/// <summary>
/// Creates the composite key from the supplied user key sources (password,
/// key file, user account, computer ID, etc.).
/// </summary>
private byte[] CreateRawCompositeKey32()
{
ValidateUserKeys();
// Concatenate user key data
MemoryStream ms = new MemoryStream();
foreach (IUserKey pKey in m_vUserKeys)
{
ProtectedBinary b = pKey.KeyData;
if (b != null)
{
byte[] pbKeyData = b.ReadData();
ms.Write(pbKeyData, 0, pbKeyData.Length);
Array.Clear(pbKeyData, 0, pbKeyData.Length);
}
}
SHA256Managed sha256 = new SHA256Managed();
return(sha256.ComputeHash(ms.ToArray()));
}
private Stream AttachStreamEncryptor(Stream s)
{
MemoryStream ms = new MemoryStream();
Debug.Assert(m_pbMasterSeed != null);
Debug.Assert(m_pbMasterSeed.Length == 32);
ms.Write(m_pbMasterSeed, 0, 32);
Debug.Assert(m_pwDatabase != null);
Debug.Assert(m_pwDatabase.MasterKey != null);
ProtectedBinary pbinKey = m_pwDatabase.MasterKey.GenerateKey32(
m_pbTransformSeed, m_pwDatabase.KeyEncryptionRounds);
Debug.Assert(pbinKey != null);
if (pbinKey == null)
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
byte[] pKey32 = pbinKey.ReadData();
if ((pKey32 == null) || (pKey32.Length != 32))
{
throw new SecurityException(KLRes.InvalidCompositeKey);
}
ms.Write(pKey32, 0, 32);
byte[] aesKey = Crypto.SHA256.ComputeHash(ms.ToArray());
ms.Close();
Array.Clear(pKey32, 0, 32);
Debug.Assert(CipherPool.GlobalPool != null);
ICipherEngine iEngine = CipherPool.GlobalPool.GetCipher(m_pwDatabase.DataCipherUuid);
if (iEngine == null)
{
throw new SecurityException(KLRes.FileUnknownCipher);
}
return(iEngine.EncryptStream(s, aesKey, m_pbEncryptionIV));
}
/// <summary>
/// Creates the composite key from the supplied user key sources (password,
/// key file, user account, computer ID, etc.).
/// </summary>
private byte[] CreateRawCompositeKey32(byte[] mPbMasterSeed)
{
ValidateUserKeys();
// Concatenate user key data
List <byte[]> lData = new List <byte[]>();
int cbData = 0;
foreach (IUserKey pKey in m_vUserKeys)
{
if (pKey is ISeedBasedUserKey)
{
((ISeedBasedUserKey)pKey).SetParams(mPbMasterSeed);
}
ProtectedBinary b = pKey.KeyData;
if (b != null)
{
byte[] pbKeyData = b.ReadData();
lData.Add(pbKeyData);
cbData += pbKeyData.Length;
}
}
byte[] pbAllData = new byte[cbData];
int p = 0;
foreach (byte[] pbData in lData)
{
Array.Copy(pbData, 0, pbAllData, p, pbData.Length);
p += pbData.Length;
MemUtil.ZeroByteArray(pbData);
}
Debug.Assert(p == cbData);
byte[] pbHash = CryptoUtil.HashSha256(pbAllData);
MemUtil.ZeroByteArray(pbAllData);
return(pbHash);
}
// Cf. other overload
public static BinaryDataClass Classify(string strUrl, ProtectedBinary pb)
{
BinaryDataClass bdc = ClassifyUrl(strUrl);
if (bdc != BinaryDataClass.Unknown)
{
return(bdc);
}
if (pb == null)
{
throw new ArgumentNullException("pb");
}
byte[] pbData = pb.ReadData();
try { bdc = ClassifyData(pbData); }
finally { if (pb.IsProtected)
{
MemUtil.ZeroByteArray(pbData);
}
}
return(bdc);
}
private void ComputeKeys(out byte[] pbCipherKey, int cbCipherKey,
out byte[] pbHmacKey64)
{
byte[] pbCmp = new byte[32 + 32 + 1];
try
{
Debug.Assert(m_pbMasterSeed != null);
if(m_pbMasterSeed == null)
throw new ArgumentNullException("m_pbMasterSeed");
Debug.Assert(m_pbMasterSeed.Length == 32);
if(m_pbMasterSeed.Length != 32)
throw new FormatException(KLRes.MasterSeedLengthInvalid);
Array.Copy(m_pbMasterSeed, 0, pbCmp, 0, 32);
Debug.Assert(m_pwDatabase != null);
Debug.Assert(m_pwDatabase.MasterKey != null);
ProtectedBinary pbinUser = m_pwDatabase.MasterKey.GenerateKey32(
m_pwDatabase.KdfParameters);
Debug.Assert(pbinUser != null);
if(pbinUser == null)
throw new SecurityException(KLRes.InvalidCompositeKey);
byte[] pUserKey32 = pbinUser.ReadData();
if((pUserKey32 == null) || (pUserKey32.Length != 32))
throw new SecurityException(KLRes.InvalidCompositeKey);
Array.Copy(pUserKey32, 0, pbCmp, 32, 32);
MemUtil.ZeroByteArray(pUserKey32);
