public SecureMemorySecretFactory(IConfiguration configuration)
{
Debug.WriteLine("ProtectedMemorySecretFactory ctor");
lock (allocatorLock)
{
this.configuration = configuration;
if (allocator != null)
{
refCount++;
Debug.WriteLine($"ProtectedMemorySecretFactory: Using existing allocator refCount: {refCount}");
return;
}
allocator = DetectViaRuntimeInformation(configuration)
?? DetectViaOsVersionPlatform(configuration)
?? DetectOsDescription(configuration);
if (allocator == null)
{
throw new PlatformNotSupportedException("Could not detect supported platform for protected memory");
}
Debug.WriteLine("ProtectedMemorySecretFactory: Created new allocator");
refCount++;
Debug.WriteLine($"ProtectedMemorySecretFactory: Using new allocator refCount: {refCount}");
}
}
public void Dispose()
{
Debug.WriteLine("ProtectedMemorySecretFactory: Dispose");
lock (allocatorLock)
{
if (allocator == null)
{
throw new Exception("ProtectedMemorySecretFactory.Dispose: Allocator is null!");
}
Debug.WriteLine("ProtectedMemorySecretFactory: Allocator is not null");
refCount--;
if (refCount == 0)
{
Debug.WriteLine("ProtectedMemorySecretFactory: refCount is zero, disposing");
allocator.Dispose();
Debug.WriteLine("ProtectedMemorySecretFactory: Setting allocator to null");
allocator = null;
}
else
{
Debug.WriteLine($"ProtectedMemorySecretFactory: New refCount is {refCount}");
}
}
}
private void TestNullConfiguration(ISecureMemoryAllocator protectedMemoryAllocator)
{
Debug.WriteLine("TestNullConfiguration");
using (var secret = new SecureMemorySecret(new byte[] { 0, 1 }, protectedMemoryAllocator, null))
{
}
}
private void TestDefaultMlockConfigurationForMac()
{
Skip.IfNot(RuntimeInformation.IsOSPlatform(OSPlatform.OSX));
ISecureMemoryAllocator allocator = SecureMemorySecretFactory.ConfigureForMacOS64(configuration);
Assert.IsType <MacOSProtectedMemoryAllocatorLP64>(allocator);
Assert.IsNotType <MacOSSecureMemoryAllocatorLP64>(allocator);
}
private void TestWithSecretUtf8CharsWithClosedSecretShouldFail(ISecureMemoryAllocator protectedMemoryAllocator)
{
Debug.WriteLine("TestWithSecretUtf8CharsWithClosedSecretShouldFail");
char[] secretChars = { 'a', 'b' };
SecureMemorySecret secret =
SecureMemorySecret.FromCharArray(secretChars, protectedMemoryAllocator, configuration);
secret.Close();
Assert.Throws <InvalidOperationException>(() => { secret.WithSecretUtf8Chars(decryptedChars => true); });
}
private void TestWithSecretBytesWithClosedSecretShouldFail(ISecureMemoryAllocator protectedMemoryAllocator)
{
Debug.WriteLine("TestWithSecretBytesWithClosedSecretShouldFail");
byte[] secretBytes = { 0, 1 };
SecureMemorySecret secret =
new SecureMemorySecret((byte[])secretBytes.Clone(), protectedMemoryAllocator, configuration);
secret.Close();
Assert.Throws <InvalidOperationException>(() => { secret.WithSecretBytes(decryptedBytes => true); });
}
internal static SecureMemorySecret FromCharArray(char[] sourceChars, ISecureMemoryAllocator allocator, IConfiguration configuration)
{
byte[] sourceBytes = Encoding.UTF8.GetBytes(sourceChars);
try
{
return(new SecureMemorySecret(sourceBytes, allocator, configuration));
}
finally
{
SecureZeroMemory(sourceBytes);
}
}
private void TestWithSecretBytesAction(ISecureMemoryAllocator protectedMemoryAllocator)
{
Debug.WriteLine("TestWithSecretBytesAction");
byte[] secretBytes = { 0, 1 };
using (SecureMemorySecret secret =
new SecureMemorySecret((byte[])secretBytes.Clone(), protectedMemoryAllocator, configuration))
{
secret.WithSecretBytes(decryptedBytes =>
{
Assert.Equal(secretBytes, decryptedBytes);
});
}
}
private void TestWithSecretUtf8CharsAction(ISecureMemoryAllocator protectedMemoryAllocator)
{
Debug.WriteLine("TestWithSecretUtf8CharsAction");
char[] secretChars = { 'a', 'b' };
using (SecureMemorySecret secret =
SecureMemorySecret.FromCharArray(secretChars, protectedMemoryAllocator, configuration))
{
secret.WithSecretUtf8Chars(decryptedChars =>
{
Assert.Equal(secretChars, decryptedChars);
});
}
}
