public async Task <ActionResult> DeleteConfirmed(string id)
{
YubiKey yubiKey = await db.YubiKeys.FindAsync(id);
db.YubiKeys.Remove(yubiKey);
await db.SaveChangesAsync();
return(RedirectToAction("Index"));
}
public async Task <ActionResult> Edit([Bind(Include = "YubiKeyUID,Privateidentity,AESKey,Active,Counter,Time,DateAdded")] YubiKey yubiKey)
{
if (ModelState.IsValid)
{
db.Entry(yubiKey).State = EntityState.Modified;
await db.SaveChangesAsync();
return(RedirectToAction("Index"));
}
return(View(yubiKey));
}
// GET: YubiKeys/Edit/5
public async Task <ActionResult> Edit(string id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
YubiKey yubiKey = await db.YubiKeys.FindAsync(id);
if (yubiKey == null)
{
return(HttpNotFound());
}
return(View(yubiKey));
}
public ActionResult SaveDropzoneJsUploadedFiles()
{
var currentUserId = User.Identity.GetUserId();;
foreach (string fileName in Request.Files)
{
HttpPostedFileBase file = Request.Files[fileName];
string result = new StreamReader(file.InputStream).ReadToEnd();
var config = JsonConvert.DeserializeObject <YubiCryptConfig>(result);
YubiKey newToken = new YubiKey
{
DateAdded = DateTime.Now,
Active = true,
Counter = 0,
Time = 0,
AESKey = Convert.ToBase64String(OTPValidation.StringToByteArray(config.OTPAESKey)),
Privateidentity = config.OTPPrivateID,
YubiKeyUID = config.OTPPublicID,
SerialNumber = config.YubikeySerialNumber,
YubikeyVersion = config.YubikeyVersion,
NDEFEnabled = config.NDEFEnabled,
UserProfile = db.Users.Where(u => u.Id == currentUserId).SingleOrDefault()
};
if (config.ChallengeResponseKey != null)
{
var parts = config.ChallengeResponseKey.Split(':');
TFKDSecret secret = new TFKDSecret()
{
TFKDEncryptedSecret = parts[0],
TFKDEncryptionSalt = parts[1]
};
newToken.TFKDSecret = secret;
}
db.YubiKeys.Add(newToken);
}
db.SaveChanges();
return(Json(new { Message = string.Empty }));
}
/// <summary>
/// Toggle the Yubikey
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void yubikeyBox_CheckedChanged(object sender, EventArgs e)
{
if (yubikeyBox.Checked == true)
{
if ((PasswordType & Authenticator.PasswordTypes.YubiKeySlot1) != 0 || (PasswordType & Authenticator.PasswordTypes.YubiKeySlot2) != 0)
{
yubiPanelIntro.Enabled = false;
yubiPanelIntro.Visible = false;
yubiPanelConfigure.Visible = false;
yubiConfigureIntroLabel.Visible = false;
yubiPanelExists.Visible = true;
yubiPanelExists.Location = yubiPanelIntro.Location;
yubiPanelExists.Size = yubiPanelIntro.Size;
return;
}
yubikeyStatusLabel.Text = "Initialising YubiKey...";
yubikeyStatusLabel.Visible = true;
Task.Factory.StartNew(() =>
{
if (this.Yubikey == null)
{
this.Yubikey = YubiKey.CreateInstance();
}
}).ContinueWith((task) =>
{
if (string.IsNullOrEmpty(this.Yubikey.Info.Error) == false)
{
yubikeyStatusLabel.Text = this.Yubikey.Info.Error;
yubikeyBox.Checked = false;
this.Yubikey = null;
}
else if (this.Yubikey.Info.Status.VersionMajor == 0)
{
yubikeyStatusLabel.Text = "Please insert your YubiKey";
yubikeyBox.Checked = false;
this.Yubikey = null;
}
else
{
yubikeyStatusLabel.Text = string.Format("YubiKey {0}.{1}.{2}{3}",
this.Yubikey.Info.Status.VersionMajor,
this.Yubikey.Info.Status.VersionMinor,
this.Yubikey.Info.Status.VersionBuild,
(this.Yubikey.Info.Serial != 0 ? " (Serial " + this.Yubikey.Info.Serial + ")" : string.Empty));
yubiPanelIntro.Enabled = true;
}
}, TaskScheduler.FromCurrentSynchronizationContext());
