internal static void ReadRecipientInfo(IList infos, KeyAgreeRecipientInfo info, CmsSecureReadable secureReadable)
{
try
{
foreach (Asn1Encodable asn1Encodable in info.RecipientEncryptedKeys)
{
RecipientEncryptedKey instance = RecipientEncryptedKey.GetInstance(asn1Encodable.ToAsn1Object());
RecipientID recipientID = new RecipientID();
KeyAgreeRecipientIdentifier identifier = instance.Identifier;
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerAndSerialNumber = identifier.IssuerAndSerialNumber;
if (issuerAndSerialNumber != null)
{
recipientID.Issuer = issuerAndSerialNumber.Name;
recipientID.SerialNumber = issuerAndSerialNumber.SerialNumber.Value;
}
else
{
RecipientKeyIdentifier rKeyID = identifier.RKeyID;
recipientID.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets();
}
infos.Add(new KeyAgreeRecipientInformation(info, recipientID, instance.EncryptedKey, secureReadable));
}
}
catch (IOException innerException)
{
throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", innerException);
}
}
public static void TestKeyAgreeDate_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
DateTime ignore;
Assert.Throws <InvalidOperationException>(() => ignore = recipient.Date);
}
public KeyAgreeRecipientInformation(
KeyAgreeRecipientInfo info,
AlgorithmIdentifier encAlg,
Stream data)
: base(encAlg, AlgorithmIdentifier.GetInstance(info.KeyEncryptionAlgorithm), data)
{
_info = info;
// _encAlg = encAlg;
try
{
Asn1Sequence s = _info.RecipientEncryptedKeys;
RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(s[0]);
Asn1.Cms.IssuerAndSerialNumber iAnds = id.Identifier.IssuerAndSerialNumber;
// byte[] issuerBytes = iAnds.Name.GetEncoded();
_rid = new RecipientID();
// _rid.SetIssuer(issuerBytes);
_rid.Issuer = iAnds.Name;
_rid.SerialNumber = iAnds.SerialNumber.Value;
_encryptedKey = id.EncryptedKey;
}
catch (IOException e)
{
throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e);
}
}
public static void TestKeyAgreeOtherKeyAttribute_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
CryptographicAttributeObject ignore;
Assert.Throws <InvalidOperationException>(() => ignore = recipient.OtherKeyAttribute);
}
public static void TestKeyAgreeOtherKeyAttribute_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
CryptographicAttributeObject ignore;
Assert.Throws <InvalidOperationException>(() => ignore = recipient.OtherKeyAttribute);
}
internal KeyAgreeRecipientInformation(KeyAgreeRecipientInfo info, RecipientID rid, Asn1OctetString encryptedKey, CmsSecureReadable secureReadable)
: base(info.KeyEncryptionAlgorithm, secureReadable)
{
this.info = info;
base.rid = rid;
this.encryptedKey = encryptedKey;
}
public static void TestKeyAgreesRecipientIdType_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, subjectIdentifier.Type);
}
public static void TestKeyAgreeOtherKeyAttribute_FixedValue_Ski()
{
//
// Test a KeyAgree CMS that embeds an OtherKeyAttribute in the recipient. We don't surface a way to generate this
// in the EnvelopedCms class so we can only do a fixed-value test here.
