1 // 2 // SecurityAlgorithmSuite.cs 3 // 4 // Author: 5 // Atsushi Enomoto <atsushi@ximian.com> 6 // 7 // Copyright (C) 2005 Novell, Inc. http://www.novell.com 8 // 9 // Permission is hereby granted, free of charge, to any person obtaining 10 // a copy of this software and associated documentation files (the 11 // "Software"), to deal in the Software without restriction, including 12 // without limitation the rights to use, copy, modify, merge, publish, 13 // distribute, sublicense, and/or sell copies of the Software, and to 14 // permit persons to whom the Software is furnished to do so, subject to 15 // the following conditions: 16 // 17 // The above copyright notice and this permission notice shall be 18 // included in all copies or substantial portions of the Software. 19 // 20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 27 // 28 using System; 29 using System.IdentityModel.Tokens; 30 using System.Security.Cryptography.Xml; 31 using System.ServiceModel; 32 using System.ServiceModel.Security.Tokens; 33 34 namespace System.ServiceModel.Security 35 { 36 public abstract class SecurityAlgorithmSuite 37 { 38 #region Internal Class 39 40 class BasicSecurityAlgorithmSuite : SecurityAlgorithmSuiteImplBase 41 { BasicSecurityAlgorithmSuite(int size, bool sha, bool rsa)42 public BasicSecurityAlgorithmSuite (int size, bool sha, bool rsa) 43 : base (size, sha, rsa, false) 44 { 45 } 46 47 public override int DefaultSignatureKeyDerivationLength { 48 get { return Size > 192 ? 192 : Size; } 49 } 50 IsAsymmetricKeyLengthSupported(int length)51 public override bool IsAsymmetricKeyLengthSupported (int length) 52 { 53 switch (length) { 54 case 128: 55 case 192: 56 return Size >= length; 57 } 58 return false; 59 } 60 IsSymmetricKeyLengthSupported(int length)61 public override bool IsSymmetricKeyLengthSupported (int length) 62 { 63 switch (length) { 64 case 128: 65 case 192: 66 case 256: 67 return Size >= length; 68 } 69 return false; 70 } 71 IsSymmetricKeyWrapAlgorithmSupported(string algorithm)72 public override bool IsSymmetricKeyWrapAlgorithmSupported (string algorithm) 73 { 74 switch (Size) { 75 case 256: 76 if (algorithm == EncryptedXml.XmlEncAES256KeyWrapUrl) 77 return true; 78 goto case 192; 79 case 192: 80 if (algorithm == EncryptedXml.XmlEncAES192KeyWrapUrl) 81 return true; 82 goto case 128; 83 case 128: 84 return algorithm == EncryptedXml.XmlEncAES128KeyWrapUrl; 85 } 86 return false; 87 } 88 } 89 90 class TripleDESSecurityAlgorithmSuite : SecurityAlgorithmSuiteImplBase 91 { TripleDESSecurityAlgorithmSuite(bool sha, bool rsa)92 public TripleDESSecurityAlgorithmSuite (bool sha, bool rsa) 93 : base (192, sha, rsa, true) 94 { 95 } 96 97 public override int DefaultSignatureKeyDerivationLength { 98 get { return 192; } 99 } 100 IsAsymmetricKeyLengthSupported(int length)101 public override bool IsAsymmetricKeyLengthSupported (int length) 102 { 103 return length == 192; 104 } 105 IsSymmetricKeyLengthSupported(int length)106 public override bool IsSymmetricKeyLengthSupported (int length) 107 { 108 return length == 192; 109 } 110 IsSymmetricKeyWrapAlgorithmSupported( string algorithm)111 public override bool IsSymmetricKeyWrapAlgorithmSupported ( 112 string algorithm) 113 { 114 return algorithm == EncryptedXml.XmlEncTripleDESKeyWrapUrl; 115 } 116 } 