/// <summary> /// Initializes a new instance of the <see cref="AuthenticationFlowTest"/> class. /// </summary> /// <param name="outputHelper">The test output helper.</param> public AuthenticationFlowTest(ITestOutputHelper outputHelper) { this.outputHelper = outputHelper; this.testDatabase = new TestDatabase(outputHelper); this.dbContext = this.testDatabase.CreateContext(); this.identityInstance = IdentityTestHelper.CreateInstance(this.testDatabase, this.outputHelper); this.usedHttpContext = new DefaultHttpContext(); this.httpConctextAccessorMock = new Mock <IHttpContextAccessor>(); this.jwtCrypoMock = new Mock <IJwtCryptoProvider>(); this.momentMock = MomentTestHelper.CreateMomentMock(); this.optionsMonitorMock = OptionsTestHelper.CreateBackendOptionsMock(); this.randomGenerator = new SecureRandomGenerator(); this.loggerFactory = LoggingTestHelper.CreateLoggerFactory(this.outputHelper); this.httpConctextAccessorMock.SetupGet(m => m.HttpContext).Returns(this.usedHttpContext); this.jwtCrypoMock.SetupGet(c => c.Algorithm).Returns(SigningAlgorithm); this.jwtCrypoMock.SetupGet(c => c.SecurityKey).Returns(SigningKey); this.authenticationFlow = new AuthenticationFlow( this.httpConctextAccessorMock.Object, this.jwtCrypoMock.Object, this.identityInstance.UserManager, this.dbContext, this.randomGenerator, this.momentMock.Object, this.optionsMonitorMock.Object, this.loggerFactory.CreateLogger <AuthenticationFlow>()); }
public void TestShort() { var bytes = SecureRandomGenerator.GetBytes(SymmetricCrypter.NONCE_SIZE + SymmetricCrypter.TAG_SIZE - 1); var crypter = new SymmetricCrypter(SecureRandomGenerator.GetBytes(32)); Assert.IsTrue(crypter.Decrypt(bytes).Error is SymmetricCrypter.MessageTooShortError); }
public byte[] GenerateBinaryKey() { const string originalLookupIndex = "SecureMemo"; using var secureRnd = new SecureRandomGenerator(); MemoryStream ms = new MemoryStream(); byte[] buffer = secureRnd.GetRandomData(secureRnd.GetRandomInt(29, 221)); ms.Write(buffer, 0, buffer.Length); buffer = GeneralConverters.ConvertStringToByteArray(Encoding.ASCII, originalLookupIndex); ms.Write(buffer, 0, buffer.Length); buffer = secureRnd.GetRandomData(secureRnd.GetRandomInt(29, 221)); ms.Write(buffer, 0, buffer.Length); buffer = ms.ToArray(); // ReSharper disable once SuggestVarOrType_Elsewhere for (int i = 0; i < secureRnd.GetRandomInt(83, 101); i++) { // Tick count being tracked by .Net using 32 bit integers for some strange reason when the WIN_API CALL uses ulong and thus not overflowing in 24 days and 20 hours. int tickCount = Environment.TickCount; // Just inject a small amount of noise for each iteration int pos = tickCount % buffer.Length; buffer[pos] ^= (byte)(tickCount % byte.MaxValue); buffer = SHA512.GetSHA512HashAsByteArray(buffer); } buffer = SHA256.GetSHA256HashAsByteArray(buffer); return(buffer); }
public SshKeyProvider(EncodingWrapper encoding, Base64Wrapper base64, IRsaKeyProvider rsaKeyProvider, IDsaKeyProvider dsaKeyProvider, IEcKeyProvider ecKeyProvider, SecureRandomGenerator randomGenerator) { this.encoding = encoding; this.base64 = base64; this.rsaKeyProvider = rsaKeyProvider; this.dsaKeyProvider = dsaKeyProvider; this.ecKeyProvider = ecKeyProvider; this.randomGenerator = randomGenerator; sshSupportedCurves = new [] { new [] { "curve25519" }, new [] { "P-256", "secp256r1", "prime256v1" }, new [] { "P-384", "secp384r1" }, new [] { "P-521", "secp521r1" } }; sshCurveHeaders = new Dictionary <string, string> { { "curve25519", "ssh-ed25519" }, { "P-256", "ecdsa-sha2-nistp256" }, { "P-384", "ecdsa-sha2-nistp384" }, { "P-521", "ecdsa-sha2-nistp521" } }; sshCurveIdentifiers = new Dictionary <string, string> { { "curve25519", "ed25519" }, { "P-256", "nistp256" }, { "P-384", "nistp384" }, { "P-521", "nistp521" } }; }
