public static void GetPrivateKeyFromDB()
{
//getting key
string queryString = "select * from keys where login_id=" + user_id.ToString();
var command_newkey = new Microsoft.Data.SqlClient.SqlCommand(queryString, database_connection);
if (command_newkey.Connection.State != System.Data.ConnectionState.Open)
{
command_newkey.Connection.Open();
}
command_newkey.ExecuteNonQuery();
var reader = command_newkey.ExecuteReader();
byte[] dbprivkey = new byte[48];
byte[] dbiv = new byte[32];
while (reader.Read())
{
reader.GetBytes(1, 0, dbprivkey, 0, 48);
reader.GetBytes(2, 0, dbiv, 0, 32);
}
AesInst = System.Security.Cryptography.Aes.Create();
var privKeysha256 = MathOperations.sha256_byte(userpassword);
var ivmd5 = MathOperations.md5_byte(userpassword);
//enc private key with sha256(pwd) and md5(pwd)
AesInst.Key = privKeysha256;
AesInst.IV = ivmd5;
var SecretKey = AesInst.CreateDecryptor().TransformFinalBlock(dbprivkey, 0, dbprivkey.Length);
var InitVector = AesInst.CreateDecryptor().TransformFinalBlock(dbiv, 0, dbiv.Length);
//apply decrypted key
AesInst.Key = SecretKey;
AesInst.IV = InitVector;
command_newkey.Connection.Close();
}
private void button1_Click(object sender, EventArgs e)
{
try
{
if (textBox_prevpwd.Text != MSSQL_logging.userpassword)
{
throw new Exception("Пароль не соответствует текущему");
}
if (textBox_newpwd.TextLength < 14)
{
throw new Exception("Минимальная длина пароля - 14 символов");
}
if (textBox_newpwd.Text != textBox_newPwdCopy.Text)
{
throw new Exception("Новые пароли не совпадают");
}
//checking for bad passwords
bool bad = false;
foreach (var pwd in badpwdlist)
{
if (pwd == textBox_newpwd.Text)
{
bad = true;
break;
}
}
if (bad)
{
throw new Exception("Выбран слабый пароль!");
}
//hashing
string hash = MathOperations.sha256(textBox_newpwd.Text);
//update password ===============
string query = "update logins set hash='" + hash + "' where id=" + MSSQL_logging.user_id.ToString();
var command = new Microsoft.Data.SqlClient.SqlCommand(query, MSSQL_logging.database_connection);
if (command.Connection.State != System.Data.ConnectionState.Open)
{
command.Connection.Open();
}
command.ExecuteNonQuery();
//delete old pwd =============
query = "delete from keys where login_id=" + MSSQL_logging.user_id;
command.CommandText = query;
command.ExecuteNonQuery();
//renew key =================
MSSQL_logging.GetPrivateKeyFromDB();
var aesInst = System.Security.Cryptography.Aes.Create();
var privKeysha256 = MathOperations.sha256_byte(textBox_newpwd.Text);
var ivmd5 = MathOperations.md5_byte(textBox_newpwd.Text);
//enc private key with sha256(pwd) and md5(pwd)
aesInst.Key = privKeysha256;
aesInst.IV = ivmd5;
var Encrypted_SK = aesInst.CreateEncryptor().TransformFinalBlock(MSSQL_logging.AesInst.Key, 0, MSSQL_logging.AesInst.Key.Length);
string Encrypted_SK_String_HEX = "0x";
foreach (byte part in Encrypted_SK)
{
Encrypted_SK_String_HEX += part.ToString("X2");
}
var Encrypted_IV = aesInst.CreateEncryptor().TransformFinalBlock(MSSQL_logging.AesInst.IV, 0, MSSQL_logging.AesInst.IV.Length);
string Encrypted_IV_String_HEX = "0x";
foreach (byte part in Encrypted_IV)
{
Encrypted_IV_String_HEX += part.ToString("X2");
}
query = "insert into keys values (" + MSSQL_logging.user_id.ToString() + ", " + Encrypted_SK_String_HEX + ", " + Encrypted_IV_String_HEX + ")";
command.CommandText = query;
command.ExecuteNonQuery();
command.Connection.Close();
//renew obj=================
MSSQL_logging.userpassword = textBox_newpwd.Text;
MSSQL_logging.GetPrivateKeyFromDB();
MessageBox.Show("Успешно!", "Уведомление", MessageBoxButtons.OK, MessageBoxIcon.Information);
this.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Ошибка", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void button1_Click(object sender, EventArgs e)
{
try
{
string host = textBox_host.Text;
string port = textBox_port.Text;
//resolving host string
string hostString = "tcp:" + host;
if (port != "Default" && port != "")
{
hostString += ", " + port;
}
string getLoginsLogin = "******";
string getLoginsPassw = "ceb3478&Bc23b2&";
Microsoft.Data.SqlClient.SqlConnectionStringBuilder extractLoginsConnBuilder = new Microsoft.Data.SqlClient.SqlConnectionStringBuilder();
extractLoginsConnBuilder.DataSource = hostString;
extractLoginsConnBuilder.ConnectTimeout = 10;
extractLoginsConnBuilder.UserID = getLoginsLogin;
extractLoginsConnBuilder.Password = getLoginsPassw;
