- Support for storing and retrieving the services' secrets in CASA, so
that the secrets can be retrieved during the system boot-up.
This commit is contained in:
Rajasekaran Nagarajan
parent
86515d118a
commit
879eaa39d6
@ -41,7 +41,7 @@ case $host_os in
|
|||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
AC_CHECK_PROG(CSC, csc, csc)
|
AC_CHECK_PROG(CSC, csc, csc)
|
||||||
test -z "$CSC" && AC_CHECK_PROG(CSC, mcs, mcs)
|
test -z "$CSC" && AC_CHECK_PROG(CSC, gmcs, gmcs)
|
||||||
test -z "$CSC" && AC_MSG_ERROR([no acceptable C Sharp compiler found in \$PATH])
|
test -z "$CSC" && AC_MSG_ERROR([no acceptable C Sharp compiler found in \$PATH])
|
||||||
|
|
||||||
;;
|
;;
|
||||||
@ -51,7 +51,7 @@ case $CSC in
|
|||||||
#
|
#
|
||||||
# Mono-specific configuration
|
# Mono-specific configuration
|
||||||
#
|
#
|
||||||
mcs)
|
gmcs)
|
||||||
CSC_EXEFLAG=/target:exe
|
CSC_EXEFLAG=/target:exe
|
||||||
CSC_LIBFLAG=/target:library
|
CSC_LIBFLAG=/target:library
|
||||||
CSC_EXEFLAG=/target:exe
|
CSC_EXEFLAG=/target:exe
|
||||||
|
|||||||
@ -126,6 +126,7 @@ CSFILES_CSC := $(subst /,$(SEP),$(CSFILES))
|
|||||||
CS_FLAGS = -d:LINUX -nowarn:169
|
CS_FLAGS = -d:LINUX -nowarn:169
|
||||||
CS_RESOURCES =
|
CS_RESOURCES =
|
||||||
CS_LIBS =Mono.Posix.dll \
|
CS_LIBS =Mono.Posix.dll \
|
||||||
|
System.Security.dll \
|
||||||
nunit.core.dll \
|
nunit.core.dll \
|
||||||
nunit.framework.dll \
|
nunit.framework.dll \
|
||||||
nunit.extensions.dll \
|
nunit.extensions.dll \
|
||||||
|
|||||||
132
CASA/micasad/cache/SecretStore.cs
vendored
132
CASA/micasad/cache/SecretStore.cs
vendored
@ -55,7 +55,11 @@ namespace sscs.cache
|
|||||||
private static int STATE_LOCKED = 2;
|
private static int STATE_LOCKED = 2;
|
||||||
|
|
||||||
private LocalStorage lss = null;
|
private LocalStorage lss = null;
|
||||||
|
private LocalStorage slss = null; // For Server Secrets
|
||||||
|
|
||||||
bool bIsStorePersistent = false;
|
bool bIsStorePersistent = false;
|
||||||
|
bool bIsServerStorePersistent = false;
|
||||||
|
|
||||||
string m_persistenceDirectory = null;
|
string m_persistenceDirectory = null;
|
||||||
private static string POLICY_DIRECTORY = "/home/.casa";
|
private static string POLICY_DIRECTORY = "/home/.casa";
|
||||||
|
|
||||||
@ -175,7 +179,71 @@ namespace sscs.cache
|
|||||||
catch
|
catch
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
internal bool StartPersistenceOfServerSecretsBySystemKey()
|
||||||
|
{
|
||||||
|
// make sure we have a Persistence Directory
|
||||||
|
if (GetPersistenceDirectory() == null || GetPersistenceDirectory().Length < 1 || !Directory.Exists(GetPersistenceDirectory()))
|
||||||
|
{
|
||||||
|
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - No Persistence directory yet");
|
||||||
|
CSSSLogger.DbgLog("Directory: [" + GetPersistenceDirectory() + "]");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
byte[] baPasscode;
|
||||||
|
/* Persistence could have started because the user
|
||||||
|
* could have set master password.
