seb-win-refactoring/SebWindowsConfig/Utilities/SEBProtectionController.cs

1123 lines
39 KiB
C#
Raw Permalink Normal View History

using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
using System.Globalization;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Windows.Forms;
//
// SEBProtectionController.cs
// SafeExamBrowser
//
// SafeExamBrowser
//
// Copyright (c) 2010-2020 Daniel R. Schneider,
// ETH Zurich, IT Services,
// based on the original idea of Safe Exam Browser
// by Stefan Schneider, University of Giessen
// Project concept: Thomas Piendl, Daniel R. Schneider,
// Dirk Bauer, Kai Reuter, Tobias Halbherr, Karsten Burger, Marco Lehre,
// Brigitte Schmucki, Oliver Rahs. French localization: Nicolas Dunand
//
// ``The contents of this file are subject to the Mozilla Public License
// Version 1.1 (the "License"); you may not use this file except in
// compliance with the License. You may obtain a copy of the License at
// http://www.mozilla.org/MPL/
//
// Software distributed under the License is distributed on an "AS IS"
// basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
// License for the specific language governing rights and limitations
// under the License.
//
// The Original Code is Safe Exam Browser for Windows.
//
// The Initial Developer of the Original Code is Daniel R. Schneider.
// Portions created by Daniel R. Schneider
// are Copyright (c) 2010-2020 Daniel R. Schneider,
// ETH Zurich, IT Services,
// based on the original idea of Safe Exam Browser
// by Stefan Schneider, University of Giessen. All Rights Reserved.
//
// Contributor(s): ______________________________________.
//
namespace SebWindowsConfig.Utilities
{
public class SEBProtectionController
{
const string DLL_NAME =
#if X86
"seb_x86.dll";
#else
"seb_x64.dll";
#endif
// Prefix
private const int PREFIX_LENGTH = 4;
private const string PUBLIC_KEY_HASH_MODE = "pkhs";
private const string PASSWORD_MODE = "pswd";
private const string PLAIN_DATA_MODE = "plnd";
private const string PASSWORD_CONFIGURING_CLIENT_MODE = "pwcc";
// Public key
private const int PUBLIC_KEY_HASH_LENGTH = 20;
// RNCryptor non-secret payload (header)
// First byte: Data format version. Currently 2.
// Second byte: Options, bit 0 - uses password (so currently 1).
private static readonly byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 };
enum EncryptionT
{
pkhs,
pswd,
plnd,
pwcc,
unknown
};
/// ------------------------------------------------------------------------------------------
/// <summary>
/// Get array of certificate references and the according names from both certificate stores.
/// </summary>
/// ------------------------------------------------------------------------------------------
public static ArrayList GetCertificatesAndNames(ref ArrayList certificateNames)
{
ArrayList certificates = new ArrayList();
// First search the Personal (standard) certificate store for the current user
X509Store store = new X509Store(StoreLocation.CurrentUser);
certificates = GetCertificatesAndNamesFromStore(ref certificateNames, store);
// Also search the store for Trusted Users
ArrayList certificateNamesTrustedUsers = new ArrayList();
store = new X509Store(StoreName.TrustedPeople);
certificates.AddRange(GetCertificatesAndNamesFromStore(ref certificateNamesTrustedUsers, store));
certificateNames.AddRange(certificateNamesTrustedUsers);
// Also search the Personal store for the local machine
ArrayList certificateNamesLocalMachine = new ArrayList();
store = new X509Store(StoreLocation.LocalMachine);
certificates.AddRange(GetCertificatesAndNamesFromStore(ref certificateNamesLocalMachine, store));
certificateNames.AddRange(certificateNamesLocalMachine);
return certificates;
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Helper method: Get array of certificate references and the according names from the passed certificate store.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static ArrayList GetCertificatesAndNamesFromStore(ref ArrayList certificateNames, X509Store store)
{
ArrayList certificates = new ArrayList();
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 x509Certificate in store.Certificates)
{
if (x509Certificate.HasPrivateKey)
{
certificates.Add(x509Certificate);
if (!String.IsNullOrWhiteSpace(x509Certificate.FriendlyName))
certificateNames.Add(x509Certificate.FriendlyName);
else if (!String.IsNullOrWhiteSpace(x509Certificate.SerialNumber))
certificateNames.Add(x509Certificate.SerialNumber);
}
}
//Close the store.