public void SetupAsymmetricKeyProviderTest() { var configuration = Mock.Of <IConfiguration>(c => c.Get <int>("SaltLengthInBytes") == 100 && c.Get <int>("KeyDerivationIterationCount") == 10); var secureRandom = new SecureRandomGenerator(); var asymmetricKeyPairGenerator = new AsymmetricKeyPairGenerator(secureRandom); var primeMapper = new Rfc3526PrimeMapper(); var fieldMapper = new FieldToCurveNameMapper(); rsaKeyProvider = new RsaKeyProvider(asymmetricKeyPairGenerator); dsaKeyProvider = new DsaKeyProvider(asymmetricKeyPairGenerator); ecKeyProvider = new EcKeyProvider(asymmetricKeyPairGenerator, fieldMapper); elGamalKeyProvider = new ElGamalKeyProvider(asymmetricKeyPairGenerator, primeMapper); cipherTypeMapper = new OidToCipherTypeMapper(); keyInfoWrapper = new Mock <KeyInfoWrapper>(); SetupValidKeyInfo(); SetupValidKeyProvider(); pkcsEncryptionProvider = new KeyEncryptionProvider(configuration, secureRandom, keyProvider, new Pkcs12KeyEncryptionGenerator(), new AesKeyEncryptionGenerator()); rsaKeyPair = rsaKeyProvider.CreateKeyPair(2048); dsaKeyPair = dsaKeyProvider.CreateKeyPair(2048); ecKeyPair = ecKeyProvider.CreateKeyPair("secp384r1"); elGamalKeyPair = elGamalKeyProvider.CreateKeyPair(2048, true); }
public void VerifySignatureTestSetup() { file = new Mock <FileWrapper>(); file.Setup(f => f.ReadAllBytes(It.IsAny <string>())) .Returns <string>(givenFile => files[givenFile]); console = new Mock <ConsoleWrapper>(); Container container = ContainerProvider.GetContainer(); container.Register <FileWrapper>(() => file.Object); container.Register <ConsoleWrapper>(() => console.Object); var asymmetricKeyPairGenerator = new AsymmetricKeyPairGenerator(new SecureRandomGenerator()); var primeMapper = new Rfc3526PrimeMapper(); var curveNameMapper = new FieldToCurveNameMapper(); rsaKeyProvider = new RsaKeyProvider(asymmetricKeyPairGenerator); dsaKeyProvider = new DsaKeyProvider(asymmetricKeyPairGenerator); ecKeyProvider = new EcKeyProvider(asymmetricKeyPairGenerator, curveNameMapper); elGamalKeyProvider = new ElGamalKeyProvider(asymmetricKeyPairGenerator, primeMapper); signatureProvider = new SignatureProvider(new SignatureAlgorithmIdentifierMapper(), new SecureRandomGenerator(), new SignerUtilitiesWrapper()); pkcs8PemFormatter = new Pkcs8PemFormattingProvider(new AsymmetricKeyProvider(new OidToCipherTypeMapper(), new KeyInfoWrapper(), rsaKeyProvider, dsaKeyProvider, ecKeyProvider, elGamalKeyProvider)); base64 = new Base64Wrapper(); encoding = new EncodingWrapper(); random = new SecureRandomGenerator(); }
public void SetupRsaKeyProviderTest() { var secureRandomGenerator = new SecureRandomGenerator(); var asymmetricKeyGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator); keyProvider = new RsaKeyProvider(asymmetricKeyGenerator); }
public string GenerateKey() { const string originalLookupIndex = "SecureMemo"; string key; using var secureRnd = new SecureRandomGenerator(); string tmp = secureRnd.GetPasswordString(secureRnd.GetRandomInt(29, 221)) + originalLookupIndex + secureRnd.GetPasswordString(secureRnd.GetRandomInt(29, 221)); // ReSharper disable once SuggestVarOrType_Elsewhere byte[] buffer = GeneralConverters.ConvertStringToByteArray(Encoding.ASCII, tmp); for (int i = 0; i < secureRnd.GetRandomInt(83, 101); i++) { // Tick count being tracked by .Net using 32 bit integers for some strange reason when the WIN_API CALL uses ulong and thus not overflowing in 24 days and 20 hours. int tickCount = Environment.TickCount; // Just inject a small amount of noise for each iteration int pos = tickCount % buffer.Length; buffer[pos] ^= (byte)(tickCount % byte.MaxValue); buffer = SHA512.GetSHA512HashAsByteArray(buffer); } buffer = SHA256.GetSHA256HashAsByteArray(buffer); key = Convert.ToBase64String(buffer, 0, buffer.Length, Base64FormattingOptions.None).Trim("=".ToCharArray()); return(key); }
