private static void CheckKeyUsage(AsymmetricRsaKey key, AsymmetricRsaKey.Usage usage) { // FSM_STATE:5.12,"RSA KEY USAGE CHECK", "The module verifies recent usage of an RSA key is consistent with requested usage" // FSM_TRANS:5.RSAK.0,"CONDITIONAL TEST", "RSA KEY USAGE CHECK", "Invoke RSA key usage check" if (!key.CanBeUsed(usage)) { // FSM_TRANS:5.RSAK.2,"RSA KEY USAGE CHECK", "USER COMMAND REJECTED", "RSA key usage check failed" if (usage == AsymmetricRsaKey.Usage.SignOrVerify) { throw new IllegalKeyException("attempt to sign/verify with RSA modulus already used for encrypt/decrypt"); } else { throw new IllegalKeyException("attempt to encrypt/decrypt with RSA modulus already used for sign/verify"); } } // FSM_TRANS:5.RSAK.1,"RSA KEY USAGE CHECK", "CONDITIONAL TEST", "RSA key usage check successful" }
public override AsymmetricKeyPair <AsymmetricRsaPublicKey, AsymmetricRsaPrivateKey> GenerateKeyPair() { AsymmetricCipherKeyPair kp = engine.GenerateKeyPair(); RsaKeyParameters pubKey = (RsaKeyParameters)kp.Public; RsaPrivateCrtKeyParameters prvKey = (RsaPrivateCrtKeyParameters)kp.Private; FipsAlgorithm algorithm = this.Parameters.Algorithm; // FSM_STATE:5.5, "RSA PAIRWISE CONSISTENCY TEST", "The module is performing RSA Pairwise Consistency self-test" // FSM_TRANS:5.RSA.0,"CONDITIONAL TEST", "RSA PAIRWISE CONSISTENCY TEST", "Invoke RSA Pairwise Consistency test" ValidateKeyPair(kp); // FSM_TRANS:5.RSA.1,"RSA PAIRWISE CONSISTENCY TEST", "CONDITIONAL TEST", "RSA Pairwise Consistency test successful" // we register the modulus value so that is in validated modulus cache // otherwise the modulus will be revalidated on key construction. AsymmetricRsaKey.RegisterModulus(prvKey.Modulus); AsymmetricRsaPrivateKey privateKey = new AsymmetricRsaPrivateKey(algorithm, prvKey.Modulus, prvKey.PublicExponent, prvKey.Exponent, prvKey.P, prvKey.Q, prvKey.DP, prvKey.DQ, prvKey.QInv); return(new AsymmetricKeyPair <AsymmetricRsaPublicKey, AsymmetricRsaPrivateKey>(new AsymmetricRsaPublicKey(algorithm, pubKey.Modulus, pubKey.Exponent), privateKey)); }