//
// Authors:
// Chris Toshok (toshok@ximian.com)
+// Sebastien Pouliot <sebastien@ximian.com>
//
-// (c) Copyright 2005 Novell, Inc (http://www.novell.com)
+// (c) Copyright 2005, 2010 Novell, Inc (http://www.novell.com)
//
//
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
+
using System;
using System.ComponentModel;
using System.Configuration;
using System.Security.Cryptography;
-
-#if NET_2_0
+using System.Web.Util;
namespace System.Web.Configuration {
static ConfigurationProperty validationProp;
static ConfigurationProperty validationKeyProp;
static ConfigurationPropertyCollection properties;
+ static MachineKeyValidationConverter converter = new MachineKeyValidationConverter ();
+ MachineKeyValidation validation;
static MachineKeySection ()
{
PropertyHelper.WhiteSpaceTrimStringConverter,
PropertyHelper.NonEmptyStringValidator,
ConfigurationPropertyOptions.None);
- validationProp = new ConfigurationProperty ("validation", typeof (MachineKeyValidation), MachineKeyValidation.SHA1,
- new MachineKeyValidationConverter (),
- PropertyHelper.DefaultValidator,
+ validationProp = new ConfigurationProperty ("validation", typeof (string), "HMACSHA256",
+ PropertyHelper.WhiteSpaceTrimStringConverter,
+ PropertyHelper.NonEmptyStringValidator,
ConfigurationPropertyOptions.None);
validationKeyProp = new ConfigurationProperty ("validationKey", typeof (string), "AutoGenerate,IsolateApps",
PropertyHelper.WhiteSpaceTrimStringConverter,
properties.Add (validationProp);
properties.Add (validationKeyProp);
- AutoGenKeys ();
+ Config.AutoGenerate (MachineKeyRegistryStorage.KeyType.Encryption);
+ Config.AutoGenerate (MachineKeyRegistryStorage.KeyType.Validation);
+ }
+
+ public MachineKeySection ()
+ {
+ // get DefaultValue from ValidationAlgorithm
+ validation = (MachineKeyValidation) converter.ConvertFrom (null, null, ValidationAlgorithm);
}
[MonoTODO]
- protected override void Reset (ConfigurationElement parentElement)
+ public MachineKeyCompatibilityMode CompatibilityMode {
+ get; set;
+ }
+
+ protected internal override void Reset (ConfigurationElement parentElement)
{
base.Reset (parentElement);
+ decryption_key = null;
+ validation_key = null;
+ decryption_template = null;
+ validation_template = null;
}
[TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
[ConfigurationProperty ("decryption", DefaultValue = "Auto")]
public string Decryption {
get { return (string) base [decryptionProp];}
- set { base[decryptionProp] = value; }
+ set {
+ decryption_template = MachineKeySectionUtils.GetDecryptionAlgorithm (value);
+ base[decryptionProp] = value;
+ }
}
[TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
[ConfigurationProperty ("decryptionKey", DefaultValue = "AutoGenerate,IsolateApps")]
public string DecryptionKey {
get { return (string) base [decryptionKeyProp];}
- set { base[decryptionKeyProp] = value; SetDecryptionKey (value); }
+ set {
+ base[decryptionKeyProp] = value;
+ SetDecryptionKey (value);
+ }
}
- [TypeConverter (typeof (MachineKeyValidationConverter))]
- [ConfigurationProperty ("validation", DefaultValue = "SHA1")]
+ // property exists for backward compatibility
public MachineKeyValidation Validation {
- get { return (MachineKeyValidation) base [validationProp];}
- set { base[validationProp] = value; }
+ get { return validation; }
+ set {
+ if (value == MachineKeyValidation.Custom)
+ throw new ArgumentException ();
+
+ string algo = value.ToString ();
