public void is_valid()
{
_profile.GetPassword(DefaultAccountId).Returns(DefaultPasswordFromDb);
_hash.Compute(DefaultPassword).Returns(DefaultPasswordFromDb);
_otpService.GetCurrentOtp(DefaultAccountId).Returns(DefaultOtp);
var valid = IsValid(DefaultAccountId, DefaultPassword, DefaultOtp);
ShouldBeValid(valid);
}
/// <summary>
/// Validates the given key. Verifies the given string seed matches
/// the seed embedded in the key, verifies the checksum and each sub key.
/// This version is useful if the seed used to generate a key was derived
/// from some user information such as the user's name, e-mail, etc.
/// </summary>
/// <param name="hash">The hash algorithm used to compute the sub key.</param>
/// <param name="checksum">The checksum algorithm used to compute the key's checksum.</param>
/// <param name="key">The key to validate.</param>
/// <param name="subkeyIndex">The index (zero based) of the sub key to check.</param>
/// <param name="subkeyBase">The unsigned base integer used create the sub key.</param>
/// <param name="seedString">The string used to generate the seed for the key.</param>
/// <returns>true if the is valid; false otherwise.</returns>
public static bool ValidateKey(IChecksum16 checksum, IHash hash, string key, int subkeyIndex, uint subkeyBase,
string seedString)
{
var bytes = GetKeyBytes(key);
var seed = BitConverter.ToUInt32(bytes, 0);
if (Hash.Compute(Encoding.UTF8.GetBytes(seedString)) != seed)
{
return(false);
}
return(ValidateKey(hash, checksum, bytes, seed, subkeyIndex, subkeyBase));
}
public bool Verify(string accountId, string password, string otp)
{
var isLocked = _failedCounter.GetIsLocked(accountId);
if (isLocked)
{
throw new FailedTooManyTimesException();
}
var passwordFromDb = _profile.GetPassword(accountId);
var hashedPassword = _hash.Compute(password);
var currentOtp = _otpService.GetCurrentOtp(accountId);
if (hashedPassword == passwordFromDb && otp == currentOtp)
{
_failedCounter.ResetFailedCount(accountId);
return(true);
}
else
{
_failedCounter.AddFailedCount(accountId);
var failedCount = _failedCounter.GetFailedCount(accountId);
_logger.Info($"accountId:{accountId} failed times:{failedCount}");
_notification.Send(accountId);
return(false);
}
}
public bool Verify(string accountId, string password, string otp)
{
var isLocked = _failedCounter.GetAccountIsLocked(accountId);
if (isLocked)
{
throw new FailedTooManyTimesException();
}
var passwordFromDb = _profile.GetPassword(accountId);
var hashedPassword = _hash.Compute(password);
var currentOtp = _otpService.GetCurrentOtp(accountId);
if (passwordFromDb == hashedPassword && otp == currentOtp)
{
_failedCounter.Reset(accountId);
return(true);
}
else
{
_failedCounter.Add(accountId);
LogFailCount(accountId);
_notification.Send(accountId);
return(false);
}
}
public bool Verify(string accountId, string password, string otp)
{
var passwordFromDb = _profileDao.GetPassword(accountId);
var hashedPassword = _sha256Adapter.Compute(password);
var currentOtp = _otpService.GetCurrentOtp();
return(passwordFromDb == hashedPassword && otp == currentOtp);
}
public byte[] Sign(byte[] key, byte[] msg)
{
byte[] initializedKey = InitializeKey(key);
byte[] oKeyPad = new byte[Blocksize];
byte[] iKeyPad = new byte[Blocksize];
for (int i = 0; i < Blocksize; i++)
{
oKeyPad[i] = (byte)(0x5c ^ initializedKey[i]);
iKeyPad[i] = (byte)(0x36 ^ initializedKey[i]);
}
byte[] innerHash = hash.Compute(Concat(iKeyPad, msg));
byte[] outerHash = hash.Compute(Concat(oKeyPad, innerHash));
return(outerHash);
}
public bool Verify(string accountId, string password, string otp)
{
var currentPassword = _profile.GetPassword(accountId);
var hashPassword = _hash.Compute(password);
var currentOtp = _otpService.GetCurrentOtp(accountId);
return(hashPassword == currentPassword && otp == currentOtp);
}
public IEnumerable <IShape> Load(Stream stream)
{
var hash = new byte[hash_.ByteLength];
stream.Read(hash, 0, hash.Length);
using (var memoryStream = new MemoryStream())
{
// TODO?: reset position in memoryStream
stream.CopyTo(memoryStream);
memoryStream.Seek(0, SeekOrigin.Begin);
var actualHash = hash_.Compute(memoryStream);
memoryStream.Seek(0, SeekOrigin.Begin);
if (!AreHashesEqual(hash, actualHash))
{
throw new ArgumentException("The file is corrupted.");
}
return(loader_.Load(memoryStream));
}
}
/// <summary>
/// Generate a fixed-length sequence of bytes against a collection of strings.
