diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2015-11-10 19:50:25 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2015-11-10 19:50:25 +0700 |
| commit | f4ef9a796db54db87c06c110247cddfdfc5af167 (patch) | |
| tree | 336c6a55ecb530934c8dffb5f3e8bc70fc798730 | |
| parent | Merge branch 'master' of git.bouncycastle.org:bc-csharp into pcl (diff) | |
| parent | Address various compiler warnings (diff) | |
| download | BouncyCastle.NET-ed25519-f4ef9a796db54db87c06c110247cddfdfc5af167.tar.xz | |
Merge branch 'master' of git.bouncycastle.org:bc-csharp into pcl
70 files changed, 580 insertions, 349 deletions
diff --git a/crypto/Contributors.html b/crypto/Contributors.html index 3d0992f68..8908b857a 100644 --- a/crypto/Contributors.html +++ b/crypto/Contributors.html @@ -105,7 +105,8 @@ <p>Kalev Lember <kalev@smartlink.ee> - patch to fix compilation problem under Mono 2.8+.</p> </li> <li> - <p>Kyle Hamilton <kyanha.bouncycastle@kyanha.net> - identified problem with BigInteger.Multiply, patch for MiscPemGenerator infinite recursion.</p> + <p>Kyle Hamilton <kyanha.bouncycastle@kyanha.net> - identified problem with BigInteger.Multiply, patch for MiscPemGenerator infinite recursion, + proposed improvements in use of random numbers.</p> </li> <li> <p>Atanas Krachev <akrachev@gmail.com> - added support for revocation signatures in OpenPGP.</p> @@ -128,6 +129,16 @@ <li> <p>Michael Krueger <michael.krueger@secardeo.com> - patch to fix Asn1.Cmp.RevDetails constructor.</p> </li> + <li> + <p>Daniel Nauck <daniel.nauck@gmail.com> - patch for Portable Class Library support.</p> + </li> + <li> + <p>John Allberg <john@ayoy.se> - improvements to Portable Class Library patch.</p> + </li> + <li> + <p>Oren Novotny (https://github.com/onovotny) - developed and maintained a fork supporting Portable Class Library, worked closely with us + to integrate the changes back into the main project.</p> + </li> </ul> </body> </html> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index a1e217aca..3f942800c 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -249,6 +249,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\asn1\BERBitString.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\asn1\BERGenerator.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/asn1/BERBitString.cs b/crypto/src/asn1/BERBitString.cs new file mode 100644 index 000000000..d8cd00330 --- /dev/null +++ b/crypto/src/asn1/BERBitString.cs @@ -0,0 +1,43 @@ +using System; + +using Org.BouncyCastle.Utilities; + +namespace Org.BouncyCastle.Asn1 +{ + public class BerBitString + : DerBitString + { + public BerBitString(byte[] data, int padBits) + : base(data, padBits) + { + } + + public BerBitString(byte[] data) + : base(data) + { + } + + public BerBitString(int namedBits) + : base(namedBits) + { + } + + public BerBitString(Asn1Encodable obj) + : base(obj) + { + } + + internal override void Encode( + DerOutputStream derOut) + { + if (derOut is Asn1OutputStream || derOut is BerOutputStream) + { + derOut.WriteEncoded(Asn1Tags.BitString, (byte)mPadBits, mData); + } + else + { + base.Encode(derOut); + } + } + } +} diff --git a/crypto/src/asn1/DerBitString.cs b/crypto/src/asn1/DerBitString.cs index d5cb872bc..ad7a7e349 100644 --- a/crypto/src/asn1/DerBitString.cs +++ b/crypto/src/asn1/DerBitString.cs @@ -1,6 +1,8 @@ using System; +using System.Diagnostics; using System.Text; +using Org.BouncyCastle.Math; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Asn1 @@ -11,83 +13,10 @@ namespace Org.BouncyCastle.Asn1 private static readonly char[] table = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - private readonly byte[] data; - private readonly int padBits; + protected readonly byte[] mData; + protected readonly int mPadBits; - /** - * return the correct number of pad bits for a bit string defined in - * a 32 bit constant - */ - static internal int GetPadBits( - int bitString) - { - int val = 0; - for (int i = 3; i >= 0; i--) - { - // - // this may look a little odd, but if it isn't done like this pre jdk1.2 - // JVM's break! - // - if (i != 0) - { - if ((bitString >> (i * 8)) != 0) - { - val = (bitString >> (i * 8)) & 0xFF; - break; - } - } - else - { - if (bitString != 0) - { - val = bitString & 0xFF; - break; - } - } - } - - if (val == 0) - { - return 7; - } - - int bits = 1; - - while (((val <<= 1) & 0xFF) != 0) - { - bits++; - } - - return 8 - bits; - } - - /** - * return the correct number of bytes for a bit string defined in - * a 32 bit constant - */ - static internal byte[] GetBytes( - int bitString) - { - int bytes = 4; - for (int i = 3; i >= 1; i--) - { - if ((bitString & (0xFF << (i * 8))) != 0) - { - break; - } - bytes--; - } - - byte[] result = new byte[bytes]; - for (int i = 0; i < bytes; i++) - { - result[i] = (byte) ((bitString >> (i * 8)) & 0xFF); - } - - return result; - } - - /** + /** * return a Bit string from the passed in object * * @exception ArgumentException if the object cannot be converted. @@ -126,15 +55,7 @@ namespace Org.BouncyCastle.Asn1 return FromAsn1Octets(((Asn1OctetString)o).GetOctets()); } - internal DerBitString( - byte data, - int padBits) - { - this.data = new byte[]{ data }; - this.padBits = padBits; - } - - /** + /** * @param data the octets making up the bit string. * @param padBits the number of extra bits at the end of the string. */ @@ -142,67 +63,154 @@ namespace Org.BouncyCastle.Asn1 byte[] data, int padBits) { - // TODO Deep copy? - this.data = data; - this.padBits = padBits; + if (data == null) + throw new ArgumentNullException("data"); + if (padBits < 0 || padBits > 7) + throw new ArgumentException("must be in the range 0 to 7", "padBits"); + if (data.Length == 0 && padBits != 0) + throw new ArgumentException("if 'data' is empty, 'padBits' must be 0"); + + this.mData = Arrays.Clone(data); + this.mPadBits = padBits; } public DerBitString( byte[] data) + : this(data, 0) { - // TODO Deep copy? - this.data = data; } - public DerBitString( + public DerBitString( + int namedBits) + { + if (namedBits == 0) + { + this.mData = new byte[0]; + this.mPadBits = 0; + return; + } + + int bits = BigInteger.BitLen(namedBits); + int bytes = (bits + 7) / 8; + + Debug.Assert(0 < bytes && bytes <= 4); + + byte[] result = new byte[bytes]; + --bytes; + + for (int i = 0; i < bytes; i++) + { + result[i] = (byte)namedBits; + namedBits >>= 8; + } + + Debug.Assert((namedBits & 0xFF) != 0); + + result[bytes] = (byte)namedBits; + + int pad = 0; + while ((namedBits & (1 << pad)) == 0) + { + ++pad; + } + + Debug.Assert(pad < 8); + + this.mData = result; + this.mPadBits = pad; + } + + public DerBitString( Asn1Encodable obj) + : this(obj.GetDerEncoded()) { - this.data = obj.GetDerEncoded(); - //this.padBits = 0; } - public byte[] GetBytes() + /** + * Return the octets contained in this BIT STRING, checking that this BIT STRING really + * does represent an octet aligned string. Only use this method when the standard you are + * following dictates that the BIT STRING will be octet aligned. + * + * @return a copy of the octet aligned data. + */ + public virtual byte[] GetOctets() + { + if (mPadBits != 0) + throw new InvalidOperationException("attempt to get non-octet aligned data from BIT STRING"); + + return Arrays.Clone(mData); + } + + public virtual byte[] GetBytes() { - return data; + byte[] data = Arrays.Clone(mData); + + // DER requires pad bits be zero + if (mPadBits > 0) + { + data[data.Length - 1] &= (byte)(0xFF << mPadBits); + } + + return data; } - public int PadBits + public virtual int PadBits { - get { return padBits; } + get { return mPadBits; } } /** * @return the value of the bit string as an int (truncating if necessary) */ - public int IntValue + public virtual int IntValue { get { - int value = 0; - - for (int i = 0; i != data.Length && i != 4; i++) - { - value |= (data[i] & 0xff) << (8 * i); - } - - return value; + int value = 0, length = System.Math.Min(4, mData.Length); + for (int i = 0; i < length; ++i) + { + value |= (int)mData[i] << (8 * i); + } + if (mPadBits > 0 && length == mData.Length) + { + int mask = (1 << mPadBits) - 1; + value &= ~(mask << (8 * (length - 1))); + } + return value; } } - internal override void Encode( + internal override void Encode( DerOutputStream derOut) { - byte[] bytes = new byte[GetBytes().Length + 1]; - - bytes[0] = (byte) PadBits; - Array.Copy(GetBytes(), 0, bytes, 1, bytes.Length - 1); - - derOut.WriteEncoded(Asn1Tags.BitString, bytes); + if (mPadBits > 0) + { + int last = mData[mData.Length - 1]; + int mask = (1 << mPadBits) - 1; + + if ((last & mask) != 0) + { + byte[] result = Arrays.Prepend(mData, (byte)mPadBits); + + /* + * X.690-0207 11.2.1: Each unused bit in the final octet of the encoding of a bit string value shall be set to zero. + * + * NOTE: 'pad' is constrained to be 0 if 'bytes' are empty, in which case this is a no-op. + */ + last ^= (last & mask); + result[result.Length - 1] &= (byte)last; + + derOut.WriteEncoded(Asn1Tags.BitString, result); + return; + } + } + + derOut.WriteEncoded(Asn1Tags.BitString, (byte)mPadBits, mData); } - protected override