1 //------------------------------------------------------------ 2 // Copyright (c) Microsoft Corporation. All rights reserved. 3 //------------------------------------------------------------ 4 namespace System.ServiceModel.Security 5 { 6 using System.Collections.Generic; 7 using System.ServiceModel.Channels; 8 using System.ServiceModel; 9 using System.Collections.ObjectModel; 10 using System.IdentityModel.Claims; 11 using System.IdentityModel.Policy; 12 using System.IdentityModel.Tokens; 13 using System.IdentityModel.Selectors; 14 using System.Security.Cryptography; 15 using System.ServiceModel.Security.Tokens; 16 17 using System.Text; 18 using System.Runtime.Serialization; 19 using System.Xml; 20 using System.ComponentModel; 21 22 [TypeConverter(typeof(System.ServiceModel.Configuration.SecurityAlgorithmSuiteConverter))] 23 public abstract class SecurityAlgorithmSuite 24 { 25 static SecurityAlgorithmSuite basic256; 26 static SecurityAlgorithmSuite basic192; 27 static SecurityAlgorithmSuite basic128; 28 static SecurityAlgorithmSuite tripleDes; 29 static SecurityAlgorithmSuite basic256Rsa15; 30 static SecurityAlgorithmSuite basic192Rsa15; 31 static SecurityAlgorithmSuite basic128Rsa15; 32 static SecurityAlgorithmSuite tripleDesRsa15; 33 static SecurityAlgorithmSuite basic256Sha256; 34 static SecurityAlgorithmSuite basic192Sha256; 35 static SecurityAlgorithmSuite basic128Sha256; 36 static SecurityAlgorithmSuite tripleDesSha256; 37 static SecurityAlgorithmSuite basic256Sha256Rsa15; 38 static SecurityAlgorithmSuite basic192Sha256Rsa15; 39 static SecurityAlgorithmSuite basic128Sha256Rsa15; 40 static SecurityAlgorithmSuite tripleDesSha256Rsa15; 41 42 static internal SecurityAlgorithmSuite KerberosDefault 43 { 44 get 45 { 46 return Basic128; 47 } 48 } 49 static public SecurityAlgorithmSuite Default 50 { 51 get 52 { 53 return Basic256; 54 } 55 } 56 57 static public SecurityAlgorithmSuite Basic256 58 { 59 get 60 { 61 if (basic256 == null) 62 basic256 = new Basic256SecurityAlgorithmSuite(); 63 return basic256; 64 } 65 } 66 static public SecurityAlgorithmSuite Basic192 67 { 68 get 69 { 70 if (basic192 == null) 71 basic192 = new Basic192SecurityAlgorithmSuite(); 72 return basic192; 73 } 74 } 75 static public SecurityAlgorithmSuite Basic128 76 { 77 get 78 { 79 if (basic128 == null) 80 basic128 = new Basic128SecurityAlgorithmSuite(); 81 return basic128; 82 } 83 } 84 static public SecurityAlgorithmSuite TripleDes 85 { 86 get 87 { 88 if (tripleDes == null) 89 tripleDes = new TripleDesSecurityAlgorithmSuite(); 90 return tripleDes; 91 } 92 } 93 static public SecurityAlgorithmSuite Basic256Rsa15 94 { 95 get 96 { 97 if (basic256Rsa15 == null) 98 basic256Rsa15 = new Basic256Rsa15SecurityAlgorithmSuite(); 99 return basic256Rsa15; 100 } 101 } 102 static public SecurityAlgorithmSuite Basic192Rsa15 103 { 104 get 105 { 106 if (basic192Rsa15 == null) 107 basic192Rsa15 = new Basic192Rsa15SecurityAlgorithmSuite(); 108 return basic192Rsa15; 109 } 110 } 111 static public SecurityAlgorithmSuite Basic128Rsa15 112 { 113 get 114 { 115 if (basic128Rsa15 == null) 116 basic128Rsa15 = new Basic128Rsa15SecurityAlgorithmSuite(); 117 return basic128Rsa15; 118 } 119 } 120 static public SecurityAlgorithmSuite TripleDesRsa15 121 { 122 get 123 { 124 if (tripleDesRsa15 == null) 125 tripleDesRsa15 = new TripleDesRsa15SecurityAlgorithmSuite(); 126 return tripleDesRsa15; 127 } 128 } 129 130 static public SecurityAlgorithmSuite Basic256Sha256 131 { 132 get 133 { 134 if (basic256Sha256 == null) 135 basic256Sha256 = new Basic256Sha256SecurityAlgorithmSuite(); 136 return basic256Sha256; 137 } 138 } 139 static public SecurityAlgorithmSuite Basic192Sha256 140 { 141 get 142 { 143 if (basic192Sha256 == null) 144 basic192Sha256 = new Basic192Sha256SecurityAlgorithmSuite(); 145 return basic192Sha256; 146 } 147 } 148 static public SecurityAlgorithmSuite Basic128Sha256 149 { 150 get 151 { 152 if (basic128Sha256 == null) 153 basic128Sha256 = new Basic128Sha256SecurityAlgorithmSuite(); 154 return basic128Sha256; 155 } 156 } 157 static public SecurityAlgorithmSuite TripleDesSha256 158 { 159 get 160 { 161 if (tripleDesSha256 == null) 162 