.Length, 131008);
            Array.Clear(pb, 0, pb.Length);
            c.Encrypt(pb, 0, pb.Length);
            Assert.That(MemUtil.ArraysEqual(pb, pbExpected3), Is.True);

            var       d       = new Dictionary <string, bool>();
            const int nRounds = 100;

            for (var i = 0; i < nRounds; ++i)
            {
                var z = new byte[32];
                c = new Salsa20Cipher(z, MemUtil.Int64ToBytes(i));
                c.Encrypt(z, 0, z.Length);
                d[MemUtil.ByteArrayToHexString(z)] = true;
            }
            Assert.That(d.Count, Is.EqualTo(nRounds));
        }
        /// <summary>
        /// Common program initialization function that can also be
        /// used by applications that use KeePass as a library
        /// (like e.g. KPScript).
        /// </summary>
        public static bool CommonInit()
        {
            m_bDesignMode = false;             // Again, for the ones not calling Main

            m_rndGlobal = CryptoRandom.NewWeakRandom();

            InitEnvSecurity();
            MonoWorkarounds.Initialize();

            // try { NativeMethods.SetProcessDPIAware(); }
            // catch(Exception) { }

            try { SelfTest.TestFipsComplianceProblems(); }
            catch (Exception exFips)
            {
                MessageService.ShowWarning(KPRes.SelfTestFailed, exFips);
                return(false);
            }

            // Set global localized strings
            PwDatabase.LocalizedAppName = PwDefs.ShortProductName;
            KdbxFile.DetermineLanguageId();

            m_appConfig = AppConfigSerializer.Load();
            if (m_appConfig.Logging.Enabled)
            {
                AppLogEx.Open(PwDefs.ShortProductName);
            }

            AppPolicy.Current = m_appConfig.Security.Policy.CloneDeep();

            m_appConfig.Apply(AceApplyFlags.All);

            m_ecasTriggers = m_appConfig.Application.TriggerSystem;
            m_ecasTriggers.SetToInitialState();

            string strHelpFile = UrlUtil.StripExtension(WinUtil.GetExecutable()) + ".chm";

            AppHelp.LocalHelpFile = strHelpFile;

            // InitEnvWorkarounds();
            LoadTranslation();

            CustomResourceManager.Override(typeof(KeePass.Properties.Resources));

            return(true);
        }
Beispiel #7
0
        public void TestBlake2bString()
        {
            // ======================================================
            // Computed using the official b2sum tool
            Blake2b h = new Blake2b();

            string        strS = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.:,;_-\r\n";
            StringBuilder sb   = new StringBuilder();

            for (int i = 0; i < 1000; ++i)
            {
                sb.Append(strS);
            }
            var pbData = StrUtil.Utf8.GetBytes(sb.ToString());

            var pbExpc = new byte[64] {
                0x59, 0x69, 0x8D, 0x3B, 0x83, 0xF4, 0x02, 0x4E,
                0xD8, 0x99, 0x26, 0x0E, 0xF4, 0xE5, 0x9F, 0x20,
                0xDC, 0x31, 0xEE, 0x5B, 0x45, 0xEA, 0xBB, 0xFC,
                0x1C, 0x0A, 0x8E, 0xED, 0xAA, 0x7A, 0xFF, 0x50,
                0x82, 0xA5, 0x8F, 0xBC, 0x4A, 0x46, 0xFC, 0xC5,
                0xEF, 0x44, 0x4E, 0x89, 0x80, 0x7D, 0x3F, 0x1C,
                0xC1, 0x94, 0x45, 0xBB, 0xC0, 0x2C, 0x95, 0xAA,
                0x3F, 0x08, 0x8A, 0x93, 0xF8, 0x75, 0x91, 0xB0
            };

            Random r = CryptoRandom.NewWeakRandom();
            int    p = 0;

            while (p < pbData.Length)
            {
                int cb = r.Next(1, pbData.Length - p + 1);
                h.TransformBlock(pbData, p, cb, pbData, p);
                p += cb;
            }
            Assert.Equal(p, pbData.Length);

            h.TransformFinalBlock(new byte[0], 0, 0);

