protected internal virtual Asn1Encodable GenerateAsn1Parameters(string encryptionOid, byte[] encKeyBytes)
{
Asn1Encodable result = null;
try
{
if (encryptionOid.Equals(CmsEnvelopedGenerator.RC2Cbc))
{
byte[] array = new byte[8];
this.rand.NextBytes(array);
int num = encKeyBytes.Length * 8;
int parameterVersion;
if (num < 256)
{
parameterVersion = (int)CmsEnvelopedGenerator.rc2Table[num];
}
else
{
parameterVersion = num;
}
result = new RC2CbcParameter(parameterVersion, array);
}
else
{
result = ParameterUtilities.GenerateParameters(encryptionOid, this.rand);
}
}
catch (SecurityUtilityException)
{
}
return(result);
}
public static ICipherParameters GetCipherParameters(
string algorithm,
ICipherParameters key,
Asn1Object asn1Params)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
string upper = algorithm.ToUpper(CultureInfo.InvariantCulture);
string mechanism = (string)algorithms[upper];
if (mechanism == null)
{
mechanism = upper;
}
byte[] iv = null;
try
{
switch (mechanism)
{
case "AES":
case "BLOWFISH":
case "DES":
case "DESEDE":
case "RIJNDAEL":
case "SKIPJACK":
case "TWOFISH":
iv = ((Asn1OctetString)asn1Params).GetOctets();
break;
case "RC2":
iv = RC2CbcParameter.GetInstance(asn1Params).GetIV();
break;
case "IDEA":
iv = IdeaCbcPar.GetInstance(asn1Params).GetIV();
break;
case "CAST5":
iv = Cast5CbcParameters.GetInstance(asn1Params).GetIV();
break;
}
}
catch (Exception e)
{
throw new ArgumentException("Could not process ASN.1 parameters", "asn1Params", e);
}
if (iv != null)
{
return(new ParametersWithIV(key, iv));
}
throw new SecurityUtilityException("Algorithm " + mechanism + " not recognised.");
}
public static ICipherParameters GetCipherParameters(
string algorithm,
ICipherParameters key,
Asn1Object asn1Params)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
string canonical = GetCanonicalAlgorithmName(algorithm);
if (canonical == null)
{
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
byte[] iv = null;
try
{
// TODO These algorithms support an IV
// but JCE doesn't seem to provide an AlgorithmParametersGenerator for them
// "RIJNDAEL", "SKIPJACK", "TWOFISH"
int basicIVKeySize = FindBasicIVSize(canonical);
if (basicIVKeySize != -1 ||
canonical == "RIJNDAEL" || canonical == "SKIPJACK" || canonical == "TWOFISH")
{
iv = ((Asn1OctetString)asn1Params).GetOctets();
}
else if (canonical == "CAST5")
{
iv = Cast5CbcParameters.GetInstance(asn1Params).GetIV();
}
#if INCLUDE_IDEA
else if (canonical == "IDEA")
{
iv = IdeaCbcPar.GetInstance(asn1Params).GetIV();
}
#endif
else if (canonical == "RC2")
{
iv = RC2CbcParameter.GetInstance(asn1Params).GetIV();
}
}
catch (Exception e)
{
throw new ArgumentException("Could not process ASN.1 parameters", e);
}
if (iv != null)
{
return(new ParametersWithIV(key, iv));
}
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
/**
* Create an AlgorithmIdentifier for the passed in encryption algorithm.
*
* @param encryptionOID OID for the encryption algorithm
* @param keySize key size in bits (-1 if unknown)
* @param random SecureRandom to use for parameter generation.
