diff options
author | Steve Pfister <steveisok@users.noreply.github.com> | 2019-03-09 03:07:53 +0300 |
---|---|---|
committer | Marek Safar <marek.safar@gmail.com> | 2019-03-09 03:07:53 +0300 |
commit | 0306c38fed68f198ea11e0f15b81fcd883427a55 (patch) | |
tree | e7c8fdff057da909c4b7d1252bbfe040a27a9d9c /mcs/class/System.Security | |
parent | 4401acd172b7fd4559f0048ad904b603496f0b9f (diff) |
Add refsrc DataProtector to System.Security (#13365)
* Added DataProtector abstract class to be used when refsrc
System.Web gets ported over.
* Bump API snapshot submodule
* [csproj] Update project files
Diffstat (limited to 'mcs/class/System.Security')
5 files changed, 403 insertions, 0 deletions
diff --git a/mcs/class/System.Security/ReferenceSources/DataProtector.cs b/mcs/class/System.Security/ReferenceSources/DataProtector.cs new file mode 100644 index 00000000000..5958b0b2075 --- /dev/null +++ b/mcs/class/System.Security/ReferenceSources/DataProtector.cs @@ -0,0 +1,224 @@ +//------------------------------------------------------------ +// Copyright (c) Microsoft Corporation. All rights reserved. +//------------------------------------------------------------ + +using System.Collections.Generic; +using System.IO; +using System.Runtime.CompilerServices; +using System.Text; +using Crypto = System.Security.Cryptography.Translation; + +namespace System.Security.Cryptography +{ + // Data protectors should be derived from this class + public abstract class DataProtector + { + private string m_applicationName; + private string m_primaryPurpose; + private IEnumerable<string> m_specificPurposes; + + private volatile byte[] m_hashedPurpose; + + // Required Constructor for DataProtector + protected DataProtector(string applicationName, + string primaryPurpose, + string[] specificPurposes) + { + // We require that applicationName, primaryPurpose, and specificPurpose elements to be provided and not whitespace + if (String.IsNullOrWhiteSpace(applicationName)) + throw new ArgumentException(Crypto.SR.Cryptography_DataProtector_InvalidAppNameOrPurpose, nameof (applicationName)); + if (String.IsNullOrWhiteSpace(primaryPurpose)) + throw new ArgumentException(Crypto.SR.Cryptography_DataProtector_InvalidAppNameOrPurpose, nameof (primaryPurpose)); + + // Check each of the specific purposes if they were passed + if (specificPurposes != null) + { + foreach (string purpose in specificPurposes) + { + if (String.IsNullOrWhiteSpace(purpose)) + { + throw new ArgumentException(Crypto.SR.Cryptography_DataProtector_InvalidAppNameOrPurpose, nameof (specificPurposes)); + } + } + } + + m_applicationName = applicationName; + m_primaryPurpose = primaryPurpose; + + List<string> specificPurposesList = new List<string>(); + if (specificPurposes != null) + { + specificPurposesList.AddRange(specificPurposes); + } + m_specificPurposes = specificPurposesList; + } + + protected string ApplicationName + { + get { return m_applicationName; } + } + + // We will be safe and assume that derived classes want to have the hash pre-pended to the plain text + // before encryption, and checked and verified during decryption. If a derived class wants to use + // HashedPurpose on its own (e.g. as OptionalEntropy to DPAPI or for some sort of key derivation), this + // property can be overridden and set to return false. We will then just pass Protect/Unprotect directly + // through to ProviderProtect/ProviderUnprotect without altering the array + protected virtual bool PrependHashedPurposeToPlaintext + { + get { return true; } + } + + // A hash of the full purpose passed to the constructor or factory + protected virtual byte[] GetHashedPurpose() + { + if (m_hashedPurpose == null) + { + // Compute hash of the full purpose. The full purpose is a concatination of all the + // parts - applicationName, primaryPurpose,and specificPurposes[]. We prefix each part with + // the length so we know the process is reversible + using (HashAlgorithm sha256 = HashAlgorithm.Create("System.Security.Cryptography.Sha256Cng")) + { + using (BinaryWriter stream = new BinaryWriter(new CryptoStream(new MemoryStream(), sha256, CryptoStreamMode.Write), new UTF8Encoding(false, true))) + { + // Add applicationName to the hash + stream.Write(ApplicationName); + + // Add primaryPurpose to the hash + stream.Write(PrimaryPurpose); + + // If they exist, add each