117 118 abstract class SecurityAlgorithmSuiteImplBase : SecurityAlgorithmSuite 119 { 120 int size; 121 bool rsa15, sha256, tdes; 122 SecurityAlgorithmSuiteImplBase( int size, bool sha256, bool rsa15, bool tripleDes)123 public SecurityAlgorithmSuiteImplBase ( 124 int size, bool sha256, bool rsa15, bool tripleDes) 125 { 126 this.size = size; 127 this.sha256 = sha256; 128 this.rsa15 = rsa15; 129 this.tdes = tripleDes; 130 } 131 132 public int Size { 133 get { return size; } 134 } 135 136 public bool Rsa15 { 137 get { return rsa15; } 138 } 139 140 public bool Sha256 { 141 get { return sha256; } 142 } 143 144 public override string DefaultAsymmetricKeyWrapAlgorithm { 145 get { return rsa15 ? EncryptedXml.XmlEncRSA15Url : EncryptedXml.XmlEncRSAOAEPUrl; } 146 } 147 148 public override string DefaultAsymmetricSignatureAlgorithm { 149 get { return sha256 ? SecurityAlgorithms.RsaSha256Signature : SignedXml.XmlDsigRSASHA1Url; } 150 } 151 152 public override string DefaultCanonicalizationAlgorithm { 153 get { return SignedXml.XmlDsigExcC14NTransformUrl; } 154 } 155 156 157 public override string DefaultDigestAlgorithm { 158 get { return sha256 ? EncryptedXml.XmlEncSHA256Url : SignedXml.XmlDsigSHA1Url; } 159 } 160 161 public override string DefaultEncryptionAlgorithm { 162 get { 163 if (tdes) 164 return EncryptedXml.XmlEncTripleDESUrl; 165 switch (size) { 166 case 128: 167 return EncryptedXml.XmlEncAES128Url; 168 case 192: 169 return EncryptedXml.XmlEncAES192Url; 170 case 256: 171 return EncryptedXml.XmlEncAES256Url; 172 } 173 throw new Exception ("Should not happen."); 174 } 175 } 176 177 public override int DefaultEncryptionKeyDerivationLength { 178 get { return size; } 179 } 180 181 public override int DefaultSymmetricKeyLength { 182 get { return size; } 183 } 184 185 public override string DefaultSymmetricKeyWrapAlgorithm { 186 get { 187 if (tdes) 188 return EncryptedXml.XmlEncTripleDESKeyWrapUrl; 189 switch (size) { 190 case 128: 191 return EncryptedXml.XmlEncAES128KeyWrapUrl; 192 case 192: 193 return EncryptedXml.XmlEncAES192KeyWrapUrl; 194 case 256: 195 return EncryptedXml.XmlEncAES256KeyWrapUrl; 196 } 197 throw new Exception ("Should not happen."); 198 } 199 } 200 201 public override string DefaultSymmetricSignatureAlgorithm { 202 get { return sha256 ? SecurityAlgorithms.HmacSha256Signature : SignedXml.XmlDsigHMACSHA1Url; } 203 } 204 205 [MonoTODO] IsAsymmetricSignatureAlgorithmSupported( string algorithm)206 public override bool IsAsymmetricSignatureAlgorithmSupported ( 207 string algorithm) 208 { 209 throw new NotImplementedException (); 210 } 211 212 [MonoTODO] IsCanonicalizationAlgorithmSupported( string algorithm)213 public override bool IsCanonicalizationAlgorithmSupported ( 214 string algorithm) 215 { 216 throw new NotImplementedException (); 217 } 218 219 [MonoTODO] IsDigestAlgorithmSupported(string algorithm)220 public override bool IsDigestAlgorithmSupported (string algorithm) 221 { 222 throw new NotImplementedException (); 223 } 224 225 [MonoTODO] IsEncryptionAlgorithmSupported( string algorithm)226 public override bool IsEncryptionAlgorithmSupported ( 227 string algorithm) 228 { 229 throw new NotImplementedException (); 230 } 231 232 [MonoTODO] IsEncryptionKeyDerivationAlgorithmSupported( string algorithm)233 public override bool