diff --git a/crypto/src/asn1/cms/CcmParameters.cs b/crypto/src/asn1/cms/CcmParameters.cs
new file mode 100644
index 000000000..c9588adca
--- /dev/null
+++ b/crypto/src/asn1/cms/CcmParameters.cs
@@ -0,0 +1,66 @@
+using System;
+
+using Org.BouncyCastle.Utilities;
+
+namespace Org.BouncyCastle.Asn1.Cms
+{
+ public class CcmParameters
+ : Asn1Encodable
+ {
+ private const int DefaultIcvLen = 12;
+
+ private readonly byte[] m_nonce;
+ private readonly int m_icvLen;
+
+ public static CcmParameters GetInstance(object obj)
+ {
+ if (obj == null)
+ return null;
+ if (obj is CcmParameters ccmParameters)
+ return ccmParameters;
+ return new CcmParameters(Asn1Sequence.GetInstance(obj));
+ }
+
+ public static CcmParameters GetInstance(Asn1TaggedObject taggedObject, bool declaredExplicit)
+ {
+ return GetInstance(Asn1Sequence.GetInstance(taggedObject, declaredExplicit));
+ }
+
+ private CcmParameters(Asn1Sequence seq)
+ {
+ int count = seq.Count;
+ if (count < 1 || count > 2)
+ throw new ArgumentException("Bad sequence size: " + count, nameof(seq));
+
+ m_nonce = Asn1OctetString.GetInstance(seq[0]).GetOctets();
+
+ if (count > 1)
+ {
+ m_icvLen = DerInteger.GetInstance(seq[1]).IntValueExact;
+ }
+ else
+ {
+ m_icvLen = DefaultIcvLen;
+ }
+ }
+
+ public CcmParameters(byte[] nonce, int icvLen)
+ {
+ m_nonce = Arrays.Clone(nonce);
+ m_icvLen = icvLen;
+ }
+
+ public byte[] GetNonce() => Arrays.Clone(m_nonce);
+
+ public int IcvLen => m_icvLen;
+
+ public override Asn1Object ToAsn1Object()
+ {
+ var nonce = new DerOctetString(m_nonce);
+
+ return m_icvLen == DefaultIcvLen
+ ? new DerSequence(nonce)
+ : new DerSequence(nonce, new DerInteger(m_icvLen));
+ }
+ }
+}
diff --git a/crypto/src/asn1/cms/GcmParameters.cs b/crypto/src/asn1/cms/GcmParameters.cs
new file mode 100644
index 000000000..bc86d27fa
--- /dev/null
+++ b/crypto/src/asn1/cms/GcmParameters.cs
@@ -0,0 +1,66 @@
+using System;
+
+using Org.BouncyCastle.Utilities;
+
+namespace Org.BouncyCastle.Asn1.Cms
+{
+ public class GcmParameters
+ : Asn1Encodable
+ {
+ private const int DefaultIcvLen = 12;
+
+ private readonly byte[] m_nonce;
+ private readonly int m_icvLen;
+
+ public static GcmParameters GetInstance(object obj)
+ {
+ if (obj == null)
+ return null;
+ if (obj is GcmParameters gcmParameters)
+ return gcmParameters;
+ return new GcmParameters(Asn1Sequence.GetInstance(obj));
+ }
+
+ public static GcmParameters GetInstance(Asn1TaggedObject taggedObject, bool declaredExplicit)
+ {
+ return GetInstance(Asn1Sequence.GetInstance(taggedObject, declaredExplicit));
+ }
+
+ private GcmParameters(Asn1Sequence seq)
+ {
+ int count = seq.Count;
+ if (count < 1 || count > 2)
+ throw new ArgumentException("Bad sequence size: " + count, nameof(seq));
+
+ m_nonce = Asn1OctetString.GetInstance(seq[0]).GetOctets();
+
+ if (count > 1)
+ {
+ m_icvLen = DerInteger.GetInstance(seq[1]).IntValueExact;
+ }
+ else
+ {
+ m_icvLen = DefaultIcvLen;
+ }
+ }
+
+ public GcmParameters(byte[] nonce, int icvLen)
+ {
+ m_nonce = Arrays.Clone(nonce);
+ m_icvLen = icvLen;
+ }
+
+ public byte[] GetNonce() => Arrays.Clone(m_nonce);
+
+ public int IcvLen => m_icvLen;
+
+ public override Asn1Object ToAsn1Object()
+ {
+ var nonce = new DerOctetString(m_nonce);
+
+ return m_icvLen == DefaultIcvLen
+ ? new DerSequence(nonce)
+ : new DerSequence(nonce, new DerInteger(m_icvLen));
+ }
+ }
+}
diff --git a/crypto/src/security/ParameterUtilities.cs b/crypto/src/security/ParameterUtilities.cs
index d79f15359..d393e3d36 100644
--- a/crypto/src/security/ParameterUtilities.cs
+++ b/crypto/src/security/ParameterUtilities.cs
@@ -2,6 +2,7 @@ using System;
