Make EnvelopedCms work for Linux and macOS

This change adds a version of EnvelopedCms which uses the platform crypto
stack and new AsnSerializer capabilities, and makes no P/Invokes (other than
the ones the crypto stack itself makes).

.NET Framework EnvelopedCms is more or less RFC 2630 (CMS version "2")
plus RFC 3565 (AES with CMS), and that is maintained with this implementation.
No new API has been added, this merely populates the existing API for
non-Windows OSes.

Unlike the Windows implementation, FFC based Diffie-Hellman key
agreement is not supported, because the platform has no exposure of FFC
Diffie-Hellman.

Unlike the Windows implementation, RC4 is not supported, because the
platform has no exposure of RC4.

Author: bartonjs

src/Common/src/System/Security/Cryptography/Asn1V2.Serializer.cs

@@ -351,11 +351,11 @@ private static void SerializeCustomType(Type typeT, object value, AsnWriter writ
             writer.PopSequence(tag);
         }
 
-        private static object DeserializeCustomType(AsnReader reader, Type typeT)
+        private static object DeserializeCustomType(AsnReader reader, Type typeT, Asn1Tag expectedTag)
         {
             object target = Activator.CreateInstance(typeT);
 
-            AsnReader sequence = reader.ReadSequence();
+            AsnReader sequence = reader.ReadSequence(expectedTag);
 
             foreach (FieldInfo fieldInfo in typeT.GetFields(FieldFlags))
             {
@@ -1023,7 +1023,7 @@ private static Deserializer GetSimpleDeserializer(
             {
                 if (fieldData.TagType == UniversalTagNumber.Sequence)
                 {
-                    return reader => DeserializeCustomType(reader, typeT);
+                    return reader => DeserializeCustomType(reader, typeT, expectedTag);
                 }
             }
 

src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Helpers.cs

@@ -6,6 +6,7 @@
 using System.Buffers;
 using System.Text;
 using System.Diagnostics;
+using System.IO;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.Asn1;
@@ -135,6 +136,26 @@ public static T[] NormalizeSet<T>(
             return set.SetData;
         }
 
+        internal static byte[] EncodeContentInfo<T>(
+            T value,
+            string contentType,
+            AsnEncodingRules ruleSet = AsnEncodingRules.DER)
+        {
+            using (AsnWriter innerWriter = AsnSerializer.Serialize(value, ruleSet))
+            {
+                ContentInfoAsn content = new ContentInfoAsn
+                {
+                    ContentType = contentType,
+                    Content = innerWriter.Encode(),
+                };
+
+                using (AsnWriter outerWriter = AsnSerializer.Serialize(content, ruleSet))
+                {
+                    return outerWriter.Encode();
+                }
+            }
+        }
+
         public static CmsRecipientCollection DeepCopy(this CmsRecipientCollection recipients)
         {
             CmsRecipientCollection recipientsCopy = new CmsRecipientCollection();
@@ -167,7 +188,7 @@ public static string OctetStringToUnicode(this byte[] octets)
 
         public static X509Certificate2Collection GetStoreCertificates(StoreName storeName, StoreLocation storeLocation, bool openExistingOnly)
         {
-            using (X509Store store = new X509Store())
+            using (X509Store store = new X509Store(storeName, storeLocation))
             {
                 OpenFlags flags = OpenFlags.ReadOnly | OpenFlags.IncludeArchived;
                 if (openExistingOnly)
@@ -250,14 +271,14 @@ private static byte[] ToSkiBytes(this string skiString)
             return skiString.UpperHexStringToByteArray();
         }
 
-        public static string ToSkiString(this ReadOnlySpan<byte> skiBytes)
+        public static string ToSkiString(this byte[] skiBytes)
         {
             return ToUpperHexString(skiBytes);
         }
 
-        public static string ToSkiString(this byte[] skiBytes)
+        public static string ToBigEndianHex(this ReadOnlySpan<byte> bytes)
         {
-            return ToUpperHexString(skiBytes);
+            return ToUpperHexString(bytes);
         }
 
         /// <summary>
@@ -414,6 +435,29 @@ internal static void DigestWriter(IncrementalHash hasher, AsnWriter writer)
 #endif
         }
 
+        internal static byte[] OneShot(this ICryptoTransform transform, byte[] data)
+        {
+            return OneShot(transform, data, 0, data.Length);
+        }
+
+        internal static byte[] OneShot(this ICryptoTransform transform, byte[] data, int offset, int length)
+        {
+            if (transform.CanTransformMultipleBlocks)
+            {
+                return transform.TransformFinalBlock(data, offset, length);
+            }
+
+            using (MemoryStream memoryStream = new MemoryStream())
+            {
+                using (var cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write))
+                {
+                    cryptoStream.Write(data, offset, length);
+                }
+
+                return memoryStream.ToArray();
+            }
+        }
+
         private static ReadOnlyMemory<byte> GetSubjectPublicKeyInfo(X509Certificate2 certificate)
         {
             var parsedCertificate = AsnSerializer.Deserialize<Certificate>(certificate.RawData, AsnEncodingRules.DER);

src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Oids.cs

@@ -7,10 +7,17 @@ namespace Internal.Cryptography
     internal static class Oids
     {
         // Symmetric encryption algorithms
+        public const string Rc2Cbc = "1.2.840.113549.3.2";
+        public const string Rc4 = "1.2.840.113549.3.4";
         public const string TripleDesCbc = "1.2.840.113549.3.7";
+        public const string DesCbc = "1.3.14.3.2.7";
+        public const string Aes128Cbc = "2.16.840.1.101.3.4.1.2";
+        public const string Aes192Cbc = "2.16.840.1.101.3.4.1.22";
+        public const string Aes256Cbc = "2.16.840.1.101.3.4.1.42";
 
