///<summary>
///</summary>
///<param name="type"></param>
///<returns></returns>
///<exception cref="NotSupportedException"></exception>
public static SASLProcessor CreateProcessor(MechanismType type)
{
if ((type & MechanismType.External & UbietySettings.AuthenticationTypes) == MechanismType.External)
{
Logger.Debug(typeof(SASLProcessor), "External Not Supported");
throw new NotSupportedException();
}
if ((type & MechanismType.SCRAM & UbietySettings.AuthenticationTypes) == MechanismType.SCRAM)
{
Logger.Debug(typeof(SASLProcessor), "Creating SCRAM-SHA-1 Processor");
return(new SCRAMProcessor());
}
if ((type & MechanismType.DigestMD5 & UbietySettings.AuthenticationTypes) == MechanismType.DigestMD5)
{
Logger.Debug(typeof(SASLProcessor), "Creating DIGEST-MD5 Processor");
return(new MD5Processor());
}
if ((type & MechanismType.Plain & UbietySettings.AuthenticationTypes) == MechanismType.Plain)
{
Logger.Debug(typeof(SASLProcessor), "Creating PLAIN SASL processor");
return(new PlainProcessor());
}
return(null);
}
///<summary>
///</summary>
///<param name="type"></param>
///<returns></returns>
///<exception cref="NotSupportedException"></exception>
public static SASLProcessor CreateProcessor(MechanismType type)
{
if ((type & MechanismType.External & UbietySettings.AuthenticationTypes) == MechanismType.External)
{
Logger.Debug(typeof(SASLProcessor), "External Not Supported");
throw new NotSupportedException();
}
if ((type & MechanismType.SCRAM & UbietySettings.AuthenticationTypes) == MechanismType.SCRAM)
{
Logger.Debug(typeof(SASLProcessor), "Creating SCRAM-SHA-1 Processor");
return new SCRAMProcessor();
}
if ((type & MechanismType.DigestMD5 & UbietySettings.AuthenticationTypes) == MechanismType.DigestMD5)
{
Logger.Debug(typeof(SASLProcessor), "Creating DIGEST-MD5 Processor");
return new MD5Processor();
}
if ((type & MechanismType.Plain & UbietySettings.AuthenticationTypes) == MechanismType.Plain)
{
Logger.Debug(typeof(SASLProcessor), "Creating PLAIN SASL processor");
return new PlainProcessor();
}
return null;
}
/// <summary>
/// </summary>
/// <param name="type"></param>
/// <returns></returns>
public static string GetMechanism(MechanismType type)
{
switch (type)
{
case MechanismType.Plain:
return("PLAIN");
case MechanismType.External:
return("EXTERNAL");
case MechanismType.DigestMd5:
return("DIGEST-MD5");
case MechanismType.Scram:
return("SCRAM-SHA-1");
case MechanismType.None:
return("");
case MechanismType.Default:
return("");
default:
return("");
}
}
/// <summary>
/// Create a new SASLProcessor, of the best type possible
/// </summary>
/// <param name="mt">The types the server implements</param>
/// <param name="plaintextOK">Is it ok to select insecure types?</param>
/// <param name="mechs">The mechanisms supported by the server</param>
/// <returns></returns>
public static SASLProcessor createProcessor(MechanismType mt, bool plaintextOK, Mechanisms mechs, bool useAnonymous)
{
//FF
if (useAnonymous && (mt & MechanismType.ANONYMOUS) == MechanismType.ANONYMOUS)
{
return(new AnonymousProcessor());
}
if ((mt & MechanismType.EXTERNAL) == MechanismType.EXTERNAL)
{
return(new ExternalProcessor());
}
if ((mt & MechanismType.GSSAPI) == MechanismType.GSSAPI)
{
string RemotePrincipal = "";
foreach (Mechanism mechanism in mechs.GetMechanisms())
{
if (mechanism.MechanismName == "GSSAPI")
{
RemotePrincipal = mechanism.GetAttribute("kerb:principal");
break;
}
}
return(new KerbProcessor(RemotePrincipal));
}
if ((mt & MechanismType.DIGEST_MD5) == MechanismType.DIGEST_MD5)
{
return(new MD5Processor());
}
else if (plaintextOK && ((mt & MechanismType.PLAIN) == MechanismType.PLAIN))
{
return(new PlainProcessor());
}
return(null);
}
private void Init()
{
m_keyAlgorithmOid = CryptoKey.KeyType.VENDOR_DEFINED;
m_signatureAlgorithmOid = MechanismType.VENDOR_DEFINED;
base.m_handle = m_cert.Handle;
base.m_sessionHandle = m_cert.Session.Handle;
}
private void Init()
{
m_keyAlgorithmOid = CryptoKey.KeyType.VENDOR_DEFINED;
m_signatureAlgorithmOid = MechanismType.VENDOR_DEFINED;
base.m_handle = m_cert.Handle;
base.m_sessionHandle = m_cert.Session.Handle;
}
// public Mechanism InstantiateMechanism(MechanismType cellMechanismType)
// {
// Mechanism toReturn = ObjectPoolManager.GetObject(cellMechanismPrefabs[cellMechanismType]);
// if (toReturn is PartGenerator)
// {
// (toReturn as PartGenerator).toGenerateConstruction = Construction.CreateSimpleConstruction(PartType.Standard6Sided); // if it is a generator, we give it a default thing to generate
// }
//
// return toReturn;
// }
public void CreateMechanismForDragging(MechanismType cellMechanismType)
{
if (cellMechanismType == MechanismType.None)
{
return;
}
Mechanism unplacedMechanism;
