public void TestTwoAesKek()
{
byte[] data = Encoding.Default.GetBytes("WallaWallaWashington");
KeyParameter kek1 = CmsTestUtil.MakeAes192Key();
KeyParameter kek2 = CmsTestUtil.MakeAes192Key();
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
byte[] kekId1 = new byte[] { 1, 2, 3, 4, 5 };
byte[] kekId2 = new byte[] { 5, 4, 3, 2, 1 };
edGen.AddKekRecipient("AES192", kek1, kekId1);
edGen.AddKekRecipient("AES192", kek2, kekId2);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut,
CmsEnvelopedDataGenerator.DesEde3Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);
RecipientID recSel = new RecipientID();
recSel.KeyIdentifier = kekId2;
RecipientInformation recipient = recipients.GetFirstRecipient(recSel);
Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");
CmsTypedStream recData = recipient.GetContentStream(kek2);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
ep.Close();
}
public void TestECKeyAgree()
{
byte[] data = Hex.Decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyAgreementRecipient(
CmsEnvelopedDataGenerator.ECDHSha1Kdf,
OrigECKP.Private,
OrigECKP.Public,
ReciECCert,
CmsEnvelopedDataGenerator.Aes128Wrap);
MemoryStream bOut = new MemoryStream();
Stream outStr = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
outStr.Write(data, 0, data.Length);
outStr.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.Aes128Cbc);
RecipientID recSel = new RecipientID();
// recSel.SetIssuer(PrincipalUtilities.GetIssuerX509Principal(ReciECCert).GetEncoded());
recSel.Issuer = PrincipalUtilities.GetIssuerX509Principal(ReciECCert);
recSel.SerialNumber = ReciECCert.SerialNumber;
RecipientInformation recipient = recipients.GetFirstRecipient(recSel);
CmsTypedStream recData = recipient.GetContentStream(ReciECKP.Private);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
ep.Close();
}
public void TestKeyTransAes128()
{
byte[] data = Encoding.Default.GetBytes("WallaWallaWashington");
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.Aes128Cbc);
ICollection c = recipients.GetRecipients();
foreach (RecipientInformation recipient in c)
{
Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id);
CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
}
ep.Close();
}
public void TestAesKek()
{
byte[] data = Encoding.Default.GetBytes("WallaWallaWashington");
KeyParameter kek = CmsTestUtil.MakeAes192Key();
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
edGen.AddKekRecipient("AES192", kek, kekId);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut,
CmsEnvelopedDataGenerator.DesEde3Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);
ICollection c = recipients.GetRecipients();
foreach (RecipientInformation recipient in c)
{
Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");
CmsTypedStream recData = recipient.GetContentStream(kek);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
}
ep.Close();
}
public void TestKeyTransAes128Throughput()
{
byte[] data = new byte[40001];
for (int i = 0; i != data.Length; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// buffered
//
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.SetBufferSize(BufferSize);
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != data.Length; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
ICollection c = recipients.GetRecipients();
IEnumerator e = c.GetEnumerator();
if (e.MoveNext())
{
RecipientInformation recipient = (RecipientInformation) e.Current;
Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id);
CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private);
Stream dataStream = recData.ContentStream;
MemoryStream dataOut = new MemoryStream();
int len;
byte[] buf = new byte[BufferSize];
int count = 0;
while (count != 10 && (len = dataStream.Read(buf, 0, buf.Length)) > 0)
{
Assert.AreEqual(buf.Length, len);
dataOut.Write(buf, 0, buf.Length);
count++;
}
len = dataStream.Read(buf, 0, buf.Length);
dataOut.Write(buf, 0, len);
Assert.IsTrue(Arrays.AreEqual(data, dataOut.ToArray()));
}
else
{
Assert.Fail("recipient not found.");
}
}
public void TestKeyTransAes128Der()
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
// convert to DER
byte[] derEncodedBytes = Asn1Object.FromByteArray(bOut.ToArray()).GetDerEncoded();
VerifyData(derEncodedBytes, CmsEnvelopedDataGenerator.Aes128Cbc, data);
}
public void TestKeyTransAes128Buffered()
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// unbuffered
//
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
int unbufferedLength = bOut.ToArray().Length;
//
// buffered - less than default of 1000
//
edGen = new CmsEnvelopedDataStreamGenerator();
edGen.SetBufferSize(300);
edGen.AddKeyTransRecipient(ReciCert);
bOut.SetLength(0);
outStream = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
Assert.IsTrue(unbufferedLength < bOut.ToArray().Length);
}
public void TestKeyTransAes128BufferedStream()
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// unbuffered
//
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
int unbufferedLength = bOut.ToArray().Length;
//
// Using buffered output - should be == to unbuffered
//
edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
bOut.SetLength(0);
outStream = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
Streams.PipeAll(new MemoryStream(data, false), outStream);
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
Assert.AreEqual(unbufferedLength, bOut.ToArray().Length);
}
protected void Encrypt(Stream cipher, Stream clear, ICollection<X509Certificate2> certs, SecretKey key)
{
trace.TraceEvent(TraceEventType.Information, 0, "Encrypting message for {0} known and {1} unknown recipient",
certs == null ? 0 : certs.Count, key == null ? 0 : 1);
CmsEnvelopedDataStreamGenerator encryptGenerator = new CmsEnvelopedDataStreamGenerator();
if (certs != null)
{
foreach (X509Certificate2 cert in certs)
{
BC::X509.X509Certificate bcCert = DotNetUtilities.FromX509Certificate(cert);
encryptGenerator.AddKeyTransRecipient(bcCert);
trace.TraceEvent(TraceEventType.Verbose, 0, "Added known recipient: {0}", bcCert.SubjectDN.ToString());
}
}
if (key != null)
{
encryptGenerator.AddKekRecipient("AES", key.BCKey, key.Id);
trace.TraceEvent(TraceEventType.Verbose, 0, "Added unknown recipient [Algorithm={0}, keyId={1}]", "AES", key.IdString);
}
Stream encryptingStream = encryptGenerator.Open(cipher, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
trace.TraceEvent(TraceEventType.Verbose, 0, "Create encrypted message (still empty) [EncAlgo={0} ({1})]",
EteeActiveConfig.Seal.EncryptionAlgorithm.FriendlyName, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
try
{
clear.CopyTo(encryptingStream);
trace.TraceEvent(TraceEventType.Verbose, 0, "Message encrypted");
}
finally
{
encryptingStream.Close();
trace.TraceEvent(TraceEventType.Verbose, 0, "Recipient infos added");
}
}
