public static SqlString GenerateSalt(int length)
{
byte[] array = new byte[length];
RNGCryptoServiceProvider rNGCryptoServiceProvider = new RNGCryptoServiceProvider();
rNGCryptoServiceProvider.GetBytes(array);
return new SqlString(Convert.ToBase64String(array));
}
public string CreateSalt(int size)
{
size = 5;
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
return Convert.ToBase64String(buff);
}
/// <summary>
/// 高斯密钥 获取 伪随机数种子
/// 从而确保伪随机数的随机性
/// </summary>
/// <returns></returns>
private int GetSeed()
{
byte[] bytes = new byte[4];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetBytes(bytes);
return BitConverter.ToInt32(bytes, 0);
}
internal static byte[] GenerateSaltInternal(int byteLength = SaltSize)
{
byte[] buf = new byte[byteLength];
using (var rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(buf);
}
return buf;
}
public static string GenerateSalt(int byteLength = SaltSize)
{
byte[] Buff = new byte[byteLength];
using (var Prng = new RNGCryptoServiceProvider())
{
Prng.GetBytes(Buff);
}
return Convert.ToBase64String(Buff);
}
public static string CreateSalt(int size)
{
//Generate a cryptographic random number.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
// Return a Base64 string representation of the random number.
return Convert.ToBase64String(buff);
}
public static string CreateHash(string password)
{
RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
byte[] salt = new byte[SALT_BYTE_SIZE];
csprng.GetBytes(salt);
byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
return PBKDF2_ITERATIONS + ":" +
Convert.ToBase64String(salt) + ":" +
Convert.ToBase64String(hash);
}
public PasswordGenerator()
{
this.Minimum = DefaultMinimum;
this.Maximum = DefaultMaximum;
this.ConsecutiveCharacters = false;
this.RepeatCharacters = true;
this.ExcludeSymbols = false;
this.Exclusions = null;
rng = new RNGCryptoServiceProvider();
}
public static void GetNonZeroBytes()
{
using (var rng = new RNGCryptoServiceProvider())
{
Assert.Throws<ArgumentNullException>("data", () => rng.GetNonZeroBytes(null));
// Array should not have any zeros
byte[] rand = new byte[65536];
rng.GetNonZeroBytes(rand);
Assert.Equal(-1, Array.IndexOf<byte>(rand, 0));
}
}
public static string CreateMachineKey(int length)
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] random = new byte[length/2];
rng.GetBytes(random);
StringBuilder machineKey = new StringBuilder(length);
for (int i = 0; i < random.Length; i++)
{
machineKey.Append(String.Format("{0:X2}", random[i]));
}
return machineKey.ToString();
}
public static string CreateSalt(int size)
{
// Taken from: http://stackoverflow.com/questions/2138429/hash-and-salt-passwords-in-c-sharp
//Generate a cryptographic random number.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
// Return a Base64 string representation of the random number.
return Convert.ToBase64String(buff);
}
/// <summary>
/// Creates a salted PBKDF2 hash of the password.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <returns>The hash of the password.</returns>
public static string CreateHash(string password)
{
// Generate a random salt
RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
byte[] salt = new byte[SALT_BYTE_SIZE];
csprng.GetBytes(salt);
// Hash the password and encode the parameters
byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
return PBKDF2_ITERATIONS + ":" +
Convert.ToBase64String(salt) + ":" +
Convert.ToBase64String(hash);
}
IList<GameObject> Shuffle(IList<GameObject> list)
{
RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
int n = list.Count;
while (n > 1)
{
byte[] box = new byte[1];
do provider.GetBytes(box);
while (!(box[0] < n * (Byte.MaxValue / n)));
int k = (box[0] % n);
n--;
GameObject value = list[k];
list[k] = list[n];
list[n] = value;
}
return list;
}
public static string GetPassword(int size)
{
char[] chars = new char[65];
chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@&$".ToCharArray();
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data);
data = new byte[size];
crypto.GetNonZeroBytes(data);
StringBuilder password = new StringBuilder(size);
foreach (byte b in data)
{
password.Append(chars[b % (chars.Length)]);
}
return password.ToString();
}
public static string GetUniqueId(int size)
{
char[] chars = new char[62];
chars =
"1234567890".ToCharArray();
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data);
data = new byte[size];
crypto.GetNonZeroBytes(data);
StringBuilder id = new StringBuilder(size);
foreach (byte b in data)
{
id.Append(chars[b % (chars.Length)]);
}
return id.ToString();
}
public static string GetUniqueKey(int maxSize)
{
char[] chars = new char[62];
chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW XYZ1234567890".ToCharArray();
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data);
data = new byte[maxSize];
crypto.GetNonZeroBytes(data);
StringBuilder result = new StringBuilder(maxSize);
foreach (byte b in data)
{
result.Append(chars[b % (chars.Length - 1)]);
}
return result.ToString();
}
public int NextRandom(bool allowNegative)
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] bytes = new byte[4];
rng.GetNonZeroBytes(bytes);
int number = BitConverter.ToInt32(bytes, 0);
if (!allowNegative)
{
if (number < 0)
{
number = -number;
}
}
return number;
}
/**
* This function generates random string of the given input length.
*
* @param _plainText
* Plain text to be encrypted
* @param _key
* Encryption Key. You'll have to use the same key for decryption
* @return returns encrypted (cipher) text
*/
internal static string GenerateRandomIV(int length)
{
char[] _iv = new char[length];
byte[] randomBytes = new byte[length];
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(randomBytes);
}
for (int i = 0; i < _iv.Length; i++)
{
int ptr = randomBytes[i] % CharacterMatrixForRandomIVStringGeneration.Length;
_iv[i] = CharacterMatrixForRandomIVStringGeneration[ptr];
}
return new string(_iv);
}
public static Boolean Test()
{
Boolean bRes = true;
RSAPKCS1KeyExchangeFormatter pcef1 = new RSAPKCS1KeyExchangeFormatter(RSA.Create());
RSAPKCS1KeyExchangeDeformatter pced1 = new RSAPKCS1KeyExchangeDeformatter(RSA.Create());
Console.WriteLine("pcef1 parameters: " + pcef1.Parameters + "\npced1 parameters: " + pced1.Parameters);
bRes = TestKeyExchange(pcef1, pced1, false) && bRes;
RSA rsa = RSA.Create();
RandomNumberGenerator rng = new RNGCryptoServiceProvider();
RSAPKCS1KeyExchangeFormatter pcef2 = new RSAPKCS1KeyExchangeFormatter();
RSAPKCS1KeyExchangeDeformatter pced2 = new RSAPKCS1KeyExchangeDeformatter(rsa);
RSA rsa1 = RSA.Create();
rsa1.ImportParameters(rsa.ExportParameters(false));
pcef2.SetKey(rsa1);
pcef2.Rng = rng;
pced2.RNG = rng;
Console.WriteLine("pcef2 parameters: " + pcef2.Parameters + "\npced2 parameters: " + pced2.Parameters);
bRes = TestKeyExchange(pcef2, pced2, true) && bRes;
RSAOAEPKeyExchangeFormatter ocef1 = new RSAOAEPKeyExchangeFormatter(RSA.Create());
RSAOAEPKeyExchangeDeformatter oced1 = new RSAOAEPKeyExchangeDeformatter(RSA.Create());
Console.WriteLine("ocef1 parameters: " + ocef1.Parameters + "\noced1 parameters: " + oced1.Parameters);
bRes = TestKeyExchange(ocef1, oced1, false) && bRes;
rsa = RSA.Create();
rng = new RNGCryptoServiceProvider();
RSAOAEPKeyExchangeFormatter ocef2 = new RSAOAEPKeyExchangeFormatter();
RSAOAEPKeyExchangeDeformatter oced2 = new RSAOAEPKeyExchangeDeformatter(rsa);
rsa1 = RSA.Create();
rsa1.ImportParameters(rsa.ExportParameters(false));
ocef2.SetKey(rsa1);
ocef2.Rng = rng;
// oced2.RNG = rng;
Console.WriteLine("ocef2 parameters: " + ocef2.Parameters + "\noced2 parameters: " + oced2.Parameters);
bRes = TestKeyExchange(ocef2, oced2, true) && bRes;
return bRes;
}
// This method simulates a roll of the dice. The input parameter is the
// number of sides of the dice.
public static byte RollDice(byte numberSides)
{
if (numberSides <= 0)
throw new ArgumentOutOfRangeException("numberSides");
// Create a new instance of the RNGCryptoServiceProvider.
RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
// Create a byte array to hold the random value.
byte[] randomNumber = new byte[1];
do
{
// Fill the array with a random value.
rngCsp.GetBytes(randomNumber);
}
while (!IsFairRoll(randomNumber[0], numberSides));
// Return the random number mod the number
// of sides. The possible values are zero-
// based, so we add one.
return (byte)((randomNumber[0] % numberSides) + 1);
}
public static string GenerateRandomId()
{
int maxSize = 36;
char[] chars = new char[62];
string a;
a = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
chars = a.ToCharArray();
int size = maxSize;
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data);
size = maxSize;
data = new byte[size];
crypto.GetNonZeroBytes(data);
StringBuilder result = new StringBuilder(size);
foreach (byte b in data)
{ result.Append(chars[b % (chars.Length - 1)]); }
return result.ToString();
}
public void gen_pwd()
{
int maxSize = 10;
char[] chars = new char[62];
string a = "abcdefghijklmno~@#$%^&*()+pqrstuvwxyz0123456789";
chars = a.ToCharArray();
int size = maxSize;
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data);
size = maxSize;
data = new byte[size];
crypto.GetNonZeroBytes(data);
StringBuilder result = new StringBuilder(size);
foreach (byte b in data)
{
result.Append(chars[b % (chars.Length - 1)]);
}
pwdd = result.ToString();
}
public static int GetRandomIntBetween(int minValue, int maxValue)
{
// Make maxValue inclusive.
//maxValue++;
var rng = new RNGCryptoServiceProvider();
var uint32Buffer = new byte[4];
long diff = maxValue - minValue;
while (true)
{
rng.GetBytes(uint32Buffer);
uint rand = BitConverter.ToUInt32(uint32Buffer, 0);
const long max = (1 + (long)int.MaxValue);
long remainder = max % diff;
if (rand < max - remainder)
{
return (int)(minValue + (rand % diff));
}
}
}
public static void DifferentSequential_10()
{
// Ensure that the RNG doesn't produce a stable set of data.
byte[] first = new byte[10];
byte[] second = new byte[10];
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(first);
rng.GetBytes(second);
}
// Random being random, there is a chance that it could produce the same sequence.
// The smallest test case that we have is 10 bytes.
// The probability that they are the same, given a Truly Random Number Generator is:
// Pmatch(byte0) * Pmatch(byte1) * Pmatch(byte2) * ... * Pmatch(byte9)
// = 1/256 * 1/256 * ... * 1/256
// = 1/(256^10)
// = 1/1,208,925,819,614,629,174,706,176
Assert.NotEqual(first, second);
}
public static void HashWithSalt(
string plaintext, ref string salt, out string hash)
{
const int SALT_BYTE_COUNT = 16;
if (salt == null || salt == "")
{
byte[] saltBuf = new byte[SALT_BYTE_COUNT];
RNGCryptoServiceProvider rng =
new RNGCryptoServiceProvider();
rng.GetBytes(saltBuf);
StringBuilder sb =
new StringBuilder(saltBuf.Length);
for (int i = 0; i < saltBuf.Length; i++)
sb.Append(string.Format("{0:X2}", saltBuf[i]));
salt = sb.ToString();
}
hash = FormsAuthentication.
HashPasswordForStoringInConfigFile(
salt + plaintext, DefCryptoAlg);
}
protected void Button1_Click(object sender, EventArgs e)
{
byte[] arr = new byte[24];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetBytes(arr);
System.Text.StringBuilder machineKey = new System.Text.StringBuilder(24);
for (int i = 0; i < arr.Length; i++)
{
machineKey.Append(String.Format("{0:X2}", arr[i]));
}
Page.Response.Write(machineKey.ToString());
Page.Response.Write(WebConfigurationManager.AppSettings["topic"] + "<br />");
Page.Response.Write(WebConfigurationManager.ConnectionStrings["NorthwindConnection"] + "<br />");
Page.Response.Write(WebConfigurationManager.GetSection("connectionStrings") + "<br />");
CompilationSection cs = (CompilationSection)WebConfigurationManager.GetSection("system.web/compilation");
foreach (AssemblyInfo item in cs.Assemblies)
{
Response.Write(item.Assembly + "<br /");
}
}
public CryptoService(IConfiguration configuration)
{
serverKey = configuration.GetValue <string>("ServerKey");
rng = new RNGCryptoServiceProvider();
}
public CryptographyController()
{
//加密随机数生成器创建加密型强随机值。
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
}
public RngWrapper()
{
this._wrapped = new RNGCryptoServiceProvider();
}
public RngWrapper(byte[] rgb)
{
this._wrapped = new RNGCryptoServiceProvider(rgb);
}
private static async Task LoginAsync(IChannelHandlerContext context, string username, string password,
string hwid, string secretkey)
{
// This var is used for sending the unban date to the launcher
var unbandate = DateTimeOffset.Now;
try
{
var endpoint = new IPEndPoint(((IPEndPoint)context.Channel.RemoteAddress).Address.MapToIPv4(),
((IPEndPoint)context.Channel.RemoteAddress).Port);
if (username.Length >= 20)
{
Logger.Error("Login & Password to long for {0}", endpoint);
var check = new CCMessage();
check.Write(false);
check.Write("Username is more than 20 chars");
RmiSend(context, 16, check);
return;
}
if (hwid == string.Empty)
{
Logger.Error("No HWID found on endpoint {0}", endpoint);
var check = new CCMessage();
check.Write(false);
check.Write("Cannot Generate HWID");
RmiSend(context, 16, check);
return;
}
if (Config.Instance.AuthAPI.BlockedHWIDS.Contains(hwid))
{
Logger.Error("Hwid ban(conf): {0}, Address: {1}", hwid, endpoint);
goto hwidban;
}
if (Config.Instance.LauncherCheck)
{
// Launcher Check
if (secretkey != Config.Instance.LauncherCheckKey)
{
Logger.Error("Wrong Launcher => User: "******" hwid: " + hwid + " from " + endpoint);
var keycheck = new CCMessage();
keycheck.Write(false);
keycheck.Write("Invalid Launcher");
RmiSend(context, 16, keycheck);
return;
}
}
using (var db = AuthDatabase.Open())
{
Logger.Information("AuthAPI login from {0}, HWID: {1}", endpoint, hwid);
if (username.Length < 4 || password.Length < 4)
{
Logger.Error("Too short credentials for {username} / {endpoint}", username, endpoint);
var lengtherr = new CCMessage();
lengtherr.Write(false);
lengtherr.Write("Invalid length of username/password");
RmiSend(context, 16, lengtherr);
return;
}
if (!Namecheck.IsNameValid(username))
{
Logger.Error("Invalid username for {username} / {endpoint}", username, endpoint);
var nickerr = new CCMessage();
nickerr.Write(false);
nickerr.Write("Username contains invalid characters");
RmiSend(context, 16, nickerr);
return;
}
var result = await db.FindAsync <AccountDto>(statement => statement
.Where($"{nameof(AccountDto.Username):C} = @{nameof(username)}")
.Include <BanDto>(join => join.LeftOuterJoin())
.WithParameters(new { Username = username }));
var account = result.FirstOrDefault();
