/// <summary>
/// Шифрует общий секретный ключ.
/// </summary>
/// <param name="keyExchangeAlgorithm">Алгоритм шифрации общего секретного ключа.</param>
/// <exception cref="ArgumentNullException"></exception>
public GostKeyExchange CreateKeyExchangeInfo(SymmetricAlgorithm keyExchangeAlgorithm)
{
if (keyExchangeAlgorithm == null)
{
throw ExceptionUtility.ArgumentNull("keyExchangeAlgorithm");
}
var keyExchange = new GostKeyExchange();
var keyExchangeParameters = _publicKey.ExportParameters(false);
using (var keyExchangeAsym = new Gost3410EphemeralAsymmetricAlgorithm(keyExchangeParameters))
{
byte[] encodedKeyExchangeInfo;
using (var keyExchangeAlg = keyExchangeAsym.CreateKeyExchange(keyExchangeParameters))
{
encodedKeyExchangeInfo = keyExchangeAlg.EncodeKeyExchange(keyExchangeAlgorithm, GostKeyExchangeExportMethod.CryptoProKeyExport);
}
var keyExchangeInfo = new GostKeyExchangeInfo();
keyExchangeInfo.Decode(encodedKeyExchangeInfo);
keyExchange.SessionEncryptedKey = keyExchangeInfo;
keyExchange.TransportParameters = keyExchangeAsym.ExportParameters(false);
}
return(keyExchange);
}
public static byte[] EncodeEncryptionParamSet(string encryptionParamSet)
{
if (encryptionParamSet == null)
{
throw ExceptionUtility.ArgumentNull("encryptionParamSet");
}
byte[] data;
try
{
var asnEncoder = new Asn1BerEncodeBuffer();
var parameters = new Gost2814789BlobParameters {
EncryptionParamSet = CreateEncryptionParamSet(encryptionParamSet)
};
parameters.Encode(asnEncoder);
data = asnEncoder.MsgCopy;
}
catch (Exception exception)
{
throw ExceptionUtility.CryptographicException(exception, Resources.Asn1EncodeError, typeof(Gost2814789BlobParameters).FullName);
}
return(data);
}
/// <summary>
/// Зашифровать идентификатор OID параметров шифрования.
/// </summary>
public static byte[] EncodeEncryptionParamSet(string encryptionParamSet)
{
if (encryptionParamSet == null)
{
throw ExceptionUtility.ArgumentNull(nameof(encryptionParamSet));
}
byte[] data;
try
{
var parameters = new Gost_28147_89_BlobParams {
EncryptionParamSet = Gost_28147_89_ParamSet.FromString(encryptionParamSet)
};
var asnEncoder = new Asn1BerEncodeBuffer();
parameters.Encode(asnEncoder);
data = asnEncoder.MsgCopy;
}
catch (Exception exception)
{
throw ExceptionUtility.CryptographicException(exception, Resources.Asn1EncodeError, nameof(Gost_28147_89_BlobParams));
}
return(data);
}
public static unsafe void HashData(SafeHashHandleImpl hashHandle, byte[] data, int dataOffset, int dataLength)
{
if (data == null)
{
throw ExceptionUtility.ArgumentNull(nameof(data));
}
if (dataOffset < 0)
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(dataOffset));
}
if (dataLength < 0)
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(dataLength));
}
if (data.Length < dataOffset + dataLength)
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(dataLength));
}
if (dataLength > 0)
{
fixed(byte *dataRef = data)
{
var dataOffsetRef = dataRef + dataOffset;
if (!CryptoApi.CryptHashData(hashHandle, dataOffsetRef, (uint)dataLength, 0))
{
throw CreateWin32Error();
}
}
}
}
private bool VerifyHash(byte[] hash, byte[] signature)
{
if (hash == null)
{
throw ExceptionUtility.ArgumentNull("hash");
}
if (signature == null)
{
throw ExceptionUtility.ArgumentNull("signature");
}
if (hash.Length != 64)
{
throw ExceptionUtility.ArgumentOutOfRange("InvalidHashSize");
}
bool res = false;
UsingKey(h =>
{
res = CryptoApiHelper.VerifySign(_providerHandle, h, hash, signature, GostAlgorithmType.Gost2012_512);
