Пример #1
0
        public string Serialize(object stateGraph)
        {
            string       str          = null;
            MemoryStream memoryStream = GetMemoryStream();

            try
            {
                this.Serialize(memoryStream, stateGraph);
                memoryStream.SetLength(memoryStream.Position);
                byte[] buf    = memoryStream.GetBuffer();
                int    length = (int)memoryStream.Length;
                if ((this._page != null) && this._page.RequiresViewStateEncryptionInternal)
                {
                    buf    = MachineKeySection.EncryptOrDecryptData(true, buf, this.GetMacKeyModifier(), 0, length);
                    length = buf.Length;
                }
                else if (((this._page != null) && this._page.EnableViewStateMac) || (this._macKeyBytes != null))
                {
                    buf = MachineKeySection.GetEncodedData(buf, this.GetMacKeyModifier(), 0, ref length);
                }
                str = Convert.ToBase64String(buf, 0, length);
            }
            finally
            {
                ReleaseMemoryStream(memoryStream);
            }
            return(str);
        }
        public static string Encode(byte[] data, MachineKeyProtection protectionOption)
        {
            if (data == null)
            {
                throw new ArgumentNullException("data");
            }

            //////////////////////////////////////////////////////////////////////
            // Step 1: Get the MAC and add to the blob
            if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Validation)
            {
                byte[] bHash = MachineKeySection.HashData(data, null, 0, data.Length);
                byte[] bAll  = new byte[bHash.Length + data.Length];
                Buffer.BlockCopy(data, 0, bAll, 0, data.Length);
                Buffer.BlockCopy(bHash, 0, bAll, data.Length, bHash.Length);
                data = bAll;
            }

            if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Encryption)
            {
                //////////////////////////////////////////////////////////////////////
                // Step 2: Encryption
                data = MachineKeySection.EncryptOrDecryptData(true, data, null, 0, data.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
            }

            //////////////////////////////////////////////////////////////////////
            // Step 3: Covert the buffer to HEX string and return it
            return(CryptoUtil.BinaryToHex(data));
        }
        internal static byte[] Decode(CookieProtection cookieProtection, string data, Purpose purpose)
        {
            byte[] buf = HttpServerUtility.UrlTokenDecode(data);
            if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
            {
                // If we're configured to go through the new crypto routines, do so.
                ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(purpose);
                return(cryptoService.Unprotect(buf));
            }

#pragma warning disable 618 // calling obsolete methods
            // Otherwise fall back to using MachineKeySection.
            if (buf == null || cookieProtection == CookieProtection.None)
            {
                return(buf);
            }
            if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Encryption)
            {
                buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length);
                if (buf == null)
                {
                    return(null);
                }
            }

            if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Validation)
            {
                return(MachineKeySection.GetUnHashedData(buf));
            }
            return(buf);

#pragma warning restore 618 // calling obsolete methods
        }
Пример #4
0
        internal static String Encrypt(FormsAuthenticationTicket ticket, bool hexEncodedTicket)
        {
            if (ticket == null)
            {
                throw new ArgumentNullException("ticket");
            }

            Initialize();
            //////////////////////////////////////////////////////////////////////
            // Step 1a: Make it into a binary blob
            byte[] bBlob = MakeTicketIntoBinaryBlob(ticket);
            if (bBlob == null)
            {
                return(null);
            }

            //////////////////////////////////////////////////////////////////////
            // Step 1b: If new crypto routines are enabled, call them instead.
            if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
            {
                ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(Purpose.FormsAuthentication_Ticket);
                byte[]         protectedData = cryptoService.Protect(bBlob);
                bBlob = protectedData;
            }
            else
            {
#pragma warning disable 618 // calling obsolete methods
                // otherwise..

