geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Support for storing and retrieving the services' secrets in CASA, so

Browse Source 
that the secrets can be retrieved during the system boot-up.
This commit is contained in:
Rajasekaran Nagarajan 2006-10-19 09:27:10 +00:00
parent 86515d118a
commit 879eaa39d6
11 changed files with 765 additions and 417 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CASA/configure.in
View File

@ -41,7 +41,7 @@ case $host_os in
;;
*)
AC_CHECK_PROG(CSC, csc, csc)
test -z "$CSC" && AC_CHECK_PROG(CSC, mcs, mcs)
test -z "$CSC" && AC_CHECK_PROG(CSC, gmcs, gmcs)
test -z "$CSC" && AC_MSG_ERROR([no acceptable C Sharp compiler found in \$PATH])
;;
@ -51,7 +51,7 @@ case $CSC in
#
# Mono-specific configuration
#
mcs)
gmcs)
CSC_EXEFLAG=/target:exe
CSC_LIBFLAG=/target:library
CSC_EXEFLAG=/target:exe

1
CASA/micasad/Makefile.am
View File

@ -126,6 +126,7 @@ CSFILES_CSC := $(subst /,$(SEP),$(CSFILES))
CS_FLAGS = -d:LINUX -nowarn:169
CS_RESOURCES =
CS_LIBS =Mono.Posix.dll \
System.Security.dll \
nunit.core.dll \
nunit.framework.dll \
nunit.extensions.dll \

142
CASA/micasad/cache/SecretStore.cs vendored
View File

@ -55,11 +55,15 @@ namespace sscs.cache
private static int STATE_LOCKED = 2;
private LocalStorage lss = null;
private LocalStorage slss = null; // For Server Secrets
bool bIsStorePersistent = false;
string m_persistenceDirectory = null;
private static string POLICY_DIRECTORY = "/home/.casa";
private MPFileWatcher mpWatcher = null;
bool bIsServerStorePersistent = false;
string m_persistenceDirectory = null;
private static string POLICY_DIRECTORY = "/home/.casa";
private MPFileWatcher mpWatcher = null;
private DateTime createTime;
public DateTime CreateTime
@ -175,10 +179,74 @@ namespace sscs.cache
catch
{
}
return false;
}
internal bool StartPersistenceOfServerSecretsBySystemKey()
{
// make sure we have a Persistence Directory
if (GetPersistenceDirectory() == null || GetPersistenceDirectory().Length < 1 || !Directory.Exists(GetPersistenceDirectory()))
{
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - No Persistence directory yet");
CSSSLogger.DbgLog("Directory: [" + GetPersistenceDirectory() + "]");
return false;
}
try
{
byte[] baPasscode;
/* Persistence could have started because the user
* could have set master password.
*/
if(slss != null && bIsServerStorePersistent == true)
{
CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " Server Secrets Store is already persistent");
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - Started");
return true;
}
if(!File.Exists(GetServerPasscodeBySystemKeyFilePath()))
{
/*
if (File.Exists(GetServerPasscodeByMasterPasswdFilePath()))
{
// wait for the user to start the Persistence by entering MP
return false;
}
*/
baPasscode = CASACrypto.GenerateServerMasterPasscode(
GetServerPasscodeBySystemKeyFilePath(),
GetServerValidationFilePath());
if( null == baPasscode )
{
return false;
}
if(!File.Exists(GetServerKeyFilePath()))
{
GenerateAndStoreEncryptionKey(baPasscode, GetServerKeyFilePath());
slss = new LocalStorage(this, baPasscode, true);
bIsServerStorePersistent = true;
return true;
}
}
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(GetServerPasscodeBySystemKeyFilePath());
if(CASACrypto.ValidatePasscode(baPasscode,GetServerValidationFilePath()))
{
slss = new LocalStorage(this, baPasscode, true);
bIsServerStorePersistent = true;
return true;
}
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
}
return false;
}
internal bool StartPersistenceByDesktopPasswd(string desktopPasswd)
{
CSSSLogger.DbgLog("StartPersistenceByDesktopPasswd - Called");
@ -246,7 +314,7 @@ namespace sscs.cache
if(!File.Exists(GetKeyFilePath()))
{
GenerateAndStoreEncryptionKey(baPasscode);
GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
lss = new LocalStorage(this,baPasscode);
bIsStorePersistent = true;
return true;
@ -286,7 +354,7 @@ namespace sscs.cache
return false;
}
internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode)
internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode, string fileName)
{
RijndaelManaged myRijndael = new RijndaelManaged();
byte[] key;
@ -297,9 +365,7 @@ namespace sscs.cache
myRijndael.GenerateKey();
key = myRijndael.Key;
CASACrypto.StoreKeySetUsingMasterPasscode(key,IV,
baPasscode,
GetKeyFilePath());
CASACrypto.StoreKeySetUsingMasterPasscode(key, IV, baPasscode, fileName);
}
catch (Exception e)
{
@ -308,7 +374,6 @@ namespace sscs.cache
return true;
}
internal bool SetMasterPassword(string mPasswdFromIDK)
{
try
@ -341,12 +406,17 @@ namespace sscs.cache
else
{
// try old method
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true);
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(
desktopPasswd,
GetPasscodeByDesktopFilePath(),
true);
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
{
// rewrite file using new method
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath());
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
baPasscode,
desktopPasswd,
GetPasscodeByDesktopFilePath());
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
baPasscode,
@ -406,7 +476,7 @@ namespace sscs.cache
{
if(!File.Exists(GetKeyFilePath()))
{
GenerateAndStoreEncryptionKey(baPasscode);
GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
}
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath());
@ -674,6 +744,8 @@ namespace sscs.cache
{
if (lss != null)
lss.PersistStoreWithDelay();
if (slss != null)
slss.PersistServerStoreWithDelay();
}
/* This function would need to do any storage/cleanup required
@ -682,7 +754,9 @@ namespace sscs.cache
internal bool CommitStore()
{
if(lss != null)
lss.PersistStore();
lss.PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
if(slss != null)
slss.PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
return true;
}
@ -724,6 +798,7 @@ namespace sscs.cache
{
return state;
}
internal int GetNumKeyChains()
{
return keyChainList.Count;
@ -824,7 +899,8 @@ namespace sscs.cache
// let's migrate the files if needed
string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName();
try {
try
{
if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0)
return sNewPath;
@ -846,7 +922,6 @@ namespace sscs.cache
}
return (sNewPath);
}
internal bool SetPeristenceDirectory(string sNewDirectory)
@ -866,7 +941,6 @@ namespace sscs.cache
}
return false;
}
internal string GetKeyFilePath()
@ -897,14 +971,42 @@ namespace sscs.cache
return persistDir + ConstStrings.MICASA_VALIDATION_FILE;
}
internal string GetServerKeyFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_KEY_FILE;
}
internal string GetServerPasscodeBySystemKeyFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE;
}
internal string GetServerPasscodeByMasterPasswdFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE;
}
internal string GetServerSecretsPersistenceFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_PERSISTENCE_FILE;
}
internal string GetServerValidationFilePath()
{
string persistDir = GetPersistenceDirectory();
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
}
internal byte[] GetSecrets(string sEncryptionString)
{
if (lss != null)
{
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this);
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null);
byte[] baSecrets = ms.ToArray();
// encrypt if an encryptionstring was passed

