diff --git a/src/NzbDrone.Host/Owin/MiddleWare/SignalRMiddleWare.cs b/src/NzbDrone.Host/Owin/MiddleWare/SignalRMiddleWare.cs index f2e881f5e..0353ae661 100644 --- a/src/NzbDrone.Host/Owin/MiddleWare/SignalRMiddleWare.cs +++ b/src/NzbDrone.Host/Owin/MiddleWare/SignalRMiddleWare.cs @@ -14,6 +14,7 @@ namespace NzbDrone.Host.Owin.MiddleWare { SignalRDependencyResolver.Register(container); SignalRJsonSerializer.Register(); + SignalRProtectedData.Register(); // Half the default time (110s) to get under nginx's default 60 proxy_read_timeout GlobalHost.Configuration.ConnectionTimeout = TimeSpan.FromSeconds(55); diff --git a/src/NzbDrone.SignalR/NonPersistentManagedProtection.cs b/src/NzbDrone.SignalR/NonPersistentManagedProtection.cs new file mode 100644 index 000000000..bb31fc87b --- /dev/null +++ b/src/NzbDrone.SignalR/NonPersistentManagedProtection.cs @@ -0,0 +1,274 @@ +using System; +using System.IO; +using System.Runtime.InteropServices; +using System.Security; +using System.Security.Cryptography; +using System.Security.Permissions; + + +namespace NzbDrone.SignalR +{ + // Copied from https://github.com/mono/mono/blob/c5b88ec4f323f2bdb7c7d0a595ece28dae66579c/mcs/class/System.Security/Mono.Security.Cryptography/ManagedProtection.cs + // And modified to use an non-persistent encryption key + + // + // ManagedProtection.cs - + // Protect (encrypt) data without (user involved) key management + // + // Author: + // Sebastien Pouliot + // + // Copyright (C) 2005 Novell, Inc (http://www.novell.com) + // + // Permission is hereby granted, free of charge, to any person obtaining + // a copy of this software and associated documentation files (the + // "Software"), to deal in the Software without restriction, including + // without limitation the rights to use, copy, modify, merge, publish, + // distribute, sublicense, and/or sell copies of the Software, and to + // permit persons to whom the Software is furnished to do so, subject to + // the following conditions: + // + // The above copyright notice and this permission notice shall be + // included in all copies or substantial portions of the Software. + // + // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + // + internal static class NonPersistentManagedProtection + { + public static byte[] Protect(byte[] userData, byte[] optionalEntropy) + { + if (userData == null) + throw new ArgumentNullException("userData"); + + Rijndael aes = Rijndael.Create(); + aes.KeySize = 128; + + byte[] encdata = null; + using (MemoryStream ms = new MemoryStream()) + { + ICryptoTransform t = aes.CreateEncryptor(); + using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write)) + { + cs.Write(userData, 0, userData.Length); + cs.Close(); + encdata = ms.ToArray(); + } + } + + byte[] key = null; + byte[] iv = null; + byte[] secret = null; + byte[] header = null; + SHA256 hash = SHA256.Create(); + + try + { + key = aes.Key; + iv = aes.IV; + secret = new byte[1 + 1 + 16 + 1 + 16 + 1 + 32]; + + byte[] digest = hash.ComputeHash(userData); + if ((optionalEntropy != null) && (optionalEntropy.Length > 0)) + { + // the same optionalEntropy will be required to get the data back + byte[] mask = hash.ComputeHash(optionalEntropy); + for (int i = 0; i < 16; i++) + { + key[i] ^= mask[i]; + iv[i] ^= mask[i + 16]; + } + secret[0] = 2; // entropy + } + else + { + secret[0] = 1; // without entropy + } + + secret[1] = 16; // key size + Buffer.BlockCopy(key, 0, secret, 2, 16); + secret[18] = 16; // iv size + Buffer.BlockCopy(iv, 0, secret, 19, 16); + secret[35] = 32; // digest size + Buffer.BlockCopy(digest, 0, secret, 36, 32); + + RSAOAEPKeyExchangeFormatter formatter = new RSAOAEPKeyExchangeFormatter(GetKey()); + header = formatter.CreateKeyExchange(secret); + } + finally + { + if (key != null) + { + Array.Clear(key, 0, key.Length); + key = null; + } + if (secret != null) + { + Array.Clear(secret, 0, secret.Length); + secret = null; + } + if (iv != null) + { + Array.Clear(iv, 0, iv.Length); + iv = null; + } + aes.Clear(); + hash.Clear(); + } + + byte[] result = new byte[header.Length + encdata.Length]; + Buffer.BlockCopy(header, 0, result, 0, header.Length); + Buffer.BlockCopy(encdata, 0, result, header.Length, encdata.Length); + return result; + } + + public static byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy) + { + if (encryptedData == null) + throw new ArgumentNullException("encryptedData"); + + byte[] decdata = null; + + Rijndael aes = Rijndael.Create(); + RSA rsa = GetKey(); + int headerSize = (rsa.KeySize >> 3); + bool valid1 = (encryptedData.Length >= headerSize); + if (!valid1) + headerSize = encryptedData.Length; + + byte[] header = new byte[headerSize]; + Buffer.BlockCopy(encryptedData, 0, header, 0, headerSize); + + byte[] secret = null; + byte[] key = null; + byte[] iv = null; + bool valid2 = false; + bool valid3 = false; + bool valid4 = false; + SHA256 hash = SHA256.Create(); + + try + { + try + { + RSAOAEPKeyExchangeDeformatter deformatter = new RSAOAEPKeyExchangeDeformatter(rsa); + secret = deformatter.DecryptKeyExchange(header); + valid2 = (secret.Length == 68); + } + catch + { + valid2 = false; + } + + if (!valid2) + secret = new byte[68]; + + // known values for structure (version 1 or 2) + valid3 = ((secret[1] == 16) && (secret[18] == 16) && (secret[35] == 32)); + + key = new byte[16]; + Buffer.BlockCopy(secret, 2, key, 0, 16); + iv = new byte[16]; + Buffer.BlockCopy(secret, 19, iv, 0, 16); + + if ((optionalEntropy != null) && (optionalEntropy.Length > 0)) + { + // the decrypted data won't be valid if the entropy isn't + // the same as the one used to protect (encrypt) it + byte[] mask = hash.ComputeHash(optionalEntropy); + for (int i = 0; i < 16; i++) + { + key[i] ^= mask[i]; + iv[i] ^= mask[i + 16]; + } + valid3 &= (secret[0] == 2); // with entropy + } + else + { + valid3 &= (secret[0] == 1); // without entropy + } + + using (MemoryStream ms = new MemoryStream()) + { + ICryptoTransform t = aes.CreateDecryptor(key, iv); + using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write)) + { + try + { + cs.Write(encryptedData, headerSize, encryptedData.Length - headerSize); + cs.Close(); + } + catch + { + // whatever, we keep going + } + } + decdata = ms.ToArray(); + } + + byte[] digest = hash.ComputeHash(decdata); + valid4 = true; + for (int i = 0; i < 32; i++) + { + if (digest[i] != secret[36 + i]) + valid4 = false; + } + } + finally + { + if (key != null) + { + Array.Clear(key, 0, key.Length); + key = null; + } + if (secret != null) + { + Array.Clear(secret, 0, secret.Length); + secret = null; + } + if (iv != null) + { + Array.Clear(iv, 0, iv.Length); + iv = null; + } + aes.Clear(); + hash.Clear(); + } + + // single point of error (also limits timing informations) + if (!valid1 || !valid2 || !valid3 || !valid4) + { + if (decdata != null) + { + Array.Clear(decdata, 0, decdata.Length); + decdata = null; + } + throw new CryptographicException("Invalid data."); + } + return decdata; + } + + // private stuff + + private static RSA appstartup; + private readonly static object appstartup_lock = new object(); + + private static RSA GetKey() + { + if (appstartup == null) + { + lock (appstartup_lock) + { + appstartup = new RSACryptoServiceProvider(1536); + } + } + + return appstartup; + } + } +} diff --git a/src/NzbDrone.SignalR/NzbDrone.SignalR.csproj b/src/NzbDrone.SignalR/NzbDrone.SignalR.csproj index d435682c9..7a7359d69 100644 --- a/src/NzbDrone.SignalR/NzbDrone.SignalR.csproj +++ b/src/NzbDrone.SignalR/NzbDrone.SignalR.csproj @@ -81,6 +81,7 @@ Properties\SharedAssemblyInfo.cs + @@ -89,6 +90,8 @@ + + diff --git a/src/NzbDrone.SignalR/SignalRProtectedData.cs b/src/NzbDrone.SignalR/SignalRProtectedData.cs new file mode 100644 index 000000000..f196e8bd4 --- /dev/null +++ b/src/NzbDrone.SignalR/SignalRProtectedData.cs @@ -0,0 +1,45 @@ +using Microsoft.AspNet.SignalR; +using Microsoft.AspNet.SignalR.Infrastructure; +using NzbDrone.Common.EnvironmentInfo; +using System; +using System.Text; + +namespace NzbDrone.SignalR +{ + // This class uses a per-startup key instead of the persistent keystore. + public class SignalRProtectedData : IProtectedData + { + private static readonly UTF8Encoding _encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true); + + public static void Register() + { + // On mono we're not guaranteed to have a DSAPI keystore, and we don't really need it, so use an alternate ProtectedData method. + if (OsInfo.IsNotWindows) + { + GlobalHost.DependencyResolver.Register(typeof(IProtectedData), () => new SignalRProtectedData()); + } + } + + public string Protect(string data, string purpose) + { + byte[] purposeBytes = _encoding.GetBytes(purpose); + + byte[] unprotectedBytes = _encoding.GetBytes(data); + + byte[] protectedBytes = NonPersistentManagedProtection.Protect(unprotectedBytes, purposeBytes); + + return Convert.ToBase64String(protectedBytes); + } + + public string Unprotect(string protectedValue, string purpose) + { + byte[] purposeBytes = _encoding.GetBytes(purpose); + + byte[] protectedBytes = Convert.FromBase64String(protectedValue); + + byte[] unprotectedBytes = NonPersistentManagedProtection.Unprotect(protectedBytes, purposeBytes); + + return _encoding.GetString(unprotectedBytes); + } + } +}