protected void ComputeKeys(TcpChannelToken token)
{
if (SecurityMode == MessageSecurityMode.None)
{
return;
}
if (SecurityPolicyUri == SecurityPolicies.Basic256Sha256)
{
token.ClientSigningKey = Utils.PSHA256(token.ServerNonce, null, token.ClientNonce, 0, m_signatureKeySize);
token.ClientEncryptingKey = Utils.PSHA256(token.ServerNonce, null, token.ClientNonce, m_signatureKeySize, m_encryptionKeySize);
token.ClientInitializationVector = Utils.PSHA256(token.ServerNonce, null, token.ClientNonce, m_signatureKeySize + m_encryptionKeySize, m_encryptionBlockSize);
token.ServerSigningKey = Utils.PSHA256(token.ClientNonce, null, token.ServerNonce, 0, m_signatureKeySize);
token.ServerEncryptingKey = Utils.PSHA256(token.ClientNonce, null, token.ServerNonce, m_signatureKeySize, m_encryptionKeySize);
token.ServerInitializationVector = Utils.PSHA256(token.ClientNonce, null, token.ServerNonce, m_signatureKeySize + m_encryptionKeySize, m_encryptionBlockSize);
}
else
{
token.ClientSigningKey = Utils.PSHA1(token.ServerNonce, null, token.ClientNonce, 0, m_signatureKeySize);
token.ClientEncryptingKey = Utils.PSHA1(token.ServerNonce, null, token.ClientNonce, m_signatureKeySize, m_encryptionKeySize);
token.ClientInitializationVector = Utils.PSHA1(token.ServerNonce, null, token.ClientNonce, m_signatureKeySize + m_encryptionKeySize, m_encryptionBlockSize);
token.ServerSigningKey = Utils.PSHA1(token.ClientNonce, null, token.ServerNonce, 0, m_signatureKeySize);
token.ServerEncryptingKey = Utils.PSHA1(token.ClientNonce, null, token.ServerNonce, m_signatureKeySize, m_encryptionKeySize);
token.ServerInitializationVector = Utils.PSHA1(token.ClientNonce, null, token.ServerNonce, m_signatureKeySize + m_encryptionKeySize, m_encryptionBlockSize);
}
switch (SecurityPolicyUri)
{
case SecurityPolicies.Basic128Rsa15:
case SecurityPolicies.Basic256:
case SecurityPolicies.Basic256Sha256:
{
// create encryptors.
SymmetricAlgorithm AesCbcEncryptorProvider = Aes.Create();
AesCbcEncryptorProvider.Mode = CipherMode.CBC;
AesCbcEncryptorProvider.Padding = PaddingMode.None;
AesCbcEncryptorProvider.Key = token.ClientEncryptingKey;
AesCbcEncryptorProvider.IV = token.ClientInitializationVector;
token.ClientEncryptor = AesCbcEncryptorProvider;
SymmetricAlgorithm AesCbcDecryptorProvider = Aes.Create();
AesCbcDecryptorProvider.Mode = CipherMode.CBC;
AesCbcDecryptorProvider.Padding = PaddingMode.None;
AesCbcDecryptorProvider.Key = token.ServerEncryptingKey;
AesCbcDecryptorProvider.IV = token.ServerInitializationVector;
token.ServerEncryptor = AesCbcDecryptorProvider;
// create HMACs.
if (SecurityPolicyUri == SecurityPolicies.Basic256Sha256)
{
// SHA256
token.ServerHmac = new HMACSHA256(token.ServerSigningKey);
token.ClientHmac = new HMACSHA256(token.ClientSigningKey);
}
else
{ // SHA1
token.ServerHmac = new HMACSHA1(token.ServerSigningKey);
token.ClientHmac = new HMACSHA1(token.ClientSigningKey);
}
break;
}
default:
case SecurityPolicies.None:
{
break;
}
}
}