From 89075aa3e962f6ac17191d499b03775d06a56ada Mon Sep 17 00:00:00 2001 From: David Sparer Date: Wed, 13 Jul 2016 10:42:44 -0600 Subject: [PATCH] Removed unnecessary crypto experiment --- .../Security/AesCryptographyProviderTests.cs | 59 ------ mRemoteNGTests/mRemoteNGTests.csproj | 1 - mRemoteV1/Security/Encryptor.cs | 189 ------------------ mRemoteV1/mRemoteV1.csproj | 1 - 4 files changed, 250 deletions(-) delete mode 100644 mRemoteNGTests/Security/AesCryptographyProviderTests.cs delete mode 100644 mRemoteV1/Security/Encryptor.cs diff --git a/mRemoteNGTests/Security/AesCryptographyProviderTests.cs b/mRemoteNGTests/Security/AesCryptographyProviderTests.cs deleted file mode 100644 index 88541b9a6..000000000 --- a/mRemoteNGTests/Security/AesCryptographyProviderTests.cs +++ /dev/null @@ -1,59 +0,0 @@ -using System.Security; -using mRemoteNG.Security; -using NUnit.Framework; -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; - - -namespace mRemoteNGTests.Security -{ - public class AesCryptographyProviderTests - { - private ICryptographyProvider _aesCryptographyProvider; - private SecureString _encryptionKey; - private string _plainText; - - [SetUp] - public void Setup() - { - _aesCryptographyProvider = new Encryptor(); - _encryptionKey = "mypassword111111".ConvertToSecureString(); - _plainText = "MySecret!"; - } - - [TearDown] - public void TearDown() - { - _aesCryptographyProvider = null; - } - - [Test] - public void GetBlockSizeReturnsProperValueForAes() - { - Assert.That(_aesCryptographyProvider.BlockSizeInBytes, Is.EqualTo(16)); - } - - [Test] - public void EncryptionOutputsBase64String() - { - var cipherText = _aesCryptographyProvider.Encrypt(_plainText, _encryptionKey); - Assert.That(cipherText.IsBase64String, Is.True); - } - - [Test] - public void DecryptedTextIsEqualToOriginalPlainText() - { - var cipherText = _aesCryptographyProvider.Encrypt(_plainText, _encryptionKey); - var decryptedCipherText = _aesCryptographyProvider.Decrypt(cipherText, _encryptionKey); - Assert.That(decryptedCipherText, Is.EqualTo(_plainText)); - } - - [Test] - public void EncryptingTheSameValueReturnsNewCipherTextEachTime() - { - var cipherText1 = _aesCryptographyProvider.Encrypt(_plainText, _encryptionKey); - var cipherText2 = _aesCryptographyProvider.Encrypt(_plainText, _encryptionKey); - Assert.That(cipherText1, Is.Not.EqualTo(cipherText2)); - } - } -} \ No newline at end of file diff --git a/mRemoteNGTests/mRemoteNGTests.csproj b/mRemoteNGTests/mRemoteNGTests.csproj index 1d7a1b822..1cfd7f47f 100644 --- a/mRemoteNGTests/mRemoteNGTests.csproj +++ b/mRemoteNGTests/mRemoteNGTests.csproj @@ -104,7 +104,6 @@ - diff --git a/mRemoteV1/Security/Encryptor.cs b/mRemoteV1/Security/Encryptor.cs deleted file mode 100644 index 045700af6..000000000 --- a/mRemoteV1/Security/Encryptor.cs +++ /dev/null @@ -1,189 +0,0 @@ -using System; -using System.Security; -using System.Security.Cryptography; -using System.Text; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Generators; -using Org.BouncyCastle.Crypto.Macs; -using Org.BouncyCastle.Crypto.Modes; -using Org.BouncyCastle.Crypto.Paddings; -using Org.BouncyCastle.Crypto.Parameters; - -namespace mRemoteNG.Security -{ - public sealed class Encryptor : ICryptographyProvider - where TBlockCipher : IBlockCipher, new() - where TDigest : IDigest, new() - { - private IBlockCipher _blockCipher; - private TDigest _digest; - private Encoding _encoding; - private BufferedBlockCipher _cipher; - private HMac _mac; - - - public int BlockSizeInBytes => _blockCipher.GetBlockSize(); - - public string CipherEngine => _blockCipher.AlgorithmName; - - public Encryptor() - { - _encoding = Encoding.UTF8; - Init(new Pkcs7Padding()); - _digest = new TDigest(); - } - - public Encryptor(Encoding encoding) - { - _encoding = encoding; - Init(new Pkcs7Padding()); - _digest = new TDigest(); - } - - public Encryptor(Encoding encoding, IBlockCipherPadding padding) - { - _encoding = encoding; - Init(padding); - _digest = new TDigest(); - } - - private void Init(IBlockCipherPadding padding) - { - _blockCipher = new CbcBlockCipher(new TBlockCipher()); - _cipher = new PaddedBufferedBlockCipher(_blockCipher, padding); - } - - private void InitializeMac(string message, SecureString key) - { - var macKey = BuildMacKey(message, key); - _mac = new HMac(_digest); - _mac.Init(new