//
byte[] encryptedCms =
("3082015e06092a864886f70d010703a082014f3082014b02010231820117a1820113020103a08195a18192300906072a8648"
+ "ce3e020103818400028180313d5659f9a8633243f97d11462a3b07702802fed45abbe68e3f2670bfa500d6b4f70c1c0dceac"
+ "adffe9736764204806710d4e834b48773b7a4696a690a03abbc38c936483d2f3ccb8d764f66dc269d78a77821edd0decdef2"
+ "b1d4356c1d1f1b34cc81c76214b8a04f3d70e1e9dc9a589cc8410599dceafad903b7b01b6b2489301e060b2a864886f70d01"
+ "09100305300f060b2a864886f70d0109100306050030563054a028041413213309b39348347fb6a2155a53172be79c19c530"
+ "1006092a864886f70d0107010403424d580428da28837b15e9bdf5528180a2e9beb91bf0d4519a5d76b655ebac9c43012d50"
+ "d6b55f0618380210e4302b06092a864886f70d010701301406082a864886f70d030704087bb5f0d33e6e0354800814219a66"
+ "c2ea1449").HexToByteArray();
EnvelopedCms envelopedCms = new EnvelopedCms();
envelopedCms.Decode(encryptedCms);
KeyAgreeRecipientInfo r = (KeyAgreeRecipientInfo)(envelopedCms.RecipientInfos[0]);
CryptographicAttributeObject attribute = r.OtherKeyAttribute;
Assert.Equal(Oids.Pkcs7Data, attribute.Oid.Value);
Assert.Equal(1, attribute.Values.Count);
AsnEncodedData asnData = attribute.Values[0];
byte[] expectedAsnData = "0403424d58".HexToByteArray();
Assert.Equal <byte>(expectedAsnData, asnData.RawData);
}
public static void TestKeyAgreeEncryptedKey_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
byte[] encryptedKey = recipient.EncryptedKey;
Assert.Equal(0x28, encryptedKey.Length); // Since the content encryption key is randomly generated each time, we can only test the length.
}
public static void TestKeyAgreeRecipientIdType_Ski_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier);
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, subjectIdentifier.Type);
}
public static void TestKeyAgreeRecipientIdType_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, subjectIdentifier.Type);
}
public static void TestMultipleKeyAgree_ShortNotation()
{
// KeyAgreement recipients are defined in RFC 2630 as
//
// KeyAgreeRecipientInfo::= SEQUENCE {
// version CMSVersion, --always set to 3
// originator[0] EXPLICIT OriginatorIdentifierOrKey,
// ukm[1] EXPLICIT UserKeyingMaterial OPTIONAL,
// keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
// recipientEncryptedKeys RecipientEncryptedKeys }
//
// RecipientEncryptedKeys::= SEQUENCE OF RecipientEncryptedKey
//
// RecipientEncryptedKey::= SEQUENCE {
// rid KeyAgreeRecipientIdentifier,
// encryptedKey EncryptedKey }
//
// When RecipientEncryptedKeys has more than one sequence in it, then different KeyAgreement recipients are created, where each
// recipient hold the information from one RecipientEncryptedKey. This message has one KeyAgreeRecipientInfo object that has two
// RecipientEncryptedKeys so it needs to have two recipients in the end.
byte[] encodedMessage =
("3082019206092A864886F70D010703A08201833082017F0201023182014BA1820147020103A08196A18193300906072A"
+ "8648CE3E02010381850002818100AC89002E19D3A7DC35DAFBF083413483EF14691FC00A465B957496CA860BA4918182"
+ "1CAFB50EB25330952BB11A71A44B44691CF9779999F1115497CD1CE238B452CA95622AF968E39F06E165D2EBE1991493"
+ "70334D925AA47273751AC63A0EF80CDCF6331ED3324CD689BFFC90E61E9CC921C88EF5FB92B863053C4C1FABFE15301E"
+ "060B2A864886F70D0109100305300F060B2A864886F70D010910030605003081883042A016041410DA1370316788112E"
+ "B8594C864C2420AE7FBA420428DFBDC19AD44063478A0C125641BE274113441AD5891C78F925097F06A3DF57F3F1E6D1"
+ "160F8D3C223042A016041411DA1370316788112EB8594C864C2420AE7FBA420428DFBDC19AD44063478A0C125641BE27"
+ "4113441AD5891C78F925097F06A3DF57F3F1E6D1160F8D3C22302B06092A864886F70D010701301406082A864886F70D"
+ "030704088AADC286F258F6D78008FC304F518A653F83").HexToByteArray();
EnvelopedCms ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
RecipientInfoCollection recipients = ecms.RecipientInfos;
Assert.Equal(2, recipients.Count);
RecipientInfo recipient0 = recipients[0];
RecipientInfo recipient1 = recipients[1];
Assert.IsType <KeyAgreeRecipientInfo>(recipient0);
Assert.IsType <KeyAgreeRecipientInfo>(recipient1);
KeyAgreeRecipientInfo recipient0Cast = recipient0 as KeyAgreeRecipientInfo;