            Assert.True(MemUtil.ArraysEqual(h.Hash, pbExpc));

            h.Clear();
        }
Beispiel #8
0
        /// <summary>
        /// Common program initialization function that can also be
        /// used by applications that use KeePass as a library
        /// (like e.g. KPScript).
        /// </summary>
        public static bool CommonInit()
        {
            m_bDesignMode = false;             // Again, for the ones not calling Main

            m_rndGlobal = CryptoRandom.NewWeakRandom();

            InitEnvSecurity();
            MonoWorkarounds.Initialize();

            // Do not run as AppX, because of compatibility problems
            if (WinUtil.IsAppX)
            {
                return(false);
            }

            try { SelfTest.TestFipsComplianceProblems(); }
            catch (Exception exFips)
            {
                MessageService.ShowWarning(KPRes.SelfTestFailed, exFips);
                return(false);
            }

            // Set global localized strings
            PwDatabase.LocalizedAppName = PwDefs.ShortProductName;
            KdbxFile.DetermineLanguageId();

            m_appConfig = AppConfigSerializer.Load();
            if (m_appConfig.Logging.Enabled)
            {
                AppLogEx.Open(PwDefs.ShortProductName);
            }

            AppPolicy.Current = m_appConfig.Security.Policy.CloneDeep();
            AppPolicy.ApplyToConfig();

            if (m_appConfig.Security.ProtectProcessWithDacl)
            {
                KeePassLib.Native.NativeMethods.ProtectProcessWithDacl();
            }

            m_appConfig.Apply(AceApplyFlags.All);

            m_ecasTriggers = m_appConfig.Application.TriggerSystem;
            m_ecasTriggers.SetToInitialState();

            // InitEnvWorkarounds();
            LoadTranslation();

            CustomResourceManager.Override(typeof(KeePass.Properties.Resources));

#if KP_DEVSNAP
            if (!m_bAsmResReg)
            {
                AppDomain.CurrentDomain.AssemblyResolve += Program.AssemblyResolve;
                m_bAsmResReg = true;
            }
            else
            {
                Debug.Assert(false);
            }
#endif

            return(true);
        }
        public void TestChacha20Cipher()
        {
            // ======================================================
            // Test vector from RFC 7539, section 2.3.2

            var pbKey = new byte[32];

            for (var i = 0; i < 32; ++i)
            {
                pbKey[i] = (byte)i;
            }

            var pbIV = new byte[12];

            pbIV[3] = 0x09;
            pbIV[7] = 0x4A;

            var pbExpc = new byte[] {
                0x10, 0xF1, 0xE7, 0xE4, 0xD1, 0x3B, 0x59, 0x15,
                0x50, 0x0F, 0xDD, 0x1F, 0xA3, 0x20, 0x71, 0xC4,
                0xC7, 0xD1, 0xF4, 0xC7, 0x33, 0xC0, 0x68, 0x03,
                0x04, 0x22, 0xAA, 0x9A, 0xC3, 0xD4, 0x6C, 0x4E,
                0xD2, 0x82, 0x64, 0x46, 0x07, 0x9F, 0xAA, 0x09,
                0x14, 0xC2, 0xD7, 0x05, 0xD9, 0x8B, 0x02, 0xA2,
                0xB5, 0x12, 0x9C, 0xD1, 0xDE, 0x16, 0x4E, 0xB9,
                0xCB, 0xD0, 0x83, 0xE8, 0xA2, 0x50, 0x3C, 0x4E
            };

            var pb = new byte[64];

            using (var chaCha20Cipher1 = new ChaCha20Cipher(pbKey, pbIV))
            {
                chaCha20Cipher1.Seek(64, SeekOrigin.Begin); // Skip first block
                chaCha20Cipher1.Encrypt(pb, 0, pb.Length);

                Assert.That(MemUtil.ArraysEqual(pb, pbExpc), Is.True);
            }

#if DEBUG
            // ======================================================
            // Test vector from RFC 7539, section 2.4.2

            pbIV[3] = 0;

            pb = StrUtil.Utf8.GetBytes("Ladies and Gentlemen of the clas" +
                                       @"s of '99: If I could offer you only one tip for " +
                                       @"the future, sunscreen would be it.");

