public byte[] DecryptToBytes(CipherString encyptedValue, SymmetricCryptoKey key = null)
{
if (key == null)
{
key = EncKey ?? Key;
}
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (encyptedValue == null)
{
throw new ArgumentNullException(nameof(encyptedValue));
}
if (encyptedValue.EncryptionType == EncryptionType.AesCbc128_HmacSha256_B64 &&
key.EncryptionType == EncryptionType.AesCbc256_B64)
{
// Old encrypt-then-mac scheme, swap out the key
if (_legacyEtmKey == null)
{
_legacyEtmKey = new SymmetricCryptoKey(key.Key, EncryptionType.AesCbc128_HmacSha256_B64);
}
key = _legacyEtmKey;
}
return(Crypto.AesCbcDecrypt(encyptedValue, key));
}
public byte[] RsaDecryptToBytes(CipherString encyptedValue, byte[] privateKey)
{
if (privateKey == null)
{
privateKey = PrivateKey;
}
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
IAsymmetricKeyAlgorithmProvider provider = null;
switch (encyptedValue.EncryptionType)
{
case EncryptionType.Rsa2048_OaepSha256_B64:
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha256);
break;
case EncryptionType.Rsa2048_OaepSha1_B64:
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
break;
default:
throw new ArgumentException("EncryptionType unavailable.");
}
var cryptoKey = provider.ImportKeyPair(privateKey, CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo);
var decryptedBytes = WinRTCrypto.CryptographicEngine.Decrypt(cryptoKey, encyptedValue.CipherTextBytes);
return(decryptedBytes);
}
public string Decrypt(CipherString encyptedValue)
{
try
{
if (Key == null)
{
throw new ArgumentNullException(nameof(Key));
}
if (encyptedValue == null)
{
throw new ArgumentNullException(nameof(encyptedValue));
}
if (encyptedValue.Mac != null)
{
var computedMac = ComputeMac(encyptedValue.CipherTextBytes, encyptedValue.InitializationVectorBytes);
if (computedMac != encyptedValue.Mac)
{
throw new InvalidOperationException("MAC failed.");
}
}
var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
var cryptoKey = provider.CreateSymmetricKey(encyptedValue.Mac != null ? EncKey : Key);
var decryptedBytes = WinRTCrypto.CryptographicEngine.Decrypt(cryptoKey, encyptedValue.CipherTextBytes,
encyptedValue.InitializationVectorBytes);
return(Encoding.UTF8.GetString(decryptedBytes, 0, decryptedBytes.Length).TrimEnd('\0'));
}
catch (Exception e)
{
Debug.WriteLine("Could not decrypt '{0}'. {1}", encyptedValue, e.Message);
return("[error: cannot decrypt]");
}
}
/// <summary>
/// Decrypt text.
/// </summary>
/// <param name="text">Text that should be decrypted.</param>
/// <param name="key">
/// Decryption key that is used in production.
/// </param>
/// <returns>Decrypted text.</returns>
private String DecryptText(String text, String key)
{
CipherString cipherString;
String decryptedText;
String[] split;
cipherString = new CipherString();
if (key.IsEmpty())
{
return(cipherString.DecryptText(text));
}
else
{
try
{
decryptedText = cipherString.DecryptText(text, key);
split = decryptedText.Split(new[] { Settings.Default.ClientTokenDelimiter });
if (split.Length == 5)
{
return(decryptedText);
}
else
{
// Maybe old token is used.
return(cipherString.DecryptText(text));
}
}
catch
{
// Maybe old token is used.
return(cipherString.DecryptText(text));
}
}
}
public async Task UploadSendFileAsync(SendFileUploadDataResponse uploadData, CipherString fileName, byte[] encryptedFileData)
{
try
{
switch (uploadData.FileUploadType)
{
case FileUploadType.Direct:
await _bitwardenFileUploadService.Upload(fileName.EncryptedString, encryptedFileData,
fd => _apiService.PostSendFileAsync(uploadData.SendResponse.Id, uploadData.SendResponse.File.Id, fd));
break;
case FileUploadType.Azure:
Func <Task <string> > renewalCallback = async() =>
{
var response = await _apiService.RenewFileUploadUrlAsync(uploadData.SendResponse.Id, uploadData.SendResponse.File.Id);
return(response.Url);
};
await _azureFileUploadService.Upload(uploadData.Url, encryptedFileData, renewalCallback);
break;
default:
throw new Exception("Unknown file upload type");
}
}
catch (Exception e)
{
await _apiService.DeleteSendAsync(uploadData.SendResponse.Id);
throw e;
}
}
/// <summary>
/// Connect to the database.
/// </summary>
protected override void Connect()
{
CipherString cipherString = new CipherString();
String connectionString;
// Opens the database connection.
switch (Environment.MachineName)
{
case "ARTSERVICE2-1": // New production web service server.
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAPGBJALGDDHDONKEGJOECJFBANDBBPEGFAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAKGACHEMILMBLCCOOAKFMLHIDPFEOBACDAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAHAKCNAAHOHAFNBKPKFPKOFKMJLCAOBFIMAAAAAAAJMIFACEBKHABCMADCGCIHCKECEJHFGLBEGJIBKNPBBFMHLNFDIBCKBNEKPCIFADAAELKIHKLHBEBLIKAIALAGIGJJEFDEPGOBPACPLFFELPDFJNHJOGMFKOFIAGJBJBIDKMMMJFAMKGPFNNKLCCEDJFFGAPCHADDPIIOGHMEFMDCCDMDGNIKILIHLOGDGIGNFGHJHLFPFFADBMPMJHEHJNMPDIOMPHMGBLCJIHOEJOOBMKMPILPGNEACFCKHDNNBPOOFPAANBDBCALDEHBFCOAPGKOOKGABCBEMCOAAOIFOGMKFCIHJPKNPFFOGCGFILBPNOHMKHIJDCFNDBOHMGMGGOELKALFLAJBLOAHEJMOHHLJDDKAJFBPEBAMCHFLCLBEAAAAAADNAKHPPEDAAELACKAGIKCHCBBPKNJIJKANGEIGBC";
break;
case "ARTSERVICE2-2": // New production web service server.
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAPGBJALGDDHDONKEGJOECJFBANDBBPEGFAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAABAAICOJBKOMNEAMOBDGPFJFCLNKHPNDOAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAOKMCMLEOHFMCDCECMNIKJHGILNGMKOPHMAAAAAAAIECPJDBECFIAPPOMKOIHKJJIGLKGJDCOKLNHGBNPHLCOKCPJCIJEBBJIAOMIBDKFHLALEJOIDMEFAEBPGPCFKDNFAPNFNKMLKBJLOCNPEMLJAEBIKKKHIJENNEMJMGCOOHFKGKOFFAGKOMCMHIMPAGFOADKAMAGHHFJLMJMDNIGEEHJBDCHJPDKKFAPJHFCHFHGKFKBDEPHMNNIJMJMGGGKNIFNOOHAIKFKDLOHBIFABNCNJHAJBHAGDNEBPGNLAEJBFFILPKHGCAEFCHOCLPAOOBIKJFLFFOPMEDAOOKCADEMBNAKGPGPOIJPLDKFOMIIFKJMDBEEAOHNDPJOLLALLLLKLBCAJBAEKPBELMBCIJGPEHBNNIBICBKOBNLJFIBEAAAAAAODICAJEKDHBHKCEPIIECOFPKKPEIHBCHECGIJLJL";
break;
case "MONESES-DEV": // Test Web Server
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAALAHBHOALDLJHIEECKMFJPMIIHMEAIDBJAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAIBNMFFHMGDOGHKMHKHIHKNOHGFOFMPHLAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAFANPKLDILDJABAHBMKFFGENNONPHFHENLAAAAAAAFOEALKOJHFMKMHPBMEALGLFBEJMHNBKCPBLPCMKJAGEHHNPPKGEOIDFNGCOPLPAEMAEFACNKOOPNLBCLKAKCLAHCEILGDNOLDLKMMBNIPMGILPFCHJFCOMFJBHAJGDNLEHMGJKJOBAFJOPEMBNOKBNBFHCFJIKMADKNIPIGMDJGABGEICPGCEMMCLGOLGCKODFHLJKPNCBPMICEILFLBAAPFIEMHPDNIPADNGOCELDIHNKKOCMMKMLABNEFIGPAKDOAIHPCOAIOONLKFFDLPFKFNHPHDBPBOPILIFLGIPOLJIMBFNIBHBOPNJLGEKJIEFMMBJFCIOBGANHCACMIPNAMPINJGAMHJBEAAAAAANPBPLFEMLBDKPDFOCAIGBAIAEEJMEHFFHOKEHAEH";
break;
case "SILURUS2-1": // Production Web Server
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAIDGFKMFBDIMAPEELJPFDBGPLIAHNCJMKAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAMBCIAJLJABGCIILLNNFIGBMPHMDFCPDCAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAADDAJJKLIMFILGAOIMBDMMFOOFAFDBFILMAAAAAAABJFLHJMFBBHMGELHAHCPDBBHJGJBMKHNHFHOIJLDEODMLMPOIFFMGMOJADBJGGLIGHEEEHJFAKJMNLOICEICAHABCHCHAGEDNFGGCFBGGPEAEGKEHCPMOPEEKHAFJIBBOPDOHELIMAOAJCGOBMHHLIDNJEACGLLFHHJFEOHGIFPOOFIOFJMINJEGIKGFIILBEIGNLOHJHCPDNLOAJNFAHOEMJABONIHFKMHAIKNMFLIGDMJDNFAOPCKFCLNCDKBGGDKKHGIIGDMFLJMELJAFBIHJAGGAJMABNCLDNDJPEFCPHDAKAGBIDOCAKCMBDHGFIMPLBKDLNKCAKCMKBEJDHGBGJKDHFKEMOGCCJIENNGLGIMDLANPDDOEKMKGCOPFHBEAAAAAAILPAOEKHONCNFGPCPPGGAFHAGADJFDCBNHIIJOPL";
