private byte[] Pkcs1pad(byte[] src, int n, Pkcs1PadType type)
{
var bytes = new byte[n];
var i = src.Length - 1;
while (i >= 0 && n > 11)
{
bytes[--n] = src[i--];
}
bytes[--n] = 0;
while (n > 2)
{
byte x = 0;
switch (type)
{
case Pkcs1PadType.FullByte: x = 0xFF; break;
case Pkcs1PadType.RandomByte: x = EncryptionUtilities.NextByte(1, 255); break;
}
bytes[--n] = x;
}
bytes[--n] = (byte)type;
bytes[--n] = 0;
return(bytes);
}
public async Task <bool> PermissionValidator(ActionExecutingContext context)
{
if (context.HttpContext.User.Claims.FirstOrDefault() != null)
{
string oId = context.HttpContext.User.Claims.FirstOrDefault(c => c.Type == azureOptions.UserClaimsUrl).Value;
if (!(string.IsNullOrEmpty(oId)))
{
oId = EncryptionUtilities.GenerateSHA512String(oId);
string requestPath = context.HttpContext.Request.Path.ToString();
if (requestPath.Contains("get-user-profile"))
{
if (context.ActionArguments.Count > 0)
{
Dictionary <string, object> parameters = new Dictionary <string, object>();
foreach (var param in context.ActionArguments)
{
parameters.Add(param.Key, param.Value);
if (param.Value.ToString() == oId)
{
return(await CheckPermissions(oId));
}
}
}
return(false);
}
return(await CheckPermissions(oId));
}
}
return(false);
}
private void Initialize(bool ignoreBaseKeys = false)
{
PublicKey = 0;
var rand = new Random();
while (PublicKey == 0)
{
if (!ignoreBaseKeys)
{
Prime = BigInteger.genPseudoPrime(BITLENGTH, 10, rand);
Generator = BigInteger.genPseudoPrime(BITLENGTH, 10, rand);
}
var bytes = new byte[BITLENGTH / 8];
EncryptionUtilities.NextBytes(bytes);
PrivateKey = new BigInteger(bytes);
if (Generator > Prime)
{
var temp = Prime;
Prime = Generator;
Generator = temp;
}
PublicKey = Generator.modPow(PrivateKey, Prime);
if (!ignoreBaseKeys)
{
break;
}
}
}
private string GetOId()
{
string oId = string.Empty;
if (httpContextAccessor.HttpContext.User.Claims.FirstOrDefault() != null)
{
oId = httpContextAccessor.HttpContext.User.Claims.FirstOrDefault(c => c.Type == azureOptions.UserClaimsUrl).Value;
oId = EncryptionUtilities.GenerateSHA512String(oId);
}
return(oId);
}
private static string GetRsaStringEncrypted(string message)
{
try
{
var m = Encoding.Default.GetBytes(message);
var c = Rsa.Sign(m);
return(EncryptionUtilities.BytesToHexString(c));
}
catch
{
return("0");
}
}
public static BigInteger CalculateDiffieHellmanSharedKey(string publicKey)
{
try
{
var cbytes = EncryptionUtilities.HexStringToBytes(publicKey);
var publicKeyBytes = Rsa.Verify(cbytes);
var publicKeyString = Encoding.Default.GetString(publicKeyBytes);
return(DiffieHellman.CalculateSharedKey(new BigInteger(publicKeyString, 10)));
}
catch
{
return(0);
}
}
public int PopInt()
{
if (RemainingLength < 1)
{
return(0);
}
var data = PlainReadBytes(4);
var i = EncryptionUtilities.DecodeInt32(data);
_pointer += 4;
return(i);
}
private static byte[] GenerateSecretValue(string secretValue, bool generatePassword,
bool generateSymmetricKey, int passwordLength)
{
if (generatePassword)
{
try
{
return(PasswordUtilities.GenerateSecuredPassword(passwordLength));
}
catch (Exception e)
{
Console.WriteLine($"Cannot generate password - {e.Message}");
return(null);
}
}
if (generateSymmetricKey)
{
try
{
return(EncryptionUtilities.GenerateEncodedSymmetricKey());
