public static StatusCode UnsecureSymmetric(MemoryBuffer recvBuf, uint tokenID, uint?prevTokenID, int messageEncodedBlockStart, SLChannel.Keyset localKeyset, SLChannel.Keyset[] remoteKeysets, SecurityPolicy policy, MessageSecurityMode securityMode, out int decrSize)
{
decrSize = -1;
int restorePos = recvBuf.Position;
byte type = 0;
uint messageSize = 0;
UInt32 secureChannelId, securityTokenId, securitySeqNum, securityReqId;
if (!recvBuf.Decode(out type))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out messageSize))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out secureChannelId))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out securityTokenId))
{
return(StatusCode.BadDecodingError);
}
int keysetIdx = -1;
if (tokenID == securityTokenId)
{
keysetIdx = 0;
}
else if (prevTokenID.HasValue && prevTokenID.Value == securityTokenId)
{
keysetIdx = 1;
}
else
{
return(StatusCode.BadSecureChannelTokenUnknown);
}
//UInt32 respDecodeSize = messageSize;
if (securityMode == MessageSecurityMode.SignAndEncrypt)
{
try
{
decrSize = UASecurity.RijndaelDecryptInplace(
new ArraySegment <byte>(recvBuf.Buffer, messageEncodedBlockStart, (int)messageSize - messageEncodedBlockStart),
remoteKeysets[keysetIdx].SymEncKey, remoteKeysets[keysetIdx].SymIV) + messageEncodedBlockStart;
//respDecodeSize = (UInt32)(messageEncodedBlockStart + decrSize);
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
if (securityMode >= MessageSecurityMode.Sign)
{
try
{
int sigSize = SignatureSizeForSecurityPolicy(policy);
var sigData = new ArraySegment <byte>(recvBuf.Buffer, 0, (int)messageSize - sigSize);
var sig = new ArraySegment <byte>(recvBuf.Buffer, (int)messageSize - sigSize, sigSize).ToArray();
var sigExpect = UASecurity.SymmetricSign(remoteKeysets[keysetIdx].SymSignKey, sigData, policy);
if (sig.Length != sigExpect.Length)
{
return(StatusCode.BadSecurityChecksFailed);
}
for (int i = 0; i < sig.Length; i++)
{
if (sig[i] != sigExpect[i])
{
return(StatusCode.BadSecurityChecksFailed);
}
}
byte padValue = (byte)(recvBuf.Buffer[messageSize - sigSize - 1] + 1);
if (decrSize > 0)
{
decrSize -= sigSize;
decrSize -= (int)padValue;
if (decrSize <= 0)
{
return(StatusCode.BadSecurityChecksFailed);
}
}
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
if (!recvBuf.Decode(out securitySeqNum))
{
return(StatusCode.BadDecodingError);
}
if (!recvBuf.Decode(out securityReqId))
{
return(StatusCode.BadDecodingError);
}
recvBuf.Position = restorePos;
return(StatusCode.Good);
}
public static StatusCode UnsecureSymmetric(
MemoryBuffer recvBuf,
uint tokenID,
uint?prevTokenID,
int messageEncodedBlockStart,
SLChannel.Keyset localKeyset,
SLChannel.Keyset[] remoteKeysets,
SecurityPolicy policy,
MessageSecurityMode securityMode,
out int decrSize)
{
decrSize = -1;
int position = recvBuf.Position;
if (!recvBuf.Decode(out byte v1) || !recvBuf.Decode(out uint v2) || (!recvBuf.Decode(out uint _) || !recvBuf.Decode(out uint v3)))
{
return(StatusCode.BadDecodingError);
}
int index1;
if ((int)tokenID == (int)v3)
{
index1 = 0;
}
else
{
if (!prevTokenID.HasValue || (int)prevTokenID.Value != (int)v3)
{
return(StatusCode.BadSecureChannelTokenUnknown);
}
index1 = 1;
}
if (securityMode == MessageSecurityMode.SignAndEncrypt)
{
try
{
decrSize = UASecurity.RijndaelDecryptInplace(new ArraySegment <byte>(recvBuf.Buffer, messageEncodedBlockStart, (int)v2 - messageEncodedBlockStart), remoteKeysets[index1].SymEncKey, remoteKeysets[index1].SymIV) + messageEncodedBlockStart;
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
else
{
decrSize = (int)v2;
}
if (securityMode >= MessageSecurityMode.Sign)
{
try
{
int count = UASecurity.SignatureSizeForSecurityPolicy(policy);
ArraySegment <byte> data = new ArraySegment <byte>(recvBuf.Buffer, 0, (int)v2 - count);
byte[] array = new ArraySegment <byte>(recvBuf.Buffer, (int)v2 - count, count).ToArray();
byte[] numArray = UASecurity.SymmetricSign(remoteKeysets[index1].SymSignKey, data, policy);
if (array.Length != numArray.Length)
{
return(StatusCode.BadSecurityChecksFailed);
}
for (int index2 = 0; index2 < array.Length; ++index2)
{
if (array[index2] != numArray[index2])
{
return(StatusCode.BadSecurityChecksFailed);
}
}
byte num = securityMode == MessageSecurityMode.SignAndEncrypt ? (byte)(recvBuf.Buffer[v2 - count - 1L] + 1U) : (byte)0;
if (decrSize > 0)
{
decrSize -= count;
decrSize -= num;
if (decrSize <= 0)
{
return(StatusCode.BadSecurityChecksFailed);
}
}
}
catch
{
return(StatusCode.BadSecurityChecksFailed);
}
}
if (!recvBuf.Decode(out uint _) || !recvBuf.Decode(out uint _))
{
return(StatusCode.BadDecodingError);
}
recvBuf.Position = position;
return(StatusCode.Good);
}
