diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-07-26 13:28:56 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-07-26 13:28:56 +0700 |
commit | a69de14e882795cc0a0c4d1e7910e08044318626 (patch) | |
tree | 3a5ab7703d2e7b8ece047496986234322f6b7e37 /crypto/src | |
parent | Refactoring around algorithm finders (diff) | |
download | BouncyCastle.NET-ed25519-a69de14e882795cc0a0c4d1e7910e08044318626.tar.xz |
Create new API for algorithm finders
Diffstat (limited to '')
-rw-r--r-- | crypto/src/cmp/CertificateConfirmationContent.cs | 26 | ||||
-rw-r--r-- | crypto/src/cmp/CertificateConfirmationContentBuilder.cs | 29 | ||||
-rw-r--r-- | crypto/src/cmp/CertificateStatus.cs | 39 | ||||
-rw-r--r-- | crypto/src/cms/CMSSignedData.cs | 27 | ||||
-rw-r--r-- | crypto/src/cms/CMSSignedDataGenerator.cs | 37 | ||||
-rw-r--r-- | crypto/src/cms/CMSSignedGenerator.cs | 809 | ||||
-rw-r--r-- | crypto/src/cms/CMSSignedHelper.cs | 5 | ||||
-rw-r--r-- | crypto/src/cms/CMSUtils.cs | 13 | ||||
-rw-r--r-- | crypto/src/operators/utilities/DefaultDigestAlgorithmFinder.cs | 326 | ||||
-rw-r--r-- | crypto/src/operators/utilities/DefaultSignatureAlgorithmFinder.cs | 533 | ||||
-rw-r--r-- | crypto/src/operators/utilities/IDigestAlgorithmFinder.cs | 32 | ||||
-rw-r--r-- | crypto/src/operators/utilities/ISignatureAlgorithmFinder.cs | 9 |
12 files changed, 1015 insertions, 870 deletions
diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs index 13db89c37..262a28531 100644 --- a/crypto/src/cmp/CertificateConfirmationContent.cs +++ b/crypto/src/cmp/CertificateConfirmationContent.cs @@ -1,44 +1,52 @@ using System; using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Cms; +using Org.BouncyCastle.Operators.Utilities; namespace Org.BouncyCastle.Cmp { public class CertificateConfirmationContent { public static CertificateConfirmationContent FromPkiBody(PkiBody pkiBody) => - FromPkiBody(pkiBody, DefaultDigestAlgorithmIdentifierFinder.Instance); + FromPkiBody(pkiBody, DefaultDigestAlgorithmFinder.Instance); public static CertificateConfirmationContent FromPkiBody(PkiBody pkiBody, - DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) + IDigestAlgorithmFinder digestAlgorithmFinder) { if (!IsCertificateConfirmationContent(pkiBody.Type)) throw new ArgumentException("content of PkiBody wrong type: " + pkiBody.Type); - return new CertificateConfirmationContent(CertConfirmContent.GetInstance(pkiBody.Content), digestAlgFinder); + var content = CertConfirmContent.GetInstance(pkiBody.Content); + + return new CertificateConfirmationContent(content, digestAlgorithmFinder); } public static bool IsCertificateConfirmationContent(int bodyType) => PkiBody.TYPE_CERT_CONFIRM == bodyType; private readonly CertConfirmContent m_content; - private readonly DefaultDigestAlgorithmIdentifierFinder m_digestAlgIDFinder; + private readonly IDigestAlgorithmFinder m_digestAlgorithmFinder; public CertificateConfirmationContent(CertConfirmContent content) - : this(content, DefaultDigestAlgorithmIdentifierFinder.Instance) + : this(content, DefaultDigestAlgorithmFinder.Instance) { } + [Obsolete("Use constructor taking 'IDigestAlgorithmFinder' instead")] public CertificateConfirmationContent(CertConfirmContent content, - DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) + Org.BouncyCastle.Cms.DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) + : this(content, (IDigestAlgorithmFinder)digestAlgFinder) + { + } + + public CertificateConfirmationContent(CertConfirmContent content, IDigestAlgorithmFinder digestAlgorithmFinder) { m_content = content; - m_digestAlgIDFinder = digestAlgFinder; + m_digestAlgorithmFinder = digestAlgorithmFinder; } public CertConfirmContent ToAsn1Structure() => m_content; public CertificateStatus[] GetStatusMessages() => Array.ConvertAll(m_content.ToCertStatusArray(), - element => new CertificateStatus(m_digestAlgIDFinder, element)); + element => new CertificateStatus(m_digestAlgorithmFinder, element)); } } diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs index 4178264b4..32fef908b 100644 --- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs +++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs @@ -1,10 +1,10 @@ -using System.Collections.Generic; +using System; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Cms; using Org.BouncyCastle.Math; +using Org.BouncyCastle.Operators.Utilities; using Org.BouncyCastle.Security; using Org.BouncyCastle.X509; @@ -12,18 +12,24 @@ namespace Org.BouncyCastle.Cmp { public sealed class CertificateConfirmationContentBuilder { - private readonly DefaultDigestAlgorithmIdentifierFinder m_digestAlgFinder; + private readonly IDigestAlgorithmFinder m_digestAlgorithmFinder; private readonly List<X509Certificate> m_acceptedCerts = new List<X509Certificate>(); private readonly List<BigInteger> m_acceptedReqIDs = new List<BigInteger>(); public CertificateConfirmationContentBuilder() - : this(DefaultDigestAlgorithmIdentifierFinder.Instance) + : this(DefaultDigestAlgorithmFinder.Instance) { } - public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) + [Obsolete("Use constructor taking 'IDigestAlgorithmFinder' instead")] + public CertificateConfirmationContentBuilder(Org.BouncyCastle.Cms.DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) + : this((IDigestAlgorithmFinder)digestAlgFinder) { - m_digestAlgFinder = digestAlgFinder; + } + + public CertificateConfirmationContentBuilder(IDigestAlgorithmFinder digestAlgorithmFinder) + { + m_digestAlgorithmFinder = digestAlgorithmFinder; } public CertificateConfirmationContentBuilder AddAcceptedCertificate(X509Certificate certHolder, @@ -42,10 +48,10 @@ namespace Org.BouncyCastle.Cmp X509Certificate cert = m_acceptedCerts[i]; BigInteger reqID = m_acceptedReqIDs[i]; - var sigAlgID = DefaultSignatureAlgorithmIdentifierFinder.Instance.Find(cert.SigAlgName) + var sigAlgID = DefaultSignatureAlgorithmFinder.Instance.Find(cert.SigAlgName) ?? throw new CmpException("cannot find algorithm identifier for signature name"); - AlgorithmIdentifier digAlgID = m_digestAlgFinder.Find(sigAlgID) + var digAlgID = m_digestAlgorithmFinder.Find(sigAlgID) ?? throw new CmpException("cannot find algorithm for digest from signature"); byte[] digest = DigestUtilities.CalculateDigest(digAlgID.Algorithm, cert.GetEncoded()); @@ -53,8 +59,9 @@ namespace Org.BouncyCastle.Cmp v.Add(new CertStatus(digest, reqID)); } - return new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)), - m_digestAlgFinder); + var content = CertConfirmContent.GetInstance(new DerSequence(v)); + + return new CertificateConfirmationContent(content, m_digestAlgorithmFinder); } } } diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs index 8ccf89562..55292329a 100644 --- a/crypto/src/cmp/CertificateStatus.cs +++ b/crypto/src/cmp/CertificateStatus.cs @@ -1,7 +1,9 @@ -using Org.BouncyCastle.Asn1.Cmp; +using System; + +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Cms; using Org.BouncyCastle.Math; +using Org.BouncyCastle.Operators.Utilities; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.X509; @@ -10,30 +12,39 @@ namespace Org.BouncyCastle.Cmp { public class CertificateStatus { - private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private readonly CertStatus certStatus; + private readonly IDigestAlgorithmFinder m_digestAlgorithmFinder; + private readonly CertStatus m_certStatus; - public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus) + [Obsolete("Use constructor taking 'IDigestAlgorithmFinder' instead")] + public CertificateStatus(Org.BouncyCastle.Cms.DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, + CertStatus certStatus) + : this((IDigestAlgorithmFinder)digestAlgFinder, certStatus) { - this.digestAlgFinder = digestAlgFinder; - this.certStatus = certStatus; } - public virtual PkiStatusInfo StatusInfo => certStatus.StatusInfo; + public CertificateStatus(IDigestAlgorithmFinder digestAlgorithmFinder, CertStatus certStatus) + { + m_digestAlgorithmFinder = digestAlgorithmFinder; + m_certStatus = certStatus; + } - public virtual BigInteger CertRequestID => certStatus.CertReqID.Value; + public virtual PkiStatusInfo StatusInfo => m_certStatus.StatusInfo; + + public virtual BigInteger CertRequestID => m_certStatus.CertReqID.Value; public virtual bool IsVerified(X509Certificate cert) { - var sigAlgID = DefaultSignatureAlgorithmIdentifierFinder.Instance.Find(cert.SigAlgName) + var signatureName = cert.SigAlgName; + + var signatureAlgorithm = DefaultSignatureAlgorithmFinder.Instance.Find(signatureName) ?? throw new CmpException("cannot find algorithm identifier for signature name"); - var digAlgID = digestAlgFinder.Find(sigAlgID) - ?? throw new CmpException("cannot find algorithm for digest from signature " + cert.SigAlgName); + var digestAlgorithm = m_digestAlgorithmFinder.Find(signatureAlgorithm) + ?? throw new CmpException("cannot find algorithm for digest from signature " + signatureName); - byte[] digest = DigestUtilities.CalculateDigest(digAlgID.Algorithm, cert.GetEncoded()); + byte[] digest = DigestUtilities.CalculateDigest(digestAlgorithm.Algorithm, cert.GetEncoded()); - return Arrays.FixedTimeEquals(certStatus.CertHash.GetOctets(), digest); + return Arrays.FixedTimeEquals(m_certStatus.CertHash.GetOctets(), digest); } } } diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs index cd517085c..a14a4dadb 100644 --- a/crypto/src/cms/CMSSignedData.cs +++ b/crypto/src/cms/CMSSignedData.cs @@ -5,6 +5,7 @@ using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Operators.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; @@ -271,29 +272,29 @@ namespace Org.BouncyCastle.Cms /** * Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm - * in it. Uses the current DigestAlgorithmIdentifierFinder for creating the digest sets. + * in it. Uses the DefaultDigestAlgorithmFinder for creating the digest sets. * * @param signedData the signed data object to be used as a base. * @param digestAlgorithm the digest algorithm to be added to the signed data. * @return a new signed data object. */ public static CmsSignedData AddDigestAlgorithm(CmsSignedData signedData, AlgorithmIdentifier digestAlgorithm) => - AddDigestAlgorithm(signedData, digestAlgorithm, DefaultDigestAlgorithmIdentifierFinder.Instance); + AddDigestAlgorithm(signedData, digestAlgorithm, DefaultDigestAlgorithmFinder.Instance); /** * Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm - * in it. Uses the passed in DigestAlgorithmIdentifierFinder for creating the digest sets. + * in it. Uses the passed in IDigestAlgorithmFinder for creating the digest sets. * * @param signedData the signed data object to be used as a base. * @param digestAlgorithm the digest algorithm to be added to the signed data. - * @param digestAlgIDFinder the digest algorithmID map to generate the digest set with. + * @param digestAlgorithmFinder the digest algorithm finder to generate the digest set with. * @return a new signed data object. */ public static CmsSignedData AddDigestAlgorithm(CmsSignedData signedData, AlgorithmIdentifier digestAlgorithm, - DefaultDigestAlgorithmIdentifierFinder digestAlgIDFinder) + IDigestAlgorithmFinder digestAlgorithmFinder) { ISet<AlgorithmIdentifier> digestAlgorithms = signedData.GetDigestAlgorithmIDs(); - AlgorithmIdentifier digestAlg = Helper.FixDigestAlgID(digestAlgorithm, digestAlgIDFinder); + AlgorithmIdentifier digestAlg = Helper.FixDigestAlgID(digestAlgorithm, digestAlgorithmFinder); // // if the algorithm is already present there is no need to add it. @@ -313,7 +314,7 @@ namespace Org.BouncyCastle.Cms foreach (var entry in digestAlgs) { - digestAlgs.Add(Helper.FixDigestAlgID(entry, digestAlgIDFinder)); + digestAlgs.Add(Helper.FixDigestAlgID(entry, digestAlgorithmFinder)); } digestAlgs.Add(digestAlg); @@ -344,7 +345,7 @@ namespace Org.BouncyCastle.Cms /** * Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in - * using the current DigestAlgorithmIdentifierFinder for creating the digest sets. You would probably only want + * using the DefaultDigestAlgorithmFinder for creating the digest sets. You would probably only want * to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one. * * @param signedData the signed data object to be used as a base. @@ -353,21 +354,21 @@ namespace Org.BouncyCastle.Cms */ public static CmsSignedData ReplaceSigners(CmsSignedData signedData, SignerInformationStore signerInformationStore) => - ReplaceSigners(signedData, signerInformationStore, DefaultDigestAlgorithmIdentifierFinder.Instance); + ReplaceSigners(signedData, signerInformationStore, DefaultDigestAlgorithmFinder.Instance); /** * Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in - * using the passed in DigestAlgorithmIdentifierFinder for creating the digest sets. You would probably only + * using the passed in IDigestAlgorithmFinder for creating the digest sets. You would probably only * want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete * one. * * @param signedData the signed data object to be used as a base. * @param signerInformationStore the new signer information store to use. - * @param dgstAlgIDFinder the digest algorithmID map to generate the digest set with. + * @param digestAlgorithmFinder the digest algorithm finder to generate the digest set with. * @return a new signed data object. */ public static CmsSignedData ReplaceSigners(CmsSignedData signedData, - SignerInformationStore signerInformationStore, DefaultDigestAlgorithmIdentifierFinder digestAlgIDFinder) + SignerInformationStore signerInformationStore, IDigestAlgorithmFinder digestAlgorithmFinder) { // // copy @@ -389,7 +390,7 @@ namespace Org.BouncyCastle.Cms foreach (var signer in signers) { - CmsUtilities.AddDigestAlgs(digestAlgs, signer, digestAlgIDFinder); + CmsUtilities.AddDigestAlgs(digestAlgs, signer, digestAlgorithmFinder); vec.Add(signer.ToSignerInfo()); } diff --git a/crypto/src/cms/CMSSignedDataGenerator.cs b/crypto/src/cms/CMSSignedDataGenerator.cs index ec8e28e47..5a0d4a192 100644 --- a/crypto/src/cms/CMSSignedDataGenerator.cs +++ b/crypto/src/cms/CMSSignedDataGenerator.cs @@ -12,6 +12,7 @@ using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.X509; using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.Operators.Utilities; namespace Org.BouncyCastle.Cms { @@ -46,8 +47,8 @@ namespace Org.BouncyCastle.Cms private readonly ISignatureFactory sigCalc; private readonly SignerIdentifier signerIdentifier; - private