specificPurposes element to the hash + foreach (string purpose in SpecificPurposes) + { + stream.Write(purpose); + } + } + + // Now that the CryptoStream is closed, sha256 should have the computed hash + m_hashedPurpose = sha256.Hash; + } + } + + return m_hashedPurpose; + } + + // Allow callers to directly request if an Update is required + // (e.g. the key used in encryptedData blob is out of date) + public abstract bool IsReprotectRequired(byte[] encryptedData); + + protected string PrimaryPurpose + { + get { return m_primaryPurpose; } + } + + protected IEnumerable<string> SpecificPurposes + { + get { return m_specificPurposes; } + } + + // Static factory method to create a DataProtector given a type name, a purpose, and a dictionary of parameters + public static DataProtector Create(string providerClass, + string applicationName, + string primaryPurpose, + params string[] specificPurposes) + { + // Make sure providerClass is not null - Other parameters checked in constructor + if (null == providerClass) + throw new ArgumentNullException("providerClass"); + + // Create a DataProtector based on this type using CryptoConfig + return (DataProtector)CryptoConfig.CreateFromName(providerClass, applicationName, primaryPurpose, specificPurposes); + } + + // Methods for protect/unprotect + public byte[] Protect(byte[] userData) + { + // Make sure we were passed some data - empty array OK + if (userData == null) + throw new ArgumentNullException("userData"); + + // See if the derived class has set PrependHashedPurposeToPlainText to true. + // If so, we have to pre-pend the hash of the purpose to the plain text before encrypting + if (PrependHashedPurposeToPlaintext) + { + byte[] hashedPurpose = GetHashedPurpose(); + + // Allocate enough space for userData and HashedPurpose + byte[] userDataWithHashedPurpose = new byte[userData.Length + hashedPurpose.Length]; + + // Copy HashedPurpose to the start of the new array + Array.Copy(hashedPurpose, 0, userDataWithHashedPurpose, 0, hashedPurpose.Length); + + // Copy original user data after HashedPurpose + Array.Copy(userData, 0, userDataWithHashedPurpose, hashedPurpose.Length, userData.Length); + + // Swap new array with original user data + userData = userDataWithHashedPurpose; + } + return ProviderProtect(userData); + } + + // Derived classes implement these methods + protected abstract byte[] ProviderProtect(byte[] userData); + protected abstract byte[] ProviderUnprotect(byte[] encryptedData); + + // For security reasons, we don't want the optimizer to introduce a timing attack against + // the scenario where we are checking the HashedPurpose. Whenever we are making decisions + // based on the plainText bytes, make sure not to bail out early - Doing so will expose + // information about what the plaintext bytes were. + [MethodImpl(MethodImplOptions.NoOptimization | MethodImplOptions.NoInlining)] + public byte[] Unprotect(byte[] encryptedData) + { + // Make sure we were given some encrypted data + if (encryptedData == null) + throw new ArgumentNullException("encryptedData"); + + // See if the derived class has set PrependHashedPurposeToPlaintext to true. + // If so, we have to verify that the first bytes of the plain text are the HashedPurpose + // Then, return the remaining bytes as the original data. + if (PrependHashedPurposeToPlaintext) + { + // Get the plainText that includes the hash of the purpose + byte[] plainTextWithHashedPurpose = ProviderUnprotect(encryptedData); + byte[] hashedPurpose = GetHashedPurpose(); + + //////////////////////////////////////////////////////////////////////////////////////// + // In this code block, we don't want any timing differences between success and failure + // Don't touch this code block without crypto board review + { + // If the length of the decrypted text is less than the HashPurpose, we know something + // is wrong - However, we don't want to expose this to the caller via a timing difference + // detectable when verifying the HashPurpose. As a result, we'll still iterate through + // the 'for' loop exactly HashPurpose.Length times. + bool hashedPurposeOK = plainTextWithHashedPurpose.Length >= hashedPurpose.Length; + for (int i = 0; i < hashedPurpose.Length; i++) + { + // As a trick to handle the case where the plain text was less than the length + // of the hash, we modulo it with the lenght