Use an IV on export files.

This commit is contained in:
Jim Norman 2006-11-13 08:46:07 +00:00
parent fd8c1be326
commit dc951551e2
3 changed files with 50 additions and 23 deletions

View File

@ -1001,11 +1001,11 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE; return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
} }
internal byte[] GetSecrets(string sEncryptionString) internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV)
{ {
if (lss != null) if (lss != null)
{ {
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null); MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
byte[] baSecrets = ms.ToArray(); byte[] baSecrets = ms.ToArray();
@ -1015,7 +1015,7 @@ namespace sscs.cache
byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false);
// now encypt it. // now encypt it.
baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey); baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey, ref baIV);
} }
return baSecrets; return baSecrets;
} }
@ -1025,13 +1025,13 @@ namespace sscs.cache
} }
} }
internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString) internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString, byte[] baIV)
{ {
if (sEncryptionString != null) if (sEncryptionString != null)
{ {
// decrypt the buffer using the string passed in. // decrypt the buffer using the string passed in.
byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false); byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false);
byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey); byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey, baIV);
MergeXMLSecrets(baBuffer); MergeXMLSecrets(baBuffer);
} }
} }

View File

@ -170,7 +170,7 @@ namespace sscs.crypto
return baSavedKey; return baSavedKey;
} }
internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key) internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key, byte[] baIV)
{ {
CryptoStream csDecrypt = null; CryptoStream csDecrypt = null;
byte[] buffer = new byte[encyptedXmlData.Length]; byte[] buffer = new byte[encyptedXmlData.Length];
@ -180,7 +180,7 @@ namespace sscs.crypto
{ {
//Get an decryptor. //Get an decryptor.
RijndaelManaged myRijndael = new RijndaelManaged(); RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, key); ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, baIV);
csDecrypt = new CryptoStream(ms, decryptor, CryptoStreamMode.Read); csDecrypt = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);
//Read all data to the crypto stream and flush it. //Read all data to the crypto stream and flush it.
@ -197,7 +197,7 @@ namespace sscs.crypto
return buffer; return buffer;
} }
internal static byte[] EncryptData(byte[] xmlData, byte[] key) internal static byte[] EncryptData(byte[] xmlData, byte[] key, ref byte[] baIV)
{ {
CryptoStream csEncrypt = null; CryptoStream csEncrypt = null;
MemoryStream encryptedData = new MemoryStream(); MemoryStream encryptedData = new MemoryStream();
@ -205,7 +205,12 @@ namespace sscs.crypto
{ {
//Get an encryptor. //Get an encryptor.
RijndaelManaged myRijndael = new RijndaelManaged(); RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, key);
// create IV
myRijndael.GenerateIV();
baIV = myRijndael.IV;
ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, baIV);
//csEncrypt = new CryptoStream(fsEncrypt, encryptor, CryptoStreamMode.Write); //csEncrypt = new CryptoStream(fsEncrypt, encryptor, CryptoStreamMode.Write);
csEncrypt = new CryptoStream(encryptedData, encryptor, CryptoStreamMode.Write); csEncrypt = new CryptoStream(encryptedData, encryptor, CryptoStreamMode.Write);

View File

@ -320,6 +320,7 @@ namespace sscs.verbs
private WrappedObject DoMergeXMLSecrets(SecretStore ssStore, WrappedObject wo) private WrappedObject DoMergeXMLSecrets(SecretStore ssStore, WrappedObject wo)
{ {
byte[] baIV = new byte[16];
ImportXMLSecrets addSecrets = (ImportXMLSecrets)wo.GetObject(); ImportXMLSecrets addSecrets = (ImportXMLSecrets)wo.GetObject();
string sMasterPassword = addSecrets.GetMasterPasssword(); string sMasterPassword = addSecrets.GetMasterPasssword();
@ -332,9 +333,21 @@ namespace sscs.verbs
// let's read it // let's read it
FileStream fs = new FileStream(sFilePath, FileMode.Open); FileStream fs = new FileStream(sFilePath, FileMode.Open);
baXMLSecrets = new byte[fs.Length]; int iBytes = 0;
// if a master password was sent, read the first 16 bytes as IV.
if (sMasterPassword != null)
{
baXMLSecrets = new byte[fs.Length - 16];
iBytes = fs.Read(baIV, 0, 16);
iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length - 16);
}
else
{
baXMLSecrets = new byte[fs.Length];
iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length);
}
int iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length);
fs.Flush(); fs.Flush();
fs.Close(); fs.Close();
} }
@ -354,7 +367,7 @@ namespace sscs.verbs
if (sMasterPassword != null) if (sMasterPassword != null)
{ {
// decrypt secrets if possible // decrypt secrets if possible
ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword); ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword, baIV);
} }
else else
{ {
@ -380,6 +393,7 @@ namespace sscs.verbs
private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId) private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId)
{ {
byte[] baIV = null;
ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject(); ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject();
// validate masterpassword // validate masterpassword
@ -397,12 +411,20 @@ namespace sscs.verbs
string sEncrpyptionPassphrase = secrets.GetPassphrase(); string sEncrpyptionPassphrase = secrets.GetPassphrase();
// get all secrets // get all secrets
byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase); byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV);
string sFilePath = secrets.GetFilePath(); string sFilePath = secrets.GetFilePath();
if (sFilePath != null) if (sFilePath != null)
{ {
// write em out // write em out
FileStream fs = new FileStream(sFilePath, FileMode.Create); FileStream fs = new FileStream(sFilePath, FileMode.Create);
// if a IV was set, write it out.
if (baIV != null)
{
fs.Write(baIV, 0, 16);
}
// write the secrets now
fs.Write(baSecrets, 0, baSecrets.Length); fs.Write(baSecrets, 0, baSecrets.Length);
fs.Flush(); fs.Flush();
fs.Close(); fs.Close();
@ -415,7 +437,7 @@ namespace sscs.verbs
} }
else else
{ {
wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase)); wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV));
} }
wo.SetError(constants.RetCodes.SUCCESS, ""); wo.SetError(constants.RetCodes.SUCCESS, "");