From 6d5251fe0292b01134fa230399014cb6fe8e2aad Mon Sep 17 00:00:00 2001 From: Jim Norman Date: Tue, 2 May 2006 21:44:13 +0000 Subject: [PATCH] Security Audit 4.1. Enhanced Persistence encryption salt generation to be more random based on the password or master password used. --- CASA.changes | 1825 ++++++++++++++------------- c_micasad/Makefile.am | 1 + c_micasad/cache/SecretStore.cs | 159 ++- c_micasad/lss/CASACrypto.cs | 226 ++-- c_micasad/lss/FastRandom.cs | 329 +++++ c_micasad/lss/Rfc2898DeriveBytes.cs | 71 +- 6 files changed, 1570 insertions(+), 1041 deletions(-) create mode 100644 c_micasad/lss/FastRandom.cs diff --git a/CASA.changes b/CASA.changes index 139a92cd..692fe416 100644 --- a/CASA.changes +++ b/CASA.changes @@ -1,910 +1,915 @@ -------------------------------------------------------------------- -Tue May 2 20:30:37 IST 2006 - lsreevatsa@novell.com -- Description: - Security Audit 5:13. Refix for using proper length on strncpy. - Maximum Length is 512 characters. - -- Modified files: - c_adlib/GKEngine.cs - c_adlib/ad_gk/GnomeKeyring.cs - c_adlib/ad_gk/native/ad_gk.c - -------------------------------------------------------------------- -Tue May 2 12:37:22 IST 2006 - smanojna@novell.com -- Description: - CASAManager GUI shall now support a maximum of 512 characters in - length. User will not be able to create secrets and key-value pairs - of lenght more than 512 characters from within CASAManager GUI. - This check is essential to protect CASA from possible buffer - overflow attacks. - -- Modified files: - casa.glade - -------------------------------------------------------------------- -Wed Apr 26 16:17:00 MST 2006 - jnorman@novell.com -- Bug 165283. Remove reference to Mac OS from help file. - -------------------------------------------------------------------- -Wed Apr 26 15:50:00 MST 2006 - jnorman@novell.com -- Security Audit Recap: -- Item 4.1, File: c_micasad/lss/Rfc2898DeriveBytes.c - 1. This item is awaiting licensing on a portable random number - generator received through a contribution to the the project. -- Item 4.2 File: c_micasad/cache/KeyValue.c - 1. Fix is in line 202 of the file. We improved XOR algorithm by - increasing the size of the key to equate the value. -- Item 4.3 File: c_micasad/lss/LocalStorage.cs - 1. Now files are checked for ownership before being removed. - New methods added and there are changes through out the file to support this. -- Item 4.4 File: c_micasad/lss/CASACrypto.cs - 1. IV fix will be checked in as soon as the item No. 1 above is approved. - 2. For this item now we testing the file to make sure it is not a - symbolic link. (line 454, 455 in the file.) - 3. This was a low priority item and we are investigating this. - 4. This function was not used hence removed. - 5. The default behavior of the file creation was modified to set the - rights at creation time. -- Item 5.1 File: c_micasad/communication/UnixCommunication - 1. This was fixed by checking to see if the root was not the owner - of the socket to remove the file. -- Item 5.2 File: c_micasad/lib/communication/UnixIPCClientChannel.cs - 1. This was fixed by validating the owner of the socket before use. -- Item 5.3 File: c_micasad/lib/communication/UnixIPCClientChannel.cs - 1. This was fixed by validating the buffer size before allocation of memory. -- Item 5.4 File: c_micasad/lss/CASACrypto.cs - 1. This was fixed by checking for minimum length. - 2. We can't check for upper limit for memory for maximum file size because - we don't know how big the file can get. System will swap the pages out - of the cache if it gets big and those pages are fragments of the encrypted - cache. The original decrypted cache will be subject to garbage collection - by Mono or .Net. We have added the forced garbage collection after - finishing the decryption operation. -- Item 5.5 File: c_micasad/verbs/ObjectSerializtion.cs - 1. The memory size checks have been added to the code for validation. -- Item 5.6 File: c_micasad/verbs/OpenSecretStore.cs - 1. The buffer size validation is added. - 2. MsgId 0x1001 is not correct. -- Item 5.7 File: c_micasad/verbs/SetMasterPasscode.cs - 1. The buffer size validation is added. -- Item 5.8 File: c_micasad/common/SessionManager.cs - 1. We are running as root so $PATH is root's $PATH. - 2. We can go through he while loop twice that is the reason we used the loop. -- Item 5.9 File: c_micasad/sscs_ndk.c - 1. All of the instances of strcpy, strcmp, strcat, strlen, were replaced - with strncpy, strncmp, strncat and strlen was eliminated. - 2. TheUtf8 macros were modified to force a null at the end of the string - buffer where the length was declared. - 3. All of the buffer lengths for upper bounds are being validated before use. - 4. sscsshs_ChkEscapeString was fixed. -- Item 5.10 File: auth_token/kbr5_token/linux/get.c - 1. This file is not build as a part of CASA 1.6 yet and is supposed to be - completed and shipped in CASA 1.7. The fix will be applied later. -- Item 5.11 File: c_micasacache/sscs_ipc - 1. Handling of the end files has been added to the code. -- Item 5.12 File: c_micasacache/sscs_unx_ipc_client.c - 1. Tokenize function has been fixed. - 2. Validation of the buflen is added where applicable. -- Item 5.13 File: c_adlib/ad_gk/native.c - 1. The validation of the buffer length has been added to the code. - -------------------------------------------------------------------- -Wed Apr 26 15:39:00 MST 2006 - jnorman@novell.com -- Security Audit 5:13. Use proper length on strncpy. - -------------------------------------------------------------------- -Wed Apr 26 11:02:00 MST 2006 - jnorman@novell.com -- Security Audit 5.6: Check length of ssNameLen < 256 - before allocating buffer - -------------------------------------------------------------------- -Wed Apr 26 10:55:20 MST 2006 - jnorman@novell.com -- Security Audit 5.4: Issue Garbage Collect after loading persistence. - -------------------------------------------------------------------- -Wed Apr 26 10:26:20 MST 2006 - jnorman@novell.com -- Security Audit 5.5: Check length of message to be within range. - -------------------------------------------------------------------- -Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com -- Security Audit 5.13: Ensure that string lengths are within limits - and null terminated before copying them to buffers. - -------------------------------------------------------------------- -Wed Apr 26 12:53:10 IST 2006 - smanojna@novell.com -- Bug 165283: CASA docs and About screen states that CASA runs on - Mac OSX which it does not currently. - -------------------------------------------------------------------- -Mon Apr 24 16:24:20 MST 2006 - jnorman@novell.com -- Bug 157218. Clear lists of secrets when GUI is locked. - -------------------------------------------------------------------- -Mon Apr 24 15:35:20 MST 2006 - cmashayekhi@novell.com -- casainstall and casauninstall scripts were added to - yast2 install. - -------------------------------------------------------------------- -Mon Apr 24 04:40:20 MST 2006 - jnorman@novell.com -- change lookup name from kwallet_rw to casakwallet - -------------------------------------------------------------------- -Sat Apr 22 18:52:20 MST 2006 - cmashayekhi@novell.com -- installcasa and uninstallcasa scripts were added to - c_micasad/startup to accomodate for yast configuration. -- casacfg and casaucfg were updated for yast configuration. -- yast2-CASA.changes was added to yast-CASA project. -- CASA.spec.in and yast2-CASA.spec.in were modified to support - the new files. -------------------------------------------------------------------- -Thu Apr 20 16:27:39 MST 2006 - cmashayekhi@novell.com -- CASA.spec.in was modified to: - - fix a problem with restarting casa on reinstall. - - kwallet_rw related code was removed. - - casaucfg script was added to be called when uninstalling. - -------------------------------------------------------------------- -Thu Apr 20 12:52:19 MST 2006 - cmashayekhi@novell.com -- Yast module was modified and renamed to CASA instead of novell-casa. - -------------------------------------------------------------------- -Wed Apr 19 14:22:10 MST 2006 - jnorman@novell.com -- Security Audit report: 4.2. Enhance encryption of values in memory. - -------------------------------------------------------------------- -Mon Apr 17 15:47:10 MST 2006 - jnorman@novell.com -- Security Audit. Checkpoint changes thus far to c code. - -------------------------------------------------------------------- -Fri Apr 14 14:10:11 MST 2006 - cmashayekh@novell.com -- CASA.spec, casacfgpam, and casaucfgpam scripts were - updated to work with the YaST configuration for CASA. - -- YaST configuration module will be added separately to - the project by Soo Choi for the build. - -------------------------------------------------------------------- -Thu Apr 13 08:43:10 MST 2006 - jnorman@novell.com -- Bug 164949. Fix 'New Secret' menu option when FireFox tab is selected. - Comment out fix for 164181 (see below). SessionId is not implemented - -------------------------------------------------------------------- -Thu Apr 13 07:01:10 MST 2006 - jnorman@novell.com -- Bug 164181. Prevent multiple instances of CASA Manager on windows. - -------------------------------------------------------------------- -Wed Apr 12 09:13:10 MST 2006 - jnorman@novell.com -- Security Audit Report : Patch for Bug No. 5.2. - File c_micasad/lib/communication/UnixIPCClientChannel.cs - Determine buffer size needed based on the amount of data being sent. - -------------------------------------------------------------------- -Mon Apr 10 09:41:10 MST 2006 - jnorman@novell.com -- Bug 154548. Fix to display firefox secrets in CASAManager. - -------------------------------------------------------------------- -Tue Apr 04 14:24:10 MST 2006 - jnorman@novell.com -- added timer to suppress viewing values(passwords) for micasa store - after a preset time in seconds. - -------------------------------------------------------------------- -Mon Apr 03 08:45:10 MST 2006 - cmashayekhi@novell.com -- micasad is set to be off on install and be turned on from YAST - later. - -------------------------------------------------------------------- -Fri Mar 31 19:34:00 CEST 2006 - sreeves@suse.de - -- Update .desktop file to only use valid categories and move to the Control Center - See - https://bugzilla.novell.com/show_bug.cgi?id=129432 - https://bugzilla.novell.com/show_bug.cgi?id=159780 - - -------------------------------------------------------------------- -Fri Mar 31 12:46:35 MST 2006 - jnorman@novell.com -- Bug 162024. Expand casa-logo when window grows. - -------------------------------------------------------------------- -Thu Mar 30 8:40:35 MST 2006 - jnorman@novell.com -- Bug 157218. Clear views on secrets when GUI is locked - -------------------------------------------------------------------- -Wed Mar 29 19:40:35 IST 2006 - lsreevatsa@novell.com - -- Security Audit Report : Patch for Bug No. 5.12.1. - File : c_micasacache/sscs_unx_ipc_client.c. -- Added a check to verify whether size of the token is - less than NSSCS_MAX_SECRET_ID_LEN(512) assuring that - sscs_Utf8Strcpy() will not copy more bytes than memory - availble. - -------------------------------------------------------------------- -Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com - -- Security Audit Report : Patch for Bug No. 5.7. - File : c_micasad/verbs/SetMasterPassword.cs. -- Added a check to verify the length of the Master Password - to be greater than 8 characters and less than or equal to - 256 characters. - -------------------------------------------------------------------- -Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com - -- Security Audit Report : Patch for Bug No. 5.4.1 - File : c_micasad/lss/CASACrypto.cs -- Added a check to verify Decrypt string is greater than 32. - -------------------------------------------------------------------- -Wed Mar 22 14:41:24 CET 2006 - schwab@suse.de - -- Fix broken makefiles. - -------------------------------------------------------------------- -Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com - -- Added Modify and Delete functionalities for Firefox Password - Manager Secrets into CASAManager. - -------------------------------------------------------------------- -Tue Mar 14 15:53:02 MST 2006 - jnorman@novell.com -- Bug 155529. Detect whether or not Firefox is installed - -------------------------------------------------------------------- -Thu Mar 09 10:53:02 IST 2006 - smanojna@novell.com - -- Added a delete-event-handler for the Firefox master password - prompt dialog. -- A minor fix to make CASAManager always write to the default wallet. -- Removed console debug print messages from GK and FF code. - -------------------------------------------------------------------- -Wed Mar 08 18:46:13 IST 2006 - lsreevatsa@novell.com - --Fix for Bug [154548]: CASAManager does not display Firefox Secrets - if started before Firefox has been used. --Fix for Bug [155529] : Support