var hwidResult = await db.FindAsync <HwidBanDto>(statement => statement
.Where($"{nameof(HwidBanDto.Hwid):C} = @{nameof(hwid)}")
.WithParameters(new { Hwid = hwid }));
if (hwidResult?.Any() ?? false)
{
Logger.Error("Hwid ban(db): {0}, Address: {1}", hwid, endpoint);
goto hwidban;
}
if (account == null &&
(Config.Instance.NoobMode || Config.Instance.AutoRegister))
{
account = new AccountDto {
Username = username
};
var newSalt = new byte[24];
using (var csprng = new RNGCryptoServiceProvider())
{
csprng.GetBytes(newSalt);
}
var hash = new byte[24];
using (var pbkdf2 = new Rfc2898DeriveBytes(password, newSalt, 24000))
{
hash = pbkdf2.GetBytes(24);
}
account.Password = Convert.ToBase64String(hash);
account.Salt = Convert.ToBase64String(newSalt);
await db.InsertAsync(account);
}
var salt = Convert.FromBase64String(account?.Salt ?? "");
var passwordGuess =
new Rfc2898DeriveBytes(password, salt, 24000).GetBytes(24);
var actualPassword =
Convert.FromBase64String(account?.Password ?? "");
var difference =
(uint)passwordGuess.Length ^ (uint)actualPassword.Length;
for (var i = 0;
i < passwordGuess.Length && i < actualPassword.Length;
i++)
{
difference |= (uint)(passwordGuess[i] ^ actualPassword[i]);
}
if ((difference != 0 ||
string.IsNullOrWhiteSpace(account?.Password ?? "")) &&
!Config.Instance.NoobMode)
{
Logger.Error("Wrong credentials for {username} / {endpoint}", username, endpoint);
goto wrong;
}
if (account != null)
{
var now = DateTimeOffset.Now.ToUnixTimeSeconds();
var ban = account.Bans.FirstOrDefault(b => b.Date + (b.Duration ?? 0) > now);
if (ban != null)
{
var unbanDate = DateTimeOffset.FromUnixTimeSeconds(ban.Date + (ban.Duration ?? 0));
unbandate = DateTimeOffset.FromUnixTimeSeconds(ban.Date + (ban.Duration ?? 0));
Logger.Error("{user} is banned until {until}", account.Username, unbanDate);
goto ban;
}
account.LoginToken = AuthHash
.GetHash256(
$"{context.Channel.RemoteAddress}-{account.Username}-{account.Password}-{endpoint.Address.MapToIPv4()}")
.ToLower();
account.LastLogin = $"{DateTimeOffset.UtcNow:yyyyMMddHHmmss}";
account.AuthToken = string.Empty;
account.newToken = string.Empty;
await db.UpdateAsync(account);
var history = new AuthHistoryDto
{
Account = account,
AccountId = account.Id,
Date = DateTimeOffset.Now.ToUnixTimeSeconds(),
HWID = hwid
};
await db.InsertAsync(history);
var ack = new CCMessage();
ack.Write(true);
ack.Write(account.LoginToken);
RmiSend(context, 16, ack);
}
Logger.Information("AuthAPI login success for {username}", username);
return;
}
}
catch (Exception e)
{
Logger.Error(e.ToString());
goto error;
}
wrong:
{
var error = new CCMessage();
error.Write(false);
error.Write("Invalid username or password");
RmiSend(context, 16, error);
}
error:
{
var error = new CCMessage();
error.Write(false);
error.Write("Login error");
RmiSend(context, 16, error);
}
ban:
{
var error = new CCMessage();
error.Write(false);
error.Write("Account is banned until " + unbandate);
RmiSend(context, 16, error);
}
hwidban:
{
var error = new CCMessage();
error.Write(false);
error.Write("You have been blocked");
RmiSend(context, 16, error);
}
}
static void Main(string[] args)
{
Stopwatch stopwatch = new Stopwatch();
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
{
stopwatch.Start();
byte[] data = new byte[4];
for (int i = 0; i < 10; i++)
{
rng.GetBytes(data);
int value = BitConverter.ToInt32(data, 0);
Console.WriteLine("the value of RNGCryptoServiceProvider byte is " + value);
Console.WriteLine("the value of RNGCryptoServiceProvider base62 is" + Convert.ToBase64String(data));
}
}
stopwatch.Stop();
Console.WriteLine("Time elapsed: {0}", stopwatch.Elapsed.TotalMilliseconds);
Console.WriteLine("----------------------------------------------------");
var rand = new Random();
{
byte[] data = new byte[4];
stopwatch.Start();
var bytes = new byte[4];
for (int i = 0; i < 10; i++)
{
rand.NextBytes(bytes);
int value = BitConverter.ToInt32(bytes, 0);
Console.WriteLine("the value of Rand byte is " + value);
Console.WriteLine("the value of Rand base62 is " + Convert.ToBase64String(bytes));
}
}
stopwatch.Stop();
Console.WriteLine("Time elapsed: {0}", stopwatch.Elapsed.TotalMilliseconds);
Console.ReadKey();
Console.WriteLine("------------Press enter for Encryption---------------");
Console.WriteLine("type a message to encrypt it.");
string message = Console.ReadLine();
Console.Write(Encrypter.Encrypt(message));
Console.WriteLine("\n------------Press enter for decryption---------------");
Console.WriteLine("type a message to decrypt it.");
string demessage = Console.ReadLine();
Console.Write(Encrypter.Dencrypt(demessage));
Console.ReadKey();
}
private void SaveSettings()
{
if (checkBoxChangeStaticInfo.Checked != Settings.Default.ChangeStaticInfo)
{
EntryOrGuidAndSourceType originalEntryOrGuidAndSourceType = ((MainForm)Owner).userControl.originalEntryOrGuidAndSourceType;
((MainForm)Owner).userControl.textBoxEntryOrGuid.Text = originalEntryOrGuidAndSourceType.entryOrGuid.ToString();
((MainForm)Owner).userControl.comboBoxSourceType.SelectedIndex = ((MainForm)Owner).userControl.GetIndexBySourceType(originalEntryOrGuidAndSourceType.sourceType);
}
bool showTooltipsStaticly = Settings.Default.ShowTooltipsStaticly;
bool generateComments = Settings.Default.GenerateComments;
bool phaseHighlighting = false;// Settings.Default.PhaseHighlighting;
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buffer = new byte[1024];
rng.GetBytes(buffer);
string salt = BitConverter.ToString(buffer);
rng.Dispose();
string decryptedPassword = textBoxPassword.Text;
SAI_Editor_Manager.Instance.connString = new MySqlConnectionStringBuilder();
SAI_Editor_Manager.Instance.connString.Server = textBoxHost.Text;
SAI_Editor_Manager.Instance.connString.UserID = textBoxUsername.Text;
SAI_Editor_Manager.Instance.connString.Port = CustomConverter.ToUInt32(textBoxPort.Text);
SAI_Editor_Manager.Instance.connString.Database = textBoxWorldDatabase.Text;
if (textBoxPassword.Text.Length > 0)
{
SAI_Editor_Manager.Instance.connString.Password = textBoxPassword.Text;
}
Settings.Default.UseWorldDatabase = radioButtonConnectToMySql.Checked;
Settings.Default.Save();
bool newConnectionSuccesfull = false;
if (radioButtonConnectToMySql.Checked)
{
newConnectionSuccesfull = SAI_Editor_Manager.Instance.worldDatabase.CanConnectToDatabase(SAI_Editor_Manager.Instance.connString, false);
}
//! We also save the settings if no connection was made. It's possible the user unchecked
//! the radioboxes, changed some settings and then set it back to no DB connection.
