/// <summary> /// Used by the client to autenticate using Private Key Authentication. /// </summary> /// <param name="domainId"></param> /// <param name="memberId"></param> /// <param name="baseUrl"></param> /// <returns></returns> public static bool AuthenticateWithPPK(string domainId, string memberId, string baseUrl) { try { Store store = Store.GetStore(); Domain domain = store.GetDomain(domainId); Member member = domain.GetMemberByID(memberId); WebState webState = new WebState(domainId); // Get the challenge and sign it with the Private Key to use as a one time password. string url = baseUrl + "/Login.ashx?" + NonceKey + "=Get"; HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url); webState.InitializeWebRequest(request, domain.ID); request.ContentType = "application/octet-stream"; request.Method = "GET"; HttpWebResponse response = (HttpWebResponse)request.GetResponse(); request.CookieContainer.Add(response.Cookies); if (response.StatusCode != HttpStatusCode.OK) { CookieCollection cc = request.CookieContainer.GetCookies(new Uri(url)); foreach (Cookie cookie in cc) { cookie.Expired = true; } return(false); } string nonce = response.Headers.Get(NonceKey); if (nonce != null) { byte[] bChallenge = Nonce.GetBytes(nonce); byte[] signed = store.CurrentUser.GetDomainCredential(domain.ID).SignData(bChallenge, new SHA1CryptoServiceProvider()); // Now authenticate using signed data url = baseUrl + "/Login.ashx?" + PpkAuthKey + "=" + member.UserID; request = (HttpWebRequest)WebRequest.Create(url); webState.InitializeWebRequest(request, domain.ID); request.ContentType = "application/octet-stream"; request.Method = "POST"; request.Headers.Add(Simias.Security.Web.AuthenticationService.Login.DomainIDHeader, domain.ID); Stream rStream = request.GetRequestStream(); rStream.Write(signed, 0, signed.Length); rStream.Close(); response = (HttpWebResponse)request.GetResponse(); } } catch { return(false); } return(true); }
public void EncryptWithADTestWithPlainText() { String key = "908b166535c01a935cf1e130a5fe895ab4e6f3ef8855d87e9b7581c4ab663ddc"; String additionalData = "90578e247e98674e661013da3c5c1ca6a8c8f48c90b485c0dfa1494e23d56d72"; String plaintext = "034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa"; String expectedCipherResult = "b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c3822"; Nonce nonce = new Nonce(); nonce.Increment(); (byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), plaintext.HexToByteArray()); Assert.Equal(expectedCipherResult, actualCipherText.ToHex() + mac.ToHex()); }
public void EncryptWithADTestWithoutPlainTextMacTest() { String key = "e68f69b7f096d7917245f5e5cf8ae1595febe4d4644333c99f9c4a1282031c9f"; String additionalData = "9e0e7de8bb75554f21db034633de04be41a2b8a18da7a319a03c803bf02b396c"; String expectedCipherResult = "0df6086551151f58b8afe6c195782c6a"; Nonce nonce = new Nonce(); (byte[] actualCipherText, byte[] mac) = ChaCha20Poly1305.EncryptWithAdditionalData(key.HexToByteArray(), nonce.GetBytes(), additionalData.HexToByteArray(), new byte[0]); Assert.Equal(new byte[0], actualCipherText); Assert.Equal(expectedCipherResult, mac.ToHex()); }
/// <summary> /// Used by server to validate the signature using PPK. /// </summary> /// <param name="domainId"></param> /// <param name="memberId"></param> /// <param name="signed"></param> /// <param name="ctx"></param> static public void VerifyWithPPK(string domainId, string memberId, byte[] signed, HttpContext ctx) { Simias.Authentication.Session simiasSession; Simias.Storage.Domain domain = null; Simias.Storage.Member member = null; Store store = Store.GetStore(); ctx.Response.Cache.SetCacheability(HttpCacheability.NoCache); domain = store.GetDomain(domainId); if (domain == null) { ctx.Response.StatusCode = 500; ctx.Response.StatusDescription = "Invalid Domain"; ctx.ApplicationInstance.CompleteRequest(); return; } member = domain.GetMemberByID(memberId); if (member == null) { ctx.Response.StatusCode = 500; ctx.Response.StatusDescription = "Invalid Member"; ctx.ApplicationInstance.CompleteRequest(); return; } if (ctx.Session == null) { // Must have a session. ctx.Response.StatusCode = 401; ctx.Response.AddHeader( "WWW-Authenticate", String.Concat("Basic realm=\"", domain.Name, "\"")); ctx.ApplicationInstance.CompleteRequest(); return; } simiasSession = ctx.Session[sessionTag] as Simias.Authentication.Session; if (simiasSession != null) { ctx.User = simiasSession.User; } if (ctx.User.Identity.IsAuthenticated == false) { // Validate signature. string nonce = (string)ctx.Session[NonceKey]; byte[] nonceBytes = Nonce.GetBytes(nonce); if (member.PublicKey.VerifyData(nonceBytes, new SHA1CryptoServiceProvider(), signed)) { simiasSession = new Simias.Authentication.Session(); simiasSession.MemberID = member.UserID; simiasSession.Requests++; ctx.Session[sessionTag] = simiasSession; // Setup a principal simiasSession.User = new GenericPrincipal( new GenericIdentity( member.UserID, PpkType), hostRoles); ctx.User = simiasSession.User; Thread.CurrentPrincipal = ctx.User; // Set the last login time for the user. SetLastLoginTime(domain, member); } else { // Failed ctx.Response.StatusCode = 401; ctx.Response.AddHeader( "WWW-Authenticate", String.Concat("Basic realm=\"", domain.Name, "\"")); ctx.ApplicationInstance.CompleteRequest(); return; } } else { simiasSession.Requests++; Thread.CurrentPrincipal = ctx.User; member = domain.GetMemberByID(simiasSession.MemberID); } }