block encryption changed to counter to avoid packet repeating attacks

Author: force-net

Blazer.Net.Tests/EncryptionTests.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography;
@@ -148,5 +149,83 @@ public void Different_Paddings_Should_Not_Cause_Errors()
 			Assert.That(len, Is.EqualTo(data.Length));
 			CollectionAssert.AreEqual(data, data2.Take(data.Length));
 		}
+
+		[Test]
+		public void Compare_Random_And_CryptoRandom_Peformance()
+		{
+			var b = new byte[32];
+			var crypto = RandomNumberGenerator.Create();
+			var usual = new Random();
+			var sw = Stopwatch.StartNew();
+			var total = 0;
+			while (sw.ElapsedMilliseconds < 1000)
+			{
+				crypto.GetBytes(b);
+				total += b.Length;
+			}
+
+			Console.WriteLine(total / sw.Elapsed.TotalSeconds);
+			sw.Restart();
+
+			while (sw.ElapsedMilliseconds < 1000)
+			{
+				usual.NextBytes(b);
+				total += b.Length;
+			}
+
+			Console.WriteLine(total / sw.Elapsed.TotalSeconds);
+		}
+
+		[Test]
+		public void Check_Encrypt_Peformance()
+		{
+			var b = new byte[65530];
+			var eh = new EncryptHelper("habahaba", 65536);
+			var sw = Stopwatch.StartNew();
+			var total = 0;
+			while (sw.ElapsedMilliseconds < 1000)
+			{
+				eh.Encrypt(b, 0, b.Length);
+				total += b.Length;
+			}
+
+			Console.WriteLine(total / 1048576.0 / sw.Elapsed.TotalSeconds);
+			sw.Restart();
+		}
+
+		[Test]
+		public void Duplicate_Data_Blocks_Should_Be_Catched_on_Decryption()
+		{
+			var data = Encoding.UTF8.GetBytes("some compressible not very long string. some some some.");
+			var blazerCompressionOptions = BlazerCompressionOptions.CreateStream();
+			blazerCompressionOptions.SetEncoderByAlgorithm(BlazerAlgorithm.NoCompress);
+			blazerCompressionOptions.Password = "123";
+			blazerCompressionOptions.IncludeFooter = false;
+			blazerCompressionOptions.FlushMode = BlazerFlushMode.AutoFlush;
+			var stream1 = new MemoryStream();
+			var stream2 = new MemoryStream();
+			var inps = new BlazerInputStream(stream1, blazerCompressionOptions);
+
+			// writing some test data
+			inps.Write(new byte[100], 0, 100);
+			var data1 = new byte[stream1.Length];
+			stream1.Position = 0;
+			stream1.Read(data1, 0, data1.Length);
+			stream1.SetLength(0);
+			// writing just one block
+			inps.Write(new byte[] { 1, 2, 3, 4, 5, 6, 7, 0 }, 0, 8);
+			var data2 = new byte[stream1.Length];
+			stream1.Position = 0;
+			stream1.Read(data2, 0, data2.Length);
+			stream1.SetLength(0);
+
+			stream2.Write(data1, 0, data1.Length);
+			stream2.Write(data2, 0, data2.Length);
+			// duplicated block
+			stream2.Write(data2, 0, data2.Length);
+			stream2.Position = 0;
+			var os = new BlazerOutputStream(stream2, new BlazerDecompressionOptions("123"));
+			Assert.Throws<InvalidOperationException>(() => os.CopyTo(new MemoryStream()), "Invalid encrypted block. Duplicated or damaged.");
+		}
 	}
 }

Blazer.Net/Blazer.Net.csproj

@@ -65,7 +65,7 @@
     <Compile Include="Algorithms\BufferInfo.cs" />
     <Compile Include="BlazerFlushMode.cs" />
     <Compile Include="BlazerPatternedHelper.cs" />
-    <Compile Include="Encyption\ISO10126TransformEmulator.cs" />
+    <Compile Include="Encyption\Iso10126TransformEmulator.cs" />
     <Compile Include="Helpers\FileHeaderHelper.cs" />
     <Compile Include="Algorithms\StreamEncoderHigh.cs" />
     <Compile Include="Algorithms\Crc32C\Crc32C.cs" />

Blazer.Net/Encyption/DecryptHelper.cs

@@ -3,6 +3,7 @@
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography;
+using System.Threading;
 
 using Force.Blazer.Algorithms;
 
