using System; using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Generators; using Org.BouncyCastle.Crypto.IO; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.Cms { /** * General class for generating a CMS authenticated-data message stream. *

* A simple example of usage. *

	*      CMSAuthenticatedDataStreamGenerator edGen = new CMSAuthenticatedDataStreamGenerator();
	*
	*      edGen.addKeyTransRecipient(cert);
	*
	*      ByteArrayOutputStream  bOut = new ByteArrayOutputStream();
	*
	*      OutputStream out = edGen.open(
	*                              bOut, CMSAuthenticatedDataGenerator.AES128_CBC, "BC");*
	*      out.write(data);
	*
	*      out.close();
	* 
*

*/ public class CmsAuthenticatedDataStreamGenerator : CmsAuthenticatedGenerator { // TODO Add support // private object _originatorInfo = null; // private object _unprotectedAttributes = null; private int _bufferSize; private bool _berEncodeRecipientSet; public CmsAuthenticatedDataStreamGenerator() { } /// Constructor allowing specific source of randomness /// Instance of SecureRandom to use. public CmsAuthenticatedDataStreamGenerator(SecureRandom random) : base(random) { } /** * Set the underlying string size for encapsulated data * * @param bufferSize length of octet strings to buffer the data. */ public void SetBufferSize( int bufferSize) { _bufferSize = bufferSize; } /** * Use a BER Set to store the recipient information */ public void SetBerEncodeRecipients( bool berEncodeRecipientSet) { _berEncodeRecipientSet = berEncodeRecipientSet; } /** * generate an enveloped object that contains an CMS Enveloped Data * object using the given provider and the passed in key generator. * @throws java.io.IOException */ private Stream Open( Stream outStr, string macOid, CipherKeyGenerator keyGen) { // FIXME Will this work for macs? byte[] encKeyBytes = keyGen.GenerateKey(); KeyParameter encKey = ParameterUtilities.CreateKeyParameter(macOid, encKeyBytes); Asn1Encodable asn1Params = GenerateAsn1Parameters(macOid, encKeyBytes); ICipherParameters cipherParameters; AlgorithmIdentifier macAlgId = GetAlgorithmIdentifier( macOid, encKey, asn1Params, out cipherParameters); Asn1EncodableVector recipientInfos = new Asn1EncodableVector(); foreach (RecipientInfoGenerator rig in recipientInfoGenerators) { try { recipientInfos.Add(rig.Generate(encKey, m_random)); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for algorithm.", e); } catch (GeneralSecurityException e) { throw new CmsException("error making encrypted content.", e); } } // FIXME Only passing key at the moment // return Open(outStr, macAlgId, cipherParameters, recipientInfos); return Open(outStr, macAlgId, encKey, recipientInfos); } protected Stream Open( Stream outStr, AlgorithmIdentifier macAlgId, ICipherParameters cipherParameters, Asn1EncodableVector recipientInfos) { try { // // ContentInfo // BerSequenceGenerator cGen = new BerSequenceGenerator(outStr); cGen.AddObject(CmsObjectIdentifiers.AuthenticatedData); // // Authenticated Data // BerSequenceGenerator authGen = new BerSequenceGenerator( cGen.GetRawOutputStream(), 0, true); authGen.AddObject(new DerInteger(AuthenticatedData.CalculateVersion(null))); Stream authRaw = authGen.GetRawOutputStream(); Asn1Generator recipGen = _berEncodeRecipientSet ? (Asn1Generator) new BerSetGenerator(authRaw) : new DerSetGenerator(authRaw); foreach (Asn1Encodable ae in recipientInfos) { recipGen.AddObject(ae); } recipGen.Close(); authGen.AddObject(macAlgId); BerSequenceGenerator eiGen = new BerSequenceGenerator(authRaw); eiGen.AddObject(CmsObjectIdentifiers.Data); Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream( eiGen.GetRawOutputStream(), 0, true, _bufferSize); IMac mac = MacUtilities.GetMac(macAlgId.Algorithm); // TODO Confirm no ParametersWithRandom needed mac.Init(cipherParameters); Stream mOut = new TeeOutputStream(octetOutputStream, new MacSink(mac)); return new CmsAuthenticatedDataOutputStream(mOut, mac, cGen, authGen, eiGen); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } } /** * generate an enveloped object that contains an CMS Enveloped Data object */ public Stream Open( Stream outStr, string encryptionOid) { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); keyGen.Init(new KeyGenerationParameters(m_random, keyGen.DefaultStrength)); return Open(outStr, encryptionOid, keyGen); } /** * generate an enveloped object that contains an CMS Enveloped Data object */ public Stream Open( Stream outStr, string encryptionOid, int keySize) { CipherKeyGenerator keyGen = GeneratorUtilities.GetKeyGenerator(encryptionOid); keyGen.Init(new KeyGenerationParameters(m_random, keySize)); return Open(outStr, encryptionOid, keyGen); } private class CmsAuthenticatedDataOutputStream : BaseOutputStream { private readonly Stream macStream; private readonly IMac mac; private readonly BerSequenceGenerator cGen; private readonly BerSequenceGenerator authGen; private readonly BerSequenceGenerator eiGen; public CmsAuthenticatedDataOutputStream( Stream macStream, IMac mac, BerSequenceGenerator cGen, BerSequenceGenerator authGen, BerSequenceGenerator eiGen) { this.macStream = macStream; this.mac = mac; this.cGen = cGen; this.authGen = authGen; this.eiGen = eiGen; } public override void Write(byte[] buffer, int offset, int count) { macStream.Write(buffer, offset, count); } public override void WriteByte(byte value) { macStream.WriteByte(value); } protected override void Dispose(bool disposing) { if (disposing) { Platform.Dispose(macStream); // TODO Parent context(s) should really be be closed explicitly eiGen.Close(); // [TODO] auth attributes go here byte[] macOctets = MacUtilities.DoFinal(mac); authGen.AddObject(new DerOctetString(macOctets)); // [TODO] unauth attributes go here authGen.Close(); cGen.Close(); } base.Dispose(disposing); } } } }