public AuthEnvelopedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
EncryptedContentInfo authEncryptedContentInfo,
Asn1Set authAttrs,
Asn1OctetString mac,
Asn1Set unauthAttrs)
{
// "It MUST be set to 0."
this.version = new DerInteger(0);
this.originatorInfo = originatorInfo;
// TODO
// "There MUST be at least one element in the collection."
this.recipientInfos = recipientInfos;
this.authEncryptedContentInfo = authEncryptedContentInfo;
// TODO
// "The authAttrs MUST be present if the content type carried in
// EncryptedContentInfo is not id-data."
this.authAttrs = authAttrs;
this.mac = mac;
this.unauthAttrs = unauthAttrs;
}
public EnvelopedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
EncryptedContentInfo encryptedContentInfo,
Asn1Set unprotectedAttrs)
{
if (originatorInfo != null || unprotectedAttrs != null)
{
version = new DerInteger(2);
}
else
{
version = new DerInteger(0);
foreach (object o in recipientInfos)
{
RecipientInfo ri = RecipientInfo.GetInstance(o);
if (!ri.Version.Equals(version))
{
version = new DerInteger(2);
break;
}
}
}
this.originatorInfo = originatorInfo;
this.recipientInfos = recipientInfos;
this.encryptedContentInfo = encryptedContentInfo;
this.unprotectedAttrs = unprotectedAttrs;
}
public EncryptedData(
EncryptedContentInfo encInfo,
Asn1Set unprotectedAttrs)
{
if (encInfo == null)
throw new ArgumentNullException("encInfo");
this.version = new DerInteger((unprotectedAttrs == null) ? 0 : 2);
this.encryptedContentInfo = encInfo;
this.unprotectedAttrs = unprotectedAttrs;
}
public EnvelopedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
EncryptedContentInfo encryptedContentInfo,
Attributes unprotectedAttrs)
{
this.version = new DerInteger(CalculateVersion(originatorInfo, recipientInfos, Asn1Set.GetInstance(unprotectedAttrs)));
this.originatorInfo = originatorInfo;
this.recipientInfos = recipientInfos;
this.encryptedContentInfo = encryptedContentInfo;
this.unprotectedAttrs = Asn1Set.GetInstance(unprotectedAttrs);
}
private EncryptedData(
Asn1Sequence seq)
{
if (seq == null)
throw new ArgumentNullException("seq");
if (seq.Count < 2 || seq.Count > 3)
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
this.version = DerInteger.GetInstance(seq[0]);
this.encryptedContentInfo = EncryptedContentInfo.GetInstance(seq[1]);
if (seq.Count > 2)
{
this.unprotectedAttrs = Asn1Set.GetInstance((Asn1TaggedObject)seq[2], false);
}
}
private AuthEnvelopedData(
Asn1Sequence seq)
{
int index = 0;
// TODO
// "It MUST be set to 0."
Asn1Object tmp = seq[index++].ToAsn1Object();
version = (DerInteger)tmp;
tmp = seq[index++].ToAsn1Object();
if (tmp is Asn1TaggedObject)
{
originatorInfo = OriginatorInfo.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++].ToAsn1Object();
}
// TODO
// "There MUST be at least one element in the collection."
recipientInfos = Asn1Set.GetInstance(tmp);
tmp = seq[index++].ToAsn1Object();
authEncryptedContentInfo = EncryptedContentInfo.GetInstance(tmp);
tmp = seq[index++].ToAsn1Object();
if (tmp is Asn1TaggedObject)
{
authAttrs = Asn1Set.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++].ToAsn1Object();
}
else
{
// TODO
// "The authAttrs MUST be present if the content type carried in
// EncryptedContentInfo is not id-data."
}
mac = Asn1OctetString.GetInstance(tmp);
if (seq.Count > index)
{
tmp = seq[index++].ToAsn1Object();
unauthAttrs = Asn1Set.GetInstance((Asn1TaggedObject)tmp, false);
}
}
public EnvelopedData(
Asn1Sequence seq)
{
int index = 0;
version = (DerInteger)seq[index++];
object tmp = seq[index++];
if (tmp is Asn1TaggedObject)
{
originatorInfo = OriginatorInfo.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++];
}
recipientInfos = Asn1Set.GetInstance(tmp);
encryptedContentInfo = EncryptedContentInfo.GetInstance(seq[index++]);
if (seq.Count > index)
{
unprotectedAttrs = Asn1Set.GetInstance((Asn1TaggedObject)seq[index], false);
}
}
public EnvelopedData(
Asn1Sequence seq)
{
int index = 0;
version = (DerInteger) seq[index++];
object tmp = seq[index++];
if (tmp is Asn1TaggedObject)
{
originatorInfo = OriginatorInfo.GetInstance((Asn1TaggedObject) tmp, false);
tmp = seq[index++];
}
recipientInfos = Asn1Set.GetInstance(tmp);
encryptedContentInfo = EncryptedContentInfo.GetInstance(seq[index++]);
if (seq.Count > index)
{
unprotectedAttrs = Asn1Set.GetInstance((Asn1TaggedObject) seq[index], false);
}
}
public AuthEnvelopedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
EncryptedContentInfo authEncryptedContentInfo,
Asn1Set authAttrs,
Asn1OctetString mac,
Asn1Set unauthAttrs)
{
// "It MUST be set to 0."
