Support WriteToken - EncryptedAssertion (keywrap)

* Cover assertion encryption with 'one time' session key
which is wrapped using an asymmetric key.

Author: GeoK

src/Microsoft.IdentityModel.Tokens.Saml/Saml2/LogMessages.cs

@@ -100,10 +100,13 @@ internal static class LogMessages
 
         // Saml2 EncryptedAssertion
         internal const string IDX13600 = "IDX13600: Unable to obtain a CryptoProviderFactory, EncryptingCredentials.CryptoProviderFactory and EncryptingCredentials.Key.CrypoProviderFactory are both null.";
-        internal const string IDX13601 = "IDX13601: SAML2 Encryption failed. No support for: Encryption algorithm: '{0}', SecurityKey: '{1}'.";
+        internal const string IDX13601 = "IDX13601: SAML2 Encryption failed. No support for algorithm: '{0}', SecurityKey: '{1}'.";
         internal const string IDX13602 = "IDX13602: Failed to create the token encryption provider.";
         internal const string IDX13603 = "IDX13603: Encryption failed. EncryptionProvider failed for: Algorithm: '{0}', SecurityKey: '{1}'. See inner exception.";
-        internal const string IDX13604 = "IDX13604: Exception thrown while writing EncrytedData element. See inner exception.";
+        internal const string IDX13604 = "IDX13604: Exception thrown while writing EncryptedData element. See inner exception.";
+        internal const string IDX13605 = "IDX13605: Exception thrown while writing EncryptedKey element. See inner exception.";
+        internal const string IDX13606 = "IDX13606: EncryptionCredentials.Key is not SymmetricSecurityKey or AsymmetricSecurityKey. EncryptionCredentials.Key: '{0}'.";
+        internal const string IDX13607 = "IDX13607: Session key encryption algorithm: '{0}' is not supported.";
 
         // IDX11900 - AuthorizationDecisionStatement
         internal const string IDX13900 = "IDX13900: Unable to write Saml2Assertion: {0} is required, {1} is null or empty.";

src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2Serializer.cs

@@ -1634,58 +1634,143 @@ private void WritePlaintextAssertion(XmlWriter writer, Saml2Assertion assertion)
         private void EncryptAndWriteAssertionData(XmlWriter writer, byte[] assertionData, Saml2Assertion assertion)
         {
             EncryptingCredentials encryptingCredentials = assertion.EncryptingCredentials;
-            var cryptoProviderFactory = encryptingCredentials.CryptoProviderFactory ?? encryptingCredentials.Key.CryptoProviderFactory;
+            EncryptedData encryptedData = null;
+            EncryptedKey encryptedKey = null;
 
-            if (cryptoProviderFactory == null)
-                throw LogExceptionMessage(new ArgumentException(LogMessages.IDX13600));
+            // SymmetricSecurityKey is provided:
+            // Pre-shared symmetric key (session key) is used to encrypt an assertion
+            // Session key will not be serialized
+            if (encryptingCredentials.Key is SymmetricSecurityKey) 
+            {
+                encryptedData = CreateEncryptedData((SymmetricSecurityKey)encryptingCredentials.Key, encryptingCredentials.Enc, assertionData, encryptingCredentials);
+                encryptedData.KeyInfo.KeyName = encryptingCredentials.Key.KeyId;
+            }
+            // AsymmetricSecurityKey is provided:
+            // New session key will be created to encrypt an assertion
+            // Session key will be wrapped with provided AsymmetricSecurityKey
+            else if (encryptingCredentials.Key is AsymmetricSecurityKey)
+            {
+                SymmetricSecurityKey sessionKey = CreateSessionKey(encryptingCredentials.Enc);
+                encryptedData = CreateEncryptedData(sessionKey, encryptingCredentials.Enc, assertionData, encryptingCredentials);
+                encryptedData.KeyInfo.RetrievalMethodUri = assertion.EncryptingCredentials.Key.KeyId;
 
-            if (!cryptoProviderFactory.IsSupportedAlgorithm(encryptingCredentials.Enc, encryptingCredentials.Key))
-                throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13601, encryptingCredentials.Enc, encryptingCredentials.Key)));
+                encryptedKey = CreateEncryptedKey((AsymmetricSecurityKey)encryptingCredentials.Key, sessionKey, encryptingCredentials.Alg, encryptingCredentials);
+                encryptedKey.AddReference(new DataReference(encryptedData.Id));
+            }
+            else
+            {
+                throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13606, encryptingCredentials.Key)));
+            }
 
