Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

mcs/class/System.Security/System.Security.Cryptography/ChangeLog

@@ -0,0 +1,42 @@
+2009-06-05  Marek Safar  <marek.safar@gmail.com>
+
+	* *.cs: Fixed NET_2_0 conditional to actually handle Mono.Security
+	dependency.
+
+2005-10-27  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* ProtectedData.cs: Added support for Windows (2000 and later) by 
+	p/invoking DPAPI thru Mono.Security.Cryptography.NativeDapiProtection.
+
+2005-10-20  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* CryptographicAttributeCollection.cs: Fixed Add and Remove methods.
+	* ProtectedMemory.cs: Implemented (unmanaged) for Windows only.
+	* ProtectedData.cs: Implemented for everything except Windows ;-) by
+	using the new ManagedProtection class.
+
+2005-09-26  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* Asn*.cs, Oid*.cs: Moved to System.dll
+
+2005-04-23  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* CryptographicAttribute.cs: Renamed class to CryptographicAttribute
+	Object to match beta2.
+	* CryptographicAttributeCollection.cs: Renamed class to Cryptographic
+	AttributeObjectCollection to match beta2.
+	* CryptographicAttributeEnumerator.cs: Renamed class to Cryptographic
+	AttributeObjectEnumerator to match beta2.
+
+2005-01-13  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* CryptographicAttribute.cs: Fixed implementation with updated unit
+	tests.
+
+2004-07-08  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* CryptographicAttribute.cs: New. Moved from S.S.C.Pkcs.
+	* CryptographicAttributeCollection.cs: New. Replace S.S.C.Pkcs.
+	Pkcs9AttributeCollection.
+	* CryptographicAttributeEnumerator.cs: New. Replace S.S.C.Pkcs.
+	Pkcs9AttributeEnumerator.

mcs/class/System.Security/System.Security.Cryptography/CryptographicAttribute.cs

@@ -0,0 +1,76 @@
+//
+// System.Security.Cryptography.CryptographicAttributeObject class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0 && SECURITY_DEP
+
+using System.Collections;
+
+namespace System.Security.Cryptography {
+
+	public sealed class CryptographicAttributeObject {
+
+		private Oid _oid;
+		private AsnEncodedDataCollection _list;
+
+		// constructors
+
+		public CryptographicAttributeObject (Oid oid) 
+		{
+			if (oid == null)
+				throw new ArgumentNullException ("oid");
+
+			_oid = new Oid (oid);
+			_list = new AsnEncodedDataCollection ();
+		}
+
+		public CryptographicAttributeObject (Oid oid,	AsnEncodedDataCollection values)
+		{
+			if (oid == null)
+				throw new ArgumentNullException ("oid");
+
+			_oid = new Oid (oid);
+			if (values == null)
+				_list = new AsnEncodedDataCollection ();
+			else
+				_list = values;
+		}
+
+		// properties
+
+		public Oid Oid { 
+			get { return _oid; }
+		}
+
+		public AsnEncodedDataCollection Values { 
+			get { return _list; }
+		}
+	}
+}
+
+#endif

mcs/class/System.Security/System.Security.Cryptography/CryptographicAttributeCollection.cs

@@ -0,0 +1,134 @@
+//
+// System.Security.Cryptography.CryptographicAttributeObjectCollection class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0 && SECURITY_DEP
+
+using System.Collections;
+
+namespace System.Security.Cryptography {
+
+	public sealed class CryptographicAttributeObjectCollection : ICollection, IEnumerable {
+
+		private ArrayList _list;
+
+		public CryptographicAttributeObjectCollection () 
+		{
+			_list = new ArrayList ();
+		}
+
+		public CryptographicAttributeObjectCollection (CryptographicAttributeObject attribute)
+			: this ()
+		{
+			_list.Add (attribute);
+		}
+
+		// properties
+
+		public int Count {
+			get { return _list.Count; }
+		}
+
+		public bool IsSynchronized {
+			get { return _list.IsSynchronized; }
+		}
+
+		public CryptographicAttributeObject this [int index] {
+			get { return (CryptographicAttributeObject) _list [index]; }
+		}
+
+		public object SyncRoot {
+			get { return this; }
+		}
+
+		// methods
+
+		public int Add (AsnEncodedData asnEncodedData)
+		{
+			if (asnEncodedData == null)
+				throw new ArgumentNullException ("asnEncodedData");
+
+			AsnEncodedDataCollection coll = new AsnEncodedDataCollection (asnEncodedData);
+			return Add (new CryptographicAttributeObject (asnEncodedData.Oid, coll));
+		}
+
+		public int Add (CryptographicAttributeObject attribute)
+		{
+			if (attribute == null)
+				throw new ArgumentNullException ("attribute");
+
+			int existing = -1;
+			string oid = attribute.Oid.Value;
+			for (int i=0; i < _list.Count; i++) {
+				if ((_list[i] as CryptographicAttributeObject).Oid.Value == oid) {
+					existing = i;
+					break;
+				}
+			}
+			if (existing >= 0) {
+				CryptographicAttributeObject cao = this[existing];
+				foreach (AsnEncodedData value in attribute.Values) {
+					cao.Values.Add (value);
+				}
+				return existing;
+			} else {
+				return _list.Add (attribute);
+			}
+		}
+
+		public void CopyTo (CryptographicAttributeObject[] array, int index)
+		{
+			_list.CopyTo (array, index);
+		}
+
+		void ICollection.CopyTo (Array array, int index)
+		{
+			_list.CopyTo (array, index);
+		}
+
+		public CryptographicAttributeObjectEnumerator GetEnumerator () 
+		{
+			return new CryptographicAttributeObjectEnumerator (_list);
+		}
+
+		IEnumerator IEnumerable.GetEnumerator () 
+		{
+			return new CryptographicAttributeObjectEnumerator (_list);
+		}
+
+		public void Remove (CryptographicAttributeObject attribute) 
+		{
+			if (attribute == null)
+				throw new ArgumentNullException ("attribute");
+
+			_list.Remove (attribute);
+		}
+	}
+}
+
+#endif