}
else
{
this.Yubikey = null;
yubiPanelIntro.Enabled = false;
yubiPanelIntro.Visible = true;
yubiPanelConfigure.Visible = false;
yubiConfigureIntroLabel.Visible = false;
PasswordType &= ~(Authenticator.PasswordTypes.YubiKeySlot1 | Authenticator.PasswordTypes.YubiKeySlot2);
}
}
/// <summary>
/// Decrypt a string sequence using the selected encryption types
/// </summary>
/// <param name="data">hex coded string sequence to decrypt</param>
/// <param name="encryptedTypes">Encryption types</param>
/// <param name="password">optional password</param>
/// <param name="yubidata">optional yubi data</param>
/// <param name="decode"></param>
/// <returns>decrypted string sequence</returns>
private static string DecryptSequenceNoHash(string data, PasswordTypes encryptedTypes, string password, YubiKey yubi, bool decode = false)
{
try
{
// reverse order they were encrypted
if ((encryptedTypes & PasswordTypes.Machine) != 0)
{
// we are going to decrypt with the Windows local machine key
byte[] cipher = Authenticator.StringToByteArray(data);
byte[] plain = ProtectedData.Unprotect(cipher, null, DataProtectionScope.LocalMachine);
if (decode == true)
{
data = Encoding.UTF8.GetString(plain, 0, plain.Length);
}
else
{
data = ByteArrayToString(plain);
}
}
if ((encryptedTypes & PasswordTypes.User) != 0)
{
// we are going to decrypt with the Windows User account key
byte[] cipher = StringToByteArray(data);
byte[] plain = ProtectedData.Unprotect(cipher, null, DataProtectionScope.CurrentUser);
if (decode == true)
{
data = Encoding.UTF8.GetString(plain, 0, plain.Length);
}
else
{
data = ByteArrayToString(plain);
}
}
if ((encryptedTypes & PasswordTypes.Explicit) != 0)
{
// we use an explicit password to encrypt data
if (string.IsNullOrEmpty(password) == true)
{
throw new EncrpytedSecretDataException();
}
data = Authenticator.Decrypt(data, password, true);
if (decode == true)
{
byte[] plain = Authenticator.StringToByteArray(data);
data = Encoding.UTF8.GetString(plain, 0, plain.Length);
}
}
if ((encryptedTypes & PasswordTypes.YubiKeySlot1) != 0 || (encryptedTypes & PasswordTypes.YubiKeySlot2) != 0)
{
if (string.IsNullOrEmpty(yubi.Info.Error) == false)
{
throw new BadYubiKeyException("Unable to detect YubiKey");
}
if (yubi.Info.Status.VersionMajor == 0)
{
throw new BadYubiKeyException("Please insert your YubiKey");
}
int slot = ((encryptedTypes & PasswordTypes.YubiKeySlot1) != 0 ? 1 : 2);
string seed = data.Substring(0, SALT_LENGTH * 2);
data = data.Substring(seed.Length);
byte[] key = yubi.ChallengeResponse(slot, StringToByteArray(seed));
data = Authenticator.Decrypt(data, key);
if (decode == true)
{
byte[] plain = Authenticator.StringToByteArray(data);
data = Encoding.UTF8.GetString(plain, 0, plain.Length);
}
yubi.YubiData.Seed = seed;
yubi.YubiData.Data = key;
}
}
catch (EncrpytedSecretDataException)
{
throw;
}
catch (BadYubiKeyException )
{
throw;
}
catch (ChallengeResponseException ex)
{
throw new BadYubiKeyException("Please check your YubiKey or touch the flashing button", ex);
}
catch (Exception ex)
{
throw new BadPasswordException(ex.Message, ex);
}
return data;
}
/// <summary>
/// Decrypt a string sequence using the selected encryption types
/// </summary>
/// <param name="data">hex coded string sequence to decrypt</param>
/// <param name="encryptedTypes">Encryption types</param>
/// <param name="password">optional password</param>