278
CASA/micasad/common/Constants.cs
View File

@ -21,133 +21,151 @@
***********************************************************************/
using System;
namespace sscs.constants
{
class IPCRetCodes
{
internal static int SSCS_REPLY_SUCCESS = 0;
internal static int SSCS_E_INVALID_MESSAGE = -1;
internal static int SSCS_E_VERSION_NOT_SUPPORTED = -2;
internal static int SSCS_E_SYSTEM_ERROR = -3;
internal static int SSCS_E_REPLY_NOT_AVAILABLE = -4;
internal static int SSCS_E_INVALID_KEYCHAIN = -5;
internal static int SSCS_E_INVALID_SECRETID = -6;
internal static int SSCS_E_KEYCHAIN_ALREADY_EXISTS = -7;
internal static int SSCS_E_MAX_KEYCHAINS_REACHED = -8;
internal static int SSCS_E_ADD_KEYCHAIN_FAILED = -9;
internal static int SSCS_E_NO_KEYCHAINS_EXIST = -10;
internal static int SSCS_E_KEYCHAIN_DOES_NOT_EXIST = -11;
internal static int SSCS_E_REMOVE_KEYCHAIN_FAILED = -12;
internal static int SSCS_E_WRITE_SECRET_FAILED = -13;
internal static int SSCS_E_ADDING_DEFAULT_KEYCHAIN_FAILED = -14;
internal static int SSCS_E_NO_SECRETS_EXIST = -15;
internal static int SSCS_E_REMOVE_SECRET_FAILED = -16;
internal static int SSCS_E_GET_SOCKET_PATH_FAILED = -17;
internal static int SSCS_E_CREATE_SOCKET_FAILED = -18;
internal static int SSCS_E_SECRETID_DOES_NOT_EXIST = -19;
internal static int SSCS_E_INVALID_INPUT = -20;
internal static int SSCS_E_SETTING_PASSCODE_FAILED = -21;
internal static int SSCS_PROMPT_PASSCODE = 1;
internal static int SSCS_STORE_IS_PERSISTENT = -22;
internal static int SSCS_STORE_IS_NOT_PERSISTENT = -23;
internal static int SSCS_SECRET_IS_PERSISTENT = -24;
internal static int SSCS_SECRET_IS_NOT_PERSISTENT = -25;
internal static int SSCS_SECRET_STORE_IS_LOCKED = -26;
}
internal class ReqMsgId
{
}
internal class RespMsgId
{
}
internal class RetCodes
{
internal static int SUCCESS = 0;
internal static int FAILURE = -1;
internal static int LOAD_HIDDEN_ONLY = 1;
internal static int LOAD_ALL_EXCEPT_HIDDEN = 2;
internal static int WRITE_HIDDEN_ONLY = 3;
internal static int WRITE_ALL_EXCEPT_HIDDEN = 4;
internal static int WRITE_ALL = 5;
}
internal class ConstStrings
{
internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID";
internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID";
internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID";
internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID";
internal static string SSCS_LOCAL_REMOTE_KEYCHAIN_ID = "SSCS_LOCAL_REMOTE_KEYCHAIN_ID";
//TBD , Need to look at Novell standard for the desktop
internal static string SSCS_WIN_ENGINELOG = "c:\\CSSS.log";
internal static string SSCS_WIN_DEBUGLOG = "c:\\CSSSDEBUG.log";
//TBD , Need to look at Novell standard for the desktop
internal static string SSCS_LINUX_ENGINELOG = "/var/log/localmessages";
internal static string SSCS_LINUX_DEBUGLOG = "/var/log/micasad_debug.log";
internal static string SSCS_LINUX_PIDFILE = "/var/run/micasad.pid";
internal static bool STATUS = true;
internal static bool DEBUG = false;
internal static string MICASA_DESKTOP_PASSWD = "SS_CredSet:Desktop\0";
// internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password\0";
internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password";
// The file where the key (encrypted with master passcode)
// would be stored
internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop";
internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd";
//The file where all possible passwds are cross encrypted and
//stored to provide multiple recovery points.
internal static string MICASA_KEY_FILE = "/.miCASAKey";
//The file where the user's credentials are persisted.
internal static string MICASA_PERSISTENCE_FILE = "/.miCASA";
//The file required to validate the desktop passwd
internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate";
internal static string MICASA_VALIDATION_STRING = "miCASAValidationString";
// these are used in the GUI too.
internal static string CONFIG_PERSISTENT_DIRECTORY = "PersistentDirectory";
internal static string CONFIG_PERSIST_SECRETS = "PersistSecrets";
internal static string CONFIG_DECRYPT_USING_DESKTOP_PASS = "DecryptUsingDesktopPassword";
}
internal class ConstFlags
{
internal static uint SSFLAGS_DESTROY_SESSION_F = 1;
}
internal class XmlConsts
{
internal static string miCASANode = "miCASA";
internal static string versionAttr = "version";
internal static string keyChainNode = "KeyChain";
internal static string idAttr = "id";
internal static string secretNode = "Secret";
internal static string valueNode = "Value";
internal static string timeNode = "Time";
internal static string createdTimeNode = "created";
internal static string modifiedTimeNode = "modified";
internal static string keyNode = "Key";
internal static string keyValueNode = "KeyValue";
internal static string linkedKeyNode = "LinkedKey";
internal static string linkedTargetSecretNode = "TargetSecret";
internal static string linkedTargetKeyNode = "TargetKey";
}
}
using System;
namespace sscs.constants
{
class IPCRetCodes
{
internal static int SSCS_REPLY_SUCCESS = 0;
internal static int SSCS_E_INVALID_MESSAGE = -1;
internal static int SSCS_E_VERSION_NOT_SUPPORTED = -2;
internal static int SSCS_E_SYSTEM_ERROR = -3;
internal static int SSCS_E_REPLY_NOT_AVAILABLE = -4;
internal static int SSCS_E_INVALID_KEYCHAIN = -5;
internal static int SSCS_E_INVALID_SECRETID = -6;