store.Close();
return certificates;
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Get array of CA certificate references and the according names from the certificate store.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static ArrayList GetSSLCertificatesAndNames(ref ArrayList certificateNames)
{
ArrayList certificates = new ArrayList();
X509Store store = new X509Store(StoreName.CertificateAuthority);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certsCollection = store.Certificates.Find(X509FindType.FindByKeyUsage, (X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment), false);
store = new X509Store(StoreName.AddressBook);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certsCollection2 = store.Certificates.Find(X509FindType.FindByKeyUsage, (X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment), false);
certsCollection.AddRange(certsCollection2);
foreach (X509Certificate2 x509Certificate in certsCollection)
{
certificates.Add(x509Certificate);
certificateNames.Add(Parse(x509Certificate.Subject, "CN")?.FirstOrDefault() ?? x509Certificate.FriendlyName);
}
//Close the store.
store.Close();
return certificates;
}
/// <summary>
/// Recursively searches the supplied AD string for all groups.
/// </summary>
/// <param name="data">The string returned from AD to parse for a group.</param>
/// <param name="delimiter">The string to use as the seperator for the data. ex. ","</param>
/// <returns>null if no groups were found -OR- data is null or empty.</returns>
public static List<string> Parse(string data, string delimiter)
{
if (data == null) return null;
if (!delimiter.EndsWith("=")) delimiter = delimiter + "=";
if (!data.Contains(delimiter)) return null;
//base case
var result = new List<string>();
int start = data.IndexOf(delimiter) + delimiter.Length;
int length = data.IndexOf(',', start) - start;
if (length == 0) return null; //the group is empty
if (length > 0)
{
result.Add(data.Substring(start, length));
//only need to recurse when the comma was found, because there could be more groups
var rec = Parse(data.Substring(start + length), delimiter);
if (rec != null) result.AddRange(rec); //can't pass null into AddRange() :(
}
else //no comma found after current group so just use the whole remaining string
{
result.Add(data.Substring(start));
}
return result;
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Get certificate from both stores.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static X509Certificate2 GetCertificateFromStore(byte[] publicKeyHash)
{
X509Certificate2 sebCertificate = null;
// First search the Personal certificate store for the current user
X509Store store = new X509Store(StoreLocation.CurrentUser);
sebCertificate = GetCertificateFromPassedStore(publicKeyHash, store);
// If the certificate wasn't found there, search the store for Trusted People
if (sebCertificate == null)
{
store = new X509Store(StoreName.TrustedPeople);
sebCertificate = GetCertificateFromPassedStore(publicKeyHash, store);
}
// If the certificate wasn't found there, search the Personal store for the local machine
if (sebCertificate == null)
{
store = new X509Store(StoreLocation.LocalMachine);
sebCertificate = GetCertificateFromPassedStore(publicKeyHash, store);
}
return sebCertificate;
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Helper method: Search passed store for certificate with passed public key hash.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static X509Certificate2 GetCertificateFromPassedStore(byte[] publicKeyHash, X509Store store)
{
X509Certificate2 sebCertificate = null;
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 x509Certificate in store.Certificates)
{
byte[] publicKeyRawData = x509Certificate.PublicKey.EncodedKeyValue.RawData;
SHA1 sha = new SHA1CryptoServiceProvider();
byte[] certificateHash = sha.ComputeHash(publicKeyRawData);
//certificateName = x509Certificate.Subject;
if (certificateHash.SequenceEqual(publicKeyHash))
{
sebCertificate = x509Certificate;
break;
}
}
//Close the store.