});
return(res);
}
public override byte[] GetDecryptionIV(EncryptedData encryptedData, string symmetricAlgorithmUri)
{
if (encryptedData == null)
{
throw ExceptionUtility.ArgumentNull("encryptedData");
}
if (symmetricAlgorithmUri == null)
{
if (encryptedData.EncryptionMethod == null)
{
return(base.GetDecryptionIV(encryptedData, null));
}
symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm;
}
if (string.Equals(symmetricAlgorithmUri, GostEncryptedXml.XmlEncGost28147Url, StringComparison.OrdinalIgnoreCase))
{
var iv = new byte[8];
Buffer.BlockCopy(GetCipherValue(encryptedData.CipherData), 0, iv, 0, iv.Length);
return(iv);
}
return(base.GetDecryptionIV(encryptedData, symmetricAlgorithmUri));
}
private static SymmetricAlgorithm DecryptKeyClass(byte[] keyData, RSA algorithm, bool useOaep, string symmetricAlgorithmUri)
{
if (keyData == null)
{
throw ExceptionUtility.ArgumentNull("keyData");
}
if (algorithm == null)
{
throw ExceptionUtility.ArgumentNull("algorithm");
}
SymmetricAlgorithm decryptionKey = null;
var decryptionKeyBytes = DecryptKey(keyData, algorithm, useOaep);
if (decryptionKeyBytes != null)
{
decryptionKey = (SymmetricAlgorithm)GostCryptoConfig.CreateFromName(symmetricAlgorithmUri);
decryptionKey.Key = decryptionKeyBytes;
}
if (decryptionKey == null)
{
throw ExceptionUtility.CryptographicException(Resources.XmlMissingAlgorithm);
}
return(decryptionKey);
}
private Gost_R3411_PRF(ProviderType providerType, Gost_28147_89_SymmetricAlgorithm key, byte[] label, byte[] seed) : base(providerType)
{
if (label == null)
{
throw ExceptionUtility.ArgumentNull(nameof(label));
}
if (seed == null)
{
throw ExceptionUtility.ArgumentNull(nameof(seed));
}
_key = key;
_hmac = CreateHMAC(key);
var labelAndSeed = new byte[label.Length + seed.Length];
label.CopyTo(labelAndSeed, 0);
seed.CopyTo(labelAndSeed, label.Length);
_labelAndSeed = labelAndSeed;
_buffer = new byte[labelAndSeed.Length + (_hmac.HashSize / 8)];
_value = labelAndSeed;
_keyIndex = 0;
}
public static Gost_28147_89_SymmetricAlgorithm CreateFromPassword(HashAlgorithm hashAlgorithm, byte[] password)
{
if (hashAlgorithm == null)
{
throw ExceptionUtility.ArgumentNull(nameof(hashAlgorithm));
}
if (!(hashAlgorithm is IGostAlgorithm gostHashAlgorithm))
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(hashAlgorithm));
}
if (!(hashAlgorithm is ISafeHandleProvider <SafeHashHandleImpl> hashHandleProvider))
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(hashAlgorithm));
}
if (password == null)
{
throw ExceptionUtility.ArgumentNull(nameof(password));
}
hashAlgorithm.TransformBlock(password, 0, password.Length, password, 0);
var providerType = gostHashAlgorithm.ProviderType;
var providerHandle = CryptoApiHelper.GetProviderHandle(providerType);
var symKeyHandle = CryptoApiHelper.DeriveSymKey(providerHandle, hashHandleProvider.SafeHandle);
return(new Gost_28147_89_SymmetricAlgorithm(providerType, providerHandle, symKeyHandle));
}
private byte[] SignHash(byte[] hash)
{
if (hash == null)
{
throw ExceptionUtility.ArgumentNull("hash");
}
if (hash.Length != 32)
{
throw ExceptionUtility.ArgumentOutOfRange("hash", Resources.InvalidHashSize);
}
if (IsPublicKeyOnly)
{
throw ExceptionUtility.CryptographicException(Resources.NoPrivateKey);
}
GetKeyPair();
if (!CspKeyContainerInfo.RandomlyGenerated)
{
var keyContainerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
var keyContainerAccessEntry = new KeyContainerPermissionAccessEntry(_providerParameters, KeyContainerPermissionFlags.Sign);
