public void AesAeadWithoutAdditionalDataTest()
{
var key = new byte[]
{
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[]
{
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
};
var m = new byte[]
{
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
if (SecretAeadAes.IsAvailable())
{
var encrypted = SecretAeadAes.Encrypt(m, nonce, key);
var decrypted = SecretAeadAes.Decrypt(encrypted, nonce, key);
CollectionAssert.AreEqual(m, decrypted);
}
else
{
Console.WriteLine("Missing AES support");
}
}
public void SecretAeadDecryptWithBadAdditionalData()
{
var key = new byte[] {
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[] {
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
};
var ad = new byte[] {
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
};
var m = new byte[] {
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
if (SecretAeadAes.IsAvailable())
{
Assert.Throws <AdditionalDataOutOfRangeException>(
() => SecretAeadAes.Decrypt(m, nonce, key, ad));
}
else
{
Assert.Warn("AES is not supported");
}
}
// Function to get the encryption key for the main store.
private static byte[] GetKey(string masterPassword)
{
// Get encrypted encryption key and nonce.
//byte[] encryptedKey = Convert.FromBase64String(File.ReadAllText(PIMUX_KEY));
byte[] encryptedKey = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY));
byte[] keyNonce = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY_NONCE));
// Decrypt key with parameters stored in PIMUX_PATH.
byte[] key = SecretAeadAes.Decrypt(encryptedKey, keyNonce, GenericHash.Hash(masterPassword, (byte[])null, 32));
return(key);
}
// Function to decrypt the main store.
public static List <string> DecryptStoreFile(string masterPassword)
{
// Get required variables.
string[] storeFileContents = GetStoreFileContents();
byte[] nonce = GetNonce();
byte[] key = GetKey(masterPassword);
List <string> decryptedList = new List <string>();
// Decrypt each password entry. Work backwards with last nonce used, as nonce decrements.
for (int i = storeFileContents.Length - 1; i > -1; i--)
{
byte[] dataToDecrypt = Convert.FromBase64String(storeFileContents[i]);
var decrypted = SecretAeadAes.Decrypt(dataToDecrypt, nonce, key);
decryptedList.Add(Encoding.ASCII.GetString(decrypted));
// Decrement nonce to get each nonce used to encrypt password entry.
ByteOperation.Decrement(ref nonce);
}
// Return list containing all decrypted password entries.
return(decryptedList);
}