@@ -51,6 +52,10 @@ public override int GetHeaderLength()
 			return 24;
 		}
 
+		private long _counter;
+
+		private bool _useCounter;
+
 		public override void Init(byte[] buffer, int maxBlockSize)
 		{
 			if (buffer.Length != GetHeaderLength())
@@ -73,20 +78,45 @@ public override void Init(byte[] buffer, int maxBlockSize)
 			{
 				var toEncrypt = new byte[16];
 				Buffer.BlockCopy(buffer, 8, toEncrypt, 0, 8);
-				Buffer.BlockCopy(new[] { (byte)'B', (byte)'l', (byte)'a', (byte)'z', (byte)'e', (byte)'r', (byte)'!', (byte)'!' }, 0, toEncrypt, 8, 8);
+				Buffer.BlockCopy(new[] { (byte)'B', (byte)'l', (byte)'a', (byte)'z', (byte)'e', (byte)'r', (byte)'!', (byte)'?' }, 0, toEncrypt, 8, 8);
 				var encoded = encryptor.TransformFinalBlock(toEncrypt, 0, 16);
 				if (encoded.Take(8).Where((t, i) => buffer[i + 16] != t).Any())
-					throw new InvalidOperationException("Invalid password");
+				{
+					// trying second variant
+					toEncrypt[15] = (byte)'!';
+					encoded = encryptor.TransformFinalBlock(toEncrypt, 0, 16);
+					if (encoded.Take(8).Where((t, i) => buffer[i + 16] != t).Any())
+					{
+						throw new InvalidOperationException("Invalid password");
+					}
+					else
+					{
+						_useCounter = false;
+					}
+				}
+				else
+				{
+					_useCounter = true;
+					_counter = 0;
+				}
 			}
 		}
 
 		public override BufferInfo Decrypt(byte[] data, int offset, int length)
 		{
 			using (var decryptor = _aes.CreateDecryptor())
 			{
-				var cnt = decryptor.TransformBlock(data, offset, length - offset, _buffer, 0);
-				// dummy data in header (8)
-				return new BufferInfo(_buffer, 8, cnt);
+				var ob = _buffer;
+				var cnt = decryptor.TransformBlock(data, offset, length - offset, ob, 0);
+				if (_useCounter)
+				{
+					var cv = ((long)ob[0] << 0) | ((long)ob[1] << 8) | ((long)ob[2] << 16) | ((long)ob[3] << 24) | ((long)ob[4] << 32) | ((long)ob[5] << 40) | ((long)ob[6] << 48) | ((long)ob[7] << 56);
+					if (_counter++ != cv)
+						throw new InvalidOperationException("Invalid encrypted block. Duplicated or damaged.");
+				}
+
+				// else dummy data in header (8)
+				return new BufferInfo(ob, 8, cnt);
 			}
 		}
 

Blazer.Net/Encyption/EncryptHelper.cs

@@ -2,12 +2,13 @@
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Security.Cryptography;
+using System.Threading;
 
 using Force.Blazer.Algorithms;
 
 namespace Force.Blazer.Encyption
 {
-	internal class NullEncryptHelper
+	public class NullEncryptHelper
 	{
 		public virtual BufferInfo Encrypt(byte[] data, int offset, int length)
 		{
@@ -21,7 +22,7 @@ public virtual byte[] AppendHeader(byte[] header)
 	}
 
 	[SuppressMessage("StyleCop.CSharp.MaintainabilityRules", "SA1402:FileMayOnlyContainASingleClass", Justification = "Reviewed. Suppression is OK here.")]
-	internal class EncryptHelper : NullEncryptHelper
+	public class EncryptHelper : NullEncryptHelper
 	{
 		private const int PrefixSize = 8;
 
@@ -33,6 +34,8 @@ internal class EncryptHelper : NullEncryptHelper
 
 		private readonly RandomNumberGenerator _rng;
 
