//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.ServiceModel.Security { using System.Collections.Generic; using System.ServiceModel.Channels; using System.ServiceModel; using System.Collections.ObjectModel; using System.IdentityModel.Claims; using System.IdentityModel.Policy; using System.IdentityModel.Tokens; using System.IdentityModel.Selectors; using System.Security.Cryptography; using System.ServiceModel.Security.Tokens; using System.Text; using System.Runtime.Serialization; using System.Xml; using System.ComponentModel; [TypeConverter(typeof(System.ServiceModel.Configuration.SecurityAlgorithmSuiteConverter))] public abstract class SecurityAlgorithmSuite { static SecurityAlgorithmSuite basic256; static SecurityAlgorithmSuite basic192; static SecurityAlgorithmSuite basic128; static SecurityAlgorithmSuite tripleDes; static SecurityAlgorithmSuite basic256Rsa15; static SecurityAlgorithmSuite basic192Rsa15; static SecurityAlgorithmSuite basic128Rsa15; static SecurityAlgorithmSuite tripleDesRsa15; static SecurityAlgorithmSuite basic256Sha256; static SecurityAlgorithmSuite basic192Sha256; static SecurityAlgorithmSuite basic128Sha256; static SecurityAlgorithmSuite tripleDesSha256; static SecurityAlgorithmSuite basic256Sha256Rsa15; static SecurityAlgorithmSuite basic192Sha256Rsa15; static SecurityAlgorithmSuite basic128Sha256Rsa15; static SecurityAlgorithmSuite tripleDesSha256Rsa15; static internal SecurityAlgorithmSuite KerberosDefault { get { return Basic128; } } static public SecurityAlgorithmSuite Default { get { return Basic256; } } static public SecurityAlgorithmSuite Basic256 { get { if (basic256 == null) basic256 = new Basic256SecurityAlgorithmSuite(); return basic256; } } static public SecurityAlgorithmSuite Basic192 { get { if (basic192 == null) basic192 = new Basic192SecurityAlgorithmSuite(); return basic192; } } static public SecurityAlgorithmSuite Basic128 { get { if (basic128 == null) basic128 = new Basic128SecurityAlgorithmSuite(); return basic128; } } static public SecurityAlgorithmSuite TripleDes { get { if (tripleDes == null) tripleDes = new TripleDesSecurityAlgorithmSuite(); return tripleDes; } } static public SecurityAlgorithmSuite Basic256Rsa15 { get { if (basic256Rsa15 == null) basic256Rsa15 = new Basic256Rsa15SecurityAlgorithmSuite(); return basic256Rsa15; } } static public SecurityAlgorithmSuite Basic192Rsa15 { get { if (basic192Rsa15 == null) basic192Rsa15 = new Basic192Rsa15SecurityAlgorithmSuite(); return basic192Rsa15; } } static public SecurityAlgorithmSuite Basic128Rsa15 { get { if (basic128Rsa15 == null) basic128Rsa15 = new Basic128Rsa15SecurityAlgorithmSuite(); return basic128Rsa15; } } static public SecurityAlgorithmSuite TripleDesRsa15 { get { if (tripleDesRsa15 == null) tripleDesRsa15 = new TripleDesRsa15SecurityAlgorithmSuite(); return tripleDesRsa15; } } static public SecurityAlgorithmSuite Basic256Sha256 { get { if (basic256Sha256 == null) basic256Sha256 = new Basic256Sha256SecurityAlgorithmSuite(); return basic256Sha256; } } static public SecurityAlgorithmSuite Basic192Sha256 { get { if (basic192Sha256 == null) basic192Sha256 = new Basic192Sha256SecurityAlgorithmSuite(); return basic192Sha256; } } static public SecurityAlgorithmSuite Basic128Sha256 { get { if (basic128Sha256 == null) basic128Sha256 = new Basic128Sha256SecurityAlgorithmSuite(); return basic128Sha256; } } static public SecurityAlgorithmSuite TripleDesSha256 { get { if (tripleDesSha256 == null) tripleDesSha256 = new TripleDesSha256SecurityAlgorithmSuite(); return tripleDesSha256; } } static public SecurityAlgorithmSuite Basic256Sha256Rsa15 { get { if (basic256Sha256Rsa15 == null) basic256Sha256Rsa15 = new Basic256Sha256Rsa15SecurityAlgorithmSuite(); return basic256Sha256Rsa15; } } static public SecurityAlgorithmSuite Basic192Sha256Rsa15 { get { if (basic192Sha256Rsa15 == null) basic192Sha256Rsa15 = new Basic192Sha256Rsa15SecurityAlgorithmSuite(); return basic192Sha256Rsa15; } } static public SecurityAlgorithmSuite Basic128Sha256Rsa15 { get { if (basic128Sha256Rsa15 == null) basic128Sha256Rsa15 = new Basic128Sha256Rsa15SecurityAlgorithmSuite(); return basic128Sha256Rsa15; } } static public SecurityAlgorithmSuite TripleDesSha256Rsa15 { get { if (tripleDesSha256Rsa15 == null) tripleDesSha256Rsa15 = new TripleDesSha256Rsa15SecurityAlgorithmSuite(); return tripleDesSha256Rsa15; } } public abstract string DefaultCanonicalizationAlgorithm { get; } public abstract string DefaultDigestAlgorithm { get; } public abstract string DefaultEncryptionAlgorithm { get; } public abstract int DefaultEncryptionKeyDerivationLength { get; } public abstract string DefaultSymmetricKeyWrapAlgorithm { get; } public abstract string DefaultAsymmetricKeyWrapAlgorithm { get; } public abstract string DefaultSymmetricSignatureAlgorithm { get; } public abstract