public static IMac GetMac(
string algorithm)
{
string upper = Platform.ToUpperInvariant(algorithm);
string mechanism = (string)algorithms[upper];
if (mechanism == null)
{
mechanism = upper;
}
if (Platform.StartsWith(mechanism, "PBEWITH"))
{
mechanism = mechanism.Substring("PBEWITH".Length);
}
if (Platform.StartsWith(mechanism, "HMAC"))
{
string digestName;
if (Platform.StartsWith(mechanism, "HMAC-") || Platform.StartsWith(mechanism, "HMAC/"))
{
digestName = mechanism.Substring(5);
}
else
{
digestName = mechanism.Substring(4);
}
return(new HMac(DigestUtilities.GetDigest(digestName)));
}
if (mechanism == "AESCMAC")
{
return(new CMac(new AesFastEngine()));
}
if (mechanism == "DESMAC")
{
return(new CbcBlockCipherMac(new DesEngine()));
}
if (mechanism == "DESMAC/CFB8")
{
return(new CfbBlockCipherMac(new DesEngine()));
}
if (mechanism == "DESMAC64")
{
return(new CbcBlockCipherMac(new DesEngine(), 64));
}
if (mechanism == "DESEDECMAC")
{
return(new CMac(new DesEdeEngine()));
}
if (mechanism == "DESEDEMAC")
{
return(new CbcBlockCipherMac(new DesEdeEngine()));
}
if (mechanism == "DESEDEMAC/CFB8")
{
return(new CfbBlockCipherMac(new DesEdeEngine()));
}
if (mechanism == "DESEDEMAC64")
{
return(new CbcBlockCipherMac(new DesEdeEngine(), 64));
}
if (mechanism == "DESEDEMAC64WITHISO7816-4PADDING")
{
return(new CbcBlockCipherMac(new DesEdeEngine(), 64, new ISO7816d4Padding()));
}
if (mechanism == "DESWITHISO9797" ||
mechanism == "ISO9797ALG3MAC")
{
return(new ISO9797Alg3Mac(new DesEngine()));
}
if (mechanism == "ISO9797ALG3WITHISO7816-4PADDING")
{
return(new ISO9797Alg3Mac(new DesEngine(), new ISO7816d4Padding()));
}
if (mechanism == "SKIPJACKMAC")
{
return(new CbcBlockCipherMac(new SkipjackEngine()));
}
if (mechanism == "SKIPJACKMAC/CFB8")
{
return(new CfbBlockCipherMac(new SkipjackEngine()));
}
if (mechanism == "IDEAMAC")
{
return(new CbcBlockCipherMac(new IdeaEngine()));
}
if (mechanism == "IDEAMAC/CFB8")
{
return(new CfbBlockCipherMac(new IdeaEngine()));
}
if (mechanism == "RC2MAC")
{
return(new CbcBlockCipherMac(new RC2Engine()));
}
if (mechanism == "RC2MAC/CFB8")
{
return(new CfbBlockCipherMac(new RC2Engine()));
}
if (mechanism == "RC5MAC")
{
return(new CbcBlockCipherMac(new RC532Engine()));
}
if (mechanism == "RC5MAC/CFB8")
{
return(new CfbBlockCipherMac(new RC532Engine()));
}
if (mechanism == "GOST28147MAC")
{
return(new Gost28147Mac());
}
if (mechanism == "VMPCMAC")
{
return(new VmpcMac());
}
if (mechanism == "SIPHASH-2-4")
{
return(new SipHash());
}
throw new SecurityUtilityException("Mac " + mechanism + " not recognised.");
}
public static ICipherParameters GenerateCipherParameters(
string algorithm,
char[] password,
bool wrongPkcs12Zero,
Asn1Encodable pbeParameters)
{
string mechanism = (string)algorithms[Platform.ToUpperInvariant(algorithm)];
byte[] keyBytes = null;
byte[] salt = null;
int iterationCount = 0;
if (IsPkcs12(mechanism))
{
Pkcs12PbeParams pbeParams = Pkcs12PbeParams.GetInstance(pbeParameters);
salt = pbeParams.GetIV();
iterationCount = pbeParams.Iterations.IntValue;
keyBytes = PbeParametersGenerator.Pkcs12PasswordToBytes(password, wrongPkcs12Zero);
}
else if (IsPkcs5Scheme2(mechanism))
{
// See below
}
else
{
PbeParameter pbeParams = PbeParameter.GetInstance(pbeParameters);
salt = pbeParams.GetSalt();
iterationCount = pbeParams.IterationCount.IntValue;
keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
}
ICipherParameters parameters = null;
if (IsPkcs5Scheme2(mechanism))
{
PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object());
AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
DerObjectIdentifier encOid = encScheme.Algorithm;
Asn1Object encParams = encScheme.Parameters.ToAsn1Object();
// TODO What about s2p.KeyDerivationFunc.Algorithm?
Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object());
byte[] iv;
if (encOid.Equals(PkcsObjectIdentifiers.RC2Cbc)) // PKCS5.B.2.3
{
RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(encParams);
iv = rc2Params.GetIV();
}
else
{
iv = Asn1OctetString.GetInstance(encParams).GetOctets();
}
salt = pbeParams.GetSalt();
iterationCount = pbeParams.IterationCount.IntValue;
keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
int keyLength = pbeParams.KeyLength != null
? pbeParams.KeyLength.IntValue * 8
: GeneratorUtilities.GetDefaultKeySize(encOid);
PbeParametersGenerator gen = MakePbeGenerator(
(string)algorithmType[mechanism], null, keyBytes, salt, iterationCount);
parameters = gen.GenerateDerivedParameters(encOid.Id, keyLength);
if (iv != null)
{
// FIXME? OpenSSL weirdness with IV of zeros (for ECB keys?)
if (Arrays.AreEqual(iv, new byte[iv.Length]))
{
//Console.Error.Write("***** IV all 0 (length " + iv.Length + ") *****");
}
else
{
parameters = new ParametersWithIV(parameters, iv);
}
}
}
else if (Platform.StartsWith(mechanism, "PBEwithSHA-1"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new Sha1Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithSHA-1and128bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and192bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and256bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and128bitRC4"))
{
parameters = generator.GenerateDerivedParameters("RC4", 128);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC4"))
{
parameters = generator.GenerateDerivedParameters("RC4", 40);
}
else if (mechanism.Equals("PBEwithSHA-1and3-keyDESEDE-CBC"))
{
parameters = generator.GenerateDerivedParameters("DESEDE", 192, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and2-keyDESEDE-CBC"))
{
parameters = generator.GenerateDerivedParameters("DESEDE", 128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and128bitRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 40, 64);
}
else if (mechanism.Equals("PBEwithSHA-1andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithSHA-1andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
}
else if (Platform.StartsWith(mechanism, "PBEwithSHA-256"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new Sha256Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithSHA-256and128bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithSHA-256and192bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithSHA-256and256bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (Platform.StartsWith(mechanism, "PBEwithMD5"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new MD5Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithMD5andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithMD5andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
else if (mechanism.Equals("PBEwithMD5and128bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithMD5and192bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithMD5and256bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (Platform.StartsWith(mechanism, "PBEwithMD2"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new MD2Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithMD2andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithMD2andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
}
else if (Platform.StartsWith(mechanism, "PBEwithHmac"))
{
string digestName = mechanism.Substring("PBEwithHmac".Length);
IDigest digest = DigestUtilities.GetDigest(digestName);
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], digest, keyBytes, salt, iterationCount);
int bitLen = digest.GetDigestSize() * 8;
parameters = generator.GenerateDerivedMacParameters(bitLen);
}
Array.Clear(keyBytes, 0, keyBytes.Length);
return(FixDesParity(mechanism, parameters));
}
public static ISigner GetSigner(
string algorithm)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
algorithm = Platform.ToUpperInvariant(algorithm);
string mechanism = (string)algorithms[algorithm];
if (mechanism == null)
{
mechanism = algorithm;
}
if (mechanism.Equals("RSA"))
{
return(new RsaDigestSigner(new NullDigest(), (AlgorithmIdentifier)null));
}
if (mechanism.Equals("MD2withRSA"))
{
return(new RsaDigestSigner(new MD2Digest()));
}
if (mechanism.Equals("MD4withRSA"))
{
return(new RsaDigestSigner(new MD4Digest()));
}
if (mechanism.Equals("MD5withRSA"))
{
return(new RsaDigestSigner(new MD5Digest()));
}
if (mechanism.Equals("SHA-1withRSA"))
{
return(new RsaDigestSigner(new Sha1Digest()));
}
if (mechanism.Equals("SHA-224withRSA"))
{
return(new RsaDigestSigner(new Sha224Digest()));
}
if (mechanism.Equals("SHA-256withRSA"))
{
return(new RsaDigestSigner(new Sha256Digest()));
}
if (mechanism.Equals("SHA-384withRSA"))
{
return(new RsaDigestSigner(new Sha384Digest()));
}
if (mechanism.Equals("SHA-512withRSA"))
{
return(new RsaDigestSigner(new Sha512Digest()));
}
if (mechanism.Equals("RIPEMD128withRSA"))
{
return(new RsaDigestSigner(new RipeMD128Digest()));
}
if (mechanism.Equals("RIPEMD160withRSA"))
{
return(new RsaDigestSigner(new RipeMD160Digest()));
}
if (mechanism.Equals("RIPEMD256withRSA"))
{
return(new RsaDigestSigner(new RipeMD256Digest()));
}
if (mechanism.Equals("RAWRSASSA-PSS"))
{
// TODO Add support for other parameter settings
return(PssSigner.CreateRawSigner(new RsaBlindedEngine(), new Sha1Digest()));
}
if (mechanism.Equals("PSSwithRSA"))
{
// TODO The Sha1Digest here is a default. In JCE version, the actual digest
// to be used can be overridden by subsequent parameter settings.