readonly string digestOID; - private readonly string encOID; + private readonly string digestOid; + private readonly string encOid; private readonly CmsAttributeTableGenerator sAttr; private readonly CmsAttributeTableGenerator unsAttr; private readonly Asn1.Cms.AttributeTable baseSignedTable; @@ -57,21 +58,21 @@ namespace Org.BouncyCastle.Cms AsymmetricKeyParameter key, SecureRandom random, SignerIdentifier signerIdentifier, - string digestOID, - string encOID, + string digestOid, + string encOid, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr, Asn1.Cms.AttributeTable baseSignedTable) { - string digestName = Helper.GetDigestAlgName(digestOID); + string digestName = Helper.GetDigestAlgName(digestOid); - string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(encOID); + string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(encOid); this.outer = outer; this.sigCalc = new Asn1SignatureFactory(signatureName, key, random); this.signerIdentifier = signerIdentifier; - this.digestOID = digestOID; - this.encOID = encOID; + this.digestOid = digestOid; + this.encOid = encOid; this.sAttr = sAttr; this.unsAttr = unsAttr; this.baseSignedTable = baseSignedTable; @@ -88,9 +89,9 @@ namespace Org.BouncyCastle.Cms this.outer = outer; this.sigCalc = sigCalc; this.signerIdentifier = signerIdentifier; - this.digestOID = DefaultDigestAlgorithmIdentifierFinder.Instance.Find( - (AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; - this.encOID = ((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; + this.digestOid = DefaultDigestAlgorithmFinder.Instance + .Find((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; + this.encOid = ((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; this.sAttr = sAttr; this.unsAttr = unsAttr; this.baseSignedTable = baseSignedTable; @@ -98,7 +99,7 @@ namespace Org.BouncyCastle.Cms internal AlgorithmIdentifier DigestAlgorithmID { - get { return new AlgorithmIdentifier(new DerObjectIdentifier(digestOID), DerNull.Instance); } + get { return new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance); } } internal CmsAttributeTableGenerator SignedAttributes @@ -114,11 +115,11 @@ namespace Org.BouncyCastle.Cms internal SignerInfo ToSignerInfo(DerObjectIdentifier contentType, CmsProcessable content) { AlgorithmIdentifier digAlgId = DigestAlgorithmID; - string digestName = Helper.GetDigestAlgName(digestOID); + string digestName = Helper.GetDigestAlgName(digestOid); - string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(encOID); + string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(encOid); - if (!outer.m_digests.TryGetValue(digestOID, out var hash)) + if (!outer.m_digests.TryGetValue(digestOid, out var hash)) { IDigest dig = Helper.GetDigestInstance(digestName); if (content != null) @@ -126,7 +127,7 @@ namespace Org.BouncyCastle.Cms content.Write(new DigestSink(dig)); } hash = DigestUtilities.DoFinal(dig); - outer.m_digests.Add(digestOID, (byte[])hash.Clone()); + outer.m_digests.Add(digestOid, (byte[])hash.Clone()); } Asn1Set signedAttr = null; @@ -182,7 +183,7 @@ namespace Org.BouncyCastle.Cms // TODO[RSAPSS] Need the ability to specify non-default parameters Asn1Encodable sigX509Parameters = SignerUtilities.GetDefaultX509Parameters(signatureName); AlgorithmIdentifier encAlgId = Helper.GetEncAlgorithmIdentifier( - new DerObjectIdentifier(encOID), sigX509Parameters); + new DerObjectIdentifier(encOid), sigX509Parameters); return new SignerInfo(signerIdentifier, digAlgId, signedAttr, encAlgId, new DerOctetString(sigBytes), unsignedAttr); @@ -457,7 +458,7 @@ namespace Org.BouncyCastle.Cms // foreach (SignerInformation signer in _signers) { - CmsUtilities.AddDigestAlgs(digestAlgs, signer, DefaultDigestAlgorithmIdentifierFinder.Instance); + CmsUtilities.AddDigestAlgs(digestAlgs, signer, DefaultDigestAlgorithmFinder.Instance); // TODO Verify the content type and calculated digest match the precalculated SignerInfo signerInfos.Add(signer.ToSignerInfo()); } diff --git a/crypto/src/cms/CMSSignedGenerator.cs b/crypto/src/cms/CMSSignedGenerator.cs index 5cb56805f..fd8a05d7a 100644 --- a/crypto/src/cms/CMSSignedGenerator.cs +++ b/crypto/src/cms/CMSSignedGenerator.cs @@ -25,814 +25,29 @@ using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Cms { - // TODO[api] Create API for this + [Obsolete("Use 'Org.BouncyCastle.Operators.Utilities.DefaultSignatureAlgorithmFinder' instead")] public class DefaultSignatureAlgorithmIdentifierFinder + : Org.BouncyCastle.Operators.Utilities.ISignatureAlgorithmFinder { - public static readonly DefaultSignatureAlgorithmIdentifierFinder Instance = - new DefaultSignatureAlgorithmIdentifierFinder(); - - private static readonly Dictionary<string, DerObjectIdentifier> m_algorithms = - new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase); - private static readonly HashSet<DerObjectIdentifier> m_noParams = new HashSet<DerObjectIdentifier>(); - private static readonly Dictionary<string, Asn1Encodable> m_parameters = - new Dictionary<string, Asn1Encodable>(StringComparer.OrdinalIgnoreCase); - private static readonly HashSet<DerObjectIdentifier> m_pkcs15RsaEncryption = new HashSet<DerObjectIdentifier>(); - private static readonly Dictionary<DerObjectIdentifier, DerObjectIdentifier> m_digestOids = - new Dictionary<DerObjectIdentifier, DerObjectIdentifier>(); - - static DefaultSignatureAlgorithmIdentifierFinder() - { - m_algorithms["COMPOSITE"] = MiscObjectIdentifiers.id_alg_composite; - - m_algorithms["MD2WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD2WithRsaEncryption; - m_algorithms["MD2WITHRSA"] = PkcsObjectIdentifiers.MD2WithRsaEncryption; - m_algorithms["MD5WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD5WithRsaEncryption; - m_algorithms["MD5WITHRSA"] = PkcsObjectIdentifiers.MD5WithRsaEncryption; - m_algorithms["SHA1WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; - m_algorithms["SHA-1WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; - m_algorithms["SHA1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; - m_algorithms["SHA-1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; - m_algorithms["SHA224WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; - m_algorithms["SHA-224WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; - m_algorithms["SHA224WITHRSA"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; - m_algorithms["SHA-224WITHRSA"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; - m_algorithms["SHA256WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; - m_algorithms["SHA-256WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; - m_algorithms["SHA256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; - m_algorithms["SHA-256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; - m_algorithms["SHA384WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; - m_algorithms["SHA-384WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; - m_algorithms["SHA384WITHRSA"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; - m_algorithms["SHA-384WITHRSA"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; - m_algorithms["SHA512WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; - m_algorithms["SHA-512WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; - m_algorithms["SHA512WITHRSA"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; - m_algorithms["SHA-512WITHRSA"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; - m_algorithms["SHA512(224)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; - m_algorithms["SHA-512(224)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; - m_algorithms["SHA512(224)WITHRSA"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; - m_algorithms["SHA-512(224)WITHRSA"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; - m_algorithms["SHA512(256)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; - m_algorithms["SHA-512(256)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; - m_algorithms["SHA512(256)WITHRSA"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; - m_algorithms["SHA-512(256)WITHRSA"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; - m_algorithms["SHA1WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA3-224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA3-256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA3-384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["SHA3-512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; - m_algorithms["RIPEMD160WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160; - m_algorithms["RIPEMD160WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160; - m_algorithms["RIPEMD128WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128; - m_algorithms["RIPEMD128WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128; - m_algorithms["RIPEMD256WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256; - m_algorithms["RIPEMD256WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256; - m_algorithms["SHA1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1; - m_algorithms["SHA-1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1; - m_algorithms["DSAWITHSHA1"] = X9ObjectIdentifiers.IdDsaWithSha1; - m_algorithms["SHA224WITHDSA"] = NistObjectIdentifiers.DsaWithSha224; - m_algorithms["SHA256WITHDSA"] = NistObjectIdentifiers.DsaWithSha256; - m_algorithms["SHA384WITHDSA"] = NistObjectIdentifiers.DsaWithSha384; - m_algorithms["SHA512WITHDSA"] = NistObjectIdentifiers.DsaWithSha512; - m_algorithms["SHA3-224WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_224; - m_algorithms["SHA3-256WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_256; - m_algorithms["SHA3-384WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_384; - m_algorithms["SHA3-512WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_512; - m_algorithms["SHA3-224WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_224; - m_algorithms["SHA3-256WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_256; - m_algorithms["SHA3-384WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_384; - m_algorithms["SHA3-512WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_512; - m_algorithms["SHA3-224WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224; - m_algorithms["SHA3-256WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256; - m_algorithms["SHA3-384WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384; - m_algorithms["SHA3-512WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512; - m_algorithms["SHA3-224WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224; - m_algorithms["SHA3-256WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256; - m_algorithms["SHA3-384WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384; - m_algorithms["SHA3-512WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512; - m_algorithms["SHA1WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha1; - m_algorithms["ECDSAWITHSHA1"] = X9ObjectIdentifiers.ECDsaWithSha1; - m_algorithms["SHA224WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha224; - m_algorithms["SHA256WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha256; - m_algorithms["SHA384WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha384; - m_algorithms["SHA512WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha512; - m_algorithms["GOST3411WITHGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94; - m_algorithms["GOST3411WITHGOST3410-94"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94; - m_algorithms["GOST3411WITHECGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001; - m_algorithms["GOST3411WITHECGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001; - m_algorithms["GOST3411WITHGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001; - m_algorithms["GOST3411WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; - m_algorithms["GOST3411WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; - m_algorithms["GOST3411WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; - m_algorithms["GOST3411WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; - m_algorithms["GOST3411-2012-256WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; - m_algorithms["GOST3411-2012-512WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; - m_algorithms["GOST3411-2012-256WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; - m_algorithms["GOST3411-2012-512WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; - - // NOTE: Not in bc-java - m_algorithms["GOST3411-2012-256WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; - m_algorithms["GOST3411-2012-512WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; - - m_algorithms["SHA1WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_1; - m_algorithms["SHA224WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_224; - m_algorithms["SHA256WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_256; - m_algorithms["SHA384WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_384; - m_algorithms["SHA512WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_512; - m_algorithms["SHA3-512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA3_512; - m_algorithms["SHA512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA512; - - m_algorithms["SHA1WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA1; - m_algorithms["RIPEMD160WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_RIPEMD160; - m_algorithms["SHA224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA224; - m_algorithms["SHA256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA256; - m_algorithms["SHA384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA384; - m_algorithms["SHA512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA512; - m_algorithms["SHA3-224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_224; - m_algorithms["SHA3-256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_256; - m_algorithms["SHA3-384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_384; - m_algorithms["SHA3-512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_512; - - m_algorithms["ED25519"] = EdECObjectIdentifiers.id_Ed25519; - m_algorithms["ED448"] = EdECObjectIdentifiers.id_Ed448; - - // RFC 8702 - m_algorithms["SHAKE128WITHRSAPSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128; - m_algorithms["SHAKE256WITHRSAPSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256; - m_algorithms["SHAKE128WITHRSASSA-PSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128; - m_algorithms["SHAKE256WITHRSASSA-PSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256; - m_algorithms["SHAKE128WITHECDSA"] = CmsObjectIdentifiers.id_ecdsa_with_shake128; - m_algorithms["SHAKE256WITHECDSA"] = CmsObjectIdentifiers.id_ecdsa_with_shake256; - - //m_algorithms["RIPEMD160WITHSM2"] = GMObjectIdentifiers.sm2sign_with_rmd160; - //m_algorithms["SHA1WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha1; - //m_algorithms["SHA224WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha224; - m_algorithms["SHA256WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha256; - //m_algorithms["SHA384WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha384; - //m_algorithms["SHA512WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha512; - m_algorithms["SM3WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sm3; - - m_algorithms["SHA256WITHXMSS"] = BCObjectIdentifiers.xmss_SHA256ph; - m_algorithms["SHA512WITHXMSS"] = BCObjectIdentifiers.xmss_SHA512ph; - m_algorithms["SHAKE128WITHXMSS"] = BCObjectIdentifiers.xmss_SHAKE128ph; - m_algorithms["SHAKE256WITHXMSS"] = BCObjectIdentifiers.xmss_SHAKE256ph; - - m_algorithms["SHA256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHA256ph; - m_algorithms["SHA512WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHA512ph; - m_algorithms["SHAKE128WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHAKE128ph; - m_algorithms["SHAKE256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHAKE256ph; - - m_algorithms["SHA256WITHXMSS-SHA256"] = BCObjectIdentifiers.xmss_SHA256ph; - m_algorithms["SHA512WITHXMSS-SHA512"] = BCObjectIdentifiers.xmss_SHA512ph; - m_algorithms["SHAKE128WITHXMSS-SHAKE128"] = BCObjectIdentifiers.xmss_SHAKE128ph; - m_algorithms["SHAKE256WITHXMSS-SHAKE256"] = BCObjectIdentifiers.xmss_SHAKE256ph; - - m_algorithms["SHA256WITHXMSSMT-SHA256"] = BCObjectIdentifiers.xmss_mt_SHA256ph; - m_algorithms["SHA512WITHXMSSMT-SHA512"] = BCObjectIdentifiers.xmss_mt_SHA512ph; - m_algorithms["SHAKE128WITHXMSSMT-SHAKE128"] = BCObjectIdentifiers.xmss_mt_SHAKE128ph; - m_algorithms["SHAKE256WITHXMSSMT-SHAKE256"] = BCObjectIdentifiers.xmss_mt_SHAKE256ph; - - m_algorithms["LMS"] = PkcsObjectIdentifiers.IdAlgHssLmsHashsig; - - m_algorithms["XMSS"] = IsaraObjectIdentifiers.id_alg_xmss; - m_algorithms["XMSS-SHA256"] = BCObjectIdentifiers.xmss_SHA256; - m_algorithms["XMSS-SHA512"] = BCObjectIdentifiers.xmss_SHA512; - m_algorithms["XMSS-SHAKE128"] = BCObjectIdentifiers.xmss_SHAKE128; - m_algorithms["XMSS-SHAKE256"] = BCObjectIdentifiers.xmss_SHAKE256; - - m_algorithms["XMSSMT"] = IsaraObjectIdentifiers.id_alg_xmssmt; - m_algorithms["XMSSMT-SHA256"] = BCObjectIdentifiers.xmss_mt_SHA256; - m_algorithms["XMSSMT-SHA512"] = BCObjectIdentifiers.xmss_mt_SHA512; - m_algorithms["XMSSMT-SHAKE128"] = BCObjectIdentifiers.xmss_mt_SHAKE128; - m_algorithms["XMSSMT-SHAKE256"] = BCObjectIdentifiers.xmss_mt_SHAKE256; - - m_algorithms["SPHINCS+"] = BCObjectIdentifiers.sphincsPlus; - m_algorithms["SPHINCSPLUS"] = BCObjectIdentifiers.sphincsPlus; - - m_algorithms["DILITHIUM2"] = BCObjectIdentifiers.dilithium2; - m_algorithms["DILITHIUM3"] = BCObjectIdentifiers.dilithium3; - m_algorithms["DILITHIUM5"] = BCObjectIdentifiers.dilithium5; - m_algorithms["DILITHIUM2-AES"] = BCObjectIdentifiers.dilithium2_aes; - m_algorithms["DILITHIUM3-AES"] = BCObjectIdentifiers.dilithium3_aes; - m_algorithms["DILITHIUM5-AES"] = BCObjectIdentifiers.dilithium5_aes; - - m_algorithms["FALCON-512"] = BCObjectIdentifiers.falcon_512; - m_algorithms["FALCON-1024"] = BCObjectIdentifiers.falcon_1024; - - m_algorithms["PICNIC"] = BCObjectIdentifiers.picnic_signature; - m_algorithms["SHA512WITHPICNIC"] = BCObjectIdentifiers.picnic_with_sha512; - m_algorithms["SHA3-512WITHPICNIC"] = BCObjectIdentifiers.picnic_with_sha3_512; - m_algorithms["SHAKE256WITHPICNIC"] = BCObjectIdentifiers.picnic_with_shake256; - - // - // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1); - m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224); - m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256); - m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384); - m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512); - m_noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1); - m_noParams.Add(NistObjectIdentifiers.DsaWithSha224); - m_noParams.Add(NistObjectIdentifiers.DsaWithSha256); - m_noParams.Add(NistObjectIdentifiers.DsaWithSha384); - m_noParams.Add(NistObjectIdentifiers.DsaWithSha512); - m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_224); - m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_256); - m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_384); - m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_512); - m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224); - m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256); - m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384); - m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512); - - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA224); - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA256); - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA384); - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA512); - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_224); - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_256); - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_384); - m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_512); - - // - // RFC 4491 - // - m_noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); - m_noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); - m_noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256); - m_noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512); - - // - // SPHINCS-256 - // - m_noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA512); - m_noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512); - - // - // SPHINCS-PLUS - // - m_noParams.Add(BCObjectIdentifiers.sphincsPlus); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_128s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_128f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_192s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_192f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_256s_r3); - m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_256f_r3); - - // - // Dilithium - // - m_noParams.Add(BCObjectIdentifiers.dilithium); - m_noParams.Add(BCObjectIdentifiers.dilithium2); - m_noParams.Add(BCObjectIdentifiers.dilithium3); - m_noParams.Add(BCObjectIdentifiers.dilithium5); - m_noParams.Add(BCObjectIdentifiers.dilithium2_aes); - m_noParams.Add(BCObjectIdentifiers.dilithium3_aes); - m_noParams.Add(BCObjectIdentifiers.dilithium5_aes); - - // - // Falcon - // - m_noParams.Add(BCObjectIdentifiers.falcon); - m_noParams.Add(BCObjectIdentifiers.falcon_512); - m_noParams.Add(BCObjectIdentifiers.falcon_1024); - - // - // Picnic - // - m_noParams.Add(BCObjectIdentifiers.picnic_signature); - m_noParams.Add(BCObjectIdentifiers.picnic_with_sha512); - m_noParams.Add(BCObjectIdentifiers.picnic_with_sha3_512); - m_noParams.Add(BCObjectIdentifiers.picnic_with_shake256); - - // - // XMSS - // - m_noParams.Add(BCObjectIdentifiers.xmss_SHA256ph); - m_noParams.Add(BCObjectIdentifiers.xmss_SHA512ph); - m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE128ph); - m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE256ph); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA256ph); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA512ph); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128ph); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256ph); - - m_noParams.Add(BCObjectIdentifiers.xmss_SHA256); - m_noParams.Add(BCObjectIdentifiers.xmss_SHA512); - m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE128); - m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE256); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA256); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA512); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128); - m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256); - - m_noParams.Add(IsaraObjectIdentifiers.id_alg_xmss); - m_noParams.Add(IsaraObjectIdentifiers.id_alg_xmssmt); - - // - // qTESLA - // - m_noParams.Add(BCObjectIdentifiers.qTESLA_p_I); - m_noParams.Add(BCObjectIdentifiers.qTESLA_p_III); - - // - // SM2 - // - //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_rmd160); - //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha1); - //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha224); - m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha256); - //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha384); - //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha512); - m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sm3); - - // EdDSA - m_noParams.Add(EdECObjectIdentifiers.id_Ed25519); - m_noParams.Add(EdECObjectIdentifiers.id_Ed448); - - // RFC 8702 - m_noParams.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128); - m_noParams.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256); - m_noParams.Add(CmsObjectIdentifiers.id_ecdsa_with_shake128); - m_noParams.Add(CmsObjectIdentifiers.id_ecdsa_with_shake256); - - // - // PKCS 1.5 encrypted algorithms - // - m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption); - m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption); - m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption); - m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption); - m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption); - m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); - m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); - m_pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); - m_pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); - m_pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); - m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224); - m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256); - m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384); - m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512); - - // - // explicit params - // - AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance); - m_parameters["SHA1WITHRSAANDMGF1"] = CreatePssParams(sha1AlgId, 20); - - AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance); - m_parameters["SHA224WITHRSAANDMGF1"] = CreatePssParams(sha224AlgId, 28); - - AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance); - m_parameters["SHA256WITHRSAANDMGF1"] = CreatePssParams(sha256AlgId, 32); - - AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance); - m_parameters["SHA384WITHRSAANDMGF1"] = CreatePssParams(sha384AlgId, 48); - - AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance); - m_parameters["SHA512WITHRSAANDMGF1"] = CreatePssParams(sha512AlgId, 64); - - AlgorithmIdentifier sha3_224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_224, DerNull.Instance); - m_parameters["SHA3-224WITHRSAANDMGF1"] = CreatePssParams(sha3_224AlgId, 28); - - AlgorithmIdentifier sha3_256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_256, DerNull.Instance); - m_parameters["SHA3-256WITHRSAANDMGF1"] = CreatePssParams(sha3_256AlgId, 32); - - AlgorithmIdentifier sha3_384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_384, DerNull.Instance); - m_parameters["SHA3-384WITHRSAANDMGF1"] = CreatePssParams(sha3_384AlgId, 48); - - AlgorithmIdentifier sha3_512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_512, DerNull.Instance); - m_parameters["SHA3-512WITHRSAANDMGF1"] = CreatePssParams(sha3_512AlgId, 64); - - // - // digests - // - m_digestOids[PkcsObjectIdentifiers.Sha224WithRsaEncryption] = NistObjectIdentifiers.IdSha224; - m_digestOids[PkcsObjectIdentifiers.Sha256WithRsaEncryption] = NistObjectIdentifiers.IdSha256; - m_digestOids[PkcsObjectIdentifiers.Sha384WithRsaEncryption] = NistObjectIdentifiers.IdSha384; - m_digestOids[PkcsObjectIdentifiers.Sha512WithRsaEncryption] = NistObjectIdentifiers.IdSha512; - m_digestOids[PkcsObjectIdentifiers.Sha512_224WithRSAEncryption] = NistObjectIdentifiers.IdSha512_224; - m_digestOids[PkcsObjectIdentifiers.Sha512_256WithRSAEncryption] = NistObjectIdentifiers.IdSha512_256; - m_digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha224; - m_digestOids[NistObjectIdentifiers.DsaWithSha256] = NistObjectIdentifiers.IdSha256; - m_digestOids[NistObjectIdentifiers.DsaWithSha384] = NistObjectIdentifiers.IdSha384; - m_digestOids[NistObjectIdentifiers.DsaWithSha512] = NistObjectIdentifiers.IdSha512; - m_digestOids[NistObjectIdentifiers.IdDsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224; - m_digestOids[NistObjectIdentifiers.IdDsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256; - m_digestOids[NistObjectIdentifiers.IdDsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384; - m_digestOids[NistObjectIdentifiers.IdDsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512; - m_digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224; - m_digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256; - m_digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384; - m_digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512; - m_digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224] = NistObjectIdentifiers.IdSha3_224; - m_digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256] = NistObjectIdentifiers.IdSha3_256; - m_digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384] = NistObjectIdentifiers.IdSha3_384; - m_digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512] = NistObjectIdentifiers.IdSha3_512; - - m_digestOids[PkcsObjectIdentifiers.MD2WithRsaEncryption] = PkcsObjectIdentifiers.MD2; - m_digestOids[PkcsObjectIdentifiers.MD4WithRsaEncryption] = PkcsObjectIdentifiers.MD4; - m_digestOids[PkcsObjectIdentifiers.MD5WithRsaEncryption] = PkcsObjectIdentifiers.MD5; - m_digestOids[PkcsObjectIdentifiers.Sha1WithRsaEncryption] = OiwObjectIdentifiers.IdSha1; - m_digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128] = TeleTrusTObjectIdentifiers.RipeMD128; - m_digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160] = TeleTrusTObjectIdentifiers.RipeMD160; - m_digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256] = TeleTrusTObjectIdentifiers.RipeMD256; - m_digestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94] = CryptoProObjectIdentifiers.GostR3411; - m_digestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001] = CryptoProObjectIdentifiers.GostR3411; - m_digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256; - m_digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512; - - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128s_r3] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128f_r3] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128s_r3] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128f_r3] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192s_r3] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192f_r3] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192s_r3] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192f_r3] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256s_r3] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256f_r3] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256s_r3] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256f_r3] = NistObjectIdentifiers.IdShake256; - - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128s_r3_simple] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128f_r3_simple] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128s_r3_simple] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128f_r3_simple] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192s_r3_simple] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192f_r3_simple] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192s_r3_simple] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192f_r3_simple] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256s_r3_simple] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256f_r3_simple] = NistObjectIdentifiers.IdSha256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256s_r3_simple] = NistObjectIdentifiers.IdShake256; - m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256f_r3_simple] = NistObjectIdentifiers.IdShake256; - - //m_digestOids[GMObjectIdentifiers.sm2sign_with_rmd160] = TeleTrusTObjectIdentifiers.RipeMD160; - //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha1] = OiwObjectIdentifiers.IdSha1; - //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha224] = NistObjectIdentifiers.IdSha224; - m_digestOids[GMObjectIdentifiers.sm2sign_with_sha256] = NistObjectIdentifiers.IdSha256; - //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha384] = NistObjectIdentifiers.IdSha384; - //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha512] = NistObjectIdentifiers.IdSha512; - m_digestOids[GMObjectIdentifiers.sm2sign_with_sm3] = GMObjectIdentifiers.sm3; - - m_digestOids[CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128] = NistObjectIdentifiers.IdShake128; - m_digestOids[CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256] = NistObjectIdentifiers.IdShake256; - m_digestOids[CmsObjectIdentifiers.id_ecdsa_with_shake128] = NistObjectIdentifiers.IdShake128; - m_digestOids[CmsObjectIdentifiers.id_ecdsa_with_shake256] = NistObjectIdentifiers.IdShake256; - } - - private static RsassaPssParameters CreatePssParams(AlgorithmIdentifier hashAlgID, int saltSize) - { - return new RsassaPssParameters( - hashAlgID, - new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgID), - new DerInteger(saltSize), - new DerInteger(1)); - } - // TODO[api] Make virtual - public AlgorithmIdentifier Find(string sigAlgName) - { - if (!m_algorithms.TryGetValue(sigAlgName, out var sigAlgOid)) - throw new ArgumentException("Unknown signature type requested: " + sigAlgName, nameof(sigAlgName)); - - AlgorithmIdentifier sigAlgID; - if (m_noParams.Contains(sigAlgOid)) - { - sigAlgID = new AlgorithmIdentifier(sigAlgOid); - } - else if (m_parameters.TryGetValue(sigAlgName, out var parameters)) - { - sigAlgID = new AlgorithmIdentifier(sigAlgOid, parameters); - } - else - { - sigAlgID = new AlgorithmIdentifier(sigAlgOid, DerNull.Instance); - } - return sigAlgID; - } + public AlgorithmIdentifier Find(string sigAlgName) => + Org.BouncyCastle.Operators.Utilities.DefaultSignatureAlgorithmFinder.Instance.Find(sigAlgName); } - // TODO[api] Create API for this + [Obsolete("Use 'Org.BouncyCastle.Operators.Utilities.DefaultDigestAlgorithmFinder' instead")] public class DefaultDigestAlgorithmIdentifierFinder + : Org.BouncyCastle.Operators.Utilities.IDigestAlgorithmFinder { - public static readonly DefaultDigestAlgorithmIdentifierFinder Instance = - new DefaultDigestAlgorithmIdentifierFinder(); - - private static readonly Dictionary<DerObjectIdentifier, DerObjectIdentifier> m_digestOids = - new Dictionary<DerObjectIdentifier, DerObjectIdentifier>(); - private static readonly Dictionary<string, DerObjectIdentifier> m_digestNameToOids = - new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase); - private static readonly Dictionary<DerObjectIdentifier, AlgorithmIdentifier> m_digestOidToAlgIDs = - new Dictionary<DerObjectIdentifier, AlgorithmIdentifier>(); - - // signatures that use SHAKE-256 - private static readonly HashSet<DerObjectIdentifier> m_shake256Oids = new HashSet<DerObjectIdentifier>(); - - static DefaultDigestAlgorithmIdentifierFinder() - { - // - // digests - // - m_digestOids.Add(OiwObjectIdentifiers.DsaWithSha1, OiwObjectIdentifiers.IdSha1); - m_digestOids.Add(OiwObjectIdentifiers.MD4WithRsaEncryption, PkcsObjectIdentifiers.MD4); - m_digestOids.Add(OiwObjectIdentifiers.MD4WithRsa, PkcsObjectIdentifiers.MD4); - m_digestOids.Add(OiwObjectIdentifiers.MD5WithRsa, PkcsObjectIdentifiers.MD5); - m_digestOids.Add(OiwObjectIdentifiers.Sha1WithRsa, OiwObjectIdentifiers.IdSha1); - - m_digestOids.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption, NistObjectIdentifiers.IdSha224); - m_digestOids.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption, NistObjectIdentifiers.IdSha384); - m_digestOids.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption, NistObjectIdentifiers.IdSha512); - m_digestOids.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption, NistObjectIdentifiers.IdSha512_224); - m_digestOids.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption, NistObjectIdentifiers.IdSha512_256); - m_digestOids.Add(PkcsObjectIdentifiers.MD2WithRsaEncryption, PkcsObjectIdentifiers.MD2); - m_digestOids.Add(PkcsObjectIdentifiers.MD4WithRsaEncryption, PkcsObjectIdentifiers.MD4); - m_digestOids.Add(PkcsObjectIdentifiers.MD5WithRsaEncryption, PkcsObjectIdentifiers.MD5); - m_digestOids.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption, OiwObjectIdentifiers.IdSha1); - - m_digestOids.Add(X9ObjectIdentifiers.ECDsaWithSha1, OiwObjectIdentifiers.IdSha1); - m_digestOids.Add(X9ObjectIdentifiers.ECDsaWithSha224, NistObjectIdentifiers.IdSha224); - m_digestOids.Add(X9ObjectIdentifiers.ECDsaWithSha256, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(X9ObjectIdentifiers.ECDsaWithSha384, NistObjectIdentifiers.IdSha384); - m_digestOids.Add(X9ObjectIdentifiers.ECDsaWithSha512, NistObjectIdentifiers.IdSha512); - m_digestOids.Add(X9ObjectIdentifiers.IdDsaWithSha1, OiwObjectIdentifiers.IdSha1); - - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA1, OiwObjectIdentifiers.IdSha1); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA224, NistObjectIdentifiers.IdSha224); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA256, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA384, NistObjectIdentifiers.IdSha384); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA512, NistObjectIdentifiers.IdSha512); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_224, NistObjectIdentifiers.IdSha3_224); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_256, NistObjectIdentifiers.IdSha3_256); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_384, NistObjectIdentifiers.IdSha3_384); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_512, NistObjectIdentifiers.IdSha3_512); - m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_RIPEMD160, TeleTrusTObjectIdentifiers.RipeMD160); - - m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_1, OiwObjectIdentifiers.IdSha1); - m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_224, NistObjectIdentifiers.IdSha224); - m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_256, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_384, NistObjectIdentifiers.IdSha384); - m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_512, NistObjectIdentifiers.IdSha512); - - m_digestOids.Add(NistObjectIdentifiers.DsaWithSha224, NistObjectIdentifiers.IdSha224); - m_digestOids.Add(NistObjectIdentifiers.DsaWithSha256, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(NistObjectIdentifiers.DsaWithSha384, NistObjectIdentifiers.IdSha384); - m_digestOids.Add(NistObjectIdentifiers.DsaWithSha512, NistObjectIdentifiers.IdSha512); - - m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224, NistObjectIdentifiers.IdSha3_224); - m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256, NistObjectIdentifiers.IdSha3_256); - m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384, NistObjectIdentifiers.IdSha3_384); - m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512, NistObjectIdentifiers.IdSha3_512); - m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_224, NistObjectIdentifiers.IdSha3_224); - m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_256, NistObjectIdentifiers.IdSha3_256); - m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_384, NistObjectIdentifiers.IdSha3_384); - m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_512, NistObjectIdentifiers.IdSha3_512); - m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224, NistObjectIdentifiers.IdSha3_224); - m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256, NistObjectIdentifiers.IdSha3_256); - m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384, NistObjectIdentifiers.IdSha3_384); - m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512, NistObjectIdentifiers.IdSha3_512); - - m_digestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128, TeleTrusTObjectIdentifiers.RipeMD128); - m_digestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160, TeleTrusTObjectIdentifiers.RipeMD160); - m_digestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256, TeleTrusTObjectIdentifiers.RipeMD256); - - m_digestOids.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94, CryptoProObjectIdentifiers.GostR3411); - m_digestOids.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001, CryptoProObjectIdentifiers.GostR3411); - m_digestOids.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256, RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256); - m_digestOids.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512, RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512); - - m_digestOids.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512, NistObjectIdentifiers.IdSha3_512); - m_digestOids.Add(BCObjectIdentifiers.sphincs256_with_SHA512, NistObjectIdentifiers.IdSha512); - - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3, NistObjectIdentifiers.IdShake256); - - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3_simple, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3_simple, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3_simple, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3_simple, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3_simple, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3_simple, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3_simple, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3_simple, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3_simple, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3_simple, NistObjectIdentifiers.IdSha256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3_simple, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3_simple, NistObjectIdentifiers.IdShake256); - - m_digestOids.Add(BCObjectIdentifiers.falcon, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.falcon_512, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.falcon_1024, NistObjectIdentifiers.IdShake256); - - m_digestOids.Add(BCObjectIdentifiers.picnic_signature, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(BCObjectIdentifiers.picnic_with_sha512, NistObjectIdentifiers.IdSha512); - m_digestOids.Add(BCObjectIdentifiers.picnic_with_sha3_512, NistObjectIdentifiers.IdSha3_512); - m_digestOids.Add(BCObjectIdentifiers.picnic_with_shake256, NistObjectIdentifiers.IdShake256); - - //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_rmd160, TeleTrusTObjectIdentifiers.RipeMD160); - //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha1, OiwObjectIdentifiers.IdSha1); - //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha224, NistObjectIdentifiers.IdSha224); - m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha256, NistObjectIdentifiers.IdSha256); - //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha384, NistObjectIdentifiers.IdSha384); - //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha512, NistObjectIdentifiers.IdSha512); - m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sm3, GMObjectIdentifiers.sm3); - - m_digestOids.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128, NistObjectIdentifiers.IdShake128); - m_digestOids.