if (newConnectionSuccesfull || !radioButtonConnectToMySql.Checked)
{
Settings.Default.Entropy = salt;
Settings.Default.Host = textBoxHost.Text;
Settings.Default.User = textBoxUsername.Text;
Settings.Default.Password = textBoxPassword.Text.Length == 0 ? String.Empty : textBoxPassword.Text.ToSecureString().EncryptString(Encoding.Unicode.GetBytes(salt));
Settings.Default.Database = textBoxWorldDatabase.Text;
Settings.Default.Port = textBoxPort.Text.Length > 0 ? CustomConverter.ToUInt32(textBoxPort.Text) : 0;
Settings.Default.AutoConnect = checkBoxAutoConnect.Checked;
if (radioButtonConnectToMySql.Checked)
{
SAI_Editor_Manager.Instance.ResetDatabases();
}
}
Settings.Default.InstantExpand = checkBoxInstantExpand.Checked;
Settings.Default.PromptToQuit = checkBoxPromptToQuit.Checked;
Settings.Default.HidePass = checkBoxHidePass.Checked;
Settings.Default.AnimationSpeed = CustomConverter.ToInt32(textBoxAnimationSpeed.Text);
Settings.Default.PromptExecuteQuery = checkBoxPromptExecuteQuery.Checked;
Settings.Default.ChangeStaticInfo = checkBoxChangeStaticInfo.Checked;
Settings.Default.ShowTooltipsStaticly = checkBoxShowTooltipsStaticly.Checked;
Settings.Default.GenerateComments = checkBoxAutoGenerateComments.Checked;
Settings.Default.CreateRevertQuery = checkBoxCreateRevertQuery.Checked;
Settings.Default.PhaseHighlighting = false;// checkBoxPhaseHighlighting.Checked;
Settings.Default.DuplicatePrimaryFields = checkBoxDuplicatePrimaryFields.Checked;
Settings.Default.WowExpansionIndex = (uint)comboBoxWowExpansion.SelectedIndex;
SAI_Editor_Manager.Instance.Expansion = (WowExpansion)Settings.Default.WowExpansionIndex;
Settings.Default.Save();
if (newConnectionSuccesfull)
{
((MainForm)Owner).checkBoxAutoConnect.Checked = checkBoxAutoConnect.Checked;
((MainForm)Owner).textBoxHost.Text = textBoxHost.Text;
((MainForm)Owner).textBoxUsername.Text = textBoxUsername.Text;
((MainForm)Owner).textBoxPassword.Text = decryptedPassword;
((MainForm)Owner).textBoxWorldDatabase.Text = textBoxWorldDatabase.Text;
((MainForm)Owner).checkBoxAutoConnect.Checked = checkBoxAutoConnect.Checked;
((MainForm)Owner).expandAndContractSpeed = CustomConverter.ToInt32(textBoxAnimationSpeed.Text);
((MainForm)Owner).textBoxPassword.PasswordChar = Convert.ToChar(checkBoxHidePass.Checked ? '●' : '\0');
}
else if (radioButtonConnectToMySql.Checked) //! Don't report this if there is no connection to be made anyway
{
MessageBox.Show("The database settings were not saved because no connection could be established. All other changed settings were saved.", "Something went wrong!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
if (checkBoxAutoGenerateComments.Checked != generateComments && checkBoxAutoGenerateComments.Checked)
{
((MainForm)Owner).userControl.GenerateCommentsForAllItems();
}
if (checkBoxShowTooltipsStaticly.Checked != showTooltipsStaticly)
{
((MainForm)Owner).userControl.ExpandOrContractToShowStaticTooltips(!checkBoxShowTooltipsStaticly.Checked);
}
if (checkBoxPhaseHighlighting.Checked != phaseHighlighting)
{
((MainForm)Owner).userControl.ListViewList.Apply(true);
((MainForm)Owner).userControl.checkBoxUsePhaseColors.Checked = checkBoxPhaseHighlighting.Checked;
}
((MainForm)Owner).HandleUseWorldDatabaseSettingChanged();
}
public RNG()
{
rnd = new Random();
rngCrypt = new RNGCryptoServiceProvider();
}
public CryptographicallyRandomCodeGenerator()
{
_rng = new RNGCryptoServiceProvider();
}
private static string GenerateToken()
{
using (var prng = new RNGCryptoServiceProvider())
{
return GenerateToken(prng);
}
}
private static KeyValuePair<string, string> Encrypt(string password)
{
RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
byte[] salt = new byte[SALT_BYTES];
csprng.GetBytes(salt);
string saltStr = Convert.ToBase64String(salt);
return new KeyValuePair<string, string>(saltStr, Encrypt(saltStr, password));
}
public void Test1()
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
TableServerData tsd = new TableServerData("0");
Entry[] not_expired = new Entry[12];
Entry[] to_expire = new Entry[12];
DateTime now = DateTime.UtcNow;
DateTime live = now.AddSeconds(120);
DateTime expire = now.AddSeconds(5);
for (int i = 0; i < 4; i++)
{
byte[] key = new byte[20];
rng.GetBytes(key);
for (int j = 0; j < 3; j++)
{
byte[] value = new byte[20];
rng.GetBytes(value);
Entry ent = new Entry(key, value, now, expire);
to_expire[i * 3 + j] = ent;
tsd.AddEntry(ent);
value = new byte[20];
rng.GetBytes(value);
ent = new Entry(key, value, now, live);
not_expired[i * 3 + j] = ent;
tsd.AddEntry(ent);
Assert.IsFalse(not_expired[i * 3 + j].Equals(to_expire[i * 3 + j]),
String.Format("{0}: not_expired == to_expire.", i * 3 + j));
}
}
for (int i = 0; i < 4; i++)
{
LinkedList <Entry> entries = tsd.GetEntries(not_expired[i * 3].Key);
for (int j = 0; j < 3; j++)
{
Assert.IsTrue(entries.Contains(not_expired[i * 3 + j]), "step 0: not_expired " + (i * 3 + j));
Assert.IsTrue(entries.Contains(to_expire[i * 3 + j]), "step 0: to_expire " + (i * 3 + j));
}
}
for (int i = 0; i < 4; i++)
{
for (int j = 0; j < 3; j++)
{
int pos = i * 3 + j;
if (pos % 2 == 0)
{
Entry ent = not_expired[pos];
tsd.UpdateEntry(ent.Key, ent.Value, now.AddSeconds(160));
}
}
}
Entry entry = to_expire[11];
tsd.UpdateEntry(entry.Key, entry.Value, now.AddSeconds(160));
for (int i = 0; i < 4; i++)
{
LinkedList <Entry> entries = tsd.GetEntries(not_expired[i * 3].Key);
for (int j = 0; j < 3; j++)
{
Assert.IsTrue(entries.Contains(not_expired[i * 3 + j]), "step 1: not_expired " + (i * 3 + j));
Assert.IsTrue(entries.Contains(to_expire[i * 3 + j]), "step 1: to_expire " + (i * 3 + j));
}
}
while (DateTime.UtcNow < expire.AddSeconds(1))
{
for (int i = 0; i < 50000000; i++)
{
int k = i % 5;
k += 6;
}
}
for (int i = 0; i < 3; i++)
{
LinkedList <Entry> entries = tsd.GetEntries(not_expired[i * 3].Key);
for (int j = 0; j < 3; j++)
{
Assert.IsTrue(entries.Contains(not_expired[i * 3 + j]), "step 2: not_expired " + (i * 3 + j));
Assert.IsFalse(entries.Contains(to_expire[i * 3 + j]), "step 2: to_expire " + (i * 3 + j));
}
}
Assert.AreEqual(13, tsd.Count, "Entries we didn't check are removed by CheckEntries.");
}
public CryptoApiRandomGenerator()
{
rndProv = new RNGCryptoServiceProvider();
}
public CryptoRandomNumberGen()
{
csp = new RNGCryptoServiceProvider();
}
public void CertificateAndMasterKeyExecTest()
{
string script;
IDictionary <string, string> customSettings = new ConcurrentDictionary <string, string>();
var keyPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
var buffer = new byte[256 / 8];
using (var cryptoRandom = new RNGCryptoServiceProvider())
{
cryptoRandom.GetBytes(buffer);
}
File.WriteAllBytes(keyPath, buffer);
var certPath = GenerateAndSaveSelfSignedCertificate();
if (PlatformDetails.RunningOnPosix)
{
var scriptPath = Path.Combine(Path.GetTempPath(), Path.ChangeExtension(Guid.NewGuid().ToString(), ".sh"));
var keyArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> {
scriptPath, keyPath
});
var certArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> {
scriptPath, certPath
});
customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExec)] = "bash";
customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExecArguments)] = $"{keyArgs}";
customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateExec)] = "bash";
customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateExecArguments)] = $"{certArgs}";
customSettings[RavenConfiguration.GetKey(x => x.Core.ServerUrls)] = "https://" + Environment.MachineName + ":0";
script = "#!/bin/bash\ncat \"$1\"";
File.WriteAllText(scriptPath, script);
Process.Start("chmod", $"700 {scriptPath}");
}
else
{
var scriptPath = Path.Combine(Path.GetTempPath(), Path.ChangeExtension(Guid.NewGuid().ToString(), ".ps1"));
var keyArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> {
"-NoProfile", scriptPath, keyPath
});
var certArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> {
"-NoProfile", scriptPath, certPath
});
customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExec)] = "powershell";
customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExecArguments)] = $"{keyArgs}";
customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateExec)] = "powershell";
customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateExecArguments)] = $"{certArgs}";
customSettings[RavenConfiguration.GetKey(x => x.Core.ServerUrls)] = "https://" + Environment.MachineName + ":0";
script = @"param([string]$userArg)
try {
$bytes = Get-Content -path $userArg -encoding Byte
$stdout = [System.Console]::OpenStandardOutput()
$stdout.Write($bytes, 0, $bytes.Length)
}
catch {
Write-Error $_.Exception
exit 1
}
exit 0";
File.WriteAllText(scriptPath, script);
}
UseNewLocalServer(customSettings: customSettings, runInMemory: false);
// The master key loading is lazy, let's put a database secret key to invoke it.