of the array - This prevents exceptions + // while preserving the number of iterations of this loop + if (hashedPurpose[i] != plainTextWithHashedPurpose[i % plainTextWithHashedPurpose.Length]) + { + hashedPurposeOK = false; + } + } + + if (!hashedPurposeOK) + { + throw new CryptographicException(Crypto.SR.Cryptography_DataProtector_InvalidPurpose); + } + } + + // Now we've verified that the expected hash was at the start of the plain text. The original + // plain text specified by the user appears after these bytes. Create a new array and copy + // what the caller is expecting into this array + byte[] plainText = new byte[plainTextWithHashedPurpose.Length - hashedPurpose.Length]; + Array.Copy(plainTextWithHashedPurpose, hashedPurpose.Length, plainText, 0, plainText.Length); + + return plainText; + } + else + { + return ProviderUnprotect(encryptedData); + } + } + } +} diff --git a/mcs/class/System.Security/System.Security.csproj b/mcs/class/System.Security/System.Security.csproj index f4e80a066fc..172606f51aa 100644 --- a/mcs/class/System.Security/System.Security.csproj +++ b/mcs/class/System.Security/System.Security.csproj @@ -206,6 +206,7 @@ <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.ProtectedData\src\System\Security\Cryptography\DataProtectionScope.cs" /> <Compile Include="Assembly\AssemblyInfo.cs" /> <Compile Include="System.Security.Cryptography.Pkcs\EnvelopedCms.cs" /> + <Compile Include="corefx\SR.cs" /> </ItemGroup> <!--End of common files--> <!--Per-profile files--> @@ -302,6 +303,7 @@ <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXPathTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXsltTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlLicenseTransform.cs" /> + <Compile Include="ReferenceSources\DataProtector.cs" /> <Compile Include="System.Security.Cryptography.Pkcs\KeyAgreeKeyChoice.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509Certificate2UI.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509SelectionFlag.cs" /> @@ -397,6 +399,7 @@ <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXsltTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlLicenseTransform.cs" /> <Compile Include="Mono.Security.Cryptography\ManagedProtection.cs" /> + <Compile Include="ReferenceSources\DataProtector.cs" /> <Compile Include="System.Security.Cryptography.Pkcs\KeyAgreeKeyChoice.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509Certificate2UI.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509SelectionFlag.cs" /> @@ -504,6 +507,7 @@ <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXPathTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXsltTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlLicenseTransform.cs" /> + <Compile Include="ReferenceSources\DataProtector.cs" /> <Compile Include="System.Security.Cryptography.Pkcs\KeyAgreeKeyChoice.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509Certificate2UI.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509SelectionFlag.cs" /> @@ -594,6 +598,7 @@ <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXsltTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlLicenseTransform.cs" /> <Compile Include="Mono.Security.Cryptography\ManagedProtection.cs" /> + <Compile Include="ReferenceSources\DataProtector.cs" /> <Compile Include="System.Security.Cryptography.Pkcs\KeyAgreeKeyChoice.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509Certificate2UI.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509SelectionFlag.cs" /> @@ -685,6 +690,7 @@ <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXsltTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlLicenseTransform.cs" /> <Compile Include="Mono.Security.Cryptography\ManagedProtection.cs" /> + <Compile Include="ReferenceSources\DataProtector.cs" /> <Compile Include="System.Security.Cryptography.Pkcs\KeyAgreeKeyChoice.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509Certificate2UI.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509SelectionFlag.cs" /> @@ -776,6 +782,7 @@ <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlDsigXsltTransform.cs" /> <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.Xml\src\System\Security\Cryptography\Xml\XmlLicenseTransform.cs" /> <Compile Include="Mono.Security.Cryptography\ManagedProtection.cs" /> + <Compile Include="ReferenceSources\DataProtector.cs" /> <Compile Include="System.Security.Cryptography.Pkcs\KeyAgreeKeyChoice.