示例#1
0
        private static string GetPassword(IConfigSection host)
        {
            var password = host.Get("password", false);

            if (string.IsNullOrEmpty(password))
            {
                return(password);
            }

            using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("he1sQWc8SSPpkdIA")))
            {
                if (password.StartsWith("enc:"))
                {
                    password = password.Substring(4);
                    var data = Convert.FromBase64String(password);
                    return(Encoding.UTF8.GetString(cipher.Decrypt(data)));
                }
                else
                {
                    var data = cipher.Encrypt(Encoding.UTF8.GetBytes(password));
                    host.Set("password", "enc:" + Convert.ToBase64String(data));
                    host.Config.Save();
                    return(password);
                }
            }
        }
示例#2
0
        public void AesCipherTest()
        {
            using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit")))
            {
                var content = "password";

                var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content));
                var password    = Encoding.UTF8.GetString(cipher.Decrypt(passwordEnc));
                Assert.AreEqual(content, password);
            }
        }
示例#3
0
        private void ProcessStreamControl(EncryptedStreamControl sc)
        {
            switch (sc)
            {
            case EncryptedStreamControl.EncryptRSA:
            {
                if (!CipherLib.ContainsKey("rsa-private"))
                {
                    throw new SecureChannelException("RSA certificate is required.");
                }

                ReadCipher = CipherLib["rsa-private"].Clone();
                break;
            }

            case EncryptedStreamControl.EncryptXOR:
            {
                var passwLen = ReadUInt16();
                if (passwLen != 0)
                {
                    var passw = ReadData(passwLen);
                    CipherLib["xor"] = new XorCipher(passw);
                }

                ReadStream.Cipher = CipherLib["xor"].Clone();
                break;
            }

            case EncryptedStreamControl.EncryptAES:
            {
                var passwLen = ReadUInt16();
                if (passwLen != 0)
                {
                    var passw = ReadData(passwLen);
                    CipherLib["aes"] = new Aes256Cipher(passw);
                }
                ReadCipher = CipherLib["aes"].Clone();
                break;
            }

            default:
                throw new StreamControlException("Unknown StreamControl command");
            }
        }
示例#4
0
        public void CipherRefTest()
        {
            var cipher      = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit"));
            var content     = "password";
            var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content));

            var cipher2 = cipher.Clone();

            cipher.Dispose();

            Assert.Catch <ObjectDisposedException>(() => cipher.Decrypt(passwordEnc));

            var password = Encoding.UTF8.GetString(cipher2.Decrypt(passwordEnc));

            Assert.AreEqual(content, password);

            cipher2.Dispose();
            Assert.Catch <ObjectDisposedException>(() => cipher2.Decrypt(passwordEnc));
        }
示例#5
0
        public void Encrypt(bool reset = false)
        {
            if (reset)
            {
                WriteStream.Cipher = new XorCipher();
                WriteCipher        = null;
            }

            if (CipherLib.ContainsKey("rsa-public"))
            {
                WriteUInt16((ushort)EncryptedStreamControl.EncryptRSA);
                WriteCipher = CipherLib["rsa-public"].Clone();
            }

            byte[] salt = Random.Get(32);
            WriteUInt16((ushort)EncryptedStreamControl.EncryptAES);
            WriteUInt16((ushort)salt.Length);
            WriteData(salt);
            CipherLib["aes"] = new Aes256Cipher(salt);
            WriteCipher      = CipherLib["aes"].Clone();


            if (!CipherLib.ContainsKey("xor"))
            {
                byte[] passw = Random.Get(2048 / 8);
                WriteUInt16((ushort)EncryptedStreamControl.EncryptXOR);
                WriteUInt16((ushort)passw.Length);
                WriteData(passw);
                CipherLib["xor"] = new XorCipher(passw);
            }
            else
            {
                WriteUInt16((ushort)EncryptedStreamControl.EncryptXOR);
                WriteUInt16((ushort)0);
            }
            WriteStream.Cipher = CipherLib["xor"].Clone();
        }
示例#6
0
        private byte[] Create(KeyProviderQueryContext ctx)
        {
            var vaultConf = new SafeVaultConf(ctx.DatabaseIOInfo);

            var vaultConnectionForm = new VaultConnectionConfigForm();

            vaultConnectionForm.InitEx(vaultConf);

            if (UIUtil.ShowDialogAndDestroy(vaultConnectionForm) != DialogResult.OK)
            {
                return(null);
            }