var dbName = GetDatabaseName();
var databaseKey = new byte[32];
using (var rand = RandomNumberGenerator.Create())
{
rand.GetBytes(databaseKey);
}
var base64Key = Convert.ToBase64String(databaseKey);
// sometimes when using `dotnet xunit` we get platform not supported from ProtectedData
try
{
ProtectedData.Protect(Encoding.UTF8.GetBytes("Is supported?"), null, DataProtectionScope.CurrentUser);
}
catch (PlatformNotSupportedException)
{
return;
}
Server.ServerStore.PutSecretKey(base64Key, dbName, true);
X509Certificate2 serverCertificate;
try
{
serverCertificate = new X509Certificate2(certPath, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
}
catch (CryptographicException e)
{
throw new CryptographicException($"Failed to load the test certificate from {certPath}.", e);
}
using (var store = GetDocumentStore(new Options
{
AdminCertificate = serverCertificate,
ClientCertificate = serverCertificate,
ModifyDatabaseName = s => dbName,
ModifyDatabaseRecord = record => record.Encrypted = true,
Path = NewDataPath()
}))
{
}
var secrets = Server.ServerStore.Secrets;
var serverMasterKey = (Lazy <byte[]>) typeof(SecretProtection).GetField("_serverMasterKey", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(secrets);
Assert.True(serverMasterKey.Value.SequenceEqual(buffer));
Assert.True(Server.Certificate.Certificate.Equals(serverCertificate));
}
public SecureRandom()
{
_csp = new RNGCryptoServiceProvider("TANYA");
}
/// <summary>
/// Generates a random password.
/// </summary>
/// <param name="minLength">
/// Minimum password length.
/// </param>
/// <param name="maxLength">
/// Maximum password length.
/// </param>
/// <returns>
/// Randomly generated password.
/// </returns>
/// <remarks>
/// The length of the generated password will be determined at
/// random and it will fall with the range determined by the
/// function parameters.
/// </remarks>
public static string Generate(int minLength,
int maxLength)
{
// Make sure that input parameters are valid.
if (minLength <= 0 || maxLength <= 0 || minLength > maxLength)
{
return(null);
}
// Create a local array containing supported password characters
// grouped by types. You can remove character groups from this
// array, but doing so will weaken the password strength.
char[][] charGroups = new char[][]
{
PASSWORD_CHARS_LCASE.ToCharArray(),
PASSWORD_CHARS_UCASE.ToCharArray(),
PASSWORD_CHARS_NUMERIC.ToCharArray(),
//PASSWORD_CHARS_SPECIAL.ToCharArray()
};
// Use this array to track the number of unused characters in each
// character group.
int[] charsLeftInGroup = new int[charGroups.Length];
// Initially, all characters in each group are not used.
for (int i = 0; i < charsLeftInGroup.Length; i++)
{
charsLeftInGroup[i] = charGroups[i].Length;
}
// Use this array to track (iterate through) unused character groups.
int[] leftGroupsOrder = new int[charGroups.Length];
// Initially, all character groups are not used.
for (int i = 0; i < leftGroupsOrder.Length; i++)
{
leftGroupsOrder[i] = i;
}
// Because we cannot use the default randomizer, which is based on the
// current time (it will produce the same "random" number within a
// second), we will use a random number generator to seed the
// randomizer.
// Use a 4-byte array to fill it with random bytes and convert it then
// to an integer value.
byte[] randomBytes = new byte[4];
// Generate 4 random bytes.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetBytes(randomBytes);
// Convert 4 bytes into a 32-bit integer value.
int seed = (randomBytes[0] & 0x7f) << 24 |
randomBytes[1] << 16 |
randomBytes[2] << 8 |
randomBytes[3];
// Now, this is real randomization.
Random random = new Random(seed);
// This array will hold password characters.
char[] password = null;
// Allocate appropriate memory for the password.
if (minLength < maxLength)
{
password = new char[random.Next(minLength, maxLength + 1)];
}
else
{
password = new char[minLength];
}
// Index of the next character to be added to password.
int nextCharIdx;
// Index of the next character group to be processed.
int nextGroupIdx;
// Index which will be used to track not processed character groups.
int nextLeftGroupsOrderIdx;
// Index of the last non-processed character in a group.
int lastCharIdx;
// Index of the last non-processed group.
int lastLeftGroupsOrderIdx = leftGroupsOrder.Length - 1;
// Generate password characters one at a time.
for (int i = 0; i < password.Length; i++)
{
// If only one character group remained unprocessed, process it;
// otherwise, pick a random character group from the unprocessed
// group list. To allow a special character to appear in the
// first position, increment the second parameter of the Next
// function call by one, i.e. lastLeftGroupsOrderIdx + 1.
if (lastLeftGroupsOrderIdx == 0)
{
nextLeftGroupsOrderIdx = 0;
}
else
{
nextLeftGroupsOrderIdx = random.Next(0,
lastLeftGroupsOrderIdx);
}
// Get the actual index of the character group, from which we will
// pick the next character.
nextGroupIdx = leftGroupsOrder[nextLeftGroupsOrderIdx];
// Get the index of the last unprocessed characters in this group.
lastCharIdx = charsLeftInGroup[nextGroupIdx] - 1;
// If only one unprocessed character is left, pick it; otherwise,
// get a random character from the unused character list.
if (lastCharIdx == 0)
{
nextCharIdx = 0;
}
else
{
nextCharIdx = random.Next(0, lastCharIdx + 1);
}
// Add this character to the password.
password[i] = charGroups[nextGroupIdx][nextCharIdx];
// If we processed the last character in this group, start over.