pbCipherKey = CryptoUtil.ResizeKey(pbCmp, 0, 64, cbCipherKey);
pbCmp[64] = 1;
using(SHA512Managed h = new SHA512Managed())
{
pbHmacKey64 = h.ComputeHash(pbCmp);
}
}
finally { MemUtil.ZeroByteArray(pbCmp); }
}
// Copied from PwEntryForm.SaveAttachmentTo (PwEntryForm.cs)
private void SaveAttachmentTo(ProtectedBinary pb, string strFileName,
bool bConfirmOverwrite)
{
Debug.Assert(pb != null); if (pb == null)
{
throw new ArgumentNullException("pb");
}
Debug.Assert(strFileName != null); if (strFileName == null)
{
throw new ArgumentNullException("strFileName");
}
if (bConfirmOverwrite && File.Exists(strFileName))
{
string strMsg = KPRes.FileExistsAlready + MessageService.NewLine +
strFileName + MessageService.NewParagraph +
KPRes.OverwriteExistingFileQuestion;
if (MessageService.AskYesNo(strMsg) == false)
{
return;
}
}
Debug.Assert(pb != null); if (pb == null)
{
throw new ArgumentException();
}
byte[] pbData = pb.ReadData();
try { File.WriteAllBytes(strFileName, pbData); }
catch (Exception exWrite)
{
MessageService.ShowWarning(strFileName, exWrite);
}
MemUtil.ZeroByteArray(pbData);
}
public static CertificateShortcutProviderKey EncryptPassphrase(X509Certificate2 certificate, ProtectedString passphrase)
{
// Instead of directly encrypting the passphrase with the certificate,
// we use an intermediate random symmetric key.
// The passphrase is encrypted with the symmetric key, and the symmetric key is encrypted with the certificate.
// (asymmetric encryption is not suited to encrypt a lot of data)
// symmetric encryption:
var randomKey = new ProtectedBinary(true, CryptoRandom.Instance.GetRandomBytes(32));
var passphraseBinary = new ProtectedBinary(true, passphrase.ReadUtf8());
var encryptedPassphrase = EncryptSecret(passphraseBinary, randomKey, out var iv);
// now we asymmetrically encrypt the random key.
byte[] encryptedRandomKey;
RSA rsa;
ECDsa ecdsa;
if ((rsa = certificate.GetRSAPublicKey()) != null)
{
encryptedRandomKey = rsa.Encrypt(randomKey.ReadData(), RSAEncryptionPadding.OaepSHA256);
}
else if ((ecdsa = certificate.GetECDsaPublicKey()) != null)
{
// TODO:
// https://stackoverflow.com/questions/47116611/how-can-i-encrypt-data-using-a-public-key-from-ecc-x509-certificate-in-net-fram
// var ecdh = ECDiffieHellman.Create(ecdsa.ExportParameters(false));
throw new NotSupportedException("Certificate's key type not supported.");
}
else
{
throw new NotSupportedException("Certificate's key type not supported.");
}
var result = new CertificateShortcutProviderKey(certificate, encryptedRandomKey, iv, encryptedPassphrase);
return(result);
}
/// <summary>
/// Creates the composite key from the supplied user key sources (password,
/// key file, user account, computer ID, etc.).
/// </summary>
/// <returns>
/// The <see cref="byte[]"/>.
/// </returns>
private byte[] CreateRawCompositeKey32()
{
this.ValidateUserKeys();
// Concatenate user key data
using (MemoryStream ms = new MemoryStream())
{
foreach (IUserKey pKey in this.m_vUserKeys)
{
ProtectedBinary b = pKey.KeyData;
if (b != null)
{
byte[] pbKeyData = b.ReadData();
ms.Write(pbKeyData, 0, pbKeyData.Length);
MemUtil.ZeroByteArray(pbKeyData);
}
}
var sha256 = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha256);
byte[] pbHash = sha256.HashData(ms.ToArray().AsBuffer()).ToArray();
return(pbHash);
}
}
private ProtectedBinary Decrypt(ProtectedBinary encryptedKey)
{
WinHello winHello = new WinHello();
winHello.Message = "Authentication to access KeePass database";
winHello.ParentHandle = KeePassWinHelloExt.KeyPromptForm.Handle;
byte[] encryptedData = encryptedKey.ReadData();
byte[] data;
try
{
data = winHello.PromptToDecrypt(encryptedData);
}
finally
{
MemUtil.ZeroByteArray(encryptedData);
}
var result = new ProtectedBinary(true, data);
MemUtil.ZeroByteArray(data);
return(result);
}
/// <summary>
/// Creates the composite key from the supplied user key sources (password,
/// key file, user account, computer ID, etc.).