KeyParameter(macKey)); - } - - private byte[] BuildMacKey(string message, SecureString key) - { - var derivativeKey = GetDerivativeKey(key); - return derivativeKey; - } - - private byte[] GetDerivativeKey(SecureString key) - { - var kdfParam = new KdfParameters(_encoding.GetBytes(key.ConvertToUnsecureString()), GenerateIv()); - var kdf = new BaseKdfBytesGenerator(0, _digest); - kdf.Init(kdfParam); - - var outputBytes = new byte[_digest.GetByteLength()]; - kdf.GenerateBytes(outputBytes, 0, _digest.GetByteLength()); - return outputBytes; - } - - public string Encrypt(string plainText, SecureString encryptionKey) - { - var encryptedBytes = EncryptBytes(plainText, encryptionKey); - return Convert.ToBase64String(encryptedBytes); - } - - public byte[] EncryptBytes(string plainText, SecureString encryptionKey) - { - InitializeMac(plainText, encryptionKey); - var input = _encoding.GetBytes(plainText); - var iv = GenerateIv(); - - var encryptionKeyAsByteArray = _encoding.GetBytes(encryptionKey.ConvertToUnsecureString()); - var keyParam = new KeyParameter(encryptionKeyAsByteArray); - var keyParamWithIv = new ParametersWithIV(keyParam, iv); - var cipher = BouncyCastleCrypto(true, input, keyParamWithIv); - var message = CombineArrays(iv, cipher); - - _mac.Reset(); - _mac.BlockUpdate(message, 0, message.Length); - var digest = new byte[_mac.GetUnderlyingDigest().GetDigestSize()]; - _mac.DoFinal(digest, 0); - - var result = CombineArrays(digest, message); - return result; - } - - public byte[] DecryptBytes(byte[] bytes, SecureString decryptionKey) - { - // split the digest into component parts - var digest = new byte[_mac.GetUnderlyingDigest().GetDigestSize()]; - var message = new byte[bytes.Length - digest.Length]; - var iv = new byte[_blockCipher.GetBlockSize()]; - var cipher = new byte[message.Length - iv.Length]; - - Buffer.BlockCopy(bytes, 0, digest, 0, digest.Length); - Buffer.BlockCopy(bytes, digest.Length, message, 0, message.Length); - if (!IsValidHMac(digest, message)) - { - throw new CryptoException(); - } - - Buffer.BlockCopy(message, 0, iv, 0, iv.Length); - Buffer.BlockCopy(message, iv.Length, cipher, 0, cipher.Length); - - var decryptionKeyAsByteArray = _encoding.GetBytes(decryptionKey.ConvertToUnsecureString()); - var keyParam = new KeyParameter(decryptionKeyAsByteArray); - var keyParamWithIv = new ParametersWithIV(keyParam, iv); - var result = BouncyCastleCrypto(false, cipher, keyParamWithIv); - return result; - } - - public string Decrypt(string cipher, SecureString decryptionKey) - { - var cipherTextAsByteArray = Convert.FromBase64String(cipher); - var decryptedBytes = DecryptBytes(cipherTextAsByteArray, decryptionKey); - var decryptedBytesAsEncodedString = _encoding.GetString(decryptedBytes); - return decryptedBytesAsEncodedString; - } - - private bool IsValidHMac(byte[] digest, byte[] message) - { - _mac.Reset(); - _mac.BlockUpdate(message, 0, message.Length); - var computed = new byte[_mac.GetUnderlyingDigest().GetDigestSize()]; - _mac.DoFinal(computed, 0); - return AreEqual(digest, computed); - } - - private static bool AreEqual(byte[] digest, byte[] computed) - { - if (digest.Length != computed.Length) - return false; - - var result = 0; - for (var i = 0; i < digest.Length; i++) - { - // compute equality of all bytes before returning. - // helps prevent timing attacks: - // https://codahale.com/a-lesson-in-timing-attacks/ - result |= digest[i] ^ computed[i]; - } - return result == 0; - } - - private byte[] BouncyCastleCrypto(bool forEncrypt, byte[] input, ICipherParameters parameters) - { - _cipher.Init(forEncrypt, parameters); - return _cipher.DoFinal(input); - } - - private byte[] GenerateIv() - { - using (var provider = new RNGCryptoServiceProvider()) - { - var result = new byte[_blockCipher.GetBlockSize()]; - provider.GetBytes(result); - return result; - } - } - - private static byte[] CombineArrays(byte[] source1, byte[] source2) - { - var result = new byte[source1.Length + source2.Length]; - Buffer.BlockCopy(source1, 0, result, 0, source1.Length); - Buffer.BlockCopy(source2, 0, result, source1.Length, source2.Length); - return result; - } - } -} \ No newline at end of file diff --git a/mRemoteV1/mRemoteV1.csproj b/mRemoteV1/mRemoteV1.csproj index ae04f6edc..94da93ca6 100644 --- a/mRemoteV1/mRemoteV1.csproj +++ b/mRemoteV1/mRemoteV1.csproj @@ -171,7 +171,6 @@ -