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256, NistObjectIdentifiers.IdShake256); - m_digestOids.Add(CmsObjectIdentifiers.id_ecdsa_with_shake128, NistObjectIdentifiers.IdShake128); - m_digestOids.Add(CmsObjectIdentifiers.id_ecdsa_with_shake256, NistObjectIdentifiers.IdShake256); - - m_digestNameToOids.Add("SHA-1", OiwObjectIdentifiers.IdSha1); - m_digestNameToOids.Add("SHA-224", NistObjectIdentifiers.IdSha224); - m_digestNameToOids.Add("SHA-256", NistObjectIdentifiers.IdSha256); - m_digestNameToOids.Add("SHA-384", NistObjectIdentifiers.IdSha384); - m_digestNameToOids.Add("SHA-512", NistObjectIdentifiers.IdSha512); - m_digestNameToOids.Add("SHA-512-224", NistObjectIdentifiers.IdSha512_224); - m_digestNameToOids.Add("SHA-512/224", NistObjectIdentifiers.IdSha512_224); - m_digestNameToOids.Add("SHA-512(224)", NistObjectIdentifiers.IdSha512_224); - m_digestNameToOids.Add("SHA-512-256", NistObjectIdentifiers.IdSha512_256); - m_digestNameToOids.Add("SHA-512/256", NistObjectIdentifiers.IdSha512_256); - m_digestNameToOids.Add("SHA-512(256)", NistObjectIdentifiers.IdSha512_256); - - m_digestNameToOids.Add("SHA1", OiwObjectIdentifiers.IdSha1); - m_digestNameToOids.Add("SHA224", NistObjectIdentifiers.IdSha224); - m_digestNameToOids.Add("SHA256", NistObjectIdentifiers.IdSha256); - m_digestNameToOids.Add("SHA384", NistObjectIdentifiers.IdSha384); - m_digestNameToOids.Add("SHA512", NistObjectIdentifiers.IdSha512); - m_digestNameToOids.Add("SHA512-224", NistObjectIdentifiers.IdSha512_224); - m_digestNameToOids.Add("SHA512/224", NistObjectIdentifiers.IdSha512_224); - m_digestNameToOids.Add("SHA512(224)", NistObjectIdentifiers.IdSha512_224); - m_digestNameToOids.Add("SHA512-256", NistObjectIdentifiers.IdSha512_256); - m_digestNameToOids.Add("SHA512/256", NistObjectIdentifiers.IdSha512_256); - m_digestNameToOids.Add("SHA512(256)", NistObjectIdentifiers.IdSha512_256); - - m_digestNameToOids.Add("SHA3-224", NistObjectIdentifiers.IdSha3_224); - m_digestNameToOids.Add("SHA3-256", NistObjectIdentifiers.IdSha3_256); - m_digestNameToOids.Add("SHA3-384", NistObjectIdentifiers.IdSha3_384); - m_digestNameToOids.Add("SHA3-512", NistObjectIdentifiers.IdSha3_512); - - m_digestNameToOids.Add("SHAKE128", NistObjectIdentifiers.IdShake128); - m_digestNameToOids.Add("SHAKE256", NistObjectIdentifiers.IdShake256); - m_digestNameToOids.Add("SHAKE-128", NistObjectIdentifiers.IdShake128); - m_digestNameToOids.Add("SHAKE-256", NistObjectIdentifiers.IdShake256); - - m_digestNameToOids.Add("GOST3411", CryptoProObjectIdentifiers.GostR3411); - m_digestNameToOids.Add("GOST3411-2012-256", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256); - m_digestNameToOids.Add("GOST3411-2012-512", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512); - - m_digestNameToOids.Add("MD2", PkcsObjectIdentifiers.MD2); - m_digestNameToOids.Add("MD4", PkcsObjectIdentifiers.MD4); - m_digestNameToOids.Add("MD5", PkcsObjectIdentifiers.MD5); - - m_digestNameToOids.Add("RIPEMD128", TeleTrusTObjectIdentifiers.RipeMD128); - m_digestNameToOids.Add("RIPEMD160", TeleTrusTObjectIdentifiers.RipeMD160); - m_digestNameToOids.Add("RIPEMD256", TeleTrusTObjectIdentifiers.RipeMD256); - - m_digestNameToOids.Add("SM3", GMObjectIdentifiers.sm3); - - // IETF RFC 3370 - AddDigestAlgID(OiwObjectIdentifiers.IdSha1, true); - // IETF RFC 5754 - AddDigestAlgID(NistObjectIdentifiers.IdSha224, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha256, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha384, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha512, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha512_224, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha512_256, false); - - // NIST CSOR - AddDigestAlgID(NistObjectIdentifiers.IdSha3_224, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha3_256, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha3_384, false); - AddDigestAlgID(NistObjectIdentifiers.IdSha3_512, false); - - // RFC 8702 - AddDigestAlgID(NistObjectIdentifiers.IdShake128, false); - AddDigestAlgID(NistObjectIdentifiers.IdShake256, false); - - // RFC 4357 - AddDigestAlgID(CryptoProObjectIdentifiers.GostR3411, true); - - // draft-deremin-rfc4491 - AddDigestAlgID(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256, false); - AddDigestAlgID(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512, false); - - // IETF RFC 1319 - AddDigestAlgID(PkcsObjectIdentifiers.MD2, true); - // IETF RFC 1320 - AddDigestAlgID(PkcsObjectIdentifiers.MD4, true); - // IETF RFC 1321 - AddDigestAlgID(PkcsObjectIdentifiers.MD5, true); - - // found no standard which specified the handle of AlgorithmIdentifier.parameters, - // so let it as before. - AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD128, true); - AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD160, true); - AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD256, true); - - m_shake256Oids.Add(EdECObjectIdentifiers.id_Ed448); - - m_shake256Oids.Add(BCObjectIdentifiers.dilithium2); - m_shake256Oids.Add(BCObjectIdentifiers.dilithium3); - m_shake256Oids.Add(BCObjectIdentifiers.dilithium5); - m_shake256Oids.Add(BCObjectIdentifiers.dilithium2_aes); - m_shake256Oids.Add(BCObjectIdentifiers.dilithium3_aes); - m_shake256Oids.Add(BCObjectIdentifiers.dilithium5_aes); - - m_shake256Oids.Add(BCObjectIdentifiers.falcon_512); - m_shake256Oids.Add(BCObjectIdentifiers.falcon_1024); - } - - private static void AddDigestAlgID(DerObjectIdentifier oid, bool withNullParams) => - m_digestOidToAlgIDs.Add(oid, new AlgorithmIdentifier(oid, withNullParams ? DerNull.Instance : null)); - // TODO[api] Make virtual - public AlgorithmIdentifier Find(AlgorithmIdentifier sigAlgId) - { - DerObjectIdentifier sigAlgOid = sigAlgId.Algorithm; + public AlgorithmIdentifier Find(AlgorithmIdentifier sigAlgId) => + Org.BouncyCastle.Operators.Utilities.DefaultDigestAlgorithmFinder.Instance.Find(sigAlgId); - if (m_shake256Oids.Contains(sigAlgOid)) - return new AlgorithmIdentifier(NistObjectIdentifiers.IdShake256Len, new DerInteger(512)); - - DerObjectIdentifier digAlgOid; - if (PkcsObjectIdentifiers.IdRsassaPss.Equals(sigAlgOid)) - { - digAlgOid = RsassaPssParameters.GetInstance(sigAlgId.Parameters).HashAlgorithm.Algorithm; - } - else if (EdECObjectIdentifiers.id_Ed25519.Equals(sigAlgOid)) - { - digAlgOid = NistObjectIdentifiers.IdSha512; - } - else if (PkcsObjectIdentifiers.IdAlgHssLmsHashsig.Equals(sigAlgOid)) - { - digAlgOid = NistObjectIdentifiers.IdSha256; - } - else - { - digAlgOid = CollectionUtilities.GetValueOrNull(m_digestOids, sigAlgOid); - } - - return Find(digAlgOid); - } - - public virtual AlgorithmIdentifier Find(DerObjectIdentifier digAlgOid) - { - if (digAlgOid == null) - throw new ArgumentNullException(nameof(digAlgOid)); - - if (m_digestOidToAlgIDs.TryGetValue(digAlgOid, out var digAlgID)) - return digAlgID; - - return new AlgorithmIdentifier(digAlgOid); - } + public virtual AlgorithmIdentifier Find(DerObjectIdentifier digAlgOid) => + Org.BouncyCastle.Operators.Utilities.DefaultDigestAlgorithmFinder.Instance.Find(digAlgOid); // TODO[api] Make virtual - public AlgorithmIdentifier Find(string digAlgName) - { - if (m_digestNameToOids.TryGetValue(digAlgName, out var oid)) - return Find(oid); - - try - { - return Find(new DerObjectIdentifier(digAlgName)); - } - catch (Exception) - { - // ignore - tried it but it didn't work... - } - - return null; - } + public AlgorithmIdentifier Find(string digAlgName) => + Org.BouncyCastle.Operators.Utilities.DefaultDigestAlgorithmFinder.Instance.Find(digAlgName); } public abstract class CmsSignedGenerator diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs index b7566c409..00b16dbc7 100644 --- a/crypto/src/cms/CMSSignedHelper.cs +++ b/crypto/src/cms/CMSSignedHelper.cs @@ -14,6 +14,7 @@ using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Operators.Utilities; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.X509; @@ -205,11 +206,11 @@ namespace Org.BouncyCastle.Cms } internal AlgorithmIdentifier FixDigestAlgID(AlgorithmIdentifier algID, - DefaultDigestAlgorithmIdentifierFinder digestAlgIDFinder) + IDigestAlgorithmFinder digestAlgorithmFinder) { var parameters = algID.Parameters; if (parameters == null || DerNull.Instance.Equals(parameters)) - return digestAlgIDFinder.Find(algID.Algorithm); + return digestAlgorithmFinder.Find(algID.Algorithm); return algID; } diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs index 5124dce94..15681a318 100644 --- a/crypto/src/cms/CMSUtils.cs +++ b/crypto/src/cms/CMSUtils.cs @@ -8,6 +8,7 @@ using Org.BouncyCastle.Asn1.Ocsp; using Org.BouncyCastle.Asn1.Sec; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; +using Org.BouncyCastle.Operators.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.IO; using Org.BouncyCastle.X509; @@ -151,26 +152,26 @@ namespace Org.BouncyCastle.Cms // TODO Clean up this method (which is not present in bc-java) internal static void AddDigestAlgs(Asn1EncodableVector digestAlgs, SignerInformation signer, - DefaultDigestAlgorithmIdentifierFinder dgstAlgFinder) + IDigestAlgorithmFinder digestAlgorithmFinder) { var helper = CmsSignedHelper.Instance; - digestAlgs.Add(helper.FixDigestAlgID(signer.DigestAlgorithmID, dgstAlgFinder)); + digestAlgs.Add(helper.FixDigestAlgID(signer.DigestAlgorithmID, digestAlgorithmFinder)); SignerInformationStore counterSignaturesStore = signer.GetCounterSignatures(); foreach (var counterSigner in counterSignaturesStore) { - digestAlgs.Add(helper.FixDigestAlgID(counterSigner.DigestAlgorithmID, dgstAlgFinder)); + digestAlgs.Add(helper.FixDigestAlgID(counterSigner.DigestAlgorithmID, digestAlgorithmFinder)); } } internal static void AddDigestAlgs(ISet<AlgorithmIdentifier> digestAlgs, SignerInformation signer, - DefaultDigestAlgorithmIdentifierFinder dgstAlgFinder) + IDigestAlgorithmFinder digestAlgorithmFinder) { var helper = CmsSignedHelper.Instance; - digestAlgs.Add(helper.FixDigestAlgID(signer.DigestAlgorithmID, dgstAlgFinder)); + digestAlgs.Add(helper.FixDigestAlgID(signer.DigestAlgorithmID, digestAlgorithmFinder)); SignerInformationStore counterSignaturesStore = signer.GetCounterSignatures(); foreach (var counterSigner in counterSignaturesStore) { - digestAlgs.Add(helper.FixDigestAlgID(counterSigner.DigestAlgorithmID, dgstAlgFinder)); + digestAlgs.Add(helper.FixDigestAlgID(counterSigner.DigestAlgorithmID, digestAlgorithmFinder)); } } diff --git a/crypto/src/operators/utilities/DefaultDigestAlgorithmFinder.cs b/crypto/src/operators/utilities/DefaultDigestAlgorithmFinder.cs new file mode 100644 index 000000000..025b94622 --- /dev/null +++ b/crypto/src/operators/utilities/DefaultDigestAlgorithmFinder.cs @@ -0,0 +1,326 @@ +using System; +using System.Collections.Generic; + +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.BC; +using Org.BouncyCastle.Asn1.Bsi; +using Org.BouncyCastle.Asn1.Cms; +using Org.BouncyCastle.Asn1.CryptoPro; +using Org.BouncyCastle.Asn1.Eac; +using Org.BouncyCastle.Asn1.EdEC; +using Org.BouncyCastle.Asn1.GM; +using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Oiw; +using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Asn1.Rosstandart; +using Org.BouncyCastle.Asn1.TeleTrust; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Asn1.X9; +using Org.BouncyCastle.Utilities.Collections; + +namespace Org.BouncyCastle.Operators.Utilities +{ + public class DefaultDigestAlgorithmFinder + : IDigestAlgorithmFinder + { + public static readonly DefaultDigestAlgorithmFinder Instance = new DefaultDigestAlgorithmFinder(); + + private static readonly Dictionary<DerObjectIdentifier, DerObjectIdentifier> DigestOids = + new Dictionary<DerObjectIdentifier, DerObjectIdentifier>(); + private static readonly Dictionary<string, DerObjectIdentifier> DigestNameToOids = + new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase); + private static readonly Dictionary<DerObjectIdentifier, AlgorithmIdentifier> DigestOidToAlgIDs = + new Dictionary<DerObjectIdentifier, AlgorithmIdentifier>(); + + // signatures that use SHAKE-256 + private static readonly HashSet<DerObjectIdentifier> Shake256Oids = new HashSet<DerObjectIdentifier>(); + + static DefaultDigestAlgorithmFinder() + { + // + // digests + // + DigestOids.Add(OiwObjectIdentifiers.DsaWithSha1, OiwObjectIdentifiers.IdSha1); + DigestOids.Add(OiwObjectIdentifiers.MD4WithRsaEncryption, PkcsObjectIdentifiers.MD4); + DigestOids.Add(OiwObjectIdentifiers.MD4WithRsa, PkcsObjectIdentifiers.MD4); + DigestOids.Add(OiwObjectIdentifiers.MD5WithRsa, PkcsObjectIdentifiers.MD5); + DigestOids.Add(OiwObjectIdentifiers.Sha1WithRsa, OiwObjectIdentifiers.IdSha1); + + DigestOids.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption, NistObjectIdentifiers.IdSha224); + DigestOids.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption, NistObjectIdentifiers.IdSha256); + DigestOids.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption, NistObjectIdentifiers.IdSha384); + DigestOids.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption, NistObjectIdentifiers.IdSha512); + DigestOids.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption, NistObjectIdentifiers.IdSha512_224); + DigestOids.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption, NistObjectIdentifiers.IdSha512_256); + DigestOids.Add(PkcsObjectIdentifiers.MD2WithRsaEncryption, PkcsObjectIdentifiers.MD2); + DigestOids.Add(PkcsObjectIdentifiers.MD4WithRsaEncryption, PkcsObjectIdentifiers.MD4); + DigestOids.Add(PkcsObjectIdentifiers.MD5WithRsaEncryption, PkcsObjectIdentifiers.MD5); + DigestOids.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption, OiwObjectIdentifiers.IdSha1); + + DigestOids.Add(X9ObjectIdentifiers.ECDsaWithSha1, OiwObjectIdentifiers.IdSha1); + DigestOids.Add(X9ObjectIdentifiers.ECDsaWithSha224, NistObjectIdentifiers.IdSha224); + DigestOids.Add(X9ObjectIdentifiers.ECDsaWithSha256, NistObjectIdentifiers.IdSha256); + DigestOids.Add(X9ObjectIdentifiers.ECDsaWithSha384, NistObjectIdentifiers.IdSha384); + DigestOids.Add(X9ObjectIdentifiers.ECDsaWithSha512, NistObjectIdentifiers.IdSha512); + DigestOids.Add(X9ObjectIdentifiers.IdDsaWithSha1, OiwObjectIdentifiers.IdSha1); + + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA1, OiwObjectIdentifiers.IdSha1); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA224, NistObjectIdentifiers.IdSha224); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA256, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA384, NistObjectIdentifiers.IdSha384); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA512, NistObjectIdentifiers.IdSha512); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_224, NistObjectIdentifiers.IdSha3_224); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_256, NistObjectIdentifiers.IdSha3_256); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_384, NistObjectIdentifiers.IdSha3_384); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_512, NistObjectIdentifiers.IdSha3_512); + DigestOids.Add(BsiObjectIdentifiers.ecdsa_plain_RIPEMD160, TeleTrusTObjectIdentifiers.RipeMD160); + + DigestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_1, OiwObjectIdentifiers.IdSha1); + DigestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_224, NistObjectIdentifiers.IdSha224); + DigestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_256, NistObjectIdentifiers.IdSha256); + DigestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_384, NistObjectIdentifiers.IdSha384); + DigestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_512, NistObjectIdentifiers.IdSha512); + + DigestOids.Add(NistObjectIdentifiers.DsaWithSha224, NistObjectIdentifiers.IdSha224); + DigestOids.Add(NistObjectIdentifiers.DsaWithSha256, NistObjectIdentifiers.IdSha256); + DigestOids.Add(NistObjectIdentifiers.DsaWithSha384, NistObjectIdentifiers.IdSha384); + DigestOids.Add(NistObjectIdentifiers.DsaWithSha512, NistObjectIdentifiers.IdSha512); + + DigestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224, NistObjectIdentifiers.IdSha3_224); + DigestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256, NistObjectIdentifiers.IdSha3_256); + DigestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384, NistObjectIdentifiers.IdSha3_384); + DigestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512, NistObjectIdentifiers.IdSha3_512); + DigestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_224, NistObjectIdentifiers.IdSha3_224); + DigestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_256, NistObjectIdentifiers.IdSha3_256); + DigestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_384, NistObjectIdentifiers.IdSha3_384); + DigestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_512, NistObjectIdentifiers.IdSha3_512); + DigestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224, NistObjectIdentifiers.IdSha3_224); + DigestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256, NistObjectIdentifiers.IdSha3_256); + DigestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384, NistObjectIdentifiers.IdSha3_384); + DigestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512, NistObjectIdentifiers.IdSha3_512); + + DigestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128, TeleTrusTObjectIdentifiers.RipeMD128); + DigestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160, TeleTrusTObjectIdentifiers.RipeMD160); + DigestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256, TeleTrusTObjectIdentifiers.RipeMD256); + + DigestOids.