private TKey CreateKeyExchangeInfo(SymmetricAlgorithm keyExchangeAlgorithm) { if (keyExchangeAlgorithm == null) { throw ExceptionUtility.ArgumentNull(nameof(keyExchangeAlgorithm)); } var keyExchange = new TKey(); var keyExchangeParameters = _publicKey.ExportParameters(false); using (var keyExchangeAsym = CreateEphemeralAlgorithm(_publicKey.ProviderType, keyExchangeParameters)) { byte[] encodedKeyExchangeInfo; using (var keyExchangeAlg = keyExchangeAsym.CreateKeyExchange(keyExchangeParameters)) { encodedKeyExchangeInfo = keyExchangeAlg.EncodeKeyExchange(keyExchangeAlgorithm, GostKeyExchangeExportMethod.CryptoProKeyExport); } var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo(); keyExchangeInfo.Decode(encodedKeyExchangeInfo); keyExchange.SessionEncryptedKey = keyExchangeInfo; keyExchange.TransportParameters = keyExchangeAsym.ExportParameters(false); } return(keyExchange); }
private void DecodeSessionKey(Gost_R3410_KeyTransport keyTransport) { SessionEncryptedKey = new Gost_28147_89_KeyExchangeInfo { EncryptionParamSet = keyTransport.TransportParams.EncryptionParamSet.Oid.Value, EncryptedKey = keyTransport.SessionEncryptedKey.EncryptedKey.Value, Mac = keyTransport.SessionEncryptedKey.MacKey.Value, Ukm = keyTransport.TransportParams.Ukm.Value }; }
private static Gost_28147_89_KeyExchangeInfo DecodeSimpleBlob(byte[] exportedKeyBytes) { if (exportedKeyBytes == null) { throw ExceptionUtility.ArgumentNull(nameof(exportedKeyBytes)); } if (exportedKeyBytes.Length < 16) { throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA); } if (BitConverter.ToUInt32(exportedKeyBytes, 4) != Constants.CALG_G28147) { throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA); } if (BitConverter.ToUInt32(exportedKeyBytes, 8) != Constants.G28147_MAGIC) { throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA); } if (BitConverter.ToUInt32(exportedKeyBytes, 12) != Constants.CALG_G28147) { throw ExceptionUtility.CryptographicException(Constants.NTE_BAD_DATA); } var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo(); var sourceIndex = 16; keyExchangeInfo.Ukm = new byte[8]; Array.Copy(exportedKeyBytes, sourceIndex, keyExchangeInfo.Ukm, 0, 8); sourceIndex += 8; keyExchangeInfo.EncryptedKey = new byte[32]; Array.Copy(exportedKeyBytes, sourceIndex, keyExchangeInfo.EncryptedKey, 0, 32); sourceIndex += 32; keyExchangeInfo.Mac = new byte[4]; Array.Copy(exportedKeyBytes, sourceIndex, keyExchangeInfo.Mac, 0, 4); sourceIndex += 4; var encryptionParamSet = new byte[exportedKeyBytes.Length - sourceIndex]; Array.Copy(exportedKeyBytes, sourceIndex, encryptionParamSet, 0, exportedKeyBytes.Length - sourceIndex); keyExchangeInfo.EncryptionParamSet = Gost_28147_89_KeyExchangeInfo.DecodeEncryptionParamSet(encryptionParamSet); return(keyExchangeInfo); }
private static byte[] EncodeSimpleBlob(Gost_28147_89_KeyExchangeInfo keyExchangeInfo) { if (keyExchangeInfo == null) { throw ExceptionUtility.ArgumentNull(nameof(keyExchangeInfo)); } var encryptionParamSet = Gost_28147_89_KeyExchangeInfo.EncodeEncryptionParamSet(keyExchangeInfo.EncryptionParamSet); var importedKeyBytes = new byte[encryptionParamSet.Length + 60]; var sourceIndex = 0; importedKeyBytes[sourceIndex] = 1; sourceIndex++; importedKeyBytes[sourceIndex] = 32; sourceIndex++; sourceIndex += 2; Array.Copy(BitConverter.GetBytes(Constants.CALG_G28147), 0, importedKeyBytes, sourceIndex, 4); sourceIndex += 4; Array.Copy(BitConverter.GetBytes(Constants.G28147_MAGIC), 0, importedKeyBytes, sourceIndex, 4); sourceIndex += 4; Array.Copy(BitConverter.GetBytes(Constants.CALG_G28147), 0, importedKeyBytes, sourceIndex, 4); sourceIndex += 4; Array.Copy(keyExchangeInfo.Ukm, 0, importedKeyBytes, sourceIndex, 8); sourceIndex += 8; Array.Copy(keyExchangeInfo.EncryptedKey, 0, importedKeyBytes, sourceIndex, 32); sourceIndex += 32; Array.Copy(keyExchangeInfo.Mac, 0, importedKeyBytes, sourceIndex, 4); sourceIndex += 4; Array.Copy(encryptionParamSet, 0, importedKeyBytes, sourceIndex, encryptionParamSet.Length); return(importedKeyBytes); }
