internal Parameters(FipsDigestAlgorithm digestAlgorithm, PasswordConverter converter, byte[] password, int iterationCount, byte[] salt) : base(ALGORITHM_PBKDF2)
{
this.digestAlgorithm = digestAlgorithm;
this.converter = converter;
this.password = password;
this.iterationCount = iterationCount;
this.salt = salt;
}
internal HMacDRBGProvider(FipsDigestAlgorithm algorithm, byte[] nonce, byte[] personalizationString, int securityStrength, byte[] primaryAdditionalInput)
{
CryptoStatus.IsReady();
this.hMac = FipsShs.CreateHmac(algorithm);
this.nonce = nonce;
this.personalizationString = personalizationString;
this.securityStrength = securityStrength;
this.primaryAdditionalInput = primaryAdditionalInput;
}
internal Builder(FipsAlgorithm algorithm, FipsDigestAlgorithm digestAlg, Variations variation, SecureRandom random, IEntropySourceProvider entropySourceProvider)
{
CryptoStatus.IsReady();
this.algorithm = algorithm;
this.digestAlg = digestAlg;
this.variation = variation;
this.random = random;
this.entropySourceProvider = entropySourceProvider;
}
/// <summary>
/// Base constructor.
/// </summary>
/// <param name="version">The version of DSS the validator is for.</param>
/// <param name="digestAlgorithm">Digest to use in prime calculations.</param>
/// <param name="random">Source of randomness for prime number testing.</param>
public DomainParametersValidator(Version version, FipsDigestAlgorithm digestAlgorithm, SecureRandom random)
{
if (Version.FipsPub186_2 == version && digestAlgorithm != FipsShs.Sha1.Algorithm)
{
throw new ArgumentException("186-2 can only validate with SHA-1");
}
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
Utils.ValidateRandom(random, "FIPS SecureRandom required for DSA parameter validation in approved mode.");
}
this.version = version;
this.digestAlgorithm = digestAlgorithm;
this.random = random;
}
/// <summary>
/// Base constructor.
/// </summary>
/// <param name="parameters">domain generation parameters.</param>
/// <param name="random">A source of randomness for the parameter generation.</param>
internal DomainParametersGenerator(DomainGenParameters parameters, SecureRandom random)
{
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
int effSizeInBits = parameters.L;
if (effSizeInBits != 2048 && effSizeInBits != 3072)
{
throw new CryptoUnapprovedOperationError("attempt to create parameters with unapproved key size [" + effSizeInBits + "]", Alg);
}
Utils.ValidateRandom(random, Utils.GetAsymmetricSecurityStrength(effSizeInBits), Alg, "attempt to create parameters with unapproved RNG");
}
this.digestAlgorithm = parameters.Digest;
this.parameters = parameters;
this.random = random;
}
internal DeriverBuilder(byte[] password, PasswordConverter converter, FipsDigestAlgorithm digestAlgorithm, byte[] salt, int iterationCount)
{
this.digestAlgorithm = digestAlgorithm;
this.converter = converter;
this.password = password;
this.iterationCount = iterationCount;
this.salt = salt;
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
if (salt.Length < 16)
{
throw new CryptoUnapprovedOperationError("salt must be at least 128 bits");
}
if (password.Length < 14)
{
throw new CryptoUnapprovedOperationError("password must be at least 112 bits");
}
}
}
DomainGenParameters(FipsDigestAlgorithm digest, int L, int N, int certainty, BigInteger p, BigInteger q, byte[] seed, int usageIndex) : base(Alg)
{
if (CryptoServicesRegistrar.IsInApprovedOnlyMode())
{
if (p == null && certainty < PrimeCertaintyCalculator.GetDefaultCertainty(L))
{
throw new CryptoUnapprovedOperationError("Prime generation certainty " + certainty + " inadequate for parameters of " + L + " bits", this.Algorithm);
}
}
if (usageIndex > 255)
{
throw new ArgumentException("Usage index must be in range 0 to 255 (or -1 to ignore)");
}
this.mDigest = digest;
this.mL = L;
this.mN = N;
this.mCertainty = certainty;
this.mP = p;
this.mQ = q;
this.seed = seed;
this.mUsageIndex = usageIndex;
}
internal TlsKdfWithPrfBuilder(FipsAlgorithm algorithm, FipsDigestAlgorithm prf)
{
this.algorithm = algorithm;
this.prf = prf;
}
/// <summary>
/// Base constructor - for 186-4
/// </summary>
/// <param name="digestAlgorithm">Digest to use in prime calculations.</param>
/// <param name="random">Source of randomness for prime number testing.</param>
public DomainParametersValidator(FipsDigestAlgorithm digestAlgorithm, SecureRandom random) : this(Version.FipsPub186_4, digestAlgorithm, random)
{
}
public DomainGenParameters WithDigest(FipsDigestAlgorithm digest)
{
return(new DomainGenParameters(digest, mL, mN, mCertainty, mP, mQ, Arrays.Clone(seed), mUsageIndex));
}
internal BuilderService(FipsAlgorithm algorithm, FipsDigestAlgorithm digestAlgorithm) : base(algorithm)
{
this.digestAlg = digestAlgorithm;
this.variation = Variations.NONE;
}
public FipsDigestKmg(FipsDigestAlgorithm digestAlg)
{
this.digestAlg = digestAlg;
}
internal Base(BuilderService service) : base(service.Algorithm)
{
this.digestAlg = service.Digest;
this.variation = service.Variation;
}
public TlsKdfWithPrfBuilder WithPrf(FipsDigestAlgorithm prf)
{
return(new TlsKdfWithPrfBuilder(algorithm, prf));
}
internal Parameters(FipsDigestAlgorithm algorithm, PasswordConverter converter, char[] password) : this(algorithm, converter, converter.Convert(password), 1024, new byte[20])
{
}
internal TlsKdfWithPrfParameters(FipsAlgorithm algorithm, FipsDigestAlgorithm prf, byte[] secret, string label, byte[] seedMaterial) : base(algorithm, secret, label, seedMaterial)
{
this.prf = prf;
}
internal BuilderService(FipsAlgorithm algorithm, Variations variation) : base(algorithm)
{
this.digestAlg = null;
this.variation = variation;
}