public static SyncKeys DecryptCollectionKeys(SyncKeys syncKeys, BasicStorageObject wbo)
{
CryptoKeys decrypted = DecryptWbo <CryptoKeys>(syncKeys, wbo);
byte[] encKey = Convert.FromBase64String(decrypted.Default[0]);
byte[] hmacKey = Convert.FromBase64String(decrypted.Default[1]);
return(new SyncKeys()
{
EncKey = encKey, HmacKey = hmacKey
});
}
public async Task SignIn(string email, string password)
{
SignOut();
Credentials credentials = new Credentials(email, password);
AccountClient account = new AccountClient();
LoginResponse response = await account.Login(credentials, true);
KeysResponse keysResponse = await account.Keys(response.KeyFetchToken);
string key = BinaryHelper.ToHexString(Credentials.DeriveHawkCredentials(response.KeyFetchToken, "keyFetchToken"));
byte[] wrapKB = Credentials.UnbundleKeyFetchResponse(key, keysResponse.Bundle);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048);
TimeSpan duration = new TimeSpan(0, 1, 0, 0);
CertificateSignResponse certificate = await account.CertificateSign(response.SessionToken, rsa, duration);
string jwtToken = JwtCryptoHelper.GetJwtToken(rsa);
string assertion = JwtCryptoHelper.Bundle(jwtToken, certificate.Certificate);
byte[] kB = BinaryHelper.Xor(wrapKB, credentials.UnwrapBKey);
string syncClientState;
using (SHA256 sha256 = new SHA256())
{
byte[] hash = sha256.ComputeHash(kB);
syncClientState = BinaryHelper.ToHexString(hash.Take(16).ToArray());
}
TokenClient tokenClient = new TokenClient();
TokenResponse tokenResponse = await tokenClient.GetSyncToken(assertion, syncClientState);
storageClient = new StorageClient(tokenResponse.ApiEndpoint, tokenResponse.Key, tokenResponse.Id);
BasicStorageObject cryptoKeys = await storageClient.GetStorageObject("crypto/keys");
SyncKeys syncKeys = Crypto.DeriveKeys(kB);
collectionKeys = Crypto.DecryptCollectionKeys(syncKeys, cryptoKeys);
isSignedIn = true;
}
public static T DecryptWbo <T>(SyncKeys syncKeys, BasicStorageObject wbo)
{
EncryptedPayload payload = JsonConvert.DeserializeObject <EncryptedPayload>(wbo.Payload);
string computedHmac;
HMAC hmac = new HMAC("HMACSHA256", syncKeys.HmacKey);
byte[] ciphertext = Encoding.UTF8.GetBytes(payload.CipherText);
computedHmac = BinaryHelper.ToHexString(hmac.ComputeHash(ciphertext));
if (computedHmac != payload.Hmac)
{
throw new Exception(string.Format("The calculated HMAC is \"{0}\" does not match with the epected one \"{1}\".", computedHmac, payload.Hmac));
}
byte[] iv = Convert.FromBase64String(payload.Iv).Take(16).ToArray();
Aes aes = new Aes(iv, syncKeys.EncKey);
byte[] result = aes.Decrypt(Convert.FromBase64String(payload.CipherText));
string plaintext = Encoding.UTF8.GetString(result, 0, result.Length);
return(JsonConvert.DeserializeObject <T>(plaintext));
}
