/// <summary> /// - Gets specific encrypted source file from server. /// - Encryption and Decription using AES symetric and commonSecret derived from EC Diffie-Helman key Exchange /// - Decrypts source files /// - verifies digital signature of source code /// </summary> /// <param name="sourceFileInfo">the file to get</param> /// <returns>verified and decrypted source file or null if operation unsuccessfull</returns> private string DecryptSourceFromServer(SourceFileInfo sourceFileInfo) { byte[] dhClientPublic; byte[] dhClientPrivate; _keyGen.GenerateKeyPair(out dhClientPrivate, out dhClientPublic); string uri = (TroubleShooterClient.SERVICE_PATH + "/source"); ProtectedSourceRequest request = new ProtectedSourceRequest() { DhClientPublic = dhClientPublic, FileName = sourceFileInfo.FileName }; HttpResponseMessage response = _client.PostAsJsonAsync(uri, request).GetAwaiter().GetResult(); if (response.IsSuccessStatusCode) { ProtectedSource source = response.Content.ReadAsAsync <ProtectedSource>().GetAwaiter().GetResult(); byte[] sharedSecret = _diffieHelman.SharedSecret(dhClientPrivate, source.DhPublicServer); string decryptedSource = AesHandler.DecryptStringFromBytes_Aes(source.SourceCode, sharedSecret); if (_verifier.VerifySignature(decryptedSource, source.Signature, _signatureKey)) { return(decryptedSource); } else { return(null); } } return(null); }
public void LoadPakFileStructure(PakBinaryReader reader, int version, string aesKey) { var startOffset = version >= 8 ? -204 : -44; reader.BaseStream.Seek(startOffset, SeekOrigin.End); Archive = reader.ReadPakInfo(); reader.BaseStream.Seek(Archive.DataSize, SeekOrigin.Begin); var readerToUse = reader; if (aesKey != null) { var soapHex = SoapHexBinary.Parse(aesKey); var fileTree = reader.ReadBytes((int)Archive.FileTreeSize); var decryptedFileTree = AesHandler.DecryptAes(fileTree, soapHex.Value); var memoryStream = new MemoryStream(decryptedFileTree); var memoryReader = new PakBinaryReader(memoryStream); readerToUse = memoryReader; } Archive.Directory = readerToUse.ReadPakDirectory(); for (int i = 0; i < Archive.Directory.NumberOfEntries; i++) { var currentEntry = readerToUse.ReadDirectoryLevelPakEntry(); Archive.Directory.Entries.Add(currentEntry); if (i > 0) { var previousEntry = Archive.Directory.Entries[i - 1]; var realEntrySize = currentEntry.Offset - previousEntry.Offset; previousEntry.Padded = currentEntry.Offset % 2048 == 0; previousEntry.NextOffset = currentEntry.Offset; previousEntry.RealSize = realEntrySize; } } if (aesKey != null) { readerToUse.Close(); } var compressionTypes = Archive.Directory.Entries.Select(entry => entry.CompressionType).Distinct(); var encryptionTyoes = Archive.Directory.Entries.Select(entry => entry.EncryptionType).Distinct(); var paddedUncompressed = Archive.Directory.Entries.Where(entry => entry.CompressionType == 0 && entry.Padded).OrderBy(entry => entry.UncompressedSize); var unpaddedUncompressed = Archive.Directory.Entries.Where(entry => entry.CompressionType == 0 && entry.Padded == false).OrderBy(entry => entry.UncompressedSize); }
public void SimpleEncryptionTest() { var aes = new AesHandler(); var aesKey = new byte[16]; var aesIV = new byte[16]; var message = "This is a test message that has some stuff in it"; var rng = new RNGCryptoServiceProvider(); rng.GetBytes(aesKey); rng.GetBytes(aesIV); var encryptedBytes = aes.Encrypt(aesKey, aesIV, Encoding.UTF8.GetBytes(message)); var decryptedBytes = aes.Decrypt(aesKey, aesIV, encryptedBytes); Assert.AreEqual(message, Encoding.UTF8.GetString(decryptedBytes)); }