/// <param name="yubidata">optional yubi data</param>
/// <param name="decode"></param>
/// <returns>decrypted string sequence</returns>
public static string DecryptSequence(string data, PasswordTypes encryptedTypes, string password, YubiKey yubi, bool decode = false)
{
// check for encrpytion header
if (data.Length < ENCRYPTION_HEADER.Length || data.IndexOf(ENCRYPTION_HEADER) != 0)
{
return DecryptSequenceNoHash(data, encryptedTypes, password, yubi, decode);
}
// extract salt and hash
using (var sha = new SHA256Managed())
{
// jump header
int datastart = ENCRYPTION_HEADER.Length;
string salt = data.Substring(datastart, Math.Min(SALT_LENGTH * 2, data.Length - datastart));
datastart += salt.Length;
string hash = data.Substring(datastart, Math.Min(sha.HashSize / 8 * 2, data.Length - datastart));
datastart += hash.Length;
data = data.Substring(datastart);
data = DecryptSequenceNoHash(data, encryptedTypes, password, yubi);
// check the hash
byte[] compareplain = StringToByteArray(salt + data);
string comparehash = ByteArrayToString(sha.ComputeHash(compareplain));
if (string.Compare(comparehash, hash) != 0)
{
throw new BadPasswordException();
}
}
return data;
}
public static string EncryptSequence(string data, PasswordTypes passwordType, string password, YubiKey yubi)
{
// get hash of original
var random = new RNGCryptoServiceProvider();
byte[] saltbytes = new byte[SALT_LENGTH];
random.GetBytes(saltbytes);
string salt = ByteArrayToString(saltbytes);
string hash;
using (var sha = new SHA256Managed())
{
byte[] plain = StringToByteArray(salt + data);
hash = ByteArrayToString(sha.ComputeHash(plain));
}
if ((passwordType & PasswordTypes.YubiKeySlot1) != 0 || (passwordType & PasswordTypes.YubiKeySlot2) != 0)
{
if (yubi.YubiData.Length == 0)
{
byte[] seed = new byte[SALT_LENGTH];
random = new RNGCryptoServiceProvider();
random.GetBytes(seed);
// we encrypt the data using the hash of a random string from the YubiKey
int slot = ((passwordType & PasswordTypes.YubiKeySlot1) != 0 ? 1 : 2);
yubi.YubiData.Data = yubi.ChallengeResponse(slot, seed);
yubi.YubiData.Seed = Authenticator.ByteArrayToString(seed);
}
byte[] key = yubi.YubiData.Data;
string encrypted = Encrypt(data, key);
// test the encryption
string decrypted = Decrypt(encrypted, key);
if (string.Compare(data, decrypted) != 0)
{
throw new InvalidEncryptionException(data, password, encrypted, decrypted);
}
data = yubi.YubiData.Seed + encrypted;
}
if ((passwordType & PasswordTypes.Explicit) != 0)
{
string encrypted = Encrypt(data, password);
// test the encryption
string decrypted = Decrypt(encrypted, password, true);
if (string.Compare(data, decrypted) != 0)
{
throw new InvalidEncryptionException(data, password, encrypted, decrypted);
}
data = encrypted;
}
if ((passwordType & PasswordTypes.User) != 0)
{
// we encrypt the data using the Windows User account key
byte[] plain = StringToByteArray(data);
byte[] cipher = ProtectedData.Protect(plain, null, DataProtectionScope.CurrentUser);
data = ByteArrayToString(cipher);
}
if ((passwordType & PasswordTypes.Machine) != 0)
{
// we encrypt the data using the Local Machine account key
byte[] plain = StringToByteArray(data);
byte[] cipher = ProtectedData.Protect(plain, null, DataProtectionScope.LocalMachine);
data = ByteArrayToString(cipher);
}
// prepend the salt + hash
return ENCRYPTION_HEADER + salt + hash + data;
}
