summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--crypto/src/cms/CMSSignedData.cs184
-rw-r--r--crypto/src/cms/CMSSignedDataGenerator.cs7
-rw-r--r--crypto/src/cms/CMSSignedGenerator.cs634
-rw-r--r--crypto/src/cms/CMSSignedHelper.cs19
-rw-r--r--crypto/src/cms/CMSUtils.cs55
-rw-r--r--crypto/src/cms/SignerInformation.cs4
-rw-r--r--crypto/src/security/SignerUtilities.cs4
7 files changed, 682 insertions, 225 deletions
diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs
index 5a73df4f1..bfe4705e7 100644
--- a/crypto/src/cms/CMSSignedData.cs
+++ b/crypto/src/cms/CMSSignedData.cs
@@ -4,6 +4,7 @@ using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cms;
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Utilities.Collections;
 using Org.BouncyCastle.X509;
 
@@ -35,6 +36,8 @@ namespace Org.BouncyCastle.Cms
 	public class CmsSignedData
 	{
 		private static readonly CmsSignedHelper Helper = CmsSignedHelper.Instance;
+        internal static readonly DefaultDigestAlgorithmIdentifierFinder DigestAlgIDFinder =
+			new DefaultDigestAlgorithmIdentifierFinder();
 
 		private readonly CmsProcessable	signedContent;
 		private SignedData				signedData;
@@ -209,11 +212,30 @@ namespace Org.BouncyCastle.Cms
 			return Helper.GetOtherRevInfos(signedData.CRLs, otherRevInfoFormat);
 		}
 
-		/// <summary>
-		/// Return the <c>DerObjectIdentifier</c> associated with the encapsulated
-		/// content info structure carried in the signed data.
-		/// </summary>
-		public DerObjectIdentifier SignedContentType
+        /**
+         * Return the digest algorithm identifiers for the SignedData object
+         *
+         * @return the set of digest algorithm identifiers
+         */
+        public ISet<AlgorithmIdentifier> GetDigestAlgorithmIDs()
+        {
+			var digestAlgorithms = signedData.DigestAlgorithms;
+
+            HashSet<AlgorithmIdentifier> result = new HashSet<AlgorithmIdentifier>();
+
+			foreach (var entry in digestAlgorithms)
+			{
+                result.Add(AlgorithmIdentifier.GetInstance(entry));
+			}
+
+			return CollectionUtilities.ReadOnly(result);
+        }
+
+        /// <summary>
+        /// Return the <c>DerObjectIdentifier</c> associated with the encapsulated
+        /// content info structure carried in the signed data.
+        /// </summary>
+        public DerObjectIdentifier SignedContentType
 		{
 			get { return signedData.EncapContentInfo.ContentType; }
 		}
@@ -249,59 +271,147 @@ namespace Org.BouncyCastle.Cms
             return contentInfo.GetEncoded(encoding);
         }
 
-		/**
-		* Replace the signerinformation store associated with this
-		* CmsSignedData object with the new one passed in. You would
-		* probably only want to do this if you wanted to change the unsigned
-		* attributes associated with a signer, or perhaps delete one.
-		*
-		* @param signedData the signed data object to be used as a base.
-		* @param signerInformationStore the new signer information store to use.
-		* @return a new signed data object.
-		*/
-		public static CmsSignedData ReplaceSigners(
-			CmsSignedData           signedData,
-			SignerInformationStore  signerInformationStore)
+        /**
+         * Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm
+         * in it. Uses the current DigestAlgorithmIdentifierFinder for creating the digest sets.
+         *
+         * @param signedData      the signed data object to be used as a base.
+         * @param digestAlgorithm the digest algorithm to be added to the signed data.
+         * @return a new signed data object.
+         */
+        public static CmsSignedData AddDigestAlgorithm(CmsSignedData signedData, AlgorithmIdentifier digestAlgorithm) =>
+            AddDigestAlgorithm(signedData, digestAlgorithm, DigestAlgIDFinder);
+
+        /**
+         * Return a new CMSSignedData which guarantees to have the passed in digestAlgorithm
+         * in it. Uses the passed in DigestAlgorithmIdentifierFinder for creating the digest sets.
+         *
+         * @param signedData      the signed data object to be used as a base.
+         * @param digestAlgorithm the digest algorithm to be added to the signed data.
+         * @param digestAlgIDFinder      the digest algorithmID map to generate the digest set with.
+         * @return a new signed data object.
+         */
+        public static CmsSignedData AddDigestAlgorithm(CmsSignedData signedData, AlgorithmIdentifier digestAlgorithm,
+			DefaultDigestAlgorithmIdentifierFinder digestAlgIDFinder)
 		{
+			ISet<AlgorithmIdentifier> digestAlgorithms = signedData.GetDigestAlgorithmIDs();
+			AlgorithmIdentifier digestAlg = Helper.FixDigestAlgID(digestAlgorithm, digestAlgIDFinder);
+
 			//
-			// copy
+			// if the algorithm is already present there is no need to add it.
 			//
-			CmsSignedData cms = new CmsSignedData(signedData);
+			if (digestAlgorithms.Contains(digestAlg))
+				return signedData;
 
 			//
-			// replace the store
+			// copy
 			//
-			cms.signerInfoStore = signerInformationStore;
+			CmsSignedData cms = new CmsSignedData(signedData);
+
+            //
+            // build up the new set
+            //
+            HashSet<AlgorithmIdentifier> digestAlgs = new HashSet<AlgorithmIdentifier>();
+
+            foreach (var entry in digestAlgs)
+			{
+				digestAlgs.Add(Helper.FixDigestAlgID(entry, digestAlgIDFinder));
+			}
+			digestAlgs.Add(digestAlg);
+
+			Asn1Set digests = CmsUtilities.ConvertToDLSet(digestAlgs);
+			Asn1Sequence sD = (Asn1Sequence)signedData.signedData.ToAsn1Object();
+
+            //
+            // signers are the last item in the sequence.
+            //
+            Asn1EncodableVector vec = new Asn1EncodableVector(sD.Count);
+            vec.Add(sD[0]); // version
+			vec.Add(digests);
+
+			for (int i = 2; i != sD.Count; i++)
+			{
+				vec.Add(sD[i]);
+			}
+
+			cms.signedData = SignedData.GetInstance(new BerSequence(vec));
 