store.Close();
return sebCertificate;
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Store certificate into the Windows Certificate Store.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static void StoreCertificateIntoStore(byte[] certificateData)
{
X509Store store = null;
// Save the certificate into the Personal store
try
{
store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
}
catch (Exception storeOpenException)
{
Logger.AddError("The X509 store in Windows Certificate Store could not be opened: ", null, storeOpenException, storeOpenException.Message);
}
if (store != null)
{
StoreCertificateIntoPassedStore(certificateData, store);
}
// In addition try to save the certificate into the Trusted People store for the Local Machine
// This will only work if SEB is run in an administrator account
try
{
store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
}
catch (Exception storeOpenException)
{
Logger.AddError("The X509 Trusted People store in Windows Certificate Store for Local Machine could not be opened: ", null, storeOpenException, storeOpenException.Message);
return;
}
StoreCertificateIntoPassedStore(certificateData, store);
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Store certificate into the passed, already opened store.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static void StoreCertificateIntoPassedStore(byte[] certificateData, X509Store store)
{
X509Certificate2 x509 = new X509Certificate2();
try
{
x509.Import(certificateData, SEBClientInfo.DEFAULT_KEY, X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet);
}
catch (Exception certImportException)
{
Logger.AddError("The identity data could not be imported into the X509 certificate store.", null, certImportException, certImportException.Message);
store.Close();
return;
}
try
{
store.Add(x509);
}
catch (Exception certAddingException)
{
Logger.AddError("The identity could not be added to the Windows Certificate Store", null, certAddingException, certAddingException.Message);
store.Close();
return;
}
Logger.AddInformation("The identity was successfully added to the Windows Certificate Store");
store.Close();
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Get the public key hash for the certificate from the store.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] GetPublicKeyHashFromCertificate(X509Certificate2 certificateRef)
{
//string certificateHash;
//Create new X509 store from the local certificate store.
//X509Store store = new X509Store(StoreLocation.CurrentUser);
//store.Open(OpenFlags.ReadOnly);
byte[] publicKeyRawData = certificateRef.PublicKey.EncodedKeyValue.RawData;
SHA1 sha = new SHA1CryptoServiceProvider();
byte[] certificateHash = sha.ComputeHash(publicKeyRawData);
//Close the store.
//store.Close();
return certificateHash;
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Encrypt with certificate/public key and RSA algorithm
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] EncryptDataWithCertificate(byte[] plainInputData, X509Certificate2 sebCertificate)
{
try
{
// Encrypt config data
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
RSACryptoServiceProvider publicKey = sebCertificate.PublicKey.Key as RSACryptoServiceProvider;
// Blocksize is for example 2048/8 = 256
int blockSize = (publicKey.KeySize / 8) - 32;
// buffer to hold byte sequence of the encrypted information
byte[] encryptedBuffer = new byte[blockSize];
// buffer for the plain source data
byte[] plainBuffer = new byte[blockSize];
// initialize array so it holds at least the amount needed to decrypt.
//byte[] decryptedData = new byte[encryptedData.Length];
MemoryStream encryptedStream = new MemoryStream();
// Calculate number of full data blocks that will have to be decrypted
int blockCount = plainInputData.Length / blockSize;
for (int i = 0; i < blockCount; i++)
{
// copy byte sequence from encrypted source data to the buffer
Buffer.BlockCopy(plainInputData, i * blockSize, plainBuffer, 0, blockSize);
// decrypt the block in the buffer
encryptedBuffer = publicKey.Encrypt(plainBuffer, false);
// write decrypted result back to the destination array
encryptedStream.Write(encryptedBuffer, 0, encryptedBuffer.Length);
}
int remainingBytes = plainInputData.Length - (blockCount * blockSize);
if (remainingBytes > 0)
{
plainBuffer = new byte[remainingBytes];
// copy remaining bytes from encrypted source data to the buffer
Buffer.BlockCopy(plainInputData, blockCount * blockSize, plainBuffer, 0, remainingBytes);
// decrypt the block in the buffer
encryptedBuffer = publicKey.Encrypt(plainBuffer, false);
// write decrypted result back to the destination array
//decryptedBuffer.CopyTo(decryptedData, blockCount * blockSize);
encryptedStream.Write(encryptedBuffer, 0, encryptedBuffer.Length);
}
byte[] encryptedData = encryptedStream.ToArray();
return encryptedData;
}
catch (CryptographicException)
{
//return cex.Message;
return null;
}
catch (Exception)
{
//return ex.Message;
return null;
}
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Decrypt with X509 certificate/private key and RSA algorithm
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] DecryptDataWithCertificate(byte[] encryptedData, X509Certificate2 sebCertificate)
{
try
{
// Decrypt config data
RSACryptoServiceProvider privateKey = sebCertificate.PrivateKey as RSACryptoServiceProvider;
//byte[] decryptedData = privateKey.Decrypt(encryptedDataBytes, false);
// Blocksize is for example 2048/8 = 256
int blockSize = privateKey.KeySize / 8;
// buffer to hold byte sequence of the encrypted source data
byte[] encryptedBuffer = new byte[blockSize];
// buffer for the decrypted information
byte[] decryptedBuffer = new byte[blockSize];
// initialize array so it holds at least the amount needed to decrypt.