internal static int SSCS_E_KEYCHAIN_ALREADY_EXISTS = -7;
internal static int SSCS_E_MAX_KEYCHAINS_REACHED = -8;
internal static int SSCS_E_ADD_KEYCHAIN_FAILED = -9;
internal static int SSCS_E_NO_KEYCHAINS_EXIST = -10;
internal static int SSCS_E_KEYCHAIN_DOES_NOT_EXIST = -11;
internal static int SSCS_E_REMOVE_KEYCHAIN_FAILED = -12;
internal static int SSCS_E_WRITE_SECRET_FAILED = -13;
internal static int SSCS_E_ADDING_DEFAULT_KEYCHAIN_FAILED = -14;
internal static int SSCS_E_NO_SECRETS_EXIST = -15;
internal static int SSCS_E_REMOVE_SECRET_FAILED = -16;
internal static int SSCS_E_GET_SOCKET_PATH_FAILED = -17;
internal static int SSCS_E_CREATE_SOCKET_FAILED = -18;
internal static int SSCS_E_SECRETID_DOES_NOT_EXIST = -19;
internal static int SSCS_E_INVALID_INPUT = -20;
internal static int SSCS_E_SETTING_PASSCODE_FAILED = -21;
internal static int SSCS_PROMPT_PASSCODE = 1;
internal static int SSCS_STORE_IS_PERSISTENT = -22;
internal static int SSCS_STORE_IS_NOT_PERSISTENT = -23;
internal static int SSCS_SECRET_IS_PERSISTENT = -24;
internal static int SSCS_SECRET_IS_NOT_PERSISTENT = -25;
internal static int SSCS_SECRET_STORE_IS_LOCKED = -26;
}
internal class ReqMsgId
{
}
internal class RespMsgId
{
}
internal class RetCodes
{
internal static int SUCCESS = 0;
internal static int FAILURE = -1;
internal static int LOAD_HIDDEN_ONLY = 1;
internal static int LOAD_ALL_EXCEPT_HIDDEN = 2;
internal static int WRITE_HIDDEN_ONLY = 3;
internal static int WRITE_ALL_EXCEPT_HIDDEN = 4;
internal static int WRITE_ALL = 5;
}
internal class ConstStrings
{
internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID";
internal static string SSCS_SERVER_KEY_CHAIN_ID = "SSCS_SERVER_KEY_CHAIN_ID";
internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID";
internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID";
internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID";
internal static string SSCS_LOCAL_REMOTE_KEYCHAIN_ID = "SSCS_LOCAL_REMOTE_KEYCHAIN_ID";
//TBD , Need to look at Novell standard for the desktop
internal static string SSCS_WIN_ENGINELOG = "c:\\CSSS.log";
internal static string SSCS_WIN_DEBUGLOG = "c:\\CSSSDEBUG.log";
//TBD , Need to look at Novell standard for the desktop
internal static string SSCS_LINUX_ENGINELOG = "/var/log/localmessages";
internal static string SSCS_LINUX_DEBUGLOG = "/var/log/micasad_debug.log";
internal static string SSCS_LINUX_PIDFILE = "/var/run/micasad.pid";
internal static bool STATUS = true;
internal static bool DEBUG = false;
internal static string MICASA_DESKTOP_PASSWD = "SS_CredSet:Desktop\0";
// internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password\0";
internal static string MICASA_DESKTOP_PASSWD_KEYNAME = "Password";
// The file where the key (encrypted with master passcode)
// would be stored
internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop";
// The file where the passcode is stored encrypted with the system key.
// The system key here is the key used with the default key container
// for the user in Mono environment.
internal static string MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE = "/.miCASASrvPCBySysKey";
internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd";
// The passcode encrypted with the key derived from the masster password.
// The master password is the same as the one used with the user's application credentials.
internal static string MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASASrvPCByMPasswd";
//The file where all possible passwds are cross encrypted and
//stored to provide multiple recovery points.
internal static string MICASA_KEY_FILE = "/.miCASAKey";
internal static string MICASA_SERVER_KEY_FILE = "/.miCASASrvKey";
//The file where the user's credentials are persisted.
internal static string MICASA_PERSISTENCE_FILE = "/.miCASA";
//The file where the services' credentials are persisted.
internal static string MICASA_SERVER_PERSISTENCE_FILE = "/.miCASASrv";
//The file required to validate the desktop passwd
internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate";
//The file required to validate the passcode
internal static string MICASA_SERVER_VALIDATION_FILE = "/.miCASASrvValidate";
internal static string MICASA_VALIDATION_STRING = "miCASAValidationString";
// these are used in the GUI too.
internal static string CONFIG_PERSISTENT_DIRECTORY = "PersistentDirectory";
internal static string CONFIG_PERSIST_SECRETS = "PersistSecrets";
internal static string CONFIG_DECRYPT_USING_DESKTOP_PASS = "DecryptUsingDesktopPassword";
}
internal class ConstFlags
{
internal static uint SSFLAGS_DESTROY_SESSION_F = 1;
}
internal class XmlConsts
{
internal static string miCASANode = "miCASA";
internal static string versionAttr = "version";
internal static string keyChainNode = "KeyChain";
internal static string idAttr = "id";
internal static string secretNode = "Secret";
internal static string valueNode = "Value";
internal static string timeNode = "Time";
internal static string createdTimeNode = "created";
internal static string modifiedTimeNode = "modified";
internal static string keyNode = "Key";
internal static string keyValueNode = "KeyValue";
internal static string linkedKeyNode = "LinkedKey";
internal static string linkedTargetSecretNode = "TargetSecret";
internal static string linkedTargetKeyNode = "TargetKey";
}
}