tripleDesSha256 = new TripleDesSha256SecurityAlgorithmSuite(); 163 return tripleDesSha256; 164 } 165 } 166 static public SecurityAlgorithmSuite Basic256Sha256Rsa15 167 { 168 get 169 { 170 if (basic256Sha256Rsa15 == null) 171 basic256Sha256Rsa15 = new Basic256Sha256Rsa15SecurityAlgorithmSuite(); 172 return basic256Sha256Rsa15; 173 } 174 } 175 static public SecurityAlgorithmSuite Basic192Sha256Rsa15 176 { 177 get 178 { 179 if (basic192Sha256Rsa15 == null) 180 basic192Sha256Rsa15 = new Basic192Sha256Rsa15SecurityAlgorithmSuite(); 181 return basic192Sha256Rsa15; 182 } 183 } 184 static public SecurityAlgorithmSuite Basic128Sha256Rsa15 185 { 186 get 187 { 188 if (basic128Sha256Rsa15 == null) 189 basic128Sha256Rsa15 = new Basic128Sha256Rsa15SecurityAlgorithmSuite(); 190 return basic128Sha256Rsa15; 191 } 192 } 193 static public SecurityAlgorithmSuite TripleDesSha256Rsa15 194 { 195 get 196 { 197 if (tripleDesSha256Rsa15 == null) 198 tripleDesSha256Rsa15 = new TripleDesSha256Rsa15SecurityAlgorithmSuite(); 199 return tripleDesSha256Rsa15; 200 } 201 } 202 203 public abstract string DefaultCanonicalizationAlgorithm { get; } 204 public abstract string DefaultDigestAlgorithm { get; } 205 public abstract string DefaultEncryptionAlgorithm { get; } 206 public abstract int DefaultEncryptionKeyDerivationLength { get; } 207 public abstract string DefaultSymmetricKeyWrapAlgorithm { get; } 208 public abstract string DefaultAsymmetricKeyWrapAlgorithm { get; } 209 public abstract string DefaultSymmetricSignatureAlgorithm { get; } 210 public abstract string DefaultAsymmetricSignatureAlgorithm { get; } 211 public abstract int DefaultSignatureKeyDerivationLength { get; } 212 public abstract int DefaultSymmetricKeyLength { get; } 213 214 internal virtual XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return null; } } 215 internal virtual XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return null; } } 216 internal virtual XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return null; } } 217 internal virtual XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return null; } } 218 internal virtual XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return null; } } 219 internal virtual XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return null; } } 220 internal virtual XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return null; } } 221 SecurityAlgorithmSuite()222 protected SecurityAlgorithmSuite() { } 223 IsCanonicalizationAlgorithmSupported(string algorithm)224 public virtual bool IsCanonicalizationAlgorithmSupported(string algorithm) { return algorithm == DefaultCanonicalizationAlgorithm; } IsDigestAlgorithmSupported(string algorithm)225 public virtual bool IsDigestAlgorithmSupported(string algorithm) { return algorithm == DefaultDigestAlgorithm; } IsEncryptionAlgorithmSupported(string algorithm)226 public virtual bool IsEncryptionAlgorithmSupported(string algorithm) { return algorithm == DefaultEncryptionAlgorithm; } IsEncryptionKeyDerivationAlgorithmSupported(string algorithm)227 public virtual bool IsEncryptionKeyDerivationAlgorithmSupported(string algorithm) { return (algorithm == SecurityAlgorithms.Psha1KeyDerivation) || (algorithm == SecurityAlgorithms.Psha1KeyDerivationDec2005); } IsSymmetricKeyWrapAlgorithmSupported(string algorithm)228 public virtual bool IsSymmetricKeyWrapAlgorithmSupported(string algorithm) { return algorithm == DefaultSymmetricKeyWrapAlgorithm; } IsAsymmetricKeyWrapAlgorithmSupported(string algorithm)229 public virtual bool IsAsymmetricKeyWrapAlgorithmSupported(string algorithm) { return algorithm == DefaultAsymmetricKeyWrapAlgorithm; } IsSymmetricSignatureAlgorithmSupported(string algorithm)230 public virtual bool IsSymmetricSignatureAlgorithmSupported(string algorithm) { return algorithm == DefaultSymmetricSignatureAlgorithm; } IsAsymmetricSignatureAlgorithmSupported(string algorithm)231 public virtual bool IsAsymmetricSignatureAlgorithmSupported(string algorithm) { return algorithm == DefaultAsymmetricSignatureAlgorithm; } IsSignatureKeyDerivationAlgorithmSupported(string algorithm)232 public virtual bool IsSignatureKeyDerivationAlgorithmSupported(string