for IsFirefoxStoreAvailable. -------------------------------------------------------------------- -Wed Mar 08 16:27:33 IST 2006 - smanojna@novell.com - -- Added Firefox MasterPassword prompt into CASAManager. - CASAManager will now prompt for master password during aggregating - the Firefox password manager if it is locked with a master password. - -------------------------------------------------------------------- -Tue Mar 07 23:02:38 IST 2006 - lsreevatsa@novell.com - -- Changed the GetDefaultWallet() function to address all scenarios. - -------------------------------------------------------------------- -Tue Mar 07 19:20:50 IST 2006 - smanojna@novell.com - -- Added Application SSO feature to CASAManager (Linux). - We will be able to add single sign-on information to Konquerer and - NetworkManager appilcations from within CASAManager. - Main-Menu: Options > Application SSO. -- Fixed an expection thrown during GnomeKeyring delete secret operation. -- All textboxes in CASAManager have been updated to take not more than - 256 characters (just a small check to avoid buffer-overflows). - -------------------------------------------------------------------- -Tue Mar 07 15:08:26 IST 2006 - smanojna@novell.com - -- Fix for writing secrets into the default Wallet instead of - writing into CASAWallet. -- Changed the port attribute in Keyring from string to unit32. - -------------------------------------------------------------------- -Mon Mar 06 16:30:00 IST 2006 - mmanohar@novell.com - --Fix for BUG154514 - I am seeing sporadic GUI crashes on Linux --Fix for Bug 154547 -build 367 - SECURITY - Secrets in Firefox Password manager - are being written to the console --Fix for Issue of Firefox initialization despite being disabled in the Policy --Fix for FireFox Uninitialize - - ------------------------------------------------------------------- -Wed Mar 01 10:35:19 MST 2006 - cmashayekhi@novell.com - -- CASA.spec was modified to put the CASAManager.sh in /usr/bin. -- CASAManager.desktop was modified to point to CASAManager.sh in /usr/bin. -- CASA.spec and CASA_dbg.spec were synced up. - -------------------------------------------------------------------- -Wed Mar 01 16:30:00 IST 2006 - mmanohar@novell.com - --CASA Spec files changed for installation of FireFox - components via RPMs -- Console messages removed from GUI-SDI and AD-Lib -------------------------------------------------------------------- -Wed Feb 28 14:00:00 IST 2006 - mmanohar@novell.com - -- FireFox View functionality integrated with CASA - -------------------------------------------------------------------- -Mon Feb 27 16:34:24 MST 2006 - jnorman@novell.com - -- Bug 147031. Change CASA.desktop to find CASAManager in /usr/sbin - -------------------------------------------------------------------- -Tue Feb 27 11:55:27 IST 2006 - asuraj@novell.com - -- Bug 141823. CASAManager will not display KDE Wallet Secrets unless - kwalletmanager is open - fixed by starting kdeinit in code - ------------------------------------------------------------------- -Wed Feb 22 16:55:27 MST 2006 - cmashayekhi@novell.com - -- CASA.spec was modified to put the scripts in /usr/sbin. -- A link as rcmicasad was created fro /usr/sbin to /etc/init.d/micasad -- force-reload and reload tags were added to the micasad script. - -------------------------------------------------------------------- -Tue Feb 22 14:03:20 MST 2006 - jnorman@novell.com -- Bug 151679. Remove reverse links when deleting a secret - fixed - -------------------------------------------------------------------- -Tue Feb 22 13:33:20 MST 2006 - jnorman@novell.com -- Bug 150642. Return additional error codes when store is locked - -------------------------------------------------------------------- -Tue Feb 22 10:25:20 MST 2006 - jnorman@novell.com -- Remove build dependency on krb5-devel and libgssapi - -------------------------------------------------------------------- -Tue Feb 21 16:25:20 MST 2006 - jnorman@novell.com -- Bug 141689. Windows: change mouse handler for notifyicon to mouse - down event. - - Bug: Windows, start service at post install. - -------------------------------------------------------------------- -Tue Feb 21 12:22:17 MST 2006 - jnorman@novell.com -- Bug 141651. On windows, uninstalls will kill CASAManager too. - -------------------------------------------------------------------- -Tue Feb 21 12:05:17 MST 2006 - jnorman@novell.com - -- Bug 148945. Handle the case were micasad is restarted, before - a user sets their master password - -------------------------------------------------------------------- -Mon Feb 20 10:40:17 IST 2006 - smanojna@novell.com - -- Bug 147031: CASAManager main menu icon is placed only in... - - System > Configuration > Novell CASA Manager - -------------------------------------------------------------------- -Sun Feb 19 17:23:44 CET 2006 - ro@suse.de - -- rework BuildRequires again -- no hacks for CASAManager desktop file in post-scripts - -------------------------------------------------------------------- -Sat Feb 18 15:57:20 MST 2006 - cmashayekhi@novell.com - -- Minor fixes were made to micasad script. -- Minor fixes were made to CASA.spec. -- CASA.spec and CASA_dbg.spec were synched. - -------------------------------------------------------------------- -Fri Feb 17 14:01:12 MST 2006 - jnorman@novell.com - -- Bug 135386: Linking secrets with colon in the name - FIXED - -------------------------------------------------------------------- -Fri Feb 17 21:31:10 IST 2006 - smanojna@novell.com - -- Bug 147031: CASAManager should have a menu item - FIXED, - A menu item for CASAManager gets created within the NLD/SuSE - main menu under the following categories, - - System > Configuration > Novell CASA Manager - - Utilities > Security > Novell CASA Manager - - Internet > Administration > Novell CASA Manager -------------------------------------------------------------------- -Thu Feb 16 16:45:27 MST 2006 - cmashayekhi@novell.com - -- Spec file was correct to eliminate the neededforbuild directive - -------------------------------------------------------------------- -Thu Feb 16 11:43:36 MST 2006 - jnorman@novell.com - -- Add dependency to kdelibs3 back to CASA-gui rpm in spec file - -------------------------------------------------------------------- -Thu Feb 16 07:45:20 IST 2006 - smanojna@novell.com - -- Bug 146015: A CASAkeyring is created to add secrets to the - Gnome Keyring through CASAManager - FIXED. - -------------------------------------------------------------------- -Wed Feb 15 14:45:22 MST 2006 - cmashayekhi@novell.com - -- Bug 143940. pam_sscs.c patch for the buffer overflow applied to - version 1.5. - -------------------------------------------------------------------- -Tue Feb 14 17:15:34 MST 2006 - jnorman@novell.com - -- Bug 150975. Enable GNOME Keyring when gnome-keyring.so is loaded - -------------------------------------------------------------------- -Tue Feb 14 14:01:20 MST 2006 - jnorman@novell.com - -- Bug 150644. Prevent removal of secrets when store is locked. - -------------------------------------------------------------------- -Tue Feb 14 13:45:20 MST 2006 - jnorman@novell.com - -- Bug 150037. For windows, change build options to not require msvcr71.dll. - -------------------------------------------------------------------- -Tue Feb 14 10:15:20 MST 2006 - cmashayekhi@novell.com - -- CASA-detect_lib64 patch suggested by Rudi Ortel has been applied. -- CASA.spec was fixed to not try to create duplicate dirs - -------------------------------------------------------------------- -Tue Feb 14 09:57:43 IST 2006 - smanojna@novell.com - -- Bug 133386: Remove install time dependency on keyring and - kdewallet. -- Bug 148102: CASA-gui requires kdelibs3. - -------------------------------------------------------------------- -Tue Feb 14 11:17:20 CET 2006 - meissner@suse.de - -- Fixed the broken %post and %preun logic, added prerequires. - -------------------------------------------------------------------- -Tue Feb 14 01:03:33 CET 2006 - ro@suse.de - -- comment out filesystem dirs from filelist - -------------------------------------------------------------------- -Mon Feb 13 08:50:22 MST 2006 - cmashayekhi@novell.com - -- compiler option -fstack-protector was added to the build scripts -- buffer overflow in pam-sscs.c was fixed. -- try-restart and status command line options were added to the - micad script and CASA.spec was updated - -------------------------------------------------------------------- -Thu Feb 09 13:57:41 CET 2006 - meissner@suse.de - -- disabled CASA by default again. #147934 -- fixed file lists -- actually builds on all Mono supporting platforms now. - -------------------------------------------------------------------- -Thu Feb 09 02:19:05 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Wed Feb 08 17:45:50 MST 2006 - cmashayekhi@novell.com - -- startup and shutdown script was modified to not - edit pam files. -- script to modify pam files for install, upgradeand - remove were created and spec file was modified to - call them. -- startup and shut down of the service during install - and upgrade was fixed. - -------------------------------------------------------------------- -Tue Feb 07 14:00:59 MST 2006 - cmashayekhi@novell.com - -- Updated the CASA.spec to move CASA to /usr/... -- fixed the startup script for updating pam files. - -------------------------------------------------------------------- -Tue Feb 07 10:49:59 MST 2006 - jnorman@novell.com - -- Bug 147801. Handle reserved chars - -------------------------------------------------------------------- -Mon Feb 06 11:52:59 MST 2006 - jnorman@novell.com - -- Bug 147801. Fix to add additional key-value pairs - -------------------------------------------------------------------- -Mon Feb 06 18:11:08 CET 2006 - meissner@suse.de - -- Disable by default #147934 -- Do not write PAM entries in micasad startup script #147935 - -------------------------------------------------------------------- -Wed Feb 01 9:47:59 MST 2006 - jnorman@novell.com - -- Rename CASA-1.5.glade to CASA.glade - -------------------------------------------------------------------- -Mon Jan 30 18:29:05 CET 2006 - ro@suse.de - -- replaced java2 by java2-devel-packages in BuildRequires - - -------------------------------------------------------------------- -Fri Jan 30 10:34:59 MST 2006 - cmashayekhi@novell.com - -- CASA.spec was corrected to work with the changes in - gtk libs and mono. - -------------------------------------------------------------------- -Sat Jan 28 20:22:59 MST 2006 - jnorman@novell.com - -- Bug 143878. Handle more than 100 secrets in GUI. - -------------------------------------------------------------------- -Sat Jan 28 20:12:59 MST 2006 - jnorman@novell.com - -- Bug 146025. Prevent CASA manager from launch if - MasterPassword login dialog is closed. - -------------------------------------------------------------------- -Sat Jan 28 11:46:59 MST 2006 - jnorman@novell.com - -- Bug 143859. Fix linking keys problem. - -------------------------------------------------------------------- -Fri Jan 27 03:03:18 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Wed Jan 25 14:18:52 MST 2006 - jnorman@novell.com - -- Bug 142183. Do not add GKPassword to gnome-keyring - Provided by Manohar - -------------------------------------------------------------------- -Wed Jan 25 14:12:52 MST 2006 - jnorman@novell.com - -- Bug 136784. Prevent multiple instances of GUI - Provided by Manohar - -------------------------------------------------------------------- -Wed Jan 25 21:43:52 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Wed Jan 25 11:13:03 MST 2006 - cmashayekhi@novell.com - -- Rolled Ruediger Ortel changes into micasad. - -------------------------------------------------------------------- -Tue Jan 24 00:13:03 CET 2006 - gekker@suse.de - -- fixup nfb for new gtk-sharp packaging - -------------------------------------------------------------------- -Mon Jan 23 16:03:16 CET 2006 - ro@suse.de - -- add (empty) rest of LSB script header - -------------------------------------------------------------------- -Sat Jan 21 21:25:34 MST 2006 - jnorman@novell.com - -- Bug 143837. Add description to micasad service for windows - -------------------------------------------------------------------- -Fri Jan 20 13:20:34 MST 2006 - jnorman@novell.com - -- Attempt unlocking all gnome-keyrings at login time. - -------------------------------------------------------------------- -Thu Jan 20 11:39:34 MST 2006 - jnorman@novell.com - -- Bug 142475. Add EULA to install for windows and license info - in help dialog. - -------------------------------------------------------------------- -Thu Jan 19 11:17:34 MST 2006 - jnorman@novell.com - -- Bug 143846. Suppress current key from being linked to itself. - -------------------------------------------------------------------- -Thu Jan 19 10:57:34 MST 2006 - jnorman@novell.com - -- Bug 142939. Keep 'New Key' menu item active. - -------------------------------------------------------------------- -Wed