private static byte[] DecryptSecretPriv(OtpEncryptedData d, string[] vOtps,
int iOtpsOffset, int iOtpsCount)
{
if (d == null)
{
throw new ArgumentNullException("d");
}
byte[] pbTrfKey32 = Convert.FromBase64String(d.TransformationKey);
byte[] pbKey32 = OtpUtil.KeyFromOtps(vOtps, iOtpsOffset, iOtpsCount,
pbTrfKey32, d.TransformationRounds);
byte[] pbIV = Convert.FromBase64String(d.IV);
byte[] pbSecret = OtpUtil.DecryptData(d.CipherText, pbKey32, pbIV);
byte[] pbHashTrfKey32 = Convert.FromBase64String(d.PlainTextHashTransformationKey);
byte[] pbHash = HashAndTransform(pbSecret, pbHashTrfKey32,
d.PlainTextHashTransformationRounds);
if (!MemUtil.ArraysEqual(pbHash, Convert.FromBase64String(d.PlainTextHash)))
{
return(null);
}
return(pbSecret);
}
public static byte[] DecryptSecret(OtpEncryptedData d, string[] vOtps,
int iOtpsOffset, int iOtpsCount)
{
try { return(DecryptSecretPriv(d, vOtps, iOtpsOffset, iOtpsCount)); }
catch (Exception) { Debug.Assert(false); }
return(null);
}
public static OtpEncryptedData EncryptSecret(byte[] pbSecret, string[] vOtps,
int iOtpsOffset, int iOtpsCount)
{
OtpEncryptedData d = new OtpEncryptedData();
CryptoRandom r = CryptoRandom.Instance;
byte[] pbIV16 = r.GetRandomBytes(16);
d.IV = Convert.ToBase64String(pbIV16, Base64FormattingOptions.None);
byte[] pbTrfKey32 = r.GetRandomBytes(32);
d.TransformationKey = Convert.ToBase64String(pbTrfKey32, Base64FormattingOptions.None);
byte[] pbKey32 = OtpUtil.KeyFromOtps(vOtps, iOtpsOffset, iOtpsCount,
pbTrfKey32, d.TransformationRounds);
d.CipherText = OtpUtil.EncryptData(pbSecret, pbKey32, pbIV16);
byte[] pbHashTrfKey32 = r.GetRandomBytes(32);
d.PlainTextHashTransformationKey = Convert.ToBase64String(pbHashTrfKey32,
Base64FormattingOptions.None);
byte[] pbHash = HashAndTransform(pbSecret, pbHashTrfKey32,
d.PlainTextHashTransformationRounds);
d.PlainTextHash = Convert.ToBase64String(pbHash, Base64FormattingOptions.None);
return(d);
}
public static byte[] DecryptSecret(OtpEncryptedData d, string[] vOtps,
int iOtpsOffset, int iOtpsCount)
{
try { return DecryptSecretPriv(d, vOtps, iOtpsOffset, iOtpsCount); }
catch(Exception) { Debug.Assert(false); }
return null;
}
/*
* private static byte[] Open(KeyProviderQueryContext ctx, OtpInfo otpInfo)
* {
* if(otpInfo.Type != ProvType)
* {
* MessageService.ShowWarning("Unknown OTP generator type!");
* return null;
* }
*
* OtpKeyPromptForm dlg = new OtpKeyPromptForm();
* dlg.InitEx(otpInfo, ctx);
* if(UIUtil.ShowDialogAndDestroy(dlg) != DialogResult.OK)
* return null;
*
* if(!CreateAuxFile(otpInfo, ctx)) return null;
* return otpInfo.Secret;
* }
* */
/// <summary>
/// Sets the "Secret" field in otpInfo based on the list of entered OTPs (lOtps) or the entered secret itself which is in format fmt
/// </summary>
/// based on the code in OtpKeyPromptForm.cs
public void SetSecret(OtpInfo otpInfo, List <string> lOtps, string secret, OtpDataFmt?fmt)
