2013-02-23 08:24:43 -05:00
|
|
|
/*
|
|
|
|
KeePass Password Safe - The Open-Source Password Manager
|
2016-08-29 22:09:53 -04:00
|
|
|
Copyright (C) 2003-2016 Dominik Reichl <dominik.reichl@t-online.de>
|
2013-02-23 11:43:42 -05:00
|
|
|
|
|
|
|
Modified to be used with Mono for Android. Changes Copyright (C) 2013 Philipp Crocoll
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
using System;
|
|
|
|
using System.Diagnostics;
|
2016-08-29 22:09:53 -04:00
|
|
|
using System.IO;
|
|
|
|
|
|
|
|
#if !KeePassUAP
|
2013-02-23 08:24:43 -05:00
|
|
|
using System.Drawing;
|
2016-08-29 22:09:53 -04:00
|
|
|
using System.Security.Cryptography;
|
|
|
|
#endif
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
using KeePassLib.Native;
|
|
|
|
using KeePassLib.Utility;
|
|
|
|
|
|
|
|
namespace KeePassLib.Cryptography
|
|
|
|
{
|
|
|
|
/// <summary>
|
|
|
|
/// Cryptographically strong random number generator. The returned values
|
|
|
|
/// are unpredictable and cannot be reproduced.
|
|
|
|
/// <c>CryptoRandom</c> is a singleton class.
|
|
|
|
/// </summary>
|
|
|
|
public sealed class CryptoRandom
|
|
|
|
{
|
|
|
|
private byte[] m_pbEntropyPool = new byte[64];
|
2016-08-29 22:11:48 -04:00
|
|
|
private ulong m_uCounter;
|
2013-02-23 08:24:43 -05:00
|
|
|
private RNGCryptoServiceProvider m_rng = new RNGCryptoServiceProvider();
|
|
|
|
private ulong m_uGeneratedBytesCount = 0;
|
|
|
|
|
2016-08-29 22:09:53 -04:00
|
|
|
private static object g_oSyncRoot = new object();
|
2013-02-23 08:24:43 -05:00
|
|
|
private object m_oSyncRoot = new object();
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
private static CryptoRandom g_pInstance = null;
|
2013-02-23 08:24:43 -05:00
|
|
|
public static CryptoRandom Instance
|
|
|
|
{
|
|
|
|
get
|
|
|
|
{
|
2016-08-29 22:09:53 -04:00
|
|
|
CryptoRandom cr;
|
|
|
|
lock(g_oSyncRoot)
|
|
|
|
{
|
2016-08-29 22:11:48 -04:00
|
|
|
cr = g_pInstance;
|
2016-08-29 22:09:53 -04:00
|
|
|
if(cr == null)
|
|
|
|
{
|
|
|
|
cr = new CryptoRandom();
|
2016-08-29 22:11:48 -04:00
|
|
|
g_pInstance = cr;
|
2016-08-29 22:09:53 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return cr;
|
2013-02-23 08:24:43 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
/// Get the number of random bytes that this instance generated so far.
|
|
|
|
/// Note that this number can be higher than the number of random bytes
|
|
|
|
/// actually requested using the <c>GetRandomBytes</c> method.
|
|
|
|
/// </summary>
|
|
|
|
public ulong GeneratedBytesCount
|
|
|
|
{
|
|
|
|
get
|
|
|
|
{
|
|
|
|
ulong u;
|
|
|
|
lock(m_oSyncRoot) { u = m_uGeneratedBytesCount; }
|
|
|
|
return u;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
/// Event that is triggered whenever the internal <c>GenerateRandom256</c>
|
|
|
|
/// method is called to generate random bytes.
|
|
|
|
/// </summary>
|
|
|
|
public event EventHandler GenerateRandom256Pre;
|
|
|
|
|
|
|
|
private CryptoRandom()
|
|
|
|
{
|
2016-08-29 22:11:48 -04:00
|
|
|
Random rWeak = new Random();
|
|
|
|
byte[] pb = new byte[8];
|
|
|
|
rWeak.NextBytes(pb);
|
|
|
|
m_uCounter = MemUtil.BytesToUInt64(pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
AddEntropy(GetSystemData(rWeak));
|
2013-02-23 08:24:43 -05:00
|
|
|
AddEntropy(GetCspData());
|
|
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
/// Update the internal seed of the random number generator based
|
|
|
|
/// on entropy data.