switch (cellMechanismType)
{
case MechanismType.Generator:
unplacedMechanism = ObjectPoolManager.GetObject <PartGenerator>(GameSettings.instance.partGeneratorPrefab);
break;
case MechanismType.Grabber:
unplacedMechanism = ObjectPoolManager.GetObject <Grabber>(GameSettings.instance.grabberPrefab);
break;
case MechanismType.WeldingRig:
unplacedMechanism = ObjectPoolManager.GetObject <WeldingRig>(GameSettings.instance.weldingRigPrefab);
break;
default:
unplacedMechanism = null;
Debug.LogError("Trying to instansiate a non mechanism");
break;
}
// Mechanism unplacedMechanism = InstantiateMechanism(cellMechanismType);
InputManager.instance.StartDraggingUnplaced(unplacedMechanism);
}
private static bool TestSignDataBuffer(Session session)
{
bool passed = true;
byte[] data = new byte[10000];
for (int i = 0; i < data.Length; i++)
{
data[i] = (byte)(i % 256);
}
MechanismType[] hashAlgorithms = new MechanismType[]
{
// MechanismType.MD5, - currently not supported in OpenSSL for ECDSA
MechanismType.SHA_1,
MechanismType.SHA256,
MechanismType.SHA384,
MechanismType.SHA512,
};
int[] keySizes = new int[] { 256, 384, 521 };
foreach (int keySize in keySizes)
{
WriteLine("Using key size " + keySize);
foreach (MechanismType hashAlgorithm in hashAlgorithms)
{
WriteLine("Using hash algorithm " + hashAlgorithm.ToString());
using (ECDsaCryptoServiceProvider sign = new ECDsaCryptoServiceProvider(session, keySize))
using (ECDsaCryptoServiceProvider verify = new ECDsaCryptoServiceProvider(sign.KeyPair))
{
sign.HashAlgorithm = hashAlgorithm;
verify.HashAlgorithm = hashAlgorithm;
try
{
byte[] signature = sign.SignData(data);
bool verified = verify.VerifyData(data, signature);
if (!verified)
{
WriteLine("Did not verify");
}
passed &= verified;
}
catch
{
passed = false;
}
}
}
}
return(passed);
}
public bool SupportsMechanism(MechanismType type)
{
foreach( Mechanism m in GetMechanisms())
{
if (m.MechanismType == type)
return true;
}
return false;
}
public ISaslMechanism Create(MechanismType mechanismType, string username, string password)
{
return(mechanismType switch
{
MechanismType.ScramSha1 => (ISaslMechanism) new ScramShaMechanism(_transcoder, mechanismType, password,
username, _scramLogger),
MechanismType.Plain => new PlainSaslMechanism(username, password, _plainLogger),
_ => throw new ArgumentOutOfRangeException(nameof(mechanismType))
});
public ScramShaMechanism(ITypeTranscoder transcoder, MechanismType mechanismType, string password, string username, ILogger <ScramShaMechanism> logger)
{
Transcoder = transcoder ?? throw new ArgumentNullException(nameof(transcoder));
MechanismType = mechanismType;
_username = username ?? throw new ArgumentNullException(nameof(username));
_password = password ?? throw new ArgumentNullException(nameof(password));
Logger = logger ?? throw new ArgumentNullException(nameof(logger));
ClientNonce = GenerateClientNonce();
}
/// <summary>
/// Gets the given mechanism.
/// </summary>
/// <param name="type">The mechanism type.</param>
/// <returns></returns>
public Mechanism GetMechanism(MechanismType type)
{
foreach (Mechanism m in GetMechanisms())
{
if (m.MechanismType == type)
return m;
}
return null;
}
private static bool TestKeyExchangeHash()
{
bool passed = true;
int[] keySizes = new int[] { 256, 384, 521 };
MechanismType[] hashAlgorithms = new MechanismType[]
{
MechanismType.MD5,
MechanismType.SHA_1,
MechanismType.SHA256,
MechanismType.SHA384,
MechanismType.SHA512
};
foreach (int keySize in keySizes)
{
WriteLine(" Using key size " + keySize);
foreach (MechanismType hashAlgorithm in hashAlgorithms)
{
WriteLine(" Hash algorithm " + hashAlgorithm.ToString());
using (ECDiffieHellmanCryptoServiceProvider dh = new ECDiffieHellmanCryptoServiceProvider())
using (ECDiffieHellmanCryptoServiceProvider dh2 = new ECDiffieHellmanCryptoServiceProvider())
{
dh.KeySize = keySize;
dh2.KeySize = keySize;
dh.HashAlgorithm = hashAlgorithm;
dh2.HashAlgorithm = hashAlgorithm;
CryptoKey k1 = dh.DeriveKeyMaterial(dh2.PublicKey);
CryptoKey k2 = dh2.DeriveKeyMaterial(dh.PublicKey);
byte[] key1 = k1.ExportKey(true);
byte[] key2 = k2.ExportKey(true);
WriteLine(" " + key1.Length * 8 + " bit key generated");
if (key1 == null || key2 == null)
{
WriteLine("Fail -- null key");
passed = false;
}
if (!CompareBytes(key1, key2))
{
WriteLine("Fail");
passed = false;
}
}
}
}
return(passed);
}
private string GetMechString(MechanismType mechType)
{
string str = (string)s_MechLookup[mechType];
if (str == null)
{
str = "UNKNOWN";
}
return(str);
}
public bool SupportsMechanism(MechanismType type)
{
foreach (Mechanism m in GetMechanisms())
{
if (m.MechanismType == type)
{
return(true);
}
}
return(false);
}
/// <summary>
/// Gets the given mechanism.