         // Asymmetric encryption algorithms
         public const string Rsa = "1.2.840.113549.1.1.1";
+        public const string RsaOaep = "1.2.840.113549.1.1.7";
         public const string RsaPss = "1.2.840.113549.1.1.10";
         public const string Esdh = "1.2.840.113549.1.9.16.3.5";
 

src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/AsnHelpers.cs

@@ -0,0 +1,140 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System;
+using System.Diagnostics;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Asn1;
+using System.Security.Cryptography.Pkcs;
+using System.Security.Cryptography.Pkcs.Asn1;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Cryptography.Xml;
+
+namespace Internal.Cryptography.Pal.AnyOS
+{
+    internal static class AsnHelpers
+    {
+        internal static SubjectIdentifierOrKey ToSubjectIdentifierOrKey(
+            this OriginatorIdentifierOrKeyAsn originator)
+        {
+            if (originator.IssuerAndSerialNumber != null)
+            {
+                var name = new X500DistinguishedName(originator.IssuerAndSerialNumber.Value.Issuer.ToArray());
+
+                return new SubjectIdentifierOrKey(
+                    SubjectIdentifierOrKeyType.IssuerAndSerialNumber,
+                    new X509IssuerSerial(
+                        name.Name,
+                        originator.IssuerAndSerialNumber.Value.SerialNumber.Span.ToBigEndianHex()));
+            }
+
+            if (originator.SubjectKeyIdentifier != null)
+            {
+                return new SubjectIdentifierOrKey(
+                    SubjectIdentifierOrKeyType.SubjectKeyIdentifier,
+                    originator.SubjectKeyIdentifier.Value.Span.ToBigEndianHex());
+            }
+
+            if (originator.OriginatorKey != null)
+            {
+                OriginatorPublicKeyAsn originatorKey = originator.OriginatorKey;
+
+                return new SubjectIdentifierOrKey(
+                    SubjectIdentifierOrKeyType.PublicKeyInfo,
+                    new PublicKeyInfo(
+                        originatorKey.Algorithm.ToPresentationObject(),
+                        originatorKey.PublicKey.ToArray()));
+            }
+
+            Debug.Fail("Unknown SubjectIdentifierOrKey state");
+            return new SubjectIdentifierOrKey(SubjectIdentifierOrKeyType.Unknown, String.Empty);
+        }
+
+        internal static AlgorithmIdentifier ToPresentationObject(this AlgorithmIdentifierAsn asn)
+        {
+            int keyLength;
+
+            switch (asn.Algorithm.Value)
+            {
+                case Oids.Rc2Cbc:
+                    {
+                        if (asn.Parameters == null)
+                        {
+                            keyLength = 0;
+                            break;
+                        }
+
+                        Rc2CbcParameters rc2Params = AsnSerializer.Deserialize<Rc2CbcParameters>(
+                            asn.Parameters.Value,
+                            AsnEncodingRules.BER);
+
+                        int keySize = rc2Params.GetEffectiveKeyBits();
+
+                        // These are the only values .NET Framework would set.
+                        switch (keySize)
+                        {
+                            case 40:
+                            case 56:
+                            case 64:
+                            case 128:
+                                keyLength = keySize;
+                                break;
+                            default:
+                                keyLength = 0;
+                                break;
+                        }
+
+                        break;
+                    }
+                case Oids.Rc4:
+                    {
+                        if (asn.Parameters == null)
+                        {
+                            keyLength = 0;
+                            break;
+                        }
+
+                        int saltLen = 0;
+                        AsnReader reader = new AsnReader(asn.Parameters.Value, AsnEncodingRules.BER);
+
+                        // DER NULL is considered the same as not present.
+                        // No call to ReadNull() is necessary because the serializer already verified that
+                        // there's no data after the [AnyValue] value.
+                        if (reader.PeekTag() != Asn1Tag.Null)
+                        {
+                            if (reader.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory<byte> contents))
+                            {
+                                saltLen = contents.Length;
+                            }
+                            else
+                            {
+                                Span<byte> salt = stackalloc byte[KeyLengths.Rc4Max_128Bit / 8];
+
+                                if (!reader.TryCopyOctetStringBytes(salt, out saltLen))
+                                {
+                                    throw new CryptographicException();
+                                }
+                            }
+                        }
+
+                        keyLength = KeyLengths.Rc4Max_128Bit - 8 * saltLen;
+                        break;
+                    }
+                case Oids.DesCbc:
+                    keyLength = KeyLengths.Des_64Bit;
+                    break;
+                case Oids.TripleDesCbc:
+                    keyLength = KeyLengths.TripleDes_192Bit;
+                    break;
+                default:
+                    // .NET Framework doesn't set a keylength for AES, or any other algorithm than the ones
+                    // listed here.
+                    keyLength = 0;
+                    break;
+            }
+
+            return new AlgorithmIdentifier(new Oid(asn.Algorithm), keyLength);
+        }
+    }
+}