mcs/class/System.Security/System.Security.Cryptography/CryptographicAttributeEnumerator.cs

@@ -0,0 +1,71 @@
+//
+// System.Security.Cryptography.CryptographicAttributeObjectEnumerator class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0 && SECURITY_DEP
+
+using System.Collections;
+
+namespace System.Security.Cryptography {
+
+	public sealed class CryptographicAttributeObjectEnumerator : IEnumerator {
+
+		private IEnumerator enumerator;
+
+		// constructors
+
+		internal CryptographicAttributeObjectEnumerator (IEnumerable enumerable) 
+		{
+			enumerator = enumerable.GetEnumerator ();
+		}
+
+		// properties
+
+		public CryptographicAttributeObject Current {
+			get { return (CryptographicAttributeObject) enumerator.Current; }
+		}
+
+		object IEnumerator.Current {
+			get { return enumerator.Current; }
+		}
+
+		// methods
+
+		public bool MoveNext () 
+		{
+			return enumerator.MoveNext ();
+		}
+
+		public void Reset ()
+		{
+			enumerator.Reset ();
+		}
+	}
+}
+
+#endif

mcs/class/System.Security/System.Security.Cryptography/DataProtectionScope.cs

@@ -0,0 +1,45 @@
+//
+// DataProtectionScope.cs: Scope for ProtectData
+//
+// Author:
+//	Sebastien Pouliot (spouliot@motus.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+//
+
+//
+// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography {
+
+	public enum DataProtectionScope {
+		CurrentUser,
+		LocalMachine
+ 	}
+}
+
+#endif

mcs/class/System.Security/System.Security.Cryptography/MemoryProtectionScope.cs

@@ -0,0 +1,46 @@
+//
+// MemoryProtectionScope.cs: Scope for ProtectMemory
+//
+// Author:
+//	Sebastien Pouliot (spouliot@motus.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+//
+
+//
+// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography {
+
+	public enum MemoryProtectionScope {
+		SameProcess,
+		CrossProcess,
+		SameLogon
+	} 
+}
+
+#endif