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94, CryptoProObjectIdentifiers.GostR3411); + DigestOids.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001, CryptoProObjectIdentifiers.GostR3411); + DigestOids.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256, RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256); + DigestOids.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512, RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512); + + DigestOids.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512, NistObjectIdentifiers.IdSha3_512); + DigestOids.Add(BCObjectIdentifiers.sphincs256_with_SHA512, NistObjectIdentifiers.IdSha512); + + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3, NistObjectIdentifiers.IdShake256); + + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3_simple, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3_simple, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3_simple, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3_simple, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3_simple, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3_simple, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3_simple, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3_simple, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3_simple, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3_simple, NistObjectIdentifiers.IdSha256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3_simple, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3_simple, NistObjectIdentifiers.IdShake256); + + DigestOids.Add(BCObjectIdentifiers.falcon, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.falcon_512, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.falcon_1024, NistObjectIdentifiers.IdShake256); + + DigestOids.Add(BCObjectIdentifiers.picnic_signature, NistObjectIdentifiers.IdShake256); + DigestOids.Add(BCObjectIdentifiers.picnic_with_sha512, NistObjectIdentifiers.IdSha512); + DigestOids.Add(BCObjectIdentifiers.picnic_with_sha3_512, NistObjectIdentifiers.IdSha3_512); + DigestOids.Add(BCObjectIdentifiers.picnic_with_shake256, NistObjectIdentifiers.IdShake256); + + //DigestOids.Add(GMObjectIdentifiers.sm2sign_with_rmd160, TeleTrusTObjectIdentifiers.RipeMD160); + //DigestOids.Add(GMObjectIdentifiers.sm2sign_with_sha1, OiwObjectIdentifiers.IdSha1); + //DigestOids.Add(GMObjectIdentifiers.sm2sign_with_sha224, NistObjectIdentifiers.IdSha224); + DigestOids.Add(GMObjectIdentifiers.sm2sign_with_sha256, NistObjectIdentifiers.IdSha256); + //DigestOids.Add(GMObjectIdentifiers.sm2sign_with_sha384, NistObjectIdentifiers.IdSha384); + //DigestOids.Add(GMObjectIdentifiers.sm2sign_with_sha512, NistObjectIdentifiers.IdSha512); + DigestOids.Add(GMObjectIdentifiers.sm2sign_with_sm3, GMObjectIdentifiers.sm3); + + DigestOids.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128, NistObjectIdentifiers.IdShake128); + DigestOids.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256, NistObjectIdentifiers.IdShake256); + DigestOids.Add(CmsObjectIdentifiers.id_ecdsa_with_shake128, NistObjectIdentifiers.IdShake128); + DigestOids.Add(CmsObjectIdentifiers.id_ecdsa_with_shake256, NistObjectIdentifiers.IdShake256); + + DigestNameToOids.Add("SHA-1", OiwObjectIdentifiers.IdSha1); + DigestNameToOids.Add("SHA-224", NistObjectIdentifiers.IdSha224); + DigestNameToOids.Add("SHA-256", NistObjectIdentifiers.IdSha256); + DigestNameToOids.Add("SHA-384", NistObjectIdentifiers.IdSha384); + DigestNameToOids.Add("SHA-512", NistObjectIdentifiers.IdSha512); + DigestNameToOids.Add("SHA-512-224", NistObjectIdentifiers.IdSha512_224); + DigestNameToOids.Add("SHA-512/224", NistObjectIdentifiers.IdSha512_224); + DigestNameToOids.Add("SHA-512(224)", NistObjectIdentifiers.IdSha512_224); + DigestNameToOids.Add("SHA-512-256", NistObjectIdentifiers.IdSha512_256); + DigestNameToOids.Add("SHA-512/256", NistObjectIdentifiers.IdSha512_256); + DigestNameToOids.Add("SHA-512(256)", NistObjectIdentifiers.IdSha512_256); + + DigestNameToOids.Add("SHA1", OiwObjectIdentifiers.IdSha1); + DigestNameToOids.Add("SHA224", NistObjectIdentifiers.IdSha224); + DigestNameToOids.Add("SHA256", NistObjectIdentifiers.IdSha256); + DigestNameToOids.Add("SHA384", NistObjectIdentifiers.IdSha384); + DigestNameToOids.Add("SHA512", NistObjectIdentifiers.IdSha512); + DigestNameToOids.Add("SHA512-224", NistObjectIdentifiers.IdSha512_224); + DigestNameToOids.Add("SHA512/224", NistObjectIdentifiers.IdSha512_224); + DigestNameToOids.Add("SHA512(224)", NistObjectIdentifiers.IdSha512_224); + DigestNameToOids.Add("SHA512-256", NistObjectIdentifiers.IdSha512_256); + DigestNameToOids.Add("SHA512/256", NistObjectIdentifiers.IdSha512_256); + DigestNameToOids.Add("SHA512(256)", NistObjectIdentifiers.IdSha512_256); + + DigestNameToOids.Add("SHA3-224", NistObjectIdentifiers.IdSha3_224); + DigestNameToOids.Add("SHA3-256", NistObjectIdentifiers.IdSha3_256); + DigestNameToOids.Add("SHA3-384", NistObjectIdentifiers.IdSha3_384); + DigestNameToOids.Add("SHA3-512", NistObjectIdentifiers.IdSha3_512); + + DigestNameToOids.Add("SHAKE128", NistObjectIdentifiers.IdShake128); + DigestNameToOids.Add("SHAKE256", NistObjectIdentifiers.IdShake256); + DigestNameToOids.Add("SHAKE-128", NistObjectIdentifiers.IdShake128); + DigestNameToOids.Add("SHAKE-256", NistObjectIdentifiers.IdShake256); + + DigestNameToOids.Add("GOST3411", CryptoProObjectIdentifiers.GostR3411); + DigestNameToOids.Add("GOST3411-2012-256", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256); + DigestNameToOids.Add("GOST3411-2012-512", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512); + + DigestNameToOids.Add("MD2", PkcsObjectIdentifiers.MD2); + DigestNameToOids.Add("MD4", PkcsObjectIdentifiers.MD4); + DigestNameToOids.Add("MD5", PkcsObjectIdentifiers.MD5); + + DigestNameToOids.Add("RIPEMD128", TeleTrusTObjectIdentifiers.RipeMD128); + DigestNameToOids.Add("RIPEMD160", TeleTrusTObjectIdentifiers.RipeMD160); + DigestNameToOids.Add("RIPEMD256", TeleTrusTObjectIdentifiers.RipeMD256); + + DigestNameToOids.Add("SM3", GMObjectIdentifiers.sm3); + + // IETF RFC 3370 + AddDigestAlgID(OiwObjectIdentifiers.IdSha1, true); + // IETF RFC 5754 + AddDigestAlgID(NistObjectIdentifiers.IdSha224, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha256, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha384, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha512, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha512_224, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha512_256, false); + + // NIST CSOR + AddDigestAlgID(NistObjectIdentifiers.IdSha3_224, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha3_256, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha3_384, false); + AddDigestAlgID(NistObjectIdentifiers.IdSha3_512, false); + + // RFC 8702 + AddDigestAlgID(NistObjectIdentifiers.IdShake128, false); + AddDigestAlgID(NistObjectIdentifiers.IdShake256, false); + + // RFC 4357 + AddDigestAlgID(CryptoProObjectIdentifiers.GostR3411, true); + + // draft-deremin-rfc4491 + AddDigestAlgID(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256, false); + AddDigestAlgID(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512, false); + + // IETF RFC 1319 + AddDigestAlgID(PkcsObjectIdentifiers.MD2, true); + // IETF RFC 1320 + AddDigestAlgID(PkcsObjectIdentifiers.MD4, true); + // IETF RFC 1321 + AddDigestAlgID(PkcsObjectIdentifiers.MD5, true); + + // found no standard which specified the handle of AlgorithmIdentifier.parameters, + // so let it as before. + AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD128, true); + AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD160, true); + AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD256, true); + + Shake256Oids.Add(EdECObjectIdentifiers.id_Ed448); + + Shake256Oids.Add(BCObjectIdentifiers.dilithium2); + Shake256Oids.Add(BCObjectIdentifiers.dilithium3); + Shake256Oids.Add(BCObjectIdentifiers.dilithium5); + Shake256Oids.Add(BCObjectIdentifiers.dilithium2_aes); + Shake256Oids.Add(BCObjectIdentifiers.dilithium3_aes); + Shake256Oids.Add(BCObjectIdentifiers.dilithium5_aes); + + Shake256Oids.Add(BCObjectIdentifiers.falcon_512); + Shake256Oids.Add(BCObjectIdentifiers.falcon_1024); + } + + private static void AddDigestAlgID(DerObjectIdentifier oid, bool withNullParams) => + DigestOidToAlgIDs.Add(oid, new AlgorithmIdentifier(oid, withNullParams ? DerNull.Instance : null)); + + protected DefaultDigestAlgorithmFinder() + { + } + + public virtual AlgorithmIdentifier Find(AlgorithmIdentifier signatureAlgorithm) + { + DerObjectIdentifier signatureOid = signatureAlgorithm.Algorithm; + + if (Shake256Oids.Contains(signatureOid)) + return new AlgorithmIdentifier(NistObjectIdentifiers.IdShake256Len, new DerInteger(512)); + + DerObjectIdentifier digestOid; + if (PkcsObjectIdentifiers.IdRsassaPss.Equals(signatureOid)) + { + digestOid = RsassaPssParameters.GetInstance(signatureAlgorithm.Parameters).HashAlgorithm.Algorithm; + } + else if (EdECObjectIdentifiers.id_Ed25519.Equals(signatureOid)) + { + digestOid = NistObjectIdentifiers.IdSha512; + } + else if (PkcsObjectIdentifiers.IdAlgHssLmsHashsig.Equals(signatureOid)) + { + digestOid = NistObjectIdentifiers.IdSha256; + } + else + { + digestOid = CollectionUtilities.GetValueOrNull(DigestOids, signatureOid); + } + + return Find(digestOid); + } + + public virtual AlgorithmIdentifier Find(DerObjectIdentifier digestOid) + { + if (digestOid == null) + throw new ArgumentNullException(nameof(digestOid)); + + if (DigestOidToAlgIDs.TryGetValue(digestOid, out var digestAlgorithm)) + return digestAlgorithm; + + return new AlgorithmIdentifier(digestOid); + } + + public virtual AlgorithmIdentifier Find(string digestName) + { + if (DigestNameToOids.TryGetValue(digestName, out var digestOid)) + return Find(digestOid); + + try + { + return Find(new DerObjectIdentifier(digestName)); + } + catch (Exception) + { + // ignore - tried it but it didn't work... + } + + return null; + } + } +} diff --git a/crypto/src/operators/utilities/DefaultSignatureAlgorithmFinder.cs b/crypto/src/operators/utilities/DefaultSignatureAlgorithmFinder.cs new file mode 100644 index 000000000..0da904328 --- /dev/null +++ b/crypto/src/operators/utilities/DefaultSignatureAlgorithmFinder.cs @@ -0,0 +1,533 @@ +using System; +using System.Collections.Generic; + +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.BC; +using Org.BouncyCastle.Asn1.Bsi; +using Org.BouncyCastle.Asn1.Cms; +using Org.BouncyCastle.Asn1.CryptoPro; +using Org.BouncyCastle.Asn1.Eac; +using Org.BouncyCastle.Asn1.EdEC; +using Org.BouncyCastle.Asn1.GM; +using Org.BouncyCastle.Asn1.Isara; +using Org.BouncyCastle.Asn1.Misc; +using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Oiw; +using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Asn1.Rosstandart; +using Org.BouncyCastle.Asn1.TeleTrust; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Asn1.X9; + +namespace Org.BouncyCastle.Operators.Utilities +{ + public class DefaultSignatureAlgorithmFinder + : ISignatureAlgorithmFinder + { + public static readonly DefaultSignatureAlgorithmFinder Instance = new DefaultSignatureAlgorithmFinder(); + + private static readonly Dictionary<string, DerObjectIdentifier> Algorithms = + new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase); + private static readonly HashSet<DerObjectIdentifier> NoParams = new HashSet<DerObjectIdentifier>(); + private static readonly Dictionary<string, Asn1Encodable> Parameters = + new Dictionary<string, Asn1Encodable>(StringComparer.OrdinalIgnoreCase); + private static readonly HashSet<DerObjectIdentifier> Pkcs15RsaEncryption = new HashSet<DerObjectIdentifier>(); + private static readonly Dictionary<DerObjectIdentifier, DerObjectIdentifier> DigestOids = + new Dictionary<DerObjectIdentifier, DerObjectIdentifier>(); + + static