IsEncryptionKeyDerivationAlgorithmSupported ( 234 string algorithm) 235 { 236 throw new NotImplementedException (); 237 } 238 239 [MonoTODO] IsSignatureKeyDerivationAlgorithmSupported( string algorithm)240 public override bool IsSignatureKeyDerivationAlgorithmSupported ( 241 string algorithm) 242 { 243 throw new NotImplementedException (); 244 } 245 246 [MonoTODO] IsSymmetricSignatureAlgorithmSupported( string algorithm)247 public override bool IsSymmetricSignatureAlgorithmSupported ( 248 string algorithm) 249 { 250 throw new NotImplementedException (); 251 } 252 } 253 254 #endregion 255 256 #region Static members 257 258 static SecurityAlgorithmSuite b128, b128r, b128s, b128sr; 259 static SecurityAlgorithmSuite b192, b192r, b192s, b192sr; 260 static SecurityAlgorithmSuite b256, b256r, b256s, b256sr; 261 static SecurityAlgorithmSuite tdes, tdes_r, tdes_s, tdes_sr; 262 SecurityAlgorithmSuite()263 static SecurityAlgorithmSuite () 264 { 265 b128 = new BasicSecurityAlgorithmSuite (128, false, false); 266 b128r = new BasicSecurityAlgorithmSuite (128, false, true); 267 b128s = new BasicSecurityAlgorithmSuite (128, true, false); 268 b128sr = new BasicSecurityAlgorithmSuite (128, true, true); 269 b192 = new BasicSecurityAlgorithmSuite (192, false, false); 270 b192r = new BasicSecurityAlgorithmSuite (192, false, true); 271 b192s = new BasicSecurityAlgorithmSuite (192, true, false); 272 b192sr = new BasicSecurityAlgorithmSuite (192, true, true); 273 b256 = new BasicSecurityAlgorithmSuite (256, false, false); 274 b256r = new BasicSecurityAlgorithmSuite (256, false, true); 275 b256s = new BasicSecurityAlgorithmSuite (256, true, false); 276 b256sr = new BasicSecurityAlgorithmSuite (256, true, true); 277 tdes = new TripleDESSecurityAlgorithmSuite (false, false); 278 tdes_r = new TripleDESSecurityAlgorithmSuite (false, true); 279 tdes_s = new TripleDESSecurityAlgorithmSuite (true, false); 280 tdes_sr = new TripleDESSecurityAlgorithmSuite (true, true); 281 } 282 283 public static SecurityAlgorithmSuite Default { 284 get { return Basic256; } 285 } 286 287 public static SecurityAlgorithmSuite Basic128 { 288 get { return b128; } 289 } 290 291 public static SecurityAlgorithmSuite Basic128Rsa15 { 292 get { return b128r; } 293 } 294 295 public static SecurityAlgorithmSuite Basic128Sha256 { 296 get { return b128s; } 297 } 298 299 public static SecurityAlgorithmSuite Basic128Sha256Rsa15 { 300 get { return b128sr; } 301 } 302 303 public static SecurityAlgorithmSuite Basic192 { 304 get { return b192; } 305 } 306 307 public static SecurityAlgorithmSuite Basic192Rsa15 { 308 get { return b192r; } 309 } 310 311 public static SecurityAlgorithmSuite Basic192Sha256 { 312 get { return b192s; } 313 } 314 315 public static SecurityAlgorithmSuite Basic192Sha256Rsa15 { 316 get { return b192sr; } 317 } 318 319 public static SecurityAlgorithmSuite Basic256 { 320 get { return b256; } 321 } 322 323 public static SecurityAlgorithmSuite Basic256Rsa15 { 324 get { return b256r; } 325 } 326 327 public static SecurityAlgorithmSuite Basic256Sha256 { 328 get { return b256s; } 329 } 330 331 public static SecurityAlgorithmSuite Basic256Sha256Rsa15 { 332 get { return b256sr; } 333 } 334 335 public static SecurityAlgorithmSuite TripleDes { 336 get { return tdes; } 337 } 338 339 public static