/// <summary> /// Validate password prior do decrypting, depends on sample encrypted section in The SecuritySection. /// </summary> /// <param name="ovfObj">EnvelopeType OVF Object</param> /// <param name="password">password to check</param> /// <returns>true = valid password, false = password failed</returns> public bool CheckPassword(EnvelopeType ovfObj, string password) { bool isValid = false; SecuritySection_Type[] security = FindSections <SecuritySection_Type>(ovfObj.Sections); if (security != null && security.Length == 1) { foreach (Security_Type sec in security[0].Security) { EncryptedDataType edt = null; if (sec.EncryptedData != null && sec.EncryptedData.CipherData != null && sec.EncryptedData.CipherData.Item != null) { edt = sec.EncryptedData; } if (edt == null && sec.Any != null) { foreach (XmlElement xe in sec.Any) { if (xe.Name.Contains(":EncryptedData") || xe.Name.Contains(":EncrypteData")) { CipherDataType cdt = (CipherDataType)Tools.Deserialize(xe.InnerXml, typeof(CipherDataType)); edt = new EncryptedDataType(); edt.CipherData = cdt; } } } if (edt != null) { if (sec.version != null && CheckSecurityVersion(sec.version, Properties.Settings.Default.securityVersion) >= 0) { isValid = InternalCheckPassword((byte[])edt.CipherData.Item, password, sec.version); } else { isValid = DeprecatedCheckPassword((byte[])edt.CipherData.Item, password, sec.version); } } else { throw new Exception(Messages.SECURITY_SECTION_INVALID); } } } if (isValid) { Log.Audit(Messages.PASSWORD_SUCCESS); } else { Log.Audit(Messages.PASSWORD_FAILED); } return(isValid); }
private static void CryptoFileWrapper(EnvelopeType env, string ovffilename, string password, bool encrypt) { bool process = true; if ((env.References == null) || (env.References.File == null) || (env.References.File.Length == 0)) { log.Info("OVF.Security: No files to encrypt/decrypt."); return; } try { List <DataReference> dataReference = new List <DataReference>(); string cryptoclassname = (string)AlgorithmMap((Properties.Settings.Default.encryptAlgorithmURI.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_')); int keysize = Convert.ToInt32(Properties.Settings.Default.encryptKeyLength); string fileuuids = null; string version = null; // // Initial version really only works when there is ONLY ONE SecuritySection::Security // #region GET DECRYPT INFO if (!encrypt) { SecuritySection_Type securitysection = null; foreach (Section_Type section in env.Sections) { if (section is SecuritySection_Type) { securitysection = (SecuritySection_Type)section; break; } } foreach (Security_Type securitytype in securitysection.Security) { foreach (XenOvf.Definitions.XENC.ReferenceType dataref in securitytype.ReferenceList.Items) { if (dataref is DataReference) { fileuuids += ":" + ((DataReference)dataref).ValueType; } } if (securitytype.EncryptionMethod != null && securitytype.EncryptionMethod.Algorithm != null) { string algoname = (securitytype.EncryptionMethod.Algorithm.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_'); object x = Properties.Settings.Default[algoname]; if (x != null) { cryptoclassname = (string)x; keysize = Convert.ToInt32(securitytype.EncryptionMethod.KeySize); } } if (!string.IsNullOrEmpty(securitytype.version)) { version = securitytype.version; } } } #endregion #region PROCESS FILES foreach (File_Type file in env.References.File) { if (encrypt) { version = Properties.Settings.Default.securityVersion; if (file.Id == null) { file.Id = "xen_" + Guid.NewGuid().ToString(); DataReference newDataReference = new DataReference(); newDataReference.ValueType = file.Id; dataReference.Add(newDataReference); process = true; } else { log.InfoFormat("File already encrypted, skipping. [{0}]", file.href); process = false; } } else { if (file.Id != null && fileuuids != null && fileuuids.ToLower().Contains(file.Id.ToLower())) { process = true; file.Id = null; } else { process = false; log.InfoFormat("File is not encrypted, skipping. [{0}]", file.href); } } if (process) { string fullname = string.Format(@"{0}\{1}", Path.GetDirectoryName(ovffilename), file.href); log.DebugFormat(encrypt ? "Encrypt: {0}" : "Decrypt: {0}", fullname); ICryptoTransform trans = CryptoSetup(cryptoclassname, password, encrypt, version); CryptoFile(trans, fullname, fullname + ".tmp", encrypt); if (_cancelEncrypt) { File.Delete(fullname + ".tmp"); } else { File.Delete(fullname); File.Move(fullname + ".tmp", fullname); } } } #endregion #region BUILD SECURITY SECTION if (encrypt && process && !