private string GetDefaultPassword() { try { string defaultKey = _applicationSettingsService.Settings.DefaultKey; if (defaultKey != null && defaultKey.Length == 256) { return(defaultKey); } string previousKey = defaultKey; defaultKey = new SecureRandomGenerator().GetAlphaNumericString(256); _applicationSettingsService.Settings.DefaultKey = defaultKey; _applicationSettingsService.SetSettingsStateModified(); _applicationSettingsService.SaveSettings(); Log.Information("New default bookmark key was created and saved. Previous key was: {previousKey}", previousKey); return(defaultKey); } catch (Exception e) { Log.Error(e, "GetDefaultPassword"); return("CodeRed"); } }
public void TestValid(int length) { var contract = SecureRandomGenerator.GetBytes(length); var signature = privateIdentity.Sign(contract); Assert.IsTrue(publicIdentity.Verify(contract, signature)); }
public void SetupDsaKeyProviderTest() { var secureRandomGenerator = new SecureRandomGenerator(); var keyGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator); keyProvider = new DsaKeyProvider(keyGenerator); keyPair = keyProvider.CreateKeyPair(2048); }
public void TestTampered() { var bytes = SecureRandomGenerator.GetBytes(100); var encrypted = crypter.Encrypt(bytes); encrypted[0]++; Assert.IsTrue(crypter.Decrypt(encrypted).Error is SymmetricCrypter.TamperedMessageError); }
public void TestChangedSignature(int length) { var contract = SecureRandomGenerator.GetBytes(length); var signature = privateIdentity.Sign(contract); signature[0]++; Assert.IsFalse(publicIdentity.Verify(contract, signature)); }
public KeyEncryptionProvider(IConfiguration configuration, SecureRandomGenerator secureRandomGenerator, IAsymmetricKeyProvider keyProvider, Pkcs12KeyEncryptionGenerator pkcsEncryptionGenerator, AesKeyEncryptionGenerator aesEncryptionGenerator) { this.configuration = configuration; this.secureRandomGenerator = secureRandomGenerator; this.keyProvider = keyProvider; this.pkcsEncryptionGenerator = pkcsEncryptionGenerator; this.aesEncryptionGenerator = aesEncryptionGenerator; }
public async Task TestValid(int length) { var bytes = SecureRandomGenerator.GetBytes(length); var sent = a.Send(bytes); var message = await b.Receive(); Assert.IsTrue(await sent); Assert.IsTrue(Enumerable.SequenceEqual <byte>(bytes, message.Value)); }
public void SetupEncryptKey() { var secureRandomGenerator = new SecureRandomGenerator(); var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandomGenerator)); keyPair = rsaProvider.CreateKeyPair(1024); secureRandom.Setup(sr => sr.NextBytes(100)) .Returns(new byte[] { 0x07 }); }
public void SetupElGamalKeyProviderTest() { var secureRandomGenerator = new SecureRandomGenerator(); var keyGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator); var primeMapper = new Rfc3526PrimeMapper(); keyProvider = new ElGamalKeyProvider(keyGenerator, primeMapper); keyPair = keyProvider.CreateKeyPair(2048, true); }
public void Setup() { generator = new AesKeyEncryptionGenerator(); var secureRandom = new SecureRandomGenerator(); var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandom)); keyPair = rsaProvider.CreateKeyPair(1024); encryptedKey = generator.Encrypt("keypassword", new byte[] { 0x01, 0x02 }, 100, keyPair.PrivateKey.Content); }
public void SetupDecrypt() { var secureRandomGenerator = new SecureRandomGenerator(); var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandomGenerator)); keyPair = rsaProvider.CreateKeyPair(1024); var oidToCipherTypeMapper = new OidToCipherTypeMapper(); encryptionProvider = new KeyEncryptionProvider(configuration, secureRandomGenerator, new AsymmetricKeyProvider(oidToCipherTypeMapper, new KeyInfoWrapper(), rsaProvider, null, null, null), new Pkcs12KeyEncryptionGenerator(), new AesKeyEncryptionGenerator()); }
public void SetupPkcsEncryptionGeneratorTest() { encryptionGenerator = new Pkcs12KeyEncryptionGenerator(); var secureRandom = new SecureRandomGenerator(); var rsaProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandom)); keyPair = rsaProvider.CreateKeyPair(1024); encryptedKey = encryptionGenerator.Encrypt("fooBar", new byte[] { 0x01, 0x02 }, 10, keyPair.PrivateKey.Content); }