/// </summary>
/// <param name="type">The mechanism type.</param>
/// <returns></returns>
public Mechanism GetMechanism(MechanismType type)
{
foreach (Mechanism m in GetMechanisms())
{
if (m.MechanismType == type)
{
return(m);
}
}
return(null);
}
public override async Task AuthenticateAsync(IConnection connection, CancellationToken cancellationToken = default)
{
using var op = new SaslStart
{
Key = MechanismType.GetDescription(),
Content = GetAuthData(_username, _password),
Opaque = SequenceGenerator.GetNext(),
Transcoder = new LegacyTranscoder()
};
await SendAsync(op, connection, cancellationToken);
}
public override async Task AuthenticateAsync(IConnection connection, CancellationToken cancellationToken = default)
{
using var rootSpan = Tracer.RootSpan(CouchbaseTags.Service, OperationNames.AuthenticatePlain);
using var op = new SaslStart
{
Key = MechanismType.GetDescription(),
Content = GetAuthData(_username, _password),
Opaque = SequenceGenerator.GetNext(),
Span = rootSpan,
};
OperationConfigurator.Configure(op, SaslOptions.Instance);
await SendAsync(op, connection, cancellationToken).ConfigureAwait(false);
}
public void Create_GivenType_ExpectedType(MechanismType mechanismType, Type expectedType)
{
var username = "******";
var password = "******";
var saslMechanismFactory = new SaslMechanismFactory(
new Mock <ILogger <PlainSaslMechanism> >().Object,
new Mock <ILogger <ScramShaMechanism> >().Object);
var result = saslMechanismFactory.Create(mechanismType, username, password);
Assert.IsAssignableFrom(expectedType, result);
}
public void Create_UnsupportedType_ArgumentOutOfRangeException(MechanismType mechanismType)
{
var username = "******";
var password = "******";
var saslMechanismFactory = new SaslMechanismFactory(
new Mock <ILogger <PlainSaslMechanism> >().Object,
new Mock <ILogger <ScramShaMechanism> >().Object);
var ex = Assert.Throws <ArgumentOutOfRangeException>(() =>
saslMechanismFactory.Create(mechanismType, username, password));
Assert.Equal("mechanismType", ex.ParamName);
}
public void Create_GivenType_ExpectedType(MechanismType mechanismType, Type expectedType)
{
var username = "******";
var password = "******";
var saslMechanismFactory = new SaslMechanismFactory(
new Mock <ILogger <PlainSaslMechanism> >().Object,
new Mock <ILogger <ScramShaMechanism> >().Object, NullRequestTracer.Instance,
Mock.Of <IOperationConfigurator>());
var result = saslMechanismFactory.Create(mechanismType, username, password);
Assert.IsAssignableFrom(expectedType, result);
}
public ScramShaMechanism(MechanismType mechanismType,
string password,
string username,
ILogger <ScramShaMechanism> logger,
IRequestTracer tracer,
IOperationConfigurator operationConfigurator)
: base(tracer, operationConfigurator)
{
MechanismType = mechanismType;
_username = username ?? throw new ArgumentNullException(nameof(username));
_password = password ?? throw new ArgumentNullException(nameof(password));
Logger = logger ?? throw new ArgumentNullException(nameof(logger));
ClientNonce = GenerateClientNonce();
}
public IEnumerable <IEncodable> Encode()
{
Dictionary <MechanismType, List <IEncodable> > immovableParts = new Dictionary <MechanismType, List <IEncodable> >();
MechanismType [] mechanismTypes = new MechanismType [] { MechanismType.Generator, MechanismType.Grabber, MechanismType.WeldingRig };
foreach (MechanismType type in mechanismTypes)
{
immovableParts[type] = new List <IEncodable>();
}
List <IEncodable> generators = new List <IEncodable>();
foreach (HexCell hc in GridManager.instance.GetAllCells())
{
// PartGenerator generator = hc.placedMechanism as PartGenerator;
//
// if (generator != null)
// {
// generators.Add (generator);
// }
Mechanism movableMechanism = hc.placedMechanism;
if (movableMechanism != null && !movableMechanism.isSolutionMechanism)
{
immovableParts[movableMechanism.MechanismType].Add(movableMechanism);
}
}
foreach (MechanismType type in mechanismTypes)
{
yield return((EncodableInt)immovableParts[type].Count);
foreach (IEncodable immoveablePart in immovableParts[type])
{
yield return(immoveablePart);
}
}
yield return((EncodableInt)10); // target # 1
yield return((EncodableInt)0); // target # 2
yield return(GridManager.instance.target); // target 1
yield return((EncodableInt)0); // target 2
yield return((EncodableInt)GridManager.instance.LevelOptions);
}
public Mechanism GetMechanism(MechanismType type)
{
switch (type)
{
case MechanismType.Generator:
return(partGeneratorPrefab);
case MechanismType.Grabber:
return(grabberPrefab);
case MechanismType.WeldingRig:
return(weldingRigPrefab);
}
return(null);
}
public override async Task AuthenticateAsync(IConnection connection, CancellationToken cancellationToken = default)
{
using var rootSpan = Tracer.RequestSpan(OuterRequestSpans.Attributes.Service, OuterRequestSpans.ServiceSpan.Internal.AuthenticatePlain);
using var op = new SaslStart
{
Key = MechanismType.GetDescription() !,
Content = GetAuthData(_username, _password),
Opaque = SequenceGenerator.GetNext(),
Span = rootSpan,
Timeout = Timeout
};
OperationConfigurator.Configure(op, SaslOptions.Instance);
using var ctp = CancellationTokenPairSource.FromTimeout(Timeout, cancellationToken);
await SendAsync(op, connection, cancellationToken).ConfigureAwait(false);
}
/// <summary>
/// Creates a remote connection.
