diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-06-14 13:01:06 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-06-14 13:01:06 +0700 |
commit | ceebe8fb52daf0fbadecbfb0e0a86b48ce011b38 (patch) | |
tree | b9084b3b32bea4462f775211adb3c666030a8c32 | |
parent | Prefer AES/GCM over CHACHA20_POLY1305 (cipher suites) (diff) | |
download | BouncyCastle.NET-ed25519-ceebe8fb52daf0fbadecbfb0e0a86b48ce011b38.tar.xz |
Add new variant of GetBasicAgreementWithKdf
-rw-r--r-- | crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs | 2 | ||||
-rw-r--r-- | crypto/src/cms/KeyAgreeRecipientInformation.cs | 27 | ||||
-rw-r--r-- | crypto/src/security/AgreementUtilities.cs | 10 |
3 files changed, 18 insertions, 21 deletions
diff --git a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs index 6bcba0d80..479aa50cb 100644 --- a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs +++ b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs @@ -123,7 +123,7 @@ namespace Org.BouncyCastle.Cms // Use key agreement to choose a wrap key for this recipient IBasicAgreement keyAgreement = AgreementUtilities.GetBasicAgreementWithKdf( - m_keyAgreementOid, m_keyEncryptionOid.Id); + m_keyAgreementOid, m_keyEncryptionOid); keyAgreement.Init(new ParametersWithRandom(senderPrivateParams, random)); BigInteger agreedValue = keyAgreement.CalculateAgreement(recipientPublicParams); diff --git a/crypto/src/cms/KeyAgreeRecipientInformation.cs b/crypto/src/cms/KeyAgreeRecipientInformation.cs index 398082810..cc1823cc6 100644 --- a/crypto/src/cms/KeyAgreeRecipientInformation.cs +++ b/crypto/src/cms/KeyAgreeRecipientInformation.cs @@ -123,10 +123,8 @@ namespace Org.BouncyCastle.Cms throw new CmsException("No support for 'originator' as IssuerAndSerialNumber or SubjectKeyIdentifier"); } - private KeyParameter CalculateAgreedWrapKey( - string wrapAlg, - AsymmetricKeyParameter senderPublicKey, - AsymmetricKeyParameter receiverPrivateKey) + private KeyParameter CalculateAgreedWrapKey(DerObjectIdentifier wrapAlgOid, + AsymmetricKeyParameter senderPublicKey, AsymmetricKeyParameter receiverPrivateKey) { DerObjectIdentifier agreeAlgID = keyEncAlg.Algorithm; @@ -150,23 +148,20 @@ namespace Org.BouncyCastle.Cms (ECPrivateKeyParameters)receiverPrivateParams); } - IBasicAgreement agreement = AgreementUtilities.GetBasicAgreementWithKdf( - agreeAlgID, wrapAlg); + IBasicAgreement agreement = AgreementUtilities.GetBasicAgreementWithKdf(agreeAlgID, wrapAlgOid); agreement.Init(receiverPrivateParams); BigInteger agreedValue = agreement.CalculateAgreement(senderPublicParams); - int wrapKeySize = GeneratorUtilities.GetDefaultKeySize(wrapAlg) / 8; + int wrapKeySize = GeneratorUtilities.GetDefaultKeySize(wrapAlgOid) / 8; byte[] wrapKeyBytes = X9IntegerConverter.IntegerToBytes(agreedValue, wrapKeySize); - return ParameterUtilities.CreateKeyParameter(wrapAlg, wrapKeyBytes); + return ParameterUtilities.CreateKeyParameter(wrapAlgOid, wrapKeyBytes); } - private KeyParameter UnwrapSessionKey( - string wrapAlg, - KeyParameter agreedKey) + private KeyParameter UnwrapSessionKey(DerObjectIdentifier wrapAlgOid, KeyParameter agreedKey) { byte[] encKeyOctets = encryptedKey.GetOctets(); - IWrapper keyCipher = WrapperUtilities.GetWrapper(wrapAlg); + IWrapper keyCipher = WrapperUtilities.GetWrapper(wrapAlgOid); keyCipher.Init(false, agreedKey); byte[] sKeyBytes = keyCipher.Unwrap(encKeyOctets, 0, encKeyOctets.Length); return ParameterUtilities.CreateKeyParameter(GetContentAlgorithmName(), sKeyBytes); @@ -177,16 +172,14 @@ namespace Org.BouncyCastle.Cms { try { - string wrapAlg = DerObjectIdentifier.GetInstance( - Asn1Sequence.GetInstance(keyEncAlg.Parameters)[0]).Id; + var wrapAlgOid = DerObjectIdentifier.GetInstance(Asn1Sequence.GetInstance(keyEncAlg.Parameters)[0]); AsymmetricKeyParameter senderPublicKey = GetSenderPublicKey( receiverPrivateKey, info.Originator); - KeyParameter agreedWrapKey = CalculateAgreedWrapKey(wrapAlg, - senderPublicKey, receiverPrivateKey); + KeyParameter agreedWrapKey = CalculateAgreedWrapKey(wrapAlgOid, senderPublicKey, receiverPrivateKey); - return UnwrapSessionKey(wrapAlg, agreedWrapKey); + return UnwrapSessionKey(wrapAlgOid, agreedWrapKey); } catch (SecurityUtilityException e) { diff --git a/crypto/src/security/AgreementUtilities.cs b/crypto/src/security/AgreementUtilities.cs index 0b7fc2a2b..5fef5f877 100644 --- a/crypto/src/security/AgreementUtilities.cs +++ b/crypto/src/security/AgreementUtilities.cs @@ -56,9 +56,13 @@ namespace Org.BouncyCastle.Security throw new SecurityUtilityException("Basic Agreement " + algorithm + " not recognised."); } - public static IBasicAgreement GetBasicAgreementWithKdf( - DerObjectIdentifier oid, - string wrapAlgorithm) + public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier agreeAlgOid, + DerObjectIdentifier wrapAlgOid) + { + return GetBasicAgreementWithKdf(agreeAlgOid.Id, wrapAlgOid.Id); + } + + public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier oid, string wrapAlgorithm) { return GetBasicAgreementWithKdf(oid.Id, wrapAlgorithm); } |