/**
         * Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure).
         *
         * @param agreementAlgorithm key agreement algorithm to use.
         * @param senderPrivateKey private key to initialise sender side of agreement with.
         * @param senderPublicKey sender public key to include with message.
         * @param recipientCerts recipients' public key certificates.
         * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
         * @exception SecurityUtilityException if the algorithm requested cannot be found
         * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
         */
        public void AddKeyAgreementRecipients(
            string agreementAlgorithm,
            AsymmetricKeyParameter senderPrivateKey,
            AsymmetricKeyParameter senderPublicKey,
            ICollection recipientCerts,
            string cekWrapAlgorithm)
        {
            if (!senderPrivateKey.IsPrivate)
            {
                throw new ArgumentException("Expected private key", "senderPrivateKey");
            }
            if (senderPublicKey.IsPrivate)
            {
                throw new ArgumentException("Expected public key", "senderPublicKey");
            }

            /* TODO
             * "a recipient X.509 version 3 certificate that contains a key usage extension MUST
             * assert the keyAgreement bit."
             */

            KeyAgreeRecipientInfoGenerator karig = new KeyAgreeRecipientInfoGenerator();

            karig.AlgorithmOid     = new DerObjectIdentifier(agreementAlgorithm);
            karig.RecipientCerts   = recipientCerts;
            karig.SenderKeyPair    = new AsymmetricCipherKeyPair(senderPublicKey, senderPrivateKey);
            karig.WrapAlgorithmOid = new DerObjectIdentifier(cekWrapAlgorithm);

            recipientInfoGenerators.Add(karig);
        }
        public void AddKeyAgreementRecipients(string agreementAlgorithm, AsymmetricKeyParameter senderPrivateKey, AsymmetricKeyParameter senderPublicKey, ICollection recipientCerts, string cekWrapAlgorithm)
        {
            if (!senderPrivateKey.IsPrivate)
            {
                throw new ArgumentException("Expected private key", "senderPrivateKey");
            }
            if (senderPublicKey.IsPrivate)
            {
                throw new ArgumentException("Expected public key", "senderPublicKey");
            }
            KeyAgreeRecipientInfoGenerator keyAgreeRecipientInfoGenerator = new KeyAgreeRecipientInfoGenerator();

            keyAgreeRecipientInfoGenerator.KeyAgreementOID  = new DerObjectIdentifier(agreementAlgorithm);
            keyAgreeRecipientInfoGenerator.KeyEncryptionOID = new DerObjectIdentifier(cekWrapAlgorithm);
            keyAgreeRecipientInfoGenerator.RecipientCerts   = recipientCerts;
            keyAgreeRecipientInfoGenerator.SenderKeyPair    = new AsymmetricCipherKeyPair(senderPublicKey, senderPrivateKey);
            this.recipientInfoGenerators.Add(keyAgreeRecipientInfoGenerator);
        }
        public void AddKeyAgreementRecipients(string agreementAlgorithm, AsymmetricKeyParameter senderPrivateKey, AsymmetricKeyParameter senderPublicKey, global::System.Collections.ICollection recipientCerts, string cekWrapAlgorithm)
        {
            //IL_0012: Unknown result type (might be due to invalid IL or missing references)
            //IL_002a: Unknown result type (might be due to invalid IL or missing references)
            if (!senderPrivateKey.IsPrivate)
            {
                throw new ArgumentException("Expected private key", "senderPrivateKey");
            }
            if (senderPublicKey.IsPrivate)
            {
                throw new ArgumentException("Expected public key", "senderPublicKey");
            }
            KeyAgreeRecipientInfoGenerator keyAgreeRecipientInfoGenerator = new KeyAgreeRecipientInfoGenerator();

            keyAgreeRecipientInfoGenerator.KeyAgreementOID  = new DerObjectIdentifier(agreementAlgorithm);
            keyAgreeRecipientInfoGenerator.KeyEncryptionOID = new DerObjectIdentifier(cekWrapAlgorithm);
            keyAgreeRecipientInfoGenerator.RecipientCerts   = recipientCerts;
            keyAgreeRecipientInfoGenerator.SenderKeyPair    = new AsymmetricCipherKeyPair(senderPublicKey, senderPrivateKey);
            recipientInfoGenerators.Add((object)keyAgreeRecipientInfoGenerator);
        }
Пример #4
0
		/**
		 * Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure).
		 *
		 * @param agreementAlgorithm key agreement algorithm to use.
		 * @param senderPrivateKey private key to initialise sender side of agreement with.
		 * @param senderPublicKey sender public key to include with message.
		 * @param recipientCerts recipients' public key certificates.
		 * @param cekWrapAlgorithm OID for key wrapping algorithm to use.
		 * @exception SecurityUtilityException if the algorithm requested cannot be found
		 * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified
		 */
		public void AddKeyAgreementRecipients(
			string					agreementAlgorithm,
			AsymmetricKeyParameter	senderPrivateKey,
			AsymmetricKeyParameter	senderPublicKey,
			ICollection				recipientCerts,
			string					cekWrapAlgorithm)
		{
			if (!senderPrivateKey.IsPrivate)
				throw new ArgumentException("Expected private key", "senderPrivateKey");
			if (senderPublicKey.IsPrivate)
				throw new ArgumentException("Expected public key", "senderPublicKey");