break;
case "SILURUS2-2": // Production Web Server
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAMLHPLFJBLJNKIBEPJGEAILJLHMPOLAAGAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAHNCMLBNNHFAFOHHLGCCNCFHCEEPPPJNDAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAOEMFCICFKPPGOAJMJOGFPEPADLHKFLGOLIAAAAAAIEKIMNPACEGIMMJNGIPIFACLIKJJLMJFLDEDCNPKEOBCMMHCJINEJGDEIFMCBGKMLCAOMENLECLMJEGMFGEPKKKDKBIEIMPHGMOHOENJBFIEIOGHBAKDPMECIGEPKLMDPMEHBOGOLJLOENEDOFBNBDMPJFPGFGGLCFOEJDDFEGGENLMMGKJEELACJNAKELKAHJKBMMGPOOEPFBCLAEHHAGPAINIGCOFNNMIABJHCFOKEHFCFFOJLHKMKGJLJKBLNDKBGDNALJPIOIKLHMPCLIHBDJDCDGGAJDNIMADDDIEHPFGOAEOOCEOCDHCLJMJCGIDFFIEBALIPOCDOKHPAPDOKFOBFKCIGIBPLJJNMOPLBHDGCDBEAAAAAAOPKBCBNBJBEKBLCOHALNDMJPBDMFOFLBFNGBDJHF";
break;
case "SLU011837": //
if (Configuration.InstallationType == InstallationType.Production)
{
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAALCPBDBGCIAFPEPEILEKMLLIKEOOJMJMKAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAHEEPHDHODIPODBJLICDPDKIJMODPBFNKAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAPENNDAGEMNPLIHICHBMCBLNIHOOMNJBGMAAAAAAAIGAHDICNKLDABAFKKLJKOACNJMPICHCCKFMGMHFEAAOAOAMMFLMPBHLALPAGMCLKFOJOABMJLFKJIAGBEINPEPNKAKGMLLFDNBJDFMFBKGFJLDOFOEPBHGPDENGHMIOKJPLFLAILGBBLEAOAOHOJPNAGDMNOMLDDAHMPDHBLJPNLMMCOBIGPCEGLFJAMLMLJCLCKHFLOGOFJLJEAJNKDOHLNDICFGOOBCOEIJKNBOMILHAAEDNNGKEJJBCCJJDJIMHFGMFEJGACCDMECMHPBIMGFMKFGPCMMGPKOKDDKMCPCFONBLMEHIHOEBLCMPPLHABOMMJLEPCEHFGHLHEFCDLPDENPJEEINABAGLGEIDEGGEINAAPLEJILPLKFCCKPKBEAAAAAAEGHMGELBKDMFJMDMLAIBJGBJOLJACPEOODCOKDAL";
}
else
{
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAFDGKFHMFDIIJOBEBLFPNAIHICEBDJLBPAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAABHIODJIAGIMAGJNJLAIHAJFODJAEIJPGAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAANOLIFKKBPIPAGOPCKNPNPGEDLPNHIILKLAAAAAAAALLAKOEIFINDFEFIDIOMHEHCBKFBIMGGPMKBPJOGJDNPLCMODCDMHBGIGMFBPCNOKDPFCLIJADKCEGLINMEELMFGEFJEHKBFOGJHFAGLGDEIAHEBCAHHHPOCOBEDMPLIAHEGFOOOHLEKBMECHCMEFFIHGDIEFJNIBAIFCJCMJKAPJFBIAINGDIFOKGJFEDIOEINBLFGFBKNCFKOMMPPGPGLCOGEDDBOHLOPOMIFDHDPCAADEJEMBMEOMOKNABADKFONNIGDGFEMEBNFHJCMOECNOICMAGMIMEMELKOMLABBHNIIIHKGPMIGIPBPPFNJOOLIENKGBAADNLPGHPMKMCJMFIJMIINCKBEAAAAAAADIKCHIKLOPBDEGKADPFLACFKOJFAODKPALDPOIG";
}
break;
case "SLU002760": //
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAOIKAMFPLIBLJKHEBKLMNEPHLFFHCEIBDAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAADEOEBEEAHFHNKGPAJPLFCAPPCBCJMDCOAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAEJJOJALKECHPAJJGMHCGHOLBEHCPLPDKKAAAAAAALOLGEINDIEPBMPPGAOMLPJMLPKPAINNBBBEFDGMMFFENMIEMNOFDHJFIMCECKLCAEPFAADOBAGEPLDNMCALFIPACADEOIHJJNCBLDJCANBAPDFKMKDLKGMDLJPKELHMOJFGJIBFLIJFLCNKDIACKOPGMDPBEKGHCHBFGGADFGDIOANEIILJCHJOEBFGLNPAIOFPDCIHHFGMFGILPFEEHIIAJPKCKIDKHBKLNFHGOALBBEHEOKMDNLICLEJGDPOHILDLPIIDBGBAMBDKHPDFPMCBLPNKPAACNFOGLIJDMFDCCDPFFCHEDFGMENGDPILCABEAAAAAALEGLOIIKBKAONLAKBOOPPGKKBGBPHMMKOOBJNPEE";