1
CASA/micasad/common/SessionManager.cs
View File

@ -91,6 +91,7 @@ namespace sscs.common
ss = user.GetSecretStore();
ss.IncrRefCount();
ss.CreateTime = DateTime.Now;
ss.StartPersistenceOfServerSecretsBySystemKey();
return ss;
}
}

81
CASA/micasad/communication/IPCChannel.cs
View File

@ -20,43 +20,44 @@
*
***********************************************************************/
using System;
using System.Net;
using System.Net.Sockets;
#if W32
using AppModule.NamedPipes;
#endif
using sscs.common;
namespace sscs.communication
{
abstract class IPCChannel
{
/* This must check for the platform and return an
* appropriate IPCChannel.
*/
#if LINUX
internal static IPCChannel Create(Socket socket)
{
if(( (int)Environment.OSVersion.Platform) == 128)
return (new UnixIPCChannel(socket) );
else
return null;
}
#endif
#if W32
internal static IPCChannel Create(ServerPipeConnection serverPipe)
{
return (new WinIPCChannel(serverPipe));
}
#endif
abstract internal UserIdentifier GetIPCChannelUserId();
abstract internal int Read(byte[] buf);
abstract internal byte[] Read();
abstract internal int Write(byte[] buf);
abstract internal void Close();
}
}
using System;
using System.Net;
using System.Net.Sockets;
#if W32
using AppModule.NamedPipes;
#endif
using sscs.common;
namespace sscs.communication
{
abstract class IPCChannel
{
/* This must check for the platform and return an
* appropriate IPCChannel.
*/
#if LINUX
internal static IPCChannel Create(Socket socket)
{
int platform = (int)Environment.OSVersion.Platform;
if(( platform ==4 ) || ( platform == 128 ))
return (new UnixIPCChannel(socket) ) ;
else
return null;
}
#endif
#if W32
internal static IPCChannel Create(ServerPipeConnection serverPipe)
{
return (new WinIPCChannel(serverPipe));
}
#endif
abstract internal UserIdentifier GetIPCChannelUserId();
abstract internal int Read(byte[] buf);
abstract internal byte[] Read();
abstract internal int Write(byte[] buf);
abstract internal void Close();
}
}

