internal static ICipherParameters GetSigKeyParams(IKey key) { if (key is AsymmetricRsaPublicKey) { AsymmetricRsaPublicKey rsaPubKey = (AsymmetricRsaPublicKey)key; if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { int bitLength = rsaPubKey.Modulus.BitLength; if (bitLength != 2048 && bitLength != 3072 && bitLength != 1024 && bitLength != 4096 && bitLength != 1536) // includes 186-2 legacy sizes { throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm); } } return(GetPublicKeyParameters(rsaPubKey, AsymmetricRsaKey.Usage.SignOrVerify)); } else { AsymmetricRsaPrivateKey rsaPrivKey = GetPrivateKey(key); if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { int bitLength = rsaPrivKey.Modulus.BitLength; if (bitLength != 2048 && bitLength != 3072) { throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm); } } return(GetPrivateParameters(key, AsymmetricRsaKey.Usage.SignOrVerify)); } }
private static IAsymmetricBlockCipher createCipher(bool forEncryption, IAsymmetricKey key, IParameters <Algorithm> parameters, SecureRandom random) { IAsymmetricBlockCipher engine = FipsRsa.ENGINE_PROVIDER.CreateEngine(EngineUsage.GENERAL); ICipherParameters lwParams; if (key is AsymmetricRsaPublicKey) { AsymmetricRsaPublicKey k = (AsymmetricRsaPublicKey)key; lwParams = FipsRsa.GetPublicKeyParameters(k, AsymmetricRsaKey.Usage.EncryptOrDecrypt); } else { AsymmetricRsaPrivateKey k = (AsymmetricRsaPrivateKey)key; lwParams = FipsRsa.GetPrivateKeyParameters(k, AsymmetricRsaKey.Usage.EncryptOrDecrypt); } if (parameters.Algorithm.Equals(WrapPkcs1v15.Algorithm)) { engine = new Pkcs1Encoding(engine); } if (random != null) { lwParams = new ParametersWithRandom(lwParams, random); } engine.Init(forEncryption, lwParams); return(engine); }
protected override byte[] GenerateWrappedKey(ISymmetricKey contentKey) { AsymmetricRsaPublicKey rsaKey = asymmetricPublicKey as AsymmetricRsaPublicKey; if (rsaKey != null) { IKeyWrapper <FipsRsa.OaepWrapParameters> wrapper = CryptoServicesRegistrar.CreateService(rsaKey, new Security.SecureRandom()).CreateKeyWrapper(FipsRsa.WrapOaep.WithDigest(FipsShs.Sha1)); byte[] encKey = wrapper.Wrap(contentKey.GetKeyBytes()).Collect(); return(encKey); } throw new InvalidOperationException("algorithm for public key not matched"); }
internal RsaKeyWrapper(OaepWrapParameters algorithmDetails, IKey rsaPublicKey) { this.algorithmDetails = algorithmDetails; this.wrapper = new OaepEncoding(ENGINE_PROVIDER.CreateEngine(EngineUsage.ENCRYPTION), FipsShs.CreateDigest(algorithmDetails.DigestAlgorithm), FipsShs.CreateDigest(algorithmDetails.MgfDigestAlgorithm), algorithmDetails.GetEncodingParams()); if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { AsymmetricRsaPublicKey rsaKey = GetPublicKey(rsaPublicKey); int bitLength = rsaKey.Modulus.BitLength; if (bitLength != 2048 && bitLength != 3072) { throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, rsaKey.Algorithm); } } wrapper.Init(true, GetPublicParameters(rsaPublicKey, AsymmetricRsaKey.Usage.EncryptOrDecrypt)); }
public IVerifierFactory <AlgorithmIdentifier> CreateVerifierFactory(AlgorithmIdentifier signatureAlgorithmID, AlgorithmIdentifier digestAlgorithmID) { IVerifierFactory <IParameters <Algorithm> > baseVerifier; AsymmetricRsaPublicKey rsaKey = publicKey as AsymmetricRsaPublicKey; if (rsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(rsaKey); if (signatureAlgorithmID.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { FipsRsa.PssSignatureParameters pssParams = FipsRsa.Pss; RsassaPssParameters sigParams = RsassaPssParameters.GetInstance(signatureAlgorithmID.Parameters); pssParams = pssParams.WithDigest((FipsDigestAlgorithm)Utils.digestTable[sigParams.HashAlgorithm.Algorithm]); AlgorithmIdentifier mgfDigAlg = AlgorithmIdentifier.GetInstance(AlgorithmIdentifier.GetInstance(sigParams.MaskGenAlgorithm).Parameters); pssParams = pssParams.WithMgfDigest((FipsDigestAlgorithm)Utils.digestTable[mgfDigAlg.Algorithm]); pssParams = pssParams.WithSaltLength(sigParams.SaltLength.Value.IntValue); return(CreateVerifierFactory(signatureAlgorithmID, verifierService.CreateVerifierFactory(pssParams), certificate)); } else if (PkixVerifierFactoryProvider.pkcs1Table.Contains(signatureAlgorithmID.Algorithm)) { FipsRsa.SignatureParameters rsaParams = FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)PkixVerifierFactoryProvider.pkcs1Table[signatureAlgorithmID.Algorithm]); return(CreateVerifierFactory(signatureAlgorithmID, verifierService.CreateVerifierFactory(rsaParams), certificate)); } else if (signatureAlgorithmID.Algorithm.Equals(PkcsObjectIdentifiers.RsaEncryption)) { FipsRsa.SignatureParameters rsaParams = FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)Utils.digestTable[digestAlgorithmID.Algorithm]); return(CreateVerifierFactory(signatureAlgorithmID, verifierService.CreateVerifierFactory(rsaParams), certificate)); } } throw new ArgumentException("cannot match signature algorithm: " + signatureAlgorithmID.Algorithm); }
internal static RsaKeyParameters GetPublicKeyParameters(AsymmetricRsaPublicKey k, AsymmetricRsaKey.Usage usage) { CheckKeyUsage(k, usage); return(new RsaKeyParameters(false, k.Modulus, k.PublicExponent)); }
/// <summary> /// Return a verifier factory that produces verifiers conforming to algorithmDetails. /// </summary> /// <param name="algorithmDetails">The configuration parameters for verifiers produced by the resulting factory.</param> /// <returns>A new verifier factory.</returns> public IVerifierFactory <AlgorithmIdentifier> CreateVerifierFactory(AlgorithmIdentifier algorithmDetails) { AsymmetricRsaPublicKey rsaKey = publicKey as AsymmetricRsaPublicKey; if (rsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(rsaKey); if (algorithmDetails.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { FipsRsa.PssSignatureParameters pssParams = FipsRsa.Pss; RsassaPssParameters sigParams = RsassaPssParameters.GetInstance(algorithmDetails.Parameters); pssParams = pssParams.WithDigest((FipsDigestAlgorithm)Utils.digestTable[sigParams.HashAlgorithm.Algorithm]); AlgorithmIdentifier mgfDigAlg = AlgorithmIdentifier.GetInstance(AlgorithmIdentifier.GetInstance(sigParams.MaskGenAlgorithm).Parameters); pssParams = pssParams.WithMgfDigest((FipsDigestAlgorithm)Utils.digestTable[mgfDigAlg.Algorithm]); pssParams = pssParams.WithSaltLength(sigParams.SaltLength.Value.IntValue); return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(pssParams), certificate)); } else if (pkcs1Table.Contains(algorithmDetails.Algorithm)) { FipsRsa.SignatureParameters rsaParams = FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)pkcs1Table[algorithmDetails.Algorithm]); return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(rsaParams), certificate)); } } AsymmetricDsaPublicKey dsaKey = publicKey as AsymmetricDsaPublicKey; if (dsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(dsaKey); FipsDsa.SignatureParameters sigParams = (FipsDsa.SignatureParameters)dsaTable[algorithmDetails.Algorithm]; return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(sigParams), certificate)); } AsymmetricECPublicKey ecdsaKey = publicKey as AsymmetricECPublicKey; if (ecdsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(ecdsaKey); FipsEC.SignatureParameters sigParams = (FipsEC.SignatureParameters)ecdsaTable[algorithmDetails.Algorithm]; return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(sigParams), certificate)); } AsymmetricSphincsPublicKey sphincsKey = publicKey as AsymmetricSphincsPublicKey; if (sphincsKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(sphincsKey); if (algorithmDetails.Algorithm.Equals(BCObjectIdentifiers.sphincs256_with_SHA512)) { return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(Sphincs.Sphincs256), certificate)); } else { return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(Sphincs.Sphincs256.WithDigest(FipsShs.Sha3_512)), certificate)); } } throw new ArgumentException("cannot match signature algorithm"); }