diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2020-04-25 16:53:47 +1000 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2020-04-25 16:53:47 +1000 |
| commit | 99467b8431c1a871792ecb34fd5eeb962353b1d2 (patch) | |
| tree | 043b017ad8dd740c71e8f0661a170109672b6bb6 /crypto/src/security | |
| parent | github #237 - gost 2012 parsing (diff) | |
| download | BouncyCastle.NET-ed25519-99467b8431c1a871792ecb34fd5eeb962353b1d2.tar.xz | |
first cut at PKCS#5 Scheme 2 in PKCS#12
Diffstat (limited to 'crypto/src/security')
| -rw-r--r-- | crypto/src/security/PbeUtilities.cs | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/crypto/src/security/PbeUtilities.cs b/crypto/src/security/PbeUtilities.cs index ce47e38e5..622c6dd43 100644 --- a/crypto/src/security/PbeUtilities.cs +++ b/crypto/src/security/PbeUtilities.cs @@ -42,6 +42,7 @@ namespace Org.BouncyCastle.Security { algorithms["PKCS5SCHEME1"] = "Pkcs5scheme1"; algorithms["PKCS5SCHEME2"] = "Pkcs5scheme2"; + algorithms["PBKDF2"] = "Pkcs5scheme2"; algorithms[PkcsObjectIdentifiers.IdPbeS2.Id] = "Pkcs5scheme2"; // algorithms[PkcsObjectIdentifiers.IdPbkdf2.Id] = "Pkcs5scheme2"; @@ -324,6 +325,35 @@ namespace Org.BouncyCastle.Security } } + public static Asn1Encodable GenerateAlgorithmParameters( + DerObjectIdentifier cipherAlgorithm, + DerObjectIdentifier hashAlgorithm, + byte[] salt, + int iterationCount, + SecureRandom secureRandom) + { + EncryptionScheme encScheme; + if (NistObjectIdentifiers.IdAes128Cbc.Equals(cipherAlgorithm) + || NistObjectIdentifiers.IdAes192Cbc.Equals(cipherAlgorithm) + || NistObjectIdentifiers.IdAes256Cbc.Equals(cipherAlgorithm) + || NistObjectIdentifiers.IdAes128Cfb.Equals(cipherAlgorithm) + || NistObjectIdentifiers.IdAes192Cfb.Equals(cipherAlgorithm) + || NistObjectIdentifiers.IdAes256Cfb.Equals(cipherAlgorithm)) + { + byte[] iv = new byte[16]; + secureRandom.NextBytes(iv); + encScheme = new EncryptionScheme(cipherAlgorithm, new DerOctetString(iv)); + } + else + { + throw new ArgumentException("unknown cipher: " + cipherAlgorithm); + } + + KeyDerivationFunc func = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(salt, iterationCount, new AlgorithmIdentifier(hashAlgorithm, DerNull.Instance))); + + return new PbeS2Parameters(func, encScheme); + } + public static ICipherParameters GenerateCipherParameters( DerObjectIdentifier algorithmOid, char[] password, |