public void AesAeadWithoutAdditionalDataTest()
{
var key = new byte[]
{
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[]
{
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
};
var m = new byte[]
{
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
if (SecretAeadAes.IsAvailable())
{
var encrypted = SecretAeadAes.Encrypt(m, nonce, key);
var decrypted = SecretAeadAes.Decrypt(encrypted, nonce, key);
CollectionAssert.AreEqual(m, decrypted);
}
else
{
Console.WriteLine("Missing AES support");
}
}
public void SecretAeadEncryptWithBadAdditionalData()
{
var key = new byte[] {
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
};
var nonce = new byte[] {
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10
};
var ad = new byte[] {
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0,
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
};
var m = new byte[] {
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
if (SecretAeadAes.IsAvailable())
{
Assert.Throws <AdditionalDataOutOfRangeException>(
() => SecretAeadAes.Encrypt(m, nonce, key, ad));
}
else
{
Assert.Warn("AES is not supported");
}
}
// Function to generate encryption key.
public static void GenerateEncryptionKey(string masterPassword)
{
// Generate random 32 byte encryption key, 12 byte random nonce and 32 byte hash to use as key from master password.
byte[] encryptionKey = SodiumCore.GetRandomBytes(32);
byte[] nonce = SecretAeadAes.GenerateNonce();
byte[] key = GenericHash.Hash(masterPassword, (byte[])null, 32);
// Encrypt encryption key with master password.
byte[] encryptedKey = SecretAeadAes.Encrypt(encryptionKey, nonce, key);
// Store bytes in base64 encoding.
File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey));
File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce));
}
// Function to change the master password.
public static void ChangeMasterPassword(string oldMasterPassword, string newMasterPassword)
{
// Get current encryption key.
byte[] key = GetKey(oldMasterPassword);
// Re-encrypt key with new master password and store.
byte[] nonce = SecretAeadAes.GenerateNonce();
byte[] keyToEncryptKey = GenericHash.Hash(newMasterPassword, (byte[])null, 32);
byte[] encryptedKey = SecretAeadAes.Encrypt(key, nonce, keyToEncryptKey);
// Store bytes in base64 encoding.
File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey));
File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce));
// Change authentication hash.
string newArgonHash = ArgonHash(newMasterPassword);
File.WriteAllText(PIMUX_AUTH, newArgonHash);
//Hashes the key in to PIMUX_KEY
File.WriteAllText(PIMUX_KEY, newArgonHash);
}
// Function to encrypt the main store.
public static void EncryptStoreFile(string masterPassword, string[] dataToEncrypt)
{
// Get required variables.
byte[] nonce = GetNonce();
byte[] key = GetKey(masterPassword);
// Clear main store.
File.WriteAllText(PIMUX_STORE, "");
// Encrypt each password entry.
for (int i = 0; i < dataToEncrypt.Length; i++)
{
// Increment nonce so every password entry uses a different nonce.
ByteOperation.Increment(ref nonce);
byte[] byteDataToEnc = Encoding.ASCII.GetBytes(dataToEncrypt[i]);
var encrypted = SecretAeadAes.Encrypt(byteDataToEnc, nonce, key);
File.AppendAllText(PIMUX_STORE, Convert.ToBase64String(encrypted) + Environment.NewLine);
}
// Write nonce to file.
File.WriteAllText(PIMUX_STORE_NONCE, Convert.ToBase64String(nonce));
}