this.version = new DerInteger(0);
this.originatorInfo = originatorInfo;
// "There MUST be at least one element in the collection."
this.recipientInfos = recipientInfos;
if (this.recipientInfos.Count < 1)
{
throw new ArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo");
}
this.authEncryptedContentInfo = authEncryptedContentInfo;
// "The authAttrs MUST be present if the content type carried in
// EncryptedContentInfo is not id-data."
this.authAttrs = authAttrs;
if (!authEncryptedContentInfo.ContentType.Equals(CmsObjectIdentifiers.Data))
{
if (authAttrs == null || authAttrs.Count < 1)
{
throw new ArgumentException("authAttrs must be present with non-data content");
}
}
this.mac = mac;
this.unauthAttrs = unauthAttrs;
}
private Asn1Object CreateDERForRecipient(byte[] inp, X509Certificate cert) {
String s = "1.2.840.113549.3.2";
byte[] outp = new byte[100];
DerObjectIdentifier derob = new DerObjectIdentifier(s);
byte[] keyp = IVGenerator.GetIV(16);
IBufferedCipher cf = CipherUtilities.GetCipher(derob);
KeyParameter kp = new KeyParameter(keyp);
byte[] iv = IVGenerator.GetIV(cf.GetBlockSize());
ParametersWithIV piv = new ParametersWithIV(kp, iv);
cf.Init(true, piv);
int len = cf.DoFinal(inp, outp, 0);
byte[] abyte1 = new byte[len];
System.Array.Copy(outp, 0, abyte1, 0, len);
DerOctetString deroctetstring = new DerOctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = ComputeRecipientInfo(cert, keyp);
DerSet derset = new DerSet(new RecipientInfo(keytransrecipientinfo));
Asn1EncodableVector ev = new Asn1EncodableVector();
ev.Add(new DerInteger(58));
ev.Add(new DerOctetString(iv));
DerSequence seq = new DerSequence(ev);
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(derob, seq);
EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PkcsObjectIdentifiers.Data, algorithmidentifier, deroctetstring);
Asn1Set set = null;
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, set);
Org.BouncyCastle.Asn1.Cms.ContentInfo contentinfo =
new Org.BouncyCastle.Asn1.Cms.ContentInfo(PkcsObjectIdentifiers.EnvelopedData, env);
return contentinfo.ToAsn1Object();
}
/// <summary>
/// Generate an enveloped object that contains a CMS Enveloped Data
/// object using the passed in key generator.
/// </summary>
private CmsEnvelopedData Generate(
CmsProcessable content,
string encryptionOid,
CipherKeyGenerator keyGen)
{
AlgorithmIdentifier encAlgId = null;
KeyParameter encKey;
Asn1OctetString encContent;
try
{
IBufferedCipher cipher = CipherUtilities.GetCipher(encryptionOid);
byte[] encKeyBytes = keyGen.GenerateKey();
encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes);
Asn1Encodable asn1Params = null;
try
{
if (encryptionOid.Equals(RC2Cbc))
{
// mix in a bit extra...
rand.SetSeed(DateTime.Now.Ticks);
byte[] iv = rand.GenerateSeed(8);
// TODO Is this detailed repeat of Java version really necessary?