                //////////////////////////////////////////////////////////////////////
                // Step 2: Get the MAC and add to the blob
                if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Validation)
                {
                    byte[] bMac = MachineKeySection.HashData(bBlob, null, 0, bBlob.Length);
                    if (bMac == null)
                    {
                        return(null);
                    }
                    byte[] bAll = new byte[bMac.Length + bBlob.Length];
                    Buffer.BlockCopy(bBlob, 0, bAll, 0, bBlob.Length);
                    Buffer.BlockCopy(bMac, 0, bAll, bBlob.Length, bMac.Length);
                    bBlob = bAll;
                }

                if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Encryption)
                {
                    //////////////////////////////////////////////////////////////////////
                    // Step 3: Do the actual encryption
                    // DevDiv Bugs 137864: Include a random IV if under the right compat mode
                    // for improved encryption semantics
                    bBlob = MachineKeySection.EncryptOrDecryptData(true, bBlob, null, 0, bBlob.Length, false, false, IVType.Random);
                }
#pragma warning restore 618 // calling obsolete methods
            }

            //if (!hexEncodedTicket)
            //    return HttpServerUtility.UrlTokenEncode(bBlob);
            //else
            return(CryptoUtil.BinaryToHex(bBlob));
        }
Пример #5
0
 private static string Encrypt(FormsAuthenticationTicket ticket, bool hexEncodedTicket)
 {
     if (ticket == null)
     {
         throw new ArgumentNullException("ticket");
     }
     Initialize();
     byte[] buf = MakeTicketIntoBinaryBlob(ticket);
     if (buf == null)
     {
         return(null);
     }
     if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Validation))
     {
         byte[] src = MachineKeySection.HashData(buf, null, 0, buf.Length);
         if (src == null)
         {
             return(null);
         }
         byte[] dst = new byte[src.Length + buf.Length];
         Buffer.BlockCopy(buf, 0, dst, 0, buf.Length);
         Buffer.BlockCopy(src, 0, dst, buf.Length, src.Length);
         buf = dst;
     }
     if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Encryption))
     {
         buf = MachineKeySection.EncryptOrDecryptData(true, buf, null, 0, buf.Length, false, false, IVType.Random);
     }
     if (!hexEncodedTicket)
     {
         return(HttpServerUtility.UrlTokenEncode(buf));
     }
     return(MachineKeySection.ByteArrayToHexString(buf, 0));
 }
 internal static string Encode(CookieProtection cookieProtection, byte[] buf, int count)
 {
     if ((cookieProtection == CookieProtection.All) || (cookieProtection == CookieProtection.Validation))
     {
         byte[] src = MachineKeySection.HashData(buf, null, 0, count);
         if (src == null)
         {
             return(null);
         }
         if (buf.Length >= (count + src.Length))
         {
             Buffer.BlockCopy(src, 0, buf, count, src.Length);
         }
         else
         {
             byte[] buffer2 = buf;
             buf = new byte[count + src.Length];
             Buffer.BlockCopy(buffer2, 0, buf, 0, count);
             Buffer.BlockCopy(src, 0, buf, count, src.Length);
         }
         count += src.Length;
     }
     if ((cookieProtection == CookieProtection.All) || (cookieProtection == CookieProtection.Encryption))
     {
         buf   = MachineKeySection.EncryptOrDecryptData(true, buf, null, 0, count);
         count = buf.Length;
     }
     if (count < buf.Length)
     {
         byte[] buffer3 = buf;
         buf = new byte[count];
         Buffer.BlockCopy(buffer3, 0, buf, 0, count);
     }
     return(HttpServerUtility.UrlTokenEncode(buf));
 }
 public static byte[] Decode(string encodedData, MachineKeyProtection protectionOption)
 {
     if (encodedData == null)
     {
         throw new ArgumentNullException("encodedData");
     }
     if ((encodedData.Length % 2) != 0)
     {
         throw new ArgumentException(null, "encodedData");
     }
     byte[] buf = null;
     try
     {
         buf = MachineKeySection.HexStringToByteArray(encodedData);
     }
     catch
     {
         throw new ArgumentException(null, "encodedData");
     }
     if ((buf == null) || (buf.Length < 1))
     {
         throw new ArgumentException(null, "encodedData");
     }
     if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Encryption))
     {
         buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
         if (buf == null)
         {
             return(null);
         }
     }
     if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Validation))
     {
         if (buf.Length < MachineKeySection.HashSize)
         {
             return(null);
         }
         byte[] src = buf;
         buf = new byte[src.Length - MachineKeySection.HashSize];
         Buffer.BlockCopy(src, 0, buf, 0, buf.Length);
         byte[] buffer3 = MachineKeySection.HashData(buf, null, 0, buf.Length);
         if ((buffer3 == null) || (buffer3.Length != MachineKeySection.HashSize))
         {
             return(null);
         }
         for (int i = 0; i < buffer3.Length; i++)
         {
             if (buffer3[i] != src[buf.Length + i])
             {
                 return(null);
             }
         }
     }
     return(buf);
 }
        public byte[] EncryptOrDecryptData(bool encrypt, byte[] buffer, bool useLegacyMode)
        {
            // DevDiv Bugs 137864: Use IVType.None for compatibility with stored passwords even after SP20 compat mode enabled.
            // This is the ONLY case IVType.None should be used.