break;
case "MATLOU8470WW7": //
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAALHCOFDGPCNONAMEDJDCIAMKCOKLCFBPFAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAONECNHJCJAJMFMCBOJMBHKELKPFGKHHLAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAANGNIJFOALKLANLCFMKBCLHFHMCLELBNELIAAAAAADCDLBGMFLIOGLFGFKFDMDGOPNKNODOICGJJBBPOGKMBLDACPGEFOBFEBOAMCDLEBPALELOJOMMNMMJNJBLIKDGGILGAHCEGIBGMNHAOHAGGDPANOGLGIFNABCGLLNFAFPMDEDOPDBIJMKPGFACFMOIBPGOMCPAFDNAJDMPIBBCBFHOHJHNGGOIEDBOBCGHIEIMOAJPFOHGFCOCOKEILFKKLKEHEDLJEOPFLOBEGPIAMIIEBBEPADMOMBJBIONOLFKBKPJMOHCJNADFCNPPFDIKPBKEJFPNLDLALIHBAFDHLEOPLCGEDBHLCALHEIKMAOAIJDENMCFOIFLKNMMILIMGGHHAHKMHLEDBBPCGPIBDCGNLFEBEAAAAAAPKKGPDPPKEBLLPJMDNIALOMMNNJNGMBEOBIGFOMG";
break;
default:
throw new ApplicationException("Unknown web server " + Environment.MachineName);
}
Connection = new SqlConnection(cipherString.DecryptText(connectionString));
Connection.Open();
if (Connection.State != ConnectionState.Open)
{
throw new ApplicationException("Could not connect to database.");
}
}
public async Task <byte[]> DecryptToBytesAsync(CipherString cipherString, SymmetricCryptoKey key = null)
{
var iv = Convert.FromBase64String(cipherString.Iv);
var data = Convert.FromBase64String(cipherString.Data);
var mac = !string.IsNullOrWhiteSpace(cipherString.Mac) ? Convert.FromBase64String(cipherString.Mac) : null;
return(await AesDecryptToBytesAsync(cipherString.EncryptionType, data, iv, mac, key));
}
public void Parse_handles_cipher_mode_0()
{
var cs = CipherString.Parse("0.aXZpdml2aXZpdml2aXZpdg==|Y2lwaGVydGV4dA==");
Assert.Equal(CipherMode.Aes256Cbc, cs.Mode);
Assert.Equal(Iv, cs.Iv);
Assert.Equal(Ciphertext, cs.Ciphertext);
}
public void Parse_handles_default_three_piece_cipher_mode()
{
var cs = CipherString.Parse("aXZpdml2aXZpdml2aXZpdg==|Y2lwaGVydGV4dA==|bWFjIG1hYyBtYWMgbWFjIG1hYyBtYWMgbWFjIG1hYyA=");
Assert.Equal(CipherMode.Aes128CbcHmacSha256, cs.Mode);
Assert.Equal(Iv, cs.Iv);
Assert.Equal(Ciphertext, cs.Ciphertext);
Assert.Equal(Mac, cs.Mac);
}
public void Parse_handles_cipher_mode_4()
{
var cs = CipherString.Parse($"4.{RsaCiphertextBase64}");
Assert.Equal(CipherMode.Rsa2048OaepSha1, cs.Mode);
Assert.Empty(cs.Iv);
Assert.Equal(RsaCiphertext, cs.Ciphertext);
Assert.Empty(cs.Mac);
}
public void ParseRsa_handles_modes_6_without_mac()
{
var cs = CipherString.ParseRsa($"6.{RsaCiphertextBase64}");
Assert.Equal(CipherMode.Rsa2048OaepSha1HmacSha256, cs.Mode);
Assert.Empty(cs.Iv);
Assert.Equal(RsaCiphertext, cs.Ciphertext);
Assert.All(cs.Mac, x => Assert.Equal(0, x));
}
public void Parse_handles_cipher_mode_2()
{