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509Certificate2UI.cs" /> <Compile Include="System.Security.Cryptography.X509Certificates\X509SelectionFlag.cs" /> diff --git a/mcs/class/System.Security/System.Security.dll.sources b/mcs/class/System.Security/System.Security.dll.sources index 720adf06848..dd538f2d60e 100644 --- a/mcs/class/System.Security/System.Security.dll.sources +++ b/mcs/class/System.Security/System.Security.dll.sources @@ -1,6 +1,7 @@ #include common_System.Security.dll.sources Mono.Security.Cryptography/ManagedProtection.cs +ReferenceSources/DataProtector.cs System.Security.Cryptography/MemoryProtectionScope.cs System.Security.Cryptography/ProtectedMemory.cs System.Security.Cryptography.Pkcs/KeyAgreeKeyChoice.cs diff --git a/mcs/class/System.Security/common_System.Security.dll.sources b/mcs/class/System.Security/common_System.Security.dll.sources index 0f2d025187f..bc12f3f9315 100644 --- a/mcs/class/System.Security/common_System.Security.dll.sources +++ b/mcs/class/System.Security/common_System.Security.dll.sources @@ -1,4 +1,5 @@ Assembly/AssemblyInfo.cs +corefx/SR.cs # System.Security.Cryptography ../../../external/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/CryptographicAttributeObject.cs diff --git a/mcs/class/System.Security/corefx/SR.cs b/mcs/class/System.Security/corefx/SR.cs new file mode 100644 index 00000000000..e08b0e67bef --- /dev/null +++ b/mcs/class/System.Security/corefx/SR.cs @@ -0,0 +1,170 @@ +// +// This file was generated by resx2sr tool +// +namespace System.Security.Cryptography.Translation { + partial class SR { + public const string Cryptography_DataProtector_InvalidAppNameOrPurpose = "Invalid application name and/or purpose"; + public const string Cryptography_DataProtector_InvalidPurpose = "Invalid data protection purpose"; + public const string ArgumentOutOfRange_Index = "Index was out of range. Must be non-negative and less than the size of the collection."; + public const string Arg_EmptyOrNullString = "String cannot be empty or null."; + public const string Cryptography_Partial_Chain = "A certificate chain could not be built to a trusted root authority."; + public const string Cryptography_Xml_BadWrappedKeySize = "Bad wrapped key size."; + public const string Cryptography_Xml_CipherValueElementRequired = "A Cipher Data element should have either a CipherValue or a CipherReference element."; + public const string Cryptography_Xml_CreateHashAlgorithmFailed = "Could not create hash algorithm object."; + public const string Cryptography_Xml_CreateTransformFailed = "Could not create the XML transformation identified by the URI {0}."; + public const string Cryptography_Xml_CreatedKeyFailed = "Failed to create signing key."; + public const string Cryptography_Xml_DigestMethodRequired = "A DigestMethod must be specified on a Reference prior to generating XML."; + public const string Cryptography_Xml_DigestValueRequired = "A Reference must contain a DigestValue."; + public const string Cryptography_Xml_EnvelopedSignatureRequiresContext = "An XmlDocument context is required for enveloped transforms."; + public const string Cryptography_Xml_InvalidElement = "Malformed element {0}."; + public const string Cryptography_Xml_InvalidEncryptionProperty = "Malformed encryption property element."; + public const string Cryptography_Xml_InvalidKeySize = "The key size should be a non negative integer."; + public const string Cryptography_Xml_InvalidReference = "Malformed reference element."; + public const string Cryptography_Xml_InvalidSignatureLength = "The length of the signature with a MAC should be less than the hash output length."; + public const string Cryptography_Xml_InvalidSignatureLength2 = "The length in bits of the signature with a MAC should be a multiple of 8."; + public const string Cryptography_Xml_InvalidX509IssuerSerialNumber = "X509 issuer serial number is invalid."; + public const string Cryptography_Xml_KeyInfoRequired = "A KeyInfo element is required to check the signature."; + public const string Cryptography_Xml_KW_BadKeySize = "The length of the encrypted data in Key Wrap is either 32, 40 or 48 bytes."; + public const string Cryptography_Xml_LoadKeyFailed = "Signing key is not loaded."; + public const string