338
CASA/micasad/lss/CASACrypto.cs
View File

@ -251,15 +251,15 @@ namespace sscs.crypto
byte[] hash = sha.ComputeHash(xmlData);
fsEncrypt.Write(hash,0,hash.Length);
fsEncrypt.Flush();
#if CLEAR
byte[] dup = (byte[])xmlData.Clone();
// write clear file
FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create);
fsClear.Write(dup, 0, dup.Length);
fsClear.Flush();
fsClear.Close();
fsEncrypt.Flush();
#if true//#if CLEAR //RAJ
byte[] dup = (byte[])xmlData.Clone();
// write clear file
FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create);
fsClear.Write(dup, 0, dup.Length);
fsClear.Flush();
fsClear.Close();
#endif
@ -343,24 +343,24 @@ namespace sscs.crypto
fsDecrypt.Close();
return null;
}
}
try
{
csDecrypt.Close();
}
catch { }
try
{
fsDecrypt.Close();
}
}
try
{
csDecrypt.Close();
}
catch { }
try
{
fsDecrypt.Close();
}
catch { }
return tmpEncrypt;
}
catch(Exception e)
{
{
CSSSLogger.DbgLog(e.ToString());
}
@ -533,55 +533,55 @@ namespace sscs.crypto
{
FileStream fsDecrypt = null;
CryptoStream csDecrypt = null;
byte[] baSavedMasterPasscode = null;
try
{
byte[] baKey = Generate16ByteKeyFromString(passwd, fileName, bTryOldMethod);
byte[] baSavedMasterPasscode = null;
try
{
byte[] baKey = Generate16ByteKeyFromString(passwd, fileName, bTryOldMethod);
/* Get a decryptor that uses the same key and
* IV as the encryptor.
*/
RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey, RetrieveIV(fileName, baKey));
//Now decrypt
*/
RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey, RetrieveIV(fileName, baKey));
//Now decrypt
#if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else
if (!File.Exists(fileName))
#endif
{
return null;
}
fsDecrypt = new FileStream(fileName, FileMode.Open);
csDecrypt = new CryptoStream(fsDecrypt, decryptor,
CryptoStreamMode.Read);
baSavedMasterPasscode = new byte[16];
//Read the data out of the crypto stream.
csDecrypt.Read(baSavedMasterPasscode, 0, 16);
}
catch (Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to decrypt master passode");
baSavedMasterPasscode = null;
}
try
{
if (csDecrypt != null)
csDecrypt.Close();
}
catch { }
if (fsDecrypt != null)
fsDecrypt.Close();
#else
if (!File.Exists(fileName))
#endif
{
return null;
}
fsDecrypt = new FileStream(fileName, FileMode.Open);
csDecrypt = new CryptoStream(fsDecrypt, decryptor,
CryptoStreamMode.Read);
baSavedMasterPasscode = new byte[16];
//Read the data out of the crypto stream.
csDecrypt.Read(baSavedMasterPasscode, 0, 16);
}
catch (Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to decrypt master passode");
baSavedMasterPasscode = null;
}
try
{
if (csDecrypt != null)
csDecrypt.Close();
}
catch { }
if (fsDecrypt != null)
fsDecrypt.Close();
return baSavedMasterPasscode;
@ -642,7 +642,49 @@ namespace sscs.crypto
}
return null;
}
//internal static string GenerateMasterPasscodeUsingDesktopPasswd(
internal static byte[] GetServerMasterPasscodeUsingMasterPasswd(
string mPasswd,
string fileName,
bool bUseOldMethod)
{
return GetMasterPasscodeUsingMasterPasswd ( mPasswd, fileName, bUseOldMethod);
}
internal static byte[] GetServerMasterPasscodeUsingSystemKey(string fileName)
{
byte[] baSavedMasterPasscode = null;
try
{
#if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else
if (!File.Exists(fileName))
#endif
{
return null;
}
FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
byte [] encryptedMasterPasscode = new byte[fs.Length];
fs.Read(encryptedMasterPasscode, 0, (int) fs.Length);
fs.Close();
baSavedMasterPasscode = new byte[16];
baSavedMasterPasscode = ProtectedData.Unprotect( encryptedMasterPasscode, null, DataProtectionScope.CurrentUser );
}
catch (CryptographicException e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to decrypt master passode using the system key");
baSavedMasterPasscode = null;
}
return baSavedMasterPasscode;
