mirror of
https://github.com/wismna/ModernKeePass.git
synced 2025-10-03 15:40:18 -04:00
Cryptography service now handles random byte generation
Protected strings are now protected in memory
This commit is contained in:
Geoffroy BONNEVILLE
@@ -25,6 +25,7 @@ namespace ModernKeePass.Infrastructure.KeePass
|
||||
{
|
||||
private readonly IMapper _mapper;
|
||||
private readonly IDateTime _dateTime;
|
||||
private readonly ICryptographyClient _cryptography;
|
||||
private readonly PwDatabase _pwDatabase = new PwDatabase();
|
||||
private Credentials _credentials;
|
||||
// Flag: Has Dispose already been called?
|
||||
@@ -94,10 +95,11 @@ namespace ModernKeePass.Infrastructure.KeePass
|
||||
set { _pwDatabase.Compression = (PwCompressionAlgorithm) Enum.Parse(typeof(PwCompressionAlgorithm), value); }
|
||||
}
|
||||
|
||||
public KeePassDatabaseClient(IMapper mapper, IDateTime dateTime)
|
||||
public KeePassDatabaseClient(IMapper mapper, IDateTime dateTime, ICryptographyClient cryptography)
|
||||
{
|
||||
_mapper = mapper;
|
||||
_dateTime = dateTime;
|
||||
_cryptography = cryptography;
|
||||
}
|
||||
|
||||
public async Task Open(byte[] file, Credentials credentials)
|
||||
@@ -240,7 +242,7 @@ namespace ModernKeePass.Infrastructure.KeePass
|
||||
_pwDatabase.DeletedObjects.Add(new PwDeletedObject(BuildIdFromString(entityId), _dateTime.Now));
|
||||
}
|
||||
|
||||
public void UpdateEntry(string entryId, string fieldName, object fieldValue, bool isProtected)
|
||||
public async Task UpdateEntry(string entryId, string fieldName, object fieldValue, bool isProtected)
|
||||
{
|
||||
var pwEntry = _pwDatabase.RootGroup.FindEntry(BuildIdFromString(entryId), true);
|
||||
|
||||
@@ -251,7 +253,8 @@ namespace ModernKeePass.Infrastructure.KeePass
|
||||
case EntryFieldName.Password:
|
||||
case EntryFieldName.Notes:
|
||||
case EntryFieldName.Url:
|
||||
pwEntry.Strings.Set(EntryFieldMapper.MapFieldToPwDef(fieldName), new ProtectedString(isProtected, fieldValue.ToString()));
|
||||
var unprotectedFieldValue = isProtected ? await _cryptography.UnProtect(fieldValue.ToString()) : fieldValue.ToString();
|
||||
pwEntry.Strings.Set(EntryFieldMapper.MapFieldToPwDef(fieldName), new ProtectedString(isProtected, unprotectedFieldValue));
|
||||
break;
|
||||
case EntryFieldName.HasExpirationDate:
|
||||
pwEntry.Expires = (bool)fieldValue;
|
||||
@@ -268,8 +271,9 @@ namespace ModernKeePass.Infrastructure.KeePass
|
||||
case EntryFieldName.ForegroundColor:
|
||||
pwEntry.ForegroundColor = (Color)fieldValue;
|
||||
break;
|
||||
default:
|
||||
pwEntry.Strings.Set(fieldName, new ProtectedString(isProtected, fieldValue.ToString()));
|
||||
default:
|
||||
var unprotectedAdditionalFieldValue = isProtected ? await _cryptography.UnProtect(fieldValue.ToString()) : fieldValue.ToString();
|
||||
pwEntry.Strings.Set(fieldName, new ProtectedString(isProtected, unprotectedAdditionalFieldValue));
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -394,7 +398,7 @@ namespace ModernKeePass.Infrastructure.KeePass
|
||||
{
|
||||
Id = g.Uuid.ToHexString(),
|
||||
Name = g.Name,
|
||||
ParentName = g.ParentGroup?.Name
|
||||
ParentGroupName = g.ParentGroup?.Name
|
||||
});
|
||||
return groups;
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using AutoMapper;
|
||||
using ModernKeePass.Application.Common.Interfaces;
|
||||