|
||||||
|
*/
|
||||||
|
if(slss != null && bIsServerStorePersistent == true)
|
||||||
|
{
|
||||||
|
CSSSLogger.DbgLog(CSSSLogger.GetExecutionPath(this) + " Server Secrets Store is already persistent");
|
||||||
|
CSSSLogger.DbgLog("StartPersistenceOfServerSecretsBySystemKey - Started");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!File.Exists(GetServerPasscodeBySystemKeyFilePath()))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
if (File.Exists(GetServerPasscodeByMasterPasswdFilePath()))
|
||||||
|
{
|
||||||
|
// wait for the user to start the Persistence by entering MP
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
baPasscode = CASACrypto.GenerateServerMasterPasscode(
|
||||||
|
GetServerPasscodeBySystemKeyFilePath(),
|
||||||
|
GetServerValidationFilePath());
|
||||||
|
|
||||||
|
if( null == baPasscode )
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!File.Exists(GetServerKeyFilePath()))
|
||||||
|
{
|
||||||
|
GenerateAndStoreEncryptionKey(baPasscode, GetServerKeyFilePath());
|
||||||
|
slss = new LocalStorage(this, baPasscode, true);
|
||||||
|
bIsServerStorePersistent = true;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(GetServerPasscodeBySystemKeyFilePath());
|
||||||
|
if(CASACrypto.ValidatePasscode(baPasscode,GetServerValidationFilePath()))
|
||||||
|
{
|
||||||
|
slss = new LocalStorage(this, baPasscode, true);
|
||||||
|
bIsServerStorePersistent = true;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch(Exception e)
|
||||||
|
{
|
||||||
|
CSSSLogger.ExpLog(e.ToString());
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -246,7 +314,7 @@ namespace sscs.cache
|
|||||||
|
|
||||||
if(!File.Exists(GetKeyFilePath()))
|
if(!File.Exists(GetKeyFilePath()))
|
||||||
{
|
{
|
||||||
GenerateAndStoreEncryptionKey(baPasscode);
|
GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
|
||||||
lss = new LocalStorage(this,baPasscode);
|
lss = new LocalStorage(this,baPasscode);
|
||||||
bIsStorePersistent = true;
|
bIsStorePersistent = true;
|
||||||
return true;
|
return true;
|
||||||
@ -286,7 +354,7 @@ namespace sscs.cache
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode)
|
internal bool GenerateAndStoreEncryptionKey(byte[] baPasscode, string fileName)
|
||||||
{
|
{
|
||||||
RijndaelManaged myRijndael = new RijndaelManaged();
|
RijndaelManaged myRijndael = new RijndaelManaged();
|
||||||
byte[] key;
|
byte[] key;
|
||||||
@ -297,9 +365,7 @@ namespace sscs.cache
|
|||||||
myRijndael.GenerateKey();
|
myRijndael.GenerateKey();
|
||||||
key = myRijndael.Key;
|
key = myRijndael.Key;
|
||||||
|
|
||||||
CASACrypto.StoreKeySetUsingMasterPasscode(key,IV,
|
CASACrypto.StoreKeySetUsingMasterPasscode(key, IV, baPasscode, fileName);
|
||||||
baPasscode,
|
|
||||||
GetKeyFilePath());
|
|
||||||
}
|
}
|
||||||
catch (Exception e)
|
catch (Exception e)
|
||||||
{
|
{
|
||||||
@ -308,7 +374,6 @@ namespace sscs.cache
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
internal bool SetMasterPassword(string mPasswdFromIDK)
|
internal bool SetMasterPassword(string mPasswdFromIDK)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -341,12 +406,17 @@ namespace sscs.cache
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
// try old method
|
// try old method
|
||||||
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(desktopPasswd, GetPasscodeByDesktopFilePath(), true);
|
baPasscode = CASACrypto.GetMasterPasscodeUsingDesktopPasswd(
|
||||||
|
desktopPasswd,
|
||||||
|
GetPasscodeByDesktopFilePath(),
|
||||||
|
true);
|
||||||
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
if (CASACrypto.ValidatePasscode(baPasscode, GetValidationFilePath()))
|
||||||
{
|
{
|
||||||
// rewrite file using new method
|
// rewrite file using new method
|
||||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode, desktopPasswd, GetPasscodeByDesktopFilePath());
|
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
|
||||||
|
baPasscode,
|
||||||
|
desktopPasswd,
|
||||||
|
GetPasscodeByDesktopFilePath());
|
||||||
|
|
||||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
|
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(
|
||||||
baPasscode,
|
baPasscode,
|
||||||
@ -406,7 +476,7 @@ namespace sscs.cache
|
|||||||
{
|
{
|
||||||
if(!File.Exists(GetKeyFilePath()))
|
if(!File.Exists(GetKeyFilePath()))
|
||||||
{
|
{
|
||||||
GenerateAndStoreEncryptionKey(baPasscode);
|
GenerateAndStoreEncryptionKey(baPasscode, GetKeyFilePath());
|
||||||
}
|
}
|
||||||
|
|
||||||
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath());
|
CASACrypto.EncryptAndStoreMasterPasscodeUsingString(baPasscode,mPasswd,GetPasscodeByMasterPasswdFilePath());
|
||||||
@ -674,6 +744,8 @@ namespace sscs.cache
|
|||||||
{
|
{
|
||||||
if (lss != null)
|
if (lss != null)
|
||||||
lss.PersistStoreWithDelay();
|
lss.PersistStoreWithDelay();
|
||||||
|
if (slss != null)
|
||||||
|
slss.PersistServerStoreWithDelay();