KeyAgreeRecipientInfo recipient1Cast = recipient1 as KeyAgreeRecipientInfo;
Assert.Equal(3, recipient0.Version);
Assert.Equal(3, recipient1.Version);
Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, recipient0Cast.OriginatorIdentifierOrKey.Type);
Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, recipient1Cast.OriginatorIdentifierOrKey.Type);
Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, recipient0Cast.RecipientIdentifier.Type);
Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, recipient1Cast.RecipientIdentifier.Type);
Assert.Equal("10DA1370316788112EB8594C864C2420AE7FBA42", recipient0Cast.RecipientIdentifier.Value);
Assert.Equal("11DA1370316788112EB8594C864C2420AE7FBA42", recipient1Cast.RecipientIdentifier.Value);
}
public static void TestKeyAgreeDate_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
DateTime ignore;
Assert.Throws <InvalidOperationException>(() => ignore = recipient.Date);
}
public static void TestKeyAgreeKeyEncryptionAlgorithm_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
AlgorithmIdentifier a = recipient.KeyEncryptionAlgorithm;
Assert.Equal(Oids.Esdh, a.Oid.Value);
Assert.Equal(0, a.KeyLength);
}
public static void TestKeyAgreeKeyEncryptionAlgorithm_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
AlgorithmIdentifier a = recipient.KeyEncryptionAlgorithm;
Assert.Equal(Oids.Esdh, a.Oid.Value);
Assert.Equal(0, a.KeyLength);
}
public static void TestKeyAgreeEncryptedKey_FixedValue()
{
byte[] expectedEncryptedKey = "c39323a9f5113c1465bf27b558ffeda656d606e08f8dc37e67cb8cbf7fb04d71dbe20071eaaa20db".HexToByteArray();
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
byte[] encryptedKey = recipient.EncryptedKey;
Assert.Equal <byte>(expectedEncryptedKey, encryptedKey);
}
public static void TestKeyAgreeDate_FixedValue_Ski()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier);
DateTime date = recipient.Date;
long ticks = date.Ticks;
long expectedTicks = 0x0701ce1722770000;
Assert.Equal(expectedTicks, ticks);
}
private Exception TryDecryptAgree(KeyAgreeRecipientInfo keyAgreeRecipientInfo, SafeProvOrNCryptKeyHandle hKey, CryptKeySpec keySpec, X509Certificate2Collection originatorCerts, X509Certificate2Collection extraStore)
{
unsafe
{
KeyAgreeRecipientInfoPalWindows pal = (KeyAgreeRecipientInfoPalWindows)(keyAgreeRecipientInfo.Pal);
return(pal.WithCmsgCmsRecipientInfo <Exception>(
delegate(CMSG_KEY_AGREE_RECIPIENT_INFO * pKeyAgreeRecipientInfo)
{
CMSG_CTRL_KEY_AGREE_DECRYPT_PARA decryptPara = default(CMSG_CTRL_KEY_AGREE_DECRYPT_PARA);
decryptPara.cbSize = Marshal.SizeOf <CMSG_CTRL_KEY_AGREE_DECRYPT_PARA>();
decryptPara.hProv = hKey;
decryptPara.dwKeySpec = keySpec;
decryptPara.pKeyAgree = pKeyAgreeRecipientInfo;
decryptPara.dwRecipientIndex = pal.Index;
decryptPara.dwRecipientEncryptedKeyIndex = pal.SubIndex;
CMsgKeyAgreeOriginatorChoice originatorChoice = pKeyAgreeRecipientInfo->dwOriginatorChoice;
switch (originatorChoice)
{
case CMsgKeyAgreeOriginatorChoice.CMSG_KEY_AGREE_ORIGINATOR_CERT:
{
X509Certificate2Collection candidateCerts = new X509Certificate2Collection();
candidateCerts.AddRange(Helpers.GetStoreCertificates(StoreName.AddressBook, StoreLocation.CurrentUser, openExistingOnly: true));
candidateCerts.AddRange(Helpers.GetStoreCertificates(StoreName.AddressBook, StoreLocation.LocalMachine, openExistingOnly: true));
candidateCerts.AddRange(originatorCerts);
candidateCerts.AddRange(extraStore);
SubjectIdentifier originatorId = pKeyAgreeRecipientInfo->OriginatorCertId.ToSubjectIdentifier();
using (X509Certificate2 originatorCert = candidateCerts.TryFindMatchingCertificate(originatorId))
{
if (originatorCert == null)
{
return ErrorCode.CRYPT_E_NOT_FOUND.ToCryptographicException();
}
using (SafeCertContextHandle hCertContext = originatorCert.CreateCertContextHandle())
{
CERT_CONTEXT *pOriginatorCertContext = hCertContext.DangerousGetCertContext();
decryptPara.OriginatorPublicKey = pOriginatorCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey;
// Do not factor this call out of the switch statement as leaving this "using" block will free up
// native memory that decryptPara points to.