Jan 18 16:12:34 MST 2006 - jnorman@novell.com - -- Bug 143891. Sort SecretIDs on Link dialog. - -------------------------------------------------------------------- -Fri Jan 13 15:02:34 MST 2006 - jnorman@novell.com - -- Bug 142937. Activate 'New' menu option after unlock. - -------------------------------------------------------------------- -Fri Jan 13 13:02:34 MST 2006 - cmashayekhi@novell.com - -- Upon recieving a fix from ximian the change below was undone. - -------------------------------------------------------------------- -Wed Jan 11 21:50:59 MST 2006 - jnorman@novell.com - -- Revert Mono.Unix.PeerCred back to Mono.Posix.PeerCred to run - on MONO 1.1.13 - -------------------------------------------------------------------- -Wed Jan 11 20:31:12 IST 2006 - smanojna@novell.com - -- Bug 142091: Inconsistency with naming in the GUI - FIXED. - String "MiCasa" changed to "miCASA" in the Link Keys dialog. - -------------------------------------------------------------------- -Tue Jan 10 10:24:26 MST 2006 - jnorman@novell.com - -- Changed dependency to MONO 1.1.13 - -------------------------------------------------------------------- -Tue Jan 10 18:16:01 IST 2006 - smanojna@novell.com - -- Bug 142091: Inconsistency with naming in the GUI - FIXED - -------------------------------------------------------------------- -Tue Jan 10 13:20:06 IST 2006 - smanojna@novell.com - -- Added support for ADD-KEY and DELETE-KEY for GnomeKeyring store. -- Bug 142183:Added code to prevent users from deleting "GKPassword" - Key in Keyring store. - -------------------------------------------------------------------- -Mon Jan 09 21:25:00 CET 2006 - gekker@suse.de - -- Fix to build against the latest version of mono, version 1.1.13 - -------------------------------------------------------------------- -Mon Jan 09 17:38:33 MST 2006 - jnorman@novell.com - -- Change Mono.Unix to Mono.Unix.Native. Move from Mono.Posix to - Mono.Unix - -------------------------------------------------------------------- -Fri Jan 06 16:06:03 MST 2006 - jnorman@novell.com -- Bug 141689. Prevent multiple menus. - -------------------------------------------------------------------- -Fri Jan 06 17:44:03 IST 2006 - smanojna@novell.com - -- Added ADD/MODIFY/DELETE functionalites for Keyring and KWallet - stores and was integrated with the GUI. - -- About dialog in the GUI was updated with the version info (1.6). - -- KNOWN ISSUES: - 1. Currently ADD-KEYS and DELETE-KEYS of existing secrets for Keyring - is not functional. - 2. Creation of new secret in Keyring (ADD-SECRET) expects a key - with the name "GKPassword" whose value will be the password for - the respective secret. This key should not be deleted. - -------------------------------------------------------------------- -Tue Jan 03 16:01:10 MST 2006 - cmashayekhi@novell.com - -- Fixed link.lux files to use $ARC parameter to eliminate the - errors caused during the build with the rpath link parameter. - -------------------------------------------------------------------- -Thu Dec 22 14:37:04 MST 2005 - jnorman@novell.com - -- Removed creating sym links to CASAManager files - -------------------------------------------------------------------- -Wed Dec 21 14:17:38 MST 2005 - jnorman@novell.com - -- Bug 140056. Commented code to prevent login hangs in NDK. - -------------------------------------------------------------------- -Tue Dec 20 11:17:38 MST 2005 - jnorman@novell.com - -- Bug 133485. Set .miCASA files as hidden - -------------------------------------------------------------------- -Tue Dec 20 10:40:38 MST 2005 - jnorman@novell.com - -- Bug 140057. Disable destroying secrets when locked - -------------------------------------------------------------------- -Tue Dec 20 10:23:38 MST 2005 - jnorman@novell.com - -- Bug 140058. Update version number on GUI - -------------------------------------------------------------------- -Sat Dec 17 08:23:38 MST 2005 - cmashayekhi@novell.com - -- Merged in the CASA.changes from Patch_1.5 - -------------------------------------------------------------------- -Fri Dec 16 15:07:22 MST 2005 - cmashayekhi@novell.com - -- Compile erros in gk_ad.c were fixed to build. - -------------------------------------------------------------------- -Fri Dec 16 10:49:53 MST 2005 - cmashayekhi@novell.com - -- Checked in for changes in ADLib for Add-Modify-Delete for - KWallet and Gnome Keyring. - -------------------------------------------------------------------- -Fri Dec 16 08:55:06 MST 2005 - jluciani@novell.com - --Fixed compiler warnings in auth-token stuff. - -------------------------------------------------------------------- -Wed Dec 14 10:57:46 MST 2005 - jnorman@novell.com - --Bug 138355. Delay persistence until home directory is created. - prevent closing session prematurely (pam_sscs.c) - -------------------------------------------------------------------- -Wed Dec 14 10:22:46 MST 2005 - jluciani@novell.com - --Added authentication token stuff into the mix. - -------------------------------------------------------------------- -Tue Dec 13 15:29:59 MST 2005 - cmashayekhi@novell.com - -- Patch build revision number is set to 198. - -------------------------------------------------------------------- -Tue Dec 13 15:20:53 MST 2005 - cmashayekhi@novell.com - -- Bug 138355. Delay persistence until the users home directory - is created (SecretStore.cs). This was done for LUM integration -- On SessionClose in PAM (sscs_pam.c), change SSFlags to 0 on - CloseSecretStoreCache to prevent closing session early. - -------------------------------------------------------------------- -Mon Dec 12 15:39:59 MST 2005 - cmashayekhi@novell.com - -- FINAL Patch build revision number is set to 190. - -------------------------------------------------------------------- -Mon Dec 12 15:29:59 MST 2005 - cmashayekhi@novell.com - -- Patch build revision number is set to 189 - -------------------------------------------------------------------- -Mon Dec 12 09:29:59 MST 2005 - cmashayekhi@novell.com - -- Added patch changes that Rudy made on Nov. 14th to - checkin to the stable branch. -- Changes made to CASA.spec and pam_sscs.c -- Fixed build in stable: add qt-bindir to PATH -- include syslog.h for LOG_ERR - - -------------------------------------------------------------------- -Tue Dec 06 15:43:46 MST 2005 - jnorman@novell.com - --Added AssemblyInfo files to all DotNET modules - -------------------------------------------------------------------- -Tue Dec 06 09:43:46 MST 2005 - cmashayekhi@novell.com - --Reverting back to build 166 changes and updating the CASA.spec - to run pre and post script. - -------------------------------------------------------------------- -Mon Dec 05 13:32:23 MST 2005 - jnorman@novell.com - -- Bug 136523. Fix KWallet code to show KWallet secrets. - fix made in kwallets_rw.cpp - -------------------------------------------------------------------- -Fri Dec 02 16:35:38 MST 2005 - jnorman@novell.com - -- Bug 136527. Add handlers on KDEStore and GNOME Store code - -------------------------------------------------------------------- -Fri Dec 02 15:11:49 MST 2005 - cmashayekhi@novell.com - -- Bug 136221, workaround in CASA.spec file were removed because - they were not changes for supported intended use of the - product. Instead the readme was updated. - -------------------------------------------------------------------- -Fri Dec 02 10:34:02 MST 2005 - jnorman@novell.com - -- Bug 134096, add CASAManager.exe.config. -- Bug 136224, Document Readme for random crash on 64 bit. -- Bug 136226, Launch kde-open on kde desktops, and gnome-open on - gnome for help files -- Bug 136221, Attempt to prevent installing 32bit rpms on - 64 bit platforms as a workaround. -- Added CASA_dbg.spec file to build debug RPMs on autobuild - -------------------------------------------------------------------- -Wed Nov 30 10:34:02 MST 2005 - jnorman@novell.com - -- Bug 134096, Fixed Wrapper code for proper structure marshaling. - -------------------------------------------------------------------- -Tue Nov 29 17:01:09 MST 2005 - jnorman@novell.com - -- Bug: 134096 Fix CASA gui for 64 bit - -------------------------------------------------------------------- -Wed Nov 24 14:09:19 MST 2005 - jnorman@novell.com - -- Bug fixes: 135387, 135393 - -------------------------------------------------------------------- - -Wed Nov 23 07:18:23 MST 2005 - cmashayekhi@novell.com - -- c_gui/CASAManager.sh was fixed to support lib64 directory. -- c_micasad/startup/micasad.sh was fixed to support lib64. - -------------------------------------------------------------------- -Wed Nov 23 16:09:19 MST 2005 - jnorman@novell.com - -- changed PAM Capture to find libmicasa in path - -------------------------------------------------------------------- -Wed Nov 18 14:09:19 MST 2005 - jnorman@novell.com - -- Change GUI dependency from gtk2-devel to gtk2. - -------------------------------------------------------------------- -Wed Nov 16 13:42:19 MST 2005 - jnorman@novell.com - -- Bug 133479. Clear Native information when destroying secrets or refreshing - -------------------------------------------------------------------- -Tue Nov 15 14:54:19 MST 2005 - jnorman@novell.com - -- Added gtk2-devel dependency to CASA-gui rpm - -------------------------------------------------------------------- -Mon Nov 14 15:56:59 MST 2005 - cmashayekhi@novell.com - -- Bug 133705 having to do with licenses in the source files - was fixed. -- CASA.spec was modified to accomodate for auto build scripts. -------------------------------------------------------------------- -Fri Nov 11 08:26:50 MST 2005 - jnorman@novell.com - -- Added help files, and code to launch help files to GUI - -------------------------------------------------------------------- -Thu Nov 10 12:32:38 MST 2005 - jnorman@novell.com - -- Replaced changes.log with CASA.changes in the src tree to be - consistent with autobuild - -------------------------------------------------------------------- -Mon Nov 07 16:44:00 MST 2005 - cameron@novell.com - -- CASA.spec and versioning number was modified to support build - number as a part of the rpm version. -- lib*.so versioning was changed to support linux format versioning - numbers. CASA libs are at 1.1.1 now. - - Build scripts were modified to support $RPM_OPT_FLAGS. - - Added persistence without desktop credentials. - - Bug 130336 -- resevered escaped chars was fixed. - - Bug 130518 -- invalid param exception handling was - fixed. - - Support for extended ascii and double byte chars in - GUI was added. - - Finalized GUI cosmetic changes. - ----------------------------------------------------------------- -Thu Oct 27 11:40:20 MDT 2005 - cmashayekhi@novell.com --The image version to 1.5.0 - Files: - - Work area was cleaned up for the final build. - - CASA.spec was modified to requirement. - - Minor bug fixes were applied. ----------------------------------------------------------------- -Thu Oct 19 14:46:33 MDT 2005 - cmashayekhi@novell.com --The image version to 1.5.0 - Files: - - Moving from version 1.0.0 to 1.5.0 as per PRD. ----------------------------------------------------------------- +------------------------------------------------------------------- +Tue May 02 15:37:37 MST 2006 - jnorman@novell.com +- Security Audit 4.1. Enhanced Persistence encryption salt generation + to be more random based on the password or master password used. + +------------------------------------------------------------------- +Tue May 02 20:30:37 IST 2006 - lsreevatsa@novell.com +- Description: + Security Audit 5:13. Refix for using proper length on strncpy. + Maximum Length is 512 characters. + +- Modified files: + c_adlib/GKEngine.cs + c_adlib/ad_gk/GnomeKeyring.cs + c_adlib/ad_gk/native/ad_gk.c + +------------------------------------------------------------------- +Tue May 02 12:37:22 IST 2006 - smanojna@novell.com +- Description: + CASAManager GUI shall now support a maximum of 512 characters in + length. User will not be able to create secrets and key-value pairs + of lenght more than 512 characters from within CASAManager GUI. + This check is essential to protect CASA from possible buffer + overflow attacks. + +- Modified files: + casa.glade + +------------------------------------------------------------------- +Wed Apr 26 16:17:00 MST 2006 - jnorman@novell.com +- Bug 165283. Remove reference to Mac OS from help file. + +------------------------------------------------------------------- +Wed Apr 26 15:50:00 MST 2006 - jnorman@novell.com +- Security Audit Recap: +- Item 4.1, File: c_micasad/lss/Rfc2898DeriveBytes.c + 1. This item is awaiting licensing on a portable random number + generator received through a contribution to the the project. +- Item 4.2 File: c_micasad/cache/KeyValue.c + 1. Fix is in line 202 of the file. We improved XOR algorithm by + increasing the size of the key to equate the value. +- Item 4.3 File: c_micasad/lss/LocalStorage.cs + 1. Now files are checked for ownership before being removed. + New