            VaultKeyCreateForm createForm = new VaultKeyCreateForm();

            createForm.InitEx(vaultConf, ctx);
            if (UIUtil.ShowDialogAndDestroy(createForm) != DialogResult.OK)
            {
                return(null);
            }

            vaultConf.Type    = PROVIDER_TYPE;
            vaultConf.Version = PROVIDER_VERSION;

            var masterKey = Encoding.UTF8.GetBytes(vaultConf.DatabaseKeyA);

            var keyLen = (masterKey.Length > 254) ? masterKey.Length : 254;

            var keyA = new byte[keyLen + 2];

            Array.Copy(BitConverter.GetBytes((ushort)masterKey.Length), keyA, 2);
            Array.Copy(masterKey, 0, keyA, 2, masterKey.Length);

            var keyB = Random.Get(keyA.Length);

            for (int i = 0; i < keyB.Length; i++)
            {
                keyA[i] ^= keyB[i];
            }

            var salt = Random.Get(64);

            using (var aes = new Aes256Cipher())
            {
                aes.SetPassPhrase(salt);
                keyA = aes.Encrypt(keyA);
                keyB = aes.Encrypt(keyB);
            }

            using (var rsa = RsaCipher.LoadFromX509Store(vaultConf.ClientCertificateName))
            {
                salt = rsa.Encrypt(salt);
            }

            vaultConf.Salt         = Convert.ToBase64String(salt);
            vaultConf.DatabaseKeyA = Convert.ToBase64String(keyA);
            vaultConf.VaultKeyname = Guid.NewGuid().ToString();
            var databaseKeyB = Convert.ToBase64String(keyB);

            VaultKeyPromptForm promptForm = new VaultKeyPromptForm();

            promptForm.InitEx("Enter SafeVault Password", "Save KeyB to SafeVault", (oneTimePassword) => {
                string status = "";
                var query     = new SafeVaultWebClient(vaultConf);
                try
                {
                    status = Async.Invoke(() => query.SetDbxKey(vaultConf.VaultKeyname, databaseKeyB, oneTimePassword));
                    if (status == "OK")
                    {
                        return(true);
                    }

                    MessageService.ShowWarning(
                        query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "",
                        status);
                }
                catch (CryptographicException ex)
                {
                    MessageService.ShowWarning(
                        query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "",
                        ex.Message);
                }
                return(false);
            });

            if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK)
            {
                return(null);
            }

            try
            {
                vaultConf.Save();
            }
            catch (Exception e)
            {
                MessageService.ShowWarning(e.Message);
                return(null);
            }

            return(masterKey);
        }
示例#7
0
        private byte[] OpenInternal(KeyProviderQueryContext ctx)
        {
            SafeVaultConf conf = new SafeVaultConf(ctx.DatabaseIOInfo);

            var required = new[] {
                conf.ClientCertificateName,
                conf.ServerUrl,
                conf.ServerCertificateName,
                conf.Salt,
                conf.Username,
                conf.VaultKeyname,
                conf.DatabaseKeyA
            };

            if (required.Any(string.IsNullOrEmpty))
            {
                throw new ConfigurationException("SafeVault not configured.");
            }

            byte[] salt = Convert.FromBase64String(conf.Salt);
            using (var rsa = RsaCipher.LoadFromX509Store(conf.ClientCertificateName))
            {
                salt = rsa.Decrypt(salt);
            }

            string             sKeyB      = string.Empty;
            VaultKeyPromptForm promptForm = new VaultKeyPromptForm();

            promptForm.InitEx("Enter SafeVault Password", "Open Database", (oneTimePassword) => {
                var query = new SafeVaultWebClient(conf);
                try
                {
                    sKeyB = query.GetDbxKey(conf.VaultKeyname, oneTimePassword);
                    return(true);
                }
                catch (SafeVaultException ex)
                {
                    MessageService.ShowWarning(
                        query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "",
                        ex.Message
                        );
                }
                return(false);
            });

            if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK)
            {
                return(null);
            }

            byte[] keyA = Convert.FromBase64String(conf.DatabaseKeyA);
            byte[] keyB = Convert.FromBase64String(sKeyB);
            using (var aes = new Aes256Cipher())
            {
                aes.SetPassPhrase(salt);
                keyA = aes.Decrypt(keyA);
                keyB = aes.Decrypt(keyB);
            }

            if (keyA.Length != keyB.Length)
            {
                throw new SafevaultKeyProviderException("Incompatible KEYA and KEYB");
            }

            for (int i = 0; i < keyB.Length; i++)
            {
                keyA[i] ^= keyB[i];
            }
            int keyL = BitConverter.ToUInt16(keyA, 0);

            if (keyL > keyA.Length)
            {
                throw new SafevaultKeyProviderException("Invalid KEYB");
            }

            byte[] masterKey = new byte[keyL];
            Array.Copy(keyA, 2, masterKey, 0, masterKey.Length);

            return(masterKey);
        }