Ejemplo n.º 1
0
        // Helpers

        private async Task <EncryptedObject> AesEncryptAsync(byte[] data, SymmetricCryptoKey key)
        {
            var obj = new EncryptedObject
            {
                Key = await GetKeyForEncryptionAsync(key),
                Iv  = await _cryptoFunctionService.RandomBytesAsync(16)
            };

            obj.Data = await _cryptoFunctionService.AesEncryptAsync(data, obj.Iv, obj.Key.EncKey);

            if (obj.Key.MacKey != null)
            {
                var macData = new byte[obj.Iv.Length + obj.Data.Length];
                Buffer.BlockCopy(obj.Iv, 0, macData, 0, obj.Iv.Length);
                Buffer.BlockCopy(obj.Data, 0, macData, obj.Iv.Length, obj.Data.Length);
                obj.Mac = await _cryptoFunctionService.HmacAsync(macData, obj.Key.MacKey, CryptoHashAlgorithm.Sha256);
            }
            return(obj);
        }
Ejemplo n.º 2
0
        public byte[] EncryptToBytes(byte[] plainBytes, SymmetricCryptoKey key = null)
        {
            if (key == null)
            {
                key = EncKey ?? Key;
            }

            if (key == null)
            {
                throw new ArgumentNullException(nameof(key));
            }

            if (plainBytes == null)
            {
                throw new ArgumentNullException(nameof(plainBytes));
            }

            return(Crypto.AesCbcEncryptToBytes(plainBytes, key));
        }
Ejemplo n.º 3
0
        private async Task <byte[]> AesDecryptToBytesAsync(EncryptionType encType, byte[] data, byte[] iv, byte[] mac,
                                                           SymmetricCryptoKey key)
        {
            var keyForEnc = await GetKeyForEncryptionAsync(key);

            var theKey = ResolveLegacyKey(encType, keyForEnc);

            if (theKey.MacKey != null && mac == null)
            {
                // Mac required.
                return(null);
            }
            if (theKey.EncType != encType)
            {
                // encType unavailable.
                return(null);
            }

            // Compute mac
            if (theKey.MacKey != null && mac != null)
            {
                var macData = new byte[iv.Length + data.Length];
                Buffer.BlockCopy(iv, 0, macData, 0, iv.Length);
                Buffer.BlockCopy(data, 0, macData, iv.Length, data.Length);

                var computedMac = await _cryptoFunctionService.HmacAsync(macData, theKey.MacKey,
                                                                         CryptoHashAlgorithm.Sha256);

                if (computedMac == null)
                {
                    return(null);
                }
                var macsMatch = await _cryptoFunctionService.CompareAsync(mac, computedMac);

                if (!macsMatch)
                {
                    // Mac failed
                    return(null);
                }
            }

            return(await _cryptoFunctionService.AesDecryptAsync(data, iv, theKey.EncKey));
        }
Ejemplo n.º 4
0
        public async Task <byte[]> DecryptFromBytesAsync(byte[] encBytes, SymmetricCryptoKey key)
        {
            if (encBytes == null)
            {
                throw new Exception("no encBytes.");
            }

            var encType = (EncryptionType)encBytes[0];

            byte[] ctBytes  = null;
            byte[] ivBytes  = null;
            byte[] macBytes = null;

            switch (encType)
            {
            case EncryptionType.AesCbc128_HmacSha256_B64:
            case EncryptionType.AesCbc256_HmacSha256_B64:
                if (encBytes.Length < 49)     // 1 + 16 + 32 + ctLength
                {
                    return(null);
                }
                ivBytes  = new ArraySegment <byte>(encBytes, 1, 16).ToArray();
                macBytes = new ArraySegment <byte>(encBytes, 17, 32).ToArray();
                ctBytes  = new ArraySegment <byte>(encBytes, 49, encBytes.Length - 49).ToArray();
                break;

            case EncryptionType.AesCbc256_B64:
                if (encBytes.Length < 17)     // 1 + 16 + ctLength
                {
                    return(null);
                }
                ivBytes = new ArraySegment <byte>(encBytes, 1, 16).ToArray();
                ctBytes = new ArraySegment <byte>(encBytes, 17, encBytes.Length - 17).ToArray();
                break;

            default:
                return(null);
            }

            return(await AesDecryptToBytesAsync(encType, ctBytes, ivBytes, macBytes, key));
        }
Ejemplo n.º 5
0
        public async Task <byte[]> DownloadAndDecryptAttachmentAsync(string url, CipherString key, string orgId = null)
        {
            using (var client = new HttpClient())
            {
                try
                {
                    var response = await client.GetAsync(new Uri(url)).ConfigureAwait(false);

                    if (!response.IsSuccessStatusCode)
                    {
                        return(null);
                    }

                    var data = await response.Content.ReadAsByteArrayAsync();

                    if (data == null)
                    {
                        return(null);
                    }

                    SymmetricCryptoKey regularKey = !string.IsNullOrWhiteSpace(orgId) ?
                                                    _cryptoService.GetOrgKey(orgId) : null;
                    SymmetricCryptoKey dataKey = null;
                    if (key != null)
                    {
                        var decDataKey = _cryptoService.DecryptToBytes(key, regularKey);
                        dataKey = new SymmetricCryptoKey(decDataKey);
                    }
                    else
                    {
                        dataKey = regularKey;
                    }

                    return(_cryptoService.DecryptToBytes(data, dataKey));
                }
                catch
                {
                    return(null);
                }
            }
        }
Ejemplo n.º 6
0
        public LoginTwoFactorPage(string email, FullLoginResult result, TwoFactorProviderType?type = null)
            : base(updateActivity: false)
        {
            _deviceInfoService = Resolver.Resolve <IDeviceInfoService>();

            _email              = email;
            _result             = result;
            _masterPasswordHash = result.MasterPasswordHash;
            _key          = result.Key;
            _providers    = result.TwoFactorProviders;
            _providerType = type ?? GetDefaultProvider();

            _authService            = Resolver.Resolve <IAuthService>();
            _userDialogs            = Resolver.Resolve <IUserDialogs>();
            _syncService            = Resolver.Resolve <ISyncService>();
            _googleAnalyticsService = Resolver.Resolve <IGoogleAnalyticsService>();
            _twoFactorApiRepository = Resolver.Resolve <ITwoFactorApiRepository>();
            _pushNotification       = Resolver.Resolve <IPushNotification>();

