internal static void ReadRecipientInfo(IList infos, KeyAgreeRecipientInfo info, CmsSecureReadable secureReadable) { try { foreach (Asn1Encodable asn1Encodable in info.RecipientEncryptedKeys) { RecipientEncryptedKey instance = RecipientEncryptedKey.GetInstance(asn1Encodable.ToAsn1Object()); RecipientID recipientID = new RecipientID(); KeyAgreeRecipientIdentifier identifier = instance.Identifier; Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerAndSerialNumber = identifier.IssuerAndSerialNumber; if (issuerAndSerialNumber != null) { recipientID.Issuer = issuerAndSerialNumber.Name; recipientID.SerialNumber = issuerAndSerialNumber.SerialNumber.Value; } else { RecipientKeyIdentifier rKeyID = identifier.RKeyID; recipientID.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets(); } infos.Add(new KeyAgreeRecipientInformation(info, recipientID, instance.EncryptedKey, secureReadable)); } } catch (IOException innerException) { throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", innerException); } }
public static void TestKeyAgreeDate_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); DateTime ignore; Assert.Throws <InvalidOperationException>(() => ignore = recipient.Date); }
public KeyAgreeRecipientInformation( KeyAgreeRecipientInfo info, AlgorithmIdentifier encAlg, Stream data) : base(encAlg, AlgorithmIdentifier.GetInstance(info.KeyEncryptionAlgorithm), data) { _info = info; // _encAlg = encAlg; try { Asn1Sequence s = _info.RecipientEncryptedKeys; RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(s[0]); Asn1.Cms.IssuerAndSerialNumber iAnds = id.Identifier.IssuerAndSerialNumber; // byte[] issuerBytes = iAnds.Name.GetEncoded(); _rid = new RecipientID(); // _rid.SetIssuer(issuerBytes); _rid.Issuer = iAnds.Name; _rid.SerialNumber = iAnds.SerialNumber.Value; _encryptedKey = id.EncryptedKey; } catch (IOException e) { throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e); } }
public static void TestKeyAgreeOtherKeyAttribute_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); CryptographicAttributeObject ignore; Assert.Throws <InvalidOperationException>(() => ignore = recipient.OtherKeyAttribute); }
public static void TestKeyAgreeOtherKeyAttribute_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); CryptographicAttributeObject ignore; Assert.Throws <InvalidOperationException>(() => ignore = recipient.OtherKeyAttribute); }
internal KeyAgreeRecipientInformation(KeyAgreeRecipientInfo info, RecipientID rid, Asn1OctetString encryptedKey, CmsSecureReadable secureReadable) : base(info.KeyEncryptionAlgorithm, secureReadable) { this.info = info; base.rid = rid; this.encryptedKey = encryptedKey; }
public static void TestKeyAgreesRecipientIdType_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, subjectIdentifier.Type); }
public static void TestKeyAgreeOtherKeyAttribute_FixedValue_Ski() { // // Test a KeyAgree CMS that embeds an OtherKeyAttribute in the recipient. We don't surface a way to generate this // in the EnvelopedCms class so we can only do a fixed-value test here. // byte[] encryptedCms = ("3082015e06092a864886f70d010703a082014f3082014b02010231820117a1820113020103a08195a18192300906072a8648" + "ce3e020103818400028180313d5659f9a8633243f97d11462a3b07702802fed45abbe68e3f2670bfa500d6b4f70c1c0dceac" + "adffe9736764204806710d4e834b48773b7a4696a690a03abbc38c936483d2f3ccb8d764f66dc269d78a77821edd0decdef2" + "b1d4356c1d1f1b34cc81c76214b8a04f3d70e1e9dc9a589cc8410599dceafad903b7b01b6b2489301e060b2a864886f70d01" + "09100305300f060b2a864886f70d0109100306050030563054a028041413213309b39348347fb6a2155a53172be79c19c530" + "1006092a864886f70d0107010403424d580428da28837b15e9bdf5528180a2e9beb91bf0d4519a5d76b655ebac9c43012d50" + "d6b55f0618380210e4302b06092a864886f70d010701301406082a864886f70d030704087bb5f0d33e6e0354800814219a66" + "c2ea1449").HexToByteArray(); EnvelopedCms envelopedCms = new EnvelopedCms(); envelopedCms.Decode(encryptedCms); KeyAgreeRecipientInfo r = (KeyAgreeRecipientInfo)(envelopedCms.RecipientInfos[0]); CryptographicAttributeObject attribute = r.OtherKeyAttribute; Assert.Equal(Oids.Pkcs7Data, attribute.Oid.Value); Assert.Equal(1, attribute.Values.Count); AsnEncodedData asnData = attribute.Values[0]; byte[] expectedAsnData = "0403424d58".HexToByteArray(); Assert.Equal <byte>(expectedAsnData, asnData.RawData); }
public static void TestKeyAgreeEncryptedKey_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); byte[] encryptedKey = recipient.EncryptedKey; Assert.Equal(0x28, encryptedKey.Length); // Since the content encryption key is randomly generated each time, we can only test the length. }
public static void TestKeyAgreeRecipientIdType_Ski_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, subjectIdentifier.Type); }
public static void TestKeyAgreeRecipientIdType_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, subjectIdentifier.Type); }
public static void TestMultipleKeyAgree_ShortNotation() { // KeyAgreement recipients are defined in RFC 2630 as // // KeyAgreeRecipientInfo::= SEQUENCE { // version CMSVersion, --always set to 3 // originator[0] EXPLICIT OriginatorIdentifierOrKey, // ukm[1] EXPLICIT UserKeyingMaterial OPTIONAL, // keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, // recipientEncryptedKeys RecipientEncryptedKeys } // // RecipientEncryptedKeys::= SEQUENCE OF RecipientEncryptedKey // // RecipientEncryptedKey::= SEQUENCE { // rid KeyAgreeRecipientIdentifier, // encryptedKey EncryptedKey } // // When RecipientEncryptedKeys has more than one sequence in it, then different KeyAgreement recipients are created, where each // recipient hold the information from one RecipientEncryptedKey. This message has one KeyAgreeRecipientInfo object that has two // RecipientEncryptedKeys so it needs to have two recipients in the end. byte[] encodedMessage = ("3082019206092A864886F70D010703A08201833082017F0201023182014BA1820147020103A08196A18193300906072A" + "8648CE3E02010381850002818100AC89002E19D3A7DC35DAFBF083413483EF14691FC00A465B957496CA860BA4918182" + "1CAFB50EB25330952BB11A71A44B44691CF9779999F1115497CD1CE238B452CA95622AF968E39F06E165D2EBE1991493" + "70334D925AA47273751AC63A0EF80CDCF6331ED3324CD689BFFC90E61E9CC921C88EF5FB92B863053C4C1FABFE15301E" + "060B2A864886F70D0109100305300F060B2A864886F70D010910030605003081883042A016041410DA1370316788112E" + "B8594C864C2420AE7FBA420428DFBDC19AD44063478A0C125641BE274113441AD5891C78F925097F06A3DF57F3F1E6D1" + "160F8D3C223042A016041411DA1370316788112EB8594C864C2420AE7FBA420428DFBDC19AD44063478A0C125641BE27" + "4113441AD5891C78F925097F06A3DF57F3F1E6D1160F8D3C22302B06092A864886F70D010701301406082A864886F70D" + "030704088AADC286F258F6D78008FC304F518A653F83").