Merge branch 'master' of https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2

Author: Revsgaard

src/ITfoxtec.Identity.Saml2/Configuration/Saml2IdentityConfiguration.cs

@@ -10,6 +10,7 @@
 using ITfoxtec.Identity.Saml2.Util;
 using Microsoft.IdentityModel.Tokens;
 using System.Security.Claims;
+using System.Security.Cryptography.X509Certificates;
 using System.IdentityModel.Selectors;
 #endif
 
@@ -25,6 +26,8 @@ public class Saml2IdentityConfiguration :
 
 #if !NETFULL
         public X509CertificateValidator CertificateValidator { get; set; }
+
+        public X509Certificate2 DecryptionCertificate { get; set; }
 #endif
 
         public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configuration config)
@@ -72,6 +75,7 @@ public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configura
                 CertificateValidationMode = config.CertificateValidationMode,
                 RevocationMode = config.RevocationMode,
             };
+            configuration.DecryptionCertificate = config.DecryptionCertificate;
             SetCustomCertificateValidator(configuration, config);
 #endif
 

src/ITfoxtec.Identity.Saml2/Cryptography/DecryptionWrapper/AesGcmAlgorithm.cs

@@ -0,0 +1,55 @@
+#if !NETFULL
+using System;
+using System.Security.Cryptography;
+
+namespace ITfoxtec.Identity.Saml2.Cryptography
+{
+    /// <summary>
+    /// SymmetricAlgorithm decrypting implementation for http://www.w3.org/2009/xmlenc11#aes128-gcm and http://www.w3.org/2009/xmlenc11#aes256-gcm.
+    /// This is class is not a general implementation and can only do decryption.
+    /// </summary>
+    public class AesGcmAlgorithm : SymmetricAlgorithm
+    {
+        public const string AesGcm128Identifier = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
+        public const string AesGcm256Identifier = "http://www.w3.org/2009/xmlenc11#aes256-gcm";
+
+        // "For the purposes of this specification, AES-GCM shall be used with a 96 bit Initialization Vector (IV) and a 128 bit Authentication Tag (T)."
+        // Source: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+        public const int NonceSizeInBits = 96;
+        private const int AuthenticationTagSizeInBits = 128;
+
+        public AesGcmAlgorithm()
+        {
+            LegalKeySizesValue = new[] {
+                new KeySizes(128, 256, 128),
+            };
+
+            //iv setter checks that iv is the size of a block. Not sure if there should be other block sizes
+            LegalBlockSizesValue = new[] { new KeySizes(NonceSizeInBits, NonceSizeInBits, 0) };
+            BlockSizeValue = NonceSizeInBits;
+            //dummy iv value since it is accessed first in EncryptedXml.DecryptData
+            IV = new byte[NonceSizeInBits / 8];
+        }
+
+        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)
+        {
+            return new AesGcmDecryptor(rgbKey, rgbIV, AuthenticationTagSizeInBits);
+        }
+
+        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void GenerateIV()
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void GenerateKey()
+        {
+            throw new NotImplementedException();
+        }
+    }
+}
+#endif

src/ITfoxtec.Identity.Saml2/Cryptography/DecryptionWrapper/AesGcmDecryptor.cs

@@ -0,0 +1,63 @@
+#if !NETFULL
+using System;
+using System.Security.Cryptography;
+
+namespace ITfoxtec.Identity.Saml2.Cryptography
+{
+    internal class AesGcmDecryptor : ICryptoTransform
+    {
+
+        private readonly byte[] key;
+        private readonly byte[] nonce;
+        private readonly int authenticationTagSizeInBits;
+
+        public AesGcmDecryptor(byte[] key, byte[] nonce, int authenticationTagSizeInBits)
+        {
+            this.key = key;
+            this.nonce = nonce;
+            this.authenticationTagSizeInBits = authenticationTagSizeInBits;
+        }
+
+        public bool CanReuseTransform => throw new NotImplementedException();
+
+        public bool CanTransformMultipleBlocks => throw new NotImplementedException();
+
+        public int InputBlockSize => throw new NotImplementedException();
+
+        public int OutputBlockSize => throw new NotImplementedException();
+
+        public void Dispose()
+        {
+        }
+
+        public int TransformBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
+        {
+            throw new NotImplementedException();
+        }
+
+        public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
+        {
+            //inspired by https://stackoverflow.com/a/60891115
+
+            var tagSize = authenticationTagSizeInBits / 8;
+            var cipherSize = inputCount - tagSize;
+
+            // "The cipher text contains the IV first, followed by the encrypted octets and finally the Authentication tag."
+            // https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+            var encryptedData = inputBuffer.AsSpan().Slice(inputOffset, inputCount);
+            var tag = encryptedData.Slice(encryptedData.Length - tagSize);
+
+            var cipherBytes = encryptedData.Slice(0, cipherSize);
+
+            var plainBytes = cipherSize < 1024
+              ? stackalloc byte[cipherSize]
+              : new byte[cipherSize];
+
+            using var aesgcm = new AesGcm(key);
+            aesgcm.Decrypt(nonce, cipherBytes, tag, plainBytes);
+
+            return plainBytes.ToArray();
+        }
+    }
+}
+#endif

