diff --git a/crypto/Contributors.html b/crypto/Contributors.html
index 3d0992f68..8908b857a 100644
--- a/crypto/Contributors.html
+++ b/crypto/Contributors.html
@@ -105,7 +105,8 @@
<p>Kalev Lember <kalev@smartlink.ee> - patch to fix compilation problem under Mono 2.8+.</p>
</li>
<li>
- <p>Kyle Hamilton <kyanha.bouncycastle@kyanha.net> - identified problem with BigInteger.Multiply, patch for MiscPemGenerator infinite recursion.</p>
+ <p>Kyle Hamilton <kyanha.bouncycastle@kyanha.net> - identified problem with BigInteger.Multiply, patch for MiscPemGenerator infinite recursion,
+ proposed improvements in use of random numbers.</p>
</li>
<li>
<p>Atanas Krachev <akrachev@gmail.com> - added support for revocation signatures in OpenPGP.</p>
@@ -128,6 +129,16 @@
<li>
<p>Michael Krueger <michael.krueger@secardeo.com> - patch to fix Asn1.Cmp.RevDetails constructor.</p>
</li>
+ <li>
+ <p>Daniel Nauck <daniel.nauck@gmail.com> - patch for Portable Class Library support.</p>
+ </li>
+ <li>
+ <p>John Allberg <john@ayoy.se> - improvements to Portable Class Library patch.</p>
+ </li>
+ <li>
+ <p>Oren Novotny (https://github.com/onovotny) - developed and maintained a fork supporting Portable Class Library, worked closely with us
+ to integrate the changes back into the main project.</p>
+ </li>
</ul>
</body>
</html>
diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj
index a1e217aca..3f942800c 100644
--- a/crypto/crypto.csproj
+++ b/crypto/crypto.csproj
@@ -249,6 +249,11 @@
BuildAction = "Compile"
/>
<File
+ RelPath = "src\asn1\BERBitString.cs"
+ SubType = "Code"
+ BuildAction = "Compile"
+ />
+ <File
RelPath = "src\asn1\BERGenerator.cs"
SubType = "Code"
BuildAction = "Compile"
diff --git a/crypto/src/asn1/BERBitString.cs b/crypto/src/asn1/BERBitString.cs
new file mode 100644
index 000000000..d8cd00330
--- /dev/null
+++ b/crypto/src/asn1/BERBitString.cs
@@ -0,0 +1,43 @@
+using System;
+
+using Org.BouncyCastle.Utilities;
+
+namespace Org.BouncyCastle.Asn1
+{
+ public class BerBitString
+ : DerBitString
+ {
+ public BerBitString(byte[] data, int padBits)
+ : base(data, padBits)
+ {
+ }
+
+ public BerBitString(byte[] data)
+ : base(data)
+ {
+ }
+
+ public BerBitString(int namedBits)
+ : base(namedBits)
+ {
+ }
+
+ public BerBitString(Asn1Encodable obj)
+ : base(obj)
+ {
+ }
+
+ internal override void Encode(
+ DerOutputStream derOut)
+ {
+ if (derOut is Asn1OutputStream || derOut is BerOutputStream)
+ {
+ derOut.WriteEncoded(Asn1Tags.BitString, (byte)mPadBits, mData);
+ }
+ else
+ {
+ base.Encode(derOut);
+ }
+ }
+ }
+}
diff --git a/crypto/src/asn1/DerBitString.cs b/crypto/src/asn1/DerBitString.cs
index d5cb872bc..ad7a7e349 100644
--- a/crypto/src/asn1/DerBitString.cs
+++ b/crypto/src/asn1/DerBitString.cs
@@ -1,6 +1,8 @@
using System;
+using System.Diagnostics;
using System.Text;
+using Org.BouncyCastle.Math;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Asn1
@@ -11,83 +13,10 @@ namespace Org.BouncyCastle.Asn1
private static readonly char[] table
= { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
- private readonly byte[] data;
- private readonly int padBits;
+ protected readonly byte[] mData;
+ protected readonly int mPadBits;
- /**
- * return the correct number of pad bits for a bit string defined in
- * a 32 bit constant
- */
- static internal int GetPadBits(
- int bitString)
- {
- int val = 0;
- for (int i = 3; i >= 0; i--)
- {
- //
- // this may look a little odd, but if it isn't done like this pre jdk1.2
- // JVM's break!
- //
- if (i != 0)
- {
- if ((bitString >> (i * 8)) != 0)
- {
- val = (bitString >> (i * 8)) & 0xFF;
- break;
- }
- }
- else
- {
- if (bitString != 0)
- {
- val = bitString & 0xFF;
- break;
- }
- }
- }
-
- if (val == 0)
- {
- return 7;
- }
-
- int bits = 1;
-
- while (((val <<= 1) & 0xFF) != 0)
- {
- bits++;
- }
-
- return 8 - bits;
- }
-
- /**
- * return the correct number of bytes for a bit string defined in
- * a 32 bit constant
- */
- static internal byte[] GetBytes(
- int bitString)
- {
- int bytes = 4;
- for (int i = 3; i >= 1; i--)
- {
- if ((bitString & (0xFF << (i * 8))) != 0)
- {
- break;
- }
- bytes--;
- }
-
- byte[] result = new byte[bytes];
- for (int i = 0; i < bytes; i++)
- {
- result[i] = (byte) ((bitString >> (i * 8)) & 0xFF);
- }
-
- return result;
- }
-
- /**
+ /**
* return a Bit string from the passed in object
*
* @exception ArgumentException if the object cannot be converted.
