/// <summary>
/// Create a configuration for a stream cipher.
/// </summary>
/// <param name="cipher">Stream cipher to use.</param>
/// <param name="keySize">Key size to use, in bits.</param>
/// <returns>Stream cipher configuration DTO.</returns>
public static CipherConfiguration CreateStreamCipherConfiguration(StreamCipher cipher, int?keySize = null)
{
var config = new CipherConfiguration {
Type = CipherType.Stream
};
int keySizeNonNull = keySize ?? Athena.Cryptography.StreamCiphers[cipher].DefaultKeySizeBits;
if (keySize == null || Athena.Cryptography.StreamCiphers[cipher].AllowableKeySizesBits.Contains(keySizeNonNull))
{
config.KeySizeBits = keySizeNonNull;
}
else
{
throw new CipherKeySizeException(cipher, keySizeNonNull);
}
config.CipherName = cipher.ToString();
if (Athena.Cryptography.StreamCiphers[cipher].DefaultNonceSizeBits != -1)
{
config.InitialisationVector = new byte[Athena.Cryptography.StreamCiphers[cipher].DefaultNonceSizeBits / 8];
StratCom.EntropySupplier.NextBytes(config.InitialisationVector);
}
return(config);
}
/// <summary>
/// Creates a Salsa20 derivative engine with a specific number of rounds.
/// </summary>
/// <param name="rounds">the number of rounds (must be an even number).</param>
protected Salsa20Engine(StreamCipher cipherIdentity, int rounds)
: base(cipherIdentity)
{
if (rounds <= 0 || (rounds & 1) != 0)
{
throw new ArgumentException("'rounds' must be a positive, even number");
}
this.Rounds = rounds;
}
// Stream ciphers
/// <summary>
/// Instantiates and returns an implementation of the requested symmetric stream cipher.
/// </summary>
/// <returns><see cref="StreamCipherEngine" /> object implementing the relevant cipher algorithm.</returns>
public static StreamCipherEngine CreateStreamCipher(StreamCipher cipherEnum)
{
#if !DEBUG
if (cipherEnum == StreamCipher.None)
{
throw new ArgumentException("Cipher set to none.", "cipherEnum",
new InvalidOperationException("Cannot instantiate null stream cipher."));
}
#endif
return(EngineInstantiatorsStream[cipherEnum]());
}
private void btnEncryptDecryptStream_Click(object sender, RoutedEventArgs e)
{
try
{
_encryptedBitmap = StreamCipher.EncryptImage(_streamSourceFilePath, _streamKeyfilePath, Operation.XOR);
SetWpfImageFromImage(_encryptedBitmap, imgDisplayStream);
}
catch (Exception ex)
{
throw ex;
}
}
public static EncryptedPrivateKeyInfo createEncryptedPrivateKeyInfo(
String algorithm,
char[] passPhrase,
byte[] salt,
int iterationCount,
PrivateKeyInfo keyInfo)
{
if (!PBEUtil.isPBEAlgorithm(algorithm))
{
throw new Exception("attempt to use non-PBE algorithm with PBE EncryptedPrivateKeyInfo generation");
}
ASN1Encodable parameters = PBEUtil.generateAlgorithmParameters(algorithm, salt, iterationCount);
CipherParameters keyParameters = PBEUtil.generateCipherParameters(algorithm, passPhrase, parameters);
byte[] encoding = null;
Object engine = PBEUtil.createEngine(algorithm);
if (engine is BufferedBlockCipher)
{
BufferedBlockCipher cipher = (BufferedBlockCipher)engine;
cipher.init(true, keyParameters);
byte[] keyBytes = keyInfo.getEncoded();
int encLen = cipher.getOutputSize(keyBytes.Length);
encoding = new byte[encLen];
int off = cipher.processBytes(keyBytes, 0, keyBytes.Length, encoding, 0);
cipher.doFinal(encoding, off);
}
else if (engine is StreamCipher)
{
StreamCipher cipher = (StreamCipher)engine;
cipher.init(true, keyParameters);
byte[] keyBytes = keyInfo.getEncoded();
encoding = new byte[keyBytes.Length];