            // We made changes to how encryption takes place in response to MSRC 10405. Membership needs to opt-out of
            // these changes (by setting signData to false) to preserve back-compat with existing databases.

#pragma warning disable 618 // calling obsolete methods
            return(MachineKeySection.EncryptOrDecryptData(encrypt, buffer, (byte[])null, 0, buffer.Length, false /* useValidationSymAlgo */, useLegacyMode, IVType.None, false /*Sign*/));

#pragma warning restore 618 // calling obsolete methods
        }
        internal static string Encode(CookieProtection cookieProtection, byte [] buf, Purpose purpose)
        {
            if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
            {
                // If we're configured to go through the new crypto routines, do so.
                ICryptoService cryptoService = AspNetCryptoServiceProvider.Instance.GetCryptoService(purpose);
                return(HttpServerUtility.UrlTokenEncode(cryptoService.Protect(buf)));
            }

#pragma warning disable 618 // calling obsolete methods
            // Otherwise fall back to using MachineKeySection.
            int count = buf.Length;
            if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Validation)
            {
                byte[] bMac = MachineKeySection.HashData(buf, null, 0, count);

                if (bMac == null)
                {
                    return(null);
                }
                if (buf.Length >= count + bMac.Length)
                {
                    Buffer.BlockCopy(bMac, 0, buf, count, bMac.Length);
                }
                else
                {
                    byte[] bTemp = buf;
                    buf = new byte[count + bMac.Length];
                    Buffer.BlockCopy(bTemp, 0, buf, 0, count);
                    Buffer.BlockCopy(bMac, 0, buf, count, bMac.Length);
                }
                count += bMac.Length;
            }

            if (cookieProtection == CookieProtection.All || cookieProtection == CookieProtection.Encryption)
            {
                buf   = MachineKeySection.EncryptOrDecryptData(true, buf, null, 0, count);
                count = buf.Length;
            }
            if (count < buf.Length)
            {
                byte[] bTemp = buf;
                buf = new byte[count];
                Buffer.BlockCopy(bTemp, 0, buf, 0, count);
            }
#pragma warning restore 618 // calling obsolete methods

