protected internal virtual Asn1Encodable GenerateAsn1Parameters(string encryptionOid, byte[] encKeyBytes) { Asn1Encodable result = null; try { if (encryptionOid.Equals(CmsEnvelopedGenerator.RC2Cbc)) { byte[] array = new byte[8]; this.rand.NextBytes(array); int num = encKeyBytes.Length * 8; int parameterVersion; if (num < 256) { parameterVersion = (int)CmsEnvelopedGenerator.rc2Table[num]; } else { parameterVersion = num; } result = new RC2CbcParameter(parameterVersion, array); } else { result = ParameterUtilities.GenerateParameters(encryptionOid, this.rand); } } catch (SecurityUtilityException) { } return(result); }
public static ICipherParameters GetCipherParameters( string algorithm, ICipherParameters key, Asn1Object asn1Params) { if (algorithm == null) { throw new ArgumentNullException("algorithm"); } string upper = algorithm.ToUpper(CultureInfo.InvariantCulture); string mechanism = (string)algorithms[upper]; if (mechanism == null) { mechanism = upper; } byte[] iv = null; try { switch (mechanism) { case "AES": case "BLOWFISH": case "DES": case "DESEDE": case "RIJNDAEL": case "SKIPJACK": case "TWOFISH": iv = ((Asn1OctetString)asn1Params).GetOctets(); break; case "RC2": iv = RC2CbcParameter.GetInstance(asn1Params).GetIV(); break; case "IDEA": iv = IdeaCbcPar.GetInstance(asn1Params).GetIV(); break; case "CAST5": iv = Cast5CbcParameters.GetInstance(asn1Params).GetIV(); break; } } catch (Exception e) { throw new ArgumentException("Could not process ASN.1 parameters", "asn1Params", e); } if (iv != null) { return(new ParametersWithIV(key, iv)); } throw new SecurityUtilityException("Algorithm " + mechanism + " not recognised."); }
public static ICipherParameters GetCipherParameters( string algorithm, ICipherParameters key, Asn1Object asn1Params) { if (algorithm == null) { throw new ArgumentNullException("algorithm"); } string canonical = GetCanonicalAlgorithmName(algorithm); if (canonical == null) { throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); } byte[] iv = null; try { // TODO These algorithms support an IV // but JCE doesn't seem to provide an AlgorithmParametersGenerator for them // "RIJNDAEL", "SKIPJACK", "TWOFISH" int basicIVKeySize = FindBasicIVSize(canonical); if (basicIVKeySize != -1 || canonical == "RIJNDAEL" || canonical == "SKIPJACK" || canonical == "TWOFISH") { iv = ((Asn1OctetString)asn1Params).GetOctets(); } else if (canonical == "CAST5") { iv = Cast5CbcParameters.GetInstance(asn1Params).GetIV(); } #if INCLUDE_IDEA else if (canonical == "IDEA") { iv = IdeaCbcPar.GetInstance(asn1Params).GetIV(); } #endif else if (canonical == "RC2") { iv = RC2CbcParameter.GetInstance(asn1Params).GetIV(); } } catch (Exception e) { throw new ArgumentException("Could not process ASN.1 parameters", e); } if (iv != null) { return(new ParametersWithIV(key, iv)); } throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); }
/** * Create an AlgorithmIdentifier for the passed in encryption algorithm. * * @param encryptionOID OID for the encryption algorithm * @param keySize key size in bits (-1 if unknown) * @param random SecureRandom to use for parameter generation. * @return a full AlgorithmIdentifier including parameters * @throws IllegalArgumentException if encryptionOID cannot be matched */ public static AlgorithmIdentifier GenerateEncryptionAlgID(DerObjectIdentifier encryptionOID, int keySize, SecureRandom random) { if (encryptionOID.Equals(NistObjectIdentifiers.IdAes128Cbc) || encryptionOID.Equals(NistObjectIdentifiers.IdAes192Cbc) || encryptionOID.Equals(NistObjectIdentifiers.IdAes256Cbc) || encryptionOID.Equals(NttObjectIdentifiers.IdCamellia128Cbc) || encryptionOID.Equals(NttObjectIdentifiers.IdCamellia192Cbc) || encryptionOID.Equals(NttObjectIdentifiers.IdCamellia256Cbc) || encryptionOID.Equals(KisaObjectIdentifiers.IdSeedCbc)) { byte[] iv = new byte[16]; random.NextBytes(iv); return(new AlgorithmIdentifier(encryptionOID, new DerOctetString(iv))); } else if (encryptionOID.Equals(PkcsObjectIdentifiers.DesEde3Cbc) || encryptionOID.Equals(IDEA_CBC) || encryptionOID.Equals(OiwObjectIdentifiers.DesCbc)) { byte[] iv = new byte[8]; random.NextBytes(iv); return(new AlgorithmIdentifier(encryptionOID, new DerOctetString(iv))); } else if (encryptionOID.Equals(CAST5_CBC)) { byte[] iv = new byte[8]; random.NextBytes(iv); Cast5CbcParameters cbcParams = new Cast5CbcParameters(iv, keySize); return(new AlgorithmIdentifier(encryptionOID, cbcParams)); } else if (encryptionOID.Equals(PkcsObjectIdentifiers.rc4)) { return(new AlgorithmIdentifier(encryptionOID, DerNull.Instance)); } else if (encryptionOID.Equals(PkcsObjectIdentifiers.RC2Cbc)) { byte[] iv = new byte[8]; random.NextBytes(iv); RC2CbcParameter cbcParams = new RC2CbcParameter(rc2Table[128], iv); return(new AlgorithmIdentifier(encryptionOID, cbcParams)); } else { throw new InvalidOperationException("unable to match algorithm"); } }
public static ICipherParameters GetCipherParameters(string algorithm, ICipherParameters key, Asn1Object asn1Params) { //IL_0008: Unknown result type (might be due to invalid IL or missing references) //IL_00c8: Unknown result type (might be due to invalid IL or missing references) if (algorithm == null) { throw new ArgumentNullException("algorithm"); } string canonicalAlgorithmName = GetCanonicalAlgorithmName(algorithm); if (canonicalAlgorithmName == null) { throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); } byte[] array = null; try { int num = FindBasicIVSize(canonicalAlgorithmName); if (num != -1 || canonicalAlgorithmName == "RIJNDAEL" || canonicalAlgorithmName == "SKIPJACK" || canonicalAlgorithmName == "TWOFISH") { array = ((Asn1OctetString)asn1Params).GetOctets(); } else if (canonicalAlgorithmName == "CAST5") { array = Cast5CbcParameters.GetInstance(asn1Params).GetIV(); } else if (canonicalAlgorithmName == "IDEA") { array = IdeaCbcPar.GetInstance(asn1Params).GetIV(); } else if (canonicalAlgorithmName == "RC2") { array = RC2CbcParameter.GetInstance(asn1Params).GetIV(); } } catch (global::System.Exception ex) { throw new ArgumentException("Could not process ASN.1 parameters", ex); } if (array != null) { return(new ParametersWithIV(key, array)); } throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); }
public static ICipherParameters GetCipherParameters(string algorithm, ICipherParameters key, Asn1Object asn1Params) { if (algorithm == null) { throw new ArgumentNullException("algorithm"); } string canonicalAlgorithmName = ParameterUtilities.GetCanonicalAlgorithmName(algorithm); if (canonicalAlgorithmName == null) { throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); } byte[] array = null; try { int num = ParameterUtilities.FindBasicIVSize(canonicalAlgorithmName); if (num != -1 || canonicalAlgorithmName == "RIJNDAEL" || canonicalAlgorithmName == "SKIPJACK" || canonicalAlgorithmName == "TWOFISH") { array = ((Asn1OctetString)asn1Params).GetOctets(); } else if (canonicalAlgorithmName == "CAST5") { array = Cast5CbcParameters.GetInstance(asn1Params).GetIV(); } else if (canonicalAlgorithmName == "IDEA") { array = IdeaCbcPar.GetInstance(asn1Params).GetIV(); } else if (canonicalAlgorithmName == "RC2") { array = RC2CbcParameter.GetInstance(asn1Params).GetIV(); } } catch (Exception innerException) { throw new ArgumentException("Could not process ASN.1 parameters", innerException); } if (array != null) { return(new ParametersWithIV(key, array)); } throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); }