/// </summary>
/// <param name="algorithm">The current <see cref="IHash"/> implementation.</param>
/// <param name="strings">A sequence of strings to hash.</param>
/// <param name="encoding">
/// An encoding to use when converting a string to a sequence of bytes. If no encoding
/// is provided, a value of <see cref="Encoding.Unicode"/> will be used.
/// </param>
/// <returns>
/// A fixed-length sequence of bytes.
/// </returns>
public static byte[] Compute(this IHash algorithm, IEnumerable <string> strings, Encoding encoding = null)
{
var builder = new StringBuilder();
foreach (var x in strings)
{
builder.Append(x);
}
return(algorithm.Compute(builder, encoding));
}
public bool Verify(string account, string password, string otp)
{
// 找到資料庫中帳號對應的密碼
var dbPassword = _profile.GetCurrentPassword(account);
// Hash傳入的Password
var hashPassword = _hash.Compute(password);
// 取得OTP
var otpResult = _otpService.GetCurrnetOTP(account);
return(hashPassword == dbPassword && otp == otpResult);
}
public bool Verify(string accountId, string password, string inputOtp)
{
// 取得密碼hash
var hashPassword = _hash.Compute(password);
// 取得帳號當下的Otp
var currentOtp = _otpService.Get(accountId);
// 取得帳號的password
var dbHashPassword = _profile.GetPassword(accountId);
// 比對
return(inputOtp == currentOtp && hashPassword == dbHashPassword);
}
/// <summary>
/// Writes the verification blocks for the whole stream.
/// </summary>
private void WriteVerification()
{
var block = new byte[0x1FFF0];
_baseStream.Position = 0;
for (var i = 0; i < _baseStream.Length; i += 0x20000)
{
var length = (int)Math.Min(DataBlockSize, _baseStream.Length - i - VerificationSize);
_baseStream.Read(block, 0, length);
var hash = Hash.Compute(block.AsSpan(0, length));
_baseStream.Write(hash, 0, hash.Length);
}
}
public bool Verify(string accountId, string inputPassword, string otp)
{
var passwordFromDb = _profile.GetPassword(accountId);
var hashedInputPassword = _hash.Compute(inputPassword);
var currentOtp = _otpService.GetCurrentOtp(accountId);
if (passwordFromDb == hashedInputPassword && otp == currentOtp)
{
return(true);
}
else
{
return(false);
}
}
//validates one sub key.
