GabrielTofvesson/ServerProject
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added cipher block chaining algorithms to prevent information leaking from ciphertexts

Browse Source 
- CBC's accept any block-cipher implementation
Fixed AES implementation
Made Rijndael128 extend a generic block-cipher class
This commit is contained in:
Gabriel Tofvesson 2018-02-23 16:43:00 +01:00
parent a42b6a3770
commit 84baedc319
5 changed files with 238 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Client/Program.cs
View File

@ -9,11 +9,17 @@ namespace Client
{
static void Main(string[] args)
{
RandomProvider provider = new CryptoRandomProvider();
Rijndael128 symcrypt = new Rijndael128("Eyy");
Console.WriteLine(symcrypt.DecryptString(symcrypt.EncryptString("test"), 4));
GenericCBC cbc = new CFB(symcrypt, provider);
Console.WriteLine(cbc.Decrypt(cbc.Encrypt("Hello".ToUTF8Bytes())).SubArray(0, 5).ToUTF8String());
byte[] testMSG = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
string cryptres = symcrypt.DecryptString(symcrypt.EncryptString("Hello!"), 6);
RandomProvider provider = new CryptoRandomProvider();
byte[] test = KDF.PBKDF2(KDF.HMAC_SHA1, Encoding.UTF8.GetBytes("Hello there!"), new byte[] { 1, 2, 3, 4 }, 4096, 128);
Console.WriteLine(Support.ToHexString(test));
Galois2 gal = Galois2.FromValue(33);

36
Common/AES.cs
View File

@ -129,36 +129,34 @@ namespace Tofvesson.Crypto
return new AES(File.ReadAllBytes(baseName + ".key"), File.ReadAllBytes(baseName + ".iv"), false);
}
}
public class Rijndael128
public class Rijndael128 : BlockCipher
{
protected readonly byte[] roundKeys;
protected readonly byte[] key;
protected readonly byte[] iv;
public Rijndael128(string key)
public Rijndael128(string key) : base(16)
{
// Derive a proper key
var t = DeriveKey(key);
this.key = t.Item1;
this.iv = t.Item2;
// Expand the derived key
roundKeys = KeySchedule(this.key, BitMode.Bit128);
}
protected Rijndael128(byte[] key, byte[] iv)
protected Rijndael128(byte[] key) : base(16)
{
this.key = key;
this.iv = iv;
// Expand the derived key
roundKeys = KeySchedule(this.key, BitMode.Bit128);
}
public byte[] EncryptString(string message) => Encrypt(Encoding.UTF8.GetBytes(message));
public string DecryptString(byte[] message, int length) => new string(Encoding.UTF8.GetChars(Decrypt(message, length, false))).Substring(0, length);
public byte[] Encrypt(byte[] message)
public override byte[] Encrypt(byte[] message)
{
byte[] result = new byte[message.Length + ((16 - (message.Length % 16))%16)];
Array.Copy(message, result, message.Length);
@ -167,6 +165,8 @@ namespace Tofvesson.Crypto
return result;
}
public override byte[] Decrypt(byte[] ciphertext) => Decrypt(ciphertext, -1, false);
public byte[] Decrypt(byte[] message, int messageLength) => Decrypt(message, messageLength, true);
protected byte[] Decrypt(byte[] message, int messageLength, bool doTruncate)
{
@ -178,8 +178,10 @@ namespace Tofvesson.Crypto
return doTruncate ? result.SubArray(0, messageLength) : result;
}
protected virtual byte[] AES128_Encrypt(byte[] state)
protected virtual byte[] AES128_Encrypt(byte[] input)
{
byte[] state = new byte[16];
Array.Copy(input, state, 16);
// Initial round
state = AddRoundKey(state, roundKeys, 0);
@ -194,8 +196,11 @@ namespace Tofvesson.Crypto
return state;
}
protected virtual byte[] AES128_Decrypt(byte[] state)
protected virtual byte[] AES128_Decrypt(byte[] input)
{
byte[] state = new byte[16];
Array.Copy(input, state, 16);
for (int rounds = 9; rounds > 0; --rounds)
{
state = AddRoundKey(state, roundKeys, rounds * 16);
@ -209,21 +214,20 @@ namespace Tofvesson.Crypto
public void Save(string baseName, bool force = false)
{
if (force || !File.Exists(baseName + ".key")) File.WriteAllBytes(baseName + ".key", key);
if (force || !File.Exists(baseName + ".iv")) File.WriteAllBytes(baseName + ".iv", iv);
}
public byte[] Serialize() => Support.SerializeBytes(new byte[][] { key, iv });
public byte[] Serialize() => Support.SerializeBytes(new byte[][] { key });
public static Rijndael128 Deserialize(byte[] message, out int read)
{
byte[][] output = Support.DeserializeBytes(message, 2);
byte[][] output = Support.DeserializeBytes(message, 1);
read = output[0].Length + output[1].Length + 8;
return new Rijndael128(output[0], output[1]);
return new Rijndael128(output[0]);
}
public static Rijndael128 Load(string baseName)
{
if (!File.Exists(baseName + ".iv") || !File.Exists(baseName + ".key")) throw new SystemException("Required files could not be located");
return new Rijndael128(File.ReadAllBytes(baseName + ".key"), File.ReadAllBytes(baseName + ".iv"));
if (!File.Exists(baseName + ".key")) throw new SystemException("Required files could not be located");
return new Rijndael128(File.ReadAllBytes(baseName + ".key"));
}