extractLoginsConnBuilder.Authentication = Microsoft.Data.SqlClient.SqlAuthenticationMethod.SqlPassword;
extractLoginsConnBuilder.IntegratedSecurity = false;
extractLoginsConnBuilder.TrustServerCertificate = true;
string queryString = "select * from logins";
StringBuilder errorMessages = new StringBuilder();
int user_id = 0;
using (Microsoft.Data.SqlClient.SqlConnection connection1 = new Microsoft.Data.SqlClient.SqlConnection(extractLoginsConnBuilder.ConnectionString))
{
Microsoft.Data.SqlClient.SqlCommand command1 = new Microsoft.Data.SqlClient.SqlCommand(queryString, connection1);
try
{
command1.Connection.Open();
command1.ExecuteNonQuery();
var reader = command1.ExecuteReader();
if (!reader.HasRows)
{
throw new Exception("Provided login not found or password is incorrect");
}
string login = textBox_login.Text;
string password = textBox_password.Text;
string hash = MathOperations.sha256(password);
bool login_in = false;
while (reader.Read())
{
if (reader.GetString(1) == login && reader.GetString(2) == hash)
{
user_id = reader.GetInt32(0);
login_in = true;
}
}
reader.Close();
command1.Connection.Close();
if (!login_in)
{
throw new Exception("Provided login not found or password is incorrect");
}
}
catch (Microsoft.Data.SqlClient.SqlException ex)
{
for (int i = 0; i < ex.Errors.Count; i++)
{
errorMessages.Append("Index #" + i + "\n" +
"Message: " + ex.Errors[i].Message + "\n" +
"LineNumber: " + ex.Errors[i].LineNumber + "\n" +
"Source: " + ex.Errors[i].Source + "\n" +
"Procedure: " + ex.Errors[i].Procedure + "\n");
}
throw new Exception(errorMessages.ToString());
}
}
string basicLogin = "******";
string basicPassw = "n3i7A7834bo&T21h@tbn";
extractLoginsConnBuilder.UserID = basicLogin;
extractLoginsConnBuilder.Password = basicPassw;
queryString = "select * from keys";
Microsoft.Data.SqlClient.SqlConnection connection = new Microsoft.Data.SqlClient.SqlConnection(extractLoginsConnBuilder.ConnectionString);
Microsoft.Data.SqlClient.SqlCommand command = new Microsoft.Data.SqlClient.SqlCommand(queryString, connection);
try
{
command.Connection.Open();
command.ExecuteNonQuery();
//check if user has key
var reader = command.ExecuteReader();
bool has_key = false;
while (reader.Read())
{
if (reader.GetInt32(0) == user_id)
{
has_key = true;
}
}
reader.Close();
if (!has_key)
{
MessageBox.Show("Ключ не найден. Сейчас будет сгенерирован новый ключ и добавлен в базу данных.", "Внимание", MessageBoxButtons.OK, MessageBoxIcon.Warning);
var aesInst = System.Security.Cryptography.Aes.Create();
var privkey = aesInst.Key;
var iv = aesInst.IV;
var privKeysha256 = MathOperations.sha256_byte(textBox_password.Text);
var ivmd5 = MathOperations.md5_byte(textBox_password.Text);
//enc private key with sha256(pwd) and md5(pwd)
aesInst.Key = privKeysha256;
aesInst.IV = ivmd5;
var Encrypted_SK = aesInst.CreateEncryptor().TransformFinalBlock(privkey, 0, privkey.Length);
string Encrypted_SK_String_HEX = "0x";
foreach (byte part in Encrypted_SK)
{
Encrypted_SK_String_HEX += part.ToString("X2");
}
var Encrypted_IV = aesInst.CreateEncryptor().TransformFinalBlock(iv, 0, iv.Length);
string Encrypted_IV_String_HEX = "0x";
foreach (byte part in Encrypted_IV)
{
Encrypted_IV_String_HEX += part.ToString("X2");
}
queryString = "insert into keys values (" + user_id.ToString() + ", " + Encrypted_SK_String_HEX + ", " + Encrypted_IV_String_HEX + ")";
Microsoft.Data.SqlClient.SqlCommand command_newkey = new Microsoft.Data.SqlClient.SqlCommand(queryString, connection);
//command.Connection.Open();
command_newkey.ExecuteNonQuery();
command_newkey.Connection.Close();
}
//save session data
MSSQL_logging.user_id = user_id;
MSSQL_logging.userpassword = textBox_password.Text;
MSSQL_logging.database_connection = connection;
MSSQL_logging.GetPrivateKeyFromDB();
command.Connection.Close();
//open start panel
this.Hide();
var form_start = new Form_start();
form_start.Closed += (s, args) => this.Close();
form_start.Show();
}
catch (Microsoft.Data.SqlClient.SqlException ex)
{
for (int i = 0; i < ex.Errors.Count; i++)
{
errorMessages.Append("Index #" + i + "\n" +
"Message: " + ex.Errors[i].Message + "\n" +
"LineNumber: " + ex.Errors[i].LineNumber + "\n" +
"Source: " + ex.Errors[i].Source + "\n" +
"Procedure: " + ex.Errors[i].Procedure + "\n");
}
throw new Exception(errorMessages.ToString());
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Ошибка", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
