Esempio n. 1
0
        private void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection?extraStore)
        {
            CheckStateForDecryption();
            extraStore = extraStore ?? new X509Certificate2Collection();

            X509Certificate2Collection certs = new X509Certificate2Collection();

            PkcsPal.Instance.AddCertsFromStoreForDecryption(certs);
            certs.AddRange(extraStore);

            X509Certificate2Collection originatorCerts = Certificates;

            ContentInfo?newContentInfo = null;
            Exception?  exception      = PkcsPal.Instance.CreateRecipientsNotFoundException();

            foreach (RecipientInfo recipientInfo in recipientInfos)
            {
                X509Certificate2?cert = certs.TryFindMatchingCertificate(recipientInfo.RecipientIdentifier);
                if (cert == null)
                {
                    exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
                    continue;
                }

                newContentInfo = _decryptorPal !.TryDecrypt(
                    recipientInfo,
                    cert,
                    null,
                    originatorCerts,
                    extraStore,
                    out exception);

                if (exception != null)
                {
                    continue;
                }

                break;
            }

            if (exception != null)
            {
                throw exception;
            }

            SetContentInfo(newContentInfo !);
        }
Esempio n. 2
0
 private DecryptorPalWindows(SafeCryptMsgHandle hCryptMsg, RecipientInfoCollection recipientInfos)
     : base(recipientInfos)
 {
     _hCryptMsg = hCryptMsg;
 }
Esempio n. 3
0
        // constructors

        public EnvelopedCms()
        {
            _certs      = new X509Certificate2Collection();
            _recipients = new RecipientInfoCollection();
            _uattribs   = new CryptographicAttributeObjectCollection();
        }
Esempio n. 4
0
 internal DecryptorPal(RecipientInfoCollection recipientInfos)
 {
     RecipientInfos = recipientInfos;
 }
Esempio n. 5
0
		// constructors