return TryExecuteDecryptAgree(ref decryptPara);
}
}
}
case CMsgKeyAgreeOriginatorChoice.CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY:
{
decryptPara.OriginatorPublicKey = pKeyAgreeRecipientInfo->OriginatorPublicKeyInfo.PublicKey;
return TryExecuteDecryptAgree(ref decryptPara);
}
default:
return new CryptographicException(SR.Format(SR.Cryptography_Cms_Invalid_Originator_Identifier_Choice, originatorChoice));
}
}));
}
}
public static void TestKeyAgreeRecipientIdValue_Ski_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier);
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
object value = subjectIdentifier.Value;
Assert.True(value is string);
string ski = (string)value;
Assert.Equal("10DA1370316788112EB8594C864C2420AE7FBA42", ski);
}
public static void TestKeyAgreeRecipientIdValue_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
object value = subjectIdentifier.Value;
Assert.True(value is X509IssuerSerial);
X509IssuerSerial xis = (X509IssuerSerial)value;
Assert.Equal("CN=\"Managed PKCS#7 Test Root Authority\"", xis.IssuerName);
Assert.Equal("0AE59B0CB8119F8942EDA74163413A02", xis.SerialNumber);
}
public KeyAgreeRecipientInformation(
KeyAgreeRecipientInfo info,
RecipientID rid,
Asn1OctetString encryptedKey,
AlgorithmIdentifier encAlg,
AlgorithmIdentifier macAlg,
AlgorithmIdentifier authEncAlg,
Stream data)
: base(encAlg, macAlg, authEncAlg, info.KeyEncryptionAlgorithm, data)
{
this.info = info;
this.rid = rid;
this.encryptedKey = encryptedKey;
}
public static void TestKeyAgreeOriginatorIdentifierOrKey_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
SubjectIdentifierOrKey originator = recipient.OriginatorIdentifierOrKey;
Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, originator.Type);
object value = originator.Value;
Assert.True(value is PublicKeyInfo);
PublicKeyInfo pki = (PublicKeyInfo)value;
AlgorithmIdentifier a = pki.Algorithm;
Assert.Equal(Oids.Dh, a.Oid.Value);
byte[] key = pki.KeyValue;
Assert.NotNull(key); // Key is randomly generated (and encoding makes the length unpredictable) so not much we can do here.
