public void OnClosing(object o, FormClosingEventArgs e)
{
if (DialogResult == DialogResult.OK)
{
m_parent.LT64 = LT64_cb.Checked;
Secret = new byte[KeeChallengeProv.secretLenBytes];
secretTextBox.Text = secretTextBox.Text.Replace(" ", string.Empty); //remove spaces
if (secretTextBox.Text.Length == KeeChallengeProv.secretLenBytes * 2)
{
for (int i = 0; i < secretTextBox.Text.Length; i += 2)
{
string b = secretTextBox.Text.Substring(i, 2);
Secret[i / 2] = Convert.ToByte(b, 16);
}
}
else
{
//invalid key
MessageBox.Show("Error: secret must be 20 bytes long");
e.Cancel = true;
return;
}
//Confirm they have a key whose secret matches this
byte[] challenge = m_parent.GenerateChallenge();
KeyEntry validate = new KeyEntry(m_parent, challenge);
if (validate.ShowDialog(this) != DialogResult.OK)
{
MessageBox.Show("Unable to get response from yubikey");
e.Cancel = true;
Array.Clear(Secret, 0, Secret.Length);
return;
}
byte[] validResp = m_parent.GenerateResponse(challenge, Secret);
for (int i = 0; i < validate.Response.Length; i++)
{
if (validate.Response[i] != validResp[i])
{
MessageBox.Show("Error: secret does not match yubikey");
e.Cancel = true;
Array.Clear(Secret, 0, Secret.Length);
return; //Error: wrong secret
}
}
Array.Clear(validate.Response, 0, validate.Response.Length);
}
GlobalWindowManager.RemoveWindow(this);
}
private byte[] Get(KeyProviderQueryContext ctx)
{
//read the challenge, iv, and encrypted secret from disk -- if missing, you must use recovery mode
byte[] encryptedSecret = null;
byte[] iv = null;
byte[] challenge = null;
byte[] verification = null;
byte[] secret = null;
if (!ReadEncryptedSecret(out encryptedSecret, out challenge, out iv, out verification))
{
secret = RecoveryMode();
EncryptAndSave(secret);
return(secret);
}
//show the dialog box prompting user to press yubikey button
byte[] resp = new byte[YubiWrapper.yubiRespLen];
KeyEntry entryForm = new KeyEntry(this, challenge);
if (entryForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
{
if (entryForm.RecoveryMode)
{
secret = RecoveryMode();
EncryptAndSave(secret);
return(secret);
}
else
{
return(null);
}
}
entryForm.Response.CopyTo(resp, 0);
Array.Clear(entryForm.Response, 0, entryForm.Response.Length);
if (DecryptSecret(encryptedSecret, resp, iv, verification, out secret))
{
if (EncryptAndSave(secret))
{
return(secret);
}
else
{
return(null);
}
}
else
{
return(null);
}
}
private byte[] Get(KeyProviderQueryContext ctx)
{
//read the challenge, iv, and encrypted secret from disk -- if missing, you must use recovery mode
byte[] encryptedSecret = null;
byte[] iv = null;
byte[] challenge = null;
byte[] verification = null;
byte[] secret = null;
if (UserChallenge)
{
ChallengeEntry challengeForm = new ChallengeEntry(this);
if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
{
return(null);
}
challenge = new byte[64];
byte[] challengeText = new byte[256];
challengeForm.Response.CopyTo(challengeText, 0);
Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later
SHA512 chall512 = SHA512Managed.Create();
challenge = chall512.ComputeHash(challengeText);
Array.Clear(challengeText, 0, 256); //clear our memory to prevent snooping later
}
else
{
if (!ReadEncryptedSecret(out encryptedSecret, out challenge, out iv, out verification))
{
secret = RecoveryMode();
EncryptAndSave(secret);
return(secret);
}
}
//show the dialog box prompting user to press yubikey button
byte[] resp = new byte[YubiWrapper.yubiRespLen];
KeyEntry entryForm = new KeyEntry(this, challenge);
if (entryForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
{
if (entryForm.RecoveryMode)
{
secret = RecoveryMode();
EncryptAndSave(secret);
return(secret);
}
else
{
return(null);
}
}
entryForm.Response.CopyTo(resp, 0);
Array.Clear(entryForm.Response, 0, entryForm.Response.Length);
//If we are using user challenges then take the response from the yubikey and hash that as our secret
if (UserChallenge)
{
SHA256 sha = SHA256Managed.Create();
byte[] hashedSecret = sha.ComputeHash(resp);
return(hashedSecret);
}
//otherwise attempt to decrypt a secret from our XML file
else
if (DecryptSecret(encryptedSecret, resp, iv, verification, out secret))
{
if (EncryptAndSave(secret))
{
return(secret);
}
else
{
return(null);
}
}
else
{
return(null);
}
}
private byte[] Create(KeyProviderQueryContext ctx)
{
KeyEntrySelection keySelectionForm = new KeyEntrySelection(this);
UserChallenge = keySelectionForm.ShowDialog() == System.Windows.Forms.DialogResult.OK;
if (UserChallenge)
{
String xmlFilePath = mInfo.Path;
String xmlAddtion = "";
if (File.Exists(xmlFilePath))
{ //if XML does exists rename it so its not detected anymore
int i = 0;
xmlFilePath = xmlFilePath + ".bak";
while (File.Exists(xmlFilePath + xmlAddtion))
{
xmlAddtion = i.ToString();
i++;
}
File.Move(mInfo.Path, xmlFilePath + xmlAddtion);
}
byte[] resp = new byte[YubiWrapper.yubiRespLen];
ChallengeEntry challengeForm = new ChallengeEntry(this);
if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
{
return(null);
}
byte[] challenge = new byte[64];
byte[] challengeText = new byte[256];
byte[] challengeTextRepeat = new byte[256];
challengeForm.Response.CopyTo(challengeText, 0);
Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later
challengeForm = new ChallengeEntry(this);
challengeForm.newKey = true;
if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
{
return(null);
}
challengeForm.Response.CopyTo(challengeTextRepeat, 0);
Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later
if (!challengeTextRepeat.SequenceEqual(challengeText))
{
MessageService.ShowWarning("Error: Challenges did not match");
return(null);
}
Array.Clear(challengeTextRepeat, 0, 256);
SHA512 chall512 = SHA512Managed.Create();
challenge = chall512.ComputeHash(challengeText);
Array.Clear(challengeText, 0, 256); //clear our memory to prevent snooping later
KeyEntry entryForm = new KeyEntry(this, challenge);
if (entryForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
{
return(null);
}
SHA256 sha = SHA256Managed.Create();
entryForm.Response.CopyTo(resp, 0);
Array.Clear(entryForm.Response, 0, entryForm.Response.Length);
byte[] hashedSecret = sha.ComputeHash(resp);
return(hashedSecret);
}
//show the entry dialog for the secret
//get the secret
KeyCreation creator = new KeyCreation(this);
if (creator.ShowDialog() != System.Windows.Forms.DialogResult.OK)
{
return(null);
}
byte[] secret = new byte[creator.Secret.Length];
Array.Copy(creator.Secret, secret, creator.Secret.Length); //probably paranoid here, but not a big performance hit
Array.Clear(creator.Secret, 0, creator.Secret.Length);
if (!EncryptAndSave(secret))
{
return(null);
}
//store the encrypted secret, the iv, and the challenge to disk
return(secret);
}