//
// Summary:
// Creates a new InfoCardKeyedHashAlgorithm based on a SymmetricCryptoHandle.
//
// Parameters:
// cryptoHandle - The handle to the symmetric key on which to base the keyed hash.
//
public InfoCardKeyedHashAlgorithm(SymmetricCryptoHandle cryptoHandle)
{
InternalRefCountedHandle nativeHandle = null;
try
{
//
// Call native api to get a hashCryptoHandle.
//
int status = CardSpaceSelector.GetShim().m_csShimGetKeyedHash(cryptoHandle.InternalHandle, out nativeHandle);
if (0 != status)
{
IDT.CloseInvalidOutSafeHandle(nativeHandle);
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
m_cryptoHandle = (HashCryptoHandle)CryptoHandle.Create(nativeHandle);
m_param = (RpcHashCryptoParameters)m_cryptoHandle.Parameters;
}
catch
{
if (null != m_cryptoHandle)
{
m_cryptoHandle.Dispose();
}
throw;
}
}
//
// Summary:
// Special function for transforming the last block or partial block in the stream. The
// return value is an array containting the remaining transformed bytes.
// We return a new array here because the amount of information we send back at the end could
// be larger than a single block once padding is accounted for.
//
// Parameters:
// inputBuffer - The input for which to compute the transform.
// inputOffset - The offset into the byte array from which to begin using data.
// inputCount - The number of bytes in the byte array to use as data.
//
// Returns:
// The computed transform.
//
public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
{
IDT.DebugAssert(null != inputBuffer && 0 != inputBuffer.Length, "null input buffer");
IDT.DebugAssert(0 != inputCount, "0 input count");
GlobalAllocSafeHandle pOutData = null;
int cbOutData = 0;
byte[] outData;
using (HGlobalSafeHandle pInData = HGlobalSafeHandle.Construct(inputCount))
{
Marshal.Copy(inputBuffer, inputOffset, pInData.DangerousGetHandle(), inputCount);
int status = CardSpaceSelector.GetShim().m_csShimTransformFinalBlock(m_transCryptoHandle.InternalHandle,
inputCount,
pInData,
out cbOutData,
out pOutData);
if (0 != status)
{
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
pOutData.Length = cbOutData;
outData = DiagnosticUtility.Utility.AllocateByteArray(pOutData.Length);
using (pOutData)
{
Marshal.Copy(pOutData.DangerousGetHandle(), outData, 0, pOutData.Length);
}
}
return(outData);
}
public byte[] Decrypt(byte[] inData, bool fAOEP)
{
GlobalAllocSafeHandle pOutData = null;
int cbOutData = 0;
byte[] outData;
IDT.ThrowInvalidArgumentConditional(null == inData, "indata");
using (HGlobalSafeHandle pInData = HGlobalSafeHandle.Construct(inData.Length))
{
Marshal.Copy(inData, 0, pInData.DangerousGetHandle(), inData.Length);
int status = CardSpaceSelector.GetShim().m_csShimDecrypt(m_cryptoHandle.InternalHandle,
fAOEP,
inData.Length,
pInData,
out cbOutData,
out pOutData);
if (0 != status)
{
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
pOutData.Length = cbOutData;
outData = DiagnosticUtility.Utility.AllocateByteArray(pOutData.Length);
using (pOutData)
{
Marshal.Copy(pOutData.DangerousGetHandle(), outData, 0, pOutData.Length);
}
}
return(outData);
}
protected void ThrowIfDisposed()
{
if (m_isDisposed)
{
throw IDT.ThrowHelperError(new ObjectDisposedException(SR.GetString(SR.ClientCryptoSessionDisposed)));
}
}
private void ThrowIfInvalid()
{
if (IsInvalid)
{
throw IDT.ThrowHelperError(new ObjectDisposedException("InternalRefCountedHandle"));
}
}
public bool VerifyHash(byte[] hash, string hashAlgOid, byte[] sig)
{
IDT.ThrowInvalidArgumentConditional(null == hash || 0 == hash.Length, "hash");
IDT.ThrowInvalidArgumentConditional(String.IsNullOrEmpty(hashAlgOid), "hashAlgOid");
IDT.ThrowInvalidArgumentConditional(null == sig || 0 == sig.Length, "sig");
bool verified = false;
using (HGlobalSafeHandle pHash = HGlobalSafeHandle.Construct(hash.Length))
{
using (HGlobalSafeHandle pHashAlgOid = HGlobalSafeHandle.Construct(hashAlgOid))
{
Marshal.Copy(hash, 0, pHash.DangerousGetHandle(), hash.Length);
int status = 0;
using (HGlobalSafeHandle pSig = HGlobalSafeHandle.Construct(sig.Length))
{
Marshal.Copy(sig, 0, pSig.DangerousGetHandle(), sig.Length);
status = CardSpaceSelector.GetShim().m_csShimVerifyHash(m_cryptoHandle.InternalHandle,
hash.Length,
pHash,
pHashAlgOid,
sig.Length,
pSig,
out verified);
}
if (0 != status)
{
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
}
}
return(verified);
}
//
// Sumamry:
// Returns a HashAlgorithm
//
// Parameters:
// algorithmUri - the uri of the hash algorithm being requested.
