public static EncryptedEntity Decode(byte[] encoded, EncryptedVerifier verifier)
{
try
{
var bsnkType = Asn1Parser.GetBsnkType(encoded);
byte[] signedPayload;
Signature signature;
switch (bsnkType)
{
case Constants.EncryptedIdentityName:
var encryptedIdentity = Asn1Parser.GetEncryptedEntity <EncryptedIdentity>(encoded, false);
return(encryptedIdentity);
case Constants.EncryptedPseudonymName:
var encryptedPseudonym = Asn1Parser.GetEncryptedEntity <EncryptedPseudonym>(encoded, true);
return(encryptedPseudonym);
case Constants.SignedEncryptedIdentityName:
if (verifier == null)
{
throw new ParsingException("No verifier for identity found");
}
signedPayload = Asn1Parser.GetSignedPayload(encoded);
var signedEncryptedIdentity = Asn1Parser.GetEncryptedEntity <EncryptedIdentity>(signedPayload, false);
signature = Asn1Parser.GetSignature(encoded);
verifier.Verify(signedPayload, signature);
return(signedEncryptedIdentity);
case Constants.SignedEncryptedPseudonymName:
if (verifier == null)
{
throw new ParsingException("No verifier for pseudonym found");
}
signedPayload = Asn1Parser.GetSignedPayload(encoded);
var signedEncryptedPseudonym = Asn1Parser.GetEncryptedEntity <EncryptedPseudonym>(signedPayload, true);
signature = Asn1Parser.GetSignature(encoded);
verifier.Verify(signedPayload, signature);
return(signedEncryptedPseudonym);
default:
throw new ParsingException($"Cannot handle type {bsnkType}");
}
}
catch (IOException e)
{
throw new ParsingException("Could not read ASN1", e);
}
}
public EncryptedEntityParser(byte[] encoded)
{
parser = new Asn1Parser(encoded);
validBsnkTypes = new Dictionary <string, Func <EncryptedEntity> >
{
{ EncryptedIdentityName, Create <EncryptedIdentity> },
{ SignedEncryptedIdentityName, Create <EncryptedIdentity> },
{ EncryptedPseudonymName, Create <EncryptedPseudonym> },
{ SignedEncryptedPseudonymName, Create <EncryptedPseudonym> }
};
}
private void DecodeContent(byte[] encoded)
{
var parser = new Asn1Parser(encoded);
parser.ReadObject <DerSequenceParser>();
var version = parser.ReadObject <DerInteger>().Value.IntValue;
if (1 != version)
{
throw new ParsingException($"Expected version 1, got {version}");
}
var octetString = (DerOctetString)parser.ReadObject <DerOctetStringParser>().ToAsn1Object();
privateKey = new BigInteger(1, octetString.GetOctets());
parser.ReadObject <BerTaggedObjectParser>();
var oid = parser.ReadObject <DerObjectIdentifier>();
if (!BrainpoolP320R1.ObjectIdentifier.Equals(oid))
{
throw new ParsingException($"Expected BrainpoolP320r1 ({BrainpoolP320R1.ObjectIdentifier}), got {oid}");
}
var obj = parser.ReadObject();
if (obj == null)
{
return;
}
Asn1Parser.CheckObject <BerTaggedObjectParser>(obj);
try
{
publicKey = BrainpoolP320R1.Curve.DecodePoint(parser.ReadObject <DerBitString>().GetBytes()).Normalize();
}
catch (ArgumentException e)
{
throw new ParsingException("Could not decode point on curve", e);
}
BrainpoolP320R1.G.Multiply(privateKey).Normalize();
if (!BrainpoolP320R1.G.Multiply(privateKey).Equals(publicKey))
{
throw new ParsingException("Public key does not belong to private key");
}
}
private void DecodeSigned(bool isPseudonym, EncryptedVerifier verifier)
{
try
{
var payload = parser.ReadObject <DerSequenceParser>().ToAsn1Object().GetDerEncoded();
var payloadParser = new Asn1Parser(payload);
payloadParser.ReadObject <DerSequenceParser>();
bsnkType = payloadParser.GetBsnkType();
switch (bsnkType)
{
case EncryptedIdentityName:
if (isPseudonym)
{
throw new ParsingException("Encrypted identity inside signed encrypted pseudonym");
}
DecodePayload(payloadParser, false);
break;
case EncryptedPseudonymName:
if (!isPseudonym)
{
throw new ParsingException("Encrypted pseudonym inside signed encrypted identity");
}
DecodePayload(payloadParser, true);
break;
default:
throw new ParsingException($"Cannot handle type {bsnkType}");
}
var signature = DecodeSignature();
verifier.Verify(payload, signature);
}
catch (IOException e)
{
throw new ParsingException("ASN1 decode error", e);
}
}
public DecryptKey Decode(string pemContents)
{
try
{
var pemObject = ReadPemObject(pemContents);
var decryptKey = DecodeHeaders(pemObject.Headers);
if (!validDecryptTypes.Contains(decryptKey.Type))
{
throw new PolymorphicPseudonymisationException($"Unknown type {decryptKey.Type}");
}
decryptKey.KeyPair = Asn1Parser.GetKeyPair(pemObject.Content);
return(decryptKey);
}
catch (IOException e)
{
throw new ParsingException("Could not read PEM", e);
}
}
private void DecodePayload(Asn1Parser payloadParser, bool isPseudonym)
{
schemeVersion = payloadParser.ReadObject <DerInteger>().Value.IntValue;
schemeKeyVersion = payloadParser.ReadObject <DerInteger>().Value.IntValue;
payloadParser.ReadObject <DerIA5String>(); //Creator, not used
recipient = payloadParser.ReadObject <DerIA5String>().GetString();
recipientKeySetVersion = payloadParser.ReadObject <DerInteger>().Value.IntValue;
if (isPseudonym)
{
var obj = payloadParser.ReadObject();
if (obj is DerIA5String derIa5String)
{
derIa5String.GetString();
payloadParser.ReadObject <DerInteger>(); //Type, not used
}
else
{
Asn1Parser.CheckObject <DerInteger>(obj); //Type, not used
}
}
payloadParser.ReadObject <DerSequenceParser>();
points = new ECPoint[3];
for (var i = 0; i < points.Length; i++)
{
var octet =
(DerOctetString)payloadParser.ReadObject <DerOctetStringParser>().ToAsn1Object();
try
{
points[i] = BrainpoolP320R1.Curve.DecodePoint(octet.GetOctets());
}
catch (ArgumentException e)
{
throw new ParsingException("Could not decode point on curve", e);
}
}
}
public EncryptedEntityParser(byte[] encoded)
{
parser = new Asn1Parser(encoded);
}