methods added and there are changes through out the file to support this. +- Item 4.4 File: c_micasad/lss/CASACrypto.cs + 1. IV fix will be checked in as soon as the item No. 1 above is approved. + 2. For this item now we testing the file to make sure it is not a + symbolic link. (line 454, 455 in the file.) + 3. This was a low priority item and we are investigating this. + 4. This function was not used hence removed. + 5. The default behavior of the file creation was modified to set the + rights at creation time. +- Item 5.1 File: c_micasad/communication/UnixCommunication + 1. This was fixed by checking to see if the root was not the owner + of the socket to remove the file. +- Item 5.2 File: c_micasad/lib/communication/UnixIPCClientChannel.cs + 1. This was fixed by validating the owner of the socket before use. +- Item 5.3 File: c_micasad/lib/communication/UnixIPCClientChannel.cs + 1. This was fixed by validating the buffer size before allocation of memory. +- Item 5.4 File: c_micasad/lss/CASACrypto.cs + 1. This was fixed by checking for minimum length. + 2. We can't check for upper limit for memory for maximum file size because + we don't know how big the file can get. System will swap the pages out + of the cache if it gets big and those pages are fragments of the encrypted + cache. The original decrypted cache will be subject to garbage collection + by Mono or .Net. We have added the forced garbage collection after + finishing the decryption operation. +- Item 5.5 File: c_micasad/verbs/ObjectSerializtion.cs + 1. The memory size checks have been added to the code for validation. +- Item 5.6 File: c_micasad/verbs/OpenSecretStore.cs + 1. The buffer size validation is added. + 2. MsgId 0x1001 is not correct. +- Item 5.7 File: c_micasad/verbs/SetMasterPasscode.cs + 1. The buffer size validation is added. +- Item 5.8 File: c_micasad/common/SessionManager.cs + 1. We are running as root so $PATH is root's $PATH. + 2. We can go through he while loop twice that is the reason we used the loop. +- Item 5.9 File: c_micasad/sscs_ndk.c + 1. All of the instances of strcpy, strcmp, strcat, strlen, were replaced + with strncpy, strncmp, strncat and strlen was eliminated. + 2. TheUtf8 macros were modified to force a null at the end of the string + buffer where the length was declared. + 3. All of the buffer lengths for upper bounds are being validated before use. + 4. sscsshs_ChkEscapeString was fixed. +- Item 5.10 File: auth_token/kbr5_token/linux/get.c + 1. This file is not build as a part of CASA 1.6 yet and is supposed to be + completed and shipped in CASA 1.7. The fix will be applied later. +- Item 5.11 File: c_micasacache/sscs_ipc + 1. Handling of the end files has been added to the code. +- Item 5.12 File: c_micasacache/sscs_unx_ipc_client.c + 1. Tokenize function has been fixed. + 2. Validation of the buflen is added where applicable. +- Item 5.13 File: c_adlib/ad_gk/native.c + 1. The validation of the buffer length has been added to the code. + +------------------------------------------------------------------- +Wed Apr 26 15:39:00 MST 2006 - jnorman@novell.com +- Security Audit 5:13. Use proper length on strncpy. + +------------------------------------------------------------------- +Wed Apr 26 11:02:00 MST 2006 - jnorman@novell.com +- Security Audit 5.6: Check length of ssNameLen < 256 + before allocating buffer + +------------------------------------------------------------------- +Wed Apr 26 10:55:20 MST 2006 - jnorman@novell.com +- Security Audit 5.4: Issue Garbage Collect after loading persistence. + +------------------------------------------------------------------- +Wed Apr 26 10:26:20 MST 2006 - jnorman@novell.com +- Security Audit 5.5: Check length of message to be within range. + +------------------------------------------------------------------- +Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com +- Security Audit 5.13: Ensure that string lengths are within limits + and null terminated before copying them to buffers. + +------------------------------------------------------------------- +Wed Apr 26 12:53:10 IST 2006 - smanojna@novell.com +- Bug 165283: CASA docs and About screen states that CASA runs on + Mac OSX which it does not currently. + +------------------------------------------------------------------- +Mon Apr 24 16:24:20 MST 2006 - jnorman@novell.com +- Bug 157218. Clear lists of secrets when GUI is locked. + +------------------------------------------------------------------- +Mon Apr 24 15:35:20 MST 2006 - cmashayekhi@novell.com +- casainstall and casauninstall scripts were added to + yast2 install. + +------------------------------------------------------------------- +Mon Apr 24 04:40:20 MST 2006 - jnorman@novell.com +- change lookup name from kwallet_rw to casakwallet + +------------------------------------------------------------------- +Sat Apr 22 18:52:20 MST 2006 - cmashayekhi@novell.com +- installcasa and uninstallcasa scripts were added to + c_micasad/startup to accomodate for yast configuration. +- casacfg and casaucfg were updated for yast configuration. +- yast2-CASA.changes was added to yast-CASA project. +- CASA.spec.in and yast2-CASA.spec.in were modified to support + the new files. +------------------------------------------------------------------- +Thu Apr 20 16:27:39 MST 2006 - cmashayekhi@novell.com +- CASA.spec.in was modified to: + - fix a problem with restarting casa on reinstall. + - kwallet_rw related code was removed. + - casaucfg script was added to be called when uninstalling. + +------------------------------------------------------------------- +Thu Apr 20 12:52:19 MST 2006 - cmashayekhi@novell.com +- Yast module was modified and renamed to CASA instead of novell-casa. + +------------------------------------------------------------------- +Wed Apr 19 14:22:10 MST 2006 - jnorman@novell.com +- Security Audit report: 4.2. Enhance encryption of values in memory. + +------------------------------------------------------------------- +Mon Apr 17 15:47:10 MST 2006 - jnorman@novell.com +- Security Audit. Checkpoint changes thus far to c code. + +------------------------------------------------------------------- +Fri Apr 14 14:10:11 MST 2006 - cmashayekh@novell.com +- CASA.spec, casacfgpam, and casaucfgpam scripts were + updated to work with the YaST configuration for CASA. + +- YaST configuration module will be added separately to + the project by Soo Choi for the build. + +------------------------------------------------------------------- +Thu Apr 13 08:43:10 MST 2006 - jnorman@novell.com +- Bug 164949. Fix 'New Secret' menu option when FireFox tab is selected. + Comment out fix for 164181 (see below). SessionId is not implemented + +------------------------------------------------------------------- +Thu Apr 13 07:01:10 MST 2006 - jnorman@novell.com +- Bug 164181. Prevent multiple instances of CASA Manager on windows. + +------------------------------------------------------------------- +Wed Apr 12 09:13:10 MST 2006 - jnorman@novell.com +- Security Audit Report : Patch for Bug No. 5.2. + File c_micasad/lib/communication/UnixIPCClientChannel.cs + Determine buffer size needed based on the amount of data being sent. + +------------------------------------------------------------------- +Mon Apr 10 09:41:10 MST 2006 - jnorman@novell.com +- Bug 154548. Fix to display firefox secrets in CASAManager. + +------------------------------------------------------------------- +Tue Apr 04 14:24:10 MST 2006 - jnorman@novell.com +- added timer to suppress viewing values(passwords) for micasa store + after a preset time in seconds. + +------------------------------------------------------------------- +Mon Apr 03 08:45:10 MST 2006 - cmashayekhi@novell.com +- micasad is set to be off on install and be turned on from YAST + later. + +------------------------------------------------------------------- +Fri Mar 31 19:34:00 CEST 2006 - sreeves@suse.de + +- Update .desktop file to only use valid categories and move to the Control Center + See + https://bugzilla.novell.com/show_bug.cgi?id=129432 + https://bugzilla.novell.com/show_bug.cgi?id=159780 + + +------------------------------------------------------------------- +Fri Mar 31 12:46:35 MST 2006 - jnorman@novell.com +- Bug 162024. Expand casa-logo when window grows. + +------------------------------------------------------------------- +Thu Mar 30 8:40:35 MST 2006 - jnorman@novell.com +- Bug 157218. Clear views on secrets when GUI is locked + +------------------------------------------------------------------- +Wed Mar 29 19:40:35 IST 2006 - lsreevatsa@novell.com + +- Security Audit Report : Patch for Bug No. 5.12.1. + File : c_micasacache/sscs_unx_ipc_client.c. +- Added a check to verify whether size of the token is + less than NSSCS_MAX_SECRET_ID_LEN(512) assuring that + sscs_Utf8Strcpy() will not copy more bytes than memory + availble. + +------------------------------------------------------------------- +Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com + +- Security Audit Report : Patch for Bug No. 5.7. + File : c_micasad/verbs/SetMasterPassword.cs. +- Added a check to verify the length of the Master Password + to be greater than 8 characters and less than or equal to + 256 characters. + +------------------------------------------------------------------- +Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com + +- Security Audit Report : Patch for Bug No. 5.4.1 + File : c_micasad/lss/CASACrypto.cs +- Added a check to verify Decrypt string is greater than 32. + +------------------------------------------------------------------- +Wed Mar 22 14:41:24 CET 2006 - schwab@suse.de + +- Fix broken makefiles. + +------------------------------------------------------------------- +Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com + +- Added Modify and Delete functionalities for Firefox Password + Manager Secrets into CASAManager. + +------------------------------------------------------------------- +Tue Mar 14 15:53:02 MST 2006 - jnorman@novell.com +- Bug 155529. Detect whether or not Firefox is installed + +------------------------------------------------------------------- +Thu Mar 09 10:53:02 IST 2006 - smanojna@novell.com + +- Added a delete-event-handler for the Firefox master password + prompt dialog. +- A minor fix to make CASAManager always write to the default wallet. +- Removed console debug print messages from GK and FF code. + +------------------------------------------------------------------- +Wed Mar 08 18:46:13 IST 2006 - lsreevatsa@novell.com + +-Fix for Bug [154548]: CASAManager does not display Firefox Secrets + if started before Firefox has been used. +-Fix for Bug [155529] : Support for IsFirefoxStoreAvailable. +------------------------------------------------------------------- +Wed Mar 08 16:27:33 IST 2006 - smanojna@novell.com + +- Added Firefox MasterPassword prompt into CASAManager. + CASAManager will now prompt for master password during aggregating + the Firefox password manager if it is locked with a master password. + +------------------------------------------------------------------- +Tue Mar 07 23:02:38 IST 2006 - lsreevatsa@novell.com + +- Changed the GetDefaultWallet() function to address all scenarios. + +------------------------------------------------------------------- +Tue Mar 07 19:20:50 IST 2006 - smanojna@novell.com + +- Added Application SSO feature to CASAManager (Linux). + We will be able to add single sign-on information to Konquerer and + NetworkManager appilcations from within CASAManager. + Main-Menu: Options > Application SSO. +- Fixed an expection thrown during GnomeKeyring delete secret operation. +- All textboxes in CASAManager have been updated to take not more than + 256 characters (just a small check to avoid buffer-overflows). + +------------------------------------------------------------------- +Tue Mar 07 15:08:26 IST 2006 - smanojna@novell.com + +- Fix for writing secrets into the default Wallet instead of + writing into CASAWallet. +- Changed the port attribute in Keyring from string to unit32. + +------------------------------------------------------------------- +Mon Mar 06 16:30:00 IST 2006 - mmanohar@novell.com + +-Fix for BUG154514 - I am seeing sporadic GUI crashes on Linux +-Fix for Bug 154547 -build 367 - SECURITY - Secrets in Firefox Password manager + are being written to the console +-Fix for Issue of Firefox initialization despite being disabled in the Policy +-Fix for FireFox Uninitialize + + +------------------------------------------------------------------ +Wed Mar 01 10:35:19 MST 2006 - cmashayekhi@novell.com + +- CASA.spec was modified to put the CASAManager.sh in /usr/bin. +- CASAManager.desktop was modified to point to CASAManager.sh in /usr/bin. +- CASA.spec and CASA_dbg.spec were synced up. + +------------------------------------------------------------------- +Wed Mar 01 16:30:00 IST 2006 - mmanohar@novell.com + +-CASA Spec files changed for installation of FireFox + components via RPMs +- Console messages removed from