2 // System.Security.SecureString class
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using System.Globalization;
32 using System.Runtime.InteropServices;
33 using System.Runtime.ConstrainedExecution;
34 using System.Security.Cryptography;
35 using System.Security.Permissions;
37 namespace System.Security {
39 [MonoTODO ("work in progress")]
40 public sealed class SecureString : CriticalFinalizerObject, IDisposable {
42 private const int BlockSize = 16;
43 private const int MaxSize = 65536;
46 private bool disposed;
47 private bool read_only;
50 static SecureString ()
52 // ProtectedMemory has been moved to System.Security.dll
53 // we use reflection to call it (if available) or we'll
57 public SecureString ()
59 Alloc (BlockSize >> 1, false);
62 [CLSCompliant (false)]
63 public unsafe SecureString (char* value, int length)
66 throw new ArgumentNullException ("value");
67 if ((length < 0) || (length > MaxSize))
68 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
70 this.length = length; // real length
71 Alloc (length, false);
73 for (int i = 0; i < length; i++) {
75 data[n++] = (byte) (c >> 8);
85 throw new ObjectDisposedException ("SecureString");
90 public void AppendChar (char c)
93 throw new ObjectDisposedException ("SecureString");
95 throw new InvalidOperationException (Locale.GetText (
96 "SecureString is read-only."));
98 if (length == MaxSize)
99 throw new ArgumentOutOfRangeException ("length", "> 65536");
103 if (length >= data.Length) {
104 Alloc (length + 1, true);
107 data[n++] = (byte) (c >> 8);
108 data[n++] = (byte) c;
119 throw new ObjectDisposedException ("SecureString");
121 throw new InvalidOperationException (Locale.GetText (
122 "SecureString is read-only."));
125 Array.Clear (data, 0, data.Length);
129 public SecureString Copy ()
131 SecureString ss = new SecureString ();
132 ss.data = (byte[]) data.Clone ();
136 public void Dispose ()
139 // don't call clear because we could be either in read-only
140 // or already disposed - but DO CLEAR the data
142 Array.Clear (data, 0, data.Length);
148 public void InsertAt (int index, char c)
151 throw new ObjectDisposedException ("SecureString");
153 throw new InvalidOperationException (Locale.GetText (
154 "SecureString is read-only."));
156 if ((index < 0) || (index > length))
157 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
158 // insert increments length
159 if (length >= MaxSize) {
160 string msg = Locale.GetText ("Maximum string size is '{0}'.", MaxSize);
161 throw new ArgumentOutOfRangeException ("index", msg);
173 public bool IsReadOnly ()
176 throw new ObjectDisposedException ("SecureString");
180 public void MakeReadOnly ()
185 public void RemoveAt (int index)
188 throw new ObjectDisposedException ("SecureString");
190 throw new InvalidOperationException (Locale.GetText (
191 "SecureString is read-only."));
193 if ((index < 0) || (index >= length))
194 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
198 Buffer.BlockCopy (data, index, data, index - 1, data.Length - index);
206 public void SetAt (int index, char c)
209 throw new ObjectDisposedException ("SecureString");
211 throw new InvalidOperationException (Locale.GetText (
212 "SecureString is read-only."));
214 if ((index < 0) || (index >= length))
215 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
220 data[n++] = (byte) (c >> 8);
228 // internal/private stuff
230 private void Encrypt ()
232 throw new NotSupportedException ();
233 // ProtectedMemory was moved into System.Security.dll
234 // ProtectedMemory.Protect (data, MemoryProtectionScope.SameProcess);
237 private void Decrypt ()
239 throw new NotSupportedException ();
240 // ProtectedMemory was moved into System.Security.dll
241 // ProtectedMemory.Unprotect (data, MemoryProtectionScope.SameProcess);
244 // note: realloc only work for bigger buffers. Clear will
245 // reset buffers to default (and small) size.
246 private void Alloc (int length, bool realloc)
248 if ((length < 0) || (length > MaxSize))
249 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
251 // (size / blocksize) + 1 * blocksize
252 // where size = length * 2 (unicode) and blocksize == 16 (ProtectedMemory)
253 // length * 2 (unicode) / 16 (blocksize)
254 int size = (length >> 3) + (((length & 0x7) == 0) ? 0 : 1) << 4;
257 byte[] newdata = new byte[size];
258 Array.Copy (data, 0, newdata, 0, data.Length);
259 Array.Clear (data, 0, data.Length);
262 data = new byte[size];
266 // dangerous method (put a LinkDemand on it)
267 internal byte[] GetBuffer ()
269 byte[] secret = null;
272 secret = (byte[]) data.Clone ();
277 // NOTE: CALLER IS RESPONSIBLE TO ZEROIZE THE DATA