private EncryptedRequest EncryptCheckPasswordRequest(CheckPasswordRequest checkPasswordRequest) { var encryptedRequest = new EncryptedRequest(); try { var clearText = SimpleJson.SerializeObject(checkPasswordRequest); var nonce = PublicKeyBox.GenerateNonce(); var cipher = PublicKeyBox.Create(Encoding.UTF8.GetBytes(clearText), nonce, EncryptionKeyPair.PrivateKey, Utilities.HexToBinary(ServerEncryptionPublicKeyHex)); encryptedRequest.PublicKey = Utilities.BinaryToHex(EncryptionKeyPair.PublicKey); encryptedRequest.Ciphertext = Utilities.BinaryToHex(cipher); encryptedRequest.Nonce = Utilities.BinaryToHex(nonce); } catch (Exception) { } return encryptedRequest; }
/// <summary> /// Method to check a password. /// </summary> /// <param name="password"></param> /// <param name="passwordFormatType"></param> /// <returns></returns> public CheckPasswordResponse CheckPassword(byte[] password, PasswordFormatType passwordFormatType = PasswordFormatType.Blake2b) { var request = new RestRequest("/CheckPassword/", Method.POST) { RequestFormat = DataFormat.Json }; var passwordRequest = new CheckPasswordRequest(); switch (passwordFormatType) { case PasswordFormatType.Cleartext: passwordRequest = (new CheckPasswordRequest {Cleartext = Encoding.UTF8.GetString(password)}); break; case PasswordFormatType.Blake2b: passwordRequest = (new CheckPasswordRequest { Blake2b = Encoding.UTF8.GetString(password) }); break; case PasswordFormatType.Sha512: passwordRequest = (new CheckPasswordRequest { Sha512 = Encoding.UTF8.GetString(password) }); break; } // encrypt the request request.AddBody(EncryptCheckPasswordRequest(passwordRequest)); // sign the request request = AddHeaders(request); try { var response = _restClient.Execute<EncryptedResponse>(request); if (response.StatusCode == HttpStatusCode.OK) { var responseNonce = response.Headers.SingleOrDefault(h => h.Name.Equals("X-Nonce")); var responsePublic = response.Headers.SingleOrDefault(h => h.Name.Equals("X-Public")); var responseSignature = response.Headers.SingleOrDefault(h => h.Name.Equals("X-Signature")); if ((responseNonce != null) && (responsePublic != null) && (responseSignature != null)) { // validate the response signature if (PublicKeyAuth.VerifyDetached(Utilities.HexToBinary(responseSignature.Value.ToString()), GenericHash.Hash(Utilities.HexToBinary(responseNonce.Value.ToString()), null, 64), Utilities.HexToBinary(ServerSignaturePublicKeyHex))) { return DecryptCheckPasswordResponse(response.Data); } } } } catch (Exception) { } return new CheckPasswordResponse(); }