public ProtectedSource Get([FromBody] ProtectedSourceRequest request) { //read source code string sourceCode = System.IO.File.ReadAllText(Path.Combine(SOURCE_FILES_DIR, request.FileName)); //generate key pair and derive shared secret byte[] dhServerPublic; byte[] dhServerPrivate; keyGen.GenerateKeyPair(out dhServerPrivate, out dhServerPublic); byte[] sharedSecret = diffieHelman.SharedSecret(dhServerPrivate, request.DhClientPublic); //send encrypted and signed source back to client; //send also servers public key so client can derive common secret return(new ProtectedSource() { SourceCode = AesHandler.EncryptStringToBytes_Aes(sourceCode, sharedSecret), DhPublicServer = dhServerPublic, Signature = signatureMaker.Signature(sourceCode, signatureKey) }); }
public static void Main(string[] args) { ISqrlSigner signer = new SqrlSigner(); IPbkdfHandler pbkdfHandler = new PbkdfHandler(); IHmacGenerator hmac = new HmacGenerator(); ISqrlClient client = new SqrlClient(pbkdfHandler, hmac, signer); IAesHandler aesHandler = new AesHandler(); ISqrlServer server = new SqrlServer(signer, aesHandler); ISsssHandler ssss = new SsssHandler(); var rng = new RNGCryptoServiceProvider(); byte theByte = 0; while (true) { var secret = new byte[1]; //rng.GetBytes(secret); secret[0] = theByte; var shares = ssss.Split(secret, 3, 4); var subset = new Dictionary <int, byte[]>(); subset[1] = shares[1]; subset[2] = shares[2]; //subset[3] = shares[3]; subset[4] = shares[4]; //subset[5] = shares[5]; //subset[6] = shares[6]; //subset[7] = shares[7]; //subset[8] = shares[8]; //subset[9] = shares[9]; //subset[10] = shares[10]; //subset[11] = shares[11]; //subset[12] = shares[12]; //subset[13] = shares[13]; //subset[14] = shares[14]; //subset[15] = shares[15]; //subset[16] = shares[16]; //subset[17] = shares[17]; //subset[18] = shares[18]; //subset[19] = shares[19]; //subset[20] = shares[20]; //subset[21] = shares[21]; //subset[22] = shares[22]; //subset[23] = shares[23]; //subset[24] = shares[24]; //subset[25] = shares[25]; var reconstructedSecret = ssss.Restore(subset); if (!secret.SequenceEqual(reconstructedSecret)) { Console.WriteLine("the byte: {0}", theByte); foreach (var share in shares) { Console.WriteLine("{0}-{1}", share.Key, BitConverter.ToString(share.Value).Replace("-", "")); } Console.WriteLine("{0}", Convert.ToBase64String(secret)); Console.WriteLine("{0}", Convert.ToBase64String(reconstructedSecret)); break; } theByte++; if (theByte == 0) { Console.WriteLine("Success!"); break; } } Console.Write("Password: "******"Password verified"); } var nutData = new NutData { Address = IPAddress.Parse("172.8.92.254"), Timestamp = DateTime.UtcNow, Counter = 4, Entropy = new byte[4] }; var aesKey = new byte[16]; var aesIV = new byte[16]; rng.GetBytes(aesKey); rng.GetBytes(aesIV); var nut = HttpServerUtility.UrlTokenEncode(server.GenerateNut(aesKey, aesIV, nutData)); var protocol = "sqrl://"; var urlBase = "www.example.com/sqrl/"; var url = string.Format("{0}{1}{2}", protocol, urlBase, nut); var sqrlData = client.GetSqrlDataForLogin(identity.MasterIdentityKey, password, identity.Salt, url); var decryptedSignature = signer.Verify(sqrlData.PublicKey, sqrlData.Signature); // This is the data that the client passes to the server Console.WriteLine("Url: {0}", sqrlData.Url); Console.WriteLine("Public Key: {0}", Convert.ToBase64String(sqrlData.PublicKey)); Console.WriteLine("Signature: {0}", Convert.ToBase64String(sqrlData.Signature)); Console.WriteLine("Decrypted Signature: {0}", Encoding.UTF8.GetString(decryptedSignature)); Console.WriteLine(); Console.WriteLine("=========== Server ==========="); // The server will verify that the data sent from the client matches what is expected Console.WriteLine("Verified by server: {0}", server.VerifySqrlRequest(sqrlData, string.Format("{0}{1}", urlBase, nut))); }