public byte[] getE() { if (e_array == null) { dh = new DiffieHellmanManaged(p, g, 0); e_array = dh.CreateKeyExchange(); } return e_array; }
void Dispose(bool disposing) { if (disposing) { if (dh != null) { ((IDisposable)dh).Dispose(); dh = null; } } }
public DiffieHellmanProviderSession(OpenIdProvider provider) : base(provider) { sessionType = Util.GetRequiredArg(provider.Query, Protocol.openid.session_type); Debug.Assert(Array.IndexOf(Protocol.Args.SessionType.AllDiffieHellman, sessionType) >= 0, "We should not have been invoked if this wasn't a recognized DH session request."); byte[] dh_modulus = Util.GetOptionalBase64Arg(Provider.Query, Protocol.openid.dh_modulus) ?? DiffieHellmanUtil.DEFAULT_MOD; byte[] dh_gen = Util.GetOptionalBase64Arg(Provider.Query, Protocol.openid.dh_gen) ?? DiffieHellmanUtil.DEFAULT_GEN; dh = new DiffieHellmanManaged(dh_modulus, dh_gen, 1024); consumerPublicKey = Util.GetRequiredBase64Arg(Provider.Query, Protocol.openid.dh_consumer_public); }
public static byte[] SHAHashXorSecret(HashAlgorithm hasher, DiffieHellman dh, byte[] keyEx, byte[] encMacKey) { byte[] dhShared = dh.DecryptKeyExchange(keyEx); byte[] shaDhShared = hasher.ComputeHash(ensurePositive(dhShared)); if (shaDhShared.Length != encMacKey.Length) { throw new ArgumentOutOfRangeException(string.Format(CultureInfo.CurrentCulture, "encMacKey's length ({0}) does not match the length of the hashing algorithm ({1}).", encMacKey.Length, shaDhShared.Length)); } byte[] secret = new byte[encMacKey.Length]; for (int i = 0; i < encMacKey.Length; i++) { secret[i] = (byte)(encMacKey[i] ^ shaDhShared[i]); } return secret; }
/// <summary> /// Encrypts/decrypts a shared secret. /// </summary> /// <param name="hasher">The hashing algorithm that is agreed by both parties to use as part of the secret exchange.</param> /// <param name="dh"> /// If the secret is being encrypted, this is the new Diffie Hellman object to use. /// If the secret is being decrypted, this must be the same Diffie Hellman object used to send the original request message. /// </param> /// <param name="remotePublicKey">The public key of the remote party.</param> /// <param name="plainOrEncryptedSecret">The secret to encode, or the encoded secret. Whichever one is given will generate the opposite in the return value.</param> /// <returns> /// The encrypted version of the secret if the secret itself was given in <paramref name="remotePublicKey"/>. /// The secret itself if the encrypted version of the secret was given in <paramref name="remotePublicKey"/>. /// </returns> internal static byte[] SHAHashXorSecret(HashAlgorithm hasher, DiffieHellman dh, byte[] remotePublicKey, byte[] plainOrEncryptedSecret) { Requires.NotNull(hasher, "hasher"); Requires.NotNull(dh, "dh"); Requires.NotNull(remotePublicKey, "remotePublicKey"); Requires.NotNull(plainOrEncryptedSecret, "plainOrEncryptedSecret"); byte[] sharedBlock = dh.DecryptKeyExchange(remotePublicKey); byte[] sharedBlockHash = hasher.ComputeHash(EnsurePositive(sharedBlock)); ErrorUtilities.VerifyProtocol(sharedBlockHash.Length == plainOrEncryptedSecret.Length, OpenIdStrings.AssociationSecretHashLengthMismatch, plainOrEncryptedSecret.Length, sharedBlockHash.Length); byte[] secret = new byte[plainOrEncryptedSecret.Length]; for (int i = 0; i < plainOrEncryptedSecret.Length; i++) { secret[i] = (byte)(plainOrEncryptedSecret[i] ^ sharedBlockHash[i]); } return secret; }
public AssociateResponse(OpenIdRelyingParty relyingParty, ServiceEndpoint provider, IDictionary<string, string> args, DiffieHellman dh) : base(relyingParty, provider, args) { DH = dh; if (Args.ContainsKey(Protocol.openidnp.assoc_handle)) { initializeAssociation(); } else { // Attempt to recover from an unsupported assoc_type if (Protocol.Version.Major >= 2) { if (Util.GetRequiredArg(Args, Protocol.openidnp.error_code) == Protocol.Args.ErrorCode.UnsupportedType) { string assoc_type = Util.GetRequiredArg(Args, Protocol.openidnp.assoc_type); string session_type = Util.GetRequiredArg(Args, Protocol.openidnp.session_type); // If the suggested options are among those we support... if (Array.IndexOf(Protocol.Args.SignatureAlgorithm.All, assoc_type) >= 0 && Array.IndexOf(Protocol.Args.SessionType.All, session_type) >= 0 && RelyingParty.Settings.IsAssociationInPermittedRange(Protocol, assoc_type)) { SecondAttempt = AssociateRequest.Create(RelyingParty, Provider, assoc_type, session_type, false); } } } } }
protected DiffieHellman _exchangeAlgorithm; // Exchange algorithm to use. #endregion Fields #region Constructors public SshDiffieHellmanGroup1Sha1() : base() { _exchangeAlgorithm = new DiffieHellmanManaged(1024, 0, DHKeyGeneration.Static); _hashAlgorithm = new SHA1CryptoServiceProvider(); }
/// <summary> /// Called by the Relying Party to initialize the Diffie-Hellman algorithm and consumer public key properties. /// </summary> internal void InitializeRequest() { #if !ExcludeDiffieHellman if (this.DiffieHellmanModulus == null || this.DiffieHellmanGen == null) { throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture, OpenIdStrings.DiffieHellmanRequiredPropertiesNotSet, string.Join(", ", new string[] { "DiffieHellmanModulus", "DiffieHellmanGen" }))); } this.Algorithm = new DiffieHellmanManaged(this.DiffieHellmanModulus ?? DefaultMod, this.DiffieHellmanGen ?? DefaultGen, DefaultX); byte[] consumerPublicKeyExchange = this.Algorithm.CreateKeyExchange(); this.DiffieHellmanConsumerPublic = DiffieHellmanUtilities.EnsurePositive(consumerPublicKeyExchange); #else throw new NotSupportedException(); #endif }
/// <summary> /// Instantiates an <see cref="AssociateRequest"/> object. /// </summary> /// <param name="relyingParty">The RP instance that is creating this request.</param> /// <param name="provider">The discovered OpenID Provider endpoint information.</param> /// <param name="args">The arguments assembled for sending to the Provider.</param> /// <param name="dh">Optional. Supplied only if Diffie-Hellman is used for encrypting the association secret key.</param> AssociateRequest(OpenIdRelyingParty relyingParty, ServiceEndpoint provider, IDictionary<string, string> args, DiffieHellman dh) : base(relyingParty, provider, args) { DH = dh; }