int Asn1GetHashCode() + protected override int Asn1GetHashCode() { - return padBits.GetHashCode() ^ Arrays.GetHashCode(data); + return mPadBits.GetHashCode() ^ Arrays.GetHashCode(mData); } protected override bool Asn1Equals( @@ -213,8 +221,8 @@ namespace Org.BouncyCastle.Asn1 if (other == null) return false; - return this.padBits == other.padBits - && Arrays.AreEqual(this.data, other.data); + return this.mPadBits == other.mPadBits + && Arrays.AreEqual(this.mData, other.mData); } public override string GetString() @@ -236,12 +244,23 @@ namespace Org.BouncyCastle.Asn1 internal static DerBitString FromAsn1Octets(byte[] octets) { if (octets.Length < 1) - throw new ArgumentException("truncated BIT STRING detected"); + throw new ArgumentException("truncated BIT STRING detected", "octets"); + + int padBits = octets[0]; + byte[] data = Arrays.CopyOfRange(octets, 1, octets.Length); + + if (padBits > 0 && padBits < 8 && data.Length > 0) + { + int last = data[data.Length - 1]; + int mask = (1 << padBits) - 1; + + if ((last & mask) != 0) + { + return new BerBitString(data, padBits); + } + } - int padBits = octets[0]; - byte[] data = new byte[octets.Length - 1]; - Array.Copy(octets, 1, data, 0, data.Length); - return new DerBitString(data, padBits); + return new DerBitString(data, padBits); } } } diff --git a/crypto/src/asn1/DerOutputStream.cs b/crypto/src/asn1/DerOutputStream.cs index c03d9dc11..69d5d5f28 100644 --- a/crypto/src/asn1/DerOutputStream.cs +++ b/crypto/src/asn1/DerOutputStream.cs @@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Asn1 if (length > 127) { int size = 1; - uint val = (uint) length; + uint val = (uint)length; while ((val >>= 8) != 0) { @@ -43,18 +43,29 @@ namespace Org.BouncyCastle.Asn1 int tag, byte[] bytes) { - WriteByte((byte) tag); + WriteByte((byte)tag); WriteLength(bytes.Length); Write(bytes, 0, bytes.Length); } - internal void WriteEncoded( + internal void WriteEncoded( + int tag, + byte first, + byte[] bytes) + { + WriteByte((byte)tag); + WriteLength(bytes.Length + 1); + WriteByte(first); + Write(bytes, 0, bytes.Length); + } + + internal void WriteEncoded( int tag, byte[] bytes, int offset, int length) { - WriteByte((byte) tag); + WriteByte((byte)tag); WriteLength(length); Write(bytes, offset, length); } diff --git a/crypto/src/asn1/cmp/PKIFailureInfo.cs b/crypto/src/asn1/cmp/PKIFailureInfo.cs index 1df0e0693..75a3ff0d7 100644 --- a/crypto/src/asn1/cmp/PKIFailureInfo.cs +++ b/crypto/src/asn1/cmp/PKIFailureInfo.cs @@ -2,66 +2,89 @@ using System; namespace Org.BouncyCastle.Asn1.Cmp { - /** - * <pre> - * PKIFailureInfo ::= BIT STRING { - * badAlg (0), - * -- unrecognized or unsupported Algorithm Identifier - * badMessageCheck (1), -- integrity check failed (e.g., signature did not verify) - * badRequest (2), - * -- transaction not permitted or supported - * badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy - * badCertId (4), -- no certificate could be found matching the provided criteria - * badDataFormat (5), - * -- the data submitted has the wrong format - * wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token - * incorrectData (7), -- the requester's data is incorrect (for notary services) - * missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy) - * badPOP (9) -- the proof-of-possession failed - * timeNotAvailable (14), - * -- the TSA's time source is not available - * unacceptedPolicy (15), - * -- the requested TSA policy is not supported by the TSA - * unacceptedExtension (16), - * -- the requested extension is not supported by the TSA - * addInfoNotAvailable (17) - * -- the additional information requested could not be understood - * -- or is not available - * systemFailure (25) - * -- the request cannot be handled due to system failure - * </pre> - */ + /** + * <pre> + * PKIFailureInfo ::= BIT STRING { + * badAlg (0), + * -- unrecognized or unsupported Algorithm Identifier + * badMessageCheck (1), -- integrity check failed (e.g., signature did not verify) + * badRequest (2), + * -- transaction not permitted or supported + * badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy + * badCertId (4), -- no certificate could be found matching the provided criteria + * badDataFormat (5), + * -- the data submitted has the wrong format + * wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token + * incorrectData (7), -- the requester's data is incorrect (for notary services) + * missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy) + * badPOP (9) -- the proof-of-possession failed + * certRevoked (10), + * certConfirmed (11), + * wrongIntegrity (12), + * badRecipientNonce (13), + * timeNotAvailable (14), + * -- the TSA's time source is not available + * unacceptedPolicy (15), + * -- the requested TSA policy is not supported by the TSA + * unacceptedExtension (16), + * -- the requested extension is not supported by the TSA + * addInfoNotAvailable (17) + * -- the additional information requested could not be understood + * -- or is not available + * badSenderNonce (18), + * badCertTemplate (19), + * signerNotTrusted (20), + * transactionIdInUse (21), + * unsupportedVersion (22), + * notAuthorized (23), + * systemUnavail (24), + * systemFailure (25), + * -- the request cannot be handled due to system failure + * duplicateCertReq (26) + * </pre> + */ public class PkiFailureInfo : DerBitString { - public const int BadAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier - public const int BadMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify) - public const int BadRequest = (1 << 5); - public const int BadTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy - public const int BadCertId = (1 << 3); // no certificate could be found matching the provided criteria - public const int BadDataFormat = (1 << 2); - public const int WrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token - public const int IncorrectData = 1; // the requester's data is incorrect (for notary services) - public const int MissingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy) - public const int BadPop = (1 << 14); // the proof-of-possession failed - public const int TimeNotAvailable = (1 << 9); // the TSA's time source is not available - public const int UnacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA - public const int UnacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA - public const int AddInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available - public const int SystemFailure = (1 << 30); //the request cannot be handled due to system failure + public const int BadAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier + public const int BadMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify) + public const int BadRequest = (1 << 5); + public const int BadTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy + public const int BadCertId = (1 << 3); // no certificate could be found matching the provided criteria + public const int BadDataFormat = (1 << 2); + public const int WrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token + public const int IncorrectData = 1; // the requester's data is incorrect (for notary services) + public const int MissingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy) + public const int BadPop = (1 << 14); // the proof-of-possession failed + public const int CertRevoked = (1 << 13); + public const int CertConfirmed = (1 << 12); + public const int WrongIntegrity = (1 << 11); + public const int BadRecipientNonce = (1 << 10); + public const int TimeNotAvailable = (1 << 9); // the TSA's time source is not available + public const int UnacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA + public const int UnacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA + public const int AddInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available + public const int BadSenderNonce = (1 << 21); + public const int BadCertTemplate = (1 << 20); + public const int SignerNotTrusted = (1 << 19); + public const int TransactionIdInUse = (1 << 18); + public const int UnsupportedVersion = (1 << 17); + public const int NotAuthorized = (1 << 16); + public const int SystemUnavail = (1 << 31); + public const int SystemFailure = (1 << 30); //the request cannot be handled due to system failure + public const int DuplicateCertReq = (1 << 29); - /** + /** * Basic constructor. */ - public PkiFailureInfo( - int info) - : base(GetBytes(info), GetPadBits(info)) + public PkiFailureInfo(int info) + : base(info) { } public PkiFailureInfo( DerBitString info) - : base(info.GetBytes(), info.PadBits) + : base(info.GetBytes(), info.PadBits) { } diff --git a/crypto/src/asn1/ess/OtherCertID.cs b/crypto/src/asn1/ess/OtherCertID.cs index 972ef8c6b..3d221b0ec 100644 --- a/crypto/src/asn1/ess/OtherCertID.cs +++ b/crypto/src/asn1/ess/OtherCertID.cs @@ -1,5 +1,6 @@ using System; +using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.X509; namespace Org.BouncyCastle.Asn1.Ess @@ -78,7 +79,7 @@ namespace Org.BouncyCastle.Asn1.Ess if (otherCertHash.ToAsn1Object() is Asn1OctetString) { // SHA-1 - return new AlgorithmIdentifier("1.3.14.3.2.26"); + return new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1); } return DigestInfo.GetInstance(otherCertHash).AlgorithmID; diff --git a/crypto/src/asn1/misc/NetscapeCertType.cs b/crypto/src/asn1/misc/NetscapeCertType.cs index d5db6523d..d809eae66 100644 --- a/crypto/src/asn1/misc/NetscapeCertType.cs +++ b/crypto/src/asn1/misc/NetscapeCertType.cs @@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Asn1.Misc * e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA) */ public NetscapeCertType(int usage) - : base(GetBytes(usage), GetPadBits(usage)) + : base(usage) { } diff --git a/crypto/src/asn1/ocsp/BasicOCSPResponse.cs b/crypto/src/asn1/ocsp/BasicOCSPResponse.cs index dd666addf..064335ae8 100644 --- a/crypto/src/asn1/ocsp/BasicOCSPResponse.cs +++ b/crypto/src/asn1/ocsp/BasicOCSPResponse.cs @@ -94,7 +94,12 @@ namespace Org.BouncyCastle.Asn1.Ocsp get { return signature; } } - [Obsolete("Use Certs property instead")] + public byte[] GetSignatureOctets() + { + return signature.GetOctets(); + } + + [Obsolete("Use Certs property instead")] public Asn1Sequence GetCerts() { return certs; diff --git a/crypto/src/asn1/ocsp/Signature.cs b/crypto/src/asn1/ocsp/Signature.cs index a07e7a709..df6f43332 100644 --- a/crypto/src/asn1/ocsp/Signature.cs +++ b/crypto/src/asn1/ocsp/Signature.cs @@ -80,7 +80,12 @@ namespace Org.BouncyCastle.Asn1.Ocsp get { return signatureValue; } } - public Asn1Sequence Certs + public byte[] GetSignatureOctets() + { + return signatureValue.GetOctets(); + } + + public Asn1Sequence Certs { get { return certs; } } diff --git a/crypto/src/asn1/pkcs/CertificationRequest.cs b/crypto/src/asn1/pkcs/CertificationRequest.cs index 32b1612d2..35bdd56eb 100644 --- a/crypto/src/asn1/pkcs/CertificationRequest.cs +++ b/crypto/src/asn1/pkcs/CertificationRequest.cs @@ -73,7 +73,12 @@ namespace Org.BouncyCastle.Asn1.Pkcs get { return sigBits; } } - public override Asn1Object ToAsn1Object() + public byte[] GetSignatureOctets() + { + return sigBits.GetOctets(); + } + + public override Asn1Object ToAsn1Object() { return new DerSequence(reqInfo, sigAlgId, sigBits); } diff --git a/crypto/src/asn1/pkcs/EncryptionScheme.cs b/crypto/src/asn1/pkcs/EncryptionScheme.cs index 5b64d6f67..ff9103d12 100644 --- a/crypto/src/asn1/pkcs/EncryptionScheme.cs +++ b/crypto/src/asn1/pkcs/EncryptionScheme.cs @@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Asn1.Pkcs public override Asn1Object ToAsn1Object() { - return new DerSequence(ObjectID, Parameters); + return new DerSequence(Algorithm, Parameters); } } } diff --git a/crypto/src/asn1/x509/AttributeCertificate.cs b/crypto/src/asn1/x509/AttributeCertificate.cs index 5f85910da..41893b6b4 100644 --- a/crypto/src/asn1/x509/AttributeCertificate.cs +++ b/crypto/src/asn1/x509/AttributeCertificate.cs @@ -63,7 +63,12 @@ namespace Org.BouncyCastle.Asn1.X509 get { return signatureValue; } } - /** + public byte[] GetSignatureOctets() + { + return signatureValue.GetOctets(); + } + + /** * Produce an object suitable for an Asn1OutputStream. * <pre> * AttributeCertificate ::= Sequence { diff --git a/crypto/src/asn1/x509/CertificateList.cs b/crypto/src/asn1/x509/CertificateList.cs index 0412e0816..567cf132a 100644 --- a/crypto/src/asn1/x509/CertificateList.cs +++ b/crypto/src/asn1/x509/CertificateList.cs @@ -80,7 +80,12 @@ namespace Org.BouncyCastle.Asn1.X509 get { return sig; } } - public int Version + public byte[] GetSignatureOctets() + { + return sig.GetOctets(); + } + + public int Version { get { return tbsCertList.Version; } } diff --git a/crypto/src/asn1/x509/KeyUsage.cs b/crypto/src/asn1/x509/KeyUsage.cs index fef04e8b9..aeaffb708 100644 --- a/crypto/src/asn1/x509/KeyUsage.cs +++ b/crypto/src/asn1/x509/KeyUsage.cs @@ -53,9 +53,8 @@ namespace Org.BouncyCastle.Asn1.X509 * allowed uses for the key. * e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment) */ - public KeyUsage( - int usage) - : base(GetBytes(usage), GetPadBits(usage)) + public KeyUsage(int usage) + : base(usage) { } diff --git a/crypto/src/asn1/x509/ReasonFlags.cs b/crypto/src/asn1/x509/ReasonFlags.cs index f204c36aa..ad45e84ae 100644 --- a/crypto/src/asn1/x509/ReasonFlags.cs +++ b/crypto/src/asn1/x509/ReasonFlags.cs @@ -31,13 +31,12 @@ namespace Org.BouncyCastle.Asn1.X509 * @param reasons - the bitwise OR of the Key Reason flags giving the * allowed uses for the key. */ - public ReasonFlags( - int reasons) - : base(GetBytes(reasons), GetPadBits(reasons)) + public ReasonFlags(int reasons) + : base(reasons) { } - public ReasonFlags( + public ReasonFlags( DerBitString reasons) : base(reasons.GetBytes(), reasons.PadBits) { diff --git a/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs b/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs index 8ce4b2762..477329b7e 100644 --- a/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs +++ b/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs @@ -75,7 +75,7 @@ namespace Org.BouncyCastle.Asn1.X509 */ public Asn1Object GetPublicKey() { - return Asn1Object.FromByteArray(keyData.GetBytes()); + return Asn1Object.FromByteArray(keyData.GetOctets()); } /** diff --git a/crypto/src/asn1/x509/X509CertificateStructure.cs b/crypto/src/asn1/x509/X509CertificateStructure.cs index c8558ae61..6e7c85de6 100644 --- a/crypto/src/asn1/x509/X509CertificateStructure.cs +++ b/crypto/src/asn1/x509/X509CertificateStructure.cs @@ -119,6 +119,11 @@ namespace Org.BouncyCastle.Asn1.X509 get { return sig; } } + public byte[] GetSignatureOctets() + { + return sig.GetOctets(); + } + public override Asn1Object ToAsn1Object() { return new DerSequence(tbsCert, sigAlgID, sig); diff --git a/crypto/src/cms/CMSAuthenticatedData.cs b/crypto/src/cms/CMSAuthenticatedData.cs index 5e234da2b..33b4cc22c 100644 --- a/crypto/src/cms/CMSAuthenticatedData.cs +++ b/crypto/src/cms/CMSAuthenticatedData.cs @@ -83,7 +83,7 @@ namespace Org.BouncyCastle.Cms */ public string MacAlgOid { - get { return macAlg.ObjectID.Id; } + get { return macAlg.Algorithm.Id; } } /** diff --git a/crypto/src/cms/CMSAuthenticatedDataParser.cs b/crypto/src/cms/CMSAuthenticatedDataParser.cs index c99aac61c..7defafc07 100644 --- a/crypto/src/cms/CMSAuthenticatedDataParser.cs +++ b/crypto/src/cms/CMSAuthenticatedDataParser.cs @@ -111,7 +111,7 @@ namespace Org.BouncyCastle.Cms */ public string MacAlgOid { - get { return macAlg.ObjectID.Id; } + get { return macAlg.Algorithm.Id; } } diff --git a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs index a135cdd11..4d18d10d4 100644 --- a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs @@ -165,7 +165,7 @@ namespace Org.BouncyCastle.Cms Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream( eiGen.GetRawOutputStream(), 0, false, _bufferSize); - IMac mac = MacUtilities.GetMac(macAlgId.ObjectID); + IMac mac = MacUtilities.GetMac(macAlgId.Algorithm); // TODO Confirm no ParametersWithRandom needed mac.Init(cipherParameters); Stream mOut = new TeeOutputStream(octetOutputStream, new MacOutputStream(mac)); diff --git a/crypto/src/cms/CMSEnvelopedData.cs b/crypto/src/cms/CMSEnvelopedData.cs index 0731c307e..223d0ca73 100644 --- a/crypto/src/cms/CMSEnvelopedData.cs +++ b/crypto/src/cms/CMSEnvelopedData.cs @@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Cms */ public string EncryptionAlgOid { - get { return encAlg.ObjectID.Id; } + get { return encAlg.Algorithm.Id; } } /** diff --git a/crypto/src/cms/CMSEnvelopedDataParser.cs b/crypto/src/cms/CMSEnvelopedDataParser.cs index 01a949d47..d5dfaf53d 100644 --- a/crypto/src/cms/CMSEnvelopedDataParser.cs +++ b/crypto/src/cms/CMSEnvelopedDataParser.cs @@ -101,7 +101,7 @@ namespace Org.BouncyCastle.Cms */ public string EncryptionAlgOid { - get { return _encAlg.ObjectID.Id; } + get { return _encAlg.Algorithm.Id; } } /** diff --git a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs index 0a9e5bece..e0822aa8b 100644 --- a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs @@ -166,7 +166,7 @@ namespace Org.BouncyCastle.Cms Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream( eiGen.GetRawOutputStream(), 0, false, _bufferSize); - IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.ObjectID); + IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.Algorithm); cipher.Init(true, new ParametersWithRandom(cipherParameters, rand)); CipherStream cOut = new CipherStream(octetOutputStream, null, cipher); diff --git a/crypto/src/cms/CMSEnvelopedHelper.cs b/crypto/src/cms/CMSEnvelopedHelper.cs index fe2b14cd9..77d2da47a 100644 --- a/crypto/src/cms/CMSEnvelopedHelper.cs +++ b/crypto/src/cms/CMSEnvelopedHelper.cs @@ -160,7 +160,7 @@ namespace Org.BouncyCastle.Cms public CmsReadable GetReadable(KeyParameter sKey) { - string macAlg = this.algorithm.ObjectID.Id; + string macAlg = this.algorithm.Algorithm.Id; // Asn1Object sParams = this.algorithm.Parameters.ToAsn1Object(); try @@ -190,11 +190,11 @@ namespace Org.BouncyCastle.Cms // if (asn1Params != null && !