 			//
-			// replace the signers in the SignedData object
+			// replace the contentInfo with the new one
 			//
-			var storeSigners = signerInformationStore.GetSigners();
-            Asn1EncodableVector digestAlgs = new Asn1EncodableVector(storeSigners.Count);
-            Asn1EncodableVector vec = new Asn1EncodableVector(storeSigners.Count);
-            foreach (SignerInformation signer in storeSigners)
+			cms.contentInfo = new ContentInfo(cms.contentInfo.ContentType, cms.signedData);
+
+			return cms;
+		}
+
+        /**
+		 * Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in
+		 * using the current DigestAlgorithmIdentifierFinder for creating the digest sets. You would probably only want
+		 * to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete one.
+		 *
+		 * @param signedData             the signed data object to be used as a base.
+		 * @param signerInformationStore the new signer information store to use.
+		 * @return a new signed data object.
+		 */
+        public static CmsSignedData ReplaceSigners(CmsSignedData signedData,
+			SignerInformationStore signerInformationStore) =>
+				ReplaceSigners(signedData, signerInformationStore, DigestAlgIDFinder);
+
+        /**
+         * Replace the SignerInformation store associated with this CMSSignedData object with the new one passed in
+         * using the passed in DigestAlgorithmIdentifierFinder for creating the digest sets. You would probably only
+         * want to do this if you wanted to change the unsigned attributes associated with a signer, or perhaps delete
+         * one.
+         *
+         * @param signedData             the signed data object to be used as a base.
+         * @param signerInformationStore the new signer information store to use.
+         * @param dgstAlgIDFinder      the digest algorithmID map to generate the digest set with.
+         * @return a new signed data object.
+         */
+        public static CmsSignedData ReplaceSigners(CmsSignedData signedData,
+			SignerInformationStore signerInformationStore, DefaultDigestAlgorithmIdentifierFinder digestAlgIDFinder)
+		{
+            //
+            // copy
+            //
+            CmsSignedData cms = new CmsSignedData(signedData);
+
+            //
+            // replace the store
+            //
+            cms.signerInfoStore = signerInformationStore;
+
+            //
+            // replace the signers in the SignedData object
+            //
+            HashSet<AlgorithmIdentifier> digestAlgs = new HashSet<AlgorithmIdentifier>();
+
+			var signers = signerInformationStore.GetSigners();
+			Asn1EncodableVector vec = new Asn1EncodableVector(signers.Count);
+
+			foreach (var signer in signers)
 			{
-				digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID));
+				CmsUtilities.AddDigestAlgs(digestAlgs, signer, digestAlgIDFinder);
 				vec.Add(signer.ToSignerInfo());
 			}
 
-			Asn1Set digests = new DerSet(digestAlgs);
-			Asn1Set signers = new DerSet(vec);
+			Asn1Set digestSet = CmsUtilities.ConvertToDLSet(digestAlgs);
+			Asn1Set signerSet = DLSet.FromVector(vec);
 			Asn1Sequence sD = (Asn1Sequence)signedData.signedData.ToAsn1Object();
 
-			//
-			// signers are the last item in the sequence.
-			//
-			vec = new Asn1EncodableVector(sD.Count);
-			vec.Add(sD[0]); // version
-			vec.Add(digests);
+            //
+            // signers are the last item in the sequence.
+            //
+            vec = new Asn1EncodableVector(sD.Count);
+            vec.Add(sD[0]); // version
+			vec.Add(digestSet);
 
 			for (int i = 2; i != sD.Count - 1; i++)
 			{
 				vec.Add(sD[i]);
 			}
 
-			vec.Add(signers);
+			vec.Add(signerSet);
 
 			cms.signedData = SignedData.GetInstance(new BerSequence(vec));
 
diff --git a/crypto/src/cms/CMSSignedDataGenerator.cs b/crypto/src/cms/CMSSignedDataGenerator.cs
index 646ed2c35..015c540cd 100644
--- a/crypto/src/cms/CMSSignedDataGenerator.cs
+++ b/crypto/src/cms/CMSSignedDataGenerator.cs
@@ -457,10 +457,9 @@ namespace Org.BouncyCastle.Cms
             //
             foreach (SignerInformation signer in _signers)
             {
-				digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID));
-
-				// TODO Verify the content type and calculated digest match the precalculated SignerInfo
-				signerInfos.Add(signer.ToSignerInfo());
+                CmsUtilities.AddDigestAlgs(digestAlgs, signer, CmsSignedData.DigestAlgIDFinder);
+                // TODO Verify the content type and calculated digest match the precalculated SignerInfo
+                signerInfos.Add(signer.ToSignerInfo());
             }
 
 			//
diff --git a/crypto/src/cms/CMSSignedGenerator.cs b/crypto/src/cms/CMSSignedGenerator.cs
index 799501789..f49b1fb80 100644
--- a/crypto/src/cms/CMSSignedGenerator.cs
+++ b/crypto/src/cms/CMSSignedGenerator.cs
@@ -7,8 +7,10 @@ using Org.BouncyCastle.Asn1.Bsi;
 using Org.BouncyCastle.Asn1.Cms;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.Eac;
+using Org.BouncyCastle.Asn1.EdEC;
 using Org.BouncyCastle.Asn1.GM;
 using Org.BouncyCastle.Asn1.Isara;
+using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
@@ -23,28 +25,22 @@ using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Cms
 {
+    // TODO[api] Create API for this
     public class DefaultSignatureAlgorithmIdentifierFinder
     {
-        private static readonly IDictionary<string, DerObjectIdentifier> m_algorithms =
+        private static readonly Dictionary<string, DerObjectIdentifier> m_algorithms =
             new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase);
-        private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>();
-        private static readonly IDictionary<string, Asn1Encodable> m_params =
+        private static readonly HashSet<DerObjectIdentifier> m_noParams = new HashSet<DerObjectIdentifier>();
+        private static readonly Dictionary<string, Asn1Encodable> m_parameters =
             new Dictionary<string, Asn1Encodable>(StringComparer.OrdinalIgnoreCase);
-        private static readonly HashSet<DerObjectIdentifier> pkcs15RsaEncryption = new HashSet<DerObjectIdentifier>();
-        private static readonly IDictionary<DerObjectIdentifier, DerObjectIdentifier> m_digestOids =
+        private static readonly HashSet<DerObjectIdentifier> m_pkcs15RsaEncryption = new HashSet<DerObjectIdentifier>();
+        private static readonly Dictionary<DerObjectIdentifier, DerObjectIdentifier> m_digestOids =
             new Dictionary<DerObjectIdentifier, DerObjectIdentifier>();
 
-        //private static readonly DerObjectIdentifier ENCRYPTION_RSA = PkcsObjectIdentifiers.RsaEncryption;
-        //private static readonly DerObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.IdDsaWithSha1;
-        //private static readonly DerObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ECDsaWithSha1;
-        //private static readonly DerObjectIdentifier ENCRYPTION_RSA_PSS = PkcsObjectIdentifiers.IdRsassaPss;
-        //private static readonly DerObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.GostR3410x94;
-        //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.GostR3410x2001;
-        //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_256 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
-        //private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_512 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512;
-
         static DefaultSignatureAlgorithmIdentifierFinder()
         {
+            m_algorithms["COMPOSITE"] = MiscObjectIdentifiers.id_alg_composite;
+
             m_algorithms["MD2WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD2WithRsaEncryption;
             m_algorithms["MD2WITHRSA"] = PkcsObjectIdentifiers.MD2WithRsaEncryption;
             m_algorithms["MD5WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD5WithRsaEncryption;
@@ -121,8 +117,6 @@ namespace Org.BouncyCastle.Cms
             m_algorithms["SHA256WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha256;
             m_algorithms["SHA384WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha384;
             m_algorithms["SHA512WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha512;
-
-
             m_algorithms["GOST3411WITHGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94;
             m_algorithms["GOST3411WITHGOST3410-94"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94;
             m_algorithms["GOST3411WITHECGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
@@ -130,16 +124,17 @@ namespace Org.BouncyCastle.Cms
             m_algorithms["GOST3411WITHGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
             m_algorithms["GOST3411WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
             m_algorithms["GOST3411WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
-            m_algorithms["GOST3411-2012-256WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            m_algorithms["GOST3411WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            m_algorithms["GOST3411WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
             m_algorithms["GOST3411-2012-256WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
-            m_algorithms["GOST3411-2012-512WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
             m_algorithms["GOST3411-2012-512WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
-            m_algorithms["SHA1WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA1;
-            m_algorithms["SHA224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA224;
-            m_algorithms["SHA256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA256;
-            m_algorithms["SHA384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA384;
-            m_algorithms["SHA512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA512;
-            m_algorithms["RIPEMD160WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_RIPEMD160;
+            m_algorithms["GOST3411-2012-256WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            m_algorithms["GOST3411-2012-512WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
+
+            // NOTE: Not in bc-java
+            m_algorithms["GOST3411-2012-256WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            m_algorithms["GOST3411-2012-512WITHECGOST3410"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
+
             m_algorithms["SHA1WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_1;
             m_algorithms["SHA224WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_224;
             m_algorithms["SHA256WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_256;
@@ -148,7 +143,34 @@ namespace Org.BouncyCastle.Cms
             m_algorithms["SHA3-512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA3_512;
             m_algorithms["SHA512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA512;
 
