public static StatusCode SecureSymmetric(MemoryBuffer respBuf, int messageEncodedBlockStart, SLChannel.Keyset localKeyset, SLChannel.Keyset remoteKeyset, SecurityPolicy policy, MessageSecurityMode securityMode)
{
if (securityMode == MessageSecurityMode.None)
{
return(StatusCode.Good);
}
int sigSize = Sha1Size;
if (securityMode >= MessageSecurityMode.SignAndEncrypt)
{
//int padSize2 = CalculateSymmetricPaddingSize(remoteKeyset.SymEncKey.Length, sigSize + respBuf.Position - messageEncodedBlockStart);
int padSize = CalculateSymmetricPaddingSize(localKeyset.SymEncKey.Length, sigSize + respBuf.Position - messageEncodedBlockStart);
byte paddingValue = (byte)((padSize - 1) & 0xFF);
var appendPadding = new byte[padSize];
for (int i = 0; i < padSize; i++)
{
appendPadding[i] = paddingValue;
}
respBuf.Append(appendPadding);
}
int msgSize = respBuf.Position + sigSize;
if (securityMode >= MessageSecurityMode.SignAndEncrypt)
{
msgSize = messageEncodedBlockStart + CalculateSymmetricEncryptedSize(localKeyset.SymEncKey.Length, msgSize - messageEncodedBlockStart);
}
if (msgSize >= respBuf.Capacity)
{
return(StatusCode.BadEncodingLimitsExceeded);
}
MarkUAMessageSize(respBuf, (UInt32)msgSize);
var sig = UASecurity.SymmetricSign(localKeyset.SymSignKey,
new ArraySegment <byte>(respBuf.Buffer, 0, respBuf.Position));
respBuf.Append(sig);
if (msgSize != respBuf.Position)
{
throw new Exception();
return(StatusCode.BadInternalError);
}
if (securityMode >= MessageSecurityMode.SignAndEncrypt)
{
int encrLen = UASecurity.RijndaelEncryptInplace(
new ArraySegment <byte>(respBuf.Buffer, messageEncodedBlockStart, msgSize - messageEncodedBlockStart),
localKeyset.SymEncKey, localKeyset.SymIV);
}
return(StatusCode.Good);
}
public static StatusCode SecureSymmetric(
MemoryBuffer respBuf,
int messageEncodedBlockStart,
SLChannel.Keyset localKeyset,
SLChannel.Keyset remoteKeyset,
SecurityPolicy policy,
MessageSecurityMode securityMode)
{
if (securityMode == MessageSecurityMode.None)
{
return(StatusCode.Good);
}
int num1 = UASecurity.SignatureSizeForSecurityPolicy(policy);
if (securityMode >= MessageSecurityMode.SignAndEncrypt)
{
int symmetricPaddingSize = UASecurity.CalculateSymmetricPaddingSize(localKeyset.SymEncKey.Length, num1 + respBuf.Position - messageEncodedBlockStart);
byte num2 = (byte)(symmetricPaddingSize - 1 & byte.MaxValue);
byte[] Add = new byte[symmetricPaddingSize];
for (int index = 0; index < symmetricPaddingSize; ++index)
{
Add[index] = num2;
}
respBuf.Append(Add);
}
int num3 = respBuf.Position + num1;
if (securityMode >= MessageSecurityMode.SignAndEncrypt)
{
num3 = messageEncodedBlockStart + UASecurity.CalculateSymmetricEncryptedSize(localKeyset.SymEncKey.Length, num3 - messageEncodedBlockStart);
}
if (num3 >= respBuf.Capacity)
{
return(StatusCode.BadEncodingLimitsExceeded);
}
UASecurity.MarkUAMessageSize(respBuf, (uint)num3);
byte[] Add1 = UASecurity.SymmetricSign(localKeyset.SymSignKey, new ArraySegment <byte>(respBuf.Buffer, 0, respBuf.Position), policy);
respBuf.Append(Add1);
if (num3 != respBuf.Position)
{
throw new Exception();
}
if (securityMode >= MessageSecurityMode.SignAndEncrypt)
{
UASecurity.RijndaelEncryptInplace(new ArraySegment <byte>(respBuf.Buffer, messageEncodedBlockStart, num3 - messageEncodedBlockStart), localKeyset.SymEncKey, localKeyset.SymIV);
}
return(StatusCode.Good);
}
public static StatusCode UnsecureSymmetric(MemoryBuffer recvBuf, uint tokenID, uint?prevTokenID, int messageEncodedBlockStart, SLChannel.Keyset localKeyset, SLChannel.Keyset[] remoteKeysets, SecurityPolicy policy, MessageSecurityMode securityMode, out int decrSize)
{
decrSize = -1;
int restorePos = recvBuf.Position;
byte type = 0;
uint messageSize = 0;
UInt32 secureChannelId, securityTokenId, securitySeqNum, securityReqId;
if (!recvBuf.Decode(out type))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out messageSize))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out secureChannelId))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out securityTokenId))