/// </summary>
private byte[] CreateRawCompositeKey32()
{
ValidateUserKeys();
// Concatenate user key data
List <byte[]> lData = new List <byte[]>();
int cbData = 0;
foreach (IUserKey pKey in m_vUserKeys)
{
ProtectedBinary b = pKey.KeyData;
if (b != null)
{
byte[] pbKeyData = b.ReadData();
lData.Add(pbKeyData);
cbData += pbKeyData.Length;
}
}
byte[] pbAllData = new byte[cbData];
int p = 0;
foreach (byte[] pbData in lData)
{
Array.Copy(pbData, 0, pbAllData, p, pbData.Length);
p += pbData.Length;
MemUtil.ZeroByteArray(pbData);
}
Debug.Assert(p == cbData);
SHA256Managed sha256 = new SHA256Managed();
byte[] pbHash = sha256.ComputeHash(pbAllData);
MemUtil.ZeroByteArray(pbAllData);
return(pbHash);
}
private void AutoOpenEntryPriv(AutoExecItem a, bool bManual)
{
PwEntry pe = a.Entry;
PwDatabase pdContext = a.Database;
SprContext ctxNoEsc = new SprContext(pe, pdContext, SprCompileFlags.All);
SprContext ctxEsc = new SprContext(pe, pdContext, SprCompileFlags.All,
false, true);
string strDb;
if (!GetString(pe, PwDefs.UrlField, ctxEsc, true, out strDb))
{
return;
}
IOConnectionInfo ioc = IOConnectionInfo.FromPath(strDb);
//TODO
/*if (ioc.IsLocalFile() && !UrlUtil.IsAbsolutePath(strDb))
* ioc = IOConnectionInfo.FromPath(UrlUtil.MakeAbsolutePath(
* WinUtil.GetExecutable(), strDb));*/
if (ioc.Path.Length == 0)
{
return;
}
string strIocUserName;
if (GetString(pe, "IocUserName", ctxNoEsc, true, out strIocUserName))
{
ioc.UserName = strIocUserName;
}
string strIocPassword;
if (GetString(pe, "IocPassword", ctxNoEsc, true, out strIocPassword))
{
ioc.Password = strIocPassword;
}
if ((strIocUserName.Length != 0) && (strIocPassword.Length != 0))
{
ioc.IsComplete = true;
}
string str;
if (GetString(pe, "IocTimeout", ctxNoEsc, true, out str))
{
long l;
if (long.TryParse(str, out l))
{
ioc.Properties.SetLong(IocKnownProperties.Timeout, l);
}
}
bool?ob = GetBoolEx(pe, "IocPreAuth", ctxNoEsc);
if (ob.HasValue)
{
ioc.Properties.SetBool(IocKnownProperties.PreAuth, ob.Value);
}
if (GetString(pe, "IocUserAgent", ctxNoEsc, true, out str))
{
ioc.Properties.Set(IocKnownProperties.UserAgent, str);
}
ob = GetBoolEx(pe, "IocExpect100Continue", ctxNoEsc);
if (ob.HasValue)
{
ioc.Properties.SetBool(IocKnownProperties.Expect100Continue, ob.Value);
}
ob = GetBoolEx(pe, "IocPassive", ctxNoEsc);
if (ob.HasValue)
{
ioc.Properties.SetBool(IocKnownProperties.Passive, ob.Value);
}
ob = GetBoolEx(pe, "SkipIfNotExists", ctxNoEsc);
if (!ob.HasValue) // Backw. compat.
{
ob = GetBoolEx(pe, "Skip if not exists", ctxNoEsc);
}
if (ob.HasValue && ob.Value)
{
if (!IOConnection.FileExists(ioc))
{
return;
}
}
CompositeKey ck = new CompositeKey();
if (GetString(pe, PwDefs.PasswordField, ctxNoEsc, false, out str))
{
ck.AddUserKey(new KcpPassword(str));
}
if (GetString(pe, PwDefs.UserNameField, ctxNoEsc, false, out str))
{
string strAbs = str;
IOConnectionInfo iocKey = IOConnectionInfo.FromPath(strAbs);
if (iocKey.IsLocalFile() && !UrlUtil.IsAbsolutePath(strAbs))
{
//TODO
/* strAbs = UrlUtil.MakeAbsolutePath(WinUtil.GetExecutable(), strAbs);*/
}
ob = GetBoolEx(pe, "SkipIfKeyFileNotExists", ctxNoEsc);
if (ob.HasValue && ob.Value)
{
IOConnectionInfo iocKeyAbs = IOConnectionInfo.FromPath(strAbs);
if (!IOConnection.FileExists(iocKeyAbs))
{
return;
}
}
try { ck.AddUserKey(new KcpKeyFile(strAbs)); }
catch (InvalidOperationException)
{