internal SecureMemorySecret(byte[] sourceBytes, ISecureMemoryAllocator allocator, IConfiguration configuration)
{
Debug.WriteLine("SecureMemorySecret ctor");
this.allocator = allocator;
this.configuration = configuration;
if (configuration != null)
{
if (configuration["debugSecrets"] == "true")
{
creationStackTrace = Environment.StackTrace;
}
if (configuration["requireSecretDisposal"] == "true")
{
requireSecretDisposal = true;
}
}
length = (ulong)sourceBytes.Length;
pointer = this.allocator.Alloc((ulong)sourceBytes.Length);
if (pointer == IntPtr.Zero)
{
throw new SecureMemoryAllocationFailedException("Protected memory allocation failed");
}
try
{
Marshal.Copy(sourceBytes, 0, pointer, (int)length);
this.allocator.SetNoAccess(pointer, length);
}
catch
{
try
{
this.allocator.SetReadWriteAccess(pointer, length);
}
finally
{
this.allocator.Free(pointer, length);
pointer = IntPtr.Zero;
}
throw;
}
// Only clear the client's source buffer if we're successful
SecureZeroMemory(sourceBytes);
}
private void TestWithSecretIntPtrActionSuccess(ISecureMemoryAllocator protectedMemoryAllocator)
{
Debug.WriteLine("TestWithSecretIntPtrActionSuccess");
char[] secretChars = { 'a', 'b' };
using (SecureMemorySecret secret =
SecureMemorySecret.FromCharArray(secretChars, protectedMemoryAllocator, configuration))
{
secret.WithSecretIntPtr((ptr, len) =>
{
Assert.NotEqual(ptr, IntPtr.Zero);
Assert.True(len == 2);
});
}
}
private void TestMlockConfigurationSettingForLinux()
{
Skip.IfNot(RuntimeInformation.IsOSPlatform(OSPlatform.Linux));
IConfigurationRoot configuration = new ConfigurationBuilder().AddInMemoryCollection(new Dictionary <string, string>
{
{ "mlock", "disabled" }
}).Build();
ISecureMemoryAllocator allocator = SecureMemorySecretFactory.ConfigureForLinux64(configuration);
Assert.IsType <LinuxSecureMemoryAllocatorLP64>(allocator);
Assert.IsNotType <LinuxProtectedMemoryAllocatorLP64>(allocator);
}
public SecureMemoryAllocatorTest()
{
Trace.Listeners.Clear();
var consoleListener = new ConsoleTraceListener();
Trace.Listeners.Add(consoleListener);
configuration = new ConfigurationBuilder().AddInMemoryCollection(new Dictionary <string, string>()
{
{ "heapSize", "32000" },
{ "minimumAllocationSize", "128" },
}).Build();
Debug.WriteLine("SecureMemoryAllocatorTest ctor");
secureMemoryAllocator = GetPlatformAllocator(configuration);
}
private void TestWithSecretIntPtrDisposed(ISecureMemoryAllocator protectedMemoryAllocator)
{
Debug.WriteLine("TestWithSecretIntPtrDisposed");
char[] secretChars = { 'a', 'b' };
SecureMemorySecret secret =
SecureMemorySecret.FromCharArray(secretChars, protectedMemoryAllocator, configuration);
secret.Dispose();
Assert.Throws <InvalidOperationException>(() =>
{
secret.WithSecretIntPtr((ptr, len) =>
{
return(true);
});
});
}
private void TestAllocatorSetNoDumpFailure()
{
Debug.WriteLine("TestAllocatorSetNoDumpFailure");
byte[] secretBytes = { 0, 1 };
ISecureMemoryAllocator allocator = null;
// TODO : Need to determine if we can stub out the protectedMemoryAllocatorMock.
if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
Mock <MacOSProtectedMemoryAllocatorLP64> secureMemoryAllocatorMacOSMock =
new Mock <MacOSProtectedMemoryAllocatorLP64> {
CallBase = true
};
secureMemoryAllocatorMacOSMock.Setup(x => x.SetNoDump(It.IsAny <IntPtr>(), It.IsAny <ulong>()))
.Throws(new Exception());
allocator = secureMemoryAllocatorMacOSMock.Object;
}
else if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
{
Mock <LinuxOpenSSL11ProtectedMemoryAllocatorLP64> protectedMemoryAllocatorLinuxMock =
new Mock <LinuxOpenSSL11ProtectedMemoryAllocatorLP64>(configuration)
{
CallBase = true
};
protectedMemoryAllocatorLinuxMock.Setup(x => x.SetNoDump(It.IsAny <IntPtr>(), It.IsAny <ulong>()))
.Throws(new Exception());
allocator = secureMemoryAllocatorMock.Object;
}
else
{
return;
}
Assert.Throws <SecureMemoryAllocationFailedException>(() =>
{
using SecureMemorySecret secret =
new SecureMemorySecret(secretBytes, allocator, configuration);
});
}