DefaultSignatureAlgorithmFinder() + { + Algorithms["COMPOSITE"] = MiscObjectIdentifiers.id_alg_composite; + + Algorithms["MD2WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD2WithRsaEncryption; + Algorithms["MD2WITHRSA"] = PkcsObjectIdentifiers.MD2WithRsaEncryption; + Algorithms["MD5WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD5WithRsaEncryption; + Algorithms["MD5WITHRSA"] = PkcsObjectIdentifiers.MD5WithRsaEncryption; + Algorithms["SHA1WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; + Algorithms["SHA-1WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; + Algorithms["SHA1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; + Algorithms["SHA-1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption; + Algorithms["SHA224WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; + Algorithms["SHA-224WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; + Algorithms["SHA224WITHRSA"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; + Algorithms["SHA-224WITHRSA"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption; + Algorithms["SHA256WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; + Algorithms["SHA-256WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; + Algorithms["SHA256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; + Algorithms["SHA-256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption; + Algorithms["SHA384WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; + Algorithms["SHA-384WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; + Algorithms["SHA384WITHRSA"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; + Algorithms["SHA-384WITHRSA"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption; + Algorithms["SHA512WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; + Algorithms["SHA-512WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; + Algorithms["SHA512WITHRSA"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; + Algorithms["SHA-512WITHRSA"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption; + Algorithms["SHA512(224)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; + Algorithms["SHA-512(224)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; + Algorithms["SHA512(224)WITHRSA"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; + Algorithms["SHA-512(224)WITHRSA"] = PkcsObjectIdentifiers.Sha512_224WithRSAEncryption; + Algorithms["SHA512(256)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; + Algorithms["SHA-512(256)WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; + Algorithms["SHA512(256)WITHRSA"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; + Algorithms["SHA-512(256)WITHRSA"] = PkcsObjectIdentifiers.Sha512_256WithRSAEncryption; + Algorithms["SHA1WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA3-224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA3-256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA3-384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["SHA3-512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss; + Algorithms["RIPEMD160WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160; + Algorithms["RIPEMD160WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160; + Algorithms["RIPEMD128WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128; + Algorithms["RIPEMD128WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128; + Algorithms["RIPEMD256WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256; + Algorithms["RIPEMD256WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256; + Algorithms["SHA1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1; + Algorithms["SHA-1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1; + Algorithms["DSAWITHSHA1"] = X9ObjectIdentifiers.IdDsaWithSha1; + Algorithms["SHA224WITHDSA"] = NistObjectIdentifiers.DsaWithSha224; + Algorithms["SHA256WITHDSA"] = NistObjectIdentifiers.DsaWithSha256; + Algorithms["SHA384WITHDSA"] = NistObjectIdentifiers.DsaWithSha384; + Algorithms["SHA512WITHDSA"] = NistObjectIdentifiers.DsaWithSha512; + Algorithms["SHA3-224WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_224; + Algorithms["SHA3-256WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_256; + Algorithms["SHA3-384WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_384; + Algorithms["SHA3-512WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_512; + Algorithms["SHA3-224WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_224; + Algorithms["SHA3-256WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_256; + Algorithms["SHA3-384WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_384; + Algorithms["SHA3-512WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_512; + Algorithms["SHA3-224WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224; + Algorithms["SHA3-256WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256; + Algorithms["SHA3-384WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384; + Algorithms["SHA3-512WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512; + Algorithms["SHA3-224WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224; + Algorithms["SHA3-256WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256; + Algorithms["SHA3-384WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384; + Algorithms["SHA3-512WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512; + Algorithms["SHA1WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha1; + Algorithms["ECDSAWITHSHA1"] = X9ObjectIdentifiers.ECDsaWithSha1; + Algorithms["SHA224WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha224; + Algorithms["SHA256WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha256; + Algorithms["SHA384WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha384; + Algorithms["SHA512WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha512; + Algorithms["GOST3411WITHGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94; + Algorithms["GOST3411WITHGOST3410-94"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94; + Algorithms["GOST3411WITHECGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001; + Algorithms["GOST3411WITHECGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001; + Algorithms["GOST3411WITHGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001; + Algorithms["GOST3411WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; + Algorithms["GOST3411WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; + Algorithms["GOST3411WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; + Algorithms["GOST3411WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; + Algorithms["GOST3411-2012-256WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; + Algorithms["GOST3411-2012-512WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; + Algorithms["GOST3411-2012-256WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; + Algorithms["GOST3411-2012-512WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; + + // NOTE: Not in bc-java + Algorithms["GOST3411-2012-256WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256; + Algorithms["GOST3411-2012-512WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512; + + Algorithms["SHA1WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_1; + Algorithms["SHA224WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_224; + Algorithms["SHA256WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_256; + Algorithms["SHA384WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_384; + Algorithms["SHA512WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_512; + Algorithms["SHA3-512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA3_512; + Algorithms["SHA512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA512; + + Algorithms["SHA1WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA1; + Algorithms["RIPEMD160WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_RIPEMD160; + Algorithms["SHA224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA224; + Algorithms["SHA256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA256; + Algorithms["SHA384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA384; + Algorithms["SHA512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA512; + Algorithms["SHA3-224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_224; + Algorithms["SHA3-256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_256; + Algorithms["SHA3-384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_384; + Algorithms["SHA3-512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_512; + + Algorithms["ED25519"] = EdECObjectIdentifiers.id_Ed25519; + Algorithms["ED448"] = EdECObjectIdentifiers.id_Ed448; + + // RFC 8702 + Algorithms["SHAKE128WITHRSAPSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128; + Algorithms["SHAKE256WITHRSAPSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256; + Algorithms["SHAKE128WITHRSASSA-PSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128; + Algorithms["SHAKE256WITHRSASSA-PSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256; + Algorithms["SHAKE128WITHECDSA"] = CmsObjectIdentifiers.id_ecdsa_with_shake128; + Algorithms["SHAKE256WITHECDSA"] = CmsObjectIdentifiers.id_ecdsa_with_shake256; + + //m_algorithms["RIPEMD160WITHSM2"] = GMObjectIdentifiers.sm2sign_with_rmd160; + //m_algorithms["SHA1WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha1; + //m_algorithms["SHA224WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha224; + Algorithms["SHA256WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha256; + //m_algorithms["SHA384WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha384; + //m_algorithms["SHA512WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha512; + Algorithms["SM3WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sm3; + + Algorithms["SHA256WITHXMSS"] = BCObjectIdentifiers.xmss_SHA256ph; + Algorithms["SHA512WITHXMSS"] = BCObjectIdentifiers.xmss_SHA512ph; + Algorithms["SHAKE128WITHXMSS"] = BCObjectIdentifiers.xmss_SHAKE128ph; + Algorithms["SHAKE256WITHXMSS"] = BCObjectIdentifiers.xmss_SHAKE256ph; + + Algorithms["SHA256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHA256ph; + Algorithms["SHA512WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHA512ph; + Algorithms["SHAKE128WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHAKE128ph; + Algorithms["SHAKE256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_SHAKE256ph; + + Algorithms["SHA256WITHXMSS-SHA256"] = BCObjectIdentifiers.xmss_SHA256ph; + Algorithms["SHA512WITHXMSS-SHA512"] = BCObjectIdentifiers.xmss_SHA512ph; + Algorithms["SHAKE128WITHXMSS-SHAKE128"] = BCObjectIdentifiers.xmss_SHAKE128ph; + Algorithms["SHAKE256WITHXMSS-SHAKE256"] = BCObjectIdentifiers.xmss_SHAKE256ph; + + Algorithms["SHA256WITHXMSSMT-SHA256"] = BCObjectIdentifiers.xmss_mt_SHA256ph; + Algorithms["SHA512WITHXMSSMT-SHA512"] = BCObjectIdentifiers.xmss_mt_SHA512ph; + Algorithms["SHAKE128WITHXMSSMT-SHAKE128"] = BCObjectIdentifiers.xmss_mt_SHAKE128ph; + Algorithms["SHAKE256WITHXMSSMT-SHAKE256"] = BCObjectIdentifiers.xmss_mt_SHAKE256ph; + + Algorithms["LMS"] = PkcsObjectIdentifiers.IdAlgHssLmsHashsig; + + Algorithms["XMSS"] = IsaraObjectIdentifiers.id_alg_xmss; + Algorithms["XMSS-SHA256"] = BCObjectIdentifiers.xmss_SHA256; + Algorithms["XMSS-SHA512"] = BCObjectIdentifiers.xmss_SHA512; + Algorithms["XMSS-SHAKE128"] = BCObjectIdentifiers.xmss_SHAKE128; + Algorithms["XMSS-SHAKE256"] = BCObjectIdentifiers.xmss_SHAKE256; + + Algorithms["XMSSMT"] = IsaraObjectIdentifiers.id_alg_xmssmt; + Algorithms["XMSSMT-SHA256"] = BCObjectIdentifiers.xmss_mt_SHA256; + Algorithms["XMSSMT-SHA512"] = BCObjectIdentifiers.xmss_mt_SHA512; + Algorithms["XMSSMT-SHAKE128"] = BCObjectIdentifiers.xmss_mt_SHAKE128; + Algorithms["XMSSMT-SHAKE256"] = BCObjectIdentifiers.xmss_mt_SHAKE256; + + Algorithms["SPHINCS+"] = BCObjectIdentifiers.sphincsPlus; + Algorithms["SPHINCSPLUS"] = BCObjectIdentifiers.sphincsPlus; + + Algorithms["DILITHIUM2"] = BCObjectIdentifiers.dilithium2; + Algorithms["DILITHIUM3"] = BCObjectIdentifiers.dilithium3; + Algorithms["DILITHIUM5"] = BCObjectIdentifiers.dilithium5; + Algorithms["DILITHIUM2-AES"] = BCObjectIdentifiers.dilithium2_aes; + Algorithms["DILITHIUM3-AES"] = BCObjectIdentifiers.dilithium3_aes; + Algorithms["DILITHIUM5-AES"] = BCObjectIdentifiers.dilithium5_aes; + + Algorithms["FALCON-512"] = BCObjectIdentifiers.falcon_512; + Algorithms["FALCON-1024"] = BCObjectIdentifiers.falcon_1024; + + Algorithms["PICNIC"] = BCObjectIdentifiers.picnic_signature; + Algorithms["SHA512WITHPICNIC"] = BCObjectIdentifiers.picnic_with_sha512; + Algorithms["SHA3-512WITHPICNIC"] = BCObjectIdentifiers.picnic_with_sha3_512; + Algorithms["SHAKE256WITHPICNIC"] = BCObjectIdentifiers.picnic_with_shake256; + + // + // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. + // The parameters field SHALL be NULL for RSA based signature algorithms. + // + NoParams.Add(X9ObjectIdentifiers.ECDsaWithSha1); + NoParams.Add(X9ObjectIdentifiers.ECDsaWithSha224); + NoParams.Add(X9ObjectIdentifiers.ECDsaWithSha256); + NoParams.Add(X9ObjectIdentifiers.ECDsaWithSha384); + NoParams.Add(X9ObjectIdentifiers.ECDsaWithSha512); + NoParams.Add(X9ObjectIdentifiers.IdDsaWithSha1); + NoParams.Add(NistObjectIdentifiers.DsaWithSha224); + NoParams.Add(NistObjectIdentifiers.DsaWithSha256); + NoParams.Add(NistObjectIdentifiers.DsaWithSha384); + NoParams.Add(NistObjectIdentifiers.DsaWithSha512); + NoParams.Add(NistObjectIdentifiers.IdDsaWithSha3_224); + NoParams.Add(NistObjectIdentifiers.IdDsaWithSha3_256); + NoParams.Add(NistObjectIdentifiers.IdDsaWithSha3_384); + NoParams.Add(NistObjectIdentifiers.IdDsaWithSha3_512); + NoParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224); + NoParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256); + NoParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384); + NoParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512); + + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA224); + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA256); + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA384); + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA512); + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_224); + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_256); + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_384); + NoParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_512); + + // + // RFC 4491 + // + NoParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); + NoParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); + NoParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256); + NoParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512); + + // + // SPHINCS-256 + // + NoParams.Add(BCObjectIdentifiers.sphincs256_with_SHA512); + NoParams.