//
// This returns an allocated native memory block. Its lifetime (and that of any allocated subblocks it may point to) is that of "hb".
//
private static unsafe CERT_ID EncodeRecipientId(CmsRecipient recipient, SafeCertContextHandle hCertContext, CERT_CONTEXT *pCertContext, CERT_INFO *pCertInfo, HeapBlockRetainer hb)
{
CERT_ID recipientId = default(CERT_ID);
SubjectIdentifierType type = recipient.RecipientIdentifierType;
switch (type)
{
case SubjectIdentifierType.IssuerAndSerialNumber:
{
recipientId.dwIdChoice = CertIdChoice.CERT_ID_ISSUER_SERIAL_NUMBER;
recipientId.u.IssuerSerialNumber.Issuer = pCertInfo->Issuer;
recipientId.u.IssuerSerialNumber.SerialNumber = pCertInfo->SerialNumber;
break;
}
case SubjectIdentifierType.SubjectKeyIdentifier:
{
byte[] ski = hCertContext.GetSubjectKeyIdentifer();
IntPtr pSki = hb.AllocBytes(ski);
recipientId.dwIdChoice = CertIdChoice.CERT_ID_KEY_IDENTIFIER;
recipientId.u.KeyId.cbData = (uint)(ski.Length);
recipientId.u.KeyId.pbData = pSki;
break;
}
default:
// The public contract for CmsRecipient guarantees that SubjectKeyIdentifier and IssuerAndSerialNumber are the only two possibilities.
Debug.Fail($"Unexpected SubjectIdentifierType: {type}");
throw new NotSupportedException(SR.Format(SR.Cryptography_Cms_Invalid_Subject_Identifier_Type, type));
}
return(recipientId);
}
//
// This returns an allocated native memory block. Its lifetime (and that of any allocated subblocks it may point to) is that of "hb".
//
private static unsafe CMSG_ENVELOPED_ENCODE_INFO *CreateCmsEnvelopedEncodeInfo(CmsRecipientCollection recipients, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes, HeapBlockRetainer hb)
{
CMSG_ENVELOPED_ENCODE_INFO *pEnvelopedEncodeInfo = (CMSG_ENVELOPED_ENCODE_INFO *)(hb.Alloc(sizeof(CMSG_ENVELOPED_ENCODE_INFO)));
pEnvelopedEncodeInfo->cbSize = sizeof(CMSG_ENVELOPED_ENCODE_INFO);
pEnvelopedEncodeInfo->hCryptProv = IntPtr.Zero;
string algorithmOidValue = contentEncryptionAlgorithm.Oid.Value;
pEnvelopedEncodeInfo->ContentEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(algorithmOidValue);
// Desktop compat: Though it seems like we could copy over the contents of contentEncryptionAlgorithm.Parameters, that property is for retrieving information from decoded Cms's only, and it
// massages the raw data so it wouldn't be usable here anyway. To hammer home that fact, the EncryptedCms constructer rather rudely forces contentEncryptionAlgorithm.Parameters to be the empty array.