            Init();
        }
Ejemplo n.º 7
0
        private async Task <Tuple <SymmetricCryptoKey, EncString> > BuildEncKeyAsync(SymmetricCryptoKey key,
                                                                                     byte[] encKey)
        {
            EncString encKeyEnc = null;

            if (key.Key.Length == 32)
            {
                var newKey = await StretchKeyAsync(key);

                encKeyEnc = await EncryptAsync(encKey, newKey);
            }
            else if (key.Key.Length == 64)
            {
                encKeyEnc = await EncryptAsync(encKey, key);
            }
            else
            {
                throw new Exception("Invalid key size.");
            }
            return(new Tuple <SymmetricCryptoKey, EncString>(new SymmetricCryptoKey(encKey), encKeyEnc));
        }
Ejemplo n.º 8
0
        public static CipherString AesCbcEncrypt(byte[] plainBytes, SymmetricCryptoKey key)
        {
            if (key == null)
            {
                throw new ArgumentNullException(nameof(key));
            }

            if (plainBytes == null)
            {
                throw new ArgumentNullException(nameof(plainBytes));
            }

            var provider       = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
            var cryptoKey      = provider.CreateSymmetricKey(key.EncKey);
            var iv             = RandomBytes(provider.BlockLength);
            var encryptedBytes = WinRTCrypto.CryptographicEngine.Encrypt(cryptoKey, plainBytes, iv);
            var mac            = key.MacKey != null?ComputeMacBase64(encryptedBytes, iv, key.MacKey) : null;

            return(new CipherString(key.EncryptionType, Convert.ToBase64String(iv),
                                    Convert.ToBase64String(encryptedBytes), mac));
        }
Ejemplo n.º 9
0
        public async Task <byte[]> EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null)
        {
            var encValue = await AesEncryptAsync(plainValue, key);

            var macLen = 0;

            if (encValue.Mac != null)
            {
                macLen = encValue.Mac.Length;
            }
            var encBytes = new byte[1 + encValue.Iv.Length + macLen + encValue.Data.Length];

            Buffer.BlockCopy(new byte[] { (byte)encValue.Key.EncType }, 0, encBytes, 0, 1);
            Buffer.BlockCopy(encValue.Iv, 0, encBytes, 1, encValue.Iv.Length);
            if (encValue.Mac != null)
            {
                Buffer.BlockCopy(encValue.Mac, 0, encBytes, 1 + encValue.Iv.Length, encValue.Mac.Length);
            }
            Buffer.BlockCopy(encValue.Data, 0, encBytes, 1 + encValue.Iv.Length + macLen, encValue.Data.Length);
            return(encBytes);
        }
Ejemplo n.º 10
0
        private async Task ProcessLoginSuccessAsync(SymmetricCryptoKey key, TokenResponse response)
        {
            if (response.Key != null)
            {
                _cryptoService.SetEncKey(new CipherString(response.Key));
            }

            if (response.PrivateKey != null)
            {
                _cryptoService.SetPrivateKey(new CipherString(response.PrivateKey));
            }

            _cryptoService.Key         = key;
            _tokenService.Token        = response.AccessToken;
            _tokenService.RefreshToken = response.RefreshToken;
            UserId = _tokenService.TokenUserId;
            Email  = _tokenService.TokenEmail;
            _settings.AddOrUpdateValue(Constants.LastLoginEmail, Email);
            _appSettingsService.FailedPinAttempts        = 0;
            _appSettingsService.OrganizationGivesPremium = false;

            if (response.PrivateKey != null)
            {
                var profile = await _accountsApiRepository.GetProfileAsync();

                if (profile.Succeeded)
                {
                    _cryptoService.SetOrgKeys(profile.Result);
                    _appSettingsService.OrganizationGivesPremium =
                        profile.Result?.Organizations?.Any(o => o.UsersGetPremium && o.Enabled) ?? false;
                }
            }

            if (!string.IsNullOrWhiteSpace(response.TwoFactorToken))
            {
                _tokenService.SetTwoFactorToken(_tokenService.TokenEmail, response.TwoFactorToken);
            }
        }
Ejemplo n.º 11
0
        public LoginTwoFactorPage(string email, FullLoginResult result, TwoFactorProviderType?type = null)
            : base(updateActivity: false, requireAuth: false)
        {
            _duoOrgTitle       = $"Duo ({AppResources.Organization})";
            _deviceInfoService = Resolver.Resolve <IDeviceInfoService>();

            _email              = email;
            _result             = result;
            _masterPasswordHash = result.MasterPasswordHash;
            _key          = result.Key;
            _providers    = result.TwoFactorProviders;
            _providerType = type ?? GetDefaultProvider();

            _deviceActionService    = Resolver.Resolve <IDeviceActionService>();
            _authService            = Resolver.Resolve <IAuthService>();
            _syncService            = Resolver.Resolve <ISyncService>();
            _appSettingsService     = Resolver.Resolve <IAppSettingsService>();
            _googleAnalyticsService = Resolver.Resolve <IGoogleAnalyticsService>();
            _twoFactorApiRepository = Resolver.Resolve <ITwoFactorApiRepository>();
            _pushNotification       = Resolver.Resolve <IPushNotificationService>();

            Init();
        }
Ejemplo n.º 12
0
        private async Task ProcessLoginSuccessAsync(SymmetricCryptoKey key, TokenResponse response)
        {
            if (response.PrivateKey != null)
            {
                _cryptoService.SetPrivateKey(new CipherString(response.PrivateKey));
            }

            _cryptoService.Key         = key;
            _tokenService.Token        = response.AccessToken;
            _tokenService.RefreshToken = response.RefreshToken;
            UserId = _tokenService.TokenUserId;
            Email  = _tokenService.TokenEmail;
            _settings.AddOrUpdateValue(Constants.LastLoginEmail, Email);

            if (response.PrivateKey != null)
            {
                var profile = await _accountsApiRepository.GetProfileAsync();

                if (profile.Succeeded)
                {
                    _cryptoService.SetOrgKeys(profile.Result);
                }
            }
        }
Ejemplo n.º 13
0
        public async Task <Tuple <SymmetricCryptoKey, CipherString> > RemakeEncKeyAsync(SymmetricCryptoKey key)
        {
            var encKey = await GetEncKeyAsync();

            return(await BuildEncKeyAsync(key, encKey.Key));
        }
Ejemplo n.º 14
0
 public async Task ClearKeyAsync()
 {
     _key = _legacyEtmKey = null;
     await _secureStorageService.RemoveAsync(Keys_Key);
 }
Ejemplo n.º 15
0
        public async Task <Tuple <SymmetricCryptoKey, CipherString> > MakeEncKeyAsync(SymmetricCryptoKey key)
        {
            var theKey = await GetKeyForEncryptionAsync(key);

            var encKey = await _cryptoFunctionService.RandomBytesAsync(64);