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This function would need to do any storage/cleanup required
|
/* This function would need to do any storage/cleanup required
|
||||||
@ -682,7 +754,9 @@ namespace sscs.cache
|
|||||||
internal bool CommitStore()
|
internal bool CommitStore()
|
||||||
{
|
{
|
||||||
if(lss != null)
|
if(lss != null)
|
||||||
lss.PersistStore();
|
lss.PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
|
||||||
|
if(slss != null)
|
||||||
|
slss.PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -724,6 +798,7 @@ namespace sscs.cache
|
|||||||
{
|
{
|
||||||
return state;
|
return state;
|
||||||
}
|
}
|
||||||
|
|
||||||
internal int GetNumKeyChains()
|
internal int GetNumKeyChains()
|
||||||
{
|
{
|
||||||
return keyChainList.Count;
|
return keyChainList.Count;
|
||||||
@ -824,7 +899,8 @@ namespace sscs.cache
|
|||||||
// let's migrate the files if needed
|
// let's migrate the files if needed
|
||||||
string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName();
|
string sNewPath = POLICY_DIRECTORY + "/" + user.GetUserName();
|
||||||
|
|
||||||
try {
|
try
|
||||||
|
{
|
||||||
if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0)
|
if (Directory.GetFiles(sNewPath, ".miCASA*").Length > 0)
|
||||||
return sNewPath;
|
return sNewPath;
|
||||||
|
|
||||||
@ -846,7 +922,6 @@ namespace sscs.cache
|
|||||||
}
|
}
|
||||||
|
|
||||||
return (sNewPath);
|
return (sNewPath);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
internal bool SetPeristenceDirectory(string sNewDirectory)
|
internal bool SetPeristenceDirectory(string sNewDirectory)
|
||||||
@ -866,7 +941,6 @@ namespace sscs.cache
|
|||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
internal string GetKeyFilePath()
|
internal string GetKeyFilePath()
|
||||||
@ -897,14 +971,42 @@ namespace sscs.cache
|
|||||||
return persistDir + ConstStrings.MICASA_VALIDATION_FILE;
|
return persistDir + ConstStrings.MICASA_VALIDATION_FILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
internal string GetServerKeyFilePath()
|
||||||
|
{
|
||||||
|
string persistDir = GetPersistenceDirectory();
|
||||||
|
return persistDir + ConstStrings.MICASA_SERVER_KEY_FILE;
|
||||||
|
}
|
||||||
|
|
||||||
|
internal string GetServerPasscodeBySystemKeyFilePath()
|
||||||
|
{
|
||||||
|
string persistDir = GetPersistenceDirectory();
|
||||||
|
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE;
|
||||||
|
}
|
||||||
|
|
||||||
|
internal string GetServerPasscodeByMasterPasswdFilePath()
|
||||||
|
{
|
||||||
|
string persistDir = GetPersistenceDirectory();
|
||||||
|
return persistDir + ConstStrings.MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE;
|
||||||
|
}
|
||||||
|
|
||||||
|
internal string GetServerSecretsPersistenceFilePath()
|
||||||
|
{
|
||||||
|
string persistDir = GetPersistenceDirectory();
|
||||||
|
return persistDir + ConstStrings.MICASA_SERVER_PERSISTENCE_FILE;
|
||||||
|
}
|
||||||
|
|
||||||
|
internal string GetServerValidationFilePath()
|
||||||
|
{
|
||||||
|
string persistDir = GetPersistenceDirectory();
|
||||||
|
return persistDir + ConstStrings.MICASA_SERVER_VALIDATION_FILE;
|
||||||
|
}
|
||||||
|
|
||||||
internal byte[] GetSecrets(string sEncryptionString)
|
internal byte[] GetSecrets(string sEncryptionString)
|
||||||
{
|
{
|
||||||
if (lss != null)
|
if (lss != null)
|
||||||
{
|
{
|
||||||
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this);
|
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this, null);
|
||||||
|
|
||||||
byte[] baSecrets = ms.ToArray();
|
byte[] baSecrets = ms.ToArray();
|
||||||
|
|
||||||
// encrypt if an encryptionstring was passed
|
// encrypt if an encryptionstring was passed
|
||||||
|
|||||||
@ -79,6 +79,7 @@ namespace sscs.constants
|
|||||||
internal class ConstStrings
|
internal class ConstStrings
|
||||||
{
|
{
|
||||||
internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID";
|
internal static string SSCS_SESSION_KEY_CHAIN_ID = "SSCS_SESSION_KEY_CHAIN_ID";
|
||||||
|
internal static string SSCS_SERVER_KEY_CHAIN_ID = "SSCS_SERVER_KEY_CHAIN_ID";
|
||||||
internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID";
|
internal static string SSCS_LOCAL_KEY_CHAIN_ID = "SSCS_LOCAL_KEY_CHAIN_ID";
|
||||||
internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID";
|
internal static string SSCS_HIDDEN_LOCAL_KEYCHAIN_ID = "SSCS_HIDDEN_LOCAL_KEYCHAIN_ID";
|
||||||
internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID";
|
internal static string SSCS_REMOTE_KEYCHAIN_ID = "SSCS_REMOTE_KEYCHAIN_ID";
|
||||||
@ -106,18 +107,35 @@ namespace sscs.constants
|
|||||||
// would be stored
|
// would be stored
|
||||||
internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop";
|
internal static string MICASA_PASSCODE_BY_DESKTOP_FILE = "/.miCASAPCByDesktop";
|
||||||
|
|
||||||
|
// The file where the passcode is stored encrypted with the system key.