public static string GenerateKey(SecretKeyLength skLength) { int keyLength = (int)skLength; string generatedKey; using (var secureRng = new SecureRandomGenerator()) { generatedKey = secureRng.GetBase32String(keyLength); } return(generatedKey); }
public void ShouldReturnValidKey() { var algorithmMapper = new SignatureAlgorithmIdentifierMapper(); var secureRandom = new SecureRandomGenerator(); var signatureProvider = new SignatureProvider(algorithmMapper, secureRandom, new SignerUtilitiesWrapper()); byte[] data = secureRandom.NextBytes(100); IAsymmetricKey result = keyProvider.GetPrivateKey(rsaKeyPair.PrivateKey.Content); Signature signature = signatureProvider.CreateSignature(result, data); Assert.IsTrue(signatureProvider.VerifySignature(rsaKeyPair.PublicKey, signature)); }
private async void btnGenerate_Click(object sender, EventArgs e) { if (txtSSId.Text.Length > 0 && !IsValidSsid()) { MessageBox.Show(this, "Invalid SSID, if you want to generate a password and QR code without SSID please leave the SSID field empty", "Invalid caracters", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); } var secureRandomGenerator = new SecureRandomGenerator(); txtGeneratedPassword.Text = await secureRandomGenerator.GetRandomStringFromPasswordType(_activeSettings.PasswordType, _activeSettings.PasswordLength); // Always generate QR even if the SSID is invalid, but inform instead. await GnerateQrCode().ConfigureAwait(true); }
public void TestSymmetry() { byte[] key = SecureRandomGenerator.GetBytes(32); var a = new KDFRatchet(key); var b = new KDFRatchet(key); for (int i = 0; i < 100; i++) { byte[] input = SecureRandomGenerator.GetBytes(32); var outputA = a.Turn(input); var outputB = b.Turn(input); CollectionAssert.AreEqual(outputA, outputB); } }
public void SetupSignatureProviderTest() { algorithmIdentifierMapper = new SignatureAlgorithmIdentifierMapper(); secureRandomGenerator = new SecureRandomGenerator(); signatureProvider = new SignatureProvider(algorithmIdentifierMapper, secureRandomGenerator, new SignerUtilitiesWrapper()); content = secureRandomGenerator.NextBytes(2000); keys = new Dictionary <CipherType, IAsymmetricKeyPair>(); var rsaGenerator = new AsymmetricKeyPairGenerator(secureRandomGenerator); var rsaKeyProvider = new RsaKeyProvider(rsaGenerator); IAsymmetricKeyPair keyPair = rsaKeyProvider.CreateKeyPair(2048); keys.Add(keyPair.PrivateKey.CipherType, keyPair); }
private async void btnGenerate_Click(object sender, EventArgs e) { if (!IsValidSsid() && txtSSId.Text.Length > 0) { MessageBox.Show(this, "QR Code was created with the password but The SSID is invalid", "Invalid characters", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); return; } var secureRandomGenerator = new SecureRandomGenerator(); txtGeneratedPassword.Text = await secureRandomGenerator.GetRandomStringFromPasswordType(_activeSettings.PasswordType, _activeSettings.PasswordLength); // Always generate QR even if the SSID is invalid, but inform instead. btnGenerate.Enabled = false; await GenerateQrCode(); btnGenerate.Enabled = true; }
/// <summary> /// Protects an insecure connection. /// </summary> /// <param name="initiator">Set to <see langword="true"/> if a client, /// <see langword="false"/> if a server.</param> public static async Task <ProtectedMessenger> Protect(SocketMessenger socketMessenger, bool initiator) { // Perform a key exchange. var exchanger = new KeyExchanger(); var sent = socketMessenger.Send(exchanger.Token); var token = await socketMessenger.Receive().ConfigureAwait(false); if (token.IsError) { throw new Exception(token.Error.GetType().ToString()); } var key = exchanger.KeyFromToken(token.Value); var result = await sent; if (result.IsError) { throw new Exception(result.Error.GetType().ToString()); } // Send test data. var protectedMessenger = new ProtectedMessenger(socketMessenger, key, initiator); byte[] myValues = SecureRandomGenerator.GetBytes(32); var a = protectedMessenger.Send(myValues); // Echo bytes back. var integrityChallenge = await protectedMessenger.Receive().ConfigureAwait(false); var b = protectedMessenger.Send(integrityChallenge); await Task.WhenAll(a, b).ConfigureAwait(false); // Check integrity of test data. var integrityCheck = await protectedMessenger.Receive(); if (!Enumerable.SequenceEqual <byte>(myValues, integrityCheck)) { throw new Exception("Could not verify connection!"); } // Return protected messenger, as the connection has been validated. return(protectedMessenger); }