            return(await BuildEncKeyAsync(theKey, encKey));
        }
Ejemplo n.º 16
0
        private async Task <AuthResult> LogInHelperAsync(string email, string hashedPassword, string code,
                                                         string codeVerifier, string redirectUrl, SymmetricCryptoKey key,
                                                         TwoFactorProviderType?twoFactorProvider = null, string twoFactorToken = null, bool?remember = null)
        {
            var storedTwoFactorToken = await _tokenService.GetTwoFactorTokenAsync(email);

            var appId = await _appIdService.GetAppIdAsync();

            var deviceRequest = new DeviceRequest(appId, _platformUtilsService);

            string[] emailPassword;
            string[] codeCodeVerifier;
            if (email != null && hashedPassword != null)
            {
                emailPassword = new[] { email, hashedPassword };
            }
            else
            {
                emailPassword = null;
            }
            if (code != null && codeVerifier != null && redirectUrl != null)
            {
                codeCodeVerifier = new[] { code, codeVerifier, redirectUrl };
            }
            else
            {
                codeCodeVerifier = null;
            }

            TokenRequest request;

            if (twoFactorToken != null && twoFactorProvider != null)
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember,
                                           deviceRequest);
            }
            else if (storedTwoFactorToken != null)
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember,
                                           storedTwoFactorToken, false, deviceRequest);
            }
            else
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, deviceRequest);
            }

            var response = await _apiService.PostIdentityTokenAsync(request);

            ClearState();
            var result = new AuthResult {
                TwoFactor = response.Item2 != null
            };

            if (result.TwoFactor)
            {
                // Two factor required.
                var twoFactorResponse = response.Item2;
                Email = email;
                MasterPasswordHash = hashedPassword;
                Code                      = code;
                CodeVerifier              = codeVerifier;
                SsoRedirectUrl            = redirectUrl;
                _key                      = _setCryptoKeys ? key : null;
                TwoFactorProvidersData    = twoFactorResponse.TwoFactorProviders2;
                result.TwoFactorProviders = twoFactorResponse.TwoFactorProviders2;
                return(result);
            }

            var tokenResponse = response.Item1;

            result.ResetMasterPassword = tokenResponse.ResetMasterPassword;
            if (tokenResponse.TwoFactorToken != null)
            {
                await _tokenService.SetTwoFactorTokenAsync(tokenResponse.TwoFactorToken, email);
            }
            await _tokenService.SetTokensAsync(tokenResponse.AccessToken, tokenResponse.RefreshToken);

            await _userService.SetInformationAsync(_tokenService.GetUserId(), _tokenService.GetEmail(),
                                                   tokenResponse.Kdf, tokenResponse.KdfIterations);

            if (_setCryptoKeys)
            {
                await _cryptoService.SetKeyAsync(key);

                await _cryptoService.SetKeyHashAsync(hashedPassword);

                await _cryptoService.SetEncKeyAsync(tokenResponse.Key);

                // User doesn't have a key pair yet (old account), let's generate one for them.
                if (tokenResponse.PrivateKey == null)
                {
                    try
                    {
                        var keyPair = await _cryptoService.MakeKeyPairAsync();

                        await _apiService.PostAccountKeysAsync(new KeysRequest
                        {
                            PublicKey           = keyPair.Item1,
                            EncryptedPrivateKey = keyPair.Item2.EncryptedString
                        });

                        tokenResponse.PrivateKey = keyPair.Item2.EncryptedString;
                    }
                    catch { }
                }

                await _cryptoService.SetEncPrivateKeyAsync(tokenResponse.PrivateKey);
            }

            _vaultTimeoutService.BiometricLocked = false;
            _messagingService.Send("loggedIn");
            return(result);
        }
Ejemplo n.º 17
0
        public Task <SymmetricCryptoKey> GetEncKeyAsync(SymmetricCryptoKey key = null)
        {
            if (_encKey != null)
            {
                return(Task.FromResult(_encKey));
            }
            if (_getEncKeysTask != null && !_getEncKeysTask.IsCompleted && !_getEncKeysTask.IsFaulted)
            {
                return(_getEncKeysTask);
            }
            async Task <SymmetricCryptoKey> doTask()
            {
                try
                {
                    var encKey = await _storageService.GetAsync <string>(Keys_EncKey);

                    if (encKey == null)
                    {
                        return(null);
                    }

                    if (key == null)
                    {
                        key = await GetKeyAsync();
                    }
                    if (key == null)
                    {
                        return(null);
                    }

                    byte[] decEncKey    = null;
                    var    encKeyCipher = new CipherString(encKey);
                    if (encKeyCipher.EncryptionType == EncryptionType.AesCbc256_B64)
                    {
                        decEncKey = await DecryptToBytesAsync(encKeyCipher, key);
                    }
                    else if (encKeyCipher.EncryptionType == EncryptionType.AesCbc256_HmacSha256_B64)
                    {
                        var newKey = await StretchKeyAsync(key);

                        decEncKey = await DecryptToBytesAsync(encKeyCipher, newKey);
                    }
                    else
                    {
                        throw new Exception("Unsupported encKey type.");
                    }

                    if (decEncKey == null)
                    {
                        return(null);
                    }
                    _encKey = new SymmetricCryptoKey(decEncKey);
                    return(_encKey);
                }
                finally
                {
                    _getEncKeysTask = null;
                }
            }

            _getEncKeysTask = doTask();
            return(_getEncKeysTask);
        }
        private void ProtocolV4(Stream stream, CertificateStore clientCredentials, Certificate[] trustedRootCertificates, ISecureChannelSecurityManager manager, string preSharedKey, SecureChannelCryptoOptionFlags supportedOptions)
        {
            #region 1. hello handshake

            //send client hello
            SecureChannelPacket.Hello clientHello = new SecureChannelPacket.Hello(BinaryID.GenerateRandomID256(), supportedOptions);
            SecureChannelPacket.WritePacket(stream, clientHello);

            //read server hello
            SecureChannelPacket.Hello serverHello = (new SecureChannelPacket(stream)).GetHello();

            //read selected crypto option
            _selectedCryptoOption = supportedOptions & serverHello.CryptoOptions;

            if (_selectedCryptoOption == SecureChannelCryptoOptionFlags.None)
                throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);

            #endregion

            #region 2. key exchange

            //read server key exchange data
            SecureChannelPacket.KeyExchange serverKeyExchange = (new SecureChannelPacket(stream)).GetKeyExchange();