//TODO
throw new Exception("TODO");
//throw new Exception(strAbs + MessageService.NewParagraph + KPRes.KeyFileError);
}
catch (Exception) { throw; }
}
else // Try getting key file from attachments
{
ProtectedBinary pBin = pe.Binaries.Get("KeyFile.bin");
if (pBin != null)
{
ck.AddUserKey(new KcpKeyFile(IOConnectionInfo.FromPath(
StrUtil.DataToDataUri(pBin.ReadData(), null))));
}
}
if (GetString(pe, "KeyProvider", ctxNoEsc, true, out str))
{
/*TODO KeyProvider kp = m_host.KeyProviderPool.Get(str);
* if (kp == null)
* throw new Exception(@"Unknown key provider: '" + str + @"'!");
*
* KeyProviderQueryContext ctxKP = new KeyProviderQueryContext(
* ioc, false, false);
*
* bool bPerformHash = !kp.DirectKey;
* byte[] pbProvKey = kp.GetKey(ctxKP);
* if ((pbProvKey != null) && (pbProvKey.Length != 0))
* {
* ck.AddUserKey(new KcpCustomKey(str, pbProvKey, bPerformHash));
* MemUtil.ZeroByteArray(pbProvKey);
* }
* else return; // Provider has shown error message*/
throw new Exception("KeyProvider not supported");
}
ob = GetBoolEx(pe, "UserAccount", ctxNoEsc);
if (ob.HasValue && ob.Value)
{
ck.AddUserKey(new KcpUserAccount());
}
if (ck.UserKeyCount == 0)
{
return;
}
GetString(pe, "Focus", ctxNoEsc, true, out str);
bool bRestoreFocus = str.Equals("Restore", StrUtil.CaseIgnoreCmp);
/*TODO
* PwDatabase pdPrev = m_host.MainWindow.ActiveDatabase;
*
* m_host.MainWindow.OpenDatabase(ioc, ck, true);
*
* if (bRestoreFocus && (pdPrev != null) && !bManual)
* {
* PwDocument docPrev = m_host.MainWindow.DocumentManager.FindDocument(
* pdPrev);
* if (docPrev != null) m_host.MainWindow.MakeDocumentActive(docPrev);
* else { Debug.Assert(false); }
* }*/
}
private static void TestProtectedObjects()
{
#if DEBUG
Encoding enc = StrUtil.Utf8;
byte[] pbData = enc.GetBytes("Test Test Test Test");
ProtectedBinary pb = new ProtectedBinary(true, pbData);
if (!pb.IsProtected)
{
throw new SecurityException("ProtectedBinary-1");
}
byte[] pbDec = pb.ReadData();
if (!MemUtil.ArraysEqual(pbData, pbDec))
{
throw new SecurityException("ProtectedBinary-2");
}
if (!pb.IsProtected)
{
throw new SecurityException("ProtectedBinary-3");
}
byte[] pbData2 = enc.GetBytes("Test Test Test Test");
byte[] pbData3 = enc.GetBytes("Test Test Test Test Test");
ProtectedBinary pb2 = new ProtectedBinary(true, pbData2);
ProtectedBinary pb3 = new ProtectedBinary(true, pbData3);
if (!pb.Equals(pb2))
{
throw new SecurityException("ProtectedBinary-4");
}
if (pb.Equals(pb3))
{
throw new SecurityException("ProtectedBinary-5");
}
if (pb2.Equals(pb3))
{
throw new SecurityException("ProtectedBinary-6");
}
if (pb.GetHashCode() != pb2.GetHashCode())
{
throw new SecurityException("ProtectedBinary-7");
}
if (!((object)pb).Equals((object)pb2))
{
throw new SecurityException("ProtectedBinary-8");
}
if (((object)pb).Equals((object)pb3))
{
throw new SecurityException("ProtectedBinary-9");
}
if (((object)pb2).Equals((object)pb3))
{
throw new SecurityException("ProtectedBinary-10");
}
ProtectedString ps = new ProtectedString();
if (ps.Length != 0)
{
throw new SecurityException("ProtectedString-1");
}
if (!ps.IsEmpty)
{
throw new SecurityException("ProtectedString-2");
}
if (ps.ReadString().Length != 0)
{
throw new SecurityException("ProtectedString-3");
}
ps = new ProtectedString(true, "Test");
ProtectedString ps2 = new ProtectedString(true, enc.GetBytes("Test"));
