| public static GetDigest ( DerObjectIdentifier id ) : IDigest | ||
| id | DerObjectIdentifier | |
| Результат | IDigest | |
public static IMac GetMac(
string algorithm)
{
string upper = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm);
string mechanism = (string)algorithms[upper];
if (mechanism == null)
{
mechanism = upper;
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEWITH"))
{
mechanism = mechanism.Substring("PBEWITH".Length);
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "HMAC"))
{
string digestName;
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "HMAC-") || BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "HMAC/"))
{
digestName = mechanism.Substring(5);
}
else
{
digestName = mechanism.Substring(4);
}
return(new HMac(DigestUtilities.GetDigest(digestName)));
}
if (mechanism == "AESCMAC")
{
return(new CMac(new AesEngine()));
}
if (mechanism == "DESMAC")
{
return(new CbcBlockCipherMac(new DesEngine()));
}
if (mechanism == "DESMAC/CFB8")
{
return(new CfbBlockCipherMac(new DesEngine()));
}
if (mechanism == "DESMAC64")
{
return(new CbcBlockCipherMac(new DesEngine(), 64));
}
if (mechanism == "DESEDECMAC")
{
return(new CMac(new DesEdeEngine()));
}
if (mechanism == "DESEDEMAC")
{
return(new CbcBlockCipherMac(new DesEdeEngine()));
}
if (mechanism == "DESEDEMAC/CFB8")
{
return(new CfbBlockCipherMac(new DesEdeEngine()));
}
if (mechanism == "DESEDEMAC64")
{
return(new CbcBlockCipherMac(new DesEdeEngine(), 64));
}
if (mechanism == "DESEDEMAC64WITHISO7816-4PADDING")
{
return(new CbcBlockCipherMac(new DesEdeEngine(), 64, new ISO7816d4Padding()));
}
if (mechanism == "DESWITHISO9797" ||
mechanism == "ISO9797ALG3MAC")
{
return(new ISO9797Alg3Mac(new DesEngine()));
}
if (mechanism == "ISO9797ALG3WITHISO7816-4PADDING")
{
return(new ISO9797Alg3Mac(new DesEngine(), new ISO7816d4Padding()));
}
if (mechanism == "SKIPJACKMAC")
{
return(new CbcBlockCipherMac(new SkipjackEngine()));
}
if (mechanism == "SKIPJACKMAC/CFB8")
{
return(new CfbBlockCipherMac(new SkipjackEngine()));
}
if (mechanism == "IDEAMAC")
{
return(new CbcBlockCipherMac(new IdeaEngine()));
}
if (mechanism == "IDEAMAC/CFB8")
{
return(new CfbBlockCipherMac(new IdeaEngine()));
}
if (mechanism == "RC2MAC")
{
return(new CbcBlockCipherMac(new RC2Engine()));
}
if (mechanism == "RC2MAC/CFB8")
{
return(new CfbBlockCipherMac(new RC2Engine()));
}
if (mechanism == "RC5MAC")
{
return(new CbcBlockCipherMac(new RC532Engine()));
}
if (mechanism == "RC5MAC/CFB8")
{
return(new CfbBlockCipherMac(new RC532Engine()));
}
if (mechanism == "GOST28147MAC")
{
return(new Gost28147Mac());
}
if (mechanism == "VMPCMAC")
{
return(new VmpcMac());
}
if (mechanism == "SIPHASH-2-4")
{
return(new SipHash());
}
throw new SecurityUtilityException("Mac " + mechanism + " not recognised.");
}
public static ICipherParameters GenerateCipherParameters(
string algorithm,
char[] password,
bool wrongPkcs12Zero,
Asn1Encodable pbeParameters)
{
string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
byte[] keyBytes = null;
byte[] salt = null;
int iterationCount = 0;
if (IsPkcs12(mechanism))
{
Pkcs12PbeParams pbeParams = Pkcs12PbeParams.GetInstance(pbeParameters);
salt = pbeParams.GetIV();
iterationCount = pbeParams.Iterations.IntValue;
keyBytes = PbeParametersGenerator.Pkcs12PasswordToBytes(password, wrongPkcs12Zero);
}
else if (IsPkcs5Scheme2(mechanism))
{
// See below
}
else
{
PbeParameter pbeParams = PbeParameter.GetInstance(pbeParameters);
salt = pbeParams.GetSalt();
iterationCount = pbeParams.IterationCount.IntValue;
keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
}
ICipherParameters parameters = null;
if (IsPkcs5Scheme2(mechanism))
{
PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object());
AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
DerObjectIdentifier encOid = encScheme.Algorithm;
Asn1Object encParams = encScheme.Parameters.ToAsn1Object();
Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object());
IDigest digest = DigestUtilities.GetDigest(pbeParams.Prf.Algorithm);
byte[] iv;
if (encOid.Equals(PkcsObjectIdentifiers.RC2Cbc)) // PKCS5.B.2.3
{
RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(encParams);
iv = rc2Params.GetIV();
}
else
{
iv = Asn1OctetString.GetInstance(encParams).GetOctets();
}
salt = pbeParams.GetSalt();
iterationCount = pbeParams.IterationCount.IntValue;
keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
int keyLength = pbeParams.KeyLength != null
? pbeParams.KeyLength.IntValue * 8
: GeneratorUtilities.GetDefaultKeySize(encOid);
PbeParametersGenerator gen = MakePbeGenerator(
(string)algorithmType[mechanism], digest, keyBytes, salt, iterationCount);
