public void EncryptAndDecryptCheckPadding()
{
string encrypted = AES256.Encrypt("test", "password");
byte[] decrypted = AES256.DecryptToByteArray(
encrypted,
Encoding.UTF8.GetBytes("password")
);
Assert.That(
decrypted,
Is.EqualTo(
new byte[] { 116, 101, 115, 116 }
)
);
}
public SaveSessionResults SaveSession(LoginRequestBody login, IPAddress clientIp)
{
if (login != null && login.SessionId != null && login.SessionId.Length > 0)
{
var session = GetSession(login.SessionId, clientIp);
if (session != null && session.Data != null)
{
byte[] key = null;
byte[] mPwd = null;
try
{
key = generateSessionKey(session);
try
{
mPwd = AES256.DecryptToByteArray(login.Password, key);
}
catch (CryptographicException)
{
return(SaveSessionResults.InvalidPassword);
}
if (session.Data.IsOriginalPassword(mPwd))
{
saveSessionData(session, mPwd, key);
return(SaveSessionResults.Success);
}
else
{
return(SaveSessionResults.OriginalPasswordDiffers);
}
}
finally
{
// The byte array might already be cleared but it
// doesn't hurt to do it more than one time.
if (mPwd != null)
{
Array.Clear(mPwd, 0, mPwd.Length);
}
if (key != null)
{
Array.Clear(key, 0, key.Length);
}
}
}
}
// Could also mean invalid IP address in this case.
return(SaveSessionResults.InvalidSession);
}
public OpenSessionResult OpenSession(LoginRequestBody login, IPAddress clientIp)
{
// Check if we got that session.
// Trying to get something that doesn't exist from
// a dictionnary throws exceptions. We should actually
// do that to be completely thread safe.
if (Sessions.ContainsKey(login.SessionId))
{
var sess = Sessions[login.SessionId];
// Check if the IP address is correct:
if (sess.ClientIp.Equals(clientIp))
{
// Now try to load the file into the session with
// the decrypted password from it:
if (login.DataFile >= 0 && _dataFiles.Count >= login.DataFile)
{
sess.Data = new PasswordManagerData(getFullDataPath(_dataFiles[login.DataFile]));
byte[] mPwd = null;
byte[] dKey = null;
try
{
dKey = generateSessionKey(sess);
mPwd = AES256.DecryptToByteArray(login.Password, dKey);
sess.Data.ReadFromFile(mPwd, dKey);
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginSuccess,
"Successful login",
null,
clientIp
);
return(OpenSessionResult.Success);
}
catch (Exception ex)
{
Console.Error.WriteLine($"Password Data File processing error: {ex.ToString()}");
sess.Data = null;
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginFailure,
"Failed login attempt",
null,
clientIp
);
return(OpenSessionResult.InvalidPasswordOrFSError);
}
finally
{
// This is a little redundant.
if (mPwd != null)
{
HashUtils.ClearByteArray(mPwd);
}
if (dKey != null)
{
HashUtils.ClearByteArray(dKey);
}
}
}
else
{
return(OpenSessionResult.DataFileError);
}
}
else
{
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginFailure,
"Login attempt with IP address different from session",
null,
clientIp
);
return(OpenSessionResult.IpAddressNotAllowed);
}
}
else
{
_notificationManager.NotifyMostChannels(
NotificationManager.CauseLoginFailure,
"Login attempt with wrong session ID or sequence",
login.SessionId,
clientIp
);
return(OpenSessionResult.InvalidSessionId);
}
}