if (lastCharIdx == 0)
{
charsLeftInGroup[nextGroupIdx] =
charGroups[nextGroupIdx].Length;
}
// There are more unprocessed characters left.
else
{
// Swap processed character with the last unprocessed character
// so that we don't pick it until we process all characters in
// this group.
if (lastCharIdx != nextCharIdx)
{
char temp = charGroups[nextGroupIdx][lastCharIdx];
charGroups[nextGroupIdx][lastCharIdx] =
charGroups[nextGroupIdx][nextCharIdx];
charGroups[nextGroupIdx][nextCharIdx] = temp;
}
// Decrement the number of unprocessed characters in
// this group.
charsLeftInGroup[nextGroupIdx]--;
}
// If we processed the last group, start all over.
if (lastLeftGroupsOrderIdx == 0)
{
lastLeftGroupsOrderIdx = leftGroupsOrder.Length - 1;
}
// There are more unprocessed groups left.
else
{
// Swap processed group with the last unprocessed group
// so that we don't pick it until we process all groups.
if (lastLeftGroupsOrderIdx != nextLeftGroupsOrderIdx)
{
int temp = leftGroupsOrder[lastLeftGroupsOrderIdx];
leftGroupsOrder[lastLeftGroupsOrderIdx] =
leftGroupsOrder[nextLeftGroupsOrderIdx];
leftGroupsOrder[nextLeftGroupsOrderIdx] = temp;
}
// Decrement the number of unprocessed groups.
lastLeftGroupsOrderIdx--;
}
}
// Convert password characters into a string and return the result.
return(new string(password));
}
public RngWrapper(CspParameters cspParams)
{
this._wrapped = new RNGCryptoServiceProvider(cspParams);
}
/// <summary>
/// Next Bytes given initial buffer
/// </summary>
/// <param name="buf">byte array buffer</param>
public virtual void NextBytes(byte[] buf)
{
using (var rng = new RNGCryptoServiceProvider()) rng.GetNonZeroBytes(buf);
}
protected void btn_changePassword_Click(object sender, EventArgs e)
{
string old_pwd = HttpUtility.HtmlEncode(tb_old_password.Text.ToString().Trim());
string new_pwd = HttpUtility.HtmlEncode(tb_password.Text.ToString().Trim());
System.Diagnostics.Debug.WriteLine("old password: "******"new password: "******"LoggedIn"].ToString();
SHA512Managed hashing = new SHA512Managed();
string dbHash = getDBHash(email);
string dbSalt = getDBSalt(email);
try
{
if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0)
{
string pwdWithSalt = old_pwd + dbSalt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
string userHash = Convert.ToBase64String(hashWithSalt);
if (userHash.Equals(dbHash))
{
System.Diagnostics.Debug.WriteLine("Old Password Matches Password in Database");
//string new_pwd = HttpUtility.HtmlEncode(tb_password.Text.ToString().Trim());
//Server Side Check making sure password does indeed meet all the complexity requirements stated in "Password Complexity Requirements"
if ((new_pwd.Length >= 12) && (Regex.IsMatch(new_pwd, "[a-z]")) && (Regex.IsMatch(new_pwd, "[A-Z]")) && (Regex.IsMatch(new_pwd, "[0-9]")) && (Regex.IsMatch(new_pwd, "[^a-zA-Z0-9]")))
{
//lbl_testing.Text = "success";
System.Diagnostics.Debug.WriteLine("success");
//SqlConnection connection = new SqlConnection(SITCONNECTDBConnectionString);
//string sql = "update Account SET PasswordHash=@PASSWORDHASH, PasswordSalt=@PASSWORDSALT, IV=@IV, Key=@KEY WHERE Email=@EMAIL";
//SqlCommand cmd = new SqlCommand(sql, connection);
//cmd.Parameters.AddWithValue("@EMAIL", email);
//Generate random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed hashing2 = new SHA512Managed();
string pwdWithSalt2 = new_pwd + salt;
byte[] plainHash = hashing2.ComputeHash(Encoding.UTF8.GetBytes(new_pwd));
byte[] hashWithSalt2 = hashing2.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt2));
finalHash = Convert.ToBase64String(hashWithSalt2);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
//SqlConnection connection = new SqlConnection(SITCONNECTDBConnectionString);
//string sql = "update Account SET PasswordHash=@PASSWORDHASH, PasswordSalt=@PASSWORDSALT, IV=@IV, Key=@KEY WHERE Email=@EMAIL";
//SqlCommand cmd = new SqlCommand(sql, connection);
//cmd.Parameters.AddWithValue("@EMAIL", email);
updatePassword();
Response.Redirect("Default.aspx", false);
//MyDBServiceReference.Service1Client client = new MyDBServiceReference.Service1Client();
//int result = client.CreateEmployee(tbNric.Text, tbName.Text, dob, ddlDept.Text, wage);
}
else
{
//lbl_testing.Text = "your new password does not meet password requirements";
System.Diagnostics.Debug.WriteLine("your new password does not meet password requirements");
}
}
}
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
finally { }
System.Diagnostics.Debug.WriteLine("Password changed successfully");
Response.Redirect("Default.aspx");
}
else
{
System.Diagnostics.Debug.WriteLine("New Password cannot be the same as Old Password!");
Page.Response.Redirect(Page.Request.Url.ToString(), true);
}
}
protected void btn_Submit_Click(object sender, EventArgs e)
{
string confirmpassword = tb_ConfirmPass.Text.ToString().Trim();
string email = (string)Session["LoggedIn"];
string newpass = HttpUtility.HtmlEncode(tb_NewPassword.Text.ToString().Trim());
SHA512Managed hashing = new SHA512Managed();
string dbHash = getDBHash(email);
string dbSalt = getDBSalt(email);
string dbHash2 = getDBHash2(email);
string dbSalt2 = getDBSalt2(email);
string dbHash3 = getDBHash3(email);
string dbSalt3 = getDBSalt3(email);
string pwdSalt = newpass + dbSalt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdSalt));
string userHash = Convert.ToBase64String(hashWithSalt);
string pwdSalt2 = newpass + dbSalt2;
byte[] hashWithSalt2 = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdSalt2));
string userHash2 = Convert.ToBase64String(hashWithSalt2);
string pwdSalt3 = newpass + dbSalt3;
byte[] hashWithSalt3 = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdSalt3));
string userHash3 = Convert.ToBase64String(hashWithSalt3);
try
{
if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0)
{
//checking if passwordhash2 and passwordsalt2 is empty | Add new pass into passwordhash2 and passwordsalt2
if (dbSalt2 == null && dbHash2 == null)
{
//************* Start of making new password into database **************
//Continue with adding the new password
bool validinput = ValidateInput();
if (validinput)
{
if (dbSalt3 == null && dbHash3 == null)
{
if (confirmpassword == newpass)
{
//Generating random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed newhashing = new SHA512Managed();
string pwdWithSalt = newpass + salt;
byte[] plainHash = newhashing.ComputeHash(Encoding.UTF8.GetBytes(newpass));
byte[] hashAndSalt = newhashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashAndSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
updatePassAge(email);
int updateresult = updatePassword2(email);
if (updateresult == 1)
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["Authtoken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
ClientScript.RegisterStartupScript(this.GetType(), "randomtext", "alertSuccess()", true);
}
}
else
{
lb_ConfirmPassError.Visible = true;
lb_ConfirmPassError.Text = "Does not match with New Password!";
lb_ConfirmPassError.ForeColor = Color.Red;
}
}
else
{
if (dbHash != userHash && dbHash3 != userHash3)
{
if (confirmpassword == newpass)
{
//Generating random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed newhashing = new SHA512Managed();
string pwdWithSalt = newpass + salt;
byte[] plainHash = newhashing.ComputeHash(Encoding.UTF8.GetBytes(newpass));
byte[] hashAndSalt = newhashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashAndSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
updatePassAge(email);
int updateresult = updatePassword2(email);