|
|
|
|
/// This method is thread-safe.
|
|
|
|
/// </summary>
|
|
|
|
/// <param name="pbEntropy">Entropy bytes.</param>
|
|
|
|
public void AddEntropy(byte[] pbEntropy)
|
|
|
|
{
|
|
|
|
if(pbEntropy == null) { Debug.Assert(false); return; }
|
|
|
|
if(pbEntropy.Length == 0) { Debug.Assert(false); return; }
|
|
|
|
|
|
|
|
byte[] pbNewData = pbEntropy;
|
2016-08-29 22:11:48 -04:00
|
|
|
if(pbEntropy.Length > 64)
|
2013-02-23 08:24:43 -05:00
|
|
|
{
|
2016-08-29 22:09:53 -04:00
|
|
|
#if KeePassLibSD
|
2016-08-29 22:11:48 -04:00
|
|
|
using(SHA256Managed shaNew = new SHA256Managed())
|
2013-02-23 08:24:43 -05:00
|
|
|
#else
|
2016-08-29 22:11:48 -04:00
|
|
|
using(SHA512Managed shaNew = new SHA512Managed())
|
2013-02-23 08:24:43 -05:00
|
|
|
#endif
|
2016-08-29 22:11:48 -04:00
|
|
|
{
|
2013-02-23 08:24:43 -05:00
|
|
|
pbNewData = shaNew.ComputeHash(pbEntropy);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
lock(m_oSyncRoot)
|
|
|
|
{
|
2016-08-29 22:11:48 -04:00
|
|
|
int cbPool = m_pbEntropyPool.Length;
|
|
|
|
int cbNew = pbNewData.Length;
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
byte[] pbCmp = new byte[cbPool + cbNew];
|
|
|
|
Array.Copy(m_pbEntropyPool, pbCmp, cbPool);
|
|
|
|
Array.Copy(pbNewData, 0, pbCmp, cbPool, cbNew);
|
|
|
|
|
|
|
|
MemUtil.ZeroByteArray(m_pbEntropyPool);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:09:53 -04:00
|
|
|
#if KeePassLibSD
|
2016-08-29 22:11:48 -04:00
|
|
|
using(SHA256Managed shaPool = new SHA256Managed())
|
2013-02-23 08:24:43 -05:00
|
|
|
#else
|
2016-08-29 22:11:48 -04:00
|
|
|
using(SHA512Managed shaPool = new SHA512Managed())
|
2013-02-23 08:24:43 -05:00
|
|
|
#endif
|
2016-08-29 22:11:48 -04:00
|
|
|
{
|
|
|
|
m_pbEntropyPool = shaPool.ComputeHash(pbCmp);
|
2013-02-23 08:24:43 -05:00
|
|
|
}
|
2016-08-29 22:11:48 -04:00
|
|
|
|
|
|
|
MemUtil.ZeroByteArray(pbCmp);
|
2016-08-31 00:55:53 -04:00
|
|
|
}
|
2013-02-23 08:24:43 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
private static byte[] GetSystemData(Random rWeak)
|
|
|
|
{
|
|
|
|
MemoryStream ms = new MemoryStream();
|
|
|
|
byte[] pb;
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int32ToBytes(Environment.TickCount);
|
|
|
|
MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int64ToBytes(DateTime.UtcNow.ToBinary());
|
|
|
|
MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
#if !KeePassLibSD
|
2016-08-31 00:55:53 -04:00
|
|
|
/*Not supported on Android
|
2016-08-29 22:09:53 -04:00
|
|
|
// In try-catch for systems without GUI;
|
|
|
|
// https://sourceforge.net/p/keepass/discussion/329221/thread/20335b73/
|
|
|
|
try
|
|
|
|
{
|
|
|
|
Point pt = Cursor.Position;
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int32ToBytes(pt.X);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int32ToBytes(pt.Y);
|
|
|
|
MemUtil.Write(ms, pb);
|
2016-08-29 22:09:53 -04:00
|
|
|
}
|
|
|
|
catch(Exception) { }
|
2016-08-31 00:55:53 -04:00
|
|
|
*/
|
2013-02-23 08:24:43 -05:00
|
|
|
#endif
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int32ToBytes(rWeak.Next());
|
|
|
|
MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