|
||||||
|
// The system key here is the key used with the default key container
|
||||||
|
// for the user in Mono environment.
|
||||||
|
internal static string MICASA_SERVER_PASSCODE_BY_SYSTEM_KEY_FILE = "/.miCASASrvPCBySysKey";
|
||||||
|
|
||||||
internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd";
|
internal static string MICASA_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASAPCByMPasswd";
|
||||||
|
|
||||||
|
// The passcode encrypted with the key derived from the masster password.
|
||||||
|
// The master password is the same as the one used with the user's application credentials.
|
||||||
|
internal static string MICASA_SERVER_PASSCODE_BY_MASTERPASSWD_FILE = "/.miCASASrvPCByMPasswd";
|
||||||
|
|
||||||
//The file where all possible passwds are cross encrypted and
|
//The file where all possible passwds are cross encrypted and
|
||||||
//stored to provide multiple recovery points.
|
//stored to provide multiple recovery points.
|
||||||
internal static string MICASA_KEY_FILE = "/.miCASAKey";
|
internal static string MICASA_KEY_FILE = "/.miCASAKey";
|
||||||
|
|
||||||
|
internal static string MICASA_SERVER_KEY_FILE = "/.miCASASrvKey";
|
||||||
|
|
||||||
//The file where the user's credentials are persisted.
|
//The file where the user's credentials are persisted.
|
||||||
internal static string MICASA_PERSISTENCE_FILE = "/.miCASA";
|
internal static string MICASA_PERSISTENCE_FILE = "/.miCASA";
|
||||||
|
|
||||||
|
//The file where the services' credentials are persisted.
|
||||||
|
internal static string MICASA_SERVER_PERSISTENCE_FILE = "/.miCASASrv";
|
||||||
|
|
||||||
//The file required to validate the desktop passwd
|
//The file required to validate the desktop passwd
|
||||||
internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate";
|
internal static string MICASA_VALIDATION_FILE = "/.miCASAValidate";
|
||||||
|
|
||||||
|
//The file required to validate the passcode
|
||||||
|
internal static string MICASA_SERVER_VALIDATION_FILE = "/.miCASASrvValidate";
|
||||||
|
|
||||||
internal static string MICASA_VALIDATION_STRING = "miCASAValidationString";
|
internal static string MICASA_VALIDATION_STRING = "miCASAValidationString";
|
||||||
|
|
||||||
// these are used in the GUI too.
|
// these are used in the GUI too.
|
||||||
|
|||||||
@ -91,6 +91,7 @@ namespace sscs.common
|
|||||||
ss = user.GetSecretStore();
|
ss = user.GetSecretStore();
|
||||||
ss.IncrRefCount();
|
ss.IncrRefCount();
|
||||||
ss.CreateTime = DateTime.Now;
|
ss.CreateTime = DateTime.Now;
|
||||||
|
ss.StartPersistenceOfServerSecretsBySystemKey();
|
||||||
return ss;
|
return ss;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -38,7 +38,8 @@ abstract class IPCChannel
|
|||||||
#if LINUX
|
#if LINUX
|
||||||
internal static IPCChannel Create(Socket socket)
|
internal static IPCChannel Create(Socket socket)
|
||||||
{
|
{
|
||||||
if(( (int)Environment.OSVersion.Platform) == 128)
|
int platform = (int)Environment.OSVersion.Platform;
|
||||||
|
if(( platform ==4 ) || ( platform == 128 ))
|
||||||
return (new UnixIPCChannel(socket) ) ;
|
return (new UnixIPCChannel(socket) ) ;
|
||||||
else
|
else
|
||||||
return null;
|
return null;
|
||||||
|
|||||||
@ -253,7 +253,7 @@ namespace sscs.crypto
|
|||||||
fsEncrypt.Write(hash,0,hash.Length);
|
fsEncrypt.Write(hash,0,hash.Length);
|
||||||
fsEncrypt.Flush();
|
fsEncrypt.Flush();
|
||||||
|
|
||||||
#if CLEAR
|
#if true//#if CLEAR //RAJ
|
||||||
byte[] dup = (byte[])xmlData.Clone();
|
byte[] dup = (byte[])xmlData.Clone();
|
||||||
// write clear file
|
// write clear file
|
||||||
FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create);
|
FileStream fsClear = new FileStream(fileName + ".xml", FileMode.Create);
|
||||||
@ -642,7 +642,49 @@ namespace sscs.crypto
|
|||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