GUI-SDI and AD-Lib +------------------------------------------------------------------- +Wed Feb 28 14:00:00 IST 2006 - mmanohar@novell.com + +- FireFox View functionality integrated with CASA + +------------------------------------------------------------------- +Mon Feb 27 16:34:24 MST 2006 - jnorman@novell.com + +- Bug 147031. Change CASA.desktop to find CASAManager in /usr/sbin + +------------------------------------------------------------------- +Tue Feb 27 11:55:27 IST 2006 - asuraj@novell.com + +- Bug 141823. CASAManager will not display KDE Wallet Secrets unless + kwalletmanager is open - fixed by starting kdeinit in code + +------------------------------------------------------------------ +Wed Feb 22 16:55:27 MST 2006 - cmashayekhi@novell.com + +- CASA.spec was modified to put the scripts in /usr/sbin. +- A link as rcmicasad was created fro /usr/sbin to /etc/init.d/micasad +- force-reload and reload tags were added to the micasad script. + +------------------------------------------------------------------- +Tue Feb 22 14:03:20 MST 2006 - jnorman@novell.com +- Bug 151679. Remove reverse links when deleting a secret - fixed + +------------------------------------------------------------------- +Tue Feb 22 13:33:20 MST 2006 - jnorman@novell.com +- Bug 150642. Return additional error codes when store is locked + +------------------------------------------------------------------- +Tue Feb 22 10:25:20 MST 2006 - jnorman@novell.com +- Remove build dependency on krb5-devel and libgssapi + +------------------------------------------------------------------- +Tue Feb 21 16:25:20 MST 2006 - jnorman@novell.com +- Bug 141689. Windows: change mouse handler for notifyicon to mouse + down event. + - Bug: Windows, start service at post install. + +------------------------------------------------------------------- +Tue Feb 21 12:22:17 MST 2006 - jnorman@novell.com +- Bug 141651. On windows, uninstalls will kill CASAManager too. + +------------------------------------------------------------------- +Tue Feb 21 12:05:17 MST 2006 - jnorman@novell.com + +- Bug 148945. Handle the case were micasad is restarted, before + a user sets their master password + +------------------------------------------------------------------- +Mon Feb 20 10:40:17 IST 2006 - smanojna@novell.com + +- Bug 147031: CASAManager main menu icon is placed only in... + - System > Configuration > Novell CASA Manager + +------------------------------------------------------------------- +Sun Feb 19 17:23:44 CET 2006 - ro@suse.de + +- rework BuildRequires again +- no hacks for CASAManager desktop file in post-scripts + +------------------------------------------------------------------- +Sat Feb 18 15:57:20 MST 2006 - cmashayekhi@novell.com + +- Minor fixes were made to micasad script. +- Minor fixes were made to CASA.spec. +- CASA.spec and CASA_dbg.spec were synched. + +------------------------------------------------------------------- +Fri Feb 17 14:01:12 MST 2006 - jnorman@novell.com + +- Bug 135386: Linking secrets with colon in the name - FIXED + +------------------------------------------------------------------- +Fri Feb 17 21:31:10 IST 2006 - smanojna@novell.com + +- Bug 147031: CASAManager should have a menu item - FIXED, + A menu item for CASAManager gets created within the NLD/SuSE + main menu under the following categories, + - System > Configuration > Novell CASA Manager + - Utilities > Security > Novell CASA Manager + - Internet > Administration > Novell CASA Manager +------------------------------------------------------------------- +Thu Feb 16 16:45:27 MST 2006 - cmashayekhi@novell.com + +- Spec file was correct to eliminate the neededforbuild directive + +------------------------------------------------------------------- +Thu Feb 16 11:43:36 MST 2006 - jnorman@novell.com + +- Add dependency to kdelibs3 back to CASA-gui rpm in spec file + +------------------------------------------------------------------- +Thu Feb 16 07:45:20 IST 2006 - smanojna@novell.com + +- Bug 146015: A CASAkeyring is created to add secrets to the + Gnome Keyring through CASAManager - FIXED. + +------------------------------------------------------------------- +Wed Feb 15 14:45:22 MST 2006 - cmashayekhi@novell.com + +- Bug 143940. pam_sscs.c patch for the buffer overflow applied to + version 1.5. + +------------------------------------------------------------------- +Tue Feb 14 17:15:34 MST 2006 - jnorman@novell.com + +- Bug 150975. Enable GNOME Keyring when gnome-keyring.so is loaded + +------------------------------------------------------------------- +Tue Feb 14 14:01:20 MST 2006 - jnorman@novell.com + +- Bug 150644. Prevent removal of secrets when store is locked. + +------------------------------------------------------------------- +Tue Feb 14 13:45:20 MST 2006 - jnorman@novell.com + +- Bug 150037. For windows, change build options to not require msvcr71.dll. + +------------------------------------------------------------------- +Tue Feb 14 10:15:20 MST 2006 - cmashayekhi@novell.com + +- CASA-detect_lib64 patch suggested by Rudi Ortel has been applied. +- CASA.spec was fixed to not try to create duplicate dirs + +------------------------------------------------------------------- +Tue Feb 14 09:57:43 IST 2006 - smanojna@novell.com + +- Bug 133386: Remove install time dependency on keyring and + kdewallet. +- Bug 148102: CASA-gui requires kdelibs3. + +------------------------------------------------------------------- +Tue Feb 14 11:17:20 CET 2006 - meissner@suse.de + +- Fixed the broken %post and %preun logic, added prerequires. + +------------------------------------------------------------------- +Tue Feb 14 01:03:33 CET 2006 - ro@suse.de + +- comment out filesystem dirs from filelist + +------------------------------------------------------------------- +Mon Feb 13 08:50:22 MST 2006 - cmashayekhi@novell.com + +- compiler option -fstack-protector was added to the build scripts +- buffer overflow in pam-sscs.c was fixed. +- try-restart and status command line options were added to the + micad script and CASA.spec was updated + +------------------------------------------------------------------- +Thu Feb 09 13:57:41 CET 2006 - meissner@suse.de + +- disabled CASA by default again. #147934 +- fixed file lists +- actually builds on all Mono supporting platforms now. + +------------------------------------------------------------------- +Thu Feb 09 02:19:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Feb 08 17:45:50 MST 2006 - cmashayekhi@novell.com + +- startup and shutdown script was modified to not + edit pam files. +- script to modify pam files for install, upgradeand + remove were created and spec file was modified to + call them. +- startup and shut down of the service during install + and upgrade was fixed. + +------------------------------------------------------------------- +Tue Feb 07 14:00:59 MST 2006 - cmashayekhi@novell.com + +- Updated the CASA.spec to move CASA to /usr/... +- fixed the startup script for updating pam files. + +------------------------------------------------------------------- +Tue Feb 07 10:49:59 MST 2006 - jnorman@novell.com + +- Bug 147801. Handle reserved chars + +------------------------------------------------------------------- +Mon Feb 06 11:52:59 MST 2006 - jnorman@novell.com + +- Bug 147801. Fix to add additional key-value pairs + +------------------------------------------------------------------- +Mon Feb 06 18:11:08 CET 2006 - meissner@suse.de + +- Disable by default #147934 +- Do not write PAM entries in micasad startup script #147935 + +------------------------------------------------------------------- +Wed Feb 01 9:47:59 MST 2006 - jnorman@novell.com + +- Rename CASA-1.5.glade to CASA.glade + +------------------------------------------------------------------- +Mon Jan 30 18:29:05 CET 2006 - ro@suse.de + +- replaced java2 by java2-devel-packages in BuildRequires + + +------------------------------------------------------------------- +Fri Jan 30 10:34:59 MST 2006 - cmashayekhi@novell.com + +- CASA.spec was corrected to work with the changes in + gtk libs and mono. + +------------------------------------------------------------------- +Sat Jan 28 20:22:59 MST 2006 - jnorman@novell.com + +- Bug 143878. Handle more than 100 secrets in GUI. + +------------------------------------------------------------------- +Sat Jan 28 20:12:59 MST 2006 - jnorman@novell.com + +- Bug 146025. Prevent CASA manager from launch if + MasterPassword login dialog is closed. + +------------------------------------------------------------------- +Sat Jan 28 11:46:59 MST 2006 - jnorman@novell.com + +- Bug 143859. Fix linking keys problem. + +------------------------------------------------------------------- +Fri Jan 27 03:03:18 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 14:18:52 MST 2006 - jnorman@novell.com + +- Bug 142183. Do not add GKPassword to gnome-keyring + Provided by Manohar + +------------------------------------------------------------------- +Wed Jan 25 14:12:52 MST 2006 - jnorman@novell.com + +- Bug 136784. Prevent multiple instances of GUI + Provided by Manohar + +------------------------------------------------------------------- +Wed Jan 25 21:43:52 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 11:13:03 MST 2006 - cmashayekhi@novell.com + +- Rolled Ruediger Ortel changes into micasad. + +------------------------------------------------------------------- +Tue Jan 24 00:13:03 CET 2006 - gekker@suse.de + +- fixup nfb for new gtk-sharp packaging + +------------------------------------------------------------------- +Mon Jan 23 16:03:16 CET 2006 - ro@suse.de + +- add (empty) rest of LSB script header + +------------------------------------------------------------------- +Sat Jan 21 21:25:34 MST 2006 - jnorman@novell.com + +- Bug 143837. Add description to micasad service for windows + +------------------------------------------------------------------- +Fri Jan 20 13:20:34 MST 2006 - jnorman@novell.com + +- Attempt unlocking all gnome-keyrings at login time. + +------------------------------------------------------------------- +Thu Jan 20 11:39:34 MST 2006 - jnorman@novell.com + +- Bug 142475. Add EULA to install for windows and license info + in help dialog. + +------------------------------------------------------------------- +Thu Jan 19 11:17:34 MST 2006 - jnorman@novell.com + +- Bug 143846. Suppress current key from being linked to itself. + +------------------------------------------------------------------- +Thu Jan 19 10:57:34 MST 2006 - jnorman@novell.com + +- Bug 142939. Keep 'New Key' menu item active. + +------------------------------------------------------------------- +Wed Jan 18 16:12:34 MST 2006 - jnorman@novell.com + +- Bug 143891. Sort SecretIDs on Link dialog. + +------------------------------------------------------------------- +Fri Jan 13 15:02:34 MST 2006 - jnorman@novell.com + +- Bug 142937. Activate 'New' menu option after unlock. + +------------------------------------------------------------------- +Fri Jan 13 13:02:34 MST 2006 - cmashayekhi@novell.com + +- Upon recieving a fix from ximian the change below was undone. + +------------------------------------------------------------------- +Wed Jan 11 21:50:59 MST 2006 - jnorman@novell.com + +- Revert Mono.Unix.PeerCred back to Mono.Posix.PeerCred to run + on MONO 1.1.13 + +------------------------------------------------------------------- +Wed Jan 11 20:31:12 IST 2006 - smanojna@novell.com + +- Bug 142091: Inconsistency with naming in the GUI - FIXED. + String "MiCasa" changed to "miCASA" in the Link Keys dialog. + +------------------------------------------------------------------- +Tue Jan 10 10:24:26 MST 2006 - jnorman@novell.com + +- Changed dependency to MONO 1.1.13 + +------------------------------------------------------------------- +Tue Jan 10 18:16:01 IST 2006 - smanojna@novell.com + +- Bug 142091: Inconsistency with naming in the GUI - FIXED + +------------------------------------------------------------------- +Tue Jan 10 13:20:06 IST 2006 - smanojna@novell.com + +- Added support for ADD-KEY and DELETE-KEY for GnomeKeyring store. +- Bug 142183:Added code to prevent users from deleting "GKPassword" + Key in Keyring store. + +------------------------------------------------------------------- +Mon Jan 09 21:25:00 CET 2006 - gekker@suse.de + +- Fix to build against the latest version of mono, version 1.1.13 + +------------------------------------------------------------------- +Mon Jan 09 17:38:33 MST 2006 - jnorman@novell.com + +- Change Mono.Unix to Mono.Unix.Native. Move from Mono.Posix to + Mono.Unix + +------------------------------------------------------------------- +Fri Jan 06 16:06:03 MST 2006 - jnorman@novell.com +- Bug 141689. Prevent multiple menus. + +------------------------------------------------------------------- +Fri Jan 06 17:44:03 IST 2006 - smanojna@novell.com + +- Added ADD/MODIFY/DELETE functionalites for Keyring and KWallet + stores and was integrated with the GUI. + +- About