From d60c007ac68c3b23f312434c8f5056cf3340a0e3 Mon Sep 17 00:00:00 2001 From: David Sparer Date: Mon, 11 Jul 2016 14:22:20 -0600 Subject: [PATCH] Make AESGCM non-static --- mRemoteNGTests/Security/AesGcmTests.cs | 14 +++++---- mRemoteV1/Security/AESGCM.cs | 40 +++++++++++++------------- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/mRemoteNGTests/Security/AesGcmTests.cs b/mRemoteNGTests/Security/AesGcmTests.cs index bdf0dbe3..b63343ab 100644 --- a/mRemoteNGTests/Security/AesGcmTests.cs +++ b/mRemoteNGTests/Security/AesGcmTests.cs @@ -7,12 +7,14 @@ namespace mRemoteNGTests.Security { public class AesGcmTests { + private AESGCM _aesgcm; private SecureString _encryptionKey; private string _plainText; [SetUp] public void Setup() { + _aesgcm = new AESGCM(); _encryptionKey = "mypassword111111".ConvertToSecureString(); _plainText = "MySecret!"; } @@ -25,29 +27,29 @@ namespace mRemoteNGTests.Security [Test] public void GetBlockSizeReturnsProperValueForAes() { - Assert.That(AESGCM.BlockSizeInBytes, Is.EqualTo(16)); + Assert.That(_aesgcm.BlockSizeInBytes, Is.EqualTo(16)); } [Test] public void EncryptionOutputsBase64String() { - var cipherText = AESGCM.Encrypt(_plainText, _encryptionKey); + var cipherText = _aesgcm.Encrypt(_plainText, _encryptionKey); Assert.That(cipherText.IsBase64String, Is.True); } [Test] public void DecryptedTextIsEqualToOriginalPlainText() { - var cipherText = AESGCM.Encrypt(_plainText, _encryptionKey); - var decryptedCipherText = AESGCM.Decrypt(cipherText, _encryptionKey); + var cipherText = _aesgcm.Encrypt(_plainText, _encryptionKey); + var decryptedCipherText = _aesgcm.Decrypt(cipherText, _encryptionKey); Assert.That(decryptedCipherText, Is.EqualTo(_plainText)); } [Test] public void EncryptingTheSameValueReturnsNewCipherTextEachTime() { - var cipherText1 = AESGCM.Encrypt(_plainText, _encryptionKey); - var cipherText2 = AESGCM.Encrypt(_plainText, _encryptionKey); + var cipherText1 = _aesgcm.Encrypt(_plainText, _encryptionKey); + var cipherText2 = _aesgcm.Encrypt(_plainText, _encryptionKey); Assert.That(cipherText1, Is.Not.EqualTo(cipherText2)); } } diff --git a/mRemoteV1/Security/AESGCM.cs b/mRemoteV1/Security/AESGCM.cs index 57d995f5..c00878bf 100644 --- a/mRemoteV1/Security/AESGCM.cs +++ b/mRemoteV1/Security/AESGCM.cs @@ -19,41 +19,41 @@ using Org.BouncyCastle.Security; namespace mRemoteNG.Security { - public static class AESGCM + public class AESGCM { - private static readonly SecureRandom Random = new SecureRandom(); + private readonly SecureRandom Random = new SecureRandom(); //Preconfigured Encryption Parameters - public static readonly int NonceBitSize = 128; - public static readonly int MacBitSize = 128; - public static readonly int KeyBitSize = 256; + public readonly int NonceBitSize = 128; + public readonly int MacBitSize = 128; + public readonly int KeyBitSize = 256; //Preconfigured Password Key Derivation Parameters - public static readonly int SaltBitSize = 128; - public static readonly int Iterations = 10000; - public static readonly int MinPasswordLength = 12; + public readonly int SaltBitSize = 128; + public readonly int Iterations = 10000; + public readonly int MinPasswordLength = 12; - public static int BlockSizeInBytes => 16; + public int BlockSizeInBytes => 16; /// /// Helper that generates a random new key on each call. /// /// - public static byte[] NewKey() + public byte[] NewKey() { var key = new byte[KeyBitSize / 8]; Random.NextBytes(key); return key; } - public static string Encrypt(string plainText, SecureString encryptionKey) + public string Encrypt(string plainText, SecureString encryptionKey) { var encryptedText = SimpleEncryptWithPassword(plainText, encryptionKey.ConvertToUnsecureString()); return encryptedText; } - public