if (ps.IsEmpty)
{
throw new SecurityException("ProtectedString-4");
}
pbData = ps.ReadUtf8();
pbData2 = ps2.ReadUtf8();
if (!MemUtil.ArraysEqual(pbData, pbData2))
{
throw new SecurityException("ProtectedString-5");
}
if (pbData.Length != 4)
{
throw new SecurityException("ProtectedString-6");
}
if (ps.ReadString() != ps2.ReadString())
{
throw new SecurityException("ProtectedString-7");
}
pbData = ps.ReadUtf8();
pbData2 = ps2.ReadUtf8();
if (!MemUtil.ArraysEqual(pbData, pbData2))
{
throw new SecurityException("ProtectedString-8");
}
if (!ps.IsProtected)
{
throw new SecurityException("ProtectedString-9");
}
if (!ps2.IsProtected)
{
throw new SecurityException("ProtectedString-10");
}
Random r = new Random();
string str = string.Empty;
ps = new ProtectedString();
for (int i = 0; i < 100; ++i)
{
bool bProt = ((r.Next() % 4) != 0);
ps = ps.WithProtection(bProt);
int x = r.Next(str.Length + 1);
int c = r.Next(20);
char ch = (char)r.Next(1, 256);
string strIns = new string(ch, c);
str = str.Insert(x, strIns);
ps = ps.Insert(x, strIns);
if (ps.IsProtected != bProt)
{
throw new SecurityException("ProtectedString-11");
}
if (ps.ReadString() != str)
{
throw new SecurityException("ProtectedString-12");
}
ps = ps.WithProtection(bProt);
x = r.Next(str.Length);
c = r.Next(str.Length - x + 1);
str = str.Remove(x, c);
ps = ps.Remove(x, c);
if (ps.IsProtected != bProt)
{
throw new SecurityException("ProtectedString-13");
}
if (ps.ReadString() != str)
{
throw new SecurityException("ProtectedString-14");
}
}
#endif
}
public static bool AutoOpenEntry(Activity activity, AutoExecItem item, bool bManual,
ActivityLaunchMode launchMode)
{
string str;
PwEntry pe = item.Entry;
SprContext ctxNoEsc = new SprContext(pe, item.Database, SprCompileFlags.All);
IOConnectionInfo ioc;
if (!TryGetDatabaseIoc(item, out ioc))
{
return(false);
}
var ob = GetBoolEx(pe, "SkipIfNotExists", ctxNoEsc);
if (!ob.HasValue) // Backw. compat.
{
ob = GetBoolEx(pe, "Skip if not exists", ctxNoEsc);
}
if (ob.HasValue && ob.Value)
{
if (!CheckFileExsts(ioc))
{
return(false);
}
}
CompositeKey ck = new CompositeKey();
if (GetString(pe, PwDefs.PasswordField, ctxNoEsc, false, out str))
{
ck.AddUserKey(new KcpPassword(str));
}
if (GetString(pe, PwDefs.UserNameField, ctxNoEsc, false, out str))
{
string strAbs = str;
IOConnectionInfo iocKey = IOConnectionInfo.FromPath(strAbs);
if (iocKey.IsLocalFile() && !UrlUtil.IsAbsolutePath(strAbs))
{
//local relative paths not supported on Android
return(false);
}
ob = GetBoolEx(pe, "SkipIfKeyFileNotExists", ctxNoEsc);
if (ob.HasValue && ob.Value)
{
IOConnectionInfo iocKeyAbs = IOConnectionInfo.FromPath(strAbs);
if (!CheckFileExsts(iocKeyAbs))
{
return(false);
}
}
try { ck.AddUserKey(new KcpKeyFile(strAbs)); }
catch (InvalidOperationException)
{
Toast.MakeText(Application.Context, Resource.String.error_adding_keyfile, ToastLength.Long).Show();
return(false);
}
catch (Exception) { throw; }
}
else // Try getting key file from attachments
{
ProtectedBinary pBin = pe.Binaries.Get("KeyFile.bin");
if (pBin != null)
{
ck.AddUserKey(new KcpKeyFile(IOConnectionInfo.FromPath(
StrUtil.DataToDataUri(pBin.ReadData(), null))));
}
}
GetString(pe, "Focus", ctxNoEsc, true, out str);
bool bRestoreFocus = str.Equals("Restore", StrUtil.CaseIgnoreCmp);
PasswordActivity.Launch(activity, ioc, ck, launchMode, !
