/// <summary>
/// - Gets specific encrypted source file from server.
/// - Encryption and Decription using AES symetric and commonSecret derived from EC Diffie-Helman key Exchange
/// - Decrypts source files
/// - verifies digital signature of source code
/// </summary>
/// <param name="sourceFileInfo">the file to get</param>
/// <returns>verified and decrypted source file or null if operation unsuccessfull</returns>
private string DecryptSourceFromServer(SourceFileInfo sourceFileInfo)
{
byte[] dhClientPublic;
byte[] dhClientPrivate;
_keyGen.GenerateKeyPair(out dhClientPrivate, out dhClientPublic);
string uri = (TroubleShooterClient.SERVICE_PATH + "/source");
ProtectedSourceRequest request = new ProtectedSourceRequest()
{
DhClientPublic = dhClientPublic, FileName = sourceFileInfo.FileName
};
HttpResponseMessage response = _client.PostAsJsonAsync(uri, request).GetAwaiter().GetResult();
if (response.IsSuccessStatusCode)
{
ProtectedSource source = response.Content.ReadAsAsync <ProtectedSource>().GetAwaiter().GetResult();
byte[] sharedSecret = _diffieHelman.SharedSecret(dhClientPrivate, source.DhPublicServer);
string decryptedSource = AesHandler.DecryptStringFromBytes_Aes(source.SourceCode, sharedSecret);
if (_verifier.VerifySignature(decryptedSource, source.Signature, _signatureKey))
{
return(decryptedSource);
}
else
{
return(null);
}
}
return(null);
}
public void LoadPakFileStructure(PakBinaryReader reader, int version, string aesKey)
{
var startOffset = version >= 8 ? -204 : -44;
reader.BaseStream.Seek(startOffset, SeekOrigin.End);
Archive = reader.ReadPakInfo();
reader.BaseStream.Seek(Archive.DataSize, SeekOrigin.Begin);
var readerToUse = reader;
if (aesKey != null)
{
var soapHex = SoapHexBinary.Parse(aesKey);
var fileTree = reader.ReadBytes((int)Archive.FileTreeSize);
var decryptedFileTree = AesHandler.DecryptAes(fileTree, soapHex.Value);
var memoryStream = new MemoryStream(decryptedFileTree);
var memoryReader = new PakBinaryReader(memoryStream);
readerToUse = memoryReader;
}
Archive.Directory = readerToUse.ReadPakDirectory();
for (int i = 0; i < Archive.Directory.NumberOfEntries; i++)
{
var currentEntry = readerToUse.ReadDirectoryLevelPakEntry();
Archive.Directory.Entries.Add(currentEntry);
if (i > 0)
{
var previousEntry = Archive.Directory.Entries[i - 1];
var realEntrySize = currentEntry.Offset - previousEntry.Offset;
previousEntry.Padded = currentEntry.Offset % 2048 == 0;
previousEntry.NextOffset = currentEntry.Offset;
previousEntry.RealSize = realEntrySize;
}
}
if (aesKey != null)
{
readerToUse.Close();
}
var compressionTypes = Archive.Directory.Entries.Select(entry => entry.CompressionType).Distinct();
var encryptionTyoes = Archive.Directory.Entries.Select(entry => entry.EncryptionType).Distinct();
var paddedUncompressed = Archive.Directory.Entries.Where(entry => entry.CompressionType == 0 && entry.Padded).OrderBy(entry => entry.UncompressedSize);
var unpaddedUncompressed = Archive.Directory.Entries.Where(entry => entry.CompressionType == 0 && entry.Padded == false).OrderBy(entry => entry.UncompressedSize);
}
public void SimpleEncryptionTest()
{
var aes = new AesHandler();
var aesKey = new byte[16];
var aesIV = new byte[16];
var message = "This is a test message that has some stuff in it";
var rng = new RNGCryptoServiceProvider();
rng.GetBytes(aesKey);
rng.GetBytes(aesIV);
var encryptedBytes = aes.Encrypt(aesKey, aesIV, Encoding.UTF8.GetBytes(message));
var decryptedBytes = aes.Decrypt(aesKey, aesIV, encryptedBytes);
Assert.AreEqual(message, Encoding.UTF8.GetString(decryptedBytes));
}
public ProtectedSource Get([FromBody] ProtectedSourceRequest request)
{
//read source code