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512); + + // + // SPHINCS-PLUS + // + NoParams.Add(BCObjectIdentifiers.sphincsPlus); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_128s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_128f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_192s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_192f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_256s_r3); + NoParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_256f_r3); + + // + // Dilithium + // + NoParams.Add(BCObjectIdentifiers.dilithium); + NoParams.Add(BCObjectIdentifiers.dilithium2); + NoParams.Add(BCObjectIdentifiers.dilithium3); + NoParams.Add(BCObjectIdentifiers.dilithium5); + NoParams.Add(BCObjectIdentifiers.dilithium2_aes); + NoParams.Add(BCObjectIdentifiers.dilithium3_aes); + NoParams.Add(BCObjectIdentifiers.dilithium5_aes); + + // + // Falcon + // + NoParams.Add(BCObjectIdentifiers.falcon); + NoParams.Add(BCObjectIdentifiers.falcon_512); + NoParams.Add(BCObjectIdentifiers.falcon_1024); + + // + // Picnic + // + NoParams.Add(BCObjectIdentifiers.picnic_signature); + NoParams.Add(BCObjectIdentifiers.picnic_with_sha512); + NoParams.Add(BCObjectIdentifiers.picnic_with_sha3_512); + NoParams.Add(BCObjectIdentifiers.picnic_with_shake256); + + // + // XMSS + // + NoParams.Add(BCObjectIdentifiers.xmss_SHA256ph); + NoParams.Add(BCObjectIdentifiers.xmss_SHA512ph); + NoParams.Add(BCObjectIdentifiers.xmss_SHAKE128ph); + NoParams.Add(BCObjectIdentifiers.xmss_SHAKE256ph); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHA256ph); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHA512ph); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128ph); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256ph); + + NoParams.Add(BCObjectIdentifiers.xmss_SHA256); + NoParams.Add(BCObjectIdentifiers.xmss_SHA512); + NoParams.Add(BCObjectIdentifiers.xmss_SHAKE128); + NoParams.Add(BCObjectIdentifiers.xmss_SHAKE256); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHA256); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHA512); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128); + NoParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256); + + NoParams.Add(IsaraObjectIdentifiers.id_alg_xmss); + NoParams.Add(IsaraObjectIdentifiers.id_alg_xmssmt); + + // + // qTESLA + // + NoParams.Add(BCObjectIdentifiers.qTESLA_p_I); + NoParams.Add(BCObjectIdentifiers.qTESLA_p_III); + + // + // SM2 + // + //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_rmd160); + //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha1); + //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha224); + NoParams.Add(GMObjectIdentifiers.sm2sign_with_sha256); + //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha384); + //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha512); + NoParams.Add(GMObjectIdentifiers.sm2sign_with_sm3); + + // EdDSA + NoParams.Add(EdECObjectIdentifiers.id_Ed25519); + NoParams.Add(EdECObjectIdentifiers.id_Ed448); + + // RFC 8702 + NoParams.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128); + NoParams.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256); + NoParams.Add(CmsObjectIdentifiers.id_ecdsa_with_shake128); + NoParams.Add(CmsObjectIdentifiers.id_ecdsa_with_shake256); + + // + // PKCS 1.5 encrypted algorithms + // + Pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption); + Pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption); + Pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption); + Pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption); + Pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption); + Pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); + Pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); + Pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); + Pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); + Pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); + Pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224); + Pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256); + Pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384); + Pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512); + + // + // explicit params + // + AlgorithmIdentifier sha1AlgID = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance); + Parameters["SHA1WITHRSAANDMGF1"] = CreatePssParams(sha1AlgID, 20); + + AlgorithmIdentifier sha224AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance); + Parameters["SHA224WITHRSAANDMGF1"] = CreatePssParams(sha224AlgID, 28); + + AlgorithmIdentifier sha256AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance); + Parameters["SHA256WITHRSAANDMGF1"] = CreatePssParams(sha256AlgID, 32); + + AlgorithmIdentifier sha384AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance); + Parameters["SHA384WITHRSAANDMGF1"] = CreatePssParams(sha384AlgID, 48); + + AlgorithmIdentifier sha512AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance); + Parameters["SHA512WITHRSAANDMGF1"] = CreatePssParams(sha512AlgID, 64); + + AlgorithmIdentifier sha3_224AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_224, DerNull.Instance); + Parameters["SHA3-224WITHRSAANDMGF1"] = CreatePssParams(sha3_224AlgID, 28); + + AlgorithmIdentifier sha3_256AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_256, DerNull.Instance); + Parameters["SHA3-256WITHRSAANDMGF1"] = CreatePssParams(sha3_256AlgID, 32); + + AlgorithmIdentifier sha3_384AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_384, DerNull.Instance); + Parameters["SHA3-384WITHRSAANDMGF1"] = CreatePssParams(sha3_384AlgID, 48); + + AlgorithmIdentifier sha3_512AlgID = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_512, DerNull.Instance); + Parameters["SHA3-512WITHRSAANDMGF1"] = CreatePssParams(sha3_512AlgID, 64); + + // + // digests + // + DigestOids[PkcsObjectIdentifiers.Sha224WithRsaEncryption] = NistObjectIdentifiers.IdSha224; + DigestOids[PkcsObjectIdentifiers.Sha256WithRsaEncryption] = NistObjectIdentifiers.IdSha256; + DigestOids[PkcsObjectIdentifiers.Sha384WithRsaEncryption] = NistObjectIdentifiers.IdSha384; + DigestOids[PkcsObjectIdentifiers.Sha512WithRsaEncryption] = NistObjectIdentifiers.IdSha512; + DigestOids[PkcsObjectIdentifiers.Sha512_224WithRSAEncryption] = NistObjectIdentifiers.IdSha512_224; + DigestOids[PkcsObjectIdentifiers.Sha512_256WithRSAEncryption] = NistObjectIdentifiers.IdSha512_256; + DigestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha224; + DigestOids[NistObjectIdentifiers.DsaWithSha256] = NistObjectIdentifiers.IdSha256; + DigestOids[NistObjectIdentifiers.DsaWithSha384] = NistObjectIdentifiers.IdSha384; + DigestOids[NistObjectIdentifiers.DsaWithSha512] = NistObjectIdentifiers.IdSha512; + DigestOids[NistObjectIdentifiers.IdDsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224; + DigestOids[NistObjectIdentifiers.IdDsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256; + DigestOids[NistObjectIdentifiers.IdDsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384; + DigestOids[NistObjectIdentifiers.IdDsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512; + DigestOids[NistObjectIdentifiers.IdEcdsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224; + DigestOids[NistObjectIdentifiers.IdEcdsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256; + DigestOids[NistObjectIdentifiers.IdEcdsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384; + DigestOids[NistObjectIdentifiers.IdEcdsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512; + DigestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224] = NistObjectIdentifiers.IdSha3_224; + DigestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256] = NistObjectIdentifiers.IdSha3_256; + DigestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384] = NistObjectIdentifiers.IdSha3_384; + DigestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512] = NistObjectIdentifiers.IdSha3_512; + + DigestOids[PkcsObjectIdentifiers.MD2WithRsaEncryption] = PkcsObjectIdentifiers.MD2; + DigestOids[PkcsObjectIdentifiers.MD4WithRsaEncryption] = PkcsObjectIdentifiers.MD4; + DigestOids[PkcsObjectIdentifiers.MD5WithRsaEncryption] = PkcsObjectIdentifiers.MD5; + DigestOids[PkcsObjectIdentifiers.Sha1WithRsaEncryption] = OiwObjectIdentifiers.IdSha1; + DigestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128] = TeleTrusTObjectIdentifiers.RipeMD128; + DigestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160] = TeleTrusTObjectIdentifiers.RipeMD160; + DigestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256] = TeleTrusTObjectIdentifiers.RipeMD256; + DigestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94] = CryptoProObjectIdentifiers.GostR3411; + DigestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001] = CryptoProObjectIdentifiers.GostR3411; + DigestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256; + DigestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512; + + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_128s_r3] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_128f_r3] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_128s_r3] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_128f_r3] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_192s_r3] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_192f_r3] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_192s_r3] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_192f_r3] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_256s_r3] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_256f_r3] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_256s_r3] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_256f_r3] = NistObjectIdentifiers.IdShake256; + + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_128s_r3_simple] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_128f_r3_simple] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_128s_r3_simple] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_128f_r3_simple] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_192s_r3_simple] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_192f_r3_simple] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_192s_r3_simple] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_192f_r3_simple] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_256s_r3_simple] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_sha2_256f_r3_simple] = NistObjectIdentifiers.IdSha256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_256s_r3_simple] = NistObjectIdentifiers.IdShake256; + DigestOids[BCObjectIdentifiers.sphincsPlus_shake_256f_r3_simple] = NistObjectIdentifiers.IdShake256; + + //m_digestOids[GMObjectIdentifiers.sm2sign_with_rmd160] = TeleTrusTObjectIdentifiers.RipeMD160; + //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha1] = OiwObjectIdentifiers.IdSha1; + //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha224] = NistObjectIdentifiers.IdSha224; + DigestOids[GMObjectIdentifiers.sm2sign_with_sha256] = NistObjectIdentifiers.IdSha256; + //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha384] = NistObjectIdentifiers.IdSha384; + //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha512] = NistObjectIdentifiers.IdSha512; + DigestOids[GMObjectIdentifiers.sm2sign_with_sm3] = GMObjectIdentifiers.sm3; + + DigestOids[CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128] = NistObjectIdentifiers.IdShake128; + DigestOids[CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256] = NistObjectIdentifiers.IdShake256; + DigestOids[CmsObjectIdentifiers.id_ecdsa_with_shake128] = NistObjectIdentifiers.IdShake128; + DigestOids[CmsObjectIdentifiers.id_ecdsa_with_shake256] = NistObjectIdentifiers.IdShake256; + } + + private static RsassaPssParameters CreatePssParams(AlgorithmIdentifier hashAlgID, int saltSize) + { + return new RsassaPssParameters( + hashAlgID, + new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgID), + new DerInteger(saltSize), + new DerInteger(1)); + } + + protected DefaultSignatureAlgorithmFinder() + { + } + + public virtual AlgorithmIdentifier Find(string signatureName) + { + if (!Algorithms.TryGetValue(signatureName, out var signatureOid)) + throw new ArgumentException("Unknown signature type requested: " + signatureName, + nameof(signatureName)); + + AlgorithmIdentifier signatureAlgorithm; + if (NoParams.Contains(signatureOid)) + { + signatureAlgorithm = new AlgorithmIdentifier(signatureOid); + } + else if (Parameters.TryGetValue(signatureName, out var parameters)) + { + signatureAlgorithm = new AlgorithmIdentifier(signatureOid, parameters); + } + else + { + signatureAlgorithm = new AlgorithmIdentifier(signatureOid, DerNull.Instance); + } + return signatureAlgorithm; + } + } +} diff --git a/crypto/src/operators/utilities/IDigestAlgorithmFinder.cs b/crypto/src/operators/utilities/IDigestAlgorithmFinder.cs new file mode 100644 index 000000000..867829dba --- /dev/null +++ b/crypto/src/operators/utilities/IDigestAlgorithmFinder.cs @@ -0,0 +1,32 @@ +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.X509; + +namespace Org.BouncyCastle.Operators.Utilities +{ + /// <summary> + /// Base interface for a finder of digest algorithm identifiers used with signatures. + /// </summary> + public interface IDigestAlgorithmFinder + { + /// <summary> + /// Find the digest algorithm identifier that matches with the passed in signature algorithm identifier. + /// </summary> + /// <param name="signatureAlgorithm">the signature algorithm of interest.</param> + /// <returns>an algorithm identifier for the corresponding digest.</returns> + AlgorithmIdentifier Find(AlgorithmIdentifier signatureAlgorithm); + + /// <summary> + /// Find the digest algorithm identifier that matches with the passed in digest name. + /// </summary> + /// <param name="digestOid">the OID of the digest algorithm of interest.</param> + /// <returns>an algorithm identifier for the digest signature.</returns> + AlgorithmIdentifier Find(DerObjectIdentifier digestOid); + + /// <summary> + /// Find the digest algorithm identifier that matches with the passed in digest name. + /// </summary> + /// <param name="digestName">the name of the digest algorithm of interest.</param> + /// <returns>an algorithm identifier for the digest signature.</returns> + AlgorithmIdentifier Find(string digestName); + } +} diff --git a/crypto/src/operators/utilities/ISignatureAlgorithmFinder.cs b/crypto/src/operators/utilities/ISignatureAlgorithmFinder.cs new file mode 100644 index 000000000..c08ad7e98 --- /dev/null +++ b/crypto/src/operators/utilities/ISignatureAlgorithmFinder.cs @@ -0,0 +1,9 @@ +using Org.BouncyCastle.Asn1.X509; + +namespace Org.BouncyCastle.Operators.Utilities +{ + public interface ISignatureAlgorithmFinder + { + AlgorithmIdentifier Find(string signatureName); + } +} |