2 // System.Security.SecureString class
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Globalization;
30 using System.Reflection;
31 using System.Runtime.CompilerServices;
32 using System.Runtime.InteropServices;
33 using System.Runtime.ConstrainedExecution;
34 using System.Security.Cryptography;
35 using System.Security.Permissions;
36 using System.Runtime.ExceptionServices;
38 namespace System.Security {
40 [MonoTODO ("work in progress - encryption is missing")]
41 public sealed class SecureString : IDisposable {
43 private const int BlockSize = 16;
44 private const int MaxSize = 65536;
47 private bool disposed;
48 private bool read_only;
51 static SecureString ()
53 // ProtectedMemory has been moved to System.Security.dll
54 // we use reflection to call it (if available) or we'll
58 public SecureString ()
60 Alloc (BlockSize >> 1, false);
63 [CLSCompliant (false)]
64 public unsafe SecureString (char* value, int length)
67 throw new ArgumentNullException ("value");
68 if ((length < 0) || (length > MaxSize))
69 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
71 this.length = length; // real length
72 Alloc (length, false);
74 for (int i = 0; i < length; i++) {
76 data[n++] = (byte) (c >> 8);
87 throw new ObjectDisposedException ("SecureString");
92 [HandleProcessCorruptedStateExceptions]
93 public void AppendChar (char c)
96 throw new ObjectDisposedException ("SecureString");
98 throw new InvalidOperationException (Locale.GetText (
99 "SecureString is read-only."));
101 if (length == MaxSize)
102 throw new ArgumentOutOfRangeException ("length", "> 65536");
107 Alloc (++length, true);
108 data[n++] = (byte) (c >> 8);
109 data[n++] = (byte) c;
119 throw new ObjectDisposedException ("SecureString");
121 throw new InvalidOperationException (Locale.GetText (
122 "SecureString is read-only."));
125 Array.Clear (data, 0, data.Length);
129 public SecureString Copy ()
131 SecureString ss = new SecureString ();
132 ss.data = (byte[]) data.Clone ();
137 public void Dispose ()
140 // don't call clear because we could be either in read-only
141 // or already disposed - but DO CLEAR the data
143 Array.Clear (data, 0, data.Length);
149 [HandleProcessCorruptedStateExceptions]
150 public void InsertAt (int index, char c)
153 throw new ObjectDisposedException ("SecureString");
155 throw new InvalidOperationException (Locale.GetText (
156 "SecureString is read-only."));
158 if ((index < 0) || (index > length))
159 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
160 // insert increments length
161 if (length >= MaxSize) {
162 string msg = Locale.GetText ("Maximum string size is '{0}'.", MaxSize);
163 throw new ArgumentOutOfRangeException ("index", msg);
168 Alloc (++length, true);
170 Buffer.BlockCopy (data, n, data, n + 2, data.Length - n - 2);
171 data[n++] = (byte) (c >> 8);
179 public bool IsReadOnly ()
182 throw new ObjectDisposedException ("SecureString");
186 public void MakeReadOnly ()
191 [HandleProcessCorruptedStateExceptions]
192 public void RemoveAt (int index)
195 throw new ObjectDisposedException ("SecureString");
197 throw new InvalidOperationException (Locale.GetText (
198 "SecureString is read-only."));
200 if ((index < 0) || (index >= length))
201 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
205 Buffer.BlockCopy (data, index * 2 + 2, data, index * 2, data.Length - index * 2 - 2);
206 Alloc (--length, true);
213 [HandleProcessCorruptedStateExceptions]
214 public void SetAt (int index, char c)
217 throw new ObjectDisposedException ("SecureString");
219 throw new InvalidOperationException (Locale.GetText (
220 "SecureString is read-only."));
222 if ((index < 0) || (index >= length))
223 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
228 data[n++] = (byte) (c >> 8);
236 // internal/private stuff
238 // [MethodImplAttribute(MethodImplOptions.InternalCall)]
239 // extern static void EncryptInternal (byte [] data, object scope);
241 // [MethodImplAttribute(MethodImplOptions.InternalCall)]
242 // extern static void DecryptInternal (byte [] data, object scope);
244 // static readonly object scope = Enum.Parse (
245 // Assembly.Load (Consts.AssemblySystem_Security)
246 // .GetType ("System.Security.Cryptography.MemoryProtectionScope"), "SameProcess");
248 // Note that ProtectedMemory is not supported on non-Windows environment right now.
249 private void Encrypt ()
251 if ((data != null) && (data.Length > 0)) {
252 // It somehow causes nunit test breakage
253 // EncryptInternal (data, scope);
257 // Note that ProtectedMemory is not supported on non-Windows environment right now.
258 private void Decrypt ()
260 if ((data != null) && (data.Length > 0)) {
261 // It somehow causes nunit test breakage
262 // DecryptInternal (data, scope);
266 // note: realloc only work for bigger buffers. Clear will
267 // reset buffers to default (and small) size.
268 private void Alloc (int length, bool realloc)
270 if ((length < 0) || (length > MaxSize))
271 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
273 // (size / blocksize) + 1 * blocksize
274 // where size = length * 2 (unicode) and blocksize == 16 (ProtectedMemory)
275 // length * 2 (unicode) / 16 (blocksize)
276 int size = (length >> 3) + (((length & 0x7) == 0) ? 0 : 1) << 4;
278 // is re-allocation necessary ? (i.e. grow or shrink
279 // but do not re-allocate the same amount of memory)
280 if (realloc && (data != null) && (size == data.Length))
285 byte[] newdata = new byte[size];
286 Array.Copy (data, 0, newdata, 0, Math.Min (data.Length, newdata.Length));
287 Array.Clear (data, 0, data.Length);
290 data = new byte[size];
294 // dangerous method (put a LinkDemand on it)
295 internal byte[] GetBuffer ()
297 byte[] secret = new byte[length << 1];
300 Buffer.BlockCopy (data, 0, secret, 0, secret.Length);
305 // NOTE: CALLER IS RESPONSIBLE TO ZEROIZE THE DATA