//byte[] decryptedData = new byte[encryptedData.Length];
MemoryStream decryptedStream = new MemoryStream();
// Calculate number of full data blocks that will have to be decrypted
int blockCount = encryptedData.Length / blockSize;
for (int i = 0; i < blockCount; i++)
{
// copy byte sequence from encrypted source data to the buffer
Buffer.BlockCopy(encryptedData, i * blockSize, encryptedBuffer, 0, blockSize);
// decrypt the block in the buffer
decryptedBuffer = privateKey.Decrypt(encryptedBuffer, false);
// write decrypted result back to the destination array
//decryptedBuffer.CopyTo(decryptedData, i*blockSize);
decryptedStream.Write(decryptedBuffer, 0, decryptedBuffer.Length);
}
int remainingBytes = encryptedData.Length - (blockCount * blockSize);
if (remainingBytes > 0)
{
encryptedBuffer = new byte[remainingBytes];
// copy remaining bytes from encrypted source data to the buffer
Buffer.BlockCopy(encryptedData, blockCount * blockSize, encryptedBuffer, 0, remainingBytes);
// decrypt the block in the buffer
decryptedBuffer = privateKey.Decrypt(encryptedBuffer, false);
// write decrypted result back to the destination array
//decryptedBuffer.CopyTo(decryptedData, blockCount * blockSize);
decryptedStream.Write(decryptedBuffer, 0, decryptedBuffer.Length);
}
byte[] decryptedData = decryptedStream.ToArray();
return decryptedData;
}
catch (CryptographicException cex)
{
Logger.AddError("Decrypting SEB config data encrypted with an identity failed with cryptographic exception:", null, cex, cex.Message);
MessageBox.Show(SEBUIStrings.errorDecryptingSettings, SEBUIStrings.certificateDecryptingError + cex.Message, MessageBoxButtons.OK, MessageBoxIcon.Error);
return null;
}
catch (Exception ex)
{
Logger.AddError("Decrypting SEB config data encrypted with an identity failed with exception:", null, ex, ex.Message);
MessageBox.Show(SEBUIStrings.errorDecryptingSettings, SEBUIStrings.certificateDecryptingError + ex.Message, MessageBoxButtons.OK, MessageBoxIcon.Error);
return null;
}
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Encrypt with password, key, salt using AES (Open SSL Encrypt).
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] EncryptDataWithPassword(byte[] plainData, string password)
{
try
{
// encrypt bytes
byte[] encryptedData = AESThenHMAC.SimpleEncryptWithPassword(plainData, password, RNCRYPTOR_HEADER);
return encryptedData;
}
catch (CryptographicException)
{
//return cex.Message;
return null;
}
catch (Exception)
{
//return ex.Message;
return null;
}
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Decrypt with password, key, salt using AES (Open SSL Decrypt)..