return(new PssSigner(new RsaBlindedEngine(), new Sha1Digest()));
}
if (mechanism.Equals("SHA-1withRSAandMGF1"))
{
return(new PssSigner(new RsaBlindedEngine(), new Sha1Digest()));
}
if (mechanism.Equals("SHA-224withRSAandMGF1"))
{
return(new PssSigner(new RsaBlindedEngine(), new Sha224Digest()));
}
if (mechanism.Equals("SHA-256withRSAandMGF1"))
{
return(new PssSigner(new RsaBlindedEngine(), new Sha256Digest()));
}
if (mechanism.Equals("SHA-384withRSAandMGF1"))
{
return(new PssSigner(new RsaBlindedEngine(), new Sha384Digest()));
}
if (mechanism.Equals("SHA-512withRSAandMGF1"))
{
return(new PssSigner(new RsaBlindedEngine(), new Sha512Digest()));
}
if (mechanism.Equals("NONEwithDSA"))
{
return(new DsaDigestSigner(new DsaSigner(), new NullDigest()));
}
if (mechanism.Equals("SHA-1withDSA"))
{
return(new DsaDigestSigner(new DsaSigner(), new Sha1Digest()));
}
if (mechanism.Equals("SHA-224withDSA"))
{
return(new DsaDigestSigner(new DsaSigner(), new Sha224Digest()));
}
if (mechanism.Equals("SHA-256withDSA"))
{
return(new DsaDigestSigner(new DsaSigner(), new Sha256Digest()));
}
if (mechanism.Equals("SHA-384withDSA"))
{
return(new DsaDigestSigner(new DsaSigner(), new Sha384Digest()));
}
if (mechanism.Equals("SHA-512withDSA"))
{
return(new DsaDigestSigner(new DsaSigner(), new Sha512Digest()));
}
if (mechanism.Equals("NONEwithECDSA"))
{
return(new DsaDigestSigner(new ECDsaSigner(), new NullDigest()));
}
if (mechanism.Equals("SHA-1withECDSA"))
{
return(new DsaDigestSigner(new ECDsaSigner(), new Sha1Digest()));
}
if (mechanism.Equals("SHA-224withECDSA"))
{
return(new DsaDigestSigner(new ECDsaSigner(), new Sha224Digest()));
}
if (mechanism.Equals("SHA-256withECDSA"))
{
return(new DsaDigestSigner(new ECDsaSigner(), new Sha256Digest()));
}
if (mechanism.Equals("SHA-384withECDSA"))
{
return(new DsaDigestSigner(new ECDsaSigner(), new Sha384Digest()));
}
if (mechanism.Equals("SHA-512withECDSA"))
{
return(new DsaDigestSigner(new ECDsaSigner(), new Sha512Digest()));
}
if (mechanism.Equals("RIPEMD160withECDSA"))
{
return(new DsaDigestSigner(new ECDsaSigner(), new RipeMD160Digest()));
}
if (mechanism.Equals("SHA1WITHECNR"))
{
return(new DsaDigestSigner(new ECNRSigner(), new Sha1Digest()));
}
if (mechanism.Equals("SHA224WITHECNR"))
{
return(new DsaDigestSigner(new ECNRSigner(), new Sha224Digest()));
}
if (mechanism.Equals("SHA256WITHECNR"))
{
return(new DsaDigestSigner(new ECNRSigner(), new Sha256Digest()));
}
if (mechanism.Equals("SHA384WITHECNR"))
{
return(new DsaDigestSigner(new ECNRSigner(), new Sha384Digest()));
}
if (mechanism.Equals("SHA512WITHECNR"))
{
return(new DsaDigestSigner(new ECNRSigner(), new Sha512Digest()));
}
if (mechanism.Equals("GOST3410"))
{
return(new Gost3410DigestSigner(new Gost3410Signer(), new Gost3411Digest()));
}
if (mechanism.Equals("ECGOST3410"))
{
return(new Gost3410DigestSigner(new ECGost3410Signer(), new Gost3411Digest()));
}
if (mechanism.Equals("SHA1WITHRSA/ISO9796-2"))
{
return(new Iso9796d2Signer(new RsaBlindedEngine(), new Sha1Digest(), true));
}
if (mechanism.Equals("MD5WITHRSA/ISO9796-2"))
{
return(new Iso9796d2Signer(new RsaBlindedEngine(), new MD5Digest(), true));
}
if (mechanism.Equals("RIPEMD160WITHRSA/ISO9796-2"))
{
return(new Iso9796d2Signer(new RsaBlindedEngine(), new RipeMD160Digest(), true));
}
if (Platform.EndsWith(mechanism, "/X9.31"))
{
string x931 = mechanism.Substring(0, mechanism.Length - "/X9.31".Length);
int withPos = Platform.IndexOf(x931, "WITH");
if (withPos > 0)
{
int endPos = withPos + "WITH".Length;
string digestName = x931.Substring(0, withPos);
IDigest digest = DigestUtilities.GetDigest(digestName);
string cipherName = x931.Substring(endPos, x931.Length - endPos);
if (cipherName.Equals("RSA"))
{
IAsymmetricBlockCipher cipher = new RsaBlindedEngine();
return(new X931Signer(cipher, digest));
}
}
}
throw new SecurityUtilityException("Signer " + algorithm + " not recognised.");
}