internal static ICipherParameters GetSigKeyParams(IKey key) { if (key is AsymmetricRsaPublicKey) { AsymmetricRsaPublicKey rsaPubKey = (AsymmetricRsaPublicKey)key; if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { int bitLength = rsaPubKey.Modulus.BitLength; if (bitLength != 2048 && bitLength != 3072 && bitLength != 1024 && bitLength != 4096 && bitLength != 1536) // includes 186-2 legacy sizes { throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm); } } return(GetPublicKeyParameters(rsaPubKey, AsymmetricRsaKey.Usage.SignOrVerify)); } else { AsymmetricRsaPrivateKey rsaPrivKey = GetPrivateKey(key); if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { int bitLength = rsaPrivKey.Modulus.BitLength; if (bitLength != 2048 && bitLength != 3072) { throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm); } } return(GetPrivateParameters(key, AsymmetricRsaKey.Usage.SignOrVerify)); } }
private static IAsymmetricBlockCipher createCipher(bool forEncryption, IAsymmetricKey key, IParameters <Algorithm> parameters, SecureRandom random) { IAsymmetricBlockCipher engine = FipsRsa.ENGINE_PROVIDER.CreateEngine(EngineUsage.GENERAL); ICipherParameters lwParams; if (key is AsymmetricRsaPublicKey) { AsymmetricRsaPublicKey k = (AsymmetricRsaPublicKey)key; lwParams = FipsRsa.GetPublicKeyParameters(k, AsymmetricRsaKey.Usage.EncryptOrDecrypt); } else { AsymmetricRsaPrivateKey k = (AsymmetricRsaPrivateKey)key; lwParams = FipsRsa.GetPrivateKeyParameters(k, AsymmetricRsaKey.Usage.EncryptOrDecrypt); } if (parameters.Algorithm.Equals(WrapPkcs1v15.Algorithm)) { engine = new Pkcs1Encoding(engine); } if (random != null) { lwParams = new ParametersWithRandom(lwParams, random); } engine.Init(forEncryption, lwParams); return(engine); }
public RecipientOperator GetRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentKey) { byte[] keyBytes = null; AsymmetricRsaPrivateKey rsaKey = privKey as AsymmetricRsaPrivateKey; if (rsaKey != null) { // random required for blinding operations keyBytes = CryptoServicesRegistrar.CreateService(rsaKey, random != null ? random: CryptoServicesRegistrar.GetSecureRandom()).CreateKeyUnwrapper(FipsRsa.WrapOaep.WithDigest(FipsShs.Sha1)).Unwrap(encryptedContentKey, 0, encryptedContentKey.Length).Collect(); } IParameters <Algorithm> cipherParams = Utils.GetCipherParameters(contentEncryptionAlgorithm); ICipherBuilder <AlgorithmIdentifier> decryptor; if (Utils.IsBlockMode(cipherParams.Algorithm)) { decryptor = new PkixBlockCipherBuilder(contentEncryptionAlgorithm, Utils.CreateBlockDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams)); } else if (Utils.IsAeadMode(cipherParams.Algorithm)) { decryptor = new PkixAeadCipherBuilder(contentEncryptionAlgorithm, Utils.CreateAeadDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams)); } else { decryptor = new PkixCipherBuilder(contentEncryptionAlgorithm, Utils.CreateDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams)); } return(new RecipientOperator(decryptor)); }
public SigWithDigestFactory(PublicKeyAlgorithmTag keyAlg, HashAlgorithmTag hashAlg, long keyId, AsymmetricRsaPrivateKey privateKey) { this.keyAlg = keyAlg; this.hashAlg = hashAlg; this.keyId = keyId; this.privateKey = privateKey; sigFact = CryptoServicesRegistrar.CreateService(privateKey, new SecureRandom()).CreateSignatureFactory(FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)PgpUtils.digests[hashAlg])); digFact = CryptoServicesRegistrar.CreateService((FipsShs.Parameters)PgpUtils.digests[hashAlg]); }
internal static RsaKeyParameters GetPrivateKeyParameters(AsymmetricRsaPrivateKey k, AsymmetricRsaKey.Usage usage) { CheckKeyUsage(k, usage); if (k.PublicExponent.Equals(BigInteger.Zero)) { return(new RsaKeyParameters(true, k.Modulus, k.PrivateExponent)); } else { return(new RsaPrivateCrtKeyParameters(k.Modulus, k.PublicExponent, k.PrivateExponent, k.P, k.Q, k.DP, k.DQ, k.QInv)); } }
internal RsaKeyUnwrapper(OaepWrapParameters algorithmDetails, IKey key) { this.algorithmDetails = algorithmDetails; this.unwrapper = new OaepEncoding(ENGINE_PROVIDER.CreateEngine(EngineUsage.DECRYPTION), FipsShs.CreateDigest(algorithmDetails.DigestAlgorithm), FipsShs.CreateDigest(algorithmDetails.MgfDigestAlgorithm), algorithmDetails.GetEncodingParams()); if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { AsymmetricRsaPrivateKey rsaKey = GetPrivateKey(key); int bitLength = rsaKey.Modulus.BitLength; if (bitLength != 2048 && bitLength != 3072 && bitLength != 4096) { throw new CryptoUnapprovedOperationError("Attempt to use RSA key with non-approved size: " + bitLength, key.Algorithm); } } unwrapper.Init(false, GetPrivateParameters(key, AsymmetricRsaKey.Usage.EncryptOrDecrypt)); }
public ISignatureWithDigestFactory <PgpSignatureIdentifier> Build(long keyId, AsymmetricRsaPrivateKey privateKey) { return(new SigWithDigestFactory(keyAlg, hashAlg, keyId, privateKey)); }