Cryptography_Xml_MissingAlgorithm = "Symmetric algorithm is not specified."; + public const string Cryptography_Xml_MissingCipherData = "Cipher data is not specified."; + public const string Cryptography_Xml_MissingDecryptionKey = "Unable to retrieve the decryption key."; + public const string Cryptography_Xml_MissingEncryptionKey = "Unable to retrieve the encryption key."; + public const string Cryptography_Xml_NotSupportedCryptographicTransform = "The specified cryptographic transform is not supported."; + public const string Cryptography_Xml_ReferenceElementRequired = "At least one Reference element is required."; + public const string Cryptography_Xml_ReferenceTypeRequired = "The Reference type must be set in an EncryptedReference object."; + public const string Cryptography_Xml_SelfReferenceRequiresContext = "An XmlDocument context is required to resolve the Reference Uri {0}."; + public const string Cryptography_Xml_SignatureDescriptionNotCreated = "SignatureDescription could not be created for the signature algorithm supplied."; + public const string Cryptography_Xml_SignatureMethodKeyMismatch = "The key does not fit the SignatureMethod."; + public const string Cryptography_Xml_SignatureMethodRequired = "A signature method is required."; + public const string Cryptography_Xml_SignatureValueRequired = "Signature requires a SignatureValue."; + public const string Cryptography_Xml_SignedInfoRequired = "Signature requires a SignedInfo."; + public const string Cryptography_Xml_TransformIncorrectInputType = "The input type was invalid for this transform."; + public const string Cryptography_Xml_IncorrectObjectType = "Type of input object is invalid."; + public const string Cryptography_Xml_UnknownTransform = "Unknown transform has been encountered."; + public const string Cryptography_Xml_UriNotResolved = "Unable to resolve Uri {0}."; + public const string Cryptography_Xml_UriNotSupported = " The specified Uri is not supported."; + public const string Cryptography_Xml_UriRequired = "A Uri attribute is required for a CipherReference element."; + public const string Cryptography_Xml_XrmlMissingContext = "Null Context property encountered."; + public const string Cryptography_Xml_XrmlMissingIRelDecryptor = "IRelDecryptor is required."; + public const string Cryptography_Xml_XrmlMissingIssuer = "Issuer node is required."; + public const string Cryptography_Xml_XrmlMissingLicence = "License node is required."; + public const string Cryptography_Xml_XrmlUnableToDecryptGrant = "Unable to decrypt grant content."; + public const string NotSupported_KeyAlgorithm = "The certificate key algorithm is not supported."; + public const string Log_ActualHashValue = "Actual hash value: {0}"; + public const string Log_BeginCanonicalization = "Beginning canonicalization using \"{0}\" ({1})."; + public const string Log_BeginSignatureComputation = "Beginning signature computation."; + public const string Log_BeginSignatureVerification = "Beginning signature verification."; + public const string Log_BuildX509Chain = "Building and verifying the X509 chain for certificate {0}."; + public const string Log_CanonicalizationSettings = "Canonicalization transform is using resolver {0} and base URI \"{1}\"."; + public const string Log_CanonicalizedOutput = "Output of canonicalization transform: {0}"; + public const string Log_CertificateChain = "Certificate chain:"; + public const string Log_CheckSignatureFormat = "Checking signature format using format validator \"[{0}] {1}.{2}\"."; + public const string Log_CheckSignedInfo = "Checking signature on SignedInfo with id \"{0}\"."; + public const string Log_FormatValidationSuccessful = "Signature format validation was successful."; + public const string Log_FormatValidationNotSuccessful = "Signature format validation failed."; + public const string Log_KeyUsages = "Found key usages \"{0}\" in extension {1} on certificate {2}."; + public const string Log_NoNamespacesPropagated = "No namespaces are being propagated."; + public const string Log_PropagatingNamespace = "Propagating namespace {0}=\"{1}\"."; + public const string Log_RawSignatureValue = "Raw signature: {0}"; + public const string Log_ReferenceHash = "Reference {0} hashed with \"{1}\" ({2}) has hash value {3}, expected hash value {4}."; + public const string Log_RevocationMode = "Revocation mode for chain