2 // InMemorySymmetricSecurityKey.cs
5 // Atsushi Enomoto <atsushi@ximian.com>
7 // Copyright (C) 2006-2007 Novell, Inc. http://www.novell.com
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Collections.Generic;
32 using System.IdentityModel.Policy;
33 using System.Security.Cryptography;
34 using System.Security.Cryptography.Xml;
36 using M = Mono.Security.Cryptography;
37 using AES = System.Security.Cryptography.RijndaelManaged;
39 namespace System.IdentityModel.Tokens
41 public class InMemorySymmetricSecurityKey : SymmetricSecurityKey
45 public InMemorySymmetricSecurityKey (byte [] key)
50 public InMemorySymmetricSecurityKey (byte [] key, bool clone)
53 throw new ArgumentNullException ("key");
54 this.key = clone ? (byte []) key.Clone() : key;
57 // SymmetricSecurityKey implementation
59 public override byte [] GenerateDerivedKey (
60 string algorithm, byte [] label, byte [] nonce,
61 int derivedKeyLength, int offset)
63 if (derivedKeyLength < 0)
64 throw new ArgumentOutOfRangeException ("derivedKeyLength");
66 throw new ArgumentOutOfRangeException ("offset");
68 throw new ArgumentNullException ("label");
70 throw new ArgumentNullException ("nonce");
71 if (algorithm != SecurityAlgorithms.Psha1KeyDerivation)
72 throw new InvalidOperationException (String.Format ("Key derivation algorithm '{0}' is not supported", algorithm));
73 byte [] seed = new byte [label.Length + nonce.Length];
74 Array.Copy (label, seed, label.Length);
75 Array.Copy (nonce, 0, seed, label.Length, nonce.Length);
77 byte [] p_sha = Expand ("SHA1", key, seed, derivedKeyLength / 8);
82 // from Mono.Security.Protocol.Tls.CipherSuite.Expand() with
83 // a bit of modification ...
84 byte [] Expand (string hashName, byte[] secret, byte[] seed, int length)
86 int hashLength = hashName == "MD5" ? 16 : 20;
87 int iterations = (int)(length / hashLength);
88 if ((length % hashLength) > 0)
93 M.HMAC hmac = new M.HMAC(hashName, secret);
94 MemoryStream resMacs = new MemoryStream ();
96 byte[][] hmacs = new byte[iterations + 1][];
98 for (int i = 1; i <= iterations; i++)
100 MemoryStream hcseed = new MemoryStream ();
101 hmac.TransformFinalBlock(hmacs[i-1], 0, hmacs[i-1].Length);
102 hmacs[i] = hmac.Hash;
103 hcseed.Write(hmacs[i], 0, hmacs [i].Length);
104 hcseed.Write(seed, 0, seed.Length);
105 hmac.TransformFinalBlock(hcseed.ToArray(), 0, (int)hcseed.Length);
106 resMacs.Write(hmac.Hash, 0, hmac.Hash.Length);
109 byte[] res = new byte[length];
111 Buffer.BlockCopy(resMacs.ToArray(), 0, res, 0, res.Length);
116 public override byte [] GetSymmetricKey ()
118 return (byte []) key.Clone ();
121 public override KeyedHashAlgorithm GetKeyedHashAlgorithm (
124 if (algorithm == SecurityAlgorithms.HmacSha1Signature)
125 return new HMACSHA1 (key);
126 //if (algorithm == SecurityAlgorithms.HmacSha256Signature)
127 // return new HMACSHA256 (key);
128 throw new NotSupportedException ();
131 public override SymmetricAlgorithm GetSymmetricAlgorithm (string algorithm)
133 SymmetricAlgorithm s = null;
135 case SecurityAlgorithms.Aes128Encryption:
136 case SecurityAlgorithms.Aes192Encryption:
137 case SecurityAlgorithms.Aes256Encryption:
138 case SecurityAlgorithms.Aes128KeyWrap:
139 case SecurityAlgorithms.Aes192KeyWrap:
140 case SecurityAlgorithms.Aes256KeyWrap:
143 case SecurityAlgorithms.TripleDesEncryption:
144 case SecurityAlgorithms.TripleDesKeyWrap:
145 if (key.Length == 24)
146 throw new CryptographicException ("The key size is 24 bytes, which known as vulnerable and thus not allowed.");
147 s = TripleDES.Create ();
150 throw new NotSupportedException (String.Format ("This symmetric security key does not support specified algorithm '{0}'", algorithm));
152 s.Mode = CipherMode.CBC;
158 public override ICryptoTransform GetDecryptionTransform (string algorithm, byte [] iv)
161 throw new ArgumentNullException ("iv");
162 SymmetricAlgorithm alg = GetSymmetricAlgorithm (algorithm);
164 return alg.CreateDecryptor ();
167 public override ICryptoTransform GetEncryptionTransform (string algorithm, byte [] iv)
170 throw new ArgumentNullException ("iv");
171 SymmetricAlgorithm alg = GetSymmetricAlgorithm (algorithm);
173 return alg.CreateEncryptor ();
177 public override int GetIVSize (string algorithm)
179 throw new NotImplementedException ();
182 // SecurityKey implementation
184 public override int KeySize {
185 get { return key.Length << 3; }
188 public override byte [] DecryptKey (string algorithm, byte [] keyData)
190 if (algorithm == null)
191 throw new ArgumentNullException ("algorithm");
193 throw new ArgumentNullException ("keyData");
194 return EncryptedXml.DecryptKey (keyData, GetSymmetricAlgorithm (algorithm));
197 public override byte [] EncryptKey (string algorithm, byte [] keyData)
199 if (algorithm == null)
200 throw new ArgumentNullException ("algorithm");
202 throw new ArgumentNullException ("keyData");
203 return EncryptedXml.EncryptKey (keyData, GetSymmetricAlgorithm (algorithm));
206 public override bool IsAsymmetricAlgorithm (string algorithm)
208 return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Asymmetric;
211 public override bool IsSupportedAlgorithm (string algorithm)
214 case SecurityAlgorithms.HmacSha1Signature:
215 case SecurityAlgorithms.Psha1KeyDerivation:
216 case SecurityAlgorithms.Aes128Encryption:
217 case SecurityAlgorithms.Aes128KeyWrap:
218 case SecurityAlgorithms.Aes192Encryption:
219 case SecurityAlgorithms.Aes192KeyWrap:
220 case SecurityAlgorithms.Aes256Encryption:
221 case SecurityAlgorithms.Aes256KeyWrap:
222 case SecurityAlgorithms.TripleDesEncryption:
223 case SecurityAlgorithms.TripleDesKeyWrap:
230 public override bool IsSymmetricAlgorithm (string algorithm)
232 return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Symmetric;