/// </summary>
/// <param name="user">
/// The User Id used to auhenticate the connection and set the default schema.
/// </param>
/// <param name="password">The authentication password.</param>
/// <param name="host">The host name or IP address.</param>
/// <param name="port">The service port number on the host.</param>
/// <param name="service">The service name available through the listener on the host.</param>
public DatabaseConnection(
string user, string password,
string host, int port, string service)
{
mechanism = MechanismType.Remote;
this.user = user;
this.password = password;
this.host = host;
this.port = port;
this.service = service;
this.schema = null;
this.connectionString = null;
this.oraRefCount = 0;
this.version = null;
this.oracon = null;
}
/// <summary>
/// Generates a signature for the specified hash value.
/// </summary>
/// <param name="hash">The hash value of the data to be signed.</param>
/// <param name="hashAlgorithm">The hash algorithm used to create the hash value of the data.</param>
/// <returns>A digital signature for the specified hash value.</returns>
public byte[] SignHash(byte[] hash, MechanismType hashAlgorithm)
{
if (hash == null)
{
throw new ArgumentNullException();
}
byte[] sig = null;
m_signMech.Parameter = Utility.ConvertToBytes((int)(hashAlgorithm | MechanismType.SIGN_NO_NODIGEST_FLAG));
using (CryptokiSign sign = new CryptokiSign(m_session, m_signMech, KeyPair))
{
sig = sign.Sign(hash, 0, hash.Length);
}
return(sig);
}
/// <summary>
/// Verifies that a digital signature is valid by determining the hash value in the signature using the provided public key and comparing it to the provided hash value.
/// </summary>
/// <param name="rgbHash">The hash value of the signed data.</param>
/// <param name="algorithm">The hash algorithm used to create the hash value of the data.</param>
/// <param name="rgbSignature">The signature data to be verified.</param>
/// <returns>true if the signature is valid; otherwise, false.</returns>
public bool VerifyHash(byte[] rgbHash, MechanismType algorithm, byte[] rgbSignature)
{
if (rgbHash == null || rgbSignature == null)
{
throw new ArgumentNullException();
}
bool isValid = false;
m_signHashMech.Parameter = Utility.ConvertToBytes(((int)(algorithm | MechanismType.SIGN_NO_NODIGEST_FLAG)));
using (CryptokiVerify ver = new CryptokiVerify(m_session, m_signHashMech, KeyPair))
{
isValid = ver.Verify(rgbHash, 0, rgbHash.Length, rgbSignature, 0, rgbSignature.Length);
}
return(isValid);
}
public void InputDelegate(ref POINTER_INFO ptr, MechanismType mechanismType)
{
if (!_inputEnabled) return;
switch (ptr.evt)
{
case POINTER_INFO.INPUT_EVENT.PRESS:
LevelManager.instance.CreateMechanismForDragging(mechanismType);
break;
case POINTER_INFO.INPUT_EVENT.TAP:
case POINTER_INFO.INPUT_EVENT.RELEASE:
case POINTER_INFO.INPUT_EVENT.RELEASE_OFF:
// GameManager.instance.UnSelecteMechanistIcon();
break;
}
BackgroundInputCatcher.Catcher.InputDelegate(ref ptr);
}
///<summary>
///</summary>
///<param name="type"></param>
///<returns></returns>
///<exception cref="NotSupportedException"></exception>
public static SASLProcessor CreateProcessor(MechanismType type)
{
if ((type & MechanismType.EXTERNAL) == MechanismType.EXTERNAL)
{
Logger.Debug(typeof(SASLProcessor), "External Not Supported");
throw new NotSupportedException();
}
if ((type & MechanismType.DIGEST_MD5) == MechanismType.DIGEST_MD5)
{
Logger.Debug(typeof(SASLProcessor), "Creating DIGEST-MD5 Processor");
return new MD5Processor();
}
if ((type & MechanismType.PLAIN) == MechanismType.PLAIN)
{
Logger.Debug(typeof(SASLProcessor), "Creating PLAIN SASL processor");
return new PlainProcessor();
}
return null;
}
public void InputDelegate(ref POINTER_INFO ptr, MechanismType mechanismType)
