Exemplo n.º 1
0
        private byte[] Get(KeyProviderQueryContext ctx)
        {
            //read the challenge, iv, and encrypted secret from disk -- if missing, you must use recovery mode
            byte[] encryptedSecret = null;
            byte[] iv           = null;
            byte[] challenge    = null;
            byte[] verification = null;
            byte[] secret       = null;

            if (UserChallenge)
            {
                ChallengeEntry challengeForm = new ChallengeEntry(this);

                if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
                {
                    return(null);
                }

                challenge = new byte[64];
                byte[] challengeText = new byte[256];
                challengeForm.Response.CopyTo(challengeText, 0);

                Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later

                SHA512 chall512 = SHA512Managed.Create();
                challenge = chall512.ComputeHash(challengeText);

                Array.Clear(challengeText, 0, 256); //clear our memory to prevent snooping later
            }
            else
            {
                if (!ReadEncryptedSecret(out encryptedSecret, out challenge, out iv, out verification))
                {
                    secret = RecoveryMode();
                    EncryptAndSave(secret);
                    return(secret);
                }
            }
            //show the dialog box prompting user to press yubikey button
            byte[]   resp      = new byte[YubiWrapper.yubiRespLen];
            KeyEntry entryForm = new KeyEntry(this, challenge);

            if (entryForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
            {
                if (entryForm.RecoveryMode)
                {
                    secret = RecoveryMode();
                    EncryptAndSave(secret);
                    return(secret);
                }

                else
                {
                    return(null);
                }
            }

            entryForm.Response.CopyTo(resp, 0);
            Array.Clear(entryForm.Response, 0, entryForm.Response.Length);

            //If we are using user challenges then take the response from the yubikey and hash that as our secret
            if (UserChallenge)
            {
                SHA256 sha          = SHA256Managed.Create();
                byte[] hashedSecret = sha.ComputeHash(resp);
                return(hashedSecret);
            }
            //otherwise attempt to decrypt a secret from our XML file
            else
            if (DecryptSecret(encryptedSecret, resp, iv, verification, out secret))
            {
                if (EncryptAndSave(secret))
                {
                    return(secret);
                }
                else
                {
                    return(null);
                }
            }
            else
            {
                return(null);
            }
        }
Exemplo n.º 2
0
        private byte[] Create(KeyProviderQueryContext ctx)
        {
            KeyEntrySelection keySelectionForm = new KeyEntrySelection(this);

            UserChallenge = keySelectionForm.ShowDialog() == System.Windows.Forms.DialogResult.OK;

            if (UserChallenge)
            {
                String xmlFilePath = mInfo.Path;
                String xmlAddtion  = "";
                if (File.Exists(xmlFilePath))
                { //if XML does exists rename it so its not detected anymore
                    int i = 0;
                    xmlFilePath = xmlFilePath + ".bak";
                    while (File.Exists(xmlFilePath + xmlAddtion))
                    {
                        xmlAddtion = i.ToString();
                        i++;
                    }
                    File.Move(mInfo.Path, xmlFilePath + xmlAddtion);
                }

                byte[] resp = new byte[YubiWrapper.yubiRespLen];

                ChallengeEntry challengeForm = new ChallengeEntry(this);

                if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
                {
                    return(null);
                }

                byte[] challenge           = new byte[64];
                byte[] challengeText       = new byte[256];
                byte[] challengeTextRepeat = new byte[256];
                challengeForm.Response.CopyTo(challengeText, 0);

                Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later

                challengeForm        = new ChallengeEntry(this);
                challengeForm.newKey = true;

                if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
                {
                    return(null);
                }
                challengeForm.Response.CopyTo(challengeTextRepeat, 0);

                Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later
                if (!challengeTextRepeat.SequenceEqual(challengeText))
                {
                    MessageService.ShowWarning("Error: Challenges did not match");
                    return(null);
                }
                Array.Clear(challengeTextRepeat, 0, 256);

                SHA512 chall512 = SHA512Managed.Create();
                challenge = chall512.ComputeHash(challengeText);

                Array.Clear(challengeText, 0, 256); //clear our memory to prevent snooping later

                KeyEntry entryForm = new KeyEntry(this, challenge);

                if (entryForm.ShowDialog() != System.Windows.Forms.DialogResult.OK)
                {
                    return(null);
                }

                SHA256 sha = SHA256Managed.Create();
                entryForm.Response.CopyTo(resp, 0);
                Array.Clear(entryForm.Response, 0, entryForm.Response.Length);

                byte[] hashedSecret = sha.ComputeHash(resp);

                return(hashedSecret);
            }

            //show the entry dialog for the secret
            //get the secret
            KeyCreation creator = new KeyCreation(this);

            if (creator.ShowDialog() != System.Windows.Forms.DialogResult.OK)
            {
                return(null);
            }

            byte[] secret = new byte[creator.Secret.Length];

            Array.Copy(creator.Secret, secret, creator.Secret.Length); //probably paranoid here, but not a big performance hit
            Array.Clear(creator.Secret, 0, creator.Secret.Length);

            if (!EncryptAndSave(secret))
            {
                return(null);
            }

            //store the encrypted secret, the iv, and the challenge to disk

            return(secret);
        }