mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 3.6.0

Browse Source 
Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
This commit is contained in:
Jo Shields
2014-08-13 10:39:27 +01:00
commit a575963da9
50588 changed files with 8155799 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
mcs/class/System.Security/Mono.Security.Cryptography/ChangeLog Normal file
View File

@@ -0,0 +1,16 @@
2008-02-10 Sebastien Pouliot <sebastien@ximian.com>
* NativeDapiProtection.cs: Don't call GetLastWin32Error so late and
use the value we already have from a previous call. Found using
Gendarme.
2005-10-27 Sebastien Pouliot <sebastien@ximian.com>
* NativeDapiProtection.cs: New. Native access to DPAPI (Data
Protection API) to implement ProtectedData on Windows (requires
Windows 2000 or later).
2005-10-20 Sebastien Pouliot <sebastien@ximian.com>
* ManagedProtection.cs: New. A managed class similar to ProtectedData.
Source code will be reused in other assemblies to protect data.

270
mcs/class/System.Security/Mono.Security.Cryptography/ManagedProtection.cs Normal file
View File

@@ -0,0 +1,270 @@
//
// ManagedProtection.cs -
// Protect (encrypt) data without (user involved) key management
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Cryptography;
using System.Security.Permissions;
namespace Mono.Security.Cryptography {
// Managed Protection Implementation
//
// Features
// * Separate RSA 1536 bits keypairs for each user and the computer
// * AES 128 bits encryption (separate key for each data protected)
// * SHA256 digest to ensure integrity
#if !NET_2_0
internal enum DataProtectionScope {
CurrentUser,
LocalMachine
}
#endif
internal static class ManagedProtection {
// FIXME [KeyContainerPermission (SecurityAction.Assert, KeyContainerName = "DAPI",
// Flags = KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Create)]
public static byte[] Protect (byte[] userData, byte[] optionalEntropy, DataProtectionScope scope)
{
if (userData == null)
throw new ArgumentNullException ("userData");
Rijndael aes = Rijndael.Create ();
aes.KeySize = 128;
byte[] encdata = null;
using (MemoryStream ms = new MemoryStream ()) {
ICryptoTransform t = aes.CreateEncryptor ();
using (CryptoStream cs = new CryptoStream (ms, t, CryptoStreamMode.Write)) {
cs.Write (userData, 0, userData.Length);
cs.Close ();
encdata = ms.ToArray ();
}
}
byte[] key = null;
byte[] iv = null;
byte[] secret = null;
byte[] header = null;
SHA256 hash = SHA256.Create ();
try {
key = aes.Key;
iv = aes.IV;
secret = new byte[1 + 1 + 16 + 1 + 16 + 1 + 32];
byte[] digest = hash.ComputeHash (userData);
if ((optionalEntropy != null) && (optionalEntropy.Length > 0)) {
// the same optionalEntropy will be required to get the data back
byte[] mask = hash.ComputeHash (optionalEntropy);
for (int i = 0; i < 16; i++) {
key[i] ^= mask[i];
iv[i] ^= mask[i + 16];
}
secret[0] = 2; // entropy
} else {
secret[0] = 1; // without entropy
}
secret[1] = 16; // key size
Buffer.BlockCopy (key, 0, secret, 2, 16);
secret[18] = 16; // iv size
Buffer.BlockCopy (iv, 0, secret, 19, 16);
secret[35] = 32; // digest size
Buffer.BlockCopy (digest, 0, secret, 36, 32);
RSAOAEPKeyExchangeFormatter formatter = new RSAOAEPKeyExchangeFormatter (GetKey (scope));
header = formatter.CreateKeyExchange (secret);
}
finally {
if (key != null) {
Array.Clear (key, 0, key.Length);
key = null;
}
if (secret != null) {
Array.Clear (secret, 0, secret.Length);
secret = null;
}
if (iv != null) {
Array.Clear (iv, 0, iv.Length);
iv = null;
}
aes.Clear ();
hash.Clear ();
}