{
if (!_inputEnabled)
{
return;
}
switch (ptr.evt)
{
case POINTER_INFO.INPUT_EVENT.PRESS:
LevelManager.instance.CreateMechanismForDragging(mechanismType);
break;
case POINTER_INFO.INPUT_EVENT.TAP:
case POINTER_INFO.INPUT_EVENT.RELEASE:
case POINTER_INFO.INPUT_EVENT.RELEASE_OFF:
// GameManager.instance.UnSelecteMechanistIcon();
break;
}
BackgroundInputCatcher.Catcher.InputDelegate(ref ptr);
}
private void Init(CryptoKey key, int keySize)
{
LegalKeySizesValue = s_KeySizes;
m_keyGenMech = new Mechanism(MechanismType.DSA_KEY_PAIR_GEN);
m_signatureMech = new Mechanism(MechanismType.DSA);
m_hashAlgorithm = MechanismType.SHA_1;
if (key == null)
{
KeySize = keySize;
}
else
{
if (key.Type != CryptoKey.KeyType.DSA)
{
throw new ArgumentException();
}
KeyPair = key;
}
}
public bool Decode(Encoding encodings)
{
Debug.Log("EncodableLevel Encoding Data\n" + encodings.DebugString());
// int count = encodings.Int(0);
// for (int i = 0 ; i < count ; i++)
// {
// PartGenerator generator = ObjectPoolManager.GetObject(GameSettings.instance.partGeneratorPrefab);
// generator.Decode(encodings.SubEncoding(1+i));
// }
int i = 0;
MechanismType [] mechanismTypes = new MechanismType [] { MechanismType.Generator, MechanismType.Grabber, MechanismType.WeldingRig };
foreach (MechanismType type in mechanismTypes)
{
int count = encodings.Int(i);
i++;
for (int j = 0; j < count; j++)
{
Mechanism newMechanism = ObjectPoolManager.GetObject <Mechanism>(GameSettings.instance.GetMechanism(type));
newMechanism.Decode(encodings.SubEncoding(i));
i++;
}
}
GridManager.instance.targetConstructions = encodings.Int(i + 0);
// GridManager.instance.targetConstructions2 = encodings.Int(i+1);
Construction target0 = Construction.DecodeCreate(encodings.SubEncoding(i + 2));
// Debug.Log ("Setting Target0 "+encodings.SubEncoding(i+2).DebugString());
// Debug.Log ("Setting Target0 "+Encoding.Encode(target0));
GridManager.instance.SetTarget(target0);
target0.DestroySelf();
// Construction target0 = Construction.DecodeCreate(encodings.SubEncoding(i+3));
// CoroutineUtils.WaitOneFrameAndDo(() => GridManager.instance.SetTarget(target0));
GridManager.instance.LevelOptions = encodings.Int(i + 4);
return(true);
}
public static string ToString(MechanismType type)
{
switch (type)
{
case MechanismType.Plain:
return("PLAIN");
case MechanismType.External:
return("EXTERNAL");
case MechanismType.DigestMd5:
return("DIGEST-MD5");
case MechanismType.Scram:
return("SCRAM-SHA-1");
case MechanismType.Xoauth2:
return("X-OAUTH2");
default:
return(string.Empty);
}
}
/// <summary>
/// Creates the appropriate authentication processor based on the types supported by the server and client.
/// </summary>
/// <param name="serverTypes">Authentication methods supported by the server</param>
/// <param name="clientTypes">Authentication methods supported by the client</param>
/// <returns>Authentication processor that is common between client and server.</returns>
/// <exception cref="NotSupportedException"></exception>
public static SaslProcessor CreateProcessor(MechanismType serverTypes, MechanismType clientTypes)
{
if ((serverTypes & MechanismType.External & clientTypes) == MechanismType.External)
{
throw new NotSupportedException();
}
if ((serverTypes & MechanismType.Scram & clientTypes) == MechanismType.Scram)
{
return(new ScramProcessor());
}
if ((serverTypes & MechanismType.DigestMd5 & clientTypes) == MechanismType.DigestMd5)
{
return(new Md5Processor());
}
if ((serverTypes & MechanismType.Plain & clientTypes) == MechanismType.Plain)
{
return(new PlainProcessor());
}
return(null);
}
/// <summary>
/// Creates the appropriate authentication processor based on the types supported by the server and client.
