private ASN1 Pkcs8ShroudedKeyBagSafeBag (AsymmetricAlgorithm aa, IDictionary attributes) { PKCS8.PrivateKeyInfo pki = new PKCS8.PrivateKeyInfo (); if (aa is RSA) { pki.Algorithm = "1.2.840.113549.1.1.1"; pki.PrivateKey = PKCS8.PrivateKeyInfo.Encode ((RSA)aa); } else if (aa is DSA) { pki.Algorithm = null; pki.PrivateKey = PKCS8.PrivateKeyInfo.Encode ((DSA)aa); } else throw new CryptographicException ("Unknown asymmetric algorithm {0}", aa.ToString ()); PKCS8.EncryptedPrivateKeyInfo epki = new PKCS8.EncryptedPrivateKeyInfo (); epki.Algorithm = pbeWithSHAAnd3KeyTripleDESCBC; epki.IterationCount = _iterations; epki.EncryptedData = Encrypt (pbeWithSHAAnd3KeyTripleDESCBC, epki.Salt, _iterations, pki.GetBytes ()); ASN1 safeBag = new ASN1 (0x30); safeBag.Add (ASN1Convert.FromOid (pkcs8ShroudedKeyBag)); ASN1 bagValue = new ASN1 (0xA0); bagValue.Add (new ASN1 (epki.GetBytes ())); safeBag.Add (bagValue); if (attributes != null) { ASN1 bagAttributes = new ASN1 (0x31); IDictionaryEnumerator de = attributes.GetEnumerator (); while (de.MoveNext ()) { string oid = (string)de.Key; switch (oid) { case PKCS9.friendlyName: ArrayList names = (ArrayList)de.Value; if (names.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.friendlyName)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] name in names) { ASN1 attrValue = new ASN1 (0x1e); attrValue.Value = name; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; case PKCS9.localKeyId: ArrayList keys = (ArrayList)de.Value; if (keys.Count > 0) { ASN1 pkcs12Attribute = new ASN1 (0x30); pkcs12Attribute.Add (ASN1Convert.FromOid (PKCS9.localKeyId)); ASN1 attrValues = new ASN1 (0x31); foreach (byte[] key in keys) { ASN1 attrValue = new ASN1 (0x04); attrValue.Value = key; attrValues.Add (attrValue); } pkcs12Attribute.Add (attrValues); bagAttributes.Add (pkcs12Attribute); } break; default: break; } } if (bagAttributes.Count > 0) { safeBag.Add (bagAttributes); } } return safeBag; }
private void ReadSafeBag (ASN1 safeBag) { if (safeBag.Tag != 0x30) throw new ArgumentException ("invalid safeBag"); ASN1 bagId = safeBag [0]; if (bagId.Tag != 0x06) throw new ArgumentException ("invalid safeBag id"); ASN1 bagValue = safeBag [1]; string oid = ASN1Convert.ToOid (bagId); switch (oid) { case keyBag: // NEED UNIT TEST AddPrivateKey (new PKCS8.PrivateKeyInfo (bagValue.Value)); break; case pkcs8ShroudedKeyBag: PKCS8.EncryptedPrivateKeyInfo epki = new PKCS8.EncryptedPrivateKeyInfo (bagValue.Value); byte[] decrypted = Decrypt (epki.Algorithm, epki.Salt, epki.IterationCount, epki.EncryptedData); AddPrivateKey (new PKCS8.PrivateKeyInfo (decrypted)); Array.Clear (decrypted, 0, decrypted.Length); break; case certBag: PKCS7.ContentInfo cert = new PKCS7.ContentInfo (bagValue.Value); if (cert.ContentType != x509Certificate) throw new NotSupportedException ("unsupport certificate type"); X509Certificate x509 = new X509Certificate (cert.Content [0].Value); _certs.Add (x509); break; case crlBag: // TODO break; case secretBag: byte[] secret = bagValue.Value; _secretBags.Add(secret); break; case safeContentsBag: // TODO - ? recurse ? break; default: throw new