201
Common/CBC.cs Normal file
View File

@ -0,0 +1,201 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Tofvesson.Crypto
{
public abstract class BlockCipher
{
public Int32 BlockSize { get; private set; }
public BlockCipher(int blockSize)
{
this.BlockSize = blockSize;
}
public abstract byte[] Encrypt(byte[] message);
public abstract byte[] Decrypt(byte[] ciphertext);
}
public abstract class GenericCBC : BlockCipher
{
private readonly byte[] iv_e;
public byte[] IV { get => (byte[])iv_e.Clone(); }
protected readonly byte[] currentIV_e;
protected readonly byte[] currentIV_d;
protected readonly BlockCipher cipher;
protected readonly RandomProvider provider;
public GenericCBC(BlockCipher cipher, RandomProvider provider) : base(cipher.BlockSize)
{
this.cipher = cipher;
this.provider = provider;
// Generate initialization vector and set it as the current iv
iv_e = provider.GetBytes(new byte[cipher.BlockSize]);
currentIV_e = new byte[cipher.BlockSize];
currentIV_d = new byte[cipher.BlockSize];
Array.Copy(iv_e, currentIV_e, iv_e.Length);
Array.Copy(iv_e, currentIV_d, iv_e.Length);
}
protected byte[][] SplitBlocks(byte[] message)
{
byte[][] blocks = new byte[(message.Length / cipher.BlockSize) + (message.Length % cipher.BlockSize == 0 ? 0 : 1)][];
for (int i = 0; i < blocks.Length; ++i)
{
blocks[i] = message.SubArray(i * cipher.BlockSize, Math.Min((i + 1) * cipher.BlockSize, message.Length));
if (blocks[i].Length != cipher.BlockSize)
{
byte[] res = new byte[cipher.BlockSize];
Array.Copy(blocks[i], res, blocks[i].Length);
blocks[i] = res;
}
}
return blocks;
}
protected byte[] CollectBlocks(byte[][] result)
{
byte[] collected = new byte[result.Length * cipher.BlockSize];
for (int i = 0; i < result.Length; ++i) Array.Copy(result[i], 0, collected, cipher.BlockSize * i, cipher.BlockSize);
return collected;
}
// Resets the state of this CBC instance
public virtual void Reset()
{
Array.Copy(iv_e, currentIV_e, iv_e.Length);
Array.Copy(iv_e, currentIV_d, iv_e.Length);
}
}
/// <summary>
/// Standard cipher block chaining implementation (not recommended, but available nonetheless)
/// </summary>
public class CBC : GenericCBC
{
public CBC(BlockCipher cipher, RandomProvider provider) : base(cipher, provider)
{ }
public override byte[] Encrypt(byte[] message)
{
byte[][] blocks = SplitBlocks(message);
for (int i = 0; i < blocks.Length; ++i)
{
byte[] enc_result = cipher.Encrypt(blocks[i].XOR(currentIV_e));
Array.Copy(enc_result, currentIV_e, enc_result.Length);
Array.Copy(enc_result, blocks[i], cipher.BlockSize);
}
return CollectBlocks(blocks);
}
public override byte[] Decrypt(byte[] ciphertext)
{
// Split ciphertext into encrypted blocks
byte[][] blocks = SplitBlocks(ciphertext);
for(int i = 0; i<blocks.Length; ++i)
{
// Decrypt block
Array.Copy(cipher.Decrypt(blocks[i]).XOR(currentIV_d), blocks[i], cipher.BlockSize);
// Set the next iv to be this iteration's decrypted block
Array.Copy(blocks[i], currentIV_d, cipher.BlockSize);
}
return CollectBlocks(blocks);
}
}