keyContainerPermission.AccessEntries.Add(keyContainerAccessEntry);
keyContainerPermission.Demand();
}
return(CryptoApiHelper.SignValue(_providerHandle, _providerParameters.KeyNumber, hash));
}
private static GostKeyExchangeParameters DecodePublicBlob(byte[] encodedPublicBlob, GostAlgorithmType algorithm)
{
if (encodedPublicBlob == null)
{
throw ExceptionUtility.ArgumentNull("encodedPublicBlob");
}
int size;
switch (algorithm)
{
case GostAlgorithmType.Gost2001:
size = 512;
break;
case GostAlgorithmType.Gost2012_256:
size = 512;
break;
case GostAlgorithmType.Gost2012_512:
size = 1024;
break;
default:
throw new CryptographicException(Resources.AlgorithmNotAvailable);
}
if (encodedPublicBlob.Length < 16 + size / 8)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
}
var gostKeyMask = BitConverter.ToUInt32(encodedPublicBlob, 8);
if (gostKeyMask != Constants.GR3410_1_MAGIC)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
}
var gostKeySize = BitConverter.ToUInt32(encodedPublicBlob, 12);
if (gostKeySize != size)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
}
var publicKeyParameters = new GostKeyExchangeParameters();
var encodeKeyParameters = new byte[(encodedPublicBlob.Length - 16) - size / 8];
Array.Copy(encodedPublicBlob, 16, encodeKeyParameters, 0, (encodedPublicBlob.Length - 16) - size / 8);
publicKeyParameters.DecodeParameters(encodeKeyParameters);
var publicKey = new byte[64];
Array.Copy(encodedPublicBlob, encodedPublicBlob.Length - size / 8, publicKey, 0, size / 8);
publicKeyParameters.PublicKey = publicKey;
return(publicKeyParameters);
}
private TKey CreateKeyExchangeInfo(SymmetricAlgorithm keyExchangeAlgorithm)
{
if (keyExchangeAlgorithm == null)
{
throw ExceptionUtility.ArgumentNull(nameof(keyExchangeAlgorithm));
}
var keyExchange = new TKey();
var keyExchangeParameters = _publicKey.ExportParameters(false);
using (var keyExchangeAsym = CreateEphemeralAlgorithm(_publicKey.ProviderType, keyExchangeParameters))
{
byte[] encodedKeyExchangeInfo;
using (var keyExchangeAlg = keyExchangeAsym.CreateKeyExchange(keyExchangeParameters))
{
encodedKeyExchangeInfo = keyExchangeAlg.EncodeKeyExchange(keyExchangeAlgorithm, GostKeyExchangeExportMethod.CryptoProKeyExport);
}
var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo();
keyExchangeInfo.Decode(encodedKeyExchangeInfo);
keyExchange.SessionEncryptedKey = keyExchangeInfo;
keyExchange.TransportParameters = keyExchangeAsym.ExportParameters(false);
}
return(keyExchange);
}
public byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
{
if (inputBuffer == null)
{
throw ExceptionUtility.ArgumentNull(nameof(inputBuffer));
}
if (inputOffset < 0)
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(inputOffset));
}
if ((inputCount < 0) || (inputCount > inputBuffer.Length))
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(inputOffset), Resources.InvalidDataOffset);
}
if ((inputBuffer.Length - inputCount) < inputOffset)
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(inputOffset), Resources.InvalidDataOffset);
}
byte[] buffer = null;
if (_transformMode == Gost_28147_89_CryptoTransformMode.Encrypt)
{
CryptoApiHelper.EncryptData(_providerType, _keyHandle, inputBuffer, inputOffset, inputCount, ref buffer, 0, _paddingValue, true, _isStreamModeValue);
Reset();
return(buffer);
}
if (_isStreamModeValue)
{
CryptoApiHelper.DecryptData(_keyHandle, inputBuffer, inputOffset, inputCount, ref buffer, 0, _paddingValue, true);