{
return(StatusCode.BadDecodingError);
}
int keysetIdx = -1;
if (tokenID == securityTokenId)
{
keysetIdx = 0;
}
else if (prevTokenID.HasValue && prevTokenID.Value == securityTokenId)
{
keysetIdx = 1;
}
else
{
return(StatusCode.BadSecureChannelTokenUnknown);
}
//UInt32 respDecodeSize = messageSize;
if (securityMode == MessageSecurityMode.SignAndEncrypt)
{
try
{
decrSize = UASecurity.RijndaelDecryptInplace(
new ArraySegment <byte>(recvBuf.Buffer, messageEncodedBlockStart, (int)messageSize - messageEncodedBlockStart),
remoteKeysets[keysetIdx].SymEncKey, remoteKeysets[keysetIdx].SymIV) + messageEncodedBlockStart;
//respDecodeSize = (UInt32)(messageEncodedBlockStart + decrSize);
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
if (securityMode >= MessageSecurityMode.Sign)
{
try
{
int sigSize = SignatureSizeForSecurityPolicy(policy);
var sigData = new ArraySegment <byte>(recvBuf.Buffer, 0, (int)messageSize - sigSize);
var sig = new ArraySegment <byte>(recvBuf.Buffer, (int)messageSize - sigSize, sigSize).ToArray();
var sigExpect = UASecurity.SymmetricSign(remoteKeysets[keysetIdx].SymSignKey, sigData, policy);
if (sig.Length != sigExpect.Length)
{
return(StatusCode.BadSecurityChecksFailed);
}
for (int i = 0; i < sig.Length; i++)
{
if (sig[i] != sigExpect[i])
{
return(StatusCode.BadSecurityChecksFailed);
}
}
byte padValue = (byte)(recvBuf.Buffer[messageSize - sigSize - 1] + 1);
if (decrSize > 0)
{
decrSize -= sigSize;
decrSize -= (int)padValue;
if (decrSize <= 0)
{
return(StatusCode.BadSecurityChecksFailed);
}
}
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
if (!recvBuf.Decode(out securitySeqNum))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out securityReqId))
{
return(StatusCode.BadDecodingError);
}
recvBuf.Position = restorePos;
return(StatusCode.Good);
}
public static StatusCode UnsecureSymmetric(
MemoryBuffer recvBuf,
uint tokenID,
uint?prevTokenID,
int messageEncodedBlockStart,
SLChannel.Keyset localKeyset,
SLChannel.Keyset[] remoteKeysets,
SecurityPolicy policy,
MessageSecurityMode securityMode,
out int decrSize)
{
decrSize = -1;
int position = recvBuf.Position;
if (!recvBuf.Decode(out byte v1) || !recvBuf.Decode(out uint v2) || (!recvBuf.Decode(out uint _) || !recvBuf.Decode(out uint v3)))
{
return(StatusCode.BadDecodingError);
}
int index1;
if ((int)tokenID == (int)v3)
{
index1 = 0;
}
else
{
if (!prevTokenID.HasValue || (int)prevTokenID.Value != (int)v3)
{
return(StatusCode.BadSecureChannelTokenUnknown);
}
index1 = 1;
}
if (securityMode == MessageSecurityMode.SignAndEncrypt)
{
try
{
decrSize = UASecurity.RijndaelDecryptInplace(new ArraySegment <byte>(recvBuf.Buffer, messageEncodedBlockStart, (int)v2 - messageEncodedBlockStart), remoteKeysets[index1].SymEncKey, remoteKeysets[index1].SymIV) + messageEncodedBlockStart;
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
else
{
decrSize = (int)v2;
}
if (securityMode >= MessageSecurityMode.Sign)
{
try
{
int count = UASecurity.SignatureSizeForSecurityPolicy(policy);
ArraySegment <byte> data = new ArraySegment <byte>(recvBuf.Buffer, 0, (int)v2 - count);
byte[] array = new ArraySegment <byte>(recvBuf.Buffer, (int)v2 - count, count).ToArray();
byte[] numArray = UASecurity.SymmetricSign(remoteKeysets[index1].SymSignKey, data, policy);
if (array.Length != numArray.Length)
{
return(StatusCode.BadSecurityChecksFailed);
}
for (int index2 = 0; index2 < array.Length; ++index2)
{
if (array[index2] != numArray[index2])
{
return(StatusCode.BadSecurityChecksFailed);
}
}
byte num = securityMode == MessageSecurityMode.SignAndEncrypt ? (byte)(recvBuf.Buffer[v2 - count - 1L] + 1U) : (byte)0;
if (decrSize > 0)
{
decrSize -= count;
decrSize -= num;
if (decrSize <= 0)
{
return(StatusCode.BadSecurityChecksFailed);
}
}
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
if (!recvBuf.Decode(out uint _) || !recvBuf.Decode(out uint _))
{
return(StatusCode.BadDecodingError);
}
recvBuf.Position = position;
return(StatusCode.Good);
}