if (updateresult == 1)
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["Authtoken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
ClientScript.RegisterStartupScript(this.GetType(), "randomtext", "alertSuccess()", true);
}
}
else
{
lb_ConfirmPassError.Visible = true;
lb_ConfirmPassError.Text = "Does not match with New Password!";
lb_ConfirmPassError.ForeColor = Color.Red;
}
}
else
{
lb_NewPassError.Visible = true;
lb_NewPassError.Text = "Your password cannot be the same as your last 2 ones!";
lb_NewPassError.ForeColor = Color.Red;
}
}
}
}
else
{
if (dbSalt3 == null && dbHash3 == null)
{
//************* Start of making new password into database **************
//Continue with adding the new password
bool validinput = ValidateInput();
if (validinput)
{
if (userHash2 != dbHash2 && userHash != dbHash)
{
if (confirmpassword == newpass)
{
//Generating random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed newhashing = new SHA512Managed();
string pwdWithSalt = newpass + salt;
byte[] plainHash = newhashing.ComputeHash(Encoding.UTF8.GetBytes(newpass));
byte[] hashAndSalt = newhashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashAndSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
updatePassAge(email);
int updateresult = updatePassword3(email);
if (updateresult == 1)
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["Authtoken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
ClientScript.RegisterStartupScript(this.GetType(), "randomtext", "alertSuccess()", true);
}
}
else
{
lb_ConfirmPassError.Visible = true;
lb_ConfirmPassError.Text = "Does not match with New Password!";
lb_ConfirmPassError.ForeColor = Color.Red;
}
}
else
{
lb_NewPassError.Visible = true;
lb_NewPassError.Text = "Your password cannot be the same as your old one!";
lb_NewPassError.ForeColor = Color.Red;
}
}
}
else
{
//************* Start of making new password into database **************
//Continue with adding the new password
bool validinput = ValidateInput();
if (validinput)
{
if (userHash2 != dbHash2 && userHash3 != dbHash3)
{
if (confirmpassword == newpass)
{
//Generating random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed newhashing = new SHA512Managed();
string pwdWithSalt = newpass + salt;
byte[] plainHash = newhashing.ComputeHash(Encoding.UTF8.GetBytes(newpass));
byte[] hashAndSalt = newhashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashAndSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
updatePassAge(email);
int updateresult = updatePassword(email);
if (updateresult == 1)
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
makePassNull(email);
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["Authtoken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
ClientScript.RegisterStartupScript(this.GetType(), "randomtext", "alertSuccess()", true);
}
}
else
{
lb_ConfirmPassError.Visible = true;
lb_ConfirmPassError.Text = "Does not match with New Password!";
lb_ConfirmPassError.ForeColor = Color.Red;
}
}
else
{
lb_NewPassError.Visible = true;
lb_NewPassError.Text = "Your password cannot be the same as your old one!";
lb_NewPassError.ForeColor = Color.Red;
}
}
}
}
}
}
catch (Exception ex)
{
throw new HttpException(400, ex.ToString());
}
finally { }
}
private byte[] Decrypt(byte[] buffer, Encryption encryption, byte[] iv = null, byte[] salt = null, string password = null)
{
if (buffer is null)
{
throw new ArgumentNullException(nameof(buffer));
}
if (encryption == Encryption.Password)
{
if (iv is null)
{
throw new ArgumentNullException(nameof(iv));
}
if (salt is null)
{
throw new ArgumentNullException(nameof(salt));
}
if (string.IsNullOrEmpty(password))
{
PasswordRequiredEventArgs e = new PasswordRequiredEventArgs();
PasswordRequired?.Invoke(this, e);
if (string.IsNullOrEmpty(e.Password))
{
throw new ArgumentException("Password cannot be empty or null.", nameof(password));
}
else
{
password = e.Password;
}
}
}
byte[] plainText = new byte[buffer.Length];
buffer.CopyTo(plainText, 0);
if (encryption == Encryption.Password)
{
using var random = RNGCryptoServiceProvider.Create();
using Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes(password, salt, KeyDerivationIterations, HashAlgorithmName.SHA512);
Aes aes;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
aes = new AesCng();
}
else
{
aes = new AesManaged();
}
aes.Key = deriveBytes.GetBytes(aes.KeySize / 8);
aes.IV = iv;
using var decryptor = aes.CreateDecryptor();
plainText = decryptor.TransformFinalBlock(plainText, 0, plainText.Length);
aes.Dispose();
}
else if (encryption == Encryption.LocalMachine)
{
plainText = ProtectedData.Unprotect(plainText, null, DataProtectionScope.LocalMachine);
}
else if (encryption == Encryption.CurrentUser)
{
plainText = ProtectedData.Unprotect(plainText, null, DataProtectionScope.CurrentUser);
}
return(plainText);
}
public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
{
if (value is null)
{
throw new ArgumentNullException(nameof(value));
}
MessageClientIdentity clientIdent = (MessageClientIdentity)value;
JObject jObject = new JObject();
jObject.Add(nameof(MessageClientIdentity.SystemName), clientIdent.SystemName);
jObject.Add(nameof(MessageClientIdentity.Name), clientIdent.Name);
ECParameters parms = clientIdent.ECDiffieHellman.ExportParameters(_savePrivateKey);
if (!parms.Curve.IsNamed)
{
throw new NotImplementedException();
}
jObject.Add("CurveOid", parms.Curve.Oid.Value);
if (parms.D != null && _savePrivateKey)
{
byte[] privateKey = parms.D;
if (_encryptionType == Encryption.Password)
{
using var random = RNGCryptoServiceProvider.Create();
byte[] salt = new byte[SaltSize];
random.GetBytes(salt);
using Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes(_password, salt, KeyDerivationIterations, HashAlgorithmName.SHA512);
Aes aes;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
aes = new AesCng();
}
else
{
aes = new AesManaged();
}
aes.Key = deriveBytes.GetBytes(aes.KeySize / 8);
jObject.Add("Salt", salt);
jObject.Add("IV", aes.IV);
using var encryptor = aes.CreateEncryptor();
privateKey = encryptor.TransformFinalBlock(privateKey, 0, privateKey.Length);
aes.Dispose();
}
else if (_encryptionType == Encryption.LocalMachine)
{
privateKey = ProtectedData.Protect(privateKey, null, DataProtectionScope.LocalMachine);
}
else if (_encryptionType == Encryption.CurrentUser)
{
privateKey = ProtectedData.Protect(privateKey, null, DataProtectionScope.CurrentUser);
}
jObject.Add("Encryption", _encryptionType.ToString());
jObject.Add("D", privateKey);
}
jObject.Add("Q.X", parms.Q.X);
jObject.Add("Q.Y", parms.Q.Y);
jObject.Add("Hash", clientIdent.IdentityHash);
jObject.WriteTo(writer);
}
/// <summary>
/// Constructor for byte key
/// </summary>
/// <param name="cipherKey">Cipher key as a byte array</param>
public CryptoBlowFish(byte[] cipherKey)
{
randomSource = new RNGCryptoServiceProvider();
SetupKey(cipherKey);
}
public RngWrapper(string str)
{
this._wrapped = new RNGCryptoServiceProvider(str);
}
/// <summary>
/// Constructor for hex key
/// </summary>
/// <param name="hexKey">Cipher key as a hex string</param>
public CryptoBlowFish(string hexKey)
{
randomSource = new RNGCryptoServiceProvider();
SetupKey(HexToByte(hexKey));
}
/// <summary>
/// Generates a hash for the given plain text value and returns a
/// base64-encoded result. Before the hash is computed, a random salt
/// is generated and appended to the plain text. This salt is stored at
/// the end of the hash value, so it can be used later for hash
/// verification.