cipher.processBytes(keyBytes, 0, keyBytes.Length, encoding, 0);
}
return(new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PBEUtil.getObjectIdentifier(algorithm), parameters), encoding));
}
//non-standard
public override byte[] EncryptValue(byte[] pBuff)
{
IBlockCipher ibc = AesFactory.GetAes(true);
StreamCtx _aes = null;
if (mode == CipherMode.CBC)
{
_aes = StreamCipher.MakeStreamCtx(ibc, key, iv, StreamCipher.Mode.CBC);
}
else
{
_aes = StreamCipher.MakeStreamCtx(ibc, key, iv, StreamCipher.Mode.ECB);
}
byte[] cBuff = StreamCipher.Encode(_aes, pBuff, StreamCipher.ENCRYPT);
return(cBuff);
}
public static PrivateKeyInfo createPrivateKeyInfo(
char[] passPhrase,
EncryptedPrivateKeyInfo encInfo)
{
CipherParameters keyParameters = PBEUtil.generateCipherParameters(encInfo.getEncryptionAlgorithm().getObjectId(), passPhrase, encInfo.getEncryptionAlgorithm().getParameters());
Object engine = PBEUtil.createEngine(encInfo.getEncryptionAlgorithm().getObjectId());
byte[] encoding = null;
if (engine is BufferedBlockCipher)
{
BufferedBlockCipher cipher = (BufferedBlockCipher)engine;
cipher.init(false, keyParameters);
byte[] keyBytes = encInfo.getEncryptedData();
int encLen = cipher.getOutputSize(keyBytes.Length);
encoding = new byte[encLen];
int off = cipher.processBytes(keyBytes, 0, keyBytes.Length, encoding, 0);
cipher.doFinal(encoding, off);
}
else if (engine is StreamCipher)
{
StreamCipher cipher = (StreamCipher)engine;
cipher.init(false, keyParameters);
byte[] keyBytes = encInfo.getEncryptedData();
encoding = new byte[keyBytes.Length];
cipher.processBytes(keyBytes, 0, keyBytes.Length, encoding, 0);
}
ASN1InputStream aIn = new ASN1InputStream(new MemoryStream(encoding));
return(PrivateKeyInfo.getInstance(aIn.readObject()));
}
ASN1Sequence decryptData(
AlgorithmIdentifier algId,
byte[] data,
char[] password)
{
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, pbeParams);
byte[] encoding = null;
Object engine = PBEUtil.createEngine(algId.getObjectId());
if (engine is BufferedBlockCipher)
{
BufferedBlockCipher cipher = (BufferedBlockCipher)engine;
cipher.init(false, keyParameters);
int encLen = cipher.getOutputSize(data.Length);
encoding = new byte[encLen];
int off = cipher.processBytes(data, 0, data.Length, encoding, 0);
cipher.doFinal(encoding, off);
}
else if (engine is StreamCipher)
{
StreamCipher cipher = (StreamCipher)engine;
cipher.init(false, keyParameters);
encoding = new byte[data.Length];
cipher.processBytes(data, 0, data.Length, encoding, 0);
}
ASN1InputStream bIn = new ASN1InputStream(new MemoryStream(encoding));
return((ASN1Sequence)bIn.readObject());
}
private void btnComputeBO_Click(object sender, RoutedEventArgs e)
{
try
{
if ((bool)rbBitwiseAnd.IsChecked)
{
_encryptedBitmap = StreamCipher.EncryptImage(_bitwisePic1FilePath, _bitwisePic2FilePath, Operation.AND);
}
else if ((bool)rbBitwiseOR.IsChecked)
{
_encryptedBitmap = StreamCipher.EncryptImage(_bitwisePic1FilePath, _bitwisePic2FilePath, Operation.OR);
}
else if ((bool)rbBitwiseXOR.IsChecked)
{
_encryptedBitmap = StreamCipher.EncryptImage(_bitwisePic1FilePath, _bitwisePic2FilePath, Operation.XOR);
}
SetWpfImageFromImage(_encryptedBitmap, imgBitwiseDisplay);
}
catch (Exception ex)
{
throw ex;
}
}
public CipherKeySizeException(StreamCipher cipherEnum, int requestedSizeBits)
: this(cipherEnum.ToString(), requestedSizeBits, Athena.Cryptography.StreamCiphers[cipherEnum].AllowableKeySizesBits.ToList())
{
}
/// <summary>
/// Instantiate a new stream cipher engine.
