github #222 addressed OAEP parameter setting, refactored KeyTransRecipientInfoGenerator to allow deprecation of sub class

Author: dghbc

crypto/src/asn1/pkcs/RSAESOAEPparams.cs

@@ -36,10 +36,15 @@ public static RsaesOaepParameters GetInstance(
 		 * The default version
 		 */
 		public RsaesOaepParameters()
+		: this(DefaultHashAlgorithm, DefaultMaskGenFunction, DefaultPSourceAlgorithm)
+		{ 
+		}
+
+		public RsaesOaepParameters(
+			AlgorithmIdentifier hashAlgorithm,
+			AlgorithmIdentifier maskGenAlgorithm)
+		: this(DefaultHashAlgorithm, DefaultMaskGenFunction, DefaultPSourceAlgorithm)
 		{
-			hashAlgorithm = DefaultHashAlgorithm;
-			maskGenAlgorithm = DefaultMaskGenFunction;
-			pSourceAlgorithm = DefaultPSourceAlgorithm;
 		}
 
 		public RsaesOaepParameters(

crypto/src/cms/CMSEnvelopedGenerator.cs

@@ -10,6 +10,7 @@
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
@@ -132,10 +133,9 @@ public CmsAttributeTableGenerator UnprotectedAttributeGenerator
 		public void AddKeyTransRecipient(
 			X509Certificate cert)
 		{
-			KeyTransRecipientInfoGenerator ktrig = new KeyTransRecipientInfoGenerator();
-			ktrig.RecipientCert = cert;
-
-			recipientInfoGenerators.Add(ktrig);
+			TbsCertificateStructure recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(cert);
+			SubjectPublicKeyInfo info = recipientTbsCert.SubjectPublicKeyInfo;
+			this.AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper(info.AlgorithmID.Algorithm, info.AlgorithmID.Parameters, cert)));
 		}
 
 		/**
@@ -149,11 +149,8 @@ public void AddKeyTransRecipient(
 			AsymmetricKeyParameter	pubKey,
 			byte[]					subKeyId)
 		{
-			KeyTransRecipientInfoGenerator ktrig = new KeyTransRecipientInfoGenerator();
-			ktrig.RecipientPublicKey = pubKey;
-			ktrig.SubjectKeyIdentifier = new DerOctetString(subKeyId);
-
-			recipientInfoGenerators.Add(ktrig);
+			SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey);
+			this.AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(subKeyId, new Asn1KeyWrapper(info.AlgorithmID.Algorithm, info.AlgorithmID.Parameters, pubKey)));
 		}
 
 		/**

crypto/src/cms/KeyTransRecipientInfoGenerator.cs

@@ -15,60 +15,30 @@ public class KeyTransRecipientInfoGenerator : RecipientInfoGenerator
     {
         private static readonly CmsEnvelopedHelper Helper = CmsEnvelopedHelper.Instance;
 
-        private TbsCertificateStructure recipientTbsCert;
-        private AsymmetricKeyParameter recipientPublicKey;
         private Asn1OctetString subjectKeyIdentifier;
+        private IKeyWrapper keyWrapper;
 
         // Derived fields
         private SubjectPublicKeyInfo info;
         private IssuerAndSerialNumber issuerAndSerialNumber;
         private SecureRandom random;
+       
 
-        internal KeyTransRecipientInfoGenerator()
+        public KeyTransRecipientInfoGenerator(X509Certificate recipCert, IKeyWrapper keyWrapper)
+            : this(new Asn1.Cms.IssuerAndSerialNumber(recipCert.IssuerDN, new DerInteger(recipCert.SerialNumber)), keyWrapper)
         {
         }
 
-        protected KeyTransRecipientInfoGenerator(IssuerAndSerialNumber issuerAndSerialNumber)
+        public KeyTransRecipientInfoGenerator(IssuerAndSerialNumber issuerAndSerial, IKeyWrapper keyWrapper)
         {
-            this.issuerAndSerialNumber = issuerAndSerialNumber;
+            this.issuerAndSerialNumber = issuerAndSerial;
+            this.keyWrapper = keyWrapper;
         }
 
-        protected KeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier)
+        public KeyTransRecipientInfoGenerator(byte[] subjectKeyID, IKeyWrapper keyWrapper)
         {
             this.subjectKeyIdentifier = new DerOctetString(subjectKeyIdentifier);
-        }
-
-        internal X509Certificate RecipientCert
-        {
-            set
-            {
-                this.recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(value);
-                this.recipientPublicKey = value.GetPublicKey();
-                this.info = recipientTbsCert.SubjectPublicKeyInfo;
-            }
-        }
-
-        internal AsymmetricKeyParameter RecipientPublicKey
-        {
-            set
-            {
-                this.recipientPublicKey = value;
-
-                try
-                {
-                    info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
-                        recipientPublicKey);
-                }
-                catch (IOException)
-                {
-                    throw new ArgumentException("can't extract key algorithm from this key");
-                }
-            }
-        }
-
-        internal Asn1OctetString SubjectKeyIdentifier
-        {
-            set { this.subjectKeyIdentifier = value; }
+            this.keyWrapper = keyWrapper;
         }
 
         public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
@@ -80,11 +50,9 @@ public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom ra
             byte[] encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey);
 
