diff options
| author | David Hook <dgh@bouncycastle.org> | 2021-05-24 13:06:31 +1000 |
|---|---|---|
| committer | David Hook <dgh@bouncycastle.org> | 2021-05-24 13:06:31 +1000 |
| commit | 01238566c1d4b2a606e4859a75ad05ca79db4ffb (patch) | |
| tree | ee7d1057d41cd25c3f0383b5d1ca2e213a976feb /crypto/src/cms | |
| parent | github#54 test for mixed mode definition (diff) | |
| download | BouncyCastle.NET-ed25519-01238566c1d4b2a606e4859a75ad05ca79db4ffb.tar.xz | |
github #222 addressed OAEP parameter setting, refactored KeyTransRecipientInfoGenerator to allow deprecation of sub class
Diffstat (limited to 'crypto/src/cms')
| -rw-r--r-- | crypto/src/cms/CMSEnvelopedGenerator.cs | 15 | ||||
| -rw-r--r-- | crypto/src/cms/KeyTransRecipientInfoGenerator.cs | 65 | ||||
| -rw-r--r-- | crypto/src/cms/KeyTransRecipientInformation.cs | 27 |
3 files changed, 42 insertions, 65 deletions
diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs index ed7e1edee..d7d3e4bbf 100644 --- a/crypto/src/cms/CMSEnvelopedGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedGenerator.cs @@ -10,6 +10,7 @@ using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; @@ -132,10 +133,9 @@ namespace Org.BouncyCastle.Cms public void AddKeyTransRecipient( X509Certificate cert) { - KeyTransRecipientInfoGenerator ktrig = new KeyTransRecipientInfoGenerator(); - ktrig.RecipientCert = cert; - - recipientInfoGenerators.Add(ktrig); + TbsCertificateStructure recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(cert); + SubjectPublicKeyInfo info = recipientTbsCert.SubjectPublicKeyInfo; + this.AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper(info.AlgorithmID.Algorithm, info.AlgorithmID.Parameters, cert))); } /** @@ -149,11 +149,8 @@ namespace Org.BouncyCastle.Cms AsymmetricKeyParameter pubKey, byte[] subKeyId) { - KeyTransRecipientInfoGenerator ktrig = new KeyTransRecipientInfoGenerator(); - ktrig.RecipientPublicKey = pubKey; - ktrig.SubjectKeyIdentifier = new DerOctetString(subKeyId); - - recipientInfoGenerators.Add(ktrig); + SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey); + this.AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(subKeyId, new Asn1KeyWrapper(info.AlgorithmID.Algorithm, info.AlgorithmID.Parameters, pubKey))); } /** diff --git a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs index 23b06d3b3..60020be1f 100644 --- a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs +++ b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs @@ -15,60 +15,30 @@ namespace Org.BouncyCastle.Cms { private static readonly CmsEnvelopedHelper Helper = CmsEnvelopedHelper.Instance; - private TbsCertificateStructure recipientTbsCert; - private AsymmetricKeyParameter recipientPublicKey; private Asn1OctetString subjectKeyIdentifier; + private IKeyWrapper keyWrapper; // Derived fields private SubjectPublicKeyInfo info; private IssuerAndSerialNumber issuerAndSerialNumber; private SecureRandom random; + - internal KeyTransRecipientInfoGenerator() + public KeyTransRecipientInfoGenerator(X509Certificate recipCert, IKeyWrapper keyWrapper) + : this(new Asn1.Cms.IssuerAndSerialNumber(recipCert.IssuerDN, new DerInteger(recipCert.SerialNumber)), keyWrapper) { } - protected KeyTransRecipientInfoGenerator(IssuerAndSerialNumber issuerAndSerialNumber) + public KeyTransRecipientInfoGenerator(IssuerAndSerialNumber issuerAndSerial, IKeyWrapper keyWrapper) { - this.issuerAndSerialNumber = issuerAndSerialNumber; + this.issuerAndSerialNumber = issuerAndSerial; + this.keyWrapper = keyWrapper; } - protected KeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier) + public KeyTransRecipientInfoGenerator(byte[] subjectKeyID, IKeyWrapper keyWrapper) { this.subjectKeyIdentifier = new DerOctetString(subjectKeyIdentifier); - } - - internal X509Certificate RecipientCert - { - set - { - this.recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(value); - this.recipientPublicKey = value.GetPublicKey(); - this.info = recipientTbsCert.SubjectPublicKeyInfo; - } - } - - internal AsymmetricKeyParameter RecipientPublicKey - { - set - { - this.recipientPublicKey = value; - - try - { - info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo( - recipientPublicKey); - } - catch (IOException) - { - throw new ArgumentException("can't extract key algorithm from this key"); - } - } - } - - internal Asn1OctetString SubjectKeyIdentifier - { - set { this.subjectKeyIdentifier = value; } + this.keyWrapper = keyWrapper; } public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random) @@ -80,11 +50,9 @@ namespace Org.BouncyCastle.Cms byte[] encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey); RecipientIdentifier recipId; - if (recipientTbsCert != null) + if (issuerAndSerialNumber != null) { - IssuerAndSerialNumber issuerAndSerial = new IssuerAndSerialNumber( - recipientTbsCert.Issuer, recipientTbsCert.SerialNumber.Value); - recipId = new RecipientIdentifier(issuerAndSerial); + recipId = new RecipientIdentifier(issuerAndSerialNumber); } else { @@ -99,18 +67,17 @@ namespace Org.BouncyCastle.Cms { get { + if (this.keyWrapper != null) + { + return (AlgorithmIdentifier)keyWrapper.AlgorithmDetails; + } return info.AlgorithmID; } } protected virtual byte[] GenerateWrappedKey(KeyParameter contentEncryptionKey) { - byte[] keyBytes = contentEncryptionKey.GetKey(); - AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID; - - IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id); - keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random)); - return keyWrapper.Wrap(keyBytes, 0, keyBytes.Length); + return keyWrapper.Wrap(contentEncryptionKey.GetKey()).Collect(); } } } diff --git a/crypto/src/cms/KeyTransRecipientInformation.cs b/crypto/src/cms/KeyTransRecipientInformation.cs index 7d2f072b5..2a40fed06 100644 --- a/crypto/src/cms/KeyTransRecipientInformation.cs +++ b/crypto/src/cms/KeyTransRecipientInformation.cs @@ -9,6 +9,8 @@ using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; using Org.BouncyCastle.X509; +using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Crypto.Operators; namespace Org.BouncyCastle.Cms { @@ -42,7 +44,7 @@ namespace Org.BouncyCastle.Cms } else { - IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID); + Asn1.Cms.IssuerAndSerialNumber iAnds = Asn1.Cms.IssuerAndSerialNumber.GetInstance(r.ID); rid.Issuer = iAnds.Name; rid.SerialNumber = iAnds.SerialNumber.Value; @@ -74,16 +76,27 @@ namespace Org.BouncyCastle.Cms internal KeyParameter UnwrapKey(ICipherParameters key) { byte[] encryptedKey = info.EncryptedKey.GetOctets(); - string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg); + try { - IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyExchangeAlgorithm); - keyWrapper.Init(false, key); + if (keyEncAlg.Algorithm.Equals(PkcsObjectIdentifiers.IdRsaesOaep)) + { + IKeyUnwrapper keyWrapper = new Asn1KeyUnwrapper(keyEncAlg.Algorithm, keyEncAlg.Parameters, key); - // FIXME Support for MAC algorithm parameters similar to cipher parameters - return ParameterUtilities.CreateKeyParameter( - GetContentAlgorithmName(), keyWrapper.Unwrap(encryptedKey, 0, encryptedKey.Length)); + return ParameterUtilities.CreateKeyParameter( + GetContentAlgorithmName(), keyWrapper.Unwrap(encryptedKey, 0, encryptedKey.Length).Collect()); + } + else + { + string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg); + IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyExchangeAlgorithm); + keyWrapper.Init(false, key); + + // FIXME Support for MAC algorithm parameters similar to cipher parameters + return ParameterUtilities.CreateKeyParameter( + GetContentAlgorithmName(), keyWrapper.Unwrap(encryptedKey, 0, encryptedKey.Length)); + } } catch (SecurityUtilityException e) { |