}
internal static byte[] GenerateMasterPasscodeUsingString(
string desktopPasswd,
string fileName,
@ -678,13 +720,49 @@ namespace sscs.crypto
return null;
}
internal static byte[] GenerateServerMasterPasscode(
string fileName,
string validationFile
)
{
byte[] baPasscode = null;
try
{
// use AES to generate a random 16 byte key;
RijndaelManaged myRijndael = new RijndaelManaged();
myRijndael.KeySize = 128;
//Create a new key and initialization vector.
myRijndael.GenerateKey();
baPasscode = myRijndael.Key;
byte [] encryptedMasterPasscode = ProtectedData.Protect( baPasscode, null, DataProtectionScope.CurrentUser );
FileStream fs = new FileStream(fileName, FileMode.Create);
File.SetAttributes(fileName, FileAttributes.Hidden);
fs.Write(encryptedMasterPasscode, 0, encryptedMasterPasscode.Length);
fs.Flush();
fs.Close();
EncryptDataAndWriteToFile(
Encoding.Default.GetBytes(ConstStrings.MICASA_VALIDATION_STRING),
baPasscode,
validationFile);
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Generation of master passcode failed.");
baPasscode = null;
}
return baPasscode;
}
public static bool ValidatePasscode(byte[] baPasscode, string fileName)
{
/* Here we decrpyt a well known string, throw exception
* if not successful
* A well-known string is encrpyted by the Passcode and saved
*/
*/
CSSSLogger.DbgLog("Validate called");
if ((baPasscode == null) || baPasscode.Length < 1 )
@ -697,12 +775,12 @@ namespace sscs.crypto
char[] trimChars = {'\0'};
sString = sString.TrimEnd(trimChars);
if( ConstStrings.MICASA_VALIDATION_STRING.Equals(sString))
{
{
CSSSLogger.DbgLog("Passed");
return true;
}
else
{
{
CSSSLogger.DbgLog("Failed");
return false;
}
@ -713,65 +791,65 @@ namespace sscs.crypto
CSSSLogger.DbgLog("Validation of passcode failed.");
}
return false;
}
private static byte[] GenerateAndSaveIV(string sFileName, RijndaelManaged theRiManaged)
{
theRiManaged.GenerateIV();
byte[] baIV = theRiManaged.IV;
try
{
if (File.Exists(sFileName + ".IV"))
File.Delete(sFileName + ".IV");
// now save this
FileStream fs = new FileStream(sFileName + ".IV", FileMode.Create);
fs.Write(baIV, 0, 16);
fs.Flush();
fs.Close();
File.SetAttributes(sFileName + ".IV", FileAttributes.Hidden);
}
catch (Exception e)
{
CSSSLogger.DbgLog(e.ToString());
}
return baIV;
}
private static byte[] RetrieveIV(string sFileName, byte[] baOrigValue)
{
byte[] IV = new byte[16];
// check for file existence
try
{
FileStream fs = new FileStream(sFileName + ".IV", FileMode.Open);
fs.Read(IV, 0, 16);
fs.Close();
return IV;
}
catch (Exception e)
{
CSSSLogger.DbgLog(e.ToString());
}
// original IV size was 16 bytes, copy that much
if (baOrigValue.Length == 16)
{
return (byte[])baOrigValue.Clone();
}
else
{
for (int i=0; i<16; i++)
{
IV[i] = baOrigValue[i];
}
return IV;
}
}
private static byte[] GenerateAndSaveIV(string sFileName, RijndaelManaged theRiManaged)
{
theRiManaged.GenerateIV();
byte[] baIV = theRiManaged.IV;
try
{
if (File.Exists(sFileName + ".IV"))
File.Delete(sFileName + ".IV");
// now save this
FileStream fs = new FileStream(sFileName + ".IV", FileMode.Create);
fs.Write(baIV, 0, 16);
fs.Flush();
fs.Close();
File.SetAttributes(sFileName + ".IV", FileAttributes.Hidden);
}
catch (Exception e)
{
CSSSLogger.DbgLog(e.ToString());
}
return baIV;
}
private static byte[] RetrieveIV(string sFileName, byte[] baOrigValue)
{
byte[] IV = new byte[16];
// check for file existence
try
{
FileStream fs = new FileStream(sFileName + ".IV", FileMode.Open);
fs.Read(IV, 0, 16);
fs.Close();
return IV;
}
catch (Exception e)
{
CSSSLogger.DbgLog(e.ToString());
}
// original IV size was 16 bytes, copy that much
if (baOrigValue.Length == 16)
{
return (byte[])baOrigValue.Clone();
}
else
{
for (int i=0; i<16; i++)
{
IV[i] = baOrigValue[i];
}
return IV;
}
}
private static void DumpIV(byte[] iv)

