public void TestKeyTransAes128Der()
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
// convert to DER
byte[] derEncodedBytes = Asn1Object.FromByteArray(bOut.ToArray()).GetDerEncoded();
VerifyData(derEncodedBytes, CmsEnvelopedDataGenerator.Aes128Cbc, data);
}
public void TestKeyTransAes128Buffered()
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// unbuffered
//
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
int unbufferedLength = bOut.ToArray().Length;
//
// buffered - less than default of 1000
//
edGen = new CmsEnvelopedDataStreamGenerator();
edGen.SetBufferSize(300);
edGen.AddKeyTransRecipient(ReciCert);
bOut.SetLength(0);
outStream = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
Assert.IsTrue(unbufferedLength < bOut.ToArray().Length);
}
public void TestKeyTransAes128BufferedStream()
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// unbuffered
//
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != 2000; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
int unbufferedLength = bOut.ToArray().Length;
//
// Using buffered output - should be == to unbuffered
//
edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
bOut.SetLength(0);
outStream = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
Streams.PipeAll(new MemoryStream(data, false), outStream);
outStream.Close();
VerifyData(bOut.ToArray(), CmsEnvelopedDataGenerator.Aes128Cbc, data);
Assert.AreEqual(unbufferedLength, bOut.ToArray().Length);
}
static void Main(string[] args)
{
try
{
// First load a Certificate, filename/path and certificate password
Cert = ReadCertFromFile("./test.pfx", "test");
// Select a binary file
var dialog = new OpenFileDialog
{
Filter = "All files (*.*)|*.*",
InitialDirectory = "./",
Title = "Select a text file"
};
var filename = (dialog.ShowDialog() == DialogResult.OK) ? dialog.FileName : null;
// Get the file
var f = new FileStream(filename, System.IO.FileMode.Open);
// Reading through this code stub to be sure I get it all :-) [ Different subject entirely ]
var fileContent = ReadFully(f);
// Create the generator
var dataGenerator = new CmsEnvelopedDataStreamGenerator();
// Add receiver
// Cert is the user's X.509 Certificate set bellow
dataGenerator.AddKeyTransRecipient(Cert);
// Make the output stream
var outStream = new FileStream(filename + ".p7m", FileMode.Create);
// Sign the stream
var cryptoStream = dataGenerator.Open(outStream, CmsEnvelopedGenerator.Aes128Cbc);
// Store in our binary stream writer and write the signed content
var binWriter = new BinaryWriter(cryptoStream);
binWriter.Write(fileContent);
}
catch (Exception ex)
{
Console.WriteLine("So, you wanna make an exception huh! : " + ex.ToString());
Console.ReadKey();
}
}
public void TestTwoAesKek()
{
byte[] data = Encoding.ASCII.GetBytes("WallaWallaWashington");
KeyParameter kek1 = CmsTestUtil.MakeAes192Key();
KeyParameter kek2 = CmsTestUtil.MakeAes192Key();
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
byte[] kekId1 = new byte[] { 1, 2, 3, 4, 5 };
byte[] kekId2 = new byte[] { 5, 4, 3, 2, 1 };
edGen.AddKekRecipient("AES192", kek1, kekId1);
edGen.AddKekRecipient("AES192", kek2, kekId2);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut,
CmsEnvelopedDataGenerator.DesEde3Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);
RecipientID recSel = new RecipientID();
recSel.KeyIdentifier = kekId2;
RecipientInformation recipient = recipients.GetFirstRecipient(recSel);
Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");
CmsTypedStream recData = recipient.GetContentStream(kek2);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
ep.Close();
}
public void TestECKeyAgree()
{
byte[] data = Hex.Decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyAgreementRecipient(
CmsEnvelopedDataGenerator.ECDHSha1Kdf,
OrigECKP.Private,
OrigECKP.Public,
ReciECCert,
CmsEnvelopedDataGenerator.Aes128Wrap);
MemoryStream bOut = new MemoryStream();
Stream outStr = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
outStr.Write(data, 0, data.Length);
outStr.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.Aes128Cbc);
RecipientID recSel = new RecipientID();
// recSel.SetIssuer(PrincipalUtilities.GetIssuerX509Principal(ReciECCert).GetEncoded());
recSel.Issuer = PrincipalUtilities.GetIssuerX509Principal(ReciECCert);
recSel.SerialNumber = ReciECCert.SerialNumber;
RecipientInformation recipient = recipients.GetFirstRecipient(recSel);
CmsTypedStream recData = recipient.GetContentStream(ReciECKP.Private);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
ep.Close();
}
public void encode(Stream outStream, bool toBase64)
{
CmsEnvelopedDataStreamGenerator cmsEnvelopedDataStreamGenerator = new CmsEnvelopedDataStreamGenerator();
cmsEnvelopedDataStreamGenerator.AddKeyTransRecipient(b);
if (toBase64)
{
MemoryStream memoryStream = new MemoryStream();
Stream stream = cmsEnvelopedDataStreamGenerator.Open(memoryStream, c);
Streams.PipeAll(a, stream);
