Use an IV on export files.

This commit is contained in:
Jim Norman 2006-11-13 08:46:07 +00:00
parent fd8c1be326
commit dc951551e2
3 changed files with 50 additions and 23 deletions

View File

@ -1001,11 +1001,11 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
}
internal byte[] GetSecrets(string sEncryptionString)
internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV)
{
if (lss != null)
{
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null);
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
byte[] baSecrets = ms.ToArray();
@ -1015,7 +1015,7 @@ namespace sscs.cache
byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false);
// now encypt it.
baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey);
baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey, ref baIV);
}
return baSecrets;
}
@ -1025,13 +1025,13 @@ namespace sscs.cache
}
}
internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString)
internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString, byte[] baIV)
{
if (sEncryptionString != null)
{
// decrypt the buffer using the string passed in.
byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false);
byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey);
byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey, baIV);
MergeXMLSecrets(baBuffer);
}
}

View File

@ -170,7 +170,7 @@ namespace sscs.crypto
return baSavedKey;
}
internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key)
internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key, byte[] baIV)
{
CryptoStream csDecrypt = null;
byte[] buffer = new byte[encyptedXmlData.Length];
@ -180,7 +180,7 @@ namespace sscs.crypto
{
//Get an decryptor.
RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, key);
ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, baIV);
csDecrypt = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);
//Read all data to the crypto stream and flush it.
@ -197,7 +197,7 @@ namespace sscs.crypto
return buffer;
}
internal static byte[] EncryptData(byte[] xmlData, byte[] key)
internal static byte[] EncryptData(byte[] xmlData, byte[] key, ref byte[] baIV)
{
CryptoStream csEncrypt = null;
MemoryStream encryptedData = new MemoryStream();
@ -205,7 +205,12 @@ namespace sscs.crypto
{
//Get an encryptor.
RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, key);
// create IV
myRijndael.GenerateIV();
baIV = myRijndael.IV;
ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, baIV);
//csEncrypt = new CryptoStream(fsEncrypt, encryptor, CryptoStreamMode.Write);
csEncrypt = new CryptoStream(encryptedData, encryptor, CryptoStreamMode.Write);

View File

@ -320,6 +320,7 @@ namespace sscs.verbs
private WrappedObject DoMergeXMLSecrets(SecretStore ssStore, WrappedObject wo)
{
byte[] baIV = new byte[16];
ImportXMLSecrets addSecrets = (ImportXMLSecrets)wo.GetObject();
string sMasterPassword = addSecrets.GetMasterPasssword();
@ -332,11 +333,23 @@ namespace sscs.verbs
// let's read it
FileStream fs = new FileStream(sFilePath, FileMode.Open);
baXMLSecrets = new byte[fs.Length];
int iBytes = 0;
int iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length);
fs.Flush();
fs.Close();
// if a master password was sent, read the first 16 bytes as IV.
if (sMasterPassword != null)
{
baXMLSecrets = new byte[fs.Length - 16];
iBytes = fs.Read(baIV, 0, 16);
iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length - 16);
}
else
{
baXMLSecrets = new byte[fs.Length];
iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length);
}
fs.Flush();
fs.Close();
}
}
catch (Exception e)
@ -354,7 +367,7 @@ namespace sscs.verbs
if (sMasterPassword != null)
{
// decrypt secrets if possible
ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword);
ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword, baIV);
}
else
{
@ -380,6 +393,7 @@ namespace sscs.verbs
private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId)
{
byte[] baIV = null;
ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject();
// validate masterpassword
@ -397,12 +411,20 @@ namespace sscs.verbs
string sEncrpyptionPassphrase = secrets.GetPassphrase();
// get all secrets
byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase);
byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV);
string sFilePath = secrets.GetFilePath();
if (sFilePath != null)
{
// write em out
FileStream fs = new FileStream(sFilePath, FileMode.Create);
// if a IV was set, write it out.
if (baIV != null)
{
fs.Write(baIV, 0, 16);
}
// write the secrets now
fs.Write(baSecrets, 0, baSecrets.Length);
fs.Flush();
fs.Close();
@ -415,7 +437,7 @@ namespace sscs.verbs
}
else
{
wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase));
wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV));
}
wo.SetError(constants.RetCodes.SUCCESS, "");