326
CASA/micasad/lss/LocalStorage.cs
View File

@ -65,21 +65,31 @@ namespace sscs.lss
private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30;
private Thread persistThread = null;
private Thread sPersistThread = null;
#if LINUX
Mono.Unix.UnixFileSystemInfo sockFileInfo;
Mono.Unix.UnixFileSystemInfo sockFileInfo;
Mono.Unix.UnixUserInfo sockFileOwner;
#endif
private static string LINUXID = "Unix";
internal LocalStorage(SecretStore store, byte[] baMasterPasscode, bool dummy) // Merge this with the next cons - RAJ
{
userStore = store;
m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
//userStore.DumpSecretstore();
}
internal LocalStorage(SecretStore store,byte[] baMasterPasscode)
{
userStore = store;
m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore();
LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
userStore.DumpSecretstore();
}
~LocalStorage()
{
if(persistThread != null)
@ -87,6 +97,12 @@ namespace sscs.lss
persistThread.Abort();
persistThread.Join();
}
if(sPersistThread != null)
{
sPersistThread.Abort();
sPersistThread.Join();
}
}
// allowing a user to choose the storage location is not approved yet
@ -95,7 +111,7 @@ namespace sscs.lss
{
userStore = store;
m_baGeneratedKey = baMasterPasscode;
LoadPersistentStore();
LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
userStore.DumpSecretstore();
}
@ -120,6 +136,15 @@ namespace sscs.lss
}
}
public void PersistServerStoreWithDelay()
{
if (sPersistThread == null)
{
sPersistThread = new Thread(new ThreadStart(PersistServerStoreDelayThreadFn));
sPersistThread.Start();
}
}
public bool StopPersistence()
{
if(persistThread != null)
@ -130,56 +155,133 @@ namespace sscs.lss
return true;
}
public bool IsOwnedByRoot(string fileName)
{
#if LINUX
sockFileInfo = new Mono.Unix.UnixFileInfo(fileName);
sockFileOwner = sockFileInfo.OwnerUser;
if(0==sockFileOwner.UserId)
return true;
else
return false;
#else
return true;
#endif
public bool StopServerPersistence()
{
if(sPersistThread != null)
{
sPersistThread.Abort();
sPersistThread.Join();
}
return true;
}
public bool IsOwnedByRoot(string fileName)
{
#if LINUX
sockFileInfo = new Mono.Unix.UnixFileInfo(fileName);
sockFileOwner = sockFileInfo.OwnerUser;
if(0==sockFileOwner.UserId)
return true;
else
return false;
#else
return true;
#endif
}
private string GetDecryptedServerSecretsXml()
{
try
{
string fileName = userStore.GetServerSecretsPersistenceFilePath();
string tempFile = fileName;
int count = 0;
if(!File.Exists(fileName))
{
while(true)
{
// check for tmp file
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Move(tempFile+".tmp", fileName);
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
return null;
}
// delete tmp file if there
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
}
byte[] baPasscode = null;
if (null != m_baGeneratedKey)
baPasscode = m_baGeneratedKey;
else
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(userStore.GetServerPasscodeBySystemKeyFilePath());
if( null == baPasscode )
return null;
byte[] key = CASACrypto.GetKeySetFromFile(baPasscode,userStore.GetServerKeyFilePath());
if( null == key )
return null;
byte[] decryptedBuffer = CASACrypto.ReadFileAndDecryptData(key,fileName);
if( null == decryptedBuffer )
return null;
string temp = Encoding.UTF8.GetString(decryptedBuffer, 0, decryptedBuffer.Length);
return temp;
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
CSSSLogger.DbgLog("Unable to get persistent store");
}
return null;
}
private string GetDecryptedXml()
{
try
{
string fileName = userStore.GetPersistenceFilePath();
string tempFile = fileName;
int count = 0;
if(!File.Exists(fileName))
{
while(true)
{
// check for tmp file
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Move(tempFile+".tmp", fileName);
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
return null;
}
// delete tmp file if there
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
string tempFile = fileName;
int count = 0;
if(!File.Exists(fileName))
{
while(true)
{
// check for tmp file
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Move(tempFile+".tmp", fileName);
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
return null;
}
// delete tmp file if there
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
}
@ -212,17 +314,23 @@ namespace sscs.lss
}
return null;
}
/* This method, uses the key to decrypt the persistent store
* and populates userStore with the persistent data.
*/
private bool LoadPersistentStore()
private bool LoadPersistentStore(string keyChainId)
{
try
{
string xpath = "";
//string xpath = "";
XmlDocument doc = new XmlDocument();
string xmlToLoad = GetDecryptedXml();
string xmlToLoad = null;
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
xmlToLoad = GetDecryptedXml();
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
xmlToLoad = GetDecryptedServerSecretsXml();
if(xmlToLoad != null)
{
doc.LoadXml(xmlToLoad);
@ -403,24 +511,40 @@ namespace sscs.lss
private void PersistStoreDelayThreadFn()
{
Thread.Sleep(15000);
PersistStore();
PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
persistThread = null;
}
private void PersistServerStoreDelayThreadFn()
{
Thread.Sleep(15000);
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
sPersistThread = null;
}
private void PersistStoreThreadFn()
{
while(true)
{
Thread.Sleep(persistThreadSleepTime);
PersistStore();
PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
}
}
private void PersistServerStoreThreadFn()
{
while(true)
{
Thread.Sleep(persistThreadSleepTime);
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
}
}
/* Persists the store to an xml file.
* TBD : Would we require any form of encoding?
*/
internal void PersistStore()
internal void PersistStore(string keyChainId)
{
string sPeristSecrets = null;
@ -434,53 +558,66 @@ namespace sscs.lss
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
{
// delete .miCASA file and .IV file
File.Delete(userStore.GetPersistenceFilePath());
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
File.Delete(userStore.GetPersistenceFilePath());
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
File.Delete(userStore.GetServerSecretsPersistenceFilePath());
return;
}
//userStore.DumpSecretstore();
try
{
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore);
//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath());
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore, keyChainId);
byte[] key = null;
string fileName = null;
string fileName = userStore.GetPersistenceFilePath();
string tempFile = fileName;
int count=0;
// rename existing file
if(File.Exists(fileName))
{
while(true)
{
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Delete(tempFile+".tmp");
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
break;
}
File.Move(fileName, tempFile+".tmp");
}
CASACrypto.EncryptDataAndWriteToFile(ms1.ToArray(),key,fileName);
//remove temp
if(File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
{
key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
fileName = userStore.GetPersistenceFilePath();
}
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
{
key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetServerKeyFilePath());
fileName = userStore.GetServerSecretsPersistenceFilePath();
}
string tempFile = fileName;
int count=0;
// rename existing file
if(File.Exists(fileName))
{
while(true)
{
if (File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Delete(tempFile+".tmp");
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
break;
}
File.Move(fileName, tempFile+".tmp");
}
CASACrypto.EncryptDataAndWriteToFile(ms1.ToArray(),key,fileName);
//remove temp
if(File.Exists(tempFile+".tmp"))
{
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
}
catch(Exception e)
{
@ -488,7 +625,7 @@ namespace sscs.lss
}
}
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore)
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore, string keyChainId)
{
try
{
@ -506,13 +643,16 @@ namespace sscs.lss
while( iter.MoveNext() )
{
KeyChain kc = (KeyChain)iter.Value;
writer.WriteStartElement(XmlConsts.keyChainNode);
string kcId = kc.GetKey();
tmpId = new char[kcId.Length-1];
for(int i = 0; i < kcId.Length-1; i++ )
tmpId[i] = kcId[i];
sTmpId = new string(tmpId);
if( ( keyChainId != null ) && ( keyChainId != sTmpId ))
continue;
writer.WriteStartElement(XmlConsts.keyChainNode);
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
// If we need to store time
writer.WriteStartElement(XmlConsts.timeNode);

