public void TestAesEncrypt()
{
uint[] key = new uint[] { 1, 2, 3, 4 };
uint[] data = new uint[] { 5, 6, 7, 8 };
uint[] expected = new uint[] { 0x6A8FC678, 0xF71305CA, 0xACC4BE7, 0x58158314 };
var aes = new Sjcl.Cipher.Aes(key);
uint[] actual = aes.Encrypt(data);
Assert.IsTrue(Utils.CompareTables(expected, actual));
}
public void TestAesCtor()
{
uint[] key = new uint[] { 1, 2, 3, 4 };
uint[][] expected = new uint[][] {
new uint[] {0x1,0x2,0x3,0x4,0x6263F262,0x6263F260,0x6263F263,0x6263F267,0x9BEA77C8,0xF98985A8,0x9BEA77CB,0xF98985AC,0x387DE651,0xC1F463F9,0x5A1E1432,0xA397919E,0xB8FCED5B,0x79088EA2,0x23169A90,0x80810B0E,0xA4D74696,0xDDDFC834,0xFEC952A4,0x7E4859AA,0xD61CEA65,0xBC32251,0xF50A70F5,0x8B42295F,0xBAB92558,0xB17A0709,0x447077FC,0xCF325EA3,0x19E12FD2,0xA89B28DB,0xECEB5F27,0x23D90184,0x379D70F4,0x9F06582F,0x73ED0708,0x5034068C,0x19F214A7,0x86F44C88,0xF5194B80,0xA52D4D0C},
new uint[] {0x19F214A7,0xA52D4D0C,0xF5194B80,0x86F44C88,0x3AA62193,0x4599526,0xEAEEA732,0x58C1582F,0x7873BBE,0xEEB73214,0xB22FFF1D,0x626779BC,0x5590368D,0x5C98CD09,0xD04886A1,0x65E04202,0xF24F44BC,0x8CD04BA8,0xB5A8C4A3,0x3070748F,0x2B3D9421,0x39788F0B,0x85D8B02C,0xC23F3033,0x5C57F60F,0xBCA03F27,0x47E7801F,0xE902A412,0xC4C3E510,0xFB47BF38,0xAEE5240D,0xB555521D,0xA76B02,0x55A29B35,0x1BB07610,0x7196B70D,0x632BCA13,0x4E12ED25,0x6A26C11D,0x7131DC0F,0x1,0x4,0x3,0x2}
};
var aes = new Sjcl.Cipher.Aes(key);
uint[][] actual = aes._key;
Assert.IsTrue(Utils.CompareTables(expected, actual));
}
// convert user-supplied password array
public static uint[] prepare_key(uint[] a)
{
int i, j, r;
var pkey = new uint[] { 0x93C467E3, 0x7DB0C7A4, 0xD1BE3F81, 0x0152CB56 };
for (r = 65536; r-- > 0; )
{
for (j = 0; j < a.Length; j += 4)
{
var key = new uint[] { 0, 0, 0, 0 };
for (i = 0; i < 4; i++)
{
if (i + j < a.Length)
{
key[i] = a[i + j];
}
}
var aes = new Sjcl.Cipher.Aes(key);
pkey = aes.Encrypt(pkey);
}
}
return pkey;
}
public static Command Login(string user, string hash, uint[] passwordKey)
{
Command.SuccessCallBack successCallBack = (JToken result) =>
{
// these need to be moved to session class
uint[] u_storage_k;
string u_storage_sid;
object u_storage_privk;
LoginResonse login = result.ToObject<LoginResonse>();
var aes = new Sjcl.Cipher.Aes(passwordKey);
// decrypt master key
uint[] keyData = Crypto.base64_to_a32(login.k);
uint[] key = Crypto.decrypt_key(aes, keyData);
if (!string.IsNullOrEmpty(login.tsid))
{
// untested
byte[] t = Crypto.base64urldecode(login.tsid);
Debug.Assert(t.Length == 32);
byte[] t0 = t.Take(16).ToArray();
byte[] t1 = t.Skip(16).Take(16).ToArray();
byte[] bytes = Crypto.a32_to_str(Crypto.encrypt_key(aes, Crypto.str_to_a32(t0)));
if (Enumerable.SequenceEqual(bytes, t1))
{
u_storage_k = key;
u_storage_sid = login.tsid;
}
}
else if (!string.IsNullOrEmpty(login.csid))
{
uint[] t = Rsa.mpi2b(Crypto.base64urldecode(login.csid));
byte[] privk = Crypto.a32_to_str(Crypto.decrypt_key(aes, Crypto.base64_to_a32(login.privk)));
var rsa_privk = new uint[4][];
// decompose private key
int i;
for (i = 0; i < 4; ++i)
{
int l = ((privk[0] * 256 + privk[1] + 7) >> 3) + 2;
rsa_privk[i] = Rsa.mpi2b(privk.Take(l).ToArray());
if (false) { break; } // number??
privk = privk.Take(l).ToArray();
}
// check format
if ((i == 4) && (privk.Length < 16))
{
// @@@ check remaining padding for added early wrong password detection likelihood
u_storage_k = key;
byte[] s = Hex.b2s(Rsa.RSAdecrypt(t, rsa_privk[2], rsa_privk[0], rsa_privk[1], rsa_privk[3]));
u_storage_sid = Crypto.base64urlencode(s.Take(43).ToArray());
u_storage_privk = rsa_privk;
}
}
Console.WriteLine(login);
};
Command.ErrorCallBack errorCallBack = (Error result) =>
{
switch (result)
{
case Error.ENOENT:
Console.WriteLine("ENOENT");
break;
default:
Console.WriteLine(result);
break;
}
};
var command = new Command(_LoginSessionChallengeOrResponse, successCallBack, errorCallBack);
command.AddArgument("user", user);
command.AddArgument("uh", hash);
return command;
}
public void TestSessionLoginFull()
{
Session session = new Session();
var passKey = Crypto.prepare_key_pw(Config.TestUserPass);
var aes = new Sjcl.Cipher.Aes(passKey);
string hash = Crypto.stringhash(Config.TestUserName.ToLower(), aes);
{
Command login = MakeCommand.Login(Config.TestUserName, hash, passKey);
string expected = "[-9]"; // -9 is "ENOENT" which means user not found
string actual = session.Execute(login);
Assert.AreNotEqual(actual, expected);
}
{
Command userDetails = MakeCommand.GetUserDetails();
string expected = "";
string actual = session.Execute(userDetails);
Assert.AreEqual(actual, expected);
}
}
