public ManagedDecryptorPal( byte[] dataCopy, EnvelopedDataAsn envelopedDataAsn, RecipientInfoCollection recipientInfos) : base(recipientInfos) { _dataCopy = dataCopy; _envelopedData = envelopedDataAsn; }
public override DecryptorPal Decode( byte[] encodedMessage, out int version, out ContentInfo contentInfo, out AlgorithmIdentifier contentEncryptionAlgorithm, out X509Certificate2Collection originatorCerts, out CryptographicAttributeObjectCollection unprotectedAttributes) { // Read using BER because the CMS specification says the encoding is BER. AsnValueReader reader = new AsnValueReader(encodedMessage, AsnEncodingRules.BER); ContentInfoAsn.Decode( ref reader, encodedMessage, out ContentInfoAsn parsedContentInfo); if (parsedContentInfo.ContentType != Oids.Pkcs7Enveloped) { throw new CryptographicException(SR.Cryptography_Cms_InvalidMessageType); } byte[] copy = parsedContentInfo.Content.ToArray(); EnvelopedDataAsn data = EnvelopedDataAsn.Decode(copy, AsnEncodingRules.BER); version = data.Version; contentInfo = new ContentInfo( new Oid(data.EncryptedContentInfo.ContentType), data.EncryptedContentInfo.EncryptedContent?.ToArray() ?? Array.Empty <byte>()); contentEncryptionAlgorithm = data.EncryptedContentInfo.ContentEncryptionAlgorithm.ToPresentationObject(); originatorCerts = new X509Certificate2Collection(); if (data.OriginatorInfo.HasValue && data.OriginatorInfo.Value.CertificateSet != null) { foreach (CertificateChoiceAsn certChoice in data.OriginatorInfo.Value.CertificateSet) { if (certChoice.Certificate != null) { originatorCerts.Add(new X509Certificate2(certChoice.Certificate.Value.ToArray())); } } } unprotectedAttributes = SignerInfo.MakeAttributeCollection(data.UnprotectedAttributes); var recipientInfos = new List <RecipientInfo>(); foreach (RecipientInfoAsn recipientInfo in data.RecipientInfos) { if (recipientInfo.Ktri.HasValue) { recipientInfos.Add(new KeyTransRecipientInfo(new ManagedKeyTransPal(recipientInfo.Ktri.Value))); } else if (recipientInfo.Kari.HasValue) { for (int i = 0; i < recipientInfo.Kari.Value.RecipientEncryptedKeys.Length; i++) { recipientInfos.Add( new KeyAgreeRecipientInfo(new ManagedKeyAgreePal(recipientInfo.Kari.Value, i))); } } else { Debug.Fail($"{nameof(RecipientInfoAsn)} deserialized with an unknown recipient type"); throw new CryptographicException(); } } return(new ManagedDecryptorPal(copy, data, new RecipientInfoCollection(recipientInfos))); }
private byte[] Encrypt( CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes, byte[] encryptedContent, byte[] cek, byte[] parameterBytes) { EnvelopedDataAsn envelopedData = new EnvelopedDataAsn { EncryptedContentInfo = { ContentType = contentInfo.ContentType.Value, ContentEncryptionAlgorithm = { Algorithm = contentEncryptionAlgorithm.Oid, Parameters = parameterBytes, }, EncryptedContent = encryptedContent, }, }; if (unprotectedAttributes != null && unprotectedAttributes.Count > 0) { List <AttributeAsn> attrList = CmsSigner.BuildAttributes(unprotectedAttributes); envelopedData.UnprotectedAttributes = Helpers.NormalizeSet(attrList.ToArray()); } if (originatorCerts != null && originatorCerts.Count > 0) { CertificateChoiceAsn[] certs = new CertificateChoiceAsn[originatorCerts.Count]; for (int i = 0; i < originatorCerts.Count; i++) { certs[i].Certificate = originatorCerts[i].RawData; } envelopedData.OriginatorInfo = new OriginatorInfoAsn { CertificateSet = certs, }; } envelopedData.RecipientInfos = new RecipientInfoAsn[recipients.Count]; bool allRecipientsVersion0 = true; for (var i = 0; i < recipients.Count; i++) { CmsRecipient recipient = recipients[i]; bool v0Recipient; switch (recipient.Certificate.GetKeyAlgorithm()) { case Oids.Rsa: envelopedData.RecipientInfos[i].Ktri = MakeKtri(cek, recipient, out v0Recipient); break; default: throw new CryptographicException( SR.Cryptography_Cms_UnknownAlgorithm, recipient.Certificate.GetKeyAlgorithm()); } allRecipientsVersion0 = allRecipientsVersion0 && v0Recipient; } // https://tools.ietf.org/html/rfc5652#section-6.1 // // v4 (RFC 3852): // * OriginatorInfo contains certificates with type other (not supported) // * OriginatorInfo contains crls with type other (not supported) // v3 (RFC 3369): // * OriginatorInfo contains v2 attribute certificates (not supported) // * Any PWRI (password) recipients are present (not supported) // * Any ORI (other) recipients are present (not supported) // v2 (RFC 2630): // * OriginatorInfo is present // * Any RecipientInfo has a non-zero version number // * UnprotectedAttrs is present // v1 (not defined for EnvelopedData) // v0 (RFC 2315): // * Anything not already matched if (envelopedData.OriginatorInfo != null || !allRecipientsVersion0 || envelopedData.UnprotectedAttributes != null) { envelopedData.Version = 2; } return(Helpers.EncodeContentInfo(envelopedData, Oids.Pkcs7Enveloped)); }