1
CASA/micasad/startup/micasad
View File

@ -50,6 +50,7 @@ case "$1" in
if ! is_running; then \
echo -n "Starting miCASA daemon"
$MICASAD_BIN
sleep 2
fi
# Remember status and be verbose
rc_status -v

7
CASA/micasad/verbs/WriteKey.cs
View File

@ -165,6 +165,11 @@ namespace sscs.verbs
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked())
{
if((keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0") && (!ssStore.CheckIfKeyChainExists(keyChainId)))
{
ssStore.AddKeyChain(new KeyChain(keyChainId));
}
if( ssStore.CheckIfKeyChainExists(keyChainId) )
{
keyChain = ssStore.GetKeyChain(keyChainId);
@ -222,7 +227,7 @@ namespace sscs.verbs
}
}
else
{
{
retCode = IPCRetCodes.SSCS_SECRET_STORE_IS_LOCKED;
}

3
CASA/micasad/verbs/WriteSecret.cs
View File

@ -171,6 +171,7 @@ namespace sscs.verbs
ssStore.StartPersistenceByDesktopPasswd(passwd);
}
}
ssStore.UpdatePersistentStore();
}
else
{
@ -204,7 +205,7 @@ namespace sscs.verbs
}
}
else
{
{
retCode = IPCRetCodes.SSCS_SECRET_STORE_IS_LOCKED;
}
}