+ // enum and accept values differs for TripleDES
+ ValidationAlgorithm = (algo == "TripleDES") ? "3DES" : algo;
+ }
+ }
+
+ [StringValidator (MinLength = 1)]
+ [TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
+ [ConfigurationProperty ("validation", DefaultValue = "HMACSHA256")]
+ public string ValidationAlgorithm {
+ get { return (string) base [validationProp];}
+ set {
+ if (value == null)
+ return;
+
+ if (value.StartsWith ("alg:"))
+ validation = MachineKeyValidation.Custom;
+ else
+ validation = (MachineKeyValidation) converter.ConvertFrom (null, null, value);
+
+ base[validationProp] = value;
+ }
}
[TypeConverter (typeof (WhiteSpaceTrimStringConverter))]
[ConfigurationProperty ("validationKey", DefaultValue = "AutoGenerate,IsolateApps")]
public string ValidationKey {
get { return (string) base [validationKeyProp];}
- set { base[validationKeyProp] = value; SetValidationKey (value); }
+ set {
+ base[validationKeyProp] = value;
+ SetValidationKey (value);
+ }
}
- protected override ConfigurationPropertyCollection Properties {
+ protected internal override ConfigurationPropertyCollection Properties {
get { return properties; }
}
-#region CompatabilityCode
- static byte [] autogenerated;
- static byte [] autogenerated_decrypt;
+
+ internal static MachineKeySection Config {
+ get { return WebConfigurationManager.GetSection ("system.web/machineKey") as MachineKeySection; }
+ }
+
byte[] decryption_key;
- byte[] decryption_key_192bits;
byte[] validation_key;
+ SymmetricAlgorithm decryption_template;
+ KeyedHashAlgorithm validation_template;
- static void AutoGenKeys ()
+ internal SymmetricAlgorithm GetDecryptionAlgorithm ()
{
- autogenerated = new byte [64];
- RandomNumberGenerator rng = RandomNumberGenerator.Create ();
- rng.GetBytes (autogenerated);
- autogenerated_decrypt = new byte [64];
- rng.GetBytes (autogenerated_decrypt);
+ // code location to help with unit testing the code
+ return MachineKeySectionUtils.GetDecryptionAlgorithm (Decryption);
}
- static byte ToHexValue (char c, bool high)
- {
- byte v;
- if (c >= '0' && c <= '9')
- v = (byte) (c - '0');
- else if (c >= 'a' && c <= 'f')
- v = (byte) (c - 'a' + 10);
- else if (c >= 'A' && c <= 'F')
- v = (byte) (c - 'A' + 10);
- else
- throw new ArgumentException ("Invalid hex character");
-
- if (high)
- v <<= 4;
-
- return v;
- }
-
- internal static byte [] GetBytes (string key, int len)
- {
- byte [] result = new byte [len / 2];
- for (int i = 0; i < len; i += 2)
- result [i / 2] = (byte) (ToHexValue (key [i], true) + ToHexValue (key [i + 1], false));
-
- return result;
+ // not to be reused outside algorithm and key validation purpose
+ SymmetricAlgorithm DecryptionTemplate {
+ get {
+ if (decryption_template == null)
+ decryption_template = GetDecryptionAlgorithm ();
+ return decryption_template;
+ }
}
- static byte [] MakeKey (string key, bool decryption) //, out bool isolate)
+ internal byte [] GetDecryptionKey ()
{
- if (key == null || key.StartsWith ("AutoGenerate")){
- //isolate = key.IndexOf ("IsolateApps") != 1;
-
- return (decryption) ? autogenerated_decrypt : autogenerated;
- }
-
- //isolate = false;
-
- int len = key.Length;
- if (len < 40 || len > 128 || (len % 2) == 1)
- throw new ArgumentException ("Invalid key length");
-
- return GetBytes (key, len);
+ if (decryption_key == null)
+ SetDecryptionKey (DecryptionKey);
+ return decryption_key;
}
- internal void SetDecryptionKey (string n)
