private byte[] GenerateSaltBytes(SaltLength length = SaltLength.SaltLong)
{
var salt = length == SaltLength.SaltLong
? PasswordHash.ScryptGenerateSalt()
: PasswordHash.ArgonGenerateSalt();
return(salt);
}
/// <summary>
/// GenerateSalt - Creating salt of hashing message
/// </summary>
/// <param name="length">Length of hash possible: SaltLong - 32, SaltShort - 16</param>
/// <returns>Salt as string</returns>
public string GenerateSalt(SaltLength length = SaltLength.SaltLong)
{
var salt = length == SaltLength.SaltLong
? PasswordHash.ScryptGenerateSalt()
: PasswordHash.ArgonGenerateSalt();
return(salt.EncodeByteArray());
}
private static EncryptedKeyStore ToKeyStore(KeyPair keyPair, string passPhrase)
{
byte[] passPhraseBytes = Encoding.UTF8.GetBytes(passPhrase);
byte[] encryptionSalt = PasswordHash.ArgonGenerateSalt();
byte[] keyHash = Shared.KeyHash(passPhraseBytes, encryptionSalt);
byte[] encryptedSeed = EncryptSecretSeed(keyPair.SeedBytes, keyHash);
return(new EncryptedKeyStore(keyPair.AccountId, encryptedSeed.BinaryToHex(),
encryptionSalt.BinaryToHex()));
}
public BaseApiResponse RegisterAccount(AccountRegisterRequest accountRequest)
{
var validUsername = ValidUsername(accountRequest.Username);
if (!validUsername)
{
return(new BaseApiResponse(HttpStatusCode.BadRequest, "Please enter a valid username."));
}
//check if username exists
var usernameExists = UsernameTaken(accountRequest.Username);
if (usernameExists)
{
return(new BaseApiResponse(HttpStatusCode.BadRequest, $"Username {accountRequest.Username} is already taken."));
}
var validPassword = ValidPassword(accountRequest.Password);
if (!validPassword)
{
return(new BaseApiResponse(HttpStatusCode.BadRequest, "Please enter a valid password"));
}
var passwordSaltBytes = PasswordHash.ArgonGenerateSalt();
var passwordSalt = System.Text.Encoding.ASCII.GetString(passwordSaltBytes);
var saltedPassword = accountRequest.Password + passwordSalt;
var passwordHash = PasswordHash.ArgonHashString(saltedPassword, PasswordHash.StrengthArgon.Interactive);
var newAccount = new PUAccountRecord
{
Username = accountRequest.Username,
PasswordSalt = passwordSalt,
PasswordHash = passwordHash
};
m_AccountContext.Accounts.Add(newAccount);
m_AccountContext.SaveChanges();
return(new ApiOkResponse());
}
private static byte[] ArgonSalt(string salt)
{
return(salt == null?PasswordHash.ArgonGenerateSalt() : Encoding.UTF8.GetBytes(salt));
}
public void ArgonGenerateSaltTest()
{
Assert.AreEqual(16, PasswordHash.ArgonGenerateSalt().Length);
}
public void OnPost()
{
String PrivateKeyString = HttpContext.Session.GetString("PrivateKeyString");
String ID = HttpContext.Session.GetString("Chat_ID");
String Current_User = HttpContext.Session.GetString("User_Name");
String Chat_Message = Request.Form["Chat_Message"];
String Exception = "";
Boolean CheckConnection = MyOwnMySQLConnectionClass.LoadConnection(ref Exception);
