From dc951551e2f960aad96ac71583e415ebba1ae790 Mon Sep 17 00:00:00 2001 From: Jim Norman Date: Mon, 13 Nov 2006 08:46:07 +0000 Subject: [PATCH] Use an IV on export files. --- CASA/micasad/cache/SecretStore.cs | 12 +++---- CASA/micasad/lss/CASACrypto.cs | 17 +++++---- CASA/micasad/verbs/ObjectSerialization.cs | 44 +++++++++++++++++------ 3 files changed, 50 insertions(+), 23 deletions(-) diff --git a/CASA/micasad/cache/SecretStore.cs b/CASA/micasad/cache/SecretStore.cs index d2c2a266..af9f1be6 100644 --- a/CASA/micasad/cache/SecretStore.cs +++ b/CASA/micasad/cache/SecretStore.cs @@ -1001,11 +1001,11 @@ namespace sscs.cache return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE; } - internal byte[] GetSecrets(string sEncryptionString) + internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV) { if (lss != null) - { - MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null); + { + MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, ConstStrings.SSCS_SESSION_KEY_CHAIN_ID); byte[] baSecrets = ms.ToArray(); @@ -1015,7 +1015,7 @@ namespace sscs.cache byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); // now encypt it. - baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey); + baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey, ref baIV); } return baSecrets; } @@ -1025,13 +1025,13 @@ namespace sscs.cache } } - internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString) + internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString, byte[] baIV) { if (sEncryptionString != null) { // decrypt the buffer using the string passed in. byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); - byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey); + byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey, baIV); MergeXMLSecrets(baBuffer); } } diff --git a/CASA/micasad/lss/CASACrypto.cs b/CASA/micasad/lss/CASACrypto.cs index 9284f62f..10453b63 100644 --- a/CASA/micasad/lss/CASACrypto.cs +++ b/CASA/micasad/lss/CASACrypto.cs @@ -170,7 +170,7 @@ namespace sscs.crypto return baSavedKey; } - internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key) + internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key, byte[] baIV) { CryptoStream csDecrypt = null; byte[] buffer = new byte[encyptedXmlData.Length]; @@ -179,8 +179,8 @@ namespace sscs.crypto try { //Get an decryptor. - RijndaelManaged myRijndael = new RijndaelManaged(); - ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, key); + RijndaelManaged myRijndael = new RijndaelManaged(); + ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, baIV); csDecrypt = new CryptoStream(ms, decryptor, CryptoStreamMode.Read); //Read all data to the crypto stream and flush it. @@ -197,15 +197,20 @@ namespace sscs.crypto return buffer; } - internal static byte[] EncryptData(byte[] xmlData, byte[] key) + internal static byte[] EncryptData(byte[] xmlData, byte[] key, ref byte[] baIV) { CryptoStream csEncrypt = null; MemoryStream encryptedData = new MemoryStream(); try { //Get an encryptor. - RijndaelManaged myRijndael = new RijndaelManaged(); - ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, key); + RijndaelManaged myRijndael = new RijndaelManaged(); + + // create IV + myRijndael.GenerateIV(); + baIV = myRijndael.IV; + + ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, baIV); //csEncrypt = new CryptoStream(fsEncrypt, encryptor, CryptoStreamMode.Write); csEncrypt = new CryptoStream(encryptedData, encryptor, CryptoStreamMode.Write); diff --git a/CASA/micasad/verbs/ObjectSerialization.cs b/CASA/micasad/verbs/ObjectSerialization.cs index af592200..3fa82f41 100644 --- a/CASA/micasad/verbs/ObjectSerialization.cs +++ b/CASA/micasad/verbs/ObjectSerialization.cs @@ -319,7 +319,8 @@ namespace sscs.verbs } private WrappedObject DoMergeXMLSecrets(SecretStore ssStore, WrappedObject wo) - { + { + byte[] baIV = new byte[16]; ImportXMLSecrets addSecrets = (ImportXMLSecrets)wo.GetObject(); string sMasterPassword = addSecrets.GetMasterPasssword(); @@ -331,12 +332,24 @@ namespace sscs.verbs { // let's read it - FileStream fs = new FileStream(sFilePath, FileMode.Open); - baXMLSecrets = new byte[fs.Length]; + FileStream fs = new FileStream(sFilePath, FileMode.Open); + int iBytes = 0; - int iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length); - fs.Flush(); - fs.Close(); + // if a master password was sent, read the first 16 bytes as IV. + if (sMasterPassword != null) + { + baXMLSecrets = new byte[fs.Length - 16]; + iBytes = fs.Read(baIV, 0, 16); + iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length - 16); + } + else + { + baXMLSecrets = new byte[fs.Length]; + iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length); + } + + fs.Flush(); + fs.Close(); } } catch (Exception e) @@ -354,7 +367,7 @@ namespace sscs.verbs if (sMasterPassword != null) { // decrypt secrets if possible - ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword); + ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword, baIV); } else { @@ -379,7 +392,8 @@ namespace sscs.verbs } private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId) - { + { + byte[] baIV = null; ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject(); // validate masterpassword @@ -397,13 +411,21 @@ namespace sscs.verbs string sEncrpyptionPassphrase = secrets.GetPassphrase(); // get all secrets - byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase); + byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV); string sFilePath = secrets.GetFilePath(); if (sFilePath != null) { // write em out FileStream fs = new FileStream(sFilePath, FileMode.Create); - fs.Write(baSecrets, 0, baSecrets.Length); + + // if a IV was set, write it out. + if (baIV != null) + { + fs.Write(baIV, 0, 16); + } + + // write the secrets now + fs.Write(baSecrets, 0, baSecrets.Length); fs.Flush(); fs.Close(); @@ -415,7 +437,7 @@ namespace sscs.verbs } else { - wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase)); + wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV)); } wo.SetError(constants.RetCodes.SUCCESS, "");