_cancelEncrypt) { List <Section_Type> sections = new List <Section_Type>(); SecuritySection_Type securitySection = null; foreach (Section_Type section in env.Sections) { if (section is SecuritySection_Type) { securitySection = (SecuritySection_Type)section; } else { sections.Add(section); } } if (securitySection == null) { securitySection = new SecuritySection_Type(); securitySection.Info = new Msg_Type(); securitySection.Info.Value = "Encrypted Content Definition"; } List <Security_Type> secType = new List <Security_Type>(); if (securitySection.Security != null && securitySection.Security.Length > 0) { secType.AddRange(securitySection.Security); } Security_Type securityType = new Security_Type(); securityType.version = Properties.Settings.Default.securityVersion; securityType.Id = "xen_" + Guid.NewGuid().ToString(); ReferenceList referenceList = new ReferenceList(); referenceList.Items = dataReference.ToArray(); List <ItemsChoiceType3> ictList = new List <ItemsChoiceType3>(); for (int i = 0; i < dataReference.Count; i++) { ictList.Add(ItemsChoiceType3.DataReference); } referenceList.ItemsElementName = ictList.ToArray(); EncryptionMethodType encryptMethod = new EncryptionMethodType(); encryptMethod.KeySize = Convert.ToString(_KeySize); encryptMethod.Algorithm = Properties.Settings.Default.encryptAlgorithmURI; EncryptedDataType EncryptedData = new EncryptedDataType(); EncryptedData.CipherData = new CipherDataType(); CryptoElement(EncryptedData, KnownEncrypt, cryptoclassname, version, password); securityType.ReferenceList = referenceList; securityType.EncryptionMethod = encryptMethod; securityType.EncryptedData = EncryptedData; secType.Add(securityType); securitySection.Security = secType.ToArray(); sections.Add(securitySection); env.Sections = sections.ToArray(); } #endregion } catch (Exception ex) { log.ErrorFormat("OVF.Security: Cryptography error: {0}", ex.Message); throw; } }
private static void CryptoFileWrapper(EnvelopeType env, string ovffilename, string password, bool encrypt) { bool process = true; if ((env.References == null) || (env.References.File == null) || (env.References.File.Length == 0)) { Log.Info("OVF.Security: No files to encrypt/decrypt."); return; } try { List<DataReference> dataReference = new List<DataReference>(); string cryptoclassname = (string)AlgorithmMap((Properties.Settings.Default.encryptAlgorithmURI.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_')); int keysize = Convert.ToInt32(Properties.Settings.Default.encryptKeyLength); string fileuuids = null; string version = null; // // Initial version really only works when there is ONLY ONE SecuritySection::Security // #region GET DECRYPT INFO if (!encrypt) { SecuritySection_Type securitysection = null; foreach (Section_Type section in env.Sections) { if (section is SecuritySection_Type) { securitysection = (SecuritySection_Type)section; break; } } foreach (Security_Type securitytype in securitysection.Security) { foreach (XenOvf.Definitions.XENC.ReferenceType dataref in securitytype.ReferenceList.Items) { if (dataref is DataReference) { fileuuids += ":" + ((DataReference)dataref).ValueType; } } if (securitytype.EncryptionMethod != null && securitytype.EncryptionMethod.Algorithm != null) { string algoname = (securitytype.EncryptionMethod.Algorithm.Split(new char[] { '#' }))[1].ToLower().Replace('-', '_'); object x = Properties.Settings.Default[algoname]; if (x != null) { cryptoclassname = (string)x; keysize = Convert.ToInt32(securitytype.EncryptionMethod.KeySize); } } if (!string.IsNullOrEmpty(securitytype.version)) { version = securitytype.version; } } } #endregion #region PROCESS FILES foreach (File_Type file in env.References.File) { if (encrypt) { version = Properties.Settings.Default.securityVersion; if (file.Id == null) { file.Id = "xen_" + Guid.NewGuid().ToString(); DataReference newDataReference = new DataReference(); newDataReference.ValueType = file.Id; dataReference.Add(newDataReference); process = true; } else { Log.Info("File already