/// <summary>
/// Initializes a new instance of the <see cref="AuthenticationFlowTest"/> class.
/// </summary>
/// <param name="outputHelper">The test output helper.</param>
public AuthenticationFlowTest(ITestOutputHelper outputHelper)
{
this.outputHelper = outputHelper;
this.testDatabase = new TestDatabase(outputHelper);
this.dbContext = this.testDatabase.CreateContext();
this.identityInstance = IdentityTestHelper.CreateInstance(this.testDatabase, this.outputHelper);
this.usedHttpContext = new DefaultHttpContext();
this.httpConctextAccessorMock = new Mock <IHttpContextAccessor>();
this.jwtCrypoMock = new Mock <IJwtCryptoProvider>();
this.momentMock = MomentTestHelper.CreateMomentMock();
this.optionsMonitorMock = OptionsTestHelper.CreateBackendOptionsMock();
this.randomGenerator = new SecureRandomGenerator();
this.loggerFactory = LoggingTestHelper.CreateLoggerFactory(this.outputHelper);
this.httpConctextAccessorMock.SetupGet(m => m.HttpContext).Returns(this.usedHttpContext);
this.jwtCrypoMock.SetupGet(c => c.Algorithm).Returns(SigningAlgorithm);
this.jwtCrypoMock.SetupGet(c => c.SecurityKey).Returns(SigningKey);
this.authenticationFlow = new AuthenticationFlow(
this.httpConctextAccessorMock.Object,
this.jwtCrypoMock.Object,
this.identityInstance.UserManager,
this.dbContext,
this.randomGenerator,
this.momentMock.Object,
this.optionsMonitorMock.Object,
this.loggerFactory.CreateLogger <AuthenticationFlow>());
}
public void TestShort()
{
var bytes = SecureRandomGenerator.GetBytes(SymmetricCrypter.NONCE_SIZE + SymmetricCrypter.TAG_SIZE - 1);
var crypter = new SymmetricCrypter(SecureRandomGenerator.GetBytes(32));
Assert.IsTrue(crypter.Decrypt(bytes).Error is SymmetricCrypter.MessageTooShortError);
}
public byte[] GenerateBinaryKey()
{
const string originalLookupIndex = "SecureMemo";
using var secureRnd = new SecureRandomGenerator();
MemoryStream ms = new MemoryStream();
byte[] buffer = secureRnd.GetRandomData(secureRnd.GetRandomInt(29, 221));
ms.Write(buffer, 0, buffer.Length);
buffer = GeneralConverters.ConvertStringToByteArray(Encoding.ASCII, originalLookupIndex);
ms.Write(buffer, 0, buffer.Length);
buffer = secureRnd.GetRandomData(secureRnd.GetRandomInt(29, 221));
ms.Write(buffer, 0, buffer.Length);
buffer = ms.ToArray();
// ReSharper disable once SuggestVarOrType_Elsewhere
for (int i = 0; i < secureRnd.GetRandomInt(83, 101); i++)
{
// Tick count being tracked by .Net using 32 bit integers for some strange reason when the WIN_API CALL uses ulong and thus not overflowing in 24 days and 20 hours.
