/// <summary> /// Creates the composite key from the supplied user key sources (password, /// key file, user account, computer ID, etc.). /// </summary> private byte[] CreateRawCompositeKey32() { ValidateUserKeys(); // Concatenate user key data MemoryStream ms = new MemoryStream(); foreach (IUserKey pKey in m_vUserKeys) { ProtectedBinary b = pKey.KeyData; if (b != null) { byte[] pbKeyData = b.ReadData(); ms.Write(pbKeyData, 0, pbKeyData.Length); Array.Clear(pbKeyData, 0, pbKeyData.Length); } } SHA256Managed sha256 = new SHA256Managed(); return(sha256.ComputeHash(ms.ToArray())); }
private Stream AttachStreamEncryptor(Stream s) { MemoryStream ms = new MemoryStream(); Debug.Assert(m_pbMasterSeed != null); Debug.Assert(m_pbMasterSeed.Length == 32); ms.Write(m_pbMasterSeed, 0, 32); Debug.Assert(m_pwDatabase != null); Debug.Assert(m_pwDatabase.MasterKey != null); ProtectedBinary pbinKey = m_pwDatabase.MasterKey.GenerateKey32( m_pbTransformSeed, m_pwDatabase.KeyEncryptionRounds); Debug.Assert(pbinKey != null); if (pbinKey == null) { throw new SecurityException(KLRes.InvalidCompositeKey); } byte[] pKey32 = pbinKey.ReadData(); if ((pKey32 == null) || (pKey32.Length != 32)) { throw new SecurityException(KLRes.InvalidCompositeKey); } ms.Write(pKey32, 0, 32); byte[] aesKey = Crypto.SHA256.ComputeHash(ms.ToArray()); ms.Close(); Array.Clear(pKey32, 0, 32); Debug.Assert(CipherPool.GlobalPool != null); ICipherEngine iEngine = CipherPool.GlobalPool.GetCipher(m_pwDatabase.DataCipherUuid); if (iEngine == null) { throw new SecurityException(KLRes.FileUnknownCipher); } return(iEngine.EncryptStream(s, aesKey, m_pbEncryptionIV)); }
/// <summary> /// Creates the composite key from the supplied user key sources (password, /// key file, user account, computer ID, etc.). /// </summary> private byte[] CreateRawCompositeKey32(byte[] mPbMasterSeed) { ValidateUserKeys(); // Concatenate user key data List <byte[]> lData = new List <byte[]>(); int cbData = 0; foreach (IUserKey pKey in m_vUserKeys) { if (pKey is ISeedBasedUserKey) { ((ISeedBasedUserKey)pKey).SetParams(mPbMasterSeed); } ProtectedBinary b = pKey.KeyData; if (b != null) { byte[] pbKeyData = b.ReadData(); lData.Add(pbKeyData); cbData += pbKeyData.Length; } } byte[] pbAllData = new byte[cbData]; int p = 0; foreach (byte[] pbData in lData) { Array.Copy(pbData, 0, pbAllData, p, pbData.Length); p += pbData.Length; MemUtil.ZeroByteArray(pbData); } Debug.Assert(p == cbData); byte[] pbHash = CryptoUtil.HashSha256(pbAllData); MemUtil.ZeroByteArray(pbAllData); return(pbHash); }
// Cf. other overload public static BinaryDataClass Classify(string strUrl, ProtectedBinary pb) { BinaryDataClass bdc = ClassifyUrl(strUrl); if (bdc != BinaryDataClass.Unknown) { return(bdc); } if (pb == null) { throw new ArgumentNullException("pb"); } byte[] pbData = pb.ReadData(); try { bdc = ClassifyData(pbData); } finally { if (pb.IsProtected) { MemUtil.ZeroByteArray(pbData); } } return(bdc); }
private void ComputeKeys(out byte[] pbCipherKey, int cbCipherKey, out byte[] pbHmacKey64) { byte[] pbCmp = new byte[32 + 32 + 1]; try { Debug.Assert(m_pbMasterSeed != null); if(m_pbMasterSeed == null) throw new ArgumentNullException("m_pbMasterSeed"); Debug.Assert(m_pbMasterSeed.Length == 32); if(m_pbMasterSeed.Length != 32) throw new FormatException(KLRes.MasterSeedLengthInvalid); Array.Copy(m_pbMasterSeed, 0, pbCmp, 0, 32); Debug.Assert(m_pwDatabase != null); Debug.Assert(m_pwDatabase.MasterKey != null); ProtectedBinary pbinUser = m_pwDatabase.MasterKey.GenerateKey32( m_pwDatabase.KdfParameters); Debug.Assert(pbinUser != null); if(pbinUser == null) throw new SecurityException(KLRes.InvalidCompositeKey); byte[] pUserKey32 = pbinUser.ReadData(); if((pUserKey32 == null) || (pUserKey32.Length != 32)) throw new SecurityException(KLRes.InvalidCompositeKey); Array.Copy(pUserKey32, 0, pbCmp, 32, 32); MemUtil.ZeroByteArray(pUserKey32); pbCipherKey = CryptoUtil.ResizeKey(pbCmp, 0, 64, cbCipherKey); pbCmp[64] = 1; using(SHA512Managed h = new SHA512Managed()) { pbHmacKey64 = h.ComputeHash(pbCmp); } } finally { MemUtil.ZeroByteArray(pbCmp); } }