            SymmetricEncryptionAlgorithm encAlgo;
            string hashAlgo;
            KeyAgreement keyAgreement;

            switch (_selectedCryptoOption)
            {
                case SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256:
                    encAlgo = SymmetricEncryptionAlgorithm.Rijndael;
                    hashAlgo = "SHA256";
                    keyAgreement = new DiffieHellman(DiffieHellmanGroupType.RFC3526, 2048, KeyAgreementKeyDerivationFunction.Hmac, KeyAgreementKeyDerivationHashAlgorithm.SHA256);
                    break;

                case SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256:
                    encAlgo = SymmetricEncryptionAlgorithm.Rijndael;
                    hashAlgo = "SHA256";
                    keyAgreement = new TechnitiumLibrary.Security.Cryptography.ECDiffieHellman(256, KeyAgreementKeyDerivationFunction.Hmac, KeyAgreementKeyDerivationHashAlgorithm.SHA256);
                    break;

                default:
                    throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }

            //send client key exchange data
            SecureChannelPacket.KeyExchange clientKeyExchange = new SecureChannelPacket.KeyExchange(keyAgreement.GetPublicKeyXML(), clientCredentials.PrivateKey, hashAlgo);
            SecureChannelPacket.WritePacket(stream, clientKeyExchange);

            //generate master key
            byte[] masterKey = GenerateMasterKey(clientHello, serverHello, _preSharedKey, keyAgreement, serverKeyExchange.PublicKeyXML);

            //verify master key using HMAC authentication
            {
                SecureChannelPacket.Authentication clientAuthentication = new SecureChannelPacket.Authentication(serverHello, masterKey);
                SecureChannelPacket.WritePacket(stream, clientAuthentication);

                SecureChannelPacket.Authentication serverAuthentication = (new SecureChannelPacket(stream)).GetAuthentication();
                if (!serverAuthentication.IsValid(clientHello, masterKey))
                    throw new SecureChannelException(SecureChannelCode.ProtocolAuthenticationFailed, _remotePeerEP, _remotePeerCert);
            }

            //enable channel encryption
            switch (encAlgo)
            {
                case SymmetricEncryptionAlgorithm.Rijndael:
                    //using MD5 for generating AES IV of 128bit block size
                    HashAlgorithm md5Hash = HashAlgorithm.Create("MD5");
                    byte[] eIV = md5Hash.ComputeHash(clientHello.Nonce.ID);
                    byte[] dIV = md5Hash.ComputeHash(serverHello.Nonce.ID);

                    //create encryption and decryption objects
                    SymmetricCryptoKey encryptionKey = new SymmetricCryptoKey(SymmetricEncryptionAlgorithm.Rijndael, masterKey, eIV, PaddingMode.None);
                    SymmetricCryptoKey decryptionKey = new SymmetricCryptoKey(SymmetricEncryptionAlgorithm.Rijndael, masterKey, dIV, PaddingMode.None);

                    //enable encryption
                    EnableEncryption(stream, encryptionKey, decryptionKey, new HMACSHA256(masterKey), new HMACSHA256(masterKey));
                    break;

                default:
                    throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }

            //channel encryption is ON!

            #endregion

            #region 3. exchange & verify certificates & signatures

            if (!_reNegotiating)
            {
                //send client certificate
                SecureChannelPacket.WritePacket(this, clientCredentials.Certificate);

                //read server certificate
                _remotePeerCert = (new SecureChannelPacket(this)).GetCertificate();

                //verify server certificate
                try
                {
                    _remotePeerCert.Verify(trustedRootCertificates);
                }
                catch (Exception ex)
                {
                    throw new SecureChannelException(SecureChannelCode.InvalidRemoteCertificate, _remotePeerEP, _remotePeerCert, "Invalid remote certificate.", ex);
                }
            }

            //verify key exchange signature
            switch (_selectedCryptoOption)
            {
                case SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256:
                case SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256:
                    if (_remotePeerCert.PublicKeyEncryptionAlgorithm != AsymmetricEncryptionAlgorithm.RSA)
                        throw new SecureChannelException(SecureChannelCode.InvalidRemoteCertificateAlgorithm, _remotePeerEP, _remotePeerCert);

                    if (!serverKeyExchange.IsSignatureValid(_remotePeerCert, "SHA256"))
                        throw new SecureChannelException(SecureChannelCode.InvalidRemoteKeyExchangeSignature, _remotePeerEP, _remotePeerCert);

                    break;

                default:
                    throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }

            if ((manager != null) && !manager.ProceedConnection(_remotePeerCert))
                throw new SecureChannelException(SecureChannelCode.SecurityManagerDeclinedAccess, _remotePeerEP, _remotePeerCert, "Security manager declined access.");

            #endregion
        }
Ejemplo n.º 19
0
        private void ProtocolV4(Stream stream)
        {
            #region 1. hello handshake

            //read client hello
            SecureChannelPacket.Hello clientHello = (new SecureChannelPacket(stream)).GetHello();

            //select crypto option
            _selectedCryptoOption = _supportedOptions & clientHello.CryptoOptions;

            if (_selectedCryptoOption == SecureChannelCryptoOptionFlags.None)
            {
                throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }
            else if ((_selectedCryptoOption & SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256) > 0)
            {
                _selectedCryptoOption = SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256;
            }
            else if ((_selectedCryptoOption & SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256) > 0)
            {
                _selectedCryptoOption = SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256;
            }
            else
            {
                throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }

            //send server hello
            SecureChannelPacket.Hello serverHello = new SecureChannelPacket.Hello(BinaryID.GenerateRandomID256(), _selectedCryptoOption);
            SecureChannelPacket.WritePacket(stream, serverHello);

            #endregion

            #region 2. key exchange

            SymmetricEncryptionAlgorithm encAlgo;
            string       hashAlgo;
            KeyAgreement keyAgreement;

            switch (_selectedCryptoOption)
            {
            case SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256:
                encAlgo      = SymmetricEncryptionAlgorithm.Rijndael;
                hashAlgo     = "SHA256";
                keyAgreement = new DiffieHellman(DiffieHellmanGroupType.RFC3526, 2048, KeyAgreementKeyDerivationFunction.Hmac, KeyAgreementKeyDerivationHashAlgorithm.SHA256);
                break;

            case SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256:
                encAlgo      = SymmetricEncryptionAlgorithm.Rijndael;
                hashAlgo     = "SHA256";
                keyAgreement = new TechnitiumLibrary.Security.Cryptography.ECDiffieHellman(256, KeyAgreementKeyDerivationFunction.Hmac, KeyAgreementKeyDerivationHashAlgorithm.SHA256);
                break;

            default:
                throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }

            //send server key exchange data
            SecureChannelPacket.KeyExchange serverKeyExchange = new SecureChannelPacket.KeyExchange(keyAgreement.GetPublicKey(), _serverCredentials.PrivateKey, hashAlgo);
            SecureChannelPacket.WritePacket(stream, serverKeyExchange);