(asn1Params is Asn1Null)) // { // cipherParameters = ParameterUtilities.GetCipherParameters( -// macAlg.ObjectID, cipherParameters, asn1Params); +// macAlg.Algorithm, cipherParameters, asn1Params); // } // else // { -// string alg = macAlg.ObjectID.Id; +// string alg = macAlg.Algorithm.Id; // if (alg.Equals(CmsEnvelopedDataGenerator.DesEde3Cbc) // || alg.Equals(CmsEnvelopedDataGenerator.IdeaCbc) // || alg.Equals(CmsEnvelopedDataGenerator.Cast5Cbc)) @@ -258,7 +258,7 @@ namespace Org.BouncyCastle.Cms { try { - this.cipher = CipherUtilities.GetCipher(this.algorithm.ObjectID); + this.cipher = CipherUtilities.GetCipher(this.algorithm.Algorithm); Asn1Encodable asn1Enc = this.algorithm.Parameters; Asn1Object asn1Params = asn1Enc == null ? null : asn1Enc.ToAsn1Object(); @@ -268,11 +268,11 @@ namespace Org.BouncyCastle.Cms if (asn1Params != null && !(asn1Params is Asn1Null)) { cipherParameters = ParameterUtilities.GetCipherParameters( - this.algorithm.ObjectID, cipherParameters, asn1Params); + this.algorithm.Algorithm, cipherParameters, asn1Params); } else { - string alg = this.algorithm.ObjectID.Id; + string alg = this.algorithm.Algorithm.Id; if (alg.Equals(CmsEnvelopedDataGenerator.DesEde3Cbc) || alg.Equals(CmsEnvelopedDataGenerator.IdeaCbc) || alg.Equals(CmsEnvelopedDataGenerator.Cast5Cbc)) diff --git a/crypto/src/cms/CMSPBEKey.cs b/crypto/src/cms/CMSPBEKey.cs index cb1e54c36..e03307e57 100644 --- a/crypto/src/cms/CMSPBEKey.cs +++ b/crypto/src/cms/CMSPBEKey.cs @@ -50,9 +50,9 @@ namespace Org.BouncyCastle.Cms char[] password, AlgorithmIdentifier keyDerivationAlgorithm) { - if (!keyDerivationAlgorithm.ObjectID.Equals(PkcsObjectIdentifiers.IdPbkdf2)) + if (!keyDerivationAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdPbkdf2)) throw new ArgumentException("Unsupported key derivation algorithm: " - + keyDerivationAlgorithm.ObjectID); + + keyDerivationAlgorithm.Algorithm); Pbkdf2Params kdfParams = Pbkdf2Params.GetInstance( keyDerivationAlgorithm.Parameters.ToAsn1Object()); diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs index 81c87a426..237c1528e 100644 --- a/crypto/src/cms/CMSSignedData.cs +++ b/crypto/src/cms/CMSSignedData.cs @@ -172,7 +172,7 @@ namespace Org.BouncyCastle.Cms } else { - byte[] hash = (byte[]) hashes[info.DigestAlgorithm.ObjectID.Id]; + byte[] hash = (byte[])hashes[info.DigestAlgorithm.Algorithm.Id]; signerInfos.Add(new SignerInformation(info, contentType, null, new BaseDigestCalculator(hash))); } diff --git a/crypto/src/cms/CMSSignedDataParser.cs b/crypto/src/cms/CMSSignedDataParser.cs index e5e6edc58..fb51ab119 100644 --- a/crypto/src/cms/CMSSignedDataParser.cs +++ b/crypto/src/cms/CMSSignedDataParser.cs @@ -122,7 +122,7 @@ namespace Org.BouncyCastle.Cms try { - string digestOid = id.ObjectID.Id; + string digestOid = id.Algorithm.Id; string digestName = Helper.GetDigestAlgName(digestOid); if (!this._digests.Contains(digestName)) @@ -216,7 +216,7 @@ namespace Org.BouncyCastle.Cms { SignerInfo info = SignerInfo.GetInstance(o.ToAsn1Object()); string digestName = Helper.GetDigestAlgName( - info.DigestAlgorithm.ObjectID.Id); + info.DigestAlgorithm.Algorithm.Id); byte[] hash = (byte[]) hashes[digestName]; diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs index 59837e397..55fde90df 100644 --- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs @@ -459,7 +459,7 @@ namespace Org.BouncyCastle.Cms // NB: Would need to call FixAlgID on the DigestAlgorithmID // For precalculated signers, just need to register the algorithm, not configure a digest - RegisterDigestOid(si.DigestAlgorithmID.ObjectID.Id); + RegisterDigestOid(si.DigestAlgorithmID.Algorithm.Id); } /** diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs index 23657ef86..5b6c93b6a 100644 --- a/crypto/src/cms/CMSSignedHelper.cs +++ b/crypto/src/cms/CMSSignedHelper.cs @@ -348,7 +348,7 @@ namespace Org.BouncyCastle.Cms AlgorithmIdentifier algId) { if (algId.Parameters == null) - return new AlgorithmIdentifier(algId.ObjectID, DerNull.Instance); + return new AlgorithmIdentifier(algId.Algorithm, DerNull.Instance); return algId; } diff --git a/crypto/src/cms/KEKRecipientInfoGenerator.cs b/crypto/src/cms/KEKRecipientInfoGenerator.cs index a9bedade6..c66f27547 100644 --- a/crypto/src/cms/KEKRecipientInfoGenerator.cs +++ b/crypto/src/cms/KEKRecipientInfoGenerator.cs @@ -52,7 +52,7 @@ namespace Org.BouncyCastle.Cms { byte[] keyBytes = contentEncryptionKey.GetKey(); - IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id); + IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id); keyWrapper.Init(true, new ParametersWithRandom(keyEncryptionKey, random)); Asn1OctetString encryptedKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); diff --git a/crypto/src/cms/KEKRecipientInformation.cs b/crypto/src/cms/KEKRecipientInformation.cs index f960197d6..871dc76d4 100644 --- a/crypto/src/cms/KEKRecipientInformation.cs +++ b/crypto/src/cms/KEKRecipientInformation.cs @@ -40,7 +40,7 @@ namespace Org.BouncyCastle.Cms try { byte[] encryptedKey = info.EncryptedKey.GetOctets(); - IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyEncAlg.ObjectID.Id); + IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyEncAlg.Algorithm.Id); keyWrapper.Init(false, key); diff --git a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs index 4fafb7c6e..6bd2cea91 100644 --- a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs +++ b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs @@ -164,7 +164,7 @@ namespace Org.BouncyCastle.Cms { SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey); return new OriginatorPublicKey( - new AlgorithmIdentifier(spki.AlgorithmID.ObjectID, DerNull.Instance), + new AlgorithmIdentifier(spki.AlgorithmID.Algorithm, DerNull.Instance), spki.PublicKeyData.GetBytes()); } } diff --git a/crypto/src/cms/KeyAgreeRecipientInformation.cs b/crypto/src/cms/KeyAgreeRecipientInformation.cs index 8e006e545..73e57a76a 100644 --- a/crypto/src/cms/KeyAgreeRecipientInformation.cs +++ b/crypto/src/cms/KeyAgreeRecipientInformation.cs @@ -130,7 +130,7 @@ namespace Org.BouncyCastle.Cms AsymmetricKeyParameter senderPublicKey, AsymmetricKeyParameter receiverPrivateKey) { - DerObjectIdentifier agreeAlgID = keyEncAlg.ObjectID; + DerObjectIdentifier agreeAlgID = keyEncAlg.Algorithm; ICipherParameters senderPublicParams = senderPublicKey; ICipherParameters receiverPrivateParams = receiverPrivateKey; diff --git a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs index 0992e6da6..a1d8fbfa8 100644 --- a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs +++ b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs @@ -64,7 +64,7 @@ namespace Org.BouncyCastle.Cms byte[] keyBytes = contentEncryptionKey.GetKey(); AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID; - IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id); + IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id); keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random)); byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length); diff --git a/crypto/src/cms/KeyTransRecipientInformation.cs b/crypto/src/cms/KeyTransRecipientInformation.cs index 24121cb2c..3b1ea7b5e 100644 --- a/crypto/src/cms/KeyTransRecipientInformation.cs +++ b/crypto/src/cms/KeyTransRecipientInformation.cs @@ -68,7 +68,7 @@ namespace Org.BouncyCastle.Cms internal KeyParameter UnwrapKey(ICipherParameters key) { byte[] encryptedKey = info.EncryptedKey.GetOctets(); - string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg.ObjectID); + string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg.Algorithm); try { diff --git a/crypto/src/cms/RecipientInformation.cs b/crypto/src/cms/RecipientInformation.cs index 8b0316be4..272b841f2 100644 --- a/crypto/src/cms/RecipientInformation.cs +++ b/crypto/src/cms/RecipientInformation.cs @@ -33,8 +33,8 @@ namespace Org.BouncyCastle.Cms internal string GetContentAlgorithmName() { AlgorithmIdentifier algorithm = secureReadable.Algorithm; -// return CmsEnvelopedHelper.Instance.GetSymmetricCipherName(algorithm.ObjectID.Id); - return algorithm.ObjectID.Id; +// return CmsEnvelopedHelper.Instance.GetSymmetricCipherName(algorithm.Algorithm.Id); + return algorithm.Algorithm.Id; } public RecipientID RecipientID @@ -54,7 +54,7 @@ namespace Org.BouncyCastle.Cms */ public string KeyEncryptionAlgOid { - get { return keyEncAlg.ObjectID.Id; } + get { return keyEncAlg.Algorithm.Id; } } /** diff --git a/crypto/src/cms/SignerInformation.cs b/crypto/src/cms/SignerInformation.cs index 581286a3f..dad128263 100644 --- a/crypto/src/cms/SignerInformation.cs +++ b/crypto/src/cms/SignerInformation.cs @@ -117,7 +117,7 @@ namespace Org.BouncyCastle.Cms */ public string DigestAlgOid { - get { return digestAlgorithm.ObjectID.Id; } + get { return digestAlgorithm.Algorithm.Id; } } /** @@ -156,7 +156,7 @@ namespace Org.BouncyCastle.Cms */ public string EncryptionAlgOid { - get { return encryptionAlgorithm.ObjectID.Id; } + get { return encryptionAlgorithm.Algorithm.Id; } } /** @@ -272,7 +272,7 @@ namespace Org.BouncyCastle.Cms */ SignerInfo si = SignerInfo.GetInstance(asn1Obj.ToAsn1Object()); - string digestName = CmsSignedHelper.Instance.GetDigestAlgName(si.DigestAlgorithm.ObjectID.Id); + string digestName = CmsSignedHelper.Instance.GetDigestAlgName(si.DigestAlgorithm.Algorithm.Id); counterSignatures.Add(new SignerInformation(si, null, null, new CounterSignatureDigestCalculator(digestName, GetSignature()))); } @@ -298,7 +298,7 @@ namespace Org.BouncyCastle.Cms string digestName = Helper.GetDigestAlgName(this.DigestAlgOid); IDigest digest = Helper.GetDigestInstance(digestName); - DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.ObjectID; + DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.Algorithm; Asn1Encodable sigParams = this.encryptionAlgorithm.Parameters; ISigner sig; @@ -318,12 +318,12 @@ namespace Org.BouncyCastle.Cms Asn1.Pkcs.RsassaPssParameters pss = Asn1.Pkcs.RsassaPssParameters.GetInstance( sigParams.ToAsn1Object()); - if (!pss.HashAlgorithm.ObjectID.Equals(this.digestAlgorithm.ObjectID)) + if (!pss.HashAlgorithm.Algorithm.Equals(this.digestAlgorithm.Algorithm)) throw new CmsException("RSASSA-PSS signature parameters specified incorrect hash algorithm"); - if (!pss.MaskGenAlgorithm.ObjectID.