bRestoreFocus);
App.Kp2a.RegisterChildDatabase(ioc);
return(true);
}
internal Uri WriteBinaryToFile(string key, bool writeToCacheDirectory)
{
ProtectedBinary pb = Entry.Binaries.Get(key);
System.Diagnostics.Debug.Assert(pb != null);
if (pb == null)
{
throw new ArgumentException();
}
ISharedPreferences prefs = PreferenceManager.GetDefaultSharedPreferences(this);
string binaryDirectory = prefs.GetString(GetString(Resource.String.BinaryDirectory_key), GetString(Resource.String.BinaryDirectory_default));
if (writeToCacheDirectory)
{
binaryDirectory = CacheDir.Path + File.Separator + AttachmentContentProvider.AttachmentCacheSubDir;
}
string filepart = key;
if (writeToCacheDirectory)
{
filepart = filepart.Replace(" ", "");
}
var targetFile = new File(binaryDirectory, filepart);
File parent = targetFile.ParentFile;
if (parent == null || (parent.Exists() && !parent.IsDirectory))
{
Toast.MakeText(this,
Resource.String.error_invalid_path,
ToastLength.Long).Show();
return(null);
}
if (!parent.Exists())
{
// Create parent directory
if (!parent.Mkdirs())
{
Toast.MakeText(this,
Resource.String.error_could_not_create_parent,
ToastLength.Long).Show();
return(null);
}
}
string filename = targetFile.AbsolutePath;
Uri fileUri = Uri.FromFile(targetFile);
byte[] pbData = pb.ReadData();
try
{
System.IO.File.WriteAllBytes(filename, pbData);
}
catch (Exception exWrite)
{
Toast.MakeText(this, GetString(Resource.String.SaveAttachment_Failed, new Java.Lang.Object[] { filename })
+ exWrite.Message, ToastLength.Long).Show();
return(null);
}
finally
{
MemUtil.ZeroByteArray(pbData);
}
Toast.MakeText(this, GetString(Resource.String.SaveAttachment_doneMessage, new Java.Lang.Object[] { filename }), ToastLength.Short).Show();
if (writeToCacheDirectory)
{
return(Uri.Parse("content://" + AttachmentContentProvider.Authority + "/"
+ filename));
}
return(fileUri);
}
public ProtectedBinary GetYubikeyResponse(byte Slot, byte ChallengeLength, ProtectedBinary SecretKeyToVerify, bool AllowRecovery)
{
byte[] resp = new byte[YubiWrapper.yubiRespLen];
var Challenge = GetYubikeyChallenge64(ChallengeLength);
YubiSlot slot = YubiSlot.SLOT2;
if (Slot == 1)
{
slot = YubiSlot.SLOT1;
}
var f = new KeyEntry(slot, Challenge, AllowRecovery);
var result = f.ShowDialog();
if (result == DialogResult.OK)
{
f.Response.CopyTo(resp, 0);
Array.Clear(f.Response, 0, f.Response.Length);
bool verified = true;
if (SecretKeyToVerify != null)
{
byte[] SecretKey = SecretKeyToVerify.ReadData();
HMACSHA1 sha1 = new HMACSHA1(SecretKey);
var hash = sha1.ComputeHash(Challenge);
Array.Clear(SecretKey, 0, SecretKey.Length);
if (hash == null || resp == null || hash.Length == 0)
{
verified = false;
}
else
{
for (int i = 0; i < hash.Length; i++)
{
if (hash[i] != resp[i])
{
verified = false;
break;
}
}
}
Array.Clear(hash, 0, hash.Length);
}
ProtectedBinary respProtected = new ProtectedBinary(true, resp);
Array.Clear(resp, 0, resp.Length);
if (!verified)
{
return(null);
}
return(respProtected);
}
else if (f.RecoveryMode)
{
var recovery = new RecoveryKeyFrm();
if (recovery.ShowDialog() != DialogResult.OK)
{
return(null);
}
return(recovery.Key);
}
return(null);
}
private static byte[] EncryptSecret(ProtectedBinary secret, ProtectedBinary key, out byte[] iv)
{
iv = CryptoRandom.Instance.GetRandomBytes(16); // AES 256 uses 128bits blocks
using (var ms = new MemoryStream())
{
using (var encryptionStream = new StandardAesEngine().EncryptStream(ms, key.ReadData(), iv))
{
MemUtil.Write(encryptionStream, secret.ReadData());
}
return(ms.ToArray());
}
}
public static ProtectedBinary Open(string strName, ProtectedBinary pb,
BinaryDataOpenOptions opt)
{
if (string.IsNullOrEmpty(strName))
{
Debug.Assert(false); return(null);
}
if (pb == null)
{
Debug.Assert(false); return(null);
}
if (opt == null)
{
opt = new BinaryDataOpenOptions();
}
byte[] pbData = pb.ReadData();
if (pbData == null)
{
Debug.Assert(false); return(null);
}
BinaryDataHandler h = opt.Handler;
if (h == BinaryDataHandler.Default)
{
h = ChooseHandler(strName, pbData, opt);
}
byte[] pbModData = null;
if (h == BinaryDataHandler.InternalViewer)
{
DataViewerForm dvf = new DataViewerForm();
