public static string Login(string username, string passwordPlaintext)
        {
            var passwordHash = RFSecure.ComputeHash(passwordPlaintext);

            _passwordHashCache.AddOrUpdate(username, passwordHash, (k, v) => passwordHash);
            return(GetPasswordHash(username));
        }
Exemple #2
0
        // runtime only

        public void ChangeMasterKey(byte[] newKey)
        {
            RFStatic.Log.Debug(this, "ChangeMasterKey under user {0}", AccessingUsername);

            var oldMasterKey = GetKey(MASTER_KEY_ID);

            if (oldMasterKey == null)
            {
                throw new RFSystemException(this, "Existing Master Key not accessible.");
            }

            // remove all entries with master key (other users')
            Rows.RemoveAll(r => r.Key.KeyID == MASTER_KEY_ID);
            BuildCache();

            // save new master key
            SecureKeyByPassword(MASTER_KEY_ID, newKey);

            // reencrypt all keys using the new master key
            foreach (var k in Rows.Where(r => r.Key.SecuredByKeyID == MASTER_KEY_ID))
            {
                var plainKey = RIFF.Interfaces.Encryption.AES.AESUtils.SimpleDecrypt(k.CipherStream, oldMasterKey, SALT_LENGTH);
                k.CipherStream = RIFF.Interfaces.Encryption.AES.AESUtils.SimpleEncrypt(plainKey, newKey, RFSecure.GenerateSalt(SALT_LENGTH));
            }
        }
Exemple #3
0
        private void ResetLogin(string username, string passwordHash)
        {
            RFStatic.Log.Debug(this, "ResetLogin {0}", username);

            username = username.Trim().ToLower();
            var loginKey     = GetLoginKey(username);
            var loginMapping = GetOrCreateMapping(loginKey);

            loginMapping.CipherStream = RIFF.Interfaces.Encryption.AES.AESUtils.SimpleEncryptWithPassword(new byte[] { 0x66 }, passwordHash, RFSecure.GenerateSalt(SALT_LENGTH));
        }
Exemple #4
0
        public void SecureKeyForAnotherUser(string keyID, byte[] keyStream, string username, string passwordHash)
        {
            RFStatic.Log.Debug(this, "SecureKeyForAnotherUser key {0} by user {1} for user {2}", keyID, AccessingUsername, username);

            if (!IsOpen())
            {
                throw new RFSystemException(this, "Key Vault hasn't been opened yet.");
            }
            if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(passwordHash))
            {
                throw new RFSystemException(this, "Empty credentials provided.");
            }
            username = username.ToLower().Trim();
            if (keyStream == null || string.IsNullOrWhiteSpace(keyID))
            {
                throw new RFSystemException(this, "Empty key provided.");
            }
            var securedKey = GetOrCreateMapping(new Key
            {
                KeyID             = keyID,
                SecuredByKeyID    = null,
                SecuredByUsername = username
            });

            securedKey.CipherStream = RIFF.Interfaces.Encryption.AES.AESUtils.SimpleEncryptWithPassword(keyStream, passwordHash, RFSecure.GenerateSalt(SALT_LENGTH));
        }
Exemple #5
0
        public void SecureKeyByAnotherKey(string keyID, byte[] keyStream, string secureByKeyID)
        {
            RFStatic.Log.Debug(this, "SecureKeyByAnotherKey key {0} using key {1} under user {2}", keyID, secureByKeyID, AccessingUsername);

            if (!IsOpen())
            {
                throw new RFSystemException(this, "Key Vault hasn't been opened yet.");
            }

            if (keyStream == null || string.IsNullOrWhiteSpace(keyID))
            {
                throw new RFSystemException(this, "Empty key provided.");
            }

            var secureByKey = GetKey(secureByKeyID);

            if (secureByKey != null)
            {
                var securedKey = GetOrCreateMapping(new Key
                {
                    KeyID             = keyID,
                    SecuredByKeyID    = secureByKeyID,
                    SecuredByUsername = null
                });
                securedKey.CipherStream = RIFF.Interfaces.Encryption.AES.AESUtils.SimpleEncrypt(keyStream, secureByKey, RFSecure.GenerateSalt(SALT_LENGTH));
            }
            else
            {
                throw new RFSystemException(this, "Requested encryption key {0} not accessible.", secureByKeyID);
            }
        }
Exemple #6
0
        public void ResetUser(string username, string passwordHash) // reset ourselves OK
        {
            RFStatic.Log.Debug(this, "ResetUser {0}", username);

            username = username.Trim().ToLower();

            // reset held keys
            var ownedKeys = new Dictionary <string, byte[]>(); // cache owned keys

            foreach (var r in Rows.Where(r => r.Key.SecuredByUsername == username && r.Key.KeyID != LOGIN_KEY_ID))
            {
                if (!ownedKeys.ContainsKey(r.Key.KeyID))
                {
                    var ownedKey = GetKey(r.Key.KeyID); // we need to be able to access this key as ourselves
                    if (ownedKey != null)
                    {
                        ownedKeys.Add(r.Key.KeyID, ownedKey); // cache
                    }
                    else
                    {
                        throw new RFSystemException(this, "Unable to reset user {0} as key {1} not accessible to user {2}", username, r.Key.KeyID, AccessingUsername);
                    }
                }
            }

            // reset login
            ResetLogin(username, passwordHash);

            // iterate again this time recrypting keys
            foreach (var r in Rows.Where(r => r.Key.SecuredByUsername == username && r.Key.KeyID != LOGIN_KEY_ID))
            {
                var ownedKey = ownedKeys[r.Key.KeyID];                                                                                                          // stored plain key
                r.CipherStream = RIFF.Interfaces.Encryption.AES.AESUtils.SimpleEncryptWithPassword(ownedKey, passwordHash, RFSecure.GenerateSalt(SALT_LENGTH)); // recrypt using new password
            }
        }