Merge pull request #67 from cantarus/development

Development

Author: Adam Nierzad

DeployClient/API.cs

@@ -16,6 +16,8 @@ class API
 
         private static HttpClient BuildClient()
         {
+            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
+
             HttpClient client = new HttpClient()
             {
                 BaseAddress = new Uri(new Uri(Program.Options.TargetUri), "DesktopModules/PolyDeploy/API/")

DeployClient/Properties/AssemblyInfo.cs

@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("0.8.0.0")]
-[assembly: AssemblyFileVersion("0.8.0.0")]
+[assembly: AssemblyVersion("0.9.3.0")]
+[assembly: AssemblyFileVersion("0.9.3.0")]

DeployClient/gulpfile.js

@@ -33,6 +33,12 @@ gulp.task('post-build-Release', [
     'build-release'
 ]);
 
+gulp.task('pre-build-Debug');
+gulp.task('post-build-Debug');
+
+gulp.task('pre-build-Clients');
+gulp.task('post-build-Clients');
+
 /*
     Clean Bin
     You can't rely on Visual Studio to clean the bin folder, even when calling

DeployClient/package.json

@@ -1,6 +1,6 @@
 {
   "name": "deploy-client",
-  "version": "0.8.0",
+  "version": "0.9.3",
   "main": "gulpfile.js",
   "license": "Apache-2.0",
   "private": true,

DeployClient/project.config.js

@@ -1,3 +1,3 @@
 module.exports = {
-    MODULE_VERSION: '00.08.00'
+    MODULE_VERSION: '00.09.03'
 };

Encryption/Crypto.cs

@@ -17,6 +17,15 @@ public class Crypto
         // This is divided by 8 later to get the equivalent number of bytes.
         private const int KeySize = 256;
 
+        // The AES specification states that the block size must be 128.
+        private const int BlockSize = 128;
+
+        // Initialisation vector size.
+        private const int IvSize = 128;
+
+        // Salt size.
+        private const int SaltSize = 256;
+
         // Determines the number of iterations used during password generation.
         private const int DerivationIterations = 1000;
 
@@ -60,8 +69,8 @@ public static string Encrypt(string plainText, string passPhrase)
         public static byte[] Encrypt(byte[] plainBytes, string passPhrase)
         {
             // Bytes for salt and initialisation vector are generated randomly each time.
-            byte[] saltBytes = Generate256BitsOfRandomEntropy();
-            byte[] ivBytes = Generate256BitsOfRandomEntropy();
+            byte[] saltBytes = GenerateRandomEntropy(SaltSize);
+            byte[] ivBytes = GenerateRandomEntropy(IvSize);
 
             // Prepare store for encrypted bytes.
             byte[] encryptedBytes;
@@ -70,9 +79,9 @@ public static byte[] Encrypt(byte[] plainBytes, string passPhrase)
             {
                 byte[] keyBytes = password.GetBytes(KeySize / 8);
 
-                using (RijndaelManaged symmetricKey = new RijndaelManaged())
+                using (AesManaged symmetricKey = new AesManaged())
                 {
-                    symmetricKey.BlockSize = 256;
+                    symmetricKey.BlockSize = BlockSize;
                     symmetricKey.Mode = CipherMode.CBC;
                     symmetricKey.Padding = PaddingMode.PKCS7;
 
@@ -144,14 +153,22 @@ public static string Decrypt(string encryptedText, string passPhrase)
 