var cs = CipherString.Parse("2.aXZpdml2aXZpdml2aXZpdg==|Y2lwaGVydGV4dA==|bWFjIG1hYyBtYWMgbWFjIG1hYyBtYWMgbWFjIG1hYyA=");
Assert.Equal(CipherMode.Aes256CbcHmacSha256, cs.Mode);
Assert.Equal(Iv, cs.Iv);
Assert.Equal(Ciphertext, cs.Ciphertext);
Assert.Equal(Mac, cs.Mac);
}
public void ParseRsa_handles_modes_3()
{
var cs = CipherString.ParseRsa($"3.{RsaCiphertextBase64}");
Assert.Equal(CipherMode.Rsa2048OaepSha256, cs.Mode);
Assert.Empty(cs.Iv);
Assert.Equal(RsaCiphertext, cs.Ciphertext);
Assert.Empty(cs.Mac);
}
public void Decrypt_throws_on_mismatching_mac()
{
var key = "SLBgfXoityZsz4ZWvpEPULPZMYGH6vSqh3PXTe5DmyM=".Decode64();
var iv = "XZ2vMa5oFCcp7BUAfPowvA==".Decode64();
var ciphertext = "1/GDPwJWo+2Iacio0UkRfR0zXXUufGjMIxD+y/A/YfQPKKep69B0nfbueqZJ1nA1pv15qVounBVJLhetVMGW7mKSxdVtTYObe0Uiqm/C9/s=".Decode64();
var mac = "mismatching MAC, mismatching MAC".ToBytes();
var cs = new CipherString(mode: CipherMode.Aes256CbcHmacSha256, iv: iv, ciphertext: ciphertext, mac: mac);
Exceptions.AssertThrowsCrypto(() => cs.Decrypt(key), "MAC doesn't match");
}
public void Properties_are_set()
{
var mode = CipherMode.Aes256CbcHmacSha256;
var cs = new CipherString(mode, Iv, Ciphertext, Mac);
Assert.Equal(mode, cs.Mode);
Assert.Equal(Iv, cs.Iv);
Assert.Equal(Ciphertext, cs.Ciphertext);
Assert.Equal(Mac, cs.Mac);
}
public static byte[] AesCbcDecrypt(CipherString encyptedValue, SymmetricCryptoKey key)
{
if (encyptedValue == null)
{
throw new ArgumentNullException(nameof(encyptedValue));
}
return(AesCbcDecrypt(encyptedValue.EncryptionType, encyptedValue.CipherTextBytes,
encyptedValue.InitializationVectorBytes, encyptedValue.MacBytes, key));
}
public void Decrypt_decrypts_ciphertext_without_mac()
{
var cs = new CipherString(mode: CipherMode.Aes256Cbc,
iv: "YFuiAVZgOD2K+s6y8yaMOw==".Decode64(),
ciphertext: "TZ1+if9ofqRKTatyUaOnfudletslMJ/RZyUwJuR/+aI=".Decode64(),
mac: "".ToBytes());
var plaintext = cs.Decrypt("OfOUvVnQzB4v49sNh4+PdwIFb9Fr5+jVfWRTf+E2Ghg=".Decode64());
Assert.Equal("All your base are belong to us".ToBytes(), plaintext);
}
public async Task <(Send send, CipherString encryptedFileData)> EncryptAsync(SendView model, byte[] fileData,
string password, SymmetricCryptoKey key = null)
{
if (model.Key == null)
{
model.Key = _cryptoFunctionService.RandomBytes(16);
model.CryptoKey = await _cryptoService.MakeSendKeyAsync(model.Key);
}
var send = new Send
{
Id = model.Id,
Type = model.Type,
Disabled = model.Disabled,
MaxAccessCount = model.MaxAccessCount,
Key = await _cryptoService.EncryptAsync(model.Key, key),
Name = await _cryptoService.EncryptAsync(model.Name, model.CryptoKey),
Notes = await _cryptoService.EncryptAsync(model.Notes, model.CryptoKey),
};
CipherString encryptedFileData = null;
if (password != null)
{
var passwordHash = await _cryptoFunctionService.Pbkdf2Async(password, model.Key,
CryptoHashAlgorithm.Sha256, 100000);
send.Password = Convert.ToBase64String(passwordHash);
