public ProtectedMemoryBlob(ISecret secret) { if (secret == null) { throw new ArgumentNullException("secret"); } ProtectedMemoryBlob other = secret as ProtectedMemoryBlob; if (other != null) { // Fast-track: simple deep copy scenario. this._localAllocHandle = other._localAllocHandle.Duplicate(); this._plaintextLength = other._plaintextLength; } else { // Copy the secret to a temporary managed buffer, then protect the buffer. // We pin the temp buffer and zero it out when we're finished to limit exposure of the secret. byte[] tempPlaintextBuffer = new byte[secret.Length]; fixed(byte *pbTempPlaintextBuffer = tempPlaintextBuffer) { try { secret.WriteSecretIntoBuffer(new ArraySegment <byte>(tempPlaintextBuffer)); _localAllocHandle = Protect(pbTempPlaintextBuffer, (uint)tempPlaintextBuffer.Length); _plaintextLength = (uint)tempPlaintextBuffer.Length; } finally { UnsafeBufferUtil.SecureZeroMemory(pbTempPlaintextBuffer, tempPlaintextBuffer.Length); } } } }
public static ProtectedMemoryBlob Random(int numBytes) { CryptoUtil.Assert(numBytes >= 0, "numBytes >= 0"); if (numBytes == 0) { byte dummy; return(new ProtectedMemoryBlob(&dummy, 0)); } else { // Don't use CNG if we're not on Windows. if (!OSVersionUtil.IsBCryptOnWin7OrLaterAvailable()) { return(new ProtectedMemoryBlob(ManagedGenRandomImpl.Instance.GenRandom(numBytes))); } byte[] bytes = new byte[numBytes]; fixed(byte *pbBytes = bytes) { try { BCryptUtil.GenRandom(pbBytes, (uint)numBytes); return(new ProtectedMemoryBlob(pbBytes, numBytes)); } finally { UnsafeBufferUtil.SecureZeroMemory(pbBytes, numBytes); } } } }