public void EncryptSecret() { if (m_pbSecret == null) { throw new InvalidOperationException(); } string[] vOtps = new string[m_uOtpsReq + m_uLookAhead]; ulong uCounter = m_uCounter; for (int i = 0; i < vOtps.Length; ++i) { vOtps[i] = HmacOtp.Generate(m_pbSecret, uCounter, m_uOtpLength, false, -1); ++uCounter; } m_strEncSecret = string.Empty; m_strEncIV = string.Empty; m_strTrfKey = string.Empty; m_uTrfRounds = DefaultTrfRounds; m_lSecrets.Clear(); for (int i = 0; i <= (int)m_uLookAhead; ++i) { m_lSecrets.Add(OtpUtil.EncryptSecret(m_pbSecret, vOtps, i, (int)m_uOtpsReq)); } }
private static byte[] DecryptSecretPriv(OtpEncryptedData d, string[] vOtps, int iOtpsOffset, int iOtpsCount) { if (d == null) { throw new ArgumentNullException("d"); } byte[] pbTrfKey32 = Convert.FromBase64String(d.TransformationKey); byte[] pbKey32 = OtpUtil.KeyFromOtps(vOtps, iOtpsOffset, iOtpsCount, pbTrfKey32, d.TransformationRounds); byte[] pbIV = Convert.FromBase64String(d.IV); byte[] pbSecret = OtpUtil.DecryptData(d.CipherText, pbKey32, pbIV); byte[] pbHashTrfKey32 = Convert.FromBase64String(d.PlainTextHashTransformationKey); byte[] pbHash = HashAndTransform(pbSecret, pbHashTrfKey32, d.PlainTextHashTransformationRounds); if (!MemUtil.ArraysEqual(pbHash, Convert.FromBase64String(d.PlainTextHash))) { return(null); } return(pbSecret); }
public static OtpEncryptedData EncryptSecret(byte[] pbSecret, string[] vOtps, int iOtpsOffset, int iOtpsCount) { OtpEncryptedData d = new OtpEncryptedData(); CryptoRandom r = CryptoRandom.Instance; byte[] pbIV16 = r.GetRandomBytes(16); d.IV = Convert.ToBase64String(pbIV16, Base64FormattingOptions.None); byte[] pbTrfKey32 = r.GetRandomBytes(32); d.TransformationKey = Convert.ToBase64String(pbTrfKey32, Base64FormattingOptions.None); byte[] pbKey32 = OtpUtil.KeyFromOtps(vOtps, iOtpsOffset, iOtpsCount, pbTrfKey32, d.TransformationRounds); d.CipherText = OtpUtil.EncryptData(pbSecret, pbKey32, pbIV16); byte[] pbHashTrfKey32 = r.GetRandomBytes(32); d.PlainTextHashTransformationKey = Convert.ToBase64String(pbHashTrfKey32, Base64FormattingOptions.None); byte[] pbHash = HashAndTransform(pbSecret, pbHashTrfKey32, d.PlainTextHashTransformationRounds); d.PlainTextHash = Convert.ToBase64String(pbHash, Base64FormattingOptions.None); return(d); }
/* * private static byte[] Open(KeyProviderQueryContext ctx, OtpInfo otpInfo) * { * if(otpInfo.Type != ProvType) * { * MessageService.ShowWarning("Unknown OTP generator type!"); * return null; * } * * OtpKeyPromptForm dlg = new OtpKeyPromptForm(); * dlg.InitEx(otpInfo, ctx); * if(UIUtil.ShowDialogAndDestroy(dlg) != DialogResult.OK) * return null; * * if(!CreateAuxFile(otpInfo, ctx)) return null; * return otpInfo.Secret; * } * */ /// <summary> /// Sets the "Secret" field in otpInfo based on the list of entered OTPs (lOtps) or the entered secret itself which is in format fmt /// </summary> /// based on the code in OtpKeyPromptForm.cs public void SetSecret(OtpInfo otpInfo, List <string> lOtps, string secret, OtpDataFmt?fmt) { byte[] pbSecret = EncodingUtil.ParseKey(secret, (fmt.HasValue ? fmt.Value : OtpDataFmt.Hex)); if (pbSecret != null) { otpInfo.Secret = pbSecret; return; } if (!string.IsNullOrEmpty(otpInfo.EncryptedSecret)) // < v2.0 { byte[] pbKey32 = OtpUtil.KeyFromOtps(lOtps.ToArray(), 0, lOtps.Count, Convert.FromBase64String( otpInfo.TransformationKey), otpInfo.TransformationRounds); if (pbKey32 == null) { throw new InvalidOperationException(); } pbSecret = OtpUtil.DecryptData(otpInfo.EncryptedSecret, pbKey32, Convert.FromBase64String(otpInfo.EncryptionIV)); if (pbSecret == null) { throw new InvalidOperationException(); } otpInfo.Secret = pbSecret; otpInfo.Counter += (ulong)otpInfo.OtpsRequired; } else // >= v2.0, supporting look-ahead { bool bSuccess = false; for (int i = 0; i < otpInfo.EncryptedSecrets.Count; ++i) { OtpEncryptedData d = otpInfo.EncryptedSecrets[i]; pbSecret = OtpUtil.DecryptSecret(d, lOtps.ToArray(), 0, lOtps.Count); if (pbSecret != null) { otpInfo.Secret = pbSecret; otpInfo.Counter += ((ulong)otpInfo.OtpsRequired + (ulong)i); bSuccess = true; break; } } if (!bSuccess) { throw new InvalidOperationException(); } } }