public ActionResult Index()
{
var nutData = new NutData
{
Timestamp = DateTime.Now,
Address = IPAddress.Parse(Request.ServerVariables["REMOTE_ADDR"]),
Counter = ++Globals.Counter,
Entropy = new byte[4]
};
// just to keep the database size down, delete all nuts older than 2 minutes, but only every 10 page requests
if(Globals.Counter % 10 == 0)
{
var deleted = _nutRepository.DeleteOlderThan(DateTime.Now.AddMinutes(-2));
Console.WriteLine("{0} nuts deleted", deleted);
}
var rng = new RNGCryptoServiceProvider();
rng.GetBytes(nutData.Entropy);
var nut = HttpServerUtility.UrlTokenEncode(_sqrlServer.GenerateNut(Globals.AesKey, Globals.AesIV, nutData));
var url = string.Format("{0}/{1}",
Url.Action("Sqrl",
"Login",
null,
"sqrl",
Request.Url.Host + ":" + Request.Url.Port),
nut);
_nutRepository.Create(nut);
var barcodeWriter = new BarcodeWriter
{
Format = BarcodeFormat.QR_CODE,
Options = new EncodingOptions
{
Width = 400,
Height = 400
}
};
var image = barcodeWriter.Write(url);
MemoryStream stream = new System.IO.MemoryStream();
image.Save(stream, ImageFormat.Png);
byte[] imageBytes = stream.ToArray();
var model = new SqrlLoginModel
{
Url = url,
QrCode = Convert.ToBase64String(imageBytes),
Nut = nut
};
return View(model);
}
/// <summary>
/// Generates a nut.
/// </summary>
/// <returns>
/// The nut.
/// </returns>
/// <param name='key'>
/// An encryption key that is used on the generated data to return and encrypted nut.
/// </param>
/// <param name='iv'>
/// The initialization vector for the Rijndael cipher.
/// </param>
public byte[] GenerateNut(byte[] key, byte[] iv)
{
var rng = new RNGCryptoServiceProvider();
var nutData = new NutData
{
Address = new IPAddress(0),
Timestamp = DateTime.UtcNow,
Counter = _counter,
Entropy = new byte[4]
};
rng.GetBytes(nutData.Entropy);
_counter++;
return(GenerateNut(key, iv, nutData));
}
/// <summary>
/// Generates the nut.
/// </summary>
/// <returns>
/// The nut.
/// </returns>
/// <param name='key'>
/// An encryption key that is used on the given data to return and encrypted nut.
/// </param>
/// <param name='iv'>
/// The initialization vector for the Rijndael cipher.
/// </param>
/// <param name='data'>
/// Data to encrypt into the nut.
/// </param>
public byte[] GenerateNut(byte[] key, byte[] iv, NutData data)
{
var nutStruct = data.GetNutStruct();
return(_aesHandler.Encrypt(key, iv, nutStruct.GetBytes()));
}
/// <summary>
/// Generates a nut.
/// </summary>
/// <returns>
/// The nut.
/// </returns>
/// <param name='key'>
/// An encryption key that is used on the generated data to return and encrypted nut.
/// </param>
/// <param name='iv'>
/// The initialization vector for the Rijndael cipher.
/// </param>
public byte[] GenerateNut(byte[] key, byte[] iv)
{
var rng = new RNGCryptoServiceProvider();
var nutData = new NutData
{
Address = new IPAddress(0),
Timestamp = DateTime.UtcNow,
Counter = _counter,
Entropy = new byte[4]
};
rng.GetBytes(nutData.Entropy);
_counter++;
return GenerateNut(key, iv, nutData);
}
/// <summary>
/// Generates the nut.
/// </summary>
/// <returns>
/// The nut.
/// </returns>
/// <param name='key'>
/// An encryption key that is used on the given data to return and encrypted nut.
/// </param>
/// <param name='iv'>
/// The initialization vector for the Rijndael cipher.
/// </param>
/// <param name='data'>
/// Data to encrypt into the nut.
