private TKey CreateKeyExchangeInfo(SymmetricAlgorithm keyExchangeAlgorithm)
{
if (keyExchangeAlgorithm == null)
{
throw ExceptionUtility.ArgumentNull(nameof(keyExchangeAlgorithm));
}
var keyExchange = new TKey();
var keyExchangeParameters = _publicKey.ExportParameters(false);
using (var keyExchangeAsym = CreateEphemeralAlgorithm(_publicKey.ProviderType, keyExchangeParameters))
{
byte[] encodedKeyExchangeInfo;
using (var keyExchangeAlg = keyExchangeAsym.CreateKeyExchange(keyExchangeParameters))
{
encodedKeyExchangeInfo = keyExchangeAlg.EncodeKeyExchange(keyExchangeAlgorithm, GostKeyExchangeExportMethod.CryptoProKeyExport);
}
var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo();
keyExchangeInfo.Decode(encodedKeyExchangeInfo);
keyExchange.SessionEncryptedKey = keyExchangeInfo;
keyExchange.TransportParameters = keyExchangeAsym.ExportParameters(false);
}
return(keyExchange);
}
private void DecodeSessionKey(Gost_R3410_KeyTransport keyTransport)
{
SessionEncryptedKey = new Gost_28147_89_KeyExchangeInfo
{
EncryptionParamSet = keyTransport.TransportParams.EncryptionParamSet.Oid.Value,
EncryptedKey = keyTransport.SessionEncryptedKey.EncryptedKey.Value,
Mac = keyTransport.SessionEncryptedKey.MacKey.Value,
Ukm = keyTransport.TransportParams.Ukm.Value
};
}
private static Gost_28147_89_KeyExchangeInfo DecodeSimpleBlob(byte[] exportedKeyBytes)
{
if (exportedKeyBytes == null)
{
throw ExceptionUtility.ArgumentNull(nameof(exportedKeyBytes));
}
if (exportedKeyBytes.Length < 16)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
}
if (BitConverter.ToUInt32(exportedKeyBytes, 4) != Constants.CALG_G28147)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
}
if (BitConverter.ToUInt32(exportedKeyBytes, 8) != Constants.G28147_MAGIC)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
}
if (BitConverter.ToUInt32(exportedKeyBytes, 12) != Constants.CALG_G28147)
{
throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA);
}
var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo();
var sourceIndex = 16;
keyExchangeInfo.Ukm = new byte[8];
Array.Copy(exportedKeyBytes, sourceIndex, keyExchangeInfo.Ukm, 0, 8);
sourceIndex += 8;
keyExchangeInfo.EncryptedKey = new byte[32];
Array.Copy(exportedKeyBytes, sourceIndex, keyExchangeInfo.EncryptedKey, 0, 32);
sourceIndex += 32;
keyExchangeInfo.Mac = new byte[4];
Array.Copy(exportedKeyBytes, sourceIndex, keyExchangeInfo.Mac, 0, 4);
sourceIndex += 4;
var encryptionParamSet = new byte[exportedKeyBytes.Length - sourceIndex];
Array.Copy(exportedKeyBytes, sourceIndex, encryptionParamSet, 0, exportedKeyBytes.Length - sourceIndex);
keyExchangeInfo.EncryptionParamSet = Gost_28147_89_KeyExchangeInfo.DecodeEncryptionParamSet(encryptionParamSet);
return(keyExchangeInfo);
}
private static byte[] EncodeSimpleBlob(Gost_28147_89_KeyExchangeInfo keyExchangeInfo)
{
if (keyExchangeInfo == null)
{
throw ExceptionUtility.ArgumentNull(nameof(keyExchangeInfo));
}
var encryptionParamSet = Gost_28147_89_KeyExchangeInfo.EncodeEncryptionParamSet(keyExchangeInfo.EncryptionParamSet);
var importedKeyBytes = new byte[encryptionParamSet.Length + 60];
var sourceIndex = 0;
importedKeyBytes[sourceIndex] = 1;
sourceIndex++;
importedKeyBytes[sourceIndex] = 32;
sourceIndex++;
sourceIndex += 2;
Array.Copy(BitConverter.GetBytes(Constants.CALG_G28147), 0, importedKeyBytes, sourceIndex, 4);
sourceIndex += 4;
Array.Copy(BitConverter.GetBytes(Constants.G28147_MAGIC), 0, importedKeyBytes, sourceIndex, 4);
sourceIndex += 4;
Array.Copy(BitConverter.GetBytes(Constants.CALG_G28147), 0, importedKeyBytes, sourceIndex, 4);
sourceIndex += 4;
Array.Copy(keyExchangeInfo.Ukm, 0, importedKeyBytes, sourceIndex, 8);
sourceIndex += 8;
Array.Copy(keyExchangeInfo.EncryptedKey, 0, importedKeyBytes, sourceIndex, 32);
sourceIndex += 32;
Array.Copy(keyExchangeInfo.Mac, 0, importedKeyBytes, sourceIndex, 4);
sourceIndex += 4;
Array.Copy(encryptionParamSet, 0, importedKeyBytes, sourceIndex, encryptionParamSet.Length);
return(importedKeyBytes);
}
public override SymmetricAlgorithm DecodePrivateKey(byte[] encodedKeyExchangeData, GostKeyExchangeExportMethod keyExchangeExportMethod)
{
if (encodedKeyExchangeData == null)
{
throw ExceptionUtility.ArgumentNull(nameof(encodedKeyExchangeData));