MySqlCommand MySQLQuery = new MySqlCommand();
MySqlDataReader PublicKeyStringReader;
MySqlDataReader RecordReader;
String PublicKeyString = "";
BigInteger PrivateKey = 0;
BigInteger Nonce = 0;
BigInteger PublicKey = 0;
BigInteger MessageInt = 0;
BigInteger SaltInt = 0;
Byte[] NonceByte = new Byte[] { };
Byte[] PrivateKeyByte = new Byte[] { };
Byte[] PublicKeyByte = new Byte[] { };
Byte[] SharedSecretByte = new Byte[] { };
Byte[] MessageByte = new Byte[] { };
Byte[] SaltByte = new Byte[] { };
Byte[] NewKeyByte = new Byte[] { };
int Checker = 0;
int Count = 1;
long OUTPUT_LENGTH = 32;
if (Chat_Message != null)
{
MySQLQuery.CommandText = "SELECT COUNT(*) FROM `DF_Public_Key` WHERE `Requestor_1`=@Current_User AND `ID`=@ID";
MySQLQuery.Parameters.Add("@ID", MySqlDbType.Text).Value = ID;
MySQLQuery.Parameters.Add("@Current_User", MySqlDbType.Text).Value = Current_User;
MySQLQuery.Connection = MyOwnMySQLConnectionClass.MyMySQLConnection;
MySQLQuery.Prepare();
Checker = int.Parse(MySQLQuery.ExecuteScalar().ToString());
if (Checker == 1)
{
MySQLQuery = new MySqlCommand();
MySQLQuery.CommandText = "SELECT `Requestor_2_PK` FROM `DF_Public_Key` WHERE `Requestor_1`=@Current_User AND `ID`=@ID";
MySQLQuery.Parameters.Add("@ID", MySqlDbType.Text).Value = ID;
MySQLQuery.Parameters.Add("@Current_User", MySqlDbType.Text).Value = Current_User;
MySQLQuery.Connection = MyOwnMySQLConnectionClass.MyMySQLConnection;
MySQLQuery.Prepare();
PublicKeyStringReader = MySQLQuery.ExecuteReader();
while (PublicKeyStringReader.Read())
{
PublicKeyString = PublicKeyStringReader.GetValue(0).ToString();
}
MyOwnMySQLConnectionClass.MyMySQLConnection.Close();
}
else
{
MySQLQuery = new MySqlCommand();
MySQLQuery.CommandText = "SELECT `Requestor_1_PK` FROM `DF_Public_Key` WHERE `Requestor_2`=@Current_User AND `ID`=@ID";
MySQLQuery.Parameters.Add("@ID", MySqlDbType.Text).Value = ID;
MySQLQuery.Parameters.Add("@Current_User", MySqlDbType.Text).Value = Current_User;
MySQLQuery.Connection = MyOwnMySQLConnectionClass.MyMySQLConnection;
MySQLQuery.Prepare();
PublicKeyStringReader = MySQLQuery.ExecuteReader();
while (PublicKeyStringReader.Read())
{
PublicKeyString = PublicKeyStringReader.GetValue(0).ToString();
}
MyOwnMySQLConnectionClass.MyMySQLConnection.Close();
}
CheckConnection = MyOwnMySQLConnectionClass.LoadConnection(ref Exception);
PublicKey = BigInteger.Parse(PublicKeyString);
PublicKeyByte = PublicKey.ToByteArray();
PrivateKey = BigInteger.Parse(PrivateKeyString);
PrivateKeyByte = PrivateKey.ToByteArray();
SharedSecretByte = ScalarMult.Mult(PrivateKeyByte, PublicKeyByte);
MySQLQuery = new MySqlCommand();
Checker = 0;
MySQLQuery.CommandText = "SELECT COUNT(*) FROM `Chat_Message` WHERE `FK_ID`=@ID";
MySQLQuery.Parameters.Add("@ID", MySqlDbType.Text).Value = ID;
MySQLQuery.Connection = MyOwnMySQLConnectionClass.MyMySQLConnection;
MySQLQuery.Prepare();
Checker = int.Parse(MySQLQuery.ExecuteScalar().ToString());
