public void SecretAeadEncryptWithBadAdditionalData()
{
var key = new byte[] {
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[] {
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
};
var ad = new byte[] {
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
};
var m = new byte[] {
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
if (SecretAeadAes.IsAvailable())
{
Assert.Throws <AdditionalDataOutOfRangeException>(
() => SecretAeadAes.Encrypt(m, nonce, key, ad));
}
else
{
Assert.Warn("AES is not supported");
}
}
public void AesAeadWithoutAdditionalDataTest()
{
var key = new byte[]
{
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[]
{
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
};
var m = new byte[]
{
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
if (SecretAeadAes.IsAvailable())
{
var encrypted = SecretAeadAes.Encrypt(m, nonce, key);
var decrypted = SecretAeadAes.Decrypt(encrypted, nonce, key);
CollectionAssert.AreEqual(m, decrypted);
}
else
{
Console.WriteLine("Missing AES support");
}
}
public void SecretAeadDecryptWithBadNonce()
{
var key = new byte[] {
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[] {
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79
};
var ad = new byte[] {
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
};
var m = new byte[] {
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
if (SecretAeadAes.IsAvailable())
{
SecretAeadAes.Decrypt(m, nonce, key, ad);
}
else
{
throw new NonceOutOfRangeException("AES is not supported");
}
}
// Function to generate encryption key.
public static void GenerateEncryptionKey(string masterPassword)
{
// Generate random 32 byte encryption key, 12 byte random nonce and 32 byte hash to use as key from master password.
byte[] encryptionKey = SodiumCore.GetRandomBytes(32);
byte[] nonce = SecretAeadAes.GenerateNonce();
byte[] key = GenericHash.Hash(masterPassword, (byte[])null, 32);
// Encrypt encryption key with master password.
byte[] encryptedKey = SecretAeadAes.Encrypt(encryptionKey, nonce, key);
// Store bytes in base64 encoding.
File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey));
File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce));
}
// Function to get the encryption key for the main store.
private static byte[] GetKey(string masterPassword)
{
// Get encrypted encryption key and nonce.
//byte[] encryptedKey = Convert.FromBase64String(File.ReadAllText(PIMUX_KEY));
byte[] encryptedKey = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY));
byte[] keyNonce = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY_NONCE));
// Decrypt key with parameters stored in PIMUX_PATH.
byte[] key = SecretAeadAes.Decrypt(encryptedKey, keyNonce, GenericHash.Hash(masterPassword, (byte[])null, 32));
return(key);
}
public void addKey(string website, string username, string password)
{
var nonce = SecretAeadAes.GenerateNonce();
var totalString = username + separator + password;
var encryptedData = SimpleAESEncryption(secretKey, totalString, nonce);
//var bsonCredentials = new BsonDocument {
// { "credentials", encryptedData},
// { "nonce", Encoding.UTF8.GetString(nonce) }
//};
var doc = new BsonDocument
{
{ "website", website },
{ "credentials", encryptedData },
{ "nonce", Encoding.UTF8.GetString(nonce) }
};
collection.InsertOne(doc);
}
// Function to decrypt the main store.
public static List <string> DecryptStoreFile(string masterPassword)
{
// Get required variables.
string[] storeFileContents = GetStoreFileContents();
byte[] nonce = GetNonce();
byte[] key = GetKey(masterPassword);
List <string> decryptedList = new List <string>();
// Decrypt each password entry. Work backwards with last nonce used, as nonce decrements.
for (int i = storeFileContents.Length - 1; i > -1; i--)
{
byte[] dataToDecrypt = Convert.FromBase64String(storeFileContents[i]);
var decrypted = SecretAeadAes.Decrypt(dataToDecrypt, nonce, key);
decryptedList.Add(Encoding.ASCII.GetString(decrypted));
// Decrement nonce to get each nonce used to encrypt password entry.
ByteOperation.Decrement(ref nonce);
}
// Return list containing all decrypted password entries.
return(decryptedList);
}
// Function to change the master password.
public static void ChangeMasterPassword(string oldMasterPassword, string newMasterPassword)
{
// Get current encryption key.
byte[] key = GetKey(oldMasterPassword);
// Re-encrypt key with new master password and store.
byte[] nonce = SecretAeadAes.GenerateNonce();
byte[] keyToEncryptKey = GenericHash.Hash(newMasterPassword, (byte[])null, 32);
byte[] encryptedKey = SecretAeadAes.Encrypt(key, nonce, keyToEncryptKey);
// Store bytes in base64 encoding.
File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey));
File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce));
// Change authentication hash.
string newArgonHash = ArgonHash(newMasterPassword);
File.WriteAllText(PIMUX_AUTH, newArgonHash);
//Hashes the key in to PIMUX_KEY
File.WriteAllText(PIMUX_KEY, newArgonHash);
}
// Function to encrypt the main store.
public static void EncryptStoreFile(string masterPassword, string[] dataToEncrypt)
{
// Get required variables.
byte[] nonce = GetNonce();
byte[] key = GetKey(masterPassword);
// Clear main store.
File.WriteAllText(PIMUX_STORE, "");
// Encrypt each password entry.
for (int i = 0; i < dataToEncrypt.Length; i++)
{
// Increment nonce so every password entry uses a different nonce.
ByteOperation.Increment(ref nonce);
byte[] byteDataToEnc = Encoding.ASCII.GetBytes(dataToEncrypt[i]);
var encrypted = SecretAeadAes.Encrypt(byteDataToEnc, nonce, key);
File.AppendAllText(PIMUX_STORE, Convert.ToBase64String(encrypted) + Environment.NewLine);
}
// Write nonce to file.
File.WriteAllText(PIMUX_STORE_NONCE, Convert.ToBase64String(nonce));
}