             RecipientIdentifier recipId;
-            if (recipientTbsCert != null)
+            if (issuerAndSerialNumber != null)
             {
-                IssuerAndSerialNumber issuerAndSerial = new IssuerAndSerialNumber(
-                    recipientTbsCert.Issuer, recipientTbsCert.SerialNumber.Value);
-                recipId = new RecipientIdentifier(issuerAndSerial);
+                recipId = new RecipientIdentifier(issuerAndSerialNumber);
             }
             else
             {
@@ -99,18 +67,17 @@ protected virtual AlgorithmIdentifier AlgorithmDetails
         {
             get
             {
+                if (this.keyWrapper != null)
+                {
+                    return (AlgorithmIdentifier)keyWrapper.AlgorithmDetails;
+                }
                 return info.AlgorithmID;
             }
         }
 
         protected virtual byte[] GenerateWrappedKey(KeyParameter contentEncryptionKey)
         {
-            byte[] keyBytes = contentEncryptionKey.GetKey();
-            AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID;
-
-            IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id);
-            keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random));
-            return keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
+            return keyWrapper.Wrap(contentEncryptionKey.GetKey()).Collect();
         }
     }
 }

crypto/src/cms/KeyTransRecipientInformation.cs

@@ -9,6 +9,8 @@
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.X509;
+using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Crypto.Operators;
 
 namespace Org.BouncyCastle.Cms
 {
@@ -42,7 +44,7 @@ internal KeyTransRecipientInformation(
                 }
                 else
                 {
-                    IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID);
+                    Asn1.Cms.IssuerAndSerialNumber iAnds = Asn1.Cms.IssuerAndSerialNumber.GetInstance(r.ID);
 
 					rid.Issuer = iAnds.Name;
                     rid.SerialNumber = iAnds.SerialNumber.Value;
@@ -74,16 +76,27 @@ private string GetExchangeEncryptionAlgorithmName(
 		internal KeyParameter UnwrapKey(ICipherParameters key)
 		{
 			byte[] encryptedKey = info.EncryptedKey.GetOctets();
-            string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg);
+            
 
 			try
 			{
-				IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyExchangeAlgorithm);
-				keyWrapper.Init(false, key);
+				if (keyEncAlg.Algorithm.Equals(PkcsObjectIdentifiers.IdRsaesOaep))
+				{
+					IKeyUnwrapper keyWrapper = new Asn1KeyUnwrapper(keyEncAlg.Algorithm, keyEncAlg.Parameters, key);
 
-				// FIXME Support for MAC algorithm parameters similar to cipher parameters
-				return ParameterUtilities.CreateKeyParameter(
-					GetContentAlgorithmName(), keyWrapper.Unwrap(encryptedKey, 0, encryptedKey.Length));
+					return ParameterUtilities.CreateKeyParameter(
+							GetContentAlgorithmName(), keyWrapper.Unwrap(encryptedKey, 0, encryptedKey.Length).Collect());
+				}
+				else
+				{
+					string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg);
+					IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyExchangeAlgorithm);
+					keyWrapper.Init(false, key);
+
+					// FIXME Support for MAC algorithm parameters similar to cipher parameters
+					return ParameterUtilities.CreateKeyParameter(
+						GetContentAlgorithmName(), keyWrapper.Unwrap(encryptedKey, 0, encryptedKey.Length));
+				}
 			}
 			catch (SecurityUtilityException e)
 			{

crypto/src/crypto/encodings/OaepEncoding.cs

@@ -169,7 +169,7 @@ private byte[] EncodeBlock(
             //
             // mask the message block.
             //
-            byte[] mask = maskGeneratorFunction1(seed, 0, seed.Length, block.Length - defHash.Length);
+            byte[] mask = MaskGeneratorFunction(seed, 0, seed.Length, block.Length - defHash.Length);
 
             for (int i = defHash.Length; i != block.Length; i++)
             {
@@ -184,7 +184,7 @@ private byte[] EncodeBlock(
             //
             // mask the seed.
             //
-            mask = maskGeneratorFunction1(
+            mask = MaskGeneratorFunction(
                 block, defHash.Length, block.Length - defHash.Length, defHash.Length);
 
             for (int i = 0; i != defHash.Length; i++)
@@ -227,7 +227,7 @@ private byte[] DecodeBlock(
             //
             // unmask the seed.
             //
-            byte[] mask = maskGeneratorFunction1(
+            byte[] mask = MaskGeneratorFunction(
                 block, defHash.Length, block.Length - defHash.Length, defHash.Length);
 
             for (int i = 0; i != defHash.Length; i++)
@@ -238,7 +238,7 @@ private byte[] DecodeBlock(
             //
             // unmask the message block.
             //
-            mask = maskGeneratorFunction1(block, 0, defHash.Length, block.Length - defHash.Length);
+            mask = MaskGeneratorFunction(block, 0, defHash.Length, block.Length - defHash.Length);
 
             for (int i = defHash.Length; i != block.Length; i++)
             {
@@ -306,10 +306,30 @@ private void ItoOSP(
             sp[3] = (byte)((uint)i >> 0);
         }
 
+        private byte[] MaskGeneratorFunction(
+            byte[] Z,
+            int zOff,
+            int zLen,
+            int length)
+        {
+            if (mgf1Hash is IXof)
+            {
+                byte[] mask = new byte[length];
+                mgf1Hash.BlockUpdate(Z, zOff, zLen);
+                ((IXof)mgf1Hash).DoFinal(mask, 0, mask.Length);
+
+                return mask;
+            }
+            else
+            {
+                return MaskGeneratorFunction1(Z, zOff, zLen, length);
+            }
+        }
+
         /**
         * mask generator function, as described in PKCS1v2.
         */
-        private byte[] maskGeneratorFunction1(
+        private byte[] MaskGeneratorFunction1(
             byte[]	Z,
             int		zOff,
             int		zLen,