From eb693c35c79708a85cf23b381f380282b31fc2c7 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 3 May 2019 11:05:38 -0400 Subject: [PATCH] Better support RSAES_OAEP certificates for EnvelopedCms Improve the .NET Core EnvelopedCms support on Windows for certificates whose public key says the algorithm is RSA-OAEP to restore .NET Framework-equivalent capability. Linux and macOS cannot reliably represent those certificates as an X509Certificate2, so their support is unchanged at this time. Commit migrated from https://github.com/dotnet/corefx/commit/c5d6284dec3136ff9e45d02c5d788f29269ae1df --- .../src/System/Security/Cryptography/Oids.cs | 2 + .../Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs | 89 +---- .../Pal/Windows/PkcsPalWindows.Encrypt.cs | 64 +-- .../src/Internal/Cryptography/PkcsHelpers.cs | 72 ++++ .../tests/Certificates.cs | 443 +++++++++++++++++++++ .../tests/EnvelopedCms/GeneralTests.cs | 61 +++ .../KeyTransRecipientInfoRsaOaepCertTests.cs | 76 ++++ .../KeyTransRecipientInfoRsaPaddingModeTests.cs | 23 +- .../System.Security.Cryptography.Pkcs.Tests.csproj | 5 +- 9 files changed, 711 insertions(+), 124 deletions(-) create mode 100644 src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaOaepCertTests.cs diff --git a/src/libraries/Common/src/System/Security/Cryptography/Oids.cs b/src/libraries/Common/src/System/Security/Cryptography/Oids.cs index b24fa7a..872e0a6 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/Oids.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/Oids.cs @@ -26,6 +26,8 @@ namespace System.Security.Cryptography internal const string RsaPkcs1Sha512 = "1.2.840.113549.1.1.13"; internal const string Esdh = "1.2.840.113549.1.9.16.3.5"; internal const string EcDiffieHellman = "1.3.132.1.12"; + internal const string DiffieHellman = "1.2.840.10046.2.1"; + internal const string DiffieHellmanPkcs3 = "1.2.840.113549.1.3.1"; // Cryptographic Attribute Types internal const string SigningTime = "1.2.840.113549.1.9.5"; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs index 56ff34e..59625e4 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs @@ -6,7 +6,6 @@ using System; using System.Buffers; using System.Diagnostics; using System.Security.Cryptography; -using System.Security.Cryptography.Asn1; using System.Security.Cryptography.Pkcs; using System.Security.Cryptography.Pkcs.Asn1; using System.Security.Cryptography.X509Certificates; @@ -15,8 +14,6 @@ namespace Internal.Cryptography.Pal.AnyOS { internal sealed partial class ManagedPkcsPal : PkcsPal { - private static readonly byte[] s_pSpecifiedDefaultParameters = { 0x04, 0x00 }; - internal sealed class ManagedKeyTransPal : KeyTransRecipientInfoPal { private readonly KeyTransRecipientInfoAsn _asn; @@ -81,7 +78,7 @@ namespace Internal.Cryptography.Pal.AnyOS encryptionPadding = RSAEncryptionPadding.Pkcs1; break; case Oids.RsaOaep: - if (!TryGetRsaOaepEncryptionPadding(algorithmParameters, out encryptionPadding, out exception)) + if (!PkcsHelpers.TryGetRsaOaepEncryptionPadding(algorithmParameters, out encryptionPadding, out exception)) { return null; } @@ -140,19 +137,7 @@ namespace Internal.Cryptography.Pal.AnyOS recipient.RecipientIdentifierType.ToString()); } - RSAEncryptionPadding padding = recipient.RSAEncryptionPadding; - - if (padding is null) - { - if (recipient.Certificate.GetKeyAlgorithm() == Oids.RsaOaep) - { - padding = RSAEncryptionPadding.OaepSHA1; - } - else - { - padding = RSAEncryptionPadding.Pkcs1; - } - } + RSAEncryptionPadding padding = recipient.RSAEncryptionPadding ?? RSAEncryptionPadding.Pkcs1; if (padding == RSAEncryptionPadding.Pkcs1) { @@ -249,75 +234,5 @@ namespace Internal.Cryptography.Pal.AnyOS } #endif } - - private static bool TryGetRsaOaepEncryptionPadding( - ReadOnlyMemory? parameters, - out RSAEncryptionPadding rsaEncryptionPadding, - out Exception exception) - { - exception = null; - rsaEncryptionPadding = null; - - if (parameters == null || parameters.Value.IsEmpty) - { - exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); - return false; - } - - try - { - OaepParamsAsn oaepParameters = OaepParamsAsn.Decode(parameters.Value, AsnEncodingRules.DER); - - if (oaepParameters.MaskGenFunc.Algorithm.Value != Oids.Mgf1 || - oaepParameters.MaskGenFunc.Parameters == null || - oaepParameters.PSourceFunc.Algorithm.Value != Oids.PSpecified - ) - { - exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); - return false; - } - - AlgorithmIdentifierAsn mgf1AlgorithmIdentifier = AlgorithmIdentifierAsn.Decode(oaepParameters.MaskGenFunc.Parameters.Value, AsnEncodingRules.DER); - - if (mgf1AlgorithmIdentifier.Algorithm.Value != oaepParameters.HashFunc.Algorithm.Value) - { - exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); - return false; - } - - if (oaepParameters.PSourceFunc.Parameters != null && - !oaepParameters.PSourceFunc.Parameters.Value.Span.SequenceEqual(s_pSpecifiedDefaultParameters)) - { - exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); - return false; - } - - switch (oaepParameters.HashFunc.Algorithm.Value) - { - case Oids.Sha1: - rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA1; - return true; - case Oids.Sha256: - rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA256; - return true; - case Oids.Sha384: - rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA384; - return true; - case Oids.Sha512: - rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA512; - return true; - default: - exception = new CryptographicException( - SR.Cryptography_Cms_UnknownAlgorithm, - oaepParameters.HashFunc.Algorithm.Value); - return false; - } - } - catch (CryptographicException e) - { - exception = e; - return false; - } - } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.Encrypt.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.Encrypt.cs index 6477d75..ac32160 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.Encrypt.