mcs/class/corlib/System.Security/SecureString.cs

   1 //
   2 // System.Security.SecureString class
   3 //
   4 // Authors
   5 //      Sebastien Pouliot  <sebastien@ximian.com>
   6 //
   7 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28
  29 using System.Globalization;
  30 using System.Reflection;
  31 using System.Runtime.CompilerServices;
  32 using System.Runtime.InteropServices;
  33 using System.Runtime.ConstrainedExecution;
  34 using System.Security.Cryptography;
  35 using System.Security.Permissions;
  36 using System.Runtime.ExceptionServices;
  37
  38 namespace System.Security {
  39
  40         [MonoTODO ("work in progress - encryption is missing")]
  41         public sealed class SecureString : IDisposable {
  42
  43                 private const int BlockSize = 16;
  44                 private const int MaxSize = 65536;
  45
  46                 private int length;
  47                 private bool disposed;
  48                 private bool read_only;
  49                 private byte[] data;
  50
  51                 static SecureString ()
  52                 {
  53                         // ProtectedMemory has been moved to System.Security.dll
  54                         // we use reflection to call it (if available) or we'll
  55                         // throw an exception
  56                 }
  57
  58                 public SecureString ()
  59                 {
  60                         Alloc (BlockSize >> 1, false);
  61                 }
  62
  63                 [CLSCompliant (false)]
  64                 public unsafe SecureString (char* value, int length)
  65                 {
  66                         if (value == null)
  67                                 throw new ArgumentNullException ("value");
  68                         if ((length < 0) || (length > MaxSize))
  69                                 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
  70
  71                         this.length = length; // real length
  72                         Alloc (length, false);
  73                         int n = 0;
  74                         for (int i = 0; i < length; i++) {
  75                                 char c = *value++;
  76                                 data[n++] = (byte) (c >> 8);
  77                                 data[n++] = (byte) c;
  78                         }
  79                         Encrypt ();
  80                 }
  81
  82                 // properties
  83
  84                 public int Length {
  85                         get {
  86                                 if (disposed)
  87                                         throw new ObjectDisposedException ("SecureString");
  88                                 return length;
  89                         }
  90                 }
  91
  92                 [HandleProcessCorruptedStateExceptions]
  93                 public void AppendChar (char c)
  94                 {
  95                         if (disposed)
  96                                 throw new ObjectDisposedException ("SecureString");
  97                         if (read_only) {
  98                                 throw new InvalidOperationException (Locale.GetText (
  99                                         "SecureString is read-only."));
 100                         }
 101                         if (length == MaxSize)
 102                                 throw new ArgumentOutOfRangeException ("length", "> 65536");
 103
 104                         try {
 105                                 Decrypt ();
 106                                 int n = length * 2;
 107                                 Alloc (++length, true);
 108                                 data[n++] = (byte) (c >> 8);
 109                                 data[n++] = (byte) c;
 110                         }
 111                         finally {
 112                                 Encrypt ();
 113                         }
 114                 }
 115
 116                 public void Clear ()
 117                 {
 118                         if (disposed)
 119                                 throw new ObjectDisposedException ("SecureString");
 120                         if (read_only) {
 121                                 throw new InvalidOperationException (Locale.GetText (
 122                                         "SecureString is read-only."));
 123                         }
 124
 125                         Array.Clear (data, 0, data.Length);
 126                         length = 0;
 127                 }
 128
 129                 public SecureString Copy ()
 130                 {
 131                         SecureString ss = new SecureString ();
 132                         ss.data = (byte[]) data.Clone ();
 133                         ss.length = length;
 134                         return ss;
 135                 }
 136
 137                 public void Dispose ()
 138                 {
 139                         disposed = true;
 140                         // don't call clear because we could be either in read-only
 141                         // or already disposed - but DO CLEAR the data
 142                         if (data != null) {
 143                                 Array.Clear (data, 0, data.Length);
 144                                 data = null;
 145                         }
 146                         length = 0;
 147                 }
 148
 149                 [HandleProcessCorruptedStateExceptions]
 150                 public void InsertAt (int index, char c)
 151                 {
 152                         if (disposed)
 153                                 throw new ObjectDisposedException ("SecureString");
 154                         if (read_only) {
 155                                 throw new InvalidOperationException (Locale.GetText (
 156                                         "SecureString is read-only."));
 157                         }
 158                         if ((index < 0) || (index > length))
 159                                 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
 160                         // insert increments length
 161                         if (length >= MaxSize) {
 162                                 string msg = Locale.GetText ("Maximum string size is '{0}'.", MaxSize);
 163                                 throw new ArgumentOutOfRangeException ("index", msg);
 164                         }
 165
 166                         try {
 167                                 Decrypt ();
 168                                 Alloc (++length, true);
 169                                 int n = index * 2;
 170                                 Buffer.BlockCopy (data, n, data, n + 2, data.Length - n - 2);