/// </summary>
/// <param name="serverTypes">Authentication methods supported by the server</param>
/// <param name="clientTypes">Authentication methods supported by the client</param>
/// <returns>Authentication processor that is common between client and server.</returns>
/// <exception cref="NotSupportedException"></exception>
public static SaslProcessor CreateProcessor(MechanismType serverTypes, MechanismType clientTypes)
{
if ((serverTypes & MechanismType.External & clientTypes) == MechanismType.External)
{
throw new NotSupportedException();
}
if ((serverTypes & MechanismType.Scram & clientTypes) == MechanismType.Scram)
{
return new ScramProcessor();
}
if ((serverTypes & MechanismType.DigestMd5 & clientTypes) == MechanismType.DigestMd5)
{
return new Md5Processor();
}
if ((serverTypes & MechanismType.Plain & clientTypes) == MechanismType.Plain)
{
return new PlainProcessor();
}
return null;
}
private static bool TestSignDataBuffer(Session session)
{
bool passed = true;
byte[] data = new byte[10000];
for (int i = 0; i < data.Length; i++)
data[i] = (byte)(i % 256);
MechanismType[] hashAlgorithms = new MechanismType[]
{
// MechanismType.MD5, - currently not supported in OpenSSL for ECDSA
MechanismType.SHA_1,
MechanismType.SHA256,
MechanismType.SHA384,
MechanismType.SHA512,
};
int[] keySizes = new int[] { 256, 384, 521 };
foreach (int keySize in keySizes)
{
WriteLine("Using key size " + keySize);
foreach (MechanismType hashAlgorithm in hashAlgorithms)
{
WriteLine("Using hash algorithm " + hashAlgorithm.ToString());
using (ECDsaCryptoServiceProvider sign = new ECDsaCryptoServiceProvider(session, keySize))
using (ECDsaCryptoServiceProvider verify = new ECDsaCryptoServiceProvider(sign.KeyPair))
{
sign.HashAlgorithm = hashAlgorithm;
verify.HashAlgorithm = hashAlgorithm;
try
{
byte[] signature = sign.SignData(data);
bool verified = verify.VerifyData(data, signature);
if (!verified)
WriteLine("Did not verify");
passed &= verified;
}
catch
{
passed = false;
}
}
}
}
return passed;
}
private static bool TestKeyExchangeHmac()
{
bool passed = true;
int[] keySizes = new int[] { 256, 384, 521 };
MechanismType[] hashAlgorithms = new MechanismType[]
{
MechanismType.MD5,
MechanismType.SHA_1,
MechanismType.SHA256,
MechanismType.SHA384,
MechanismType.SHA512
};
foreach (int keySize in keySizes)
{
WriteLine(" Using key size " + keySize);
foreach (MechanismType hashAlgorithm in hashAlgorithms)
{
WriteLine(" Hash algorithm " + hashAlgorithm.ToString());
using (ECDiffieHellmanCryptoServiceProvider dh = new ECDiffieHellmanCryptoServiceProvider())
using (ECDiffieHellmanCryptoServiceProvider dh2 = new ECDiffieHellmanCryptoServiceProvider())
{
dh.KeySize = keySize;
dh2.KeySize = keySize;
dh.HashAlgorithm = hashAlgorithm;
dh2.HashAlgorithm = hashAlgorithm;
dh.SecretAppend = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8 };
dh2.SecretAppend = dh.SecretAppend;
dh.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hmac;
dh2.KeyDerivationFunction = dh.KeyDerivationFunction;
CryptoKey k1 = dh.DeriveKeyMaterial(dh2.PublicKey);
CryptoKey k2 = dh2.DeriveKeyMaterial(dh.PublicKey);
byte[] key1 = k1.ExportKey(true);
byte[] key2 = k2.ExportKey(true);
WriteLine(" " + key1.Length * 8 + " bit key generated");
if (key1 == null || key2 == null)
{
WriteLine("Fail -- null key");
passed = false;
}
if (!CompareBytes(key1, key2))
{
WriteLine("Fail");
passed = false;
}
}
}
}
return passed;
}
/// <summary>
/// Create a new SASLProcessor, of the best type possible
/// </summary>
/// <param name="mt">The types the server implements</param>
/// <param name="plaintextOK">Is it ok to select insecure types?</param>
/// <param name="mechs">The mechanisms supported by the server</param>
/// <returns></returns>
public static SASLProcessor createProcessor(MechanismType mt, bool plaintextOK, Mechanisms mechs)
{
if ((mt & MechanismType.EXTERNAL) == MechanismType.EXTERNAL)
{
return new ExternalProcessor();
}
if ((mt & MechanismType.GSSAPI) == MechanismType.GSSAPI)
{
string RemotePrincipal = "";
foreach (Mechanism mechanism in mechs.GetMechanisms())
{
if (mechanism.MechanismName == "GSSAPI")
{
RemotePrincipal = mechanism.GetAttribute("kerb:principal");
break;
}
}
return new KerbProcessor(RemotePrincipal);
}
if ((mt & MechanismType.DIGEST_MD5) == MechanismType.DIGEST_MD5)
{
return new MD5Processor();
}
else if (plaintextOK && ((mt & MechanismType.PLAIN) == MechanismType.PLAIN))
{
return new PlainProcessor();
}
return null;
}
private string GetMechString(MechanismType mechType)
{
string str = (string)s_MechLookup[mechType];
if (str == null)
{
str = "UNKNOWN";
}
return str;
}
public Auth(MechanismType type)
: this()
{
MechanismType = type;
}
private extern void InitSession(string providerName, MechanismType[] mechanisms);
public extern void GetMechanismInfo(MechanismType type, ref MechanismInfo info);
private void Init(CryptoKey key, int keySize)
{
LegalKeySizesValue = s_KeySizes;
m_keyGenMech = new Mechanism(MechanismType.DSA_KEY_PAIR_GEN);
m_signatureMech = new Mechanism(MechanismType.DSA);
m_hashAlgorithm = MechanismType.SHA_1;
if (key == null)
{
KeySize = keySize;
}
else
{
if (key.Type != CryptoKey.KeyType.DSA) throw new ArgumentException();
KeyPair = key;
}
}
/// <summary>
/// Creates a Mechansim object with specified mechanism type and parameter bytes.
