public static void Encrypt(Stream toEncrypt, RsaKeyParameters key, out KeyInfo keyInfo, out EncryptionMethod encryptionMethod, out CipherData cipherData)
{
var random = new SecureRandom();
var keyData = new byte[128 / 8];
var ivData = new byte[128 / 8];
random.NextBytes(ivData);
random.NextBytes(keyData);
var sessionKey = new ParametersWithIV(new KeyParameter(keyData), ivData);
encryptionMethod = new EncryptionMethod(NS.XmlEncAES128Url);
keyInfo = new KeyInfo();
EncryptedKey encKey;
keyInfo.AddClause(
new KeyInfoEncryptedKey(
encKey = new EncryptedKey()
{
CipherData = new CipherData(XmlEncryption.EncryptKey(keyData, key, useOAEP: true)),
EncryptionMethod = new EncryptionMethod(NS.XmlEncRSAOAEPUrl)
}));
encKey.KeyInfo.AddClause(new RsaKeyValue(key));
byte[] dataToEncrypt = new byte[toEncrypt.Length];
toEncrypt.Read(dataToEncrypt, 0, (int)toEncrypt.Length);
var encryptedXml = new XmlEncryption();
encryptedXml.SetPadding("PKCS7");
encryptedXml.SetMode("CBC");
byte[] encryptedData = encryptedXml.EncryptData(dataToEncrypt, sessionKey);
cipherData = new CipherData(encryptedData);
}
public void DecryptEncryptedKey_KeyInfoEncryptedKey()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
var random = new SecureRandom();
var keydata = new byte[256 / 8];
random.NextBytes(keydata);
var param = new KeyParameter(keydata);
keydata = new byte[128 / 8];
random.NextBytes(keydata);
var innerParam = new KeyParameter(keydata);
keydata = new byte[192 / 8];
random.NextBytes(keydata);
var outerParam = new KeyParameter(keydata);
XmlDecryption exml = new XmlDecryption(doc);
exml.AddKeyNameMapping("aes", param);
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = XmlEncryption.EncryptKey(outerParam.GetKey(), param);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url);
ekey.Id = "Key_ID";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("aes"));
KeyInfo topLevelKeyInfo = new KeyInfo();
topLevelKeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
EncryptedKey ekeyTopLevel = new EncryptedKey();
byte[] encTopKeyBytes = XmlEncryption.EncryptKey(innerParam.GetKey(), outerParam);
ekeyTopLevel.CipherData = new CipherData(encTopKeyBytes);
ekeyTopLevel.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url);
ekeyTopLevel.KeyInfo = topLevelKeyInfo;
doc.LoadXml(ekeyTopLevel.GetXml().OuterXml);
byte[] decryptedKey = exml.DecryptEncryptedKey(ekeyTopLevel);
Assert.Equal(innerParam.GetKey(), decryptedKey);
EncryptedData eData = new EncryptedData();
eData.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url);
eData.KeyInfo = topLevelKeyInfo;
var decryptedAlg = exml.GetDecryptionKey(eData, NS.None);
Assert.Equal(outerParam.GetKey(), ((KeyParameter)decryptedAlg).GetKey());
}
public void EncryptKey_RSA_KeyDataNull()
{
var keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
var pair = keyGen.GenerateKeyPair();
Assert.Throws <ArgumentNullException>(() => XmlEncryption.EncryptKey(null, (RsaKeyParameters)pair.Public, false));
}
public void EncryptKey_RSA_UseOAEP()
{
byte[] data = Encoding.ASCII.GetBytes("12345678");
var keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
var pair = keyGen.GenerateKeyPair();
byte[] encryptedData = XmlEncryption.EncryptKey(data, (RsaKeyParameters)pair.Public, true);
byte[] decryptedData = XmlDecryption.DecryptKey(encryptedData, (RsaKeyParameters)pair.Private, true);
Assert.Equal(data, decryptedData);
}
public void EncryptKey_KeyNull()
{
var random = new SecureRandom();
var ivdata = new byte[128 / 8];
var keydata = new byte[256 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
Assert.Throws <ArgumentNullException>(() => XmlEncryption.EncryptKey(null, new KeyParameter(keydata)));
}
public void EncryptKey_AES()
{
var random = new SecureRandom();
var keydata = new byte[256 / 8];
random.NextBytes(keydata);
var param = new KeyParameter(keydata);
byte[] key = Encoding.ASCII.GetBytes("123456781234567812345678");
byte[] encryptedKey = XmlEncryption.EncryptKey(key, param);
Assert.NotNull(encryptedKey);
Assert.Equal(key, XmlDecryption.DecryptKey(encryptedKey, param));
}