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] DecryptDataWithPassword(byte[] encryptedBytesWithSalt, string passphrase)
{
try
{
byte[] decryptedData = AESThenHMAC.SimpleDecryptWithPassword(encryptedBytesWithSalt, passphrase, nonSecretPayloadLength: 2);
return decryptedData;
}
catch (CryptographicException)
{
//return cex.Message;
return null;
}
catch (Exception)
{
//return ex.Message;
return null;
}
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Compute a SHA256 hash base16 string.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static string ComputePasswordHash(string input)
{
HashAlgorithm algorithm = new SHA256Managed();
byte[] inputBytes = Encoding.UTF8.GetBytes(input);
byte[] hashedBytes = algorithm.ComputeHash(inputBytes);
string pswdHash = BitConverter.ToString(hashedBytes).ToLower();
return pswdHash.Replace("-", "");
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Compute a Browser Exam Key SHA256 hash base16 string.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static string ComputeBrowserExamKey()
{
var browserExamKey = default(string);
var configurationKey = ComputeConfigurationKey();
var executable = Assembly.GetExecutingAssembly();
var certificate = executable.Modules.First().GetSignerCertificate();
var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
var signature = certificate?.GetCertHashString();
var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
Logger.AddInformation("Initializing browser exam key...");
if (configurationKey == default)
{
configurationKey = "";
Logger.AddWarning("The current configuration does not contain a value for the configuration key!");
}
if (salt == default || salt.Length == 0)
{
salt = new byte[0];
Logger.AddWarning("The current configuration does not contain a salt value for the browser exam key!");
}
if (TryCalculateBrowserExamKey(configurationKey, BitConverter.ToString(salt).ToLower().Replace("-", string.Empty), out browserExamKey))
{
Logger.AddInformation("Successfully calculated BEK using integrity module.");
}
else
{
Logger.AddWarning("Failed to calculate BEK using integrity module! Falling back to simplified calculation...");
using (var algorithm = new HMACSHA256(salt))
{
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
browserExamKey = key;
}
}
return browserExamKey;
}
private static bool TryCalculateBrowserExamKey(string configurationKey, string salt, out string browserExamKey)
{
browserExamKey = default;
try
{
browserExamKey = CalculateBrowserExamKey(configurationKey, salt);
}
catch (DllNotFoundException)
{
Logger.AddWarning("Integrity module is not available!");
}
catch (Exception e)
{
Logger.AddError("Unexpected error while attempting to calculate browser exam key!", default, e);
}
return browserExamKey != default;
}
[DllImport(DLL_NAME, CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.BStr)]
private static extern string CalculateBrowserExamKey(string configurationKey, string salt);
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Compute a Configuration Key SHA256 hash base16 string.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static string ComputeConfigurationKey()
{
using (var algorithm = new SHA256Managed())
using (var stream = new MemoryStream())
using (var writer = new StreamWriter(stream))
{
Serialize(SEBSettings.settingsCurrentOriginal, writer);
writer.Flush();
stream.Seek(0, SeekOrigin.Begin);
var hash = algorithm.ComputeHash(stream);
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
return key;
}
}
private static void Serialize(IDictionary<string, object> dictionary, StreamWriter stream)
{
var orderedByKey = dictionary.OrderBy(d => d.Key, StringComparer.InvariantCulture).ToList();
stream.Write('{');
foreach (var kvp in orderedByKey)
{
var process = true;
process &= !kvp.Key.Equals(SEBSettings.KeyOriginatorVersion, StringComparison.OrdinalIgnoreCase);
process &= !(kvp.Value is IDictionary<string, object> d) || d.Any();
if (process)
{
stream.Write('"');
stream.Write(kvp.Key);
stream.Write('"');
stream.Write(':');
Serialize(kvp.Value, stream);
if (kvp.Key != orderedByKey.Last().Key)
{
stream.Write(',');
}
}
}
stream.Write('}');
}
private static void Serialize(IList<object> list, StreamWriter stream)
{
stream.Write('[');
foreach (var item in list)
{
Serialize(item, stream);
if (item != list.Last())
{
stream.Write(',');
}
}
stream.Write(']');
}
private static void Serialize(object value, StreamWriter stream)
{
switch (value)
{
case IDictionary<string, object> dictionary:
Serialize(dictionary, stream);
break;
case IList<object> list:
Serialize(list, stream);
break;
case byte[] data:
stream.Write('"');
stream.Write(Convert.ToBase64String(data));
stream.Write('"');
break;
case DateTime date:
stream.Write(date.ToString("o"));
break;
case bool boolean:
stream.Write(boolean.ToString().ToLower());
break;
case int integer:
stream.Write(integer.ToString(NumberFormatInfo.InvariantInfo));
break;
case double number:
stream.Write(number.ToString(NumberFormatInfo.InvariantInfo));
break;
case string text:
stream.Write('"');
stream.Write(text);
stream.Write('"');
break;
case null:
stream.Write('"');
stream.Write('"');
break;
}
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Generate a Browser Exam Key Salt as byte data.
