private static void VerifyScope(MemoryProtectionScope scope)
{
if (((scope != MemoryProtectionScope.SameProcess) && (scope != MemoryProtectionScope.CrossProcess)) && (scope != MemoryProtectionScope.SameLogon))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, SecurityResources.GetResourceString("Arg_EnumIllegalVal"), new object[] { (int) scope }));
}
}
public static void Unprotect(byte[] encryptedData, MemoryProtectionScope scope)
{
if (encryptedData == null)
{
throw new ArgumentNullException("encryptedData");
}
if (Environment.OSVersion.Platform == PlatformID.Win32Windows)
{
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_PlatformRequiresNT"));
}
VerifyScope(scope);
if ((encryptedData.Length == 0) || ((((long) encryptedData.Length) % 0x10L) != 0L))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_DpApi_InvalidMemoryLength"));
}
uint dwFlags = (uint) scope;
try
{
int status = System.Security.Cryptography.CAPI.SystemFunction041(encryptedData, (uint) encryptedData.Length, dwFlags);
if (status < 0)
{
throw new CryptographicException(System.Security.Cryptography.CAPI.CAPISafe.LsaNtStatusToWinError(status));
}
}
catch (EntryPointNotFoundException)
{
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_PlatformRequiresNT"));
}
}
// FIXME [DataProtectionPermission (SecurityAction.Demand, UnprotectMemory = true)]
public static void Unprotect (byte[] encryptedData, MemoryProtectionScope scope)
{
if (encryptedData == null)
throw new ArgumentNullException ("encryptedData");
Check (encryptedData.Length, scope);
try {
uint flags = (uint) scope;
uint length = (uint) encryptedData.Length;
switch (impl) {
case MemoryProtectionImplementation.Win32RtlEncryptMemory:
int err = RtlDecryptMemory (encryptedData, length, flags);
if (err < 0) {
string msg = Locale.GetText ("Error. NTSTATUS = {0}.", err);
throw new CryptographicException (msg);
}
break;
case MemoryProtectionImplementation.Win32CryptoProtect:
bool result = CryptUnprotectMemory (encryptedData, length, flags);
if (!result)
throw new CryptographicException (Marshal.GetLastWin32Error ());
break;
default:
throw new PlatformNotSupportedException ();
}
}
catch {
// Windows 2000 before SP3 will throw
impl = MemoryProtectionImplementation.Unsupported;
throw new PlatformNotSupportedException ();
}
}
public static string DPAPIDecryptText(byte[] nDataToDencrypt, MemoryProtectionScope nScope, byte Corrimiento)
{
if (nDataToDencrypt == null) return "";
try
{
var DataDecrypt = new byte[nDataToDencrypt.Length];
for (var i = 0; i < nDataToDencrypt.Length; i++)
{
var Resultado = (short)(nDataToDencrypt[i] - Corrimiento);
DataDecrypt[i] = (byte)(Resultado < 0 ? Resultado + 255 : Resultado);
}
// Decrypt the data in memory.
DPAPIDecryptInMemoryData(DataDecrypt, nScope);
var Valor = DPAPIgetTextDencrypt(DataDecrypt);
return Valor;
}
catch
{
return "";
}
}
/// <summary>
/// Encrypt a byte array
/// </summary>
/// <param name="Buffer">Buffer [byte[]]</param>
internal static void EncryptProtectedMemory(byte[] Buffer, MemoryProtectionScope Scope)
{
if (Buffer == null)
return;
if (Buffer.Length < 1)
return;
ProtectedMemory.Protect(Buffer, Scope);
}
private static void EncryptInMemoryData(byte[] buffer, MemoryProtectionScope scope)
{
if (buffer.Length <= 0)
throw new ArgumentException("buffer");
if (buffer == null)
throw new ArgumentNullException("buffer");
ProtectedMemory.Protect(buffer, scope);
}
/// <summary>
/// 加密内存中的数据.