ArgumentException ("unknown safeBag oid"); } if (safeBag.Count > 2) { ASN1 bagAttributes = safeBag [2]; if (bagAttributes.Tag != 0x31) throw new ArgumentException ("invalid safeBag attributes id"); for (int i = 0; i < bagAttributes.Count; i++) { ASN1 pkcs12Attribute = bagAttributes[i]; if (pkcs12Attribute.Tag != 0x30) throw new ArgumentException ("invalid PKCS12 attributes id"); ASN1 attrId = pkcs12Attribute [0]; if (attrId.Tag != 0x06) throw new ArgumentException ("invalid attribute id"); string attrOid = ASN1Convert.ToOid (attrId); ASN1 attrValues = pkcs12Attribute[1]; for (int j = 0; j < attrValues.Count; j++) { ASN1 attrValue = attrValues[j]; switch (attrOid) { case PKCS9.friendlyName: if (attrValue.Tag != 0x1e) throw new ArgumentException ("invalid attribute value id"); break; case PKCS9.localKeyId: if (attrValue.Tag != 0x04) throw new ArgumentException ("invalid attribute value id"); break; default: // Unknown OID -- don't check Tag break; } } } } _safeBags.Add (new SafeBag(oid, safeBag)); }
public AsymmetricAlgorithm GetAsymmetricAlgorithm (IDictionary attrs) { foreach (SafeBag sb in _safeBags) { if (sb.BagOID.Equals (keyBag) || sb.BagOID.Equals (pkcs8ShroudedKeyBag)) { ASN1 safeBag = sb.ASN1; if (safeBag.Count == 3) { ASN1 bagAttributes = safeBag [2]; int bagAttributesFound = 0; for (int i = 0; i < bagAttributes.Count; i++) { ASN1 pkcs12Attribute = bagAttributes [i]; ASN1 attrId = pkcs12Attribute [0]; string ao = ASN1Convert.ToOid (attrId); ArrayList dattrValues = (ArrayList)attrs [ao]; if (dattrValues != null) { ASN1 attrValues = pkcs12Attribute [1]; if (dattrValues.Count == attrValues.Count) { int attrValuesFound = 0; for (int j = 0; j < attrValues.Count; j++) { ASN1 attrValue = attrValues [j]; byte[] value = (byte[])dattrValues [j]; if (Compare (value, attrValue.Value)) { attrValuesFound += 1; } } if (attrValuesFound == attrValues.Count) { bagAttributesFound += 1; } } } } if (bagAttributesFound == bagAttributes.Count) { ASN1 bagValue = safeBag [1]; AsymmetricAlgorithm aa = null; if (sb.BagOID.Equals (keyBag)) { PKCS8.PrivateKeyInfo pki = new PKCS8.PrivateKeyInfo (bagValue.Value); byte[] privateKey = pki.PrivateKey; switch (privateKey [0]) { case 0x02: DSAParameters p = new DSAParameters (); // FIXME aa = PKCS8.PrivateKeyInfo.DecodeDSA (privateKey, p); break; case 0x30: aa = PKCS8.PrivateKeyInfo.DecodeRSA (privateKey); break; default: break; } Array.Clear (privateKey, 0, privateKey.Length); } else if (sb.BagOID.Equals (pkcs8ShroudedKeyBag)) { PKCS8.EncryptedPrivateKeyInfo epki = new PKCS8.EncryptedPrivateKeyInfo (bagValue.Value); byte[] decrypted = Decrypt (epki.Algorithm, epki.Salt, epki.IterationCount, epki.EncryptedData); PKCS8.PrivateKeyInfo pki = new PKCS8.PrivateKeyInfo (decrypted); byte[] privateKey = pki.PrivateKey; switch (privateKey [0]) { case 0x02: DSAParameters p = new DSAParameters (); // FIXME aa = PKCS8.PrivateKeyInfo.DecodeDSA (privateKey, p); break; case 0x30: aa = PKCS8.PrivateKeyInfo.DecodeRSA (privateKey); break; default: break; } Array.Clear (privateKey, 0, privateKey.Length); Array.Clear (decrypted, 0, decrypted.Length); } return aa; } } } } return null; }