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] GenerateBrowserExamKeySalt()
{
byte[] saltBytes = AESThenHMAC.NewKey();
//string saltString = BitConverter.ToString(saltBytes);
//return saltString.Replace("-", "");
return saltBytes;
}
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Class for encrypting and decrypting with AES and HMAC,
/// compatible with RNCryptor on Mac OS X and iOS.
/// </summary>
/// ----------------------------------------------------------------------------------------
/// This work (Modern Encryption of a String C#, by James Tuley),
/// identified by James Tuley, is free of known copyright restrictions.
/// https://gist.github.com/4336842
/// http://creativecommons.org/publicdomain/mark/1.0/
/// ----------------------------------------------------------------------------------------
public static class AESThenHMAC
{
private static readonly RandomNumberGenerator Random = RandomNumberGenerator.Create();
//Preconfigured Encryption Parameters
public static readonly int BlockBitSize = 128;
public static readonly int KeyBitSize = 256;
//Preconfigured Password Key Derivation Parameters
public static readonly int SaltBitSize = 64;
public static readonly int Iterations = 10000;
public static readonly int MinPasswordLength = 3;
/// <summary>
/// Helper that generates a random key on each call.
/// </summary>
/// <returns></returns>
public static byte[] NewKey()
{
var key = new byte[KeyBitSize / 8];
Random.GetBytes(key);
return key;
}
/// <summary>
/// Simple Encryption (AES) then Authentication (HMAC) for a UTF8 Message.
/// </summary>
/// <param name="secretMessage">The secret message.</param>
/// <param name="cryptKey">The crypt key.</param>
/// <param name="authKey">The auth key.</param>
/// <param name="nonSecretPayload">(Optional) Non-Secret Payload.</param>
/// <returns>
/// Encrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">Secret Message Required!;secretMessage</exception>
/// <remarks>
/// Adds overhead of (Optional-Payload + BlockSize(16) + Message-Padded-To-Blocksize + HMac-Tag(32)) * 1.33 Base64
/// </remarks>
public static string SimpleEncrypt(string secretMessage, byte[] cryptKey, byte[] authKey,
byte[] nonSecretPayload = null)
{
if (string.IsNullOrEmpty(secretMessage))
throw new ArgumentException("Secret Message Required!", "secretMessage");
var plainText = Encoding.UTF8.GetBytes(secretMessage);
var cipherText = SimpleEncrypt(plainText, cryptKey, authKey, nonSecretPayload);
return Convert.ToBase64String(cipherText);
}
/// <summary>
/// Simple Authentication (HMAC) then Decryption (AES) for a secrets UTF8 Message.
/// </summary>
/// <param name="encryptedMessage">The encrypted message.</param>
/// <param name="cryptKey">The crypt key.</param>
/// <param name="authKey">The auth key.</param>
/// <param name="nonSecretPayloadLength">Length of the non secret payload.</param>
/// <returns>
/// Decrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">Encrypted Message Required!;encryptedMessage</exception>
public static string SimpleDecrypt(string encryptedMessage, byte[] cryptKey, byte[] authKey,
int nonSecretPayloadLength = 0)
{
if (string.IsNullOrWhiteSpace(encryptedMessage))
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
var cipherText = Convert.FromBase64String(encryptedMessage);
var plainText = SimpleDecrypt(cipherText, cryptKey, authKey, nonSecretPayloadLength);
return Encoding.UTF8.GetString(plainText);
}
/// <summary>
/// Simple Encryption (AES) then Authentication (HMAC) of a UTF8 message
/// using Keys derived from a Password (PBKDF2).
/// </summary>
/// <param name="secretMessage">The secret message.</param>
/// <param name="password">The password.</param>
/// <param name="nonSecretPayload">The non secret payload.</param>
/// <returns>
/// Encrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">password</exception>
/// <remarks>
/// Significantly less secure than using random binary keys.