/// </summary>
/// <param name="cipherIdentity">Identity of the stream cipher.</param>
protected StreamCipherEngine(StreamCipher cipherIdentity)
{
CipherIdentity = cipherIdentity;
Key = null;
Nonce = null;
}
public IStreamCipher GetStreamCipher(StreamCipher cipher)
{
return StreamCipherBuilders[cipher].Build();
}
private async void WorkAsync()
{
IsNoActionRunning = false;
try
{
#region Checks
//Check whether file id is int
if (!int.TryParse(ChosenFileId, out int FileId))
{
IsCompleted = false;
StateText = "Wrong File id!";
return;
}
//Check whether file id is correct
if ((FileId >= FilesLoaded.Count()) || (FileId < 0))
{
IsCompleted = false;
StateText = "Wrong File id!";
return;
}
string FilePath = string.Empty;
//Load file path
foreach (var item in FilesLoaded)
{
if (item.Id == FileId)
{
FilePath = item.FileRealName;
break;
}
}
//if file id points to empty record
if (string.IsNullOrWhiteSpace(FilePath))
{
IsCompleted = false;
StateText = "File id is wrong.";
return;
}
// if file was deleted after loading
if (!File.Exists(FilePath))
{
IsCompleted = false;
StateText = "File doesnt exist.";
return;
}
#endregion
Enum.TryParse <KeyGenerators>(ChosenKeyGenerator, out var chosenKeyGenerationMethod);
var keyGeneratorInstance = new KeyGeneratorsFactory().NewKeyGenerator(chosenKeyGenerationMethod);
var cipher = new StreamCipher();
cipher.Initialize(keyGeneratorInstance);
if (IsAutoGeneratingKeys)
{
var generatedKey = RandomNumbersGenerator.GenerateBinaryString(LFSR.DefaultHighestPower);
GeneratedKey = $"Your generated key is : {generatedKey}";
await cipher.Encrypt(FilePath, generatedKey, progress);
}
else
{
await cipher.Encrypt(FilePath, InitialState, progress);
}
StateText = "Action completed.";
IsCompleted = true;
}
catch (ArgumentException ex)
{
StateText = ex.Message;
IsCompleted = false;
}
catch (OutOfMemoryException ex)
{
StateText = ex.Message;
IsCompleted = false;
}
finally
{ IsNoActionRunning = true; }
}
protected override void OnReceive(byte[] data)
{
Packet packet =
Encryptor == null?Packet.FromBytes(data)
: Packet.FromBytes(Encryptor.Parse(data));
if (packet == null)
{
Disconnect(Frame.kClosingReason.ProtocolError, "Packet received was not legal.");
return;
}
if (packet.Id != (int)kInterMasterId.KeyExchange && Encryptor == null)
{
Disconnect(Frame.kClosingReason.ProtocolError, "You must exchange keys before performing any other operations.");
return;
}
// TODO rate limiting by ip
switch ((kInterMasterId)packet.Id)
{
case kInterMasterId.KeyExchange:
Key.ParseResponsePacket(packet);
if (!Key.Succeeded)
{
Disconnect(Frame.kClosingReason.ProtocolError, "Could not exchange keys.");
return;
}
Encryptor = new StreamCipher(Key.PrivateKey);
break;
case kInterMasterId.LoginAttempt:
if (packet.RegionCount != 3 || !packet.CheckRegionsMaxLength(0, 16, 255) || !packet.CheckRegionLengths(2, 2))
{
break;
}
Session session;
using (var db = new ScapeDb()) {
User user;
if ((user = db.Users.FirstOrDefault(x => x.Username == packet[0])) == null)
{
