private EncryptedRequest EncryptCheckPasswordRequest(CheckPasswordRequest checkPasswordRequest)
{
var encryptedRequest = new EncryptedRequest();
try
{
var clearText = SimpleJson.SerializeObject(checkPasswordRequest);
var nonce = PublicKeyBox.GenerateNonce();
var cipher = PublicKeyBox.Create(Encoding.UTF8.GetBytes(clearText), nonce, EncryptionKeyPair.PrivateKey,
Utilities.HexToBinary(ServerEncryptionPublicKeyHex));
encryptedRequest.PublicKey = Utilities.BinaryToHex(EncryptionKeyPair.PublicKey);
encryptedRequest.Ciphertext = Utilities.BinaryToHex(cipher);
encryptedRequest.Nonce = Utilities.BinaryToHex(nonce);
}
catch (Exception)
{
}
return encryptedRequest;
}
/// <summary>
/// Method to check a password.
/// </summary>
/// <param name="password"></param>
/// <param name="passwordFormatType"></param>
/// <returns></returns>
public CheckPasswordResponse CheckPassword(byte[] password,
PasswordFormatType passwordFormatType = PasswordFormatType.Blake2b)
{
var request = new RestRequest("/CheckPassword/", Method.POST) { RequestFormat = DataFormat.Json };
var passwordRequest = new CheckPasswordRequest();
switch (passwordFormatType)
{
case PasswordFormatType.Cleartext:
passwordRequest = (new CheckPasswordRequest {Cleartext = Encoding.UTF8.GetString(password)});
break;
case PasswordFormatType.Blake2b:
passwordRequest = (new CheckPasswordRequest { Blake2b = Encoding.UTF8.GetString(password) });
break;
case PasswordFormatType.Sha512:
passwordRequest = (new CheckPasswordRequest { Sha512 = Encoding.UTF8.GetString(password) });
break;
}
// encrypt the request
request.AddBody(EncryptCheckPasswordRequest(passwordRequest));
// sign the request
request = AddHeaders(request);
try
{
var response = _restClient.Execute<EncryptedResponse>(request);
if (response.StatusCode == HttpStatusCode.OK)
{
var responseNonce = response.Headers.SingleOrDefault(h => h.Name.Equals("X-Nonce"));
var responsePublic = response.Headers.SingleOrDefault(h => h.Name.Equals("X-Public"));
var responseSignature = response.Headers.SingleOrDefault(h => h.Name.Equals("X-Signature"));
if ((responseNonce != null) && (responsePublic != null) && (responseSignature != null))
{
// validate the response signature
if (PublicKeyAuth.VerifyDetached(Utilities.HexToBinary(responseSignature.Value.ToString()), GenericHash.Hash(Utilities.HexToBinary(responseNonce.Value.ToString()), null, 64), Utilities.HexToBinary(ServerSignaturePublicKeyHex)))
{
return DecryptCheckPasswordResponse(response.Data);
}
}
}
}
catch (Exception)
{
}
return new CheckPasswordResponse();
}
