Example #1
0
 public static bool AuthenticateFile(string filePath, byte[] macKey, out byte[] storedHash)
 {
     try
     {
         bool tampered = true;
         storedHash = ReadStoredHash(filePath);
         if (storedHash != null)
         {
             byte[] computedHash = new byte[Constants.HashLength];
             using (var fileStream = new FileStream(filePath, FileMode.Open, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
             {
                 // Remove the stored MAC from the file before computing the MAC
                 fileStream.SetLength(fileStream.Length - computedHash.Length);
                 MemoryEncryption.DecryptByteArray(ref macKey);
                 computedHash = HashingAlgorithms.Blake2(fileStream, macKey);
                 MemoryEncryption.EncryptByteArray(ref macKey);
             }
             // Invert result
             tampered = !Sodium.Utilities.Compare(storedHash, computedHash);
             if (tampered == true)
             {
                 // Restore the stored MAC
                 AppendHash(filePath, storedHash);
             }
         }
         return(tampered);
     }
     catch (Exception ex) when(ExceptionFilters.FileAccessExceptions(ex))
     {
         Logging.LogException(ex.ToString(), Logging.Severity.High);
         DisplayMessage.ErrorResultsText(filePath, ex.GetType().Name, "Unable to authenticate the file.");
         storedHash = null;
         return(true);
     }
 }
Example #2
0
 private static byte[] GetKeyfileBytes(byte[] passwordBytes)
 {
     if (!string.IsNullOrEmpty(Globals.KeyfilePath))
     {
         byte[] keyfileBytes = Keyfiles.ReadKeyfile(Globals.KeyfilePath);
         if (keyfileBytes != null)
         {
             MemoryEncryption.DecryptByteArray(ref passwordBytes);
             // Combine password and keyfile bytes
             passwordBytes = HashingAlgorithms.Blake2(passwordBytes, keyfileBytes);
             MemoryEncryption.EncryptByteArray(ref passwordBytes);
             Utilities.ZeroArray(keyfileBytes);
         }
     }
     return(passwordBytes);
 }
Example #3
0
        public static (byte[] encryptionKey, byte[] macKey) DeriveKeys(byte[] passwordBytes, byte[] salt, int iterations, int memorySize)
        {
            var argon2id = PasswordHash.ArgonAlgorithm.Argon_2ID13;

            MemoryEncryption.DecryptByteArray(ref passwordBytes);
            // Derive a 96 byte key
            byte[] derivedKey = PasswordHash.ArgonHashBinary(passwordBytes, salt, iterations, memorySize, Constants.Argon2KeySize, argon2id);
            // 256-bit encryption key
            byte[] encryptionKey = new byte[Constants.EncryptionKeySize];
            Array.Copy(derivedKey, encryptionKey, encryptionKey.Length);
            // 512-bit MAC key
            byte[] macKey = new byte[Constants.MACKeySize];
            Array.Copy(derivedKey, encryptionKey.Length, macKey, 0, macKey.Length);
            Utilities.ZeroArray(derivedKey);
            MemoryEncryption.EncryptByteArray(ref passwordBytes);
            MemoryEncryption.EncryptByteArray(ref encryptionKey);
            MemoryEncryption.EncryptByteArray(ref macKey);
            return(encryptionKey, macKey);
        }
Example #4
0
 private static byte[] ComputeFileHash(string encryptedFilePath, byte[] macKey)
 {
     try
     {
         byte[] computedHash = new byte[Constants.HashLength];
         using (var fileStream = new FileStream(encryptedFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
         {
             MemoryEncryption.DecryptByteArray(ref macKey);
             computedHash = HashingAlgorithms.Blake2(fileStream, macKey);
             MemoryEncryption.EncryptByteArray(ref macKey);
         }
         return(computedHash);
     }
     catch (Exception ex) when(ExceptionFilters.FileAccessExceptions(ex))
     {
         Logging.LogException(ex.ToString(), Logging.Severity.High);
         DisplayMessage.ErrorResultsText(encryptedFilePath, ex.GetType().Name, "Unable to compute MAC.");
         return(null);
     }
 }
Example #5
0
 private static void DecryptFile(string filePath, int parametersLength, byte[] macBackup, byte[] encryptionKey, BackgroundWorker bgwDecryption)
 {
     try
     {