SendEncrypted(new Packet(kInterMasterId.LoginAttempt, Convert.ToByte(false), "User does not exist."));
break;
}
if (packet[1].Str.Trim() == "" || !packet[1].Str.CheckPassword(user.Password))
{
SendEncrypted(new Packet(kInterMasterId.LoginAttempt, Convert.ToByte(false), "Password is incorrect."));
break;
}
if (user.Session?.DeltaLastPing.TotalMinutes < 3)
{
SendEncrypted(new Packet(kInterMasterId.LoginAttempt, Convert.ToByte(false), "You are already logged in. Log out or try again shortly."));
break;
}
ushort serverId = packet[2].Raw.UnpackUInt16();
if (!MasterServerList.HasId(serverId))
{
SendEncrypted(new Packet(kInterMasterId.LoginAttempt, Convert.ToByte(false), "The world you have specified is offline."));
break;
}
if (user.Session?.DeltaLastPing.TotalMinutes >= 3)
{
db.Entry(user.Session).State = EntityState.Deleted;
db.SaveChanges();
}
db.Sessions.Add(session = new Session {
Id = user.Id,
Secret = RNG.NextBytes(16),
ServerId = serverId,
LastPing = DateTime.UtcNow
});
db.SaveChanges();
}
var server = MasterServerList.Get((ushort)session.ServerId);
SendEncrypted(new Packet(kInterMasterId.LoginAttempt, Convert.ToByte(true), session.Secret, server.Address.ToString(), server.Port.Pack()));
break;
case kInterMasterId.RegistrationAttempt:
if (packet.RegionCount != 3 || !packet.CheckAllMaxLength(0xFF))
{
break;
}
if (!packet[0].Raw.IsAsciiString())
{
SendEncrypted(new Packet(kInterMasterId.RegistrationAttempt, Convert.ToByte(false), "Your username cannot contain unicode characters."));
break;
}
string username = packet[0].Str.Trim(),
password = packet[1].Str.Trim(),
email = packet[2].Str.Trim();
if (username.Length > 16 || !UsernameRegex.IsMatch(username))
{
SendEncrypted(new Packet(kInterMasterId.RegistrationAttempt, Convert.ToByte(false), "The username is max 16 characters and can only be letters, numbers, and underscores."));
break;
}
if (!EmailRegex.IsMatch(email))
{
SendEncrypted(new Packet(kInterMasterId.RegistrationAttempt, Convert.ToByte(false), "The email address is malformed."));
break;
}
using (var db = new ScapeDb()) {
if (db.Users.FirstOrDefault(x => x.Username == username) != null)
{
SendEncrypted(new Packet(kInterMasterId.RegistrationAttempt, Convert.ToByte(false), "This username is already in use."));
break;
}
if (db.Users.FirstOrDefault(x => x.Email == email) != null)
{
SendEncrypted(new Packet(kInterMasterId.RegistrationAttempt, Convert.ToByte(false), "This email address is already in use."));
break;
}
// TODO email activation
db.Users.Add(new User {
Username = username,
Password = password.HashPassword(),
Email = email,
Joined = DateTime.UtcNow
});
db.SaveChanges();
}
SendEncrypted(new Packet(kInterMasterId.RegistrationAttempt, Convert.ToByte(true), "Registration was successful."));
break;
case kInterMasterId.ServerListing:
SendEncrypted(MasterServerList.ReportPacket);
break;
default:
Disconnect(Frame.kClosingReason.ProtocolError, "Packet ID could not be understood at this time.");
break;
}
Console.WriteLine($"{Id} says {data.GetString()}");
}
/// <summary>
/// Stream cipher to be used e.g. Salsa20, HC-128, etc.