// Copied from PwEntryForm.SaveAttachmentTo (PwEntryForm.cs) private void SaveAttachmentTo(ProtectedBinary pb, string strFileName, bool bConfirmOverwrite) { Debug.Assert(pb != null); if (pb == null) { throw new ArgumentNullException("pb"); } Debug.Assert(strFileName != null); if (strFileName == null) { throw new ArgumentNullException("strFileName"); } if (bConfirmOverwrite && File.Exists(strFileName)) { string strMsg = KPRes.FileExistsAlready + MessageService.NewLine + strFileName + MessageService.NewParagraph + KPRes.OverwriteExistingFileQuestion; if (MessageService.AskYesNo(strMsg) == false) { return; } } Debug.Assert(pb != null); if (pb == null) { throw new ArgumentException(); } byte[] pbData = pb.ReadData(); try { File.WriteAllBytes(strFileName, pbData); } catch (Exception exWrite) { MessageService.ShowWarning(strFileName, exWrite); } MemUtil.ZeroByteArray(pbData); }
public static CertificateShortcutProviderKey EncryptPassphrase(X509Certificate2 certificate, ProtectedString passphrase) { // Instead of directly encrypting the passphrase with the certificate, // we use an intermediate random symmetric key. // The passphrase is encrypted with the symmetric key, and the symmetric key is encrypted with the certificate. // (asymmetric encryption is not suited to encrypt a lot of data) // symmetric encryption: var randomKey = new ProtectedBinary(true, CryptoRandom.Instance.GetRandomBytes(32)); var passphraseBinary = new ProtectedBinary(true, passphrase.ReadUtf8()); var encryptedPassphrase = EncryptSecret(passphraseBinary, randomKey, out var iv); // now we asymmetrically encrypt the random key. byte[] encryptedRandomKey; RSA rsa; ECDsa ecdsa; if ((rsa = certificate.GetRSAPublicKey()) != null) { encryptedRandomKey = rsa.Encrypt(randomKey.ReadData(), RSAEncryptionPadding.OaepSHA256); } else if ((ecdsa = certificate.GetECDsaPublicKey()) != null) { // TODO: // https://stackoverflow.com/questions/47116611/how-can-i-encrypt-data-using-a-public-key-from-ecc-x509-certificate-in-net-fram // var ecdh = ECDiffieHellman.Create(ecdsa.ExportParameters(false)); throw new NotSupportedException("Certificate's key type not supported."); } else { throw new NotSupportedException("Certificate's key type not supported."); } var result = new CertificateShortcutProviderKey(certificate, encryptedRandomKey, iv, encryptedPassphrase); return(result); }
/// <summary> /// Creates the composite key from the supplied user key sources (password, /// key file, user account, computer ID, etc.). /// </summary> /// <returns> /// The <see cref="byte[]"/>. /// </returns> private byte[] CreateRawCompositeKey32() { this.ValidateUserKeys(); // Concatenate user key data using (MemoryStream ms = new MemoryStream()) { foreach (IUserKey pKey in this.m_vUserKeys) { ProtectedBinary b = pKey.KeyData; if (b != null) { byte[] pbKeyData = b.ReadData(); ms.Write(pbKeyData, 0, pbKeyData.Length); MemUtil.ZeroByteArray(pbKeyData); } } var sha256 = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha256); byte[] pbHash = sha256.HashData(ms.ToArray().AsBuffer()).ToArray(); return(pbHash); } }
private ProtectedBinary Decrypt(ProtectedBinary encryptedKey) { WinHello winHello = new WinHello(); winHello.Message = "Authentication to access KeePass database"; winHello.ParentHandle = KeePassWinHelloExt.KeyPromptForm.Handle; byte[] encryptedData = encryptedKey.ReadData(); byte[] data; try { data = winHello.PromptToDecrypt(encryptedData); } finally { MemUtil.ZeroByteArray(encryptedData); } var result = new ProtectedBinary(true, data); MemUtil.ZeroByteArray(data); return(result); }