public void DecryptKey_AESCorruptedKey8Bytes()
{
var random = new SecureRandom();
var keydata = new byte[256 / 8];
random.NextBytes(keydata);
var param = new KeyParameter(keydata);
byte[] key = Encoding.ASCII.GetBytes("12345678");
byte[] encryptedKey = XmlEncryption.EncryptKey(key, param);
encryptedKey[0] ^= 0xFF;
Assert.Throws <System.Security.Cryptography.CryptographicException>(() => XmlDecryption.DecryptKey(encryptedKey, param));
}
public void GetDecryptionKey_CarriedKeyName()
{
var random = new SecureRandom();
var ivdata = new byte[128 / 8];
var keydata = new byte[256 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
keydata = new byte[128 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var innerParam = new ParametersWithIV(new KeyParameter(keydata), ivdata);
EncryptedData edata = new EncryptedData();
edata.KeyInfo = new KeyInfo();
edata.KeyInfo.AddClause(new KeyInfoName("aes"));
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = XmlEncryption.EncryptKey(((KeyParameter)innerParam.Parameters).GetKey(), (KeyParameter)param.Parameters);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url);
ekey.CarriedKeyName = "aes";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("another_aes"));
XmlDocument doc = new XmlDocument();
doc.LoadXml(ekey.GetXml().OuterXml);
XmlDecryption exml = new XmlDecryption(doc);
exml.AddKeyNameMapping("another_aes", param);
var decryptedAlg = exml.GetDecryptionKey(edata, NS.XmlEncAES256Url);
Assert.IsType <KeyParameter>(decryptedAlg);
Assert.Equal(((KeyParameter)innerParam.Parameters).GetKey(), ((KeyParameter)decryptedAlg).GetKey());
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, RsaKeyParameters rsaKey, string keyName, bool useOAEP)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
var sessionKeyData = EncryptingAndDecryptingSymmetric.GenerateBlock(256);
var sessionKeyIV = EncryptingAndDecryptingSymmetric.GenerateBlock(128);
var sessionKey = new ParametersWithIV(new KeyParameter(sessionKeyData), sessionKeyIV);
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(XmlEncryption.EncryptKey(sessionKeyData, rsaKey, useOAEP)),
EncryptionMethod = new EncryptionMethod(useOAEP ? NS.XmlEncRSAOAEPUrl : NS.XmlEncRSA15Url)
};
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = XmlNameSpace.Url[NS.XmlEncElementUrl],
Id = encryptionElementID,
EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url)
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new XmlEncryption();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, sessionKey, false);
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, ICipherParameters key, string keyName, Func <ICipherParameters> innerKeyFactory)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
ICipherParameters innerKey = innerKeyFactory();
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(XmlEncryption.EncryptKey(((KeyParameter)((ParametersWithIV)innerKey).Parameters).GetKey(), (KeyParameter)((ParametersWithIV)key).Parameters)),
EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(key, keyWrap: true))
};
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = XmlNameSpace.Url[NS.XmlEncElementUrl],
Id = encryptionElementID,
EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(innerKey, keyWrap: false))
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new XmlEncryption();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, innerKey, false);
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
}
public void EncryptKey_RSA_RSANull()
{
Assert.Throws <ArgumentNullException>(() => XmlEncryption.EncryptKey(new byte[16], null, false));
}
public void EncryptKey_SymmetricAlgorithmNull()
{
Assert.Throws <ArgumentNullException>(() => XmlEncryption.EncryptKey(new byte[16], null));
}
public void EncryptKey_AESNotDivisibleBy8()
{
var random = new SecureRandom();
var keydata = new byte[256 / 8];
random.NextBytes(keydata);
var param = new KeyParameter(keydata);
byte[] key = Encoding.ASCII.GetBytes("1234567");
Assert.Throws <System.Security.Cryptography.CryptographicException>(() => XmlEncryption.EncryptKey(key, param));
}