Reset();
return(buffer);
}
if ((inputCount % InputBlockSize) != 0)
{
throw ExceptionUtility.CryptographicException(Resources.DecryptInvalidDataSize);
}
if (_dataBuffer == null)
{
CryptoApiHelper.DecryptData(_keyHandle, inputBuffer, inputOffset, inputCount, ref buffer, 0, _paddingValue, true);
Reset();
return(buffer);
}
var destinationArray = new byte[_dataBuffer.Length + inputCount];
Array.Copy(_dataBuffer, 0, destinationArray, 0, _dataBuffer.Length);
Array.Copy(inputBuffer, inputOffset, destinationArray, _dataBuffer.Length, inputCount);
CryptoApiHelper.DecryptData(_keyHandle, destinationArray, 0, destinationArray.Length, ref buffer, 0, _paddingValue, true);
Reset();
return(buffer);
}
protected Gost_R3411_HMAC(Gost_28147_89_SymmetricAlgorithmBase keyAlgorithm, int hashSize) : base(keyAlgorithm.ProviderType, hashSize)
{
if (keyAlgorithm == null)
{
throw ExceptionUtility.ArgumentNull(nameof(keyAlgorithm));
}
InitDefaults(Gost_28147_89_SymmetricAlgorithm.CreateFromKey(keyAlgorithm));
}
/// <inheritdoc />
public override void LoadXml(XmlElement element)
{
if (element == null)
{
throw ExceptionUtility.ArgumentNull(nameof(element));
}
PublicKey.FromXmlString(element.OuterXml);
}
/// <inheritdoc cref="SignedXml(XmlDocument)"/>
public GostSignedXml(XmlDocument document)
{
if (document == null)
{
throw ExceptionUtility.ArgumentNull(nameof(document));
}
_signedXml = new GostSignedXmlImpl(document);
}
public Gost28147ImitHashAlgorithm(byte[] key) : this()
{
if (key == null)
{
throw ExceptionUtility.ArgumentNull("key");
}
_keyAlgorithm.Key = key;
}
public Gost3410EphemeralAsymmetricAlgorithm(Asn1.Common.GostKeyExchangeParameters keyParameters)
{
if (keyParameters == null)
{
throw ExceptionUtility.ArgumentNull("keyParameters");
}
_provHandle = CryptoApiHelper.ProviderHandle.DangerousAddRef();
_keyHandle = CryptoApiHelper.GenerateDhEphemeralKey(_provHandle, keyParameters.DigestParamSet, keyParameters.PublicKeyParamSet);
}
public Gost3410_2012_256EphemeralAsymmetricAlgorithm(GostKeyExchangeParameters keyParameters)
{
if (keyParameters == null)
{
throw ExceptionUtility.ArgumentNull("keyParameters");
}
_provHandle = CryptoApiHelper.ProviderHandle.DangerousAddRef();
_keyHandle = CryptoApiHelper.GenerateDhEphemeralKey(_provHandle, Constants.CALG_DH_GR3410_12_256_EPHEM, keyParameters.DigestParamSet, keyParameters.PublicKeyParamSet);
}
protected Gost_R3410_EphemeralAsymmetricAlgorithm(ProviderType providerType, TKeyParams keyParameters, int keySize) : base(providerType, keySize)
{
if (keyParameters == null)
{
throw ExceptionUtility.ArgumentNull(nameof(keyParameters));
}
_providerHandle = CryptoApiHelper.GetProviderHandle(ProviderType).DangerousAddRef();
_keyHandle = CryptoApiHelper.GenerateDhEphemeralKey(providerType, _providerHandle, ExchangeAlgId, keyParameters.DigestParamSet, keyParameters.PublicKeyParamSet);
}
public Gost_28147_89_ImitHashAlgorithm(Gost_28147_89_SymmetricAlgorithmBase key) : base(key.ProviderType, DefaultHashSize)
{
if (key == null)
{
throw ExceptionUtility.ArgumentNull(nameof(key));
}
KeyValue = null;
_keyAlgorithm = Gost_28147_89_SymmetricAlgorithm.CreateFromKey(key);
}
public override void FromXmlString(string keyParametersXml)
{
if (string.IsNullOrEmpty(keyParametersXml))
{
throw ExceptionUtility.ArgumentNull("keyParametersXml");
}
var keyParameters = KeyParametersFromXml(keyParametersXml);
ImportParameters(keyParameters);
}
/// <summary>
/// Шифрует общий секретный ключ.