stream.Close();
memoryStream.Position = 0L;
Base64.Encode(memoryStream.ToArray(), outStream);
}
else
{
Stream stream2 = cmsEnvelopedDataStreamGenerator.Open(outStream, c);
Streams.PipeAll(a, stream2);
stream2.Close();
}
}
public void TestAesKek()
{
byte[] data = Encoding.ASCII.GetBytes("WallaWallaWashington");
KeyParameter kek = CmsTestUtil.MakeAes192Key();
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
edGen.AddKekRecipient("AES192", kek, kekId);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut,
CmsEnvelopedDataGenerator.DesEde3Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);
ICollection c = recipients.GetRecipients();
foreach (RecipientInformation recipient in c)
{
Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");
CmsTypedStream recData = recipient.GetContentStream(kek);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
}
ep.Close();
}
public void TestKeyTransAes128()
{
byte[] data = Encoding.ASCII.GetBytes("WallaWallaWashington");
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.Aes128Cbc);
ICollection c = recipients.GetRecipients();
foreach (RecipientInformation recipient in c)
{
Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id);
CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
}
ep.Close();
}
public void TestKeyTransAes128Throughput()
{
byte[] data = new byte[40001];
for (int i = 0; i != data.Length; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// buffered
//
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.SetBufferSize(BufferSize);
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != data.Length; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
ICollection c = recipients.GetRecipients();
IEnumerator e = c.GetEnumerator();
if (e.MoveNext())
{
RecipientInformation recipient = (RecipientInformation)e.Current;
Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id);
CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private);
Stream dataStream = recData.ContentStream;
MemoryStream dataOut = new MemoryStream();
int len;
byte[] buf = new byte[BufferSize];
int count = 0;
while (count != 10 && (len = dataStream.Read(buf, 0, buf.Length)) > 0)
{
Assert.AreEqual(buf.Length, len);
dataOut.Write(buf, 0, buf.Length);
count++;
}
len = dataStream.Read(buf, 0, buf.Length);
dataOut.Write(buf, 0, len);
Assert.IsTrue(Arrays.AreEqual(data, dataOut.ToArray()));
}
else
{
Assert.Fail("recipient not found.");
}
}
protected void Encrypt(Stream cipher, Stream clear, ICollection <X509Certificate2> certs, SecretKey key, WebKey[] webKeys)
{
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Information, 0, "Encrypting message for {0} known and {1} unknown recipient",
certs == null ? 0 : certs.Count, key == null ? 0 : 1);
#else
logger.LogInformation("Encrypting message for {0} known and {1} unknown recipient",
certs == null ? 0 : certs.Count, key == null ? 0 : 1);
#endif
CmsEnvelopedDataStreamGenerator encryptGenerator = new CmsEnvelopedDataStreamGenerator();
if (certs != null)
{
foreach (X509Certificate2 cert in certs)
{
BC::X509.X509Certificate bcCert = DotNetUtilities.FromX509Certificate(cert);
encryptGenerator.AddKeyTransRecipient(bcCert);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Added known recipient: {0} ({1})", bcCert.SubjectDN.ToString(), bcCert.IssuerDN.ToString());
#else
logger.LogDebug("Added known recipient: {0} ({1})", bcCert.SubjectDN.ToString(), bcCert.IssuerDN.ToString());
#endif
}
}
if (key != null)
{
encryptGenerator.AddKekRecipient("AES", key.BCKey, key.Id);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Added unknown recipient [Algorithm={0}, keyId={1}]", "AES", key.IdString);
#else
logger.LogDebug("Added unknown recipient [Algorithm={0}, keyId={1}]", "AES", key.IdString);
#endif
}
if (webKeys != null)
{
foreach (WebKey webKey in webKeys)
{
encryptGenerator.AddKeyTransRecipient(webKey.BCPublicKey, webKey.Id);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Added web recipient [Algorithm={0}, keyId={1}]", "RSA", webKey.IdString);
#else
logger.LogDebug("Added web recipient [Algorithm={0}, keyId={1}]", "RSA", webKey.IdString);
#endif
}
}
Stream encryptingStream = encryptGenerator.Open(cipher, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Create encrypted message (still empty) [EncAlgo={0} ({1})]",
EteeActiveConfig.Seal.EncryptionAlgorithm.FriendlyName, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
#else
logger.LogDebug("Create encrypted message (still empty) [EncAlgo={0} ({1})]",
EteeActiveConfig.Seal.EncryptionAlgorithm.FriendlyName, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
#endif
try
{
clear.CopyTo(encryptingStream);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Message encrypted");
#else
logger.LogDebug("Message encrypted");
#endif
}
finally
{
encryptingStream.Close();
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Recipient infos added");
#else
logger.LogDebug("Recipient infos added");
#endif
}
}