mcs/class/System.Security/System.Security.Cryptography/ProtectedData.cs

@@ -0,0 +1,163 @@
+//
+// ProtectedData.cs: Protect (encrypt) data without (user involved) key management
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+
+using Mono.Security.Cryptography;
+
+namespace System.Security.Cryptography {
+
+	// References:
+	// a.	Windows Data Protection
+	//	http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp?frame=true
+
+	public sealed class ProtectedData {
+
+		private ProtectedData ()
+		{
+		}
+
+// FIXME	[DataProtectionPermission (SecurityAction.Demand, ProtectData = true)]
+		public static byte[] Protect (byte[] userData, byte[] optionalEntropy, DataProtectionScope scope) 
+		{
+			if (userData == null)
+				throw new ArgumentNullException ("userData");
+
+			// on Windows this is supported only under 2000 and later OS
+			Check (scope);
+
+			switch (impl) {
+			case DataProtectionImplementation.ManagedProtection:
+				try {
+					return ManagedProtection.Protect (userData, optionalEntropy, scope);
+				}
+				catch (Exception e) {
+					string msg = Locale.GetText ("Data protection failed.");
+					throw new CryptographicException (msg, e);
+				}
+			case DataProtectionImplementation.Win32CryptoProtect:
+				try {
+					return NativeDapiProtection.Protect (userData, optionalEntropy, scope);
+				}
+				catch (Exception e) {
+					string msg = Locale.GetText ("Data protection failed.");
+					throw new CryptographicException (msg, e);
+				}
+			default:
+				throw new PlatformNotSupportedException ();
+			}
+		}
+
+// FIXME	[DataProtectionPermission (SecurityAction.Demand, UnprotectData = true)]
+		public static byte[] Unprotect (byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope) 
+		{
+			if (encryptedData == null)
+				throw new ArgumentNullException ("encryptedData");
+
+			// on Windows this is supported only under 2000 and later OS
+			Check (scope);
+
+			switch (impl) {
+			case DataProtectionImplementation.ManagedProtection:
+				try {
+					return ManagedProtection.Unprotect (encryptedData, optionalEntropy, scope);
+				}
+				catch (Exception e) {
+					string msg = Locale.GetText ("Data unprotection failed.");
+					throw new CryptographicException (msg, e);
+				}
+			case DataProtectionImplementation.Win32CryptoProtect:
+				try {
+					return NativeDapiProtection.Unprotect (encryptedData, optionalEntropy, scope);
+				}
+				catch (Exception e) {
+					string msg = Locale.GetText ("Data unprotection failed.");
+					throw new CryptographicException (msg, e);
+				}
+			default:
+				throw new PlatformNotSupportedException ();
+			}
+		}
+
+		// private stuff
+
+		enum DataProtectionImplementation {
+			Unknown,
+			Win32CryptoProtect,
+			ManagedProtection,
+			Unsupported = Int32.MinValue
+		}
+
+		private static DataProtectionImplementation impl;
+
+		private static void Detect ()
+		{
+			OperatingSystem os = Environment.OSVersion;
+			switch (os.Platform) {
+			case PlatformID.Win32NT:
+				Version v = os.Version;
+				if (v.Major < 5) {
+					impl = DataProtectionImplementation.Unsupported;
+				} else {
+					// Windows 2000 (5.0) and later
+					impl = DataProtectionImplementation.Win32CryptoProtect;
+				}
+				break;
+			case PlatformID.Unix:
+				impl = DataProtectionImplementation.ManagedProtection;
+				break;
+			default:
+				impl = DataProtectionImplementation.Unsupported;
+				break;
+			}
+		}
+
+		private static void Check (DataProtectionScope scope)
+		{
+			if ((scope < DataProtectionScope.CurrentUser) || (scope > DataProtectionScope.LocalMachine)) {
+				string msg = Locale.GetText ("Invalid enum value '{0}' for '{1}'.", 
+					scope, "DataProtectionScope");
+				throw new ArgumentException (msg, "scope");
+			}
+
+			switch (impl) {
+			case DataProtectionImplementation.Unknown:
+				Detect ();
+				break;
+			case DataProtectionImplementation.Unsupported:
+				throw new PlatformNotSupportedException ();
+			}
+		}
+	}
+}
+
+#endif