//internal static string GenerateMasterPasscodeUsingDesktopPasswd(
|
|
||||||
|
internal static byte[] GetServerMasterPasscodeUsingMasterPasswd(
|
||||||
|
string mPasswd,
|
||||||
|
string fileName,
|
||||||
|
bool bUseOldMethod)
|
||||||
|
{
|
||||||
|
return GetMasterPasscodeUsingMasterPasswd ( mPasswd, fileName, bUseOldMethod);
|
||||||
|
}
|
||||||
|
|
||||||
|
internal static byte[] GetServerMasterPasscodeUsingSystemKey(string fileName)
|
||||||
|
{
|
||||||
|
byte[] baSavedMasterPasscode = null;
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
#if LINUX
|
||||||
|
UnixFileInfo fsTest = new UnixFileInfo (fileName);
|
||||||
|
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
|
||||||
|
#else
|
||||||
|
if (!File.Exists(fileName))
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
FileStream fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);
|
||||||
|
byte [] encryptedMasterPasscode = new byte[fs.Length];
|
||||||
|
fs.Read(encryptedMasterPasscode, 0, (int) fs.Length);
|
||||||
|
fs.Close();
|
||||||
|
|
||||||
|
baSavedMasterPasscode = new byte[16];
|
||||||
|
baSavedMasterPasscode = ProtectedData.Unprotect( encryptedMasterPasscode, null, DataProtectionScope.CurrentUser );
|
||||||
|
}
|
||||||
|
catch (CryptographicException e)
|
||||||
|
{
|
||||||
|
CSSSLogger.ExpLog(e.ToString());
|
||||||
|
CSSSLogger.DbgLog("Unable to decrypt master passode using the system key");
|
||||||
|
baSavedMasterPasscode = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return baSavedMasterPasscode;
|
||||||
|
}
|
||||||
|
|
||||||
internal static byte[] GenerateMasterPasscodeUsingString(
|
internal static byte[] GenerateMasterPasscodeUsingString(
|
||||||
string desktopPasswd,
|
string desktopPasswd,
|
||||||
string fileName,
|
string fileName,
|
||||||
@ -678,6 +720,42 @@ namespace sscs.crypto
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
internal static byte[] GenerateServerMasterPasscode(
|
||||||
|
string fileName,
|
||||||
|
string validationFile
|
||||||
|
)
|
||||||
|
{
|
||||||
|
byte[] baPasscode = null;
|
||||||
|
try
|
||||||
|
{
|
||||||
|
// use AES to generate a random 16 byte key;
|
||||||
|
RijndaelManaged myRijndael = new RijndaelManaged();
|
||||||
|
myRijndael.KeySize = 128;
|
||||||
|
//Create a new key and initialization vector.
|
||||||
|
myRijndael.GenerateKey();
|
||||||
|
baPasscode = myRijndael.Key;
|
||||||
|
|
||||||
|
byte [] encryptedMasterPasscode = ProtectedData.Protect( baPasscode, null, DataProtectionScope.CurrentUser );
|
||||||
|
FileStream fs = new FileStream(fileName, FileMode.Create);
|
||||||
|
File.SetAttributes(fileName, FileAttributes.Hidden);
|
||||||
|
fs.Write(encryptedMasterPasscode, 0, encryptedMasterPasscode.Length);
|
||||||
|
fs.Flush();
|
||||||
|
fs.Close();
|
||||||
|
|
||||||
|
EncryptDataAndWriteToFile(
|
||||||
|
Encoding.Default.GetBytes(ConstStrings.MICASA_VALIDATION_STRING),
|
||||||
|
baPasscode,
|
||||||
|
validationFile);
|
||||||
|
}
|
||||||
|
catch(Exception e)
|
||||||
|
{
|
||||||
|
CSSSLogger.ExpLog(e.ToString());
|
||||||
|
CSSSLogger.DbgLog("Generation of master passcode failed.");
|
||||||
|
baPasscode = null;
|
||||||
|
}
|
||||||
|
return baPasscode;
|
||||||
|
}
|
||||||
|
|
||||||
public static bool ValidatePasscode(byte[] baPasscode, string fileName)
|
public static bool ValidatePasscode(byte[] baPasscode, string fileName)
|
||||||
{
|
{
|
||||||
/* Here we decrpyt a well known string, throw exception
|
/* Here we decrpyt a well known string, throw exception
|
||||||
|
|||||||
@ -65,6 +65,7 @@ namespace sscs.lss
|
|||||||
|
|
||||||
private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30;
|
private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30;
|
||||||
private Thread persistThread = null;
|
private Thread persistThread = null;
|
||||||
|
private Thread sPersistThread = null;
|
||||||
|
|
||||||
#if LINUX
|