+            m_algorithms["SHA1WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA1;
+            m_algorithms["RIPEMD160WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_RIPEMD160;
+            m_algorithms["SHA224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA224;
+            m_algorithms["SHA256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA256;
+            m_algorithms["SHA384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA384;
+            m_algorithms["SHA512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA512;
+            m_algorithms["SHA3-224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_224;
+            m_algorithms["SHA3-256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_256;
+            m_algorithms["SHA3-384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_384;
+            m_algorithms["SHA3-512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA3_512;
+
+            m_algorithms["ED25519"] = EdECObjectIdentifiers.id_Ed25519;
+            m_algorithms["ED448"] = EdECObjectIdentifiers.id_Ed448;
+
+            // RFC 8702
+            m_algorithms["SHAKE128WITHRSAPSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128;
+            m_algorithms["SHAKE256WITHRSAPSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256;
+            m_algorithms["SHAKE128WITHRSASSA-PSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128;
+            m_algorithms["SHAKE256WITHRSASSA-PSS"] = CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256;
+            m_algorithms["SHAKE128WITHECDSA"] = CmsObjectIdentifiers.id_ecdsa_with_shake128;
+            m_algorithms["SHAKE256WITHECDSA"] = CmsObjectIdentifiers.id_ecdsa_with_shake256;
+
+            //m_algorithms["RIPEMD160WITHSM2"] = GMObjectIdentifiers.sm2sign_with_rmd160;
+            //m_algorithms["SHA1WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha1;
+            //m_algorithms["SHA224WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha224;
             m_algorithms["SHA256WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha256;
+            //m_algorithms["SHA384WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha384;
+            //m_algorithms["SHA512WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sha512;
             m_algorithms["SM3WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sm3;
 
             m_algorithms["SHA256WITHXMSS"] = BCObjectIdentifiers.xmss_SHA256ph;
@@ -171,6 +193,8 @@ namespace Org.BouncyCastle.Cms
             m_algorithms["SHAKE128WITHXMSSMT-SHAKE128"] = BCObjectIdentifiers.xmss_mt_SHAKE128ph;
             m_algorithms["SHAKE256WITHXMSSMT-SHAKE256"] = BCObjectIdentifiers.xmss_mt_SHAKE256ph;
 
+            m_algorithms["LMS"] = PkcsObjectIdentifiers.IdAlgHssLmsHashsig;
+
             m_algorithms["XMSS"] = IsaraObjectIdentifiers.id_alg_xmss;
             m_algorithms["XMSS-SHA256"] = BCObjectIdentifiers.xmss_SHA256;
             m_algorithms["XMSS-SHA512"] = BCObjectIdentifiers.xmss_SHA512;
@@ -183,122 +207,217 @@ namespace Org.BouncyCastle.Cms
             m_algorithms["XMSSMT-SHAKE128"] = BCObjectIdentifiers.xmss_mt_SHAKE128;
             m_algorithms["XMSSMT-SHAKE256"] = BCObjectIdentifiers.xmss_mt_SHAKE256;
 
+            m_algorithms["SPHINCS+"] = BCObjectIdentifiers.sphincsPlus;
+            m_algorithms["SPHINCSPLUS"] = BCObjectIdentifiers.sphincsPlus;
+
+            m_algorithms["DILITHIUM2"] = BCObjectIdentifiers.dilithium2;
+            m_algorithms["DILITHIUM3"] = BCObjectIdentifiers.dilithium3;
+            m_algorithms["DILITHIUM5"] = BCObjectIdentifiers.dilithium5;
+            m_algorithms["DILITHIUM2-AES"] = BCObjectIdentifiers.dilithium2_aes;
+            m_algorithms["DILITHIUM3-AES"] = BCObjectIdentifiers.dilithium3_aes;
+            m_algorithms["DILITHIUM5-AES"] = BCObjectIdentifiers.dilithium5_aes;
+
+            m_algorithms["FALCON-512"] = BCObjectIdentifiers.falcon_512;
+            m_algorithms["FALCON-1024"] = BCObjectIdentifiers.falcon_1024;
+
+            m_algorithms["PICNIC"] = BCObjectIdentifiers.picnic_signature;
+            m_algorithms["SHA512WITHPICNIC"] = BCObjectIdentifiers.picnic_with_sha512;
+            m_algorithms["SHA3-512WITHPICNIC"] = BCObjectIdentifiers.picnic_with_sha3_512;
+            m_algorithms["SHAKE256WITHPICNIC"] = BCObjectIdentifiers.picnic_with_shake256;
 
             //
             // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
             // The parameters field SHALL be NULL for RSA based signature algorithms.
             //
-            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1);
-            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224);
-            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256);
-            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384);
-            noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512);
-            noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1);
-            noParams.Add(NistObjectIdentifiers.DsaWithSha224);
-            noParams.Add(NistObjectIdentifiers.DsaWithSha256);
-            noParams.Add(NistObjectIdentifiers.DsaWithSha384);
-            noParams.Add(NistObjectIdentifiers.DsaWithSha512);
-            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_224);
-            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_256);
-            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_384);
-            noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_512);
-            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224);
-            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256);
-            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384);
-            noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512);
-
+            m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1);
+            m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224);
+            m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256);
+            m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384);
+            m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512);
+            m_noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1);
+            m_noParams.Add(NistObjectIdentifiers.DsaWithSha224);
+            m_noParams.Add(NistObjectIdentifiers.DsaWithSha256);
+            m_noParams.Add(NistObjectIdentifiers.DsaWithSha384);
+            m_noParams.Add(NistObjectIdentifiers.DsaWithSha512);
+            m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_224);
+            m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_256);
+            m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_384);
+            m_noParams.Add(NistObjectIdentifiers.IdDsaWithSha3_512);
+            m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224);
+            m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256);
+            m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384);
+            m_noParams.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512);
+
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA224);
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA256);
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA384);
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA512);
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_224);
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_256);
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_384);
+            m_noParams.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_512);
 
             //
             // RFC 4491
             //
-            noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
-            noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
-            noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256);
-            noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512);
+            m_noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
+            m_noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
+            m_noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256);
+            m_noParams.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512);
 
