EonaCat
/
EonaCat.Connections
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added AesPassword

This commit is contained in:
Jeroen Saey 2025-08-21 07:45:14 +02:00
parent bdf2d1b935
commit 9564e2002d
6 changed files with 696 additions and 683 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
EonaCat.Connections.Client/Program.cs
View File

@ -52,7 +52,8 @@ namespace EonaCat.Connections.Client.Example
Host = "127.0.0.1",
Port = 1111,
UseSsl = false,
UseAesEncryption = false,
UseAesEncryption = true,
AesPassword = "p@ss",
//ServerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2("client.pfx", "p@ss"),
};

3
EonaCat.Connections.Server/Program.cs
View File

@ -37,8 +37,9 @@ namespace EonaCat.Connections.Server.Example
Protocol = ProtocolType.TCP,
Port = 1111,
UseSsl = false,
UseAesEncryption = false,
UseAesEncryption = true,
MaxConnections = 100000,
AesPassword = "p@ss",
//ServerCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2("server.pfx", "p@ss"),
};

20
EonaCat.Connections/Helpers/AesKeyExchange.cs
View File

@ -13,7 +13,7 @@ namespace EonaCat.Connections.Helpers
/// <param name="stream"></param>
/// <param name="aes"></param>
/// <returns></returns>
public static async Task<Aes> SendAesKeyAsync(Stream stream, Aes aes)
public static async Task<Aes> SendAesKeyAsync(Stream stream, Aes aes, string password = null)
{
var rawKey = aes.Key;
var iv = aes.IV;
@ -29,8 +29,12 @@ namespace EonaCat.Connections.Helpers
await WriteBytesWithLengthAsync(stream, salt);
await stream.FlushAsync();
// Derive stronger key using PBKDF2-SHA256 + salt + pepper
var derivedKey = PBKDF2_SHA256(Combine(rawKey, Encoding.UTF8.GetBytes(Pepper)), salt, 100_000, 32);
// Derive key using PBKDF2-SHA256 + salt + password + pepper
if (string.IsNullOrEmpty(password))
{
password = "EonaCat.Connections";
}
var derivedKey = PBKDF2_SHA256(Combine(Combine(rawKey, Encoding.UTF8.GetBytes(password)), Encoding.UTF8.GetBytes(Pepper)), salt, 100_000, 32);
aes.Key = derivedKey;
return aes;
@ -41,13 +45,19 @@ namespace EonaCat.Connections.Helpers
/// </summary>
/// <param name="stream"></param>
/// <returns></returns>
public static async Task<Aes> ReceiveAesKeyAsync(Stream stream)
public static async Task<Aes> ReceiveAesKeyAsync(Stream stream, string password = null)
{
var rawKey = await ReadBytesWithLengthAsync(stream);
var iv = await ReadBytesWithLengthAsync(stream);
var salt = await ReadBytesWithLengthAsync(stream);
var derivedKey = PBKDF2_SHA256(Combine(rawKey, Encoding.UTF8.GetBytes(Pepper)), salt, 100_000, 32);
if (string.IsNullOrEmpty(password))
{
password = "EonaCat.Connections";
}
// Derived key using PBKDF2-SHA256 + salt + password + pepper
var derivedKey = PBKDF2_SHA256(Combine(Combine(rawKey, Encoding.UTF8.GetBytes(password)), Encoding.UTF8.GetBytes(Pepper)), salt, 100_000, 32);
Aes _aesEncryption = Aes.Create();
_aesEncryption.Key = derivedKey;

1
EonaCat.Connections/Models/Configuration.cs
View File

@ -23,5 +23,6 @@ namespace EonaCat.Connections.Models
// For testing purposes, allow self-signed certificates
public bool IsSelfSignedEnabled { get; set; } = true;
public string AesPassword { get; set; }
}
}

2
EonaCat.Connections/NetworkClient.cs
View File

@ -79,7 +79,7 @@ namespace EonaCat.Connections
{
try
{
_aesEncryption = await AesKeyExchange.ReceiveAesKeyAsync(stream);
_aesEncryption = await AesKeyExchange.ReceiveAesKeyAsync(stream, _config.AesPassword);
}
catch (Exception ex)
{

2
EonaCat.Connections/NetworkServer.cs
View File

@ -160,7 +160,7 @@ namespace EonaCat.Connections
client.IsEncrypted = true;
// Securely send raw AES key + IV + salt
await AesKeyExchange.SendAesKeyAsync(stream, client.AesEncryption);
await AesKeyExchange.SendAesKeyAsync(stream, client.AesEncryption, _config.AesPassword);
}
catch (Exception ex)
{