private byte[] Get(KeyProviderQueryContext ctx) { //read the challenge, iv, and encrypted secret from disk -- if missing, you must use recovery mode byte[] encryptedSecret = null; byte[] iv = null; byte[] challenge = null; byte[] verification = null; byte[] secret = null; if (UserChallenge) { ChallengeEntry challengeForm = new ChallengeEntry(this); if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK) { return(null); } challenge = new byte[64]; byte[] challengeText = new byte[256]; challengeForm.Response.CopyTo(challengeText, 0); Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later SHA512 chall512 = SHA512Managed.Create(); challenge = chall512.ComputeHash(challengeText); Array.Clear(challengeText, 0, 256); //clear our memory to prevent snooping later } else { if (!ReadEncryptedSecret(out encryptedSecret, out challenge, out iv, out verification)) { secret = RecoveryMode(); EncryptAndSave(secret); return(secret); } } //show the dialog box prompting user to press yubikey button byte[] resp = new byte[YubiWrapper.yubiRespLen]; KeyEntry entryForm = new KeyEntry(this, challenge); if (entryForm.ShowDialog() != System.Windows.Forms.DialogResult.OK) { if (entryForm.RecoveryMode) { secret = RecoveryMode(); EncryptAndSave(secret); return(secret); } else { return(null); } } entryForm.Response.CopyTo(resp, 0); Array.Clear(entryForm.Response, 0, entryForm.Response.Length); //If we are using user challenges then take the response from the yubikey and hash that as our secret if (UserChallenge) { SHA256 sha = SHA256Managed.Create(); byte[] hashedSecret = sha.ComputeHash(resp); return(hashedSecret); } //otherwise attempt to decrypt a secret from our XML file else if (DecryptSecret(encryptedSecret, resp, iv, verification, out secret)) { if (EncryptAndSave(secret)) { return(secret); } else { return(null); } } else { return(null); } }
private byte[] Create(KeyProviderQueryContext ctx) { KeyEntrySelection keySelectionForm = new KeyEntrySelection(this); UserChallenge = keySelectionForm.ShowDialog() == System.Windows.Forms.DialogResult.OK; if (UserChallenge) { String xmlFilePath = mInfo.Path; String xmlAddtion = ""; if (File.Exists(xmlFilePath)) { //if XML does exists rename it so its not detected anymore int i = 0; xmlFilePath = xmlFilePath + ".bak"; while (File.Exists(xmlFilePath + xmlAddtion)) { xmlAddtion = i.ToString(); i++; } File.Move(mInfo.Path, xmlFilePath + xmlAddtion); } byte[] resp = new byte[YubiWrapper.yubiRespLen]; ChallengeEntry challengeForm = new ChallengeEntry(this); if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK) { return(null); } byte[] challenge = new byte[64]; byte[] challengeText = new byte[256]; byte[] challengeTextRepeat = new byte[256]; challengeForm.Response.CopyTo(challengeText, 0); Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later challengeForm = new ChallengeEntry(this); challengeForm.newKey = true; if (challengeForm.ShowDialog() != System.Windows.Forms.DialogResult.OK) { return(null); } challengeForm.Response.CopyTo(challengeTextRepeat, 0); Array.Clear(challengeForm.Response, 0, 256); //clear our memory to prevent snooping later if (!challengeTextRepeat.SequenceEqual(challengeText)) { MessageService.ShowWarning("Error: Challenges did not match"); return(null); } Array.Clear(challengeTextRepeat, 0, 256); SHA512 chall512 = SHA512Managed.Create(); challenge = chall512.ComputeHash(challengeText); Array.Clear(challengeText, 0, 256); //clear our memory to prevent snooping later KeyEntry entryForm = new KeyEntry(this, challenge); if (entryForm.ShowDialog() != System.Windows.Forms.DialogResult.OK) { return(null); } SHA256 sha = SHA256Managed.Create(); entryForm.Response.CopyTo(resp, 0); Array.Clear(entryForm.Response, 0, entryForm.Response.Length); byte[] hashedSecret = sha.ComputeHash(resp); return(hashedSecret); } //show the entry dialog for the secret //get the secret KeyCreation creator = new KeyCreation(this); if (creator.ShowDialog() != System.Windows.Forms.DialogResult.OK) { return(null); } byte[] secret = new byte[creator.Secret.Length]; Array.Copy(creator.Secret, secret, creator.Secret.Length); //probably paranoid here, but not a big performance hit Array.Clear(creator.Secret, 0, creator.Secret.Length); if (!EncryptAndSave(secret)) { return(null); } //store the encrypted secret, the iv, and the challenge to disk return(secret); }