/// <summary> /// Creates the composite key from the supplied user key sources (password, /// key file, user account, computer ID, etc.). /// </summary> private byte[] CreateRawCompositeKey32() { ValidateUserKeys(); // Concatenate user key data List <byte[]> lData = new List <byte[]>(); int cbData = 0; foreach (IUserKey pKey in m_vUserKeys) { ProtectedBinary b = pKey.KeyData; if (b != null) { byte[] pbKeyData = b.ReadData(); lData.Add(pbKeyData); cbData += pbKeyData.Length; } } byte[] pbAllData = new byte[cbData]; int p = 0; foreach (byte[] pbData in lData) { Array.Copy(pbData, 0, pbAllData, p, pbData.Length); p += pbData.Length; MemUtil.ZeroByteArray(pbData); } Debug.Assert(p == cbData); SHA256Managed sha256 = new SHA256Managed(); byte[] pbHash = sha256.ComputeHash(pbAllData); MemUtil.ZeroByteArray(pbAllData); return(pbHash); }
private void AutoOpenEntryPriv(AutoExecItem a, bool bManual) { PwEntry pe = a.Entry; PwDatabase pdContext = a.Database; SprContext ctxNoEsc = new SprContext(pe, pdContext, SprCompileFlags.All); SprContext ctxEsc = new SprContext(pe, pdContext, SprCompileFlags.All, false, true); string strDb; if (!GetString(pe, PwDefs.UrlField, ctxEsc, true, out strDb)) { return; } IOConnectionInfo ioc = IOConnectionInfo.FromPath(strDb); //TODO /*if (ioc.IsLocalFile() && !UrlUtil.IsAbsolutePath(strDb)) * ioc = IOConnectionInfo.FromPath(UrlUtil.MakeAbsolutePath( * WinUtil.GetExecutable(), strDb));*/ if (ioc.Path.Length == 0) { return; } string strIocUserName; if (GetString(pe, "IocUserName", ctxNoEsc, true, out strIocUserName)) { ioc.UserName = strIocUserName; } string strIocPassword; if (GetString(pe, "IocPassword", ctxNoEsc, true, out strIocPassword)) { ioc.Password = strIocPassword; } if ((strIocUserName.Length != 0) && (strIocPassword.Length != 0)) { ioc.IsComplete = true; } string str; if (GetString(pe, "IocTimeout", ctxNoEsc, true, out str)) { long l; if (long.TryParse(str, out l)) { ioc.Properties.SetLong(IocKnownProperties.Timeout, l); } } bool?ob = GetBoolEx(pe, "IocPreAuth", ctxNoEsc); if (ob.HasValue) { ioc.Properties.SetBool(IocKnownProperties.PreAuth, ob.Value); } if (GetString(pe, "IocUserAgent", ctxNoEsc, true, out str)) { ioc.Properties.Set(IocKnownProperties.UserAgent, str); } ob = GetBoolEx(pe, "IocExpect100Continue", ctxNoEsc); if (ob.HasValue) { ioc.Properties.SetBool(IocKnownProperties.Expect100Continue, ob.Value); } ob = GetBoolEx(pe, "IocPassive", ctxNoEsc); if (ob.HasValue) { ioc.Properties.SetBool(IocKnownProperties.Passive, ob.Value); } ob = GetBoolEx(pe, "SkipIfNotExists", ctxNoEsc); if (!ob.HasValue) // Backw. compat. { ob = GetBoolEx(pe, "Skip if not exists", ctxNoEsc); } if (ob.HasValue && ob.Value) { if (!IOConnection.FileExists(ioc)) { return; } } CompositeKey ck = new CompositeKey(); if (GetString(pe, PwDefs.PasswordField, ctxNoEsc, false, out str)) { ck.AddUserKey(new KcpPassword(str)); } if (GetString(pe, PwDefs.UserNameField, ctxNoEsc, false, out str)) { string strAbs = str; IOConnectionInfo iocKey = IOConnectionInfo.FromPath(strAbs); if (iocKey.IsLocalFile() && !UrlUtil.IsAbsolutePath(strAbs)) { //TODO /* strAbs = UrlUtil.MakeAbsolutePath(WinUtil.GetExecutable(), strAbs);*/ } ob = GetBoolEx(pe, "SkipIfKeyFileNotExists", ctxNoEsc); if (ob.HasValue && ob.Value) { IOConnectionInfo iocKeyAbs = IOConnectionInfo.FromPath(strAbs); if (!IOConnection.FileExists(iocKeyAbs)) { return; } } try { ck.AddUserKey(new KcpKeyFile(strAbs)); } catch (InvalidOperationException) { //TODO throw new Exception("TODO"); //throw new Exception(strAbs + MessageService.NewParagraph + KPRes.KeyFileError); } catch (Exception) { throw; } } else // Try getting key file