//
public override HashAlgorithm GetHashAlgorithmForSignature(string algorithmUri)
{
switch (algorithmUri)
{
case SignedXml.XmlDsigRSASHA1Url:
return(new SHA1Managed());
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
}
//
// Summary:
// Returns a KeyedHashAlgorithm based on the underlying crypto handle and the algorithm passed in.
//
public override KeyedHashAlgorithm GetKeyedHashAlgorithm(string algorithmUri)
{
switch (algorithmUri)
{
case SecurityAlgorithms.HmacSha1Signature:
return(new InfoCardKeyedHashAlgorithm(m_cryptoHandle));
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
}
//
// Summary:
// Returns a Signature formatter.
//
// Parameters:
// algorithmUri - the uri of signature formatter being requeted.
//
public override AsymmetricSignatureFormatter GetSignatureFormatter(string algorithmUri)
{
switch (algorithmUri)
{
case SignedXml.XmlDsigRSASHA1Url:
return(new InfoCardRSAPKCS1SignatureFormatter(m_rsa));
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
}
//
// Summary:
// Returns a reference to the InfoCardRSACryptoProvider that give Indigo access to
// the private key associated with the infocard, recipient tuple.
//
// Parameters:
// algorithmUri - The URI of the algorithm being requested.
// privateKey - set to true if access to the private key is required.
//
public override AsymmetricAlgorithm GetAsymmetricAlgorithm(string algorithmUri, bool privateKey)
{
switch (algorithmUri)
{
case SignedXml.XmlDsigRSASHA1Url:
case EncryptedXml.XmlEncRSA15Url:
case EncryptedXml.XmlEncRSAOAEPUrl:
return(m_rsa);
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
}
//
// Summary:
// Implements the HashFinal method of the KeyedHashAlgorithm class by calling the InfoCard native client.
//
protected override byte[] HashFinal()
{
byte[] outData = null;
int cbOutData = 0;
IDT.DebugAssert(null != m_cachedBlock, "null cached block");
HGlobalSafeHandle pInData = null;
GlobalAllocSafeHandle pOutData = null;
try
{
if (null != m_cachedBlock)
{
if (0 != m_cachedBlock.Length)
{
pInData = HGlobalSafeHandle.Construct(m_cachedBlock.Length);
Marshal.Copy(m_cachedBlock, 0, pInData.DangerousGetHandle(), m_cachedBlock.Length);
}
int status = CardSpaceSelector.GetShim().m_csShimHashFinal(m_cryptoHandle.InternalHandle,
m_cachedBlock.Length,
null != pInData ? pInData : HGlobalSafeHandle.Construct(),
out cbOutData,
out pOutData);
if (0 != status)
{
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
pOutData.Length = cbOutData;
outData = DiagnosticUtility.Utility.AllocateByteArray(pOutData.Length);
using (pOutData)
{
Marshal.Copy(pOutData.DangerousGetHandle(), outData, 0, pOutData.Length);
}
}
}
finally
{
if (null != pInData)
{
pInData.Dispose();
}
Array.Clear(m_cachedBlock, 0, m_cachedBlock.Length);
m_cachedBlock = null;
}
return(outData);
}
// ISymmetricCrypto
public override byte[] GenerateDerivedKey(string algorithmUri,
byte[] label,
byte[] nonce,
int derivedKeyLength,
int offset)
{
IDT.DebugAssert(!String.IsNullOrEmpty(algorithmUri), "null alg uri");
IDT.DebugAssert(null != label && 0 != label.Length, "null label");
IDT.DebugAssert(null != nonce && 0 != nonce.Length, "null nonce");
if (!IsSupportedAlgorithm(algorithmUri))
{
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
