diff --git a/dotnet/dotnetframework/GeneXusCryptography/Mac/Cmac.cs b/dotnet/dotnetframework/GeneXusCryptography/Mac/Cmac.cs index 480b5d6..45743fd 100644 --- a/dotnet/dotnetframework/GeneXusCryptography/Mac/Cmac.cs +++ b/dotnet/dotnetframework/GeneXusCryptography/Mac/Cmac.cs @@ -50,7 +50,12 @@ public string calculate(string plainText, string key, string algorithm, int macS this.error.setError("CM002", "The mac length must be less or equal than the algorithm block size."); return ""; } - byte[] byteKey = Hex.Decode(key); + byte[] byteKey = SecurityUtils.GetHexa(key, "CM003", this.error); + if (this.HasError()) + { + return ""; + } + EncodingUtil eu = new EncodingUtil(); byte[] byteInput = eu.getBytes(plainText); @@ -65,7 +70,14 @@ public string calculate(string plainText, string key, string algorithm, int macS { mac = new CMac(blockCipher); } - mac.Init(parms); + try + { + mac.Init(parms); + }catch(Exception e) + { + this.error.setError("CM004", e.Message); + return ""; + } byte[] resBytes = new byte[mac.GetMacSize()]; mac.BlockUpdate(byteInput, 0, byteInput.Length); mac.DoFinal(resBytes, 0); diff --git a/dotnet/dotnetframework/GeneXusCryptography/Mac/Hmac.cs b/dotnet/dotnetframework/GeneXusCryptography/Mac/Hmac.cs index 6397b72..a3a332f 100644 --- a/dotnet/dotnetframework/GeneXusCryptography/Mac/Hmac.cs +++ b/dotnet/dotnetframework/GeneXusCryptography/Mac/Hmac.cs @@ -31,7 +31,12 @@ public Hmac() : base() [SecuritySafeCritical] public string calculate(string plainText, string password, string algorithm) { - byte[] pass = Hex.Decode(password); + byte[] pass = SecurityUtils.GetHexa(password, "HS002", this.error); + if (this.HasError()) + { + return ""; + } + EncodingUtil eu = new EncodingUtil(); byte[] inputBytes = eu.getBytes(plainText); if (this.HasError()) @@ -46,7 +51,14 @@ public string calculate(string plainText, string password, string algorithm) } IDigest digest = hash.createHash(alg); HMac engine = new HMac(digest); - engine.Init(new KeyParameter(pass)); + try + { + engine.Init(new KeyParameter(pass)); + }catch(Exception e) + { + this.error.setError("HS003", e.Message); + return ""; + } byte[] resBytes = new byte[engine.GetMacSize()]; engine.BlockUpdate(inputBytes, 0, inputBytes.Length); engine.DoFinal(resBytes, 0); diff --git a/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricBlockCipher.cs b/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricBlockCipher.cs index 8baa111..e63ed70 100644 --- a/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricBlockCipher.cs +++ b/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricBlockCipher.cs @@ -11,6 +11,7 @@ using SecurityAPICommons.Commons; using GeneXusCryptography.SymmetricUtils; using SecurityAPICommons.Config; +using SecurityAPICommons.Utils; namespace GeneXusCryptography.Symmetric { @@ -64,10 +65,24 @@ public string DoAEADEncrypt(string symmetricBlockAlgorithm, string symmetricBloc { return ""; } - KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); - byte[] nonceBytes = Hex.Decode(nonce); + byte[] nonceBytes = SecurityUtils.GetHexa(nonce, "SB024", this.error); + byte[] keyBytes = SecurityUtils.GetHexa(key, "SB024", this.error); + if(this.HasError()) + { + return ""; + } + + KeyParameter keyParam = new KeyParameter(keyBytes); + AeadParameters AEADparams = new AeadParameters(keyParam, macSize, nonceBytes); - bbc.Init(true, AEADparams); + try + { + bbc.Init(true, AEADparams); + }catch(Exception e) + { + this.error.setError("SB029", e.Message); + return ""; + } EncodingUtil eu = new EncodingUtil(); byte[] inputBytes = eu.getBytes(plainText); if (eu.GetError().existsError()) @@ -123,11 +138,23 @@ public string DoAEADDecrypt(string symmetricBlockAlgorithm, string symmetricBloc { return ""; } - - KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); - byte[] nonceBytes = Hex.Decode(nonce); + byte[] nonceBytes = SecurityUtils.GetHexa(nonce, "SB025", this.error); + byte[] keyBytes = SecurityUtils.GetHexa(key, "SB025", this.error); + if(this.HasError()) + { + return ""; + } + KeyParameter keyParam = new KeyParameter(keyBytes); + AeadParameters AEADparams = new AeadParameters(keyParam, macSize, nonceBytes); - bbc.Init(false, AEADparams); + try + { + bbc.Init(false, AEADparams); + }catch(Exception e) + { + this.error.setError("SB030", e.Message); + return ""; + } byte[] out2 = Base64.Decode(encryptedInput); byte[] comparisonBytes = new byte[bbc.GetOutputSize(out2.Length)]; int length = bbc.ProcessBytes(out2, 0, out2.Length, comparisonBytes, 0); @@ -176,17 +203,35 @@ public string DoEncrypt(string symmetricBlockAlgorithm, string symmetricBlockMod { return ""; } - - KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); + byte[] byteIV = SecurityUtils.GetHexa(IV, "SB022", this.error); + byte[] byteKey = SecurityUtils.GetHexa(key, "SB022", this.error); + if (this.HasError()) + { + return ""; + } + KeyParameter keyParam = new KeyParameter(byteKey); if (SymmetricBlockMode.ECB != mode && SymmetricBlockMode.OPENPGPCFB != mode) { - ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, Hex.Decode(IV)); - bbc.Init(true, keyParamWithIV); + ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, byteIV); + try{ + bbc.Init(true, keyParamWithIV); + }catch(Exception e) + { + this.error.setError("SB025", e.Message); + return ""; + } } else { - bbc.Init(true, keyParam); + try + { + bbc.Init(true, keyParam); + }catch(Exception e) + { + this.error.setError("SB026", e.Message); + return ""; + } } EncodingUtil eu = new EncodingUtil(); @@ -244,16 +289,36 @@ public string DoDecrypt(string symmetricBlockAlgorithm, string symmetricBlockMod { return ""; } + byte[] bytesKey = SecurityUtils.GetHexa(key, "SB023", this.error); + byte[] bytesIV = SecurityUtils.GetHexa(IV, "SB023", this.error); + if (this.HasError()) + { + return ""; + } - KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); + KeyParameter keyParam = new KeyParameter(bytesKey); if (SymmetricBlockMode.ECB != mode && SymmetricBlockMode.OPENPGPCFB != mode) { - ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, Hex.Decode(IV)); - bbc.Init(false, keyParamWithIV); + ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, bytesIV); + try + { + bbc.Init(false, keyParamWithIV); + }catch(Exception e) + { + this.error.setError("SB027", e.Message); + return ""; + } } else { - bbc.Init(false, keyParam); + try + { + bbc.Init(false, keyParam); + }catch(Exception e) + { + this.error.setError("SB028", e.Message); + return ""; + } } byte[] out2 = Base64.Decode(encryptedInput); diff --git a/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricStreamCipher.cs b/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricStreamCipher.cs index 7f67bbf..ecd059c 100644 --- a/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricStreamCipher.cs +++ b/dotnet/dotnetframework/GeneXusCryptography/Symmetric/SymmetricStreamCipher.cs @@ -11,6 +11,7 @@ using System; using System.Security; +using SecurityAPICommons.Utils; namespace GeneXusCryptography.Symmetric { @@ -56,20 +57,40 @@ public string DoEncrypt(string symmetricStreamAlgorithm, string key, string IV, { return ""; } - /* KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); + /* KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); engine.Init(true, keyParam);*/ - KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); + byte[] keyBytes = SecurityUtils.GetHexa(key, "SS007", this.error); + byte[] ivBytes = SecurityUtils.GetHexa(IV, "SS007", this.error); + if (this.HasError()) + { + return ""; + } + KeyParameter keyParam = new KeyParameter(keyBytes); if (SymmetricStreamAlgorithmUtils.usesIV(algorithm, this.GetError())) { if (!this.GetError().existsError()) { - ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, Hex.Decode(IV)); - engine.Init(false, keyParamWithIV); + ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, ivBytes); + try + { + engine.Init(false, keyParamWithIV); + }catch(Exception e) + { + this.error.setError("SS008", e.Message); + return ""; + } } } else { - engine.Init(false, keyParam); + try + { + engine.Init(false, keyParam); + }catch(Exception e) + { + this.error.setError("SS009", e.Message); + return ""; + } } EncodingUtil eu = new EncodingUtil(); byte[] input = eu.getBytes(plainText); @@ -115,20 +136,40 @@ public string DoDecrypt(string symmetricStreamAlgorithm, string key, string IV, return ""; } - /* KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); + /* KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); engine.Init(false, keyParam);*/ - KeyParameter keyParam = new KeyParameter(Hex.Decode(key)); + byte[] keyBytes = SecurityUtils.GetHexa(key, "SS010", this.error); + byte[] ivBytes = SecurityUtils.GetHexa(IV, "SS010", this.error); + if (this.HasError()) + { + return ""; + } + KeyParameter keyParam = new KeyParameter(keyBytes); if (SymmetricStreamAlgorithmUtils.usesIV(algorithm, this.GetError())) { if (!this.GetError().existsError()) { - ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, Hex.Decode(IV)); - engine.Init(false, keyParamWithIV); + ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, ivBytes); + try + { + engine.Init(false, keyParamWithIV); + }catch(Exception e) + { + this.error.setError("SS011", e.Message); + return ""; + } } } else { - engine.Init(false, keyParam); + try + { + engine.Init(false, keyParam); + }catch(Exception e) + { + this.error.setError("SS012", e.Message); + return ""; + } } byte[] input = Base64.Decode(encryptedInput); byte[] output = new byte[input.Length]; diff --git a/dotnet/dotnetframework/GeneXusJWT/Commons/JWTOptions.cs b/dotnet/dotnetframework/GeneXusJWT/Commons/JWTOptions.cs index 5799fdc..3d252f8 100644 --- a/dotnet/dotnetframework/GeneXusJWT/Commons/JWTOptions.cs +++ b/dotnet/dotnetframework/GeneXusJWT/Commons/JWTOptions.cs @@ -65,9 +65,9 @@ public void SetSecret(string value) { secret = Hex.Decode(value); } - catch (Exception) + catch (Exception e) { - this.error.setError("OP001", "Hexadecimal value expected"); + this.error.setError("OP001", e.Message); secret = null; } diff --git a/dotnet/dotnetframework/SecurityAPICommons/Keys/PrivateKeyManager.cs b/dotnet/dotnetframework/SecurityAPICommons/Keys/PrivateKeyManager.cs index 9a0d7db..47f446c 100644 --- a/dotnet/dotnetframework/SecurityAPICommons/Keys/PrivateKeyManager.cs +++ b/dotnet/dotnetframework/SecurityAPICommons/Keys/PrivateKeyManager.cs @@ -56,9 +56,9 @@ public bool LoadPKCS12(String privateKeyPath, String alias, String password) { loadKeyFromFile(privateKeyPath, alias, password); } - catch (Exception) + catch (Exception e) { - + this.error.setError("PK018", e.Message); return false; } if (this.HasError()) diff --git a/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs b/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs index b4fa6ed..a3a711e 100644 --- a/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs +++ b/dotnet/dotnetframework/SecurityAPICommons/Utils/SecurityUtils.cs @@ -1,4 +1,7 @@  +using Org.BouncyCastle.Utilities.Encoders; +using SecurityAPICommons.Commons; +using System; using System.Security; namespace SecurityAPICommons.Utils @@ -54,5 +57,21 @@ public static string getFileExtension(string path) } return path.Substring(lastIndexOf); } - } + + [SecuritySafeCritical] + public static byte[] GetHexa(string hex, string code, Error error) + { + byte[] output; + try + { + output = Hex.Decode(hex); + } + catch (Exception e) + { + error.setError(code, e.Message); + return null; + } + return output; + } + } }