from attachments { ProtectedBinary pBin = pe.Binaries.Get("KeyFile.bin"); if (pBin != null) { ck.AddUserKey(new KcpKeyFile(IOConnectionInfo.FromPath( StrUtil.DataToDataUri(pBin.ReadData(), null)))); } } if (GetString(pe, "KeyProvider", ctxNoEsc, true, out str)) { /*TODO KeyProvider kp = m_host.KeyProviderPool.Get(str); * if (kp == null) * throw new Exception(@"Unknown key provider: '" + str + @"'!"); * * KeyProviderQueryContext ctxKP = new KeyProviderQueryContext( * ioc, false, false); * * bool bPerformHash = !kp.DirectKey; * byte[] pbProvKey = kp.GetKey(ctxKP); * if ((pbProvKey != null) && (pbProvKey.Length != 0)) * { * ck.AddUserKey(new KcpCustomKey(str, pbProvKey, bPerformHash)); * MemUtil.ZeroByteArray(pbProvKey); * } * else return; // Provider has shown error message*/ throw new Exception("KeyProvider not supported"); } ob = GetBoolEx(pe, "UserAccount", ctxNoEsc); if (ob.HasValue && ob.Value) { ck.AddUserKey(new KcpUserAccount()); } if (ck.UserKeyCount == 0) { return; } GetString(pe, "Focus", ctxNoEsc, true, out str); bool bRestoreFocus = str.Equals("Restore", StrUtil.CaseIgnoreCmp); /*TODO * PwDatabase pdPrev = m_host.MainWindow.ActiveDatabase; * * m_host.MainWindow.OpenDatabase(ioc, ck, true); * * if (bRestoreFocus && (pdPrev != null) && !bManual) * { * PwDocument docPrev = m_host.MainWindow.DocumentManager.FindDocument( * pdPrev); * if (docPrev != null) m_host.MainWindow.MakeDocumentActive(docPrev); * else { Debug.Assert(false); } * }*/ }
private static void TestProtectedObjects() { #if DEBUG Encoding enc = StrUtil.Utf8; byte[] pbData = enc.GetBytes("Test Test Test Test"); ProtectedBinary pb = new ProtectedBinary(true, pbData); if (!pb.IsProtected) { throw new SecurityException("ProtectedBinary-1"); } byte[] pbDec = pb.ReadData(); if (!MemUtil.ArraysEqual(pbData, pbDec)) { throw new SecurityException("ProtectedBinary-2"); } if (!pb.IsProtected) { throw new SecurityException("ProtectedBinary-3"); } byte[] pbData2 = enc.GetBytes("Test Test Test Test"); byte[] pbData3 = enc.GetBytes("Test Test Test Test Test"); ProtectedBinary pb2 = new ProtectedBinary(true, pbData2); ProtectedBinary pb3 = new ProtectedBinary(true, pbData3); if (!pb.Equals(pb2)) { throw new SecurityException("ProtectedBinary-4"); } if (pb.Equals(pb3)) { throw new SecurityException("ProtectedBinary-5"); } if (pb2.Equals(pb3)) { throw new SecurityException("ProtectedBinary-6"); } if (pb.GetHashCode() != pb2.GetHashCode()) { throw new SecurityException("ProtectedBinary-7"); } if (!((object)pb).Equals((object)pb2)) { throw new SecurityException("ProtectedBinary-8"); } if (((object)pb).Equals((object)pb3)) { throw new SecurityException("ProtectedBinary-9"); } if (((object)pb2).Equals((object)pb3)) { throw new SecurityException("ProtectedBinary-10"); } ProtectedString ps = new ProtectedString(); if (ps.Length != 0) { throw new SecurityException("ProtectedString-1"); } if (!ps.IsEmpty) { throw new SecurityException("ProtectedString-2"); } if (ps.ReadString().Length != 0) { throw new SecurityException("ProtectedString-3"); } ps = new ProtectedString(true, "Test"); ProtectedString ps2 = new ProtectedString(true, enc.GetBytes("Test")); if (ps.IsEmpty) { throw new SecurityException("ProtectedString-4"); } pbData = ps.ReadUtf8(); pbData2 = ps2.ReadUtf8(); if (!MemUtil.ArraysEqual(pbData, pbData2)) { throw new SecurityException("ProtectedString-5"); } if (pbData.Length != 4) { throw new SecurityException("ProtectedString-6"); } if (ps.ReadString() != ps2.ReadString()) { throw new SecurityException("ProtectedString-7"); } pbData = ps.ReadUtf8(); pbData2 = ps2.ReadUtf8(); if (!MemUtil.ArraysEqual(pbData, pbData2)) { throw new SecurityException("ProtectedString-8"); } if (!ps.IsProtected) { throw new SecurityException("ProtectedString-9"); } if (!ps2.IsProtected) { throw new SecurityException("ProtectedString-10"); } Random r = new Random(); string str = string.Empty; ps = new ProtectedString(); for (int i = 0; i < 100; ++i) { bool bProt = ((r.Next() % 4) != 0); ps = ps.WithProtection(bProt); int x = r.Next(str.Length + 1); int c = r.Next(20); char ch = (char)r.Next(1, 256); string strIns = new string(ch, c); str = str.Insert(x, strIns); ps = ps.Insert(x, strIns); if (ps.IsProtected != bProt) { throw new SecurityException("ProtectedString-11"); } if (ps.ReadString() != str) { throw new SecurityException("ProtectedString-12"); } ps = ps.WithProtection(bProt); x = r.Next(str.Length); c = r.Next(str.Length - x + 1); str = str.Remove(x, c); ps = ps.Remove(x, c); if (ps.IsProtected != bProt) { throw new SecurityException("ProtectedString-13"); } if (ps.ReadString() != str) { throw new SecurityException("ProtectedString-14"); } } #endif }
public static bool AutoOpenEntry(Activity activity, AutoExecItem item, bool bManual, ActivityLaunchMode launchMode) { string str; PwEntry pe = item.Entry; SprContext ctxNoEsc = new SprContext(pe, item.Database, SprCompileFlags.All); IOConnectionInfo ioc; if (!TryGetDatabaseIoc(item, out ioc)) { return(false); } var ob = GetBoolEx(pe, "SkipIfNotExists", ctxNoEsc); if (!ob.HasValue) // Backw. compat. { ob = GetBoolEx(pe, "Skip if not exists", ctxNoEsc); } if (ob.HasValue && ob.Value) { if (!CheckFileExsts(ioc)) { return(false); } } CompositeKey ck = new CompositeKey(); if (GetString(pe, PwDefs.PasswordField, ctxNoEsc, false, out str)) { ck.AddUserKey(new KcpPassword(str)); } if (GetString(pe, PwDefs.UserNameField, ctxNoEsc, false, out str)) { string strAbs = str; IOConnectionInfo iocKey = IOConnectionInfo.FromPath(strAbs); if (iocKey.IsLocalFile() && !UrlUtil.IsAbsolutePath(strAbs)) { //local relative paths not supported on Android return(false); } ob = GetBoolEx(pe, "SkipIfKeyFileNotExists", ctxNoEsc); if (ob.HasValue && ob.Value) { IOConnectionInfo iocKeyAbs = IOConnectionInfo.FromPath(strAbs); if (!CheckFileExsts(iocKeyAbs)) { return(false); } } try { ck.AddUserKey(new KcpKeyFile(strAbs)); } catch (InvalidOperationException) { Toast.MakeText(Application.Context, Resource.String.error_adding_keyfile, ToastLength.Long).Show(); return(false); } catch (Exception) { throw; } } else // Try getting key file from attachments { ProtectedBinary pBin = pe.Binaries.Get("KeyFile.bin"); if (pBin != null) { ck.AddUserKey(new KcpKeyFile(IOConnectionInfo.FromPath( StrUtil.DataToDataUri(pBin.ReadData(), null)))); } } GetString(pe, "Focus", ctxNoEsc, true, out str); bool bRestoreFocus = str.Equals("Restore", StrUtil.CaseIgnoreCmp); PasswordActivity.Launch(activity, ioc, ck, launchMode, ! bRestoreFocus); App.Kp2a.RegisterChildDatabase(ioc); return(true); }
internal Uri WriteBinaryToFile(string key, bool writeToCacheDirectory) { ProtectedBinary pb = Entry.Binaries.Get(key); System.Diagnostics.Debug.Assert(pb != null); if (pb == null) { throw new ArgumentException(); } ISharedPreferences prefs = PreferenceManager.GetDefaultSharedPreferences(this); string binaryDirectory = prefs.GetString(GetString(Resource.String.BinaryDirectory_key), GetString(Resource.String.BinaryDirectory_default)); if (writeToCacheDirectory) { binaryDirectory = CacheDir.Path + File.Separator + AttachmentContentProvider.AttachmentCacheSubDir; } string filepart = key; if (writeToCacheDirectory) { filepart = filepart.Replace(" ", ""); } var targetFile = new File(binaryDirectory, filepart); File parent = targetFile.ParentFile; if (parent == null || (parent.Exists() && !parent.IsDirectory)) { Toast.MakeText(this, Resource.String.error_invalid_path, ToastLength.Long).Show(); return(null); } if (!parent.Exists()) { // Create parent directory if (!parent.Mkdirs()) { Toast.MakeText(this, Resource.String.error_could_not_create_parent, ToastLength.Long).Show(); return(null); } } string filename = targetFile.AbsolutePath; Uri fileUri = Uri.FromFile(targetFile); byte[] pbData = pb.ReadData(); try { System.IO.File.WriteAllBytes(filename, pbData); } catch (Exception exWrite) { Toast.MakeText(this, GetString(Resource.String.SaveAttachment_Failed, new Java.Lang.Object[] { filename }) + exWrite.Message, ToastLength.Long).Show(); return(null); } finally { MemUtil.ZeroByteArray(pbData); } Toast.MakeText(this, GetString(Resource.String.SaveAttachment_doneMessage, new Java.Lang.Object[] { filename }), ToastLength.Short).Show(); if (writeToCacheDirectory) { return(Uri.Parse("content://" + AttachmentContentProvider.Authority + "/" + filename)); } return(fileUri); }
public ProtectedBinary GetYubikeyResponse(byte Slot, byte ChallengeLength, ProtectedBinary SecretKeyToVerify, bool AllowRecovery) { byte[] resp = new byte[YubiWrapper.yubiRespLen]; var Challenge = GetYubikeyChallenge64(ChallengeLength); YubiSlot slot = YubiSlot.SLOT2; if (Slot == 1) { slot = YubiSlot.SLOT1; } var f = new KeyEntry(slot, Challenge, AllowRecovery); var result = f.ShowDialog(); if (result == DialogResult.OK) { f.Response.CopyTo(resp, 0); Array.Clear(f.Response, 0, f.Response.Length); bool verified = true; if (SecretKeyToVerify != null) { byte[] SecretKey = SecretKeyToVerify.ReadData(); HMACSHA1 sha1 = new HMACSHA1(SecretKey); var hash = sha1.ComputeHash(Challenge); Array.Clear(SecretKey, 0, SecretKey.Length); if (hash == null || resp == null || hash.Length == 0) { verified = false; } else { for (int i = 0; i < hash.Length; i++) { if (hash[i] != resp[i]) { verified = false; break; } } } Array.Clear(hash, 0, hash.Length); } ProtectedBinary respProtected = new ProtectedBinary(true, resp); Array.Clear(resp, 0, resp.Length); if (!verified) { return(null); } return(respProtected); } else if (f.RecoveryMode) { var recovery = new RecoveryKeyFrm(); if (recovery.ShowDialog() != DialogResult.OK) { return(null); } return(recovery.Key); } return(null); }
private static byte[] EncryptSecret(ProtectedBinary secret, ProtectedBinary key, out byte[] iv) { iv = CryptoRandom.Instance.GetRandomBytes(16); // AES 256 uses 128bits blocks using (var ms = new MemoryStream()) { using (var encryptionStream = new StandardAesEngine().EncryptStream(ms, key.ReadData(), iv)) { MemUtil.Write(encryptionStream, secret.ReadData()); } return(ms.ToArray()); } }
public static ProtectedBinary Open(string strName, ProtectedBinary pb, BinaryDataOpenOptions opt) { if (string.IsNullOrEmpty(strName)) { Debug.Assert(false); return(null); } if (pb == null) { Debug.Assert(false); return(null); } if (opt == null) { opt = new BinaryDataOpenOptions(); } byte[] pbData = pb.ReadData(); if (pbData == null) { Debug.Assert(false); return(null); } BinaryDataHandler h = opt.Handler; if (h == BinaryDataHandler.Default) { h = ChooseHandler(strName, pbData, opt); } byte[] pbModData = null; if (h == BinaryDataHandler.InternalViewer) { DataViewerForm dvf = new DataViewerForm(); dvf.InitEx(strName, pbData); UIUtil.ShowDialogAndDestroy(dvf); } else if (h == BinaryDataHandler.InternalEditor) { DataEditorForm def = new DataEditorForm(); def.InitEx(strName, pbData); def.ShowDialog(); if (def.EditedBinaryData != null) { pbModData = def.EditedBinaryData; } UIUtil.DestroyForm(def); } else if (h == BinaryDataHandler.ExternalApp) { pbModData = OpenExternal(strName, pbData, opt); } else { Debug.Assert(false); } ProtectedBinary r = null; if ((pbModData != null) && !MemUtil.ArraysEqual(pbData, pbModData) && !opt.ReadOnly) { if (FileDialogsEx.CheckAttachmentSize(pbModData.LongLength, KPRes.AttachFailed + MessageService.NewParagraph + strName)) { r = new ProtectedBinary(pb.IsProtected, pbModData); } } if (pb.IsProtected) { MemUtil.ZeroByteArray(pbData); } return(r); }