* @return a full AlgorithmIdentifier including parameters
* @throws IllegalArgumentException if encryptionOID cannot be matched
*/
public static AlgorithmIdentifier GenerateEncryptionAlgID(DerObjectIdentifier encryptionOID, int keySize, SecureRandom random)
{
if (encryptionOID.Equals(NistObjectIdentifiers.IdAes128Cbc) ||
encryptionOID.Equals(NistObjectIdentifiers.IdAes192Cbc) ||
encryptionOID.Equals(NistObjectIdentifiers.IdAes256Cbc) ||
encryptionOID.Equals(NttObjectIdentifiers.IdCamellia128Cbc) ||
encryptionOID.Equals(NttObjectIdentifiers.IdCamellia192Cbc) ||
encryptionOID.Equals(NttObjectIdentifiers.IdCamellia256Cbc) ||
encryptionOID.Equals(KisaObjectIdentifiers.IdSeedCbc))
{
byte[] iv = new byte[16];
random.NextBytes(iv);
return(new AlgorithmIdentifier(encryptionOID, new DerOctetString(iv)));
}
else if (encryptionOID.Equals(PkcsObjectIdentifiers.DesEde3Cbc) ||
encryptionOID.Equals(IDEA_CBC) ||
encryptionOID.Equals(OiwObjectIdentifiers.DesCbc))
{
byte[] iv = new byte[8];
random.NextBytes(iv);
return(new AlgorithmIdentifier(encryptionOID, new DerOctetString(iv)));
}
else if (encryptionOID.Equals(CAST5_CBC))
{
byte[] iv = new byte[8];
random.NextBytes(iv);
Cast5CbcParameters cbcParams = new Cast5CbcParameters(iv, keySize);
return(new AlgorithmIdentifier(encryptionOID, cbcParams));
}
else if (encryptionOID.Equals(PkcsObjectIdentifiers.rc4))
{
return(new AlgorithmIdentifier(encryptionOID, DerNull.Instance));
}
else if (encryptionOID.Equals(PkcsObjectIdentifiers.RC2Cbc))
{
byte[] iv = new byte[8];
random.NextBytes(iv);
RC2CbcParameter cbcParams = new RC2CbcParameter(rc2Table[128], iv);
return(new AlgorithmIdentifier(encryptionOID, cbcParams));
}
else
{
throw new InvalidOperationException("unable to match algorithm");
}
}
public static ICipherParameters GetCipherParameters(string algorithm, ICipherParameters key, Asn1Object asn1Params)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
//IL_00c8: Unknown result type (might be due to invalid IL or missing references)
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
string canonicalAlgorithmName = GetCanonicalAlgorithmName(algorithm);
if (canonicalAlgorithmName == null)
{
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
byte[] array = null;
try
{
int num = FindBasicIVSize(canonicalAlgorithmName);
if (num != -1 || canonicalAlgorithmName == "RIJNDAEL" || canonicalAlgorithmName == "SKIPJACK" || canonicalAlgorithmName == "TWOFISH")
{
array = ((Asn1OctetString)asn1Params).GetOctets();
}
else if (canonicalAlgorithmName == "CAST5")
{
array = Cast5CbcParameters.GetInstance(asn1Params).GetIV();
}
else if (canonicalAlgorithmName == "IDEA")
{
array = IdeaCbcPar.GetInstance(asn1Params).GetIV();
}
else if (canonicalAlgorithmName == "RC2")
{
array = RC2CbcParameter.GetInstance(asn1Params).GetIV();
}
}
catch (global::System.Exception ex)
{
throw new ArgumentException("Could not process ASN.1 parameters", ex);
}
if (array != null)
{
return(new ParametersWithIV(key, array));
}
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
public static ICipherParameters GetCipherParameters(string algorithm, ICipherParameters key, Asn1Object asn1Params)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
string canonicalAlgorithmName = ParameterUtilities.GetCanonicalAlgorithmName(algorithm);
if (canonicalAlgorithmName == null)
{
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
byte[] array = null;
try
{
int num = ParameterUtilities.FindBasicIVSize(canonicalAlgorithmName);
if (num != -1 || canonicalAlgorithmName == "RIJNDAEL" || canonicalAlgorithmName == "SKIPJACK" || canonicalAlgorithmName == "TWOFISH")
{
array = ((Asn1OctetString)asn1Params).GetOctets();
}
else if (canonicalAlgorithmName == "CAST5")
{
array = Cast5CbcParameters.GetInstance(asn1Params).GetIV();
}
else if (canonicalAlgorithmName == "IDEA")
{
array = IdeaCbcPar.GetInstance(asn1Params).GetIV();
}
else if (canonicalAlgorithmName == "RC2")
{
array = RC2CbcParameter.GetInstance(asn1Params).GetIV();
}
}
catch (Exception innerException)
{
throw new ArgumentException("Could not process ASN.1 parameters", innerException);
}
if (array != null)
{
return(new ParametersWithIV(key, array));
}
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
protected internal virtual Asn1Encodable GenerateAsn1Parameters(
string encryptionOid,
byte[] encKeyBytes)
{
Asn1Encodable asn1Params = null;
try
{
if (encryptionOid.Equals(RC2Cbc))
{
byte[] iv = new byte[8];
rand.NextBytes(iv);
// TODO Is this detailed repeat of Java version really necessary?