public void SetupFormattingProviderTest() { var secureRandom = new SecureRandomGenerator(); rsaKeyProvider = new RsaKeyProvider(new AsymmetricKeyPairGenerator(secureRandom)); keyPair = rsaKeyProvider.CreateKeyPair(2048); var oidMapper = new OidToCipherTypeMapper(); var asymmetricKeyConverter = new AsymmetricKeyProvider(oidMapper, new KeyInfoWrapper(), rsaKeyProvider, null, null, null); pkcs8PemFormattingProvider = new Pkcs8PemFormattingProvider(asymmetricKeyConverter); var configuration = Mock.Of <IConfiguration>(m => m.Get <int>("SaltLengthInBytes") == 100 && m.Get <int>("KeyDerivationIterationCount") == 1); var encryptionProvider = new KeyEncryptionProvider(configuration, secureRandom, asymmetricKeyConverter, new Pkcs12KeyEncryptionGenerator(), new AesKeyEncryptionGenerator()); pkcsEncryptedKey = encryptionProvider.EncryptPrivateKey(keyPair.PrivateKey, "password", EncryptionType.Pkcs); aesEncryptedKey = encryptionProvider.EncryptPrivateKey(keyPair.PrivateKey, "password", EncryptionType.Aes); }
public void SetupGetAsDer() { var secureRandom = new SecureRandomGenerator(); var asymmetricKeyPairGenerator = new AsymmetricKeyPairGenerator(secureRandom); var rsaKeyProvider = new RsaKeyProvider(asymmetricKeyPairGenerator); var dsaKeyProvider = new DsaKeyProvider(asymmetricKeyPairGenerator); var ecKeyProvier = new EcKeyProvider(asymmetricKeyPairGenerator, new FieldToCurveNameMapper()); var keyPair = rsaKeyProvider.CreateKeyPair(1024); var key = keyPair.PublicKey; var encoding = new EncodingWrapper(); var base64 = new Base64Wrapper(); var sshKeyProvider = new SshKeyProvider(encoding, base64, rsaKeyProvider, dsaKeyProvider, ecKeyProvier, null); var formattingProvider = new SshFormattingProvider(sshKeyProvider, encoding, new Ssh2ContentFormatter(), null, base64); ssh2Key = formattingProvider.GetAsSsh2PublicKey(key, "foo"); keyContent = sshKeyProvider.GetRsaPublicKeyContent(key); openSshKey = formattingProvider.GetAsOpenSshPublicKey(key, "foo"); }
public byte[] Encode(string password) { var secureRandom = new SecureRandomGenerator(); var msBlock = new MemoryStream(); var msContent = new MemoryStream(); int leftPaddingLength = secureRandom.GetRandomInt(64, 512); int rightPaddingLength = secureRandom.GetRandomInt(64, 512); byte[] sharedSecretBytes = GeneralConverters.StringToByteArray(SharedSecret); byte[] buffer = BitConverter.GetBytes(leftPaddingLength); msBlock.Write(buffer, 0, buffer.Length); buffer = BitConverter.GetBytes(rightPaddingLength); msBlock.Write(buffer, 0, buffer.Length); buffer = BitConverter.GetBytes(leftPaddingLength + rightPaddingLength + sharedSecretBytes.Length); msBlock.Write(buffer, 0, buffer.Length); msBlock.Write(secureRandom.GetRandomData(leftPaddingLength), 0, leftPaddingLength); msBlock.Write(sharedSecretBytes, 0, sharedSecretBytes.Length); msBlock.Write(secureRandom.GetRandomData(rightPaddingLength), 0, rightPaddingLength); byte[] encodeBytes = msBlock.ToArray(); encodeBytes = EncryptionManager.EncryptData(encodeBytes, password); byte[] hashBytes = SHA512.Create().ComputeHash(encodeBytes, 0, encodeBytes.Length); buffer = BitConverter.GetBytes(encodeBytes.Length); msContent.Write(buffer, 0, buffer.Length); msBlock.WriteTo(msContent); buffer = BitConverter.GetBytes(hashBytes.Length); msContent.Write(buffer, 0, buffer.Length); msContent.Write(hashBytes, 0, hashBytes.Length); return(msContent.ToArray()); }