int tickCount = Environment.TickCount;
// Just inject a small amount of noise for each iteration
int pos = tickCount % buffer.Length;
buffer[pos] ^= (byte)(tickCount % byte.MaxValue);
buffer = SHA512.GetSHA512HashAsByteArray(buffer);
}
buffer = SHA256.GetSHA256HashAsByteArray(buffer);
return(buffer);
}
public SshKeyProvider(EncodingWrapper encoding, Base64Wrapper base64, IRsaKeyProvider rsaKeyProvider, IDsaKeyProvider dsaKeyProvider, IEcKeyProvider ecKeyProvider, SecureRandomGenerator randomGenerator)
{
this.encoding = encoding;
this.base64 = base64;
this.rsaKeyProvider = rsaKeyProvider;
this.dsaKeyProvider = dsaKeyProvider;
this.ecKeyProvider = ecKeyProvider;
this.randomGenerator = randomGenerator;
sshSupportedCurves = new []
{
new [] { "curve25519" },
new [] { "P-256", "secp256r1", "prime256v1" },
new [] { "P-384", "secp384r1" },
new [] { "P-521", "secp521r1" }
};
sshCurveHeaders = new Dictionary <string, string>
{
{ "curve25519", "ssh-ed25519" },
{ "P-256", "ecdsa-sha2-nistp256" },
{ "P-384", "ecdsa-sha2-nistp384" },
{ "P-521", "ecdsa-sha2-nistp521" }
};
sshCurveIdentifiers = new Dictionary <string, string>
{
{ "curve25519", "ed25519" },
{ "P-256", "nistp256" },
{ "P-384", "nistp384" },
{ "P-521", "nistp521" }
};
}
public void SetupAsymmetricKeyProviderTest()
{
var configuration = Mock.Of <IConfiguration>(c => c.Get <int>("SaltLengthInBytes") == 100 &&
c.Get <int>("KeyDerivationIterationCount") == 10);
var secureRandom = new SecureRandomGenerator();
var asymmetricKeyPairGenerator = new AsymmetricKeyPairGenerator(secureRandom);
var primeMapper = new Rfc3526PrimeMapper();
var fieldMapper = new FieldToCurveNameMapper();
rsaKeyProvider = new RsaKeyProvider(asymmetricKeyPairGenerator);
dsaKeyProvider = new DsaKeyProvider(asymmetricKeyPairGenerator);
ecKeyProvider = new EcKeyProvider(asymmetricKeyPairGenerator, fieldMapper);
elGamalKeyProvider = new ElGamalKeyProvider(asymmetricKeyPairGenerator, primeMapper);
cipherTypeMapper = new OidToCipherTypeMapper();
keyInfoWrapper = new Mock <KeyInfoWrapper>();
SetupValidKeyInfo();
SetupValidKeyProvider();
pkcsEncryptionProvider = new KeyEncryptionProvider(configuration, secureRandom, keyProvider, new Pkcs12KeyEncryptionGenerator(), new AesKeyEncryptionGenerator());
rsaKeyPair = rsaKeyProvider.CreateKeyPair(2048);
dsaKeyPair = dsaKeyProvider.CreateKeyPair(2048);
ecKeyPair = ecKeyProvider.CreateKeyPair("secp384r1");
elGamalKeyPair = elGamalKeyProvider.CreateKeyPair(2048, true);
}
public void VerifySignatureTestSetup()
{
file = new Mock <FileWrapper>();
file.Setup(f => f.ReadAllBytes(It.IsAny <string>()))
.Returns <string>(givenFile => files[givenFile]);
console = new Mock <ConsoleWrapper>();
Container container = ContainerProvider.GetContainer();
container.Register <FileWrapper>(() => file.Object);
container.Register <ConsoleWrapper>(() => console.Object);
var asymmetricKeyPairGenerator = new AsymmetricKeyPairGenerator(new SecureRandomGenerator());
var primeMapper = new Rfc3526PrimeMapper();
var curveNameMapper = new FieldToCurveNameMapper();
rsaKeyProvider = new RsaKeyProvider(asymmetricKeyPairGenerator);
dsaKeyProvider = new DsaKeyProvider(asymmetricKeyPairGenerator);
ecKeyProvider = new EcKeyProvider(asymmetricKeyPairGenerator, curveNameMapper);
elGamalKeyProvider = new ElGamalKeyProvider(asymmetricKeyPairGenerator, primeMapper);
signatureProvider = new SignatureProvider(new SignatureAlgorithmIdentifierMapper(), new SecureRandomGenerator(), new SignerUtilitiesWrapper());
