public void SecretAeadEncryptWithBadAdditionalData()
        {
            var key = new byte[] {
                0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
                0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
                0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
            };

            var nonce = new byte[] {
                0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
            };

            var ad = new byte[] {
                0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
                0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
                0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
            };

            var m = new byte[] {
                0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
            };

            if (SecretAeadAes.IsAvailable())
            {
                Assert.Throws <AdditionalDataOutOfRangeException>(
                    () => SecretAeadAes.Encrypt(m, nonce, key, ad));
            }
            else
            {
                Assert.Warn("AES is not supported");
            }
        }
Esempio n. 2
0
        public void AesAeadWithoutAdditionalDataTest()
        {
            var key = new byte[]
            {
                0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
                0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
                0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
            };

            var nonce = new byte[]
            {
                0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
            };

            var m = new byte[]
            {
                0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
            };

            if (SecretAeadAes.IsAvailable())
            {
                var encrypted = SecretAeadAes.Encrypt(m, nonce, key);
                var decrypted = SecretAeadAes.Decrypt(encrypted, nonce, key);
                CollectionAssert.AreEqual(m, decrypted);
            }
            else
            {
                Console.WriteLine("Missing AES support");
            }
        }
        public void SecretAeadDecryptWithBadNonce()
        {
            var key = new byte[] {
                0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
                0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
                0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
            };

            var nonce = new byte[] {
                0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79
            };

            var ad = new byte[] {
                0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
            };

            var m = new byte[] {
                0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
            };

            if (SecretAeadAes.IsAvailable())
            {
                SecretAeadAes.Decrypt(m, nonce, key, ad);
            }
            else
            {
                throw new NonceOutOfRangeException("AES is not supported");
            }
        }
Esempio n. 4
0
 // Function to generate encryption key.
 public static void GenerateEncryptionKey(string masterPassword)
 {
     // Generate random 32 byte encryption key, 12 byte random nonce and 32 byte hash to use as key from master password.
     byte[] encryptionKey = SodiumCore.GetRandomBytes(32);
     byte[] nonce         = SecretAeadAes.GenerateNonce();
     byte[] key           = GenericHash.Hash(masterPassword, (byte[])null, 32);
     // Encrypt encryption key with master password.
     byte[] encryptedKey = SecretAeadAes.Encrypt(encryptionKey, nonce, key);
     // Store bytes in base64 encoding.
     File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey));
     File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce));
 }
Esempio n. 5
0
        // Function to get the encryption key for the main store.
        private static byte[] GetKey(string masterPassword)
        {
            // Get encrypted encryption key and nonce.

            //byte[] encryptedKey = Convert.FromBase64String(File.ReadAllText(PIMUX_KEY));
            byte[] encryptedKey = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY));

            byte[] keyNonce = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY_NONCE));

            // Decrypt key with parameters stored in PIMUX_PATH.
            byte[] key = SecretAeadAes.Decrypt(encryptedKey, keyNonce, GenericHash.Hash(masterPassword, (byte[])null, 32));



            return(key);
        }
Esempio n. 6
0
        public void addKey(string website, string username, string password)
        {
            var nonce         = SecretAeadAes.GenerateNonce();
            var totalString   = username + separator + password;
            var encryptedData = SimpleAESEncryption(secretKey, totalString, nonce);

            //var bsonCredentials = new BsonDocument {
            //    { "credentials", encryptedData},
            //    { "nonce", Encoding.UTF8.GetString(nonce) }
            //};
            var doc = new BsonDocument
            {
                { "website", website },
                { "credentials", encryptedData },
                { "nonce", Encoding.UTF8.GetString(nonce) }
            };

            collection.InsertOne(doc);
        }
Esempio n. 7
0
        // Function to decrypt the main store.
        public static List <string> DecryptStoreFile(string masterPassword)
        {
            // Get required variables.
            string[]      storeFileContents = GetStoreFileContents();
            byte[]        nonce             = GetNonce();
            byte[]        key           = GetKey(masterPassword);
            List <string> decryptedList = new List <string>();

            // Decrypt each password entry. Work backwards with last nonce used, as nonce decrements.
            for (int i = storeFileContents.Length - 1; i > -1; i--)
            {
                byte[] dataToDecrypt = Convert.FromBase64String(storeFileContents[i]);
                var    decrypted     = SecretAeadAes.Decrypt(dataToDecrypt, nonce, key);
                decryptedList.Add(Encoding.ASCII.GetString(decrypted));
                // Decrement nonce to get each nonce used to encrypt password entry.
                ByteOperation.Decrement(ref nonce);
            }
            // Return list containing all decrypted password entries.
            return(decryptedList);
        }
Esempio n. 8
0
        // Function to change the master password.
        public static void ChangeMasterPassword(string oldMasterPassword, string newMasterPassword)
        {
            // Get current encryption key.
            byte[] key = GetKey(oldMasterPassword);

            // Re-encrypt key with new master password and store.
            byte[] nonce           = SecretAeadAes.GenerateNonce();
            byte[] keyToEncryptKey = GenericHash.Hash(newMasterPassword, (byte[])null, 32);
            byte[] encryptedKey    = SecretAeadAes.Encrypt(key, nonce, keyToEncryptKey);

            // Store bytes in base64 encoding.
            File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey));
            File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce));

            // Change authentication hash.
            string newArgonHash = ArgonHash(newMasterPassword);

            File.WriteAllText(PIMUX_AUTH, newArgonHash);

            //Hashes the key in to PIMUX_KEY
            File.WriteAllText(PIMUX_KEY, newArgonHash);
        }
Esempio n. 9
0
        // Function to encrypt the main store.
        public static void EncryptStoreFile(string masterPassword, string[] dataToEncrypt)
        {
            // Get required variables.
            byte[] nonce = GetNonce();
            byte[] key   = GetKey(masterPassword);

            // Clear main store.
            File.WriteAllText(PIMUX_STORE, "");

            // Encrypt each password entry.
            for (int i = 0; i < dataToEncrypt.Length; i++)
            {
                // Increment nonce so every password entry uses a different nonce.
                ByteOperation.Increment(ref nonce);
                byte[] byteDataToEnc = Encoding.ASCII.GetBytes(dataToEncrypt[i]);
                var    encrypted     = SecretAeadAes.Encrypt(byteDataToEnc, nonce, key);
                File.AppendAllText(PIMUX_STORE, Convert.ToBase64String(encrypted) + Environment.NewLine);
            }

            // Write nonce to file.
            File.WriteAllText(PIMUX_STORE_NONCE, Convert.ToBase64String(nonce));
        }