public static bool AuthenticateFile(string filePath, byte[] macKey, out byte[] storedHash) { try { bool tampered = true; storedHash = ReadStoredHash(filePath); if (storedHash != null) { byte[] computedHash = new byte[Constants.HashLength]; using (var fileStream = new FileStream(filePath, FileMode.Open, FileAccess.ReadWrite, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan)) { // Remove the stored MAC from the file before computing the MAC fileStream.SetLength(fileStream.Length - computedHash.Length); MemoryEncryption.DecryptByteArray(ref macKey); computedHash = HashingAlgorithms.Blake2(fileStream, macKey); MemoryEncryption.EncryptByteArray(ref macKey); } // Invert result tampered = !Sodium.Utilities.Compare(storedHash, computedHash); if (tampered == true) { // Restore the stored MAC AppendHash(filePath, storedHash); } } return(tampered); } catch (Exception ex) when(ExceptionFilters.FileAccessExceptions(ex)) { Logging.LogException(ex.ToString(), Logging.Severity.High); DisplayMessage.Error(filePath, ex.GetType().Name, "Unable to authenticate the file."); storedHash = null; return(true); } }
private static byte[] GetKeyfileBytes(byte[] passwordBytes, string keyfilePath) { if (!string.IsNullOrEmpty(keyfilePath)) { byte[] keyfileBytes = Keyfiles.ReadKeyfile(keyfilePath); if (keyfileBytes != null) { MemoryEncryption.DecryptByteArray(ref passwordBytes); // Combine password and keyfile bytes passwordBytes = HashingAlgorithms.Blake2(passwordBytes, keyfileBytes); MemoryEncryption.EncryptByteArray(ref passwordBytes); Utilities.ZeroArray(keyfileBytes); } } return(passwordBytes); }
private static byte[] ComputeFileHash(string encryptedFilePath, byte[] macKey) { try { byte[] computedHash = new byte[Constants.HashLength]; using (var fileStream = new FileStream(encryptedFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, Constants.FileBufferSize, FileOptions.SequentialScan)) { MemoryEncryption.DecryptByteArray(ref macKey); computedHash = HashingAlgorithms.Blake2(fileStream, macKey); MemoryEncryption.EncryptByteArray(ref macKey); } return(computedHash); } catch (Exception ex) when(ExceptionFilters.FileAccessExceptions(ex)) { Logging.LogException(ex.ToString(), Logging.Severity.High); DisplayMessage.Error(encryptedFilePath, ex.GetType().Name, "Unable to compute MAC."); return(null); } }
private static byte[] HashPasswordBytes(byte[] passwordBytes) { passwordBytes = HashingAlgorithms.Blake2(passwordBytes); MemoryEncryption.EncryptByteArray(ref passwordBytes); return(passwordBytes); }