building: {0}."; + public const string Log_RevocationFlag = "Revocation flag for chain building: {0}."; + public const string Log_SigningAsymmetric = "Calculating signature with key {0} using signature description {1}, hash algorithm {2}, and asymmetric signature formatter {3}."; + public const string Log_SigningHmac = "Calculating signature using keyed hash algorithm {0}."; + public const string Log_SigningReference = "Hashing reference {0}, Uri \"{1}\", Id \"{2}\", Type \"{3}\" with hash algorithm \"{4}\" ({5})."; + public const string Log_TransformedReferenceContents = "Transformed reference contents: {0}"; + public const string Log_UnsafeCanonicalizationMethod = "Canonicalization method \"{0}\" is not on the safe list. Safe canonicalization methods are: {1}."; + public const string Log_UrlTimeout = "URL retrieval timeout for chain building: {0}."; + public const string Log_VerificationFailed = "Verification failed checking {0}."; + public const string Log_VerificationFailed_References = "references"; + public const string Log_VerificationFailed_SignedInfo = "SignedInfo"; + public const string Log_VerificationFailed_X509Chain = "X509 chain verification"; + public const string Log_VerificationFailed_X509KeyUsage = "X509 key usage verification"; + public const string Log_VerificationFlag = "Verification flags for chain building: {0}."; + public const string Log_VerificationTime = "Verification time for chain building: {0}."; + public const string Log_VerificationWithKeySuccessful = "Verification with key {0} was successful."; + public const string Log_VerificationWithKeyNotSuccessful = "Verification with key {0} was not successful."; + public const string Log_VerifyReference = "Processing reference {0}, Uri \"{1}\", Id \"{2}\", Type \"{3}\"."; + public const string Log_VerifySignedInfoAsymmetric = "Verifying SignedInfo using key {0}, signature description {1}, hash algorithm {2}, and asymmetric signature deformatter {3}."; + public const string Log_VerifySignedInfoHmac = "Verifying SignedInfo using keyed hash algorithm {0}."; + public const string Log_X509ChainError = "Error building X509 chain: {0}: {1}."; + public const string Log_XmlContext = "Using context: {0}"; + public const string Log_SignedXmlRecursionLimit = "Signed xml recursion limit hit while trying to decrypt the key. Reference {0} hashed with \"{1}\" and ({2})."; + public const string Log_UnsafeTransformMethod = "Transform method \"{0}\" is not on the safe list. Safe transform methods are: {1}."; + public const string Arg_RankMultiDimNotSupported = "Only single dimensional arrays are supported for the requested action."; + public const string Argument_InvalidOffLen = "Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection."; + public const string Argument_InvalidOidValue = "The OID value was invalid."; + public const string Cryptography_Asn_EnumeratedValueRequiresNonFlagsEnum = "ASN.1 Enumerated values only apply to enum types without the [Flags] attribute."; + public const string Cryptography_Asn_NamedBitListRequiresFlagsEnum = "Named bit list operations require an enum with the [Flags] attribute."; + public const string Cryptography_Asn_NamedBitListValueTooBig = "The encoded named bit list value is larger than the value size of the '{0}' enum."; + public const string Cryptography_Asn_UniversalValueIsFixed = "Tags with TagClass Universal must have the appropriate TagValue value for the data type being read or written."; + public const string Cryptography_Asn_UnusedBitCountRange = "Unused bit count must be between 0 and 7, inclusive."; + public const string Cryptography_AsnSerializer_AmbiguousFieldType = "Field '{0}' of type '{1}' has ambiguous type '{2}', an attribute derived from AsnTypeAttribute is required."; + public const string Cryptography_AsnSerializer_Choice_AllowNullNonNullable = "[Choice].AllowNull=true is not valid because type '{0}' cannot have a null value."; + public const string Cryptography_AsnSerializer_Choice_ConflictingTagMapping = "The tag ({0} {1}) for field '{2}' on type '{3}' already is associated in this context with field '{4}' on type '{5}'."; + public const string Cryptography_AsnSerializer_Choice_DefaultValueDisallowed = "Field '{0}' on [Choice] type '{1}' has a default value, which is not permitted."; + public const string Cryptography_AsnSerializer_Choice_NoChoiceWasMade = "An instance of [Choice] type '{0}' has no non-null fields."; + public const string Cryptography_AsnSerializer_Choice_NonNullableField = "Field '{0}' on [Choice] type '{1}' can not be assigned a null value."; + public const string Cryptography_AsnSerializer_Choice_TooManyValues = "Fields '{0}' and '{1}' on type '{2}' are both non-null when only one value is permitted."; + public const string Cryptography_AsnSerializer_Choice_TypeCycle = "Field '{0}' on [Choice] type '{1}' has introduced a type chain cycle."; + public const string Cryptography_AsnSerializer_MultipleAsnTypeAttributes = "Field '{0}' on type '{1}' has multiple attributes deriving from '{2}' when at most one is permitted."; + public const string Cryptography_AsnSerializer_NoJaggedArrays = "Type '{0}' cannot be serialized or deserialized because it is an array of arrays."; + public const string Cryptography_AsnSerializer_NoMultiDimensionalArrays = "Type '{0}' cannot be serialized or deserialized because it is a multi-dimensional array."; + public const string Cryptography_AsnSerializer_NoOpenTypes = "Type '{0}' cannot be serialized or deserialized because it is not sealed or has unbound generic parameters."; + public const string Cryptography_AsnSerializer_Optional_NonNullableField = "Field '{0}' on type '{1}' is declared [OptionalValue], but it can not be assigned a null value."; + public const string Cryptography_AsnSerializer_PopulateFriendlyNameOnString = "Field '{0}' on type '{1}' has [ObjectIdentifier].PopulateFriendlyName set to true, which is not applicable to a string. Change the field to '{2}' or set PopulateFriendlyName to false."; + public const string Cryptography_AsnSerializer_SetValueException = "Unable to set field {0} on type {1}."; + public const string Cryptography_AsnSerializer_SpecificTagChoice = "Field '{0}' on type '{1}' has specified an implicit tag value via [ExpectedTag] for [Choice] type '{2}'. ExplicitTag must be true, or the [ExpectedTag] attribute removed."; + public const string Cryptography_AsnSerializer_UnexpectedTypeForAttribute = "Field '{0}' of type '{1}' has an effective type of '{2}' when one of ({3}) was expected."; + public const string Cryptography_AsnSerializer_UtcTimeTwoDigitYearMaxTooSmall = "Field '{0}' on type '{1}' has a [UtcTime] TwoDigitYearMax value ({2}) smaller than the minimum (99)."; + public const string Cryptography_AsnSerializer_UnhandledType = "Could not determine how to serialize or deserialize type '{0}'."; + public const string Cryptography_AsnWriter_EncodeUnbalancedStack = "Encode cannot be called while a Sequence or SetOf is still open."; + public const string Cryptography_AsnWriter_PopWrongTag = "Cannot pop the requested tag as it is not currently in progress."; + public const string Cryptography_BadHashValue = "The hash value is not correct."; + public const string Cryptography_BadSignature = "Invalid signature."; + public const string Cryptography_Cms_CannotDetermineSignatureAlgorithm = "Could not determine signature algorithm for the signer certificate."; + public const string Cryptography_Cms_IncompleteCertChain = "The certificate chain is incomplete, the self-signed root authority could not be determined."; + public const string Cryptography_Cms_Invalid_Originator_Identifier_Choice = "Invalid originator identifier choice {0} found in decoded CMS."; + public const string Cryptography_Cms_Invalid_Subject_Identifier_Type = "The subject identifier type {0} is not valid."; + public const string Cryptography_Cms_InvalidMessageType = "Invalid cryptographic message type."; + public const string Cryptography_Cms_InvalidSignerHashForSignatureAlg = "SignerInfo digest algorithm '{0}' is not valid for signature algorithm '{1}'."; + public const string Cryptography_Cms_Key_Agree_Date_Not_Available = "The Date property is not available for none KID key agree recipient."; + public const string Cryptography_Cms_MessageNotEncrypted = "The CMS message is not encrypted."; + public const string Cryptography_Cms_MessageNotSigned = "The CMS message is not signed."; + public const string Cryptography_Cms_MissingAuthenticatedAttribute = "The cryptographic message does not contain an expected authenticated attribute."; + public const string Cryptography_Cms_NoCounterCounterSigner = "Only one level of counter-signatures are supported on this platform."; + public