byte[] result = new byte[header.Length + encdata.Length];
Buffer.BlockCopy (header, 0, result, 0, header.Length);
Buffer.BlockCopy (encdata, 0, result, header.Length, encdata.Length);
return result;
}
// FIXME [KeyContainerPermission (SecurityAction.Assert, KeyContainerName = "DAPI",
// Flags = KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Decrypt)]
public static byte[] Unprotect (byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope)
{
if (encryptedData == null)
throw new ArgumentNullException ("encryptedData");
byte[] decdata = null;
Rijndael aes = Rijndael.Create ();
RSA rsa = GetKey (scope);
int headerSize = (rsa.KeySize >> 3);
bool valid1 = (encryptedData.Length >= headerSize);
if (!valid1)
headerSize = encryptedData.Length;
byte[] header = new byte[headerSize];
Buffer.BlockCopy (encryptedData, 0, header, 0, headerSize);
byte[] secret = null;
byte[] key = null;
byte[] iv = null;
bool valid2 = false;
bool valid3 = false;
bool valid4 = false;
SHA256 hash = SHA256.Create ();
try {
try {
RSAOAEPKeyExchangeDeformatter deformatter = new RSAOAEPKeyExchangeDeformatter (rsa);
secret = deformatter.DecryptKeyExchange (header);
valid2 = (secret.Length == 68);
}
catch {
valid2 = false;
}
if (!valid2)
secret = new byte[68];
// known values for structure (version 1 or 2)
valid3 = ((secret[1] == 16) && (secret[18] == 16) && (secret[35] == 32));
key = new byte [16];
Buffer.BlockCopy (secret, 2, key, 0, 16);
iv = new byte [16];
Buffer.BlockCopy (secret, 19, iv, 0, 16);
if ((optionalEntropy != null) && (optionalEntropy.Length > 0)) {
// the decrypted data won't be valid if the entropy isn't
// the same as the one used to protect (encrypt) it
byte[] mask = hash.ComputeHash (optionalEntropy);
for (int i = 0; i < 16; i++) {
key[i] ^= mask[i];
iv[i] ^= mask[i + 16];
}
valid3 &= (secret[0] == 2); // with entropy
} else {
valid3 &= (secret[0] == 1); // without entropy
}
using (MemoryStream ms = new MemoryStream ()) {
ICryptoTransform t = aes.CreateDecryptor (key, iv);
using (CryptoStream cs = new CryptoStream (ms, t, CryptoStreamMode.Write)) {
try {
cs.Write (encryptedData, headerSize, encryptedData.Length - headerSize);
cs.Close ();
}
catch {
// whatever, we keep going
}
}
decdata = ms.ToArray ();
}
byte[] digest = hash.ComputeHash (decdata);
valid4 = true;
for (int i=0; i < 32; i++) {
if (digest [i] != secret [36 + i])
valid4 = false;
}
}
finally {
if (key != null) {
Array.Clear (key, 0, key.Length);
key = null;
}
if (secret != null) {
Array.Clear (secret, 0, secret.Length);
secret = null;
}
if (iv != null) {
Array.Clear (iv, 0, iv.Length);
iv = null;
}
aes.Clear ();
hash.Clear ();
}
// single point of error (also limits timing informations)
if (!valid1 || !valid2 || !valid3 || !valid4) {
if (decdata != null) {
Array.Clear (decdata, 0, decdata.Length);
decdata = null;
}
throw new CryptographicException (Locale.GetText ("Invalid data."));
}
return decdata;
}
// private stuff
private static RSA user;
private static RSA machine;
private static RSA GetKey (DataProtectionScope scope)
{
switch (scope) {
case DataProtectionScope.CurrentUser:
if (user == null) {
CspParameters csp = new CspParameters ();
csp.KeyContainerName = "DAPI";
user = new RSACryptoServiceProvider (1536, csp);
}
return user;
case DataProtectionScope.LocalMachine:
if (machine == null) {
CspParameters csp = new CspParameters ();
csp.KeyContainerName = "DAPI";
csp.Flags = CspProviderFlags.UseMachineKeyStore;
machine = new RSACryptoServiceProvider (1536, csp);
}
return machine;
default:
throw new CryptographicException (Locale.GetText ("Invalid scope."));
}
}
}
}