byte[] derivedKey = null;
using (HGlobalSafeHandle pLabel = HGlobalSafeHandle.Construct(label.Length))
{
using (HGlobalSafeHandle pNonce = HGlobalSafeHandle.Construct(nonce.Length))
{
GlobalAllocSafeHandle pDerivedKey = null;
int cbDerivedKey = 0;
Marshal.Copy(label, 0, pLabel.DangerousGetHandle(), label.Length);
Marshal.Copy(nonce, 0, pNonce.DangerousGetHandle(), nonce.Length);
int status = CardSpaceSelector.GetShim().m_csShimGenerateDerivedKey(m_cryptoHandle.InternalHandle,
label.Length,
pLabel,
nonce.Length,
pNonce,
derivedKeyLength,
offset,
algorithmUri,
out cbDerivedKey,
out pDerivedKey);
if (0 != status)
{
throw IDT.ThrowHelperError(new Win32Exception(status));
}
pDerivedKey.Length = cbDerivedKey;
derivedKey = new byte[pDerivedKey.Length];
using (pDerivedKey)
{
Marshal.Copy(pDerivedKey.DangerousGetHandle(), derivedKey, 0, pDerivedKey.Length);
}
}
}
return(derivedKey);
}
//
// Parameters:
// target - The target of the token being described.
// parameters - describes the type of token required by the target.
//
public CardSpacePolicyElement(XmlElement target, XmlElement issuer, Collection <XmlElement> parameters, Uri privacyNoticeLink, int privacyNoticeVersion, bool isManagedIssuer)
{
//
// Ensure that if a version is specified( value != 0 ), that a valid url is specified.
//
IDT.ThrowInvalidArgumentConditional(0 == privacyNoticeVersion && null != privacyNoticeLink, "privacyNoticeVersion");
IDT.ThrowInvalidArgumentConditional(0 != privacyNoticeVersion && null == privacyNoticeLink, "privacyNoticeLink");
m_target = target;
m_issuer = issuer;
m_parameters = parameters;
m_policyNoticeLink = privacyNoticeLink;
m_policyNoticeVersion = privacyNoticeVersion;
m_isManagedIssuer = isManagedIssuer;
}
//
// Summary:
// Given a pointer to a native cryptosession this method creates the appropriate CryptoHandle type.
//
static internal CryptoHandle Create(InternalRefCountedHandle nativeHandle)
{
CryptoHandle handle = null;
bool mustRelease = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
nativeHandle.DangerousAddRef(ref mustRelease);
RpcInfoCardCryptoHandle hCrypto =
(RpcInfoCardCryptoHandle)Marshal.PtrToStructure(nativeHandle.DangerousGetHandle(),
typeof(RpcInfoCardCryptoHandle));
DateTime expiration = DateTime.FromFileTimeUtc(hCrypto.expiration);
switch (hCrypto.type)
{
case RpcInfoCardCryptoHandle.HandleType.Asymmetric:
handle = new AsymmetricCryptoHandle(nativeHandle, expiration, hCrypto.cryptoParameters);
break;
case RpcInfoCardCryptoHandle.HandleType.Symmetric:
handle = new SymmetricCryptoHandle(nativeHandle, expiration, hCrypto.cryptoParameters);
break;
case RpcInfoCardCryptoHandle.HandleType.Transform:
handle = new TransformCryptoHandle(nativeHandle, expiration, hCrypto.cryptoParameters);
break;
case RpcInfoCardCryptoHandle.HandleType.Hash:
handle = new HashCryptoHandle(nativeHandle, expiration, hCrypto.cryptoParameters);
break;
default:
IDT.DebugAssert(false, "Invalid crypto operation type");
throw IDT.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.GeneralExceptionMessage)));
}
return(handle);
}
finally
{
if (mustRelease)
{
nativeHandle.DangerousRelease();
}
}
}
//
// Summary:
// Returns a SymmetricAlgorithm based on the underlying crypto handle and the algorithm passed in.