int effKeyBits = encKeyBytes.Length * 8;
int parameterVersion;
if (effKeyBits < 256)
{
parameterVersion = rc2Table[effKeyBits];
}
else
{
parameterVersion = effKeyBits;
}
asn1Params = new RC2CbcParameter(parameterVersion, iv);
}
else
{
asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand);
}
}
catch (SecurityUtilityException)
{
// No problem... no parameters generated
}
return(asn1Params);
}
protected internal virtual Asn1Encodable GenerateAsn1Parameters(string encryptionOid, byte[] encKeyBytes)
{
Asn1Encodable result = null;
try
{
if (!encryptionOid.Equals(RC2Cbc))
{
result = ParameterUtilities.GenerateParameters(encryptionOid, rand);
return(result);
}
byte[] array = new byte[8];
rand.NextBytes(array);
int num = encKeyBytes.Length * 8;
int parameterVersion = (num >= 256) ? num : rc2Table[num];
result = new RC2CbcParameter(parameterVersion, array);
return(result);
}
catch (SecurityUtilityException)
{
return(result);
}
}
public static object CreateContentCipher(bool forEncryption, ICipherParameters encKey,
AlgorithmIdentifier encryptionAlgID)
{
DerObjectIdentifier encAlg = encryptionAlgID.Algorithm;
if (encAlg.Equals(PkcsObjectIdentifiers.rc4))
{
IStreamCipher cipher = new RC4Engine();
cipher.Init(forEncryption, encKey);
return(cipher);
}
else
{
BufferedBlockCipher cipher = CreateCipher(encryptionAlgID.Algorithm);
Asn1Object sParams = encryptionAlgID.Parameters.ToAsn1Object();
if (sParams != null && !(sParams is DerNull))
{
if (encAlg.Equals(PkcsObjectIdentifiers.DesEde3Cbc) ||
encAlg.Equals(AlgorithmIdentifierFactory.IDEA_CBC) ||
encAlg.Equals(NistObjectIdentifiers.IdAes128Cbc) ||
encAlg.Equals(NistObjectIdentifiers.IdAes192Cbc) ||
encAlg.Equals(NistObjectIdentifiers.IdAes256Cbc) ||
encAlg.Equals(NttObjectIdentifiers.IdCamellia128Cbc) ||
encAlg.Equals(NttObjectIdentifiers.IdCamellia192Cbc) ||
encAlg.Equals(NttObjectIdentifiers.IdCamellia256Cbc) ||
encAlg.Equals(KisaObjectIdentifiers.IdSeedCbc) ||
encAlg.Equals(OiwObjectIdentifiers.DesCbc))
{
cipher.Init(forEncryption, new ParametersWithIV(encKey,
Asn1OctetString.GetInstance(sParams).GetOctets()));
}
else if (encAlg.Equals(AlgorithmIdentifierFactory.CAST5_CBC))
{
Cast5CbcParameters cbcParams = Cast5CbcParameters.GetInstance(sParams);
cipher.Init(forEncryption, new ParametersWithIV(encKey, cbcParams.GetIV()));
}
else if (encAlg.Equals(PkcsObjectIdentifiers.RC2Cbc))
{
RC2CbcParameter cbcParams = RC2CbcParameter.GetInstance(sParams);
cipher.Init(forEncryption, new ParametersWithIV(new RC2Parameters(((KeyParameter)encKey).GetKey(), rc2Ekb[cbcParams.RC2ParameterVersion.IntValue]), cbcParams.GetIV()));
}
else
{
throw new InvalidOperationException("cannot match parameters");
}
}
else
{
if (encAlg.Equals(PkcsObjectIdentifiers.DesEde3Cbc) ||
encAlg.Equals(AlgorithmIdentifierFactory.IDEA_CBC) ||
encAlg.Equals(AlgorithmIdentifierFactory.CAST5_CBC))
{
cipher.Init(forEncryption, new ParametersWithIV(encKey, new byte[8]));
}
else
{
cipher.Init(forEncryption, encKey);
}
}
return(cipher);
}
}
public static ICipherParameters GenerateCipherParameters(string algorithm, char[] password, bool wrongPkcs12Zero, Asn1Encodable pbeParameters)
{
string text = (string)algorithms.get_Item((object)Platform.ToUpperInvariant(algorithm));
byte[] array = null;
byte[] salt = null;
int iterationCount = 0;
if (IsPkcs12(text))
{
Pkcs12PbeParams instance = Pkcs12PbeParams.GetInstance(pbeParameters);
salt = instance.GetIV();
iterationCount = instance.Iterations.IntValue;
