kev/dotnet-niceware-secure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ported to dotnet core, fixed bad random number generator vuln

Browse Source
This commit is contained in:
Kevin Froman 2020-05-25 15:17:41 -05:00
parent 2e2ffa958e
commit df74db7322
7 changed files with 78 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
src/niceware.tests/NicewareTests.cs
View File

@ -1,94 +0,0 @@
using System;
using System.Collections.Generic;
using Xunit;
using niceware;
namespace niceware.tests
{
public class NicewareTests
{
[Theory]
[MemberData(nameof(ToPassphraseData))]
public void ToPassphrase(byte[] bytes, IEnumerable<string> expected)
{
var actual = bytes.ToPassphrase();
Assert.Equal(expected, actual);
}
public static IEnumerable<object[]> ToPassphraseData()
{
yield return new object[] { new byte[0], new string[0] };
yield return new object[] { new byte[] { 0, 0}, new [] { "a" } };
yield return new object[] { new byte[] { 255, 255}, new [] { "zyzzyva" } };
yield return new object[]
{
new byte[] { 0, 0, 17, 212, 12, 140, 90, 247, 46, 83, 254, 60, 54, 169, 255, 255 },
new [] { "a", "bioengineering", "balloted", "gobbledegook", "creneled", "written", "depriving", "zyzzyva" }
};
}
[Theory]
[InlineData(2, 1)]
[InlineData(0, 0)]
[InlineData(8, 4)]
[InlineData(20, 10)]
[InlineData(512, 256)]
public void GeneratePassphrase(int length, int expectedWords)
{
var actual = Niceware.GeneratePassphrase(length);
Assert.Equal(expectedWords, actual.Count);
}
[Theory]
[InlineData(1)]
[InlineData(23)]
public void GeneratePassphrase_OddBytes(int length)
{
var ex = Assert.Throws<ArgumentException>(() => Niceware.GeneratePassphrase(length));
Assert.Equal("Only even-sized byte arrays are supported", ex.Message);
}
[Theory]
[InlineData(1025)]
[InlineData(-1)]
public void GeneratePassphrase_OutOfRange(int length)
{
var ex = Assert.Throws<ArgumentException>(() => Niceware.GeneratePassphrase(length));
Assert.Equal($"Size must be between 0 and {Niceware.MaxPassphraseSize} bytes", ex.Message);
}
[Theory]
[MemberData(nameof(PassphraseToBytesData))]
public void PassphraseToBytes(IEnumerable<string> passphrase, byte[] expected)
{
var actual = passphrase.PassphraseToBytes();
Assert.Equal(expected, actual);
}
public static IEnumerable<object[]> PassphraseToBytesData()
{
yield return new object[] { new [] { "A" }, new byte[] { 0, 0 } };
yield return new object[] { new [] { "zyzzyva" }, new byte[] { 255, 255 } };
yield return new object[]
{
new [] { "A", "bioengineering", "Balloted", "gobbledegooK", "cReneled", "wriTTen", "depriving", "zyzzyva" },
new byte[] { 0, 0, 17, 212, 12, 140, 90, 247, 46, 83, 254, 60, 54, 169, 255, 255 }
};
}
[Fact]
public void PassphraseToBytes_NullOk()
{
var actual = ((string[])null).PassphraseToBytes();
Assert.Equal(new byte[0], actual);
}
[Fact]
public void PassphraseToBytes_InvalidWord()
{
var ex = Assert.Throws<ArgumentException>(() => new [] { "You", "love", "ninetales" }.PassphraseToBytes());
Assert.StartsWith("Invalid word", ex.Message);
}
}
}

14
src/niceware.tests/niceware.tests.csproj
View File

@ -1,14 +0,0 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFrameworks>netcoreapp1.1;net462</TargetFrameworks>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0" />
<PackageReference Include="xunit" Version="2.2.0" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.2.0" />
<ProjectReference Include="../niceware/niceware.csproj" />
</ItemGroup>
</Project>