{
byte[] pbSecret = EncodingUtil.ParseKey(secret,
(fmt.HasValue ? fmt.Value : OtpDataFmt.Hex));
if (pbSecret != null)
{
otpInfo.Secret = pbSecret;
return;
}
if (!string.IsNullOrEmpty(otpInfo.EncryptedSecret)) // < v2.0
{
byte[] pbKey32 = OtpUtil.KeyFromOtps(lOtps.ToArray(), 0,
lOtps.Count, Convert.FromBase64String(
otpInfo.TransformationKey), otpInfo.TransformationRounds);
if (pbKey32 == null)
{
throw new InvalidOperationException();
}
pbSecret = OtpUtil.DecryptData(otpInfo.EncryptedSecret,
pbKey32, Convert.FromBase64String(otpInfo.EncryptionIV));
if (pbSecret == null)
{
throw new InvalidOperationException();
}
otpInfo.Secret = pbSecret;
otpInfo.Counter += (ulong)otpInfo.OtpsRequired;
}
else // >= v2.0, supporting look-ahead
{
bool bSuccess = false;
for (int i = 0; i < otpInfo.EncryptedSecrets.Count; ++i)
{
OtpEncryptedData d = otpInfo.EncryptedSecrets[i];
pbSecret = OtpUtil.DecryptSecret(d, lOtps.ToArray(), 0,
lOtps.Count);
if (pbSecret != null)
{
otpInfo.Secret = pbSecret;
otpInfo.Counter += ((ulong)otpInfo.OtpsRequired +
(ulong)i);
bSuccess = true;
break;
}
}
if (!bSuccess)
{
throw new InvalidOperationException();
}
}
}
public static OtpEncryptedData EncryptSecret(byte[] pbSecret, string[] vOtps,
int iOtpsOffset, int iOtpsCount)
{
OtpEncryptedData d = new OtpEncryptedData();
CryptoRandom r = CryptoRandom.Instance;
byte[] pbIV16 = r.GetRandomBytes(16);
d.IV = Convert.ToBase64String(pbIV16, Base64FormattingOptions.None);
byte[] pbTrfKey32 = r.GetRandomBytes(32);
d.TransformationKey = Convert.ToBase64String(pbTrfKey32, Base64FormattingOptions.None);
byte[] pbKey32 = OtpUtil.KeyFromOtps(vOtps, iOtpsOffset, iOtpsCount,
pbTrfKey32, d.TransformationRounds);
d.CipherText = OtpUtil.EncryptData(pbSecret, pbKey32, pbIV16);
byte[] pbHashTrfKey32 = r.GetRandomBytes(32);
d.PlainTextHashTransformationKey = Convert.ToBase64String(pbHashTrfKey32,
Base64FormattingOptions.None);
byte[] pbHash = HashAndTransform(pbSecret, pbHashTrfKey32,
d.PlainTextHashTransformationRounds);
d.PlainTextHash = Convert.ToBase64String(pbHash, Base64FormattingOptions.None);
return d;
}
private static byte[] DecryptSecretPriv(OtpEncryptedData d, string[] vOtps,
int iOtpsOffset, int iOtpsCount)
{
if(d == null) throw new ArgumentNullException("d");
byte[] pbTrfKey32 = Convert.FromBase64String(d.TransformationKey);
byte[] pbKey32 = OtpUtil.KeyFromOtps(vOtps, iOtpsOffset, iOtpsCount,
pbTrfKey32, d.TransformationRounds);
byte[] pbIV = Convert.FromBase64String(d.IV);
byte[] pbSecret = OtpUtil.DecryptData(d.CipherText, pbKey32, pbIV);
byte[] pbHashTrfKey32 = Convert.FromBase64String(d.PlainTextHashTransformationKey);
byte[] pbHash = HashAndTransform(pbSecret, pbHashTrfKey32,
d.PlainTextHashTransformationRounds);
if(!MemUtil.ArraysEqual(pbHash, Convert.FromBase64String(d.PlainTextHash)))
return null;
return pbSecret;
}