+ void SetDecryptionKey (string key)
{
- decryption_key = MakeKey (n, true); //, out isolate_decryption);
- decryption_key_192bits = new byte [24];
- int count = 24;
- if (decryption_key.Length < 24)
- count = decryption_key.Length;
- Buffer.BlockCopy (decryption_key, 0, decryption_key_192bits, 0, count);
+ if ((key == null) || key.StartsWith ("AutoGenerate")) {
+ decryption_key = AutoGenerate (MachineKeyRegistryStorage.KeyType.Encryption);
+ } else {
+ try {
+ decryption_key = MachineKeySectionUtils.GetBytes (key, key.Length);
+ DecryptionTemplate.Key = decryption_key;
+ }
+ catch {
+ decryption_key = null;
+ throw new ArgumentException ("Invalid key length");
+ }
+ }
}
- internal void SetValidationKey (string n)
+ internal KeyedHashAlgorithm GetValidationAlgorithm ()
{
- validation_key = MakeKey (n, false); //, out isolate_validation);
+ // code location to help with unit testing the code
+ return MachineKeySectionUtils.GetValidationAlgorithm (this);
}
-
- internal byte [] ValidationKeyBytes {
- get { return validation_key; }
+
+ // not to be reused outside algorithm and key validation purpose
+ KeyedHashAlgorithm ValidationTemplate {
+ get {
+ if (validation_template == null)
+ validation_template = GetValidationAlgorithm ();
+ return validation_template;
+ }
}
- internal byte [] DecryptionKeyBytes {
- get { return decryption_key; }
+ internal byte [] GetValidationKey ()
+ {
+ if (validation_key == null)
+ SetValidationKey (ValidationKey);
+ return validation_key;
}
- internal byte [] DecryptionKey192Bits {
- get { return decryption_key_192bits; }
+ // key can be expended for HMAC - i.e. a small key, e.g. 32 bytes, is still accepted as valid
+ // the HMAC class already deals with keys larger than what it can use (digested to right size)
+ void SetValidationKey (string key)
+ {
+ if ((key == null) || key.StartsWith ("AutoGenerate")) {
+ validation_key = AutoGenerate (MachineKeyRegistryStorage.KeyType.Validation);
+ } else {
+ try {
+ validation_key = MachineKeySectionUtils.GetBytes (key, key.Length);
+ ValidationTemplate.Key = validation_key;
+ }
+ catch (CryptographicException) {
+ // second chance, use the key length that the HMAC really wants
+ try {
+ byte[] expanded_key = new byte [ValidationTemplate.Key.Length];
+ Array.Copy (validation_key, 0, expanded_key, 0, validation_key.Length);
+ ValidationTemplate.Key = expanded_key;
+ validation_key = expanded_key;
+ }
+ catch {
+ validation_key = null;
+ throw new ArgumentException ("Invalid key length");
+ }
+ }
+ }
}
-#endregion
+ byte[] AutoGenerate (MachineKeyRegistryStorage.KeyType type)
+ {
+ byte[] key = null;
+ try {
+ key = MachineKeyRegistryStorage.Retrieve (type);
+
+ // ensure the stored key is usable with the selection algorithm
+ if (type == MachineKeyRegistryStorage.KeyType.Encryption)
+ DecryptionTemplate.Key = key;
+ else if (type == MachineKeyRegistryStorage.KeyType.Validation)
+ ValidationTemplate.Key = key;
+ } catch (Exception) {
+ key = null;
+ }
+ // some algorithms have special needs for key (e.g. length, parity, weak keys...)
+ // so we better ask them to provide a default key (than to generate/use bad ones)
+ if (key == null) {
+ if (type == MachineKeyRegistryStorage.KeyType.Encryption)
+ key = DecryptionTemplate.Key;
+ else if (type == MachineKeyRegistryStorage.KeyType.Validation)
+ key = ValidationTemplate.Key;
+ MachineKeyRegistryStorage.Store (key, type);
+ }
+ return key;
+ }
}
}
-#endif