private bool disposedValue = false; // To detect redundant calls
private void Dispose(bool disposing)
{
if (!disposedValue)
{
if (disposing)
{
SecureArray.Zero(_protecteBytes);
}
disposedValue = true;
}
}
/// <summary>
/// Convert array to a secure array
/// will zero array passed in using RtlZeroMemory
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="array"></param>
/// <returns></returns>
public static SecureArray <T> ToSecureArray <T>(this T[] array) where T : struct
{
if (array == null)
{
throw new ArgumentNullException(nameof(array));
}
try
{
var secure = new SecureArray <T>(array.Length);
Buffer.BlockCopy(array, 0, secure.Buffer, 0, array.Length);
return(secure);
}
finally
{
SecureArray.Zero(array);
}
}
/// <summary>
/// Protect data with dpapi
/// Will zero out plain text data
/// </summary>
/// <param name="plainTextData"></param>
public DpapiEncryptedByteArray(byte[] plainTextData)
{
if (plainTextData == null)
{
throw new ArgumentNullException(nameof(plainTextData));
}
UnencryptedDatalength = plainTextData.Length;
try
{
_protecteBytes = ProtectedData.Protect(plainTextData, _additionalEntropy, DataProtectionScope.CurrentUser);
}
catch (Exception ex)
{
throw new InvalidOperationException("failed to retrieve protected data", ex);
}
finally
{
SecureArray.Zero(plainTextData);
}
}
/// <summary>
/// Convert char[] to SecureString
/// </summary>
/// <param name="plainString"></param>
/// <returns></returns>
public static unsafe SecureString ToSecureString(this char[] plainString)
{
SecureString str;
try
{
if (plainString == null || !plainString.Any())
{
return(new SecureString());
}
fixed(char *str2 = plainString)
{
char *chPtr = str2;
str = new SecureString(chPtr, plainString.Length);
str.MakeReadOnly();
}
return(str);
}
finally
{
SecureArray.Zero(plainString);
}
}
private SecureArray <byte> InitialHash()
{
var ret = BestSecureArray <byte>(Blake2B.OutputLength);
using (var blakeHash =
Blake2B.Create(
new Blake2BConfig
{
OutputSizeInBytes = PrehashDigestLength,
Result64ByteBuffer = ret.Buffer
}))
{
var value = new byte[4];
Store32(value, this.config.Lanes);
blakeHash.Update(value);
Store32(value, this.config.HashLength);
blakeHash.Update(value);
Store32(value, this.config.MemoryCost);
blakeHash.Update(value);
Store32(value, this.config.TimeCost);
blakeHash.Update(value);
Store32(value, (uint)this.config.Version);
blakeHash.Update(value);
Store32(value, (uint)this.config.Type);
blakeHash.Update(value);
Store32(value, this.config.Password?.Length ?? 0);
blakeHash.Update(value);
if (this.config.Password != null)
{
blakeHash.Update(this.config.Password);
if (this.config.ClearPassword)
{
SecureArray.Zero(this.config.Password);
}
}
Store32(value, this.config.Salt?.Length ?? 0);
blakeHash.Update(value);
if (this.config.Salt != null)
{
blakeHash.Update(this.config.Salt);
}
Store32(value, this.config.Secret?.Length ?? 0);
blakeHash.Update(value);
if (this.config.Secret != null)
{
blakeHash.Update(this.config.Secret);
if (this.config.ClearSecret)
{
SecureArray.Zero(this.config.Secret);
}
}
Store32(value, this.config.AssociatedData?.Length ?? 0);
blakeHash.Update(value);
if (this.config.AssociatedData != null)
{
blakeHash.Update(this.config.AssociatedData);
}
blakeHash.Finish();
}
return(ret);
}