using System.Collections.Generic;
using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cms;
using Org.BouncyCastle.Asn1.CryptoPro;
using Org.BouncyCastle.Asn1.Kisa;
using Org.BouncyCastle.Asn1.Misc;
@@ -246,6 +247,30 @@ namespace Org.BouncyCastle.Security
if (algorithm == null)
throw new ArgumentNullException("algorithm");
+ if (NistObjectIdentifiers.IdAes128Gcm.Id.Equals(algorithm) ||
+ NistObjectIdentifiers.IdAes192Gcm.Id.Equals(algorithm) ||
+ NistObjectIdentifiers.IdAes256Gcm.Id.Equals(algorithm))
+ {
+ if (!(key is KeyParameter keyParameter))
+ throw new ArgumentException("key data must be accessible for GCM operation");
+
+ var gcmParameters = GcmParameters.GetInstance(asn1Params);
+
+ return new AeadParameters(keyParameter, gcmParameters.IcvLen * 8, gcmParameters.GetNonce());
+ }
+
+ if (NistObjectIdentifiers.IdAes128Ccm.Id.Equals(algorithm) ||
+ NistObjectIdentifiers.IdAes192Ccm.Id.Equals(algorithm) ||
+ NistObjectIdentifiers.IdAes256Ccm.Id.Equals(algorithm))
+ {
+ if (!(key is KeyParameter keyParameter))
+ throw new ArgumentException("key data must be accessible for CCM operation");
+
+ var ccmParameters = CcmParameters.GetInstance(asn1Params);
+
+ return new AeadParameters(keyParameter, ccmParameters.IcvLen * 8, ccmParameters.GetNonce());
+ }
+
string canonical = GetCanonicalAlgorithmName(algorithm);
if (canonical == null)
diff --git a/crypto/test/src/security/test/TestParameterUtil.cs b/crypto/test/src/security/test/TestParameterUtil.cs
index fe494212a..3f8dbcf3c 100644
--- a/crypto/test/src/security/test/TestParameterUtil.cs
+++ b/crypto/test/src/security/test/TestParameterUtil.cs
@@ -3,6 +3,7 @@ using System;
using NUnit.Framework;
using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cms;
using Org.BouncyCastle.Asn1.Nist;
using Org.BouncyCastle.Asn1.Oiw;
using Org.BouncyCastle.Asn1.Pkcs;
@@ -29,7 +30,47 @@ namespace Org.BouncyCastle.Security.Tests
128, typeof(RC2Parameters), random);
}
- private void doTestCreateKeyParameter(
+ [Test]
+ public void TestGetCipherParameters()
+ {
+ var aes128Ccm = ParameterUtilities.GetCipherParameters(
+ NistObjectIdentifiers.IdAes128Ccm,
+ new KeyParameter(new byte[16]),
+ new CcmParameters(new byte[12], 16).ToAsn1Object());
+ Assert.IsInstanceOf(typeof(AeadParameters), aes128Ccm);
+
+ var aes192Ccm = ParameterUtilities.GetCipherParameters(
+ NistObjectIdentifiers.IdAes192Ccm,
+ new KeyParameter(new byte[24]),
+ new CcmParameters(new byte[12], 16).ToAsn1Object());
+ Assert.IsInstanceOf(typeof(AeadParameters), aes192Ccm);
+
+ var aes256Ccm = ParameterUtilities.GetCipherParameters(
+ NistObjectIdentifiers.IdAes256Ccm,
+ new KeyParameter(new byte[32]),
+ new CcmParameters(new byte[12], 16).ToAsn1Object());
+ Assert.IsInstanceOf(typeof(AeadParameters), aes256Ccm);
+
+ var aes128Gcm = ParameterUtilities.GetCipherParameters(
+ NistObjectIdentifiers.IdAes128Gcm,
+ new KeyParameter(new byte[16]),
+ new GcmParameters(new byte[12], 16).ToAsn1Object());
+ Assert.IsInstanceOf(typeof(AeadParameters), aes128Gcm);
+
+ var aes192Gcm = ParameterUtilities.GetCipherParameters(
+ NistObjectIdentifiers.IdAes192Gcm,
+ new KeyParameter(new byte[24]),
+ new GcmParameters(new byte[12], 16).ToAsn1Object());
+ Assert.IsInstanceOf(typeof(AeadParameters), aes192Gcm);
+
+ var aes256Gcm = ParameterUtilities.GetCipherParameters(
+ NistObjectIdentifiers.IdAes256Gcm,
+ new KeyParameter(new byte[32]),
+ new GcmParameters(new byte[12], 16).ToAsn1Object());
+ Assert.IsInstanceOf(typeof(AeadParameters), aes256Gcm);
+ }
+
+ private void doTestCreateKeyParameter(
string algorithm,
DerObjectIdentifier oid,
int keyBits,
|