/// </summary>
/// <param name="Buffer"></param>
/// <param name="Scope"></param>
public static void EncryptInMemoryData(byte[] Buffer, MemoryProtectionScope Scope)
{
if (Buffer.Length <= 0)
throw new ArgumentException("Buffer");
if (Buffer == null)
throw new ArgumentNullException("Buffer");
// Encrypt the data in memory. The result is stored in the same same array as the original data.
ProtectedMemory.Protect(Buffer, Scope);
}
public static void Unprotect (byte[] encryptedData, MemoryProtectionScope scope)
{
if (encryptedData == null)
throw new ArgumentNullException ("encryptedData");
if (encryptedData.Length % 16 != 0)
throw new CryptographicException ("not a multiple of 16 bytes");
// on Windows this is supported only under XP and later OS
throw new PlatformNotSupportedException ();
}
private static void DecryptInMemoryData(byte[] buffer, MemoryProtectionScope scope)
{
if (buffer.Length <= 0)
throw new ArgumentException("Buffer");
if (buffer == null)
throw new ArgumentNullException("Buffer");
// Decrypt the data in memory. The result is stored in the same same array as the original data.
ProtectedMemory.Unprotect(buffer, scope);
}
/// <summary>
/// Decrypts a string
/// </summary>
/// <param name="Buffer">Encrypted buffer</param>
/// <returns>Decrypted data [string]</returns>
internal static string DecryptProtectedString(byte[] Buffer, MemoryProtectionScope Scope)
{
if (Buffer == null)
return string.Empty;
if (Buffer.Length < 1)
return string.Empty;
ProtectedMemory.Unprotect(Buffer, Scope);
return Convert.ToBase64String(Buffer);
}
// Protect a block of memory.
public static void Protect
(byte[] userData, MemoryProtectionScope scope)
{
if(userData == null)
{
throw new ArgumentNullException("userData");
}
if((userData.Length % 16) != 0)
{
throw new CryptographicException(_("Crypto_MultOf16"));
}
ProtectedData.Protect(userData, null, scope, userData);
}
public static void Protect(byte[] userData, MemoryProtectionScope scope)
{
byte bt = 5;
unchecked
{
for(int i = 0; i < userData.Length; ++i)
{
userData[i] ^= bt;
bt += 13;
}
}
}
private InMemoryKey(byte[] preProtectedKey, int keyLength, MemoryProtectionScope scope)
{
if (!(preProtectedKey != null))
throw new ArgumentNullException("preProtectedKey");
if (!(preProtectedKey.Length > 0))
throw new ArgumentException("The key must not be empty");
if (!(keyLength > 0))
throw new ArgumentException("The key must not be empty");
this.keyLength = keyLength;
this.isProtected = true;
this.protectedKeyData = preProtectedKey;
this.scope = scope;
}
private void ProtectUnprotect (MemoryProtectionScope scope)
{
try {
byte[] data = new byte [16];
ProtectedMemory.Protect (data, scope);
Assert.IsFalse (IsEmpty (data), "Protect");
ProtectedMemory.Unprotect (data, scope);
Assert.IsTrue (IsEmpty (data), "Unprotect");
}
catch (PlatformNotSupportedException) {
Assert.Ignore ("Only supported under Windows 2000 SP3 and later");
}
}
public ProtectedMemoryContext(byte[] memory, MemoryProtectionScope scope)
{
this.memory = memory;
this.scope = scope;
if (counts.ContainsKey(memory))
{
counts[memory]++;
}
else
{
counts.Add(memory, 1);
ProtectedMemory.Unprotect(memory, scope);
}
}
private void ProtectUnprotect (MemoryProtectionScope scope)
{
byte[] data = new byte [16];
ProtectedMemory.Protect (data, scope);
int total = 0;
for (int i=0; i < 16; i++)
total += data [i];
Assert.IsFalse ((total == 0), "Protect");
ProtectedMemory.Unprotect (data, scope);
total = 0;
for (int i=0; i < 16; i++)
total += data [i];
Assert.IsTrue ((total == 0), "Unprotect");
}
public static byte[] DPAPIEncryptText(string nDataToEncrypt, MemoryProtectionScope nScope, byte Corrimiento)
{
// Create the original data to be encrypted (The data length should be a multiple of 16).
byte[] toEncrypt = DPAPIgetBytesToEncrypt(nDataToEncrypt);
// Encrypt the data in memory.