pEnvelopedEncodeInfo->ContentEncryptionAlgorithm.Parameters.cbData = 0;
pEnvelopedEncodeInfo->ContentEncryptionAlgorithm.Parameters.pbData = IntPtr.Zero;
pEnvelopedEncodeInfo->pvEncryptionAuxInfo = GenerateEncryptionAuxInfoIfNeeded(contentEncryptionAlgorithm, hb);
int numRecipients = recipients.Count;
pEnvelopedEncodeInfo->cRecipients = numRecipients;
pEnvelopedEncodeInfo->rgpRecipients = IntPtr.Zero;
CMSG_RECIPIENT_ENCODE_INFO *rgCmsRecipients = (CMSG_RECIPIENT_ENCODE_INFO *)(hb.Alloc(numRecipients, sizeof(CMSG_RECIPIENT_ENCODE_INFO)));
for (int index = 0; index < numRecipients; index++)
{
rgCmsRecipients[index] = EncodeRecipientInfo(recipients[index], contentEncryptionAlgorithm, hb);
}
pEnvelopedEncodeInfo->rgCmsRecipients = rgCmsRecipients;
int numCertificates = originatorCerts.Count;
pEnvelopedEncodeInfo->cCertEncoded = numCertificates;
pEnvelopedEncodeInfo->rgCertEncoded = null;
if (numCertificates != 0)
{
DATA_BLOB *pCertEncoded = (DATA_BLOB *)(hb.Alloc(numCertificates, sizeof(DATA_BLOB)));
for (int i = 0; i < numCertificates; i++)
{
byte[] certEncoded = originatorCerts[i].Export(X509ContentType.Cert);
pCertEncoded[i].cbData = (uint)(certEncoded.Length);
pCertEncoded[i].pbData = hb.AllocBytes(certEncoded);
}
pEnvelopedEncodeInfo->rgCertEncoded = pCertEncoded;
}
pEnvelopedEncodeInfo->cCrlEncoded = 0;
pEnvelopedEncodeInfo->rgCrlEncoded = null;
pEnvelopedEncodeInfo->cAttrCertEncoded = 0;
pEnvelopedEncodeInfo->rgAttrCertEncoded = null;
int numUnprotectedAttributes = unprotectedAttributes.Count;
pEnvelopedEncodeInfo->cUnprotectedAttr = numUnprotectedAttributes;
pEnvelopedEncodeInfo->rgUnprotectedAttr = null;
if (numUnprotectedAttributes != 0)
{
CRYPT_ATTRIBUTE *pCryptAttribute = (CRYPT_ATTRIBUTE *)(hb.Alloc(numUnprotectedAttributes, sizeof(CRYPT_ATTRIBUTE)));
for (int i = 0; i < numUnprotectedAttributes; i++)
{
CryptographicAttributeObject attribute = unprotectedAttributes[i];
pCryptAttribute[i].pszObjId = hb.AllocAsciiString(attribute.Oid.Value);
AsnEncodedDataCollection values = attribute.Values;
int numValues = values.Count;
pCryptAttribute[i].cValue = numValues;
DATA_BLOB *pValues = (DATA_BLOB *)(hb.Alloc(numValues, sizeof(DATA_BLOB)));
for (int j = 0; j < numValues; j++)
{
byte[] rawData = values[j].RawData;
pValues[j].cbData = (uint)(rawData.Length);
pValues[j].pbData = hb.AllocBytes(rawData);
}
pCryptAttribute[i].rgValue = pValues;
}
pEnvelopedEncodeInfo->rgUnprotectedAttr = pCryptAttribute;
}
return(pEnvelopedEncodeInfo);
}
//
// This returns an allocated native memory block. Its lifetime (and that of any allocated subblocks it may point to) is that of "hb".
//
private static unsafe CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *EncodeKeyTransRecipientInfo(CmsRecipient recipient, HeapBlockRetainer hb)
{
// "recipient" is a deep-cloned CmsRecipient object whose lifetime this class controls. Because of this, we can pull out the CERT_CONTEXT* and CERT_INFO* pointers
// and embed pointers to them in the memory block we return. Yes, this code is scary.
//
// (The use of SafeCertContextHandle here is about using a consistent pattern to get the CERT_CONTEXT (rather than the ugly (CERT_CONTEXT*)(recipient.Certificate.Handle) pattern.)
