Added additional logic for the Database File encryption

- Added Method for converting a Byte[] to a Char[] to be able to do not allocate a String The First implementation Hashed the Password with associated Data because of that we wasn't able to get the Version of the Database To encrypt the Passwords we will now convert the password bytes to a base64 char array and reverse it by that we can change the Hash result to add an extra step for an attacker
FrozenAssassine · Flamifly · Dec 30, 2024 · Jan 2, 2025 · Jan 2, 2025 · Jan 2, 2025
commit 42016a1b48bf05e7f6620ae9db7eb2b434e7512c
diff --git a/EasePass/Core/Database/Database.cs b/EasePass/Core/Database/Database.cs
@@ -15,11 +15,8 @@ copies or substantial portions of the Software.
 */
 
 using EasePass.Core.Database.Format;
-using EasePass.Dialogs;
-using EasePass.Helper;
 using EasePass.Models;
 using EasePass.Settings;
-using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;

diff --git a/EasePass/Core/Database/Format/epdb/MainDatabaseLoader.cs b/EasePass/Core/Database/Format/epdb/MainDatabaseLoader.cs
@@ -1,10 +1,13 @@
 using EasePass.Core.Database.Format.Serialization;
 using EasePass.Dialogs;
+using EasePass.Extensions;
 using EasePass.Helper;
 using EasePass.Models;
 using System;
+using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Security;
 using System.Text;
 using System.Threading.Tasks;
@@ -53,9 +56,10 @@ internal class MainDatabaseLoader : IDatabaseLoader
             }
             else
             {
-
-
-                //pass = HashHelper.HashPasswordWithArgon2id()
+                char[] base64 = password.ToBytes().ToBase64();
+                Array.Reverse(base64);
+                pass = HashHelper.HashPasswordWithArgon2id(base64, salt, associatedData);
+                base64.ZeroOut();
             }
 
             if (!IDatabaseLoader.DecryptData(database.Data, pass, showWrongPasswordError, out data))
@@ -90,7 +94,9 @@ internal class MainDatabaseLoader : IDatabaseLoader
             }
             else
             {
-                pass = HashHelper.HashPasswordWithArgon2id(password, salt, associatedData);
+                char[] base64 = password.ToBytes().ToBase64();
+                Array.Reverse(base64);
+                pass = HashHelper.HashPasswordWithArgon2id(base64, salt, associatedData);
             }
 
             if (!IDatabaseLoader.DecryptData(database.Data, pass, showWrongPasswordError, out string data))
@@ -116,7 +122,9 @@ public static bool Save(string path, SecureString password, SecureString secondF
 
             if (secondFactor == null)
             {
-                pass = HashHelper.HashPasswordWithArgon2id(password, salt, associatedData);
+                char[] base64 = password.ToBytes().ToBase64();
+                Array.Reverse(base64);
+                pass = HashHelper.HashPasswordWithArgon2id(base64, salt, associatedData);
                 data = EncryptDecryptHelper.EncryptStringAES(json, pass);
             }
             else
@@ -135,7 +143,7 @@ public static bool Save(string path, SecureString password, SecureString secondF
 
             if (secondFactor != null)
             {
-                pass = HashHelper.HashPasswordWithArgon2id(password, salt, associatedData);
+                pass = HashHelper.HashPasswordWithArgon2id(password, salt);
             }
             data = EncryptDecryptHelper.EncryptStringAES(json, pass);
 

diff --git a/EasePass/Extensions/ByteArrayExtension.cs b/EasePass/Extensions/ByteArrayExtension.cs
@@ -0,0 +1,62 @@
+using System.Collections.Generic;
+using System;
+using System.Linq;
+
+namespace EasePass.Extensions
+{
+    internal static class ByteArrayExtension
+    {
+        private readonly static char[] base64ByteTo = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".ToCharArray();
+
+        /// <summary>
+        /// Converts the <paramref name="input"/> to a Base64 <see cref="char"/>[]
+        /// </summary>
+        /// <param name="input">The <see cref="byte"/>[], which should be converted to Base64</param>
+        /// <returns>Returns the <paramref name="input"/> as Base64 <see cref="char"/>[]</returns>
+        public static char[] ToBase64(this byte[] input)
+        {
+            // Base64 encodes in blocks of 3 bytes. Each block becomes 4 base64 characters.
+            int nChars = (int)Math.Ceiling((double)input.Length / 3) * 4;
+            char[] outBase64Chars = new char[nChars];
+
+            int iByte = 0, iBit = 7, iBase64Bits = 0, iBase64Chars = 0;
+            byte base64Byte = 0;
+
+            // Walk byte by byte on the input, traversing bits from 7 to 0. Along the way, convert every group of 6 into base64
+            int length = input.Length;
+            while (iByte < length)
+            {
+                base64Byte = (byte)(
+                    (byte)(base64Byte << 1) |
+                    (Convert.ToBoolean(input[iByte] & (byte)(1 << iBit)) ? (byte)1 : (byte)0));
+
+                iBase64Bits++;
+                iBit--;
+                // If we have gotten 6 base64 bits, convert them into a char.
+                if (iBase64Bits % 6 == 0)
+                {
+                    outBase64Chars[iBase64Chars] = base64ByteTo[base64Byte];
+                    base64Byte = 0;
+                    iBase64Bits = 0;
+                    iBase64Chars++;
+                }
+                // If we are done with bits in current byte, advance to next byte
+                if (iBit < 0)
+                {
+                    iByte++;
+                    iBit = 7;
+                }
+            }
+
+            // Padding if last block has less than 3 bytes.
+            // if block has only 1 byte, give 1 char padding.
+            // if block has 2 bytes, give one more char padding
+            if (iByte % 3 > 0 || iByte % 3 > 1)
+            {
+                outBase64Chars[iBase64Chars] = '=';
+                iBase64Chars++;
+            }
+            return outBase64Chars;
+        }
+    }
+}
diff --git a/EasePass/Extensions/CharArrayExtension.cs b/EasePass/Extensions/CharArrayExtension.cs
@@ -0,0 +1,25 @@
+namespace EasePass.Extensions
+{
+    /// <summary>
+    /// Includes every Extension for the <see cref="char"/>[]
+    /// </summary>
+    internal static class CharArrayExtension
+    {
+        #region ZeroOut
+        /// <summary>
+        /// Zeros out the given <paramref name="chars"/>
+        /// </summary>
+        /// <param name="chars">The <see cref="char"/>[], which should be zero out</param>
+        /// <returns>Returns the Zero out Array</returns>
+        public static char[] ZeroOut(this char[] chars)
+        {
+            int length = chars.Length;
+            for (int i = 0; i < length; i++)
+            {
+                chars[i] = '\0';
+            }
+            return chars;
+        }
+        #endregion
+    }
+}
diff --git a/EasePass/Extensions/CharExtension.cs b/EasePass/Extensions/CharExtension.cs
@@ -1,10 +1,11 @@
 namespace EasePass.Extensions
 {
     /// <summary>
-    /// Includes every Extension for the <see cref="char"/>[]
+    /// Includes every Extension for the <see cref="char"/>
     /// </summary>
     internal static class CharExtension
     {
+        #region IsSpecialChar
         /// <summary>
         /// Checks if the given <paramref name="c"/> is a Special Character
         /// </summary>
@@ -54,5 +55,6 @@ public static bool IsSpecialChar(this char c)
                     return false;
             }
         }
+        #endregion
     }
-}
+}
diff --git a/EasePass/Helper/HashHelper.cs b/EasePass/Helper/HashHelper.cs
@@ -15,7 +15,6 @@ copies or substantial portions of the Software.
 */
 