/// Adds additional non secret payload for key generation parameters.
/// </remarks>
public static string SimpleEncryptWithPassword(string secretMessage, string password,
byte[] nonSecretPayload = null)
{
if (string.IsNullOrEmpty(secretMessage))
throw new ArgumentException("Secret Message Required!", "secretMessage");
var plainText = Encoding.UTF8.GetBytes(secretMessage);
var cipherText = SimpleEncryptWithPassword(plainText, password, nonSecretPayload);
return Convert.ToBase64String(cipherText);
}
/// <summary>
/// Simple Authentication (HMAC) and then Descryption (AES) of a UTF8 Message
/// using keys derived from a password (PBKDF2).
/// </summary>
/// <param name="encryptedMessage">The encrypted message.</param>
/// <param name="password">The password.</param>
/// <param name="nonSecretPayloadLength">Length of the non secret payload.</param>
/// <returns>
/// Decrypted Message
/// </returns>
/// <exception cref="System.ArgumentException">Encrypted Message Required!;encryptedMessage</exception>
/// <remarks>
/// Significantly less secure than using random binary keys.
/// </remarks>
public static string SimpleDecryptWithPassword(string encryptedMessage, string password,
int nonSecretPayloadLength = 0)
{
if (string.IsNullOrWhiteSpace(encryptedMessage))
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
var cipherText = Convert.FromBase64String(encryptedMessage);
var plainText = SimpleDecryptWithPassword(cipherText, password, nonSecretPayloadLength);
return Encoding.UTF8.GetString(plainText);
}
public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload = null)
{
//User Error Checks
if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "cryptKey");
if (authKey == null || authKey.Length != KeyBitSize / 8)
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "authKey");
if (secretMessage == null || secretMessage.Length < 1)
throw new ArgumentException("Secret Message Required!", "secretMessage");
//non-secret payload optional
nonSecretPayload = nonSecretPayload ?? new byte[] { };
byte[] cipherText;
byte[] iv;
using (var aes = new AesManaged
{
KeySize = KeyBitSize,
BlockSize = BlockBitSize,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
})
{
//Use random IV
aes.GenerateIV();
iv = aes.IV;
using (var encrypter = aes.CreateEncryptor(cryptKey, iv))
using (var cipherStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(cryptoStream))
{
//Encrypt Data
binaryWriter.Write(secretMessage);
}
cipherText = cipherStream.ToArray();
}
}
//Assemble encrypted message and add authentication
using (var hmac = new HMACSHA256(authKey))
using (var encryptedStream = new MemoryStream())
{
using (var binaryWriter = new BinaryWriter(encryptedStream))
{
//Prepend non-secret payload if any
binaryWriter.Write(nonSecretPayload);
//Prepend IV
binaryWriter.Write(iv);
//Write Ciphertext
binaryWriter.Write(cipherText);
binaryWriter.Flush();
//Authenticate all data
var tag = hmac.ComputeHash(encryptedStream.ToArray());
//Postpend tag
binaryWriter.Write(tag);
}
return encryptedStream.ToArray();
}
}
public static byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] cryptKey, byte[] authKey, int nonSecretPayloadLength = 0)
{
//Basic Usage Error Checks
if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
throw new ArgumentException(String.Format("CryptKey needs to be {0} bit!", KeyBitSize), "cryptKey");
if (authKey == null || authKey.Length != KeyBitSize / 8)
throw new ArgumentException(String.Format("AuthKey needs to be {0} bit!", KeyBitSize), "authKey");
if (encryptedMessage == null || encryptedMessage.Length == 0)
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
using (var hmac = new HMACSHA256(authKey))
{
var sentTag = new byte[hmac.HashSize / 8];
//Calculate Tag
var calcTag = hmac.ComputeHash(encryptedMessage, 0, encryptedMessage.Length - sentTag.Length);
