Permalink
Browse files

Normalization of cryptographic uses in asp.net

* System.Web.Configuration_2.0/MachineKeyRegistryStorage.cs:
Remove key length check and generic key generation.

* System.Web.Configuration_2.0/MachineKeySection.cs: Add support for 4.0
ValidationAlgorithm and the use of custom algorithms (validation and
decryption). Allow the use of any, valid, key length (based on the
algorithm). Let each algorithm creates its own key (e.g. special needs,
default length...)

* System.Web.Configuration_2.0/MachineKeySectionUtils.cs: Remove key
generation (from random) code and 192bits key length hack (won't work
with custom algorithms). Add support for new (4.0) algorithms, including
custom ones. Provide uniform/shared code to Encrypt/Decrypt, Sign/Verify
and EncryptSign/VerifyDecrypt using MachineKeySection data.

* System.Web.Configuration_2.0/MachineKeyValidation.cs: Add new (4.0)
values.

* System.Web.Configuration_2.0/MachineKeyValidationConverter.cs: Add
support for new (4.0) algorithms.

* System.Web.Handlers/AssemblyResourceLoader.cs: Use the new common
cryptographic code and base64 the encrypted data.

* System.Web.Security/FormsAuthentication.cs: Use the new common
cryptographic code and base64 the signed and/or encrypted data.

* System.Web.Security/MembershipHelper.cs: Use the new common
cryptographic code - this should be 100% compatible with existing data.

* System.Web.Security/RolePrincipal.cs: Use the new common cryptographic
code.

* System.Web.Security/SqliteMembershipProvider.cs: Adapt code for
internal API change.

* System.Web.UI/LosFormatter.cs: Adapt code for internal API change.
Fix some small behaviro changes wrt NET_4_0

* System.Web.UI/ObjectStateFormatter.cs: Use the new common cryptographic
code.

* System.Web.UI/Page.cs: Remove code that is now unneeded (with the new
common cryptogrraphic code).

* System.Web.Configuration_2.0/MachineKeyCompatibilityMode.cs: New.

* Test/System.Web.Configuration/MachineKeyValidationConverterTest.cs:
Add more, mostly 4.0, test cases.

* Test/System.Web.Security/FormsAuthenticationTest.cs: Add test case to
ensure HashPasswordForStoringInConfigFile is not case sensitive.