parameters = gen.GenerateDerivedParameters(encOid.Id, keyLength);
if (iv != null)
{
// FIXME? OpenSSL weirdness with IV of zeros (for ECB keys?)
if (Arrays.AreEqual(iv, new byte[iv.Length]))
{
//Console.Error.Write("***** IV all 0 (length " + iv.Length + ") *****");
}
else
{
parameters = new ParametersWithIV(parameters, iv);
}
}
}
else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithSHA-1"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new Sha1Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithSHA-1and128bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and192bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and256bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
else if (mechanism.Equals("PBEwithSHA-1and128bitRC4"))
{
parameters = generator.GenerateDerivedParameters("RC4", 128);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC4"))
{
parameters = generator.GenerateDerivedParameters("RC4", 40);
}
else if (mechanism.Equals("PBEwithSHA-1and3-keyDESEDE-CBC"))
{
parameters = generator.GenerateDerivedParameters("DESEDE", 192, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and2-keyDESEDE-CBC"))
{
parameters = generator.GenerateDerivedParameters("DESEDE", 128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and128bitRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 40, 64);
}
else if (mechanism.Equals("PBEwithSHA-1andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithSHA-1andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
}
else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithSHA-256"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new Sha256Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithSHA-256and128bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithSHA-256and192bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithSHA-256and256bitAES-CBC-BC"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithMD5"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new MD5Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithMD5andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithMD5andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
else if (mechanism.Equals("PBEwithMD5and128bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 128, 128);
}
else if (mechanism.Equals("PBEwithMD5and192bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 192, 128);
}
else if (mechanism.Equals("PBEwithMD5and256bitAES-CBC-OpenSSL"))
{
parameters = generator.GenerateDerivedParameters("AES", 256, 128);
}
}
else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithMD2"))
{
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], new MD2Digest(), keyBytes, salt, iterationCount);
if (mechanism.Equals("PBEwithMD2andDES-CBC"))
{
parameters = generator.GenerateDerivedParameters("DES", 64, 64);
}
else if (mechanism.Equals("PBEwithMD2andRC2-CBC"))
{
parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
}
}
else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithHmac"))
{
string digestName = mechanism.Substring("PBEwithHmac".Length);
IDigest digest = DigestUtilities.GetDigest(digestName);
PbeParametersGenerator generator = MakePbeGenerator(
(string)algorithmType[mechanism], digest, keyBytes, salt, iterationCount);
int bitLen = digest.GetDigestSize() * 8;
parameters = generator.GenerateDerivedMacParameters(bitLen);
}
Array.Clear(keyBytes, 0, keyBytes.Length);
return(FixDesParity(mechanism, parameters));
}
public static ISigner GetSigner(
string algorithm)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
algorithm = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm);
string mechanism = (string)algorithms[algorithm];
if (mechanism == null)
{
mechanism = algorithm;
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "Ed"))
{
if (mechanism.Equals("Ed25519"))
{
return(new Ed25519Signer());
}
if (mechanism.Equals("Ed25519ctx"))
{
return(new Ed25519ctxSigner(Arrays.EmptyBytes));
}
if (mechanism.Equals("Ed25519ph"))
{
return(new Ed25519phSigner(Arrays.EmptyBytes));
}
if (mechanism.Equals("Ed448"))
{
return(new Ed448Signer(Arrays.EmptyBytes));
}
if (mechanism.Equals("Ed448ph"))
{
return(new Ed448phSigner(Arrays.EmptyBytes));
}
}
if (mechanism.Equals("RSA"))
{
return(new RsaDigestSigner(new NullDigest(), (AlgorithmIdentifier)null));
}
if (mechanism.Equals("RAWRSASSA-PSS"))
{
// TODO Add support for other parameter settings
return(PssSigner.CreateRawSigner(new RsaBlindedEngine(), new Sha1Digest()));
}
if (mechanism.Equals("PSSwithRSA"))
{
// TODO The Sha1Digest here is a default. In JCE version, the actual digest
// to be used can be overridden by subsequent parameter settings.