-            //pre-shared symmetric key (session key)
-            if (encryptingCredentials.Key is SymmetricSecurityKey) 
+            // write to XML
+            try
             {
-                AuthenticatedEncryptionResult authenticatedEncryptionResult = null;
-                var authenticatedEncryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(encryptingCredentials.Key, encryptingCredentials.Enc);
-                if (authenticatedEncryptionProvider == null)
-                    throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13602));
+                encryptedData.WriteXml(writer);
 
+            }
+            catch (Exception ex)
+            {
+                throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13604), ex));
+            }
+
+            if (encryptedKey != null)
+            {
                 try
                 {
-                    authenticatedEncryptionResult = authenticatedEncryptionProvider.Encrypt(assertionData);
+                    encryptedKey.WriteXml(writer);
+
                 }
                 catch (Exception ex)
                 {
-                    throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13603, encryptingCredentials.Enc, encryptingCredentials.Key), ex));
+                    throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13605), ex));
                 }
+            }
 
-                EncryptedData encryptedData = new EncryptedData();
-                encryptedData.CipherData.CipherValue = Utility.ConcatByteArrays(authenticatedEncryptionResult.IV, authenticatedEncryptionResult.Ciphertext, authenticatedEncryptionResult.AuthenticationTag);
-                encryptedData.EncryptionMethod = new EncryptionMethod(encryptingCredentials.Enc);
-                encryptedData.Type = XmlEncryptionConstants.EncryptedDataTypes.Element;
-                encryptedData.KeyInfo.KeyName = encryptingCredentials.Key.KeyId;
+        }
 
-                try
-                {
-                    encryptedData.WriteXml(writer); 
+        private CryptoProviderFactory GetCryptoProviderFactory(SecurityKey key, string algorithm, EncryptingCredentials encryptingCredentials)
+        {
+            var cryptoProviderFactory = encryptingCredentials.CryptoProviderFactory ?? encryptingCredentials.Key.CryptoProviderFactory;
 
-                }
-                catch (Exception ex)
-                {
-                    throw LogExceptionMessage(new SecurityTokenEncryptionFailedException(FormatInvariant(LogMessages.IDX13604), ex));
-                }
+            if (cryptoProviderFactory == null)
+                throw LogExceptionMessage(new ArgumentException(LogMessages.IDX13600));
+
+            if (!cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key))
+                throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13601, algorithm, key)));
+
+            return cryptoProviderFactory;
+        }
+
+        private SymmetricSecurityKey CreateSessionKey(string algorithm)
+        {
+            if (string.IsNullOrEmpty(algorithm))
+                throw LogHelper.LogArgumentNullException(nameof(algorithm));
+
+            int keySize = -1;
+
+            if (SecurityAlgorithms.Aes128Gcm.Equals(algorithm, StringComparison.Ordinal))
+                keySize = 128;
+            else if (SecurityAlgorithms.Aes192Gcm.Equals(algorithm, StringComparison.Ordinal))
+                keySize = 192;
+            else if (SecurityAlgorithms.Aes256Gcm.Equals(algorithm, StringComparison.Ordinal))
+                keySize = 256;
+
+            if (keySize == -1)
+            {
+                throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13607, algorithm)));
             }
-            else if (assertion.EncryptingCredentials.Key is AsymmetricSecurityKey)
+
+            var aes = Aes.Create();
+            aes.KeySize = keySize;
+            aes.GenerateKey();
+            var sessionKey = new SymmetricSecurityKey(aes.Key);
+            return sessionKey;
+        }
+
+        private EncryptedData CreateEncryptedData(SymmetricSecurityKey key, string algorithm, byte[] assertionData, EncryptingCredentials encryptingCredentials)
+        {
+            var cryptoProviderFactory = GetCryptoProviderFactory(key, algorithm, encryptingCredentials);
+            AuthenticatedEncryptionResult authenticatedEncryptionResult = null;
+            var authenticatedEncryptionProvider = cryptoProviderFactory.CreateAuthenticatedEncryptionProvider(key, algorithm);
+            if (authenticatedEncryptionProvider == null)
+                throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(LogMessages.IDX13602));
+
+            try
             {
-                //geok: TODO
+                authenticatedEncryptionResult = authenticatedEncryptionProvider.Encrypt(assertionData);
             }
-            else
+            catch (Exception ex)
             {
-                //geok: TODO
-                //throw 
+                throw LogExceptionMessage(new Saml2SecurityTokenEncryptedAssertionEncryptionException(FormatInvariant(LogMessages.IDX13603, algorithm, key), ex));
             }
+
+            var encryptedData = new EncryptedData();
+            encryptedData.CipherData.CipherValue = Utility.ConcatByteArrays(authenticatedEncryptionResult.IV, authenticatedEncryptionResult.Ciphertext, authenticatedEncryptionResult.AuthenticationTag);
+            encryptedData.EncryptionMethod = new EncryptionMethod(algorithm);
+            encryptedData.Type = XmlEncryptionConstants.EncryptedDataTypes.Element;
+            encryptedData.Id = new Saml2Id().Value;
+
+            return encryptedData;
         }
 
