Fix encryption after migrating to .net 6

BornToBeRoot · BornToBeRoot · commit 92c5a615afb3 · 2021-11-21T19:35:35.000+01:00
diff --git a/Source/NETworkManager.Profiles/ProfileManager.cs b/Source/NETworkManager.Profiles/ProfileManager.cs
@@ -256,7 +256,7 @@ public static void EnableEncryption(ProfileFileInfo profileFileInfo, SecureStrin
 
             // Save the encrypted file
             byte[] decryptedBytes = SerializeToByteArray(profiles);
-            byte[] encryptedBytes = CryptoHelper.Encrypt(decryptedBytes, SecureStringHelper.ConvertToString(newProfileFileInfo.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionBlockSize, GlobalStaticConfiguration.Profile_EncryptionIterations);
+            byte[] encryptedBytes = CryptoHelper.Encrypt(decryptedBytes, SecureStringHelper.ConvertToString(newProfileFileInfo.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionIterations);
 
             File.WriteAllBytes(newProfileFileInfo.Path, encryptedBytes);
 
@@ -301,12 +301,12 @@ public static void ChangeMasterPassword(ProfileFileInfo profileFileInfo, SecureS
 
             // Load and decrypt the profiles from the profile file
             var encryptedBytes = File.ReadAllBytes(profileFileInfo.Path);
-            var decryptedBytes = CryptoHelper.Decrypt(encryptedBytes, SecureStringHelper.ConvertToString(password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionBlockSize, GlobalStaticConfiguration.Profile_EncryptionIterations);
+            var decryptedBytes = CryptoHelper.Decrypt(encryptedBytes, SecureStringHelper.ConvertToString(password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionIterations);
             var profiles = DeserializeFromByteArray(decryptedBytes);
 
             // Save the encrypted file
             decryptedBytes = SerializeToByteArray(profiles);
-            encryptedBytes = CryptoHelper.Encrypt(decryptedBytes, SecureStringHelper.ConvertToString(newProfileFileInfo.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionBlockSize, GlobalStaticConfiguration.Profile_EncryptionIterations);
+            encryptedBytes = CryptoHelper.Encrypt(decryptedBytes, SecureStringHelper.ConvertToString(newProfileFileInfo.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionIterations);
 
             File.WriteAllBytes(newProfileFileInfo.Path, encryptedBytes);
 
@@ -346,7 +346,7 @@ public static void DisableEncryption(ProfileFileInfo profileFileInfo, SecureStri
 
             // Load and decrypt the profiles from the profile file
             var encryptedBytes = File.ReadAllBytes(profileFileInfo.Path);
-            var decryptedBytes = CryptoHelper.Decrypt(encryptedBytes, SecureStringHelper.ConvertToString(password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionBlockSize, GlobalStaticConfiguration.Profile_EncryptionIterations);
+            var decryptedBytes = CryptoHelper.Decrypt(encryptedBytes, SecureStringHelper.ConvertToString(password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionIterations);
             var profiles = DeserializeFromByteArray(decryptedBytes);
 
             // Save the decrypted profiles to the profile file
@@ -382,7 +382,7 @@ private static void Load(ProfileFileInfo profileFileInfo)
                 if (profileFileInfo.IsEncrypted)
                 {
                     var encryptedBytes = File.ReadAllBytes(profileFileInfo.Path);
-                    var decryptedBytes = CryptoHelper.Decrypt(encryptedBytes, SecureStringHelper.ConvertToString(profileFileInfo.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionBlockSize, GlobalStaticConfiguration.Profile_EncryptionIterations);
+                    var decryptedBytes = CryptoHelper.Decrypt(encryptedBytes, SecureStringHelper.ConvertToString(profileFileInfo.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionIterations);
 
                     DeserializeFromByteArray(decryptedBytes).ForEach(AddProfile);
 
@@ -428,7 +428,7 @@ public static void Save()
                 if (LoadedProfileFile.IsPasswordValid)
                 {
                     byte[] decryptedBytes = SerializeToByteArray(new List<ProfileInfo>(Profiles));
-                    byte[] encryptedBytes = CryptoHelper.Encrypt(decryptedBytes, SecureStringHelper.ConvertToString(LoadedProfileFile.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionBlockSize, GlobalStaticConfiguration.Profile_EncryptionIterations);
+                    byte[] encryptedBytes = CryptoHelper.Encrypt(decryptedBytes, SecureStringHelper.ConvertToString(LoadedProfileFile.Password), GlobalStaticConfiguration.Profile_EncryptionKeySize, GlobalStaticConfiguration.Profile_EncryptionIterations);
 
                     File.WriteAllBytes(LoadedProfileFile.Path, encryptedBytes);
                 }
diff --git a/Source/NETworkManager.Settings/GlobalStaticConfiguration.cs b/Source/NETworkManager.Settings/GlobalStaticConfiguration.cs
@@ -50,7 +50,6 @@ public static class GlobalStaticConfiguration
         public static double Profile_DefaultWidthExpanded => 250;
         public static double Profile_MaxWidthExpanded => 350;
         public static int Profile_EncryptionKeySize => 256;
-        public static int Profile_EncryptionBlockSize => 128;
         public static int Profile_EncryptionIterations => 1000000;
 