            //read client key exchange data
            SecureChannelPacket.KeyExchange clientKeyExchange = (new SecureChannelPacket(stream)).GetKeyExchange();

            //generate master key
            byte[] masterKey = GenerateMasterKey(clientHello, serverHello, _preSharedKey, keyAgreement, clientKeyExchange.PublicKey);

            //verify master key using HMAC authentication
            {
                SecureChannelPacket.Authentication clientAuthentication = (new SecureChannelPacket(stream)).GetAuthentication();
                if (!clientAuthentication.IsValid(serverHello, masterKey))
                {
                    throw new SecureChannelException(SecureChannelCode.ProtocolAuthenticationFailed, _remotePeerEP, _remotePeerCert);
                }

                SecureChannelPacket.Authentication serverAuthentication = new SecureChannelPacket.Authentication(clientHello, masterKey);
                SecureChannelPacket.WritePacket(stream, serverAuthentication);
            }

            //enable channel encryption
            switch (encAlgo)
            {
            case SymmetricEncryptionAlgorithm.Rijndael:
                //using MD5 for generating AES IV of 128bit block size
                HashAlgorithm md5Hash = HashAlgorithm.Create("MD5");
                byte[]        eIV     = md5Hash.ComputeHash(serverHello.Nonce.ID);
                byte[]        dIV     = md5Hash.ComputeHash(clientHello.Nonce.ID);

                //create encryption and decryption objects
                SymmetricCryptoKey encryptionKey = new SymmetricCryptoKey(SymmetricEncryptionAlgorithm.Rijndael, masterKey, eIV, PaddingMode.None);
                SymmetricCryptoKey decryptionKey = new SymmetricCryptoKey(SymmetricEncryptionAlgorithm.Rijndael, masterKey, dIV, PaddingMode.None);

                //enable encryption
                EnableEncryption(stream, encryptionKey, decryptionKey, new HMACSHA256(masterKey), new HMACSHA256(masterKey));
                break;

            default:
                throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }

            //channel encryption is ON!

            #endregion

            #region 3. exchange & verify certificates & signatures

            if (!IsReNegotiating())
            {
                //read client certificate
                _remotePeerCert = (new SecureChannelPacket(this)).GetCertificate();

                //verify client certificate
                try
                {
                    _remotePeerCert.Verify(_trustedRootCertificates);
                }
                catch (Exception ex)
                {
                    throw new SecureChannelException(SecureChannelCode.InvalidRemoteCertificate, _remotePeerEP, _remotePeerCert, "Invalid remote certificate.", ex);
                }
            }

            //verify key exchange signature
            switch (_selectedCryptoOption)
            {
            case SecureChannelCryptoOptionFlags.DHE2048_RSA_WITH_AES256_CBC_HMAC_SHA256:
            case SecureChannelCryptoOptionFlags.ECDHE256_RSA_WITH_AES256_CBC_HMAC_SHA256:
                if (_remotePeerCert.PublicKeyEncryptionAlgorithm != AsymmetricEncryptionAlgorithm.RSA)
                {
                    throw new SecureChannelException(SecureChannelCode.InvalidRemoteCertificateAlgorithm, _remotePeerEP, _remotePeerCert);
                }

                if (!clientKeyExchange.IsSignatureValid(_remotePeerCert, "SHA256"))
                {
                    throw new SecureChannelException(SecureChannelCode.InvalidRemoteKeyExchangeSignature, _remotePeerEP, _remotePeerCert);
                }

                break;

            default:
                throw new SecureChannelException(SecureChannelCode.NoMatchingCryptoAvailable, _remotePeerEP, _remotePeerCert);
            }

            if ((_manager != null) && !_manager.ProceedConnection(_remotePeerCert))
            {
                throw new SecureChannelException(SecureChannelCode.SecurityManagerDeclinedAccess, _remotePeerEP, _remotePeerCert, "Security manager declined access.");
            }

            //send server certificate
            if (!IsReNegotiating())
            {
                SecureChannelPacket.WritePacket(this, _serverCredentials.Certificate);
            }

            #endregion
        }
Ejemplo n.º 20
0
        public string HashPasswordBase64(SymmetricCryptoKey key, string password)
        {
            var hash = HashPassword(key, password);

            return(Convert.ToBase64String(hash));
        }
Ejemplo n.º 21
0
        private async Task <AuthResult> LogInHelperAsync(string email, string hashedPassword, string localHashedPassword,
                                                         string code, string codeVerifier, string redirectUrl, SymmetricCryptoKey key,
                                                         TwoFactorProviderType?twoFactorProvider = null, string twoFactorToken = null, bool?remember = null,
                                                         string captchaToken = null, string orgId = null)
        {
            var storedTwoFactorToken = await _tokenService.GetTwoFactorTokenAsync(email);

            var appId = await _appIdService.GetAppIdAsync();

            var deviceRequest = new DeviceRequest(appId, _platformUtilsService);

            string[] emailPassword;
            string[] codeCodeVerifier;
            if (email != null && hashedPassword != null)
            {
                emailPassword = new[] { email, hashedPassword };
            }
            else
            {
                emailPassword = null;
            }
            if (code != null && codeVerifier != null && redirectUrl != null)
            {
                codeCodeVerifier = new[] { code, codeVerifier, redirectUrl };
            }
            else
            {
                codeCodeVerifier = null;
            }

            TokenRequest request;

            if (twoFactorToken != null && twoFactorProvider != null)
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember,
                                           captchaToken, deviceRequest);
            }
            else if (storedTwoFactorToken != null)
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember,
                                           storedTwoFactorToken, false, captchaToken, deviceRequest);
            }
            else
            {
                request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, captchaToken, deviceRequest);
            }

            var response = await _apiService.PostIdentityTokenAsync(request);