             //
             // SPHINCS-256
             //
-            noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA512);
-            noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
+            m_noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA512);
+            m_noParams.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
+
+            //
+            // SPHINCS-PLUS
+            //
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_128s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_128f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_192s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_192f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_256s_r3);
+            m_noParams.Add(BCObjectIdentifiers.sphincsPlus_haraka_256f_r3);
+
+            //
+            // Dilithium
+            //
+            m_noParams.Add(BCObjectIdentifiers.dilithium);
+            m_noParams.Add(BCObjectIdentifiers.dilithium2);
+            m_noParams.Add(BCObjectIdentifiers.dilithium3);
+            m_noParams.Add(BCObjectIdentifiers.dilithium5);
+            m_noParams.Add(BCObjectIdentifiers.dilithium2_aes);
+            m_noParams.Add(BCObjectIdentifiers.dilithium3_aes);
+            m_noParams.Add(BCObjectIdentifiers.dilithium5_aes);
+
+            //
+            // Falcon
+            //
+            m_noParams.Add(BCObjectIdentifiers.falcon);
+            m_noParams.Add(BCObjectIdentifiers.falcon_512);
+            m_noParams.Add(BCObjectIdentifiers.falcon_1024);
+
+            //
+            // Picnic
+            //
+            m_noParams.Add(BCObjectIdentifiers.picnic_signature);
+            m_noParams.Add(BCObjectIdentifiers.picnic_with_sha512);
+            m_noParams.Add(BCObjectIdentifiers.picnic_with_sha3_512);
+            m_noParams.Add(BCObjectIdentifiers.picnic_with_shake256);
 
             //
             // XMSS
             //
-            noParams.Add(BCObjectIdentifiers.xmss_SHA256ph);
-            noParams.Add(BCObjectIdentifiers.xmss_SHA512ph);
-            noParams.Add(BCObjectIdentifiers.xmss_SHAKE128ph);
-            noParams.Add(BCObjectIdentifiers.xmss_SHAKE256ph);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHA256ph);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHA512ph);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128ph);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256ph);
-
-            noParams.Add(BCObjectIdentifiers.xmss_SHA256);
-            noParams.Add(BCObjectIdentifiers.xmss_SHA512);
-            noParams.Add(BCObjectIdentifiers.xmss_SHAKE128);
-            noParams.Add(BCObjectIdentifiers.xmss_SHAKE256);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHA256);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHA512);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128);
-            noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256);
-
-            noParams.Add(IsaraObjectIdentifiers.id_alg_xmss);
-            noParams.Add(IsaraObjectIdentifiers.id_alg_xmssmt);
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHA256ph);
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHA512ph);
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE128ph);
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE256ph);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA256ph);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA512ph);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128ph);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256ph);
+
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHA256);
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHA512);
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE128);
+            m_noParams.Add(BCObjectIdentifiers.xmss_SHAKE256);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA256);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHA512);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE128);
+            m_noParams.Add(BCObjectIdentifiers.xmss_mt_SHAKE256);
+
+            m_noParams.Add(IsaraObjectIdentifiers.id_alg_xmss);
+            m_noParams.Add(IsaraObjectIdentifiers.id_alg_xmssmt);
+
+            //
+            // qTESLA
+            //
+            m_noParams.Add(BCObjectIdentifiers.qTESLA_p_I);
+            m_noParams.Add(BCObjectIdentifiers.qTESLA_p_III);
 
             //
             // SM2
             //
-            noParams.Add(GMObjectIdentifiers.sm2sign_with_sha256);
-            noParams.Add(GMObjectIdentifiers.sm2sign_with_sm3);
+            //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_rmd160);
+            //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha1);
+            //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha224);
+            m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha256);
+            //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha384);
+            //m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sha512);
+            m_noParams.Add(GMObjectIdentifiers.sm2sign_with_sm3);
+
+            // EdDSA
+            m_noParams.Add(EdECObjectIdentifiers.id_Ed25519);
+            m_noParams.Add(EdECObjectIdentifiers.id_Ed448);
+
+            // RFC 8702
+            m_noParams.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128);
+            m_noParams.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256);
+            m_noParams.Add(CmsObjectIdentifiers.id_ecdsa_with_shake128);
+            m_noParams.Add(CmsObjectIdentifiers.id_ecdsa_with_shake256);
 
             //
             // PKCS 1.5 encrypted  algorithms
             //
-            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
-            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption);
-            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
-            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption);
-            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption);
-            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
-            pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
-            pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
-            pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
-            pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
-            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
-            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
-            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
-            pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
+            m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption);
+            m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption);
+            m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
+            m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha384WithRsaEncryption);
+            m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption);
+            m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
+            m_pkcs15RsaEncryption.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
+            m_pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
+            m_pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
+            m_pkcs15RsaEncryption.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
+            m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
+            m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
+            m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
+            m_pkcs15RsaEncryption.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
 
             //
             // explicit params
             //
             AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
-            m_params["SHA1WITHRSAANDMGF1"] = CreatePssParams(sha1AlgId, 20);
+            m_parameters["SHA1WITHRSAANDMGF1"] = CreatePssParams(sha1AlgId, 20);
 
             AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance);
-            m_params["SHA224WITHRSAANDMGF1"] = CreatePssParams(sha224AlgId, 28);
+            m_parameters["SHA224WITHRSAANDMGF1"] = CreatePssParams(sha224AlgId, 28);
 
             AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
-            m_params["SHA256WITHRSAANDMGF1"] = CreatePssParams(sha256AlgId, 32);
+            m_parameters["SHA256WITHRSAANDMGF1"] = CreatePssParams(sha256AlgId, 32);
 
             AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
-            m_params["SHA384WITHRSAANDMGF1"] = CreatePssParams(sha384AlgId, 48);
+            m_parameters["SHA384WITHRSAANDMGF1"] = CreatePssParams(sha384AlgId, 48);
 
             AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
-            m_params["SHA512WITHRSAANDMGF1"] = CreatePssParams(sha512AlgId, 64);
+            m_parameters["SHA512WITHRSAANDMGF1"] = CreatePssParams(sha512AlgId, 64);
 
             AlgorithmIdentifier sha3_224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_224, DerNull.Instance);
-            m_params["SHA3-224WITHRSAANDMGF1"] = CreatePssParams(sha3_224AlgId, 28);
+            m_parameters["SHA3-224WITHRSAANDMGF1"] = CreatePssParams(sha3_224AlgId, 28);
 
             AlgorithmIdentifier sha3_256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_256, DerNull.Instance);
-            m_params["SHA3-256WITHRSAANDMGF1"] = CreatePssParams(sha3_256AlgId, 32);
+            m_parameters["SHA3-256WITHRSAANDMGF1"] = CreatePssParams(sha3_256AlgId, 32);
 
             AlgorithmIdentifier sha3_384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_384, DerNull.Instance);
-            m_params["SHA3-384WITHRSAANDMGF1"] = CreatePssParams(sha3_384AlgId, 48);
+            m_parameters["SHA3-384WITHRSAANDMGF1"] = CreatePssParams(sha3_384AlgId, 48);
 
             AlgorithmIdentifier sha3_512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_512, DerNull.Instance);
-            m_params["SHA3-512WITHRSAANDMGF1"] = CreatePssParams(sha3_512AlgId, 64);
+            m_parameters["SHA3-512WITHRSAANDMGF1"] = CreatePssParams(sha3_512AlgId, 64);
 
             //
             // digests
@@ -338,85 +457,102 @@ namespace Org.BouncyCastle.Cms
             m_digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256;
             m_digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512;
 
