Use an IV on export files.
This commit is contained in:
parent
fd8c1be326
commit
dc951551e2
10
CASA/micasad/cache/SecretStore.cs
vendored
10
CASA/micasad/cache/SecretStore.cs
vendored
@ -1001,11 +1001,11 @@ namespace sscs.cache
|
||||
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
|
||||
}
|
||||
|
||||
internal byte[] GetSecrets(string sEncryptionString)
|
||||
internal byte[] GetSecrets(string sEncryptionString, ref byte[] baIV)
|
||||
{
|
||||
if (lss != null)
|
||||
{
|
||||
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null);
|
||||
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
|
||||
|
||||
byte[] baSecrets = ms.ToArray();
|
||||
|
||||
@ -1015,7 +1015,7 @@ namespace sscs.cache
|
||||
byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false);
|
||||
|
||||
// now encypt it.
|
||||
baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey);
|
||||
baSecrets = sscs.crypto.CASACrypto.EncryptData(baSecrets, baKey, ref baIV);
|
||||
}
|
||||
return baSecrets;
|
||||
}
|
||||
@ -1025,13 +1025,13 @@ namespace sscs.cache
|
||||
}
|
||||
}
|
||||
|
||||
internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString)
|
||||
internal void MergeXMLSecrets(byte[] encryptedXmlSecrets, string sEncryptionString, byte[] baIV)
|
||||
{
|
||||
if (sEncryptionString != null)
|
||||
{
|
||||
// decrypt the buffer using the string passed in.
|
||||
byte[] baKey = sscs.crypto.CASACrypto.Generate16ByteKeyFromString(sEncryptionString, null, false);
|
||||
byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey);
|
||||
byte[] baBuffer = sscs.crypto.CASACrypto.DecryptData(encryptedXmlSecrets, baKey, baIV);
|
||||
MergeXMLSecrets(baBuffer);
|
||||
}
|
||||
}
|
||||
|
@ -170,7 +170,7 @@ namespace sscs.crypto
|
||||
return baSavedKey;
|
||||
}
|
||||
|
||||
internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key)
|
||||
internal static byte[] DecryptData(byte[] encyptedXmlData, byte[] key, byte[] baIV)
|
||||
{
|
||||
CryptoStream csDecrypt = null;
|
||||
byte[] buffer = new byte[encyptedXmlData.Length];
|
||||
@ -180,7 +180,7 @@ namespace sscs.crypto
|
||||
{
|
||||
//Get an decryptor.
|
||||
RijndaelManaged myRijndael = new RijndaelManaged();
|
||||
ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, key);
|
||||
ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, baIV);
|
||||
csDecrypt = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);
|
||||
|
||||
//Read all data to the crypto stream and flush it.
|
||||
@ -197,7 +197,7 @@ namespace sscs.crypto
|
||||
return buffer;
|
||||
}
|
||||
|
||||
internal static byte[] EncryptData(byte[] xmlData, byte[] key)
|
||||
internal static byte[] EncryptData(byte[] xmlData, byte[] key, ref byte[] baIV)
|
||||
{
|
||||
CryptoStream csEncrypt = null;
|
||||
MemoryStream encryptedData = new MemoryStream();
|
||||
@ -205,7 +205,12 @@ namespace sscs.crypto
|
||||
{
|
||||
//Get an encryptor.
|
||||
RijndaelManaged myRijndael = new RijndaelManaged();
|
||||
ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, key);
|
||||
|
||||
// create IV
|
||||
myRijndael.GenerateIV();
|
||||
baIV = myRijndael.IV;
|
||||
|
||||
ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, baIV);
|
||||
|
||||
//csEncrypt = new CryptoStream(fsEncrypt, encryptor, CryptoStreamMode.Write);
|
||||
csEncrypt = new CryptoStream(encryptedData, encryptor, CryptoStreamMode.Write);
|
||||
|
@ -320,6 +320,7 @@ namespace sscs.verbs
|
||||
|
||||
private WrappedObject DoMergeXMLSecrets(SecretStore ssStore, WrappedObject wo)
|
||||
{
|
||||
byte[] baIV = new byte[16];
|
||||
ImportXMLSecrets addSecrets = (ImportXMLSecrets)wo.GetObject();
|
||||
string sMasterPassword = addSecrets.GetMasterPasssword();
|
||||
|
||||
@ -332,11 +333,23 @@ namespace sscs.verbs
|
||||
|
||||
// let's read it
|
||||
FileStream fs = new FileStream(sFilePath, FileMode.Open);
|
||||
baXMLSecrets = new byte[fs.Length];
|
||||
int iBytes = 0;
|
||||
|
||||
int iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length);
|
||||
fs.Flush();
|
||||
fs.Close();
|
||||
// if a master password was sent, read the first 16 bytes as IV.
|
||||
if (sMasterPassword != null)
|
||||
{
|
||||
baXMLSecrets = new byte[fs.Length - 16];
|
||||
iBytes = fs.Read(baIV, 0, 16);
|
||||
iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length - 16);
|
||||
}
|
||||
else
|
||||
{
|
||||
baXMLSecrets = new byte[fs.Length];
|
||||
iBytes = fs.Read(baXMLSecrets, 0, (int)fs.Length);
|
||||
}
|
||||
|
||||
fs.Flush();
|
||||
fs.Close();
|
||||
}
|
||||
}
|
||||
catch (Exception e)
|
||||
@ -354,7 +367,7 @@ namespace sscs.verbs
|
||||
if (sMasterPassword != null)
|
||||
{
|
||||
// decrypt secrets if possible
|
||||
ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword);
|
||||
ssStore.MergeXMLSecrets(baXMLSecrets, sMasterPassword, baIV);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -380,6 +393,7 @@ namespace sscs.verbs
|
||||
|
||||
private WrappedObject DoExportSecrets(SecretStore ssStore, WrappedObject wo, UserIdentifier userId)
|
||||
{
|
||||
byte[] baIV = null;
|
||||
ExportXMLSecrets secrets = (ExportXMLSecrets)wo.GetObject();
|
||||
|
||||
// validate masterpassword
|
||||
@ -397,12 +411,20 @@ namespace sscs.verbs
|
||||
string sEncrpyptionPassphrase = secrets.GetPassphrase();
|
||||
|
||||
// get all secrets
|
||||
byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase);
|
||||
byte[] baSecrets = ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV);
|
||||
string sFilePath = secrets.GetFilePath();
|
||||
if (sFilePath != null)
|
||||
{
|
||||
// write em out
|
||||
FileStream fs = new FileStream(sFilePath, FileMode.Create);
|
||||
|
||||
// if a IV was set, write it out.
|
||||
if (baIV != null)
|
||||
{
|
||||
fs.Write(baIV, 0, 16);
|
||||
}
|
||||
|
||||
// write the secrets now
|
||||
fs.Write(baSecrets, 0, baSecrets.Length);
|
||||
fs.Flush();
|
||||
fs.Close();
|
||||
@ -415,7 +437,7 @@ namespace sscs.verbs
|
||||
}
|
||||
else
|
||||
{
|
||||
wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase));
|
||||
wo.SetObject(ssStore.GetSecrets(sEncrpyptionPassphrase, ref baIV));
|
||||
}
|
||||
|
||||
wo.SetError(constants.RetCodes.SUCCESS, "");
|
||||
|
Loading…
Reference in New Issue
Block a user