algorithm) { return (algorithm == SecurityAlgorithms.Psha1KeyDerivation) || (algorithm == SecurityAlgorithms.Psha1KeyDerivationDec2005); } IsSymmetricKeyLengthSupported(int length)233 public abstract bool IsSymmetricKeyLengthSupported(int length); IsAsymmetricKeyLengthSupported(int length)234 public abstract bool IsAsymmetricKeyLengthSupported(int length); 235 IsRsaSHA256(SecurityAlgorithmSuite suite)236 internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite) 237 { 238 if ( suite == null ) 239 return false; 240 241 return (suite == Basic128Sha256 || suite == Basic128Sha256Rsa15 || suite == Basic192Sha256 || suite == Basic192Sha256Rsa15 || 242 suite == Basic256Sha256 || suite == Basic256Sha256Rsa15 || suite == TripleDesSha256 || suite == TripleDesSha256Rsa15); 243 244 } 245 GetEncryptionKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version)246 internal string GetEncryptionKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version) 247 { 248 if (token == null) 249 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 250 251 string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); 252 if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) 253 return derivationAlgorithm; 254 else 255 return null; 256 } 257 GetEncryptionKeyDerivationLength(SecurityToken token, SecureConversationVersion version)258 internal int GetEncryptionKeyDerivationLength(SecurityToken token, SecureConversationVersion version) 259 { 260 if (token == null) 261 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 262 263 string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); 264 if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) 265 { 266 if (this.DefaultEncryptionKeyDerivationLength % 8 != 0) 267 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.Psha1KeyLengthInvalid, this.DefaultEncryptionKeyDerivationLength))); 268 269 return this.DefaultEncryptionKeyDerivationLength / 8; 270 } 271 else 272 return 0; 273 } 274 GetKeyWrapAlgorithm(SecurityToken token, out string keyWrapAlgorithm, out XmlDictionaryString keyWrapAlgorithmDictionaryString)275 internal void GetKeyWrapAlgorithm(SecurityToken token, out string keyWrapAlgorithm, out XmlDictionaryString keyWrapAlgorithmDictionaryString) 276 { 277 if (token == null) 278 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 279 280 if (SecurityUtils.IsSupportedAlgorithm(this.DefaultSymmetricKeyWrapAlgorithm, token)) 281 { 282 keyWrapAlgorithm = this.DefaultSymmetricKeyWrapAlgorithm; 283 keyWrapAlgorithmDictionaryString = this.DefaultSymmetricKeyWrapAlgorithmDictionaryString; 284 } 285 else 286 { 287 keyWrapAlgorithm = this.DefaultAsymmetricKeyWrapAlgorithm; 288 keyWrapAlgorithmDictionaryString = this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString; 289 } 290 } 291 GetSignatureAlgorithmAndKey(SecurityToken token, out string signatureAlgorithm, out SecurityKey key, out XmlDictionaryString signatureAlgorithmDictionaryString)292 internal void GetSignatureAlgorithmAndKey(SecurityToken token, out string signatureAlgorithm, out SecurityKey key, out XmlDictionaryString signatureAlgorithmDictionaryString) 293 { 294 ReadOnlyCollection<SecurityKey> keys = token.SecurityKeys; 295 if (keys == null || keys.Count == 0) 296 { 297 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SigningTokenHasNoKeys, token))); 298 } 299 300 for (int i = 0; i < keys.Count; i++) 301 { 302 if (keys[i].IsSupportedAlgorithm(this.DefaultSymmetricSignatureAlgorithm)) 303 { 304 signatureAlgorithm = this.DefaultSymmetricSignatureAlgorithm; 305 signatureAlgorithmDictionaryString = this.DefaultSymmetricSignatureAlgorithmDictionaryString; 306 key = keys[i]; 307 return; 308 } 309 else if (keys[i].IsSupportedAlgorithm(this.DefaultAsymmetricSignatureAlgorithm)) 310 { 311 signatureAlgorithm = this.DefaultAsymmetricSignatureAlgorithm; 312 signatureAlgorithmDictionaryString = this.DefaultAsymmetricSignatureAlgorithmDictionaryString; 313 key = keys[i]; 314 return; 315 } 316 } 317 318 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SigningTokenHasNoKeysSupportingTheAlgorithmSuite, token, this))); 319 } 320 GetSignatureKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version)321 