}
switch (send.Type)
{
case SendType.Text:
send.Text = new SendText
{
Text = await _cryptoService.EncryptAsync(model.Text.Text, model.CryptoKey),
Hidden = model.Text.Hidden
};
break;
case SendType.File:
send.File = new SendFile();
if (fileData != null)
{
send.File.FileName = await _cryptoService.EncryptAsync(model.File.FileName, model.CryptoKey);
encryptedFileData = await _cryptoService.EncryptAsync(fileData, model.CryptoKey);
}
break;
default:
break;
}
return(send, encryptedFileData);
}
public void TokenNullError()
{
String token;
CipherString cipherString;
WebClientToken clientToken;
cipherString = new CipherString();
token = cipherString.EncryptText(null);
clientToken = new WebClientToken(token, WebServiceData.WebServiceManager.Key);
clientToken.CheckData();
}
public void TokenFormatError()
{
String token;
CipherString cipherString;
WebClientToken clientToken;
token = "Hej hopp i lingon skogen!";
cipherString = new CipherString();
token = cipherString.EncryptText(token);
clientToken = new WebClientToken(token, WebServiceData.WebServiceManager.Key);
clientToken.CheckData();
}
/// <summary>
/// Connect to the database.
/// </summary>
protected override void Connect()
{
CipherString cipherString = new CipherString();
String connectionString;
// Opens the database connection.
switch (Environment.MachineName)
{
case "ARTSERVICE2-1": // New production web service server.
connectionString = "";
break;
case "ARTSERVICE2-2": // New production web service server.
connectionString = "";
break;
case "MONESES-DEV": // Test Web Server
connectionString = null;
break;
case "SILURUS2-1": // Production Web Server
connectionString = null;
break;
case "SILURUS2-2": // Production Web Server
connectionString = null;
break;
case "SLU011837": //
connectionString = null;
break;
case "SLU002760": //
connectionString = null;
break;
case "MATLOU8470WW7": //
connectionString = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAALHCOFDGPCNONAMEDJDCIAMKCOKLCFBPFAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAEDBGDMLGFLOPKPONFABCBPANHFHOGMLKAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAADOKBKGOMDLNGPMKHNBCJEDALIHOGOEFAKAAAAAAALHIJIIJNHBKHKEMHJGCCLCINLPLJBLLKCCJMDECOBLFOGFHBEBNPLECLEBDPINEGNAEPBKKAIAILOFAMIGOKIPDPILJEDAHKIBDHHBKGBAJDONFCKNANEGOELBNINKDOEFBAJFOKMLDFFDHFEEOFLLBGLNJMDAFBOIGFGHNMIMBMEJDAKEAJNHPKMHGPGIJGBKFJNBEDADKGMLIJFOJAEBEJHEEOEGEHJBIBNGBBFEMEJJGPFOAMLPOKMOCLJNIKALANOODJDJEDHJOKGADKIBMEMOEMHILAHCGMDDLHDBOLNJHENNKBBIKBDJFDHNGHBEAAAAAAKNEIEKBCKGNAIIENEDKDLOMJCBALMPLFEHMEDLGH";
break;
default:
throw new ApplicationException("Unknown web server " + Environment.MachineName);
}
Connection = new SqlConnection(cipherString.DecryptText(connectionString));
Connection.Open();
if (Connection.State != ConnectionState.Open)
{
throw new ApplicationException("Could not connect to database.");
}
}
/// <summary>
/// Returns the detcrypted token.