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); RecipientInfoCollection recipients = ecms.RecipientInfos; Assert.Equal(2, recipients.Count); RecipientInfo recipient0 = recipients[0]; RecipientInfo recipient1 = recipients[1]; Assert.IsType <KeyAgreeRecipientInfo>(recipient0); Assert.IsType <KeyAgreeRecipientInfo>(recipient1); KeyAgreeRecipientInfo recipient0Cast = recipient0 as KeyAgreeRecipientInfo; KeyAgreeRecipientInfo recipient1Cast = recipient1 as KeyAgreeRecipientInfo; Assert.Equal(3, recipient0.Version); Assert.Equal(3, recipient1.Version); Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, recipient0Cast.OriginatorIdentifierOrKey.Type); Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, recipient1Cast.OriginatorIdentifierOrKey.Type); Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, recipient0Cast.RecipientIdentifier.Type); Assert.Equal(SubjectIdentifierType.SubjectKeyIdentifier, recipient1Cast.RecipientIdentifier.Type); Assert.Equal("10DA1370316788112EB8594C864C2420AE7FBA42", recipient0Cast.RecipientIdentifier.Value); Assert.Equal("11DA1370316788112EB8594C864C2420AE7FBA42", recipient1Cast.RecipientIdentifier.Value); }
public static void TestKeyAgreeDate_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); DateTime ignore; Assert.Throws <InvalidOperationException>(() => ignore = recipient.Date); }
public static void TestKeyAgreeKeyEncryptionAlgorithm_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); AlgorithmIdentifier a = recipient.KeyEncryptionAlgorithm; Assert.Equal(Oids.Esdh, a.Oid.Value); Assert.Equal(0, a.KeyLength); }
public static void TestKeyAgreeKeyEncryptionAlgorithm_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); AlgorithmIdentifier a = recipient.KeyEncryptionAlgorithm; Assert.Equal(Oids.Esdh, a.Oid.Value); Assert.Equal(0, a.KeyLength); }
public static void TestKeyAgreeEncryptedKey_FixedValue() { byte[] expectedEncryptedKey = "c39323a9f5113c1465bf27b558ffeda656d606e08f8dc37e67cb8cbf7fb04d71dbe20071eaaa20db".HexToByteArray(); KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); byte[] encryptedKey = recipient.EncryptedKey; Assert.Equal <byte>(expectedEncryptedKey, encryptedKey); }
public static void TestKeyAgreeDate_FixedValue_Ski() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier); DateTime date = recipient.Date; long ticks = date.Ticks; long expectedTicks = 0x0701ce1722770000; Assert.Equal(expectedTicks, ticks); }
private Exception TryDecryptAgree(KeyAgreeRecipientInfo keyAgreeRecipientInfo, SafeProvOrNCryptKeyHandle hKey, CryptKeySpec keySpec, X509Certificate2Collection originatorCerts, X509Certificate2Collection extraStore) { unsafe { KeyAgreeRecipientInfoPalWindows pal = (KeyAgreeRecipientInfoPalWindows)(keyAgreeRecipientInfo.Pal); return(pal.WithCmsgCmsRecipientInfo <Exception>( delegate(CMSG_KEY_AGREE_RECIPIENT_INFO * pKeyAgreeRecipientInfo) { CMSG_CTRL_KEY_AGREE_DECRYPT_PARA decryptPara = default(CMSG_CTRL_KEY_AGREE_DECRYPT_PARA); decryptPara.cbSize = Marshal.SizeOf <CMSG_CTRL_KEY_AGREE_DECRYPT_PARA>(); decryptPara.hProv = hKey; decryptPara.dwKeySpec = keySpec; decryptPara.pKeyAgree = pKeyAgreeRecipientInfo; decryptPara.dwRecipientIndex = pal.Index; decryptPara.dwRecipientEncryptedKeyIndex = pal.SubIndex; CMsgKeyAgreeOriginatorChoice originatorChoice = pKeyAgreeRecipientInfo->dwOriginatorChoice; switch (originatorChoice) { case CMsgKeyAgreeOriginatorChoice.CMSG_KEY_AGREE_ORIGINATOR_CERT: { X509Certificate2Collection candidateCerts = new