		public EnvelopedCms () 
		{
			_certs = new X509Certificate2Collection ();
			_recipients = new RecipientInfoCollection ();
			_uattribs = new CryptographicAttributeObjectCollection ();
		}
Esempio n. 6
0
 internal RecipientInfoEnumerator(RecipientInfoCollection RecipientInfos)
 {
     m_recipientInfos = RecipientInfos;
     m_current        = -1;
 }
 private unsafe void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
 {
     int hr = -2146889717;
     if ((this.m_safeCryptMsgHandle == null) || this.m_safeCryptMsgHandle.IsInvalid)
     {
         throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_NoEncryptedMessageToEncode"));
     }
     for (int i = 0; i < recipientInfos.Count; i++)
     {
         System.Security.Cryptography.SafeCertContextHandle invalidHandle;
         KeyAgreeRecipientInfo info2;
         System.Security.Cryptography.CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA cmsg_ctrl_key_agree_decrypt_para;
         System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO cmsg_key_agree_public_key_recipient_info;
         RecipientInfo recipientInfo = recipientInfos[i];
         CMSG_DECRYPT_PARAM cmsgDecryptParam = new CMSG_DECRYPT_PARAM();
         int num3 = GetCspParams(recipientInfo, extraStore, ref cmsgDecryptParam);
         if (num3 != 0)
         {
             goto Label_02F1;
         }
         CspParameters parameters = new CspParameters();
         if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(cmsgDecryptParam.safeCertContextHandle, ref parameters))
         {
             throw new CryptographicException(Marshal.GetLastWin32Error());
         }
         KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
         KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Decrypt | KeyContainerPermissionFlags.Open);
         permission.AccessEntries.Add(accessEntry);
         permission.Demand();
         switch (recipientInfo.Type)
         {
             case RecipientInfoType.KeyTransport:
             {
                 System.Security.Cryptography.CAPI.CMSG_CTRL_DECRYPT_PARA cmsg_ctrl_decrypt_para = new System.Security.Cryptography.CAPI.CMSG_CTRL_DECRYPT_PARA(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_CTRL_DECRYPT_PARA))) {
                     hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle(),
                     dwKeySpec = cmsgDecryptParam.keySpec,
                     dwRecipientIndex = recipientInfo.Index
                 };
                 if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0, 2, new IntPtr((void*) &cmsg_ctrl_decrypt_para)))
                 {
                     num3 = Marshal.GetHRForLastWin32Error();
                 }
                 GC.KeepAlive(cmsg_ctrl_decrypt_para);
                 goto Label_02E6;
             }
             case RecipientInfoType.KeyAgreement:
             {
                 invalidHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle;
                 info2 = (KeyAgreeRecipientInfo) recipientInfo;
                 System.Security.Cryptography.CAPI.CMSG_CMS_RECIPIENT_INFO cmsg_cms_recipient_info = (System.Security.Cryptography.CAPI.CMSG_CMS_RECIPIENT_INFO) Marshal.PtrToStructure(info2.pCmsgRecipientInfo.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_CMS_RECIPIENT_INFO));
                 cmsg_ctrl_key_agree_decrypt_para = new System.Security.Cryptography.CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA))) {
                     hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle(),
                     dwKeySpec = cmsgDecryptParam.keySpec,
                     pKeyAgree = cmsg_cms_recipient_info.pRecipientInfo,
                     dwRecipientIndex = info2.Index,
                     dwRecipientEncryptedKeyIndex = info2.SubIndex
                 };
                 if (info2.SubType != RecipientSubType.CertIdKeyAgreement)
                 {
                     goto Label_0286;
                 }
                 System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO cmsgRecipientInfo = (System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO) info2.CmsgRecipientInfo;
                 invalidHandle = System.Security.Cryptography.CAPI.CertFindCertificateInStore(BuildOriginatorStore(this.Certificates, extraStore), 0x10001, 0, 0x100000, new IntPtr((void*) &cmsgRecipientInfo.OriginatorCertId), System.Security.Cryptography.SafeCertContextHandle.InvalidHandle);
                 if ((invalidHandle != null) && !invalidHandle.IsInvalid)
                 {
                     break;
                 }
                 num3 = -2146885628;
                 goto Label_02E6;
             }
             default:
                 throw new CryptographicException(-2147483647);
         }
         System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = (System.Security.Cryptography.CAPI.CERT_CONTEXT) Marshal.PtrToStructure(invalidHandle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CERT_CONTEXT));
         System.Security.Cryptography.CAPI.CERT_INFO cert_info = (System.Security.Cryptography.CAPI.CERT_INFO) Marshal.PtrToStructure(cert_context.pCertInfo, typeof(System.Security.Cryptography.CAPI.CERT_INFO));
         cmsg_ctrl_key_agree_decrypt_para.OriginatorPublicKey = cert_info.SubjectPublicKeyInfo.PublicKey;
         goto Label_02A7;
     Label_0286:
         cmsg_key_agree_public_key_recipient_info = (System.Security.Cryptography.CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO) info2.CmsgRecipientInfo;
         cmsg_ctrl_key_agree_decrypt_para.OriginatorPublicKey = cmsg_key_agree_public_key_recipient_info.OriginatorPublicKeyInfo.PublicKey;
     Label_02A7:
         if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0, 0x11, new IntPtr((void*) &cmsg_ctrl_key_agree_decrypt_para)))
         {
             num3 = Marshal.GetHRForLastWin32Error();
         }
         GC.KeepAlive(cmsg_ctrl_key_agree_decrypt_para);
         GC.KeepAlive(invalidHandle);
     Label_02E6:
         GC.KeepAlive(cmsgDecryptParam);
     Label_02F1:
         if (num3 == 0)
         {
             uint cbData = 0;
             System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle;
             PkcsUtils.GetParam(this.m_safeCryptMsgHandle, 2, 0, out pvData, out cbData);
             if (cbData > 0)
             {
                 Oid contentType = PkcsUtils.GetContentType(this.m_safeCryptMsgHandle);
                 byte[] destination = new byte[cbData];
                 Marshal.Copy(pvData.DangerousGetHandle(), destination, 0, (int) cbData);
                 this.m_contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(contentType, destination);
             }
             pvData.Dispose();
             hr = 0;
             break;
         }
         hr = num3;
     }
     if (hr != 0)
     {
         throw new CryptographicException(hr);
     }
 }
Esempio n. 8
0
        private unsafe void DecryptContent (RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore) {
            int hr = CAPI.CRYPT_E_RECIPIENT_NOT_FOUND;

            if (m_safeCryptMsgHandle == null || m_safeCryptMsgHandle.IsInvalid)
                throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_NoEncryptedMessageToEncode"));

            for (int index = 0; index < recipientInfos.Count; index++) {
                RecipientInfo recipientInfo = recipientInfos[index];
                CMSG_DECRYPT_PARAM cmsgDecryptParam = new CMSG_DECRYPT_PARAM();

                // Get CSP parameters
                int hr2 = GetCspParams(recipientInfo, extraStore, ref cmsgDecryptParam);

                if (hr2 == CAPI.S_OK) {
                    // 


                    CspParameters parameters = new CspParameters();
                    if (X509Utils.GetPrivateKeyInfo(cmsgDecryptParam.safeCertContextHandle, ref parameters) == false)
                        throw new CryptographicException(Marshal.GetLastWin32Error());