pkcs8PemFormatter = new Pkcs8PemFormattingProvider(new AsymmetricKeyProvider(new OidToCipherTypeMapper(), new KeyInfoWrapper(), rsaKeyProvider, dsaKeyProvider, ecKeyProvider, elGamalKeyProvider));
base64 = new Base64Wrapper();
encoding = new EncodingWrapper();
random = new SecureRandomGenerator();
}
public void SetupRsaKeyProviderTest()
{
var secureRandomGenerator = new SecureRandomGenerator();
var asymmetricKeyGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator);
keyProvider = new RsaKeyProvider(asymmetricKeyGenerator);
}
public string GenerateKey()
{
const string originalLookupIndex = "SecureMemo";
string key;
using var secureRnd = new SecureRandomGenerator();
string tmp = secureRnd.GetPasswordString(secureRnd.GetRandomInt(29, 221)) + originalLookupIndex + secureRnd.GetPasswordString(secureRnd.GetRandomInt(29, 221));
// ReSharper disable once SuggestVarOrType_Elsewhere
byte[] buffer = GeneralConverters.ConvertStringToByteArray(Encoding.ASCII, tmp);
for (int i = 0; i < secureRnd.GetRandomInt(83, 101); i++)
{
// Tick count being tracked by .Net using 32 bit integers for some strange reason when the WIN_API CALL uses ulong and thus not overflowing in 24 days and 20 hours.
int tickCount = Environment.TickCount;
// Just inject a small amount of noise for each iteration
int pos = tickCount % buffer.Length;
buffer[pos] ^= (byte)(tickCount % byte.MaxValue);
buffer = SHA512.GetSHA512HashAsByteArray(buffer);
}
buffer = SHA256.GetSHA256HashAsByteArray(buffer);
key = Convert.ToBase64String(buffer, 0, buffer.Length, Base64FormattingOptions.None).Trim("=".ToCharArray());
return(key);
}
private string GetDefaultPassword()
{
try
{
string defaultKey = _applicationSettingsService.Settings.DefaultKey;
if (defaultKey != null && defaultKey.Length == 256)
{
return(defaultKey);
}
string previousKey = defaultKey;
defaultKey = new SecureRandomGenerator().GetAlphaNumericString(256);
_applicationSettingsService.Settings.DefaultKey = defaultKey;
_applicationSettingsService.SetSettingsStateModified();
_applicationSettingsService.SaveSettings();
Log.Information("New default bookmark key was created and saved. Previous key was: {previousKey}", previousKey);
return(defaultKey);
}
catch (Exception e)
{
Log.Error(e, "GetDefaultPassword");
return("CodeRed");
}
}
public void TestValid(int length)
{
var contract = SecureRandomGenerator.GetBytes(length);
var signature = privateIdentity.Sign(contract);
Assert.IsTrue(publicIdentity.Verify(contract, signature));
}
public void SetupDsaKeyProviderTest()
{
var secureRandomGenerator = new SecureRandomGenerator();
var keyGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator);
keyProvider = new DsaKeyProvider(keyGenerator);
keyPair = keyProvider.CreateKeyPair(2048);
}
public void TestTampered()
{
var bytes = SecureRandomGenerator.GetBytes(100);
var encrypted = crypter.Encrypt(bytes);
encrypted[0]++;
Assert.IsTrue(crypter.Decrypt(encrypted).Error is SymmetricCrypter.TamperedMessageError);
}
public void TestChangedSignature(int length)
{
var contract = SecureRandomGenerator.GetBytes(length);
var signature = privateIdentity.Sign(contract);
signature[0]++;
Assert.IsFalse(publicIdentity.Verify(contract, signature));
}
public KeyEncryptionProvider(IConfiguration configuration, SecureRandomGenerator secureRandomGenerator, IAsymmetricKeyProvider keyProvider, Pkcs12KeyEncryptionGenerator pkcsEncryptionGenerator, AesKeyEncryptionGenerator aesEncryptionGenerator)
{
this.configuration = configuration;
this.secureRandomGenerator = secureRandomGenerator;
this.keyProvider = keyProvider;
this.pkcsEncryptionGenerator = pkcsEncryptionGenerator;