protected internal virtual Asn1Encodable GenerateAsn1Parameters( string encryptionOid, byte[] encKeyBytes) { Asn1Encodable asn1Params = null; try { if (encryptionOid.Equals(RC2Cbc)) { byte[] iv = new byte[8]; rand.NextBytes(iv); // TODO Is this detailed repeat of Java version really necessary? int effKeyBits = encKeyBytes.Length * 8; int parameterVersion; if (effKeyBits < 256) { parameterVersion = rc2Table[effKeyBits]; } else { parameterVersion = effKeyBits; } asn1Params = new RC2CbcParameter(parameterVersion, iv); } else { asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand); } } catch (SecurityUtilityException) { // No problem... no parameters generated } return(asn1Params); }
protected internal virtual Asn1Encodable GenerateAsn1Parameters(string encryptionOid, byte[] encKeyBytes) { Asn1Encodable result = null; try { if (!encryptionOid.Equals(RC2Cbc)) { result = ParameterUtilities.GenerateParameters(encryptionOid, rand); return(result); } byte[] array = new byte[8]; rand.NextBytes(array); int num = encKeyBytes.Length * 8; int parameterVersion = (num >= 256) ? num : rc2Table[num]; result = new RC2CbcParameter(parameterVersion, array); return(result); } catch (SecurityUtilityException) { return(result); } }
public static object CreateContentCipher(bool forEncryption, ICipherParameters encKey, AlgorithmIdentifier encryptionAlgID) { DerObjectIdentifier encAlg = encryptionAlgID.Algorithm; if (encAlg.Equals(PkcsObjectIdentifiers.rc4)) { IStreamCipher cipher = new RC4Engine(); cipher.Init(forEncryption, encKey); return(cipher); } else { BufferedBlockCipher cipher = CreateCipher(encryptionAlgID.Algorithm); Asn1Object sParams = encryptionAlgID.Parameters.ToAsn1Object(); if (sParams != null && !(sParams is DerNull)) { if (encAlg.Equals(PkcsObjectIdentifiers.DesEde3Cbc) || encAlg.Equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.Equals(NistObjectIdentifiers.IdAes128Cbc) || encAlg.Equals(NistObjectIdentifiers.IdAes192Cbc) || encAlg.Equals(NistObjectIdentifiers.IdAes256Cbc) || encAlg.Equals(NttObjectIdentifiers.IdCamellia128Cbc) || encAlg.Equals(NttObjectIdentifiers.IdCamellia192Cbc) || encAlg.Equals(NttObjectIdentifiers.IdCamellia256Cbc) || encAlg.Equals(KisaObjectIdentifiers.IdSeedCbc) || encAlg.Equals(OiwObjectIdentifiers.DesCbc)) { cipher.Init(forEncryption, new ParametersWithIV(encKey, Asn1OctetString.GetInstance(sParams).GetOctets())); } else if (encAlg.Equals(AlgorithmIdentifierFactory.CAST5_CBC)) { Cast5CbcParameters cbcParams = Cast5CbcParameters.GetInstance(sParams); cipher.Init(forEncryption, new ParametersWithIV(encKey, cbcParams.GetIV())); } else if (encAlg.Equals(PkcsObjectIdentifiers.RC2Cbc)) { RC2CbcParameter cbcParams = RC2CbcParameter.GetInstance(sParams); cipher.Init(forEncryption, new ParametersWithIV(new RC2Parameters(((KeyParameter)encKey).GetKey(), rc2Ekb[cbcParams.RC2ParameterVersion.IntValue]), cbcParams.GetIV())); } else { throw new InvalidOperationException("cannot match parameters"); } } else { if (encAlg.Equals(PkcsObjectIdentifiers.DesEde3Cbc) || encAlg.Equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.Equals(AlgorithmIdentifierFactory.CAST5_CBC)) { cipher.Init(forEncryption, new ParametersWithIV(encKey, new byte[8])); } else { cipher.Init(forEncryption, encKey); } } return(cipher); } }