Assert.NotEmpty(key);
}
public static void TestKeyAgreeOriginatorIdentifierOrKey_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
SubjectIdentifierOrKey originator = recipient.OriginatorIdentifierOrKey;
Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, originator.Type);
object value = originator.Value;
Assert.True(value is PublicKeyInfo);
PublicKeyInfo pki = (PublicKeyInfo)value;
AlgorithmIdentifier a = pki.Algorithm;
Assert.Equal(Oids.Dh, a.Oid.Value);
byte[] key = pki.KeyValue;
byte[] expectedKey =
("0281806F96EF8C53A6919CC976E88B8F426696E7B7970ABC6BD4ABBDCF4CF34F89CEB6E8EF675000FAD2ECA3CAF9D0E51B00"
+ "4FD19A943F1779748F343FE2059E6E8208D64CB2A5BF33B2C41C20F4AE950D8F8BD720F5747D7930AF86C612088747B5315A"
+ "E68159A5AE8A80E928AA71F4E889CB2D581845EDC8F79DA5894CB7A40F9FBE").HexToByteArray();
Assert.Equal(expectedKey, key);
}
private static IEnumerable <RecipientInfo> ToRecipientInfosForThisIndex(SafeHandle pCmsgCmsRecipientInfoMemory, int index)
{
bool mustRelease = false;
pCmsgCmsRecipientInfoMemory.DangerousAddRef(ref mustRelease);
try
{
unsafe
{
CMSG_CMS_RECIPIENT_INFO *pCMsgCmsRecipientInfo = (CMSG_CMS_RECIPIENT_INFO *)(pCmsgCmsRecipientInfoMemory.DangerousGetHandle());
switch (pCMsgCmsRecipientInfo->dwRecipientChoice)
{
case CMsgCmsRecipientChoice.CMSG_KEY_TRANS_RECIPIENT:
return(new KeyTransRecipientInfo[] { new KeyTransRecipientInfo(new KeyTransRecipientInfoPalWindows(pCmsgCmsRecipientInfoMemory, index)) });
case CMsgCmsRecipientChoice.CMSG_KEY_AGREE_RECIPIENT:
{
CMSG_KEY_AGREE_RECIPIENT_INFO *pCmsKeyAgreeRecipientInfo = pCMsgCmsRecipientInfo->KeyAgree;
int numKeys = pCmsKeyAgreeRecipientInfo->cRecipientEncryptedKeys;
KeyAgreeRecipientInfo[] recipients = new KeyAgreeRecipientInfo[numKeys];
for (int subIndex = 0; subIndex < numKeys; subIndex++)
{
recipients[subIndex] = new KeyAgreeRecipientInfo(new KeyAgreeRecipientInfoPalWindows(pCmsgCmsRecipientInfoMemory, index, subIndex));
}
return(recipients);
}
default:
throw ErrorCode.E_NOTIMPL.ToCryptographicException();
}
}
}
finally
{
if (mustRelease)
{
pCmsgCmsRecipientInfoMemory.DangerousRelease();
}
}
}
internal static void ReadRecipientInfo(IList infos, KeyAgreeRecipientInfo info,
AlgorithmIdentifier encAlg, AlgorithmIdentifier macAlg, AlgorithmIdentifier authEncAlg,
Stream data)
{
try
{
foreach (Asn1Encodable rek in info.RecipientEncryptedKeys)
{
RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(rek.ToAsn1Object());
RecipientID rid = new RecipientID();
Asn1.Cms.KeyAgreeRecipientIdentifier karid = id.Identifier;
Asn1.Cms.IssuerAndSerialNumber iAndSN = karid.IssuerAndSerialNumber;
if (iAndSN != null)
{
rid.Issuer = iAndSN.Name;
rid.SerialNumber = iAndSN.SerialNumber.Value;
}
else
{
Asn1.Cms.RecipientKeyIdentifier rKeyID = karid.RKeyID;
// Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational
rid.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets();
}
infos.Add(new KeyAgreeRecipientInformation(info, rid, id.EncryptedKey,
encAlg, macAlg, authEncAlg, data));
}
}
catch (IOException e)
{
throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e);
}
}
public RecipientInfo(KeyAgreeRecipientInfo info)
{
this.info = new DerTaggedObject(explicitly: false, 1, info);
}
public static void TestKeyAgreeType_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
Assert.Equal(RecipientInfoType.KeyAgreement, recipient.Type);
}
public static void TestKeyAgreeType_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
Assert.Equal(RecipientInfoType.KeyAgreement, recipient.Type);
}
public static void TestKeyAgreeVersion_FixedValue()
{
KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1();
Assert.Equal(3, recipient.Version);
}
public static void TestKeyAgreeVersion_RoundTrip()
{
KeyAgreeRecipientInfo recipient = EncodeKeyAgreel();
Assert.Equal(3, recipient.Version);
}