			/* TODO
			 * "a recipient X.509 version 3 certificate that contains a key usage extension MUST
			 * assert the keyAgreement bit."
			 */

			KeyAgreeRecipientInfoGenerator karig = new KeyAgreeRecipientInfoGenerator();
			karig.KeyAgreementOID = new DerObjectIdentifier(agreementAlgorithm);
			karig.KeyEncryptionOID = new DerObjectIdentifier(cekWrapAlgorithm);
			karig.RecipientCerts = recipientCerts;
			karig.SenderKeyPair = new AsymmetricCipherKeyPair(senderPublicKey, senderPrivateKey);

			recipientInfoGenerators.Add(karig);
		}
        public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
        {
            byte[] key = contentEncryptionKey.GetKey();
            AsymmetricKeyParameter    @public          = this.senderKeyPair.Public;
            ICipherParameters         cipherParameters = this.senderKeyPair.Private;
            OriginatorIdentifierOrKey originator;

            try
            {
                originator = new OriginatorIdentifierOrKey(KeyAgreeRecipientInfoGenerator.CreateOriginatorPublicKey(@public));
            }
            catch (IOException arg)
            {
                throw new InvalidKeyException("cannot extract originator public key: " + arg);
            }
            Asn1OctetString ukm = null;

            if (this.keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
            {
                try
                {
                    IAsymmetricCipherKeyPairGenerator keyPairGenerator = GeneratorUtilities.GetKeyPairGenerator(this.keyAgreementOID);
                    keyPairGenerator.Init(((ECPublicKeyParameters)@public).CreateKeyGenerationParameters(random));
                    AsymmetricCipherKeyPair asymmetricCipherKeyPair = keyPairGenerator.GenerateKeyPair();
                    ukm = new DerOctetString(new MQVuserKeyingMaterial(KeyAgreeRecipientInfoGenerator.CreateOriginatorPublicKey(asymmetricCipherKeyPair.Public), null));
                    cipherParameters = new MqvPrivateParameters((ECPrivateKeyParameters)cipherParameters, (ECPrivateKeyParameters)asymmetricCipherKeyPair.Private, (ECPublicKeyParameters)asymmetricCipherKeyPair.Public);
                }
                catch (IOException arg2)
                {
                    throw new InvalidKeyException("cannot extract MQV ephemeral public key: " + arg2);
                }
                catch (SecurityUtilityException arg3)
                {
                    throw new InvalidKeyException("cannot determine MQV ephemeral key pair parameters from public key: " + arg3);
                }
            }
            DerSequence parameters = new DerSequence(new Asn1Encodable[]
            {
                this.keyEncryptionOID,
                DerNull.Instance
            });
            AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(this.keyAgreementOID, parameters);
            Asn1EncodableVector asn1EncodableVector    = new Asn1EncodableVector(new Asn1Encodable[0]);

            foreach (X509Certificate x509Certificate in this.recipientCerts)
            {
                TbsCertificateStructure instance;
                try
                {
                    instance = TbsCertificateStructure.GetInstance(Asn1Object.FromByteArray(x509Certificate.GetTbsCertificate()));
                }
                catch (Exception)
                {
                    throw new ArgumentException("can't extract TBS structure from certificate");
                }
                IssuerAndSerialNumber       issuerSerial      = new IssuerAndSerialNumber(instance.Issuer, instance.SerialNumber.Value);
                KeyAgreeRecipientIdentifier id                = new KeyAgreeRecipientIdentifier(issuerSerial);
                ICipherParameters           cipherParameters2 = x509Certificate.GetPublicKey();
                if (this.keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
                {
                    cipherParameters2 = new MqvPublicParameters((ECPublicKeyParameters)cipherParameters2, (ECPublicKeyParameters)cipherParameters2);
                }
                IBasicAgreement basicAgreementWithKdf = AgreementUtilities.GetBasicAgreementWithKdf(this.keyAgreementOID, this.keyEncryptionOID.Id);
                basicAgreementWithKdf.Init(new ParametersWithRandom(cipherParameters, random));
                BigInteger   s           = basicAgreementWithKdf.CalculateAgreement(cipherParameters2);
                int          qLength     = GeneratorUtilities.GetDefaultKeySize(this.keyEncryptionOID) / 8;
                byte[]       keyBytes    = X9IntegerConverter.IntegerToBytes(s, qLength);
                KeyParameter parameters2 = ParameterUtilities.CreateKeyParameter(this.keyEncryptionOID, keyBytes);
                IWrapper     wrapper     = KeyAgreeRecipientInfoGenerator.Helper.CreateWrapper(this.keyEncryptionOID.Id);
                wrapper.Init(true, new ParametersWithRandom(parameters2, random));
                byte[]          str          = wrapper.Wrap(key, 0, key.Length);
                Asn1OctetString encryptedKey = new DerOctetString(str);
                asn1EncodableVector.Add(new Asn1Encodable[]
                {
                    new RecipientEncryptedKey(id, encryptedKey)
                });
            }
            return(new RecipientInfo(new KeyAgreeRecipientInfo(originator, ukm, keyEncryptionAlgorithm, new DerSequence(asn1EncodableVector))));
        }