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.Encrypt.cs @@ -207,36 +207,22 @@ namespace Internal.Cryptography.Pal.Windows // private static CMSG_RECIPIENT_ENCODE_INFO EncodeRecipientInfo(CmsRecipient recipient, AlgorithmIdentifier contentEncryptionAlgorithm, HeapBlockRetainer hb) { - CMsgCmsRecipientChoice recipientChoice; - string keyAlgorithmOid = recipient.Certificate.GetKeyAlgorithm(); - AlgId algId = keyAlgorithmOid.ToAlgId(); - switch (algId) - { - case AlgId.CALG_RSA_KEYX: - recipientChoice = CMsgCmsRecipientChoice.CMSG_KEY_TRANS_RECIPIENT; - break; - - case AlgId.CALG_DH_SF: - case AlgId.CALG_DH_EPHEM: - recipientChoice = CMsgCmsRecipientChoice.CMSG_KEY_AGREE_RECIPIENT; - break; - - default: - throw ErrorCode.CRYPT_E_UNKNOWN_ALGO.ToCryptographicException(); - } - CMSG_RECIPIENT_ENCODE_INFO recipientEncodeInfo; - recipientEncodeInfo.dwRecipientChoice = recipientChoice; unsafe { - switch (recipientChoice) + switch (recipient.Certificate.GetKeyAlgorithm()) { - case CMsgCmsRecipientChoice.CMSG_KEY_TRANS_RECIPIENT: + case Oids.Rsa: + case Oids.RsaOaep: + recipientEncodeInfo.dwRecipientChoice = CMsgCmsRecipientChoice.CMSG_KEY_TRANS_RECIPIENT; recipientEncodeInfo.pCmsRecipientEncodeInfo = (IntPtr)EncodeKeyTransRecipientInfo(recipient, hb); break; - case CMsgCmsRecipientChoice.CMSG_KEY_AGREE_RECIPIENT: + case Oids.Esdh: + case Oids.DiffieHellman: + case Oids.DiffieHellmanPkcs3: + recipientEncodeInfo.dwRecipientChoice = CMsgCmsRecipientChoice.CMSG_KEY_AGREE_RECIPIENT; recipientEncodeInfo.pCmsRecipientEncodeInfo = (IntPtr)EncodeKeyAgreeRecipientInfo(recipient, contentEncryptionAlgorithm, hb); break; @@ -266,36 +252,54 @@ namespace Internal.Cryptography.Pal.Windows pEncodeInfo->cbSize = sizeof(CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO); - if (recipient.RSAEncryptionPadding is null) + RSAEncryptionPadding padding = recipient.RSAEncryptionPadding; + + if (padding is null) { - CRYPT_ALGORITHM_IDENTIFIER algId = pCertInfo->SubjectPublicKeyInfo.Algorithm; - pEncodeInfo->KeyEncryptionAlgorithm = algId; + if (recipient.Certificate.GetKeyAlgorithm() == Oids.RsaOaep) + { + byte[] parameters = recipient.Certificate.GetKeyAlgorithmParameters(); + + if (parameters == null || parameters.Length == 0) + { + padding = RSAEncryptionPadding.OaepSHA1; + } + else if (!PkcsHelpers.TryGetRsaOaepEncryptionPadding(parameters, out padding, out _)) + { + throw ErrorCode.CRYPT_E_UNKNOWN_ALGO.ToCryptographicException(); + } + } + else + { + padding = RSAEncryptionPadding.Pkcs1; + } } - else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.Pkcs1) + + if (padding == RSAEncryptionPadding.Pkcs1) { pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.Rsa); pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaPkcsParameters.Length; pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaPkcsParameters); } - else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA1) + else if (padding == RSAEncryptionPadding.OaepSHA1) { pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep); pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha1Parameters.Length; pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha1Parameters); } - else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA256) + else if (padding == RSAEncryptionPadding.OaepSHA256) { pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep); pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha256Parameters.Length; pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha256Parameters); } - else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA384) + else if (padding == RSAEncryptionPadding.OaepSHA384) { pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep); pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha384Parameters.Length; pEncodeInfo->KeyEncryptionAlgorithm.Parameters.pbData = hb.AllocBytes(s_rsaOaepSha384Parameters); } - else if (recipient.RSAEncryptionPadding == RSAEncryptionPadding.OaepSHA512) + else if (padding == RSAEncryptionPadding.OaepSHA512) { pEncodeInfo->KeyEncryptionAlgorithm.pszObjId = hb.AllocAsciiString(Oids.RsaOaep); pEncodeInfo->KeyEncryptionAlgorithm.Parameters.cbData = (uint)s_rsaOaepSha512Parameters.Length; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/PkcsHelpers.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/PkcsHelpers.cs index b0acf26..346a2fd 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/PkcsHelpers.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/PkcsHelpers.cs @@ -20,6 +20,8 @@ namespace Internal.Cryptography { internal static partial class PkcsHelpers { + private static readonly byte[] s_pSpecifiedDefaultParameters = { 0x04, 0x00 }; + #if !netcoreapp // Compatibility API. internal static void AppendData(this IncrementalHash hasher, ReadOnlySpan data) @@ -475,5 +477,75 @@ namespace Internal.Cryptography Debug.Fail("TryCopyOctetStringBytes failed with an over-allocated array"); throw new CryptographicException(); } + + public static bool TryGetRsaOaepEncryptionPadding( + ReadOnlyMemory? parameters, + out RSAEncryptionPadding rsaEncryptionPadding, + out Exception exception) + { + exception = null; + rsaEncryptionPadding = null; + + if (parameters == null || parameters.Value.IsEmpty) + { + exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); + return false; + } + + try + { + OaepParamsAsn oaepParameters = OaepParamsAsn.Decode(parameters.Value, AsnEncodingRules.DER); + + if (oaepParameters.MaskGenFunc.Algorithm.Value != Oids.Mgf1 || + oaepParameters.MaskGenFunc.Parameters == null || + oaepParameters.PSourceFunc.Algorithm.Value != Oids.PSpecified + ) + { + exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); + return false; + } + + AlgorithmIdentifierAsn mgf1AlgorithmIdentifier = AlgorithmIdentifierAsn.Decode(oaepParameters.MaskGenFunc.Parameters.Value, AsnEncodingRules.DER); + + if (mgf1AlgorithmIdentifier.Algorithm.Value != oaepParameters.HashFunc.Algorithm.Value) + { + exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); + return false; + } + + if (oaepParameters.PSourceFunc.Parameters != null && + !oaepParameters.PSourceFunc.Parameters.Value.Span.SequenceEqual(s_pSpecifiedDefaultParameters)) + { + exception = new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); + return false; + } + + switch (oaepParameters.HashFunc.Algorithm.Value) + { + case Oids.Sha1: + rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA1; + return true; + case Oids.Sha256: + rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA256; + return true; + case Oids.Sha384: + rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA384; + return true; + case Oids.Sha512: + rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA512; + return true; + default: + exception = new CryptographicException( + SR.Cryptography_Cms_UnknownAlgorithm, + oaepParameters.HashFunc.Algorithm.Value); + return false; + } + } + catch (CryptographicException e) + { + exception = e; + return false; + } + } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/Certificates.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/Certificates.cs index 5ab90c3..35a636b 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/Certificates.