/// </summary>
/// <returns>
/// A string containing the Token.
/// </returns>
private static string GetDecryptedToken()
{
CipherString cipherString;
String token;
// Valid to 2017-10-31. Label = PublicTicket04.
// Steps to make when next token should be collected.
// 1 Log in to https://miljodata.slu.se/mvm/LogOn with your UserService account.
// 2 Creat a new token with button "Aktivera och visa publika tickets".
// 3 Encrypt token on servers and your own computer and update encrypted token in this method.
// 4 Update valid to date in this method.
cipherString = new CipherString();
switch (Environment.MachineName)
{
case "ARTFAKTA-DEV": // Team Species Fact test server.
token = null;
break;
case "ARTSERVICE2-1": // New production web service server.
token = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAHLKGBDFBDBPKCEEOKLLJKALLMDFDELLAAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAALIDFJIDFKFIIDCACAKKABPLPBENILFPOAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAHKBCGGOJDAODLEHICGHNNNNPENCGKIGEBIAAAAAACFJEEBIKIKNJJAPAAFGBDMJEIKCINCHOMMMCGCCIIEPNLHIMBEAAAAAAKIJEHEABGDEJDKFKEFGOLHMCCDDMBJCKNJKDAHFJ";
break;
case "ARTSERVICE2-2": // New production web service server.
token = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAJGEOCNEDAFICHHEFLFLMCEBIEGIHNGNCAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAEIFDHKJAHPFCBHAIIGLIMBICIGCINBOCAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAALMHPCECEPANLPFIBLIJHBCDLKGPABAPDBIAAAAAALIBPBDHGCJOPHMHFKMFDCCLFCPOILHBPECPAKIDMPKLFEPLEBEAAAAAAJBMJHBOJEIGFBOOMBMAOPBICOHDMJGOIMLGBDHHA";
break;
case "MONESES-ST": // System test server.
token = null;
break;
case "TFSBUILD": // Build Server
token = null;
break;
case "SLU011837": //
token = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAFDGKFHMFDIIJOBEBLFPNAIHICEBDJLBPAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAJJNIIHIACKMLFGFDGFPBFJNBNFFKNIDBAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAKGAOGIFCDIDBIMAKGBBAKLOPGMNKHCCEBIAAAAAAEHOJPBOJFGFHGLAJAEDHODEHHNBOMCOAJBMHLLFJLKHJINKDBEAAAAAABOOLIECCMBJBKOGMNCNHCELGKKEABAICKIMABMBF";
break;
case "SLU004994": //
token = null;
break;
case "SLW-DEV": // Team Two Blueberries test server.
token = "ABAAAAAANAIMJNNPABBFNBBBIMHKAAMAEPMCJHOLABAAAAAAHDCGMMMLDMCPKPEMKILLNDOBEOLFBAJJAEAAAAAAACAAAAAAAAAAADGGAAAAMAAAAAAABAAAAAAAAIJKOMFGLDNCEGINNHHGFCBMJBPFONDNAAAAAAAAAEIAAAAAKAAAAAAABAAAAAAAJBDBIHHKDAEJJPFENMFGGEOMGNBBCLELBIAAAAAADICKGNBMEBONAPDPJKCIEMEAJBDCLKGGOGNIAFOBHPPDBPEABEAAAAAAMMLJOHMLMGOCNCIMBGPOMLIPOLAEDEKACJNIHMMO";
break;
default:
throw new ApplicationException("Unknown web server " + Environment.MachineName);
}
return(cipherString.DecryptText(token));
}
public string Decrypt(CipherString encyptedValue, SymmetricCryptoKey key = null)
{
try
{
var bytes = DecryptToBytes(encyptedValue, key);
return(Encoding.UTF8.GetString(bytes, 0, bytes.Length).TrimEnd('\0'));
}
catch (Exception e)
{
Debug.WriteLine("Could not decrypt '{0}'. {1}", encyptedValue, e.Message);
return("[error: cannot decrypt]");
}
}
public void SetPrivateKey(CipherString privateKeyEnc)
{
if (privateKeyEnc != null)
{
_settings.AddOrUpdateValue(PrivateKeyKey, privateKeyEnc.EncryptedString);
}
else if (_settings.Contains(PrivateKeyKey))
{
_settings.Remove(PrivateKeyKey);
}
_privateKey = null;
}
public void SetEncKey(CipherString encKeyEnc)
{
if (encKeyEnc != null)
{
_settings.AddOrUpdateValue(EncKeyKey, encKeyEnc.EncryptedString);
}
else if (_settings.Contains(EncKeyKey))