/// </summary>
/// <param name="keyExchangeAlgorithm">Алгоритм шифрации общего секретного ключа.</param>
/// <exception cref="ArgumentNullException"></exception>
public byte[] CreateKeyExchangeData(SymmetricAlgorithm keyExchangeAlgorithm)
{
if (keyExchangeAlgorithm == null)
{
throw ExceptionUtility.ArgumentNull("keyExchangeAlgorithm");
}
var keyExchangeInfo = CreateKeyExchangeInfo(keyExchangeAlgorithm);
return(keyExchangeInfo.Encode());
}
/// <summary>
/// Дешифрует общий секретный ключ.
/// </summary>
/// <param name="encryptedKeyExchangeInfo">Зашифрованный общий секретный ключ.</param>
/// <exception cref="ArgumentNullException"></exception>
public SymmetricAlgorithm DecryptKeyExchangeAlgorithm(GostKeyExchange encryptedKeyExchangeInfo)
{
if (encryptedKeyExchangeInfo == null)
{
throw ExceptionUtility.ArgumentNull("encryptedKeyExchangeInfo");
}
var keyExchangeAlg = _privateKey.CreateKeyExchange(encryptedKeyExchangeInfo.TransportParameters);
var encodedKeyExchangeInfo = encryptedKeyExchangeInfo.SessionEncryptedKey.Encode();
return(keyExchangeAlg.DecodeKeyExchange(encodedKeyExchangeInfo, GostKeyExchangeExportMethod.CryptoProKeyExport));
}
public static AsymmetricAlgorithm GetPrivateKeyAlgorithm(this X509Certificate2 certificate)
{
if (certificate == null)
{
throw ExceptionUtility.ArgumentNull("certificate");
}
var cspParameters = GetPrivateKeyInfo(certificate);
var privateKey = new Gost3410AsymmetricAlgorithm(cspParameters);
return(privateKey);
}
public Gost28147ImitHashAlgorithm(Gost28147SymmetricAlgorithmBase key)
{
if (key == null)
{
throw ExceptionUtility.ArgumentNull("key");
}
KeyValue = null;
HashSizeValue = DefaultHashSize;
_keyAlgorithm = DuplicateKeyAlg(key);
}
/// <inheritdoc />
protected override void ValidateHashParameter(byte[] hash)
{
if (hash == null)
{
throw ExceptionUtility.ArgumentNull(nameof(hash));
}
if (hash.Length != Gost_R3411_2012_256_HashAlgorithm.DefaultHashSizeValue / 8)
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(hash), Resources.InvalidHashSize, Gost_R3411_2012_256_HashAlgorithm.DefaultHashSizeValue / 8);
}
}
/// <inheritdoc />
public override SymmetricAlgorithm DecryptKeyExchangeAlgorithm(byte[] encryptedKeyExchangeData)
{
if (encryptedKeyExchangeData == null)
{
throw ExceptionUtility.ArgumentNull(nameof(encryptedKeyExchangeData));
}
var keyExchange = new TKey();
keyExchange.Decode(encryptedKeyExchangeData);
return(DecryptKeyExchangeAlgorithm(keyExchange));
}
public Gost3411Hmac(Gost28147 keyAlgorithm)
{
if (keyAlgorithm == null)
{
throw ExceptionUtility.ArgumentNull("keyAlgorithm");
}
HashName = DefaultHashName;
HashSizeValue = DefaultHashSize;
_keyAlgorithm = DuplicateKeyAlg(keyAlgorithm);
_hashHandle = CryptoApiHelper.CreateHashHmac(CryptoApiHelper.ProviderHandle, _keyAlgorithm.InternalKeyHandle, GostCryptoConfig.ProviderType == ProviderTypes.VipNet ? Constants.CALG_GR3411_HMAC34 : Constants.CALG_GR3411_HMAC);
}
/// <inheritdoc />
public override byte[] CreateSignature(byte[] hash)
{
if (hash == null)
{
throw ExceptionUtility.ArgumentNull(nameof(hash));
}
var reverseSignature = _privateKey.CreateSignature(hash);
Array.Reverse(reverseSignature);
return(reverseSignature);
}