mcs/class/System.Security/System.Security.Cryptography/ProtectedMemory.cs

@@ -0,0 +1,204 @@
+//
+// ProtectedMemory.cs: Protect (encrypt) memory without (user involved) key management
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Runtime.InteropServices;
+using System.Security;
+using System.Security.Permissions;
+
+namespace System.Security.Cryptography {
+
+	// References:
+	// a.	Windows Data Protection
+	//	http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp?frame=true
+
+	public sealed class ProtectedMemory {
+
+		private ProtectedMemory ()
+		{
+		}
+
+		[MonoTODO ("only supported on Windows 2000 SP3 and later")]
+// FIXME	[DataProtectionPermission (SecurityAction.Demand, ProtectMemory = true)]
+		public static void Protect (byte[] userData, MemoryProtectionScope scope) 
+		{
+			if (userData == null)
+				throw new ArgumentNullException ("userData");
+
+			Check (userData.Length, scope);
+			try {
+				uint flags = (uint) scope;
+				uint length = (uint) userData.Length;
+
+				switch (impl) {
+				case MemoryProtectionImplementation.Win32RtlEncryptMemory:
+					int err = RtlEncryptMemory (userData, length, flags);
+					if (err < 0) {
+						string msg = Locale.GetText ("Error. NTSTATUS = {0}.", err);
+						throw new CryptographicException (msg);
+					}
+					break;
+				case MemoryProtectionImplementation.Win32CryptoProtect:
+					bool result = CryptProtectMemory (userData, length, flags);
+					if (!result)
+						throw new CryptographicException (Marshal.GetLastWin32Error ());
+					break;
+				default:
+					throw new PlatformNotSupportedException ();
+				}
+			}
+			catch {
+				// Windows 2000 before SP3 will throw
+				impl = MemoryProtectionImplementation.Unsupported;
+				throw new PlatformNotSupportedException ();
+			}
+		}
+
+		[MonoTODO ("only supported on Windows 2000 SP3 and later")]
+// FIXME	[DataProtectionPermission (SecurityAction.Demand, UnprotectMemory = true)]
+		public static void Unprotect (byte[] encryptedData, MemoryProtectionScope scope) 
+		{
+			if (encryptedData == null)
+				throw new ArgumentNullException ("encryptedData");
+
+			Check (encryptedData.Length, scope);
+			try {
+				uint flags = (uint) scope;
+				uint length = (uint) encryptedData.Length;
+
+				switch (impl) {
+				case MemoryProtectionImplementation.Win32RtlEncryptMemory:
+					int err = RtlDecryptMemory (encryptedData, length, flags);
+					if (err < 0) {
+						string msg = Locale.GetText ("Error. NTSTATUS = {0}.", err);
+						throw new CryptographicException (msg);
+					}
+					break;
+				case MemoryProtectionImplementation.Win32CryptoProtect:
+					bool result = CryptUnprotectMemory (encryptedData, length, flags);
+					if (!result)
+						throw new CryptographicException (Marshal.GetLastWin32Error ());
+					break;
+				default:
+					throw new PlatformNotSupportedException ();
+				}
+			}
+			catch {
+				// Windows 2000 before SP3 will throw
+				impl = MemoryProtectionImplementation.Unsupported;
+				throw new PlatformNotSupportedException ();
+			}
+		}
+
+		// private stuff
+
+		private const int BlockSize = 16;
+
+		enum MemoryProtectionImplementation {
+			Unknown,
+			Win32RtlEncryptMemory,
+			Win32CryptoProtect,
+			Unsupported = Int32.MinValue
+		}
+
+		private static MemoryProtectionImplementation impl;
+
+		private static void Detect ()
+		{
+			OperatingSystem os = Environment.OSVersion;
+			switch (os.Platform) {
+			case PlatformID.Win32NT:
+				Version v = os.Version;
+				if (v.Major < 5) {
+					impl = MemoryProtectionImplementation.Unsupported;
+				} else if (v.Major == 5) {
+					if (v.Minor < 2) {
+						// 2000 (5.0) Service Pack 3 and XP (5.1)
+						impl = MemoryProtectionImplementation.Win32RtlEncryptMemory;
+					} else {
+						impl = MemoryProtectionImplementation.Win32CryptoProtect;
+					}
+				} else {
+					// vista (6.0) and later
+					impl = MemoryProtectionImplementation.Win32CryptoProtect;
+				}
+				break;
+			default:
+				impl = MemoryProtectionImplementation.Unsupported;
+				break;
+			}
+		}
+
+		private static void Check (int size, MemoryProtectionScope scope)
+		{
+			if (size % BlockSize != 0) {
+				string msg = Locale.GetText ("Not a multiple of {0} bytes.", BlockSize);
+				throw new CryptographicException (msg);
+			}
+
+			if ((scope < MemoryProtectionScope.SameProcess) || (scope > MemoryProtectionScope.SameLogon)) {
+				string msg = Locale.GetText ("Invalid enum value for '{0}'.", "MemoryProtectionScope");
+				throw new ArgumentException (msg, "scope");
+			}
+
+			switch (impl) {
+			case MemoryProtectionImplementation.Unknown:
+				Detect ();
+				break;
+			case MemoryProtectionImplementation.Unsupported:
+				throw new PlatformNotSupportedException ();
+			}
+		}
+
+		// http://msdn.microsoft.com/library/en-us/dncode/html/secure06122003.asp
+		// Summary: CryptProtectMemory and CryptUnprotectMemory exists only in Windows 2003 +
+		// but they are available in advapi32.dll as RtlEncryptMemory (SystemFunction040) and
+		// RtlDecryptMemory (SystemFunction041) since Windows 2000 SP 3. Sadly both can disappear
+		// anytime with newer OS so we include support for Crypt[Unp|P]rotectMemory too.
+
+		[SuppressUnmanagedCodeSecurity]
+		[DllImport ("advapi32.dll", EntryPoint="SystemFunction040", SetLastError = true, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto)]
+		private static extern int RtlEncryptMemory (byte[] pData, uint cbData, uint dwFlags);
+
+		[SuppressUnmanagedCodeSecurity]
+		[DllImport ("advapi32.dll", EntryPoint = "SystemFunction041", SetLastError = true, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto)]
+		private static extern int RtlDecryptMemory (byte[] pData, uint cbData, uint dwFlags);
+
+		[SuppressUnmanagedCodeSecurity]
+		[DllImport ("crypt32.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto)]
+		private static extern bool CryptProtectMemory (byte[] pData, uint cbData, uint dwFlags);
+
+		[SuppressUnmanagedCodeSecurity]
+		[DllImport ("crypt32.dll", SetLastError = true, CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Auto)]
+		private static extern bool CryptUnprotectMemory (byte[] pData, uint cbData, uint dwFlags);
+	} 
+}
+
+#endif