diff options
| author | David Hook <dgh@bouncycastle.org> | 2019-01-19 15:38:11 +1100 |
|---|---|---|
| committer | David Hook <dgh@bouncycastle.org> | 2019-01-19 15:38:11 +1100 |
| commit | 60b001da03e19c8e22ce8d7f448e9c752e3ebdfa (patch) | |
| tree | 5f3c200fbf03a998ee186b3a0861a781f0f7f57c | |
| parent | Missing file from last commit (diff) | |
| download | BouncyCastle.NET-ed25519-60b001da03e19c8e22ce8d7f448e9c752e3ebdfa.tar.xz | |
fixed KeyTransRecipientInfoGenerator to invoke overridable method for wrapping symmetric session key
| -rw-r--r-- | crypto/src/cms/KeyTransRecipientInfoGenerator.cs | 5 | ||||
| -rw-r--r-- | crypto/src/crmf/PKIArchiveControlBuilder.cs | 11 | ||||
| -rw-r--r-- | crypto/src/crypto/operators/Asn1KeyWrapper.cs | 94 |
3 files changed, 57 insertions, 53 deletions
diff --git a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs index b18d18153..23b06d3b3 100644 --- a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs +++ b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs @@ -73,14 +73,11 @@ namespace Org.BouncyCastle.Cms public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random) { - byte[] keyBytes = contentEncryptionKey.GetKey(); AlgorithmIdentifier keyEncryptionAlgorithm = this.AlgorithmDetails; this.random = random; - IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id); - keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random)); - byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length); + byte[] encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey); RecipientIdentifier recipId; if (recipientTbsCert != null) diff --git a/crypto/src/crmf/PKIArchiveControlBuilder.cs b/crypto/src/crmf/PKIArchiveControlBuilder.cs index f43ecd4ec..2677e4e0d 100644 --- a/crypto/src/crmf/PKIArchiveControlBuilder.cs +++ b/crypto/src/crmf/PKIArchiveControlBuilder.cs @@ -9,7 +9,7 @@ using Org.BouncyCastle.Crypto; namespace Org.BouncyCastle.Crmf { - public class PKIArchiveControlBuilder + public class PkiArchiveControlBuilder { private CmsEnvelopedDataGenerator envGen; private CmsProcessableByteArray keyContent; @@ -20,7 +20,7 @@ namespace Org.BouncyCastle.Crmf /// <param name="privateKeyInfo">the private key to be archived.</param> /// <param name="generalName">the general name to be associated with the private key.</param> /// - public PKIArchiveControlBuilder(PrivateKeyInfo privateKeyInfo, GeneralName generalName) + public PkiArchiveControlBuilder(PrivateKeyInfo privateKeyInfo, GeneralName generalName) { EncKeyWithID encKeyWithID = new EncKeyWithID(privateKeyInfo, generalName); @@ -35,14 +35,11 @@ namespace Org.BouncyCastle.Crmf this.envGen = new CmsEnvelopedDataGenerator(); } - - - ///<summary>Add a recipient generator to this control.</summary> ///<param name="recipientGen"> recipient generator created for a specific recipient.</param> ///<returns>this builder object.</returns> - public PKIArchiveControlBuilder AddRecipientGenerator(RecipientInfoGenerator recipientGen) + public PkiArchiveControlBuilder AddRecipientGenerator(RecipientInfoGenerator recipientGen) { envGen.AddRecipientInfoGenerator(recipientGen); return this; @@ -56,6 +53,6 @@ namespace Org.BouncyCastle.Crmf CmsEnvelopedData envContent = envGen.Generate(keyContent, contentEncryptor); EnvelopedData envD = EnvelopedData.GetInstance(envContent.ContentInfo.Content); return new PkiArchiveControl(new PkiArchiveOptions(new EncryptedKey(envD))); + } } -} } \ No newline at end of file diff --git a/crypto/src/crypto/operators/Asn1KeyWrapper.cs b/crypto/src/crypto/operators/Asn1KeyWrapper.cs index 38f287daa..6e608b94b 100644 --- a/crypto/src/crypto/operators/Asn1KeyWrapper.cs +++ b/crypto/src/crypto/operators/Asn1KeyWrapper.cs @@ -10,11 +10,36 @@ using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Crypto.Encodings; using Org.BouncyCastle.Crypto.Engines; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Asn1.Oiw; +using Org.BouncyCastle.Asn1.Nist; namespace Org.BouncyCastle.Crypto.Operators { + public class Asn1KeyWrapper : IKeyWrapper + { + private X509Certificate cert; + private string algorithm; + private IKeyWrapper wrapper; + + public Asn1KeyWrapper(string algorithm, X509Certificate