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/Certificates.cs @@ -29,6 +29,10 @@ namespace System.Security.Cryptography.Pkcs.Tests public static readonly CertLoader RSAKeyTransfer4_ExplicitSki = new CertLoaderFromRawData(RawData.s_RSAKeyTransfer4_ExplicitSkiCer, RawData.s_RSAKeyTransfer4_ExplicitSkiPfx, "1111"); public static readonly CertLoader RSAKeyTransfer5_ExplicitSkiOfRSAKeyTransfer4 = new CertLoaderFromRawData(RawData.s_RSAKeyTransfer5_ExplicitSkiOfRSAKeyTransfer4Cer, RawData.s_RSAKeyTransfer5_ExplicitSkiOfRSAKeyTransfer4Pfx, "1111"); public static readonly CertLoader NegativeSerialNumber = new CertLoaderFromRawData(RawData.NegativeSerialNumberCert, RawData.NegativeSerialNumberPfx, "1234"); + public static readonly CertLoader RsaOaep2048_NullParameters = new CertLoaderFromRawData(RawData.RsaOaep2048_NullParametersCert, RawData.RsaOaep2048_NullParametersPfx, "1111"); + public static readonly CertLoader RsaOaep2048_Sha1Parameters = new CertLoaderFromRawData(RawData.RsaOaep2048_Sha1ParametersCert, RawData.RsaOaep2048_Sha1ParametersPfx, "1111"); + public static readonly CertLoader RsaOaep2048_Sha256Parameters = new CertLoaderFromRawData(RawData.RsaOaep2048_Sha256ParametersCert, RawData.RsaOaep2048_Sha256ParametersPfx, "1111"); + public static readonly CertLoader RsaOaep2048_NoParameters = new CertLoaderFromRawData(RawData.RsaOaep2048_NoParametersCert, RawData.RsaOaep2048_NoParametersPfx, "1111"); // Note: the raw data is its own (nested) class to avoid problems with static field initialization ordering. private static class RawData @@ -1601,6 +1605,445 @@ namespace System.Security.Cryptography.Pkcs.Tests "5C86500AF2760F8A87DB8E6E5FA2753037301F300706052B0E03021A0414AA38" + "B6B4257EBA3E399CA9EDD87BDC1F82FBF7D70414B796F49E612D1A2B5A0DEC11" + "608A153B5BCD4FE9").HexToByteArray(); + + internal static byte[] RsaOaep2048_NullParametersCert = ( + "3082032830820210A003020102021000B2DB376E004B56F8089A1034C37D7330" + + "0D06092A864886F70D01010B050030173115301306035504030C0C436F6E746F" + + "736F20526F6F74301E170D3139303432313231323134335A170D323930343232" + + "3231323134335A30173115301306035504030C0C436F6E746F736F204C656166" + + "30820122300D06092A864886F70D01010705000382010F003082010A02820101" + + "0091A009FE3025D0366735DB93BFCD714979B4982B54374E60C4220A2C0F7E74" + + "A9BF62EDA8D87BE09956A73F4C527FEF7A53C2DA2BFBFAF28FD49C786E09963A" + + "948A10D65DB8AEC829EF88DD5FB7386211AC8828124CBC24582450FA11337B4A" + + "72FE8FFC9C95C30F4C7B0019FF591D0C92F88B7A21D25C8CE47D52E55E4823F9" + + "CB06B7F62E10586E2DBAE84D48654F1D7A8EB5D160F6B076A82A3806864B09A7" + + "58E9121AE8EF50D76CFFCFF81FE4193E5D0BD3E0CC4E58FDBC3CC973A2907C88" + + "EA3E7BD2689384341ABDCDA2525C275EAFA4884F548F4FF20A869E9F598F48C1" + + "571D42DE9E8B4C4CDD6B47865F9BA0A7BB342B29CDCE00D6711B79C2C8D50405" + + "330203010001A370306E300C0603551D130101FF04023000300E0603551D0F01" + + "01FF040403020430304E0603551D23044730458014A791F70FC3C8B363A49AEE" + + "505055EAD33659711CA11BA41930173115301306035504030C0C436F6E746F73" + + "6F20526F6F7482100099356AD75D355A305839B87F087B5F300D06092A864886" + + "F70D01010B050003820101006F0FA161D224E2E27F35CEB37B92A8090568C9AE" + + "F29F659A1DF3484770369751359849721A544759230AC79E8487D38CFDEAA31A" + + "492E286B10E24B6B2FACF0E6F103B1D4CD6FD2B8784F536C1397B6E791499DCC" + + "5B82C006458793815B2FA016A9C2DB1A690A8005803B60FD1876C11D290F77ED" + + "5E41F63E907F21E645CECD96F063EB3E22BCDA5D80EEEE8BC23379BFD6B37184" + + "82ADFBB84C6E28F86A8367F28A1777E61A1E0EA50E50993957E9715D95707A22" + + "5C7B4071D980FDC13E0D72DEDC6205884B14E523941CC0F1ADFC64109E85ED67" + + "83039EF14C45C5CE54151D679E8D38FB90F5F64F96C8FE23CBBA362C1A17A922" + + "32DB27C43535DD8ABB9C054B").HexToByteArray(); + + internal static byte[] RsaOaep2048_NullParametersPfx = ( + "308209BE0201033082097806092A864886F70D010701A0820969048209653082" + + "09613082056606092A864886F70D010701A0820557048205533082054F308205" + + "4B060B2A864886F70D010C0A0102A08204FA308204F63028060A2A864886F70D" + + "010C0103301A0414CDCA906D503CB0FD77952B3E473FCDA78409868302020400" + + "048204C8580404D87213470B672926374C32E46601DF1B0CF28A28C89E91B402" + + "BBA6F12557D46C36D7C50447651BB14AB488671879C278BF4ED7B3FD1C2C387C" + + "B5491192C552F2617683DB4B8D752CDCC29FD16E711B3D715BAFA893A606F767" + + "8D464A12AD34D74EAFA7872CFD90413407723C3A2344B37BBC801BA5A2FC50F7" + + "F23ECEC60FFF517B942EFB269F7291A568E6CE294A89231D309639228FA3559D" + + "D72A9D51A33A6B112422F63E55C65E8C5B7AC69D04FDB785D9DAF53FAFEAAD02" + + "CCE7A10690EFEED1CB61335B663E8AB05D43148EFADD170205CFD9C0BAE14703" + + "40B2B10BDD0F6607ADF176026183DD62D2E0E52E77AD6945B616F979956ABE3A" + + "E1C193A8BC7AD57DF90F02D52B88761FA85656039035B15D326C7C400D0C1BCA" + + "CE265C8B1B3F48DE1297852055C37C89718383F7AFFEA171795570A2A13EDBB1" + + "22B257A47752A67AC0AA922C69C50939A225B6725FE826A2ADFDF6672196547A" + + "71C25A1FFAE1BCFBC06A20D25F1A0A1C35678E1DD9ECAF3BD1DA1F8B803CB3BC" + + "FE39EA2BF26D4B74F44B6F8BCC43B39B1D51F8B935BFA55DFCFA504B5EA8792C" + + "35D30E40F908C4B9D200C65F89492559265DF46B7659C2F3934EC1F4590F6294" + + "319E03E88105CDE763347B77C30FE66F538DDB7C353563238224F523EC0D7469" + + "1DB8C4D4FD5B99CAF8576A5508A0D537E33864749D790864D78886C47362EEF0" + + "22E5E32B1A8DDA19949317196D641D5B08473A234817E10B2BED5DD9E680B30D" + + "E5E545A1B93819200435D73CE39E083E9F1D19B55E8B0A0BC9144A5072908127" + + "DD9031F5FAF0111FA7D1511ECB5809E49E29DA27954C78CFBE384D2944CDEEB8" + + "3AF2B4C861AD92005ACD0A6374544DC8C89C28BC3FD7A9287BDA231902D8C6DC" + + "3417423BFC82075BB29009C7CEEC69043AB209BE934C6A08A11362E79083C25A" + + "716267098C9B8C054FCD55B8310D559E612273E84DABA24CAFB3FCBFC2068591" + + "0762FFF325599FF882AB2C013BBFED97D21520DBCBEC0EBC03170591A4A98229" + + "0FE8ACD561CE5DECD3C4DFB8C32BB6AB1B8799A8D6515569F37977CE60603D43" + + "87A5D2BF4D62FF0C971B9EE6AE735FC4C047376DEA0EE16A12CDE810A5AF738E" + + "4B454B2CE484D608A07FA18CE4868B6047F1BD377F7A8F16A983E19D9693D677" + + "7F734F7417221B7D2ABC0E74CF9C039FBE16DD34106F88AF25ACCE8F407A5179" + + "EC3BF209E35F5F315F0F0CE064627EFD830DF50CDCF8D21403D533924711B442" + + "3E6DFB65B5AA000EF6DB8D90F57BCC592FE9C6F1A30A7B7FD4D651F4B3E37F70" + + "C6CE0267370B5960C74EE23EE476AF8290114E41A2535FF3DE6A629EA2C87A71" + + "7B3C164E6103222F9010ED4426A2B766DFF4271C1C6A2CF704F1DB1B8A27215D" + + "91115FA4E873A00487DF7EC18E07013D47F59A5014AEE87FD1F94BBFFE72D8E6" + + "CD0BFE40ACD32DC3F8AF7E8E288ADC9ABC75E5FEE7E56C676D25D94F1AFBADCA" + + "7ADB09ED186751211D5A07CE4735508489178B1958FAE7E96A5AF25ED52FDEFC" + + "D72E351096336D4C65836BA62693D6DB3111EB61679EC9AF0D837C1B1C1E08FD" + + "E4413EF1CCA6B61E029195E477DCA8F92DC503A3F90A917730A0B4134F5543A0" + + "877E7A125E7B2B87BF21CE84A811E2D8063C3506DF6ED4BD3E5AD0EB1119876E" + + "C51172FC664C4D2771501D9B977B0579059932DC6F4B6811593CA1B063316150" + + "A4385EF3EE87C2D4A64A2BD2313E301706092A864886F70D010914310A1E0800" + + "74006500730074302306092A864886F70D01091531160414989A932D9FF76F8C" + + "FCAA6B7420276D27B96236F9308203F306092A864886F70D010706A08203E430" + + "8203E0020100308203D906092A864886F70D0107013028060A2A864886F70D01" + + "0C0106301A0414692101FB773A3B21A23929C1ABEFC05DA7FB2C970202040080" + + "8203A021B1E0409E6D0C4D02435D73CEF56BA485245E75AFF29214F9889B3AFB" + + "80529C789BB4F0F366A850F89B35175554DF88A0CD453FB4FCA331ECC5069B11" + + "03B670B745EC8F612896FE1451857232E5444FBA5A52ED963984ED79906D815D" + + "B3F59FB19DAE35D8EC29E71016581AD3BEEF9992A76B776E221C73C47930D7E8" + + "FD378FF254EF23CA3B34B6E75F1F7FDF