Cryptography service now handles random byte generation

Protected strings are now protected in memory
2025-10-03 15:40:18 -04:00 · 2020-05-18 14:14:28 +02:00
parent ceaf7dabd3
commit 9126307b4c
22 changed files with 134 additions and 105 deletions
--- a/ModernKeePass.Infrastructure/KeePass/KeePassDatabaseClient.cs
+++ b/ModernKeePass.Infrastructure/KeePass/KeePassDatabaseClient.cs
@@ -25,6 +25,7 @@ namespace ModernKeePass.Infrastructure.KeePass
    {
        private readonly IMapper _mapper;
        private readonly IDateTime _dateTime;
+        private readonly ICryptographyClient _cryptography;
        private readonly PwDatabase _pwDatabase = new PwDatabase();
        private Credentials _credentials;
        // Flag: Has Dispose already been called?
@@ -94,10 +95,11 @@ namespace ModernKeePass.Infrastructure.KeePass
            set { _pwDatabase.Compression = (PwCompressionAlgorithm) Enum.Parse(typeof(PwCompressionAlgorithm), value); }
        }

-        public KeePassDatabaseClient(IMapper mapper, IDateTime dateTime)
+        public KeePassDatabaseClient(IMapper mapper, IDateTime dateTime, ICryptographyClient cryptography)
        {
            _mapper = mapper;
            _dateTime = dateTime;
+            _cryptography = cryptography;
        }

        public async Task Open(byte[] file, Credentials credentials)
@@ -240,7 +242,7 @@ namespace ModernKeePass.Infrastructure.KeePass
            _pwDatabase.DeletedObjects.Add(new PwDeletedObject(BuildIdFromString(entityId), _dateTime.Now));
        }

-        public void UpdateEntry(string entryId, string fieldName, object fieldValue, bool isProtected)
+        public async Task UpdateEntry(string entryId, string fieldName, object fieldValue, bool isProtected)
        {
            var pwEntry = _pwDatabase.RootGroup.FindEntry(BuildIdFromString(entryId), true);

@@ -251,7 +253,8 @@ namespace ModernKeePass.Infrastructure.KeePass
                case EntryFieldName.Password:
                case EntryFieldName.Notes:
                case EntryFieldName.Url:
-                    pwEntry.Strings.Set(EntryFieldMapper.MapFieldToPwDef(fieldName), new ProtectedString(isProtected, fieldValue.ToString()));
+                    var unprotectedFieldValue = isProtected ? await _cryptography.UnProtect(fieldValue.ToString()) : fieldValue.ToString();
+                    pwEntry.Strings.Set(EntryFieldMapper.MapFieldToPwDef(fieldName), new ProtectedString(isProtected, unprotectedFieldValue));
                    break;
                case EntryFieldName.HasExpirationDate:
                    pwEntry.Expires = (bool)fieldValue;
@@ -268,8 +271,9 @@ namespace ModernKeePass.Infrastructure.KeePass
                case EntryFieldName.ForegroundColor:
                    pwEntry.ForegroundColor = (Color)fieldValue;
                    break;
-                default: 
-                    pwEntry.Strings.Set(fieldName, new ProtectedString(isProtected, fieldValue.ToString()));
+                default:
+                    var unprotectedAdditionalFieldValue = isProtected ? await _cryptography.UnProtect(fieldValue.ToString()) : fieldValue.ToString();
+                    pwEntry.Strings.Set(fieldName, new ProtectedString(isProtected, unprotectedAdditionalFieldValue));
                    break;
            }
        }
@@ -394,7 +398,7 @@ namespace ModernKeePass.Infrastructure.KeePass
            {
                Id = g.Uuid.ToHexString(),
                Name = g.Name,
-                ParentName = g.ParentGroup?.Name
+                ParentGroupName = g.ParentGroup?.Name
            });
            return groups;
        }
--- a/ModernKeePass.Infrastructure/KeePass/MappingProfiles.cs
+++ b/ModernKeePass.Infrastructure/KeePass/MappingProfiles.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using AutoMapper;
+using ModernKeePass.Application.Common.Interfaces;
 using ModernKeePass.Domain.Entities;
 using ModernKeePassLib;
 using ModernKeePassLib.Security;
@@ -14,32 +15,42 @@ namespace ModernKeePass.Infrastructure.KeePass
        {
            CreateMap<KeyValuePair<string, ProtectedString>, FieldEntity>()
                .ForMember(dest => dest.Name, opt => opt.MapFrom(src => src.Key))
-                .ForMember(dest => dest.Value, opt => opt.MapFrom(src => src.Value.ReadString()))
+                .ForMember(dest => dest.Value, opt => opt.ResolveUsing<ProtectedStringResolver>())
                .ForMember(dest => dest.IsProtected, opt => opt.MapFrom(src => src.Value.IsProtected));

