public void AeadWithAdditionalDataTest()
{
var key = new byte[]
{
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[]
{
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x23, 0x45, 0x85, 0x12
};
var ad = new byte[]
{
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
};
var m = new byte[]
{
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
var encrypted = SecretAead.Encrypt(m, nonce, key, ad);
var decrypted = SecretAead.Decrypt(encrypted, nonce, key, ad);
CollectionAssert.AreEqual(m, decrypted);
}
public void SecretAeadEncryptWithBadAdditionalData()
{
var key = new byte[] {
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[] {
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x23, 0x45, 0x85, 0x12
};
var ad = new byte[] {
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
};
var m = new byte[] {
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
Assert.Throws <AdditionalDataOutOfRangeException>(
() => SecretAead.Encrypt(m, nonce, key, ad));
}
public static string SimpleAESEncryption(string key, string plainText, byte[] nonce)
{
var encodedKey = Encoding.UTF8.GetBytes(key);
var cipherText = SecretAead.Encrypt(Encoding.UTF8.GetBytes(plainText), nonce, encodedKey, null);
return(Encoding.UTF8.GetString(cipherText));
}
public static string SimpleAESDecryption(string key, string cipherText, byte[] nonce)
{
var cipherTextInternal = Encoding.UTF8.GetBytes(cipherText);
var encodedKey = Encoding.UTF8.GetBytes(key);
var plainText = SecretAead.Decrypt(cipherTextInternal, nonce, encodedKey, null);
return(Encoding.UTF8.GetString(plainText));
}
public static string[] AESEncryption(string key, string plainText)
{
var nonce = SecretAead.GenerateNonce();
var encodedKey = Encoding.UTF8.GetBytes(key);
var encodedData = SodiumCore.GetRandomBytes(SodiumCore.GetRandomNumber(1147483647));
var cipherText = SecretAead.Encrypt(Encoding.UTF8.GetBytes(plainText), nonce, encodedKey, encodedData);
return(new[] { Encoding.UTF8.GetString(cipherText), Encoding.UTF8.GetString(nonce), Encoding.UTF8.GetString(encodedData) });
}
public static string AESDecryption(string key, string cipherText, string nonce, string additionalData)
{
var cipherTextInternal = Encoding.UTF8.GetBytes(cipherText);
var privateNonce = Encoding.UTF8.GetBytes(nonce);
var encodedKey = Encoding.UTF8.GetBytes(key);
var encodedData = Encoding.UTF8.GetBytes(additionalData);
var plainText = SecretAead.Decrypt(cipherTextInternal, privateNonce, encodedKey, encodedData);
return(Encoding.UTF8.GetString(plainText));
}
public void EncryptAndDecryptWithADTest()
{
String message = "Hello, World!";
byte[] byteMessage = System.Text.Encoding.UTF8.GetBytes(message);
byte[] ad = System.Text.Encoding.UTF8.GetBytes("Additional Data");
var key = SecretBox.GenerateKey();
var nonce = SecretAead.GenerateNonce();
var encrypted = SecretAead.Encrypt(byteMessage, nonce, key, ad);
var decrypted = SecretAead.Decrypt(encrypted, nonce, key, ad);
Assert.AreEqual(byteMessage.ToString(), decrypted.ToString());
encrypted = SecretAead.Encrypt(message, nonce, key, ad);
decrypted = SecretAead.Decrypt(encrypted, nonce, key, ad);
Assert.AreEqual(byteMessage.ToString(), decrypted.ToString());
}
public void EncryptAndDecryptTest()
{
String message = "Hello, World!";
byte[] byteMessage = System.Text.Encoding.UTF8.GetBytes(message);
var key = SecretBox.GenerateKey();
var nonce = SecretAead.GenerateNonce();
var encrypted = SecretAead.Encrypt(byteMessage, nonce, key);
var decrypted = SecretAead.Decrypt(encrypted, nonce, key);
Assert.AreEqual(byteMessage.ToString(), decrypted.ToString());
var newEncrypted = SecretAead.Encrypt(message, nonce, key);
Assert.AreEqual(Convert.ToBase64String(encrypted), Convert.ToBase64String(newEncrypted));
decrypted = SecretAead.Decrypt(newEncrypted, nonce, key);
Assert.AreEqual(byteMessage.ToString(), decrypted.ToString());
}
public ActionResult Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var list = db.Accounts.Where(a => a.Login == model.Email).Take(1).ToList();
if (list.Count == 0)
{
ModelState.AddModelError("", "Такой аккаунт не существует.");
return(View(model));
}
else
{
byte[] empty = null;
byte[] key = null;
using (FileStream fstream = new FileStream(@"C:\Users\Valentine\source\repos\SecuritySystemLab1\SecuritySystemLab1\note.txt", FileMode.Open))
{
key = new byte[fstream.Length];
fstream.Read(key, 0, key.Length);