         public static byte[] Decrypt(byte[] encryptedBytesWithSaltAndIv, string passPhrase)
         {
-            // Get the salt bytes by extracting the first 32 bytes.
-            byte[] saltBytes = encryptedBytesWithSaltAndIv.Take(KeySize / 8).ToArray();
-
-            // Get the initialisation vector bytes by extracting the next 32 bytes after the salt.
-            byte[] ivBytes = encryptedBytesWithSaltAndIv.Skip(KeySize / 8).Take(KeySize / 8).ToArray();
-
-            // Get the actual encrypted bytes by removing the first 64 bytes.
-            byte[] encryptedBytes = encryptedBytesWithSaltAndIv.Skip((KeySize / 8) * 2).Take(encryptedBytesWithSaltAndIv.Length - ((KeySize / 8) * 2)).ToArray();
+            // Get the salt bytes by extracting the first (SaltSize / 8) bytes.
+            byte[] saltBytes = encryptedBytesWithSaltAndIv
+                .Take(SaltSize / 8)
+                .ToArray();
+
+            // Get the initialisation vector bytes by extracting the next (IvSize / 8) bytes after the salt.
+            byte[] ivBytes = encryptedBytesWithSaltAndIv
+                .Skip(SaltSize / 8)
+                .Take(IvSize / 8)
+                .ToArray();
+
+            // Get the actual encrypted bytes by removing the salt and iv bytes.
+            byte[] encryptedBytes = encryptedBytesWithSaltAndIv
+                .Skip((SaltSize / 8) + (IvSize / 8))
+                .Take(encryptedBytesWithSaltAndIv.Length - ((SaltSize / 8) + (IvSize / 8)))
+                .ToArray();
 
             // Prepare store for decrypted string and bytes read.
             byte[] plainTextBytes;
@@ -161,9 +178,9 @@ public static byte[] Decrypt(byte[] encryptedBytesWithSaltAndIv, string passPhra
             {
                 byte[] keyBytes = password.GetBytes(KeySize / 8);
 
-                using (RijndaelManaged symmetricKey = new RijndaelManaged())
+                using (AesManaged symmetricKey = new AesManaged())
                 {
-                    symmetricKey.BlockSize = 256;
+                    symmetricKey.BlockSize = BlockSize;
                     symmetricKey.Mode = CipherMode.CBC;
                     symmetricKey.Padding = PaddingMode.PKCS7;
 
@@ -187,14 +204,9 @@ public static byte[] Decrypt(byte[] encryptedBytesWithSaltAndIv, string passPhra
             return plainTextBytes.Take(decryptedByteCount).ToArray();
         }
 
-        private static byte[] Generate256BitsOfRandomEntropy()
+        private static byte[] GenerateRandomEntropy(int bitCount)
         {
-            byte[] randomBytes = new byte[32];
-
-            using (RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider())
-            {
-                rngCsp.GetBytes(randomBytes);
-            }
+            byte[] randomBytes = CryptoUtilities.GenerateRandomBytes(bitCount / 8);
 
             return randomBytes;
         }

Encryption/CryptoUtilities.cs

@@ -0,0 +1,67 @@
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Cantarus.Libraries.Encryption
+{
+    /// <summary>
+    /// Provides useful utility methods which may not easily be grouped
+    /// elsewhere.
+    /// </summary>
+    public static class CryptoUtilities
+    {
+        /// <summary>
+        /// Generates a byte array of the length specified filled with random
+        /// bytes.
+        /// </summary>
+        /// <param name="length"></param>
+        /// <returns></returns>
+        public static byte[] GenerateRandomBytes(int length)
+        {
+            // Create a new byte array of the size required.
+            byte[] bytes = new byte[length];
+
+            using (RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider())
+            {
+                // Fill it with random bytes.
+                rngCsp.GetBytes(bytes);
+            }
+
+            return bytes;
+        }
+
+        public static string SHA256HashString(string value)
+        {
+            byte[] bytes = SHA256HashBytes(value);
+
+            string hash = "";
+
+            for(int i = 0; i< bytes.Length; i++)
+            {
+                hash = string.Format("{0}{1:X2}", hash, bytes[i]);
+            }
+
+            return hash;
+        }
+
+        /// <summary>
+        /// Hashes the passed value using the SHA256 algorithm.
+        /// </summary>
+        /// <param name="value"></param>
+        /// <returns></returns>
+        public static byte[] SHA256HashBytes(string value)
+        {
+            // Convert string to byte array.
+            byte[] bytes = Encoding.UTF8.GetBytes(value);
+
+            byte[] hashedBytes;
+
+            using (SHA256 sha = new SHA256Managed())
+            {
+                // Hash bytes.
+                hashedBytes = sha.ComputeHash(bytes);
+            }
+
+            return hashedBytes;
+        }
+    }
+}

Encryption/Encryption.csproj

@@ -43,6 +43,7 @@
   <ItemGroup>
     <Compile Include="Crypto.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="CryptoUtilities.cs" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
 </Project>