58688129E4973A18BCDBBD9C5469D6D5" + + "7B08E5377C2C416BC55642EB8C27545BF641500916EAE7A37B7D3346B9EEDF32" + + "3DEB35D07D1E28420950BA40FCD45F2CFB7BADFDFF30D04454AE32A7583A79BE" + + "002B34DFEA8259FC93BBFC67F6FDB428F4E73BB5228FDCFA1B5E4BAB67AF73C8" + + "B53683CCE9A3A255CF66AE2DA79BE727F378E74FA9CFBBD6F30AC1C33D25501C" + + "DFC61E5FD79BC13AD0091FDCEB00BA11A26DA4E8FC08DED37C8E4176C7D9A4D2" + + "A6C91F847AEE5EB07EF37FB45411CC21CA230957F4D9BCDE96CFE8C5E476B5E5" + + "7CC87ECAE0197C77C7977DA5D5E5002D5F51DBA06359B9F5E99448D700ED65FE" + + "1618B347E2D1C9B4425F664DF796DF08110BB72E55D4CA34A9C19D4A00DC7161" + + "8A5C047DDF25AA1BEDB4649ED421F51316B4EAEA1D6B264E86743BB92BFA172C" + + "EF5CE50715D1226505F780D3BB9ED84E30719B88B776A44278360B052A6BCD98" + + "17F0129FAFD37EB2566802B54533D345974E55D3C6EA59A224EE38203B32595E" + + "5FFF6BBD41DADC4220D1202C8C71633A026901F08F2FFF54D4661EB7E4E658BB" + + "8F059DA7F300405E17007694BA1939E473610802F427848B0C7A9C5AAAAD1F24" + + "0CEFB2BDCF0F4F8200B1EAE67430C47FC460B57E65D973FD9852B20B9F7C8009" + + "B9B99A52513264081BE6AC7C4ECEA3E8F702D32C82DB7221F5FD8116971D2473" + + "811BB2C13ED6349F907BD1819B04DF7DB213FB0AEF0EEEAC47D9DD74FB387448" + + "519E03F43803CE1A0CE168C225B8EC2FF5A4F7B7F2E985458DF078C1152C8D8E" + + "0835A762A307AC352A3B6D37CF84B934F857DDC70306D0953CB7797356F374E2" + + "6DD3B96C32BCA6DB98DFC8413B87171955B6758F382C2EC43DE012D9F02E5335" + + "1F8E063C1E0B1896334672D621AF38E153EBCAB7D5CCF61087916CD6107416E9" + + "11069B57359839F7D64FEC244CC8AB35F65C3F84DB80D1657016F69111DA7B63" + + "052205786981FA3E3047FA4BB4876F315235F96FB83F02282ADD202168123C73" + + "A2A8698209BEF3D3FFCE19EACD67708D97194BC77D94784CE85C33ED1BCB82D5" + + "4256318773B4E6A58D1518CACEB03CA74999BF7A898A6BB543413803F77D925A" + + "6D9A23303D3021300906052B0E03021A05000414A0CE79F0E969E2A8F6959B58" + + "6B99CD091DE4E4FA04143FFA346F6E7F8ABDE22A51853C06F365CE21D7D70202" + + "0400").HexToByteArray(); + + internal static byte[] RsaOaep2048_Sha1ParametersCert = ( + "3082032830820210A003020102021000CD1B955EB1EFB9F3BAE8C64D49C16F30" + + "0D06092A864886F70D01010B050030173115301306035504030C0C436F6E746F" + + "736F20526F6F74301E170D3139303432313232313734315A170D323930343232" + + "3232313734315A30173115301306035504030C0C436F6E746F736F204C656166" + + "30820122300D06092A864886F70D01010730000382010F003082010A02820101" + + "00DD16801AF1ABCA05C53DA0863C7719C9719DFB363784F5ADBC0367BB98E873" + + "FD46B06CCE3640BC3BAB450756E8CA7FB336D5EF1FA15BE76C60F06E71F3843B" + + "9155D6DCEA8A3C9D361068FE4AB95064AABB997731E47FDD00AED791A377774D" + + "36A204C851E521325F2BA01616CB5684C8CA628D7A42C8CD02CF423FF9C6EB80" + + "74F5D61E8226A39DAC0E4B051701FB7301C4F85DD4D2DE0FD1D5CC143B18FDE8" + + "007ADC853C08003B86F5D4B97E87124906CF4D3C746CDBDE3B3B8431FB1601D6" + + "4EC6E9EC99C6A5288023F8C15803DD8E85A6621C0714C60FA8062D5E6208FC5B" + + "F1C32B7DE521C0AB1A7E60E444A1230E6BAF605BA35FC1111CDEF6B6E188DF84" + + "8D0203010001A370306E300C0603551D130101FF04023000300E0603551D0F01" + + "01FF040403020430304E0603551D2304473045801419AA399804F91ED61132EC" + + "CBAAF578543F46972DA11BA41930173115301306035504030C0C436F6E746F73" + + "6F20526F6F74821000BEBBAC206CB54DF85376C2D4E0F19F300D06092A864886" + + "F70D01010B050003820101000B8F34A7BBD7E2DEAD1E1025B505DB439A7CC9B2" + + "6D9BD4EC8E0D5A5B3222E0926F5B2F97B888AD2AB8632CE2EEF9878FEED75A23" + + "019B4FFC6583B95FE8E033A75D2293E6A37084E811275E9819311A9E9A5AC9AA" + + "F27031E814CDC7A7DEB99B42D8D24334BD00C4B8066EEDEDA9A19F5AD4720A87" + + "E0EC4299A8F527929ADA9AE72A6D28E5E8EBBC7AE565D645065E0D64FD57F87D" + + "8A3D542EBDF21F3464FC3B3AB33A74A46DCC2658E73690B7BB800B20E30AB038" + + "6CF44C4211FA82A49F2E52BD168590955159B2D82A37421E0A72A11E6AB2117D" + + "F9AB0E0165F0E4C5D4075FE9E21C8B6E783C3EAC67027B4F9FBCA3855FA361C3" + + "C322E14CE938B2FE3A5AF38A").HexToByteArray(); + + internal static byte[] RsaOaep2048_Sha1ParametersPfx = ( + "308209BE0201033082097806092A864886F70D010701A0820969048209653082" + + "09613082056606092A864886F70D010701A0820557048205533082054F308205" + + "4B060B2A864886F70D010C0A0102A08204FA308204F63028060A2A864886F70D" + + "010C0103301A0414F4D52466643FE5A7B6C45AD1800F828B2FED17DF02020400" + + "048204C8C5779FCEF0DE7E5D03ACCF6BCE8126CEE1F35DE299F7CE2ECF36F54E" + + "A95DDFE98D164F8A5BC7A9F6CF39C8B90FCD40323D0C885E6AA5C54D810CD706" + + "A42909972CAA471BF8A6AE1E51D646D95E29507CC018ACFB060B36268BFABC8B" + + "82D01A31B1D492AC016D06BE487A5557793DE1DD1197C9D723C1AF3E9AE2DBC0" + + "640FA18D3998356C2FD6D2A06DFD259E34083543AFEC7F72B85CCE6BE565C430" + + "6EE7B19A039D1F22BF4F3AA3EA272C21AC4DEE6155041CCC0EC2DB68CAED1609" + + "3F328689478A7A25B36A47A6655691F10163220ADA2F436943A68A6AB24D76A7" + + "D12D400EFAE7C6D85FDAF8434CC8C524CB4B3759893536957F06BDB03711DB60" + + "315EB84799C29C00186D4640278640815928679266CD6D767E83EF10B2CCB277" + + "4D1A90D8F64A23CBB3A823A6A7D0BC1BD8B5D2E56E91F3F117D5D88EB88489CB" + + "5CF4522D47DF401D1C8525A89A79D04E7A6A17CC04F4F2D7FF355F91FB0EEE57" + + "C8B8B8CEF5AC41704A303013FE95DDBE70646D9A34A77A4CA283018213E2BDD0" + + "92F3F45A8070E1472A3A1D6D8AD46190620CBD84FC5183F3A03921D9C815C1FA" + + "D1140B6BB1008301B60E58239BDE8AAD68340AC3BAF2FDC00240DB5965C6BCC0" + + "5F58C2B63F36A25656F645425B019D9EC57893245C48C0709827B208FA705716" + + "3CA6DA5441C46B1A76187B7B6D2A286EEA26035ADED73B3B2B3229EC53F04608" + + "60FDA1413CF2B5D16DB55806D90F09CE9D4FC41CB9FDE51869E2650270B042B4" + + "063572217AFF48B3D6B5EFF29575DE8178B2D3397DB909A1F6ED2BC4623D4AAC" + + "F2E56B20DCC6064BD5673F9AFB317372BAC63B9B12CC18E3A8C3EAAF63B2A96D" + + "D04EF4A6580F98C353570ED1F268C4CAB268F6409F972AFE37D42FEC5896AD95" + + "F576F745BA5092D7D0591A894B3C2B922AB76A8BA5523DB6EBB7CA3C63A39436" + + "31CFB8958DC8C327296C2892FBFFD40A66F34195C5D9C8CECEB0596BD09406F5" + + "CE417BAFDF31D0438409D12A8A657B093BF48FBEFE532E6A54EFBA99439CB96C" + + "971BA7CD42CEFA3F5CE46A1290AB16DD451CB5228D6C6B611F1DC3A3856D2689" + + "495949D68921C7AAF01E96F5BDFD365C1D09776EFA1367C8C1613B3EE01FE02B" + + "338600062391E21341C2B2EF0E918FBB30E382DE3011374E852C8AC37EC74220" + + "C1172AFDF61229F02D7774D5FDB33E5B5B44A961CDCF386D3DBB73946E20ADF4" + + "D3F52F21A433AB71217E6AD17CFE85224D4E6326F6BC6FA0DE4B76B433C24767" + + "7D7DCB754C2C5F30F6C50817A7AA7AC0520DAD79BDC5273ACFFF2E08A38349E6" + + "6BE4027344D0BB590C8F9080CBD0D9C0C0DFF360CB53E74ED5922C75CB87703C" + + "3601A7FE69BEFDE8618CC23D05855A7ADB58F18C68A970E6B9B9D16C0147B2E4" + + "279460B856DEDAB4855C529CFE3BC76D2AEC253911DA6A2CB3BC965FB9B43A85" + + "B3EA673724C310698F16E24F9DEAA547095C70736AA559447DE34EE8A80FF9AA" + + "EF79929BF7BDB474A41E7F4D7B509FD195CB8C6B260D92D76AC50B3650CCBA7D" + + "FF11C04C1DC8F5CB1E99CD651234882269212BE7957732C3EF74731D2D349B60" + + "8AB1DB1DF628C1D50842E481ABD7BD15A95196416ECA8870A2AE9EE6B1724933" + + "44DD0B843AE53362CDF4C23BAD8E96BF205B783CC0B810B56E7AFC50F1F91B19" + + "C6776F01D452B29A87326D262F1742902072B4143647E28D