cert) + { + this.algorithm = algorithm; + this.cert = cert; + wrapper = KeyWrapperUtil.WrapperForName(algorithm); + } + + public object AlgorithmDetails + { + get { return wrapper.AlgorithmDetails; } + } + + public IBlockResult Wrap(byte[] keyData) + { + return wrapper.Wrap(keyData); + } + } - public class KeyWrapperUtil + internal class KeyWrapperUtil { // // Provider @@ -23,8 +48,11 @@ namespace Org.BouncyCastle.Crypto.Operators static KeyWrapperUtil() { - providerMap["RSA/NONE/OAEPPADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_None_OaepPadding); - providerMap["RSA/NONE/OAEPWITHSHA256ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_None_OaepWithSha256andMGF1Padding); + providerMap["RSA/NONE/OAEPWITHSHA1ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha1_Oaep); + providerMap["RSA/NONE/OAEPWITHSHA224ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha224_Oaep); + providerMap["RSA/NONE/OAEPWITHSHA256ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha256_Oaep); + providerMap["RSA/NONE/OAEPWITHSHA384ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha384_Oaep); + providerMap["RSA/NONE/OAEPWITHSHA512ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha512_Oaep); } public static IKeyWrapper WrapperForName(string algorithm) @@ -39,45 +67,18 @@ namespace Org.BouncyCastle.Crypto.Operators return (IKeyWrapper)provider.createWrapper(); } - public static IKeyUnwrapper UnWrapperForName(string algorithm) + public static IKeyUnwrapper UnwrapperForName(string algorithm) { WrapperProvider provider = (WrapperProvider)providerMap[Strings.ToUpperCase(algorithm)]; if (provider == null) { - throw new ArgumentException("could not resolve " + algorithm + " to a KeyUnWrapper"); + throw new ArgumentException("could not resolve " + algorithm + " to a KeyUnwrapper"); } return (IKeyUnwrapper)provider.createWrapper(); } } - - public class Asn1KeyWrapper : IKeyWrapper - { - private X509Certificate cert; - private string algorithm; - private IKeyWrapper wrapper; - - - - public Asn1KeyWrapper(string algorithm, X509Certificate cert) - { - this.algorithm = algorithm; - this.cert = cert; - wrapper = KeyWrapperUtil.WrapperForName(algorithm); - } - - public object AlgorithmDetails - { - get { return wrapper.AlgorithmDetails; } - } - - public IBlockResult Wrap(byte[] keyData) - { - return wrapper.Wrap(keyData); - } - } - internal delegate object WrapperCreatorDelegate(); /// <summary> @@ -92,40 +93,48 @@ namespace Org.BouncyCastle.Crypto.Operators this.creator = creator; } - public object createWrapper() { return this.creator.Invoke(); } } - - internal interface WrapperProvider { object createWrapper(); } - - internal class RsaOaepWrapper : IKeyWrapper, IKeyUnwrapper { + internal static object Rsa_Sha1_Oaep() + { + return new RsaOaepWrapper(OiwObjectIdentifiers.IdSha1, new Sha1Digest()); + } - internal static object Rsa_None_OaepPadding() + internal static object Rsa_Sha224_Oaep() { - return new RsaOaepWrapper(new Sha1Digest(), PkcsObjectIdentifiers.IdRsaesOaep); + return new RsaOaepWrapper(NistObjectIdentifiers.IdSha224, new Sha224Digest()); } - internal static object Rsa_None_OaepWithSha256andMGF1Padding() + internal static object Rsa_Sha256_Oaep() { - return new RsaOaepWrapper(new Sha256Digest(), PkcsObjectIdentifiers.IdRsaesOaep); + return new RsaOaepWrapper(NistObjectIdentifiers.IdSha256, new Sha256Digest()); } + internal static object Rsa_Sha384_Oaep() + { + return new RsaOaepWrapper(NistObjectIdentifiers.IdSha384, new Sha384Digest()); + } + + internal static object Rsa_Sha512_Oaep() + { + return new RsaOaepWrapper(NistObjectIdentifiers.IdSha512, new Sha512Digest()); + } private readonly AlgorithmIdentifier algId; private readonly IAsymmetricBlockCipher engine; - public RsaOaepWrapper(IDigest digest, DerObjectIdentifier digestOid) + public RsaOaepWrapper(DerObjectIdentifier digestOid, IDigest digest) { AlgorithmIdentifier digestAlgId = new AlgorithmIdentifier(digestOid, DerNull.Instance); @@ -137,6 +146,7 @@ namespace Org.BouncyCastle.Crypto.Operators RsaesOaepParameters.DefaultPSourceAlgorithm)); this.engine = new OaepEncoding(new RsaBlindedEngine()); } + public object AlgorithmDetails { get |