            ClearState();
            var result = new AuthResult {
                TwoFactor = response.TwoFactorNeeded, CaptchaSiteKey = response.CaptchaResponse?.SiteKey
            };

            if (result.CaptchaNeeded)
            {
                return(result);
            }

            if (result.TwoFactor)
            {
                // Two factor required.
                Email = email;
                MasterPasswordHash      = hashedPassword;
                LocalMasterPasswordHash = localHashedPassword;
                Code                      = code;
                CodeVerifier              = codeVerifier;
                SsoRedirectUrl            = redirectUrl;
                _key                      = _setCryptoKeys ? key : null;
                TwoFactorProvidersData    = response.TwoFactorResponse.TwoFactorProviders2;
                result.TwoFactorProviders = response.TwoFactorResponse.TwoFactorProviders2;
                CaptchaToken              = response.TwoFactorResponse.CaptchaToken;
                return(result);
            }

            var tokenResponse = response.TokenResponse;

            result.ResetMasterPassword = tokenResponse.ResetMasterPassword;
            result.ForcePasswordReset  = tokenResponse.ForcePasswordReset;
            if (tokenResponse.TwoFactorToken != null)
            {
                await _tokenService.SetTwoFactorTokenAsync(tokenResponse.TwoFactorToken, email);
            }
            await _tokenService.SetAccessTokenAsync(tokenResponse.AccessToken, true);

            await _stateService.AddAccountAsync(
                new Account(
                    new Account.AccountProfile()
            {
                UserId = _tokenService.GetUserId(),
                Email = _tokenService.GetEmail(),
                Name = _tokenService.GetName(),
                KdfType = tokenResponse.Kdf,
                KdfIterations = tokenResponse.KdfIterations,
                HasPremiumPersonally = _tokenService.GetPremium(),
            },
                    new Account.AccountTokens()
            {
                AccessToken = tokenResponse.AccessToken,
                RefreshToken = tokenResponse.RefreshToken,
            }
                    )
                );

            _messagingService.Send("accountAdded");
            if (_setCryptoKeys)
            {
                if (key != null)
                {
                    await _cryptoService.SetKeyAsync(key);
                }

                if (localHashedPassword != null)
                {
                    await _cryptoService.SetKeyHashAsync(localHashedPassword);
                }

                if (code == null || tokenResponse.Key != null)
                {
                    if (tokenResponse.KeyConnectorUrl != null)
                    {
                        await _keyConnectorService.GetAndSetKey(tokenResponse.KeyConnectorUrl);
                    }

                    await _cryptoService.SetEncKeyAsync(tokenResponse.Key);

                    // User doesn't have a key pair yet (old account), let's generate one for them.
                    if (tokenResponse.PrivateKey == null)
                    {
                        try
                        {
                            var keyPair = await _cryptoService.MakeKeyPairAsync();

                            await _apiService.PostAccountKeysAsync(new KeysRequest
                            {
                                PublicKey           = keyPair.Item1,
                                EncryptedPrivateKey = keyPair.Item2.EncryptedString
                            });

                            tokenResponse.PrivateKey = keyPair.Item2.EncryptedString;
                        }
                        catch { }
                    }

                    await _cryptoService.SetEncPrivateKeyAsync(tokenResponse.PrivateKey);
                }
                else if (tokenResponse.KeyConnectorUrl != null)
                {
                    // SSO Key Connector Onboarding
                    var password = await _cryptoFunctionService.RandomBytesAsync(64);

                    var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.Kdf, tokenResponse.KdfIterations);

                    var keyConnectorRequest = new KeyConnectorUserKeyRequest(k.EncKeyB64);
                    await _cryptoService.SetKeyAsync(k);

                    var encKey = await _cryptoService.MakeEncKeyAsync(k);

                    await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);

                    var keyPair = await _cryptoService.MakeKeyPairAsync();

                    try
                    {
                        await _apiService.PostUserKeyToKeyConnector(tokenResponse.KeyConnectorUrl, keyConnectorRequest);
                    }
                    catch (Exception e)
                    {
                        throw new Exception("Unable to reach Key Connector", e);
                    }

                    var keys = new KeysRequest
                    {
                        PublicKey           = keyPair.Item1,
                        EncryptedPrivateKey = keyPair.Item2.EncryptedString
                    };
                    var setPasswordRequest = new SetKeyConnectorKeyRequest(
                        encKey.Item2.EncryptedString, keys, tokenResponse.Kdf, tokenResponse.KdfIterations, orgId
                        );
                    await _apiService.PostSetKeyConnectorKey(setPasswordRequest);
                }
            }

            await _stateService.SetBiometricLockedAsync(false);

            _messagingService.Send("loggedIn");
            return(result);
        }
Ejemplo n.º 22
0
 public static SymmetricCryptoKey CreateSymmetricCryptoKey(int cryptoKeyId, string bucket, string handle, global::System.DateTime expirationUtc, byte[] secret)
 {
     SymmetricCryptoKey symmetricCryptoKey = new SymmetricCryptoKey();
     symmetricCryptoKey.CryptoKeyId = cryptoKeyId;
     symmetricCryptoKey.Bucket = bucket;
     symmetricCryptoKey.Handle = handle;
     symmetricCryptoKey.ExpirationUtc = expirationUtc;
     symmetricCryptoKey.Secret = secret;
     return symmetricCryptoKey;
 }
Ejemplo n.º 23
0
        public CipherString MakeEncKey(SymmetricCryptoKey key)
        {
            var bytes = Crypto.RandomBytes(512 / 8);

            return(Encrypt(bytes, key));
        }
Ejemplo n.º 24
0
        public async Task WhoAmI()
        {
            var jso = new JsonSerializerOptions
            {
                WriteIndented = true,
            };

            Console.WriteLine("Is Authenticated....: {0}", await _userService.IsAuthenticatedAsync());
            Console.WriteLine("User ID.............: {0}", await _userService.GetUserIdAsync());
            Console.WriteLine("Acct Rev Date.......: {0}",
                              CoreHelpers.Epoc.AddMilliseconds(await _apiService.GetAccountRevisionDateAsync()));

            var sync = await _apiService.GetSyncAsync();

            await _cryptoService.SetOrgKeysAsync(sync.Profile.Organizations);

            Console.WriteLine();
            Console.WriteLine("Profile:");
            Console.WriteLine("  ID........................: {0}", sync.Profile.Id);
            Console.WriteLine("  Name......................: {0}", sync.Profile.Name);
            Console.WriteLine("  Email.....................: {0}", sync.Profile.Email);
            Console.WriteLine("  Email Verified............: {0}", sync.Profile.EmailVerified);
            Console.WriteLine("  Premium...................: {0}", sync.Profile.Premium);
            //Console.WriteLine("  Master Password Hint......: {0}", sync.Profile.MasterPasswordHint);
            //Console.WriteLine("  Security Stamp............: {0}", sync.Profile.SecurityStamp);
            //Console.WriteLine("  Key.......................: {0}", sync.Profile.Key);
            //Console.WriteLine("  Private Key...............: {0}", sync.Profile.PrivateKey);

            Console.WriteLine();
            Console.WriteLine("Orgs:");
            string             orgKeyS = null;
            SymmetricCryptoKey orgKey  = null;

            foreach (var o in sync.Profile.Organizations)
            {
                Console.WriteLine("  * {0} = {1}, {2}, {3}, {4}, {5}, {6}, {7}, {8}", o.Id, o.Name,
                                  o.Enabled, o.Type, o.Status, o.MaxCollections, o.Status, o.Seats, o.Key);
                orgKeyS = o.Key;
                //orgKey = new SymmetricCryptoKey(await _cryptoService.DecryptToBytesAsync(new CipherString(o.Key)));
            }

