forked from NethermindEth/nethermind
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move to explicit ProtectData code (NethermindEth#2043)
* Move to explicit ProtectData code * fix & upgrade packages * fix versions conflict * fix Nethermind.Network.Test packages * Fix Ethereum.Blockchain.Test packages
- Loading branch information
1 parent
0fbbeaf
commit 0e4e3ee
Showing
28 changed files
with
276 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
80 changes: 80 additions & 0 deletions
80
src/Nethermind/Nethermind.Crypto/ProtectedData.AspNetWrapper.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| // Copyright (c) 2018 Demerzel Solutions Limited | ||
| // This file is part of the Nethermind library. | ||
| // | ||
| // The Nethermind library is free software: you can redistribute it and/or modify | ||
| // it under the terms of the GNU Lesser General Public License as published by | ||
| // the Free Software Foundation, either version 3 of the License, or | ||
| // (at your option) any later version. | ||
| // | ||
| // The Nethermind library is distributed in the hope that it will be useful, | ||
| // but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| // GNU Lesser General Public License for more details. | ||
| // | ||
| // You should have received a copy of the GNU Lesser General Public License | ||
| // along with the Nethermind. If not, see <http://www.gnu.org/licenses/>. | ||
| // | ||
|
|
||
| using System; | ||
| using System.IO; | ||
| using System.Security.Cryptography; | ||
| using Microsoft.AspNetCore.DataProtection; | ||
|
|
||
| namespace Nethermind.Crypto | ||
| { | ||
| public partial class ProtectedData | ||
| { | ||
| private class AspNetWrapper : IProtector | ||
| { | ||
| private const string AppName = "Nethermind"; | ||
| private const string BaseName = AppName + "_"; | ||
|
|
||
| public byte[] Protect(byte[] userData, byte[] optionalEntropy, DataProtectionScope scope) | ||
| { | ||
| var protector = GetProtector(scope, optionalEntropy); | ||
| return protector.Protect(userData); | ||
| } | ||
|
|
||
| public byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope) | ||
| { | ||
| var protector = GetProtector(scope, optionalEntropy); | ||
| return protector.Unprotect(encryptedData); | ||
| } | ||
|
|
||
| private IDataProtector GetProtector(DataProtectionScope scope, byte[] optionalEntropy) | ||
| { | ||
| if (scope == DataProtectionScope.CurrentUser) | ||
| { | ||
| return GetUserProtector(optionalEntropy); | ||
| } | ||
| else | ||
| { | ||
| return GetMachineProtector(optionalEntropy); | ||
| } | ||
| } | ||
|
|
||
| private IDataProtector GetUserProtector(byte[] optionalEntropy) | ||
| { | ||
| var appData = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); | ||
| var path = Path.Combine(appData, AppName); | ||
| var info = new DirectoryInfo(path); | ||
| var provider = DataProtectionProvider.Create(info); | ||
| var purpose = CreatePurpose(optionalEntropy); | ||
| return provider.CreateProtector(purpose); | ||
| } | ||
|
|
||
| private IDataProtector GetMachineProtector(byte[] optionalEntropy) | ||
| { | ||
| var provider = DataProtectionProvider.Create(AppName); | ||
| var purpose = CreatePurpose(optionalEntropy); | ||
| return provider.CreateProtector(purpose); | ||
| } | ||
|
|
||
| private string CreatePurpose(byte[] optionalEntropy) | ||
| { | ||
| var result = BaseName + Convert.ToBase64String(optionalEntropy); | ||
| return Uri.EscapeDataString(result); | ||
| } | ||
| } | ||
| } | ||
| } |
37 changes: 37 additions & 0 deletions
37
src/Nethermind/Nethermind.Crypto/ProtectedData.DpapiWrapper.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| // Copyright (c) 2018 Demerzel Solutions Limited | ||
| // This file is part of the Nethermind library. | ||
| // | ||
| // The Nethermind library is free software: you can redistribute it and/or modify | ||