/// </summary>
public void SetStreamCipher(StreamCipher value)
{
Configuration.CipherName = value.ToString();
}
protected StreamCipherTestBase(StreamCipher cipher)
{
Cipher = cipher;
}
private async Task <Packet> ProcessPacket(byte[] data)
{
string str = Encoding.UTF8.GetString(data);
if (Regex.IsMatch(str, "^GET"))
{
requestHeader = new RequestHeader(str);
requestHeader.resource = requestHeader.resource.Replace("/csf-websocket-url", "");
Logger.Info($"Requesting resource: {requestHeader.resource}");
string ip1 = tcpclient.Client.RemoteEndPoint.ToString();
string[] ip_parts = ip1.Split(".");
Logger.Info($"IP: {ip1}");
Logger.Debug($"Recieved header: {str}");
if (ip_parts[0] != "172" && ip_parts[0] != "127")
{
ResponseHeader respheader = new ResponseHeader {
responseCode = HttpCodes.OK
};
await Send(respheader);
await Send("Hello World!");
stillOk = false;
}
else if (requestHeader.parameters.ContainsKey("Sec-WebSocket-Key"))
{
ResponseHeader respheader = new ResponseHeader {
responseCode = HttpCodes.SwitchingProtocols
};
respheader.parameters["Server"] = "CSF-Websocket";
respheader.parameters["Connection"] = "Upgrade";
respheader.parameters["Upgrade"] = "websocket";
respheader.parameters["Sec-WebSocket-Accept"] = GenerateSecWebSocketKey(requestHeader.parameters["Sec-WebSocket-Key"]);
try {
if (requestHeader.parameters.ContainsKey("Sec-WebSocket-Extensions"))
{
Logger.Info($"Supported extensions: {requestHeader.parameters["Sec-WebSocket-Extensions"]}");
Chiper = StreamCipher.Factory(requestHeader.parameters["Sec-WebSocket-Extensions"]);
}
else
{
Chiper = StreamCipher.Factory("permessage-deflate");
}
if (requestHeader.parameters.ContainsKey("Sec-WebSocket-Protocol"))
{
string[] options = requestHeader.parameters["Sec-WebSocket-Protocol"].Split(",");
foreach (string option_raw in options)
{
string option = option_raw.Trim();
if (option.Contains("csf-socket-"))
{
respheader.parameters["Sec-WebSocket-Protocol"] = option;
}
}
}
await Send(respheader);
await SendHello();
} catch (UnsupportedExtension) {
ResponseHeader invext = new ResponseHeader {
responseCode = HttpCodes.NotAcceptable
};
await Send(invext);
await Send("The requested websokcet extension is not supported");
stillOk = false;
}
}
else
{
ResponseHeader respheader = new ResponseHeader {
responseCode = HttpCodes.UpgradeRequired
};
await Send(respheader);
await Send("This is not a website! Upgrade your connection to WebSocket");
stillOk = false;
}
}
else
{
WsPacket WebSocketPacket = Chiper.Decode(data);
OpCode opcode = WebSocketPacket.GetOpCode();
if (opcode == OpCode.TextFrame)
{
string pstr = WebSocketPacket.GetPayload();
try {
Packet p = new Packet(pstr);
PacketType type = p.GetPacketType();
if (type == PacketType.Heartbeat)
{
HeartBeatNow();
Packet ack = new Packet(PacketType.HeartbeatACK);
await Send(ack);
return(null);
}
else if (type == PacketType.Reconnect)
{
Reconnect rp = p.GetPacketData <Reconnect>();
if (UsedSessions.Contains(rp.session_id))
{
this.session = rp.session_id;
await SendHello();
}
else
{
Packet invsess = new Packet(PacketType.InvalidSession);
await Send(invsess);
stillOk = false;
}
return(null);
}
else if (type == PacketType.Identify)
{
identity = p.GetPacketData <Identity>();
}
else
{
if (identity == null)
{
stillOk = false;
return(null);
}
}
return(p);
} catch (Exception e) {
Logger.Error($"Packet conversion error: {e.Message}");
Logger.Error($"Receied data: {string.Join(" ", data)}");
Logger.Error($"Decoded: {pstr}");
Logger.Error($"{e.StackTrace}");
}
}
else if (opcode == OpCode.Ping)
{
Logger.Debug("Ping Pong");
WsPacket pong = new WsPacket(OpCode.Pong);
await Send(pong);
}
}
return(null);
}