            return(HttpServerUtility.UrlTokenEncode(buf));
        }
 public static string Encode(byte[] data, MachineKeyProtection protectionOption)
 {
     if (data == null)
     {
         throw new ArgumentNullException("data");
     }
     if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Validation))
     {
         byte[] src = MachineKeySection.HashData(data, null, 0, data.Length);
         byte[] dst = new byte[src.Length + data.Length];
         Buffer.BlockCopy(data, 0, dst, 0, data.Length);
         Buffer.BlockCopy(src, 0, dst, data.Length, src.Length);
         data = dst;
     }
     if ((protectionOption == MachineKeyProtection.All) || (protectionOption == MachineKeyProtection.Encryption))
     {
         data = MachineKeySection.EncryptOrDecryptData(true, data, null, 0, data.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
     }
     return(MachineKeySection.ByteArrayToHexString(data, 0));
 }
Пример #11
0
        public object Deserialize(string inputString)
        {
            if (string.IsNullOrEmpty(inputString))
            {
                throw new ArgumentNullException("inputString");
            }
            byte[] buf    = Convert.FromBase64String(inputString);
            int    length = buf.Length;

            try
            {
                if ((this._page != null) && this._page.ContainsEncryptedViewState)
                {
                    buf    = MachineKeySection.EncryptOrDecryptData(false, buf, this.GetMacKeyModifier(), 0, length);
                    length = buf.Length;
                }
                else if (((this._page != null) && this._page.EnableViewStateMac) || (this._macKeyBytes != null))
                {
                    buf = MachineKeySection.GetDecodedData(buf, this.GetMacKeyModifier(), 0, length, ref length);
                }
            }
            catch
            {
                PerfCounters.IncrementCounter(AppPerfCounter.VIEWSTATE_MAC_FAIL);
                ViewStateException.ThrowMacValidationError(null, inputString);
            }
            object       obj2         = null;
            MemoryStream memoryStream = GetMemoryStream();

            try
            {
                memoryStream.Write(buf, 0, length);
                memoryStream.Position = 0L;
                obj2 = this.Deserialize(memoryStream);
            }
            finally
            {
                ReleaseMemoryStream(memoryStream);
            }
            return(obj2);
        }
 internal static byte[] Decode(CookieProtection cookieProtection, string data)
 {
     byte[] buf = HttpServerUtility.UrlTokenDecode(data);
     if ((buf == null) || (cookieProtection == CookieProtection.None))
     {
         return(buf);
     }
     if ((cookieProtection == CookieProtection.All) || (cookieProtection == CookieProtection.Encryption))
     {
         buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length);
         if (buf == null)
         {
             return(null);
         }
     }
     if ((cookieProtection != CookieProtection.All) && (cookieProtection != CookieProtection.Validation))
     {
         return(buf);
     }
     return(MachineKeySection.GetUnHashedData(buf));
 }
        public static byte[] Decode(string encodedData, MachineKeyProtection protectionOption)
        {
            if (encodedData == null)
            {
                throw new ArgumentNullException("encodedData");
            }

            if ((encodedData.Length % 2) != 0)
            {
                throw new ArgumentException(null, "encodedData");
            }

            byte[] data = null;
            try {
                //////////////////////////////////////////////////////////////////////
                // Step 1: Covert the HEX string to byte array
                data = CryptoUtil.HexToBinary(encodedData);
            }
            catch {
                throw new ArgumentException(null, "encodedData");
            }

            if (data == null || data.Length < 1)
            {
                throw new ArgumentException(null, "encodedData");
            }

            if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Encryption)
            {
                //////////////////////////////////////////////////////////////////
                // Step 2: Decrypt the data
                data = MachineKeySection.EncryptOrDecryptData(false, data, null, 0, data.Length, false, false, IVType.Random, !AppSettings.UseLegacyMachineKeyEncryption);
                if (data == null)
                {
                    return(null);
                }
            }

            if (protectionOption == MachineKeyProtection.All || protectionOption == MachineKeyProtection.Validation)
            {
                //////////////////////////////////////////////////////////////////
                // Step 3a: Remove the hash from the end of the data
                if (data.Length < MachineKeySection.HashSize)
                {
                    return(null);
                }
                byte[] originalData = data;
                data = new byte[originalData.Length - MachineKeySection.HashSize];
                Buffer.BlockCopy(originalData, 0, data, 0, data.Length);