821AFC27BDDF4F36" + + "CF6A6857159C43582396C7A2313E301706092A864886F70D010914310A1E0800" + + "74006500730074302306092A864886F70D0109153116041481AC4AB421E0EE3E" + + "783F04B1FD5314632A7CA500308203F306092A864886F70D010706A08203E430" + + "8203E0020100308203D906092A864886F70D0107013028060A2A864886F70D01" + + "0C0106301A04140003F5A90C3AFBADC5D4B269C00550E8291F952E0202040080" + + "8203A085E9E37AC65A1539B96463E46790E461AC4FE12D09E72B584C47332342" + + "1446095C926D54A8154CC5237E41F3DB93D5AC96600A3FFA115BBA90942D35D3" + + "4C540FA5FE7C06BE6EBF432AE0674D0BBF51F5AF54A00FE6B0779F6D24133632" + + "EFCB75AE44022F8DAFA05D82BE8704E4A2F331CF4DED131C9DE7C2BFF7871539" + + "724AC6425922C9D8C4DD45ECB1957FE3A97A0CCF8AC38FF6B8969C310ADA5AE9" + + "DB43DF7556AD724702D82B334738543B8B85723F1DE520EFCF3F15BA72BDFBD4" + + "CE9A3B858D812317341605346DD17569FED134D7FD68F628CA4C888883FF8BE1" + + "9AA25E24AD46AC4FB9672B5FFDA7FDA340C611E4D7E8761EAC8A3D9246E4DC1E" + + "D1A92263E8ECFC9A9BB676CEF3E413D159F475EEBD7707889E71E6F799740B3C" + + "E56A1EE57752C7A979DBD90EFFE1E2AD2B17685BCD9AF73F59532225C648E2EB" + + "7BEA8CB81CE5705F922657F8E5EF4F32C8F4426F2E5C9664EAF7AFF9C7FA0975" + + "E1A3AA5509E0931AB471B7B9C64A08E9A103F47C4C4430D7D9EE848094B6268A" + + "9C7CD811763CB0344B6AA1CB3C3A9964628BA348A93C75C2755F7E11315609A2" + + "27BF54010948206501C92D3551B106DBC15EB596E1141A0CA48B7D655A13D0D0" + + "E35473701AC38936102905C4723CC84F01C74DE854DB3AE352E0514F4AFF54CD" + + "BF4146A03ADB72909AB999CD21733B9C5065FA5165E27A6ABD89AF8754D9C010" + + "0C76A2976CDF958FBB0B83C15E2CA8C80397B74E43ED388C80FF4A05BA13928A" + + "61077A56BC6064098D4EDE315A6E96B2C30D3B48102896BD1B9E1D0774F1CAE8" + + "9AE21A0A0162CA05336E82351DA659F3E8231467C40B28774D639848FC435B12" + + "4D5BEABC70765F021E9B04823E33D0A62C00CC3206DBDC5A65E3A6404241E715" + + "2B3C942592A0B1655E9C1BFBF87E5643CC227258B64F3BE8266A91F2D4DCFB48" + + "036E6AF7B81069EB66AEEB50C8BFD9129C51B518E15B4BE8BBA60989DF77852D" + + "C3B394BC2A17BCE4A9C935DD1E51F8F672B5DFE18EB1A414791651B4875C1F45" + + "7BE8EE0D3D1DBA0869513879E8D9338F993D4E57267DE23B7015D744572BDBDD" + + "135E07793F3E24E04638772645DCE8325D7DDB9803E2CF7BBCA9792F0EEEE001" + + "5D9621D316D83CD90E7F5451F2A8F9264A5F6FF6AE85325985F31854421D82B4" + + "60F4420B9F3F08608CDC79F15F1D0096A8580225AE9BB81EFB85E56C80A08AA7" + + "D70C42B1CF6DADE96D635574847F84AB9DD15FE1E393DEAF368FACB2F03D45CC" + + "52C4F6A3BE155B7D32D46738200062BB36B53D7CE3FAF2DE04A83B42544AE212" + + "728658303D3021300906052B0E03021A050004144200D15CFF93500F241D12EA" + + "D690D3DB9CDE40A90414E9656D02B74AD5F7C1C9ECBEECDAA9F91B3B3E3A0202" + + "0400").HexToByteArray(); + + internal static byte[] RsaOaep2048_Sha256ParametersCert = ( + "308203573082023FA003020102021000E632D0CD2B7885DEC18B874E9DEB2930" + + "0D06092A864886F70D01010B050030173115301306035504030C0C436F6E746F" + + "736F20526F6F74301E170D3139303432313232313734325A170D323930343232" + + "3232313734325A30173115301306035504030C0C436F6E746F736F204C656166" + + "30820151303C06092A864886F70D010107302FA00F300D060960864801650304" + + "02010500A11C301A06092A864886F70D010108300D0609608648016503040201" + + "05000382010F003082010A02820101009773FC00EF371FCEBE2145563A29A08C" + + "608EC3F24FB1976594876E3D168BD744BC665C061B75F0B0ADFBFE90967ECFAE" + + "522A30A38457656F0D620C8CF4632D9B879F80240A0F6304CE276F5641C3B756" + + "995202CFA14E6BC777235D942B517CA963A5AFED7B595569877E3EA645A6D887" + + "10975FD8BB213D58F50DBEE58A3716D7EFD2171734CD17E099513F3225366C6E" + + "B91B0946FDC8F6745A15FF15EB71E7C2C6537C9E3CB95F38E9A571496247C9BF" + + "118B2A361AD47B6122D4E098095105F8BE7C031C7CAD1044F44849B794379235" + + "27AED01CC9E8605BA7431956E7ECF4B4A829A36C77FB8353AA8966EAE05219DC" + + "0BA45F0E41F5B6B91D954148455055450203010001A370306E300C0603551D13" + + "0101FF04023000300E0603551D0F0101FF040403020430304E0603551D230447" + + "3045801419AA399804F91ED61132ECCBAAF578543F46972DA11BA41930173115" + + "301306035504030C0C436F6E746F736F20526F6F74821000BEBBAC206CB54DF8" + + "5376C2D4E0F19F300D06092A864886F70D01010B050003820101004629B34FF2" + + "9208886EBFFDB0C54F935394F33FDC2F4B82C7EA1A18E0630905906D8DFF23F8" + + "0D79848584453DA67D65FB8E4C8C5D53EBF864B1414B43AEB89276C6BF0C0870" + + "6545E90C14F033ED8F47B6020E6FB87AFE0C41B3A5DCB5ECA881D519759D7EC1" + + "093A21C38CAE7202EBFA99FE94121EF89944EA68BF92C8EF605D6C9EFCA0D849" + + "D4E775AE0EABADAFB83019A323A0CE3544B9F877546C5B0043730E8F1342F332" + + "5AF4683C73BADDFEF3518B0A4E015A10BC6178C10E3AF6A11430A9F102E59B5C" + + "C44593D76E1A80D29932CF3A4F170F4516AD3666108BE1CE17FD74E266DE6B7E" + + "2F7DB1215D41CE515B615167083E8EF4A3A54607EC7D14A0839A58").HexToByteArray(); + + internal static byte[] RsaOaep2048_Sha256ParametersPfx = ( + "308209EE020103308209A806092A864886F70D010701A0820999048209953082" + + "09913082056606092A864886F70D010701A0820557048205533082054F308205" + + "4B060B2A864886F70D010C0A0102A08204FA308204F63028060A2A864886F70D" + + "010C0103301A0414E5DDB04EF6C37EC860C8F2CD89330E233C6732A402020400" + + "048204C8500596DD0681F7DAD596776609BB7B87D9D4163DB7FDDD4814771FC9" + + "F022BF51CAEDF359C2FE122ACE3409EEAFD0231AB4F935FFCE3ED94FAB187A72" + + "332AB58C59515412F10184AB793AD31A483BEB0D4D51757E9C069BFDF3803801" + + "95DCC13ECA7DC5F8F89E25DF0AE364A88B6621707352AF566C8E3342ACD4AB0D" + + "DF49651B755EF8837AE1690EF1FEB85AB3550EB618CE9FE74213F85806CF8A1A" + + "3575F994F4F6CBFAA81DBAFE07ADEBDBDD526054749219B1745C246E66CCBEA0" + + "2B8B00A68AF82BB2EBA9F57C58B0BD10D0CC646735928AE4AD5229192416658D" + + "BEA6B46E7C161E1ADC228478BE8DAB604988A41408D95D352B7270B837102784" + + "2C9FC6763770702AB4FA0F408CE67AA65650C8E399F311E32D7EA162304460AF" + + "5719B36D2064A6A00B41B264B26939158C261FED9E176E9BF7C29E66C54B9614" + + "0957315A65F04EE868B0A18018A763073C320E322C1AA9E767AA788B7B045626" + + "D1C51DE5BA8C74A82D4FB7892AA6E628BA874A79BBF17E6764BE4D600DE83673" + + "86A8D182E44E67EB74806606429420AD3A102821323A58718FA5CF45711AAE82" + + "072DEDE5122CA829D9B29DE4B6AECE54D5C1C3E6732A943926A658E8BBAEF062" + + "8128DDB63000F7958894F38167F80F1F7CB204C4EB7A7F34329E4D0D9DC5F75B" + + "7619AA40A7D7FFAEDA481BB0720E9705F1FEAA93B2A30DF3A1E5BA5BED5F15C6" + + "CD2B4E58EADF9C533F03FCEC1ACB4FEF64A11A190AAD270B33CB6E088AD6EF61" + + "C16757FE5B5907D7C7AD7B0306521703B2363D3CB8EB4C2D53FB6941DA9A05DE" + + "41854F18F8F7DADE6D615DEF8F8ADB3C94722B68EC811F4C26A59210005C89A1" + + "5D3B8D440BD859919E3D83427A7A758CD3F01E5050275F3131A25624AF2ABA7B" + + "98F38A0D5867EEC386F69A6B4A02FCD906D5DF1A70FADC0DEFF1421530395894" + + "84C99689821BF286FC9074C5C42AA31790947B0B5D86BC775F764EFF6E42A514" + + "603624FD8AF0DE2C1A76D9AE94807A69449B569979B1AA3FB5C9C33E12C9A6CC" + + "4B4E02C4FBCC8DEF3D3A176ADA3BC21615E01596AD45E2479929570BE4752C38" + + "CCEEBB5C1DAEDBB85E9529E5ED6A5D427B4ADF572C8F5BA75E538BEB3A8CE059" + + "3FA05AB3779912CA314CD2DC4B801D5FFAE7F0FDDACD71EE4483FDC32F0CBB62" + + "AE18D4DE521AD50EFD4E8D34586CE208