diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-02-16 16:48:49 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-02-16 16:48:49 +0700 |
| commit | ecdb18e294b26b92aa92b9fed9e45c4463765298 (patch) | |
| tree | 65f820a3e620947638146e3570f104c470312d1c /crypto/src/cms/CMSEnvelopedGenerator.cs | |
| parent | Remove ExtendedKeyUsage from criticalExtensions (diff) | |
| download | BouncyCastle.NET-ed25519-ecdb18e294b26b92aa92b9fed9e45c4463765298.tar.xz | |
CMS support for key ID + public key recipients in key agreement
- see https://github.com/bcgit/bc-csharp/issues/415
Diffstat (limited to 'crypto/src/cms/CMSEnvelopedGenerator.cs')
| -rw-r--r-- | crypto/src/cms/CMSEnvelopedGenerator.cs | 47 |
1 files changed, 34 insertions, 13 deletions
diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs index 22a999766..401f4d2e8 100644 --- a/crypto/src/cms/CMSEnvelopedGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedGenerator.cs @@ -225,11 +225,10 @@ namespace Org.BouncyCastle.Cms X509Certificate recipientCert, string cekWrapAlgorithm) { - var recipientCerts = new List<X509Certificate>(1); - recipientCerts.Add(recipientCert); + var recipientCerts = new List<X509Certificate>(1){ recipientCert }; - AddKeyAgreementRecipients(agreementAlgorithm, senderPrivateKey, senderPublicKey, - recipientCerts, cekWrapAlgorithm); + AddKeyAgreementRecipients(agreementAlgorithm, senderPrivateKey, senderPublicKey, recipientCerts, + cekWrapAlgorithm); } /** @@ -251,24 +250,46 @@ namespace Org.BouncyCastle.Cms string cekWrapAlgorithm) { if (!senderPrivateKey.IsPrivate) - throw new ArgumentException("Expected private key", "senderPrivateKey"); + throw new ArgumentException("Expected private key", nameof(senderPrivateKey)); if (senderPublicKey.IsPrivate) - throw new ArgumentException("Expected public key", "senderPublicKey"); + throw new ArgumentException("Expected public key", nameof(senderPublicKey)); /* TODO * "a recipient X.509 version 3 certificate that contains a key usage extension MUST * assert the keyAgreement bit." */ - KeyAgreeRecipientInfoGenerator karig = new KeyAgreeRecipientInfoGenerator(); - karig.KeyAgreementOID = new DerObjectIdentifier(agreementAlgorithm); - karig.KeyEncryptionOID = new DerObjectIdentifier(cekWrapAlgorithm); - karig.RecipientCerts = new List<X509Certificate>(recipientCerts); - karig.SenderKeyPair = new AsymmetricCipherKeyPair(senderPublicKey, senderPrivateKey); - - recipientInfoGenerators.Add(karig); + recipientInfoGenerators.Add(new KeyAgreeRecipientInfoGenerator(recipientCerts) + { + KeyAgreementOid = new DerObjectIdentifier(agreementAlgorithm), + KeyEncryptionOid = new DerObjectIdentifier(cekWrapAlgorithm), + SenderKeyPair = new AsymmetricCipherKeyPair(senderPublicKey, senderPrivateKey), + }); } + public void AddKeyAgreementRecipient( + string agreementAlgorithm, + AsymmetricKeyParameter senderPrivateKey, + AsymmetricKeyParameter senderPublicKey, + byte[] recipientKeyID, + AsymmetricKeyParameter recipientPublicKey, + string cekWrapAlgorithm) + { + if (!senderPrivateKey.IsPrivate) + throw new ArgumentException("Expected private key", nameof(senderPrivateKey)); + if (senderPublicKey.IsPrivate) + throw new ArgumentException("Expected public key", nameof(senderPublicKey)); + if (recipientPublicKey.IsPrivate) + throw new ArgumentException("Expected public key", nameof(recipientPublicKey)); + + recipientInfoGenerators.Add(new KeyAgreeRecipientInfoGenerator(recipientKeyID, recipientPublicKey) + { + KeyAgreementOid = new DerObjectIdentifier(agreementAlgorithm), + KeyEncryptionOid = new DerObjectIdentifier(cekWrapAlgorithm), + SenderKeyPair = new AsymmetricCipherKeyPair(senderPublicKey, senderPrivateKey), + }); + } + /// <summary> /// Add a generator to produce the recipient info required. /// </summary> |