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1)) + if (!pss.MaskGenAlgorithm.Algorithm.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1)) throw new CmsException("RSASSA-PSS signature parameters specified unknown MGF"); - IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.ObjectID); + IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.Algorithm); int saltLength = pss.SaltLength.Value.IntValue; byte trailerField = (byte) pss.TrailerField.Value.IntValue; @@ -532,7 +532,7 @@ namespace Org.BouncyCastle.Cms DigestInfo digInfo = DerDecode(decrypt); - if (!digInfo.AlgorithmID.ObjectID.Equals(digestAlgorithm.ObjectID)) + if (!digInfo.AlgorithmID.Algorithm.Equals(digestAlgorithm.Algorithm)) { return false; } diff --git a/crypto/src/crypto/modes/SicBlockCipher.cs b/crypto/src/crypto/modes/SicBlockCipher.cs index 239f99478..0bea4a455 100644 --- a/crypto/src/crypto/modes/SicBlockCipher.cs +++ b/crypto/src/crypto/modes/SicBlockCipher.cs @@ -56,16 +56,18 @@ namespace Org.BouncyCastle.Crypto.Modes if (blockSize < IV.Length) throw new ArgumentException("CTR/SIC mode requires IV no greater than: " + blockSize + " bytes."); - if (blockSize - IV.Length > 8) - throw new ArgumentException("CTR/SIC mode requires IV of at least: " + (blockSize - 8) + " bytes."); - Reset(); + int maxCounterSize = System.Math.Min(8, blockSize / 2); + if (blockSize - IV.Length > maxCounterSize) + throw new ArgumentException("CTR/SIC mode requires IV of at least: " + (blockSize - maxCounterSize) + " bytes."); // if null it's an IV changed only. if (ivParam.Parameters != null) { cipher.Init(true, ivParam.Parameters); } + + Reset(); } public virtual string AlgorithmName diff --git a/crypto/src/crypto/operators/Asn1Signature.cs b/crypto/src/crypto/operators/Asn1Signature.cs index 3a20e4bff..e023c1d18 100644 --- a/crypto/src/crypto/operators/Asn1Signature.cs +++ b/crypto/src/crypto/operators/Asn1Signature.cs @@ -170,13 +170,13 @@ namespace Org.BouncyCastle.Crypto.Operators if (parameters != null && !derNull.Equals(parameters)) { - if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss)) + if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(parameters); - return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1"; + return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1"; } - if (sigAlgId.ObjectID.Equals(X9ObjectIdentifiers.ECDsaWithSha2)) + if (sigAlgId.Algorithm.Equals(X9ObjectIdentifiers.ECDsaWithSha2)) { Asn1Sequence ecDsaParams = Asn1Sequence.GetInstance(parameters); @@ -184,7 +184,7 @@ namespace Org.BouncyCastle.Crypto.Operators } } - return sigAlgId.ObjectID.Id; + return sigAlgId.Algorithm.Id; } private static RsassaPssParameters CreatePssParams( diff --git a/crypto/src/math/BigInteger.cs b/crypto/src/math/BigInteger.cs index 3d0509fe0..794f252e8 100644 --- a/crypto/src/math/BigInteger.cs +++ b/crypto/src/math/BigInteger.cs @@ -681,6 +681,7 @@ namespace Org.BouncyCastle.Math int xBits = BitsPerByte * nBytes - bitLength; byte mask = (byte)(255U >> xBits); + byte lead = (byte)(1 << (7 - xBits)); for (;;) { @@ -690,7 +691,7 @@ namespace Org.BouncyCastle.Math b[0] &= mask; // ensure the leading bit is 1 (to meet the strength requirement) - b[0] |= (byte)(1 << (7 - xBits)); + b[0] |= lead; // ensure the trailing bit is 1 (i.e. must be odd) b[nBytes - 1] |= 1; @@ -705,18 +706,13 @@ namespace Org.BouncyCastle.Math if (CheckProbablePrime(certainty, random, true)) break; - if (bitLength > 32) + for (int j = 1; j < magnitude.Length; ++j) { - for (int rep = 0; rep < 10000; ++rep) - { - int n = 33 + random.Next(bitLength - 2); - this.magnitude[this.magnitude.Length - (n >> 5)] ^= (1 << (n & 31)); - this.magnitude[this.magnitude.Length - 1] ^= ((random.Next() + 1) << 1); - this.mQuote = 0; + this.magnitude[j] ^= (random.Next() << 1); + this.mQuote = 0; - if (CheckProbablePrime(certainty, random, true)) - return; - } + if (CheckProbablePrime(certainty, random, true)) + return; } } } @@ -968,7 +964,7 @@ namespace Org.BouncyCastle.Math // // BitLen(value) is the number of bits in value. // - private static int BitLen(int w) + internal static int BitLen(int w) { uint v = (uint)w; uint t = v >> 24; diff --git a/crypto/src/ocsp/BasicOCSPResp.cs b/crypto/src/ocsp/BasicOCSPResp.cs index 4253726bb..63ab8921e 100644 --- a/crypto/src/ocsp/BasicOCSPResp.cs +++ b/crypto/src/ocsp/BasicOCSPResp.cs @@ -95,12 +95,12 @@ namespace Org.BouncyCastle.Ocsp public string SignatureAlgName { - get { return OcspUtilities.GetAlgorithmName(resp.SignatureAlgorithm.ObjectID); } + get { return OcspUtilities.GetAlgorithmName(resp.SignatureAlgorithm.Algorithm); } } public string SignatureAlgOid { - get { return resp.SignatureAlgorithm.ObjectID.Id; } + get { return resp.SignatureAlgorithm.Algorithm.Id; } } [Obsolete("RespData class is no longer required as all functionality is available on this class")] @@ -111,7 +111,7 @@ namespace Org.BouncyCastle.Ocsp public byte[] GetSignature() { - return resp.Signature.GetBytes(); + return resp.GetSignatureOctets(); } private IList GetCertList() diff --git a/crypto/src/ocsp/CertificateID.cs b/crypto/src/ocsp/CertificateID.cs index a8f035759..ec902d5c3 100644 --- a/crypto/src/ocsp/CertificateID.cs +++ b/crypto/src/ocsp/CertificateID.cs @@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Ocsp public string HashAlgOid { - get { return id.HashAlgorithm.ObjectID.Id; } + get { return id.HashAlgorithm.Algorithm.Id; } } public byte[] GetIssuerNameHash() @@ -118,7 +118,7 @@ namespace Org.BouncyCastle.Ocsp { try { - String hashAlgorithm = hashAlg.ObjectID.Id; + String hashAlgorithm = hashAlg.Algorithm.Id; X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert); byte[] issuerNameHash = DigestUtilities.CalculateDigest( diff --git a/crypto/src/ocsp/OCSPReq.cs b/crypto/src/ocsp/OCSPReq.cs index 84808e50a..0cd95c6d6 100644 --- a/crypto/src/ocsp/OCSPReq.cs +++ b/crypto/src/ocsp/OCSPReq.cs @@ -144,7 +144,7 @@ namespace Org.BouncyCastle.Ocsp if (!this.IsSigned) return null; - return req.OptionalSignature.SignatureAlgorithm.ObjectID.Id; + return req.OptionalSignature.SignatureAlgorithm.Algorithm.Id; } } @@ -153,10 +153,10 @@ namespace Org.BouncyCastle.Ocsp if (!this.IsSigned) return null; - return req.OptionalSignature.SignatureValue.GetBytes(); + return req.OptionalSignature.GetSignatureOctets(); } - private IList GetCertList() + private IList GetCertList() { // load the certificates if we have any diff --git a/crypto/src/openssl/MiscPemGenerator.cs b/crypto/src/openssl/MiscPemGenerator.cs index 6b91e8b1c..568465fe4 100644 --- a/crypto/src/openssl/MiscPemGenerator.cs +++ b/crypto/src/openssl/MiscPemGenerator.cs @@ -218,7 +218,7 @@ namespace Org.BouncyCastle.OpenSsl { PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp); AlgorithmIdentifier algID = info.PrivateKeyAlgorithm; - DerObjectIdentifier oid = algID.ObjectID; + DerObjectIdentifier oid = algID.Algorithm; if (oid.Equals(X9ObjectIdentifiers.IdDsa)) { diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs index 1789f2a70..0411d9190 100644 --- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs +++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs @@ -344,7 +344,7 @@ namespace Org.BouncyCastle.Pkcs Platform.Dispose(streamCalculator.Stream); - return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetBytes()); + return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets()); } catch (Exception e) { @@ -402,14 +402,14 @@ namespace Org.BouncyCastle.Pkcs if (asn1Params != null && !