[ExpectedException(typeof(InvalidOperationException))] // not ArgumentNullException?
public void GenerateDerivedKeyUnsupportedAlgorithm()
{
Key key = new Key(raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey("urn:my-own-way", wssc_label, nonce, key.KeySize, 0);
}
[ExpectedException(typeof(InvalidOperationException))] // not ArgumentNullException?
public void GenerateDerivedKeyNullAlgorithm()
{
Key key = new Key(raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey(null, wssc_label, nonce, key.KeySize, 0);
}
public void GenerateDerivedKeyUnusualOffset()
{
Key key = new Key(raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey(
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, nonce, 5, 0);
}
public void GenerateDerivedKeyNegativeLength()
{
Key key = new Key(raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey(
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, nonce, -32, 0);
}
public void GenerateDerivedKeyNullNonce()
{
Key key = new Key(raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey(
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, null, key.KeySize, 0);
}
public void GenerateDerivedKey()
{
Key key = new Key(raw);
byte [] nonce = new byte [256];
byte [] derived = key.GenerateDerivedKey(
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, nonce, key.KeySize, 0);
Assert.IsTrue(Convert.ToBase64String(derived) != Convert.ToBase64String(raw), "#4");
// the precomputed derivation value.
byte [] expected = Convert.FromBase64String("50UfLeg58TbfADujVeafUAS8typGX9LvqLOXezK/eJY=");
Assert.AreEqual(Convert.ToBase64String(expected), Convert.ToBase64String(derived), "#5");
}
public void GenerateDerivedKeyUnusualOffset ()
{
Key key = new Key (raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey (
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, nonce, 5, 0);
}
XmlElement VerifyInput2 (MessageBuffer buf)
{
Message msg2 = buf.CreateMessage ();
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter w = XmlDictionaryWriter.CreateDictionaryWriter (XmlWriter.Create (sw))) {
msg2.WriteMessage (w);
}
XmlDocument doc = new XmlDocument ();
doc.PreserveWhitespace = true;
doc.LoadXml (sw.ToString ());
// decrypt the key with service certificate privkey
PaddingMode mode = PaddingMode.PKCS7; // not sure which is correct ... ANSIX923, ISO10126, PKCS7, Zeros, None.
EncryptedXml encXml = new EncryptedXml (doc);
encXml.Padding = mode;
X509Certificate2 cert2 = new X509Certificate2 ("Test/Resources/test.pfx", "mono");
XmlNamespaceManager nsmgr = new XmlNamespaceManager (doc.NameTable);
nsmgr.AddNamespace ("s", "http://www.w3.org/2003/05/soap-envelope");
nsmgr.AddNamespace ("c", "http://schemas.xmlsoap.org/ws/2005/02/sc");
nsmgr.AddNamespace ("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
nsmgr.AddNamespace ("e", "http://www.w3.org/2001/04/xmlenc#");
nsmgr.AddNamespace ("dsig", "http://www.w3.org/2000/09/xmldsig#");
XmlNode n = doc.SelectSingleNode ("//o:Security/e:EncryptedKey/e:CipherData/e:CipherValue", nsmgr);
Assert.IsNotNull (n, "premise: enckey does not exist");
string raw = n.InnerText;
byte [] rawbytes = Convert.FromBase64String (raw);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) cert2.PrivateKey;
byte [] decryptedKey = EncryptedXml.DecryptKey (rawbytes, rsa, true);//rsa.Decrypt (rawbytes, true);
#if false
// create derived keys
Dictionary<string,byte[]> keys = new Dictionary<string,byte[]> ();
InMemorySymmetricSecurityKey skey =
new InMemorySymmetricSecurityKey (decryptedKey);
foreach (XmlElement el in doc.SelectNodes ("//o:Security/c:DerivedKeyToken", nsmgr)) {
n = el.SelectSingleNode ("c:Offset", nsmgr);
int offset = (n == null) ? 0 :
int.Parse (n.InnerText, CultureInfo.InvariantCulture);
n = el.SelectSingleNode ("c:Length", nsmgr);
int length = (n == null) ? 32 :
int.Parse (n.InnerText, CultureInfo.InvariantCulture);
n = el.SelectSingleNode ("c:Label", nsmgr);
byte [] label = (n == null) ? decryptedKey :
Convert.FromBase64String (n.InnerText);
n = el.SelectSingleNode ("c:Nonce", nsmgr);
byte [] nonce = (n == null) ? new byte [0] :
Convert.FromBase64String (n.InnerText);
byte [] derkey = skey.GenerateDerivedKey (
//SecurityAlgorithms.Psha1KeyDerivation,
"http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1",
// FIXME: maybe due to the label, this key resolution somehow does not seem to work.
