Security Audit 4.1. Enhanced Persistence encryption salt generation
to be more random based on the password or master password used.
This commit is contained in:
Jim Norman
159
c_micasad/cache/SecretStore.cs
vendored
159
c_micasad/cache/SecretStore.cs
vendored
@@ -209,8 +209,9 @@ namespace sscs.cache
|
||||
}
|
||||
|
||||
}
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath());
|
||||
if(baPasscode != null)
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), false);
|
||||
//if(baPasscode != null)
|
||||
if (true)
|
||||
{
|
||||
if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath()))
|
||||
{
|
||||
@@ -219,9 +220,22 @@ namespace sscs.cache
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
lss = null;
|
||||
bIsStorePersistent = false; //till masterPasswd is verified
|
||||
{
|
||||
// try old encryption method
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true);
|
||||
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
||||
{
|
||||
// rewrite file using new encryption
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath());
|
||||
lss = new LocalStorage(this, baPasscode);
|
||||
bIsStorePersistent = true;
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
lss = null;
|
||||
bIsStorePersistent = false; //till masterPasswd is verified
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
@@ -283,7 +297,7 @@ namespace sscs.cache
|
||||
*/
|
||||
if(desktopPasswd != null)
|
||||
{
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath());
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), false);
|
||||
if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath()))
|
||||
{
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
|
||||
@@ -293,31 +307,48 @@ namespace sscs.cache
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
//Probably desktop passwd has changed.
|
||||
//But as even master passwd is being set only now,
|
||||
//the persistent store is lost.
|
||||
|
||||
baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd,GetPasscodeByMasterPasswdFilePath(),GetValidationFilePath(), user.UserIdentifier);
|
||||
if(baPasscode != null)
|
||||
{
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath());
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,desktopPasswd,GetPasscodeByDesktopFilePath());
|
||||
if(File.Exists(GetPersistenceFilePath()))
|
||||
{
|
||||
File.Delete(GetPersistenceFilePath());
|
||||
CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now.");
|
||||
}
|
||||
if( bIsStorePersistent == false )
|
||||
{
|
||||
lss = new LocalStorage(this,baPasscode);
|
||||
bIsStorePersistent = true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
{
|
||||
// try old method
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true);
|
||||
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
||||
{
|
||||
// rewrite file using new method
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath());
|
||||
|
||||
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
|
||||
baPasscode,
|
||||
mPasswd,
|
||||
GetPasscodeByMasterPasswdFilePath());
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
//Probably desktop passwd has changed.
|
||||
//But as even master passwd is being set only now,
|
||||
//the persistent store is lost.
|
||||
|
||||
baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), GetValidationFilePath(), user.UserIdentifier);
|
||||
if (baPasscode != null)
|
||||
{
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, mPasswd, GetPasscodeByMasterPasswdFilePath());
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath());
|
||||
if (File.Exists(GetPersistenceFilePath()))
|
||||
{
|
||||
File.Delete(GetPersistenceFilePath());
|
||||
CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now.");
|
||||
}
|
||||
if (bIsStorePersistent == false)
|
||||
{
|
||||
lss = new LocalStorage(this, baPasscode);
|
||||
bIsStorePersistent = true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
//return true;
|
||||
@@ -338,7 +369,6 @@ namespace sscs.cache
|
||||
CSSSLogger.DbgLog("Removing the persistent storeas its meaningless now. - Desktop passwd is not there and Master password is being set");
|
||||
}
|
||||
|
||||
|
||||
baPasscode = CASACrypto.GenerateMasterPasscodeUsingString(mPasswd,GetPasscodeByMasterPasswdFilePath(),GetValidationFilePath(), user.UserIdentifier);
|
||||
if(baPasscode != null)
|
||||
{
|
||||
@@ -368,9 +398,9 @@ namespace sscs.cache
|
||||
//If validation succeeds,start persistence.
|
||||
if(desktopPasswd == null)
|
||||
{
|
||||
baPasscode = CASACrypto.DecryptMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath());
|
||||
baPasscode = CASACrypto.DecryptMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), false);
|
||||
if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath()))
|
||||
{
|
||||
{
|
||||
if(bIsStorePersistent == false)
|
||||
{
|
||||
lss = new LocalStorage(this,baPasscode);
|
||||
@@ -379,14 +409,30 @@ namespace sscs.cache
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
{
|
||||
// try validation, if it fails, try decryption using the old method
|
||||
baPasscode = CASACrypto.DecryptMasterPasscodeUsingString(mPasswd, GetPasscodeByMasterPasswdFilePath(), true);
|
||||
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
||||
{
|
||||
// rewrite file
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, mPasswd, GetPasscodeByMasterPasswdFilePath());
|
||||
if (bIsStorePersistent == false)
|
||||
{
|
||||
lss = new LocalStorage(this, baPasscode);
|
||||
bIsStorePersistent = true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{ //There are 2 cases - either desktop passwd has changed
|
||||
//or it hasnt.
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(mPasswd, GetPasscodeByMasterPasswdFilePath());
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(mPasswd, GetPasscodeByMasterPasswdFilePath(), false);
|
||||
if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath()))
|
||||
{
|
||||
RewriteDesktopPasswdFile(baPasscode,desktopPasswd);
|
||||
@@ -398,7 +444,19 @@ namespace sscs.cache
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
{
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(mPasswd, GetPasscodeByMasterPasswdFilePath(), true);
|
||||
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
||||
{
|
||||
RewriteDesktopPasswdFile(baPasscode, desktopPasswd);
|
||||
if (bIsStorePersistent == false)
|
||||
{
|
||||
lss = new LocalStorage(this, baPasscode);
|
||||
bIsStorePersistent = true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -429,11 +487,24 @@ namespace sscs.cache
|
||||
{
|
||||
try
|
||||
{
|
||||
byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(oldDesktopPasswd, GetPasscodeByDesktopFilePath());
|
||||
if(CASACrypto.ValidatePasscode(baPasscode,GetValidationFilePath()))
|
||||
{
|
||||
return baPasscode;
|
||||
byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(oldDesktopPasswd, GetPasscodeByDesktopFilePath(), false);
|
||||
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
||||
{
|
||||
return baPasscode;
|
||||
}
|
||||
else
|
||||
{
|
||||
// try old method
|
||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(oldDesktopPasswd, GetPasscodeByDesktopFilePath(), true);
|
||||
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
||||
{
|
||||
// rewrite file now
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, oldDesktopPasswd, GetPasscodeByDesktopFilePath());
|
||||
return baPasscode;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
@@ -527,7 +598,7 @@ namespace sscs.cache
|
||||
throw e;
|
||||
}
|
||||
|
||||
CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " - Succefully added Keychain = "+ keychain.GetKey() + " length = "+ (keychain.GetKey()).Length);
|
||||
CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " - Successfully added Keychain = "+ keychain.GetKey() + " length = "+ (keychain.GetKey()).Length);
|
||||
|
||||
return true;
|
||||
}
|
||||
@@ -637,7 +708,7 @@ namespace sscs.cache
|
||||
internal bool ChangeMasterPassword(string sCurrentPWD, string sNewPWD)
|
||||
{
|
||||
string sMasterFilePath = GetPasscodeByMasterPasswdFilePath();
|
||||
byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(sCurrentPWD, sMasterFilePath);
|
||||
byte[] baPasscode = CASACrypto.GetMasterPasscodeUsingMasterPasswd(sCurrentPWD, sMasterFilePath, false);
|
||||
if (baPasscode != null)
|
||||
{
|
||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, sNewPWD, sMasterFilePath);
|
||||
|
||||
Reference in New Issue
Block a user