public async Task <Response> Login(string username, string password)
{
try
{
var account = await context.Account.Include(x => x.IdNavigation)
.Where(x => x.Username.Equals(username) || x.Email.Equals(username))
.FirstOrDefaultAsync();
if (account != null)
{
var check = await Task.FromResult <bool>(CryptographyHelper.AreEqual(password, account.Password,
account.Salt));
if (check)
{
return(new Response("Success", true, 1, account));
}
}
return(new Response("Username or Password was wrong!", false, 0, null));
}
catch (Exception e)
{
return(Response.CatchError(e.Message));
}
}
public static byte[] Decrypt(byte[] input)
{
if (_defaultKey == null || _defaultKey.Length == 0)
{
throw new Exception("Key can not be empty.");
}
if (input == null || input.Length == 0)
{
throw new ArgumentException("Input can not be empty.");
}
byte[] data = new byte[0];
try
{
using (var ms = new MemoryStream(input))
{
using (var aesProvider = new AesCryptoServiceProvider())
{
aesProvider.KeySize = 128;
aesProvider.BlockSize = 128;
aesProvider.Mode = CipherMode.CBC;
aesProvider.Padding = PaddingMode.PKCS7;
aesProvider.Key = _defaultKey;
// read first 32 bytes for HMAC
using (var hmac = new HMACSHA256(_defaultAuthKey))
{
var hash = hmac.ComputeHash(ms.ToArray(), HmacSha256Length, ms.ToArray().Length - HmacSha256Length);
byte[] receivedHash = new byte[HmacSha256Length];
ms.Read(receivedHash, 0, receivedHash.Length);
if (!CryptographyHelper.AreEqual(hash, receivedHash))
{
return(data);
}
}
byte[] iv = new byte[IvLength];
ms.Read(iv, 0, IvLength); // read next 16 bytes for IV, followed by ciphertext
aesProvider.IV = iv;
using (var cs = new CryptoStream(ms, aesProvider.CreateDecryptor(), CryptoStreamMode.Read))
{
byte[] temp = new byte[ms.Length - IvLength + 1];
data = new byte[cs.Read(temp, 0, temp.Length)];
Buffer.BlockCopy(temp, 0, data, 0, data.Length);
}
}
}
}
catch
{
}
return(data);
}
public void AreEqual_IncorrectPassword_ReturnsTrue()
{
//Arrange
CryptographyHelper cryptoHelper = new CryptographyHelper();
string salt = "/3Pfhl6cxR28WuOtn2IDrLi5F2eJwpLOfGTvG65wbUnbAHSBdPpIbV/CXu03KLfgQh8ruS30B+KUlhoLUOJhBQ==";
string password = "******";
string hash = "IBXJ6OEItl05rn1Fk2ex0frVEFO5udRPE/kZ5jPHGEw=";
//Act
var result = cryptoHelper.AreEqual(password, hash, salt);
//Assert
Assert.IsFalse(result);
}
public static void HandleVerifyUnfinishedTransfers(Packets.ServerPackets.DoVerifyUnfinishedTransfers command,
Client client)
{
var transferIDs = new List <int>();
var transferTypes = new List <bool>();
for (var i = 0; i < command.Files.Length; i++)
{
try
{
var path = command.Files[i];
bool isFile = false;
if (!(isFile = File.Exists(path)) && !Directory.Exists(path))
{
continue;
}
using (var fs = new FileStream(path, FileMode.Open))
{
byte[] magicBuffer = new byte[sizeof(int)];
fs.Read(magicBuffer, 0, magicBuffer.Length);
// If the file has magic it means it's a virtual directory AKA folder
transferTypes.Add(BitConverter.ToInt32(magicBuffer, 0) != VirtualDirectory.Magic);
}
var localHash = new byte[FileSplit.MAX_BLOCK_SIZE];
var remoteHash = new byte[16];
Buffer.BlockCopy(command.SampleHashes, i * 16, remoteHash, 0, 16);
using (var fs = new FileStream(path, FileMode.Open))
{
fs.Seek(-FileSplit.MAX_BLOCK_SIZE, SeekOrigin.End);
fs.Read(localHash, 0, localHash.Length);
}
using (var md5 = MD5.Create())
localHash = md5.ComputeHash(localHash);
if (!CryptographyHelper.AreEqual(localHash, remoteHash))
{
continue;
}
transferIDs.Add(command.TransferIDs[i]);
}
catch { }
}
new DoVerifyUnfinishedTransferResponse(transferIDs.ToArray(), transferTypes.ToArray()).Execute(client);
}
public async Task <Response> CheckCurrentPassword(Account account, string password)
{
var check = await Task.FromResult <bool>(CryptographyHelper.AreEqual(password, account.Password,
account.Salt));
if (check)
{
return(new Response("Success", true, 1, account.Password));
}
else
{
return(new Response("This password was wrong!", false, 0, null));
}
}