private static void SaveBinary(string strName, ProtectedBinary pb, string strSaveDir) { if (pb == null) { Debug.Assert(false); return; } if (string.IsNullOrEmpty(strName)) { strName = "File.bin"; } string strPath; int iTry = 1; do { strPath = UrlUtil.EnsureTerminatingSeparator(strSaveDir, false); string strExt = UrlUtil.GetExtension(strName); string strDesc = UrlUtil.StripExtension(strName); strPath += strDesc; if (iTry > 1) { strPath += " (" + iTry.ToString(NumberFormatInfo.InvariantInfo) + ")"; } if (!string.IsNullOrEmpty(strExt)) { strPath += "." + strExt; } ++iTry; } #if ModernKeePassLib while (StorageFile.GetFileFromPathAsync(strPath).GetResults() != null); #else while(File.Exists(strPath)); #endif #if ModernKeePassLib byte[] pbData = pb.ReadData(); /*var file = FileSystem.Current.GetFileFromPathAsync(strPath).Result; * using (var stream = file.OpenAsync(FileAccess.ReadAndWrite).Result) {*/ var file = StorageFile.GetFileFromPathAsync(strPath).GetAwaiter().GetResult(); using (var stream = file.OpenAsync(FileAccessMode.ReadWrite).GetAwaiter().GetResult().AsStream()) { stream.Write(pbData, 0, pbData.Length); } MemUtil.ZeroByteArray(pbData); #elif !KeePassLibSD byte[] pbData = pb.ReadData(); File.WriteAllBytes(strPath, pbData); MemUtil.ZeroByteArray(pbData); #else FileStream fs = new FileStream(strPath, FileMode.Create, FileAccess.Write, FileShare.None); byte[] pbData = pb.ReadData(); try { File.WriteAllBytes(strPath, pbData); } finally { if (pb.IsProtected) { MemUtil.ZeroByteArray(pbData); } } #endif }
public static void MigrateToCustomdata(PwDatabase db, PwEntry pe) { bool bPreload = !pe.Strings.Exists(Config.DBPreload) || StrUtil.StringToBool(pe.Strings.ReadSafe(Config.DBPreload)); db.CustomData.Set(Config.DBPreload, StrUtil.BoolToString(bPreload)); bool bUseDB = !pe.Strings.Exists(Config.DBUsage) || StrUtil.StringToBool(pe.Strings.ReadSafe(Config.DBUsage)); db.CustomData.Set(Config.DBUsage, StrUtil.BoolToString(bUseDB)); db.CustomData.Remove(Config.DBKeySources); string k = pe.Strings.ReadSafe("KPOTP.KeySources"); if (!string.IsNullOrEmpty(k)) { db.CustomData.Set(Config.DBKeySources, k); } if (pe.Binaries.Get(OTPDAO.OTPHandler_DB.DBNAME + ".kdbx") != null) { ProtectedBinary pbOTPDB = pe.Binaries.Get(OTPDAO.OTPHandler_DB.DBNAME + ".kdbx"); string otpdb = OTPDAO.OTPHandler_DB.ConvertToCustomData(pbOTPDB.ReadData()); db.CustomData.Set(OTPDAO.OTPHandler_DB.DBNAME, otpdb); } bool bDeleted = false; if (db.RecycleBinEnabled) { PwGroup pgRecycleBin = db.RootGroup.FindGroup(db.RecycleBinUuid, true); if (pgRecycleBin == null) { MethodInfo miEnsureRecycleBin = Program.MainForm.GetType().GetMethod("EnsureRecycleBin", BindingFlags.NonPublic | System.Reflection.BindingFlags.Static); if (miEnsureRecycleBin != null) { object[] p = new object[] { null, db, null }; try { miEnsureRecycleBin.Invoke(null, p); pgRecycleBin = p[0] as PwGroup; } catch { } } } if (pgRecycleBin != null) { pe.ParentGroup.Entries.Remove(pe); pgRecycleBin.AddEntry(pe, true); bDeleted = true; } } else if (!db.RecycleBinEnabled && !bUseDB) { pe.ParentGroup.Entries.Remove(pe); bDeleted = true; } if (!bDeleted) { pe.Strings.Remove(Config.DBPreload); pe.Strings.Remove(Config.DBUsage); pe.Strings.Remove(Config.DBKeySources); pe.Binaries.Remove(OTPDAO.OTPHandler_DB.DBNAME + ".kdbx"); pe.Touch(true); } db.Modified = true; db.SettingsChanged = DateTime.UtcNow; System.Threading.Thread tUpdate = new System.Threading.Thread(UpdateUI); tUpdate.Start(new object[] { bDeleted, db }); OTPDAO.InitEntries(db); OTPDAO.RemoveHandler(db.IOConnectionInfo.Path, true); }
