Главная Обзор Помощь
Вход
c
/
mono
зеркало из https://github.com/mono/mono.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 5c8bf36fb7
Ветки Метки
mono
/
mcs
/
class
/
System.IdentityModel
/
System.IdentityModel.Tokens
/
InMemorySymmetricSecurityKey.cs

InMemorySymmetricSecurityKey.cs 7.3 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 
  1. //
    2. 

  2. // InMemorySymmetricSecurityKey.cs
    3. 

  3. //
    4. 

  4. // Author:
    5. 

  5. //	Atsushi Enomoto <[email protected]>
    6. 

  6. //
    7. 

  7. // Copyright (C) 2006-2007 Novell, Inc.  http://www.novell.com
    8. 

  8. //
    9. 

  9. // Permission is hereby granted, free of charge, to any person obtaining
    10. 

  10. // a copy of this software and associated documentation files (the
    11. 

  11. // "Software"), to deal in the Software without restriction, including
    12. 

  12. // without limitation the rights to use, copy, modify, merge, publish,
    13. 

  13. // distribute, sublicense, and/or sell copies of the Software, and to
    14. 

  14. // permit persons to whom the Software is furnished to do so, subject to
    15. 

  15. // the following conditions:
    16. 

  16. // 
    17. 

  17. // The above copyright notice and this permission notice shall be
    18. 

  18. // included in all copies or substantial portions of the Software.
    19. 

  19. // 
    20. 

  20. // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
    21. 

  21. // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
    22. 

  22. // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
    23. 

  23. // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
    24. 

  24. // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
    25. 

  25. // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
    26. 

  26. // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
    27. 

  27. //
    28. 

  28. using System;
    29. 

  29. using System.Collections.Generic;
    30. 

  30. using System.IO;
    31. 

  31. using System.Xml;
    32. 

  32. using System.IdentityModel.Policy;
    33. 

  33. using System.Security.Cryptography;
    34. 

  34. using System.Security.Cryptography.Xml;
    35. 

  35. 

  36. using M = Mono.Security.Cryptography;
    37. 

  37. using AES = System.Security.Cryptography.RijndaelManaged;
    38. 

  38. 

  39. namespace System.IdentityModel.Tokens
    40. 

  40. {
    41. 

  41. 	public class InMemorySymmetricSecurityKey : SymmetricSecurityKey
    42. 

  42. 	{
    43. 

  43. 		byte [] key;
    44. 

  44. 

  45. 		public InMemorySymmetricSecurityKey (byte [] key)
    46. 

  46. 			: this (key, true)
    47. 

  47. 		{
    48. 

  48. 		}
    49. 

  49. 

  50. 		public InMemorySymmetricSecurityKey (byte [] key, bool clone)
    51. 

  51. 		{
    52. 

  52. 			if (key == null)
    53. 

  53. 				throw new ArgumentNullException ("key");
    54. 

  54. 			this.key = clone ? (byte []) key.Clone() : key;
    55. 

  55. 		}
    56. 

  56. 

  57. 		// SymmetricSecurityKey implementation
    58. 

  58. 

  59. 		public override byte [] GenerateDerivedKey (
    60. 

  60. 			string algorithm, byte [] label, byte [] nonce,
    61. 

  61. 			int derivedKeyLength, int offset)
    62. 

  62. 		{
    63. 

  63. 			if (derivedKeyLength < 0)
    64. 

  64. 				throw new ArgumentOutOfRangeException ("derivedKeyLength");
    65. 

  65. 			if (offset < 0)
    66. 

  66. 				throw new ArgumentOutOfRangeException ("offset");
    67. 

  67. 			if (label == null)
    68. 

  68. 				throw new ArgumentNullException ("label");
    69. 

  69. 			if (nonce == null)
    70. 

  70. 				throw new ArgumentNullException ("nonce");
    71. 

  71. 			if (algorithm != SecurityAlgorithms.Psha1KeyDerivation)
    72. 

  72. 				throw new InvalidOperationException (String.Format ("Key derivation algorithm '{0}' is not supported", algorithm));
    73. 

  73. 			byte [] seed = new byte [label.Length + nonce.Length];
    74. 

  74. 			Array.Copy (label, seed, label.Length);
    75. 

  75. 			Array.Copy (nonce, 0, seed, label.Length, nonce.Length);
    76. 

  76. 

  77. 			byte [] p_sha = Expand ("SHA1", key, seed, derivedKeyLength / 8);
    78. 

  78. 

