/// <summary>
/// Log the verification parameters when verifying the SignedInfo section of a signature using a
/// keyed hash algorithm
/// </summary>
/// <param name="signedXml">SignedXml object doing the verification</param>
/// <param name="mac">hash algoirthm doing the verification</param>
/// <param name="actualHashValue">hash value of the signed info</param>
/// <param name="signatureValue">raw signature value</param>
internal static void LogVerifySignedInfo(SignedXml signedXml,
KeyedHashAlgorithm mac,
byte[] actualHashValue,
byte[] signatureValue)
{
Debug.Assert(signedXml != null, "signedXml != null");
Debug.Assert(mac != null, "mac != null");
if (InformationLoggingEnabled)
{
string logMessage = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_VerifySignedInfoHmac"),
mac.GetType().Name);
WriteLine(signedXml,
TraceEventType.Information,
SignedXmlDebugEvent.VerifySignedInfo,
logMessage);
}
if (VerboseLoggingEnabled)
{
string hashLog = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_ActualHashValue"),
FormatBytes(actualHashValue));
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, hashLog);
string signatureLog = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_RawSignatureValue"),
FormatBytes(signatureValue));
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, signatureLog);
}
}
public JsonWebKey(KeyedHashAlgorithm key)
{
if (key is HMAC hmacKey)
{
SetHmacKey(hmacKey);
return;
}
throw new ArgumentException($"Unsupported key type: {key.GetType()}");
}
public virtual IHasherTasks CloneLightHasher()
{
InitializeHashKey();
var hasher = new KeyedHasher
{
_hashAlgorithm = KeyedHashAlgorithm.Create(_hashAlgorithm.GetType().FullName),
IsHashKeyInitialized = true,
KeyStorage = null,
};
hasher._hashAlgorithm.Key = (byte[])_hashAlgorithm.Key.Clone();
return(hasher);
}
/// <summary>
/// Log the computation of a signature value when signing with a keyed hash algorithm
/// </summary>
/// <param name="signedXml">SignedXml object calculating the signature</param>
/// <param name="key">key the signature is created with</param>
/// <param name="hash">hash algorithm used to digest the output</param>
/// <param name="asymmetricSignatureFormatter">signature formatter used to do the signing</param>
internal static void LogSigning(SignedXml signedXml, KeyedHashAlgorithm key)
{
Debug.Assert(signedXml != null, "signedXml != null");
Debug.Assert(key != null, "key != null");
if (InformationLoggingEnabled)
{
string logMessage = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_SigningHmac"),
key.GetType().Name);
WriteLine(signedXml,
TraceEventType.Information,
SignedXmlDebugEvent.Signing,
logMessage);
}
}
public void ProcessOutputRecord(Record output)
{
Log.Trace("Processing output record with seq no: " + output.SequenceNumber);
Log.Trace("Processing output record with MAC: " + _outputHasher.GetType().Name);
Log.Trace("Processing output record with Crypto: " + _outputCipherSuite.CipherSuiteName);
// Construct the sequence number correctly
UInt64 seqNum = _outputSequenceNumber;
if (output.Version.IsUsingDatagrams)
{
if ((_outputSequenceNumber >> 48) != 0)
{
// TODO: need renegotiation, throw Exception?
