Exemplo n.º 1
0
        /// <inheritdoc/>
        protected override void UpdateSettingsFrom1To2(XElement root)
        {
            base.UpdateSettingsFrom1To2(root);

            // Handle protected password
            XElement oldPasswortElement  = root.Element("cloud_storage")?.Element("cloud_password");
            XElement cloudStorageAccount = root.Element("cloud_storage_account");

            if ((oldPasswortElement != null) && (cloudStorageAccount != null))
            {
                // Deobfuscate old password
                ICryptor decryptor    = new Cryptor("snps", null);
                byte[]   binaryCipher = CryptoUtils.Base64StringToBytes(oldPasswortElement.Value);
                byte[]   unprotectedBinaryPassword = decryptor.Decrypt(binaryCipher, CryptoUtils.StringToSecureString(snpsk));

                // Protect with new data protection service and add to XML
                char[] unprotectedChars           = Encoding.UTF8.GetChars(unprotectedBinaryPassword);
                byte[] unprotectedUnicodePassword = Encoding.Unicode.GetBytes(unprotectedChars);
                string protectedPassword          = _dataProtectionService.Protect(unprotectedUnicodePassword);
                cloudStorageAccount.Add(new XElement("protected_password", protectedPassword));
                CryptoUtils.CleanArray(unprotectedBinaryPassword);
                CryptoUtils.CleanArray(unprotectedChars);
                CryptoUtils.CleanArray(unprotectedUnicodePassword);
            }
        }
Exemplo n.º 2
0
        public void EnsureBackwardsCompatibilityLongTimeDecryptionOfTwofishGcm()
        {
            // Ensure that a once stored cipher can always be decrypted even after changes in the liberary
            string base64Cipher = "dW5pdHRlc3QkdHdvZmlzaF9nY20kZHhMWFh4K0UrZ2MzWHdWc01rWUFxQT09JHBia2RmMiRma1BCWTdDWXp1OG5YUlJtYk9DUlp3PT0kMTAwMCRRc0ETSqDekQuBgKJ5x4Mvy02OHsivm0uJ9KchKdpGk+pmbF4Kq/EDbx9Uw54uEZUQLnK70dNKSEVtb1GyUOX1mitr";

            byte[]   cipher           = CryptoUtils.Base64StringToBytes(base64Cipher);
            ICryptor decryptor        = new Cryptor("unittest", null);
            string   decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, CryptoUtils.StringToSecureString("brownie")));

            Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage);
        }
Exemplo n.º 3
0
        public void EnsureBackwardsCompatibilityLongTimeDecryptionOfAesGcm()
        {
            // Ensure that a once stored cipher can always be decrypted even after changes in the liberary
            string base64Cipher = "dW5pdHRlc3QkYWVzX2djbSQ0NG04QXBFU1ptcXhnYll2OE5wcWl3PT0kcGJrZGYyJGgwSDdxSGZnVFlXNzBKS3lEb0JLeFE9PSQxMDAwJJsMDjdYEYXYmcqTOFRbge6iVfWo/iny4nrIOMVuoqYak6xB/MAe53G5H3AyxiTi8OENJbi9tzZStpe3p3nlDB7l+J8=";

            byte[]   cipher           = CryptoUtils.Base64StringToBytes(base64Cipher);
            ICryptor decryptor        = new Cryptor("unittest", null);
            string   decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, CryptoUtils.StringToSecureString("brownie")));

            Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage);
        }
Exemplo n.º 4
0
        public void EnsureBackwardsCompatibilityLongTimeDecryptionOfXChaCha()
        {
            // Ensure that a once stored cipher can always be decrypted even after changes in the liberary
            string base64Cipher = "dW5pdHRlc3Qgdj0yJHhjaGFjaGEyMF9wb2x5MTMwNSRsT0FJVW5wZXEyL0g3Ti96UkdCSktqaW9MdmFTUWk5eCRwYmtkZjIkdmN0dmpXVmx1NEhGbGhqbTV0SGlWQT09JDEwMDAwJCTcCqQglE3Xmfe0lg9AOhzxJXOuj7wEj+kgaSnKlZgnMyQwpQCwa9W57jnz1RhrwUuLh0X3PJpPbf7lR07Le7TFRZc8";

            byte[]   cipher           = CryptoUtils.Base64StringToBytes(base64Cipher);
            ICryptor decryptor        = new Cryptor("unittest", null);
            string   decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, CryptoUtils.StringToSecureString("brownie")));

            Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage);
        }
Exemplo n.º 5
0
        /// <summary>
        /// Decrypts the note, if the belonging safe is open.
        /// </summary>
        /// <returns>Decrypted note content, or null if the safe is closed.</returns>
        private string UnlockIfSafeOpen(string lockedContent)
        {
            SafeModel safe = _safes.FindById(Model.SafeId);

            if ((safe != null) && safe.IsOpen)
            {
                byte[] binaryContent   = CryptoUtils.Base64StringToBytes(lockedContent);
                byte[] unlockedContent = _cryptor.Decrypt(binaryContent, safe.Key);
                return(CryptoUtils.BytesToString(unlockedContent));
            }
            return(null);
        }
        /// <inheritdoc/>
        public byte[] Unprotect(string protectedData)
        {
            // Extract encrypted key and encrypted data
            string[] parts = protectedData.Split(Separator);
            if (parts.Length != 3)
            {
                throw new Exception("Invalid format of protected data");
            }
            byte[] encryptedStoredKey = CryptoUtils.Base64StringToBytes(parts[0]);
            byte[] nonce             = CryptoUtils.Base64StringToBytes(parts[1]);
            byte[] protectedDataPart = CryptoUtils.Base64StringToBytes(parts[2]);