* Test/System.Web.UI/LosFormatterTest.cs: Add some rountrip test cases
with the different ctors
  • Loading branch information...
Sebastien Pouliot
Sebastien Pouliot committed Oct 8, 2010
1 parent 96880dc commit a22389fde254675e52a9da9c9bcd18afdec29d33
Showing with 1,397 additions and 686 deletions.
  1. +40 −0 mcs/class/System.Web/System.Web.Configuration_2.0/MachineKeyCompatibilityMode.cs
  2. +2 −55 mcs/class/System.Web/System.Web.Configuration_2.0/MachineKeyRegistryStorage.cs
  3. +201 −9 mcs/class/System.Web/System.Web.Configuration_2.0/MachineKeySection.cs
  4. +219 −92 mcs/class/System.Web/System.Web.Configuration_2.0/MachineKeySectionUtils.cs
  5. +8 −4 mcs/class/System.Web/System.Web.Configuration_2.0/MachineKeyValidation.cs
  6. +53 −17 mcs/class/System.Web/System.Web.Configuration_2.0/MachineKeyValidationConverter.cs
  7. +8 −56 mcs/class/System.Web/System.Web.Handlers/AssemblyResourceLoader.cs
  8. +19 −148 mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs
  9. +11 −35 mcs/class/System.Web/System.Web.Security/MembershipHelper.cs
  10. +17 −76 mcs/class/System.Web/System.Web.Security/RolePrincipal.cs
  11. +14 −3 mcs/class/System.Web/System.Web.Security/SqlMembershipProvider.cs
  12. +1 −1 mcs/class/System.Web/System.Web.Security/SqliteMembershipProvider.cs
  13. +2 −21 mcs/class/System.Web/System.Web.SessionState_2.0/SessionId.cs
  14. +34 −10 mcs/class/System.Web/System.Web.UI/LosFormatter.cs
  15. +51 −78 mcs/class/System.Web/System.Web.UI/ObjectStateFormatter.cs
  16. +0 −69 mcs/class/System.Web/System.Web.UI/Page.cs
  17. +1 −0 mcs/class/System.Web/System.Web.dll.sources
  18. +2 −0 mcs/class/System.Web/System.Web_test.dll.sources
  19. +157 −0 mcs/class/System.Web/Test/System.Web.Configuration/MachineKeySectionTest.cs
  20. +309 −0 mcs/class/System.Web/Test/System.Web.Configuration/MachineKeySectionUtilsTest.cs
  21. +77 −7 mcs/class/System.Web/Test/System.Web.Configuration/MachineKeyValidationConverterTest.cs
  22. +10 −0 mcs/class/System.Web/Test/System.Web.Security/FormsAuthenticationTest.cs
  23. +2 −2 mcs/class/System.Web/Test/System.Web.Security/RolePrincipalTest.cs
  24. +143 −2 mcs/class/System.Web/Test/System.Web.UI/LosFormatterTest.cs
  25. +16 −1 mcs/class/System.Web/Test/System.Web.UI/ObjectStateFormatterTest.cs
@@ -0,0 +1,40 @@
+//
+// System.Web.Configuration.MachineKeyCompatibilityMode
+//
+// Authors:
+// Sebastien Pouliot <sebastien@ximian.com>
+//
+// Copyright (C) 2010 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_4_0
+
+namespace System.Web.Configuration {
+
+ public enum MachineKeyCompatibilityMode {
+ Framework20SP1 = 0,
+ Framework20SP2 = 1
+ }
+}
+
+#endif
+
@@ -28,8 +28,6 @@
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-using System;
-using System.Security.Cryptography;
using Microsoft.Win32;
namespace System.Web.Configuration
@@ -42,9 +40,6 @@ public enum KeyType
Encryption
};
- const int encryptionKeyLength = 64;
- const int validationKeyLength = 64;
-
static string keyEncryption;
static string keyValidation;
@@ -62,31 +57,16 @@ static MachineKeyRegistryStorage ()
}
public static byte[] Retrieve (KeyType kt)
- {
- byte[] ret = GetKey (kt);
- if (ret == null) {
- ret = Generate (kt);
- if (ret != null)
- Store (ret, kt);
- }
-
- return ret;
- }
-
- static byte[] GetKey (KeyType kt)
{
string key = null;
- int len;
switch (kt) {
case KeyType.Validation:
key = keyValidation;
- len = validationKeyLength;
break;
case KeyType.Encryption:
key = keyEncryption;
- len = validationKeyLength;
break;
default:
@@ -107,11 +87,7 @@ static byte[] GetKey (KeyType kt)
if (o == null || o.GetType () != typeof (byte[]))
return null;
- byte[] ret = (byte[])o;
- if (ret.Length != len)
- return null;
-
- return ret;
+ return (byte[]) o;
}
static RegistryKey OpenRegistryKey (string path, bool write)
@@ -134,23 +110,19 @@ static RegistryKey OpenRegistryKey (string path, bool write)
return ret;
}
- static void Store (byte[] buf, KeyType kt)
+ public static void Store (byte[] buf, KeyType kt)
{
if (buf == null)
return;
string key = null;
- int len;
-
switch (kt) {
case KeyType.Validation:
key = keyValidation;
- len = validationKeyLength;
break;
case KeyType.Encryption:
key = keyEncryption;
- len = validationKeyLength;
break;
default:
@@ -160,9 +132,6 @@ static void Store (byte[] buf, KeyType kt)
if (key == null)
return;
- if (buf.Length != len)
- throw new ArgumentException ("Key has invalid length");
-
try {
using (RegistryKey rk = OpenRegistryKey (key, true)) {
#if NET_2_0
@@ -180,27 +149,5 @@ static void Store (byte[] buf, KeyType kt)
throw new ApplicationException ("Failed to store encryption key in the registry.", ex);
}
}
-
- static byte[] Generate (KeyType kt)
- {
- RandomNumberGenerator rng = RandomNumberGenerator.Create ();
- byte[] ret = null;
-
- switch (kt) {
- case KeyType.Validation:
- ret = new byte [validationKeyLength];
- break;
-
- case KeyType.Encryption:
- ret = new byte [encryptionKeyLength];
- break;
-
- default:
- throw new ArgumentException ("Unknown key type.");
- }
-
- rng.GetBytes (ret);
- return ret;
- }
}
}
Oops, something went wrong.

0 comments on commit a22389f

Please sign in to comment.