Use RNGCryptoServiceProvider to generate random keys (fixes #10)HEAD origin/rng origin/master origin/HEAD master

author: Stephen Jennings <stephen.g.jennings@gmail.com> 2015-08-01 11:01:17 -0700
committer: Stephen Jennings <stephen.g.jennings@gmail.com> 2015-08-01 11:01:17 -0700
commit: 2c0ab4179d33caa0bc0a23eaf2579c84fe49bc31 (patch)
tree: c8209d0dbf2e1d2f368b51627b02062cf4159a69
parent: 188e72f88935168bfa11d84ac41e79757cb707cf (diff)
download: OATH.Net-origin/rng.zip
OATH.Net-origin/rng.tar.gz
OATH.Net-origin/rng.tar.bz2
2 files changed, 23 insertions, 45 deletions
diff --git a/OATH.Net.Test/KeyTests.cs b/OATH.Net.Test/KeyTests.cs
index 5c12947..4b9d611 100644
--- a/OATH.Net.Test/KeyTests.cs
+++ b/OATH.Net.Test/KeyTests.cs
@@ -127,28 +127,6 @@ namespace OathNet.Test
         }
 
         [Test]
-        public void Key_created_with_seed_returns_expected_key_data_1()
-        {
-            var seed = 870273;
-            var key = new Key(10, seed);
-            var actual = key.Base32;
-            var expected = "YLFDZHEU5CHZ3KDB";
-
-            Assert.AreEqual(expected, actual);
-        }
-
-        [Test]
-        public void Key_created_with_seed_returns_expected_key_data_2()
-        {
-            var seed = 20572632;
-            var key = new Key(8, seed);
-            var actual = key.Base32;
-            var expected = "OI7GKIQ7K63GS===";
-
-            Assert.AreEqual(expected, actual);
-        }
-
-        [Test]
         public void Key_created_with_invalid_string_throws_ArgumentException()
         {
             var invalidChars = new List<string>()
@@ -165,5 +143,13 @@ namespace OathNet.Test
                 Assert.Throws<ArgumentException>(() => new Key("ABCD" + s + "EFG"), "'" + s + "' is not part of the alphabet");
             }
         }
+
+        [Test]
+        public void Key_created_with_parameterless_constructor_is_20_bytes()
+        {
+            var key = new Key();
+            Assert.AreEqual(20, key.Binary.Length);
+            Assert.False(key.Binary.All(b => b == 0), "The key was not generated");
+        }
     }
 }
diff --git a/OATH.Net/Key.cs b/OATH.Net/Key.cs
index c228c1d..76a575a 100644
--- a/OATH.Net/Key.cs
+++ b/OATH.Net/Key.cs
@@ -9,20 +9,19 @@ namespace OathNet
     using System;
     using System.Collections.Generic;
     using System.Linq;
+    using System.Security.Cryptography;
     using System.Text;
 
     /// <summary>
     ///     Represents a secret key used for the one-time password generation.
     /// </summary>
-    public class Key
+    public sealed class Key
     {
-        private byte[] keyData;
-
         /// <summary>
-        ///     Initializes a new instance of the Key class and generates a random 10-byte key.
+        ///     Initializes a new instance of the Key class and generates a random 20-byte key.
         /// </summary>
         public Key()
-            : this(10, (new Random()).Next())
+            : this(20)
         {
         }
 
@@ -30,21 +29,20 @@ namespace OathNet
         ///     Initializes a new instance of the Key class and generates a random key with the specified seed.
         /// </summary>
         /// <param name="keyLength">Length in bytes of the generated key.</param>
-        /// <param name="seed">A seed to use for the random key generation.</param>
-        public Key(int keyLength, int seed)
+        public Key(int keyLength)
         {
-            this.keyData = new byte[keyLength];
-            var gen = new Random(seed);
-            gen.NextBytes(this.keyData);
+            this.Binary = new byte[keyLength];
+            var gen = new RNGCryptoServiceProvider();
+            gen.GetBytes(this.Binary);
         }
 
         /// <summary>
         ///     Initializes a new instance of the Key class.
         /// </summary>
-        /// <param name="data">The key to initialize.</param>
-        public Key(byte[] data)
+        /// <param name="keyData">The key to initialize.</param>
+        public Key(byte[] keyData)
         {
-            this.keyData = data;
+            this.Binary = keyData;
         }
 
         /// <summary>
@@ -54,28 +52,22 @@ namespace OathNet
         /// <exception cref="ArgumentException">base32key is not a valid base32-encoded string.</exception>
         public Key(string base32key)
         {
-            this.keyData = OathNet.Base32.ToBinary(base32key);
+            this.Binary = OathNet.Base32.ToBinary(base32key);
         }
 
         /// <summary>
         ///     Gets the key represented as a byte array.
         /// </summary>
-        public virtual byte[] Binary
-        {
-            get
-            {
-                return this.keyData;
-            }
-        }
+        public byte[] Binary { get; private set; }
 
         /// <summary>
         ///     Gets the key represented as base32-encoded string.
         /// </summary>
-        public virtual string Base32
+        public string Base32
         {
             get
             {
-                return OathNet.Base32.ToBase32(this.keyData);
+                return OathNet.Base32.ToBase32(this.Binary);
             }
         }
     }
author	Stephen Jennings <stephen.g.jennings@gmail.com>	2015-08-01 11:01:17 -0700
committer	Stephen Jennings <stephen.g.jennings@gmail.com>	2015-08-01 11:01:17 -0700
commit	2c0ab4179d33caa0bc0a23eaf2579c84fe49bc31 (patch)
tree	c8209d0dbf2e1d2f368b51627b02062cf4159a69
parent	188e72f88935168bfa11d84ac41e79757cb707cf (diff)
download	OATH.Net-origin/rng.zip OATH.Net-origin/rng.tar.gz OATH.Net-origin/rng.tar.bz2