public IVerifierFactory <AlgorithmIdentifier> CreateVerifierFactory(AlgorithmIdentifier signatureAlgorithmID, AlgorithmIdentifier digestAlgorithmID) { IVerifierFactory <IParameters <Algorithm> > baseVerifier; AsymmetricRsaPublicKey rsaKey = publicKey as AsymmetricRsaPublicKey; if (rsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(rsaKey); if (signatureAlgorithmID.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { FipsRsa.PssSignatureParameters pssParams = FipsRsa.Pss; RsassaPssParameters sigParams = RsassaPssParameters.GetInstance(signatureAlgorithmID.Parameters); pssParams = pssParams.WithDigest((FipsDigestAlgorithm)Utils.digestTable[sigParams.HashAlgorithm.Algorithm]); AlgorithmIdentifier mgfDigAlg = AlgorithmIdentifier.GetInstance(AlgorithmIdentifier.GetInstance(sigParams.MaskGenAlgorithm).Parameters); pssParams = pssParams.WithMgfDigest((FipsDigestAlgorithm)Utils.digestTable[mgfDigAlg.Algorithm]); pssParams = pssParams.WithSaltLength(sigParams.SaltLength.Value.IntValue); return(CreateVerifierFactory(signatureAlgorithmID, verifierService.CreateVerifierFactory(pssParams), certificate)); } else if (PkixVerifierFactoryProvider.pkcs1Table.Contains(signatureAlgorithmID.Algorithm)) { FipsRsa.SignatureParameters rsaParams = FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)PkixVerifierFactoryProvider.pkcs1Table[signatureAlgorithmID.Algorithm]); return(CreateVerifierFactory(signatureAlgorithmID, verifierService.CreateVerifierFactory(rsaParams), certificate)); } else if (signatureAlgorithmID.Algorithm.Equals(PkcsObjectIdentifiers.RsaEncryption)) { FipsRsa.SignatureParameters rsaParams = FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)Utils.digestTable[digestAlgorithmID.Algorithm]); return(CreateVerifierFactory(signatureAlgorithmID, verifierService.CreateVerifierFactory(rsaParams), certificate)); } } throw new ArgumentException("cannot match signature algorithm: " + signatureAlgorithmID.Algorithm); }
internal static AlgorithmIdentifier GetSigAlgID( IParameters <Algorithm> algDetails) { AlgorithmIdentifier algId = null; FipsRsa.SignatureParameters rsaParams = algDetails as FipsRsa.SignatureParameters; if (rsaParams != null) { if (rsaParams.Algorithm == FipsRsa.Pkcs1v15.Algorithm) { algId = (AlgorithmIdentifier)rsaPkcs1Table[rsaParams.DigestAlgorithm]; } if (algId != null) { return(algId); } } FipsRsa.PssSignatureParameters rsaPssParams = algDetails as FipsRsa.PssSignatureParameters; if (rsaPssParams != null) { if (rsaPssParams.DigestAlgorithm == rsaPssParams.MgfDigestAlgorithm) { AlgorithmIdentifier digAlgId = (AlgorithmIdentifier)pssTable[rsaPssParams.DigestAlgorithm]; if (digAlgId != null) { return(new AlgorithmIdentifier(PkcsObjectIdentifiers.IdRsassaPss, new RsassaPssParameters(digAlgId, new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, digAlgId), new DerInteger(rsaPssParams.SaltLength), new DerInteger(1)))); } } } FipsEC.SignatureParameters ecParams = algDetails as FipsEC.SignatureParameters; if (ecParams != null) { algId = (AlgorithmIdentifier)ecdsaTable[ecParams.DigestAlgorithm]; if (algId != null) { return(algId); } } FipsDsa.SignatureParameters dsaParams = algDetails as FipsDsa.SignatureParameters; if (dsaParams != null) { algId = (AlgorithmIdentifier)dsaTable[dsaParams.DigestAlgorithm]; if (algId != null) { return(algId); } } EC.SignatureParameters genEcParams = algDetails as EC.SignatureParameters; if (genEcParams != null) { algId = (AlgorithmIdentifier)ecdsaTable[genEcParams.DigestAlgorithm]; if (algId != null) { return(algId); } } Dsa.SignatureParameters genDsaParams = algDetails as Dsa.SignatureParameters; if (genDsaParams != null) { algId = (AlgorithmIdentifier)dsaTable[genDsaParams.DigestAlgorithm]; if (algId != null) { return(algId); } } Sphincs.SignatureParameters genSphincsParams = algDetails as Sphincs.SignatureParameters; if (genSphincsParams != null) { if (genSphincsParams.DigestAlgorithm == FipsShs.Sha512) { return(new AlgorithmIdentifier(BCObjectIdentifiers.sphincs256_with_SHA512)); } else { return(new AlgorithmIdentifier(BCObjectIdentifiers.sphincs256_with_SHA3_512)); } } throw new ArgumentException("unknown signature algorithm"); }
/// <summary> /// Return a verifier factory that produces verifiers conforming to algorithmDetails. /// </summary> /// <param name="algorithmDetails">The configuration parameters for verifiers produced by the resulting factory.</param> /// <returns>A new verifier factory.</returns> public IVerifierFactory <AlgorithmIdentifier> CreateVerifierFactory(AlgorithmIdentifier algorithmDetails) { AsymmetricRsaPublicKey rsaKey = publicKey as AsymmetricRsaPublicKey; if (rsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(rsaKey); if (algorithmDetails.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { FipsRsa.PssSignatureParameters pssParams = FipsRsa.Pss; RsassaPssParameters sigParams = RsassaPssParameters.GetInstance(algorithmDetails.Parameters); pssParams = pssParams.WithDigest((FipsDigestAlgorithm)Utils.digestTable[sigParams.HashAlgorithm.Algorithm]); AlgorithmIdentifier mgfDigAlg = AlgorithmIdentifier.GetInstance(AlgorithmIdentifier.GetInstance(sigParams.MaskGenAlgorithm).Parameters); pssParams = pssParams.WithMgfDigest((FipsDigestAlgorithm)Utils.digestTable[mgfDigAlg.Algorithm]); pssParams = pssParams.WithSaltLength(sigParams.SaltLength.Value.IntValue); return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(pssParams), certificate)); } else if (pkcs1Table.Contains(algorithmDetails.Algorithm)) { FipsRsa.SignatureParameters rsaParams = FipsRsa.Pkcs1v15.WithDigest((FipsDigestAlgorithm)pkcs1Table[algorithmDetails.Algorithm]); return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(rsaParams), certificate)); } } AsymmetricDsaPublicKey dsaKey = publicKey as AsymmetricDsaPublicKey; if (dsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(dsaKey); FipsDsa.SignatureParameters sigParams = (FipsDsa.SignatureParameters)dsaTable[algorithmDetails.Algorithm]; return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(sigParams), certificate)); } AsymmetricECPublicKey ecdsaKey = publicKey as AsymmetricECPublicKey; if (ecdsaKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(ecdsaKey); FipsEC.SignatureParameters sigParams = (FipsEC.SignatureParameters)ecdsaTable[algorithmDetails.Algorithm]; return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(sigParams), certificate)); } AsymmetricSphincsPublicKey sphincsKey = publicKey as AsymmetricSphincsPublicKey; if (sphincsKey != null) { IVerifierFactoryService verifierService = CryptoServicesRegistrar.CreateService(sphincsKey); if (algorithmDetails.Algorithm.Equals(BCObjectIdentifiers.sphincs256_with_SHA512)) { return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(Sphincs.Sphincs256), certificate)); } else { return(CreateVerifierFactory(algorithmDetails, verifierService.CreateVerifierFactory(Sphincs.Sphincs256.WithDigest(FipsShs.Sha3_512)), certificate)); } } throw new ArgumentException("cannot match signature algorithm"); }