public static ICipherParameters GenerateCipherParameters(string algorithm, char[] password, bool wrongPkcs12Zero, Asn1Encodable pbeParameters) { string text = (string)algorithms.get_Item((object)Platform.ToUpperInvariant(algorithm)); byte[] array = null; byte[] salt = null; int iterationCount = 0; if (IsPkcs12(text)) { Pkcs12PbeParams instance = Pkcs12PbeParams.GetInstance(pbeParameters); salt = instance.GetIV(); iterationCount = instance.Iterations.IntValue; array = PbeParametersGenerator.Pkcs12PasswordToBytes(password, wrongPkcs12Zero); } else if (!IsPkcs5Scheme2(text)) { PbeParameter instance2 = PbeParameter.GetInstance(pbeParameters); salt = instance2.GetSalt(); iterationCount = instance2.IterationCount.IntValue; array = PbeParametersGenerator.Pkcs5PasswordToBytes(password); } ICipherParameters parameters = null; if (IsPkcs5Scheme2(text)) { PbeS2Parameters instance3 = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object()); AlgorithmIdentifier encryptionScheme = instance3.EncryptionScheme; DerObjectIdentifier algorithm2 = encryptionScheme.Algorithm; Asn1Object obj = encryptionScheme.Parameters.ToAsn1Object(); Pbkdf2Params instance4 = Pbkdf2Params.GetInstance(instance3.KeyDerivationFunc.Parameters.ToAsn1Object()); byte[] array2; if (algorithm2.Equals(PkcsObjectIdentifiers.RC2Cbc)) { RC2CbcParameter instance5 = RC2CbcParameter.GetInstance(obj); array2 = instance5.GetIV(); } else { array2 = Asn1OctetString.GetInstance(obj).GetOctets(); } salt = instance4.GetSalt(); iterationCount = instance4.IterationCount.IntValue; array = PbeParametersGenerator.Pkcs5PasswordToBytes(password); int keySize = ((instance4.KeyLength != null) ? (instance4.KeyLength.IntValue * 8) : GeneratorUtilities.GetDefaultKeySize(algorithm2)); PbeParametersGenerator pbeParametersGenerator = MakePbeGenerator((string)algorithmType.get_Item((object)text), null, array, salt, iterationCount); parameters = pbeParametersGenerator.GenerateDerivedParameters(algorithm2.Id, keySize); if (array2 != null && !Arrays.AreEqual(array2, new byte[array2.Length])) { parameters = new ParametersWithIV(parameters, array2); } } else if (Platform.StartsWith(text, "PBEwithSHA-1")) { PbeParametersGenerator pbeParametersGenerator2 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new Sha1Digest(), array, salt, iterationCount); if (text.Equals("PBEwithSHA-1and128bitAES-CBC-BC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("AES", 128, 128); } else if (text.Equals("PBEwithSHA-1and192bitAES-CBC-BC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("AES", 192, 128); } else if (text.Equals("PBEwithSHA-1and256bitAES-CBC-BC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("AES", 256, 128); } else if (text.Equals("PBEwithSHA-1and128bitRC4")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC4", 128); } else if (text.Equals("PBEwithSHA-1and40bitRC4")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC4", 40); } else if (text.Equals("PBEwithSHA-1and3-keyDESEDE-CBC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("DESEDE", 192, 64); } else if (text.Equals("PBEwithSHA-1and2-keyDESEDE-CBC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("DESEDE", 128, 64); } else if (text.Equals("PBEwithSHA-1and128bitRC2-CBC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC2", 128, 64); } else if (text.Equals("PBEwithSHA-1and40bitRC2-CBC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC2", 40, 64); } else if (text.Equals("PBEwithSHA-1andDES-CBC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("DES", 64, 64); } else if (text.Equals("PBEwithSHA-1andRC2-CBC")) { parameters = pbeParametersGenerator2.GenerateDerivedParameters("RC2", 64, 64); } } else if (Platform.StartsWith(text, "PBEwithSHA-256")) { PbeParametersGenerator pbeParametersGenerator3 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new Sha256Digest(), array, salt, iterationCount); if (text.Equals("PBEwithSHA-256and128bitAES-CBC-BC")) { parameters = pbeParametersGenerator3.GenerateDerivedParameters("AES", 128, 128); } else if (text.Equals("PBEwithSHA-256and192bitAES-CBC-BC")) { parameters = pbeParametersGenerator3.GenerateDerivedParameters("AES", 192, 128); } else if (text.Equals("PBEwithSHA-256and256bitAES-CBC-BC")) { parameters = pbeParametersGenerator3.GenerateDerivedParameters("AES", 256, 128); } } else if (Platform.StartsWith(text, "PBEwithMD5")) { PbeParametersGenerator pbeParametersGenerator4 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new MD5Digest(), array, salt, iterationCount); if (text.Equals("PBEwithMD5andDES-CBC")) { parameters = pbeParametersGenerator4.GenerateDerivedParameters("DES", 64, 64); } else if (text.Equals("PBEwithMD5andRC2-CBC")) { parameters = pbeParametersGenerator4.GenerateDerivedParameters("RC2", 64, 64); } else if (text.Equals("PBEwithMD5and128bitAES-CBC-OpenSSL")) { parameters = pbeParametersGenerator4.GenerateDerivedParameters("AES", 128, 128); } else if (text.Equals("PBEwithMD5and192bitAES-CBC-OpenSSL")) { parameters = pbeParametersGenerator4.GenerateDerivedParameters("AES", 192, 128); } else if (text.Equals("PBEwithMD5and256bitAES-CBC-OpenSSL")) { parameters = pbeParametersGenerator4.GenerateDerivedParameters("AES", 256, 128); } } else if (Platform.StartsWith(text, "PBEwithMD2")) { PbeParametersGenerator pbeParametersGenerator5 = MakePbeGenerator((string)algorithmType.get_Item((object)text), new MD2Digest(), array, salt, iterationCount); if (text.Equals("PBEwithMD2andDES-CBC")) { parameters = pbeParametersGenerator5.GenerateDerivedParameters("DES", 64, 64); } else if (text.Equals("PBEwithMD2andRC2-CBC")) { parameters = pbeParametersGenerator5.GenerateDerivedParameters("RC2", 64, 64); } } else if (Platform.StartsWith(text, "PBEwithHmac")) { string algorithm3 = text.Substring("PBEwithHmac".get_Length()); IDigest digest = DigestUtilities.GetDigest(algorithm3); PbeParametersGenerator pbeParametersGenerator6 = MakePbeGenerator((string)algorithmType.get_Item((object)text), digest, array, salt, iterationCount); int keySize2 = digest.GetDigestSize() * 8; parameters = pbeParametersGenerator6.GenerateDerivedMacParameters(keySize2); } global::System.Array.Clear((global::System.Array)array, 0, array.Length); return(FixDesParity(text, parameters)); }
public static ICipherParameters GenerateCipherParameters( string algorithm, char[] password, bool wrongPkcs12Zero, Asn1Encodable pbeParameters) { string mechanism = (string)algorithms[algorithm.ToUpper(CultureInfo.InvariantCulture)]; byte[] keyBytes = null; byte[] salt = null; int iterationCount = 0; if (IsPkcs12(mechanism)) { Pkcs12PbeParams pbeParams = Pkcs12PbeParams.GetInstance(pbeParameters); salt = pbeParams.GetIV(); iterationCount = pbeParams.Iterations.IntValue; keyBytes = PbeParametersGenerator.Pkcs12PasswordToBytes(password, wrongPkcs12Zero); } else if (IsPkcs5Scheme2(mechanism)) { // See below } else { PbeParameter pbeParams = PbeParameter.GetInstance(pbeParameters); salt = pbeParams.GetSalt(); iterationCount = pbeParams.IterationCount.IntValue; keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password); } ICipherParameters parameters = null; if (IsPkcs5Scheme2(mechanism)) { PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object()); AlgorithmIdentifier encScheme = s2p.EncryptionScheme; DerObjectIdentifier encOid = encScheme.ObjectID; Asn1Object encParams = encScheme.Parameters.ToAsn1Object(); // TODO What about s2p.KeyDerivationFunc.ObjectID? Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object()); byte[] iv; if (encOid.Equals(PkcsObjectIdentifiers.RC2Cbc)) // PKCS5.B.2.3 { RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(encParams); iv = rc2Params.GetIV(); } else { iv = Asn1OctetString.GetInstance(encParams).GetOctets(); } salt = pbeParams.GetSalt(); iterationCount = pbeParams.IterationCount.IntValue; keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password); int keyLength = pbeParams.KeyLength != null ? pbeParams.KeyLength.IntValue * 8 : GeneratorUtilities.GetDefaultKeySize(encOid); PbeParametersGenerator gen = MakePbeGenerator( (string)algorithmType[mechanism], null, keyBytes, salt, iterationCount); parameters = gen.GenerateDerivedParameters(encOid.Id, keyLength); if (iv != null) { // FIXME? OpenSSL weirdness with IV of zeros (for ECB keys?) if (Arrays.AreEqual(iv, new byte[iv.Length])) { //Console.Error.Write("***** IV all 0 (length " + iv.Length + ") *****"); } else { parameters = new ParametersWithIV(parameters, iv); } } } else if (mechanism.StartsWith("PBEwithSHA-1")) { PbeParametersGenerator generator = MakePbeGenerator( (string)algorithmType[mechanism], new Sha1Digest(), keyBytes, salt, iterationCount); if (mechanism.Equals("PBEwithSHA-1and128bitRC4")) { parameters = generator.GenerateDerivedParameters("RC4", 128); } else if (mechanism.Equals("PBEwithSHA-1and40bitRC4")) { parameters = generator.GenerateDerivedParameters("RC4", 40); } else if (mechanism.Equals("PBEwithSHA-1and3-keyDESEDE-CBC")) { parameters = generator.GenerateDerivedParameters("DESEDE", 192, 64); } else if (mechanism.Equals("PBEwithSHA-1and2-keyDESEDE-CBC")) { parameters = generator.GenerateDerivedParameters("DESEDE", 128, 64); } else if (mechanism.Equals("PBEwithSHA-1and128bitRC2-CBC")) { parameters = generator.GenerateDerivedParameters("RC2", 128, 64); } else if (mechanism.Equals("PBEwithSHA-1and40bitRC2-CBC")) { parameters = generator.GenerateDerivedParameters("RC2", 40, 64); } else if (mechanism.Equals("PBEwithSHA-1andDES-CBC")) { parameters = generator.GenerateDerivedParameters("DES", 64, 64); } else if (mechanism.Equals("PBEwithSHA-1andRC2-CBC")) { parameters = generator.GenerateDerivedParameters("RC2", 64, 64); } else if (mechanism.Equals("PBEwithSHA-1and128bitAES-CBC-BC")) { parameters = generator.GenerateDerivedParameters("AES", 128, 128); } else if (mechanism.Equals("PBEwithSHA-1and192bitAES-CBC-BC")) { parameters = generator.GenerateDerivedParameters("AES", 192, 128); } else if (mechanism.Equals("PBEwithSHA-1and256bitAES-CBC-BC")) { parameters = generator.GenerateDerivedParameters("AES", 256, 128); } } else if (mechanism.StartsWith("PBEwithSHA-256")) { PbeParametersGenerator generator = MakePbeGenerator( (string)algorithmType[mechanism], new Sha256Digest(), keyBytes, salt, iterationCount); if (mechanism.Equals("PBEwithSHA-256and128bitAES-CBC-BC")) { parameters = generator.GenerateDerivedParameters("AES", 128, 128); } else if (mechanism.Equals("PBEwithSHA-256and192bitAES-CBC-BC")) { parameters = generator.GenerateDerivedParameters("AES", 192, 128); } else if (mechanism.Equals("PBEwithSHA-256and256bitAES-CBC-BC")) { parameters = generator.GenerateDerivedParameters("AES", 256, 128); } } else if (mechanism.StartsWith("PBEwithMD5")) { PbeParametersGenerator generator = MakePbeGenerator( (string)algorithmType[mechanism], new MD5Digest(), keyBytes, salt, iterationCount); if (mechanism.Equals("PBEwithMD5andDES-CBC")) { parameters = generator.GenerateDerivedParameters("DES", 64, 64); } else if (mechanism.Equals("PBEwithMD5andRC2-CBC")) { parameters = generator.GenerateDerivedParameters("RC2", 64, 64); } else if (mechanism.Equals("PBEwithMD5and128bitAES-CBC-OpenSSL")) { parameters = generator.GenerateDerivedParameters("AES", 128, 128); } else if (mechanism.Equals("PBEwithMD5and192bitAES-CBC-OpenSSL")) { parameters = generator.GenerateDerivedParameters("AES", 192, 128); } else if (mechanism.Equals("PBEwithMD5and256bitAES-CBC-OpenSSL")) { parameters = generator.GenerateDerivedParameters("AES", 256, 128); } } else if (mechanism.StartsWith("PBEwithMD2")) { PbeParametersGenerator generator = MakePbeGenerator( (string)algorithmType[mechanism], new MD2Digest(), keyBytes, salt, iterationCount); if (mechanism.Equals("PBEwithMD2andDES-CBC")) { parameters = generator.GenerateDerivedParameters("DES", 64, 64); } else if (mechanism.Equals("PBEwithMD2andRC2-CBC")) { parameters = generator.GenerateDerivedParameters("RC2", 64, 64); } } else if (mechanism.StartsWith("PBEwithHmac")) { string digestName = mechanism.Substring("PBEwithHmac".Length); IDigest digest = DigestUtilities.GetDigest(digestName); PbeParametersGenerator generator = MakePbeGenerator( (string)algorithmType[mechanism], digest, keyBytes, salt, iterationCount); int bitLen = digest.GetDigestSize() * 8; parameters = generator.GenerateDerivedMacParameters(bitLen); } Array.Clear(keyBytes, 0, keyBytes.Length); return(FixDesParity(mechanism, parameters)); }
public override void PerformTest() { char[] password = "******".ToCharArray(); PbeParametersGenerator generator = new Pkcs5S2ParametersGenerator(); EncryptedPrivateKeyInfo info = null; try { info = EncryptedPrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(sample)); } catch (System.Exception e) { Fail("failed construction - exception " + e.ToString(), e); } PbeS2Parameters alg = PbeS2Parameters.GetInstance(info.EncryptionAlgorithm.Parameters); Pbkdf2Params func = Pbkdf2Params.GetInstance(alg.KeyDerivationFunc.Parameters); EncryptionScheme scheme = alg.EncryptionScheme; if (func.KeyLength != null) { keySize = func.KeyLength.IntValue * 8; } int iterationCount = func.IterationCount.IntValue; byte[] salt = func.GetSalt(); generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, iterationCount); DerObjectIdentifier algOid = scheme.ObjectID; byte[] iv; if (algOid.Equals(PkcsObjectIdentifiers.RC2Cbc)) { RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(scheme.Asn1Object); iv = rc2Params.GetIV(); } else { iv = ((Asn1OctetString)scheme.Asn1Object).GetOctets(); } ICipherParameters param = new ParametersWithIV( generator.GenerateDerivedParameters(algOid.Id, keySize), iv); cipher.Init(false, param); byte[] data = info.GetEncryptedData(); byte[] outBytes = new byte[cipher.GetOutputSize(data.Length)]; int len = cipher.ProcessBytes(data, 0, data.Length, outBytes, 0); try { len += cipher.DoFinal(outBytes, len); } catch (Exception e) { Fail("failed DoFinal - exception " + e.ToString()); } if (result.Length != len) { Fail("failed length"); } for (int i = 0; i != len; i++) { if (outBytes[i] != result[i]) { Fail("failed comparison"); } } }
public static ICipherParameters GetCipherParameters( string algorithm, ICipherParameters key, Asn1Object asn1Params) { if (algorithm == null) { throw new ArgumentNullException("algorithm"); } string canonical = GetCanonicalAlgorithmName(algorithm); if (canonical == null) { throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); } byte[] iv = null; try { switch (canonical) { case "AES": case "AES128": case "AES192": case "AES256": case "BLOWFISH": case "CAMELLIA": case "CAMELLIA128": case "CAMELLIA192": case "CAMELLIA256": case "DES": case "DESEDE": case "DESEDE3": case "NOEKEON": case "RIJNDAEL": case "SEED": case "SKIPJACK": case "TWOFISH": iv = ((Asn1OctetString)asn1Params).GetOctets(); break; case "RC2": iv = RC2CbcParameter.GetInstance(asn1Params).GetIV(); break; case "IDEA": iv = IdeaCbcPar.GetInstance(asn1Params).GetIV(); break; case "CAST5": iv = Cast5CbcParameters.GetInstance(asn1Params).GetIV(); break; } } catch (Exception e) { throw new ArgumentException("Could not process ASN.1 parameters", e); } if (iv != null) { return(new ParametersWithIV(key, iv)); } throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised."); }