dvf.InitEx(strName, pbData);
UIUtil.ShowDialogAndDestroy(dvf);
}
else if (h == BinaryDataHandler.InternalEditor)
{
DataEditorForm def = new DataEditorForm();
def.InitEx(strName, pbData);
def.ShowDialog();
if (def.EditedBinaryData != null)
{
pbModData = def.EditedBinaryData;
}
UIUtil.DestroyForm(def);
}
else if (h == BinaryDataHandler.ExternalApp)
{
pbModData = OpenExternal(strName, pbData, opt);
}
else
{
Debug.Assert(false);
}
ProtectedBinary r = null;
if ((pbModData != null) && !MemUtil.ArraysEqual(pbData, pbModData) &&
!opt.ReadOnly)
{
if (FileDialogsEx.CheckAttachmentSize(pbModData.LongLength,
KPRes.AttachFailed + MessageService.NewParagraph + strName))
{
r = new ProtectedBinary(pb.IsProtected, pbModData);
}
}
if (pb.IsProtected)
{
MemUtil.ZeroByteArray(pbData);
}
return(r);
}
private static void SaveBinary(string strName, ProtectedBinary pb,
string strSaveDir)
{
if (pb == null)
{
Debug.Assert(false); return;
}
if (string.IsNullOrEmpty(strName))
{
strName = "File.bin";
}
string strPath;
int iTry = 1;
do
{
strPath = UrlUtil.EnsureTerminatingSeparator(strSaveDir, false);
string strExt = UrlUtil.GetExtension(strName);
string strDesc = UrlUtil.StripExtension(strName);
strPath += strDesc;
if (iTry > 1)
{
strPath += " (" + iTry.ToString(NumberFormatInfo.InvariantInfo) +
")";
}
if (!string.IsNullOrEmpty(strExt))
{
strPath += "." + strExt;
}
++iTry;
}
#if ModernKeePassLib
while (StorageFile.GetFileFromPathAsync(strPath).GetResults() != null);
#else
while(File.Exists(strPath));
#endif
#if ModernKeePassLib
byte[] pbData = pb.ReadData();
/*var file = FileSystem.Current.GetFileFromPathAsync(strPath).Result;
* using (var stream = file.OpenAsync(FileAccess.ReadAndWrite).Result) {*/
var file = StorageFile.GetFileFromPathAsync(strPath).GetAwaiter().GetResult();
using (var stream = file.OpenAsync(FileAccessMode.ReadWrite).GetAwaiter().GetResult().AsStream())
{
stream.Write(pbData, 0, pbData.Length);
}
MemUtil.ZeroByteArray(pbData);
#elif !KeePassLibSD
byte[] pbData = pb.ReadData();
File.WriteAllBytes(strPath, pbData);
MemUtil.ZeroByteArray(pbData);
#else
FileStream fs = new FileStream(strPath, FileMode.Create,
FileAccess.Write, FileShare.None);
byte[] pbData = pb.ReadData();
try { File.WriteAllBytes(strPath, pbData); }
finally { if (pb.IsProtected)
{
MemUtil.ZeroByteArray(pbData);
}
}
#endif
}
public static void MigrateToCustomdata(PwDatabase db, PwEntry pe)
{
bool bPreload = !pe.Strings.Exists(Config.DBPreload) || StrUtil.StringToBool(pe.Strings.ReadSafe(Config.DBPreload));
db.CustomData.Set(Config.DBPreload, StrUtil.BoolToString(bPreload));
bool bUseDB = !pe.Strings.Exists(Config.DBUsage) || StrUtil.StringToBool(pe.Strings.ReadSafe(Config.DBUsage));
db.CustomData.Set(Config.DBUsage, StrUtil.BoolToString(bUseDB));
db.CustomData.Remove(Config.DBKeySources);
string k = pe.Strings.ReadSafe("KPOTP.KeySources");
if (!string.IsNullOrEmpty(k))
{
db.CustomData.Set(Config.DBKeySources, k);
}
if (pe.Binaries.Get(OTPDAO.OTPHandler_DB.DBNAME + ".kdbx") != null)
{
ProtectedBinary pbOTPDB = pe.Binaries.Get(OTPDAO.OTPHandler_DB.DBNAME + ".kdbx");
string otpdb = OTPDAO.OTPHandler_DB.ConvertToCustomData(pbOTPDB.ReadData());
db.CustomData.Set(OTPDAO.OTPHandler_DB.DBNAME, otpdb);
}
bool bDeleted = false;
if (db.RecycleBinEnabled)
{
PwGroup pgRecycleBin = db.RootGroup.FindGroup(db.RecycleBinUuid, true);
if (pgRecycleBin == null)
{
MethodInfo miEnsureRecycleBin = Program.MainForm.GetType().GetMethod("EnsureRecycleBin", BindingFlags.NonPublic | System.Reflection.BindingFlags.Static);
if (miEnsureRecycleBin != null)
{
object[] p = new object[] { null, db, null };
try
{
miEnsureRecycleBin.Invoke(null, p);
pgRecycleBin = p[0] as PwGroup;
}
catch { }
}
}
if (pgRecycleBin != null)
{
pe.ParentGroup.Entries.Remove(pe);
pgRecycleBin.AddEntry(pe, true);
bDeleted = true;
}
}
else if (!db.RecycleBinEnabled && !bUseDB)
{
pe.ParentGroup.Entries.Remove(pe);
bDeleted = true;
}
if (!bDeleted)
{
pe.Strings.Remove(Config.DBPreload);
pe.Strings.Remove(Config.DBUsage);
pe.Strings.Remove(Config.DBKeySources);
pe.Binaries.Remove(OTPDAO.OTPHandler_DB.DBNAME + ".kdbx");
pe.Touch(true);
}
db.Modified = true;