string DefaultAsymmetricSignatureAlgorithm { get; } public abstract int DefaultSignatureKeyDerivationLength { get; } public abstract int DefaultSymmetricKeyLength { get; } internal virtual XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return null; } } internal virtual XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return null; } } internal virtual XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return null; } } internal virtual XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return null; } } internal virtual XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return null; } } internal virtual XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return null; } } internal virtual XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return null; } } protected SecurityAlgorithmSuite() { } public virtual bool IsCanonicalizationAlgorithmSupported(string algorithm) { return algorithm == DefaultCanonicalizationAlgorithm; } public virtual bool IsDigestAlgorithmSupported(string algorithm) { return algorithm == DefaultDigestAlgorithm; } public virtual bool IsEncryptionAlgorithmSupported(string algorithm) { return algorithm == DefaultEncryptionAlgorithm; } public virtual bool IsEncryptionKeyDerivationAlgorithmSupported(string algorithm) { return (algorithm == SecurityAlgorithms.Psha1KeyDerivation) || (algorithm == SecurityAlgorithms.Psha1KeyDerivationDec2005); } public virtual bool IsSymmetricKeyWrapAlgorithmSupported(string algorithm) { return algorithm == DefaultSymmetricKeyWrapAlgorithm; } public virtual bool IsAsymmetricKeyWrapAlgorithmSupported(string algorithm) { return algorithm == DefaultAsymmetricKeyWrapAlgorithm; } public virtual bool IsSymmetricSignatureAlgorithmSupported(string algorithm) { return algorithm == DefaultSymmetricSignatureAlgorithm; } public virtual bool IsAsymmetricSignatureAlgorithmSupported(string algorithm) { return algorithm == DefaultAsymmetricSignatureAlgorithm; } public virtual bool IsSignatureKeyDerivationAlgorithmSupported(string algorithm) { return (algorithm == SecurityAlgorithms.Psha1KeyDerivation) || (algorithm == SecurityAlgorithms.Psha1KeyDerivationDec2005); } public abstract bool IsSymmetricKeyLengthSupported(int length); public abstract bool IsAsymmetricKeyLengthSupported(int length); internal static bool IsRsaSHA256(SecurityAlgorithmSuite suite) { if ( suite == null ) return false; return (suite == Basic128Sha256 || suite == Basic128Sha256Rsa15 || suite == Basic192Sha256 || suite == Basic192Sha256Rsa15 || suite == Basic256Sha256 || suite == Basic256Sha256Rsa15 || suite == TripleDesSha256 || suite == TripleDesSha256Rsa15); } internal string GetEncryptionKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version) { if (token == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) return derivationAlgorithm; else return null; } internal int GetEncryptionKeyDerivationLength(SecurityToken token, SecureConversationVersion version) { if (token == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) { if (this.DefaultEncryptionKeyDerivationLength % 8 != 0) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.Psha1KeyLengthInvalid, this.DefaultEncryptionKeyDerivationLength))); return this.DefaultEncryptionKeyDerivationLength / 8; } else return 0; } internal void GetKeyWrapAlgorithm(SecurityToken token, out string keyWrapAlgorithm, out XmlDictionaryString keyWrapAlgorithmDictionaryString) { if (token == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); if (SecurityUtils.IsSupportedAlgorithm(this.DefaultSymmetricKeyWrapAlgorithm, token)) { keyWrapAlgorithm = this.DefaultSymmetricKeyWrapAlgorithm; keyWrapAlgorithmDictionaryString = this.DefaultSymmetricKeyWrapAlgorithmDictionaryString; } else { keyWrapAlgorithm = this.DefaultAsymmetricKeyWrapAlgorithm; keyWrapAlgorithmDictionaryString = this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString; } } internal void GetSignatureAlgorithmAndKey(SecurityToken token, out string signatureAlgorithm, out SecurityKey key, out XmlDictionaryString signatureAlgorithmDictionaryString) { ReadOnlyCollection keys = token.SecurityKeys; if (keys == null || keys.Count == 0) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SigningTokenHasNoKeys, token))); } for (int i = 0; i < keys.Count; i++) { if (keys[i].IsSupportedAlgorithm(this.DefaultSymmetricSignatureAlgorithm)) { signatureAlgorithm = this.DefaultSymmetricSignatureAlgorithm; signatureAlgorithmDictionaryString = this.DefaultSymmetricSignatureAlgorithmDictionaryString; key = keys[i]; return; } else if (keys[i].IsSupportedAlgorithm(this.DefaultAsymmetricSignatureAlgorithm)) { signatureAlgorithm = this.DefaultAsymmetricSignatureAlgorithm; signatureAlgorithmDictionaryString = this.DefaultAsymmetricSignatureAlgorithmDictionaryString; key = keys[i]; return; } } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SigningTokenHasNoKeysSupportingTheAlgorithmSuite, token, this))); } internal string GetSignatureKeyDerivationAlgorithm(SecurityToken token, SecureConversationVersion version) { if (token == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) return derivationAlgorithm; else return null; } internal int GetSignatureKeyDerivationLength(SecurityToken token, SecureConversationVersion version) { if (token == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); string derivationAlgorithm = SecurityUtils.GetKeyDerivationAlgorithm(version); if (SecurityUtils.IsSupportedAlgorithm(derivationAlgorithm, token)) { if (this.DefaultSignatureKeyDerivationLength % 8 != 0) throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.Psha1KeyLengthInvalid, this.DefaultSignatureKeyDerivationLength))); return this.DefaultSignatureKeyDerivationLength / 8; } else return 0; } internal void EnsureAcceptableSymmetricSignatureAlgorithm(string algorithm) { if (!IsSymmetricSignatureAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "SymmetricSignature", this))); } } internal void EnsureAcceptableSignatureKeySize(SecurityKey securityKey, SecurityToken token) { AsymmetricSecurityKey asymmetricSecurityKey = securityKey as AsymmetricSecurityKey; if (asymmetricSecurityKey != null) { if (!IsAsymmetricKeyLengthSupported(asymmetricSecurityKey.KeySize)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, asymmetricSecurityKey.KeySize))); } } else { SymmetricSecurityKey symmetricSecurityKey = securityKey as SymmetricSecurityKey; if (symmetricSecurityKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnknownICryptoType, symmetricSecurityKey))); } EnsureAcceptableSignatureSymmetricKeySize(symmetricSecurityKey, token); } } // Ensure acceptable signing symmetric key. // 1) if derived key, validate derived key against DefaultSignatureKeyDerivationLength and validate // source key against DefaultSymmetricKeyLength // 2) if not derived key, validate key against DefaultSymmetricKeyLength internal void EnsureAcceptableSignatureSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token) { int keySize; DerivedKeySecurityToken dkt = token as DerivedKeySecurityToken; if (dkt != null) { token = dkt.TokenToDerive; keySize = ((SymmetricSecurityKey)token.SecurityKeys[0]).KeySize; // doing special case for derived key token signing length since // the sending side doesn't honor the algorithm suite. It used the DefaultSignatureKeyDerivationLength instead if (dkt.SecurityKeys[0].KeySize < this.DefaultSignatureKeyDerivationLength) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, dkt, dkt.SecurityKeys[0].KeySize))); } } else { keySize = securityKey.KeySize; } if (!IsSymmetricKeyLengthSupported(keySize)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, keySize))); } } // Ensure acceptable decrypting symmetric key. // 1) if derived key, validate derived key against DefaultEncryptionKeyDerivationLength and validate // source key against DefaultSymmetricKeyLength // 2) if not derived key, validate key against DefaultSymmetricKeyLength internal void EnsureAcceptableDecryptionSymmetricKeySize(SymmetricSecurityKey securityKey, SecurityToken token) { int keySize; DerivedKeySecurityToken dkt = token as DerivedKeySecurityToken; if (dkt != null) { token = dkt.TokenToDerive; keySize = ((SymmetricSecurityKey)token.SecurityKeys[0]).KeySize; // doing special case for derived key token signing length since // the sending side doesn't honor the algorithm suite. It used the DefaultSignatureKeyDerivationLength instead if (dkt.SecurityKeys[0].KeySize < this.DefaultEncryptionKeyDerivationLength) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, dkt, dkt.SecurityKeys[0].KeySize))); } } else { keySize = securityKey.KeySize; } if (!IsSymmetricKeyLengthSupported(keySize)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException( SR.GetString(SR.TokenDoesNotMeetKeySizeRequirements, this, token, keySize))); } } internal void EnsureAcceptableSignatureAlgorithm(SecurityKey verificationKey, string algorithm) { InMemorySymmetricSecurityKey symmeticKey = verificationKey as InMemorySymmetricSecurityKey; if (symmeticKey != null) { this.EnsureAcceptableSymmetricSignatureAlgorithm(algorithm); } else { AsymmetricSecurityKey asymmetricKey = verificationKey as AsymmetricSecurityKey; if (asymmetricKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.UnknownICryptoType, verificationKey))); } this.EnsureAcceptableAsymmetricSignatureAlgorithm(algorithm); } } internal void EnsureAcceptableAsymmetricSignatureAlgorithm(string algorithm) { if (!IsAsymmetricSignatureAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "AsymmetricSignature", this))); } } internal void EnsureAcceptableKeyWrapAlgorithm(string algorithm, bool isAsymmetric) { if (isAsymmetric) { if (!IsAsymmetricKeyWrapAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "AsymmetricKeyWrap", this))); } } else { if (!IsSymmetricKeyWrapAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "SymmetricKeyWrap", this))); } } } internal void EnsureAcceptableEncryptionAlgorithm(string algorithm) { if (!IsEncryptionAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "Encryption", this))); } } internal void EnsureAcceptableSignatureKeyDerivationAlgorithm(string algorithm) { if (!IsSignatureKeyDerivationAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "SignatureKeyDerivation", this))); } } internal void EnsureAcceptableEncryptionKeyDerivationAlgorithm(string algorithm) { if (!IsEncryptionKeyDerivationAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "EncryptionKeyDerivation", this))); } } internal void EnsureAcceptableDigestAlgorithm(string algorithm) { if (!IsDigestAlgorithmSupported(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SuiteDoesNotAcceptAlgorithm, algorithm, "Digest", this))); } } } public class Basic256SecurityAlgorithmSuite : SecurityAlgorithmSuite { public Basic256SecurityAlgorithmSuite() : base() { } public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } } public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } } public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } } public override int DefaultEncryptionKeyDerivationLength { get { return 256; } } public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricKeyWrapAlgorithm { get { return DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } public override int DefaultSignatureKeyDerivationLength { get { return 192; } } public override int DefaultSymmetricKeyLength { get { return 256; } } public override bool IsSymmetricKeyLengthSupported(int length) { return length == 256; } public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes256Encryption; } } internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes256KeyWrap; } } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } public override string ToString() { return "Basic256"; } } public class Basic192SecurityAlgorithmSuite : SecurityAlgorithmSuite { public Basic192SecurityAlgorithmSuite() : base() { } public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } } public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } } public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } } public override int DefaultEncryptionKeyDerivationLength { get { return 192; } } public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricKeyWrapAlgorithm { get { return DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } public override int DefaultSignatureKeyDerivationLength { get { return 192; } } public override int DefaultSymmetricKeyLength { get { return 192; } } public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 192 && length <= 256; } public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes192Encryption; } } internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes192KeyWrap; } } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } public override string ToString() { return "Basic192"; } } public class Basic128SecurityAlgorithmSuite : SecurityAlgorithmSuite { public Basic128SecurityAlgorithmSuite() : base() { } public override string DefaultCanonicalizationAlgorithm { get { return this.DefaultCanonicalizationAlgorithmDictionaryString.Value; } } public override string DefaultDigestAlgorithm { get { return this.DefaultDigestAlgorithmDictionaryString.Value; } } public override string DefaultEncryptionAlgorithm { get { return this.DefaultEncryptionAlgorithmDictionaryString.Value; } } public override int DefaultEncryptionKeyDerivationLength { get { return 128; } } public override string DefaultSymmetricKeyWrapAlgorithm { get { return this.DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricKeyWrapAlgorithm { get { return this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultSymmetricSignatureAlgorithm { get { return this.DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricSignatureAlgorithm { get { return this.DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } public override int DefaultSignatureKeyDerivationLength { get { return 128; } } public override int DefaultSymmetricKeyLength { get { return 128; } } public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 128 && length <= 256; } public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes128Encryption; } } internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Aes128KeyWrap; } } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } public override string ToString() { return "Basic128"; } } public class TripleDesSecurityAlgorithmSuite : SecurityAlgorithmSuite { public TripleDesSecurityAlgorithmSuite() : base() { } public override string DefaultCanonicalizationAlgorithm { get { return