array = PbeParametersGenerator.Pkcs12PasswordToBytes(password, wrongPkcs12Zero);
}
else if (!IsPkcs5Scheme2(text))
{
PbeParameter instance2 = PbeParameter.GetInstance(pbeParameters);
salt = instance2.GetSalt();
iterationCount = instance2.IterationCount.IntValue;
array = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
}
ICipherParameters parameters = null;
if (IsPkcs5Scheme2(text))
{
PbeS2Parameters instance3 = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object());
AlgorithmIdentifier encryptionScheme = instance3.EncryptionScheme;
DerObjectIdentifier algorithm2 = encryptionScheme.Algorithm;
Asn1Object obj = encryptionScheme.Parameters.ToAsn1Object();
Pbkdf2Params instance4 = Pbkdf2Params.GetInstance(instance3.KeyDerivationFunc.Parameters.ToAsn1Object());
byte[] array2;
if (algorithm2.Equals(PkcsObjectIdentifiers.RC2Cbc))
{
RC2CbcParameter instance5 = RC2CbcParameter.GetInstance(obj);
array2 = instance5.GetIV();
}
else
{
array2 = Asn1OctetString.GetInstance(obj).GetOctets();
}
salt = instance4.GetSalt();
iterationCount = instance4.IterationCount.IntValue;
array = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
int keySize = ((instance4.KeyLength != null) ? (instance4.KeyLength.IntValue * 8) : GeneratorUtilities.GetDefaultKeySize(algorithm2));
PbeParametersGenerator pbeParametersGenerator = MakePbeGenerator((string)algorithmType.get_Item((object)text), null, array, salt, iterationCount);
parameters = pbeParametersGenerator.GenerateDerivedParameters(algorithm2.Id, keySize);
if (array2 != null && !Arrays.AreEqual(array2, new byte[array2.Length]))
{
parameters = new ParametersWithIV(parameters, array2);
}
}
else if (Platform.StartsWith(text, "PBEwithSHA-1"))
{
PbeParametersGenerator pbeParametersGenerator2 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new Sha1Digest(), array, salt, iterationCount);
if (text.Equals("PBEwithSHA-1and128bitAES-CBC-BC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("AES", 128, 128);
}
else if (text.Equals("PBEwithSHA-1and192bitAES-CBC-BC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("AES", 192, 128);
}
else if (text.Equals("PBEwithSHA-1and256bitAES-CBC-BC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("AES", 256, 128);
}
else if (text.Equals("PBEwithSHA-1and128bitRC4"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC4", 128);
}
else if (text.Equals("PBEwithSHA-1and40bitRC4"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC4", 40);
}
else if (text.Equals("PBEwithSHA-1and3-keyDESEDE-CBC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("DESEDE", 192, 64);
}
else if (text.Equals("PBEwithSHA-1and2-keyDESEDE-CBC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("DESEDE", 128, 64);
}
else if (text.Equals("PBEwithSHA-1and128bitRC2-CBC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC2", 128, 64);
}
else if (text.Equals("PBEwithSHA-1and40bitRC2-CBC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC2", 40, 64);
}
else if (text.Equals("PBEwithSHA-1andDES-CBC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("DES", 64, 64);
}
else if (text.Equals("PBEwithSHA-1andRC2-CBC"))
{
parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC2", 64, 64);
}
}
else if (Platform.StartsWith(text, "PBEwithSHA-256"))
{
PbeParametersGenerator pbeParametersGenerator3 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new Sha256Digest(), array, salt, iterationCount);
if (text.Equals("PBEwithSHA-256and128bitAES-CBC-BC"))
{