db.SettingsChanged = DateTime.UtcNow;
System.Threading.Thread tUpdate = new System.Threading.Thread(UpdateUI);
tUpdate.Start(new object[] { bDeleted, db });
OTPDAO.InitEntries(db);
OTPDAO.RemoveHandler(db.IOConnectionInfo.Path, true);
}
private static void TestProtectedObjects()
{
#if DEBUG
byte[] pbData = Encoding.ASCII.GetBytes("Test Test Test Test");
ProtectedBinary pb = new ProtectedBinary(true, pbData);
if (!pb.IsProtected)
{
throw new SecurityException("ProtectedBinary-1");
}
byte[] pbDec = pb.ReadData();
if (!MemUtil.ArraysEqual(pbData, pbDec))
{
throw new SecurityException("ProtectedBinary-2");
}
if (!pb.IsProtected)
{
throw new SecurityException("ProtectedBinary-3");
}
byte[] pbData2 = Encoding.ASCII.GetBytes("Test Test Test Test");
byte[] pbData3 = Encoding.ASCII.GetBytes("Test Test Test Test Test");
ProtectedBinary pb2 = new ProtectedBinary(true, pbData2);
ProtectedBinary pb3 = new ProtectedBinary(true, pbData3);
if (!pb.Equals(pb2))
{
throw new SecurityException("ProtectedBinary-4");
}
if (pb.Equals(pb3))
{
throw new SecurityException("ProtectedBinary-5");
}
if (pb2.Equals(pb3))
{
throw new SecurityException("ProtectedBinary-6");
}
if (pb.GetHashCode() != pb2.GetHashCode())
{
throw new SecurityException("ProtectedBinary-7");
}
if (!((object)pb).Equals((object)pb2))
{
throw new SecurityException("ProtectedBinary-8");
}
if (((object)pb).Equals((object)pb3))
{
throw new SecurityException("ProtectedBinary-9");
}
if (((object)pb2).Equals((object)pb3))
{
throw new SecurityException("ProtectedBinary-10");
}
ProtectedString ps = new ProtectedString();
if (ps.Length != 0)
{
throw new SecurityException("ProtectedString-1");
}
if (!ps.IsEmpty)
{
throw new SecurityException("ProtectedString-2");
}
if (ps.ReadString().Length != 0)
{
throw new SecurityException("ProtectedString-3");
}
ps = new ProtectedString(true, "Test");
ProtectedString ps2 = new ProtectedString(true,
StrUtil.Utf8.GetBytes("Test"));
if (ps.IsEmpty)
{
throw new SecurityException("ProtectedString-4");
}
pbData = ps.ReadUtf8();
pbData2 = ps2.ReadUtf8();
if (!MemUtil.ArraysEqual(pbData, pbData2))
{
throw new SecurityException("ProtectedString-5");
}
if (pbData.Length != 4)
{
throw new SecurityException("ProtectedString-6");
}
if (ps.ReadString() != ps2.ReadString())
{
throw new SecurityException("ProtectedString-7");
}
pbData = ps.ReadUtf8();
pbData2 = ps2.ReadUtf8();
if (!MemUtil.ArraysEqual(pbData, pbData2))
{
throw new SecurityException("ProtectedString-8");
}
if (!ps.IsProtected)
{
throw new SecurityException("ProtectedString-9");
}
if (!ps2.IsProtected)
{
throw new SecurityException("ProtectedString-10");
}
#endif
}
public static ProtectedBinary Open(string strName, ProtectedBinary pb,
BinaryDataOpenOptions opt)
{
if (string.IsNullOrEmpty(strName))
{
Debug.Assert(false); return(null);
}
if (pb == null)
{
Debug.Assert(false); return(null);
}
if (opt == null)
{
opt = new BinaryDataOpenOptions();
}
byte[] pbData = pb.ReadData();
if (pbData == null)
{
Debug.Assert(false); return(null);
}
BinaryDataHandler h = opt.Handler;
if (h == BinaryDataHandler.Default)
{
h = ChooseHandler(strName, pbData, opt);
}
byte[] pbModData = null;
if (h == BinaryDataHandler.InternalViewer)
{
DataViewerForm dvf = new DataViewerForm();
dvf.InitEx(strName, pbData);
UIUtil.ShowDialogAndDestroy(dvf);
}
else if (h == BinaryDataHandler.InternalEditor)
{
DataEditorForm def = new DataEditorForm();
def.InitEx(strName, pbData);
def.ShowDialog();
if (def.EditedBinaryData != null)
{
pbModData = def.EditedBinaryData;
}
UIUtil.DestroyForm(def);
}
else if (h == BinaryDataHandler.ExternalApp)
{
pbModData = OpenExternal(strName, pbData, opt);
}
else
{
Debug.Assert(false);
}
if ((pbModData != null) && !MemUtil.ArraysEqual(pbData, pbModData) &&
!opt.ReadOnly)
{
return(new ProtectedBinary(pb.IsProtected, pbModData));
}
return(null);
}
private static ProtectedBinary DecryptSecret(byte[] encryptedSecret, ProtectedBinary key, byte[] iv)
{
using (var ms = new MemoryStream(encryptedSecret))
using (var decryptionStream = new StandardAesEngine().DecryptStream(ms, key.ReadData(), iv))
{
return(new ProtectedBinary(true, ReadToEnd(decryptionStream)));
}
}