src/ITfoxtec.Identity.Saml2/Cryptography/Saml2EncryptedXml.cs

@@ -1,4 +1,5 @@
-using System;
+using ITfoxtec.Identity.Saml2.Schemas;
+using System;
 using System.Security.Cryptography;
 using System.Security.Cryptography.Xml;
 using System.Xml;
@@ -7,9 +8,20 @@ namespace ITfoxtec.Identity.Saml2.Cryptography
 {
     public class Saml2EncryptedXml : EncryptedXml
     {
+        public const string XmlEncKeyAlgorithmRSAOAEPUrl = "http://www.w3.org/2009/xmlenc11#rsa-oaep";
+
         public RSA EncryptionPublicKey { get; set; }
         public RSA EncryptionPrivateKey { get; set; }
 
+#if !NETFULL
+        static Saml2EncryptedXml()
+        {
+            // Register AES-GCM wrapper on .NET Core targets where AES-GCM algorithm is available
+            CryptoConfig.AddAlgorithm(typeof(AesGcmAlgorithm), AesGcmAlgorithm.AesGcm256Identifier);
+            CryptoConfig.AddAlgorithm(typeof(AesGcmAlgorithm), AesGcmAlgorithm.AesGcm128Identifier);
+        }
+#endif
+
         public Saml2EncryptedXml(RSA encryptionPublicKey) : base()
         {
             EncryptionPublicKey = encryptionPublicKey;
@@ -29,20 +41,20 @@ public Saml2EncryptedXml(XmlDocument document, RSA encryptionPrivateKey) : this(
 
         public virtual XmlElement EncryptAassertion(XmlElement assertionElement)
         {
-            using (var encryptionAlgorithm = new AesCryptoServiceProvider())
+            using (var encryptionAlgorithm = Aes.Create())
             {
                 encryptionAlgorithm.KeySize = 256;
 
                 var encryptedData = new EncryptedData
                 {
-                    Type = EncryptedXml.XmlEncElementUrl,
-                    EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url),
+                    Type = XmlEncElementUrl,
+                    EncryptionMethod = new EncryptionMethod(XmlEncAES256Url),
                     KeyInfo = new KeyInfo()
                 };
                 encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(new EncryptedKey
                 {
-                    EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl),
-                    CipherData = new CipherData(EncryptedXml.EncryptKey(encryptionAlgorithm.Key, EncryptionPublicKey, true))
+                    EncryptionMethod = new EncryptionMethod(XmlEncRSAOAEPUrl),
+                    CipherData = new CipherData(EncryptKey(encryptionAlgorithm.Key, EncryptionPublicKey, true))
                 }));
 
                 var encryptedXml = new EncryptedXml();
@@ -52,9 +64,64 @@ public virtual XmlElement EncryptAassertion(XmlElement assertionElement)
             }
         }
 