string sourceCode = System.IO.File.ReadAllText(Path.Combine(SOURCE_FILES_DIR, request.FileName));
//generate key pair and derive shared secret
byte[] dhServerPublic;
byte[] dhServerPrivate;
keyGen.GenerateKeyPair(out dhServerPrivate, out dhServerPublic);
byte[] sharedSecret = diffieHelman.SharedSecret(dhServerPrivate, request.DhClientPublic);
//send encrypted and signed source back to client;
//send also servers public key so client can derive common secret
return(new ProtectedSource()
{
SourceCode = AesHandler.EncryptStringToBytes_Aes(sourceCode, sharedSecret),
DhPublicServer = dhServerPublic,
Signature = signatureMaker.Signature(sourceCode, signatureKey)
});
}
public static void Main(string[] args)
{
ISqrlSigner signer = new SqrlSigner();
IPbkdfHandler pbkdfHandler = new PbkdfHandler();
IHmacGenerator hmac = new HmacGenerator();
ISqrlClient client = new SqrlClient(pbkdfHandler, hmac, signer);
IAesHandler aesHandler = new AesHandler();
ISqrlServer server = new SqrlServer(signer, aesHandler);
ISsssHandler ssss = new SsssHandler();
var rng = new RNGCryptoServiceProvider();
byte theByte = 0;
while (true)
{
var secret = new byte[1];
//rng.GetBytes(secret);
secret[0] = theByte;
var shares = ssss.Split(secret, 3, 4);
var subset = new Dictionary <int, byte[]>();
subset[1] = shares[1];
subset[2] = shares[2];
//subset[3] = shares[3];
subset[4] = shares[4];
//subset[5] = shares[5];
//subset[6] = shares[6];
//subset[7] = shares[7];
//subset[8] = shares[8];
//subset[9] = shares[9];
//subset[10] = shares[10];
//subset[11] = shares[11];
//subset[12] = shares[12];
//subset[13] = shares[13];
//subset[14] = shares[14];
//subset[15] = shares[15];
//subset[16] = shares[16];
//subset[17] = shares[17];
//subset[18] = shares[18];
//subset[19] = shares[19];
//subset[20] = shares[20];
//subset[21] = shares[21];
//subset[22] = shares[22];
//subset[23] = shares[23];
//subset[24] = shares[24];
//subset[25] = shares[25];
var reconstructedSecret = ssss.Restore(subset);
if (!secret.SequenceEqual(reconstructedSecret))
{
Console.WriteLine("the byte: {0}", theByte);
foreach (var share in shares)
{
Console.WriteLine("{0}-{1}", share.Key, BitConverter.ToString(share.Value).Replace("-", ""));
}
Console.WriteLine("{0}", Convert.ToBase64String(secret));
Console.WriteLine("{0}", Convert.ToBase64String(reconstructedSecret));
break;
}
theByte++;
if (theByte == 0)
{
Console.WriteLine("Success!");
break;
}
}
Console.Write("Password: "******"Password verified");
}
var nutData = new NutData
{
Address = IPAddress.Parse("172.8.92.254"),
Timestamp = DateTime.UtcNow,
Counter = 4,
Entropy = new byte[4]
};
var aesKey = new byte[16];
var aesIV = new byte[16];
rng.GetBytes(aesKey);
rng.GetBytes(aesIV);
var nut = HttpServerUtility.UrlTokenEncode(server.GenerateNut(aesKey, aesIV, nutData));
var protocol = "sqrl://";
var urlBase = "www.example.com/sqrl/";
var url = string.Format("{0}{1}{2}", protocol, urlBase, nut);
var sqrlData = client.GetSqrlDataForLogin(identity.MasterIdentityKey, password, identity.Salt, url);
var decryptedSignature = signer.Verify(sqrlData.PublicKey, sqrlData.Signature);
// This is the data that the client passes to the server
Console.WriteLine("Url: {0}", sqrlData.Url);
Console.WriteLine("Public Key: {0}", Convert.ToBase64String(sqrlData.PublicKey));
Console.WriteLine("Signature: {0}", Convert.ToBase64String(sqrlData.Signature));
Console.WriteLine("Decrypted Signature: {0}", Encoding.UTF8.GetString(decryptedSignature));
Console.WriteLine();
Console.WriteLine("=========== Server ===========");
// The server will verify that the data sent from the client matches what is expected
Console.WriteLine("Verified by server: {0}", server.VerifySqrlRequest(sqrlData, string.Format("{0}{1}", urlBase, nut)));
}