            CreateMap<PwEntry, EntryEntity>()
-                .ForMember(dest => dest.ParentId, opt => opt.MapFrom(src => src.ParentGroup.Uuid.ToHexString()))
-                .ForMember(dest => dest.ParentName, opt => opt.MapFrom(src => src.ParentGroup.Name))
+                .ForMember(dest => dest.ParentGroupId, opt => opt.MapFrom(src => src.ParentGroup.Uuid.ToHexString()))
                .ForMember(dest => dest.Id, opt => opt.MapFrom(src => src.Uuid.ToHexString()))
                .ForMember(dest => dest.Fields, opt => opt.MapFrom(src => src.Strings))
-                .ForMember(dest => dest.ForegroundColor, opt => opt.MapFrom(src => src.ForegroundColor))
-                .ForMember(dest => dest.BackgroundColor, opt => opt.MapFrom(src => src.BackgroundColor))
                .ForMember(dest => dest.ExpirationDate, opt => opt.MapFrom(src => new DateTimeOffset(src.ExpiryTime)))
                .ForMember(dest => dest.HasExpirationDate, opt => opt.MapFrom(src => src.Expires))
                .ForMember(dest => dest.Icon, opt => opt.MapFrom(src => IconMapper.MapPwIconToIcon(src.IconId)))
-                .ForMember(dest => dest.LastModificationDate, opt => opt.MapFrom(src => new DateTimeOffset(src.LastModificationTime)))
+                .ForMember(dest => dest.ModificationDate, opt => opt.MapFrom(src => new DateTimeOffset(src.LastModificationTime)))
                .ForMember(dest => dest.Attachments, opt => opt.MapFrom(src => src.Binaries.Select(b => new KeyValuePair<string, byte[]> (b.Key, b.Value.ReadData()) )));

            CreateMap<PwGroup, GroupEntity>()
-                .ForMember(d => d.ParentId, opts => opts.MapFrom(s => s.ParentGroup.Uuid.ToHexString()))
-                .ForMember(d => d.ParentName, opts => opts.MapFrom(s => s.ParentGroup.Name))
+                .ForMember(d => d.ParentGroupId, opts => opts.MapFrom(s => s.ParentGroup.Uuid.ToHexString()))
                .ForMember(d => d.Id, opts => opts.MapFrom(s => s.Uuid.ToHexString()))
-                .ForMember(d => d.Name, opts => opts.MapFrom(s => s.Name))
                .ForMember(d => d.Icon, opts => opts.MapFrom(s => IconMapper.MapPwIconToIcon(s.IconId)))
-                .ForMember(d => d.LastModificationDate, opts => opts.MapFrom(s => s.LastModificationTime))
-                .ForMember(d => d.Entries, opts => opts.MapFrom(s => s.Entries))
-                .ForMember(d => d.SubGroups, opts => opts.MapFrom(s => s.Groups))
+                .ForMember(d => d.ModificationDate, opts => opts.MapFrom(s => s.LastModificationTime))
                .MaxDepth(2);
        }
    }
+
+    public class ProtectedStringResolver : IValueResolver<KeyValuePair<string, ProtectedString>, FieldEntity, string>
+    {
+        private readonly ICryptographyClient _cryptography;
+
+        public ProtectedStringResolver(ICryptographyClient cryptography)
+        {
+            _cryptography = cryptography;
+        }
+        
+        public string Resolve(KeyValuePair<string, ProtectedString> source, FieldEntity destination, string destMember, ResolutionContext context)
+        {
+            // TODO: this variable will contain (temporarily) the decrypted string
+            var decryptedString = source.Value.ReadString();
+            return source.Value.IsProtected ? _cryptography.Protect(decryptedString).GetAwaiter().GetResult() : decryptedString;
+        }
+    }
 }