            // Unprotect the random key with OS support
            byte[] storedKey = null;
            try
            {
                if (KeysExistInKeyStore())
                {
                    Cipher cipher     = Cipher.GetInstance("RSA/ECB/PKCS1Padding"); // ECB mode is not used by RSA
                    IKey   privateKey = GetPrivateKeyFromKeyStore();
                    cipher.Init(CipherMode.DecryptMode, privateKey);
                    storedKey = cipher.DoFinal(encryptedStoredKey);
                }
            }
            catch (Exception)
            {
                storedKey = null;
            }

            // Fallback to obfuscated key
            if (storedKey == null)
            {
                storedKey = CryptoUtils.Deobfuscate(encryptedStoredKey, CryptoUtils.StringToSecureString(Obcake));
            }

            // Decrypt the data with the random key
            ISymmetricEncryptionAlgorithm decryptor;

            byte[] result;
            try
            {
                decryptor = new BouncyCastleXChaCha20();
                result    = decryptor.Decrypt(protectedDataPart, storedKey, nonce);
            }
            catch (Exception)
            {
                // Fallback to twofish, which was used before 3.2021
                decryptor = new BouncyCastleTwofishGcm();
                result    = decryptor.Decrypt(protectedDataPart, storedKey, nonce);
            }
            return(result);
        }
Exemplo n.º 7
0
        public void EnsureBackwardsCompatibility()
        {
            // Ensure that a once stored packed header can always be unpacked even after changes in the liberary
            string packedBase64Header = "TXlBcHBOYW1lJFR3b2Zpc2gkUWtKQ1FrSkNRa0k9JFBCS0RGMiRUVTFOVFUxTlRVMD0kMTAkWFhYWFhYWFhYWFhYWFhYWA==";

            byte[] packedHeader = CryptoUtils.Base64StringToBytes(packedBase64Header);
            CryptoHeaderPacker.UnpackHeaderAndCipher(packedHeader, "MyAppName", out CryptoHeader unpackedHeader, out byte[] unpackedCipher);

            Assert.AreEqual("MyAppName", unpackedHeader.PackageName);
            Assert.AreEqual("Twofish", unpackedHeader.AlgorithmName);
            Assert.AreEqual("PBKDF2", unpackedHeader.KdfName);
            Assert.AreEqual("10", unpackedHeader.Cost);
            Assert.AreEqual(CommonMocksAndStubs.FilledByteArray(8, 66), unpackedHeader.Nonce);
            Assert.AreEqual(CommonMocksAndStubs.FilledByteArray(8, 77), unpackedHeader.Salt);
            Assert.AreEqual(CommonMocksAndStubs.FilledByteArray(16, 88), unpackedCipher);
        }
Exemplo n.º 8
0
        public void EnsureCompatibilityToLibsodiumXChaCha20()
        {
            // Ensure that a once stored cipher can always be decrypted even after changes in the liberary.
            // This cypher was created with libsodium.
            string base64Cipher = "q8w/Zotsi3ZJp2eaAnFmMiAGgko+N2TkNgunS5+bDRNqrBBoN+XMQPSt7ojO4ODMP3Rf3aoYMNeJFL2/ZqK3AngIuQ==";

            byte[] cipher = CryptoUtils.Base64StringToBytes(base64Cipher);

            ISymmetricEncryptionAlgorithm decryptor       = new BouncyCastleXChaCha20();
            ICryptoRandomService          randomGenerator = CommonMocksAndStubs.CryptoRandomService(88);

            byte[] key   = randomGenerator.GetRandomBytes(decryptor.ExpectedKeySize);
            byte[] nonce = randomGenerator.GetRandomBytes(decryptor.ExpectedNonceSize);

            string decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, key, nonce));

            Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage);
        }
Exemplo n.º 9
0
            /// <summary>
            /// Test the password update from Version1 in Android to Version2
            /// </summary>
            /// <param name="root"></param>
            protected override void UpdateSettingsFrom1To2(XElement root)
            {
                base.UpdateSettingsFrom1To2(root);
                SecureString snpsk = CryptoUtils.StringToSecureString("53EC49B1-6600+406b;B84F-0B9CFA1D2BE1");

                // Handle protected password
                XElement oldPasswortElement  = root.Element("cloud_storage")?.Element("cloud_password");
                XElement cloudStorageAccount = root.Element("cloud_storage_account");

                if ((oldPasswortElement != null) && (cloudStorageAccount != null))
                {
                    // Deobfuscate old password
                    ICryptor decryptor    = new Cryptor("snps", null);
                    byte[]   binaryCipher = CryptoUtils.Base64StringToBytes(oldPasswortElement.Value);
                    byte[]   unprotectedBinaryPassword = decryptor.Decrypt(binaryCipher, snpsk);

                    // Protect with new data protection service and add to XML
                    string protectedPassword = _dataProtectionService.Protect(unprotectedBinaryPassword);
                    cloudStorageAccount.Add(new XElement("protected_password", protectedPassword));
                    CryptoUtils.CleanArray(unprotectedBinaryPassword);
                }
            }