#if LINUX
|
||||||
Mono.Unix.UnixFileSystemInfo sockFileInfo;
|
Mono.Unix.UnixFileSystemInfo sockFileInfo;
|
||||||
@ -73,13 +74,22 @@ namespace sscs.lss
|
|||||||
|
|
||||||
private static string LINUXID = "Unix";
|
private static string LINUXID = "Unix";
|
||||||
|
|
||||||
|
internal LocalStorage(SecretStore store, byte[] baMasterPasscode, bool dummy) // Merge this with the next cons - RAJ
|
||||||
|
{
|
||||||
|
userStore = store;
|
||||||
|
m_baGeneratedKey = baMasterPasscode;
|
||||||
|
LoadPersistentStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
|
||||||
|
//userStore.DumpSecretstore();
|
||||||
|
}
|
||||||
|
|
||||||
internal LocalStorage(SecretStore store,byte[] baMasterPasscode)
|
internal LocalStorage(SecretStore store,byte[] baMasterPasscode)
|
||||||
{
|
{
|
||||||
userStore = store;
|
userStore = store;
|
||||||
m_baGeneratedKey = baMasterPasscode;
|
m_baGeneratedKey = baMasterPasscode;
|
||||||
LoadPersistentStore();
|
LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
|
||||||
userStore.DumpSecretstore();
|
userStore.DumpSecretstore();
|
||||||
}
|
}
|
||||||
|
|
||||||
~LocalStorage()
|
~LocalStorage()
|
||||||
{
|
{
|
||||||
if(persistThread != null)
|
if(persistThread != null)
|
||||||
@ -87,6 +97,12 @@ namespace sscs.lss
|
|||||||
persistThread.Abort();
|
persistThread.Abort();
|
||||||
persistThread.Join();
|
persistThread.Join();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(sPersistThread != null)
|
||||||
|
{
|
||||||
|
sPersistThread.Abort();
|
||||||
|
sPersistThread.Join();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// allowing a user to choose the storage location is not approved yet
|
// allowing a user to choose the storage location is not approved yet
|
||||||
@ -95,7 +111,7 @@ namespace sscs.lss
|
|||||||
{
|
{
|
||||||
userStore = store;
|
userStore = store;
|
||||||
m_baGeneratedKey = baMasterPasscode;
|
m_baGeneratedKey = baMasterPasscode;
|
||||||
LoadPersistentStore();
|
LoadPersistentStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
|
||||||
userStore.DumpSecretstore();
|
userStore.DumpSecretstore();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -120,6 +136,15 @@ namespace sscs.lss
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void PersistServerStoreWithDelay()
|
||||||
|
{
|
||||||
|
if (sPersistThread == null)
|
||||||
|
{
|
||||||
|
sPersistThread = new Thread(new ThreadStart(PersistServerStoreDelayThreadFn));
|
||||||
|
sPersistThread.Start();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public bool StopPersistence()
|
public bool StopPersistence()
|
||||||
{
|
{
|
||||||
if(persistThread != null)
|
if(persistThread != null)
|
||||||
@ -130,6 +155,16 @@ namespace sscs.lss
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public bool StopServerPersistence()
|
||||||
|
{
|
||||||
|
if(sPersistThread != null)
|
||||||
|
{
|
||||||
|
sPersistThread.Abort();
|
||||||
|
sPersistThread.Join();
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
public bool IsOwnedByRoot(string fileName)
|
public bool IsOwnedByRoot(string fileName)
|
||||||
{
|
{
|
||||||
#if LINUX
|
#if LINUX
|
||||||
@ -144,6 +179,73 @@ namespace sscs.lss
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private string GetDecryptedServerSecretsXml()
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
string fileName = userStore.GetServerSecretsPersistenceFilePath();
|
||||||
|
string tempFile = fileName;
|
||||||
|
int count = 0;
|
||||||
|
if(!File.Exists(fileName))
|
||||||
|
{
|
||||||
|
while(true)
|
||||||
|
{
|
||||||
|
// check for tmp file
|
||||||
|
if (File.Exists(tempFile+".tmp"))
|
||||||
|
{
|
||||||
|
if(IsOwnedByRoot(tempFile+".tmp"))
|
||||||
|
{
|
||||||
|
File.Move(tempFile+".tmp", fileName);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
count++;
|
||||||
|
