Merge pull request #144 from IcoDeveloper/aes-gcm

Revsgaard · web-flow · commit 9df3569b4b0d · 2023-07-20T22:01:27.000+02:00
Add Support for http://www.w3.org/2009/xmlenc11#aes128-gcm and http://www.w3.org/2009/xmlenc11#aes256-gcm Encryption Methods
diff --git a/src/ITfoxtec.Identity.Saml2/Cryptography/DecryptionWrapper/AesGcmAlgorithm.cs b/src/ITfoxtec.Identity.Saml2/Cryptography/DecryptionWrapper/AesGcmAlgorithm.cs
@@ -0,0 +1,55 @@
+﻿#if !NETFULL
+using System;
+using System.Security.Cryptography;
+
+namespace ITfoxtec.Identity.Saml2.Cryptography
+{
+    /// <summary>
+    /// SymmetricAlgorithm decrypting implementation for http://www.w3.org/2009/xmlenc11#aes128-gcm and http://www.w3.org/2009/xmlenc11#aes256-gcm.
+    /// This is class is not a general implementation and can only do decryption.
+    /// </summary>
+    public class AesGcmAlgorithm : SymmetricAlgorithm
+    {
+        public const string AesGcm128Identifier = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
+        public const string AesGcm256Identifier = "http://www.w3.org/2009/xmlenc11#aes256-gcm";
+
+        // "For the purposes of this specification, AES-GCM shall be used with a 96 bit Initialization Vector (IV) and a 128 bit Authentication Tag (T)."
+        // Source: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+        public const int NonceSizeInBits = 96;
+        private const int AuthenticationTagSizeInBits = 128;
+
+        public AesGcmAlgorithm()
+        {
+            LegalKeySizesValue = new[] {
+                new KeySizes(128, 256, 128),
+            };
+
+            //iv setter checks that iv is the size of a block. Not sure if there should be other block sizes
+            LegalBlockSizesValue = new[] { new KeySizes(NonceSizeInBits, NonceSizeInBits, 0) };
+            BlockSizeValue = NonceSizeInBits;
+            //dummy iv value since it is accessed first in EncryptedXml.DecryptData
+            IV = new byte[NonceSizeInBits / 8];
+        }
+
+        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)
+        {
+            return new AesGcmDecryptor(rgbKey, rgbIV, AuthenticationTagSizeInBits);
+        }
+
+        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void GenerateIV()
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void GenerateKey()
+        {
+            throw new NotImplementedException();
+        }
+    }
+}
+#endif
diff --git a/src/ITfoxtec.Identity.Saml2/Cryptography/DecryptionWrapper/AesGcmDecryptor.cs b/src/ITfoxtec.Identity.Saml2/Cryptography/DecryptionWrapper/AesGcmDecryptor.cs
@@ -0,0 +1,63 @@
+﻿#if !NETFULL
+using System;
+using System.Security.Cryptography;
+
+namespace ITfoxtec.Identity.Saml2.Cryptography
+{
+    internal class AesGcmDecryptor : ICryptoTransform
+    {
+
+        private readonly byte[] key;
+        private readonly byte[] nonce;
+        private readonly int authenticationTagSizeInBits;
+
+        public AesGcmDecryptor(byte[] key, byte[] nonce, int authenticationTagSizeInBits)
+        {
+            this.key = key;
+            this.nonce = nonce;
+            this.authenticationTagSizeInBits = authenticationTagSizeInBits;
+        }
+
+        public bool CanReuseTransform => throw new NotImplementedException();
+
+        public bool CanTransformMultipleBlocks => throw new NotImplementedException();
+
+        public int InputBlockSize => throw new NotImplementedException();
+
+        public int OutputBlockSize => throw new NotImplementedException();
+
+        public void Dispose()
+        {
+        }
+
+        public int TransformBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
+        {
+            throw new NotImplementedException();
+        }
+
+        public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
+        {
+            //inspired by https://stackoverflow.com/a/60891115
+
+            var tagSize = authenticationTagSizeInBits / 8;
+            var cipherSize = inputCount - tagSize;
+
+            // "The cipher text contains the IV first, followed by the encrypted octets and finally the Authentication tag."
+            // https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+            var encryptedData = inputBuffer.AsSpan().Slice(inputOffset, inputCount);
+            var tag = encryptedData.Slice(encryptedData.Length - tagSize);
+
+            var cipherBytes = encryptedData.Slice(0, cipherSize);
+
+            var plainBytes = cipherSize < 1024
+              ? stackalloc byte[cipherSize]
+              : new byte[cipherSize];
+
+            using var aesgcm = new AesGcm(key);
+            aesgcm.Decrypt(nonce, cipherBytes, tag, plainBytes);
+
+            return plainBytes.ToArray();
+        }
+    }
+}
+#endif
diff --git a/src/ITfoxtec.Identity.Saml2/Cryptography/Saml2EncryptedXml.cs b/src/ITfoxtec.Identity.Saml2/Cryptography/Saml2EncryptedXml.cs
@@ -13,6 +13,15 @@ public class Saml2EncryptedXml : EncryptedXml
         public RSA EncryptionPublicKey { get; set; }
         public RSA EncryptionPrivateKey { get; set; }
 
+#if !NETFULL
+        static Saml2EncryptedXml()
+        {
+            // Register AES-GCM wrapper on .NET Core targets where AES-GCM algorithm is available
+            CryptoConfig.AddAlgorithm(typeof(AesGcmAlgorithm), AesGcmAlgorithm.AesGcm256Identifier);
+            CryptoConfig.AddAlgorithm(typeof(AesGcmAlgorithm), AesGcmAlgorithm.AesGcm128Identifier);
+        }
+#endif
+
         public Saml2EncryptedXml(RSA encryptionPublicKey) : base()
         {
             EncryptionPublicKey = encryptionPublicKey;
@@ -55,6 +64,28 @@ public virtual XmlElement EncryptAassertion(XmlElement assertionElement)
             }
         }
 
+        public override byte[] GetDecryptionIV(EncryptedData encryptedData, string symmetricAlgorithmUri)
+        {
+            if (encryptedData is null)
+            {
+                throw new ArgumentNullException(nameof(encryptedData));
+            }
+
+#if !NETFULL
+
+            var aesGcmSymmetricAlgorithmUri = symmetricAlgorithmUri ?? encryptedData.EncryptionMethod?.KeyAlgorithm;
+            if (aesGcmSymmetricAlgorithmUri == AesGcmAlgorithm.AesGcm128Identifier || aesGcmSymmetricAlgorithmUri == AesGcmAlgorithm.AesGcm256Identifier)
+            {
+                int initBytesSize = 12;
+                byte[] iv = new byte[initBytesSize];
+                Buffer.BlockCopy(encryptedData.CipherData.CipherValue, 0, iv, 0, iv.Length);
+                return iv;
+            }
+#endif
+
+            return base.GetDecryptionIV(encryptedData, symmetricAlgorithmUri);
+        }
+
         public override byte[] DecryptEncryptedKey(EncryptedKey encryptedKey)
         {
             if (encryptedKey.EncryptionMethod.KeyAlgorithm == XmlEncKeyAlgorithmRSAOAEPUrl)