}
var decrypted = SecretAead.Decrypt(list[0].Password, list[0].Nonce, key, null);
if (PasswordHash.ArgonHashStringVerify(Encoding.UTF8.GetString(decrypted), Encoding.UTF8.GetString(GenericHash.Hash(model.Password, empty, 32))))
{
FormsAuthentication.SetAuthCookie(model.Email, false);
var rolesArray = Roles.GetRolesForUser(User.Identity.Name);
Roles.CreateRole("User");
//Roles.AddUserToRole(User.Identity.Name, "Member");
//RolePrincipal r = (RolePrincipal)User;
//var rolesArray1 = r.GetRoles();
return(RedirectToLocal(returnUrl));
}
else
{
ModelState.AddModelError("", "Неверный логин или пароль.");
return(View(model));
}
}
}
public ActionResult ChangePassword(ChangePasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var list = db.Accounts.Where(a => a.Login == User.Identity.Name).Take(1).ToList();
if (list.Count != 0)
{
Account account = list[0];
byte[] empty = null;
byte[] key = null;
using (FileStream fstream = new FileStream(@"C:\Users\Valentine\source\repos\SecuritySystemLab1\SecuritySystemLab1\note.txt", FileMode.Open))
{
key = new byte[fstream.Length];
fstream.Read(key, 0, key.Length);
}
var decrypted = SecretAead.Decrypt(list[0].Password, list[0].Nonce, key, null);
if (PasswordHash.ArgonHashStringVerify(Encoding.UTF8.GetString(decrypted), Encoding.UTF8.GetString(GenericHash.Hash(model.OldPassword, empty, 32))))
{
var nonce = SecretAead.GenerateNonce();
var encrypted = SecretAead.Encrypt(Encoding.UTF8.GetBytes(
PasswordHash.ArgonHashString(Encoding.UTF8.GetString(GenericHash.Hash(model.NewPassword, empty, 32)),
PasswordHash.StrengthArgon.Interactive)), nonce, key, null);
account.Nonce = nonce;
account.Password = encrypted;
db.Entry(account).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Main", new { Message = ManageMessageId.ChangePasswordSuccess }));
}
}
else
{
ModelState.AddModelError("", "Произошла ошибка.");
return(View(model));
}
return(View(model));
}
public void SecretAeadDecryptWithBadKey()
{
var key = new byte[] {
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a
};
var nonce = new byte[] {
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a
};
var ad = new byte[] {
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
};
var m = new byte[] {
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
SecretAead.Decrypt(m, nonce, key, ad);
}
public ActionResult Register(RegisterViewModel model)
{
if (ModelState.IsValid)
{
Account account = new Account();
account.Login = model.Email;
var list = db.Accounts.Where(a => a.Login == model.Email).Take(1).ToList();
if (list.Count == 0)
{
byte[] empty = null;
byte[] key = null;
using (FileStream fstream = new FileStream(@"C:\Users\Valentine\source\repos\SecuritySystemLab1\SecuritySystemLab1\note.txt", FileMode.Open))
{
key = new byte[fstream.Length];
fstream.Read(key, 0, key.Length);
}
var nonce = SecretAead.GenerateNonce();
var encrypted = SecretAead.Encrypt(Encoding.UTF8.GetBytes(
PasswordHash.ArgonHashString(Encoding.UTF8.GetString(GenericHash.Hash(model.Password, empty, 32)),
PasswordHash.StrengthArgon.Interactive)), nonce, key, null);
account.Nonce = nonce;
account.Password = encrypted;
db.Accounts.Add(account);
db.SaveChanges();
Roles.AddUserToRole(model.Email, "User");
FormsAuthentication.SetAuthCookie(model.Email, false);
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("", "Уже существует пользователь з данным логином.");
return(View(model));
}
}
return(View(model));
}
public void AeadWithoutAdditionalDataTest()
{
var key = new byte[]
{
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[]
{
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a
};
var m = new byte[]
{
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
var encrypted = SecretAead.Encrypt(m, nonce, key);
var decrypted = SecretAead.Decrypt(encrypted, nonce, key);
Assert.AreEqual(m.ToString(), decrypted.ToString());
}
public void GenerateNonceTest()
{
Assert.AreEqual(8, SecretAead.GenerateNonce().Length);
}
public static byte[] Encrypt(byte[] payload, byte[] macBytes, byte[] symmetricKey, byte[] additionalData) => SecretAead.Encrypt(payload, macBytes, symmetricKey, additionalData, useXChaCha: true);
public static byte[] Decrypt(byte[] payload, byte[] nonceBytes, byte[] symmetricKey, byte[] additionalData) => SecretAead.Decrypt(payload, nonceBytes, symmetricKey, additionalData, useXChaCha: true);