 171                                 data[n++] = (byte) (c >> 8);
 172                                 data[n] = (byte) c;
 173                         }
 174                         finally {
 175                                 Encrypt ();
 176                         }
 177                 }
 178
 179                 public bool IsReadOnly ()
 180                 {
 181                         if (disposed)
 182                                 throw new ObjectDisposedException ("SecureString");
 183                         return read_only;
 184                 }
 185
 186                 public void MakeReadOnly ()
 187                 {
 188                         read_only = true;
 189                 }
 190
 191                 [HandleProcessCorruptedStateExceptions]
 192                 public void RemoveAt (int index)
 193                 {
 194                         if (disposed)
 195                                 throw new ObjectDisposedException ("SecureString");
 196                         if (read_only) {
 197                                 throw new InvalidOperationException (Locale.GetText (
 198                                         "SecureString is read-only."));
 199                         }
 200                         if ((index < 0) || (index >= length))
 201                                 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
 202
 203                         try {
 204                                 Decrypt ();
 205                                 Buffer.BlockCopy (data, index * 2 + 2, data, index * 2, data.Length - index * 2 - 2);
 206                                 Alloc (--length, true);
 207                         }
 208                         finally {
 209                                 Encrypt ();
 210                         }
 211                 }
 212
 213                 [HandleProcessCorruptedStateExceptions]
 214                 public void SetAt (int index, char c)
 215                 {
 216                         if (disposed)
 217                                 throw new ObjectDisposedException ("SecureString");
 218                         if (read_only) {
 219                                 throw new InvalidOperationException (Locale.GetText (
 220                                         "SecureString is read-only."));
 221                         }
 222                         if ((index < 0) || (index >= length))
 223                                 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
 224
 225                         try {
 226                                 Decrypt ();
 227                                 int n = index * 2;
 228                                 data[n++] = (byte) (c >> 8);
 229                                 data[n] = (byte) c;
 230                         }
 231                         finally {
 232                                 Encrypt ();
 233                         }
 234                 }
 235
 236                 // internal/private stuff
 237
 238 //              [MethodImplAttribute(MethodImplOptions.InternalCall)]
 239 //              extern static void EncryptInternal (byte [] data, object scope);
 240
 241 //              [MethodImplAttribute(MethodImplOptions.InternalCall)]
 242 //              extern static void DecryptInternal (byte [] data, object scope);
 243
 244 //              static readonly object scope = Enum.Parse (
 245 //                      Assembly.Load (Consts.AssemblySystem_Security)
 246 //                      .GetType ("System.Security.Cryptography.MemoryProtectionScope"), "SameProcess");
 247
 248                 // Note that ProtectedMemory is not supported on non-Windows environment right now.
 249                 private void Encrypt ()
 250                 {
 251                         if ((data != null) && (data.Length > 0)) {
 252                                 // It somehow causes nunit test breakage
 253                                 // EncryptInternal (data, scope);
 254                         }
 255                 }
 256
 257                 // Note that ProtectedMemory is not supported on non-Windows environment right now.
 258                 private void Decrypt ()
 259                 {
 260                         if ((data != null) && (data.Length > 0)) {
 261                                 // It somehow causes nunit test breakage
 262                                 // DecryptInternal (data, scope);
 263                         }
 264                 }
 265
 266                 // note: realloc only work for bigger buffers. Clear will
 267                 // reset buffers to default (and small) size.
 268                 private void Alloc (int length, bool realloc)
 269                 {
 270                         if ((length < 0) || (length > MaxSize))
 271                                 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
 272
 273                         // (size / blocksize) + 1 * blocksize
 274                         // where size = length * 2 (unicode) and blocksize == 16 (ProtectedMemory)
 275                         // length * 2 (unicode) / 16 (blocksize)
 276                         int size = (length >> 3) + (((length & 0x7) == 0) ? 0 : 1) << 4;
 277
 278                         // is re-allocation necessary ? (i.e. grow or shrink
 279                         // but do not re-allocate the same amount of memory)
 280                         if (realloc && (data != null) && (size == data.Length))
 281                                 return;
 282
 283                         if (realloc) {
 284                                 // copy, then clear
 285                                 byte[] newdata = new byte[size];
 286                                 Array.Copy (data, 0, newdata, 0, Math.Min (data.Length, newdata.Length));
 287                                 Array.Clear (data, 0, data.Length);
 288                                 data = newdata;
 289                         } else {
 290                                 data = new byte[size];
 291                         }
 292                 }
 293
 294                 // dangerous method (put a LinkDemand on it)
 295                 internal byte[] GetBuffer ()
 296                 {
 297                         byte[] secret = new byte[length << 1];
 298                         try {
 299                                 Decrypt ();
 300                                 Buffer.BlockCopy (data, 0, secret, 0, secret.Length);
 301                         }
 302                         finally {
 303                                 Encrypt ();
 304                         }
 305                         // NOTE: CALLER IS RESPONSIBLE TO ZEROIZE THE DATA
 306                         return secret;
 307                 }
 308         }
 309 }