}
seqNum = (((UInt64)_outputEpoch) << 48) | _outputSequenceNumber;
}
// In case of AEAD we need to create a new encryptor for each record
byte[] nonceExplicit = new byte[0];
if (_outputCipherSuite.BulkCipherAlgorithm.Type == BulkCipherAlgorithmType.AEAD)
{
_encryptor = CreateAEADEncryptor(_outputCipherSuite, output, _outputKey, _outputFixedIV, _outputRecordIV, seqNum, out nonceExplicit);
}
CompressRecord(output);
//_outputHasher = _outputCipherSuite.MACAlgorithm.CreateHasher(_outputKeyBlock.ClientWriteMACKey);
var mac = GenerateMAC(_outputCipherSuite, output, seqNum, _outputHasher);
Log.Trace("MAC for seq " + seqNum + ": " + BitConverter.ToString(mac));
GeneratePadding(this._outputCipherSuite, output);
EncryptRecord(this._outputCipherSuite, output, this._encryptor, nonceExplicit);
// If we're running DTLS, set epoch and seqnum
if (output.Version.IsUsingDatagrams)
{
output.Epoch = _outputEpoch;
output.SequenceNumber = _outputSequenceNumber;
}
// Update the output sequence number
_outputSequenceNumber++;
}
/// <summary>
/// <para>Determines if the <paramref name="key"/> is valid.</para>
/// </summary>
/// <param name="key">The key to test.</param>
/// <returns><para><see langword="true"/> if the key is valid; otherwise <see langword="false"/>.</para></returns>
public bool KeyIsValid(byte[] key)
{
bool result = false;
try
{
algorithm.Key = key;
algorithm.ComputeHash(new byte[] { 0, 1, 2, 3 });
result = true;
}
catch
{ /* suppress */
}
algorithm = CreateAlgorithm(algorithm.GetType().AssemblyQualifiedName);
return(result);
}
internal static void LogVerifySignedInfo(SignedXml signedXml, KeyedHashAlgorithm mac, byte[] actualHashValue, byte[] signatureValue)
{
if (InformationLoggingEnabled)
{
string data = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_VerifySignedInfoHmac"), new object[] { mac.GetType().Name });
WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.VerifySignedInfo, data);
}
if (VerboseLoggingEnabled)
{
string str2 = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_ActualHashValue"), new object[] { FormatBytes(actualHashValue) });
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, str2);
string str3 = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_RawSignatureValue"), new object[] { FormatBytes(signatureValue) });
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, str3);
}
}
internal static void LogSigning(SignedXml signedXml, KeyedHashAlgorithm key)
{
if (InformationLoggingEnabled)
{
string data = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_SigningHmac"), new object[] { key.GetType().Name });
WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.Signing, data);
}
}
/// <summary>
/// Log the verification parameters when verifying the SignedInfo section of a signature using a
/// keyed hash algorithm
/// </summary>
/// <param name="signedXml">SignedXml object doing the verification</param>
/// <param name="mac">hash algoirthm doing the verification</param>
/// <param name="actualHashValue">hash value of the signed info</param>
/// <param name="signatureValue">raw signature value</param>
internal static void LogVerifySignedInfo(SignedXml signedXml,
KeyedHashAlgorithm mac,
byte[] actualHashValue,
byte[] signatureValue) {
Debug.Assert(signedXml != null, "signedXml != null");
Debug.Assert(mac != null, "mac != null");
if (InformationLoggingEnabled) {
string logMessage = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_VerifySignedInfoHmac"),
mac.GetType().Name);
WriteLine(signedXml,
TraceEventType.Information,
SignedXmlDebugEvent.VerifySignedInfo,
logMessage);
}
if (VerboseLoggingEnabled) {
string hashLog = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_ActualHashValue"),
FormatBytes(actualHashValue));
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, hashLog);
string signatureLog = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_RawSignatureValue"),
FormatBytes(signatureValue));
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, signatureLog);
}
}
/// <summary>
/// Log the computation of a signature value when signing with a keyed hash algorithm
/// </summary>
/// <param name="signedXml">SignedXml object calculating the signature</param>
/// <param name="key">key the signature is created with</param>
/// <param name="hash">hash algorithm used to digest the output</param>
/// <param name="asymmetricSignatureFormatter">signature formatter used to do the signing</param>
internal static void LogSigning(SignedXml signedXml, KeyedHashAlgorithm key) {
Debug.Assert(signedXml != null, "signedXml != null");
Debug.Assert(key != null, "key != null");
if (InformationLoggingEnabled) {
string logMessage = String.Format(CultureInfo.InvariantCulture,
SecurityResources.GetResourceString("Log_SigningHmac"),
key.GetType().Name);
WriteLine(signedXml,
TraceEventType.Information,
SignedXmlDebugEvent.Signing,
logMessage);
}
}
