WIP Lib version 2.39.1

ModernKeePassLib/Security/ProtectedBinary.cs

@@ -44,9 +44,8 @@ namespace ModernKeePassLib.Security
 		long lID);
 
 	/// <summary>
-	/// Represents a protected binary, i.e. a byte array that is encrypted
-	/// in memory. A <c>ProtectedBinary</c> object is immutable and
-	/// thread-safe.
+	/// A protected binary, i.e. a byte array that is encrypted in memory.
+	/// A <c>ProtectedBinary</c> object is immutable and thread-safe.
 	/// </summary>
 	public sealed class ProtectedBinary : IEquatable<ProtectedBinary>
 	{
@@ -71,7 +70,7 @@ namespace ModernKeePassLib.Security
 		private enum PbMemProt
 		{
 			None = 0,
-			ProtectedMemory,
+			ProtectedMemory, // DPAPI on Windows
 			ChaCha20,
 			ExtCrypt
 		}
@@ -90,7 +89,8 @@ namespace ModernKeePassLib.Security
 				bool? ob = g_obProtectedMemorySupported;
 				if(ob.HasValue) return ob.Value;
 
-				// Mono does not implement any encryption for ProtectedMemory;
+				// Mono does not implement any encryption for ProtectedMemory
+				// on Linux (Mono uses DPAPI on Windows);
 				// https://sourceforge.net/p/keepass/feature-requests/1907/
 				if(NativeLib.IsUnix())
 				{
@@ -177,7 +177,7 @@ namespace ModernKeePassLib.Security
 		/// i.e. the caller is responsible for clearing it.</param>
 		public ProtectedBinary(bool bEnableProtection, byte[] pbData)
 		{
-			if(pbData == null) throw new ArgumentNullException("pbData");
+			if(pbData == null) throw new ArgumentNullException("pbData"); // For .Length
 
 			Init(bEnableProtection, pbData, 0, pbData.Length);
 		}
@@ -213,9 +213,8 @@ namespace ModernKeePassLib.Security
 			if(xbProtected == null) throw new ArgumentNullException("xbProtected");
 
 			byte[] pb = xbProtected.ReadPlainText();
-			Init(bEnableProtection, pb, 0, pb.Length);
-
-			if(bEnableProtection) MemUtil.ZeroByteArray(pb);
+			try { Init(bEnableProtection, pb, 0, pb.Length); }
+			finally { if(bEnableProtection) MemUtil.ZeroByteArray(pb); }
 		}
 
 		private void Init(bool bEnableProtection, byte[] pbData, int iOffset,
@@ -374,7 +373,7 @@ namespace ModernKeePassLib.Security
 				for(int i = 0; i < pb.Length; ++i)
 					h = (h << 3) + h + (int)pb[i];
 			}
-			MemUtil.ZeroByteArray(pb);
+			if(m_bProtected) MemUtil.ZeroByteArray(pb);
 
 			m_hash = h;
 			return h;
@@ -382,25 +381,36 @@ namespace ModernKeePassLib.Security
 
 		public override bool Equals(object obj)
 		{
-			return Equals(obj as ProtectedBinary);
+			return this.Equals(obj as ProtectedBinary, true);
 		}
 
 		public bool Equals(ProtectedBinary other)
 		{
-			if(other == null) return false; // No assert
+			return this.Equals(other, true);
+		}
+
+		public bool Equals(ProtectedBinary other, bool bCheckProtEqual)
+		{
+			if(other == null) return false; // No assert
+			if(object.ReferenceEquals(this, other)) return true; // Perf. opt.
+
+			if(bCheckProtEqual && (m_bProtected != other.m_bProtected))
+				return false;
 
-			if(m_bProtected != other.m_bProtected) return false;
 			if(m_uDataLen != other.m_uDataLen) return false;
 
-			byte[] pbL = ReadData();
-			byte[] pbR = other.ReadData();
-			bool bEq = MemUtil.ArraysEqual(pbL, pbR);
-			MemUtil.ZeroByteArray(pbL);
-			MemUtil.ZeroByteArray(pbR);
-
-#if DEBUG
-			if(bEq) { Debug.Assert(GetHashCode() == other.GetHashCode()); }
-#endif
+			byte[] pbL = ReadData(), pbR = null;
+			bool bEq;
+			try
+			{
+				pbR = other.ReadData();
+				bEq = MemUtil.ArraysEqual(pbL, pbR);
+			}
+			finally
+			{
+				if(m_bProtected) MemUtil.ZeroByteArray(pbL);
+				if(other.m_bProtected && (pbR != null)) MemUtil.ZeroByteArray(pbR);
+			}
 
 			return bEq;
 		}