private static bool ValidateKey(IHash hash, IChecksum16 checksum, byte[] key, uint seed, int subkeyIndex,
uint subkeyBase)
{
if (!ValidateChecksum(checksum, key))
{
return(false);
}
var offset = subkeyIndex * 4 + 4;
if (subkeyIndex < 0 || offset + 4 > key.Length - 2)
{
throw new IndexOutOfRangeException("Sub key index is out of bounds");
}
var subKey = BitConverter.ToUInt32(key, offset);
var expected = hash.Compute(BitConverter.GetBytes(seed ^ subkeyBase));
return(expected == subKey);
}
public bool Verify(string account, string password, string otp)
{
//從DB撈使用者密碼
var pwdFromDb = _profile.GetPassword(account);
//將使用者輸入的密碼HASH一下
var hashPwd = _hash.Compute(password);
//從API取得目前的OTP
var otpFromApi = _otpService.GetCurrentOtp(account);
//檢查使用者輸入的密碼 & OTP正確性
if (pwdFromDb == hashPwd && otpFromApi == otp)
{
return(true);
}
else //驗證失敗
{
return(false);
}
}
private void GivenHash(string inputPassword, string hashedPassword)
{
_hash.Compute(inputPassword).Returns(hashedPassword);
}
/// <summary>
/// Generate a fixed-length sequence of bytes against a hashable object.
/// </summary>
/// <param name="algorithm">The current <see cref="IHash"/> implementation.</param>
/// <param name="object">
/// An object capable of generating its own unique sequence of bytes.
/// </param>
/// <returns>
/// A fixed-length sequence of bytes.
/// </returns>
public static byte[] Compute(this IHash algorithm, IHashable @object)
{
return(algorithm.Compute(@object.GetHashBytes()));
}
/// <summary>
/// Generate a fixed-length sequence of bytes against a string.
/// </summary>
/// <param name="algorithm">The current <see cref="IHash"/> implementation.</param>
/// <param name="data">A string to hash.</param>
/// <param name="encoding">
/// An encoding to use when converting a string to a sequence of bytes. If no encoding
/// is provided, a value of <see cref="Encoding.Unicode"/> will be used.
/// </param>
/// <returns>
/// A fixed-length sequence of bytes.
/// </returns>
public static byte[] Compute(this IHash algorithm, string data, Encoding encoding = null)
{
return(algorithm.Compute((encoding ?? Encoding.Unicode).GetBytes(data)));
}
private byte[] calcHash(IHash hash, byte[] data, byte[] coderState)
{
return(hash.Compute(HashLenInBytes, ValidationKey.Key, _sboxesBytes, coderState, data));
}
private void GivenHash(string input, string hashedInput)
{
_hash.Compute(input).Returns(hashedInput);
}
/// <summary>
/// Generate a fixed-length sequence of bytes against a string builder.
/// </summary>
/// <param name="algorithm">The current <see cref="IHash"/> implementation.</param>
/// <param name="builder">A string builder whose contents will be hashed.</param>
/// <param name="encoding">
/// An encoding to use when converting a string to a sequence of bytes. If no encoding
/// is provided, a value of <see cref="Encoding.Unicode"/> will be used.
/// </param>
/// <returns>
/// A fixed-length sequence of bytes.
/// </returns>
public static byte[] Compute(this IHash algorithm, StringBuilder builder, Encoding encoding = null)
{
return(algorithm.Compute(builder.ToString(), encoding));
}
private byte[] calcHash(IHash hash, byte[] data, byte[] coderState)
{
return hash.Compute(HashLenInBytes, ValidationKey.Key, _sboxesBytes, coderState, data);
}
private void GivenHashPassword(string password, string hashedPassword)
{
_hash.Compute(password).ReturnsForAnyArgs(hashedPassword);
}
/// <summary>
/// Generate a key based on the given string seed. Generate will hash the
/// given string to create a uint seed.
/// </summary>
/// <param name="seed">The seed value to generate the key from.</param>
/// <returns>A licensing key.</returns>
public string Generate(string seed)
{
return(Generate(Hash.Compute(Encoding.UTF8.GetBytes(seed))));
}
private void GivenHashedPassword(string password, string hashedPassword)
{
_fakeHash.Compute(password).Returns(hashedPassword);
}
private void PresetHashPassword(string password, string hashPassword)
{
_hash.Compute(password).ReturnsForAnyArgs(hashPassword);
}