D6CD74800A3FB0E869746D9D9F64129E" + + "9308C0AD94B4A788C9B0F9E689F9B7B132368C701D79308D716347BAB6F66219" + + "94B00B06A260B3F71B3477BFE363C4D2CFB26ECBD54B0D83F7F399A1A60ECE5F" + + "7DEA546ACD40F94F01DFBA2814F760BD9FFC36F7C04104D1897B6928745DFB53" + + "5F9B297EE6E0F1301402CE8413D2B4AF18024D356EFEA7444FA4ABA371F49706" + + "FE050E2697F8A57D917A18BA1049BC6CB4CD5BB0E60313C06259A792B18E086C" + + "47B7052D47BA524391F4B03BC33B175176E9E223C0ED55CCBAFB4C228BCFA862" + + "BD1A28D38AEF249B7CD6A5D54B27A31CBD48081D26DD4F8ACEB54519969E98F0" + + "E550B14F9BD123D0BC687B12FB5D4703AE971C6528435DEE49C8C919DF9FF27A" + + "B1C28944694890C3CAF085ED60CEB25B2F77B71EFDB0E4462C42A2D4ECB9BB80" + + "ED7E63724548295851BEC017A2FF662EED7DE5496C3A03B2E66722AB61437EFB" + + "D1FD01A1D38FCF8D7088E44FCDDB46B04C3ED8B1A5957B414952EDA21F134BAF" + + "B63DAFB9EA61D1E6C1B7FF07313E301706092A864886F70D010914310A1E0800" + + "74006500730074302306092A864886F70D01091531160414A818F5D36906905E" + + "2F6FA5BFF7829502427B9A573082042306092A864886F70D010706A082041430" + + "8204100201003082040906092A864886F70D0107013028060A2A864886F70D01" + + "0C0106301A04145D4F6CE75AFE72F271F5ABF7D4222AEC5F689C1E0202040080" + + "8203D086644BB639A1348939D6F67CA12354E69D27B92D36C6DBF62D6565B58A" + + "920992B8E5EB63078E73F4CA3FC66EAF9772FB35A7A6C514A9EEA4C84CDED3D5" + + "0D7CE9B5105D5D43273995E83BFDC2E30769007712FBF949B4B9DB584508AC25" + + "78ED447FB17B6D289601F1ACDDB5D5C9D511366F48E0B1A1D1F80F81957B0C71" + + "1BCD3DE8D2B7C166DEEE93994B9845D6719376F0DE335F8130B8AA0478837809" + + "D71BFC6430BCC4939C5E6329694E6E80097888007C80DD6733633470D5234728" + + "4C17257AD610BE367A7383C1AD98F4499C0ED644EC840FF119EEA82F9B910E2B" + + "53BC6C430D629696DA5AC7C24099E334A4DF8FB28B5A21CA05A72D3590307B5D" + + "D0B68C6F76BAD7EC14D4732F0BEAE723D111A2DC31AFA06E55E6837FB8706289" + + "45EBCF4B4AA6A6998E973BBA5EB853B3BEC95C81736149A8173ADCF319DB9CFB" + + "C10BFF450B9C026ABB4A5887DFDD6F5B8F19D6D59ED2CBD3113F867414E21647" + + "1E963878D7292B2749FABCC7982AB187A79BF74BD591D8523B4E2587C4714E94" + + "FFE21193A28DD72C4C947889674A7EE0305433FDE0572D8B69881491EF03D963" + + "9A0A9D8E65F234DF51428C662DAFDB68C7665DD917EBD1338AF36CA418B67632" + + "B4C057D96E400E571C31F7FF75291013E8D092648109E1366F378F86C4311678" + + "67932071DBEB100DF01F95E7B9262F06DC6393ADA419AB583AF78F94E7FB72D7" + + "C4AB90F52D94E309152F07C349625AD67D7B922990E82CF79436AFB5DA314DE5" + + "AF55FEF6E70442334E8574A7FAFBC5DA56A72E87ED56ABC84D6389BCBF0C54F0" + + "8AFC841522F41A90CA11B5597E0F822B20177FCD15B74AAF975601DCCD628C0F" + + "B33F5BA273D33CD8647CC681EA44F7DC452F2DC6750CA88E0D8FF1C2A9132D53" + + "62F1A57F87E778969B88ADA6D9F8AF1C404D4AB9730E44BFAAF7080481C8B066" + + "D4FC8B0C47AF90926D7A91C95C6FC5CAD275DBD65BD0835BE93DC30AD0ACC2A1" + + "942F29A8D28C20D0F1220C9AD981896BA50E99718CAC9D48963DEF98BEFDDDE0" + + "32FFD89374716F1946E922AF828533BCDBA7865DD50F190F526763D008B8F44F" + + "EEC22E7C90F86E24EEABAC404FE49AF49787A31FB7FC2AEAA04C114F64A4DC68" + + "ACEE48F7AF3939CED423A9664D25B906EDA43AC2EAE0E571B857199C9AAF4858" + + "F4DFE1F83BBB15D2889FA7B1EE3CE768445007F5949C2F353C3A405EE7842E4B" + + "6FC77F1A26042DD5D182C44A21AC6ACF1A43FC9498664A7A722E90AC297078E0" + + "633BFB83D85DAB26CD9462364FF161BF9CF194103F6D91A6D28B7284293FB55B" + + "3909151C85CFAEB5F5633E82D5364725EFA4CCFB7F62454399BEEDF1FDCD64A7" + + "788822C1BE1A53B5B4FBF60039AF86B12E1B1E303D3021300906052B0E03021A" + + "050004144E291DFD7C40F48494D521D4939815FF16938E220414732425C273E6" + + "923C8F31AED55ED4BA1110E70AEA02020400").HexToByteArray(); + + + internal static byte[] RsaOaep2048_NoParametersCert = ( + "308203263082020EA003020102021000D90B171E0AE0BB7FC73832CF72AB8530" + + "0D06092A864886F70D01010B050030173115301306035504030C0C436F6E746F" + + "736F20526F6F74301E170D3139303432313232313734315A170D323930343232" + + "3232313734315A30173115301306035504030C0C436F6E746F736F204C656166" + + "30820120300B06092A864886F70D0101070382010F003082010A0282010100D2" + + "12A4429CE6557322B0558BACB0DE8CABEC6FCA8E57C58125AFE1B91F9A79FA0E" + + "59CD6D580F139A80378DF000AC6837E303B0C873A31ECE01C604CED463160DDC" + + "8842447FB36C4013D3DF4039BF0C24DF522914AB6FE836E465114A80EF5C46D4" + + "6ED19222A7C92294BE39966D814A24A996E9618A055A24C7A5E4271BC6BBB7AF" + + "E29667CABDD4216CB286E8D95DEECA2AAC0D6E5D15B7BC6CA40BE80C0FED9830" + + "C8D933F871244BB69A61F8CC10BA1D6BB3402B8542D79BFCE2E9BD7D91D4E118" + + "F7E0181148EE8F6A665492B00E28F2A4F2481343A1BD063B86E11C67C74B0D49" + + "8DB0AD1B84A013D6E89184BEFDF87CA9DA2DE2C62FCCF056B48953C696AB4502" + + "03010001A370306E300C0603551D130101FF04023000300E0603551D0F0101FF" + + "040403020430304E0603551D2304473045801419AA399804F91ED61132ECCBAA" + + "F578543F46972DA11BA41930173115301306035504030C0C436F6E746F736F20" + + "526F6F74821000BEBBAC206CB54DF85376C2D4E0F19F300D06092A864886F70D" + + "01010B050003820101007522F8814F534DB7EA5D2A1DC9D0344D4C4877F291FB" + + "7C4DB42D172C431A9C81267F114D8E4197AD90854522E4D55D4B211C7367A5FE" + + "45478971642AC940A6D66FB6384AC437628B8679C2495FA35B3998B852DDF59B" + + "3944FB15577B3FBD9F104A823A92E09AD7CFACD886B363EADF2478056D5CCB97" + + "B233762DE31525E4FC6733E2CBDEBFC282E3F6B467BBD5932C89B92D0EA7A8DD" + + "5C44AFCAD2980C6A24B8DF83E743CDC2DA3BB9188D01C8C8F596BBA5ACFE2E7A" + + "21FE0F3D753D409AE08E34208C1AD07F70B73B97ED62DA6B8959232585BA5AAD" + + "6AFFDD7D7298CD80D42B50AA7DC6A317BB7B2FE9EE95AB1FC8E3C1B2392D5750" + + "45DC4D41362F8C83ABED").HexToByteArray(); + + internal static byte[] RsaOaep2048_NoParametersPfx = ( + "308209BE0201033082097806092A864886F70D010701A0820969048209653082" + + "09613082056606092A864886F70D010701A0820557048205533082054F308205" + + "4B060B2A864886F70D010C0A0102A08204FA308204F63028060A2A864886F70D" + + "010C0103301A0414993C8510854D2E0B2E6A93146230548B5EA6290602020400" + + "048204C8BF5DCE211704D21DAA9C8F855657C889DB6F5B29ADA8F9DF721A159A" + + "A3CB9899904C80B382EEC08767A6C7AA2B3FFFA13F41BF5FC8205DC70EE9F4B0" + + "49D270D48EBD290157267DA0393F2746032B9D6F6C7594FD3495DFA6FE4D0D84" + + "DF9E8091620DA4219BA65031CFCFF3F0024DEF64E47681806FEC30B625DBA88B" + + "823B7120835E8DAAAA8A8E110B9DBA537426C50099B7824AF3451EFC406AAB22" + + "C5B3698CE2A73C222392960699BA3F3AEE9F089C299DF80D720489424596D1B1" + + "8538AC963F9C0E545ED6DDAD79DA3D401CAD32D5F88A1025E8491D76AB3ADD3B" + + "36500B8DC4D3FE6F5E5A1819AA767C5BE7344C985821D88CAFE9914F6388C0E1" + + "E715F4A1B7BA67A4687697FF8632756101C70CFE6ECD4711F1DF8694D1A7DAB1" + + "6998C6D96BEF5DEAD2FB97E36B39ECF794DCD057544878FA55135F71ADAFE8BB" + + "A0249C3208E6B56E310767984F9E405389F54732CD6FCF9B2650E1ADA2B2AB1E" + + "298C549D09050A2C004F1D4F491070FC9B115B06EE2AE30939A836E38CF1FA3C" + + "6B39373E61AA64F030E772F78A49C6CE6762A2B3F1D771B1FE17669906E26042" + + "54158DB5D4B5E8965D267B99008FCB36A9B2A3EA83E534DC255BF1B0C79EDBA9" + + "86623FDC395A59A2D95EB0A7E1D67899ED84F7F832B2775E4DA9ECBA63253E65" + + "7E509442E4A794E93E2A24