}
catch (Exception e)
{
Console.WriteLine($"Cannot generate symmetric key - {e.Message}");
return(null);
}
}
if (!File.Exists(secretValue))
{
Console.WriteLine("Argument \"--secret-value\" must refer to a valid filepath");
}
else
{
byte[] secretValueInBytes = File.ReadAllBytes(secretValue);
if (secretValueInBytes != null && secretValueInBytes.Length != 0)
{
return(secretValueInBytes);
}
Console.WriteLine("Argument \"--secret-value\" has file without content");
}
return(null);
}
public void EnableEncryption(string protector, object parms = null)
{
if (Key != null)
{
// If the key's protector is the same, no reason to change it
//if (protectedKey.ProtectorType == protectorType)
// return;
// Set the new protector on the key
Key.PrimaryProtector = new CryptoKeyProtector(protector, Key.PrimaryProtector.GetKey(), parms);
}
else
{
// Create a new encryption key with 4096 bits and the specified provider
Key = new CryptoKey(new CryptoKeyProtector(protector, EncryptionUtilities.GenerateRandomBytes(), parms));
}
Encrypted = true;
}
public async Task <UserProfileViewModel> UpsertUserProfileAsync(UserProfile userProfile)
{
if (userProfile == null || string.IsNullOrEmpty(userProfile?.OId))
{
throw new Exception("Please login into Application");
}
userProfile.OId = EncryptionUtilities.GenerateSHA512String(userProfile?.OId);
UserProfileViewModel resultUP = await GetUserProfileDataAsync(userProfile?.OId, true);
if (string.IsNullOrEmpty(resultUP?.OId))
{
userProfile.RoleInformationId.Add(await GetDefaultUserRole());
List <dynamic> profile = new List <dynamic>();
var result = await dbService.CreateItemAsync(userProfile, dbSettings.ProfilesCollectionId);
profile.Add(result);
resultUP = ConvertUserProfileViewModel(profile);
resultUP.RoleInformation.Add(new RoleViewModel {
RoleName = Permissions.Role.Authenticated.ToString(), OrganizationalUnit = string.Empty
});
}
else
{
List <Role> userRoles = await GetRoleDetailsAsync(resultUP.RoleInformationId);
if (userRoles?.Count() > 0)
{
List <RoleViewModel> roleViewModels = new List <RoleViewModel>();
foreach (var userRole in userRoles)
{
roleViewModels.Add(new RoleViewModel {
RoleName = userRole.RoleName, OrganizationalUnit = userRole.OrganizationalUnit
});
}
resultUP.RoleInformation = roleViewModels;
}
}
resultUP.RoleInformationId = null;
return(resultUP);
}
public async Task <string> Compare(byte[] imageBytes)
{
try
{
String collectionId = "PiscoMarketFaces";
//Decrypt Keys
var key = "E546C8DF278CD5931069B522E695D4F2";
var rekognitionClient = new AmazonRekognitionClient(EncryptionUtilities.DecryptString(configuration.awsAccessKey, key), EncryptionUtilities.DecryptString(configuration.awsAccessSecret, key), Amazon.RegionEndpoint.USEast2);
var image = new Image()
{
Bytes = new MemoryStream(imageBytes)
};
var searchFacesByImageRequest = new SearchFacesByImageRequest()
{
CollectionId = collectionId,
Image = image,
FaceMatchThreshold = 70F,
MaxFaces = 1
};
SearchFacesByImageResponse searchFacesByImageResponse =
await rekognitionClient.SearchFacesByImageAsync(searchFacesByImageRequest);
if (searchFacesByImageResponse.FaceMatches.Any())
{
var faceMatch = searchFacesByImageResponse.FaceMatches.First();
return(faceMatch.Face.ExternalImageId);
}
return(null);
}