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128s_r3] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128f_r3] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128s_r3] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128f_r3] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192s_r3] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192f_r3] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192s_r3] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192f_r3] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256s_r3] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256f_r3] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256s_r3] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256f_r3] = NistObjectIdentifiers.IdShake256;
+
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128s_r3_simple] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_128f_r3_simple] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128s_r3_simple] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_128f_r3_simple] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192s_r3_simple] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_192f_r3_simple] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192s_r3_simple] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_192f_r3_simple] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256s_r3_simple] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_sha2_256f_r3_simple] = NistObjectIdentifiers.IdSha256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256s_r3_simple] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[BCObjectIdentifiers.sphincsPlus_shake_256f_r3_simple] = NistObjectIdentifiers.IdShake256;
+
+            //m_digestOids[GMObjectIdentifiers.sm2sign_with_rmd160] = TeleTrusTObjectIdentifiers.RipeMD160;
+            //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha1] = OiwObjectIdentifiers.IdSha1;
+            //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha224] = NistObjectIdentifiers.IdSha224;
             m_digestOids[GMObjectIdentifiers.sm2sign_with_sha256] = NistObjectIdentifiers.IdSha256;
+            //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha384] = NistObjectIdentifiers.IdSha384;
+            //m_digestOids[GMObjectIdentifiers.sm2sign_with_sha512] = NistObjectIdentifiers.IdSha512;
             m_digestOids[GMObjectIdentifiers.sm2sign_with_sm3] = GMObjectIdentifiers.sm3;
+
+            m_digestOids[CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128] = NistObjectIdentifiers.IdShake128;
+            m_digestOids[CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256] = NistObjectIdentifiers.IdShake256;
+            m_digestOids[CmsObjectIdentifiers.id_ecdsa_with_shake128] = NistObjectIdentifiers.IdShake128;
+            m_digestOids[CmsObjectIdentifiers.id_ecdsa_with_shake256] = NistObjectIdentifiers.IdShake256;
         }
 
-        private static AlgorithmIdentifier Generate(string signatureAlgorithm)
+        private static RsassaPssParameters CreatePssParams(AlgorithmIdentifier hashAlgID, int saltSize)
         {
-            AlgorithmIdentifier sigAlgId;
-            //AlgorithmIdentifier encAlgId;
-            //AlgorithmIdentifier digAlgId;
+            return new RsassaPssParameters(
+                hashAlgID,
+                new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgID),
+                new DerInteger(saltSize),
+                new DerInteger(1));
+        }
 
-            if (!m_algorithms.TryGetValue(signatureAlgorithm, out var sigOid))
-                throw new ArgumentException("Unknown signature type requested: " + signatureAlgorithm);
+        // TODO[api] Make virtual
+        public AlgorithmIdentifier Find(string sigAlgName)
+        {
+            string algorithmName = sigAlgName.ToUpperInvariant();
+            if (!m_algorithms.TryGetValue(algorithmName, out var sigAlgOid))
+                throw new ArgumentException("Unknown signature type requested: " + sigAlgName, nameof(sigAlgName));
 
-            if (noParams.Contains(sigOid))
+            AlgorithmIdentifier sigAlgID;
+            if (m_noParams.Contains(sigAlgOid))
             {
-                sigAlgId = new AlgorithmIdentifier(sigOid);
+                sigAlgID = new AlgorithmIdentifier(sigAlgOid);
             }
-            else if (m_params.TryGetValue(signatureAlgorithm, out var explicitParameters))
+            else if (m_parameters.TryGetValue(algorithmName, out var parameters))
             {
-                sigAlgId = new AlgorithmIdentifier(sigOid, explicitParameters);
+                sigAlgID = new AlgorithmIdentifier(sigAlgOid, parameters);
             }
             else
             {
-                sigAlgId = new AlgorithmIdentifier(sigOid, DerNull.Instance);
+                sigAlgID = new AlgorithmIdentifier(sigAlgOid, DerNull.Instance);
             }
-
-            //if (pkcs15RsaEncryption.Contains(sigOid))
-            //{
-            //    encAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance);
-            //}
-            //else
-            //{
-            //    encAlgId = sigAlgId;
-            //}
-
-            //if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
-            //{
-            //    digAlgId = ((RsassaPssParameters)sigAlgId.Parameters).HashAlgorithm;
-            //}
-            //else
-            //{
-            //    digAlgId = new AlgorithmIdentifier(m_digestOids[sigOid], DerNull.Instance);
-            //}
-
-            return sigAlgId;
-        }
-
-        private static RsassaPssParameters CreatePssParams(AlgorithmIdentifier hashAlgId, int saltSize)
-        {
-            return new RsassaPssParameters(
-                hashAlgId,
-                new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId),
-                new DerInteger(saltSize),
-                new DerInteger(1));
-        }
-
-        public AlgorithmIdentifier Find(string sigAlgName)
-        {
-            return Generate(sigAlgName);
+            return sigAlgID;
         }
     }
 
+    // TODO[api] Create API for this
     public class DefaultDigestAlgorithmIdentifierFinder
     {
-        private static readonly IDictionary<DerObjectIdentifier, DerObjectIdentifier> m_digestOids =
+        private static readonly Dictionary<DerObjectIdentifier, DerObjectIdentifier> m_digestOids =
             new Dictionary<DerObjectIdentifier, DerObjectIdentifier>();
-        private static readonly IDictionary<string, DerObjectIdentifier> m_digestNameToOids =
+        private static readonly Dictionary<string, DerObjectIdentifier> m_digestNameToOids =
             new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase);
+        private static readonly Dictionary<DerObjectIdentifier, AlgorithmIdentifier> m_digestOidToAlgIDs =
+            new Dictionary<DerObjectIdentifier, AlgorithmIdentifier>();
+
+        // signatures that use SHAKE-256
+        private static readonly HashSet<DerObjectIdentifier> m_shake256Oids = new HashSet<DerObjectIdentifier>();
 
         static DefaultDigestAlgorithmIdentifierFinder()
         {
             //
             // digests
             //
+            m_digestOids.Add(OiwObjectIdentifiers.DsaWithSha1, OiwObjectIdentifiers.IdSha1);
             m_digestOids.Add(OiwObjectIdentifiers.MD4WithRsaEncryption, PkcsObjectIdentifiers.MD4);
             m_digestOids.Add(OiwObjectIdentifiers.MD4WithRsa, PkcsObjectIdentifiers.MD4);
             m_digestOids.Add(OiwObjectIdentifiers.MD5WithRsa, PkcsObjectIdentifiers.MD5);
             m_digestOids.Add(OiwObjectIdentifiers.Sha1WithRsa, OiwObjectIdentifiers.IdSha1);
-            m_digestOids.Add(OiwObjectIdentifiers.DsaWithSha1, OiwObjectIdentifiers.IdSha1);
 
             m_digestOids.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption, NistObjectIdentifiers.IdSha224);
             m_digestOids.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption, NistObjectIdentifiers.IdSha256);
@@ -424,12 +560,6 @@ namespace Org.BouncyCastle.Cms
             m_digestOids.Add(PkcsObjectIdentifiers.Sha512WithRsaEncryption, NistObjectIdentifiers.IdSha512);
             m_digestOids.Add(PkcsObjectIdentifiers.Sha512_224WithRSAEncryption, NistObjectIdentifiers.IdSha512_224);
             m_digestOids.Add(PkcsObjectIdentifiers.Sha512_256WithRSAEncryption, NistObjectIdentifiers.IdSha512_256);
-
-            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224, NistObjectIdentifiers.IdSha3_224);
-            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256, NistObjectIdentifiers.IdSha3_256);
-            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384, NistObjectIdentifiers.IdSha3_384);
-            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512, NistObjectIdentifiers.IdSha3_512);
-
             m_digestOids.Add(PkcsObjectIdentifiers.MD2WithRsaEncryption, PkcsObjectIdentifiers.MD2);
             m_digestOids.Add(PkcsObjectIdentifiers.MD4WithRsaEncryption, PkcsObjectIdentifiers.MD4);
             m_digestOids.Add(PkcsObjectIdentifiers.MD5WithRsaEncryption, PkcsObjectIdentifiers.MD5);
@@ -442,25 +572,110 @@ namespace Org.BouncyCastle.Cms
             m_digestOids.Add(X9ObjectIdentifiers.ECDsaWithSha512, NistObjectIdentifiers.IdSha512);
             m_digestOids.Add(X9ObjectIdentifiers.IdDsaWithSha1, OiwObjectIdentifiers.IdSha1);
 