pb = MemUtil.UInt32ToBytes((uint)NativeLib.GetPlatformID());
|
2016-08-29 22:11:48 -04:00
|
|
|
MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
try
|
|
|
|
{
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int32ToBytes(Environment.ProcessorCount);
|
|
|
|
MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:09:53 -04:00
|
|
|
#if KeePassUAP
|
|
|
|
Version v = EnvironmentExt.OSVersion.Version;
|
|
|
|
#else
|
2013-02-23 08:24:43 -05:00
|
|
|
Version v = Environment.OSVersion.Version;
|
2016-08-29 22:09:53 -04:00
|
|
|
#endif
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int32ToBytes(v.GetHashCode());
|
|
|
|
MemUtil.Write(ms, pb);
|
2016-08-29 22:09:53 -04:00
|
|
|
|
|
|
|
#if !KeePassUAP
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int64ToBytes(Environment.WorkingSet);
|
|
|
|
MemUtil.Write(ms, pb);
|
2016-08-29 22:09:53 -04:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
catch(Exception) { Debug.Assert(false); }
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:09:53 -04:00
|
|
|
#if KeePassUAP
|
|
|
|
pb = DiagnosticsExt.GetProcessEntropy();
|
2016-08-29 22:11:48 -04:00
|
|
|
MemUtil.Write(ms, pb);
|
2016-08-29 22:09:53 -04:00
|
|
|
#elif !KeePassLibSD
|
|
|
|
Process p = null;
|
|
|
|
try
|
|
|
|
{
|
|
|
|
p = Process.GetCurrentProcess();
|
2013-02-23 08:24:43 -05:00
|
|
|
// Not supported in Mono 1.2.6:
|
2016-08-29 22:11:48 -04:00
|
|
|
pb = MemUtil.Int64ToBytes(p.Handle.ToInt64());
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int32ToBytes(p.HandleCount);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int32ToBytes(p.Id);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.NonpagedSystemMemorySize64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.PagedMemorySize64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.PagedSystemMemorySize64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.PeakPagedMemorySize64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.PeakVirtualMemorySize64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.PeakWorkingSet64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.PrivateMemorySize64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.StartTime.ToBinary());
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.VirtualMemorySize64);
|
|
|
|
MemUtil.Write(ms, pb);
|
|
|
|
pb = MemUtil.Int64ToBytes(p.WorkingSet64);
|
|
|
|
MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
// pb = MemUtil.UInt32ToBytes((uint)p.SessionId);
|
|
|
|
// ms.Write(pb, 0, pb.Length);
|
|
|
|
// pb = MemUtil.UInt32ToBytes((uint)p.SessionId);
|
2016-08-29 22:11:48 -04:00
|
|
|
// MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
}
|
2016-08-29 22:09:53 -04:00
|
|
|
catch(Exception) { Debug.Assert(NativeLib.IsUnix()); }
|
|
|
|
finally
|
|
|
|
{
|
|
|
|
try { if(p != null) p.Dispose(); }
|
|
|
|
catch(Exception) { Debug.Assert(false); }
|
2013-02-23 08:24:43 -05:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
pb = Guid.NewGuid().ToByteArray();
|
2016-08-29 22:11:48 -04:00
|
|
|
MemUtil.Write(ms, pb);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
byte[] pbAll = ms.ToArray();