internal string GetSignatureKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version) 322 { 323 if (token == null) 324 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 325 326 string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); 327 if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) 328 return derivationAlgorithm; 329 else 330 return null; 331 } 332 GetSignatureKeyDerivationLength(SecurityToken token, SecureConversationVersion version)333 internal int GetSignatureKeyDerivationLength(SecurityToken token, SecureConversationVersion version) 334 { 335 if (token == null) 336 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); 337 338 string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); 339 if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) 340 { 341 if (this.DefaultSignatureKeyDerivationLength % 8 != 0) 342 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.Psha1KeyLengthInvalid, this.DefaultSignatureKeyDerivationLength))); 343 344 return this.DefaultSignatureKeyDerivationLength / 8; 345 } 346 else 347 return 0; 348 } 349 EnsureAcceptableSymmetricSignatureAlgorithm(string algorithm)350 internal void EnsureAcceptableSymmetricSignatureAlgorithm(string algorithm) 351 { 352 if (!IsSymmetricSignatureAlgorithmSupported(algorithm)) 353 { 354 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 355 algorithm, "SymmetricSignature", this))); 356 } 357 } 358 EnsureAcceptableSignatureKeySize(SecurityKey securityKey, SecurityToken token)359 internal void EnsureAcceptableSignatureKeySize(SecurityKey securityKey, SecurityToken token) 360 { 361 AsymmetricSecurityKey asymmetricSecurityKey = securityKey as AsymmetricSecurityKey; 362 if (asymmetricSecurityKey != null) 363 { 364 if (!IsAsymmetricKeyLengthSupported(asymmetricSecurityKey.KeySize)) 365 { 366 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( 367 SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, asymmetricSecurityKey.KeySize))); 368 } 369 } 370 else 371 { 372 SymmetricSecurityKey symmetricSecurityKey = securityKey as SymmetricSecurityKey; 373 if (symmetricSecurityKey == null) 374 { 375 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnknownICryptoType, symmetricSecurityKey))); 376 } 377 EnsureAcceptableSignatureSymmetricKeySize(symmetricSecurityKey, token); 378 } 379 } 380 381 // Ensure acceptable signing symmetric key. 382 // 1) if derived key, validate derived key against DefaultSignatureKeyDerivationLength and validate 383 // source key against DefaultSymmetricKeyLength 384 // 2) if not derived key, validate key against DefaultSymmetricKeyLength EnsureAcceptableSignatureSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token)385 internal void EnsureAcceptableSignatureSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token) 386 { 387 int keySize; 388 DerivedKeySecurityToken dkt = token as DerivedKeySecurityToken; 389 if (dkt != null) 390 { 391 token = dkt.TokenToDerive; 392 keySize = ((SymmetricSecurityKey)token.SecurityKeys[0]).KeySize; 393 394 // doing special case for derived key token signing length since 395 // the sending side doesn't honor the algorithm suite. It used the DefaultSignatureKeyDerivationLength instead 396 if (dkt.SecurityKeys[0].KeySize < this.DefaultSignatureKeyDerivationLength) 397 { 398 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( 399 SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, dkt, dkt.SecurityKeys[0].KeySize))); 400 } 401 } 402 else 403 { 404 keySize = securityKey.KeySize; 405 } 406 407 if (!IsSymmetricKeyLengthSupported(keySize)) 408 { 409 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( 410 SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, keySize))); 411 } 412 } 413 414 // Ensure acceptable decrypting symmetric key. 415 // 1) if derived key, validate derived key against DefaultEncryptionKeyDerivationLength and validate 416 // source key against DefaultSymmetricKeyLength 417 // 2) if not derived key, validate key against DefaultSymmetricKeyLength EnsureAcceptableDecryptionSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token)418 internal void EnsureAcceptableDecryptionSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token) 419 { 420 int keySize; 421 DerivedKeySecurityToken dkt = token as DerivedKeySecurityToken; 422 if (dkt != null) 423 { 424 token = dkt.TokenToDerive; 425 keySize = ((SymmetricSecurityKey)token.SecurityKeys[0]).KeySize; 426 427 // doing special case for derived key token signing length since 428 // the sending side doesn't honor the algorithm suite. It used the DefaultSignatureKeyDerivationLength instead 429 if (dkt.SecurityKeys[0].KeySize < this.DefaultEncryptionKeyDerivationLength) 430 { 431 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( 432 SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, dkt, dkt.SecurityKeys[0].KeySize))); 433 } 434 } 435 else 436 { 437 keySize = securityKey.KeySize; 438 } 439 440 if (!IsSymmetricKeyLengthSupported(keySize)) 441 { 442 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( 443 SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, keySize))); 444 } 445 } 446 EnsureAcceptableSignatureAlgorithm(SecurityKey verificationKey, string algorithm)447 internal void EnsureAcceptableSignatureAlgorithm(SecurityKey verificationKey, string algorithm) 448 { 449 InMemorySymmetricSecurityKey symmeticKey = verificationKey as InMemorySymmetricSecurityKey; 450 if (symmeticKey != null) 451 { 452 this.EnsureAcceptableSymmetricSignatureAlgorithm(algorithm); 453 } 454 else 455 { 456 AsymmetricSecurityKey asymmetricKey = verificationKey as AsymmetricSecurityKey; 457 if (asymmetricKey == null) 458 { 459 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnknownICryptoType, verificationKey))); 460 } 461 462 this.EnsureAcceptableAsymmetricSignatureAlgorithm(algorithm); 463 } 464 } 465 EnsureAcceptableAsymmetricSignatureAlgorithm(string algorithm)466 internal void EnsureAcceptableAsymmetricSignatureAlgorithm(string algorithm) 467 { 468 if (!IsAsymmetricSignatureAlgorithmSupported(algorithm)) 469 { 470 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 471 algorithm, "AsymmetricSignature", this))); 472 } 473 } 474 EnsureAcceptableKeyWrapAlgorithm(string algorithm, bool isAsymmetric)475 internal void EnsureAcceptableKeyWrapAlgorithm(string algorithm, bool isAsymmetric) 476 { 477 if (isAsymmetric) 478 { 479 if (!IsAsymmetricKeyWrapAlgorithmSupported(algorithm)) 480 { 481 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 482 algorithm, "AsymmetricKeyWrap", this))); 483 } 484 } 485 else 486 { 487 if (!IsSymmetricKeyWrapAlgorithmSupported(algorithm)) 488 { 489 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 490 algorithm, "SymmetricKeyWrap", this))); 491 } 492 } 493 } 494 EnsureAcceptableEncryptionAlgorithm(string algorithm)495 internal void EnsureAcceptableEncryptionAlgorithm(string algorithm) 496 { 497 if (!IsEncryptionAlgorithmSupported(algorithm)) 498 { 499 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 500 algorithm, "Encryption", this))); 501 } 502 } 503 EnsureAcceptableSignatureKeyDerivationAlgorithm(string algorithm)504 internal void EnsureAcceptableSignatureKeyDerivationAlgorithm(string algorithm) 505 { 506 if (!IsSignatureKeyDerivationAlgorithmSupported(algorithm)) 507 { 508 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 509 algorithm, "SignatureKeyDerivation", this))); 510 } 511 } 512 EnsureAcceptableEncryptionKeyDerivationAlgorithm(string algorithm)513 internal void EnsureAcceptableEncryptionKeyDerivationAlgorithm(string algorithm) 514 { 515 if (!IsEncryptionKeyDerivationAlgorithmSupported(algorithm)) 516 { 517 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 518 algorithm, "EncryptionKeyDerivation", this))); 519 } 520 } 521 EnsureAcceptableDigestAlgorithm(string algorithm)522 internal void EnsureAcceptableDigestAlgorithm(string algorithm) 523 { 524 if (!IsDigestAlgorithmSupported(algorithm)) 525 { 526 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, 527 algorithm, "Digest", this))); 528 } 529 } 530 531 } 532 533 public class Basic256SecurityAlgorithmSuite : SecurityAlgorithmSuite 534 { Basic256SecurityAlgorithmSuite()535 public Basic256SecurityAlgorithmSuite() : base() { } 536 537 public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } } 538 