  79. 			return p_sha;
    80. 

  80. 		}
    81. 

  81. 

  82. 		// from Mono.Security.Protocol.Tls.CipherSuite.Expand() with
    83. 

  83. 		// a bit of modification ...
    84. 

  84. 		byte [] Expand (string hashName, byte[] secret, byte[] seed, int length)
    85. 

  85. 		{
    86. 

  86. 			int hashLength	= hashName == "MD5" ? 16 : 20;
    87. 

  87. 			int	iterations	= (int)(length / hashLength);
    88. 

  88. 			if ((length % hashLength) > 0)
    89. 

  89. 			{
    90. 

  90. 				iterations++;
    91. 

  91. 			}
    92. 

  92. 			
    93. 

  93. 			M.HMAC		hmac	= new M.HMAC(hashName, secret);
    94. 

  94. 			MemoryStream	resMacs	= new MemoryStream ();
    95. 

  95. 			
    96. 

  96. 			byte[][] hmacs = new byte[iterations + 1][];
    97. 

  97. 			hmacs[0] = seed;
    98. 

  98. 			for (int i = 1; i <= iterations; i++)
    99. 

  99. 			{				
    100. 

  100. 				MemoryStream hcseed = new MemoryStream ();
    101. 

  101. 				hmac.TransformFinalBlock(hmacs[i-1], 0, hmacs[i-1].Length);
    102. 

  102. 				hmacs[i] = hmac.Hash;
    103. 

  103. 				hcseed.Write(hmacs[i], 0, hmacs [i].Length);
    104. 

  104. 				hcseed.Write(seed, 0, seed.Length);
    105. 

  105. 				hmac.TransformFinalBlock(hcseed.ToArray(), 0, (int)hcseed.Length);
    106. 

  106. 				resMacs.Write(hmac.Hash, 0, hmac.Hash.Length);
    107. 

  107. 			}
    108. 

  108. 

  109. 			byte[] res = new byte[length];
    110. 

  110. 			
    111. 

  111. 			Buffer.BlockCopy(resMacs.ToArray(), 0, res, 0, res.Length);
    112. 

  112. 

  113. 			return res;
    114. 

  114. 		}
    115. 

  115. 

  116. 		public override byte [] GetSymmetricKey ()
    117. 

  117. 		{
    118. 

  118. 			return (byte []) key.Clone ();
    119. 

  119. 		}
    120. 

  120. 

  121. 		public override KeyedHashAlgorithm GetKeyedHashAlgorithm (
    122. 

  122. 			string algorithm)
    123. 

  123. 		{
    124. 

  124. 			if (algorithm == SecurityAlgorithms.HmacSha1Signature)
    125. 

  125. 				return new HMACSHA1 (key);
    126. 

  126. 			//if (algorithm == SecurityAlgorithms.HmacSha256Signature)
    127. 

  127. 			//	return new HMACSHA256 (key);
    128. 

  128. 			throw new NotSupportedException ();
    129. 

  129. 		}
    130. 

  130. 

  131. 		public override SymmetricAlgorithm GetSymmetricAlgorithm (string algorithm)
    132. 

  132. 		{
    133. 

  133. 			SymmetricAlgorithm s = null;
    134. 

  134. 			switch (algorithm) {
    135. 

  135. 			case SecurityAlgorithms.Aes128Encryption:
    136. 

  136. 			case SecurityAlgorithms.Aes192Encryption:
    137. 

  137. 			case SecurityAlgorithms.Aes256Encryption:
    138. 

  138. 			case SecurityAlgorithms.Aes128KeyWrap:
    139. 

  139. 			case SecurityAlgorithms.Aes192KeyWrap:
    140. 

  140. 			case SecurityAlgorithms.Aes256KeyWrap:
    141. 

  141. 				s = new AES ();
    142. 

  142. 				break;
    143. 

  143. 			case SecurityAlgorithms.TripleDesEncryption:
    144. 

  144. 			case SecurityAlgorithms.TripleDesKeyWrap:
    145. 

  145. 				if (key.Length == 24)
    146. 

  146. 					throw new CryptographicException ("The key size is 24 bytes, which known as vulnerable and thus not allowed.");
    147. 

  147. 				s = TripleDES.Create ();
    148. 

  148. 				break;
    149. 

  149. 			default:
    150. 

  150. 				throw new NotSupportedException (String.Format ("This symmetric security key does not support specified algorithm '{0}'", algorithm));
    151. 

  151. 			}
    152. 