                    KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
                    KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Decrypt);
                    kp.AccessEntries.Add(entry);
                    kp.Demand();

                    // Decrypt the content.
                    switch (recipientInfo.Type) {
                    case RecipientInfoType.KeyTransport:
                        CAPI.CMSG_CTRL_DECRYPT_PARA ctrlDecryptPara = new CAPI.CMSG_CTRL_DECRYPT_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_DECRYPT_PARA)));
                        ctrlDecryptPara.hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle();
                        ctrlDecryptPara.dwKeySpec = cmsgDecryptParam.keySpec;
                        ctrlDecryptPara.dwRecipientIndex = (uint) recipientInfo.Index;

                        if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
                                                  0,
                                                  CAPI.CMSG_CTRL_DECRYPT,
                                                  new IntPtr(&ctrlDecryptPara)))
                            hr2 = Marshal.GetHRForLastWin32Error();

                        GC.KeepAlive(ctrlDecryptPara);
                        break;

                    case RecipientInfoType.KeyAgreement:
                        SafeCertContextHandle pOriginatorCert = SafeCertContextHandle.InvalidHandle;
                        KeyAgreeRecipientInfo keyAgree = (KeyAgreeRecipientInfo) recipientInfo;
                        CAPI.CMSG_CMS_RECIPIENT_INFO cmsRecipientInfo = (CAPI.CMSG_CMS_RECIPIENT_INFO) Marshal.PtrToStructure(keyAgree.pCmsgRecipientInfo.DangerousGetHandle(), typeof(CAPI.CMSG_CMS_RECIPIENT_INFO));

                        CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA keyAgreeDecryptPara = new CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA)));
                        keyAgreeDecryptPara.hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle();
                        keyAgreeDecryptPara.dwKeySpec = cmsgDecryptParam.keySpec;
                        keyAgreeDecryptPara.pKeyAgree = cmsRecipientInfo.pRecipientInfo;
                        keyAgreeDecryptPara.dwRecipientIndex = keyAgree.Index;
                        keyAgreeDecryptPara.dwRecipientEncryptedKeyIndex = keyAgree.SubIndex;

                        if (keyAgree.SubType == RecipientSubType.CertIdKeyAgreement) {
                            CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO certIdKeyAgree = (CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO) keyAgree.CmsgRecipientInfo;
                            SafeCertStoreHandle hCertStore = BuildOriginatorStore(this.Certificates, extraStore);

                            pOriginatorCert = CAPI.CertFindCertificateInStore(hCertStore, 
                                                                              CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
                                                                              0, 
                                                                              CAPI.CERT_FIND_CERT_ID,
                                                                              new IntPtr(&certIdKeyAgree.OriginatorCertId),
                                                                              SafeCertContextHandle.InvalidHandle);
                            if (pOriginatorCert == null || pOriginatorCert.IsInvalid) {
                                hr2 = CAPI.CRYPT_E_NOT_FOUND;
                                break;
                            }

                            CAPI.CERT_CONTEXT pCertContext = (CAPI.CERT_CONTEXT) Marshal.PtrToStructure(pOriginatorCert.DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT));
                            CAPI.CERT_INFO certInfo = (CAPI.CERT_INFO) Marshal.PtrToStructure(pCertContext.pCertInfo, typeof(CAPI.CERT_INFO));
                            keyAgreeDecryptPara.OriginatorPublicKey = certInfo.SubjectPublicKeyInfo.PublicKey;
                        }
                        else {
                            CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO publicKeyAgree = (CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO) keyAgree.CmsgRecipientInfo;
                            keyAgreeDecryptPara.OriginatorPublicKey = publicKeyAgree.OriginatorPublicKeyInfo.PublicKey;
                        }
                        
                        if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
                                                  0,
                                                  CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT,
                                                  new IntPtr(&keyAgreeDecryptPara)))
                            hr2 = Marshal.GetHRForLastWin32Error();

                        GC.KeepAlive(keyAgreeDecryptPara);
                        GC.KeepAlive(pOriginatorCert);
                        break;

                    default:
                        throw new CryptographicException(CAPI.E_NOTIMPL);
                    }

                    GC.KeepAlive(cmsgDecryptParam);
                }

                // Content decrypted?
                if (hr2 == CAPI.S_OK) {
                    // Yes, so retrieve it.
                    uint cbContent = 0;
                    SafeLocalAllocHandle pbContent = SafeLocalAllocHandle.InvalidHandle;

