public async Task <ActionResult> DeleteConfirmed(string id) { YubiKey yubiKey = await db.YubiKeys.FindAsync(id); db.YubiKeys.Remove(yubiKey); await db.SaveChangesAsync(); return(RedirectToAction("Index")); }
public async Task <ActionResult> Edit([Bind(Include = "YubiKeyUID,Privateidentity,AESKey,Active,Counter,Time,DateAdded")] YubiKey yubiKey) { if (ModelState.IsValid) { db.Entry(yubiKey).State = EntityState.Modified; await db.SaveChangesAsync(); return(RedirectToAction("Index")); } return(View(yubiKey)); }
// GET: YubiKeys/Edit/5 public async Task <ActionResult> Edit(string id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } YubiKey yubiKey = await db.YubiKeys.FindAsync(id); if (yubiKey == null) { return(HttpNotFound()); } return(View(yubiKey)); }
public ActionResult SaveDropzoneJsUploadedFiles() { var currentUserId = User.Identity.GetUserId();; foreach (string fileName in Request.Files) { HttpPostedFileBase file = Request.Files[fileName]; string result = new StreamReader(file.InputStream).ReadToEnd(); var config = JsonConvert.DeserializeObject <YubiCryptConfig>(result); YubiKey newToken = new YubiKey { DateAdded = DateTime.Now, Active = true, Counter = 0, Time = 0, AESKey = Convert.ToBase64String(OTPValidation.StringToByteArray(config.OTPAESKey)), Privateidentity = config.OTPPrivateID, YubiKeyUID = config.OTPPublicID, SerialNumber = config.YubikeySerialNumber, YubikeyVersion = config.YubikeyVersion, NDEFEnabled = config.NDEFEnabled, UserProfile = db.Users.Where(u => u.Id == currentUserId).SingleOrDefault() }; if (config.ChallengeResponseKey != null) { var parts = config.ChallengeResponseKey.Split(':'); TFKDSecret secret = new TFKDSecret() { TFKDEncryptedSecret = parts[0], TFKDEncryptionSalt = parts[1] }; newToken.TFKDSecret = secret; } db.YubiKeys.Add(newToken); } db.SaveChanges(); return(Json(new { Message = string.Empty })); }
/// <summary> /// Toggle the Yubikey /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void yubikeyBox_CheckedChanged(object sender, EventArgs e) { if (yubikeyBox.Checked == true) { if ((PasswordType & Authenticator.PasswordTypes.YubiKeySlot1) != 0 || (PasswordType & Authenticator.PasswordTypes.YubiKeySlot2) != 0) { yubiPanelIntro.Enabled = false; yubiPanelIntro.Visible = false; yubiPanelConfigure.Visible = false; yubiConfigureIntroLabel.Visible = false; yubiPanelExists.Visible = true; yubiPanelExists.Location = yubiPanelIntro.Location; yubiPanelExists.Size = yubiPanelIntro.Size; return; } yubikeyStatusLabel.Text = "Initialising YubiKey..."; yubikeyStatusLabel.Visible = true; Task.Factory.StartNew(() => { if (this.Yubikey == null) { this.Yubikey = YubiKey.CreateInstance(); } }).ContinueWith((task) => { if (string.IsNullOrEmpty(this.Yubikey.Info.Error) == false) { yubikeyStatusLabel.Text = this.Yubikey.Info.Error; yubikeyBox.Checked = false; this.Yubikey = null; } else if (this.Yubikey.Info.Status.VersionMajor == 0) { yubikeyStatusLabel.Text = "Please insert your YubiKey"; yubikeyBox.Checked = false; this.Yubikey = null; } else { yubikeyStatusLabel.Text = string.Format("YubiKey {0}.{1}.{2}{3}", this.Yubikey.Info.Status.VersionMajor, this.Yubikey.Info.Status.VersionMinor, this.Yubikey.Info.Status.VersionBuild, (this.Yubikey.Info.Serial != 0 ? " (Serial " + this.Yubikey.Info.Serial + ")" : string.Empty)); yubiPanelIntro.Enabled = true; } }, TaskScheduler.FromCurrentSynchronizationContext()); } else { this.Yubikey = null; yubiPanelIntro.Enabled = false; yubiPanelIntro.Visible = true; yubiPanelConfigure.Visible = false; yubiConfigureIntroLabel.Visible = false; PasswordType &= ~(Authenticator.PasswordTypes.YubiKeySlot1 | Authenticator.PasswordTypes.YubiKeySlot2); } }
/// <summary> /// Decrypt a string sequence using the selected encryption types /// </summary> /// <param name="data">hex coded string sequence to decrypt</param> /// <param name="encryptedTypes">Encryption types</param> /// <param name="password">optional password</param> /// <param name="yubidata">optional yubi data</param> /// <param name="decode"></param> /// <returns>decrypted string sequence</returns> private static string DecryptSequenceNoHash(string data, PasswordTypes encryptedTypes, string password, YubiKey yubi, bool decode = false) { try { // reverse order they were encrypted if ((encryptedTypes & PasswordTypes.Machine) != 0) { // we are going to decrypt with the Windows local machine key byte[] cipher = Authenticator.StringToByteArray(data); byte[] plain = ProtectedData.Unprotect(cipher, null, DataProtectionScope.LocalMachine); if (decode == true) { data = Encoding.UTF8.GetString(plain, 0, plain.Length); } else { data = ByteArrayToString(plain); } } if ((encryptedTypes & PasswordTypes.User) != 0) { // we are going to decrypt with the Windows User account key byte[] cipher = StringToByteArray(data); byte[] plain = ProtectedData.Unprotect(cipher, null, DataProtectionScope.CurrentUser); if (decode == true) { data = Encoding.UTF8.GetString(plain, 0, plain.Length); } else { data = ByteArrayToString(plain); } } if ((encryptedTypes & PasswordTypes.Explicit) != 0) { // we use an explicit password to encrypt data if (string.IsNullOrEmpty(password) == true) { throw new EncrpytedSecretDataException(); } data = Authenticator.Decrypt(data, password, true); if (decode == true) { byte[] plain = Authenticator.StringToByteArray(data); data = Encoding.UTF8.GetString(plain, 0, plain.Length); } } if ((encryptedTypes & PasswordTypes.YubiKeySlot1) != 0 || (encryptedTypes & PasswordTypes.YubiKeySlot2) != 0) { if (string.IsNullOrEmpty(yubi.Info.Error) == false) { throw new BadYubiKeyException("Unable to detect YubiKey"); } if (yubi.Info.Status.VersionMajor == 0) { throw new BadYubiKeyException("Please insert your YubiKey"); } int slot = ((encryptedTypes & PasswordTypes.YubiKeySlot1) != 0 ? 