SecurityAlgorithmSuite TripleDesRsa15 { 340 get { return tdes_r; } 341 } 342 343 public static SecurityAlgorithmSuite TripleDesSha256 { 344 get { return tdes_s; } 345 } 346 347 public static SecurityAlgorithmSuite TripleDesSha256Rsa15 { 348 get { return tdes_sr; } 349 } 350 351 #endregion 352 353 #region Instance members 354 SecurityAlgorithmSuite()355 protected SecurityAlgorithmSuite () 356 { 357 } 358 359 public abstract string DefaultAsymmetricKeyWrapAlgorithm { get; } 360 361 public abstract string DefaultAsymmetricSignatureAlgorithm { get; } 362 363 public abstract string DefaultCanonicalizationAlgorithm { get; } 364 365 public abstract string DefaultDigestAlgorithm { get; } 366 367 public abstract string DefaultEncryptionAlgorithm { get; } 368 369 public abstract int DefaultEncryptionKeyDerivationLength { get; } 370 371 public abstract int DefaultSignatureKeyDerivationLength { get; } 372 373 public abstract int DefaultSymmetricKeyLength { get; } 374 375 public abstract string DefaultSymmetricKeyWrapAlgorithm { get; } 376 377 public abstract string DefaultSymmetricSignatureAlgorithm { get; } 378 IsAsymmetricKeyWrapAlgorithmSupported( string algorithm)379 public virtual bool IsAsymmetricKeyWrapAlgorithmSupported ( 380 string algorithm) 381 { 382 return algorithm == DefaultAsymmetricKeyWrapAlgorithm; 383 } 384 IsAsymmetricKeyLengthSupported(int length)385 public abstract bool IsAsymmetricKeyLengthSupported (int length); 386 IsAsymmetricSignatureAlgorithmSupported( string algorithm)387 public virtual bool IsAsymmetricSignatureAlgorithmSupported ( 388 string algorithm) 389 { 390 return algorithm == DefaultAsymmetricSignatureAlgorithm; 391 } 392 393 [MonoTODO] IsCanonicalizationAlgorithmSupported( string algorithm)394 public virtual bool IsCanonicalizationAlgorithmSupported ( 395 string algorithm) 396 { 397 throw new NotImplementedException (); 398 } 399 400 [MonoTODO] IsDigestAlgorithmSupported(string algorithm)401 public virtual bool IsDigestAlgorithmSupported (string algorithm) 402 { 403 throw new NotImplementedException (); 404 } 405 406 [MonoTODO] IsEncryptionAlgorithmSupported( string algorithm)407 public virtual bool IsEncryptionAlgorithmSupported ( 408 string algorithm) 409 { 410 throw new NotImplementedException (); 411 } 412 413 [MonoTODO] IsEncryptionKeyDerivationAlgorithmSupported( string algorithm)414 public virtual bool IsEncryptionKeyDerivationAlgorithmSupported ( 415 string algorithm) 416 { 417 throw new NotImplementedException (); 418 } 419 420 [MonoTODO] IsSignatureKeyDerivationAlgorithmSupported( string algorithm)421 public virtual bool IsSignatureKeyDerivationAlgorithmSupported ( 422 string algorithm) 423 { 424 throw new NotImplementedException (); 425 } 426 IsSymmetricKeyLengthSupported(int length)427 public abstract bool IsSymmetricKeyLengthSupported (int length); 428 429 [MonoTODO] IsSymmetricKeyWrapAlgorithmSupported( string algorithm)430 public virtual bool IsSymmetricKeyWrapAlgorithmSupported ( 431 string algorithm) 432 { 433 throw new NotImplementedException (); 434 } 435 436 [MonoTODO] IsSymmetricSignatureAlgorithmSupported( string algorithm)437 public virtual bool IsSymmetricSignatureAlgorithmSupported ( 438 string algorithm) 439 { 440 throw new NotImplementedException (); 441 } 442 443 #endregion 444 } 445 } 446