                //////////////////////////////////////////////////////////////////
                // Step 3b: Calculate the hash and make sure it matches
                byte[] bHash = MachineKeySection.HashData(data, null, 0, data.Length);
                if (bHash == null || bHash.Length != MachineKeySection.HashSize)
                {
                    return(null); // Sizes don't match
                }
                for (int iter = 0; iter < bHash.Length; iter++)
                {
                    if (bHash[iter] != originalData[data.Length + iter])
                    {
                        return(null); // Mis-match found
                    }
                }
            }

            return(data);
        }
Пример #14
0
        /////////////////////////////////////////////////////////////////////////////
        /////////////////////////////////////////////////////////////////////////////
        /////////////////////////////////////////////////////////////////////////////
        // Decrypt and get the auth ticket

        /// <devdoc>
        ///    <para>Given an encrypted authenitcation ticket as
        ///       obtained from an HTTP cookie, this method returns an instance of a
        ///       FormsAuthenticationTicket class.</para>
        /// </devdoc>
        public static FormsAuthenticationTicket Decrypt(string encryptedTicket)
        {
            if (String.IsNullOrEmpty(encryptedTicket) || encryptedTicket.Length > MAX_TICKET_LENGTH)
            {
                throw new ArgumentException(SR.GetString(SR.InvalidArgumentValue, "encryptedTicket"));
            }

            Initialize();
            byte[] bBlob = null;
            if ((encryptedTicket.Length % 2) == 0)   // Could be a hex string
            {
                try {
                    bBlob = CryptoUtil.HexToBinary(encryptedTicket);
                } catch { }
            }
            if (bBlob == null)
            {
                bBlob = HttpServerUtility.UrlTokenDecode(encryptedTicket);
            }
            if (bBlob == null || bBlob.Length < 1)
            {
                throw new ArgumentException(SR.GetString(SR.InvalidArgumentValue, "encryptedTicket"));
            }

            int ticketLength;

            if (AspNetCryptoServiceProvider.Instance.IsDefaultProvider)
            {
                // If new crypto routines are enabled, call them instead.
                ICryptoService cryptoService   = AspNetCryptoServiceProvider.Instance.GetCryptoService(Purpose.FormsAuthentication_Ticket);
                byte[]         unprotectedData = cryptoService.Unprotect(bBlob);
                ticketLength = unprotectedData.Length;
                bBlob        = unprotectedData;
            }
            else
            {
#pragma warning disable 618 // calling obsolete methods
                // Otherwise call into MachineKeySection routines.

                if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Encryption)
                {
                    // DevDiv Bugs 137864: Include a random IV if under the right compat mode
                    // for improved encryption semantics
                    bBlob = MachineKeySection.EncryptOrDecryptData(false, bBlob, null, 0, bBlob.Length, false, false, IVType.Random);
                    if (bBlob == null)
                    {
                        return(null);
                    }
                }

                ticketLength = bBlob.Length;

                if (_Protection == FormsProtectionEnum.All || _Protection == FormsProtectionEnum.Validation)
                {
                    if (!MachineKeySection.VerifyHashedData(bBlob))
                    {
                        return(null);
                    }
                    ticketLength -= MachineKeySection.HashSize;
                }
#pragma warning restore 618 // calling obsolete methods
            }

            //////////////////////////////////////////////////////////////////////
            // Step 4: Change binary ticket to managed struct

            // ** MSRC 11838 **
            // Framework20 / Framework40 ticket generation modes are insecure. We should use a
            // secure serialization mode by default.
            if (!AppSettings.UseLegacyFormsAuthenticationTicketCompatibility)
            {
                return(FormsAuthenticationTicketSerializer.Deserialize(bBlob, ticketLength));
            }

            // ** MSRC 11838 **
            // If we have reached this point of execution, the developer has explicitly elected
            // to continue using the insecure code path instead of the secure one. We removed
            // the Framework40 serialization mode, so everybody using the legacy code path is
            // forced to Framework20.