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA1, OiwObjectIdentifiers.IdSha1);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA224, NistObjectIdentifiers.IdSha224);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA256, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA384, NistObjectIdentifiers.IdSha384);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA512, NistObjectIdentifiers.IdSha512);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_224, NistObjectIdentifiers.IdSha3_224);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_256, NistObjectIdentifiers.IdSha3_256);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_384, NistObjectIdentifiers.IdSha3_384);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_SHA3_512, NistObjectIdentifiers.IdSha3_512);
+            m_digestOids.Add(BsiObjectIdentifiers.ecdsa_plain_RIPEMD160, TeleTrusTObjectIdentifiers.RipeMD160);
+
+            m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_1, OiwObjectIdentifiers.IdSha1);
+            m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_224, NistObjectIdentifiers.IdSha224);
+            m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_256, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_384, NistObjectIdentifiers.IdSha384);
+            m_digestOids.Add(EacObjectIdentifiers.id_TA_ECDSA_SHA_512, NistObjectIdentifiers.IdSha512);
+
             m_digestOids.Add(NistObjectIdentifiers.DsaWithSha224, NistObjectIdentifiers.IdSha224);
             m_digestOids.Add(NistObjectIdentifiers.DsaWithSha256, NistObjectIdentifiers.IdSha256);
             m_digestOids.Add(NistObjectIdentifiers.DsaWithSha384, NistObjectIdentifiers.IdSha384);
             m_digestOids.Add(NistObjectIdentifiers.DsaWithSha512, NistObjectIdentifiers.IdSha512);
 
+            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224, NistObjectIdentifiers.IdSha3_224);
+            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256, NistObjectIdentifiers.IdSha3_256);
+            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384, NistObjectIdentifiers.IdSha3_384);
+            m_digestOids.Add(NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512, NistObjectIdentifiers.IdSha3_512);
+            m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_224, NistObjectIdentifiers.IdSha3_224);
+            m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_256, NistObjectIdentifiers.IdSha3_256);
+            m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_384, NistObjectIdentifiers.IdSha3_384);
+            m_digestOids.Add(NistObjectIdentifiers.IdDsaWithSha3_512, NistObjectIdentifiers.IdSha3_512);
+            m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_224, NistObjectIdentifiers.IdSha3_224);
+            m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_256, NistObjectIdentifiers.IdSha3_256);
+            m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_384, NistObjectIdentifiers.IdSha3_384);
+            m_digestOids.Add(NistObjectIdentifiers.IdEcdsaWithSha3_512, NistObjectIdentifiers.IdSha3_512);
+
             m_digestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128, TeleTrusTObjectIdentifiers.RipeMD128);
             m_digestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160, TeleTrusTObjectIdentifiers.RipeMD160);
             m_digestOids.Add(TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256, TeleTrusTObjectIdentifiers.RipeMD256);
 
             m_digestOids.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94, CryptoProObjectIdentifiers.GostR3411);
             m_digestOids.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001, CryptoProObjectIdentifiers.GostR3411);
+            m_digestOids.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256, RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256);
+            m_digestOids.Add(RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512, RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512);
+
+            m_digestOids.Add(BCObjectIdentifiers.sphincs256_with_SHA3_512, NistObjectIdentifiers.IdSha3_512);
+            m_digestOids.Add(BCObjectIdentifiers.sphincs256_with_SHA512, NistObjectIdentifiers.IdSha512);
+
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3, NistObjectIdentifiers.IdShake256);
+
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128s_r3_simple, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_128f_r3_simple, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128s_r3_simple, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_128f_r3_simple, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192s_r3_simple, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_192f_r3_simple, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192s_r3_simple, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_192f_r3_simple, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256s_r3_simple, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_sha2_256f_r3_simple, NistObjectIdentifiers.IdSha256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256s_r3_simple, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.sphincsPlus_shake_256f_r3_simple, NistObjectIdentifiers.IdShake256);
+
+            m_digestOids.Add(BCObjectIdentifiers.falcon, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.falcon_512, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.falcon_1024, NistObjectIdentifiers.IdShake256);
+
+            m_digestOids.Add(BCObjectIdentifiers.picnic_signature, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(BCObjectIdentifiers.picnic_with_sha512, NistObjectIdentifiers.IdSha512);
+            m_digestOids.Add(BCObjectIdentifiers.picnic_with_sha3_512, NistObjectIdentifiers.IdSha3_512);
+            m_digestOids.Add(BCObjectIdentifiers.picnic_with_shake256, NistObjectIdentifiers.IdShake256);
+
+            //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_rmd160, TeleTrusTObjectIdentifiers.RipeMD160);
+            //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha1, OiwObjectIdentifiers.IdSha1);
+            //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha224, NistObjectIdentifiers.IdSha224);
+            m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha256, NistObjectIdentifiers.IdSha256);
+            //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha384, NistObjectIdentifiers.IdSha384);
+            //m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sha512, NistObjectIdentifiers.IdSha512);
+            m_digestOids.Add(GMObjectIdentifiers.sm2sign_with_sm3, GMObjectIdentifiers.sm3);
+
+            m_digestOids.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE128, NistObjectIdentifiers.IdShake128);
+            m_digestOids.Add(CmsObjectIdentifiers.id_RSASSA_PSS_SHAKE256, NistObjectIdentifiers.IdShake256);
+            m_digestOids.Add(CmsObjectIdentifiers.id_ecdsa_with_shake128, NistObjectIdentifiers.IdShake128);
+            m_digestOids.Add(CmsObjectIdentifiers.id_ecdsa_with_shake256, NistObjectIdentifiers.IdShake256);
 
             m_digestNameToOids.Add("SHA-1", OiwObjectIdentifiers.IdSha1);
             m_digestNameToOids.Add("SHA-224", NistObjectIdentifiers.IdSha224);
             m_digestNameToOids.Add("SHA-256", NistObjectIdentifiers.IdSha256);
             m_digestNameToOids.Add("SHA-384", NistObjectIdentifiers.IdSha384);
             m_digestNameToOids.Add("SHA-512", NistObjectIdentifiers.IdSha512);
+            m_digestNameToOids.Add("SHA-512-224", NistObjectIdentifiers.IdSha512_224);
             m_digestNameToOids.Add("SHA-512/224", NistObjectIdentifiers.IdSha512_224);
             m_digestNameToOids.Add("SHA-512(224)", NistObjectIdentifiers.IdSha512_224);
+            m_digestNameToOids.Add("SHA-512-256", NistObjectIdentifiers.IdSha512_256);
             m_digestNameToOids.Add("SHA-512/256", NistObjectIdentifiers.IdSha512_256);
             m_digestNameToOids.Add("SHA-512(256)", NistObjectIdentifiers.IdSha512_256);
 