label,
nonce,
length * 8,
offset);
keys [el.GetAttribute ("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")] = derkey;
}
#endif
// decrypt the signature with the decrypted key
#if true
n = doc.SelectSingleNode ("//o:Security/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr);
Assert.IsNotNull (n, "premise: encdata does not exist");
raw = n.InnerText;
rawbytes = Convert.FromBase64String (raw);
Rijndael aes = RijndaelManaged.Create ();
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
aes.Mode = CipherMode.CBC;
aes.Padding = mode;
MemoryStream ms = new MemoryStream ();
CryptoStream cs = new CryptoStream (ms, aes.CreateDecryptor (), CryptoStreamMode.Write);
cs.Write (rawbytes, 0, rawbytes.Length);
cs.Close ();
byte [] decryptedSignature = ms.ToArray ();
#else
Rijndael aes = RijndaelManaged.Create ();
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
aes.Mode = CipherMode.CBC;
aes.Padding = mode;
EncryptedData ed = new EncryptedData ();
n = doc.SelectSingleNode ("//o:Security/e:EncryptedData", nsmgr);
Assert.IsNotNull (n, "premise: encdata does not exist");
ed.LoadXml (n as XmlElement);
byte [] decryptedSignature = encXml.DecryptData (ed, aes);
#endif
//Console.Error.WriteLine (Encoding.UTF8.GetString (decryptedSignature));
//Console.Error.WriteLine ("============= Decrypted Signature End ===========");
// decrypt the body with the decrypted key
#if true
n = doc.SelectSingleNode ("//s:Body/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr);
Assert.IsNotNull (n, "premise: encdata does not exist");
raw = n.InnerText;
rawbytes = Convert.FromBase64String (raw);
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
ms = new MemoryStream ();
cs = new CryptoStream (ms, aes.CreateDecryptor (), CryptoStreamMode.Write);
cs.Write (rawbytes, 0, rawbytes.Length);
cs.Close ();
byte [] decryptedBody = ms.ToArray ();
#else
// decrypt the body with the decrypted key
EncryptedData ed2 = new EncryptedData ();
XmlElement el = doc.SelectSingleNode ("/s:Envelope/s:Body/e:EncryptedData", nsmgr) as XmlElement;
ed2.LoadXml (el);
// aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
aes.Key = decryptedKey;
byte [] decryptedBody = encXml.DecryptData (ed2, aes);
#endif
//foreach (byte b in decryptedBody) Console.Error.Write ("{0:X02} ", b);
Console.Error.WriteLine (Encoding.UTF8.GetString (decryptedBody));
Console.Error.WriteLine ("============= Decrypted Body End ===========");
// FIXME: find out what first 16 bytes mean.
for (int mmm = 0; mmm < 16; mmm++) decryptedBody [mmm] = 0x20;
doc.LoadXml (Encoding.UTF8.GetString (decryptedBody));
Assert.AreEqual ("RequestSecurityToken", doc.DocumentElement.LocalName, "#b-1");
Assert.AreEqual ("http://schemas.xmlsoap.org/ws/2005/02/trust", doc.DocumentElement.NamespaceURI, "#b-2");
return doc.DocumentElement;
}
public void GenerateDerivedKeyNegativeLength ()
{
Key key = new Key (raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey (
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, nonce, -32, 0);
}
public void GenerateDerivedKeyNullNonce ()
{
Key key = new Key (raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey (
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, null, key.KeySize, 0);
}
[ExpectedException (typeof (InvalidOperationException))] // not ArgumentNullException?
public void GenerateDerivedKeyUnsupportedAlgorithm ()
{
Key key = new Key (raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey ("urn:my-own-way", wssc_label, nonce, key.KeySize, 0);
}
[ExpectedException (typeof (InvalidOperationException))] // not ArgumentNullException?
public void GenerateDerivedKeyNullAlgorithm ()
{
Key key = new Key (raw);
byte [] nonce = new byte [256];
key.GenerateDerivedKey (null, wssc_label, nonce, key.KeySize, 0);
}
public void GenerateDerivedKey ()
{
Key key = new Key (raw);
byte [] nonce = new byte [256];
byte [] derived = key.GenerateDerivedKey (
SecurityAlgorithms.Psha1KeyDerivation,
wssc_label, nonce, key.KeySize, 0);
Assert.IsTrue (Convert.ToBase64String (derived) != Convert.ToBase64String (raw), "#4");
// the precomputed derivation value.
byte [] expected = Convert.FromBase64String ("50UfLeg58TbfADujVeafUAS8typGX9LvqLOXezK/eJY=");
Assert.AreEqual (Convert.ToBase64String (expected), Convert.ToBase64String (derived), "#5");
}
