private static void EncryptFile(string filePath, string encryptedFilePath, byte[] salt, byte[] encryptionKey, byte[] macKey)
{
try
{
using (var ciphertext = new FileStream(encryptedFilePath, FileMode.Create, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
using (var plaintext = new FileStream(filePath, FileMode.Open, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
{
WriteFileHeaders.WriteHeaders(ciphertext, salt);
byte[] fileBytes = FileHandling.GetBufferSize(plaintext.Length);
// Generate a counter starting at 0
byte[] counter = Generate.Counter();
int bytesRead;
MemoryEncryption.DecryptByteArray(ref encryptionKey);
while ((bytesRead = plaintext.Read(fileBytes, 0, fileBytes.Length)) > 0)
{
byte[] encryptedBytes = StreamEncryption.EncryptXChaCha20(fileBytes, counter, encryptionKey);
ciphertext.Write(encryptedBytes, 0, bytesRead);
counter = Sodium.Utilities.Increment(counter);
}
}
Utilities.ZeroArray(encryptionKey);
CompleteEncryption(filePath, encryptedFilePath, macKey);
}
catch (Exception ex) when(ExceptionFilters.FileEncryptionExceptions(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.High);
DisplayMessage.Error(filePath, ex.GetType().Name, "Unable to encrypt the file.");
FileHandling.DeleteFile(encryptedFilePath);
Utilities.ZeroArray(encryptionKey);
Utilities.ZeroArray(macKey);
}
}
public void CreateSecretBoxXChaCha20()
{
var expected = Utilities.HexToBinary("b99341769d6d1342541de1ad");
var actual = StreamEncryption.EncryptXChaCha20(
Encoding.UTF8.GetBytes("Adam Caudill"),
Encoding.UTF8.GetBytes("ABCDEFGHIJKLMNOPQRSTUVWX"),
Encoding.UTF8.GetBytes("12345678901234567890123456789012"));
Assert.AreEqual(expected, actual);
}
private static byte[] EncryptFileBytes(byte[] fileBytes, byte[] nonce, byte[] key)
{
byte[] encryptedBytes = new byte[fileBytes.Length];
if (Globals.EncryptionAlgorithm == (int)Cipher.XChaCha20)
{
encryptedBytes = StreamEncryption.EncryptXChaCha20(fileBytes, nonce, key);
}
else if (Globals.EncryptionAlgorithm == (int)Cipher.XSalsa20)
{
encryptedBytes = StreamEncryption.Encrypt(fileBytes, nonce, key);
}
return(encryptedBytes);
}
/// <summary>
/// Encrypt a message using provided key and nonce
/// </summary>
/// <param name="message">Plaintext message</param>
/// <param name="key">Plaintext/Base64-encoded key</param>
/// <param name="nonce">Base64-encoded nonce (generate using GenerateNonce())</param>
/// <returns>
/// Base64-encoded encrypted message
/// </returns>
public static string Encrypt(string message, string key, string nonce)
{
// Validate parameters
if (string.IsNullOrEmpty(key))
{
throw new ArgumentNullException(nameof(key));
}
if (string.IsNullOrEmpty(message))
{
throw new ArgumentNullException(nameof(message));
}
if (string.IsNullOrEmpty(nonce))
{
throw new ArgumentNullException(nameof(nonce));
}
// Check nonce is Base64
if (!Utils.IsBase64(nonce))
{
throw new ArgumentException($"{nameof(nonce)} must be base64-encoded string");
}
byte[] nonce_bytes = Convert.FromBase64String(nonce);
// Convert key to bytes
byte[] key_bytes;
if (Utils.IsBase64(key))
{
// Key is Base64, convert to raw bytes
key_bytes = Convert.FromBase64String(key);
}
else
{
// Key is plaintext string, fallback to raw ASCII bytes
key_bytes = Encoding.ASCII.GetBytes(key);
}
// Encrypt the message
byte[] encrypted = StreamEncryption.EncryptXChaCha20(message, nonce_bytes, key_bytes);
// Return the raw bytes as Base64
return(Convert.ToBase64String(encrypted));
}