this.aesEncryptionGenerator = aesEncryptionGenerator;
}
public async Task TestValid(int length)
{
var bytes = SecureRandomGenerator.GetBytes(length);
var sent = a.Send(bytes);
var message = await b.Receive();
Assert.IsTrue(await sent);
Assert.IsTrue(Enumerable.SequenceEqual <byte>(bytes, message.Value));
}
public void SetupEncryptKey()
{
var secureRandomGenerator = new SecureRandomGenerator();
var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandomGenerator));
keyPair = rsaProvider.CreateKeyPair(1024);
secureRandom.Setup(sr => sr.NextBytes(100))
.Returns(new byte[] { 0x07 });
}
public void SetupElGamalKeyProviderTest()
{
var secureRandomGenerator = new SecureRandomGenerator();
var keyGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator);
var primeMapper = new Rfc3526PrimeMapper();
keyProvider = new ElGamalKeyProvider(keyGenerator, primeMapper);
keyPair = keyProvider.CreateKeyPair(2048, true);
}
public void Setup()
{
generator = new AesKeyEncryptionGenerator();
var secureRandom = new SecureRandomGenerator();
var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandom));
keyPair = rsaProvider.CreateKeyPair(1024);
encryptedKey = generator.Encrypt("keypassword", new byte[] { 0x01, 0x02 }, 100, keyPair.PrivateKey.Content);
}
public void SetupDecrypt()
{
var secureRandomGenerator = new SecureRandomGenerator();
var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandomGenerator));
keyPair = rsaProvider.CreateKeyPair(1024);
var oidToCipherTypeMapper = new OidToCipherTypeMapper();
encryptionProvider = new KeyEncryptionProvider(configuration, secureRandomGenerator, new AsymmetricKeyProvider(oidToCipherTypeMapper, new KeyInfoWrapper(), rsaProvider, null, null, null), new Pkcs12KeyEncryptionGenerator(), new AesKeyEncryptionGenerator());
}
public void SetupPkcsEncryptionGeneratorTest()
{
encryptionGenerator = new Pkcs12KeyEncryptionGenerator();
var secureRandom = new SecureRandomGenerator();
var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandom));
keyPair = rsaProvider.CreateKeyPair(1024);
encryptedKey = encryptionGenerator.Encrypt("fooBar", new byte[] { 0x01, 0x02 }, 10, keyPair.PrivateKey.Content);
}
public static string GenerateKey(SecretKeyLength skLength)
{
int keyLength = (int)skLength;
string generatedKey;
using (var secureRng = new SecureRandomGenerator())
{
generatedKey = secureRng.GetBase32String(keyLength);
}
return(generatedKey);
}
public void ShouldReturnValidKey()
{
var algorithmMapper = new SignatureAlgorithmIdentifierMapper();
var secureRandom = new SecureRandomGenerator();
var signatureProvider = new SignatureProvider(algorithmMapper, secureRandom, new SignerUtilitiesWrapper());
byte[] data = secureRandom.NextBytes(100);
IAsymmetricKey result = keyProvider.GetPrivateKey(rsaKeyPair.PrivateKey.Content);
Signature signature = signatureProvider.CreateSignature(result, data);
Assert.IsTrue(signatureProvider.VerifySignature(rsaKeyPair.PublicKey, signature));
}
private async void btnGenerate_Click(object sender, EventArgs e)
{
if (txtSSId.Text.Length > 0 && !IsValidSsid())
{
MessageBox.Show(this, "Invalid SSID, if you want to generate a password and QR code without SSID please leave the SSID field empty", "Invalid caracters", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
var secureRandomGenerator = new SecureRandomGenerator();
txtGeneratedPassword.Text = await secureRandomGenerator.GetRandomStringFromPasswordType(_activeSettings.PasswordType, _activeSettings.PasswordLength);
// Always generate QR even if the SSID is invalid, but inform instead.