+        private EncryptedKey CreateEncryptedKey(AsymmetricSecurityKey key, SymmetricSecurityKey sessionKey, string algorithm, EncryptingCredentials encryptingCredentials)
+        {
+            var cryptoProviderFactory = GetCryptoProviderFactory(key, algorithm, encryptingCredentials);
+            var encryptedKey = new EncryptedKey
+            {
+                Id = key.KeyId,
+                EncryptionMethod = new EncryptionMethod(algorithm)
+            };
+
+            var keyWrapProvider = cryptoProviderFactory.CreateKeyWrapProvider(key, algorithm);
+            var wrappedKey = keyWrapProvider.WrapKey(sessionKey.Key);
+
+            encryptedKey.CipherData.CipherValue = wrappedKey;
+
+            return encryptedKey;
+        }
+
+
         /// <summary>
         /// Writes the &lt;saml:Attribute> element.
         /// </summary>

src/Microsoft.IdentityModel.Xml/DataReference.cs

@@ -25,6 +25,8 @@
 //
 //------------------------------------------------------------------------------
 
+using System.Xml;
+
 namespace Microsoft.IdentityModel.Xml
 {
     /// <summary>
@@ -49,5 +51,15 @@ public DataReference(string uri) : base(uri)
         {
             ReferenceType = "DataReference";
         }
+
+        internal override void WriteXml(XmlWriter writer)
+        {
+            writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.DataReference, null);
+
+            if (!string.IsNullOrEmpty(Uri))
+                writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, Uri);
+
+            writer.WriteEndElement();
+        }
     }
 }

src/Microsoft.IdentityModel.Xml/EncryptedData.cs

@@ -45,7 +45,7 @@ internal void WriteXml(XmlWriter writer)
             if (!string.IsNullOrEmpty(Type))
                 writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Type, null, Type);
 
-            if (!string.IsNullOrEmpty(Id))
+            if (!string.IsNullOrEmpty(MimeType))
                 writer.WriteAttributeString(XmlEncryptionConstants.Attributes.MimeType, null, MimeType);
 
             if (!string.IsNullOrEmpty(Encoding))

src/Microsoft.IdentityModel.Xml/EncryptedKey.cs

@@ -99,8 +99,28 @@ public void AddReference(KeyReference keyReference)
 
         internal void WriteXml(XmlWriter writer)
         {
-            writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptedData, XmlEncryptionConstants.Namespace);
-            //
+            writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.EncryptedKey, XmlEncryptionConstants.Namespace);
+
+            if (!string.IsNullOrEmpty(Id))
+                writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Id, null, Id);
+
+            if (EncryptionMethod != null)
+                EncryptionMethod.WriteXml(writer);
+
+            CipherData.WriteXml(writer); //required
+
+            if (ReferenceList.Count != 0)
+            {
+                writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.ReferenceList);
+
+                foreach(var reference in ReferenceList)
+                {
+                    reference.WriteXml(writer);
+                }
+
+                writer.WriteEndElement();
+            }
+
             writer.WriteEndElement();
         }
     }

src/Microsoft.IdentityModel.Xml/EncryptedReference.cs

@@ -25,6 +25,8 @@
 //
 //------------------------------------------------------------------------------
 
+using System.Xml;
+
 namespace Microsoft.IdentityModel.Xml
 {
     /// <summary>
@@ -46,6 +48,7 @@ protected EncryptedReference() : this(string.Empty)
         /// <param name="uri"></param>
         protected EncryptedReference(string uri)
         {
+            Uri = uri;
         }
 
         /// <summary>
@@ -57,5 +60,7 @@ protected EncryptedReference(string uri)
         /// Gets or sets a reference type.
         /// </summary>
         protected string ReferenceType { get; set; }
+
+        abstract internal void WriteXml(XmlWriter writer);
     }
 }

src/Microsoft.IdentityModel.Xml/KeyInfo.cs

@@ -246,6 +246,14 @@ internal void WriteXml(XmlWriter writer)
                 writer.WriteEndElement();
             }
 