         string decryptedFilePath = Regex.Replace(filePath, Constants.EncryptedExtension, string.Empty);
         int    headersLength     = Constants.SaltLength + parametersLength;
         using (var plaintext = new FileStream(decryptedFilePath, FileMode.Create, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
             using (var ciphertext = new FileStream(filePath, FileMode.Open, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
             {
                 // Skip the header bytes
                 ciphertext.Seek(headersLength, SeekOrigin.Begin);
                 byte[] fileBytes = FileHandling.GetBufferSize(ciphertext.Length);
                 // Generate a counter starting at 0
                 byte[] counter = Generate.Counter();
                 int    bytesRead;
                 MemoryEncryption.DecryptByteArray(ref encryptionKey);
                 while ((bytesRead = ciphertext.Read(fileBytes, 0, fileBytes.Length)) > 0)
                 {
                     byte[] decryptedBytes = StreamEncryption.DecryptXChaCha20(fileBytes, counter, encryptionKey);
                     plaintext.Write(decryptedBytes, 0, bytesRead);
                     counter = Sodium.Utilities.Increment(counter);
                     // Report progress if decrypting a single file
                     ReportProgress.ReportEncryptionProgress(plaintext.Position, ciphertext.Length, bgwDecryption);
                 }
                 Utilities.ZeroArray(encryptionKey);
             }
         CompleteDecryption(filePath, decryptedFilePath);
     }
     catch (Exception ex) when(ExceptionFilters.FileEncryptionExceptions(ex))
     {
         Logging.LogException(ex.ToString(), Logging.Severity.High);
         DisplayMessage.ErrorResultsText(filePath, ex.GetType().Name, "Failed to backup the MAC. This data is required for decryption.");
         Utilities.ZeroArray(encryptionKey);
         RestoreMAC(filePath, macBackup);
     }
 }
Example #6
0
 private static void EncryptFile(string filePath, string encryptedFilePath, byte[] salt, byte[] encryptionKey, byte[] macKey, BackgroundWorker bgwEncryption)
 {
     try
     {
         using (var ciphertext = new FileStream(encryptedFilePath, FileMode.Create, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
             using (var plaintext = new FileStream(filePath, FileMode.Open, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan))
             {
                 WriteFileHeaders.WriteHeaders(ciphertext, salt);
                 // Store headers length to correct percentage calculation
                 long   headersLength = ciphertext.Position;
                 byte[] fileBytes     = FileHandling.GetBufferSize(plaintext.Length);
                 // Generate a counter starting at 0
                 byte[] counter = Generate.Counter();
                 int    bytesRead;
                 MemoryEncryption.DecryptByteArray(ref encryptionKey);
                 while ((bytesRead = plaintext.Read(fileBytes, 0, fileBytes.Length)) > 0)
                 {
                     byte[] encryptedBytes = StreamEncryption.EncryptXChaCha20(fileBytes, counter, encryptionKey);
                     ciphertext.Write(encryptedBytes, 0, bytesRead);
                     counter = Sodium.Utilities.Increment(counter);
                     // Report progress if encrypting a single file
                     ReportProgress.ReportEncryptionProgress(ciphertext.Position, plaintext.Length + headersLength, bgwEncryption);
                 }
             }
         Utilities.ZeroArray(encryptionKey);
         CompleteEncryption(filePath, encryptedFilePath, macKey);
     }
     catch (Exception ex) when(ExceptionFilters.FileEncryptionExceptions(ex))
     {
         Logging.LogException(ex.ToString(), Logging.Severity.High);
         DisplayMessage.ErrorResultsText(filePath, ex.GetType().Name, "Unable to encrypt the file.");
         FileHandling.DeleteFile(encryptedFilePath);
         Utilities.ZeroArray(encryptionKey);
         Utilities.ZeroArray(macKey);
     }
 }
Example #7
0
 private static byte[] HashPasswordBytes(byte[] passwordBytes)
 {
     passwordBytes = HashingAlgorithms.Blake2(passwordBytes);
     MemoryEncryption.EncryptByteArray(ref passwordBytes);
     return(passwordBytes);
 }