blob: d35e946ae0eabb6d7fa0c0c5f38e7acbf00ed739 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
using System;
using System.Collections;
using System.IO;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Cms;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto.Parameters;
namespace Org.BouncyCastle.Cms
{
/**
* containing class for an CMS AuthEnveloped Data object
*/
internal class CmsAuthEnvelopedData
{
internal RecipientInformationStore recipientInfoStore;
internal ContentInfo contentInfo;
private OriginatorInfo originator;
private AlgorithmIdentifier authEncAlg;
private Asn1Set authAttrs;
private byte[] mac;
private Asn1Set unauthAttrs;
public CmsAuthEnvelopedData(
byte[] authEnvData)
: this(CmsUtilities.ReadContentInfo(authEnvData))
{
}
public CmsAuthEnvelopedData(
Stream authEnvData)
: this(CmsUtilities.ReadContentInfo(authEnvData))
{
}
public CmsAuthEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthEnvelopedData authEnvData = AuthEnvelopedData.GetInstance(contentInfo.Content);
this.originator = authEnvData.OriginatorInfo;
//
// read the recipients
//
Asn1Set recipientInfos = authEnvData.RecipientInfos;
//
// read the auth-encrypted content info
//
EncryptedContentInfo authEncInfo = authEnvData.AuthEncryptedContentInfo;
this.authEncAlg = authEncInfo.ContentEncryptionAlgorithm;
CmsSecureReadable secureReadable = new AuthEnvelopedSecureReadable(this);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
// FIXME These need to be passed to the AEAD cipher as AAD (Additional Authenticated Data)
this.authAttrs = authEnvData.AuthAttrs;
this.mac = authEnvData.Mac.GetOctets();
this.unauthAttrs = authEnvData.UnauthAttrs;
}
private class AuthEnvelopedSecureReadable : CmsSecureReadable
{
private readonly CmsAuthEnvelopedData parent;
internal AuthEnvelopedSecureReadable(CmsAuthEnvelopedData parent)
{
this.parent = parent;
}
public AlgorithmIdentifier Algorithm
{
get { return parent.authEncAlg; }
}
public object CryptoObject
{
get { return null; }
}
public CmsReadable GetReadable(KeyParameter key)
{
// TODO Create AEAD cipher instance to decrypt and calculate tag ( MAC)
throw new CmsException("AuthEnveloped data decryption not yet implemented");
// RFC 5084 ASN.1 Module
// -- Parameters for AlgorithmIdentifier
//
// CCMParameters ::= SEQUENCE {
// aes-nonce OCTET STRING (SIZE(7..13)),
// aes-ICVlen AES-CCM-ICVlen DEFAULT 12 }
//
// AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16)
//
// GCMParameters ::= SEQUENCE {
// aes-nonce OCTET STRING, -- recommended size is 12 octets
// aes-ICVlen AES-GCM-ICVlen DEFAULT 12 }
//
// AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
}
}
}
}
|