            int           iSize  = ((ticketLength > MAX_TICKET_LENGTH) ? MAX_TICKET_LENGTH : ticketLength);
            StringBuilder name   = new StringBuilder(iSize);
            StringBuilder data   = new StringBuilder(iSize);
            StringBuilder path   = new StringBuilder(iSize);
            byte []       pBin   = new byte[4];
            long []       pDates = new long[2];

            int iRet = UnsafeNativeMethods.CookieAuthParseTicket(bBlob, ticketLength,
                                                                 name, iSize,
                                                                 data, iSize,
                                                                 path, iSize,
                                                                 pBin, pDates);

            if (iRet != 0)
            {
                return(null);
            }

            DateTime dt1 = DateTime.FromFileTime(pDates[0]);
            DateTime dt2 = DateTime.FromFileTime(pDates[1]);

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket((int)pBin[0],
                                                                             name.ToString(),
                                                                             dt1,
                                                                             dt2,
                                                                             (bool)(pBin[1] != 0),
                                                                             data.ToString(),
                                                                             path.ToString());
            return(ticket);
        }
 public byte[] EncryptOrDecryptData(bool encrypt, byte[] buffer, bool useLegacyMode)
 {
     return(MachineKeySection.EncryptOrDecryptData(encrypt, buffer, null, 0, buffer.Length, false, useLegacyMode, IVType.None, false));
 }
Пример #16
0
        public static FormsAuthenticationTicket Decrypt(string encryptedTicket)
        {
            if (string.IsNullOrEmpty(encryptedTicket) || (encryptedTicket.Length > 0x1000))
            {
                throw new ArgumentException(System.Web.SR.GetString("InvalidArgumentValue", new object[] { "encryptedTicket" }));
            }
            Initialize();
            byte[] buf = null;
            if ((encryptedTicket.Length % 2) == 0)
            {
                try
                {
                    buf = MachineKeySection.HexStringToByteArray(encryptedTicket);
                }
                catch
                {
                }
            }
            if (buf == null)
            {
                buf = HttpServerUtility.UrlTokenDecode(encryptedTicket);
            }
            if ((buf == null) || (buf.Length < 1))
            {
                throw new ArgumentException(System.Web.SR.GetString("InvalidArgumentValue", new object[] { "encryptedTicket" }));
            }
            if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Encryption))
            {
                buf = MachineKeySection.EncryptOrDecryptData(false, buf, null, 0, buf.Length, false, false, IVType.Random);
                if (buf == null)
                {
                    return(null);
                }
            }
            int length = buf.Length;

            if ((_Protection == FormsProtectionEnum.All) || (_Protection == FormsProtectionEnum.Validation))
            {
                if (!MachineKeySection.VerifyHashedData(buf))
                {
                    return(null);
                }
                length -= MachineKeySection.HashSize;
            }
            if (!AppSettings.UseLegacyFormsAuthenticationTicketCompatibility)
            {
                return(FormsAuthenticationTicketSerializer.Deserialize(buf, length));
            }
            int           capacity = (length > 0x1000) ? 0x1000 : length;
            StringBuilder szName   = new StringBuilder(capacity);
            StringBuilder szData   = new StringBuilder(capacity);
            StringBuilder szPath   = new StringBuilder(capacity);

            byte[] pBytes = new byte[4];
            long[] pDates = new long[2];
            if (System.Web.UnsafeNativeMethods.CookieAuthParseTicket(buf, length, szName, capacity, szData, capacity, szPath, capacity, pBytes, pDates) != 0)
            {
                return(null);
            }
            DateTime issueDate = DateTime.FromFileTime(pDates[0]);

            return(new FormsAuthenticationTicket(pBytes[0], szName.ToString(), issueDate, DateTime.FromFileTime(pDates[1]), pBytes[1] != 0, szData.ToString(), szPath.ToString()));
        }