1 : 2); string seed = data.Substring(0, SALT_LENGTH * 2); data = data.Substring(seed.Length); byte[] key = yubi.ChallengeResponse(slot, StringToByteArray(seed)); data = Authenticator.Decrypt(data, key); if (decode == true) { byte[] plain = Authenticator.StringToByteArray(data); data = Encoding.UTF8.GetString(plain, 0, plain.Length); } yubi.YubiData.Seed = seed; yubi.YubiData.Data = key; } } catch (EncrpytedSecretDataException) { throw; } catch (BadYubiKeyException ) { throw; } catch (ChallengeResponseException ex) { throw new BadYubiKeyException("Please check your YubiKey or touch the flashing button", ex); } catch (Exception ex) { throw new BadPasswordException(ex.Message, ex); } return data; }
/// <summary> /// Decrypt a string sequence using the selected encryption types /// </summary> /// <param name="data">hex coded string sequence to decrypt</param> /// <param name="encryptedTypes">Encryption types</param> /// <param name="password">optional password</param> /// <param name="yubidata">optional yubi data</param> /// <param name="decode"></param> /// <returns>decrypted string sequence</returns> public static string DecryptSequence(string data, PasswordTypes encryptedTypes, string password, YubiKey yubi, bool decode = false) { // check for encrpytion header if (data.Length < ENCRYPTION_HEADER.Length || data.IndexOf(ENCRYPTION_HEADER) != 0) { return DecryptSequenceNoHash(data, encryptedTypes, password, yubi, decode); } // extract salt and hash using (var sha = new SHA256Managed()) { // jump header int datastart = ENCRYPTION_HEADER.Length; string salt = data.Substring(datastart, Math.Min(SALT_LENGTH * 2, data.Length - datastart)); datastart += salt.Length; string hash = data.Substring(datastart, Math.Min(sha.HashSize / 8 * 2, data.Length - datastart)); datastart += hash.Length; data = data.Substring(datastart); data = DecryptSequenceNoHash(data, encryptedTypes, password, yubi); // check the hash byte[] compareplain = StringToByteArray(salt + data); string comparehash = ByteArrayToString(sha.ComputeHash(compareplain)); if (string.Compare(comparehash, hash) != 0) { throw new BadPasswordException(); } } return data; }
public static string EncryptSequence(string data, PasswordTypes passwordType, string password, YubiKey yubi) { // get hash of original var random = new RNGCryptoServiceProvider(); byte[] saltbytes = new byte[SALT_LENGTH]; random.GetBytes(saltbytes); string salt = ByteArrayToString(saltbytes); string hash; using (var sha = new SHA256Managed()) { byte[] plain = StringToByteArray(salt + data); hash = ByteArrayToString(sha.ComputeHash(plain)); } if ((passwordType & PasswordTypes.YubiKeySlot1) != 0 || (passwordType & PasswordTypes.YubiKeySlot2) != 0) { if (yubi.YubiData.Length == 0) { byte[] seed = new byte[SALT_LENGTH]; random = new RNGCryptoServiceProvider(); random.GetBytes(seed); // we encrypt the data using the hash of a random string from the YubiKey int slot = ((passwordType & PasswordTypes.YubiKeySlot1) != 0 ? 1 : 2); yubi.YubiData.Data = yubi.ChallengeResponse(slot, seed); yubi.YubiData.Seed = Authenticator.ByteArrayToString(seed); } byte[] key = yubi.YubiData.Data; string encrypted = Encrypt(data, key); // test the encryption string decrypted = Decrypt(encrypted, key); if (string.Compare(data, decrypted) != 0) { throw new InvalidEncryptionException(data, password, encrypted, decrypted); } data = yubi.YubiData.Seed + encrypted; } if ((passwordType & PasswordTypes.Explicit) != 0) { string encrypted = Encrypt(data, password); // test the encryption string decrypted = Decrypt(encrypted, password, true); if (string.Compare(data, decrypted) != 0) { throw new InvalidEncryptionException(data, password, encrypted, decrypted); } data = encrypted; } if ((passwordType & PasswordTypes.User) != 0) { // we encrypt the data using the Windows User account key byte[] plain = StringToByteArray(data); byte[] cipher = ProtectedData.Protect(plain, null, DataProtectionScope.CurrentUser); data = ByteArrayToString(cipher); } if ((passwordType & PasswordTypes.Machine) != 0) { // we encrypt the data using the Local Machine account key byte[] plain = StringToByteArray(data); byte[] cipher = ProtectedData.Protect(plain, null, DataProtectionScope.LocalMachine); data = ByteArrayToString(cipher); } // prepend the salt + hash return ENCRYPTION_HEADER + salt + hash + data; }