@@ -469,8 +684,10 @@ namespace Org.BouncyCastle.Cms
             m_digestNameToOids.Add("SHA256", NistObjectIdentifiers.IdSha256);
             m_digestNameToOids.Add("SHA384", NistObjectIdentifiers.IdSha384);
             m_digestNameToOids.Add("SHA512", NistObjectIdentifiers.IdSha512);
+            m_digestNameToOids.Add("SHA512-224", NistObjectIdentifiers.IdSha512_224);
             m_digestNameToOids.Add("SHA512/224", NistObjectIdentifiers.IdSha512_224);
             m_digestNameToOids.Add("SHA512(224)", NistObjectIdentifiers.IdSha512_224);
+            m_digestNameToOids.Add("SHA512-256", NistObjectIdentifiers.IdSha512_256);
             m_digestNameToOids.Add("SHA512/256", NistObjectIdentifiers.IdSha512_256);
             m_digestNameToOids.Add("SHA512(256)", NistObjectIdentifiers.IdSha512_256);
 
@@ -479,10 +696,14 @@ namespace Org.BouncyCastle.Cms
             m_digestNameToOids.Add("SHA3-384", NistObjectIdentifiers.IdSha3_384);
             m_digestNameToOids.Add("SHA3-512", NistObjectIdentifiers.IdSha3_512);
 
+            m_digestNameToOids.Add("SHAKE128", NistObjectIdentifiers.IdShake128);
+            m_digestNameToOids.Add("SHAKE256", NistObjectIdentifiers.IdShake256);
             m_digestNameToOids.Add("SHAKE-128", NistObjectIdentifiers.IdShake128);
             m_digestNameToOids.Add("SHAKE-256", NistObjectIdentifiers.IdShake256);
 
             m_digestNameToOids.Add("GOST3411", CryptoProObjectIdentifiers.GostR3411);
+            m_digestNameToOids.Add("GOST3411-2012-256", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256);
+            m_digestNameToOids.Add("GOST3411-2012-512", RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512);
 
             m_digestNameToOids.Add("MD2", PkcsObjectIdentifiers.MD2);
             m_digestNameToOids.Add("MD4", PkcsObjectIdentifiers.MD4);
@@ -491,27 +712,132 @@ namespace Org.BouncyCastle.Cms
             m_digestNameToOids.Add("RIPEMD128", TeleTrusTObjectIdentifiers.RipeMD128);
             m_digestNameToOids.Add("RIPEMD160", TeleTrusTObjectIdentifiers.RipeMD160);
             m_digestNameToOids.Add("RIPEMD256", TeleTrusTObjectIdentifiers.RipeMD256);
+
+            m_digestNameToOids.Add("SM3", GMObjectIdentifiers.sm3);
+
+            // IETF RFC 3370
+            AddDigestAlgID(OiwObjectIdentifiers.IdSha1, true);
+            // IETF RFC 5754
+            AddDigestAlgID(NistObjectIdentifiers.IdSha224, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha256, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha384, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha512, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha512_224, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha512_256, false);
+
+            // NIST CSOR
+            AddDigestAlgID(NistObjectIdentifiers.IdSha3_224, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha3_256, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha3_384, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdSha3_512, false);
+
+            // RFC 8702
+            AddDigestAlgID(NistObjectIdentifiers.IdShake128, false);
+            AddDigestAlgID(NistObjectIdentifiers.IdShake256, false);
+
+            // RFC 4357
+            AddDigestAlgID(CryptoProObjectIdentifiers.GostR3411, true);
+
+            // draft-deremin-rfc4491
+            AddDigestAlgID(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256, false);
+            AddDigestAlgID(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512, false);
+
+            // IETF RFC 1319
+            AddDigestAlgID(PkcsObjectIdentifiers.MD2, true);
+            // IETF RFC 1320
+            AddDigestAlgID(PkcsObjectIdentifiers.MD4, true);
+            // IETF RFC 1321
+            AddDigestAlgID(PkcsObjectIdentifiers.MD5, true);
+
+            // found no standard which specified the handle of AlgorithmIdentifier.parameters,
+            // so let it as before.
+            AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD128, true);
+            AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD160, true);
+            AddDigestAlgID(TeleTrusTObjectIdentifiers.RipeMD256, true);
+
+            m_shake256Oids.Add(EdECObjectIdentifiers.id_Ed448);
+
+            m_shake256Oids.Add(BCObjectIdentifiers.dilithium2);
+            m_shake256Oids.Add(BCObjectIdentifiers.dilithium3);
+            m_shake256Oids.Add(BCObjectIdentifiers.dilithium5);
+            m_shake256Oids.Add(BCObjectIdentifiers.dilithium2_aes);
+            m_shake256Oids.Add(BCObjectIdentifiers.dilithium3_aes);
+            m_shake256Oids.Add(BCObjectIdentifiers.dilithium5_aes);
+
+            m_shake256Oids.Add(BCObjectIdentifiers.falcon_512);
+            m_shake256Oids.Add(BCObjectIdentifiers.falcon_1024);
         }
 
+        private static void AddDigestAlgID(DerObjectIdentifier oid, bool withNullParams)
+        {
+            AlgorithmIdentifier algID;
+            if (withNullParams)
+            {
+                algID = new AlgorithmIdentifier(oid, DerNull.Instance);
+            }
+            else
+            {
+                algID = new AlgorithmIdentifier(oid);
+            }
+            m_digestOidToAlgIDs.Add(oid, algID);
+        }
+
+        // TODO[api] Make virtual
         public AlgorithmIdentifier Find(AlgorithmIdentifier sigAlgId)
         {
-            AlgorithmIdentifier digAlgId;
+            DerObjectIdentifier sigAlgOid = sigAlgId.Algorithm;
+
+            if (m_shake256Oids.Contains(sigAlgOid))
+                return new AlgorithmIdentifier(NistObjectIdentifiers.IdShake256Len, new DerInteger(512));
 
-            if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+            DerObjectIdentifier digAlgOid;
+            if (PkcsObjectIdentifiers.IdRsassaPss.Equals(sigAlgOid))
             {
-                digAlgId = RsassaPssParameters.GetInstance(sigAlgId.Parameters).HashAlgorithm;
+                digAlgOid = RsassaPssParameters.GetInstance(sigAlgId.Parameters).HashAlgorithm.Algorithm;
+            }
+            else if (EdECObjectIdentifiers.id_Ed25519.Equals(sigAlgOid))
+            {
+                digAlgOid = NistObjectIdentifiers.IdSha512;
+            }
+            else if (PkcsObjectIdentifiers.IdAlgHssLmsHashsig.Equals(sigAlgOid))
+            {
+                digAlgOid = NistObjectIdentifiers.IdSha256;
             }
             else
             {
-                digAlgId = new AlgorithmIdentifier(m_digestOids[sigAlgId.Algorithm], DerNull.Instance);
+                digAlgOid = CollectionUtilities.GetValueOrNull(m_digestOids, sigAlgOid);
             }
 
-            return digAlgId;
+            return Find(digAlgOid);
+        }
+
+        public virtual AlgorithmIdentifier Find(DerObjectIdentifier digAlgOid)
+        {
+            if (digAlgOid == null)
+                throw new ArgumentNullException(nameof(digAlgOid));
+
+            if (m_digestOidToAlgIDs.TryGetValue(digAlgOid, out var digAlgID))
+                return digAlgID;
+
+            return new AlgorithmIdentifier(digAlgOid);
         }
 
+        // TODO[api] Make virtual
         public AlgorithmIdentifier Find(string digAlgName)
         {
-            return new AlgorithmIdentifier(m_digestNameToOids[digAlgName], DerNull.Instance);
+            if (m_digestNameToOids.TryGetValue(digAlgName, out var oid))
+                return Find(oid);
+
+            try
+            {
+                return Find(new DerObjectIdentifier(digAlgName));
+            }
+            catch (Exception)
+            {
+                // ignore - tried it but it didn't work...
+            }
+
+            return null;
         }
     }
 