public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } } 539 public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } } 540 public override int DefaultEncryptionKeyDerivationLength { get { return 256; } } 541 public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } 542 public override string DefaultAsymmetricKeyWrapAlgorithm { get { return DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } 543 public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } 544 public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } 545 public override int DefaultSignatureKeyDerivationLength { get { return 192; } } 546 public override int DefaultSymmetricKeyLength { get { return 256; } } IsSymmetricKeyLengthSupported(int length)547 public override bool IsSymmetricKeyLengthSupported(int length) { return length == 256; } IsAsymmetricKeyLengthSupported(int length)548 public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } 549 550 internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } 551 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } 552 internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes256Encryption; } } 553 internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes256KeyWrap; } } 554 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } 555 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } 556 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } 557 ToString()558 public override string ToString() 559 { 560 return "Basic256"; 561 } 562 } 563 564 public class Basic192SecurityAlgorithmSuite : SecurityAlgorithmSuite 565 { Basic192SecurityAlgorithmSuite()566 public Basic192SecurityAlgorithmSuite() : base() { } 567 568 public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } } 569 public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } } 570 public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } } 571 public override int DefaultEncryptionKeyDerivationLength { get { return 192; } } 572 public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } 573 public override string DefaultAsymmetricKeyWrapAlgorithm { get { return DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } 574 public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } 575 public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } 576 public override int DefaultSignatureKeyDerivationLength { get { return 192; } } 577 public override int DefaultSymmetricKeyLength { get { return 192; } } IsSymmetricKeyLengthSupported(int length)578 public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 192 && length <= 256; } IsAsymmetricKeyLengthSupported(int length)579 public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } 580 581 internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } 582 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } 583 internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes192Encryption; } } 584 internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes192KeyWrap; } } 585 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } 586 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } 587 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } 588 ToString()589 public override string ToString() 590 { 591 return "Basic192"; 592 } 593 } 594 595 public class Basic128SecurityAlgorithmSuite : SecurityAlgorithmSuite 596 { Basic128SecurityAlgorithmSuite()597 public Basic128SecurityAlgorithmSuite() : base() { } 598 599 public override string DefaultCanonicalizationAlgorithm { get { return this.DefaultCanonicalizationAlgorithmDictionaryString.Value; } } 600 public override string DefaultDigestAlgorithm { get { return this.DefaultDigestAlgorithmDictionaryString.Value; } } 601 public override string DefaultEncryptionAlgorithm { get { return this.DefaultEncryptionAlgorithmDictionaryString.Value; } } 602 public override int DefaultEncryptionKeyDerivationLength { get { return 128; } } 603 public override string DefaultSymmetricKeyWrapAlgorithm { get { return this.DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } 604 public override string DefaultAsymmetricKeyWrapAlgorithm { get { return this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } 605 public override string DefaultSymmetricSignatureAlgorithm { get { return this.DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } 606 public override string DefaultAsymmetricSignatureAlgorithm { get { return this.DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } 607 public override int DefaultSignatureKeyDerivationLength { get { return 128; } } 608 public override int DefaultSymmetricKeyLength { get { return 128; } } IsSymmetricKeyLengthSupported(int length)609 public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 128 && length <= 256; } IsAsymmetricKeyLengthSupported(int length)610 public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } 611 612 internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } 613 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } 614 internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes128Encryption; } } 615 internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes128KeyWrap; } } 616 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } 617 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } 618 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } 619 ToString()620 public override string ToString() 621 { 622 return "Basic128"; 623 } 624 } 625 626 public class TripleDesSecurityAlgorithmSuite : SecurityAlgorithmSuite 627 { TripleDesSecurityAlgorithmSuite()628 public TripleDesSecurityAlgorithmSuite() : base() { } 629 630 public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } } 631 public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } } 632 public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } } 633 public override int DefaultEncryptionKeyDerivationLength { get { return 192; } } 634 public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } 635 public override string DefaultAsymmetricKeyWrapAlgorithm { get { return this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } 636 637 public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } 638 public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } 639 public override int DefaultSignatureKeyDerivationLength { get { return 192; } } 640 public override int DefaultSymmetricKeyLength { get { return 192; } } IsSymmetricKeyLengthSupported(int length)641 public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 192 && length <= 256; } IsAsymmetricKeyLengthSupported(int length)642 public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } 643 644 internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } 645 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } 646 internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.TripleDesEncryption; } } 647 internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.TripleDesKeyWrap; } } 648 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } 649 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } 650 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } 651 ToString()652 public override string ToString() 653 { 654 return "TripleDes"; 655 } 656 } 657 658 class Basic128Rsa15SecurityAlgorithmSuite : Basic128SecurityAlgorithmSuite 659 { Basic128Rsa15SecurityAlgorithmSuite()660 public Basic128Rsa15SecurityAlgorithmSuite() : base() { } 661 662 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } 663 ToString()664 public override string ToString() 665 { 666 return "Basic128Rsa15"; 667 } 668 } 669 670 class Basic192Rsa15SecurityAlgorithmSuite : Basic192SecurityAlgorithmSuite 671 { Basic192Rsa15SecurityAlgorithmSuite()672 public Basic192Rsa15SecurityAlgorithmSuite() : base() { } 673 674 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } 675 ToString()676 public override string ToString() 677 { 678 return "Basic192Rsa15"; 679 } 680 } 681 682 class Basic256Rsa15SecurityAlgorithmSuite : Basic256SecurityAlgorithmSuite 683 { Basic256Rsa15SecurityAlgorithmSuite()684 public Basic256Rsa15SecurityAlgorithmSuite() : base() { } 685 686 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } 687 ToString()688 public override string ToString() 689 { 690 return "Basic256Rsa15"; 691 } 692 } 693 694 class TripleDesRsa15SecurityAlgorithmSuite : TripleDesSecurityAlgorithmSuite 695 { TripleDesRsa15SecurityAlgorithmSuite()696 public TripleDesRsa15SecurityAlgorithmSuite() : base() { } 697 698 internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } 699 ToString()700 public override string ToString() 701 { 702 return "TripleDesRsa15"; 703 } 704 } 705 706 class Basic256Sha256SecurityAlgorithmSuite : Basic256SecurityAlgorithmSuite 707 { Basic256Sha256SecurityAlgorithmSuite()708 public Basic256Sha256SecurityAlgorithmSuite() : base() { } 709 710 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 711 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 712 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 713 ToString()714 public override string ToString() 715 { 716 return "Basic256Sha256"; 717 } 718 } 719 720 class Basic192Sha256SecurityAlgorithmSuite : Basic192SecurityAlgorithmSuite 721 { Basic192Sha256SecurityAlgorithmSuite()722 public Basic192Sha256SecurityAlgorithmSuite() : base() { } 723 724 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 725 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 726 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 727 ToString()728 public override string ToString() 729 { 730 return "Basic192Sha256"; 731 } 732 } 733 734 class Basic128Sha256SecurityAlgorithmSuite : Basic128SecurityAlgorithmSuite 735 { Basic128Sha256SecurityAlgorithmSuite()736 public Basic128Sha256SecurityAlgorithmSuite() : base() { } 737 738 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 739 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 740 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 741 ToString()742 public override string ToString() 743 { 744 return "Basic128Sha256"; 745 } 746 } 747 748 class TripleDesSha256SecurityAlgorithmSuite : TripleDesSecurityAlgorithmSuite 749 { TripleDesSha256SecurityAlgorithmSuite()750 public TripleDesSha256SecurityAlgorithmSuite() : base() { } 751 752 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 753 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 754 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 755 ToString()756 public override string ToString() 757 { 758 return "TripleDesSha256"; 759 } 760 } 761 762 class Basic256Sha256Rsa15SecurityAlgorithmSuite : Basic256Rsa15SecurityAlgorithmSuite 763 { Basic256Sha256Rsa15SecurityAlgorithmSuite()764 public Basic256Sha256Rsa15SecurityAlgorithmSuite() : base() { } 765 766 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 767 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 768 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 769 ToString()770 public override string ToString() 771 { 772 return "Basic256Sha256Rsa15"; 773 } 774 } 775 776 class Basic192Sha256Rsa15SecurityAlgorithmSuite : Basic192Rsa15SecurityAlgorithmSuite 777 { Basic192Sha256Rsa15SecurityAlgorithmSuite()778 public Basic192Sha256Rsa15SecurityAlgorithmSuite() : base() { } 779 780 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 781 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 782 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 783 ToString()784 public override string ToString() 785 { 786 return "Basic192Sha256Rsa15"; 787 } 788 } 789 790 class Basic128Sha256Rsa15SecurityAlgorithmSuite : Basic128Rsa15SecurityAlgorithmSuite 791 { Basic128Sha256Rsa15SecurityAlgorithmSuite()792 public Basic128Sha256Rsa15SecurityAlgorithmSuite() : base() { } 793 794 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 795 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 796 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 797 ToString()798 public override string ToString() 799 { 800 return "Basic128Sha256Rsa15"; 801 } 802 } 803 804 class TripleDesSha256Rsa15SecurityAlgorithmSuite : TripleDesRsa15SecurityAlgorithmSuite 805 { TripleDesSha256Rsa15SecurityAlgorithmSuite()806 public TripleDesSha256Rsa15SecurityAlgorithmSuite() : base() { } 807 808 internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } 809 internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } 810 internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } 811 ToString()812 public override string ToString() 813 { 814 return "TripleDesSha256Rsa15"; 815 } 816 } 817 } 818