await GnerateQrCode().ConfigureAwait(true);
}
public void TestSymmetry()
{
byte[] key = SecureRandomGenerator.GetBytes(32);
var a = new KDFRatchet(key);
var b = new KDFRatchet(key);
for (int i = 0; i < 100; i++)
{
byte[] input = SecureRandomGenerator.GetBytes(32);
var outputA = a.Turn(input);
var outputB = b.Turn(input);
CollectionAssert.AreEqual(outputA, outputB);
}
}
public void SetupSignatureProviderTest()
{
algorithmIdentifierMapper = new SignatureAlgorithmIdentifierMapper();
secureRandomGenerator = new SecureRandomGenerator();
signatureProvider = new SignatureProvider(algorithmIdentifierMapper, secureRandomGenerator, new SignerUtilitiesWrapper());
content = secureRandomGenerator.NextBytes(2000);
keys = new Dictionary <CipherType, IAsymmetricKeyPair>();
var rsaGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator);
var rsaKeyProvider = new RsaKeyProvider(rsaGenerator);
IAsymmetricKeyPair keyPair = rsaKeyProvider.CreateKeyPair(2048);
keys.Add(keyPair.PrivateKey.CipherType, keyPair);
}
private async void btnGenerate_Click(object sender, EventArgs e)
{
if (!IsValidSsid() && txtSSId.Text.Length > 0)
{
MessageBox.Show(this, "QR Code was created with the password but The SSID is invalid", "Invalid characters", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
return;
}
var secureRandomGenerator = new SecureRandomGenerator();
txtGeneratedPassword.Text = await secureRandomGenerator.GetRandomStringFromPasswordType(_activeSettings.PasswordType, _activeSettings.PasswordLength);
// Always generate QR even if the SSID is invalid, but inform instead.
btnGenerate.Enabled = false;
await GenerateQrCode();
btnGenerate.Enabled = true;
}
/// <summary>
/// Protects an insecure connection.
/// </summary>
/// <param name="initiator">Set to <see langword="true"/> if a client,
/// <see langword="false"/> if a server.</param>
public static async Task <ProtectedMessenger> Protect(SocketMessenger socketMessenger, bool initiator)
{
// Perform a key exchange.
var exchanger = new KeyExchanger();
var sent = socketMessenger.Send(exchanger.Token);
var token = await socketMessenger.Receive().ConfigureAwait(false);
if (token.IsError)
{
throw new Exception(token.Error.GetType().ToString());
}
var key = exchanger.KeyFromToken(token.Value);
var result = await sent;
if (result.IsError)
{
throw new Exception(result.Error.GetType().ToString());
}
// Send test data.
var protectedMessenger = new ProtectedMessenger(socketMessenger, key, initiator);
byte[] myValues = SecureRandomGenerator.GetBytes(32);
var a = protectedMessenger.Send(myValues);
// Echo bytes back.
var integrityChallenge = await protectedMessenger.Receive().ConfigureAwait(false);
var b = protectedMessenger.Send(integrityChallenge);
await Task.WhenAll(a, b).ConfigureAwait(false);
// Check integrity of test data.
var integrityCheck = await protectedMessenger.Receive();
if (!Enumerable.SequenceEqual <byte>(myValues, integrityCheck))
{
throw new Exception("Could not verify connection!");
}
// Return protected messenger, as the connection has been validated.