/// </summary>
/// <param name="type">The mechanism type.</param>
/// <param name="parameter">The parameter data for the mechanism.</param>
public Mechanism(MechanismType type, byte[] parameter)
{
Type = type;
Parameter = parameter;
}
public static string GetMechanismName(MechanismType mechanism)
{
switch (mechanism)
{
case MechanismType.KERBEROS_V4:
return "KERBEROS_V4";
case MechanismType.GSSAPI:
return "GSSAPI";
case MechanismType.SKEY:
return "SKEY";
case MechanismType.EXTERNAL:
return "EXTERNAL";
case MechanismType.CRAM_MD5:
return "CRAM-MD5";
case MechanismType.ANONYMOUS:
return "ANONYMOUS";
case MechanismType.OTP:
return "OTP";
case MechanismType.GSS_SPNEGO:
return "GSS-SPNEGO";
case MechanismType.PLAIN:
return "PLAIN";
case MechanismType.SECURID:
return "SECURID";
case MechanismType.NTLM:
return "NTLM";
case MechanismType.NMAS_LOGIN:
return "NMAS_LOGIN";
case MechanismType.NMAS_AUTHEN:
return "NMAS_AUTHEN";
case MechanismType.DIGEST_MD5:
return "DIGEST-MD5";
case MechanismType.ISO_9798_U_RSA_SHA1_ENC:
return "9798-U-RSA-SHA1-ENC";
case MechanismType.ISO_9798_M_RSA_SHA1_ENC:
return "9798-M-RSA-SHA1-ENC";
case MechanismType.ISO_9798_U_DSA_SHA1:
return "9798-U-DSA-SHA1";
case MechanismType.ISO_9798_M_DSA_SHA1:
return "9798-M-DSA-SHA1";
case MechanismType.ISO_9798_U_ECDSA_SHA1:
return "9798-U-ECDSA-SHA1";
case MechanismType.ISO_9798_M_ECDSA_SHA1:
return "9798-M-ECDSA-SHA1";
case MechanismType.KERBEROS_V5:
return "KERBEROS_V5";
case MechanismType.NMAS_SAMBA_AUTH:
return "NMAS-SAMBA-AUTH";
case MechanismType.X_GOOGLE_TOKEN:
return "X-GOOGLE-TOKEN";
default:
return null;
}
}
private static bool TestSignDataStream(Session session)
{
bool passed = true;
byte[] data = new byte[10000];
for (int i = 0; i < data.Length; i++)
data[i] = (byte)(i % 256);
MechanismType[] hashAlgorithms = new MechanismType[]
{
//MechanismType.MD5, currently not supported in OpenSSL for DSA
MechanismType.SHA_1,
MechanismType.SHA256,
MechanismType.SHA384,
MechanismType.SHA512
};
int[] keySizes = new int[] { 256, 384, 521 };
foreach (int keySize in keySizes)
{
WriteLine("Using key size " + keySize);
foreach (MechanismType hashAlgorithm in hashAlgorithms)
{
WriteLine("Using hash algorithm " + hashAlgorithm.ToString());
using (ECDsaCryptoServiceProvider sign = new ECDsaCryptoServiceProvider(session))
{
sign.KeySize = keySize;
using (ECDsaCryptoServiceProvider verify1 = new ECDsaCryptoServiceProvider(sign.KeyPair))
using (ECDsaCryptoServiceProvider verify2 = new ECDsaCryptoServiceProvider(sign.KeyPair))
//using (MemoryStream ms = new MemoryStream(data))
{
sign.HashAlgorithm = hashAlgorithm;
verify1.HashAlgorithm = hashAlgorithm;
verify2.HashAlgorithm = hashAlgorithm;
byte[] signature = sign.SignData(data); //ms);
//ms.Position = 0;
bool verified = verify1.VerifyData(data, signature);
if (!verified)
WriteLine("Did not verify via stream");
passed &= verified;
verified = verify2.VerifyData(data, signature);
if (!verified)
WriteLine("Did not verify via array");
passed &= verified;
}
}
}
}
return passed;
}
/// <summary>
/// </summary>
/// <param name="type"></param>
/// <returns></returns>
public static string GetMechanism(MechanismType type)
{
switch (type)
{
case MechanismType.Plain:
return "PLAIN";
case MechanismType.External:
return "EXTERNAL";
case MechanismType.DigestMd5:
return "DIGEST-MD5";
case MechanismType.Scram:
return "SCRAM-SHA-1";
default:
return "";
}
}
public static string ToString(MechanismType type)
{
switch (type)
{
case MechanismType.Plain:
return "PLAIN";
case MechanismType.External:
return "EXTERNAL";
case MechanismType.DigestMD5:
return "DIGEST-MD5";
case MechanismType.SCRAM:
return "SCRAM-SHA-1";
case MechanismType.XOAUTH2:
return "X-OAUTH2";
default:
return "";
}
}
public Auth(MechanismType type, string text)
: this(type)
{
this.Value = text;
}
/// <summary>
/// Create a new SASLProcessor, of the best type possible
/// </summary>
/// <param name="mt">The types the server implements</param>
/// <param name="plaintextOK">Is it ok to select insecure types?</param>
/// <param name="mechs">The mechanisms supported by the server</param>
/// <returns></returns>
public static SASLProcessor createProcessor(MechanismType mt, bool plaintextOK, Mechanisms mechs)
{
if ((mt & MechanismType.EXTERNAL) == MechanismType.EXTERNAL)
{
return new ExternalProcessor();
}
if ((mt & MechanismType.GSSAPI) == MechanismType.GSSAPI)
{
// Disabled until we can get a KerbProcessor that doesn't use
// `extern` calls
return null;
}
if ((mt & MechanismType.DIGEST_MD5) == MechanismType.DIGEST_MD5)
{
return new MD5Processor();
}
else if (plaintextOK && ((mt & MechanismType.PLAIN) == MechanismType.PLAIN))
{
return new PlainProcessor();
}
return null;
}
/// <summary>
/// The SASL mechanism, as a string.