X509Certificate2Collection(); candidateCerts.AddRange(Helpers.GetStoreCertificates(StoreName.AddressBook, StoreLocation.CurrentUser, openExistingOnly: true)); candidateCerts.AddRange(Helpers.GetStoreCertificates(StoreName.AddressBook, StoreLocation.LocalMachine, openExistingOnly: true)); candidateCerts.AddRange(originatorCerts); candidateCerts.AddRange(extraStore); SubjectIdentifier originatorId = pKeyAgreeRecipientInfo->OriginatorCertId.ToSubjectIdentifier(); using (X509Certificate2 originatorCert = candidateCerts.TryFindMatchingCertificate(originatorId)) { if (originatorCert == null) { return ErrorCode.CRYPT_E_NOT_FOUND.ToCryptographicException(); } using (SafeCertContextHandle hCertContext = originatorCert.CreateCertContextHandle()) { CERT_CONTEXT *pOriginatorCertContext = hCertContext.DangerousGetCertContext(); decryptPara.OriginatorPublicKey = pOriginatorCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey; // Do not factor this call out of the switch statement as leaving this "using" block will free up // native memory that decryptPara points to. return TryExecuteDecryptAgree(ref decryptPara); } } } case CMsgKeyAgreeOriginatorChoice.CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY: { decryptPara.OriginatorPublicKey = pKeyAgreeRecipientInfo->OriginatorPublicKeyInfo.PublicKey; return TryExecuteDecryptAgree(ref decryptPara); } default: return new CryptographicException(SR.Format(SR.Cryptography_Cms_Invalid_Originator_Identifier_Choice, originatorChoice)); } })); } }
public static void TestKeyAgreeRecipientIdValue_Ski_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(SubjectIdentifierType.SubjectKeyIdentifier); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is string); string ski = (string)value; Assert.Equal("10DA1370316788112EB8594C864C2420AE7FBA42", ski); }
public static void TestKeyAgreeRecipientIdValue_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=\"Managed PKCS#7 Test Root Authority\"", xis.IssuerName); Assert.Equal("0AE59B0CB8119F8942EDA74163413A02", xis.SerialNumber); }
public KeyAgreeRecipientInformation( KeyAgreeRecipientInfo info, RecipientID rid, Asn1OctetString encryptedKey, AlgorithmIdentifier encAlg, AlgorithmIdentifier macAlg, AlgorithmIdentifier authEncAlg, Stream data) : base(encAlg, macAlg, authEncAlg, info.KeyEncryptionAlgorithm, data) { this.info = info; this.rid = rid; this.encryptedKey = encryptedKey; }
public static void TestKeyAgreeOriginatorIdentifierOrKey_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); SubjectIdentifierOrKey originator = recipient.OriginatorIdentifierOrKey; Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, originator.Type); object value = originator.Value; Assert.True(value is PublicKeyInfo); PublicKeyInfo pki = (PublicKeyInfo)value; AlgorithmIdentifier a = pki.Algorithm; Assert.Equal(Oids.Dh, a.Oid.Value); byte[] key = pki.KeyValue; Assert.NotNull(key); // Key is randomly generated (and encoding makes the length unpredictable) so not much we can do here. Assert.NotEmpty(key); }
public static void TestKeyAgreeOriginatorIdentifierOrKey_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); SubjectIdentifierOrKey originator = recipient.OriginatorIdentifierOrKey; Assert.Equal(SubjectIdentifierOrKeyType.PublicKeyInfo, originator.Type); object value = originator.Value; Assert.True(value is PublicKeyInfo); PublicKeyInfo pki = (PublicKeyInfo)value; AlgorithmIdentifier a = pki.Algorithm; Assert.Equal(Oids.Dh, a.Oid.Value); byte[] key = pki.KeyValue; byte[] expectedKey = ("0281806F96EF8C53A6919CC976E88B8F426696E7B7970ABC6BD4ABBDCF4CF34F89CEB6E8EF675000FAD2ECA3CAF9D0E51B00" + "4FD19A943F1779748F343FE2059E6E8208D64CB2A5BF33B2C41C20F4AE950D8F8BD720F5747D7930AF86C612088747B5315A" + "E68159A5AE8A80E928AA71F4E889CB2D581845EDC8F79DA5894CB7A40F9FBE").HexToByteArray(); Assert.Equal(expectedKey, key); }