public IDictionary GetAttributes (AsymmetricAlgorithm aa) { IDictionary result = new Hashtable (); foreach (SafeBag sb in _safeBags) { if (sb.BagOID.Equals (keyBag) || sb.BagOID.Equals (pkcs8ShroudedKeyBag)) { ASN1 safeBag = sb.ASN1; ASN1 bagValue = safeBag [1]; AsymmetricAlgorithm saa = null; if (sb.BagOID.Equals (keyBag)) { PKCS8.PrivateKeyInfo pki = new PKCS8.PrivateKeyInfo (bagValue.Value); byte[] privateKey = pki.PrivateKey; switch (privateKey [0]) { case 0x02: DSAParameters p = new DSAParameters (); // FIXME saa = PKCS8.PrivateKeyInfo.DecodeDSA (privateKey, p); break; case 0x30: saa = PKCS8.PrivateKeyInfo.DecodeRSA (privateKey); break; default: break; } Array.Clear (privateKey, 0, privateKey.Length); } else if (sb.BagOID.Equals (pkcs8ShroudedKeyBag)) { PKCS8.EncryptedPrivateKeyInfo epki = new PKCS8.EncryptedPrivateKeyInfo (bagValue.Value); byte[] decrypted = Decrypt (epki.Algorithm, epki.Salt, epki.IterationCount, epki.EncryptedData); PKCS8.PrivateKeyInfo pki = new PKCS8.PrivateKeyInfo (decrypted); byte[] privateKey = pki.PrivateKey; switch (privateKey [0]) { case 0x02: DSAParameters p = new DSAParameters (); // FIXME saa = PKCS8.PrivateKeyInfo.DecodeDSA (privateKey, p); break; case 0x30: saa = PKCS8.PrivateKeyInfo.DecodeRSA (privateKey); break; default: break; } Array.Clear (privateKey, 0, privateKey.Length); Array.Clear (decrypted, 0, decrypted.Length); } if (saa != null && CompareAsymmetricAlgorithm (saa, aa)) { if (safeBag.Count == 3) { ASN1 bagAttributes = safeBag [2]; for (int i = 0; i < bagAttributes.Count; i++) { ASN1 pkcs12Attribute = bagAttributes [i]; ASN1 attrId = pkcs12Attribute [0]; string aOid = ASN1Convert.ToOid (attrId); ArrayList aValues = new ArrayList (); ASN1 attrValues = pkcs12Attribute [1]; for (int j = 0; j < attrValues.Count; j++) { ASN1 attrValue = attrValues [j]; aValues.Add (attrValue.Value); } result.Add (aOid, aValues); } } } } } return result; }
public void RemovePkcs8ShroudedKeyBag (AsymmetricAlgorithm aa) { int aaIndex = -1; for (int i = 0; aaIndex == -1 && i < _safeBags.Count; i++) { SafeBag sb = (SafeBag)_safeBags [i]; if (sb.BagOID.Equals (pkcs8ShroudedKeyBag)) { ASN1 bagValue = sb.ASN1 [1]; PKCS8.EncryptedPrivateKeyInfo epki = new PKCS8.EncryptedPrivateKeyInfo (bagValue.Value); byte[] decrypted = Decrypt (epki.Algorithm, epki.Salt, epki.IterationCount, epki.EncryptedData); PKCS8.PrivateKeyInfo pki = new PKCS8.PrivateKeyInfo (decrypted); byte[] privateKey = pki.PrivateKey; AsymmetricAlgorithm saa = null; switch (privateKey [0]) { case 0x02: DSAParameters p = new DSAParameters (); // FIXME saa = PKCS8.PrivateKeyInfo.DecodeDSA (privateKey, p); break; case 0x30: saa = PKCS8.PrivateKeyInfo.DecodeRSA (privateKey); break; default: Array.Clear (decrypted, 0, decrypted.Length); Array.Clear (privateKey, 0, privateKey.Length); throw new CryptographicException ("Unknown private key format"); } Array.Clear (decrypted, 0, decrypted.Length); Array.Clear (privateKey, 0, privateKey.Length); if (CompareAsymmetricAlgorithm (aa, saa)) { aaIndex = i; } } } if (aaIndex != -1) { _safeBags.RemoveAt (aaIndex); _keyBagsChanged = true; } }