8
src/niceware/AssemblyInfo.cs
View File

@ -1,8 +0,0 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[assembly: AssemblyProduct("Niceware")]
[assembly: AssemblyVersion("0.1.0.0")]
[assembly: AssemblyFileVersion("0.1.0.0")]
[assembly: AssemblyInformationalVersion("0.1.0.0")]

6
src/niceware/Niceware.cs
View File

@ -6,8 +6,6 @@ namespace niceware
{ {
public static partial class Niceware public static partial class Niceware
{ {
private static Random _random = new Random((int)DateTime.Now.Ticks);
/// <summary>Maximum number of bytes for a passphrase</summary> /// <summary>Maximum number of bytes for a passphrase</summary>
public const int MaxPassphraseSize = 1024; public const int MaxPassphraseSize = 1024;
@ -51,7 +49,9 @@ namespace niceware
} }
var bytes = new Byte[size]; var bytes = new Byte[size];
_random.NextBytes(bytes); var rng = System.Security.Cryptography.RandomNumberGenerator.Create();
rng.GetBytes(bytes);
rng.Dispose();
return new Tuple<List<string>, byte[]>(bytes.ToPassphrase(), bytes); return new Tuple<List<string>, byte[]>(bytes.ToPassphrase(), bytes);
} }

22
src/niceware/niceware.csproj
View File

@ -1,27 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk"> <Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup> <PropertyGroup>
<TargetFrameworks>netstandard1.4;net462</TargetFrameworks> <TargetFramework>netstandard2.0</TargetFramework>
<DebugType>portable</DebugType>
<AssemblyName>Niceware</AssemblyName>
<OutputType>Library</OutputType>
<GenerateAssemblyCompanyAttribute>false</GenerateAssemblyCompanyAttribute>
<GenerateAssemblyProductAttribute>false</GenerateAssemblyProductAttribute>
<GenerateAssemblyConfigurationAttribute>false</GenerateAssemblyConfigurationAttribute>
<GenerateAssemblyCopyrightAttribute>false</GenerateAssemblyCopyrightAttribute>
<GenerateAssemblyVersionAttribute>false</GenerateAssemblyVersionAttribute>
<GenerateAssemblyFileVersionAttribute>false</GenerateAssemblyFileVersionAttribute>
<GenerateAssemblyInformationalVersionAttribute>false</GenerateAssemblyInformationalVersionAttribute>
<PackageVersion>0.1.0.1</PackageVersion>
<Title>Niceware for .NET</Title>
<Authors>Todd Palmer</Authors>
<Description>A library for generating random-yet-memorable passwords</Description>
<PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
<PackageTags>niceware passphrase</PackageTags>
<PackageProjectUrl>https://github.com/trpalmer/dotnet-niceware</PackageProjectUrl>
<RepositoryUrl>https://github.com/trpalmer/dotnet-niceware</RepositoryUrl>
</PropertyGroup> </PropertyGroup>
</Project> </Project>

48
src/tests/NicewareTest.cs Normal file
View File

@ -0,0 +1,48 @@
using NUnit.Framework;
using System;
using niceware;
namespace tests
{
public class Tests
{
[SetUp]
public void Setup()
{
}
[Test]
public void TestToBytes()
{
byte[] bytes = {5, 3, 3, 2, 100, 255};
var pass = Niceware.ToPassphrase(bytes);
string[] expected = {"anatomic", "aliphatic", "homebuilding"};
for (int i = 0; i < expected.Length; i++){
Assert.IsEqual()
}
}
[Test]
public void TestGeneratePassphraseCount()
{
// 2 bytes per word
Assert.IsTrue(Niceware.GeneratePassphrase(4).Count == 2);
}
[Test]
public void TestNoOdd(){
bool success = true;
try{
Niceware.GeneratePassphrase(3);
}
catch(System.ArgumentException){
success = false;
}
Assert.IsFalse(success);
}
}
}

19
src/tests/tests.csproj Normal file
View File

@ -0,0 +1,19 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<IsPackable>false</IsPackable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="nunit" Version="3.12.0" />
<PackageReference Include="NUnit3TestAdapter" Version="3.15.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.4.0" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\niceware\niceware.csproj" />
</ItemGroup>
</Project>