 using EasePass.Extensions;
-using EasePass.Helper;
 using Konscious.Security.Cryptography;
 using System;
 using System.IO;
@@ -40,12 +39,50 @@ internal class HashHelper
         /// <returns>Returns the Hash of the <paramref name="password"/> with the given <paramref name="hashLength"/>.
         /// If the <paramref name="password"/> is equal to <see langword="null"/> <see cref="Array.Empty{T}"/> will be returned.</returns>
         public static byte[] HashPasswordWithArgon2id(SecureString password, byte[] salt, byte[] associatedData = null, int degreeOfParallelism = 10, int iterations = 10, int memorySize = 256_000, int hashLength = 256)
+        {
+            if (password == null)
+                return Array.Empty<byte>();
+
+            return HashPasswordWithArgon2id(password.ToBytes(), salt, associatedData);
+        }
+        /// <summary>
+        /// Hashes the given <paramref name="password"/> with the Argon2id Algorithm
+        /// </summary>
+        /// <param name="password">The Password, which should be hashed</param>
+        /// <param name="salt">The Salt, which should be used for the hash</param>
+        /// <param name="associatedData">The Associated Data for the Hash</param>
+        /// <param name="degreeOfParallelism">The degree of Parallelism</param>
+        /// <param name="iterations">The amount of iterations for the hash</param>
+        /// <param name="memorySize">The amount of Memory, which should be uused</param>
+        /// <param name="hashLength">The length of the Hash</param>
+        /// <returns>Returns the Hash of the <paramref name="password"/> with the given <paramref name="hashLength"/>.
+        /// If the <paramref name="password"/> is equal to <see langword="null"/> <see cref="Array.Empty{T}"/> will be returned.</returns>
+        public static byte[] HashPasswordWithArgon2id(char[] password, byte[] salt, byte[] associatedData = null, int degreeOfParallelism = 10, int iterations = 10, int memorySize = 256_000, int hashLength = 256)
+        {
+            if (password == null)
+                return Array.Empty<byte>();
+
+            return HashPasswordWithArgon2id(Encoding.UTF8.GetBytes(password), salt, associatedData);
+        }
+        /// <summary>
+        /// Hashes the given <paramref name="password"/> with the Argon2id Algorithm
+        /// </summary>
+        /// <param name="password">The Password, which should be hashed</param>
+        /// <param name="salt">The Salt, which should be used for the hash</param>
+        /// <param name="associatedData">The Associated Data for the Hash</param>
+        /// <param name="degreeOfParallelism">The degree of Parallelism</param>
+        /// <param name="iterations">The amount of iterations for the hash</param>
+        /// <param name="memorySize">The amount of Memory, which should be uused</param>
+        /// <param name="hashLength">The length of the Hash</param>
+        /// <returns>Returns the Hash of the <paramref name="password"/> with the given <paramref name="hashLength"/>.
+        /// If the <paramref name="password"/> is equal to <see langword="null"/> <see cref="Array.Empty{T}"/> will be returned.</returns>
+        public static byte[] HashPasswordWithArgon2id(byte[] password, byte[] salt, byte[] associatedData = null, int degreeOfParallelism = 10, int iterations = 10, int memorySize = 256_000, int hashLength = 256)
         {
             if (password == null)
                 return Array.Empty<byte>();
 
             byte[] hash;
-            using (Argon2id Argon2id = new Argon2id(password.ToBytes()))
+            using (Argon2id Argon2id = new Argon2id(password))
             {
                 Argon2id.Salt = salt;
                 Argon2id.DegreeOfParallelism = degreeOfParallelism;