/// </param>
public byte[] GenerateNut(byte[] key, byte[] iv, NutData data)
{
var nutStruct = data.GetNutStruct();
return _aesHandler.Encrypt(key, iv, nutStruct.GetBytes());
}
public static void Main(string[] args)
{
ISqrlSigner signer = new SqrlSigner();
IPbkdfHandler pbkdfHandler = new PbkdfHandler();
IHmacGenerator hmac = new HmacGenerator();
ISqrlClient client = new SqrlClient(pbkdfHandler, hmac, signer);
IAesHandler aesHandler = new AesHandler();
ISqrlServer server = new SqrlServer(signer, aesHandler);
ISsssHandler ssss = new SsssHandler();
var rng = new RNGCryptoServiceProvider();
byte theByte = 0;
while(true)
{
var secret = new byte[1];
//rng.GetBytes(secret);
secret[0] = theByte;
var shares = ssss.Split(secret, 3, 4);
var subset = new Dictionary<int, byte[]>();
subset[1] = shares[1];
subset[2] = shares[2];
//subset[3] = shares[3];
subset[4] = shares[4];
//subset[5] = shares[5];
//subset[6] = shares[6];
//subset[7] = shares[7];
//subset[8] = shares[8];
//subset[9] = shares[9];
//subset[10] = shares[10];
//subset[11] = shares[11];
//subset[12] = shares[12];
//subset[13] = shares[13];
//subset[14] = shares[14];
//subset[15] = shares[15];
//subset[16] = shares[16];
//subset[17] = shares[17];
//subset[18] = shares[18];
//subset[19] = shares[19];
//subset[20] = shares[20];
//subset[21] = shares[21];
//subset[22] = shares[22];
//subset[23] = shares[23];
//subset[24] = shares[24];
//subset[25] = shares[25];
var reconstructedSecret = ssss.Restore(subset);
if(!secret.SequenceEqual(reconstructedSecret))
{
Console.WriteLine("the byte: {0}", theByte);
foreach(var share in shares)
{
Console.WriteLine("{0}-{1}", share.Key, BitConverter.ToString(share.Value).Replace("-", ""));
}
Console.WriteLine("{0}", Convert.ToBase64String(secret));
Console.WriteLine("{0}", Convert.ToBase64String(reconstructedSecret));
break;
}
theByte++;
if(theByte == 0)
{
Console.WriteLine("Success!");
break;
}
}
Console.Write("Password: "******"Password verified");
}
var nutData = new NutData
{
Address = IPAddress.Parse("172.8.92.254"),
Timestamp = DateTime.UtcNow,
Counter = 4,
Entropy = new byte[4]
};
var aesKey = new byte[16];
var aesIV = new byte[16];
rng.GetBytes(aesKey);
rng.GetBytes(aesIV);
var nut = HttpServerUtility.UrlTokenEncode(server.GenerateNut(aesKey, aesIV, nutData));
var protocol = "sqrl://";
var urlBase = "www.example.com/sqrl/";
var url = string.Format("{0}{1}{2}", protocol, urlBase, nut);
var sqrlData = client.GetSqrlDataForLogin(identity.MasterIdentityKey, password, identity.Salt, url);
var decryptedSignature = signer.Verify(sqrlData.PublicKey, sqrlData.Signature);
// This is the data that the client passes to the server
Console.WriteLine("Url: {0}", sqrlData.Url);
Console.WriteLine("Public Key: {0}", Convert.ToBase64String(sqrlData.PublicKey));
Console.WriteLine("Signature: {0}", Convert.ToBase64String(sqrlData.Signature));
Console.WriteLine("Decrypted Signature: {0}", Encoding.UTF8.GetString(decryptedSignature));
Console.WriteLine();
Console.WriteLine("=========== Server ===========");
// The server will verify that the data sent from the client matches what is expected
Console.WriteLine("Verified by server: {0}", server.VerifySqrlRequest(sqrlData, string.Format("{0}{1}", urlBase, nut)));
}