+            if (!string.IsNullOrEmpty(RetrievalMethodUri))
+            {
+                writer.WriteStartElement(XmlSignatureConstants.PreferredPrefix, XmlSignatureConstants.Elements.RetrievalMethod, null);
+                writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, null, RetrievalMethodUri);
+                writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Type, null, XmlEncryptionConstants.EncryptedDataTypes.EncryptedKey);
+                writer.WriteEndElement();
+            }
+
             writer.WriteEndElement();
         }
     }

src/Microsoft.IdentityModel.Xml/KeyReference.cs

@@ -25,6 +25,8 @@
 //
 //------------------------------------------------------------------------------
 
+using System.Xml;
+
 namespace Microsoft.IdentityModel.Xml
 {
     /// <summary>
@@ -49,5 +51,15 @@ public KeyReference(string uri) : base(uri)
         {
             ReferenceType = "KeyReference";
         }
+
+        internal override void WriteXml(XmlWriter writer)
+        {
+            writer.WriteStartElement(XmlEncryptionConstants.Prefix, XmlEncryptionConstants.Elements.KeyReference, null);
+
+            if (!string.IsNullOrEmpty(Uri))
+                writer.WriteAttributeString(XmlEncryptionConstants.Attributes.Uri, Uri);
+
+            writer.WriteEndElement();
+        }
     }
 }

src/Microsoft.IdentityModel.Xml/XMLEncryptionConstants.cs

@@ -13,9 +13,9 @@ namespace Microsoft.IdentityModel.Xml
     internal static class XmlEncryptionConstants
     {
 #pragma warning disable 1591
-        public const string Namespace = "http://www.w3.org/2009/xmlenc11#";
+        public const string Namespace = "http://www.w3.org/2001/04/xmlenc#";
 
-        public const string Prefix = "xenc11";
+        public const string Prefix = "xenc";
 
         public static class Attributes
         {
@@ -50,6 +50,7 @@ public static class EncryptedDataTypes
         {
             public const string Element = Namespace + "Element";
             public const string Content = Namespace + "Content";
+            public const string EncryptedKey = Namespace + "EncryptedKey";
 #pragma warning restore 1591
         }
     }

test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.cs

@@ -377,7 +377,7 @@ public static TheoryData<Saml2TheoryData> WriteTokenTheoryData
                     Subject = new ClaimsIdentity(Default.SamlClaims),
                 };
 
-                var tokenDescriptorWithEncryptingCredentials = new SecurityTokenDescriptor
+                var tokenDescriptorWithPreSharedEncryptingCredentials = new SecurityTokenDescriptor
                 {
                     Audience = Default.Audience,
                     NotBefore = Default.NotBefore,
@@ -388,6 +388,17 @@ public static TheoryData<Saml2TheoryData> WriteTokenTheoryData
                     Subject = new ClaimsIdentity(Default.SamlClaims)
                 };
 
+                var tokenDescriptorWithEncryptingCredentials = new SecurityTokenDescriptor
+                {
+                    Audience = Default.Audience,
+                    NotBefore = Default.NotBefore,
+                    Expires = Default.Expires,
+                    Issuer = Default.Issuer,
+                    EncryptingCredentials = new X509EncryptingCredentials(KeyingMaterial.CertSelfSigned2048_SHA256_Public),
+                    SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest),
+                    Subject = new ClaimsIdentity(Default.SamlClaims)
+                };
+
                 var validationParameters = new TokenValidationParameters
                 {
                     AuthenticationType = "Federation",
@@ -412,11 +423,18 @@ public static TheoryData<Saml2TheoryData> WriteTokenTheoryData
                     ValidationParameters = validationParameters
                 });
 
+                theoryData.Add(new Saml2TheoryData
+                {
+                    SecurityToken = tokenHandler.CreateToken(tokenDescriptorWithPreSharedEncryptingCredentials) as Saml2SecurityToken,
+                    ExpectedException = new ExpectedException(typeof(ArgumentNullException)),
+                    TestId = "EncryptedAssertion_PreSharedKey",
+                });
+
                 theoryData.Add(new Saml2TheoryData
                 {
                     SecurityToken = tokenHandler.CreateToken(tokenDescriptorWithEncryptingCredentials) as Saml2SecurityToken,
                     ExpectedException = new ExpectedException(typeof(ArgumentNullException)),
-                    TestId = "EncryptedAssertion",
+                    TestId = "EncryptedAssertion_KeyWrap",
                 });
 
                 theoryData.Add(new Saml2TheoryData