get { return "<enc:KeyEncryptionMethod enc:Algorithm=\"http://www.microsoft.com/xml/security/algorithm/PKCS1-v1.5-KeyEx\" xmlns:enc=\"http://www.microsoft.com/xml/security/encryption/v1.0\" />"; }
}
- // I2OSP converts a nonnegative integer to an octet string of a specified length.
- // in this case xLen is always 4 so we simplify the function
- private byte[] I2OSP (int x)
- {
- byte[] array = BitConverter.GetBytes (x);
- Array.Reverse (array); // big-little endian issues
- return array;
- }
-
- // RSAES-PKCS1-V1_5-ENCRYPT ((n, e), M)
public override byte[] CreateKeyExchange (byte[] rgbData)
{
- int k = (rsa.KeySize >> 3); // e.g. 128 for 1024 bits keys
- int mLen = rgbData.Length;
-
- // 1. Length checking: If mLen > k \96 11, output \93message too long\94 and stop.
- if (mLen > k - 11)
- throw new CryptographicException ("message too long");
-
- // 2. EME-PKCS1-v1_5 encoding:
- // a.Generate an octet string PS of length k \96 mLen \96 3 consisting of
- // pseudo-randomly generated nonzero octets. The length of PS will be
- // at least eight octets.
- int PSLength = k - mLen - 3;
- if (PSLength < 8)
- throw new CryptographicException ("PS too short");
- byte[] PS = new byte [PSLength];
+ if (rsa == null)
+ throw new CryptographicException ();
if (random == null)
random = RandomNumberGenerator.Create (); // create default
- random.GetNonZeroBytes (PS);
-
- // b. Concatenate PS, the message M, and other padding to form an encoded
- // message EM of length k octets as
- // EM = 0x00 || 0x02 || PS || 0x00 || M
- byte[] EM = new byte [3 + PSLength + mLen];
- EM [0] = 0x00;
- EM [1] = 0x02;
- Array.Copy (PS, 0, EM, 2, PSLength);
- EM [2 + PSLength] = 0x00;
- Array.Copy (rgbData, 0, EM, 3 + PSLength, mLen);
-
- // 3. RSA encryption:
- // a. Convert the encoded message EM to an integer message representative
- // m (see Section 4.2):
- // m = OS2IP (EM)
- byte[] m = EM;
-
- // b. Apply the RSAEP encryption primitive (Section 5.1.1) to the RSA public
- // key (n, e) and the message representative m to produce an integer
- // ciphertext representative c:
- // c = RSAEP ((n, e), m)
- byte[] c = rsa.EncryptValue (m);
-
- // c. Convert the ciphertext representative c to a ciphertext C of length k
- // octets (see Section 4.1):
- // C = I2OSP (c, k)
- byte[] C = c;
-
- // 4. Output the ciphertext C.
- return C;
-
- // L is always empty in PKCS#1 v.2.1 - so SHA1(L) is constant
- //byte[] sha1L = { 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09 };
+ return PKCS1.Encrypt_v15 (rsa, random, rgbData);
}
public override byte[] CreateKeyExchange (byte[] rgbData, Type symAlgType)