{
_settings.Remove(EncKeyKey);
}
_encKey = null;
}
public void Decrypt_decrypts_ciphertext_with_expanded_key()
{
var key = "SLBgfXoityZsz4ZWvpEPULPZMYGH6vSqh3PXTe5DmyM=".Decode64();
var iv = "XZ2vMa5oFCcp7BUAfPowvA==".Decode64();
var ciphertext = "1/GDPwJWo+2Iacio0UkRfR0zXXUufGjMIxD+y/A/YfQPKKep69B0nfbueqZJ1nA1pv15qVounBVJLhetVMGW7mKSxdVtTYObe0Uiqm/C9/s=".Decode64();
var mac = "ZLZcTYFq4o1tBSYkGUbQEIj64/rAE8sAVmfzpOhPTNM=".Decode64();
var expected = "7Zo+OWHAKzu+Ovxisz38Na4en13SnoKHPxFngLUgLiHzSZCWbq42Mohdr6wInwcsWbbezoVaS2vwZlSlB6G7Mg==".Decode64();
var cs = new CipherString(mode: CipherMode.Aes256CbcHmacSha256, iv: iv, ciphertext: ciphertext, mac: mac);
var plaintext = cs.Decrypt(key);
Assert.Equal(expected, plaintext);
}
public byte[] DecryptToBytes(CipherString encyptedValue, SymmetricCryptoKey key = null)
{
if (key == null)
{
key = Key;
}
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (encyptedValue == null)
{
throw new ArgumentNullException(nameof(encyptedValue));
}
if (encyptedValue.EncryptionType == Enums.EncryptionType.AesCbc128_HmacSha256_B64 &&
key.EncryptionType == Enums.EncryptionType.AesCbc256_B64)
{
// Old encrypt-then-mac scheme, swap out the key
if (_legacyEtmKey == null)
{
_legacyEtmKey = new SymmetricCryptoKey(key.Key, Enums.EncryptionType.AesCbc128_HmacSha256_B64);
}
key = _legacyEtmKey;
}
if (encyptedValue.EncryptionType != key.EncryptionType)
{
throw new ArgumentException("encType unavailable.");
}
if (key.MacKey != null && !string.IsNullOrWhiteSpace(encyptedValue.Mac))
{
var computedMac = ComputeMac(encyptedValue.CipherTextBytes,
encyptedValue.InitializationVectorBytes, key.MacKey);
if (computedMac != encyptedValue.Mac)
{
throw new InvalidOperationException("MAC failed.");
}
}
var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
var cryptoKey = provider.CreateSymmetricKey(key.EncKey);
var decryptedBytes = WinRTCrypto.CryptographicEngine.Decrypt(cryptoKey, encyptedValue.CipherTextBytes,
encyptedValue.InitializationVectorBytes);
return(decryptedBytes);
}
/// <summary>
/// Encrypt text.
/// </summary>
/// <param name="text">Text that should be encrypted.</param>
/// <param name="key">
/// Encryption key that is used in production.
/// </param>
/// <returns>Encrypted text.</returns>
private String EncryptText(String text, String key)
{
CipherString cipherString;
cipherString = new CipherString();
if (key.IsEmpty())
{
return(cipherString.EncryptText(text));
}
else
{
return(cipherString.EncryptText(text, key));
}
}
public void ConstructorClientIPAddressError()
{
CipherString cipherString;
String token;
token = TEST_USER_NAME + Settings.Default.ClientTokenDelimitor +
ApplicationIdentifier + Settings.Default.ClientTokenDelimitor +
42 + Settings.Default.ClientTokenDelimitor +
"127.127.127.127" + Settings.Default.ClientTokenDelimitor +
WebServiceData.WebServiceManager.Name;
cipherString = new CipherString();
token = cipherString.EncryptText(token);
new WebServiceContext(token);
}
public async Task <SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt,
KdfType kdf, int kdfIterations)
{
var pinProtectedKey = await _storageService.GetAsync <string>(Constants.PinProtectedKey);
if (pinProtectedKey == null)
{
throw new Exception("No PIN protected key found.");
}
var protectedKeyCs = new CipherString(pinProtectedKey);
var pinKey = await MakePinKeyAysnc(pin, salt, kdf, kdfIterations);
var decKey = await DecryptToBytesAsync(protectedKeyCs, pinKey);
return(new SymmetricCryptoKey(decKey));
}