int effKeyBits = encKeyBytes.Length * 8;
int parameterVersion;
if (effKeyBits < 256)
{
parameterVersion = rc2Table[effKeyBits];
}
else
{
parameterVersion = effKeyBits;
}
asn1Params = new RC2CbcParameter(parameterVersion, iv);
}
else
{
asn1Params = ParameterUtilities.GenerateParameters(encryptionOid, rand);
}
}
catch (SecurityUtilityException)
{
// No problem... no parameters generated
}
Asn1Object asn1Object;
ICipherParameters cipherParameters;
if (asn1Params != null)
{
asn1Object = asn1Params.ToAsn1Object();
cipherParameters = ParameterUtilities.GetCipherParameters(
encryptionOid, encKey, asn1Object);
}
else
{
asn1Object = DerNull.Instance;
cipherParameters = encKey;
}
encAlgId = new AlgorithmIdentifier(
new DerObjectIdentifier(encryptionOid),
asn1Object);
cipher.Init(true, cipherParameters);
MemoryStream bOut = new MemoryStream();
CipherStream cOut = new CipherStream(bOut, null, cipher);
content.Write(cOut);
cOut.Close();
encContent = new BerOctetString(bOut.ToArray());
}
catch (SecurityUtilityException e)
{
throw new CmsException("couldn't create cipher.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key invalid in message.", e);
}
catch (IOException e)
{
throw new CmsException("exception decoding algorithm parameters.", e);
}
Asn1EncodableVector recipientInfos = new Asn1EncodableVector();
foreach (RecipientInf recipient in recipientInfs)
{
try
{
recipientInfos.Add(recipient.ToRecipientInfo(encKey));
}
catch (IOException e)
{
throw new CmsException("encoding error.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key inappropriate for algorithm.", e);
}
catch (GeneralSecurityException e)
{
throw new CmsException("error making encrypted content.", e);
}
}
EncryptedContentInfo eci = new EncryptedContentInfo(
PkcsObjectIdentifiers.Data,
encAlgId,
encContent);
Asn1.Cms.ContentInfo contentInfo = new Asn1.Cms.ContentInfo(
PkcsObjectIdentifiers.EnvelopedData,
new EnvelopedData(null, new DerSet(recipientInfos), eci, null));
return new CmsEnvelopedData(contentInfo);
}
/// <summary>
/// Generate an enveloped object that contains a CMS Enveloped Data
/// object using the passed in key generator.
/// </summary>
private CmsEnvelopedData Generate(
CmsProcessable content,
string encryptionOid,
CipherKeyGenerator keyGen)
{
AlgorithmIdentifier encAlgId = null;
KeyParameter encKey;
Asn1OctetString encContent;
try
{
byte[] encKeyBytes = keyGen.GenerateKey();
encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes);
Asn1Encodable asn1Params = GenerateAsn1Parameters(encryptionOid, encKeyBytes);
ICipherParameters cipherParameters;
encAlgId = GetAlgorithmIdentifier(
encryptionOid, encKey, asn1Params, out cipherParameters);
IBufferedCipher cipher = CipherUtilities.GetCipher(encryptionOid);
cipher.Init(true, new ParametersWithRandom(cipherParameters, rand));
MemoryStream bOut = new MemoryStream();
CipherStream cOut = new CipherStream(bOut, null, cipher);
content.Write(cOut);
cOut.Dispose();
encContent = new BerOctetString(bOut.ToArray());
}
catch (SecurityUtilityException e)
{
throw new CmsException("couldn't create cipher.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key invalid in message.", e);
}
catch (IOException e)
{
throw new CmsException("exception decoding algorithm parameters.", e);
}
Asn1EncodableVector recipientInfos = new Asn1EncodableVector();
foreach (RecipientInfoGenerator rig in recipientInfoGenerators)
{
try
{
recipientInfos.Add(rig.Generate(encKey, rand));
}
catch (InvalidKeyException e)
{
throw new CmsException("key inappropriate for algorithm.", e);
}
catch (GeneralSecurityException e)
{
throw new CmsException("error making encrypted content.", e);
}
}
EncryptedContentInfo eci = new EncryptedContentInfo(
CmsObjectIdentifiers.Data,
encAlgId,
encContent);
Asn1Set unprotectedAttrSet = null;
if (unprotectedAttributeGenerator != null)
{
Asn1.Cms.AttributeTable attrTable = unprotectedAttributeGenerator.GetAttributes(Platform.CreateHashtable());
unprotectedAttrSet = new BerSet(attrTable.ToAsn1EncodableVector());
}
ContentInfo contentInfo = new ContentInfo(
CmsObjectIdentifiers.EnvelopedData,
new EnvelopedData(null, new DerSet(recipientInfos), eci, unprotectedAttrSet));
return new CmsEnvelopedData(contentInfo);
}
public EncryptedData(
EncryptedContentInfo encInfo)
: this(encInfo, null)
{
}
public EncryptedData(
EncryptedContentInfo encInfo)
: this(encInfo, null)
{
}
public AuthEnvelopedData(OriginatorInfo originatorInfo, Asn1Set recipientInfos, EncryptedContentInfo authEncryptedContentInfo, Asn1Set authAttrs, Asn1OctetString mac, Asn1Set unauthAttrs)
{
this.version = new DerInteger(0);
this.originatorInfo = originatorInfo;
this.recipientInfos = recipientInfos;
this.authEncryptedContentInfo = authEncryptedContentInfo;
this.authAttrs = authAttrs;
this.mac = mac;
this.unauthAttrs = unauthAttrs;
}