/// </summary>
/// <param name="plainText">
/// Plaintext value to be hashed. The function does not check whether
/// this parameter is null.
/// </param>
/// <param name="hashAlgorithm">
/// Name of the hash algorithm. Allowed values are: "MD5", "SHA1",
/// "SHA256", "SHA384", and "SHA512" (if any other value is specified
/// MD5 hashing algorithm will be used). This value is case-insensitive.
/// </param>
/// <param name="saltBytes">
/// Salt bytes. This parameter can be null, in which case a random salt
/// value will be generated.
/// </param>
/// <returns>
/// Hash value formatted as a base64-encoded string.
/// </returns>
public static string ComputeHash(string plainText,
string hashAlgorithm,
byte[] saltBytes)
{
// If salt is not specified, generate it on the fly.
if (saltBytes == null)
{
// Define min and max salt sizes.
int minSaltSize = 4;
int maxSaltSize = 8;
// Generate a random number for the size of the salt.
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);
// Allocate a byte array, which will hold the salt.
saltBytes = new byte[saltSize];
// Initialize a random number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
// Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes);
}
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// Allocate array, which will hold plain text and salt.
byte[] plainTextWithSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];
// Copy plain text bytes into resulting array.
for (int i = 0; i < plainTextBytes.Length; i++)
{
plainTextWithSaltBytes[i] = plainTextBytes[i];
}
// Append salt bytes to the resulting array.
for (int i = 0; i < saltBytes.Length; i++)
{
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
}
// Because we support multiple hashing algorithms, we must define
// hash object as a common (abstract) base class. We will specify the
// actual hashing algorithm class later during object creation.
HashAlgorithm hash;
// Make sure hashing algorithm name is specified.
if (hashAlgorithm == null)
{
hashAlgorithm = "";
}
// Initialize appropriate hashing algorithm class.
switch (hashAlgorithm.ToUpper())
{
case "SHA1":
hash = new SHA1Managed();
break;
case "SHA256":
hash = new SHA256Managed();
break;
case "SHA384":
hash = new SHA384Managed();
break;
case "SHA512":
hash = new SHA512Managed();
break;
default:
hash = new MD5CryptoServiceProvider();
break;
}
// Compute hash value of our plain text with appended salt.
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);
// Create array which will hold hash and original salt bytes.
byte[] hashWithSaltBytes = new byte[hashBytes.Length +
saltBytes.Length];
// Copy hash bytes into resulting array.
for (int i = 0; i < hashBytes.Length; i++)
{
hashWithSaltBytes[i] = hashBytes[i];
}
// Append salt bytes to the result.
for (int i = 0; i < saltBytes.Length; i++)
{
hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];
}
// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(hashWithSaltBytes);
// Return the result.
return(hashValue);
}
public ActionResult Create(groupsModel gModel, HttpPostedFileBase file)
{
var user = Session["User"] as Users;
var group = new Groups();
var manager = new Manager();
if (!ModelState.IsValid)
{
return(View("Create"));
}
group.groupName = gModel.groupName;
char[] chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890".ToCharArray();
byte[] data = new byte[8];
using (RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider())
{
crypto.GetBytes(data);
}
StringBuilder code = new StringBuilder(8);
foreach (byte b in data)
{
code.Append(chars[b % (chars.Length)]);
}
string cod = code.ToString();
var test = db.Groups.FirstOrDefault(g => g.groupCode == cod);
if (test == null)
{
group.groupCode = code.ToString();
}
else
{
TempData["msg"] = "<script>alert('İşlem sırasında beklenmedik bir hata oluştu.')</script>";
return(RedirectToAction("Index", "Home"));
}
if (file != null && file.ContentLength > 0)
{
string fileName = Path.GetFileName(file.FileName);
string imgPath = Path.Combine(Server.MapPath("~/Group_Images/"), fileName);
file.SaveAs(imgPath);
group.groupImageUrl = "/Group_Images/" + file.FileName;
}
else if (file == null)
{
group.groupImageUrl = "/Group_Images/default.png";
}
var control = db.Manager.FirstOrDefault(c => c.userFk == user.userId);
if (control == null)
{
manager.managerNameSurname = user.userNameSurname;
manager.userFk = user.userId;
db.Manager.Add(manager);
db.SaveChanges();
group.managerFk = manager.managerId;
}
else
{
group.managerFk = control.managerId;
}
db.Groups.Add(group);
db.SaveChanges();
db.spAddUserGroups(user.userId, group.groupId);
db.SaveChanges();
return(RedirectToAction("Index", "Home"));
}
public void Test2()
{
TableServerData tsd = new TableServerData("0");
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
MemBlock[] addresses = new MemBlock[100];
byte[] value = new byte[20];
rng.GetBytes(value);
DateTime now = DateTime.UtcNow;
DateTime lease_end = now.AddMinutes(1);
for (int i = 0; i < addresses.Length; i++)
{
addresses[i] = (new AHAddress(rng)).ToMemBlock();
tsd.AddEntry(new Entry(addresses[i], value, now, lease_end));
}
AHAddress start = new AHAddress(rng);
AHAddress end = new AHAddress(rng);
LinkedList <MemBlock> keys_se = tsd.GetKeysBetween(start, end);
LinkedList <MemBlock> keys_es = tsd.GetKeysBetween(end, start);
String output = " - " + start + ":" + end;
if (start.IsLeftOf(end))
{
foreach (MemBlock address in addresses)
{
AHAddress addr = new AHAddress(address);
if (addr.IsLeftOf(end) && addr.IsRightOf(start))
{
Assert.IsTrue(keys_se.Contains(address), addr + " in lse" + output);
Assert.IsTrue(keys_es.Contains(address), addr + " in les" + output);
}
else
{
Assert.IsFalse(keys_se.Contains(address), addr + " out lse" + output);
Assert.IsFalse(keys_es.Contains(address), addr + " out les" + output);
}
}
}
else
{
foreach (MemBlock address in addresses)
{
AHAddress addr = new AHAddress(address);
if (addr.IsLeftOf(start) && addr.IsRightOf(end))
{
Assert.IsTrue(keys_se.Contains(address), addr + " in rse" + output);
Assert.IsTrue(keys_es.Contains(address), addr + " in res" + output);
}
else
{
Assert.IsFalse(keys_se.Contains(address), addr + " out rse" + output);
Assert.IsFalse(keys_es.Contains(address), addr + " out res" + output);
}
}
}
LinkedList <MemBlock> keys = tsd.GetKeys();
foreach (MemBlock addr in addresses)
{
Assert.IsTrue(keys.Contains(addr), "keys does not contain: " + (new AHAddress(addr)));
}
}
public static byte[] GetRandomBytes(int length)
{
byte[] ba = new byte[length];
RNGCryptoServiceProvider.Create().GetBytes(ba);
return(ba);
}
public static bool nativeGenerateSeed(byte[] result)
{
try
{
RNGCryptoServiceProvider csp = new RNGCryptoServiceProvider();
csp.GetBytes(result);
return true;
}
catch (CryptographicException)
{
return false;
}
}
private byte[] pad_rng_seq(RNGCryptoServiceProvider rng, Random r)
{
byte[] b = new byte[r.Next(global::et.PadSettings.RANDOM_SEQUENCE_BOUND_LOW, global::et.PadSettings.RANDOM_SEQUENCE_BOUND_HIGH)];
rng.GetBytes(b);
return(b);
}
public HMAC()
{
// Create the hash
hash = MD5.Create();
// Set HashSizeValue
HashSizeValue = hash.HashSize;
// Generate a radom key
byte[] rgbKey = new byte[64];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(rgbKey);
KeyValue = (byte[])rgbKey.Clone();
this.Initialize();
}
public void populate(RNGCryptoServiceProvider r)
{
salt = new Tools.ByValData.ByValFixedByteArray16();
salt.data = new byte[16];
r.GetBytes(salt.data);
}