            Console.WriteLine();
            Console.WriteLine("Folders:");
            foreach (var f in sync.Folders)
            {
                var nm = await _cryptoService.DecryptToUtf8Async(new CipherString(f.Name));

                Console.WriteLine("  * {0} = {1} = {2}", f.Id, f.Name, nm);
            }

            Console.WriteLine();
            Console.WriteLine("Collections:");
            foreach (var c in sync.Collections)
            {
                //var nm = await _cryptoService.DecryptToUtf8Async(new CipherString(c.Name), orgKey);
                var nm = await _cryptoService.DecryptToUtf8Async(new CipherString(c.Name));

                Console.WriteLine("  * {0} = {1}, {2}, {3}, {4}, {5}", c.Id, c.Name, nm,
                                  c.OrganizationId, c.ReadOnly, c.ExternalId);
            }

            Console.WriteLine();
            Console.WriteLine("Ciphers:");
            foreach (var c in sync.Ciphers)
            {
                var nm = await _cryptoService.DecryptToUtf8Async(new CipherString(c.Name));

                var us = c.Login == null ? "" : await _cryptoService.DecryptToUtf8Async(new CipherString(c.Login.Username));

                var pw = c.Login == null ? "" : await _cryptoService.DecryptToUtf8Async(new CipherString(c.Login.Password));

                //var nt = await _cryptoService.DecryptToUtf8Async(new CipherString(c.Notes));
                Console.WriteLine("  * {0}, {1}, {2}, {3}", JsonSerializer.Serialize(c, jso),
                                  nm, us, pw);
            }
        }
Ejemplo n.º 25
0
 public void AddToSymmetricCryptoKeys(SymmetricCryptoKey symmetricCryptoKey)
 {
     base.AddObject("SymmetricCryptoKeys", symmetricCryptoKey);
 }
Ejemplo n.º 26
0
 public async Task <string> DecryptToUtf8Async(EncString encString, SymmetricCryptoKey key = null)
 {
     return(await AesDecryptToUtf8Async(encString.EncryptionType, encString.Data,
                                        encString.Iv, encString.Mac, key));
 }
Ejemplo n.º 27
0
        protected void EnableEncryption(Stream inputStream, SymmetricCryptoKey encryptionKey, SymmetricCryptoKey decryptionKey, HMAC authHMACEncrypt, HMAC authHMACDecrypt)
        {
            //create reader and writer objects
            _encryptionKey = encryptionKey;
            _cryptoEncryptor = encryptionKey.GetEncryptor();
            _cryptoDecryptor = decryptionKey.GetDecryptor();

            //init variables
            _baseStream = inputStream;
            _blockSizeBytes = encryptionKey.BlockSize / 8;
            _writeBufferPadding = new byte[_blockSizeBytes];
            _authHMACEncrypt = authHMACEncrypt;
            _authHMACDecrypt = authHMACDecrypt;
            _authHMACSize = authHMACEncrypt.HashSize / 8;

            _bytesSent = 0;
            _connectedOn = DateTime.UtcNow;

            if (_reNegotiationTimer == null)
            {
                if ((_reNegotiateOnBytesSent > 0) || (_reNegotiateAfterSeconds > 0))
                    _reNegotiationTimer = new Timer(ReNegotiationTimerCallback, null, _reNegotiationTimerInterval, Timeout.Infinite);
            }
        }
Ejemplo n.º 28
0
        private static Tuple <EncryptionType, byte[], byte[], byte[]> AesCbcEncryptToParts(byte[] plainBytes,
                                                                                           SymmetricCryptoKey key)
        {
            if (key == null)
            {
                throw new ArgumentNullException(nameof(key));
            }

            if (plainBytes == null)
            {
                throw new ArgumentNullException(nameof(plainBytes));
            }

            var provider  = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
            var cryptoKey = provider.CreateSymmetricKey(key.EncKey);
            var iv        = RandomBytes(provider.BlockLength);
            var ct        = WinRTCrypto.CryptographicEngine.Encrypt(cryptoKey, plainBytes, iv);
            var mac       = key.MacKey != null?ComputeMac(ct, iv, key.MacKey) : null;

            return(new Tuple <EncryptionType, byte[], byte[], byte[]>(key.EncryptionType, iv, mac, ct));
        }
Ejemplo n.º 29
0
 public async Task <string> DecryptToUtf8Async(CipherString cipherString, SymmetricCryptoKey key = null)
 {
     return(await AesDecryptToUtf8Async(cipherString.EncryptionType, cipherString.Data,
                                        cipherString.Iv, cipherString.Mac, key));
 }
Ejemplo n.º 30
0
        public static byte[] AesCbcDecrypt(EncryptionType type, byte[] ct, byte[] iv, byte[] mac, SymmetricCryptoKey key)
        {
            if (key == null)
            {
                throw new ArgumentNullException(nameof(key));
            }

            if (ct == null)
            {
                throw new ArgumentNullException(nameof(ct));
            }

            if (iv == null)
            {
                throw new ArgumentNullException(nameof(iv));
            }

            if (key.MacKey != null && mac == null)
            {
                throw new ArgumentNullException(nameof(mac));
            }

            if (key.EncryptionType != type)
            {
                throw new InvalidOperationException(nameof(type));
            }

            if (key.MacKey != null && mac != null)
            {
                var computedMacBytes = ComputeMac(ct, iv, key.MacKey);
                if (!MacsEqual(computedMacBytes, mac))
                {
                    throw new InvalidOperationException("MAC failed.");
                }
            }

            var provider       = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
            var cryptoKey      = provider.CreateSymmetricKey(key.EncKey);
            var decryptedBytes = WinRTCrypto.CryptographicEngine.Decrypt(cryptoKey, ct, iv);

            return(decryptedBytes);
        }
Ejemplo n.º 31
0
        protected void EnableEncryption(Stream inputStream, SymmetricCryptoKey encryptionKey, SymmetricCryptoKey decryptionKey, HMAC authHMACEncrypt, HMAC authHMACDecrypt)
        {
            //create reader and writer objects
            _encryptionKey   = encryptionKey;
            _cryptoEncryptor = encryptionKey.GetEncryptor();
            _cryptoDecryptor = decryptionKey.GetDecryptor();