// It's not about keeping the context alive.)
using (SafeCertContextHandle hCertContext = recipient.Certificate.CreateCertContextHandle())
{
CERT_CONTEXT *pCertContext = hCertContext.DangerousGetCertContext();
CERT_INFO * pCertInfo = pCertContext->pCertInfo;
CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *pEncodeInfo = (CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *)(hb.Alloc(sizeof(CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO)));
pEncodeInfo->cbSize = sizeof(CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO);
if (recipient.RSAEncryptionPadding is null)
{
CRYPT_ALGORITHM_IDENTIFIER algId = pCertInfo->SubjectPublicKeyInfo.Algorithm;
pEncodeInfo->KeyEncryptionAlgorithm = algId;
}
else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.Pkcs1)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.Rsa);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaPkcsParameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaPkcsParameters);
}
else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA1)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha1Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha1Parameters);
}
else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA256)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha256Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha256Parameters);
}
else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA384)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha384Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha384Parameters);
}
else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA512)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha512Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha512Parameters);
}
else
{
throw ErrorCode.CRYPT_E_UNKNOWN_ALGO.ToCryptographicException();
}
pEncodeInfo->pvKeyEncryptionAuxInfo = IntPtr.Zero;
pEncodeInfo->hCryptProv = IntPtr.Zero;
pEncodeInfo->RecipientPublicKey = pCertInfo->SubjectPublicKeyInfo.PublicKey;
pEncodeInfo->RecipientId = EncodeRecipientId(recipient, hCertContext, pCertContext, pCertInfo, hb);
return(pEncodeInfo);
}
}
//
// This returns an allocated native memory block. Its lifetime (and that of any allocated subblocks it may point to) is that of "hb".
//
private static unsafe CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *EncodeKeyTransRecipientInfo(CmsRecipient recipient, HeapBlockRetainer hb)
{
// "recipient" is a deep-cloned CmsRecipient object whose lifetime this class controls. Because of this, we can pull out the CERT_CONTEXT* and CERT_INFO* pointers
// and embed pointers to them in the memory block we return. Yes, this code is scary.
//
// (The use of SafeCertContextHandle here is about using a consistent pattern to get the CERT_CONTEXT (rather than the ugly (CERT_CONTEXT*)(recipient.Certificate.Handle) pattern.)
// It's not about keeping the context alive.)
using (SafeCertContextHandle hCertContext = recipient.Certificate.CreateCertContextHandle())
{
CERT_CONTEXT *pCertContext = hCertContext.DangerousGetCertContext();
CERT_INFO * pCertInfo = pCertContext->pCertInfo;
CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *pEncodeInfo = (CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *)(hb.Alloc(sizeof(CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO)));
pEncodeInfo->cbSize = sizeof(CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO);
RSAEncryptionPadding padding = recipient.RSAEncryptionPadding;
if (padding is null)
{
if (recipient.Certificate.GetKeyAlgorithm() == Oids.RsaOaep)
{
byte[] parameters = recipient.Certificate.GetKeyAlgorithmParameters();
if (parameters == null || parameters.Length == 0)
{