//
public override SymmetricAlgorithm GetSymmetricAlgorithm(string algorithmUri)
{
SymmetricAlgorithm algorithm;
switch (algorithmUri)
{
case SecurityAlgorithms.Aes128Encryption:
algorithm = new InfoCardSymmetricAlgorithm(m_cryptoHandle);
break;
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
return(algorithm);
}
//
// Summary:
// Implements the HashCore method of the KeyedHashAlgorithm class by calling the InfoCard native client.
//
// Parameters:
// array - the bytes to hash.
// ibStart - the index in the array from which to begin hashing.
// cbSize - the number of bytes after the starting index to hash.
//
protected override void HashCore(byte[] array, int ibStart, int cbSize)
{
//
// will cache one block and call TransformBlock on the previous block.
//
if (null != m_cachedBlock)
{
HGlobalSafeHandle pInData = null;
try
{
if (0 != m_cachedBlock.Length)
{
pInData = HGlobalSafeHandle.Construct(m_cachedBlock.Length);
Marshal.Copy(m_cachedBlock, 0, pInData.DangerousGetHandle(), m_cachedBlock.Length);
}
int status = CardSpaceSelector.GetShim().m_csShimHashCore(m_cryptoHandle.InternalHandle,
m_cachedBlock.Length,
null != pInData ? pInData : HGlobalSafeHandle.Construct());
if (0 != status)
{
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
}
finally
{
if (null != pInData)
{
pInData.Dispose();
}
}
}
//
// Cache the current block.
//
if (null != m_cachedBlock)
{
Array.Clear(m_cachedBlock, 0, m_cachedBlock.Length);
}
m_cachedBlock = DiagnosticUtility.Utility.AllocateByteArray(cbSize);
Array.Copy(array, ibStart, m_cachedBlock, 0, cbSize);
return;
}
//
// Summary:
// Returns the size of the initialization vector for the underlying crypto algorithm.
//
public override int GetIVSize(string algorithmUri)
{
int size;
switch (algorithmUri)
{
case SecurityAlgorithms.Aes128Encryption:
RpcSymmetricCryptoParameters param = (RpcSymmetricCryptoParameters)m_cryptoHandle.Parameters;
size = param.blockSize;
break;
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
return(size);
}
//
// Summary:
// Returns an ICryptoTransform based on the algorithm and initialization vector passed in and the underlying
// CryptoHandle.
//
// Parameters:
// algorithmUri - The algorithm that the transform you implement.
// iv - The initialization vector to use in the transform
//
public override ICryptoTransform GetEncryptionTransform(string algorithmUri, byte[] iv)
{
ICryptoTransform transform;
switch (algorithmUri)
{
case SecurityAlgorithms.Aes128Encryption:
using (InfoCardSymmetricAlgorithm symAlgo = new InfoCardSymmetricAlgorithm(m_cryptoHandle))
{
symAlgo.IV = iv;
transform = symAlgo.CreateEncryptor();
}
break;
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
return(transform);
}
//
// Summary:
// Encrypts a symmetric key using the public key of a public/private key pair.
//
// Parameters:
// algorithmUri - The algorithm to use to encrypt the key.
// keyData - the key to encrypt.