227
mcs/class/System.Security/Mono.Security.Cryptography/NativeDapiProtection.cs Normal file
View File

@@ -0,0 +1,227 @@
//
// NativeDapiProtection.cs -
// Protect (encrypt) data without (user involved) key management
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Cryptography;
using System.Security.Permissions;
namespace Mono.Security.Cryptography {
// DAPI is only available in Windows 2000 and later operating systems
// see ManagedProtection for other platforms
// notes:
// * no need to assert KeyContainerPermission here as unmanaged code can
// do what it wants;
// * which is why we also need the [SuppressUnmanagedCodeSecurity]
// attribute on each native function (so we don't require UnmanagedCode)
internal class NativeDapiProtection {
private const uint CRYPTPROTECT_UI_FORBIDDEN = 0x1;
private const uint CRYPTPROTECT_LOCAL_MACHINE = 0x4;
[StructLayout (LayoutKind.Sequential, CharSet = CharSet.Auto)]
private struct DATA_BLOB {
private int cbData;
private IntPtr pbData;
public void Alloc (int size)
{
if (size > 0) {
pbData = Marshal.AllocHGlobal (size);
cbData = size;
}
}
public void Alloc (byte[] managedMemory)
{
if (managedMemory != null) {
int size = managedMemory.Length;
pbData = Marshal.AllocHGlobal (size);
cbData = size;
Marshal.Copy (managedMemory, 0, pbData, cbData);
}
}
public void Free ()
{
if (pbData != IntPtr.Zero) {
// clear copied memory!
ZeroMemory (pbData, cbData);
Marshal.FreeHGlobal (pbData);
pbData = IntPtr.Zero;
cbData = 0;
}
}
public byte[] ToBytes ()
{
if (cbData <= 0)
return new byte [0];
byte[] managedMemory = new byte[cbData];
Marshal.Copy (pbData, managedMemory, 0, cbData);
return managedMemory;
}
}
[StructLayout (LayoutKind.Sequential, CharSet = CharSet.Auto)]
private struct CRYPTPROTECT_PROMPTSTRUCT {
private int cbSize;
private uint dwPromptFlags;
private IntPtr hwndApp;
private string szPrompt;
public CRYPTPROTECT_PROMPTSTRUCT (uint flags)
{
cbSize = Marshal.SizeOf (typeof (CRYPTPROTECT_PROMPTSTRUCT));
dwPromptFlags = flags;
hwndApp = IntPtr.Zero;
szPrompt = null;
}
}
// http://msdn.microsoft.com/library/en-us/seccrypto/security/cryptprotectdata.asp
[SuppressUnmanagedCodeSecurity]
[DllImport ("crypt32.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto)]
private static extern bool CryptProtectData (ref DATA_BLOB pDataIn, string szDataDescr, ref DATA_BLOB pOptionalEntropy,
IntPtr pvReserved, ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, uint dwFlags, ref DATA_BLOB pDataOut);
// http://msdn.microsoft.com/library/en-us/seccrypto/security/cryptunprotectdata.asp
[SuppressUnmanagedCodeSecurity]
[DllImport ("crypt32.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto)]
private static extern bool CryptUnprotectData (ref DATA_BLOB pDataIn, string szDataDescr, ref DATA_BLOB pOptionalEntropy,
IntPtr pvReserved, ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, uint dwFlags, ref DATA_BLOB pDataOut);
// http://msdn.microsoft.com/library/en-us/memory/base/zeromemory.asp
// note: SecureZeroMemory is an inline function (and can't be used here)
// anyway I don't think the CLR will optimize this call away (like a C/C++ compiler could do)
[SuppressUnmanagedCodeSecurity]
[DllImport ("kernel32.dll", EntryPoint = "RtlZeroMemory", SetLastError = false, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto)]
private static extern void ZeroMemory (IntPtr dest, int size);
// managed helpers
public static byte[] Protect (byte[] userData, byte[] optionalEntropy, DataProtectionScope scope)
{
byte[] encdata = null;
int hr = 0;
DATA_BLOB data = new DATA_BLOB ();
DATA_BLOB entropy = new DATA_BLOB ();
DATA_BLOB cipher = new DATA_BLOB ();
try {
CRYPTPROTECT_PROMPTSTRUCT prompt = new CRYPTPROTECT_PROMPTSTRUCT (0);
data.Alloc (userData);
entropy.Alloc (optionalEntropy);
// note: the scope/flags has already been check by the public caller
uint flags = CRYPTPROTECT_UI_FORBIDDEN;
if (scope == DataProtectionScope.LocalMachine)
flags |= CRYPTPROTECT_LOCAL_MACHINE;
// note: on Windows 2000 the string parameter *cannot* be null
if (CryptProtectData (ref data, String.Empty, ref entropy, IntPtr.Zero,
ref prompt, flags, ref cipher)) {
// copy encrypted data back to managed codde
encdata = cipher.ToBytes ();
} else {
hr = Marshal.GetLastWin32Error ();
}
}
catch (Exception ex) {
string msg = Locale.GetText ("Error protecting data.");
throw new CryptographicException (msg, ex);
}
finally {
cipher.Free ();
data.Free ();
entropy.Free ();
}
if ((encdata == null) || (hr != 0)) {
throw new CryptographicException (hr);
}
return encdata;
}
public static byte[] Unprotect (byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope)
{
byte[] decdata = null;
int hr = 0;
DATA_BLOB cipher = new DATA_BLOB ();
DATA_BLOB entropy = new DATA_BLOB ();
DATA_BLOB data = new DATA_BLOB ();
try {
CRYPTPROTECT_PROMPTSTRUCT prompt = new CRYPTPROTECT_PROMPTSTRUCT (0);
cipher.Alloc (encryptedData);
entropy.Alloc (optionalEntropy);
// note: the scope/flags has already been check by the public caller
uint flags = CRYPTPROTECT_UI_FORBIDDEN;
if (scope == DataProtectionScope.LocalMachine)
flags |= CRYPTPROTECT_LOCAL_MACHINE;
if (CryptUnprotectData (ref cipher, null, ref entropy, IntPtr.Zero,
ref prompt, flags, ref data)) {
// copy decrypted data back to managed codde
decdata = data.ToBytes ();
} else {
hr = Marshal.GetLastWin32Error ();
}
}
catch (Exception ex) {
string msg = Locale.GetText ("Error protecting data.");
throw new CryptographicException (msg, ex);
}
finally {
cipher.Free ();
data.Free ();
entropy.Free ();
}
if ((decdata == null) || (hr != 0)) {
throw new CryptographicException (hr);
}
return decdata;
}
}
}
#endif