return(protectedMessenger);
}
public void SetupFormattingProviderTest()
{
var secureRandom = new SecureRandomGenerator();
rsaKeyProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandom));
keyPair = rsaKeyProvider.CreateKeyPair(2048);
var oidMapper = new OidToCipherTypeMapper();
var asymmetricKeyConverter = new AsymmetricKeyProvider(oidMapper, new KeyInfoWrapper(), rsaKeyProvider, null, null, null);
pkcs8PemFormattingProvider = new Pkcs8PemFormattingProvider(asymmetricKeyConverter);
var configuration = Mock.Of <IConfiguration>(m => m.Get <int>("SaltLengthInBytes") == 100 &&
m.Get <int>("KeyDerivationIterationCount") == 1);
var encryptionProvider = new KeyEncryptionProvider(configuration, secureRandom, asymmetricKeyConverter, new Pkcs12KeyEncryptionGenerator(), new AesKeyEncryptionGenerator());
pkcsEncryptedKey = encryptionProvider.EncryptPrivateKey(keyPair.PrivateKey, "password", EncryptionType.Pkcs);
aesEncryptedKey = encryptionProvider.EncryptPrivateKey(keyPair.PrivateKey, "password", EncryptionType.Aes);
}
public void SetupGetAsDer()
{
var secureRandom = new SecureRandomGenerator();
var asymmetricKeyPairGenerator = new AsymmetricKeyPairGenerator(secureRandom);
var rsaKeyProvider = new RsaKeyProvider(asymmetricKeyPairGenerator);
var dsaKeyProvider = new DsaKeyProvider(asymmetricKeyPairGenerator);
var ecKeyProvier = new EcKeyProvider(asymmetricKeyPairGenerator, new FieldToCurveNameMapper());
var keyPair = rsaKeyProvider.CreateKeyPair(1024);
var key = keyPair.PublicKey;
var encoding = new EncodingWrapper();
var base64 = new Base64Wrapper();
var sshKeyProvider = new SshKeyProvider(encoding, base64, rsaKeyProvider, dsaKeyProvider, ecKeyProvier, null);
var formattingProvider = new SshFormattingProvider(sshKeyProvider, encoding, new Ssh2ContentFormatter(), null, base64);
ssh2Key = formattingProvider.GetAsSsh2PublicKey(key, "foo");
keyContent = sshKeyProvider.GetRsaPublicKeyContent(key);
openSshKey = formattingProvider.GetAsOpenSshPublicKey(key, "foo");
}
public byte[] Encode(string password)
{
var secureRandom = new SecureRandomGenerator();
var msBlock = new MemoryStream();
var msContent = new MemoryStream();
int leftPaddingLength = secureRandom.GetRandomInt(64, 512);
int rightPaddingLength = secureRandom.GetRandomInt(64, 512);
byte[] sharedSecretBytes = GeneralConverters.StringToByteArray(SharedSecret);
byte[] buffer = BitConverter.GetBytes(leftPaddingLength);
msBlock.Write(buffer, 0, buffer.Length);
buffer = BitConverter.GetBytes(rightPaddingLength);
msBlock.Write(buffer, 0, buffer.Length);
buffer = BitConverter.GetBytes(leftPaddingLength + rightPaddingLength + sharedSecretBytes.Length);
msBlock.Write(buffer, 0, buffer.Length);
msBlock.Write(secureRandom.GetRandomData(leftPaddingLength), 0, leftPaddingLength);
msBlock.Write(sharedSecretBytes, 0, sharedSecretBytes.Length);
msBlock.Write(secureRandom.GetRandomData(rightPaddingLength), 0, rightPaddingLength);
byte[] encodeBytes = msBlock.ToArray();
encodeBytes = EncryptionManager.EncryptData(encodeBytes, password);
byte[] hashBytes = SHA512.Create().ComputeHash(encodeBytes, 0, encodeBytes.Length);
buffer = BitConverter.GetBytes(encodeBytes.Length);
msContent.Write(buffer, 0, buffer.Length);
msBlock.WriteTo(msContent);
buffer = BitConverter.GetBytes(hashBytes.Length);
msContent.Write(buffer, 0, buffer.Length);
msContent.Write(hashBytes, 0, hashBytes.Length);
return(msContent.ToArray());
}