using ModernKeePass.Domain.Entities;
|
||||
using ModernKeePassLib;
|
||||
using ModernKeePassLib.Security;
|
||||
@@ -14,32 +15,42 @@ namespace ModernKeePass.Infrastructure.KeePass
|
||||
{
|
||||
CreateMap<KeyValuePair<string, ProtectedString>, FieldEntity>()
|
||||
.ForMember(dest => dest.Name, opt => opt.MapFrom(src => src.Key))
|
||||
.ForMember(dest => dest.Value, opt => opt.MapFrom(src => src.Value.ReadString()))
|
||||
.ForMember(dest => dest.Value, opt => opt.ResolveUsing<ProtectedStringResolver>())
|
||||
.ForMember(dest => dest.IsProtected, opt => opt.MapFrom(src => src.Value.IsProtected));
|
||||
|
||||
CreateMap<PwEntry, EntryEntity>()
|
||||
.ForMember(dest => dest.ParentId, opt => opt.MapFrom(src => src.ParentGroup.Uuid.ToHexString()))
|
||||
.ForMember(dest => dest.ParentName, opt => opt.MapFrom(src => src.ParentGroup.Name))
|
||||
.ForMember(dest => dest.ParentGroupId, opt => opt.MapFrom(src => src.ParentGroup.Uuid.ToHexString()))
|
||||
.ForMember(dest => dest.Id, opt => opt.MapFrom(src => src.Uuid.ToHexString()))
|
||||
.ForMember(dest => dest.Fields, opt => opt.MapFrom(src => src.Strings))
|
||||
.ForMember(dest => dest.ForegroundColor, opt => opt.MapFrom(src => src.ForegroundColor))
|
||||
.ForMember(dest => dest.BackgroundColor, opt => opt.MapFrom(src => src.BackgroundColor))
|
||||
.ForMember(dest => dest.ExpirationDate, opt => opt.MapFrom(src => new DateTimeOffset(src.ExpiryTime)))
|
||||
.ForMember(dest => dest.HasExpirationDate, opt => opt.MapFrom(src => src.Expires))
|
||||
.ForMember(dest => dest.Icon, opt => opt.MapFrom(src => IconMapper.MapPwIconToIcon(src.IconId)))
|
||||
.ForMember(dest => dest.LastModificationDate, opt => opt.MapFrom(src => new DateTimeOffset(src.LastModificationTime)))
|
||||
.ForMember(dest => dest.ModificationDate, opt => opt.MapFrom(src => new DateTimeOffset(src.LastModificationTime)))
|
||||
.ForMember(dest => dest.Attachments, opt => opt.MapFrom(src => src.Binaries.Select(b => new KeyValuePair<string, byte[]> (b.Key, b.Value.ReadData()) )));
|
||||
|
||||
CreateMap<PwGroup, GroupEntity>()
|
||||
.ForMember(d => d.ParentId, opts => opts.MapFrom(s => s.ParentGroup.Uuid.ToHexString()))
|
||||
.ForMember(d => d.ParentName, opts => opts.MapFrom(s => s.ParentGroup.Name))
|
||||
.ForMember(d => d.ParentGroupId, opts => opts.MapFrom(s => s.ParentGroup.Uuid.ToHexString()))
|
||||
.ForMember(d => d.Id, opts => opts.MapFrom(s => s.Uuid.ToHexString()))
|
||||
.ForMember(d => d.Name, opts => opts.MapFrom(s => s.Name))
|
||||
.ForMember(d => d.Icon, opts => opts.MapFrom(s => IconMapper.MapPwIconToIcon(s.IconId)))
|
||||
.ForMember(d => d.LastModificationDate, opts => opts.MapFrom(s => s.LastModificationTime))
|
||||
.ForMember(d => d.Entries, opts => opts.MapFrom(s => s.Entries))
|
||||
.ForMember(d => d.SubGroups, opts => opts.MapFrom(s => s.Groups))
|
||||
.ForMember(d => d.ModificationDate, opts => opts.MapFrom(s => s.LastModificationTime))
|
||||
.MaxDepth(2);
|
||||
}
|
||||
}
|
||||
|
||||
public class ProtectedStringResolver : IValueResolver<KeyValuePair<string, ProtectedString>, FieldEntity, string>
|
||||
{
|
||||
private readonly ICryptographyClient _cryptography;
|
||||
|
||||
public ProtectedStringResolver(ICryptographyClient cryptography)
|
||||
{
|
||||
_cryptography = cryptography;
|
||||
}
|
||||
|
||||