if (Checker != 0)
{
MySQLQuery = new MySqlCommand();
MySQLQuery.CommandText = "SELECT `Salt` FROM `Chat_Message` WHERE `FK_ID`=@ID";
MySQLQuery.Parameters.Add("@ID", MySqlDbType.Text).Value = ID;
MySQLQuery.Connection = MyOwnMySQLConnectionClass.MyMySQLConnection;
MySQLQuery.Prepare();
RecordReader = MySQLQuery.ExecuteReader();
while (RecordReader.Read())
{
SaltInt = BigInteger.Parse(RecordReader.GetValue(0).ToString());
SaltByte = SaltInt.ToByteArray();
if (Count == 1)
{
NewKeyByte = PasswordHash.ArgonHashBinary(SharedSecretByte, SaltByte, PasswordHash.StrengthArgon.Medium, OUTPUT_LENGTH, PasswordHash.ArgonAlgorithm.Argon_2ID13);
}
else
{
NewKeyByte = PasswordHash.ArgonHashBinary(NewKeyByte, SaltByte, PasswordHash.StrengthArgon.Medium, OUTPUT_LENGTH, PasswordHash.ArgonAlgorithm.Argon_2ID13);
}
Count += 1;
}
}
if (NewKeyByte.Length == 0)
{
SaltByte = PasswordHash.ArgonGenerateSalt();
NewKeyByte = PasswordHash.ArgonHashBinary(SharedSecretByte, SaltByte, PasswordHash.StrengthArgon.Medium, OUTPUT_LENGTH, PasswordHash.ArgonAlgorithm.Argon_2ID13);
SaltInt = new BigInteger(SaltByte);
NonceByte = SecretBox.GenerateNonce();
MessageByte = SecretBox.Create(Encoding.UTF8.GetBytes(Chat_Message), NonceByte, NewKeyByte);
MessageInt = new BigInteger(MessageByte);
Nonce = new BigInteger(NonceByte);
}
else
{
SaltByte = PasswordHash.ArgonGenerateSalt();
NewKeyByte = PasswordHash.ArgonHashBinary(NewKeyByte, SaltByte, PasswordHash.StrengthArgon.Medium, OUTPUT_LENGTH, PasswordHash.ArgonAlgorithm.Argon_2ID13);
SaltInt = new BigInteger(SaltByte);
NonceByte = SecretBox.GenerateNonce();
MessageByte = SecretBox.Create(Encoding.UTF8.GetBytes(Chat_Message), NonceByte, NewKeyByte);
MessageInt = new BigInteger(MessageByte);
Nonce = new BigInteger(NonceByte);
}
MyOwnMySQLConnectionClass.MyMySQLConnection.Close();
CheckConnection = MyOwnMySQLConnectionClass.LoadConnection(ref Exception);
MySQLQuery = new MySqlCommand();
MySQLQuery.CommandText = "INSERT INTO `Chat_Message`(`FK_ID`,`Message`,`Sender_Name`,`Receiver_Status`,`Salt`,`Nonce`) VALUES (@FK_ID,@Message,@Sender_Name,@Receiver_Status,@Salt,@Nonce)";
MySQLQuery.Parameters.Add("@FK_ID", MySqlDbType.Text).Value = ID;
MySQLQuery.Parameters.Add("@Message", MySqlDbType.Text).Value = MessageInt.ToString();
MySQLQuery.Parameters.Add("@Sender_Name", MySqlDbType.Text).Value = Current_User;
MySQLQuery.Parameters.Add("@Receiver_Status", MySqlDbType.Text).Value = "Sent";
MySQLQuery.Parameters.Add("@Salt", MySqlDbType.Text).Value = SaltInt.ToString();
MySQLQuery.Parameters.Add("@Nonce", MySqlDbType.Text).Value = Nonce.ToString();
MySQLQuery.Connection = MyOwnMySQLConnectionClass.MyMySQLConnection;
MySQLQuery.Prepare();
MySQLQuery.ExecuteNonQuery();
MyOwnMySQLConnectionClass.MyMySQLConnection.Close();
Determiner = 0;
if (Determiner == 0 && ConfirmationTimer == null)
{
SetConfirmationTimer();
}
}
}