public class PCBC : GenericCBC
{
public PCBC(BlockCipher cipher, RandomProvider provider) : base(cipher, provider)
{ }
public override byte[] Encrypt(byte[] message)
{
byte[][] blocks = SplitBlocks(message);
for (int i = 0; i < blocks.Length; ++i)
{
// Store the unmodified input text block
byte[] before = (byte[])blocks[i].Clone();
// Compute the encrypted value for this block
byte[] enc_result = cipher.Encrypt(blocks[i].XOR(currentIV_e));
// Store/compute new IV
Array.Copy(enc_result, currentIV_e, enc_result.Length);
currentIV_e.XOR(before);
// Store encryption result
Array.Copy(enc_result, 0, blocks[i], i * 16, 16);
}
return CollectBlocks(blocks);
}
public override byte[] Decrypt(byte[] ciphertext)
{
// Split ciphertext into blocks (ciphertext should ahve a length that is a multiple of cipher.BlockSize)
byte[][] blocks = SplitBlocks(ciphertext);
// Decrypt each block
for (int i = 0; i < blocks.Length; ++i)
{
// Temporarily store a copy of the encrypted block
byte[] before = (byte[])blocks[i].Clone();
// Decrypt the block
Array.Copy(cipher.Decrypt(before).XOR(currentIV_d), blocks[i], cipher.BlockSize);
// Compute the next IV
Array.Copy(currentIV_d, before.XOR(blocks[i]), cipher.BlockSize);
}
return CollectBlocks(blocks);
}
}
public class CFB : GenericCBC
{
public CFB(BlockCipher cipher, RandomProvider provider) : base(cipher, provider)
{ }
public override byte[] Encrypt(byte[] message)
{
byte[][] blocks = SplitBlocks(message);
for (int i = 0; i < blocks.Length; ++i)
// Encrypt IV and compute the XOR of the result with the plaintext. Finally, set the ciphertext as the IV for the next iteration
Array.Copy(blocks[i] = blocks[i].XOR(cipher.Encrypt(currentIV_e)), currentIV_e, cipher.BlockSize);
return CollectBlocks(blocks);
}
public override byte[] Decrypt(byte[] ciphertext)
{
// Split ciphertext into blocks (ciphertext should ahve a length that is a multiple of cipher.BlockSize)
byte[][] blocks = SplitBlocks(ciphertext);
for (int i = 0; i < blocks.Length; ++i)
{
// Store unmodified copy
byte[] before = (byte[])blocks[i].Clone();
// Decrypt
blocks[i] = blocks[i].XOR(cipher.Encrypt(currentIV_d));
// Set the ciphertext a the iv for the next iteration
Array.Copy(before, currentIV_d, cipher.BlockSize);
}
return CollectBlocks(blocks);
}
}
}

1
Common/Common.csproj
View File

@ -47,6 +47,7 @@
</ItemGroup>
<ItemGroup>
<Compile Include="AES.cs" />
<Compile Include="CBC.cs" />
<Compile Include="KDF.cs" />
<Compile Include="RSA.cs" />
<Compile Include="Net.cs" />

9
Common/Support.cs
View File

@ -335,6 +335,15 @@ namespace Tofvesson.Crypto
return res;
}
public static byte[] XOR(this byte[] array, byte[] xor)
{
for (int i = Math.Min(array.Length, xor.Length) - 1; i >= 0; --i) array[i] ^= xor[i];
return array;
}
public static string ToUTF8String(this byte[] b) => new string(Encoding.UTF8.GetChars(b));
public static byte[] ToUTF8Bytes(this string s) => Encoding.UTF8.GetBytes(s);
// -- Misc --
// Allows deconstruction when iterating over a collection of Tuples