EncryptionTests/EncryptionTests.cs

@@ -0,0 +1,62 @@
+using Cantarus.Libraries.Encryption;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using System.IO;
+using System.Text;
+
+namespace EncryptionTests
+{
+    [TestClass]
+    public class EncryptionTests
+    {
+        private const int Iterations = 100;
+
+        [TestMethod]
+        public void EncryptString_RandomString_ObfuscatedAfterEncryption()
+        {
+            for (int i = 0; i < Iterations; i++)
+            {
+                string passPhrase = TestUtilities.GeneratePassPhrase();
+                string beforeString = Encoding.UTF8.GetString(TestUtilities.GeneratePayload());
+
+                string encryptedString = Crypto.Encrypt(beforeString, passPhrase);
+
+                Assert.AreNotEqual(beforeString, encryptedString);
+            }
+        }
+
+        [TestMethod]
+        public void EncryptBytes_RandomBytes_ObfuscatedAfterEncryption()
+        {
+            for (int i = 0; i < Iterations; i++)
+            {
+                string passPhrase = TestUtilities.GeneratePassPhrase();
+                byte[] beforeBytes = TestUtilities.GeneratePayload();
+
+                byte[] encryptedBytes = Crypto.Encrypt(beforeBytes, passPhrase);
+
+                CollectionAssert.AreNotEqual(beforeBytes, encryptedBytes);
+            }
+        }
+
+        [TestMethod]
+        public void EncryptStream_StreamOfRandomBytes_ObfuscatedAfterEncryption()
+        {
+            for (int i = 0; i < Iterations; i++)
+            {
+                string passPhrase = TestUtilities.GeneratePassPhrase();
+                byte[] beforeBytes = TestUtilities.GeneratePayload();
+                byte[] encryptedBytes;
+
+                using (MemoryStream plainStream = new MemoryStream(beforeBytes))
+                {
+                    using (MemoryStream encryptedSteam = (MemoryStream)Crypto.Encrypt(plainStream, passPhrase))
+                    {
+                        encryptedBytes = encryptedSteam.ToArray();
+                    }
+                }
+
+                CollectionAssert.AreNotEqual(beforeBytes, encryptedBytes);
+            }
+        }
+    }
+}

EncryptionTests/EncryptionTests.csproj

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.props" Condition="Exists('..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{566818D4-11AE-4C96-821E-91C1C616D19B}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>EncryptionTests</RootNamespace>
+    <AssemblyName>EncryptionTests</AssemblyName>
+    <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <ProjectTypeGuids>{3AC096D0-A1C2-E12C-1390-A8335801FDAB};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">15.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+    <ReferencePath>$(ProgramFiles)\Common Files\microsoft shared\VSTT\$(VisualStudioVersion)\UITestExtensionPackages</ReferencePath>
+    <IsCodedUITest>False</IsCodedUITest>
+    <TestProjectType>UnitTest</TestProjectType>
+    <NuGetPackageImportStamp>
+    </NuGetPackageImportStamp>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualStudio.TestPlatform.TestFramework, Version=14.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\MSTest.TestFramework.1.2.1\lib\net45\Microsoft.VisualStudio.TestPlatform.TestFramework.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions, Version=14.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\MSTest.TestFramework.1.2.1\lib\net45\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="EncryptionTests.cs" />
+    <Compile Include="TestUtilities.cs" />
+    <Compile Include="RoundTripTests.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="packages.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Encryption\Encryption.csproj">
+      <Project>{ab5a3320-f260-42ee-8f19-ccf7546ca511}</Project>
+      <Name>Encryption</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.props'))" />
+    <Error Condition="!Exists('..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.targets'))" />
+  </Target>
+  <Import Project="..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.targets" Condition="Exists('..\packages\MSTest.TestAdapter.1.2.1\build\net45\MSTest.TestAdapter.targets')" />
+</Project>

EncryptionTests/Properties/AssemblyInfo.cs

@@ -0,0 +1,20 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+[assembly: AssemblyTitle("EncryptionTests")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("EncryptionTests")]
+[assembly: AssemblyCopyright("Copyright ©  2019")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+[assembly: ComVisible(false)]
+
+[assembly: Guid("566818d4-11ae-4c96-821e-91c1c616d19b")]
+
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]