parameters = pbeParametersGenerator3.GenerateDerivedParameters("AES", 128, 128);
}
else if (text.Equals("PBEwithSHA-256and192bitAES-CBC-BC"))
{
parameters = pbeParametersGenerator3.GenerateDerivedParameters("AES", 192, 128);
}
else if (text.Equals("PBEwithSHA-256and256bitAES-CBC-BC"))
{
parameters = pbeParametersGenerator3.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (Platform.StartsWith(text, "PBEwithMD5"))
{
PbeParametersGenerator pbeParametersGenerator4 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new MD5Digest(), array, salt, iterationCount);
if (text.Equals("PBEwithMD5andDES-CBC"))
{
parameters = pbeParametersGenerator4.GenerateDerivedParameters("DES", 64, 64);
}
else if (text.Equals("PBEwithMD5andRC2-CBC"))
{
parameters = pbeParametersGenerator4.GenerateDerivedParameters("RC2", 64, 64);
}
else if (text.Equals("PBEwithMD5and128bitAES-CBC-OpenSSL"))
{
parameters = pbeParametersGenerator4.GenerateDerivedParameters("AES", 128, 128);
}
else if (text.Equals("PBEwithMD5and192bitAES-CBC-OpenSSL"))
{
parameters = pbeParametersGenerator4.GenerateDerivedParameters("AES", 192, 128);
}
else if (text.Equals("PBEwithMD5and256bitAES-CBC-OpenSSL"))
{
parameters = pbeParametersGenerator4.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (Platform.StartsWith(text, "PBEwithMD2"))
{
PbeParametersGenerator pbeParametersGenerator5 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new MD2Digest(), array, salt, iterationCount);
if (text.Equals("PBEwithMD2andDES-CBC"))
{
parameters = pbeParametersGenerator5.GenerateDerivedParameters("DES", 64, 64);
}
else if (text.Equals("PBEwithMD2andRC2-CBC"))
{
parameters = pbeParametersGenerator5.GenerateDerivedParameters("RC2", 64, 64);
}
}
else if (Platform.StartsWith(text, "PBEwithHmac"))
{
string algorithm3 = text.Substring("PBEwithHmac".get_Length());
IDigest digest = DigestUtilities.GetDigest(algorithm3);
PbeParametersGenerator pbeParametersGenerator6 = MakePbeGenerator((string)algorithmType.get_Item((object)text), digest, array, salt, iterationCount);
int keySize2 = digest.GetDigestSize() * 8;
parameters = pbeParametersGenerator6.GenerateDerivedMacParameters(keySize2);
}
global::System.Array.Clear((global::System.Array)array, 0, array.Length);
return(FixDesParity(text, parameters));
}
public static ICipherParameters GenerateCipherParameters(
string algorithm,
char[] password,
bool wrongPkcs12Zero,
Asn1Encodable pbeParameters)
{
string mechanism = (string)algorithms[algorithm.ToUpper(CultureInfo.InvariantCulture)];
byte[] keyBytes = null;
byte[] salt = null;
int iterationCount = 0;
if (IsPkcs12(mechanism))
{
Pkcs12PbeParams pbeParams = Pkcs12PbeParams.GetInstance(pbeParameters);
salt = pbeParams.GetIV();
iterationCount = pbeParams.Iterations.IntValue;
keyBytes = PbeParametersGenerator.Pkcs12PasswordToBytes(password, wrongPkcs12Zero);
}
else if (IsPkcs5Scheme2(mechanism))
{
// See below
}
else
{
PbeParameter pbeParams = PbeParameter.GetInstance(pbeParameters);
salt = pbeParams.GetSalt();
iterationCount = pbeParams.IterationCount.IntValue;
keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
}
ICipherParameters parameters = null;
if (IsPkcs5Scheme2(mechanism))
{
PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object());
AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
DerObjectIdentifier encOid = encScheme.ObjectID;
Asn1Object encParams = encScheme.Parameters.ToAsn1Object();
// TODO What about s2p.KeyDerivationFunc.ObjectID?
Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object());
byte[] iv;
if (encOid.Equals(PkcsObjectIdentifiers.RC2Cbc)) // PKCS5.B.2.3
{
RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(encParams);
iv = rc2Params.GetIV();
}
else
{
iv = Asn1OctetString.GetInstance(encParams).GetOctets();
}
salt = pbeParams.GetSalt();
iterationCount = pbeParams.IterationCount.IntValue;
keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
int keyLength = pbeParams.KeyLength != null
? pbeParams.KeyLength.IntValue * 8
: GeneratorUtilities.GetDefaultKeySize(encOid);
PbeParametersGenerator gen = MakePbeGenerator(
(string)algorithmType[mechanism], null, keyBytes, salt, iterationCount);
parameters = gen.GenerateDerivedParameters(encOid.Id, keyLength);
if (iv != null)
{
// FIXME? OpenSSL weirdness with IV of zeros (for ECB keys?)
if (Arrays.AreEqual(iv, new byte[iv.Length]))
{
//Console.Error.Write("***** IV all 0 (length " + iv.Length + ") *****");
}
else
{
parameters = new ParametersWithIV(parameters, iv);
}
}
}
else if (mechanism.StartsWith("PBEwithSHA-1"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new Sha1Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithSHA-1and128bitRC4"))
{
parameters = generator.GenerateDerivedParameters("RC4", 128);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC4"))
{
parameters = generator.GenerateDerivedParameters("RC4", 40);
}
else if (mechanism.Equals("PBEwithSHA-1and3-keyDESEDE-CBC"))
{
parameters = generator.GenerateDerivedParameters("DESEDE", 192, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and2-keyDESEDE-CBC"))
{
parameters = generator.GenerateDerivedParameters("DESEDE", 128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and128bitRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 40, 64);
}
else if (mechanism.Equals("PBEwithSHA-1andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithSHA-1andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and128bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and192bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and256bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (mechanism.StartsWith("PBEwithSHA-256"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new Sha256Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithSHA-256and128bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithSHA-256and192bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithSHA-256and256bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (mechanism.StartsWith("PBEwithMD5"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new MD5Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithMD5andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithMD5andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
else if (mechanism.Equals("PBEwithMD5and128bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithMD5and192bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithMD5and256bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (mechanism.StartsWith("PBEwithMD2"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new MD2Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithMD2andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithMD2andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
}
else if (mechanism.StartsWith("PBEwithHmac"))
{