private static IEnumerable <RecipientInfo> ToRecipientInfosForThisIndex(SafeHandle pCmsgCmsRecipientInfoMemory, int index) { bool mustRelease = false; pCmsgCmsRecipientInfoMemory.DangerousAddRef(ref mustRelease); try { unsafe { CMSG_CMS_RECIPIENT_INFO *pCMsgCmsRecipientInfo = (CMSG_CMS_RECIPIENT_INFO *)(pCmsgCmsRecipientInfoMemory.DangerousGetHandle()); switch (pCMsgCmsRecipientInfo->dwRecipientChoice) { case CMsgCmsRecipientChoice.CMSG_KEY_TRANS_RECIPIENT: return(new KeyTransRecipientInfo[] { new KeyTransRecipientInfo(new KeyTransRecipientInfoPalWindows(pCmsgCmsRecipientInfoMemory, index)) }); case CMsgCmsRecipientChoice.CMSG_KEY_AGREE_RECIPIENT: { CMSG_KEY_AGREE_RECIPIENT_INFO *pCmsKeyAgreeRecipientInfo = pCMsgCmsRecipientInfo->KeyAgree; int numKeys = pCmsKeyAgreeRecipientInfo->cRecipientEncryptedKeys; KeyAgreeRecipientInfo[] recipients = new KeyAgreeRecipientInfo[numKeys]; for (int subIndex = 0; subIndex < numKeys; subIndex++) { recipients[subIndex] = new KeyAgreeRecipientInfo(new KeyAgreeRecipientInfoPalWindows(pCmsgCmsRecipientInfoMemory, index, subIndex)); } return(recipients); } default: throw ErrorCode.E_NOTIMPL.ToCryptographicException(); } } } finally { if (mustRelease) { pCmsgCmsRecipientInfoMemory.DangerousRelease(); } } }
internal static void ReadRecipientInfo(IList infos, KeyAgreeRecipientInfo info, AlgorithmIdentifier encAlg, AlgorithmIdentifier macAlg, AlgorithmIdentifier authEncAlg, Stream data) { try { foreach (Asn1Encodable rek in info.RecipientEncryptedKeys) { RecipientEncryptedKey id = RecipientEncryptedKey.GetInstance(rek.ToAsn1Object()); RecipientID rid = new RecipientID(); Asn1.Cms.KeyAgreeRecipientIdentifier karid = id.Identifier; Asn1.Cms.IssuerAndSerialNumber iAndSN = karid.IssuerAndSerialNumber; if (iAndSN != null) { rid.Issuer = iAndSN.Name; rid.SerialNumber = iAndSN.SerialNumber.Value; } else { Asn1.Cms.RecipientKeyIdentifier rKeyID = karid.RKeyID; // Note: 'date' and 'other' fields of RecipientKeyIdentifier appear to be only informational rid.SubjectKeyIdentifier = rKeyID.SubjectKeyIdentifier.GetOctets(); } infos.Add(new KeyAgreeRecipientInformation(info, rid, id.EncryptedKey, encAlg, macAlg, authEncAlg, data)); } } catch (IOException e) { throw new ArgumentException("invalid rid in KeyAgreeRecipientInformation", e); } }
public RecipientInfo(KeyAgreeRecipientInfo info) { this.info = new DerTaggedObject(explicitly: false, 1, info); }
public static void TestKeyAgreeType_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); Assert.Equal(RecipientInfoType.KeyAgreement, recipient.Type); }
public static void TestKeyAgreeType_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); Assert.Equal(RecipientInfoType.KeyAgreement, recipient.Type); }
public static void TestKeyAgreeVersion_FixedValue() { KeyAgreeRecipientInfo recipient = FixedValueKeyAgree1(); Assert.Equal(3, recipient.Version); }
public static void TestKeyAgreeVersion_RoundTrip() { KeyAgreeRecipientInfo recipient = EncodeKeyAgreel(); Assert.Equal(3, recipient.Version); }