internal KeyTransRecipientInformation(
KeyTransRecipientInfo info,
CmsSecureReadable secureReadable)
: base(info.KeyEncryptionAlgorithm, secureReadable)
{
this.info = info;
this.rid = new RecipientID();
RecipientIdentifier r = info.RecipientIdentifier;
try
{
if (r.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(r.ID);
rid.SubjectKeyIdentifier = octs.GetOctets();
}
else
{
IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID);
rid.Issuer = iAnds.Name;
rid.SerialNumber = iAnds.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid rid in KeyTransRecipientInformation");
}
}
/**
* return an KeyAgreeRecipientIdentifier object from the given object.
*
* @param obj the object we want converted.
* @exception ArgumentException if the object cannot be converted.
*/
public static KeyAgreeRecipientIdentifier GetInstance(
object obj)
{
if (obj == null || obj is KeyAgreeRecipientIdentifier)
{
return((KeyAgreeRecipientIdentifier)obj);
}
if (obj is Asn1Sequence)
{
return(new KeyAgreeRecipientIdentifier(IssuerAndSerialNumber.GetInstance(obj)));
}
if (obj is Asn1TaggedObject && ((Asn1TaggedObject)obj).TagNo == 0)
{
return(new KeyAgreeRecipientIdentifier(RecipientKeyIdentifier.GetInstance(
(Asn1TaggedObject)obj, false)));
}
throw new ArgumentException("Invalid KeyAgreeRecipientIdentifier: " + obj.GetType().FullName, "obj");
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] keyBytes = contentEncryptionKey.GetKey();
AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID;
IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id);
keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random));
byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
RecipientIdentifier recipId;
if (recipientTbsCert != null)
{
IssuerAndSerialNumber issuerAndSerial = new IssuerAndSerialNumber(
recipientTbsCert.Issuer, recipientTbsCert.SerialNumber.Value);
recipId = new RecipientIdentifier(issuerAndSerial);
}
else
{
recipId = new RecipientIdentifier(subjectKeyIdentifier);
}
return new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncryptionAlgorithm,
new DerOctetString(encryptedKeyBytes)));
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] keyBytes = contentEncryptionKey.GetKey();
AsymmetricKeyParameter senderPublicKey = senderKeyPair.Public;
ICipherParameters senderPrivateParams = senderKeyPair.Private;
OriginatorIdentifierOrKey originator;
try
{
originator = new OriginatorIdentifierOrKey(
CreateOriginatorPublicKey(senderPublicKey));
}
catch (IOException e)
{
throw new InvalidKeyException("cannot extract originator public key: " + e);
}
Asn1OctetString ukm = null;
if (keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
{
try
{
IAsymmetricCipherKeyPairGenerator ephemKPG =
GeneratorUtilities.GetKeyPairGenerator(keyAgreementOID);
ephemKPG.Init(
((ECPublicKeyParameters)senderPublicKey).CreateKeyGenerationParameters(random));
AsymmetricCipherKeyPair ephemKP = ephemKPG.GenerateKeyPair();
ukm = new DerOctetString(
new MQVuserKeyingMaterial(
CreateOriginatorPublicKey(ephemKP.Public), null));
senderPrivateParams = new MqvPrivateParameters(
(ECPrivateKeyParameters)senderPrivateParams,
(ECPrivateKeyParameters)ephemKP.Private,
(ECPublicKeyParameters)ephemKP.Public);
}
catch (IOException e)
{
throw new InvalidKeyException("cannot extract MQV ephemeral public key: " + e);
}
catch (SecurityUtilityException e)
{
throw new InvalidKeyException("cannot determine MQV ephemeral key pair parameters from public key: " + e);
}
}
DerSequence paramSeq = new DerSequence(
keyEncryptionOID,
DerNull.Instance);
AlgorithmIdentifier keyEncAlg = new AlgorithmIdentifier(keyAgreementOID, paramSeq);
Asn1EncodableVector recipientEncryptedKeys = new Asn1EncodableVector();
foreach (X509Certificate recipientCert in recipientCerts)
{
TbsCertificateStructure tbsCert;
try
{
tbsCert = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(recipientCert.GetTbsCertificate()));
}
catch (Exception)
{
throw new ArgumentException("can't extract TBS structure from certificate");
}
// TODO Should there be a SubjectKeyIdentifier-based alternative?
IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(
tbsCert.Issuer, tbsCert.SerialNumber.Value);
KeyAgreeRecipientIdentifier karid = new KeyAgreeRecipientIdentifier(issuerSerial);
ICipherParameters recipientPublicParams = recipientCert.GetPublicKey();
if (keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
{
recipientPublicParams = new MqvPublicParameters(
(ECPublicKeyParameters)recipientPublicParams,
(ECPublicKeyParameters)recipientPublicParams);
}
// Use key agreement to choose a wrap key for this recipient
IBasicAgreement keyAgreement = AgreementUtilities.GetBasicAgreementWithKdf(
keyAgreementOID, keyEncryptionOID.Id);
keyAgreement.Init(new ParametersWithRandom(senderPrivateParams, random));
BigInteger agreedValue = keyAgreement.CalculateAgreement(recipientPublicParams);
int keyEncryptionKeySize = GeneratorUtilities.GetDefaultKeySize(keyEncryptionOID) / 8;
byte[] keyEncryptionKeyBytes = X9IntegerConverter.IntegerToBytes(agreedValue, keyEncryptionKeySize);
KeyParameter keyEncryptionKey = ParameterUtilities.CreateKeyParameter(
keyEncryptionOID, keyEncryptionKeyBytes);
// Wrap the content encryption key with the agreement key
IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionOID.Id);
keyWrapper.Init(true, new ParametersWithRandom(keyEncryptionKey, random));
byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
Asn1OctetString encryptedKey = new DerOctetString(encryptedKeyBytes);
recipientEncryptedKeys.Add(new RecipientEncryptedKey(karid, encryptedKey));
}
return new RecipientInfo(new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg,
new DerSequence(recipientEncryptedKeys)));
}
public SignerIdentifier(
IssuerAndSerialNumber id)
{
this.id = id;
}
public RecipientIdentifier(
IssuerAndSerialNumber id)
{
this.id = id;
}
public SmimeEncryptionKeyPreferenceAttribute(
IssuerAndSerialNumber issAndSer)
: base(SmimeAttributes.EncrypKeyPref,
new DerSet(new DerTaggedObject(false, 0, issAndSer)))
{
}
public OriginatorIdentifierOrKey(
IssuerAndSerialNumber id)
{
this.id = id;
}
public RecipientIdentifier(
IssuerAndSerialNumber id)
{
this.id = id;
}
public OriginatorIdentifierOrKey(
IssuerAndSerialNumber id)
{
this.id = id;
}
public KeyAgreeRecipientIdentifier(
IssuerAndSerialNumber issuerSerial)
{
this.issuerSerial = issuerSerial;
}
public KeyAgreeRecipientIdentifier(
IssuerAndSerialNumber issuerSerial)
{
this.issuerSerial = issuerSerial;
}
public SignerIdentifier(
IssuerAndSerialNumber id)
{
this.id = id;
}