(asn1Params is Asn1Null)) { - if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss)) + if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(asn1Params); - return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1"; + return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1"; } } - return sigAlgId.ObjectID.Id; + return sigAlgId.Algorithm.Id; } private static string GetDigestAlgName( diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs index ba3c208e8..137c3d6a6 100644 --- a/crypto/src/pkcs/Pkcs12Store.cs +++ b/crypto/src/pkcs/Pkcs12Store.cs @@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pkcs byte[] data = ((Asn1OctetString) info.Content).GetOctets(); - byte[] mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, false, data); + byte[] mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, false, data); byte[] dig = dInfo.GetDigest(); if (!Arrays.ConstantTimeAreEqual(mac, dig)) @@ -222,7 +222,7 @@ namespace Org.BouncyCastle.Pkcs throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); // Try with incorrect zero length password - mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, true, data); + mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, true, data); if (!Arrays.ConstantTimeAreEqual(mac, dig)) throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); @@ -1015,14 +1015,14 @@ namespace Org.BouncyCastle.Pkcs bool wrongPkcs12Zero, byte[] data) { - IBufferedCipher cipher = PbeUtilities.CreateEngine(algId.ObjectID) as IBufferedCipher; + IBufferedCipher cipher = PbeUtilities.CreateEngine(algId.Algorithm) as IBufferedCipher; if (cipher == null) - throw new Exception("Unknown encryption algorithm: " + algId.ObjectID); + throw new Exception("Unknown encryption algorithm: " + algId.Algorithm); Pkcs12PbeParams pbeParameters = Pkcs12PbeParams.GetInstance(algId.Parameters); ICipherParameters cipherParams = PbeUtilities.GenerateCipherParameters( - algId.ObjectID, password, wrongPkcs12Zero, pbeParameters); + algId.Algorithm, password, wrongPkcs12Zero, pbeParameters); cipher.Init(forEncryption, cipherParams); return cipher.DoFinal(data); } diff --git a/crypto/src/pkcs/Pkcs12Utilities.cs b/crypto/src/pkcs/Pkcs12Utilities.cs index d35c8b6a2..923eca5a5 100644 --- a/crypto/src/pkcs/Pkcs12Utilities.cs +++ b/crypto/src/pkcs/Pkcs12Utilities.cs @@ -56,10 +56,10 @@ namespace Org.BouncyCastle.Pkcs int itCount = mData.IterationCount.IntValue; byte[] data = Asn1OctetString.GetInstance(info.Content).GetOctets(); byte[] res = Pkcs12Store.CalculatePbeMac( - mData.Mac.AlgorithmID.ObjectID, mData.GetSalt(), itCount, passwd, false, data); + mData.Mac.AlgorithmID.Algorithm, mData.GetSalt(), itCount, passwd, false, data); AlgorithmIdentifier algId = new AlgorithmIdentifier( - mData.Mac.AlgorithmID.ObjectID, DerNull.Instance); + mData.Mac.AlgorithmID.Algorithm, DerNull.Instance); DigestInfo dInfo = new DigestInfo(algId, res); mData = new MacData(dInfo, mData.GetSalt(), itCount); diff --git a/crypto/src/pkcs/PrivateKeyInfoFactory.cs b/crypto/src/pkcs/PrivateKeyInfoFactory.cs index 723d50f08..c6aab4884 100644 --- a/crypto/src/pkcs/PrivateKeyInfoFactory.cs +++ b/crypto/src/pkcs/PrivateKeyInfoFactory.cs @@ -195,7 +195,7 @@ namespace Org.BouncyCastle.Pkcs IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher; if (cipher == null) - throw new Exception("Unknown encryption algorithm: " + algID.ObjectID); + throw new Exception("Unknown encryption algorithm: " + algID.Algorithm); ICipherParameters cipherParameters = PbeUtilities.GenerateCipherParameters( algID, passPhrase, wrongPkcs12Zero); diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs index 7eb838886..fcfa63837 100644 --- a/crypto/src/pkix/PkixCertPathValidator.cs +++ b/crypto/src/pkix/PkixCertPathValidator.cs @@ -204,7 +204,7 @@ namespace Org.BouncyCastle.Pkix "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1); } -// DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.ObjectID; +// DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.Algorithm; // Asn1Encodable workingPublicKeyParameters = workingAlgId.Parameters; // @@ -358,7 +358,7 @@ namespace Org.BouncyCastle.Pkix workingAlgId = PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey); // (f) -// workingPublicKeyAlgorithm = workingAlgId.ObjectID; +// workingPublicKeyAlgorithm = workingAlgId.Algorithm; // (e) // workingPublicKeyParameters = workingAlgId.Parameters; } diff --git a/crypto/src/security/PbeUtilities.cs b/crypto/src/security/PbeUtilities.cs index 56d68ba0a..0cb235ae6 100644 --- a/crypto/src/security/PbeUtilities.cs +++ b/crypto/src/security/PbeUtilities.cs @@ -345,7 +345,7 @@ namespace Org.BouncyCastle.Security AlgorithmIdentifier algID, char[] password) { - return GenerateCipherParameters(algID.ObjectID.Id, password, false, algID.Parameters); + return GenerateCipherParameters(algID.Algorithm.Id, password, false, algID.Parameters); } public static ICipherParameters GenerateCipherParameters( @@ -353,7 +353,7 @@ namespace Org.BouncyCastle.Security char[] password, bool wrongPkcs12Zero) { - return GenerateCipherParameters(algID.ObjectID.Id, password, wrongPkcs12Zero, algID.Parameters); + return GenerateCipherParameters(algID.Algorithm.Id, password, wrongPkcs12Zero, algID.Parameters); } public static ICipherParameters GenerateCipherParameters( @@ -401,10 +401,10 @@ namespace Org.BouncyCastle.Security { PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object()); AlgorithmIdentifier encScheme = s2p.EncryptionScheme; - DerObjectIdentifier encOid = encScheme.ObjectID; + DerObjectIdentifier encOid = encScheme.Algorithm; Asn1Object encParams = encScheme.Parameters.ToAsn1Object(); - // TODO What about s2p.KeyDerivationFunc.ObjectID? + // TODO What about s2p.KeyDerivationFunc.Algorithm? Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object()); byte[] iv; @@ -577,13 +577,13 @@ namespace Org.BouncyCastle.Security public static object CreateEngine( AlgorithmIdentifier algID) { - string algorithm = algID.ObjectID.Id; + string algorithm = algID.Algorithm.Id; if (IsPkcs5Scheme2(algorithm)) { PbeS2Parameters s2p = PbeS2Parameters.GetInstance(algID.Parameters.ToAsn1Object()); AlgorithmIdentifier encScheme = s2p.EncryptionScheme; - return CipherUtilities.GetCipher(encScheme.ObjectID); + return CipherUtilities.GetCipher(encScheme.Algorithm); } return CreateEngine(algorithm); diff --git a/crypto/src/security/PrivateKeyFactory.cs b/crypto/src/security/PrivateKeyFactory.cs index edc5ef85a..b9538b33d 100644 --- a/crypto/src/security/PrivateKeyFactory.cs +++ b/crypto/src/security/PrivateKeyFactory.cs @@ -45,7 +45,7 @@ namespace Org.BouncyCastle.Security PrivateKeyInfo keyInfo) { AlgorithmIdentifier algID = keyInfo.PrivateKeyAlgorithm; - DerObjectIdentifier algOid = algID.ObjectID; + DerObjectIdentifier algOid = algID.Algorithm; // TODO See RSAUtil.isRsaOid in Java build if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption) diff --git a/crypto/src/security/PublicKeyFactory.cs b/crypto/src/security/PublicKeyFactory.cs index 8c0be4f70..f1b28b774 100644 --- a/crypto/src/security/PublicKeyFactory.cs +++ b/crypto/src/security/PublicKeyFactory.cs @@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Security SubjectPublicKeyInfo keyInfo) { AlgorithmIdentifier algID = keyInfo.AlgorithmID; - DerObjectIdentifier algOid = algID.ObjectID; + DerObjectIdentifier algOid = algID.Algorithm; // TODO See RSAUtil.isRsaOid in Java build if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption) diff --git a/crypto/src/tsp/TimeStampRequest.cs b/crypto/src/tsp/TimeStampRequest.cs index 6b9699379..f54d33e04 100644 --- a/crypto/src/tsp/TimeStampRequest.cs +++ b/crypto/src/tsp/TimeStampRequest.cs @@ -77,7 +77,7 @@ namespace Org.BouncyCastle.Tsp public string MessageImprintAlgOid { - get { return req.MessageImprint.HashAlgorithm.ObjectID.Id; } + get { return req.MessageImprint.HashAlgorithm.Algorithm.Id; } } public byte[] GetMessageImprintDigest() diff --git a/crypto/src/tsp/TimeStampResponseGenerator.cs b/crypto/src/tsp/TimeStampResponseGenerator.cs index 8d798de67..b596f8d97 100644 --- a/crypto/src/tsp/TimeStampResponseGenerator.cs +++ b/crypto/src/tsp/TimeStampResponseGenerator.cs @@ -166,9 +166,8 @@ namespace Org.BouncyCastle.Tsp class FailInfo : DerBitString { - internal FailInfo( - int failInfoValue) - : base(GetBytes(failInfoValue), GetPadBits(failInfoValue)) + internal FailInfo(int failInfoValue) + : base(failInfoValue) { } } diff --git a/crypto/src/tsp/TimeStampToken.cs b/crypto/src/tsp/TimeStampToken.cs index 51a9592dc..105208a7d 100644 --- a/crypto/src/tsp/TimeStampToken.cs +++ b/crypto/src/tsp/TimeStampToken.cs @@ -271,10 +271,10 @@ namespace Org.BouncyCastle.Tsp if (certID != null) return "SHA-1"; - if (NistObjectIdentifiers.IdSha256.Equals(certIDv2.HashAlgorithm.ObjectID)) + if (NistObjectIdentifiers.IdSha256.Equals(certIDv2.HashAlgorithm.Algorithm)) return "SHA-256"; - return certIDv2.HashAlgorithm.ObjectID.Id; + return certIDv2.HashAlgorithm.Algorithm.Id; } public AlgorithmIdentifier GetHashAlgorithm() diff --git a/crypto/src/tsp/TimeStampTokenInfo.cs b/crypto/src/tsp/TimeStampTokenInfo.cs index 5027a87c4..cdef826bc 100644 --- a/crypto/src/tsp/TimeStampTokenInfo.cs +++ b/crypto/src/tsp/TimeStampTokenInfo.cs @@ -86,7 +86,7 @@ namespace Org.BouncyCastle.Tsp public string MessageImprintAlgOid { - get { return tstInfo.MessageImprint.HashAlgorithm.ObjectID.Id; } + get { return tstInfo.MessageImprint.HashAlgorithm.Algorithm.Id; } } public byte[] GetMessageImprintDigest() diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs index 3a6af4c20..04460cd59 100644 --- a/crypto/src/x509/AttributeCertificateHolder.cs +++ b/crypto/src/x509/AttributeCertificateHolder.cs @@ -103,7 +103,7 @@ namespace Org.BouncyCastle.X509 // TODO Allow 'objectDigest' to be null? holder = new Holder(new ObjectDigestInfo(digestedObjectType, otherObjectTypeID, - new AlgorithmIdentifier(digestAlgorithm), Arrays.Clone(objectDigest))); + new AlgorithmIdentifier(new DerObjectIdentifier(digestAlgorithm)), Arrays.Clone(objectDigest))); } /** @@ -147,7 +147,7 @@ namespace Org.BouncyCastle.X509 return odi == null ? null - : odi.DigestAlgorithm.ObjectID.Id; + : odi.DigestAlgorithm.Algorithm.Id; } } diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index fc7f96aa9..6d7bd7a61 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -237,16 +237,16 @@ namespace Org.BouncyCastle.X509 /// <returns>A byte array containg the signature of the certificate.