/// <summary> /// Generate an enveloped object that contains a CMS Enveloped Data /// object using the passed in key generator. /// </summary> private CmsEnvelopedData Generate( CmsProcessable content, string encryptionOid, CipherKeyGenerator keyGen) { AlgorithmIdentifier encAlgId = null; KeyParameter encKey = null; Asn1OctetString encContent; try { IBufferedCipher cipher = CipherUtilities.GetCipher(encryptionOid); byte[] encKeyBytes = keyGen.GenerateKey(); encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes); Asn1Encodable asn1Params = null; try { if (encryptionOid.Equals(RC2Cbc)) { // mix in a bit extra... rand.SetSeed(DateTime.Now.Ticks); byte[] iv = rand.GenerateSeed(8); // TODO Is this detailed repeat of Java version really necessary? int effKeyBits = encKeyBytes.Length * 8; int parameterVersion; if (effKeyBits < 256) { parameterVersion = rc2Table[effKeyBits]; } else { parameterVersion = effKeyBits; } asn1Params = new RC2CbcParameter(parameterVersion, iv); } else { asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand); } } catch (SecurityUtilityException) { // No problem... no parameters generated } Asn1Object asn1Object; ICipherParameters cipherParameters; if (asn1Params != null) { asn1Object = asn1Params.ToAsn1Object(); cipherParameters = ParameterUtilities.GetCipherParameters( encryptionOid, encKey, asn1Object); } else { asn1Object = DerNull.Instance; cipherParameters = encKey; } encAlgId = new AlgorithmIdentifier( new DerObjectIdentifier(encryptionOid), asn1Object); cipher.Init(true, cipherParameters); MemoryStream bOut = new MemoryStream(); CipherStream cOut = new CipherStream(bOut, null, cipher); content.Write(cOut); cOut.Close(); encContent = new BerOctetString(bOut.ToArray()); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } Asn1EncodableVector recipientInfos = new Asn1EncodableVector(); foreach (RecipientInf recipient in recipientInfs) { try { recipientInfos.Add(recipient.ToRecipientInfo(encKey)); } catch (IOException e) { throw new CmsException("encoding error.", e); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for algorithm.", e); } catch (GeneralSecurityException e) { throw new CmsException("error making encrypted content.", e); } } EncryptedContentInfo eci = new EncryptedContentInfo( PkcsObjectIdentifiers.Data, encAlgId, encContent); Asn1.Cms.ContentInfo contentInfo = new Asn1.Cms.ContentInfo( PkcsObjectIdentifiers.EnvelopedData, new EnvelopedData(null, new DerSet(recipientInfos), eci, null)); return(new CmsEnvelopedData(contentInfo)); }
/// <summary> /// Generate an enveloped object that contains an CMS Enveloped Data /// object using the passed in key generator. /// </summary> private Stream Open( Stream outStream, string encryptionOid, CipherKeyGenerator keyGen) { Asn1Encodable asn1Params = null; byte[] encKeyBytes = keyGen.GenerateKey(); KeyParameter encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes); try { if (encryptionOid.Equals(RC2Cbc)) { // mix in a bit extra... rand.SetSeed(DateTime.Now.Ticks); byte[] iv = rand.GenerateSeed(8); // TODO Is this detailed repeat of Java version really necessary? int effKeyBits = encKeyBytes.Length * 8; int parameterVersion; if (effKeyBits < 256) { parameterVersion = rc2Table[effKeyBits]; } else { parameterVersion = effKeyBits; } asn1Params = new RC2CbcParameter(parameterVersion, iv); } else { asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand); } } catch (SecurityUtilityException) { // No problem... no parameters generated } Asn1EncodableVector recipientInfos = new Asn1EncodableVector(); foreach (RecipientInf recipient in recipientInfs) { try { recipientInfos.Add(recipient.ToRecipientInfo(encKey)); } catch (IOException e) { throw new CmsException("encoding error.", e); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for algorithm.", e); } catch (GeneralSecurityException e) { throw new CmsException("error making encrypted content.", e); } } return(Open(outStream, encryptionOid, encKey, asn1Params, recipientInfos)); }