private static void TestProtectedObjects() { #if DEBUG byte[] pbData = Encoding.ASCII.GetBytes("Test Test Test Test"); ProtectedBinary pb = new ProtectedBinary(true, pbData); if (!pb.IsProtected) { throw new SecurityException("ProtectedBinary-1"); } byte[] pbDec = pb.ReadData(); if (!MemUtil.ArraysEqual(pbData, pbDec)) { throw new SecurityException("ProtectedBinary-2"); } if (!pb.IsProtected) { throw new SecurityException("ProtectedBinary-3"); } byte[] pbData2 = Encoding.ASCII.GetBytes("Test Test Test Test"); byte[] pbData3 = Encoding.ASCII.GetBytes("Test Test Test Test Test"); ProtectedBinary pb2 = new ProtectedBinary(true, pbData2); ProtectedBinary pb3 = new ProtectedBinary(true, pbData3); if (!pb.Equals(pb2)) { throw new SecurityException("ProtectedBinary-4"); } if (pb.Equals(pb3)) { throw new SecurityException("ProtectedBinary-5"); } if (pb2.Equals(pb3)) { throw new SecurityException("ProtectedBinary-6"); } if (pb.GetHashCode() != pb2.GetHashCode()) { throw new SecurityException("ProtectedBinary-7"); } if (!((object)pb).Equals((object)pb2)) { throw new SecurityException("ProtectedBinary-8"); } if (((object)pb).Equals((object)pb3)) { throw new SecurityException("ProtectedBinary-9"); } if (((object)pb2).Equals((object)pb3)) { throw new SecurityException("ProtectedBinary-10"); } ProtectedString ps = new ProtectedString(); if (ps.Length != 0) { throw new SecurityException("ProtectedString-1"); } if (!ps.IsEmpty) { throw new SecurityException("ProtectedString-2"); } if (ps.ReadString().Length != 0) { throw new SecurityException("ProtectedString-3"); } ps = new ProtectedString(true, "Test"); ProtectedString ps2 = new ProtectedString(true, StrUtil.Utf8.GetBytes("Test")); if (ps.IsEmpty) { throw new SecurityException("ProtectedString-4"); } pbData = ps.ReadUtf8(); pbData2 = ps2.ReadUtf8(); if (!MemUtil.ArraysEqual(pbData, pbData2)) { throw new SecurityException("ProtectedString-5"); } if (pbData.Length != 4) { throw new SecurityException("ProtectedString-6"); } if (ps.ReadString() != ps2.ReadString()) { throw new SecurityException("ProtectedString-7"); } pbData = ps.ReadUtf8(); pbData2 = ps2.ReadUtf8(); if (!MemUtil.ArraysEqual(pbData, pbData2)) { throw new SecurityException("ProtectedString-8"); } if (!ps.IsProtected) { throw new SecurityException("ProtectedString-9"); } if (!ps2.IsProtected) { throw new SecurityException("ProtectedString-10"); } #endif }
public static ProtectedBinary Open(string strName, ProtectedBinary pb, BinaryDataOpenOptions opt) { if (string.IsNullOrEmpty(strName)) { Debug.Assert(false); return(null); } if (pb == null) { Debug.Assert(false); return(null); } if (opt == null) { opt = new BinaryDataOpenOptions(); } byte[] pbData = pb.ReadData(); if (pbData == null) { Debug.Assert(false); return(null); } BinaryDataHandler h = opt.Handler; if (h == BinaryDataHandler.Default) { h = ChooseHandler(strName, pbData, opt); } byte[] pbModData = null; if (h == BinaryDataHandler.InternalViewer) { DataViewerForm dvf = new DataViewerForm(); dvf.InitEx(strName, pbData); UIUtil.ShowDialogAndDestroy(dvf); } else if (h == BinaryDataHandler.InternalEditor) { DataEditorForm def = new DataEditorForm(); def.InitEx(strName, pbData); def.ShowDialog(); if (def.EditedBinaryData != null) { pbModData = def.EditedBinaryData; } UIUtil.DestroyForm(def); } else if (h == BinaryDataHandler.ExternalApp) { pbModData = OpenExternal(strName, pbData, opt); } else { Debug.Assert(false); } if ((pbModData != null) && !MemUtil.ArraysEqual(pbData, pbModData) && !opt.ReadOnly) { return(new ProtectedBinary(pb.IsProtected, pbModData)); } return(null); }
private static ProtectedBinary DecryptSecret(byte[] encryptedSecret, ProtectedBinary key, byte[] iv) { using (var ms = new MemoryStream(encryptedSecret)) using (var decryptionStream = new StandardAesEngine().DecryptStream(ms, key.ReadData(), iv)) { return(new ProtectedBinary(true, ReadToEnd(decryptionStream))); } }