public static StatusCode UnsecureSymmetric(MemoryBuffer recvBuf, uint tokenID, uint?prevTokenID, int messageEncodedBlockStart, SLChannel.Keyset localKeyset, SLChannel.Keyset[] remoteKeysets, SecurityPolicy policy, MessageSecurityMode securityMode, out int decrSize) { decrSize = -1; int restorePos = recvBuf.Position; byte type = 0; uint messageSize = 0; UInt32 secureChannelId, securityTokenId, securitySeqNum, securityReqId; if (!recvBuf.Decode(out type)) { return(StatusCode.BadDecodingError); } if (!recvBuf.Decode(out messageSize)) { return(StatusCode.BadDecodingError); } if (!recvBuf.Decode(out secureChannelId)) { return(StatusCode.BadDecodingError); } if (!recvBuf.Decode(out securityTokenId)) { return(StatusCode.BadDecodingError); } int keysetIdx = -1; if (tokenID == securityTokenId) { keysetIdx = 0; } else if (prevTokenID.HasValue && prevTokenID.Value == securityTokenId) { keysetIdx = 1; } else { return(StatusCode.BadSecureChannelTokenUnknown); } //UInt32 respDecodeSize = messageSize; if (securityMode == MessageSecurityMode.SignAndEncrypt) { try { decrSize = UASecurity.RijndaelDecryptInplace( new ArraySegment <byte>(recvBuf.Buffer, messageEncodedBlockStart, (int)messageSize - messageEncodedBlockStart), remoteKeysets[keysetIdx].SymEncKey, remoteKeysets[keysetIdx].SymIV) + messageEncodedBlockStart; //respDecodeSize = (UInt32)(messageEncodedBlockStart + decrSize); } catch { return(StatusCode.BadSecurityChecksFailed); } } if (securityMode >= MessageSecurityMode.Sign) { try { int sigSize = SignatureSizeForSecurityPolicy(policy); var sigData = new ArraySegment <byte>(recvBuf.Buffer, 0, (int)messageSize - sigSize); var sig = new ArraySegment <byte>(recvBuf.Buffer, (int)messageSize - sigSize, sigSize).ToArray(); var sigExpect = UASecurity.SymmetricSign(remoteKeysets[keysetIdx].SymSignKey, sigData, policy); if (sig.Length != sigExpect.Length) { return(StatusCode.BadSecurityChecksFailed); } for (int i = 0; i < sig.Length; i++) { if (sig[i] != sigExpect[i]) { return(StatusCode.BadSecurityChecksFailed); } } byte padValue = (byte)(recvBuf.Buffer[messageSize - sigSize - 1] + 1); if (decrSize > 0) { decrSize -= sigSize; decrSize -= (int)padValue; if (decrSize <= 0) { return(StatusCode.BadSecurityChecksFailed); } } } catch { return(StatusCode.BadSecurityChecksFailed); } } if (!recvBuf.Decode(out securitySeqNum)) { return(StatusCode.BadDecodingError); } if (!recvBuf.Decode(out securityReqId)) { return(StatusCode.BadDecodingError); } recvBuf.Position = restorePos; return(StatusCode.Good); }
public static StatusCode UnsecureSymmetric( MemoryBuffer recvBuf, uint tokenID, uint?prevTokenID, int messageEncodedBlockStart, SLChannel.Keyset localKeyset, SLChannel.Keyset[] remoteKeysets, SecurityPolicy policy, MessageSecurityMode securityMode, out int decrSize) { decrSize = -1; int position = recvBuf.Position; if (!recvBuf.Decode(out byte v1) || !recvBuf.Decode(out uint v2) || (!recvBuf.Decode(out uint _) || !recvBuf.Decode(out uint v3))) { return(StatusCode.BadDecodingError); } int index1; if ((int)tokenID == (int)v3) { index1 = 0; } else { if (!prevTokenID.HasValue || (int)prevTokenID.Value != (int)v3) { return(StatusCode.BadSecureChannelTokenUnknown); } index1 = 1; } if (securityMode == MessageSecurityMode.SignAndEncrypt) { try { decrSize = UASecurity.RijndaelDecryptInplace(new ArraySegment <byte>(recvBuf.Buffer, messageEncodedBlockStart, (int)v2 - messageEncodedBlockStart), remoteKeysets[index1].SymEncKey, remoteKeysets[index1].SymIV) + messageEncodedBlockStart; } catch { return(StatusCode.BadSecurityChecksFailed); } } else { decrSize = (int)v2; } if (securityMode >= MessageSecurityMode.Sign) { try { int count = UASecurity.SignatureSizeForSecurityPolicy(policy); ArraySegment <byte> data = new ArraySegment <byte>(recvBuf.Buffer, 0, (int)v2 - count); byte[] array = new ArraySegment <byte>(recvBuf.Buffer, (int)v2 - count, count).ToArray(); byte[] numArray = UASecurity.SymmetricSign(remoteKeysets[index1].SymSignKey, data, policy); if (array.Length != numArray.Length) { return(StatusCode.BadSecurityChecksFailed); } for (int index2 = 0; index2 < array.Length; ++index2) { if (array[index2] != numArray[index2]) { return(StatusCode.BadSecurityChecksFailed); } } byte num = securityMode == MessageSecurityMode.SignAndEncrypt ? (byte)(recvBuf.Buffer[v2 - count - 1L] + 1U) : (byte)0; if (decrSize > 0) { decrSize -= count; decrSize -= num; if (decrSize <= 0) { return(StatusCode.BadSecurityChecksFailed); } } } catch { return(StatusCode.BadSecurityChecksFailed); } } if (!recvBuf.Decode(out uint _) || !recvBuf.Decode(out uint _)) { return(StatusCode.BadDecodingError); } recvBuf.Position = position; return(StatusCode.Good); }