public string Resolve(KeyValuePair<string, ProtectedString> source, FieldEntity destination, string destMember, ResolutionContext context)
|
||||
{
|
||||
// TODO: this variable will contain (temporarily) the decrypted string
|
||||
var decryptedString = source.Value.ReadString();
|
||||
return source.Value.IsProtected ? _cryptography.Protect(decryptedString).GetAwaiter().GetResult() : decryptedString;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
using System;
|
||||
using System.Runtime.InteropServices.WindowsRuntime;
|
||||
using System.Threading.Tasks;
|
||||
using Windows.Security.Cryptography;
|
||||
using Windows.Security.Cryptography.DataProtection;
|
||||
@@ -10,24 +11,34 @@ namespace ModernKeePass.Infrastructure.UWP
|
||||
{
|
||||
public async Task<string> Protect(string value)
|
||||
{
|
||||
// Create a DataProtectionProvider object for the specified descriptor.
|
||||
var provider = new DataProtectionProvider();
|
||||
if (string.IsNullOrEmpty(value)) return value;
|
||||
try
|
||||
{
|
||||
// Create a DataProtectionProvider object for the specified descriptor.
|
||||
var provider = new DataProtectionProvider("LOCAL=user");
|
||||
|
||||
// Encode the plaintext input message to a buffer.
|
||||
var buffMsg = CryptographicBuffer.ConvertStringToBinary(value, BinaryStringEncoding.Utf8);
|
||||
|
||||
// Encode the plaintext input message to a buffer.
|
||||
var buffMsg = CryptographicBuffer.ConvertStringToBinary(value, BinaryStringEncoding.Utf8);
|
||||
// Encrypt the message.
|
||||
var buffProtected = await provider.ProtectAsync(buffMsg).AsTask().ConfigureAwait(false);
|
||||
|
||||
// Encode buffer to Base64
|
||||
var protectedValue = CryptographicBuffer.EncodeToBase64String(buffProtected);
|
||||
|
||||
// Encrypt the message.
|
||||
var buffProtected = await provider.ProtectAsync(buffMsg);
|
||||
|
||||
// Encode buffer to Base64
|
||||
var stringProtected = CryptographicBuffer.EncodeToBase64String(buffProtected);
|
||||
|
||||
// Return the encrypted string.
|
||||
return stringProtected;
|
||||
// Return the encrypted string.
|
||||
return protectedValue;
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
return string.Empty;
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<string> UnProtect(string value)
|
||||
{
|
||||
if (string.IsNullOrEmpty(value)) return value;
|
||||
|
||||
// Create a DataProtectionProvider object.
|
||||
var provider = new DataProtectionProvider();
|
||||
|
||||
@@ -35,13 +46,18 @@ namespace ModernKeePass.Infrastructure.UWP
|
||||
var buffProtected = CryptographicBuffer.DecodeFromBase64String(value);
|
||||
|
||||
// Decrypt the protected message specified on input.
|
||||
var buffUnprotected = await provider.UnprotectAsync(buffProtected);
|
||||
var buffUnprotected = await provider.UnprotectAsync(buffProtected).AsTask().ConfigureAwait(false);
|
||||
|
||||
// Convert the unprotected message from an IBuffer object to a string.
|
||||
var strClearText = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf8, buffUnprotected);
|
||||
var clearText = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf8, buffUnprotected);
|
||||
|
||||
// Return the plaintext string.
|
||||
return strClearText;
|
||||
return clearText;
|
||||
}
|
||||
|
||||
public byte[] Random(uint length)
|
||||
{
|
||||
return CryptographicBuffer.GenerateRandom(length).ToArray();
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user