dialog in the GUI was updated with the version info (1.6). + +- KNOWN ISSUES: + 1. Currently ADD-KEYS and DELETE-KEYS of existing secrets for Keyring + is not functional. + 2. Creation of new secret in Keyring (ADD-SECRET) expects a key + with the name "GKPassword" whose value will be the password for + the respective secret. This key should not be deleted. + +------------------------------------------------------------------- +Tue Jan 03 16:01:10 MST 2006 - cmashayekhi@novell.com + +- Fixed link.lux files to use $ARC parameter to eliminate the + errors caused during the build with the rpath link parameter. + +------------------------------------------------------------------- +Thu Dec 22 14:37:04 MST 2005 - jnorman@novell.com + +- Removed creating sym links to CASAManager files + +------------------------------------------------------------------- +Wed Dec 21 14:17:38 MST 2005 - jnorman@novell.com + +- Bug 140056. Commented code to prevent login hangs in NDK. + +------------------------------------------------------------------- +Tue Dec 20 11:17:38 MST 2005 - jnorman@novell.com + +- Bug 133485. Set .miCASA files as hidden + +------------------------------------------------------------------- +Tue Dec 20 10:40:38 MST 2005 - jnorman@novell.com + +- Bug 140057. Disable destroying secrets when locked + +------------------------------------------------------------------- +Tue Dec 20 10:23:38 MST 2005 - jnorman@novell.com + +- Bug 140058. Update version number on GUI + +------------------------------------------------------------------- +Sat Dec 17 08:23:38 MST 2005 - cmashayekhi@novell.com + +- Merged in the CASA.changes from Patch_1.5 + +------------------------------------------------------------------- +Fri Dec 16 15:07:22 MST 2005 - cmashayekhi@novell.com + +- Compile erros in gk_ad.c were fixed to build. + +------------------------------------------------------------------- +Fri Dec 16 10:49:53 MST 2005 - cmashayekhi@novell.com + +- Checked in for changes in ADLib for Add-Modify-Delete for + KWallet and Gnome Keyring. + +------------------------------------------------------------------- +Fri Dec 16 08:55:06 MST 2005 - jluciani@novell.com + +-Fixed compiler warnings in auth-token stuff. + +------------------------------------------------------------------- +Wed Dec 14 10:57:46 MST 2005 - jnorman@novell.com + +-Bug 138355. Delay persistence until home directory is created. + prevent closing session prematurely (pam_sscs.c) + +------------------------------------------------------------------- +Wed Dec 14 10:22:46 MST 2005 - jluciani@novell.com + +-Added authentication token stuff into the mix. + +------------------------------------------------------------------- +Tue Dec 13 15:29:59 MST 2005 - cmashayekhi@novell.com + +- Patch build revision number is set to 198. + +------------------------------------------------------------------- +Tue Dec 13 15:20:53 MST 2005 - cmashayekhi@novell.com + +- Bug 138355. Delay persistence until the users home directory + is created (SecretStore.cs). This was done for LUM integration +- On SessionClose in PAM (sscs_pam.c), change SSFlags to 0 on + CloseSecretStoreCache to prevent closing session early. + +------------------------------------------------------------------- +Mon Dec 12 15:39:59 MST 2005 - cmashayekhi@novell.com + +- FINAL Patch build revision number is set to 190. + +------------------------------------------------------------------- +Mon Dec 12 15:29:59 MST 2005 - cmashayekhi@novell.com + +- Patch build revision number is set to 189 + +------------------------------------------------------------------- +Mon Dec 12 09:29:59 MST 2005 - cmashayekhi@novell.com + +- Added patch changes that Rudy made on Nov. 14th to + checkin to the stable branch. +- Changes made to CASA.spec and pam_sscs.c +- Fixed build in stable: add qt-bindir to PATH +- include syslog.h for LOG_ERR + + +------------------------------------------------------------------- +Tue Dec 06 15:43:46 MST 2005 - jnorman@novell.com + +-Added AssemblyInfo files to all DotNET modules + +------------------------------------------------------------------- +Tue Dec 06 09:43:46 MST 2005 - cmashayekhi@novell.com + +-Reverting back to build 166 changes and updating the CASA.spec + to run pre and post script. + +------------------------------------------------------------------- +Mon Dec 05 13:32:23 MST 2005 - jnorman@novell.com + +- Bug 136523. Fix KWallet code to show KWallet secrets. + fix made in kwallets_rw.cpp + +------------------------------------------------------------------- +Fri Dec 02 16:35:38 MST 2005 - jnorman@novell.com + +- Bug 136527. Add handlers on KDEStore and GNOME Store code + +------------------------------------------------------------------- +Fri Dec 02 15:11:49 MST 2005 - cmashayekhi@novell.com + +- Bug 136221, workaround in CASA.spec file were removed because + they were not changes for supported intended use of the + product. Instead the readme was updated. + +------------------------------------------------------------------- +Fri Dec 02 10:34:02 MST 2005 - jnorman@novell.com + +- Bug 134096, add CASAManager.exe.config. +- Bug 136224, Document Readme for random crash on 64 bit. +- Bug 136226, Launch kde-open on kde desktops, and gnome-open on + gnome for help files +- Bug 136221, Attempt to prevent installing 32bit rpms on + 64 bit platforms as a workaround. +- Added CASA_dbg.spec file to build debug RPMs on autobuild + +------------------------------------------------------------------- +Wed Nov 30 10:34:02 MST 2005 - jnorman@novell.com + +- Bug 134096, Fixed Wrapper code for proper structure marshaling. + +------------------------------------------------------------------- +Tue Nov 29 17:01:09 MST 2005 - jnorman@novell.com + +- Bug: 134096 Fix CASA gui for 64 bit + +------------------------------------------------------------------- +Wed Nov 24 14:09:19 MST 2005 - jnorman@novell.com + +- Bug fixes: 135387, 135393 + +------------------------------------------------------------------- + +Wed Nov 23 07:18:23 MST 2005 - cmashayekhi@novell.com + +- c_gui/CASAManager.sh was fixed to support lib64 directory. +- c_micasad/startup/micasad.sh was fixed to support lib64. + +------------------------------------------------------------------- +Wed Nov 23 16:09:19 MST 2005 - jnorman@novell.com + +- changed PAM Capture to find libmicasa in path + +------------------------------------------------------------------- +Wed Nov 18 14:09:19 MST 2005 - jnorman@novell.com + +- Change GUI dependency from gtk2-devel to gtk2. + +------------------------------------------------------------------- +Wed Nov 16 13:42:19 MST 2005 - jnorman@novell.com + +- Bug 133479. Clear Native information when destroying secrets or refreshing + +------------------------------------------------------------------- +Tue Nov 15 14:54:19 MST 2005 - jnorman@novell.com + +- Added gtk2-devel dependency to CASA-gui rpm + +------------------------------------------------------------------- +Mon Nov 14 15:56:59 MST 2005 - cmashayekhi@novell.com + +- Bug 133705 having to do with licenses in the source files + was fixed. +- CASA.spec was modified to accomodate for auto build scripts. +------------------------------------------------------------------- +Fri Nov 11 08:26:50 MST 2005 - jnorman@novell.com + +- Added help files, and code to launch help files to GUI + +------------------------------------------------------------------- +Thu Nov 10 12:32:38 MST 2005 - jnorman@novell.com + +- Replaced changes.log with CASA.changes in the src tree to be + consistent with autobuild + +------------------------------------------------------------------- +Mon Nov 07 16:44:00 MST 2005 - cameron@novell.com + +- CASA.spec and versioning number was modified to support build + number as a part of the rpm version. +- lib*.so versioning was changed to support linux format versioning + numbers. CASA libs are at 1.1.1 now. + - Build scripts were modified to support $RPM_OPT_FLAGS. + - Added persistence without desktop credentials. + - Bug 130336 -- resevered escaped chars was fixed. + - Bug 130518 -- invalid param exception handling was + fixed. + - Support for extended ascii and double byte chars in + GUI was added. + - Finalized GUI cosmetic changes. + +---------------------------------------------------------------- +Thu Oct 27 11:40:20 MDT 2005 - cmashayekhi@novell.com +-The image version to 1.5.0 + Files: + - Work area was cleaned up for the final build. + - CASA.spec was modified to requirement. + - Minor bug fixes were applied. +---------------------------------------------------------------- +Thu Oct 19 14:46:33 MDT 2005 - cmashayekhi@novell.com +-The image version to 1.5.0 + Files: + - Moving from version 1.0.0 to 1.5.0 as per PRD. +---------------------------------------------------------------- diff --git a/c_micasad/Makefile.am b/c_micasad/Makefile.am index e59e64a6..9f207b1a 100644 --- a/c_micasad/Makefile.am +++ b/c_micasad/Makefile.am @@ -82,6 +82,7 @@ CSFILES=$(srcdir)/AssemblyInfo.cs \ $(srcdir)/cache/KeyValue.cs \ $(srcdir)/cache/IKeychain.cs \ $(srcdir)/cache/ISecret.cs \ + $(srcdir)/lss/FastRandom.cs \ $(srcdir)/lss/LocalStorage.cs \ $(srcdir)/lss/CASACrypto.cs \ $(srcdir)/lss/Rfc2898DeriveBytes.cs \ diff --git a/c_micasad/cache/SecretStore.cs b/c_micasad/cache/SecretStore.cs index 35ae70bb..094b2cf1 100644 --- a/c_micasad/cache/SecretStore.cs +++ b/c_micasad/cache/SecretStore.cs @@ -209,8 +209,9 @@ namespace sscs.cache } } - baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath()); - if(baPasscode != null) + baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), false); + //if(baPasscode != null) + if (true) { if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) { @@ -219,9 +220,22 @@ namespace sscs.cache return true; } else - { - lss = null; - bIsStorePersistent = false; //till masterPasswd is verified + { + // try old encryption method + baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + // rewrite file using new encryption + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath()); + lss = new LocalStorage(this, baPasscode); + bIsStorePersistent = true; + return true; + } + else + { + lss = null; + bIsStorePersistent = false; //till masterPasswd is verified + } } return true; } @@ -283,7 +297,7 @@ namespace sscs.cache */ if(desktopPasswd != null) { - baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath()); + baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), false); if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) { CASACrypto.EncryptAndStoreMasterPasscodeUsingString( @@ -293,31 +307,48 @@ namespace sscs.cache return true; } else - { - //Probably desktop passwd has changed. - //But as even master passwd is being set only now, - //the persistent store is lost. - - baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd,GetPasscodeByMasterPasswdFilePath(),GetValidationFilePath(), user.UserIdentifier); - if(baPasscode != null) - { - CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath()); - CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,desktopPasswd,GetPasscodeByDesktopFilePath()); - if(File.Exists(GetPersistenceFilePath())) - { - File.Delete(GetPersistenceFilePath()); - CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now."); - } - if( bIsStorePersistent == false ) - { - lss = new LocalStorage(this,baPasscode); - bIsStorePersistent = true; - } - return true; - } - else - { - return false; + { + // try old method + baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + // rewrite file using new method + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath()); + + + CASACrypto.EncryptAndStoreMasterPasscodeUsingString( + baPasscode, + mPasswd, + GetPasscodeByMasterPasswdFilePath()); + return true; + } + else + { + //Probably desktop passwd has changed. + //But as even master passwd is being set only now, + //the persistent store is lost. + + baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), GetValidationFilePath(), user.UserIdentifier); + if (baPasscode != null) + { + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, mPasswd, GetPasscodeByMasterPasswdFilePath()); + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath()); + if (File.Exists(GetPersistenceFilePath())) + { + File.Delete(GetPersistenceFilePath()); + CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now."); + } + if (bIsStorePersistent == false) + { + lss = new LocalStorage(this, baPasscode); + bIsStorePersistent = true; + } + return true; + } + else + { + return false; + } } } //return true; @@ -338,7 +369,6 @@ namespace sscs.cache CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now. - Desktop passwd is not there and Master password is being set"); } - baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd,GetPasscodeByMasterPasswdFilePath(),GetValidationFilePath(), user.UserIdentifier); if(baPasscode != null) { @@ -368,9 +398,9 @@ namespace sscs.cache //If validation succeeds,start persistence. if(desktopPasswd == null) { - baPasscode = CASACrypto.DecryptMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath()); + baPasscode = CASACrypto.DecryptMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), false); if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) - { + { if(bIsStorePersistent == false) { lss = new LocalStorage(this,baPasscode); @@ -379,14 +409,30 @@ namespace sscs.cache return true; } else - { - return false; + { + // try validation, if it fails, try decryption using the old method + baPasscode = CASACrypto.DecryptMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), true); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + // rewrite file + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, mPasswd, GetPasscodeByMasterPasswdFilePath()); + if (bIsStorePersistent == false) + { + lss = new LocalStorage(this, baPasscode); + bIsStorePersistent = true; + } + return true; + } + else + { + return false; + } } } else { //There are 2 cases - either desktop passwd has changed //or it hasnt. - baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(mPasswd, GetPasscodeByMasterPasswdFilePath()); + baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(mPasswd, GetPasscodeByMasterPasswdFilePath(), false); if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) { RewriteDesktopPasswdFile(baPasscode,desktopPasswd); @@ -398,7 +444,19 @@ namespace sscs.cache return true; } else - { + { + baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(mPasswd, GetPasscodeByMasterPasswdFilePath(), true); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + RewriteDesktopPasswdFile(baPasscode, desktopPasswd); + if (bIsStorePersistent == false) + { + lss = new LocalStorage(this, baPasscode); + bIsStorePersistent = true; + } + return true; + } + return false; } } @@ -429,11 +487,24 @@ namespace sscs.cache { try { - byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(oldDesktopPasswd, GetPasscodeByDesktopFilePath()); - if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath())) - { - return baPasscode; + byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(oldDesktopPasswd, GetPasscodeByDesktopFilePath(), false); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + return baPasscode; + } + else + { + // try old method + baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(oldDesktopPasswd, GetPasscodeByDesktopFilePath(), true); + if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath())) + { + // rewrite file now + CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, oldDesktopPasswd, GetPasscodeByDesktopFilePath()); + return baPasscode; + } + } + } catch(Exception e) { @@ -527,7 +598,7 @@ namespace sscs.cache throw e; } - CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " - Succefully added Keychain = "+ keychain.GetKey() + " length = "+ (keychain.GetKey()).Length); + CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " - Successfully added Keychain = "+ keychain.GetKey() + " length = "+ (keychain.GetKey()).Length); return true; } @@ -637,7 +708,7 @@ namespace sscs.cache internal bool ChangeMasterPassword(string sCurrentPWD, string sNewPWD) { string sMasterFilePath = GetPasscodeByMasterPasswdFilePath(); - byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(sCurrentPWD, sMasterFilePath); + byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(sCurrentPWD, sMasterFilePath, false); if (baPasscode != null) { CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, sNewPWD, sMasterFilePath); diff --git a/c_micasad/lss/CASACrypto.cs b/c_micasad/lss/CASACrypto.cs index c2f8a1b4..8f0008b1 100644 --- a/c_micasad/lss/CASACrypto.cs +++ b/c_micasad/lss/CASACrypto.cs @@ -39,19 +39,19 @@ namespace sscs.crypto private const int ITERATION_COUNT = 1000; private const int HASH_SIZE = 32; - internal static byte[] Generate16ByteKeyFromString(string sTheString) + internal static byte[] Generate16ByteKeyFromString(string sTheString, string sFilepath, bool bUseOldMethod) { byte[] baKey = new byte[16]; //return value try { - Rfc2898DeriveBytes pkcs5 = new Rfc2898DeriveBytes(sTheString, SALTSIZE, ITERATION_COUNT); + Rfc2898DeriveBytes pkcs5 = new Rfc2898DeriveBytes(sTheString, SALTSIZE, ITERATION_COUNT, bUseOldMethod); baKey = pkcs5.GetBytes(16); } catch(Exception e) - { + { CSSSLogger.ExpLog(e.ToString()); CSSSLogger.DbgLog("Key generation failed"); - baKey = null; + baKey = null; } return baKey; } @@ -68,7 +68,7 @@ namespace sscs.crypto //Get an encryptor. RijndaelManaged myRijndael = new RijndaelManaged(); ICryptoTransform encryptor; - encryptor = myRijndael.CreateEncryptor(baMasterPasscode, baMasterPasscode); + encryptor = myRijndael.CreateEncryptor(baMasterPasscode, GenerateAndSaveIV(fileName, myRijndael)); //Encrypt the data to a file fsEncrypt = new FileStream(fileName, FileMode.Create); @@ -126,7 +126,7 @@ namespace sscs.crypto */ RijndaelManaged myRijndael = new RijndaelManaged(); - ICryptoTransform decryptor = myRijndael.CreateDecryptor(baMasterPasscode, baMasterPasscode); + ICryptoTransform decryptor = myRijndael.CreateDecryptor(baMasterPasscode, RetrieveIV(fileName, baMasterPasscode)); //Now decrypt fsDecrypt = new FileStream(fileName, FileMode.Open); @@ -176,14 +176,10 @@ namespace sscs.crypto FileStream fsEncrypt = null; CryptoStream csEncrypt = null; try - { - byte[] IV = new byte[16]; - for(int z = 0 ; z < 16; z++ ) - IV[z] = key[z]; - + { //Get an encryptor. RijndaelManaged myRijndael = new RijndaelManaged(); - ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, IV); + ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, GenerateAndSaveIV(fileName, myRijndael)); //Encrypt the data to a file fsEncrypt = new FileStream(fileName, FileMode.Create); @@ -196,13 +192,24 @@ namespace sscs.crypto byte[] hash = sha.ComputeHash(xmlData); fsEncrypt.Write(hash,0,hash.Length); - fsEncrypt.Flush(); - + fsEncrypt.Flush(); + +#if CLEAR + byte[] dup = (byte[])xmlData.Clone(); + // write clear file + FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create); + fsClear.Write(dup, 0, dup.Length); + fsClear.Flush(); + fsClear.Close(); +#endif + + csEncrypt = new CryptoStream(fsEncrypt, encryptor, CryptoStreamMode.Write); //Write all data to the crypto stream and flush it. csEncrypt.Write(xmlData, 0, xmlData.Length); csEncrypt.FlushFinalBlock(); + } catch(Exception e) { @@ -228,7 +235,7 @@ namespace sscs.crypto //Get a decryptor that uses the same key and IV as the encryptor. RijndaelManaged myRijndael = new RijndaelManaged(); - ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, IV); + ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, RetrieveIV(fileName, key)); #if LINUX UnixFileInfo fsTest = new UnixFileInfo (fileName); if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink) @@ -248,8 +255,8 @@ namespace sscs.crypto if(fsDecrypt.Length < HASH_SIZE ) { csDecrypt.Close(); - fsDecrypt.Close(); - return null; + fsDecrypt.Close(); + return null; } ulong fileLen = (ulong)(fsDecrypt.Length - HASH_SIZE); @@ -273,15 +280,25 @@ namespace sscs.crypto fsDecrypt.Close(); return null; } - } + } + + try + { + csDecrypt.Close(); + } + catch { } + + try + { + fsDecrypt.Close(); + } + catch { } - csDecrypt.Close(); - fsDecrypt.Close(); return tmpEncrypt; } catch(Exception e) - { - Console.WriteLine(e.ToString()); + { + CSSSLogger.DbgLog(e.ToString()); } if (csDecrypt != null) { @@ -301,6 +318,7 @@ namespace sscs.crypto /* Encrypts the data with the key and returns the encrypted buffer. */ +/* internal static byte[] EncryptData(byte[] data, byte[] key) { @@ -329,10 +347,11 @@ namespace sscs.crypto return null; } +*/ /* Decrypts the buffer(encrypted) with the key and returns the * decrypted data. */ - +/* internal static byte[] DecryptData(byte[] buffer, byte[] key) { try @@ -356,7 +375,7 @@ namespace sscs.crypto } return null; } - +*/ /* This method checks if we can get the master passcode by * decrypting the passwds file ( where we store all possible * passwds cross-encrypted. @@ -373,7 +392,7 @@ namespace sscs.crypto internal static byte[] GetMasterPasscode(string desktopPasswd, string fileName) { - byte[] mp = DecryptMasterPasscodeUsingString(desktopPasswd, fileName); + byte[] mp = DecryptMasterPasscodeUsingString(desktopPasswd, fileName, false); return mp; } @@ -394,7 +413,7 @@ namespace sscs.crypto { if(File.Exists(fileName)) File.Delete(fileName); - byte[] baKey = Generate16ByteKeyFromString(passwd); + byte[] baKey = Generate16ByteKeyFromString(passwd, null, false); //Get an encryptor. @@ -434,61 +453,68 @@ namespace sscs.crypto } public static byte[] DecryptMasterPasscodeUsingString(string passwd, - string fileName) + string fileName, bool bTryOldMethod) { FileStream fsDecrypt = null; CryptoStream csDecrypt = null; - byte[] baSavedMasterPasscode = null; - try - { - byte[] baKey = Generate16ByteKeyFromString(passwd); - - /* Get a decryptor that uses the same key and - * IV as the encryptor. - */ - RijndaelManaged myRijndael = new RijndaelManaged(); - ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey, - baKey); - //Now decrypt + byte[] baSavedMasterPasscode = null; + + try + { + byte[] baKey = Generate16ByteKeyFromString(passwd, fileName, bTryOldMethod); + + /* Get a decryptor that uses the same key and + * IV as the encryptor. + */ + RijndaelManaged myRijndael = new RijndaelManaged(); + ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey, RetrieveIV(fileName, baKey)); + //Now decrypt #if LINUX UnixFileInfo fsTest = new UnixFileInfo (fileName); if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink) -#else - if(!File.Exists(fileName)) -#endif - { - return null; - } - - fsDecrypt = new FileStream(fileName, FileMode.Open); - csDecrypt = new CryptoStream(fsDecrypt, decryptor, - CryptoStreamMode.Read); - baSavedMasterPasscode = new byte[16]; - - //Read the data out of the crypto stream. - csDecrypt.Read(baSavedMasterPasscode, 0, 16); - } - catch(Exception e) - { - CSSSLogger.ExpLog(e.ToString()); - CSSSLogger.DbgLog("Unable to decrypt master passode"); - baSavedMasterPasscode = null; - } - +#else + if (!File.Exists(fileName)) +#endif + { + return null; + } + + fsDecrypt = new FileStream(fileName, FileMode.Open); + csDecrypt = new CryptoStream(fsDecrypt, decryptor, + CryptoStreamMode.Read); + baSavedMasterPasscode = new byte[16]; + + //Read the data out of the crypto stream. + csDecrypt.Read(baSavedMasterPasscode, 0, 16); + } + catch (Exception e) + { + CSSSLogger.ExpLog(e.ToString()); + CSSSLogger.DbgLog("Unable to decrypt master passode"); + baSavedMasterPasscode = null; + } + + + try + { + if (csDecrypt != null) + csDecrypt.Close(); + } + catch { } + + + if (fsDecrypt != null) + fsDecrypt.Close(); + - if (csDecrypt != null) - csDecrypt.Close(); - - if ( fsDecrypt != null ) - fsDecrypt.Close(); - return baSavedMasterPasscode; } internal static byte[] GetMasterPasscodeUsingMasterPasswd( string mPasswd, - string fileName) + string fileName, + bool bUseOldMethod) { byte[] baMasterPasscode; try @@ -498,8 +524,7 @@ namespace sscs.crypto /* Decrypt the passcode from the file using master passwd. * and return the decrypted passcode. */ - baMasterPasscode = DecryptMasterPasscodeUsingString(mPasswd, - fileName); + baMasterPasscode = DecryptMasterPasscodeUsingString(mPasswd, fileName, bUseOldMethod); return baMasterPasscode; } else @@ -515,7 +540,8 @@ namespace sscs.crypto internal static byte[] GetMasterPasscodeUsingDesktopPasswd( string desktopPasswd, - string fileName) + string fileName, + bool bUseOldMethod) { byte[] passcode; try @@ -526,7 +552,7 @@ namespace sscs.crypto * and return the decrypted passcode. */ passcode = DecryptMasterPasscodeUsingString(desktopPasswd, - fileName); + fileName, bUseOldMethod); return passcode; } @@ -581,7 +607,9 @@ namespace sscs.crypto /* Here we decrpyt a well known string, throw exception * if not successful * A well-known string is encrpyted by the Passcode and saved - */ + */ + + CSSSLogger.DbgLog("Validate called"); if ((baPasscode == null) || baPasscode.Length < 1 ) return false; @@ -593,11 +621,13 @@ namespace sscs.crypto char[] trimChars = {'\0'}; sString = sString.TrimEnd(trimChars); if( ConstStrings.MICASA_VALIDATION_STRING.Equals(sString)) - { + { + CSSSLogger.DbgLog("Passed"); return true; } else - { + { + CSSSLogger.DbgLog("Failed"); return false; } } @@ -607,7 +637,49 @@ namespace sscs.crypto CSSSLogger.DbgLog("Validation of passcode failed."); } return false; - } - + } + + + private static byte[] GenerateAndSaveIV(string sFileName, RijndaelManaged theRiManaged) + { + theRiManaged.GenerateIV(); + byte[] baIV = theRiManaged.IV; + + try + { + // now save this + FileStream fs = new FileStream(sFileName + ".IV", FileMode.Create); + fs.Write(baIV, 0, 16); + fs.Flush(); + fs.Close(); + + File.SetAttributes(sFileName + ".IV", FileAttributes.Hidden); + } + catch (Exception e) + { + CSSSLogger.DbgLog(e.ToString()); + } + + return baIV; + } + + private static byte[] RetrieveIV(string sFileName, byte[] baOrigValue) + { + + byte[] IV = new byte[16]; + // check for file existence + try + { + FileStream fs = new FileStream(sFileName + ".IV", FileMode.Open); + fs.Read(IV, 0, 16); + fs.Close(); + return IV; + } + catch (Exception