D1672939D69EDCA784684781A5B40A98F5E6E61F0B" + + "72918E04847070C5C1E46E9156A3E25849B2F701E8B11FAE6A9C949DFD70F106" + + "9751D120A93B6BBF8C14A7419E470479C32FCC3824CB3F56A1F93F0EEAC3A402" + + "26CDBA64FACCCBA3E09888B920ABCB9E18D8F1E673C3D3B6475C1E406221571E" + + "C92FFBCCB2FE9F110410196FEBC905C6926D25E717ACA85EC10B456F02B11561" + + "467B152A74BD263F26C636FEF093D03AA8FD880E68692B3808C6BA7152A16A50" + + "E82000A04760C86756FF0EA382EDA8571AD0181F98EC110B278493512F052B2B" + + "95E0CF3798A9A54C688661746DAE65603BD43F990CEB0D0CB53DA780494E59F1" + + "608E5B0C150C044CDE74870225A2F932D69D27ECDDC5EC3818D043ED363F27E8" + + "F55D9B9396E439B8A3154B4E7F2BE160615220FA327253EFDEC5F19B6D51E0B9" + + "1E513D17A6277066C866E59123019025994ECA8BAE4CDDD4021E2497A8C62DBF" + + "A22711832CCFE68824D0D410933DCEB1A15AE4ABEA523D18E8417A161A508796" + + "CDB9B746A97EF90A1E0597C82B148DDE0572A1AFE212670509FB4CC3FB6ED3D4" + + "A85372B85EAD17EBE704D97B976D4D157F58DD5D6E3EA8C307CEC87B936E4950" + + "BB136131001E937184B5973D4038DCE98C15E68C0951286AA8D676913A67F3EB" + + "1291F96326EC0B8A0B4DB8DBD9E11390B0AF1772B247A3ABE572367B8A4B6FC0" + + "36AF30130DA7D148540BD294438509CD879AAC3F62357C52914F58AD2B1BCF3F" + + "0DF373314423F64B3687D692BDFE595F478BC6D879F4DBA572063B8648EB59D6" + + "DF4B1BB6BD01B1B077195CAA63DD2C927850A0AF54A8711A929EA899716B8928" + + "CB9E559AA4C89B06D3C8A9FB2C64F9A61763A532FBA9CD03F6A750560893B3D0" + + "F32605C0C9D260FA5DF10EA9498A19FD1BA8C35FF988959CB76CB178DB3AE544" + + "2AA3DFCAAF79595A85D8EA3BDC860A06A1176D95EF72E66898E06D3357CC434C" + + "A2F46E9B57C5FDEBDD23B23186D9DF280FC05B326013FD96F44BD56E54B90A59" + + "AA21865A576FE43C14DCD8DB313E301706092A864886F70D010914310A1E0800" + + "74006500730074302306092A864886F70D01091531160414C8FCFD94B774494D" + + "0B5A9187550D9562468B86C8308203F306092A864886F70D010706A08203E430" + + "8203E0020100308203D906092A864886F70D0107013028060A2A864886F70D01" + + "0C0106301A041495480C3C3F897F0F2763D2A8A89AF4F546485E800202040080" + + "8203A0C9D6ACAC66EEE46EA9B5A3188623408790361FFEE1BBD67D1CEC14A22E" + + "9F90D6F65CEADE7B1A25313ADAB523FFFC47FB41A953C8E4414E834FB51CEB1C" + + "853F6FEC9FDCA5CED07BB8DD695D728DE4CC2B2EE40F243D4CDB6A20E7EDDC2B" + + "32B1A570A9EC50360D5864774F0C04501FCEB9BFBAA3B76CD3855DAE042D3FDC" + + "884F6673F77AFBFC9FD1344854E3E26996E6493C8C39C86077FD998B066E56B7" + + "3F3CE9175CA6369780D92EA4F8DE7BE7918670B6BA044DCF5C39BAF85FC305B8" + + "16541B335A6D528945DE6047ED8A30AC1B1292CD3E2050F5665E9DBA4816E053" + + "6E45EB3C2D271C1D4FE4C44502E298B9958351EC282DD218701A7B06E85FC7FC" + + "58EA1C69FC89326D1936A5E485DEF9DB036C76CA1BFB1E9C2EF926E0076BADC6" + + "6164905F62CAD6AD8042C269F91AFF5508E3DB16CFDD966D8A88A03F446AEBBC" + + "A56A17E525770A51D2595E7605DB4864FEE301B0376C91B416327C635FBEE114" + + "3F0D686FBF77758831F4FC1984E9274D2D4C463A4EDE3864DB1825DAF10C3FAB" + + "BDAAC3A0127226356DF027C91D01210F9D1E2449A25C73A882BDAC43936EC224" + + "4CA0CF84097BE8381014564B64F012739F97B91AAD04AFEA1C7BFCCAD998A693" + + "8204DA560F510B1EA3E4B99908F25058DCFB0032C51E6DDD7D6BB4A459833B5A" + + "5295F727B7A306A9DD43A537242F527BCEDC633BE50A5699F4AC39E1DBE54867" + + "654BC85E5FD43594FE00F1F86651E43C4D9BE7F86ADFD862BAD7801D68D124DB" + + "4A90CB71DF4AF601A05E65D5F4D48B21F1E5151AAAFE899434E5DE503D217867" + + "73F7DC27AC46B35E02AF1102BD39285E8DBA07E425947D2100DAA3A6CB263F18" + + "32AFE5BC659A28C67DF8572BE6360825BBC837BEDA8B87EE10A38C3682FC1C2C" + + "2ABFDD0AA11C4DA433B9AB1927F9B1955814EE044BCC095BDE4BAB05C245E211" + + "7FCD5FB503CBC918B48E6D7F2E4D12693B01D8969956E92AC49E54A63879F113" + + "52D8EFA103CE559D071F430067B05FBF68B5DC54FD25BE68CA054170E777B575" + + "E4355674DB504F9480AA7ADDAEB2295C964689561ED6A909F5C279E6F1EF1CAE" + + "94202A9073B1CDC5746E7EC47D60B927C661E39E305051CC77CE54EDF4F199DF" + + "7C67596A9264F6AA7D6AFE955116BC100117E41F361A2C9F1DA8073B8D184037" + + "EC9E23DF5F346E16D2B7F713FCE053CD815E783D13EA8CDEF7ACD014BB4B1D3E" + + "EC46C75DD09C005ADA5F8DBEAC2B47D5B77F31A967B419FA57A61C661CD10903" + + "D8CEBD9820ABEA3089F4387471FBEC87596FD036CC448F37B775538AE72C5AF1" + + "9502F3303D3021300906052B0E03021A0500041484BFCFD2BED79AAAAD26AFCC" + + "CC8F76FB6FD9D40804143A666EE41B085688C62A85EC7964C0FACF0512DF0202" + + "0400").HexToByteArray(); } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/GeneralTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/GeneralTests.cs index 56b1215..4f6bd83 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/GeneralTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/GeneralTests.cs @@ -16,6 +16,7 @@ namespace System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests public static partial class GeneralTests { public static bool SupportsDiffieHellman { get; } = KeyAgreeRecipientInfoTests.SupportsDiffieHellman; + public static bool SupportsRsaOaepCerts => PlatformDetection.IsWindows; [Fact] public static void DecodeVersion0_RoundTrip() @@ -286,6 +287,40 @@ KoZIhvcNAwcECJ01qtX2EKx6oIAEEM7op+R2U3GQbYwlEj5X+h0AAAAAAAAAAAAA Assert.Equal(contentInfo.Content, ecms.ContentInfo.Content); } + [ConditionalFact(nameof(SupportsRsaOaepCerts))] + [OuterLoop(/* Leaks key on disk if interrupted */)] + public static void RsaOaepCertificate_NullParameters_Throws() + { + ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); + EnvelopedCms ecms = new EnvelopedCms(contentInfo); + using (X509Certificate2 cert = Certificates.RsaOaep2048_NullParameters.GetCertificate()) + { + CmsRecipient recipient = new CmsRecipient(cert); + Assert.ThrowsAny(() => ecms.Encrypt(recipient)); + } + } + + [ConditionalFact(nameof(SupportsRsaOaepCerts))] + [OuterLoop(/* Leaks key on disk if interrupted */)] + public static void RoundTrip_RsaOaepCertificate_Sha1KeyParameters() + { + Assert_Certificate_Roundtrip(Certificates.RsaOaep2048_Sha1Parameters); + } + + [ConditionalFact(nameof(SupportsRsaOaepCerts))] + [OuterLoop(/* Leaks key on disk if interrupted */)] + public static void RoundTrip_RsaOaepCertificate_Sha256KeyParameters() + { + Assert_Certificate_Roundtrip(Certificates.RsaOaep2048_Sha256Parameters); + } + + [ConditionalFact(nameof(SupportsRsaOaepCerts))] + [OuterLoop(/* Leaks key on disk if interrupted */)] + public static void RoundTrip_RsaOaepCertificate_NoParameters() + { + Assert_Certificate_Roundtrip(Certificates.RsaOaep2048_NoParameters); + } + [Fact] public static void Encrypt_Data_DoesNotIncreaseInSize() { @@ -338,6 +373,32 @@ KoZIhvcNAwcECJ01qtX2EKx6oIAEEM7op+R2U3GQbYwlEj5X+h0AAAAAAAAAAAAA Assert.Equal(expectedContent, ecms.ContentInfo.Content); } + private static void Assert_Certificate_Roundtrip(CertLoader certificateLoader) + { + ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); + EnvelopedCms ecms = new EnvelopedCms(contentInfo); + using (X509Certificate2 cert = certificateLoader.GetCertificate()) + { + CmsRecipient recipient = new CmsRecipient(cert); + ecms.Encrypt(recipient); + } + + byte[] encodedMessage = ecms.Encode(); + + ecms = new EnvelopedCms(); + ecms.Decode(encodedMessage); + + using (X509Certificate2 privateCert = certificateLoader.TryGetCertificateWithPrivateKey()) + { + if (privateCert == null) + return; // CertLoader can't load the private certificate. + + ecms.Decrypt(new X509Certificate2Collection(privateCert)); + } + Assert.Equal(contentInfo.ContentType.Value, ecms.ContentInfo.ContentType.Value); + Assert.Equal(contentInfo.Content, ecms.ContentInfo.Content); + } + private static X509Certificate2[] s_certs = { Certificates.RSAKeyTransfer1.GetCertificate(), diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaOaepCertTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaOaepCertTests.cs new file mode 100644 index 0000000..9d00ba0 --- /dev/null +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaOaepCertTests.cs @@ -0,0 +1,76 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System.Security.Cryptography.X509Certificates; +using Xunit; + +using System.Security.Cryptography.Pkcs.Tests; + +namespace System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests +{ + public static partial class KeyTransRecipientInfoRsaOaepCertTests + { + public static bool SupportsRsaOaepCerts => PlatformDetection.IsWindows; + public static bool DoesNotSupportRsaOaepCerts => !SupportsRsaOaepCerts; + + [ConditionalFact(nameof(SupportsRsaOaepCerts))] + public static void TestKeyTransEncryptKey_RsaOaepCertificate_NoParameters_DefaultToSha1() + { + ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); + EnvelopedCms ecms = new EnvelopedCms(contentInfo); + using (X509Certificate2 cert = Certificates.RsaOaep2048_NoParameters.GetCertificate()) + { + CmsRecipient cmsRecipient = new CmsRecipient(cert); + ecms.Encrypt(cmsRecipient); + } + byte[] encodedMessage = ecms.Encode(); + + EnvelopedCms ecms2 = new EnvelopedCms(); + ecms2.Decode(encodedMessage); + + RecipientInfoCollection recipients = ecms2.RecipientInfos; + Assert.Equal(1, recipients.Count); + KeyTransRecipientInfo recipient = Assert.IsType(recipients[0]); + Assert.Equal(Oids.RsaOaep, recipient.KeyEncryptionAlgorithm.Oid.Value); + Assert.Equal(s_rsaOaepSha1Parameters, recipient.KeyEncryptionAlgorithm.Parameters); + } + + [ConditionalFact(nameof(SupportsRsaOaepCerts))] + public static void TestKeyTransEncryptKey_RsaOaepCertificate_Sha256Parameters() + { + ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); + EnvelopedCms ecms = new EnvelopedCms(contentInfo); + using (X509Certificate2 cert = Certificates.RsaOaep2048_Sha256Parameters.GetCertificate()) + { + CmsRecipient cmsRecipient = new CmsRecipient(cert); + ecms.Encrypt(cmsRecipient); + } + byte[] encodedMessage = ecms.Encode(); + + EnvelopedCms ecms2 = new EnvelopedCms(); + ecms2.Decode(encodedMessage); + + RecipientInfoCollection recipients = ecms2.RecipientInfos; + Assert.Equal(1, recipients.Count); + KeyTransRecipientInfo recipient = Assert.IsType(recipients[0]); + Assert.Equal(Oids.RsaOaep, recipient.KeyEncryptionAlgorithm.Oid.Value); + Assert.Equal(s_rsaOaepSha256Parameters, recipient.KeyEncryptionAlgorithm.Parameters); + } + + [ConditionalFact(nameof(DoesNotSupportRsaOaepCerts))] + public static void TestKeyTransEncryptKey_RsaOaepCertificate_NoPlatformSupport_Throws() + { + ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); + EnvelopedCms ecms = new EnvelopedCms(contentInfo); + using (X509Certificate2 cert = Certificates.RsaOaep2048_NoParameters.GetCertificate()) + { + CmsRecipient cmsRecipient = new CmsRecipient(cert); + Assert.Throws(() => ecms.Encrypt(cmsRecipient)); + } + } + + private static readonly byte[] s_rsaOaepSha1Parameters = { 0x30, 0x00 }; + private static readonly byte[] s_rsaOaepSha256Parameters = { 0x30, 0x2f, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00 }; + } +} diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs index c8b1d98..a78a8bc 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs @@ -7,26 +7,37 @@ using System.Security.Cryptography.X509Certificates; using Xunit; using System.Security.Cryptography.Pkcs.Tests; +using Test.Cryptography; namespace System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests { public static partial class KeyTransRecipientInfoRsaPaddingModeTests { + public static bool SupportsRsaOaepCerts => PlatformDetection.IsWindows; + [Theory] [MemberData(nameof(TestKeyTransEncryptedKey_RsaAlgorithmTypes))] public static void TestKeyTransEncryptedKey_RsaAlgorithms(RSAEncryptionPadding encryptionPadding, string expectedOid, byte[] expectedParameters) { - KeyTransRecipientInfo recipientInfo1 = EncodeKeyTransl_Rsa2048(encryptionPadding); + KeyTransRecipientInfo recipientInfo1 = EncodeKeyTransl_Rsa2048(encryptionPadding, Certificates.RSA2048Sha256KeyTransfer1); Assert.Equal(expectedOid, recipientInfo1.KeyEncryptionAlgorithm.Oid.Value); Assert.Equal(expectedParameters, recipientInfo1.KeyEncryptionAlgorithm.Parameters); } + [ConditionalFact(nameof(SupportsRsaOaepCerts))] + public static void TestKeyTransEncryptedKey_RsaAlgorithms_Recipient_PreferredOverCertificate() + { + KeyTransRecipientInfo recipientInfo1 = EncodeKeyTransl_Rsa2048(RSAEncryptionPadding.OaepSHA256, Certificates.RsaOaep2048_Sha1Parameters); + Assert.Equal(Oids.RsaOaep, recipientInfo1.KeyEncryptionAlgorithm.Oid.Value); + Assert.Equal(s_rsaOaepSha256Parameters, recipientInfo1.KeyEncryptionAlgorithm.Parameters); + } + [Fact] public static void TestKeyTransEncryptedKey_RsaOaepMd5_Throws() { RSAEncryptionPadding oaepMd5Padding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.MD5); Assert.ThrowsAny(() => { - EncodeKeyTransl_Rsa2048(oaepMd5Padding); + EncodeKeyTransl_Rsa2048(oaepMd5Padding, Certificates.RSA2048Sha256KeyTransfer1); }); } @@ -43,20 +54,20 @@ namespace System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests } } - private static KeyTransRecipientInfo EncodeKeyTransl_Rsa2048(RSAEncryptionPadding encryptionPadding, SubjectIdentifierType type = SubjectIdentifierType.IssuerAndSerialNumber) + private static KeyTransRecipientInfo EncodeKeyTransl_Rsa2048(RSAEncryptionPadding encryptionPadding, CertLoader loader) { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); - using (X509Certificate2 cert = Certificates.RSA2048Sha256KeyTransfer1.GetCertificate()) + using (X509Certificate2 cert = loader.GetCertificate()) { CmsRecipient cmsRecipient; if (encryptionPadding is null) { - cmsRecipient = new CmsRecipient(type, cert); + cmsRecipient = new CmsRecipient(cert); } else { - cmsRecipient = new CmsRecipient(type, cert, encryptionPadding); + cmsRecipient = new CmsRecipient(cert, encryptionPadding); } ecms.Encrypt(cmsRecipient); diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj index 38eb061..395e860 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj @@ -63,7 +63,10 @@ + + + - \ No newline at end of file + -- 2.7.4