            pbExpc = new byte[] {
                0x6E, 0x2E, 0x35, 0x9A, 0x25, 0x68, 0xF9, 0x80,
                0x41, 0xBA, 0x07, 0x28, 0xDD, 0x0D, 0x69, 0x81,
                0xE9, 0x7E, 0x7A, 0xEC, 0x1D, 0x43, 0x60, 0xC2,
                0x0A, 0x27, 0xAF, 0xCC, 0xFD, 0x9F, 0xAE, 0x0B,
                0xF9, 0x1B, 0x65, 0xC5, 0x52, 0x47, 0x33, 0xAB,
                0x8F, 0x59, 0x3D, 0xAB, 0xCD, 0x62, 0xB3, 0x57,
                0x16, 0x39, 0xD6, 0x24, 0xE6, 0x51, 0x52, 0xAB,
                0x8F, 0x53, 0x0C, 0x35, 0x9F, 0x08, 0x61, 0xD8,
                0x07, 0xCA, 0x0D, 0xBF, 0x50, 0x0D, 0x6A, 0x61,
                0x56, 0xA3, 0x8E, 0x08, 0x8A, 0x22, 0xB6, 0x5E,
                0x52, 0xBC, 0x51, 0x4D, 0x16, 0xCC, 0xF8, 0x06,
                0x81, 0x8C, 0xE9, 0x1A, 0xB7, 0x79, 0x37, 0x36,
                0x5A, 0xF9, 0x0B, 0xBF, 0x74, 0xA3, 0x5B, 0xE6,
                0xB4, 0x0B, 0x8E, 0xED, 0xF2, 0x78, 0x5E, 0x42,
                0x87, 0x4D
            };

            var pb64 = new byte[64];

            using (var chaCha20Cipher2 = new ChaCha20Cipher(pbKey, pbIV))
            {
                chaCha20Cipher2.Encrypt(pb64, 0, pb64.Length); // Skip first block
                chaCha20Cipher2.Encrypt(pb, 0, pb.Length);

                Assert.That(MemUtil.ArraysEqual(pb, pbExpc), Is.True);
            }

            // ======================================================
            // Test vector from RFC 7539, appendix A.2 #2

            Array.Clear(pbKey, 0, pbKey.Length);
            pbKey[31] = 1;

            Array.Clear(pbIV, 0, pbIV.Length);
            pbIV[11] = 2;

            pb = StrUtil.Utf8.GetBytes("Any submission to the IETF inten" +
                                       "ded by the Contributor for publication as all or" +
                                       " part of an IETF Internet-Draft or RFC and any s" +
                                       "tatement made within the context of an IETF acti" +
                                       "vity is considered an \"IETF Contribution\". Such " +
                                       "statements include oral statements in IETF sessi" +
                                       "ons, as well as written and electronic communica" +
                                       "tions made at any time or place, which are addressed to");

            pbExpc = MemUtil.HexStringToByteArray(
                "A3FBF07DF3FA2FDE4F376CA23E82737041605D9F4F4F57BD8CFF2C1D4B7955EC" +
                "2A97948BD3722915C8F3D337F7D370050E9E96D647B7C39F56E031CA5EB6250D" +
                "4042E02785ECECFA4B4BB5E8EAD0440E20B6E8DB09D881A7C6132F420E527950" +
                "42BDFA7773D8A9051447B3291CE1411C680465552AA6C405B7764D5E87BEA85A" +
                "D00F8449ED8F72D0D662AB052691CA66424BC86D2DF80EA41F43ABF937D3259D" +
                "C4B2D0DFB48A6C9139DDD7F76966E928E635553BA76C5C879D7B35D49EB2E62B" +
                "0871CDAC638939E25E8A1E0EF9D5280FA8CA328B351C3C765989CBCF3DAA8B6C" +
                "CC3AAF9F3979C92B3720FC88DC95ED84A1BE059C6499B9FDA236E7E818B04B0B" +
                "C39C1E876B193BFE5569753F88128CC08AAA9B63D1A16F80EF2554D7189C411F" +
                "5869CA52C5B83FA36FF216B9C1D30062BEBCFD2DC5BCE0911934FDA79A86F6E6" +
                "98CED759C3FF9B6477338F3DA4F9CD8514EA9982CCAFB341B2384DD902F3D1AB" +
                "7AC61DD29C6F21BA5B862F3730E37CFDC4FD806C22F221");

            using (var msEnc = new MemoryStream())
            {
                using (var chaCha20Stream = new ChaCha20Stream(msEnc, true, pbKey, pbIV))
                {
                    var r = CryptoRandom.NewWeakRandom();
                    r.NextBytes(pb64);
                    chaCha20Stream.Write(pb64, 0, pb64.Length); // Skip first block