/// </summary>
public static string GetMechanism(MechanismType type)
{
switch (type)
{
case MechanismType.KERBEROS_V4:
return("KERBEROS_V4");
case MechanismType.GSSAPI:
return("GSSAPI");
case MechanismType.SKEY:
return("SKEY");
case MechanismType.EXTERNAL:
return("EXTERNAL");
case MechanismType.CRAM_MD5:
return("CRAM-MD5");
case MechanismType.ANONYMOUS:
return("ANONYMOUS");
case MechanismType.OTP:
return("OTP");
case MechanismType.GSS_SPNEGO:
return("GSS-SPNEGO");
case MechanismType.PLAIN:
return("PLAIN");
case MechanismType.SECURID:
return("SECURID");
case MechanismType.NTLM:
return("NTLM");
case MechanismType.NMAS_LOGIN:
return("NMAS_LOGIN");
case MechanismType.NMAS_AUTHEN:
return("NMAS_AUTHEN");
case MechanismType.DIGEST_MD5:
return("DIGEST-MD5");
case MechanismType.ISO_9798_U_RSA_SHA1_ENC:
return("9798-U-RSA-SHA1-ENC");
case MechanismType.ISO_9798_M_RSA_SHA1_ENC:
return("9798-M-RSA-SHA1-ENC");
case MechanismType.ISO_9798_U_DSA_SHA1:
return("9798-U-DSA-SHA1");
case MechanismType.ISO_9798_M_DSA_SHA1:
return("9798-M-DSA-SHA1");
case MechanismType.ISO_9798_U_ECDSA_SHA1:
return("9798-U-ECDSA-SHA1");
case MechanismType.ISO_9798_M_ECDSA_SHA1:
return("9798-M-ECDSA-SHA1");
case MechanismType.KERBEROS_V5:
return("KERBEROS_V5");
case MechanismType.NMAS_SAMBA_AUTH:
return("NMAS-SAMBA-AUTH");
default:
return(null);
}
}
/// <summary>
/// Computes the signature for the specified hash value by encrypting it with the private key.
/// </summary>
/// <param name="rgbHash">The hash value of the data to be signed.</param>
/// <param name="hashAlgorithm">The hash algorithm used to create the hash value of the data.</param>
/// <returns>The DSA signature for the specified hash value.</returns>
public byte[] SignHash(byte[] rgbHash, MechanismType hashAlgorithm)
{
if (rgbHash == null)
throw new ArgumentNullException();
if (PublicOnly || rgbHash.Length == 0)
throw new CryptographicException();
byte[] sig = null;
m_signatureMech.Parameter = Utility.ConvertToBytes((int)(hashAlgorithm | MechanismType.SIGN_NO_NODIGEST_FLAG));
using (CryptokiSign sign = new CryptokiSign(m_session, m_signatureMech, KeyPair))
{
sig = sign.Sign(rgbHash, 0, rgbHash.Length);
}
return sig;
}
public Mechanism(MechanismType mechanism) : this()
{
MechanismType = mechanism;
}
/// <summary>
/// Verifies the specified signature data by comparing it to the signature computed for the specified hash value.
/// </summary>
/// <param name="rgbHash">The hash value of the data to be signed.</param>
/// <param name="hashAlgorithm">The hash algorithm used to create the hash value of the data.</param>
/// <param name="rgbSignature">The signature data to be verified.</param>
/// <returns>true if the signature verifies as valid; otherwise, false.</returns>
public bool VerifyHash(byte[] rgbHash, MechanismType hashAlgorithm, byte[] rgbSignature)
{
if (rgbHash == null || rgbSignature == null)
throw new ArgumentNullException();
if (rgbHash.Length == 0)
throw new CryptographicException();
bool isValid = false;
m_signatureMech.Parameter = Utility.ConvertToBytes((int)(hashAlgorithm | MechanismType.SIGN_NO_NODIGEST_FLAG));
using (CryptokiVerify ver = new CryptokiVerify(m_session, m_signatureMech, KeyPair))
{
isValid = ver.Verify(rgbHash, 0, rgbHash.Length, rgbSignature, 0, rgbSignature.Length);
}
return isValid;
}
///<summary>
///</summary>
///<param name="type"></param>
///<returns></returns>
public static string GetMechanism(MechanismType type)
{
switch (type)
{
case MechanismType.PLAIN:
return "PLAIN";
case MechanismType.EXTERNAL:
return "EXTERNAL";
case MechanismType.DIGEST_MD5:
return "DIGEST-MD5";
default:
return "";
}
}
/// <summary>
/// Creates a Mechanism object with given mechanism type or algorithm
/// </summary>
/// <param name="type">The mechanism type.</param>
public Mechanism(MechanismType type)
{
Type = type;
}