string digestName = mechanism.Substring("PBEwithHmac".Length);
IDigest digest = DigestUtilities.GetDigest(digestName);
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], digest, keyBytes, salt, iterationCount);
int bitLen = digest.GetDigestSize() * 8;
parameters = generator.GenerateDerivedMacParameters(bitLen);
}
Array.Clear(keyBytes, 0, keyBytes.Length);
return(FixDesParity(mechanism, parameters));
}
public override void PerformTest()
{
char[] password = "******".ToCharArray();
PbeParametersGenerator generator = new Pkcs5S2ParametersGenerator();
EncryptedPrivateKeyInfo info = null;
try
{
info = EncryptedPrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(sample));
}
catch (System.Exception e)
{
Fail("failed construction - exception " + e.ToString(), e);
}
PbeS2Parameters alg = PbeS2Parameters.GetInstance(info.EncryptionAlgorithm.Parameters);
Pbkdf2Params func = Pbkdf2Params.GetInstance(alg.KeyDerivationFunc.Parameters);
EncryptionScheme scheme = alg.EncryptionScheme;
if (func.KeyLength != null)
{
keySize = func.KeyLength.IntValue * 8;
}
int iterationCount = func.IterationCount.IntValue;
byte[] salt = func.GetSalt();
generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, iterationCount);
DerObjectIdentifier algOid = scheme.ObjectID;
byte[] iv;
if (algOid.Equals(PkcsObjectIdentifiers.RC2Cbc))
{
RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(scheme.Asn1Object);
iv = rc2Params.GetIV();
}
else
{
iv = ((Asn1OctetString)scheme.Asn1Object).GetOctets();
}
ICipherParameters param = new ParametersWithIV(
generator.GenerateDerivedParameters(algOid.Id, keySize), iv);
cipher.Init(false, param);
byte[] data = info.GetEncryptedData();
byte[] outBytes = new byte[cipher.GetOutputSize(data.Length)];
int len = cipher.ProcessBytes(data, 0, data.Length, outBytes, 0);
try
{
len += cipher.DoFinal(outBytes, len);
}
catch (Exception e)
{
Fail("failed DoFinal - exception " + e.ToString());
}
if (result.Length != len)
{
Fail("failed length");
}
for (int i = 0; i != len; i++)
{
if (outBytes[i] != result[i])
{
Fail("failed comparison");
}
}
}
public static ICipherParameters GetCipherParameters(
string algorithm,
ICipherParameters key,
Asn1Object asn1Params)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
string canonical = GetCanonicalAlgorithmName(algorithm);
if (canonical == null)
{
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
byte[] iv = null;
try
{
switch (canonical)
{
case "AES":
case "AES128":
case "AES192":
case "AES256":
case "BLOWFISH":
case "CAMELLIA":
case "CAMELLIA128":
case "CAMELLIA192":
case "CAMELLIA256":
case "DES":
case "DESEDE":
case "DESEDE3":
case "NOEKEON":
case "RIJNDAEL":
case "SEED":
case "SKIPJACK":
case "TWOFISH":
iv = ((Asn1OctetString)asn1Params).GetOctets();
break;
case "RC2":
iv = RC2CbcParameter.GetInstance(asn1Params).GetIV();
break;
case "IDEA":
iv = IdeaCbcPar.GetInstance(asn1Params).GetIV();
break;
case "CAST5":
iv = Cast5CbcParameters.GetInstance(asn1Params).GetIV();
break;
}
}
catch (Exception e)
{
throw new ArgumentException("Could not process ASN.1 parameters", e);
}
if (iv != null)
{
return(new ParametersWithIV(key, iv));
}
throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
}
/// <summary>
/// Generate an enveloped object that contains a CMS Enveloped Data
/// object using the passed in key generator.