+        public override byte[] GetDecryptionIV(EncryptedData encryptedData, string symmetricAlgorithmUri)
+        {
+            if (encryptedData is null)
+            {
+                throw new ArgumentNullException(nameof(encryptedData));
+            }
+
+#if !NETFULL
+
+            var aesGcmSymmetricAlgorithmUri = symmetricAlgorithmUri ?? encryptedData.EncryptionMethod?.KeyAlgorithm;
+            if (aesGcmSymmetricAlgorithmUri == AesGcmAlgorithm.AesGcm128Identifier || aesGcmSymmetricAlgorithmUri == AesGcmAlgorithm.AesGcm256Identifier)
+            {
+                int initBytesSize = 12;
+                byte[] iv = new byte[initBytesSize];
+                Buffer.BlockCopy(encryptedData.CipherData.CipherValue, 0, iv, 0, iv.Length);
+                return iv;
+            }
+#endif
+
+            return base.GetDecryptionIV(encryptedData, symmetricAlgorithmUri);
+        }
+
         public override byte[] DecryptEncryptedKey(EncryptedKey encryptedKey)
         {
-            return DecryptKey(encryptedKey.CipherData.CipherValue, EncryptionPrivateKey, (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == XmlEncRSAOAEPUrl));
+            if (encryptedKey.EncryptionMethod.KeyAlgorithm == XmlEncKeyAlgorithmRSAOAEPUrl)
+            {
+                return EncryptionPrivateKey.Decrypt(encryptedKey.CipherData.CipherValue, GetEncryptionPadding(encryptedKey));
+            }
+            else
+            {
+                return DecryptKey(encryptedKey.CipherData.CipherValue, EncryptionPrivateKey, (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == XmlEncRSAOAEPUrl));
+            }
+        }
+
+        private static RSAEncryptionPadding GetEncryptionPadding(EncryptedKey encryptedKey)
+        {
+            var xmlElement = encryptedKey.GetXml();
+            var nsm = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
+            nsm.AddNamespace("enc", XmlEncNamespaceUrl);
+            nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);
+            var digestMethodElement = xmlElement.SelectSingleNode("enc:EncryptionMethod/ds:DigestMethod", nsm) as XmlElement;
+            if (digestMethodElement != null)
+            {
+                var method = digestMethodElement.GetAttribute("Algorithm");
+                switch (method)
+                {
+                    case Saml2SecurityAlgorithms.Sha1Digest:
+                        return RSAEncryptionPadding.OaepSHA1;
+                    case Saml2SecurityAlgorithms.Sha256Digest:
+                        return RSAEncryptionPadding.OaepSHA256;
+                    case Saml2SecurityAlgorithms.Sha384Digest:
+                        return RSAEncryptionPadding.OaepSHA384;
+                    case Saml2SecurityAlgorithms.Sha512Digest:
+                        return RSAEncryptionPadding.OaepSHA512;
+                }
+            }
+
+            return RSAEncryptionPadding.OaepSHA256;
         }
     }
 }

src/ITfoxtec.Identity.Saml2/Tokens/Saml2ResponseSecurityTokenHandler.cs

@@ -46,6 +46,10 @@ public static Saml2ResponseSecurityTokenHandler GetSaml2SecurityTokenHandler(Sam
             handler.SamlSecurityTokenRequirement.NameClaimType = ClaimTypes.NameIdentifier;
 #else
             handler.TokenValidationParameters = configuration;
+            if (configuration.DecryptionCertificate != null)
+            {
+                handler.Serializer = new Saml2TokenSerializer(configuration.DecryptionCertificate);
+            }
 #endif
             return handler;
         }

src/ITfoxtec.Identity.Saml2/Tokens/Saml2TokenSerializer.cs

@@ -0,0 +1,29 @@
+#if !NETFULL
+using ITfoxtec.Identity.Saml2.Cryptography;
+using Microsoft.IdentityModel.Tokens.Saml2;
+using System.Security.Cryptography.X509Certificates;
+using System.Xml;
+
+namespace ITfoxtec.Identity.Saml2.Tokens
+{
+    internal class Saml2TokenSerializer : Saml2Serializer
+    {
+        private readonly X509Certificate2 decryptionCertificate;
+
+        public Saml2TokenSerializer(X509Certificate2 decryptionCertificate) : base() 
+        {
+            this.decryptionCertificate = decryptionCertificate;
+        }
+
+        protected override Saml2NameIdentifier ReadEncryptedId(XmlDictionaryReader reader)
+        {
+            var xmlDocument = reader.ReadOuterXml().ToXmlDocument();
+
+            new Saml2EncryptedXml(xmlDocument, decryptionCertificate.GetSamlRSAPrivateKey()).DecryptDocument();
+
+            var decryptedReader = XmlDictionaryReader.CreateDictionaryReader(new XmlNodeReader(xmlDocument.DocumentElement.FirstChild));
+            return ReadNameIdentifier(decryptedReader, null);
+        }
+    }
+}
+#endif