                    var p = 0;
                    while (p < pb.Length)
                    {
                        var cb = r.Next(1, pb.Length - p + 1);
                        chaCha20Stream.Write(pb, p, cb);
                        p += cb;
                    }
                    Debug.Assert(p == pb.Length);
                }

                var pbEnc0 = msEnc.ToArray();
                var pbEnc  = MemUtil.Mid(pbEnc0, 64, pbEnc0.Length - 64);
                Assert.That(MemUtil.ArraysEqual(pbEnc, pbExpc), Is.True);

                using var msCT = new MemoryStream(pbEnc0, false);
                using var cDec = new ChaCha20Stream(msCT, false, pbKey, pbIV);
                var pbPT = MemUtil.Read(cDec, pbEnc0.Length);

                Assert.That(cDec.ReadByte(), Is.LessThan(0));
                Assert.That(MemUtil.ArraysEqual(MemUtil.Mid(pbPT, 0, 64), pb64), Is.True);
                Assert.That(MemUtil.ArraysEqual(MemUtil.Mid(pbPT, 64, pbEnc.Length), pb), Is.True);
            }

            // ======================================================
            // Test vector TC8 from RFC draft by J. Strombergson:
            // https://tools.ietf.org/html/draft-strombergson-chacha-test-vectors-01

            pbKey = new byte[] {
                0xC4, 0x6E, 0xC1, 0xB1, 0x8C, 0xE8, 0xA8, 0x78,
                0x72, 0x5A, 0x37, 0xE7, 0x80, 0xDF, 0xB7, 0x35,
                0x1F, 0x68, 0xED, 0x2E, 0x19, 0x4C, 0x79, 0xFB,
                0xC6, 0xAE, 0xBE, 0xE1, 0xA6, 0x67, 0x97, 0x5D
            };

            // The first 4 bytes are set to zero and a large counter
            // is used; this makes the RFC 7539 version of ChaCha20
            // compatible with the original specification by
            // D. J. Bernstein.
            pbIV = new byte[] { 0x00, 0x00, 0x00, 0x00,
                                0x1A, 0xDA, 0x31, 0xD5, 0xCF, 0x68, 0x82, 0x21 };

            pb = new byte[128];

            pbExpc = new byte[] {
                0xF6, 0x3A, 0x89, 0xB7, 0x5C, 0x22, 0x71, 0xF9,
                0x36, 0x88, 0x16, 0x54, 0x2B, 0xA5, 0x2F, 0x06,
                0xED, 0x49, 0x24, 0x17, 0x92, 0x30, 0x2B, 0x00,
                0xB5, 0xE8, 0xF8, 0x0A, 0xE9, 0xA4, 0x73, 0xAF,
                0xC2, 0x5B, 0x21, 0x8F, 0x51, 0x9A, 0xF0, 0xFD,
                0xD4, 0x06, 0x36, 0x2E, 0x8D, 0x69, 0xDE, 0x7F,
                0x54, 0xC6, 0x04, 0xA6, 0xE0, 0x0F, 0x35, 0x3F,
                0x11, 0x0F, 0x77, 0x1B, 0xDC, 0xA8, 0xAB, 0x92,

                0xE5, 0xFB, 0xC3, 0x4E, 0x60, 0xA1, 0xD9, 0xA9,
                0xDB, 0x17, 0x34, 0x5B, 0x0A, 0x40, 0x27, 0x36,
                0x85, 0x3B, 0xF9, 0x10, 0xB0, 0x60, 0xBD, 0xF1,
                0xF8, 0x97, 0xB6, 0x29, 0x0F, 0x01, 0xD1, 0x38,
                0xAE, 0x2C, 0x4C, 0x90, 0x22, 0x5B, 0xA9, 0xEA,
                0x14, 0xD5, 0x18, 0xF5, 0x59, 0x29, 0xDE, 0xA0,
                0x98, 0xCA, 0x7A, 0x6C, 0xCF, 0xE6, 0x12, 0x27,
                0x05, 0x3C, 0x84, 0xE4, 0x9A, 0x4A, 0x33, 0x32
            };

            using var c = new ChaCha20Cipher(pbKey, pbIV, true);
            c.Decrypt(pb, 0, pb.Length);

            Assert.That(MemUtil.ArraysEqual(pb, pbExpc), Is.True);
#endif
        }