|
|
|
|
ms.Close();
|
|
|
|
return pbAll;
|
|
|
|
}
|
|
|
|
|
|
|
|
private byte[] GetCspData()
|
|
|
|
{
|
|
|
|
byte[] pbCspRandom = new byte[32];
|
|
|
|
m_rng.GetBytes(pbCspRandom);
|
|
|
|
return pbCspRandom;
|
|
|
|
}
|
|
|
|
|
|
|
|
private byte[] GenerateRandom256()
|
|
|
|
{
|
|
|
|
if(this.GenerateRandom256Pre != null)
|
|
|
|
this.GenerateRandom256Pre(this, EventArgs.Empty);
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
byte[] pbCmp;
|
2013-02-23 08:24:43 -05:00
|
|
|
lock(m_oSyncRoot)
|
|
|
|
{
|
2016-08-29 22:11:48 -04:00
|
|
|
m_uCounter += 0x74D8B29E4D38E161UL; // Prime number
|
|
|
|
byte[] pbCounter = MemUtil.UInt64ToBytes(m_uCounter);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
byte[] pbCspRandom = GetCspData();
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
int cbPool = m_pbEntropyPool.Length;
|
|
|
|
int cbCtr = pbCounter.Length;
|
|
|
|
int cbCsp = pbCspRandom.Length;
|
|
|
|
|
|
|
|
pbCmp = new byte[cbPool + cbCtr + cbCsp];
|
|
|
|
Array.Copy(m_pbEntropyPool, pbCmp, cbPool);
|
|
|
|
Array.Copy(pbCounter, 0, pbCmp, cbPool, cbCtr);
|
|
|
|
Array.Copy(pbCspRandom, 0, pbCmp, cbPool + cbCtr, cbCsp);
|
|
|
|
|
|
|
|
MemUtil.ZeroByteArray(pbCspRandom);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
|
|
|
m_uGeneratedBytesCount += 32;
|
|
|
|
}
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
byte[] pbRet = CryptoUtil.HashSha256(pbCmp);
|
|
|
|
MemUtil.ZeroByteArray(pbCmp);
|
|
|
|
return pbRet;
|
2013-02-23 08:24:43 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
/// Get a number of cryptographically strong random bytes.
|
|
|
|
/// This method is thread-safe.
|
|
|
|
/// </summary>
|
|
|
|
/// <param name="uRequestedBytes">Number of requested random bytes.</param>
|
|
|
|
/// <returns>A byte array consisting of <paramref name="uRequestedBytes" />
|
|
|
|
/// random bytes.</returns>
|
|
|
|
public byte[] GetRandomBytes(uint uRequestedBytes)
|
|
|
|
{
|
2016-08-29 22:11:48 -04:00
|
|
|
if(uRequestedBytes == 0) return MemUtil.EmptyByteArray;
|
|
|
|
if(uRequestedBytes > (uint)int.MaxValue)
|
|
|
|
{
|
|
|
|
Debug.Assert(false);
|
|
|
|
throw new ArgumentOutOfRangeException("uRequestedBytes");
|
|
|
|
}
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
int cbRem = (int)uRequestedBytes;
|
|
|
|
byte[] pbRes = new byte[cbRem];
|
|
|
|
int iPos = 0;
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
while(cbRem != 0)
|
2013-02-23 08:24:43 -05:00
|
|
|
{
|
|
|
|
byte[] pbRandom256 = GenerateRandom256();
|
|
|
|
Debug.Assert(pbRandom256.Length == 32);
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
int cbCopy = Math.Min(cbRem, 32);
|
|
|
|
Array.Copy(pbRandom256, 0, pbRes, iPos, cbCopy);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
MemUtil.ZeroByteArray(pbRandom256);
|
2013-02-23 08:24:43 -05:00
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
iPos += cbCopy;
|
|
|
|
cbRem -= cbCopy;
|
2013-02-23 08:24:43 -05:00
|
|
|
}
|
|
|
|
|
2016-08-29 22:11:48 -04:00
|
|
|
Debug.Assert(iPos == pbRes.Length);
|
2013-02-23 08:24:43 -05:00
|
|
|
return pbRes;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|