DPAPIEncryptInMemoryData(toEncrypt, nScope);
for (var i = 0; i < toEncrypt.Length; i++)
{
var Resultado = (short)(toEncrypt[i] + Corrimiento);
toEncrypt[i] = (byte)(Resultado > 255 ? Resultado - 255 : Resultado);
}
return toEncrypt;
}
// Protect a block of memory.
internal static void Protect
(byte[] userData, byte[] optionalEntropy,
MemoryProtectionScope scope, byte[] output)
{
// Get the key to use.
byte[] key = GetScopeKey(scope, optionalEntropy);
// Encrypt the block of memory using AES.
Rijndael alg = new RijndaelManaged();
alg.Mode = CipherMode.CFB;
ICryptoTransform transform = alg.CreateEncryptor(key, null);
transform.TransformBlock
(userData, 0, userData.Length, output, 0);
transform.Dispose();
alg.Clear();
Array.Clear(key, 0, key.Length);
}
// Get the encryption key to use to protect memory for a scope.
private static byte[] GetScopeKey(MemoryProtectionScope scope, byte[] salt)
{
String key;
PasswordDeriveBytes derive;
if(scope == MemoryProtectionScope.SameLogon)
{
key = Environment.UserName;
}
else
{
key = Environment.UserName + "/" + Environment.MachineName;
}
if(salt == null)
{
salt = new byte [16];
}
derive = new PasswordDeriveBytes(key, salt);
return derive.CryptDeriveKey("Rijndael", "SHA1", 16, null);
}
/// <summary>
/// Creates an instance of a protected key.
/// </summary>
/// <param name="key">Plaintext key data</param>
public InMemoryKey(byte[] key)
{
if (!(key != null))
throw new ArgumentNullException("key");
if (!(key.Length > 0))
throw new ArgumentException("The key must not be empty");
this.keyLength = key.Length;
int paddedKeyLength = (int)Math.Ceiling((decimal)key.Length / (decimal)16) * 16;
this.protectedKeyData = new byte[paddedKeyLength];
Array.Copy(key, this.protectedKeyData, key.Length);
if (IsPlatformSupported())
{
this.scope = MemoryProtectionScope.SameProcess;
ProtectedMemory.Protect(this.protectedKeyData, this.scope);
this.isProtected = true;
}
}
public static byte[] Protect
(byte[] userData, byte[] optionalEntropy,
MemoryProtectionScope scope)
{
// Validate the parameters.
if(userData == null)
{
throw new ArgumentNullException("userData");
}
// Protect the data and return it.
byte[] output = new byte [userData.Length];
Protect(userData, optionalEntropy, scope, output);
return output;
}
/// <summary>
/// Encrypts a string
/// </summary>
/// <param name="Data">String to encrypt</param>
/// <returns>Encrypted buffer [byte[]]</returns>
internal static byte[] EncryptProtectedString(string Data, MemoryProtectionScope Scope)
{
if (string.IsNullOrEmpty(Data)) return null;
byte[] buffer = Convert.FromBase64String(Data);
ProtectedMemory.Protect(buffer, Scope);
return buffer;
}
internal static void Unprotect(byte[] m_pbData, MemoryProtectionScope sameProcess)
{
throw new NotImplementedException();
}
/// <summary>
/// Unprotects data in memory that was protected.