  152. 			s.Mode = CipherMode.CBC;
    153. 

  153. 			s.GenerateIV ();
    154. 

  154. 			s.Key = key;
    155. 

  155. 			return s;
    156. 

  156. 		}
    157. 

  157. 

  158. 		public override ICryptoTransform GetDecryptionTransform (string algorithm, byte [] iv)
    159. 

  159. 		{
    160. 

  160. 			if (iv == null)
    161. 

  161. 				throw new ArgumentNullException ("iv");
    162. 

  162. 			SymmetricAlgorithm alg = GetSymmetricAlgorithm (algorithm);
    163. 

  163. 			alg.IV = iv;
    164. 

  164. 			return alg.CreateDecryptor ();
    165. 

  165. 		}
    166. 

  166. 

  167. 		public override ICryptoTransform GetEncryptionTransform (string algorithm, byte [] iv)
    168. 

  168. 		{
    169. 

  169. 			if (iv == null)
    170. 

  170. 				throw new ArgumentNullException ("iv");
    171. 

  171. 			SymmetricAlgorithm alg = GetSymmetricAlgorithm (algorithm);
    172. 

  172. 			alg.IV = iv;
    173. 

  173. 			return alg.CreateEncryptor ();
    174. 

  174. 		}
    175. 

  175. 

  176. 		[MonoTODO]
    177. 

  177. 		public override int GetIVSize (string algorithm)
    178. 

  178. 		{
    179. 

  179. 			throw new NotImplementedException ();
    180. 

  180. 		}
    181. 

  181. 

  182. 		// SecurityKey implementation
    183. 

  183. 

  184. 		public override int KeySize {
    185. 

  185. 			get { return key.Length << 3; }
    186. 

  186. 		}
    187. 

  187. 

  188. 		public override byte [] DecryptKey (string algorithm, byte [] keyData)
    189. 

  189. 		{
    190. 

  190. 			if (algorithm == null)
    191. 

  191. 				throw new ArgumentNullException ("algorithm");
    192. 

  192. 			if (keyData == null)
    193. 

  193. 				throw new ArgumentNullException ("keyData");
    194. 

  194. 			return EncryptedXml.DecryptKey (keyData, GetSymmetricAlgorithm (algorithm));
    195. 

  195. 		}
    196. 

  196. 

  197. 		public override byte [] EncryptKey (string algorithm, byte [] keyData)
    198. 

  198. 		{
    199. 

  199. 			if (algorithm == null)
    200. 

  200. 				throw new ArgumentNullException ("algorithm");
    201. 

  201. 			if (keyData == null)
    202. 

  202. 				throw new ArgumentNullException ("keyData");
    203. 

  203. 			return EncryptedXml.EncryptKey (keyData, GetSymmetricAlgorithm (algorithm));
    204. 

  204. 		}
    205. 

  205. 

  206. 		public override bool IsAsymmetricAlgorithm (string algorithm)
    207. 

  207. 		{
    208. 

  208. 			return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Asymmetric;
    209. 

  209. 		}
    210. 

  210. 

  211. 		public override bool IsSupportedAlgorithm (string algorithm)
    212. 

  212. 		{
    213. 

  213. 			switch (algorithm) {
    214. 

  214. 			case SecurityAlgorithms.HmacSha1Signature:
    215. 

  215. 			case SecurityAlgorithms.Psha1KeyDerivation:
    216. 

  216. 			case SecurityAlgorithms.Aes128Encryption:
    217. 

  217. 			case SecurityAlgorithms.Aes128KeyWrap:
    218. 

  218. 			case SecurityAlgorithms.Aes192Encryption:
    219. 

  219. 			case SecurityAlgorithms.Aes192KeyWrap:
    220. 

  220. 			case SecurityAlgorithms.Aes256Encryption:
    221. 

  221. 			case SecurityAlgorithms.Aes256KeyWrap:
    222. 

  222. 			case SecurityAlgorithms.TripleDesEncryption:
    223. 

  223. 			case SecurityAlgorithms.TripleDesKeyWrap:
    224. 

  224. 				return true;
    225. 

  225. 			default:
    226. 

  226. 				return false;
    227. 

  227. 			}
    228. 

  228. 		}
    229. 

  229. 

  230. 		public override bool IsSymmetricAlgorithm (string algorithm)
    231. 

  231. 		{
    232. 

  232. 			return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Symmetric;
    233. 

  233. 		}
    234. 

  234. 	}
    235. 

  235. }
    236.