         // Application: Dashboard
diff --git a/Source/NETworkManager.Utilities/CryptoHelper.cs b/Source/NETworkManager.Utilities/CryptoHelper.cs
@@ -1,49 +1,39 @@
-﻿using System.IO;
-using System.Linq;
+﻿using System;
 using System.Security.Cryptography;
 
 namespace NETworkManager.Utilities
 {
     public static class CryptoHelper
     {
+        private static readonly int blockSize = 128;
         /// <summary>
         /// 
         /// </summary>
         /// <param name="decryptedBytes"></param>
         /// <param name="password"></param>
         /// <param name="keySize"></param>
-        /// <param name="blockSize"></param>
         /// <param name="iterations"></param>
         /// <returns></returns>
-        public static byte[] Encrypt(byte[] decryptedBytes, string password, int keySize, int blockSize, int iterations)
+        public static byte[] Encrypt(byte[] decryptedBytes, string password, int keySize, int iterations)
         {
-            var salt = RandomNumberGenerator.GetBytes(keySize / 8); // Generate salt based
-            var iv = RandomNumberGenerator.GetBytes(blockSize / 8); // Generate iv, has to be the same as the block size
+            ReadOnlySpan<byte> salt = RandomNumberGenerator.GetBytes(keySize / 8); // Generate salt based
+            ReadOnlySpan<byte> iv = RandomNumberGenerator.GetBytes(blockSize / 8); // Generate iv, has to be the same as the block size
 
-            using var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, iterations);
-
-            var key = rfc2898DeriveBytes.GetBytes(keySize / 8);
+            byte[] key = Rfc2898DeriveBytes.Pbkdf2(password, salt, iterations, HashAlgorithmName.SHA512, keySize / 8);
 
             using Aes aes = Aes.Create();
+            aes.Key = key;
 
-            aes.KeySize = keySize;
-            aes.BlockSize = blockSize;
-            aes.Mode = CipherMode.CBC;
-            aes.Padding = PaddingMode.PKCS7;
+            int encryptedSize = aes.GetCiphertextLengthCbc(decryptedBytes.Length);
 
-            using var encryptor = aes.CreateEncryptor(key, iv);
-            using var memoryStream = new MemoryStream();
-            using var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
+            byte[] cipher = new byte[salt.Length + iv.Length + encryptedSize];
 
-            cryptoStream.Write(decryptedBytes, 0, decryptedBytes.Length);
-            cryptoStream.FlushFinalBlock();
+            Span<byte> cipherSpan = cipher;
 
-            var cipher = salt;
-            cipher = cipher.Concat(iv).ToArray();
-            cipher = cipher.Concat(memoryStream.ToArray()).ToArray();
+            salt.CopyTo(cipherSpan);
+            iv.CopyTo(cipherSpan[salt.Length..]);
 
-            memoryStream.Close();
-            cryptoStream.Close();
+            int encrypted = aes.EncryptCbc(decryptedBytes, iv, cipherSpan[(salt.Length + iv.Length)..]);
 
             return cipher;
         }
@@ -54,50 +44,20 @@ public static byte[] Encrypt(byte[] decryptedBytes, string password, int keySize
         /// <param name="encryptedBytesWithSaltAndIV"></param>
         /// <param name="password"></param>
         /// <param name="keySize"></param>
-        /// <param name="blockSize"></param>
         /// <param name="iterations"></param>
         /// <returns></returns>
-        public static byte[] Decrypt(byte[] encryptedBytesWithSaltAndIV, string password, int keySize, int blockSize, int iterations)
+        public static byte[] Decrypt(byte[] encryptedBytesWithSaltAndIV, string password, int keySize, int iterations)
         {
-            var salt = encryptedBytesWithSaltAndIV.Take(keySize / 8).ToArray(); // Take salt bytes
-            var iv = encryptedBytesWithSaltAndIV.Skip(keySize / 8).Take(blockSize / 8).ToArray(); // Skip salt bytes, take iv bytes
-            var cipher = encryptedBytesWithSaltAndIV.Skip((keySize / 8) + (blockSize / 8)).Take(encryptedBytesWithSaltAndIV.Length - ((keySize / 8) + (blockSize / 8))).ToArray(); // Skip salt and iv bytes, take cipher bytes
-
-            using var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, iterations);
+            ReadOnlySpan<byte> salt = encryptedBytesWithSaltAndIV.AsSpan(0, keySize / 8); // Take salt bytes
+            ReadOnlySpan<byte> iv = encryptedBytesWithSaltAndIV.AsSpan(keySize / 8, blockSize / 8); // Skip salt bytes, take iv bytes
+            ReadOnlySpan<byte> cipher = encryptedBytesWithSaltAndIV.AsSpan((keySize / 8) + (blockSize / 8));
 
-            var key = rfc2898DeriveBytes.GetBytes(keySize / 8);
+            byte[] key = Rfc2898DeriveBytes.Pbkdf2(password, salt, iterations, HashAlgorithmName.SHA512, keySize / 8);
 
             using Aes aes = Aes.Create();
+            aes.Key = key;
 
-            aes.KeySize = keySize;
-            aes.BlockSize = blockSize;
-            aes.Mode = CipherMode.CBC;
-            aes.Padding = PaddingMode.PKCS7;
-
-            using var decryptor = aes.CreateDecryptor(key, iv);
-            using var memoryStream = new MemoryStream(cipher);
-            using var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
-
-            var text = new byte[cipher.Length];
-
-            //cryptoStream.Read(text, 0, text.Length);
-            // Fix for issue: https://github.com/dotnet/runtime/issues/61535
-
-            int readBytes = 0;
-            while (readBytes < text.Length)
-            {
-                int n = cryptoStream.Read(text, readBytes, text.Length - readBytes);
-
-                if (n == 0)
-                    break;
-
-                readBytes += n;
-            }
-
-            memoryStream.Close();
-            cryptoStream.Close();
-
-            return text;
+            return aes.DecryptCbc(cipher, iv);
         }
     }
 }