/// </summary>
/// <param name="data">The byte array in memory to unencrypt.</param>
/// <param name="scope">One of the enumeration values that specifies the scope of memory protection.</param>
/// <returns>A byte array representing the decrypted data.</returns>
public byte[] Unprotect(byte[] data, MemoryProtectionScope scope = MemoryProtectionScope.SameLogon)
{
ProtectedMemory.Unprotect(data, scope);
return(data);
}
public static void Unprotect (byte[] encryptedData,
MemoryProtectionScope scope) {
if (encryptedData == null)
throw new ArgumentNullException("encryptedData");
if (Environment.OSVersion.Platform == PlatformID.Win32Windows)
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_PlatformRequiresNT"));
VerifyScope(scope);
// The RtlEncryptMemory and RtlDecryptMemory functions are available on WinXP and publicly published
// in the ntsecapi.h header file as of Windows Server 2003.
// The Rtl functions accept data in 8 byte increments, but we don't want applications to be able to make use of this,
// or else they're liable to break when the user upgrades.
if ((encryptedData.Length == 0) || (encryptedData.Length % CAPI.CRYPTPROTECTMEMORY_BLOCK_SIZE != 0))
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_DpApi_InvalidMemoryLength"));
uint dwFlags = (uint) scope;
try {
// RtlDecryptMemory return an NTSTATUS
int status = CAPI.SystemFunction041(encryptedData,
(uint) encryptedData.Length,
dwFlags);
if (status < 0) // non-negative numbers indicate success
throw new CryptographicException(CAPI.CAPISafe.LsaNtStatusToWinError(status));
}
catch (EntryPointNotFoundException) {
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_PlatformRequiresNT"));
}
}
public static byte[] Unprotect(byte[] userData, MemoryProtectionScope scope)
{
throw new NotImplementedException();
}
public ProtectedMemoryContext(byte[] memory, MemoryProtectionScope scope)
{
this.memory = memory;
this.scope = scope;
ProtectedMemory.Unprotect(memory, scope);
}
public static void Unprotect(byte[] data, MemoryProtectionScope scope)
{
}
public static void Protect(byte[] data, MemoryProtectionScope scope)
{
CryptoUtil.ProtectData(data, null, DataProtectionScope.CurrentUser);
}
public static void Unprotect(byte[] data, MemoryProtectionScope scope)
{
}
public static void Unprotect(byte[] data, MemoryProtectionScope scope)
{
ProtectedData.Unprotect(data, null, DataProtectionScope.CurrentUser);
}
private static void Check (int size, MemoryProtectionScope scope)
{
if (size % BlockSize != 0) {
string msg = Locale.GetText ("Not a multiple of {0} bytes.", BlockSize);
throw new CryptographicException (msg);
}
if ((scope < MemoryProtectionScope.SameProcess) || (scope > MemoryProtectionScope.SameLogon)) {
string msg = Locale.GetText ("Invalid enum value for '{0}'.", "MemoryProtectionScope");
throw new ArgumentException (msg, "scope");
}
switch (impl) {
case MemoryProtectionImplementation.Unknown:
Detect ();
break;
case MemoryProtectionImplementation.Unsupported:
throw new PlatformNotSupportedException ();
}
}
/// <summary>
/// Creates an instance of the protected key from a byte array that has already been protected using the ProtectedMemory.Protect method call.
/// </summary>
/// <param name="preProtectedKey">Pre-protected key data</param>
/// <param name="keyLength">The length of the plaintext key (protected memory may need to be padded)</param>
/// <param name="scope">The memory protection scope that was used to protect the memory</param>
/// <returns>A protected key instance from the provided key</returns>
public static InMemoryKey CreateProtectedKeyFromPreProtectedMemory(byte[] preProtectedKey, int keyLength, MemoryProtectionScope scope)
{
return new InMemoryKey(preProtectedKey, keyLength, scope);
}
// Methods
public static void Protect(byte[] userData, MemoryProtectionScope scope)
{
}
// Methods
public static void Protect(byte[] userData, MemoryProtectionScope scope)
{
}
public static void Unprotect(byte[] encryptedData, MemoryProtectionScope scope)
{
Protect(encryptedData, scope);
}
public static void Unprotect(byte[] encryptedData, MemoryProtectionScope scope)
{
Protect(encryptedData, scope);
}