DefaultCanonicalizationAlgorithmDictionaryString.Value; } } public override string DefaultDigestAlgorithm { get { return DefaultDigestAlgorithmDictionaryString.Value; } } public override string DefaultEncryptionAlgorithm { get { return DefaultEncryptionAlgorithmDictionaryString.Value; } } public override int DefaultEncryptionKeyDerivationLength { get { return 192; } } public override string DefaultSymmetricKeyWrapAlgorithm { get { return DefaultSymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricKeyWrapAlgorithm { get { return this.DefaultAsymmetricKeyWrapAlgorithmDictionaryString.Value; } } public override string DefaultSymmetricSignatureAlgorithm { get { return DefaultSymmetricSignatureAlgorithmDictionaryString.Value; } } public override string DefaultAsymmetricSignatureAlgorithm { get { return DefaultAsymmetricSignatureAlgorithmDictionaryString.Value; } } public override int DefaultSignatureKeyDerivationLength { get { return 192; } } public override int DefaultSymmetricKeyLength { get { return 192; } } public override bool IsSymmetricKeyLengthSupported(int length) { return length >= 192 && length <= 256; } public override bool IsAsymmetricKeyLengthSupported(int length) { return length >= 1024 && length <= 4096; } internal override XmlDictionaryString DefaultCanonicalizationAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.ExclusiveC14n; } } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha1Digest; } } internal override XmlDictionaryString DefaultEncryptionAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.TripleDesEncryption; } } internal override XmlDictionaryString DefaultSymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.TripleDesKeyWrap; } } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaOaepKeyWrap; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha1Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha1Signature; } } public override string ToString() { return "TripleDes"; } } class Basic128Rsa15SecurityAlgorithmSuite : Basic128SecurityAlgorithmSuite { public Basic128Rsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } public override string ToString() { return "Basic128Rsa15"; } } class Basic192Rsa15SecurityAlgorithmSuite : Basic192SecurityAlgorithmSuite { public Basic192Rsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } public override string ToString() { return "Basic192Rsa15"; } } class Basic256Rsa15SecurityAlgorithmSuite : Basic256SecurityAlgorithmSuite { public Basic256Rsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } public override string ToString() { return "Basic256Rsa15"; } } class TripleDesRsa15SecurityAlgorithmSuite : TripleDesSecurityAlgorithmSuite { public TripleDesRsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultAsymmetricKeyWrapAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaV15KeyWrap; } } public override string ToString() { return "TripleDesRsa15"; } } class Basic256Sha256SecurityAlgorithmSuite : Basic256SecurityAlgorithmSuite { public Basic256Sha256SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "Basic256Sha256"; } } class Basic192Sha256SecurityAlgorithmSuite : Basic192SecurityAlgorithmSuite { public Basic192Sha256SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "Basic192Sha256"; } } class Basic128Sha256SecurityAlgorithmSuite : Basic128SecurityAlgorithmSuite { public Basic128Sha256SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "Basic128Sha256"; } } class TripleDesSha256SecurityAlgorithmSuite : TripleDesSecurityAlgorithmSuite { public TripleDesSha256SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "TripleDesSha256"; } } class Basic256Sha256Rsa15SecurityAlgorithmSuite : Basic256Rsa15SecurityAlgorithmSuite { public Basic256Sha256Rsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "Basic256Sha256Rsa15"; } } class Basic192Sha256Rsa15SecurityAlgorithmSuite : Basic192Rsa15SecurityAlgorithmSuite { public Basic192Sha256Rsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "Basic192Sha256Rsa15"; } } class Basic128Sha256Rsa15SecurityAlgorithmSuite : Basic128Rsa15SecurityAlgorithmSuite { public Basic128Sha256Rsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "Basic128Sha256Rsa15"; } } class TripleDesSha256Rsa15SecurityAlgorithmSuite : TripleDesRsa15SecurityAlgorithmSuite { public TripleDesSha256Rsa15SecurityAlgorithmSuite() : base() { } internal override XmlDictionaryString DefaultDigestAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.Sha256Digest; } } internal override XmlDictionaryString DefaultSymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.HmacSha256Signature; } } internal override XmlDictionaryString DefaultAsymmetricSignatureAlgorithmDictionaryString { get { return XD.SecurityAlgorithmDictionary.RsaSha256Signature; } } public override string ToString() { return "TripleDesSha256Rsa15"; } } }