padding = RSAEncryptionPadding.OaepSHA1;
}
else if (!PkcsHelpers.TryGetRsaOaepEncryptionPadding(parameters, out padding, out _))
{
throw ErrorCode.CRYPT_E_UNKNOWN_ALGO.ToCryptographicException();
}
}
else
{
// gost falls in here
padding = RSAEncryptionPadding.Pkcs1;
}
}
if (padding == RSAEncryptionPadding.Pkcs1)
{
// begin: gost
switch (recipient.Certificate.GetKeyAlgorithm())
{
case Oids.Gost3410:
case Oids.Gost3410_2012_256:
case Oids.Gost3410_2012_512:
{
// copy from cert info explicitly
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(recipient.Certificate.GetKeyAlgorithm());
// uint, копируем
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = pCertInfo->SubjectPublicKeyInfo.Algorithm.Parameters.cbData;
// копируем из памяти и записываем
var pbDataBytes = new byte[pCertInfo->SubjectPublicKeyInfo.Algorithm.Parameters.cbData];
Marshal.Copy(pCertInfo->SubjectPublicKeyInfo.Algorithm.Parameters.pbData, pbDataBytes, 0, pbDataBytes.Length);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(pbDataBytes);
break;
}
default:
{
// end: gost
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.Rsa);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaPkcsParameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaPkcsParameters);
break;
}
}
}
else if (padding == RSAEncryptionPadding.OaepSHA1)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha1Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha1Parameters);
}
else if (padding == RSAEncryptionPadding.OaepSHA256)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha256Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha256Parameters);
}
else if (padding == RSAEncryptionPadding.OaepSHA384)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha384Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha384Parameters);
}
else if (padding == RSAEncryptionPadding.OaepSHA512)
{
pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep);
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha512Parameters.Length;
pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha512Parameters);
}
else
{
throw ErrorCode.CRYPT_E_UNKNOWN_ALGO.ToCryptographicException();
}
pEncodeInfo->pvKeyEncryptionAuxInfo = IntPtr.Zero;
pEncodeInfo->hCryptProv = IntPtr.Zero;
pEncodeInfo->RecipientPublicKey = pCertInfo->SubjectPublicKeyInfo.PublicKey;
pEncodeInfo->RecipientId = EncodeRecipientId(recipient, hCertContext, pCertContext, pCertInfo, hb);
return(pEncodeInfo);
}
}
//
// This returns an allocated native memory block. Its lifetime (and that of any allocated subblocks it may point to) is that of "hb".
//
private static unsafe CMSG_ENVELOPED_ENCODE_INFO* CreateCmsEnvelopedEncodeInfo(CmsRecipientCollection recipients, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes, HeapBlockRetainer hb)
{
CMSG_ENVELOPED_ENCODE_INFO* pEnvelopedEncodeInfo = (CMSG_ENVELOPED_ENCODE_INFO*)(hb.Alloc(sizeof(CMSG_ENVELOPED_ENCODE_INFO)));
pEnvelopedEncodeInfo->cbSize = sizeof(CMSG_ENVELOPED_ENCODE_INFO);
pEnvelopedEncodeInfo->hCryptProv = IntPtr.Zero;
string algorithmOidValue = contentEncryptionAlgorithm.Oid.Value;
pEnvelopedEncodeInfo->ContentEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(algorithmOidValue);
// Desktop compat: Though it seems like we could copy over the contents of contentEncryptionAlgorithm.Parameters, that property is for retrieving information from decoded Cms's only, and it
// massages the raw data so it wouldn't be usable here anyway. To hammer home that fact, the EncryptedCms constructer rather rudely forces contentEncryptionAlgorithm.Parameters to be the empty array.
pEnvelopedEncodeInfo->ContentEncryptionAlgorithm.Parameters.cbData = 0;
pEnvelopedEncodeInfo->ContentEncryptionAlgorithm.Parameters.pbData = IntPtr.Zero;
pEnvelopedEncodeInfo->pvEncryptionAuxInfo = GenerateEncryptionAuxInfoIfNeeded(contentEncryptionAlgorithm, hb);
int numRecipients = recipients.Count;
pEnvelopedEncodeInfo->cRecipients = numRecipients;
pEnvelopedEncodeInfo->rgpRecipients = IntPtr.Zero;
CMSG_RECIPIENT_ENCODE_INFO* rgCmsRecipients = (CMSG_RECIPIENT_ENCODE_INFO*)(hb.Alloc(numRecipients, sizeof(CMSG_RECIPIENT_ENCODE_INFO)));
for (int index = 0; index < numRecipients; index++)
{
rgCmsRecipients[index] = EncodeRecipientInfo(recipients[index], contentEncryptionAlgorithm, hb);
}
pEnvelopedEncodeInfo->rgCmsRecipients = rgCmsRecipients;
int numCertificates = originatorCerts.Count;
pEnvelopedEncodeInfo->cCertEncoded = numCertificates;
pEnvelopedEncodeInfo->rgCertEncoded = null;
if (numCertificates != 0)
{
DATA_BLOB* pCertEncoded = (DATA_BLOB*)(hb.Alloc(numCertificates, sizeof(DATA_BLOB)));
for (int i = 0; i < numCertificates; i++)
{
byte[] certEncoded = originatorCerts[i].Export(X509ContentType.Cert);
pCertEncoded[i].cbData = (uint)(certEncoded.Length);
pCertEncoded[i].pbData = hb.AllocBytes(certEncoded);
}
pEnvelopedEncodeInfo->rgCertEncoded = pCertEncoded;
}
pEnvelopedEncodeInfo->cCrlEncoded = 0;
pEnvelopedEncodeInfo->rgCrlEncoded = null;
pEnvelopedEncodeInfo->cAttrCertEncoded = 0;
pEnvelopedEncodeInfo->rgAttrCertEncoded = null;
int numUnprotectedAttributes = unprotectedAttributes.Count;
pEnvelopedEncodeInfo->cUnprotectedAttr = numUnprotectedAttributes;
pEnvelopedEncodeInfo->rgUnprotectedAttr = null;
if (numUnprotectedAttributes != 0)
{
CRYPT_ATTRIBUTE* pCryptAttribute = (CRYPT_ATTRIBUTE*)(hb.Alloc(numUnprotectedAttributes, sizeof(CRYPT_ATTRIBUTE)));
for (int i = 0; i < numUnprotectedAttributes; i++)
{
CryptographicAttributeObject attribute = unprotectedAttributes[i];
pCryptAttribute[i].pszObjId = hb.AllocAsciiString(attribute.Oid.Value);
AsnEncodedDataCollection values = attribute.Values;
int numValues = values.Count;
pCryptAttribute[i].cValue = numValues;
DATA_BLOB* pValues = (DATA_BLOB*)(hb.Alloc(numValues, sizeof(DATA_BLOB)));
for (int j = 0; j < numValues; j++)
{
byte[] rawData = values[j].RawData;
pValues[j].cbData = (uint)(rawData.Length);
pValues[j].pbData = hb.AllocBytes(rawData);
}
pCryptAttribute[i].rgValue = pValues;
}
pEnvelopedEncodeInfo->rgUnprotectedAttr = pCryptAttribute;
}
return pEnvelopedEncodeInfo;
}
//
// This returns an allocated native memory block. Its lifetime (and that of any allocated subblocks it may point to) is that of "hb".
//
private static unsafe CERT_ID EncodeRecipientId(CmsRecipient recipient, SafeCertContextHandle hCertContext, CERT_CONTEXT* pCertContext, CERT_INFO* pCertInfo, HeapBlockRetainer hb)
{
CERT_ID recipientId = default(CERT_ID);
SubjectIdentifierType type = recipient.RecipientIdentifierType;
switch (type)
{
case SubjectIdentifierType.IssuerAndSerialNumber:
{
recipientId.dwIdChoice = CertIdChoice.CERT_ID_ISSUER_SERIAL_NUMBER;
recipientId.u.IssuerSerialNumber.Issuer = pCertInfo->Issuer;
recipientId.u.IssuerSerialNumber.SerialNumber = pCertInfo->SerialNumber;
break;
}
case SubjectIdentifierType.SubjectKeyIdentifier:
{
byte[] ski = hCertContext.GetSubjectKeyIdentifer();
IntPtr pSki = hb.AllocBytes(ski);
recipientId.dwIdChoice = CertIdChoice.CERT_ID_KEY_IDENTIFIER;
recipientId.u.KeyId.cbData = (uint)(ski.Length);
recipientId.u.KeyId.pbData = pSki;
break;
}
default:
// The public contract for CmsRecipient guarantees that SubjectKeyIdentifier and IssuerAndSerialNumber are the only two possibilities.
Debug.Fail($"Unexpected SubjectIdentifierType: {type}");
throw new NotSupportedException(SR.Format(SR.Cryptography_Cms_Invalid_Subject_Identifier_Type, type));
}
return recipientId;
}