diff options
| author | Alexander Scheel <alexander.scheel@keyfactor.com> | 2024-02-14 09:33:03 -0500 |
|---|---|---|
| committer | Alexander Scheel <alexander.scheel@keyfactor.com> | 2024-02-14 10:22:16 -0500 |
| commit | 89e04f3a8b0cfbadd8ff1cca8de77c6393ebfdb6 (patch) | |
| tree | 24e41b35c011ba105b0a7ea6c7bb5ee23358e9ca /crypto/test | |
| parent | Refactoring in Pqc.Crypto.Utilities (diff) | |
| download | BouncyCastle.NET-ed25519-89e04f3a8b0cfbadd8ff1cca8de77c6393ebfdb6.tar.xz | |
Add explicit algorithm parameter in AddKeyTransRecipient
This allows callers to select between OAEP and PKCS#1v1.5 independent of the underlying certificate OID. In some instances, callers may wish to use OAEP for transport (e.g., due to FIPS sunset) with PKCS#1v1.5 OID certificates for compatibility. Note that Asn1KeyWrapper involves /NONE/ in the parameter name (whereas some other places reference it with just //). Signed-off-by: Alexander Scheel <alexander.scheel@keyfactor.com>
Diffstat (limited to 'crypto/test')
| -rw-r--r-- | crypto/test/src/cms/test/AuthenticatedDataTest.cs | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/crypto/test/src/cms/test/AuthenticatedDataTest.cs b/crypto/test/src/cms/test/AuthenticatedDataTest.cs index f1e7103b2..e9364d3aa 100644 --- a/crypto/test/src/cms/test/AuthenticatedDataTest.cs +++ b/crypto/test/src/cms/test/AuthenticatedDataTest.cs @@ -135,6 +135,7 @@ namespace Org.BouncyCastle.Cms.Tests public void TestKeyTransDESede() { tryKeyTrans(CmsAuthenticatedDataGenerator.DesEde3Cbc); + tryKeyTransWithOaepOverride(CmsAuthenticatedDataGenerator.DesEde3Cbc); } [Test] @@ -243,7 +244,39 @@ namespace Org.BouncyCastle.Cms.Tests Assert.IsTrue(Arrays.AreEqual(ad.GetMac(), recipient.GetMac())); } } - + + private void tryKeyTransWithOaepOverride(string macAlg) + { + byte[] data = Encoding.ASCII.GetBytes("Eric H. Echidna"); + + CmsAuthenticatedDataGenerator adGen = new CmsAuthenticatedDataGenerator(); + + adGen.AddKeyTransRecipient("RSA/NONE/OAEPWITHSHA256ANDMGF1PADDING", ReciCert); + + CmsAuthenticatedData ad = adGen.Generate( + new CmsProcessableByteArray(data), + macAlg); + + RecipientInformationStore recipients = ad.GetRecipientInfos(); + + Assert.AreEqual(ad.MacAlgOid, macAlg); + + var c = recipients.GetRecipients(); + + Assert.AreEqual(1, c.Count); + + foreach (RecipientInformation recipient in c) + { + Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.IdRsaesOaep.Id); + + byte[] recData = recipient.GetContent(ReciKP.Private); + + Assert.IsTrue(Arrays.AreEqual(data, recData)); + Assert.IsTrue(Arrays.AreEqual(ad.GetMac(), recipient.GetMac())); + } + } + + private void tryKekAlgorithm(KeyParameter kek, DerObjectIdentifier algOid) { byte[] data = Encoding.ASCII.GetBytes("Eric H. Echidna"); |