return(new PssSigner(new RsaBlindedEngine(), new Sha1Digest()));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withRSA"))
{
string digestName = mechanism.Substring(0, mechanism.LastIndexOf("with"));
IDigest digest = DigestUtilities.GetDigest(digestName);
return(new RsaDigestSigner(digest));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withRSAandMGF1"))
{
string digestName = mechanism.Substring(0, mechanism.LastIndexOf("with"));
IDigest digest = DigestUtilities.GetDigest(digestName);
return(new PssSigner(new RsaBlindedEngine(), digest));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withDSA"))
{
string digestName = mechanism.Substring(0, mechanism.LastIndexOf("with"));
IDigest digest = DigestUtilities.GetDigest(digestName);
return(new DsaDigestSigner(new DsaSigner(), digest));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withECDSA"))
{
string digestName = mechanism.Substring(0, mechanism.LastIndexOf("with"));
IDigest digest = DigestUtilities.GetDigest(digestName);
return(new DsaDigestSigner(new ECDsaSigner(), digest));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withCVC-ECDSA") ||
BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withPLAIN-ECDSA"))
{
string digestName = mechanism.Substring(0, mechanism.LastIndexOf("with"));
IDigest digest = DigestUtilities.GetDigest(digestName);
return(new DsaDigestSigner(new ECDsaSigner(), digest, PlainDsaEncoding.Instance));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withECNR"))
{
string digestName = mechanism.Substring(0, mechanism.LastIndexOf("with"));
IDigest digest = DigestUtilities.GetDigest(digestName);
return(new DsaDigestSigner(new ECNRSigner(), digest));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "withSM2"))
{
string digestName = mechanism.Substring(0, mechanism.LastIndexOf("with"));
IDigest digest = DigestUtilities.GetDigest(digestName);
return(new SM2Signer(digest));
}
if (mechanism.Equals("GOST3410"))
{
return(new Gost3410DigestSigner(new Gost3410Signer(), new Gost3411Digest()));
}
if (mechanism.Equals("ECGOST3410"))
{
return(new Gost3410DigestSigner(new ECGost3410Signer(), new Gost3411Digest()));
}
if (mechanism.Equals("SHA1WITHRSA/ISO9796-2"))
{
return(new Iso9796d2Signer(new RsaBlindedEngine(), new Sha1Digest(), true));
}
if (mechanism.Equals("MD5WITHRSA/ISO9796-2"))
{
return(new Iso9796d2Signer(new RsaBlindedEngine(), new MD5Digest(), true));
}
if (mechanism.Equals("RIPEMD160WITHRSA/ISO9796-2"))
{
return(new Iso9796d2Signer(new RsaBlindedEngine(), new RipeMD160Digest(), true));
}
if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "/X9.31"))
{
string x931 = mechanism.Substring(0, mechanism.Length - "/X9.31".Length);
int withPos = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.IndexOf(x931, "WITH");
if (withPos > 0)
{
int endPos = withPos + "WITH".Length;
string digestName = x931.Substring(0, withPos);
IDigest digest = DigestUtilities.GetDigest(digestName);
string cipherName = x931.Substring(endPos, x931.Length - endPos);
if (cipherName.Equals("RSA"))
{
IAsymmetricBlockCipher cipher = new RsaBlindedEngine();
return(new X931Signer(cipher, digest));
}
}
}
throw new SecurityUtilityException("Signer " + algorithm + " not recognised.");
}