/// </summary>
private CmsEnvelopedData Generate(
CmsProcessable content,
string encryptionOid,
CipherKeyGenerator keyGen)
{
AlgorithmIdentifier encAlgId = null;
KeyParameter encKey = null;
Asn1OctetString encContent;
try
{
IBufferedCipher cipher = CipherUtilities.GetCipher(encryptionOid);
byte[] encKeyBytes = keyGen.GenerateKey();
encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes);
Asn1Encodable asn1Params = null;
try
{
if (encryptionOid.Equals(RC2Cbc))
{
// mix in a bit extra...
rand.SetSeed(DateTime.Now.Ticks);
byte[] iv = rand.GenerateSeed(8);
// TODO Is this detailed repeat of Java version really necessary?
int effKeyBits = encKeyBytes.Length * 8;
int parameterVersion;
if (effKeyBits < 256)
{
parameterVersion = rc2Table[effKeyBits];
}
else
{
parameterVersion = effKeyBits;
}
asn1Params = new RC2CbcParameter(parameterVersion, iv);
}
else
{
asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand);
}
}
catch (SecurityUtilityException)
{
// No problem... no parameters generated
}
Asn1Object asn1Object;
ICipherParameters cipherParameters;
if (asn1Params != null)
{
asn1Object = asn1Params.ToAsn1Object();
cipherParameters = ParameterUtilities.GetCipherParameters(
encryptionOid, encKey, asn1Object);
}
else
{
asn1Object = DerNull.Instance;
cipherParameters = encKey;
}
encAlgId = new AlgorithmIdentifier(
new DerObjectIdentifier(encryptionOid),
asn1Object);
cipher.Init(true, cipherParameters);
MemoryStream bOut = new MemoryStream();
CipherStream cOut = new CipherStream(bOut, null, cipher);
content.Write(cOut);
cOut.Close();
encContent = new BerOctetString(bOut.ToArray());
}
catch (SecurityUtilityException e)
{
throw new CmsException("couldn't create cipher.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key invalid in message.", e);
}
catch (IOException e)
{
throw new CmsException("exception decoding algorithm parameters.", e);
}
Asn1EncodableVector recipientInfos = new Asn1EncodableVector();
foreach (RecipientInf recipient in recipientInfs)
{
try
{
recipientInfos.Add(recipient.ToRecipientInfo(encKey));
}
catch (IOException e)
{
throw new CmsException("encoding error.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key inappropriate for algorithm.", e);
}
catch (GeneralSecurityException e)
{
throw new CmsException("error making encrypted content.", e);
}
}
EncryptedContentInfo eci = new EncryptedContentInfo(
PkcsObjectIdentifiers.Data,
encAlgId,
encContent);
Asn1.Cms.ContentInfo contentInfo = new Asn1.Cms.ContentInfo(
PkcsObjectIdentifiers.EnvelopedData,
new EnvelopedData(null, new DerSet(recipientInfos), eci, null));
return(new CmsEnvelopedData(contentInfo));
}
/// <summary>
/// Generate an enveloped object that contains an CMS Enveloped Data
/// object using the passed in key generator.
/// </summary>
private Stream Open(
Stream outStream,
string encryptionOid,
CipherKeyGenerator keyGen)
{
Asn1Encodable asn1Params = null;
byte[] encKeyBytes = keyGen.GenerateKey();
KeyParameter encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes);
try
{
if (encryptionOid.Equals(RC2Cbc))
{
// mix in a bit extra...
rand.SetSeed(DateTime.Now.Ticks);
byte[] iv = rand.GenerateSeed(8);
// TODO Is this detailed repeat of Java version really necessary?
int effKeyBits = encKeyBytes.Length * 8;
int parameterVersion;
if (effKeyBits < 256)
{
parameterVersion = rc2Table[effKeyBits];
}
else
{
parameterVersion = effKeyBits;
}
asn1Params = new RC2CbcParameter(parameterVersion, iv);
}
else
{
asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand);
}
}
catch (SecurityUtilityException)
{
// No problem... no parameters generated
}
Asn1EncodableVector recipientInfos = new Asn1EncodableVector();
foreach (RecipientInf recipient in recipientInfs)
{
try
{
recipientInfos.Add(recipient.ToRecipientInfo(encKey));
}
catch (IOException e)
{
throw new CmsException("encoding error.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key inappropriate for algorithm.", e);
}
catch (GeneralSecurityException e)
{
throw new CmsException("error making encrypted content.", e);
}
}
return(Open(outStream, encryptionOid, encKey, asn1Params, recipientInfos));
}