encrypted, skipping. [{0}]", file.href); process = false; } } else { if (file.Id != null && fileuuids != null && fileuuids.ToLower().Contains(file.Id.ToLower())) { process = true; file.Id = null; } else { process = false; Log.Info("File is not encrypted, skipping. [{0}]", file.href); } } if (process) { string fullname = string.Format(@"{0}\{1}", Path.GetDirectoryName(ovffilename), file.href); Log.Debug(@"{0} : {1}", encrypt ? "Encrypt" : "Decrypt", fullname); ICryptoTransform trans = CryptoSetup(cryptoclassname, password, encrypt, version); CryptoFile(trans, fullname, fullname + ".tmp", encrypt); if (_cancelEncrypt) { File.Delete(fullname + ".tmp"); } else { File.Delete(fullname); File.Move(fullname + ".tmp", fullname); } } } #endregion #region BUILD SECURITY SECTION if (encrypt && process && !_cancelEncrypt) { List<Section_Type> sections = new List<Section_Type>(); SecuritySection_Type securitySection = null; foreach (Section_Type section in env.Sections) { if (section is SecuritySection_Type) { securitySection = (SecuritySection_Type)section; } else { sections.Add(section); } } if (securitySection == null) { securitySection = new SecuritySection_Type(); securitySection.Info = new Msg_Type(); securitySection.Info.Value = "Encrypted Content Definition"; } List<Security_Type> secType = new List<Security_Type>(); if (securitySection.Security != null && securitySection.Security.Length > 0) { secType.AddRange(securitySection.Security); } Security_Type securityType = new Security_Type(); securityType.version = Properties.Settings.Default.securityVersion; securityType.Id = "xen_" + Guid.NewGuid().ToString(); ReferenceList referenceList = new ReferenceList(); referenceList.Items = dataReference.ToArray(); List<ItemsChoiceType3> ictList = new List<ItemsChoiceType3>(); for (int i = 0; i < dataReference.Count; i++) { ictList.Add(ItemsChoiceType3.DataReference); } referenceList.ItemsElementName = ictList.ToArray(); EncryptionMethodType encryptMethod = new EncryptionMethodType(); encryptMethod.KeySize = Convert.ToString(_KeySize); encryptMethod.Algorithm = Properties.Settings.Default.encryptAlgorithmURI; EncryptedDataType EncryptedData = new EncryptedDataType(); EncryptedData.CipherData = new CipherDataType(); CryptoElement(EncryptedData, KnownEncrypt, cryptoclassname, version, password); securityType.ReferenceList = referenceList; securityType.EncryptionMethod = encryptMethod; securityType.EncryptedData = EncryptedData; secType.Add(securityType); securitySection.Security = secType.ToArray(); sections.Add(securitySection); env.Sections = sections.ToArray(); } #endregion } catch (Exception ex) { Log.Error("OVF.Security: Cryptography error: {0}", ex.Message); throw ex; } }
/// <summary> /// Validate password prior do decrypting, depends on sample encrypted section in The SecuritySection. /// </summary> /// <param name="ovfObj">EnvelopeType OVF Object</param> /// <param name="password">password to check</param> /// <returns>true = valid password, false = password failed</returns> public bool CheckPassword(EnvelopeType ovfObj, string password) { bool isValid = false; SecuritySection_Type[] security = FindSections<SecuritySection_Type>(ovfObj.Sections); if (security != null && security.Length == 1) { foreach (Security_Type sec in security[0].Security) { EncryptedDataType edt = null; if (sec.EncryptedData != null && sec.EncryptedData.CipherData != null && sec.EncryptedData.CipherData.Item != null) { edt = sec.EncryptedData; } if (edt == null && sec.Any != null) { foreach (XmlElement xe in sec.Any) { if (xe.Name.Contains(":EncryptedData") || xe.Name.Contains(":EncrypteData")) { CipherDataType cdt = (CipherDataType)Tools.Deserialize(xe.InnerXml, typeof(CipherDataType)); edt = new EncryptedDataType(); edt.CipherData = cdt; } } } if (edt != null) { if (sec.version != null && CheckSecurityVersion(sec.version, Properties.Settings.Default.securityVersion) >= 0) { isValid = InternalCheckPassword((byte[])edt.CipherData.Item, password, sec.version); } else { isValid = DeprecatedCheckPassword((byte[])edt.CipherData.Item, password, sec.version); } } else { throw new Exception(Messages.SECURITY_SECTION_INVALID); } } } if (isValid) { Log.Audit(Messages.PASSWORD_SUCCESS); } else { Log.Audit(Messages.PASSWORD_FAILED); } return isValid; }