var ivLength = (BlockBitSize / 8);
//if message length is to small just return null
if (encryptedMessage.Length < sentTag.Length + nonSecretPayloadLength + ivLength)
return null;
//Grab Sent Tag
Array.Copy(encryptedMessage, encryptedMessage.Length - sentTag.Length, sentTag, 0, sentTag.Length);
//Compare Tag with constant time comparison
var compare = 0;
for (var i = 0; i < sentTag.Length; i++)
compare |= sentTag[i] ^ calcTag[i];
//if message doesn't authenticate return null
if (compare != 0)
return null;
using (var aes = new AesManaged
{
KeySize = KeyBitSize,
BlockSize = BlockBitSize,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
})
{
//Grab IV from message
var iv = new byte[ivLength];
Array.Copy(encryptedMessage, nonSecretPayloadLength, iv, 0, iv.Length);
using (var decrypter = aes.CreateDecryptor(cryptKey, iv))
using (var plainTextStream = new MemoryStream())
{
using (var decrypterStream = new CryptoStream(plainTextStream, decrypter, CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(decrypterStream))
{
//Decrypt Cipher Text from Message
binaryWriter.Write(
encryptedMessage,
nonSecretPayloadLength + iv.Length,
encryptedMessage.Length - nonSecretPayloadLength - iv.Length - sentTag.Length
);
}
//Return Plain Text
return plainTextStream.ToArray();
}
}
}
}
public static byte[] SimpleEncryptWithPassword(byte[] secretMessage, string password, byte[] nonSecretPayload = null)
{
nonSecretPayload = nonSecretPayload ?? new byte[] { };
//User Error Checks
//if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength)
// throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password");
if (secretMessage == null || secretMessage.Length == 0)
throw new ArgumentException("Secret Message Required!", "secretMessage");
var payload = new byte[((SaltBitSize / 8) * 2) + nonSecretPayload.Length];
Array.Copy(nonSecretPayload, payload, nonSecretPayload.Length);
int payloadIndex = nonSecretPayload.Length;
byte[] cryptKey;
byte[] authKey;
//Use Random Salt to prevent pre-generated weak password attacks.
using (var generator = new Rfc2898DeriveBytes(password, SaltBitSize / 8, Iterations))
{
var salt = generator.Salt;
//Generate Keys
cryptKey = generator.GetBytes(KeyBitSize / 8);
//Create Non Secret Payload
Array.Copy(salt, 0, payload, payloadIndex, salt.Length);
payloadIndex += salt.Length;
}
//Deriving separate key, might be less efficient than using HKDF,
//but now compatible with RNEncryptor which had a very similar wireformat and requires less code than HKDF.
using (var generator = new Rfc2898DeriveBytes(password, SaltBitSize / 8, Iterations))
{
var salt = generator.Salt;
//Generate Keys
authKey = generator.GetBytes(KeyBitSize / 8);
//Create Rest of Non Secret Payload
Array.Copy(salt, 0, payload, payloadIndex, salt.Length);
}
return SimpleEncrypt(secretMessage, cryptKey, authKey, payload);
}
public static byte[] SimpleDecryptWithPassword(byte[] encryptedMessage, string password, int nonSecretPayloadLength = 0)
{
if (encryptedMessage == null || encryptedMessage.Length == 0)
{
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
}
var cryptSalt = new byte[SaltBitSize / 8];
var authSalt = new byte[SaltBitSize / 8];
//Grab Salt from Non-Secret Payload
Array.Copy(encryptedMessage, nonSecretPayloadLength, cryptSalt, 0, cryptSalt.Length);
Array.Copy(encryptedMessage, nonSecretPayloadLength + cryptSalt.Length, authSalt, 0, authSalt.Length);
byte[] cryptKey;
byte[] authKey;
//Generate crypt key
using (var generator = new Rfc2898DeriveBytes(password, cryptSalt, Iterations))
{
cryptKey = generator.GetBytes(KeyBitSize / 8);
}
//Generate auth key
using (var generator = new Rfc2898DeriveBytes(password, authSalt, Iterations))
{
authKey = generator.GetBytes(KeyBitSize / 8);
}
return SimpleDecrypt(encryptedMessage, cryptKey, authKey, cryptSalt.Length + authSalt.Length + nonSecretPayloadLength);
}
}
}