            //init variables
            _baseStream         = inputStream;
            _blockSizeBytes     = encryptionKey.BlockSize / 8;
            _writeBufferPadding = new byte[_blockSizeBytes];
            _authHMACEncrypt    = authHMACEncrypt;
            _authHMACDecrypt    = authHMACDecrypt;
            _authHMACSize       = authHMACEncrypt.HashSize / 8;

            _bytesSent   = 0;
            _connectedOn = DateTime.UtcNow;

            if (_reNegotiationTimer == null)
            {
                if ((_reNegotiateOnBytesSent > 0) || (_reNegotiateAfterSeconds > 0))
                {
                    _reNegotiationTimer = new Timer(ReNegotiationTimerCallback, null, _reNegotiationTimerInterval, Timeout.Infinite);
                }
            }
        }
Ejemplo n.º 32
0
        private async Task <AuthResult> LogInHelperAsync(string email, string hashedPassword, SymmetricCryptoKey key,
                                                         TwoFactorProviderType?twoFactorProvider = null, string twoFactorToken = null, bool?remember = null)
        {
            var storedTwoFactorToken = await _tokenService.GetTwoFactorTokenAsync(email);

            var appId = await _appIdService.GetAppIdAsync();

            var deviceRequest = new DeviceRequest(appId, _platformUtilsService);
            var request       = new TokenRequest
            {
                Email = email,
                MasterPasswordHash = hashedPassword,
                Device             = deviceRequest,
                Remember           = false
            };

            if (twoFactorToken != null && twoFactorProvider != null)
            {
                request.Provider = twoFactorProvider;
                request.Token    = twoFactorToken;
                request.Remember = remember.GetValueOrDefault();
            }
            else if (storedTwoFactorToken != null)
            {
                request.Provider = TwoFactorProviderType.Remember;
                request.Token    = storedTwoFactorToken;
            }

            var response = await _apiService.PostIdentityTokenAsync(request);

            ClearState();
            var result = new AuthResult
            {
                TwoFactor = response.Item2 != null
            };

            if (result.TwoFactor)
            {
                // Two factor required.
                var twoFactorResponse = response.Item2;
                Email = email;
                MasterPasswordHash = hashedPassword;
                _key = _setCryptoKeys ? key : null;
                TwoFactorProvidersData    = twoFactorResponse.TwoFactorProviders2;
                result.TwoFactorProviders = twoFactorResponse.TwoFactorProviders2;
                return(result);
            }

            var tokenResponse = response.Item1;

            if (tokenResponse.TwoFactorToken != null)
            {
                await _tokenService.SetTwoFactorTokenAsync(tokenResponse.TwoFactorToken, email);
            }

            #region cozy
            _tokenService.SetClientInfos(tokenResponse.ClientId, tokenResponse.RegistrationAccessToken);
            #endregion

            await _tokenService.SetTokensAsync(tokenResponse.AccessToken, tokenResponse.RefreshToken);

            await _userService.SetInformationAsync(_tokenService.GetUserId(), _tokenService.GetEmail(),
                                                   _kdf.Value, _kdfIterations.Value);

            if (_setCryptoKeys)
            {
                await _cryptoService.SetKeyAsync(key);

                await _cryptoService.SetKeyHashAsync(hashedPassword);

                await _cryptoService.SetEncKeyAsync(tokenResponse.Key);

                // User doesn't have a key pair yet (old account), let's generate one for them.
                if (tokenResponse.PrivateKey == null)
                {
                    try
                    {
                        var keyPair = await _cryptoService.MakeKeyPairAsync();

                        await _apiService.PostAccountKeysAsync(new KeysRequest
                        {
                            PublicKey           = keyPair.Item1,
                            EncryptedPrivateKey = keyPair.Item2.EncryptedString
                        });

                        tokenResponse.PrivateKey = keyPair.Item2.EncryptedString;
                    }
                    catch { }
                }

                await _cryptoService.SetEncPrivateKeyAsync(tokenResponse.PrivateKey);
            }

            _lockService.FingerprintLocked = false;
            _messagingService.Send("loggedIn");
            return(result);
        }
Ejemplo n.º 33
0
        public async Task <Models.LoginResult> TokenPostTwoFactorAsync(TwoFactorProviderType type, string token, bool remember,
                                                                       string email, string masterPasswordHash, SymmetricCryptoKey key)
        {
            var result = new Models.LoginResult();

            var request = new TokenRequest
            {
                Remember           = remember,
                Email              = email.Trim().ToLower(),
                MasterPasswordHash = masterPasswordHash,
                Token              = token,
                Provider           = type,
                Device             = new DeviceRequest(_appIdService, _deviceInfoService)
            };

            var response = await _connectApiRepository.PostTokenAsync(request);

            if (!response.Succeeded)
            {
                result.Success      = false;
                result.ErrorMessage = response.Errors.FirstOrDefault()?.Message;
                return(result);
            }

            result.Success = true;
            await ProcessLoginSuccessAsync(key, response.Result);

            return(result);
        }
Ejemplo n.º 34
0
        public async Task <(Send send, CipherString encryptedFileData)> EncryptAsync(SendView model, byte[] fileData,
                                                                                     string password, SymmetricCryptoKey key = null)
        {
            if (model.Key == null)
            {
                model.Key       = _cryptoFunctionService.RandomBytes(16);
                model.CryptoKey = await _cryptoService.MakeSendKeyAsync(model.Key);
            }

            var send = new Send
            {
                Id             = model.Id,
                Type           = model.Type,
                Disabled       = model.Disabled,
                MaxAccessCount = model.MaxAccessCount,
                Key            = await _cryptoService.EncryptAsync(model.Key, key),
                Name           = await _cryptoService.EncryptAsync(model.Name, model.CryptoKey),
                Notes          = await _cryptoService.EncryptAsync(model.Notes, model.CryptoKey),
            };
            CipherString encryptedFileData = null;

            if (password != null)
            {
                var passwordHash = await _cryptoFunctionService.Pbkdf2Async(password, model.Key,
                                                                            CryptoHashAlgorithm.Sha256, 100000);

                send.Password = Convert.ToBase64String(passwordHash);
            }

            switch (send.Type)
            {
            case SendType.Text:
                send.Text = new SendText
                {
                    Text   = await _cryptoService.EncryptAsync(model.Text.Text, model.CryptoKey),
                    Hidden = model.Text.Hidden
                };
                break;

            case SendType.File:
                send.File = new SendFile();
                if (fileData != null)
                {
                    send.File.FileName = await _cryptoService.EncryptAsync(model.File.FileName, model.CryptoKey);

                    encryptedFileData = await _cryptoService.EncryptAsync(fileData, model.CryptoKey);
                }
                break;

            default:
                break;
            }

            return(send, encryptedFileData);
        }