2 // System.Security.SecureString class
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System
.Globalization
;
30 using System
.Reflection
;
31 using System
.Runtime
.CompilerServices
;
32 using System
.Runtime
.InteropServices
;
33 using System
.Runtime
.ConstrainedExecution
;
34 using System
.Security
.Cryptography
;
35 using System
.Security
.Permissions
;
37 namespace System
.Security
{
39 [MonoTODO ("work in progress - encryption is missing")]
40 public sealed class SecureString
: CriticalFinalizerObject
, IDisposable
{
42 private const int BlockSize
= 16;
43 private const int MaxSize
= 65536;
46 private bool disposed
;
47 private bool read_only
;
50 static SecureString ()
52 // ProtectedMemory has been moved to System.Security.dll
53 // we use reflection to call it (if available) or we'll
57 public SecureString ()
59 Alloc (BlockSize
>> 1, false);
62 [CLSCompliant (false)]
63 public unsafe SecureString (char* value, int length
)
66 throw new ArgumentNullException ("value");
67 if ((length
< 0) || (length
> MaxSize
))
68 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
70 this.length
= length
; // real length
71 Alloc (length
, false);
73 for (int i
= 0; i
< length
; i
++) {
75 data
[n
++] = (byte) (c
>> 8);
86 throw new ObjectDisposedException ("SecureString");
91 public void AppendChar (char c
)
94 throw new ObjectDisposedException ("SecureString");
96 throw new InvalidOperationException (Locale
.GetText (
97 "SecureString is read-only."));
99 if (length
== MaxSize
)
100 throw new ArgumentOutOfRangeException ("length", "> 65536");
105 Alloc (++length
, true);
106 data
[n
++] = (byte) (c
>> 8);
107 data
[n
++] = (byte) c
;
117 throw new ObjectDisposedException ("SecureString");
119 throw new InvalidOperationException (Locale
.GetText (
120 "SecureString is read-only."));
123 Array
.Clear (data
, 0, data
.Length
);
127 public SecureString
Copy ()
129 SecureString ss
= new SecureString ();
130 ss
.data
= (byte[]) data
.Clone ();
135 public void Dispose ()
138 // don't call clear because we could be either in read-only
139 // or already disposed - but DO CLEAR the data
141 Array
.Clear (data
, 0, data
.Length
);
147 public void InsertAt (int index
, char c
)
150 throw new ObjectDisposedException ("SecureString");
152 throw new InvalidOperationException (Locale
.GetText (
153 "SecureString is read-only."));
155 if ((index
< 0) || (index
> length
))
156 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
157 // insert increments length
158 if (length
>= MaxSize
) {
159 string msg
= Locale
.GetText ("Maximum string size is '{0}'.", MaxSize
);
160 throw new ArgumentOutOfRangeException ("index", msg
);
165 Alloc (++length
, true);
167 Buffer
.BlockCopy (data
, n
, data
, n
+ 2, data
.Length
- n
- 2);
168 data
[n
++] = (byte) (c
>> 8);
176 public bool IsReadOnly ()
179 throw new ObjectDisposedException ("SecureString");
183 public void MakeReadOnly ()
188 public void RemoveAt (int index
)
191 throw new ObjectDisposedException ("SecureString");
193 throw new InvalidOperationException (Locale
.GetText (
194 "SecureString is read-only."));
196 if ((index
< 0) || (index
>= length
))
197 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
201 Buffer
.BlockCopy (data
, index
+ 1, data
, index
, data
.Length
- index
- 1);
202 Alloc (--length
, true);
209 public void SetAt (int index
, char c
)
212 throw new ObjectDisposedException ("SecureString");
214 throw new InvalidOperationException (Locale
.GetText (
215 "SecureString is read-only."));
217 if ((index
< 0) || (index
>= length
))
218 throw new ArgumentOutOfRangeException ("index", "< 0 || > length");
223 data
[n
++] = (byte) (c
>> 8);
231 // internal/private stuff
233 // [MethodImplAttribute(MethodImplOptions.InternalCall)]
234 // extern static void EncryptInternal (byte [] data, object scope);
236 // [MethodImplAttribute(MethodImplOptions.InternalCall)]
237 // extern static void DecryptInternal (byte [] data, object scope);
239 // static readonly object scope = Enum.Parse (
240 // Assembly.Load (Consts.AssemblySystem_Security)
241 // .GetType ("System.Security.Cryptography.MemoryProtectionScope"), "SameProcess");
243 // Note that ProtectedMemory is not supported on non-Windows environment right now.
244 private void Encrypt ()
246 if ((data
!= null) && (data
.Length
> 0)) {
247 // It somehow causes nunit test breakage
248 // EncryptInternal (data, scope);
252 // Note that ProtectedMemory is not supported on non-Windows environment right now.
253 private void Decrypt ()
255 if ((data
!= null) && (data
.Length
> 0)) {
256 // It somehow causes nunit test breakage
257 // DecryptInternal (data, scope);
261 // note: realloc only work for bigger buffers. Clear will
262 // reset buffers to default (and small) size.
263 private void Alloc (int length
, bool realloc
)
265 if ((length
< 0) || (length
> MaxSize
))
266 throw new ArgumentOutOfRangeException ("length", "< 0 || > 65536");
268 // (size / blocksize) + 1 * blocksize
269 // where size = length * 2 (unicode) and blocksize == 16 (ProtectedMemory)
270 // length * 2 (unicode) / 16 (blocksize)
271 int size
= (length
>> 3) + (((length
& 0x7) == 0) ? 0 : 1) << 4;
273 // is re-allocation necessary ? (i.e. grow or shrink
274 // but do not re-allocate the same amount of memory)
275 if (realloc
&& (data
!= null) && (size
== data
.Length
))
280 byte[] newdata
= new byte[size
];
281 Array
.Copy (data
, 0, newdata
, 0, Math
.Min (data
.Length
, newdata
.Length
));
282 Array
.Clear (data
, 0, data
.Length
);
285 data
= new byte[size
];
289 // dangerous method (put a LinkDemand on it)
290 internal byte[] GetBuffer ()
292 byte[] secret
= new byte[length
<< 1];
295 Buffer
.BlockCopy (data
, 0, secret
, 0, secret
.Length
);
300 // NOTE: CALLER IS RESPONSIBLE TO ZEROIZE THE DATA