}
int keyExchangeExportAlgId;
if (keyExchangeExportMethod == GostKeyExchangeExportMethod.GostKeyExport)
{
keyExchangeExportAlgId = Constants.CALG_SIMPLE_EXPORT;
}
else if (keyExchangeExportMethod == GostKeyExchangeExportMethod.CryptoProKeyExport)
{
keyExchangeExportAlgId = Constants.CALG_PRO_EXPORT;
}
else
{
throw ExceptionUtility.ArgumentOutOfRange(nameof(keyExchangeExportMethod));
}
var providerHandle = CryptoApiHelper.GetProviderHandle(ProviderType);
var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo();
keyExchangeInfo.Decode(encodedKeyExchangeData);
using (var keyHandle = CryptoApiHelper.DuplicateKey(this.GetSafeHandle()))
{
CryptoApiHelper.SetKeyExchangeExportAlgId(ProviderType, keyHandle, keyExchangeExportAlgId);
var keyExchangeHandle = CryptoApiHelper.ImportKeyExchange(providerHandle, keyExchangeInfo, keyHandle);
return(new Gost_28147_89_SymmetricAlgorithm(ProviderType, providerHandle, keyExchangeHandle));
}
}
private SymmetricAlgorithm DecodeKeyExchangeInternal(byte[] encodedKeyExchangeData, int keyExchangeExportAlgId)
{
var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo();
keyExchangeInfo.Decode(encodedKeyExchangeData);
SafeKeyHandleImpl symKeyHandle;
SafeKeyHandleImpl keyExchangeHandle = null;
try
{
var importedKeyBytes = CryptoApiHelper.EncodePublicBlob(_keyExchangeParameters, _keySize, _signatureAlgId);
CryptoApiHelper.ImportCspBlob(importedKeyBytes, _provHandle, _keyHandle, out keyExchangeHandle);
CryptoApiHelper.SetKeyExchangeExportAlgId(ProviderType, keyExchangeHandle, keyExchangeExportAlgId);
symKeyHandle = CryptoApiHelper.ImportKeyExchange(_provHandle, keyExchangeInfo, keyExchangeHandle);
}
finally
{
keyExchangeHandle.TryDispose();
}
return(new Gost_28147_89_SymmetricAlgorithm(ProviderType, _provHandle, symKeyHandle));
}
public static SafeKeyHandleImpl ImportBulkSessionKey(ProviderType providerType, SafeProvHandleImpl providerHandle, byte[] bulkSessionKey, RNGCryptoServiceProvider randomNumberGenerator)
{
if (bulkSessionKey == null)
{
throw ExceptionUtility.ArgumentNull(nameof(bulkSessionKey));
}
if (randomNumberGenerator == null)
{
throw ExceptionUtility.ArgumentNull(nameof(randomNumberGenerator));
}
var hSessionKey = SafeKeyHandleImpl.InvalidHandle;
if (!CryptoApi.CryptGenKey(providerHandle, Constants.CALG_G28147, 0, ref hSessionKey))
{
throw CreateWin32Error();
}
var keyWrap = new Gost_28147_89_KeyExchangeInfo {
EncryptedKey = new byte[32]
};
Array.Copy(bulkSessionKey, keyWrap.EncryptedKey, 32);
SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_ECB);
SetKeyParameterInt32(hSessionKey, Constants.KP_ALGID, Constants.CALG_G28147);
SetKeyParameterInt32(hSessionKey, Constants.KP_PADDING, Constants.ZERO_PADDING);
uint sessionKeySize = 32;
if (!CryptoApi.CryptEncrypt(hSessionKey, SafeHashHandleImpl.InvalidHandle, true, 0, keyWrap.EncryptedKey, ref sessionKeySize, sessionKeySize))
{
throw CreateWin32Error();
}
SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_CFB);
var hashHandle = CreateHashImit(providerHandle, hSessionKey);
keyWrap.Ukm = new byte[8];
randomNumberGenerator.GetBytes(keyWrap.Ukm);
if (!CryptoApi.CryptSetHashParam(hashHandle, Constants.HP_HASHSTARTVECT, keyWrap.Ukm, 0))
{
throw CreateWin32Error();
}
if (!CryptoApi.CryptHashData(hashHandle, bulkSessionKey, 32, 0))
{
throw CreateWin32Error();
}
keyWrap.Mac = EndHashData(hashHandle);
keyWrap.EncryptionParamSet = GetKeyParameterString(hSessionKey, Constants.KP_CIPHEROID);
SetKeyExchangeExportAlgId(providerType, hSessionKey, Constants.CALG_SIMPLE_EXPORT);
SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_ECB);
SetKeyParameterInt32(hSessionKey, Constants.KP_PADDING, Constants.ZERO_PADDING);
return(ImportKeyExchange(providerHandle, keyWrap, hSessionKey));
}
public static SafeKeyHandleImpl ImportKeyExchange(SafeProvHandleImpl providerHandle, Gost_28147_89_KeyExchangeInfo keyExchangeInfo, SafeKeyHandleImpl keyExchangeHandle)
{
if (keyExchangeInfo == null)
{
throw ExceptionUtility.ArgumentNull(nameof(keyExchangeInfo));
}
var importedKeyBytes = EncodeSimpleBlob(keyExchangeInfo);
SafeKeyHandleImpl hKeyExchange;
ImportCspBlob(importedKeyBytes, providerHandle, keyExchangeHandle, out hKeyExchange);
return(hKeyExchange);
}