| // it under the terms of the GNU Lesser General Public License as published by | ||
| // the Free Software Foundation, either version 3 of the License, or | ||
| // (at your option) any later version. | ||
| // | ||
| // The Nethermind library is distributed in the hope that it will be useful, | ||
| // but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| // GNU Lesser General Public License for more details. | ||
| // | ||
| // You should have received a copy of the GNU Lesser General Public License | ||
| // along with the Nethermind. If not, see <http://www.gnu.org/licenses/>. | ||
| // | ||
|
|
||
| using System.Security.Cryptography; | ||
|
|
||
| namespace Nethermind.Crypto | ||
| { | ||
| public abstract partial class ProtectedData | ||
| { | ||
| private sealed class DpapiWrapper : IProtector | ||
| { | ||
| public byte[] Protect(byte[] userData, byte[] optionalEntropy, DataProtectionScope scope) | ||
| { | ||
| return System.Security.Cryptography.ProtectedData.Protect(userData, optionalEntropy, scope); | ||
| } | ||
|
|
||
| public byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope) | ||
| { | ||
| return System.Security.Cryptography.ProtectedData.Unprotect(encryptedData, optionalEntropy, scope); | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| // Copyright (c) 2018 Demerzel Solutions Limited | ||
| // This file is part of the Nethermind library. | ||
| // | ||
| // The Nethermind library is free software: you can redistribute it and/or modify | ||
| // it under the terms of the GNU Lesser General Public License as published by | ||
| // the Free Software Foundation, either version 3 of the License, or | ||
| // (at your option) any later version. | ||
| // | ||
| // The Nethermind library is distributed in the hope that it will be useful, | ||
| // but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| // GNU Lesser General Public License for more details. | ||
| // | ||
| // You should have received a copy of the GNU Lesser General Public License | ||
| // along with the Nethermind. If not, see <http://www.gnu.org/licenses/>. | ||
| // | ||
|
|
||
| using System; | ||
| using System.Security.Cryptography; | ||
| using Nethermind.Core; | ||
|
|
||
| namespace Nethermind.Crypto | ||
| { | ||
| public abstract class ProtectedData<T> : ProtectedData where T : IDisposable | ||
| { | ||
| private const int EntropyMaxLength = 10; | ||
| private const int EntropyMinLength = 5; | ||
| private static readonly TimeSpan MaxSecureTimeSpan = TimeSpan.FromMinutes(10); | ||
|
|
||
| private readonly ICryptoRandom _random; | ||
| private readonly ITimestamper _timestamper; | ||
| private byte[] _entropy; | ||
| private DateTime _timestamp; | ||
| private byte[] _encryptedData; | ||
|
|
||
| public ProtectedData(byte[] data, ICryptoRandom random = null, ITimestamper timestamper = null) | ||
| { | ||
| _random = random ?? new CryptoRandom(); | ||
| _timestamper = timestamper ?? Timestamper.Default; | ||
| Protect(data); | ||
| } | ||
|
|
||
| private void Protect(byte[] data) | ||
| { | ||
| _entropy = _random.GenerateRandomBytes(_random.NextInt(EntropyMaxLength - EntropyMinLength) + EntropyMinLength); | ||
| _encryptedData = Protect(data, _entropy, DataProtectionScope.CurrentUser); | ||
| _timestamp = _timestamper.UtcNow; | ||
| } | ||
|
|
||
| public T Unprotect() | ||
| { | ||
| var data = Unprotect(_encryptedData, _entropy, DataProtectionScope.CurrentUser); | ||
| CheckReProtect(data); | ||
| return CreateUnprotected(data); | ||
| } | ||
|
|
||
| protected abstract T CreateUnprotected(byte[] data); | ||
|
|
||
| private void CheckReProtect(byte[] data) | ||
| { | ||
| if (_timestamper.UtcNow - _timestamp > MaxSecureTimeSpan) | ||
| { | ||
| Protect(data); | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.