tempFile = fileName + count.ToString();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return null;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// delete tmp file if there
|
||||||
|
if (File.Exists(tempFile+".tmp"))
|
||||||
|
{
|
||||||
|
if(IsOwnedByRoot(tempFile+".tmp"))
|
||||||
|
File.Delete(tempFile+".tmp");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
byte[] baPasscode = null;
|
||||||
|
if (null != m_baGeneratedKey)
|
||||||
|
baPasscode = m_baGeneratedKey;
|
||||||
|
else
|
||||||
|
baPasscode = CASACrypto.GetServerMasterPasscodeUsingSystemKey(userStore.GetServerPasscodeBySystemKeyFilePath());
|
||||||
|
|
||||||
|
if( null == baPasscode )
|
||||||
|
return null;
|
||||||
|
|
||||||
|
byte[] key = CASACrypto.GetKeySetFromFile(baPasscode,userStore.GetServerKeyFilePath());
|
||||||
|
if( null == key )
|
||||||
|
return null;
|
||||||
|
|
||||||
|
byte[] decryptedBuffer = CASACrypto.ReadFileAndDecryptData(key,fileName);
|
||||||
|
|
||||||
|
if( null == decryptedBuffer )
|
||||||
|
return null;
|
||||||
|
|
||||||
|
string temp = Encoding.UTF8.GetString(decryptedBuffer, 0, decryptedBuffer.Length);
|
||||||
|
|
||||||
|
return temp;
|
||||||
|
}
|
||||||
|
catch(Exception e)
|
||||||
|
{
|
||||||
|
CSSSLogger.ExpLog(e.ToString());
|
||||||
|
CSSSLogger.DbgLog("Unable to get persistent store");
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
private string GetDecryptedXml()
|
private string GetDecryptedXml()
|
||||||
{
|
{
|
||||||
@ -212,17 +314,23 @@ namespace sscs.lss
|
|||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This method, uses the key to decrypt the persistent store
|
/* This method, uses the key to decrypt the persistent store
|
||||||
* and populates userStore with the persistent data.
|
* and populates userStore with the persistent data.
|
||||||
*/
|
*/
|
||||||
private bool LoadPersistentStore()
|
private bool LoadPersistentStore(string keyChainId)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
string xpath = "";
|
//string xpath = "";
|
||||||
XmlDocument doc = new XmlDocument();
|
XmlDocument doc = new XmlDocument();
|
||||||
|
|
||||||
string xmlToLoad = GetDecryptedXml();
|
string xmlToLoad = null;
|
||||||
|
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
|
||||||
|
xmlToLoad = GetDecryptedXml();
|
||||||
|
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
|
||||||
|
xmlToLoad = GetDecryptedServerSecretsXml();
|
||||||
|
|
||||||
if(xmlToLoad != null)
|
if(xmlToLoad != null)
|
||||||
{
|
{
|
||||||
doc.LoadXml(xmlToLoad);
|
doc.LoadXml(xmlToLoad);
|
||||||
@ -403,16 +511,32 @@ namespace sscs.lss
|
|||||||
private void PersistStoreDelayThreadFn()
|
private void PersistStoreDelayThreadFn()
|
||||||
{
|
{
|
||||||
Thread.Sleep(15000);
|
Thread.Sleep(15000);
|
||||||
PersistStore();
|
PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
|
||||||
persistThread = null;
|
persistThread = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void PersistServerStoreDelayThreadFn()
|
||||||
|
{
|
||||||
|
Thread.Sleep(15000);
|
||||||
|
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
|
||||||
|
sPersistThread = null;
|
||||||
|
}
|
||||||
|
|
||||||
private void PersistStoreThreadFn()
|
private void PersistStoreThreadFn()
|
||||||
{
|
{
|
||||||
while(true)
|
while(true)
|
||||||
{
|
{
|
||||||
Thread.Sleep(persistThreadSleepTime);
|
Thread.Sleep(persistThreadSleepTime);
|
||||||
PersistStore();
|
PersistStore(ConstStrings.SSCS_SESSION_KEY_CHAIN_ID);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void PersistServerStoreThreadFn()
|
||||||
|
{
|
||||||
|
while(true)
|
||||||
|
{
|
||||||
|
Thread.Sleep(persistThreadSleepTime);
|
||||||
|
PersistStore(ConstStrings.SSCS_SERVER_KEY_CHAIN_ID);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -420,7 +544,7 @@ namespace sscs.lss
|
|||||||
* TBD : Would we require any form of encoding?
|
* TBD : Would we require any form of encoding?