                    PkcsUtils.GetParam(m_safeCryptMsgHandle, CAPI.CMSG_CONTENT_PARAM, 0, out pbContent, out cbContent);

                    if (cbContent > 0) {
                        Oid contentType = PkcsUtils.GetContentType(m_safeCryptMsgHandle);
                        byte[] content = new byte[cbContent];
                        Marshal.Copy(pbContent.DangerousGetHandle(), content, 0, (int) cbContent);

                        m_contentInfo = new ContentInfo(contentType, content);
                    }

                    pbContent.Dispose();

                    hr = CAPI.S_OK;
                    break;
                }
                else {
                    // Try next recipient.
                    hr = hr2;
                }
            }

            if (hr != CAPI.S_OK)
                throw new CryptographicException(hr);

            return;
        }
Esempio n. 9
0
        private void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
        {
            switch (_lastCall)
            {
                case LastCall.Ctor:
                    throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotEncrypted);

                case LastCall.Encrypt:
                    throw PkcsPal.Instance.CreateDecryptAfterEncryptException();

                case LastCall.Decrypt:
                    throw PkcsPal.Instance.CreateDecryptTwiceException();

                case LastCall.Decode:
                    break; // This is the expected state.

                default:
                    Debug.Fail($"Unexpected _lastCall value: {_lastCall}");
                    throw new InvalidOperationException();
            }

            extraStore = extraStore ?? new X509Certificate2Collection();

            X509Certificate2Collection certs = new X509Certificate2Collection();
            PkcsPal.Instance.AddCertsFromStoreForDecryption(certs);
            certs.AddRange(extraStore);

            X509Certificate2Collection originatorCerts = Certificates;

            ContentInfo newContentInfo = null;
            Exception exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
            foreach (RecipientInfo recipientInfo in recipientInfos)
            {
                X509Certificate2 cert = certs.TryFindMatchingCertificate(recipientInfo.RecipientIdentifier);
                if (cert == null)
                {
                    exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
                    continue;
                }
                newContentInfo = _decryptorPal.TryDecrypt(recipientInfo, cert, originatorCerts, extraStore, out exception);
                if (exception != null)
                    continue;

                break;
            }

            if (exception != null)
                throw exception;

            ContentInfo = newContentInfo;

            // Desktop compat: Encode() after a Decrypt() returns you the same thing that ContentInfo.Content does.
            _encodedMessage = newContentInfo.Content.CloneByteArray();

            _lastCall = LastCall.Decrypt;
        }
Esempio n. 10
0
        private void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
        {
            switch (_lastCall)
            {
            case LastCall.Ctor:
                throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotEncrypted);

            case LastCall.Encrypt:
                throw PkcsPal.Instance.CreateDecryptAfterEncryptException();

            case LastCall.Decrypt:
                throw PkcsPal.Instance.CreateDecryptTwiceException();

            case LastCall.Decode:
                break;     // This is the expected state.

            default:
                Debug.Fail($"Unexpected _lastCall value: {_lastCall}");
                throw new InvalidOperationException();
            }

            extraStore = extraStore ?? new X509Certificate2Collection();

            X509Certificate2Collection certs = new X509Certificate2Collection();

            PkcsPal.Instance.AddCertsFromStoreForDecryption(certs);
            certs.AddRange(extraStore);

            X509Certificate2Collection originatorCerts = Certificates;

            ContentInfo newContentInfo = null;
            Exception   exception      = PkcsPal.Instance.CreateRecipientsNotFoundException();

            foreach (RecipientInfo recipientInfo in recipientInfos)
            {
                X509Certificate2 cert = certs.TryFindMatchingCertificate(recipientInfo.RecipientIdentifier);
                if (cert == null)
                {
                    exception = PkcsPal.Instance.CreateRecipientsNotFoundException();
                    continue;
                }
                newContentInfo = _decryptorPal.TryDecrypt(recipientInfo, cert, originatorCerts, extraStore, out exception);
                if (exception != null)
                {
                    continue;
                }

                break;
            }

            if (exception != null)
            {
                throw exception;
            }

            ContentInfo = newContentInfo;

            // Desktop compat: Encode() after a Decrypt() returns you the same thing that ContentInfo.Content does.
            _encodedMessage = newContentInfo.Content.CloneByteArray();

            _lastCall = LastCall.Decrypt;
        }
Esempio n. 11
0
 internal RecipientInfoEnumerator(RecipientInfoCollection RecipientInfos) {
     m_recipientInfos = RecipientInfos;
     m_current = -1;
 }