static string Decrypt(string cipherText, SecureString decryptionKey) + public string Decrypt(string cipherText, SecureString decryptionKey) { var decryptedText = SimpleDecryptWithPassword(cipherText, decryptionKey.ConvertToUnsecureString()); return decryptedText; @@ -72,7 +72,7 @@ namespace mRemoteNG.Security /// /// Adds overhead of (Optional-Payload + BlockSize(16) + Message + HMac-Tag(16)) * 1.33 Base64 /// - public static string SimpleEncrypt(string secretMessage, byte[] key, byte[] nonSecretPayload = null) + public string SimpleEncrypt(string secretMessage, byte[] key, byte[] nonSecretPayload = null) { if (string.IsNullOrEmpty(secretMessage)) throw new ArgumentException("Secret Message Required!", "secretMessage"); @@ -90,7 +90,7 @@ namespace mRemoteNG.Security /// The key. /// Length of the optional non-secret payload. /// Decrypted Message - public static string SimpleDecrypt(string encryptedMessage, byte[] key, int nonSecretPayloadLength = 0) + public string SimpleDecrypt(string encryptedMessage, byte[] key, int nonSecretPayloadLength = 0) { if (string.IsNullOrEmpty(encryptedMessage)) throw new ArgumentException("Encrypted Message Required!", "encryptedMessage"); @@ -114,7 +114,7 @@ namespace mRemoteNG.Security /// Significantly less secure than using random binary keys. /// Adds additional non secret payload for key generation parameters. /// - public static string SimpleEncryptWithPassword(string secretMessage, string password, + public string SimpleEncryptWithPassword(string secretMessage, string password, byte[] nonSecretPayload = null) { if (string.IsNullOrEmpty(secretMessage)) @@ -140,7 +140,7 @@ namespace mRemoteNG.Security /// /// Significantly less secure than using random binary keys. /// - public static string SimpleDecryptWithPassword(string encryptedMessage, string password, + public string SimpleDecryptWithPassword(string encryptedMessage, string password, int nonSecretPayloadLength = 0) { if (string.IsNullOrWhiteSpace(encryptedMessage)) @@ -162,7 +162,7 @@ namespace mRemoteNG.Security /// /// Adds overhead of (Optional-Payload + BlockSize(16) + Message + HMac-Tag(16)) * 1.33 Base64 /// - public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] key, byte[] nonSecretPayload = null) + public byte[] SimpleEncrypt(byte[] secretMessage, byte[] key, byte[] nonSecretPayload = null) { //User Error Checks if (key == null || key.Length != KeyBitSize / 8) @@ -210,7 +210,7 @@ namespace mRemoteNG.Security /// The key. /// Length of the optional non-secret payload. /// Decrypted Message - public static byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] key, int nonSecretPayloadLength = 0) + public byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] key, int nonSecretPayloadLength = 0) { //User Error Checks if (key == null || key.Length != KeyBitSize / 8) @@ -268,7 +268,7 @@ namespace mRemoteNG.Security /// Significantly less secure than using random binary keys. /// Adds additional non secret payload for key generation parameters. /// - public static byte[] SimpleEncryptWithPassword(byte[] secretMessage, string password, byte[] nonSecretPayload = null) + public byte[] SimpleEncryptWithPassword(byte[] secretMessage, string password, byte[] nonSecretPayload = null) { nonSecretPayload = nonSecretPayload ?? new byte[] {}; @@ -315,7 +315,7 @@ namespace mRemoteNG.Security /// /// Significantly less secure than using random binary keys. /// - public static byte[] SimpleDecryptWithPassword(byte[] encryptedMessage, string password, int nonSecretPayloadLength = 0) + public byte[] SimpleDecryptWithPassword(byte[] encryptedMessage, string password, int nonSecretPayloadLength = 0) { //User Error Checks if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength)