internal static ICipherParameters GetSigKeyParams(IKey key)
{
if (key is AsymmetricRsaPublicKey)
{
AsymmetricRsaPublicKey rsaPubKey = (AsymmetricRsaPublicKey)key;
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
int bitLength = rsaPubKey.Modulus.BitLength;
if (bitLength != 2048 && bitLength != 3072 && bitLength != 1024 && bitLength != 4096 && bitLength != 1536) // includes 186-2 legacy sizes
{
throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm);
}
}
return(GetPublicKeyParameters(rsaPubKey, AsymmetricRsaKey.Usage.SignOrVerify));
}
else
{
AsymmetricRsaPrivateKey rsaPrivKey = GetPrivateKey(key);
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
int bitLength = rsaPrivKey.Modulus.BitLength;
if (bitLength != 2048 && bitLength != 3072)
{
throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm);
}
}
return(GetPrivateParameters(key, AsymmetricRsaKey.Usage.SignOrVerify));
}
}
private static IAsymmetricBlockCipher createCipher(bool forEncryption, IAsymmetricKey key, IParameters <Algorithm> parameters, SecureRandom random)
{
IAsymmetricBlockCipher engine = FipsRsa.ENGINE_PROVIDER.CreateEngine(EngineUsage.GENERAL);
ICipherParameters lwParams;
if (key is AsymmetricRsaPublicKey)
{
AsymmetricRsaPublicKey k = (AsymmetricRsaPublicKey)key;
lwParams = FipsRsa.GetPublicKeyParameters(k, AsymmetricRsaKey.Usage.EncryptOrDecrypt);
}
else
{
AsymmetricRsaPrivateKey k = (AsymmetricRsaPrivateKey)key;
lwParams = FipsRsa.GetPrivateKeyParameters(k, AsymmetricRsaKey.Usage.EncryptOrDecrypt);
}
if (parameters.Algorithm.Equals(WrapPkcs1v15.Algorithm))
{
engine = new Pkcs1Encoding(engine);
}
if (random != null)
{
lwParams = new ParametersWithRandom(lwParams, random);
}
engine.Init(forEncryption, lwParams);
return(engine);
}
public RecipientOperator GetRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentKey)
{
byte[] keyBytes = null;
AsymmetricRsaPrivateKey rsaKey = privKey as AsymmetricRsaPrivateKey;
if (rsaKey != null)
{
// random required for blinding operations
keyBytes = CryptoServicesRegistrar.CreateService(rsaKey, random != null ? random: CryptoServicesRegistrar.GetSecureRandom()).CreateKeyUnwrapper(FipsRsa.WrapOaep.WithDigest(FipsShs.Sha1)).Unwrap(encryptedContentKey, 0, encryptedContentKey.Length).Collect();
}
IParameters <Algorithm> cipherParams = Utils.GetCipherParameters(contentEncryptionAlgorithm);
ICipherBuilder <AlgorithmIdentifier> decryptor;
if (Utils.IsBlockMode(cipherParams.Algorithm))
{
decryptor = new PkixBlockCipherBuilder(contentEncryptionAlgorithm, Utils.CreateBlockDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams));
}
else if (Utils.IsAeadMode(cipherParams.Algorithm))
{
decryptor = new PkixAeadCipherBuilder(contentEncryptionAlgorithm, Utils.CreateAeadDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams));
}
else
{
decryptor = new PkixCipherBuilder(contentEncryptionAlgorithm, Utils.CreateDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams));
}
return(new RecipientOperator(decryptor));
}
public SigWithDigestFactory(PublicKeyAlgorithmTag keyAlg, HashAlgorithmTag hashAlg, long keyId, AsymmetricRsaPrivateKey privateKey)
{
this.keyAlg = keyAlg;
this.hashAlg = hashAlg;
this.keyId = keyId;
this.privateKey = privateKey;
sigFact = CryptoServicesRegistrar.CreateService(privateKey, new SecureRandom()).CreateSignatureFactory(FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)PgpUtils.digests[hashAlg]));
digFact = CryptoServicesRegistrar.CreateService((FipsShs.Parameters)PgpUtils.digests[hashAlg]);
}
internal static RsaKeyParameters GetPrivateKeyParameters(AsymmetricRsaPrivateKey k, AsymmetricRsaKey.Usage usage)
{
CheckKeyUsage(k, usage);
if (k.PublicExponent.Equals(BigInteger.Zero))
{
return(new RsaKeyParameters(true, k.Modulus, k.PrivateExponent));
}
else
{
return(new RsaPrivateCrtKeyParameters(k.Modulus, k.PublicExponent, k.PrivateExponent, k.P, k.Q, k.DP, k.DQ, k.QInv));
}
}
internal RsaKeyUnwrapper(OaepWrapParameters algorithmDetails, IKey key)
{
this.algorithmDetails = algorithmDetails;
this.unwrapper = new OaepEncoding(ENGINE_PROVIDER.CreateEngine(EngineUsage.DECRYPTION), FipsShs.CreateDigest(algorithmDetails.DigestAlgorithm), FipsShs.CreateDigest(algorithmDetails.MgfDigestAlgorithm), algorithmDetails.GetEncodingParams());
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
AsymmetricRsaPrivateKey rsaKey = GetPrivateKey(key);
int bitLength = rsaKey.Modulus.BitLength;
if (bitLength != 2048 && bitLength != 3072 && bitLength != 4096)
{
throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm);
}
}
unwrapper.Init(false, GetPrivateParameters(key, AsymmetricRsaKey.Usage.EncryptOrDecrypt));
}
public ISignatureWithDigestFactory <PgpSignatureIdentifier> Build(long keyId, AsymmetricRsaPrivateKey privateKey)
{
return(new SigWithDigestFactory(keyAlg, hashAlg, keyId, privateKey));
}