+		private readonly Random _random;
+
 		private readonly byte[] _buffer;
 
 		private readonly byte[] _randomBlock8;
@@ -56,6 +59,7 @@ public EncryptHelper(string password, int maxBufferSize)
 			// this is fine for fast checking "is password correct", but does not
 			// give full information about is it the required password
 			_rng = RandomNumberGenerator.Create();
+			_random = new Random();
 			var salt = new byte[8];
 			_rng.GetBytes(salt);
 			var pass = new Rfc2898DeriveBytes(password, salt, PbkIterations);
@@ -64,7 +68,7 @@ public EncryptHelper(string password, int maxBufferSize)
 			// zero. it is ok - we use data with salted random and do not need to use additional IV here
 			_aes.IV = new byte[16];
 			_aes.Mode = CipherMode.CBC;
-			_aes.Padding = PaddingMode.Zeros; // other padding will add additional block, we manually will add random padding
+			_aes.Padding = PaddingMode.None; // other padding will add additional block, we manually will add random padding
 			_headerToWrite = new byte[24];
 
 			var random = new byte[8];
@@ -73,18 +77,26 @@ public EncryptHelper(string password, int maxBufferSize)
 
 			Buffer.BlockCopy(random, 0, toEncrypt, 0, 8);
 
-			Buffer.BlockCopy(new[] { (byte)'B', (byte)'l', (byte)'a', (byte)'z', (byte)'e', (byte)'r', (byte)'!', (byte)'!' }, 0, toEncrypt, 8, 8);
+			Buffer.BlockCopy(new[] { (byte)'B', (byte)'l', (byte)'a', (byte)'z', (byte)'e', (byte)'r', (byte)'!', (byte)'?' }, 0, toEncrypt, 8, 8);
 
 			Buffer.BlockCopy(salt, 0, _headerToWrite, 0, 8);
 			Buffer.BlockCopy(random, 0, _headerToWrite, 8, 8);
 
+			// currently, we use salt for password, so every encryption has own key, as result we do not need to use other values for counter
+			// nonce is useful when password is static
+			// _counter = ((long)salt[0] << 0) | ((long)salt[1] << 8) | ((long)salt[2] << 16) | ((long)salt[3] << 24) | ((long)salt[4] << 32) | ((long)salt[5] << 40) | ((long)salt[6] << 48) | ((long)salt[7] << 56);
+			_counter = 0;
+
 			using (var encryptor = _aes.CreateEncryptor())
 			{
 				var encoded = encryptor.TransformFinalBlock(toEncrypt, 0, 16);
 				Buffer.BlockCopy(encoded, 0, _headerToWrite, 16, 8);
 			}
 		}
 
+		private long _counter;
+
+		[SuppressMessage("StyleCop.CSharp.ReadabilityRules", "SA1107:CodeMustNotContainMultipleStatementsOnOneLine", Justification = "Reviewed. Suppression is OK here.")]
 		public override BufferInfo Encrypt(byte[] data, int offset, int length)
 		{
 			var count = length - offset;
@@ -93,16 +105,21 @@ public override BufferInfo Encrypt(byte[] data, int offset, int length)
 			// this is will elimitate CBC problem with same blocks (if data is repeatable) 
 			using (var encryptor = _aes.CreateEncryptor())
 			{
-				_rng.GetBytes(_randomBlock8);
+				// currently, we're not supporting multi-threading, so, we do not need to use Interlocked operations
+				var c = _counter++;
+				_buffer[0] = (byte)((c >> 00) & 0xff); _buffer[1] = (byte)((c >> 08) & 0xff); _buffer[2] = (byte)((c >> 16) & 0xff); _buffer[3] = (byte)((c >> 24) & 0xff);
+				_buffer[4] = (byte)((c >> 32) & 0xff); _buffer[5] = (byte)((c >> 40) & 0xff); _buffer[6] = (byte)((c >> 48) & 0xff); _buffer[7] = (byte)((c >> 56) & 0xff); 
+				// _rng.GetBytes(_randomBlock8);
 				// copying prefix
-				Buffer.BlockCopy(_randomBlock8, 0, _buffer, 0, PrefixSize);
+				// Buffer.BlockCopy(_randomBlock8, 0, _buffer, 0, PrefixSize);
 
 				// copying real data
 				Buffer.BlockCopy(data, offset, _buffer, PrefixSize, count);
 
 				var addRandomCnt = 16 - ((count + PrefixSize) & 15);
 				if (addRandomCnt < 16)
 				{
+					// here is no security required, but it faster
 					_rng.GetBytes(_randomBlock16);
 					Buffer.BlockCopy(_randomBlock16, 0,  _buffer, PrefixSize + count, addRandomCnt);
 				}

Blazer.Net/Properties/AssemblyInfo.cs

@@ -31,5 +31,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("0.9.4.0")]
-[assembly: AssemblyFileVersion("0.9.4.12")]
+[assembly: AssemblyVersion("0.10.0.0")]
+[assembly: AssemblyFileVersion("0.10.0.13")]