</returns> public virtual byte[] GetSignature() { - return c.Signature.GetBytes(); + return c.GetSignatureOctets(); } - /// <summary> + /// <summary> /// A meaningful version of the Signature Algorithm. (EG SHA1WITHRSA) /// </summary> /// <returns>A sting representing the signature algorithm.</returns> public virtual string SigAlgName { - get { return SignerUtilities.GetEncodingName(c.SignatureAlgorithm.ObjectID); } + get { return SignerUtilities.GetEncodingName(c.SignatureAlgorithm.Algorithm); } } /// <summary> @@ -255,7 +255,7 @@ namespace Org.BouncyCastle.X509 /// <returns>A string containg a '.' separated object id.</returns> public virtual string SigAlgOid { - get { return c.SignatureAlgorithm.ObjectID.Id; } + get { return c.SignatureAlgorithm.Algorithm.Id; } } /// <summary> @@ -586,7 +586,7 @@ namespace Org.BouncyCastle.X509 private static bool IsAlgIDEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) { - if (!id1.ObjectID.Equals(id2.ObjectID)) + if (!id1.Algorithm.Equals(id2.Algorithm)) return false; Asn1Encodable p1 = id1.Parameters; diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs index 53de3e91f..ecfb14132 100644 --- a/crypto/src/x509/X509Crl.cs +++ b/crypto/src/x509/X509Crl.cs @@ -211,7 +211,7 @@ namespace Org.BouncyCastle.X509 public virtual byte[] GetSignature() { - return c.Signature.GetBytes(); + return c.GetSignatureOctets(); } public virtual string SigAlgName @@ -221,7 +221,7 @@ namespace Org.BouncyCastle.X509 public virtual string SigAlgOid { - get { return c.SignatureAlgorithm.ObjectID.Id; } + get { return c.SignatureAlgorithm.Algorithm.Id; } } public virtual byte[] GetSigAlgParams() diff --git a/crypto/src/x509/X509SignatureUtil.cs b/crypto/src/x509/X509SignatureUtil.cs index 7a4ab1448..858b8f446 100644 --- a/crypto/src/x509/X509SignatureUtil.cs +++ b/crypto/src/x509/X509SignatureUtil.cs @@ -55,13 +55,13 @@ namespace Org.BouncyCastle.X509 if (parameters != null && !derNull.Equals(parameters)) { - if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss)) + if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(parameters); - return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1"; + return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1"; } - if (sigAlgId.ObjectID.Equals(X9ObjectIdentifiers.ECDsaWithSha2)) + if (sigAlgId.Algorithm.Equals(X9ObjectIdentifiers.ECDsaWithSha2)) { Asn1Sequence ecDsaParams = Asn1Sequence.GetInstance(parameters); @@ -69,7 +69,7 @@ namespace Org.BouncyCastle.X509 } } - return sigAlgId.ObjectID.Id; + return sigAlgId.Algorithm.Id; } /** diff --git a/crypto/src/x509/X509V2AttributeCertificate.cs b/crypto/src/x509/X509V2AttributeCertificate.cs index 9376538a1..c41b31239 100644 --- a/crypto/src/x509/X509V2AttributeCertificate.cs +++ b/crypto/src/x509/X509V2AttributeCertificate.cs @@ -147,9 +147,14 @@ namespace Org.BouncyCastle.X509 throw new CertificateNotYetValidException("certificate not valid until " + NotBefore); } + public virtual AlgorithmIdentifier SignatureAlgorithm + { + get { return cert.SignatureAlgorithm; } + } + public virtual byte[] GetSignature() { - return cert.SignatureValue.GetBytes(); + return cert.GetSignatureOctets(); } public virtual void Verify( diff --git a/crypto/test/src/asn1/test/BitStringTest.cs b/crypto/test/src/asn1/test/BitStringTest.cs index 3a2dc3156..05be45941 100644 --- a/crypto/test/src/asn1/test/BitStringTest.cs +++ b/crypto/test/src/asn1/test/BitStringTest.cs @@ -4,44 +4,120 @@ using System.IO; using NUnit.Framework; using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Asn1.Tests { [TestFixture] public class BitStringTest - : ITest + : SimpleTest { - public ITestResult Perform() + private void DoTestZeroLengthStrings() + { + // basic construction + DerBitString s1 = new DerBitString(new byte[0], 0); + + s1.GetBytes(); + + if (!Arrays.AreEqual(s1.GetEncoded(), Hex.Decode("030100"))) + { + Fail("zero encoding wrong"); + } + + try + { + new DerBitString(null, 1); + Fail("exception not thrown"); + } + catch (ArgumentNullException) + { + } + + try + { + new DerBitString(new byte[0], 1); + Fail("exception not thrown"); + } + catch (ArgumentException) + { + } + + try + { + new DerBitString(new byte[1], 8); + Fail("exception not thrown"); + } + catch (ArgumentException) + { + } + + DerBitString s2 = new DerBitString(0); + if (!Arrays.AreEqual(s1.GetEncoded(), s2.GetEncoded())) + { + Fail("zero encoding wrong"); + } + } + + private void DoTestRandomPadBits() + { + byte[] test = Hex.Decode("030206c0"); + + byte[] test1 = Hex.Decode("030206f0"); + byte[] test2 = Hex.Decode("030206c1"); + byte[] test3 = Hex.Decode("030206c7"); + byte[] test4 = Hex.Decode("030206d1"); + + EncodingCheck(test, test1); + EncodingCheck(test, test2); + EncodingCheck(test, test3); + EncodingCheck(test, test4); + } + + private void EncodingCheck(byte[] derData, byte[] dlData) + { + if (Arrays.AreEqual(derData, Asn1Object.FromByteArray(dlData).GetEncoded())) + { + //Fail("failed DL check"); + Fail("failed BER check"); + } + if (!Arrays.AreEqual(derData, Asn1Object.FromByteArray(dlData).GetDerEncoded())) + { + Fail("failed DER check"); + } + } + + public override void PerformTest() { KeyUsage k = new KeyUsage(KeyUsage.DigitalSignature); if ((k.GetBytes()[0] != (byte)KeyUsage.DigitalSignature) || (k.PadBits != 7)) { - return new SimpleTestResult(false, Name + ": failed digitalSignature"); + Fail("failed digitalSignature"); } k = new KeyUsage(KeyUsage.NonRepudiation); if ((k.GetBytes()[0] != (byte)KeyUsage.NonRepudiation) || (k.PadBits != 6)) { - return new SimpleTestResult(false, Name + ": failed nonRepudiation"); + Fail("failed nonRepudiation"); } k = new KeyUsage(KeyUsage.KeyEncipherment); if ((k.GetBytes()[0] != (byte)KeyUsage.KeyEncipherment) || (k.PadBits != 5)) { - return new SimpleTestResult(false, Name + ": failed keyEncipherment"); + Fail("failed keyEncipherment"); } k = new KeyUsage(KeyUsage.CrlSign); if ((k.GetBytes()[0] != (byte)KeyUsage.CrlSign) || (k.PadBits != 1)) { - return new SimpleTestResult(false, Name + ": failed cRLSign"); + Fail("failed cRLSign"); } k = new KeyUsage(KeyUsage.DecipherOnly); if ((k.GetBytes()[1] != (byte)(KeyUsage.DecipherOnly >> 8)) || (k.PadBits != 7)) { - return new SimpleTestResult(false, Name + ": failed decipherOnly"); + Fail("failed decipherOnly"); } // test for zero length bit string @@ -51,27 +127,25 @@ namespace Org.BouncyCastle.Asn1.Tests } catch (IOException e) { - return new SimpleTestResult(false, Name + ": " + e); + Fail(e.ToString()); } - return new SimpleTestResult(true, Name + ": Okay"); + DoTestRandomPadBits(); + DoTestZeroLengthStrings(); } - public string Name + public override string Name { get { return "BitString"; } } - public static void Main( + public static void Main( string[] args) { - ITest test = new BitStringTest(); - ITestResult result = test.Perform(); - - Console.WriteLine(result); + RunTest(new BitStringTest()); } - [Test] + [Test] public void TestFunction() { string resultText = Perform().ToString(); diff --git a/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs b/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs index 042781632..914eda0b8 100644 --- a/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs +++ b/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs @@ -4,6 +4,7 @@ using NUnit.Framework; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Icao; +using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Math; using Org.BouncyCastle.Utilities.Test; @@ -29,7 +30,7 @@ namespace Org.BouncyCastle.Asn1.Tests public override void PerformTest() { - AlgorithmIdentifier algoId = new AlgorithmIdentifier("1.3.14.3.2.26"); + AlgorithmIdentifier algoId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1); DataGroupHash[] datas = new DataGroupHash[2]; datas[0] = new DataGroupHash(1, new DerOctetString(GenerateHash())); diff --git a/crypto/test/src/asn1/test/PKIFailureInfoTest.cs b/crypto/test/src/asn1/test/PKIFailureInfoTest.cs index 734dbbc14..7d51dbb5f 100644 --- a/crypto/test/src/asn1/test/PKIFailureInfoTest.cs +++ b/crypto/test/src/asn1/test/PKIFailureInfoTest.cs @@ -11,7 +11,7 @@ using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Asn1.Tests { /** - * PKIFailureInfoTest + * PkiFailureInfoTest */ [TestFixture] public class PkiFailureInfoTest @@ -25,12 +25,13 @@ namespace Org.BouncyCastle.Asn1.Tests get { return "PkiFailureInfo"; } } - private void doTestEncoding() + private void DoTestEncoding() { - DerBitString bitString = (DerBitString) Asn1Object.FromByteArray(CORRECT_FAILURE_INFO); + DerBitString bitString = (DerBitString)Asn1Object.FromByteArray(CORRECT_FAILURE_INFO); PkiFailureInfo correct = new PkiFailureInfo(bitString); - PkiFailureInfo bug = new PkiFailureInfo(PkiFailureInfo.BadRequest | PkiFailureInfo.BadTime | PkiFailureInfo.BadDataFormat | PkiFailureInfo.IncorrectData); + PkiFailureInfo bug = new PkiFailureInfo( + PkiFailureInfo.BadRequest | PkiFailureInfo.BadTime | PkiFailureInfo.BadDataFormat | PkiFailureInfo.IncorrectData); if (!Arrays.AreEqual(correct.GetDerEncoded(), bug.GetDerEncoded())) { @@ -40,23 +41,35 @@ namespace Org.BouncyCastle.Asn1.Tests public override void PerformTest() { - BitStringConstantTester.testFlagValueCorrect(0, PkiFailureInfo.BadAlg); - BitStringConstantTester.testFlagValueCorrect(1, PkiFailureInfo.BadMessageCheck); - BitStringConstantTester.testFlagValueCorrect(2, PkiFailureInfo.BadRequest); - BitStringConstantTester.testFlagValueCorrect(3, PkiFailureInfo.BadTime); - BitStringConstantTester.testFlagValueCorrect(4, PkiFailureInfo.BadCertId); - BitStringConstantTester.testFlagValueCorrect(5, PkiFailureInfo.BadDataFormat); - BitStringConstantTester.testFlagValueCorrect(6, PkiFailureInfo.WrongAuthority); - BitStringConstantTester.testFlagValueCorrect(7, PkiFailureInfo.IncorrectData); - BitStringConstantTester.testFlagValueCorrect(8, PkiFailureInfo.MissingTimeStamp); - BitStringConstantTester.testFlagValueCorrect(9, PkiFailureInfo.BadPop); - BitStringConstantTester.testFlagValueCorrect(14, PkiFailureInfo.TimeNotAvailable); - BitStringConstantTester.testFlagValueCorrect(15, PkiFailureInfo.UnacceptedPolicy); - BitStringConstantTester.testFlagValueCorrect(16, PkiFailureInfo.UnacceptedExtension); - BitStringConstantTester.testFlagValueCorrect(17, PkiFailureInfo.AddInfoNotAvailable); - BitStringConstantTester.testFlagValueCorrect(25, PkiFailureInfo.SystemFailure); + BitStringConstantTester.testFlagValueCorrect(0, PkiFailureInfo.BadAlg); + BitStringConstantTester.testFlagValueCorrect(1, PkiFailureInfo.BadMessageCheck); + BitStringConstantTester.testFlagValueCorrect(2, PkiFailureInfo.BadRequest); + BitStringConstantTester.testFlagValueCorrect(3, PkiFailureInfo.BadTime); + BitStringConstantTester.testFlagValueCorrect(4, PkiFailureInfo.BadCertId); + BitStringConstantTester.testFlagValueCorrect(5, PkiFailureInfo.BadDataFormat); + BitStringConstantTester.testFlagValueCorrect(6, PkiFailureInfo.WrongAuthority); + BitStringConstantTester.testFlagValueCorrect(7, PkiFailureInfo.IncorrectData); + BitStringConstantTester.testFlagValueCorrect(8, PkiFailureInfo.MissingTimeStamp); + BitStringConstantTester.testFlagValueCorrect(9, PkiFailureInfo.BadPop); + BitStringConstantTester.testFlagValueCorrect(10, PkiFailureInfo.CertRevoked); + BitStringConstantTester.testFlagValueCorrect(11, PkiFailureInfo.CertConfirmed); + BitStringConstantTester.testFlagValueCorrect(12, PkiFailureInfo.WrongIntegrity); + BitStringConstantTester.testFlagValueCorrect(13, PkiFailureInfo.BadRecipientNonce); + BitStringConstantTester.testFlagValueCorrect(14, PkiFailureInfo.TimeNotAvailable); + BitStringConstantTester.testFlagValueCorrect(15, PkiFailureInfo.UnacceptedPolicy); + BitStringConstantTester.testFlagValueCorrect(16, PkiFailureInfo.UnacceptedExtension); + BitStringConstantTester.testFlagValueCorrect(17, PkiFailureInfo.AddInfoNotAvailable); + BitStringConstantTester.testFlagValueCorrect(18, PkiFailureInfo.BadSenderNonce); + BitStringConstantTester.testFlagValueCorrect(19, PkiFailureInfo.BadCertTemplate); + BitStringConstantTester.testFlagValueCorrect(20, PkiFailureInfo.SignerNotTrusted); + BitStringConstantTester.testFlagValueCorrect(21, PkiFailureInfo.TransactionIdInUse); + BitStringConstantTester.testFlagValueCorrect(22, PkiFailureInfo.UnsupportedVersion); + BitStringConstantTester.testFlagValueCorrect(23, PkiFailureInfo.NotAuthorized); + BitStringConstantTester.testFlagValueCorrect(24, PkiFailureInfo.SystemUnavail); + BitStringConstantTester.testFlagValueCorrect(25, PkiFailureInfo.SystemFailure); + BitStringConstantTester.testFlagValueCorrect(26, PkiFailureInfo.DuplicateCertReq); - doTestEncoding(); + DoTestEncoding(); } public static void Main( diff --git a/crypto/test/src/crypto/test/Pkcs5Test.cs b/crypto/test/src/crypto/test/Pkcs5Test.cs index 8066e8e41..fdf1e7a66 100644 --- a/crypto/test/src/crypto/test/Pkcs5Test.cs +++ b/crypto/test/src/crypto/test/Pkcs5Test.cs @@ -115,7 +115,7 @@ namespace Org.BouncyCastle.Crypto.Tests generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, iterationCount); - DerObjectIdentifier algOid = scheme.ObjectID; + DerObjectIdentifier algOid = scheme.Algorithm; byte[] iv; if (algOid.Equals(PkcsObjectIdentifiers.RC2Cbc)) diff --git a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs index 48af9e0f8..0cc1883ba 100644 --- a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs +++ b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs @@ -128,14 +128,14 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(cert.TbsCertificate); v.Add(cert.SignatureAlgorithm); - v.Add(CorruptBitString(cert.Signature)); + v.Add(CorruptSignature(cert.Signature)); return X509CertificateStructure.GetInstance(new DerSequence(v)); } - protected virtual DerBitString CorruptBitString(DerBitString bs) + protected virtual DerBitString CorruptSignature(DerBitString bs) { - return new DerBitString(CorruptBit(bs.GetBytes())); + return new DerBitString(CorruptBit(bs.GetOctets())); } protected virtual byte[] CorruptBit(byte[] bs) diff --git a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs index c6b39135e..cd9dfcfad 100644 --- a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs +++ b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs @@ -837,7 +837,7 @@ namespace Org.BouncyCastle.Pkcs.Tests EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(sb.BagValue); // check the key encryption - if (!encInfo.EncryptionAlgorithm.ObjectID.Equals(keyAlgorithm)) + if (!encInfo.EncryptionAlgorithm.Algorithm.Equals(keyAlgorithm)) { Fail("key encryption algorithm wrong"); } @@ -845,7 +845,7 @@ namespace Org.BouncyCastle.Pkcs.Tests // check the certificate encryption EncryptedData cb = EncryptedData.GetInstance(c2.Content); - if (!cb.EncryptionAlgorithm.ObjectID.Equals(certAlgorithm)) + if (!cb.EncryptionAlgorithm.Algorithm.Equals(certAlgorithm)) { Fail("cert encryption algorithm wrong"); } diff --git a/crypto/test/src/test/CertTest.cs b/crypto/test/src/test/CertTest.cs index 9bb4df7d1..72e17e458 100644 --- a/crypto/test/src/test/CertTest.cs +++ b/crypto/test/src/test/CertTest.cs @@ -2452,7 +2452,7 @@ namespace Org.BouncyCastle.Tests DerSequence seq = new DerSequence( tbsCertificate, - new AlgorithmIdentifier(sig.ObjectID), + new AlgorithmIdentifier(sig.Algorithm), certStruct.Signature); try diff --git a/crypto/test/src/test/PKCS10CertRequestTest.cs b/crypto/test/src/test/PKCS10CertRequestTest.cs index 819439cd8..9bad0a678 100644 --- a/crypto/test/src/test/PKCS10CertRequestTest.cs +++ b/crypto/test/src/test/PKCS10CertRequestTest.cs @@ -193,7 +193,7 @@ namespace Org.BouncyCastle.Tests Fail("Failed Verify check EC uncompressed encoded."); } - if (!req.SignatureAlgorithm.ObjectID.Equals(algOid)) + if (!req.SignatureAlgorithm.Algorithm.Equals(algOid)) { Fail("ECDSA oid incorrect."); } @@ -210,7 +210,7 @@ namespace Org.BouncyCastle.Tests byte[] b = req.GetCertificationRequestInfo().GetEncoded(); sig.BlockUpdate(b, 0, b.Length); - if (!sig.VerifySignature(req.Signature.GetBytes())) + if (!sig.VerifySignature(req.GetSignatureOctets())) { Fail("signature not mapped correctly."); } @@ -247,7 +247,7 @@ namespace Org.BouncyCastle.Tests Fail("Failed Verify check EC encoded."); } - if (!req.SignatureAlgorithm.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001)) + if (!req.SignatureAlgorithm.Algorithm.Equals(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001)) { Fail("ECGOST oid incorrect."); } @@ -264,7 +264,7 @@ namespace Org.BouncyCastle.Tests byte[] b = req.GetCertificationRequestInfo().GetEncoded(); sig.BlockUpdate(b, 0, b.Length); - if (!sig.VerifySignature(req.Signature.GetBytes())) + if (!sig.VerifySignature(req.GetSignatureOctets())) { Fail("signature not mapped correctly."); } @@ -308,7 +308,7 @@ namespace Org.BouncyCastle.Tests Fail("Failed verify check PSS encoded."); } - if (!req.SignatureAlgorithm.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss)) + if (!req.SignatureAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss)) { Fail("PSS oid incorrect."); } @@ -325,7 +325,7 @@ namespace Org.BouncyCastle.Tests byte[] encoded = req.GetCertificationRequestInfo().GetEncoded(); sig.BlockUpdate(encoded, 0, encoded.Length); - if (!sig.VerifySignature(req.Signature.GetBytes())) + if (!sig.VerifySignature(req.GetSignatureOctets())) { Fail("signature not mapped correctly."); } |