catch (Exception ex)
{
return(null);
}
}
public async Task <Secret> PutSecretAsync(string secretName, byte[] secretValue, Dictionary <string, string> p2)
{
var objectKey = GetObjectKey(secretName);
var ikek = EncryptionUtilities.GenerateSecretKey();
var s3Client = GetS3EncryptionClient(new EncryptionMaterials(ikek), new AmazonS3CryptoConfiguration {
RegionEndpoint = AwsRegion
});
logger.Info("check if s3 bucket versioning enabled");
var versioned = await s3Client.GetBucketVersioningAsync(new GetBucketVersioningRequest { BucketName = BucketName });
if (string.Compare("enabled", versioned.VersioningConfig.Status, true) != 0)
{
throw new SecretsSdkException($"s3 Bucket versioning is not enabled, {BucketName}");
}
var ikekVersionId = await UploadIkek(GetIkekObjectKey(secretName), ikek.GetEncoded());
logger.Info($"encrypt and upload secret to {secretName}");
var putRequest = new PutObjectRequest()
{
BucketName = BucketName,
Key = objectKey,
InputStream = new MemoryStream(secretValue)
};
putRequest.Metadata.Add(IKEK_METADATA_KEY, ikekVersionId);
var result = await s3Client.PutObjectAsync(putRequest);
logger.Info($"uploaded secret to {secretName}");
return(new Secret(secretName)
{
Version = result.VersionId
});
}
/// <summary>
/// Encrypts the body from the <see cref="PlainTextBody"/> property.
/// This only needs to be called if the body is being saved back.
/// </summary>
public void EncryptBodyBytes()
{
// No encryption, nothing to do
if (!Header.Encrypted || Store.Key == null)
{
Body = PlainTextBody;
return;
}
// If no crypto key or master key has changed, create a new one
if (Header.Key == null)
{
Header.Key = new CryptoKey(new CryptoKeyProtector("AES", EncryptionUtilities.GenerateRandomBytes(), Store.Key));
}
// Initialise the document's key.
var keyInit = (IInitiableProvider)Header.Key.PrimaryProtector.Provider;
keyInit.Initialise(Store.Key);
// Encrypt the document with its key
Body = new AesCryptoProvider(Header.Key).Encrypt(PlainTextBody);
}
public async Task <QueryResult <UserModel> > Login(LoginModel input)
{
try
{
var result = await DbConnection.QueryFirstAsync <SecretDataModel>(GetUserData, new { input.UserName });
var isPasswordValid = EncryptionUtilities.IsPasswordValid(input.Password, $"{result.PasswordSalt.Trim()}:{result.PasswordHash.Trim()}");
if (isPasswordValid)
{
return(new QueryResult <UserModel>
{
IsSuccessfult = true,
Result = new UserModel
{
UserName = result.UserName,
Email = result.Email,
Id = result.Id
}
});
}
return(new QueryResult <UserModel>
{
IsSuccessfult = false,
ErrorMessage = "User is not exist or incorrect password"
});
}
catch (Exception ex)
{
return(new QueryResult <UserModel>
{
IsSuccessfult = false,
ErrorMessage = $"An internal error has been occured. Error message: {ex.Message}"
});
}
}
public async Task <QueryResult> Register(RegistrationModel input)
{
try
{
using (DbConnection)
{
DbConnection.Open();
var hashSalt = EncryptionUtilities.CreatePasswordSalt(input.Password).Split(':');
var salt = hashSalt[0];
var hash = hashSalt[1];
var result = await DbConnection.ExecuteAsync(RegisterQuery, new
{
UserName = input.UserName,
Email = input.Email,
PasswordHash = hash,
PasswordSalt = salt
});
return(new QueryResult
{
RowAffected = result,
IsSuccessfult = result > 0
});