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 8f2a92147..b7566c409 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -5,7 +5,6 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cms;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.Eac;
-using Org.BouncyCastle.Asn1.Esf;
 using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
@@ -200,20 +199,20 @@ namespace Org.BouncyCastle.Cms
 			}
 		}
 
-		internal ISigner GetSignatureInstance(
-			string algorithm)
+		internal ISigner GetSignatureInstance(string algorithm)
 		{
 			return SignerUtilities.GetSigner(algorithm);
 		}
 
-		internal AlgorithmIdentifier FixAlgID(
-			AlgorithmIdentifier algId)
-		{
-			if (algId.Parameters == null)
-                return new AlgorithmIdentifier(algId.Algorithm, DerNull.Instance);
+        internal AlgorithmIdentifier FixDigestAlgID(AlgorithmIdentifier algID,
+            DefaultDigestAlgorithmIdentifierFinder digestAlgIDFinder)
+        {
+            var parameters = algID.Parameters;
+            if (parameters == null || DerNull.Instance.Equals(parameters))
+                return digestAlgIDFinder.Find(algID.Algorithm);
 
-			return algId;
-		}
+            return algID;
+        }
 
         internal string GetEncOid(
             AsymmetricKeyParameter key,
diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs
index 1e3a5734f..5124dce94 100644
--- a/crypto/src/cms/CMSUtils.cs
+++ b/crypto/src/cms/CMSUtils.cs
@@ -71,15 +71,9 @@ namespace Org.BouncyCastle.Cms
 			}
 		}
 
-		internal static byte[] StreamToByteArray(Stream inStream)
-        {
-			return Streams.ReadAll(inStream);
-        }
+		internal static byte[] StreamToByteArray(Stream inStream) => Streams.ReadAll(inStream);
 
-		internal static byte[] StreamToByteArray(Stream inStream, int limit)
-        {
-			return Streams.ReadAllLimited(inStream, limit);
-        }
+		internal static byte[] StreamToByteArray(Stream inStream, int limit) => Streams.ReadAllLimited(inStream, limit);
 
 		internal static List<Asn1TaggedObject> GetAttributeCertificatesFromStore(
 			IStore<X509V2AttributeCertificate> attrCertStore)
@@ -155,34 +149,63 @@ namespace Org.BouncyCastle.Cms
 			return result;
         }
 
+		// TODO Clean up this method (which is not present in bc-java)
+        internal static void AddDigestAlgs(Asn1EncodableVector digestAlgs, SignerInformation signer,
+            DefaultDigestAlgorithmIdentifierFinder dgstAlgFinder)
+        {
+            var helper = CmsSignedHelper.Instance;
+            digestAlgs.Add(helper.FixDigestAlgID(signer.DigestAlgorithmID, dgstAlgFinder));
+            SignerInformationStore counterSignaturesStore = signer.GetCounterSignatures();
+            foreach (var counterSigner in counterSignaturesStore)
+            {
+                digestAlgs.Add(helper.FixDigestAlgID(counterSigner.DigestAlgorithmID, dgstAlgFinder));
+            }
+        }
+
+        internal static void AddDigestAlgs(ISet<AlgorithmIdentifier> digestAlgs, SignerInformation signer,
+			DefaultDigestAlgorithmIdentifierFinder dgstAlgFinder)
+        {
+			var helper = CmsSignedHelper.Instance;
+            digestAlgs.Add(helper.FixDigestAlgID(signer.DigestAlgorithmID, dgstAlgFinder));
+            SignerInformationStore counterSignaturesStore = signer.GetCounterSignatures();
+			foreach (var counterSigner in counterSignaturesStore)
+			{
+                digestAlgs.Add(helper.FixDigestAlgID(counterSigner.DigestAlgorithmID, dgstAlgFinder));
+            }
+        }
+
+        internal static Asn1Set ConvertToDLSet(ISet<AlgorithmIdentifier> digestAlgs)
+        {
+			Asn1EncodableVector v = new Asn1EncodableVector(digestAlgs.Count);
+			foreach (var digestAlg in digestAlgs)
+			{
+				v.Add(digestAlg);
+			}
+			return DLSet.FromVector(v);
+        }
+
         internal static Asn1Set CreateBerSetFromList(IEnumerable<Asn1Encodable> elements)
 		{
 			Asn1EncodableVector v = new Asn1EncodableVector();
-
 			foreach (Asn1Encodable element in elements)
 			{
 				v.Add(element);
 			}
-
 			return BerSet.FromVector(v);
 		}
 
 		internal static Asn1Set CreateDerSetFromList(IEnumerable<Asn1Encodable> elements)
 		{
 			Asn1EncodableVector v = new Asn1EncodableVector();
-
 			foreach (Asn1Encodable element in elements)
 			{
 				v.Add(element);
 			}
-
             return DerSet.FromVector(v);
 		}
 
-		internal static TbsCertificateStructure GetTbsCertificateStructure(X509Certificate cert)
-		{
-			return cert.CertificateStructure.TbsCertificate;
-		}
+		internal static TbsCertificateStructure GetTbsCertificateStructure(X509Certificate cert) =>
+			cert.CertificateStructure.TbsCertificate;
 
 		internal static IssuerAndSerialNumber GetIssuerAndSerialNumber(X509Certificate cert)
 		{
diff --git a/crypto/src/cms/SignerInformation.cs b/crypto/src/cms/SignerInformation.cs
index 24ba20037..488e3e425 100644
--- a/crypto/src/cms/SignerInformation.cs
+++ b/crypto/src/cms/SignerInformation.cs
@@ -393,7 +393,7 @@ namespace Org.BouncyCastle.Cms
                 sig = Helper.GetSignatureInstance(signatureName);
 
                 //sig = Helper.GetSignatureInstance(this.EncryptionAlgOid);
-                //sig = SignerUtilities.GetSigner(sigAlgOid);
+                //sig = Helper.GetSignatureInstance(sigAlgOid);
 			}
 
 			try
@@ -599,7 +599,7 @@ namespace Org.BouncyCastle.Cms
 				}
 				else if (algorithm.Equals("DSA"))
 				{
-					ISigner sig = SignerUtilities.GetSigner("NONEwithDSA");
+					ISigner sig = Helper.GetSignatureInstance("NONEwithDSA");
 
 					sig.Init(false, key);
 
diff --git a/crypto/src/security/SignerUtilities.cs b/crypto/src/security/SignerUtilities.cs
index 917759a8e..918356450 100644
--- a/crypto/src/security/SignerUtilities.cs
+++ b/crypto/src/security/SignerUtilities.cs
@@ -726,7 +726,7 @@ namespace Org.BouncyCastle.Security
             return CollectionUtilities.GetValueOrNull(AlgorithmMap, oid.Id);
         }
 
-        // TODO Rename 'privateKey' to 'key'
+        // TODO[api] Rename 'privateKey' to 'key'
         public static ISigner InitSigner(DerObjectIdentifier algorithmOid, bool forSigning,
             AsymmetricKeyParameter privateKey, SecureRandom random)
         {
@@ -736,7 +736,7 @@ namespace Org.BouncyCastle.Security
             return InitSigner(algorithmOid.Id, forSigning, privateKey, random);
         }
 
-        // TODO Rename 'privateKey' to 'key'
+        // TODO[api] Rename 'privateKey' to 'key'
         public static ISigner InitSigner(string algorithm, bool forSigning, AsymmetricKeyParameter privateKey,
             SecureRandom random)
         {