|
||||||
*/
|
*/
|
||||||
|
|
||||||
internal void PersistStore()
|
internal void PersistStore(string keyChainId)
|
||||||
{
|
{
|
||||||
string sPeristSecrets = null;
|
string sPeristSecrets = null;
|
||||||
|
|
||||||
@ -434,18 +558,31 @@ namespace sscs.lss
|
|||||||
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
|
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
|
||||||
{
|
{
|
||||||
// delete .miCASA file and .IV file
|
// delete .miCASA file and .IV file
|
||||||
|
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
|
||||||
File.Delete(userStore.GetPersistenceFilePath());
|
File.Delete(userStore.GetPersistenceFilePath());
|
||||||
|
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
|
||||||
|
File.Delete(userStore.GetServerSecretsPersistenceFilePath());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
//userStore.DumpSecretstore();
|
//userStore.DumpSecretstore();
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore);
|
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore, keyChainId);
|
||||||
//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath());
|
byte[] key = null;
|
||||||
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
|
string fileName = null;
|
||||||
|
|
||||||
|
if ( keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID )
|
||||||
|
{
|
||||||
|
key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
|
||||||
|
fileName = userStore.GetPersistenceFilePath();
|
||||||
|
}
|
||||||
|
else if ( keyChainId == ConstStrings.SSCS_SERVER_KEY_CHAIN_ID )
|
||||||
|
{
|
||||||
|
key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetServerKeyFilePath());
|
||||||
|
fileName = userStore.GetServerSecretsPersistenceFilePath();
|
||||||
|
}
|
||||||
|
|
||||||
string fileName = userStore.GetPersistenceFilePath();
|
|
||||||
string tempFile = fileName;
|
string tempFile = fileName;
|
||||||
int count=0;
|
int count=0;
|
||||||
|
|
||||||
@ -488,7 +625,7 @@ namespace sscs.lss
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore)
|
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore, string keyChainId)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@ -506,13 +643,16 @@ namespace sscs.lss
|
|||||||
while( iter.MoveNext() )
|
while( iter.MoveNext() )
|
||||||
{
|
{
|
||||||
KeyChain kc = (KeyChain)iter.Value;
|
KeyChain kc = (KeyChain)iter.Value;
|
||||||
writer.WriteStartElement(XmlConsts.keyChainNode);
|
|
||||||
string kcId = kc.GetKey();
|
string kcId = kc.GetKey();
|
||||||
tmpId = new char[kcId.Length-1];
|
tmpId = new char[kcId.Length-1];
|
||||||
for(int i = 0; i < kcId.Length-1; i++ )
|
for(int i = 0; i < kcId.Length-1; i++ )
|
||||||
tmpId[i] = kcId[i];
|
tmpId[i] = kcId[i];
|
||||||
sTmpId = new string(tmpId);
|
sTmpId = new string(tmpId);
|
||||||
|
|
||||||
|
if( ( keyChainId != null ) && ( keyChainId != sTmpId ))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
writer.WriteStartElement(XmlConsts.keyChainNode);
|
||||||
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
|
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
|
||||||
// If we need to store time
|
// If we need to store time
|
||||||
writer.WriteStartElement(XmlConsts.timeNode);
|
writer.WriteStartElement(XmlConsts.timeNode);
|
||||||
|
|||||||
@ -50,6 +50,7 @@ case "$1" in
|
|||||||
if ! is_running; then \
|
if ! is_running; then \
|
||||||
echo -n "Starting miCASA daemon"
|
echo -n "Starting miCASA daemon"
|
||||||
$MICASAD_BIN
|
$MICASAD_BIN
|
||||||
|
sleep 2
|
||||||
fi
|
fi
|
||||||
# Remember status and be verbose
|
# Remember status and be verbose
|
||||||
rc_status -v
|
rc_status -v
|
||||||
|
|||||||
@ -165,6 +165,11 @@ namespace sscs.verbs
|
|||||||
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
|
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
|
||||||
if (!ssStore.IsStoreLocked())
|
if (!ssStore.IsStoreLocked())
|
||||||
{
|
{
|
||||||
|
if((keyChainId == ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0") && (!ssStore.CheckIfKeyChainExists(keyChainId)))
|
||||||
|
{
|
||||||
|
ssStore.AddKeyChain(new KeyChain(keyChainId));
|
||||||
|
}
|
||||||
|
|
||||||
if( ssStore.CheckIfKeyChainExists(keyChainId) )
|
if( ssStore.CheckIfKeyChainExists(keyChainId) )
|
||||||
{
|
{
|
||||||
keyChain = ssStore.GetKeyChain(keyChainId);
|
keyChain = ssStore.GetKeyChain(keyChainId);
|
||||||
|
|||||||
@ -171,6 +171,7 @@ namespace sscs.verbs
|
|||||||
ssStore.StartPersistenceByDesktopPasswd(passwd);
|
ssStore.StartPersistenceByDesktopPasswd(passwd);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
ssStore.UpdatePersistentStore();
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user