e) + { + CSSSLogger.DbgLog(e.ToString()); + } + return (byte[])baOrigValue.Clone(); + } } } diff --git a/c_micasad/lss/FastRandom.cs b/c_micasad/lss/FastRandom.cs new file mode 100644 index 00000000..31a9b40a --- /dev/null +++ b/c_micasad/lss/FastRandom.cs @@ -0,0 +1,329 @@ +/*********************************************************************** + * + * Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, Novell, Inc. + * + * To contact Novell about this file by physical or electronic mail, + * you may find current contact information at www.novell.com. + * + ***********************************************************************/ +using System; +using System.Collections.Generic; +using System.Text; + +namespace sscs.lss +{ + /* + * Yes, if you want to go ahead and attach an LGPL header to the source + * file then that's fine. I hereby grant Novell Inc. permission to use the + * FastRandom.cs random number generator source code under the Lesser GNU + * Public Licesne (LGPL). + * + * Apr 19, 2006: received by jnorman@novell.com from Colin Green + * + * License also signed and sent to Novell on May 2, 2006. + */ + + /// + /// A fast random number generator for .NET + /// Colin Green, January 2005 + /// + /// September 4th 2005 + /// Added NextBytesUnsafe() - commented out by default. + /// Fixed bug in Reinitialise() - y,z and w variables were not being reset. + /// + /// Key points: + /// 1) Based on a simple and fast xor-shift pseudo random number generator (RNG) specified in: + /// Marsaglia, George. (2003). Xorshift RNGs. + /// http://www.jstatsoft.org/v08/i14/xorshift.pdf + /// + /// This particular implementation of xorshift has a period of 2^128-1. See the above paper to see + /// how this can be easily extened if you need a longer period. At the time of writing I could find no + /// information on the period of System.Random for comparison. + /// + /// 2) Faster than System.Random. Up to 15x faster, depending on which methods are called. + /// + /// 3) Direct replacement for System.Random. This class implements all of the methods that System.Random + /// does plus some additional methods. The like named methods are functionally equivalent. + /// + /// 4) Allows fast re-initialisation with a seed, unlike System.Random which accepts a seed at construction + /// time which then executes a relatively expensive initialisation routine. This provides a vast speed improvement + /// if you need to reset the pseudo-random number sequence many times, e.g. if you want to re-generate the same + /// sequence many times. An alternative might be to cache random numbers in an array, but that approach is limited + /// by memory capacity and the fact that you may also want a large number of different sequences cached. Each sequence + /// can each be represented by a single seed value (int) when using FastRandom. + /// + /// Notes. + /// A further performance improvement can be obtained by declaring local variables as static, thus avoiding + /// re-allocation of variables on each call. However care should be taken if multiple instances of + /// FastRandom are in use or if being used in a multi-threaded environment. + /// + /// + public class FastRandom + { + // The +1 ensures NextDouble doesn't generate 1.0 + const double REAL_UNIT_INT = 1.0 / ((double)int.MaxValue + 1.0); + const double REAL_UNIT_UINT = 1.0 / ((double)uint.MaxValue + 1.0); + const uint Y = 842502087, Z = 3579807591, W = 273326509; + + uint x, y, z, w; + + #region Constructors + + /// + /// Initialises a new instance using time dependent seed. + /// + public FastRandom() + { + // Initialise using the system tick count. + Reinitialise((int)Environment.TickCount); + } + + /// + /// Initialises a new instance using an int value as seed. + /// This constructor signature is provided to maintain compatibility with + /// System.Random + /// + public FastRandom(int seed) + { + Reinitialise(seed); + } + + #endregion + + #region Public Methods [Reinitialisation] + + /// + /// Reinitialises using an int value as a seed. + /// + /// + public void Reinitialise(int seed) + { + // The only stipulation stated for the xorshift RNG is that at least one of + // the seeds x,y,z,w is non-zero. We fulfill that requirement by only allowing + // resetting of the x seed + x = (uint)seed; + y = Y; + z = Z; + w = W; + } + + #endregion + + #region Public Methods [Next* methods] + + /// + /// Generates a uint. Values returned are over the full range of a uint, + /// uint.MinValue to uint.MaxValue, including the min and max values. + /// + /// + public uint NextUInt() + { + uint t = (x ^ (x << 11)); + x = y; y = z; z = w; + return (w = (w ^ (w >> 19)) ^ (t ^ (t >> 8))); + } + + /// + /// Generates a random int. Values returned are over the range 0 to int.MaxValue-1. + /// MaxValue is not generated to remain functionally equivalent to System.Random.Next(). + /// If you require an int from the full range, including negative values then call + /// NextUint() and cast the value to an int. + /// + /// + public int Next() + { + uint t = (x ^ (x << 11)); + x = y; y = z; z = w; + return (int)(0x7FFFFFFF & (w = (w ^ (w >> 19)) ^ (t ^ (t >> 8)))); + } + + /// + /// Generates a random int over the range 0 to upperBound-1, and not including upperBound. + /// + /// + /// + public int Next(int upperBound) + { + if (upperBound < 0) + throw new ArgumentOutOfRangeException("upperBound", upperBound, "upperBound must be >=0"); + + uint t = (x ^ (x << 11)); + x = y; y = z; z = w; + + // The explicit int cast before the first multiplication gives better performance. + // See comments in NextDouble. + return (int)((REAL_UNIT_INT * (int)(0x7FFFFFFF & (w = (w ^ (w >> 19)) ^ (t ^ (t >> 8))))) * upperBound); + } + + /// + /// Generates a random int over the range lowerBound to upperBound-1, and not including upperBound. + /// upperBound must be >= lowerBound. lowerBound may be negative. + /// + /// + /// + /// + public int Next(int lowerBound, int upperBound) + { + if (lowerBound > upperBound) + throw new ArgumentOutOfRangeException("upperBound", upperBound, "upperBound must be >=lowerBound"); + + uint t = (x ^ (x << 11)); + x = y; y = z; z = w; + + // The explicit int cast before the first multiplication gives better performance. + // See comments in NextDouble. + int range = upperBound - lowerBound; + if (range < 0) + { // If range is <0 then an overflow has occured and must resort to using long integer arithmetic instead (slower). + // We also must use all 32 bits of precision, instead of the normal 31, which again is slower. + return lowerBound + (int)((REAL_UNIT_UINT * (double)(w = (w ^ (w >> 19)) ^ (t ^ (t >> 8)))) * (double)((long)upperBound - (long)lowerBound)); + } + + // 31 bits of precision will suffice if range<=int.MaxValue. This allows us to cast to an int anf gain + // a little more performance. + return lowerBound + (int)((REAL_UNIT_INT * (double)(int)(0x7FFFFFFF & (w = (w ^ (w >> 19)) ^ (t ^ (t >> 8))))) * (double)range); + } + + /// + /// Generates a random double. Values returned are from 0.0 up to but not including 1.0. + /// + /// + public double NextDouble() + { + uint t = (x ^ (x << 11)); + x = y; y = z; z = w; + + // Here we can gain a 2x speed improvement by generating a value that can be cast to + // an int instead of the more easily available uint. If we then explicitly cast to an + // int the compiler will then cast the int to a double to perform the multiplication, + // this final cast is a lot faster than casting from a uint to a double. The extra cast + // to an int is very fast (the allocated bits remain the same) and so the overall effect + // of the extra cast is a significant performance improvement. + return (REAL_UNIT_INT * (int)(0x7FFFFFFF & (w = (w ^ (w >> 19)) ^ (t ^ (t >> 8))))); + } + + /// + /// Fills the provided byte array with random bytes. + /// Increased performance is achieved by dividing and packaging bits directly from the + /// random number generator and storing them in 4 byte 'chunks'. + /// + /// + public void NextBytes(byte[] buffer) + { + // Fill up the bulk of the buffer in chunks of 4 bytes at a time. + uint x = this.x, y = this.y, z = this.z, w = this.w; + int i = 0; + uint t; + for (; i < buffer.Length - 3; ) + { + // Generate 4 bytes. + t = (x ^ (x << 11)); + x = y; y = z; z = w; + w = (w ^ (w >> 19)) ^ (t ^ (t >> 8)); + + buffer[i++] = (byte)(w & 0x000000FF); + buffer[i++] = (byte)((w & 0x0000FF00) >> 8); + buffer[i++] = (byte)((w & 0x00FF0000) >> 16); + buffer[i++] = (byte)((w & 0xFF000000) >> 24); + } + + // Fill up any remaining bytes in the buffer. + if (i < buffer.Length) + { + // Generate 4 bytes. + t = (x ^ (x << 11)); + x = y; y = z; z = w; + w = (w ^ (w >> 19)) ^ (t ^ (t >> 8)); + + buffer[i++] = (byte)(w & 0x000000FF); + if (i < buffer.Length) + { + buffer[i++] = (byte)((w & 0x0000FF00) >> 8); + if (i < buffer.Length) + { + buffer[i++] = (byte)((w & 0x00FF0000) >> 16); + if (i < buffer.Length) + { + buffer[i] = (byte)((w & 0xFF000000) >> 24); + } + } + } + } + this.x = x; this.y = y; this.z = z; this.w = w; + } + + + // /// + // /// A version of NextBytes that uses a pointer to set 4 bytes of the byte buffer in one operation + // /// thus providing a nice speedup. Note that this requires the unsafe compilation flag to be specified + // /// and so is commented out by default. + // /// + // /// + // public unsafe void NextBytesUnsafe(byte[] buffer) + // { + // if(buffer.Length % 4 != 0) + // throw new ArgumentException("Buffer length must be divisible by 4", "buffer"); + // + // uint x=this.x, y=this.y, z=this.z, w=this.w; + // uint t; + // + // fixed(byte* pByte0 = buffer) + // { + // uint* pDWord = (uint*)pByte0; + // for(int i = 0, len = buffer.Length>>2; i < len; i++) + // { + // t=(x^(x<<11)); + // x=y; y=z; z=w; + // *pDWord++ = w = (w^(w>>19))^(t^(t>>8)); + // } + // } + // + // this.x=x; this.y=y; this.z=z; this.w=w; + // } + + // Buffer 32 bits in bitBuffer, return 1 at a time, keep track of how many have been returned + // with bitBufferIdx. + uint bitBuffer; + int bitBufferIdx = 32; + + /// + /// Generates random bool. + /// Increased performance is achieved by buffering 32 random bits for + /// future calls. Thus the random number generator is only invoked once + /// in every 32 calls. + /// + /// + public bool NextBool() + { + if (bitBufferIdx == 32) + { + // Generate 32 more bits. + uint t = (x ^ (x << 11)); + x = y; y = z; z = w; + bitBuffer = w = (w ^ (w >> 19)) ^ (t ^ (t >> 8)); + + // Reset the idx that tells us which bit to read next. + bitBufferIdx = 1; + return (bitBuffer & 0x1) == 1; + } + + bitBufferIdx++; + return ((bitBuffer >>= 1) & 0x1) == 1; + } + + #endregion + } +} diff --git a/c_micasad/lss/Rfc2898DeriveBytes.cs b/c_micasad/lss/Rfc2898DeriveBytes.cs index 63c87595..db674f5b 100644 --- a/c_micasad/lss/Rfc2898DeriveBytes.cs +++ b/c_micasad/lss/Rfc2898DeriveBytes.cs @@ -56,7 +56,7 @@ using System; using System.Text; using System.Security.Cryptography; -//using Mono.Security.Cryptography; +using sscs.lss; namespace sscs.crypto { @@ -103,26 +103,77 @@ namespace sscs.crypto { : this (password, saltSize, defaultIterations) { } - - public Rfc2898DeriveBytes (string password, int saltSize, int iterations) + + public Rfc2898DeriveBytes(string password, int saltSize, int iterations) + : this (password, saltSize, iterations, false) + { + } + + public Rfc2898DeriveBytes (string password, int saltSize, int iterations, bool bUseOldMethod) { if (password == null) throw new ArgumentNullException ("password"); if (saltSize < 0) throw new ArgumentOutOfRangeException ("invalid salt length"); - //Salt = KeyBuilder.Key (saltSize); - byte[] buffer = new byte[saltSize]; - Random rand = new Random(password.GetHashCode()); - rand.NextBytes(buffer); - Salt = buffer; + if (bUseOldMethod) + { + Salt = GenerateOldSalt(password, saltSize); + } + else + { + Salt = GenerateNewSalt(password, saltSize); + } IterationCount = iterations; _hmac = new HMACSHA1 (Encoding.UTF8.GetBytes (password)); } - // properties - public int IterationCount { + private static byte[] GenerateOldSalt(string password, int saltSize) + { + byte[] buffer = new byte[saltSize]; + Random rand = new Random(password.GetHashCode()); + rand.NextBytes(buffer); + return buffer; + } + + private static byte[] GenerateNewSalt(string password, int saltSize) + { + int j = 0; + byte[] buffer = new byte[saltSize]; + + // iterate thru each character, creating a new Random, + // getting 2 bytes from each, until our salt buffer is full. + for (int i = 0; i < password.Length; i++) + { + FastRandom ranNum = new FastRandom((password[i].ToString().GetHashCode()) * (j+1)); + + byte[] temp = new byte[2]; + ranNum.NextBytes(temp); + + for (int k = 0; k < temp.Length; k++) + { + buffer[j++] = temp[k]; + // get out if buffer is full + if (j >= saltSize) + { + return buffer; + } + } + + // reset i if at end of password + if ((i + 1) == password.Length) + { + i = 0; + } + } + + return buffer; + } + + // properties + public int IterationCount + { get { return _iteration; } set { if (value < 1)