}
}
catch (Exception ex)
{
return(new QueryResult
{
IsSuccessfult = false,
ErrorMessage = $"An error has been occured. Error message: {ex.Message}"
});
}
}
public async Task <ShareViewModel> ShareResourceDataAsync(ShareInput shareInput)
{
dynamic response = null;
if (shareInput.Url == null || shareInput.UserId == null || shareInput.ResourceId == null)
{
return(null);
}
UserProfile userProfile = await dbUserProfile.GetUserProfileDataAsync(shareInput.UserId);
shareInput.UniqueId = shareInput.UniqueId != Guid.Empty ? shareInput.UniqueId : Guid.NewGuid();
shareInput.ResourceId = shareInput.ResourceId != Guid.Empty ? shareInput.ResourceId : Guid.NewGuid();
var permaLink = EncryptionUtilities.GenerateSHA256String(shareInput.UniqueId + shareInput.UserId +
shareInput.ResourceId);
var sharedResource = new SharedResource
{
ExpirationDate = DateTime.UtcNow.AddYears(Constants.ExpirationDateDurationInYears),
IsShared = true,
Url = new Uri(shareInput.Url.OriginalString, UriKind.RelativeOrAbsolute),
PermaLink = permaLink
};
response = await UpsertSharedResource(userProfile, sharedResource);
if (shareInput.Url.OriginalString.Contains("plan"))
{
string planId = shareInput.Url.OriginalString.Substring(6);
await UpdatePlanIsSharedStatus(planId, true);
}
return(response == null ? null : new ShareViewModel
{
PermaLink = dbShareSettings.PermaLinkMaxLength > 0 ? GetPermaLink(permaLink) : permaLink
});
}
public byte[] ReadFixedValue()
{
var len = EncryptionUtilities.DecodeInt16(ReadBytes(2));
return(ReadBytes(len));
}
public void HandlePacketData(byte[] data)
{
try
{
if (_client.Rc4Client != null && !_deciphered)
{
_client.Rc4Client.Decrypt(ref data);
_deciphered = true;
}
if (_halfDataRecieved)
{
var fullDataRcv = new byte[_halfData.Length + data.Length];
Buffer.BlockCopy(_halfData, 0, fullDataRcv, 0, _halfData.Length);
Buffer.BlockCopy(data, 0, fullDataRcv, _halfData.Length, data.Length);
_halfDataRecieved = false; // mark done this round
HandlePacketData(fullDataRcv); // repeat now we have the combined array
return;
}
using (var reader = new BinaryReader(new MemoryStream(data)))
{
if (data.Length < 4)
{
return;
}
var msgLen = EncryptionUtilities.DecodeInt32(reader.ReadBytes(4));
if (reader.BaseStream.Length - 4 < msgLen)
{
_halfData = data;
_halfDataRecieved = true;
return;
}
if (msgLen < 0 || msgLen > 5120)//TODO: Const somewhere.
{
return;
}
var packet = reader.ReadBytes(msgLen);
using (var r = new BinaryReader(new MemoryStream(packet)))
{
var header = EncryptionUtilities.DecodeInt16(r.ReadBytes(2));
var content = new byte[packet.Length - 2];
Buffer.BlockCopy(packet, 2, content, 0, packet.Length - 2);
var message = new ClientPacket(header, content);
OnNewPacket.Invoke(message);
_deciphered = false;
}
if (reader.BaseStream.Length - 4 > msgLen)
{
var extra = new byte[reader.BaseStream.Length - reader.BaseStream.Position];
Buffer.BlockCopy(data, (int)reader.BaseStream.Position, extra, 0, (int)(reader.BaseStream.Length - reader.BaseStream.Position));
_deciphered = true;
HandlePacketData(extra);
}
}
}
#pragma warning disable CS0168 // The variable 'e' is declared but never used
catch (Exception e)
#pragma warning restore CS0168 // The variable 'e' is declared but never used
{
//Logger.Error("Packet Error!", e);
}
}