public override SymmetricAlgorithm DecodePrivateKey(byte[] encodedKeyExchangeData, GostKeyExchangeExportMethod keyExchangeExportMethod) { if (encodedKeyExchangeData == null) { throw ExceptionUtility.ArgumentNull(nameof(encodedKeyExchangeData)); } int keyExchangeExportAlgId; if (keyExchangeExportMethod == GostKeyExchangeExportMethod.GostKeyExport) { keyExchangeExportAlgId = Constants.CALG_SIMPLE_EXPORT; } else if (keyExchangeExportMethod == GostKeyExchangeExportMethod.CryptoProKeyExport) { keyExchangeExportAlgId = Constants.CALG_PRO_EXPORT; } else { throw ExceptionUtility.ArgumentOutOfRange(nameof(keyExchangeExportMethod)); } var providerHandle = CryptoApiHelper.GetProviderHandle(ProviderType); var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo(); keyExchangeInfo.Decode(encodedKeyExchangeData); using (var keyHandle = CryptoApiHelper.DuplicateKey(this.GetSafeHandle())) { CryptoApiHelper.SetKeyExchangeExportAlgId(ProviderType, keyHandle, keyExchangeExportAlgId); var keyExchangeHandle = CryptoApiHelper.ImportKeyExchange(providerHandle, keyExchangeInfo, keyHandle); return(new Gost_28147_89_SymmetricAlgorithm(ProviderType, providerHandle, keyExchangeHandle)); } }
private SymmetricAlgorithm DecodeKeyExchangeInternal(byte[] encodedKeyExchangeData, int keyExchangeExportAlgId) { var keyExchangeInfo = new Gost_28147_89_KeyExchangeInfo(); keyExchangeInfo.Decode(encodedKeyExchangeData); SafeKeyHandleImpl symKeyHandle; SafeKeyHandleImpl keyExchangeHandle = null; try { var importedKeyBytes = CryptoApiHelper.EncodePublicBlob(_keyExchangeParameters, _keySize, _signatureAlgId); CryptoApiHelper.ImportCspBlob(importedKeyBytes, _provHandle, _keyHandle, out keyExchangeHandle); CryptoApiHelper.SetKeyExchangeExportAlgId(ProviderType, keyExchangeHandle, keyExchangeExportAlgId); symKeyHandle = CryptoApiHelper.ImportKeyExchange(_provHandle, keyExchangeInfo, keyExchangeHandle); } finally { keyExchangeHandle.TryDispose(); } return(new Gost_28147_89_SymmetricAlgorithm(ProviderType, _provHandle, symKeyHandle)); }
public static SafeKeyHandleImpl ImportBulkSessionKey(ProviderType providerType, SafeProvHandleImpl providerHandle, byte[] bulkSessionKey, RNGCryptoServiceProvider randomNumberGenerator) { if (bulkSessionKey == null) { throw ExceptionUtility.ArgumentNull(nameof(bulkSessionKey)); } if (randomNumberGenerator == null) { throw ExceptionUtility.ArgumentNull(nameof(randomNumberGenerator)); } var hSessionKey = SafeKeyHandleImpl.InvalidHandle; if (!CryptoApi.CryptGenKey(providerHandle, Constants.CALG_G28147, 0, ref hSessionKey)) { throw CreateWin32Error(); } var keyWrap = new Gost_28147_89_KeyExchangeInfo { EncryptedKey = new byte[32] }; Array.Copy(bulkSessionKey, keyWrap.EncryptedKey, 32); SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_ECB); SetKeyParameterInt32(hSessionKey, Constants.KP_ALGID, Constants.CALG_G28147); SetKeyParameterInt32(hSessionKey, Constants.KP_PADDING, Constants.ZERO_PADDING); uint sessionKeySize = 32; if (!CryptoApi.CryptEncrypt(hSessionKey, SafeHashHandleImpl.InvalidHandle, true, 0, keyWrap.EncryptedKey, ref sessionKeySize, sessionKeySize)) { throw CreateWin32Error(); } SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_CFB); var hashHandle = CreateHashImit(providerHandle, hSessionKey); keyWrap.Ukm = new byte[8]; randomNumberGenerator.GetBytes(keyWrap.Ukm); if (!CryptoApi.CryptSetHashParam(hashHandle, Constants.HP_HASHSTARTVECT, keyWrap.Ukm, 0)) { throw CreateWin32Error(); } if (!CryptoApi.CryptHashData(hashHandle, bulkSessionKey, 32, 0)) { throw CreateWin32Error(); } keyWrap.Mac = EndHashData(hashHandle); keyWrap.EncryptionParamSet = GetKeyParameterString(hSessionKey, Constants.KP_CIPHEROID); SetKeyExchangeExportAlgId(providerType, hSessionKey, Constants.CALG_SIMPLE_EXPORT); SetKeyParameterInt32(hSessionKey, Constants.KP_MODE, Constants.CRYPT_MODE_ECB); SetKeyParameterInt32(hSessionKey, Constants.KP_PADDING, Constants.ZERO_PADDING); return(ImportKeyExchange(providerHandle, keyWrap, hSessionKey)); }
public static SafeKeyHandleImpl ImportKeyExchange(SafeProvHandleImpl providerHandle, Gost_28147_89_KeyExchangeInfo keyExchangeInfo, SafeKeyHandleImpl keyExchangeHandle) { if (keyExchangeInfo == null) { throw ExceptionUtility.ArgumentNull(nameof(keyExchangeInfo)); } var importedKeyBytes = EncodeSimpleBlob(keyExchangeInfo); SafeKeyHandleImpl hKeyExchange; ImportCspBlob(importedKeyBytes, providerHandle, keyExchangeHandle, out hKeyExchange); return(hKeyExchange); }