//
public override byte[] EncryptKey(string algorithmUri, byte[] keyData)
{
AsymmetricKeyExchangeFormatter formatter;
switch (algorithmUri)
{
case EncryptedXml.XmlEncRSA15Url:
formatter = new InfoCardRSAPKCS1KeyExchangeFormatter(m_rsa);
return(formatter.CreateKeyExchange(keyData));
case EncryptedXml.XmlEncRSAOAEPUrl:
formatter = new InfoCardRSAOAEPKeyExchangeFormatter(m_rsa);
return(formatter.CreateKeyExchange(keyData));
default:
throw IDT.ThrowHelperError(new NotSupportedException(SR.GetString(SR.ClientUnsupportedCryptoAlgorithm, algorithmUri)));
}
}
public byte[] SignHash(byte[] hash, string hashAlgOid)
{
IDT.ThrowInvalidArgumentConditional(null == hash || 0 == hash.Length, "hash");
IDT.ThrowInvalidArgumentConditional(String.IsNullOrEmpty(hashAlgOid), "hashAlgOid");
int cbSig = 0;
GlobalAllocSafeHandle pSig = null;
byte[] sig;
using (HGlobalSafeHandle pHash = HGlobalSafeHandle.Construct(hash.Length))
{
using (HGlobalSafeHandle pHashAlgOid = HGlobalSafeHandle.Construct(hashAlgOid))
{
Marshal.Copy(hash, 0, pHash.DangerousGetHandle(), hash.Length);
RuntimeHelpers.PrepareConstrainedRegions();
int status = CardSpaceSelector.GetShim().m_csShimSignHash(m_cryptoHandle.InternalHandle,
hash.Length,
pHash,
pHashAlgOid,
out cbSig,
out pSig);
if (0 != status)
{
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
pSig.Length = cbSig;
sig = DiagnosticUtility.Utility.AllocateByteArray(pSig.Length);
using (pSig)
{
Marshal.Copy(pSig.DangerousGetHandle(), sig, 0, pSig.Length);
}
}
}
return(sig);
}
//
// Parameters:
// symAlgo - the algorithm being requested.
// cryptoDirection - determines whether the transform will encrypt or decrypt.
//
public CryptoTransform(InfoCardSymmetricAlgorithm symAlgo, Direction cryptoDirection)
{
InternalRefCountedHandle nativeHandle = null;
byte[] iv = symAlgo.IV;
using (HGlobalSafeHandle pIV = HGlobalSafeHandle.Construct(iv.Length))
{
//
// Marshal the initialization vector.
//
Marshal.Copy(iv, 0, pIV.DangerousGetHandle(), iv.Length);
//
// Call native method to get a handle to a native transform.
//
int status = CardSpaceSelector.GetShim().m_csShimGetCryptoTransform(symAlgo.m_cryptoHandle.InternalHandle,
(int)symAlgo.Mode,
(int)symAlgo.Padding,
symAlgo.FeedbackSize,
(int)cryptoDirection,
iv.Length,
pIV,
out nativeHandle);
if (0 != status)
{
IDT.CloseInvalidOutSafeHandle(nativeHandle);
ExceptionHelper.ThrowIfCardSpaceException(status);
throw IDT.ThrowHelperError(new Win32Exception(status));
}
m_transCryptoHandle = (TransformCryptoHandle)CryptoHandle.Create(nativeHandle);
m_param = (RpcTransformCryptoParameters)m_transCryptoHandle.Parameters;
}
}
public static Win32Exception ThrowWin32ExceptionWithContext(Win32Exception wex, string context)
{
throw IDT.ThrowHelperError(new Win32Exception(
wex.NativeErrorCode,
SR.GetString(SR.ClientAPIDetailedExceptionMessage, wex.Message, context)));
}
public override string ToXmlString(bool includePrivateParameters)
{
throw IDT.ThrowHelperError(new NotSupportedException());
}
public override void FromXmlString(string xmlString)
{
throw IDT.ThrowHelperError(new NotSupportedException());
}
public override void ImportParameters(System.Security.Cryptography.RSAParameters parameters)
{
throw IDT.ThrowHelperError(new NotSupportedException());
}
public override byte[] DecryptValue(byte[] rgb)
{
throw IDT.ThrowHelperError(new NotSupportedException());
}
public override void GenerateKey()
{
throw IDT.ThrowHelperError(new NotImplementedException());
}
//
// We don't allow specifying a key so this is not supported.
//
public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)
{
throw IDT.ThrowHelperError(new NotImplementedException());
}
public override byte[] GetSymmetricKey()
{
throw IDT.ThrowHelperError(new NotImplementedException());
}
public override byte[] EncryptKey(string algorithmUri, byte[] keyData)
{
throw IDT.ThrowHelperError(new NotImplementedException());
}