const string Cryptography_Cms_NoRecipients = "The recipients collection is empty. You must specify at least one recipient. This platform does not implement the certificate picker UI."; + public const string Cryptography_Cms_NoSignerCert = "No signer certificate was provided. This platform does not implement the certificate picker UI."; + public const string Cryptography_Cms_NoSignerAtIndex = "The signed cryptographic message does not have a signer for the specified signer index."; + public const string Cryptography_Cms_RecipientNotFound = "The enveloped-data message does not contain the specified recipient."; + public const string Cryptography_Cms_RecipientType_NotSupported = "The recipient type '{0}' is not supported for encryption or decryption on this platform."; + public const string Cryptography_Cms_Sign_Empty_Content = "Cannot create CMS signature for empty content."; + public const string Cryptography_Cms_SignerNotFound = "Cannot find the original signer."; + public const string Cryptography_Cms_Signing_RequiresPrivateKey = "A certificate with a private key is required."; + public const string Cryptography_Cms_TrustFailure = "Certificate trust could not be established. The first reported error is: {0}"; + public const string Cryptography_Cms_UnknownAlgorithm = "Unknown algorithm '{0}'."; + public const string Cryptography_Cms_UnknownKeySpec = "Unable to determine the type of key handle from this keyspec {0}."; + public const string Cryptography_Cms_WrongKeyUsage = "The certificate is not valid for the requested usage."; + public const string Cryptography_Pkcs_InvalidSignatureParameters = "Invalid signature paramters."; + public const string Cryptography_Pkcs9_AttributeMismatch = "The parameter should be a PKCS 9 attribute."; + public const string Cryptography_Pkcs9_MultipleSigningTimeNotAllowed = "Cannot add multiple PKCS 9 signing time attributes."; + public const string Cryptography_Pkcs_PssParametersMissing = "PSS parameters were not present."; + public const string Cryptography_Pkcs_PssParametersHashMismatch = "This platform requires that the PSS hash algorithm ({0}) match the data digest algorithm ({1})."; + public const string Cryptography_Pkcs_PssParametersMgfHashMismatch = "This platform does not support the MGF hash algorithm ({0}) being different from the signature hash algorithm ({1})."; + public const string Cryptography_Pkcs_PssParametersMgfNotSupported = "Mask generation function '{0}' is not supported by this platform."; + public const string Cryptography_Pkcs_PssParametersSaltMismatch = "PSS salt size {0} is not supported by this platform with hash algorithm {1}."; + public const string Cryptography_TimestampReq_BadNonce = "The response from the timestamping server did not match the request nonce."; + public const string Cryptography_TimestampReq_BadResponse = "The response from the timestamping server was not understood."; + public const string Cryptography_TimestampReq_Failure = "The timestamping server did not grant the request. The request status is '{0}' with failure info '{1}'."; + public const string Cryptography_TimestampReq_NoCertFound = "The timestamping request required the TSA certificate in the response, but it was not found."; + public const string Cryptography_TimestampReq_UnexpectedCertFound = "The timestamping request required the TSA certificate not be included in the response, but certificates were present."; + public const string InvalidOperation_DuplicateItemNotAllowed = "Duplicate items are not allowed in the collection."; + public const string InvalidOperation_WrongOidInAsnCollection = "AsnEncodedData element in the collection has wrong Oid value: expected = '{0}', actual = '{1}'."; + public const string PlatformNotSupported_CryptographyPkcs = "System.Security.Cryptography.Pkcs is only supported on Windows platforms."; + public const string Cryptography_Der_Invalid_Encoding = "ASN1 corrupted data."; + public const string Cryptography_Invalid_IA5String = "The string contains a character not in the 7 bit ASCII character set."; + public const string Cryptography_UnknownHashAlgorithm = "'{0}' is not a known hash algorithm."; + public const string Cryptography_WriteEncodedValue_OneValueAtATime = "The input to WriteEncodedValue must represent a single encoded value with no trailing data."; + } +}
\ No newline at end of file |