@@ -126,15 +55,7 @@ namespace Org.BouncyCastle.Asn1
return FromAsn1Octets(((Asn1OctetString)o).GetOctets());
}
- internal DerBitString(
- byte data,
- int padBits)
- {
- this.data = new byte[]{ data };
- this.padBits = padBits;
- }
-
- /**
+ /**
* @param data the octets making up the bit string.
* @param padBits the number of extra bits at the end of the string.
*/
@@ -142,67 +63,154 @@ namespace Org.BouncyCastle.Asn1
byte[] data,
int padBits)
{
- // TODO Deep copy?
- this.data = data;
- this.padBits = padBits;
+ if (data == null)
+ throw new ArgumentNullException("data");
+ if (padBits < 0 || padBits > 7)
+ throw new ArgumentException("must be in the range 0 to 7", "padBits");
+ if (data.Length == 0 && padBits != 0)
+ throw new ArgumentException("if 'data' is empty, 'padBits' must be 0");
+
+ this.mData = Arrays.Clone(data);
+ this.mPadBits = padBits;
}
public DerBitString(
byte[] data)
+ : this(data, 0)
{
- // TODO Deep copy?
- this.data = data;
}
- public DerBitString(
+ public DerBitString(
+ int namedBits)
+ {
+ if (namedBits == 0)
+ {
+ this.mData = new byte[0];
+ this.mPadBits = 0;
+ return;
+ }
+
+ int bits = BigInteger.BitLen(namedBits);
+ int bytes = (bits + 7) / 8;
+
+ Debug.Assert(0 < bytes && bytes <= 4);
+
+ byte[] result = new byte[bytes];
+ --bytes;
+
+ for (int i = 0; i < bytes; i++)
+ {
+ result[i] = (byte)namedBits;
+ namedBits >>= 8;
+ }
+
+ Debug.Assert((namedBits & 0xFF) != 0);
+
+ result[bytes] = (byte)namedBits;
+
+ int pad = 0;
+ while ((namedBits & (1 << pad)) == 0)
+ {
+ ++pad;
+ }
+
+ Debug.Assert(pad < 8);
+
+ this.mData = result;
+ this.mPadBits = pad;
+ }
+
+ public DerBitString(
Asn1Encodable obj)
+ : this(obj.GetDerEncoded())
{
- this.data = obj.GetDerEncoded();
- //this.padBits = 0;
}
- public byte[] GetBytes()
+ /**
+ * Return the octets contained in this BIT STRING, checking that this BIT STRING really
+ * does represent an octet aligned string. Only use this method when the standard you are
+ * following dictates that the BIT STRING will be octet aligned.
+ *
+ * @return a copy of the octet aligned data.
+ */
+ public virtual byte[] GetOctets()
+ {
+ if (mPadBits != 0)
+ throw new InvalidOperationException("attempt to get non-octet aligned data from BIT STRING");
+
+ return Arrays.Clone(mData);
+ }
+
+ public virtual byte[] GetBytes()
{
- return data;
+ byte[] data = Arrays.Clone(mData);
+
+ // DER requires pad bits be zero
+ if (mPadBits > 0)
+ {
+ data[data.Length - 1] &= (byte)(0xFF << mPadBits);
+ }
+
+ return data;
}
- public int PadBits
+ public virtual int PadBits
{
- get { return padBits; }
+ get { return mPadBits; }
}
/**
* @return the value of the bit string as an int (truncating if necessary)
*/
- public int IntValue
+ public virtual int IntValue
{
get
{
- int value = 0;
-
- for (int i = 0; i != data.Length && i != 4; i++)
- {
- value |= (data[i] & 0xff) << (8 * i);
- }
-
- return value;
+ int value = 0, length = System.Math.Min(4, mData.Length);
+ for (int i = 0; i < length; ++i)
+ {
+ value |= (int)mData[i] << (8 * i);
+ }
+ if (mPadBits > 0 && length == mData.Length)
+ {
+ int mask = (1 << mPadBits) - 1;
+ value &= ~(mask << (8 * (length - 1)));
+ }
+ return value;
}
}
- internal override void Encode(
+ internal override void Encode(
DerOutputStream derOut)
{
- byte[] bytes = new byte[GetBytes().Length + 1];
-
- bytes[0] = (byte) PadBits;
- Array.Copy(GetBytes(), 0, bytes, 1, bytes.Length - 1);
-
- derOut.WriteEncoded(Asn1Tags.BitString, bytes);
+ if (mPadBits > 0)
+ {
+ int last = mData[mData.Length - 1];
+ int mask = (1 << mPadBits) - 1;
+
+ if ((last & mask) != 0)
+ {
+ byte[] result = Arrays.Prepend(mData, (byte)mPadBits);
+
+ /*
+ * X.690-0207 11.2.1: Each unused bit in the final octet of the encoding of a bit string value shall be set to zero.
+ *
+ * NOTE: 'pad' is constrained to be 0 if 'bytes' are empty, in which case this is a no-op.
+ */
+ last ^= (last & mask);
+ result[result.Length - 1] &= (byte)last;
+
+ derOut.WriteEncoded(Asn1Tags.BitString, result);
+ return;
+ }
+ }
+
+ derOut.WriteEncoded(Asn1Tags.BitString, (byte)mPadBits, mData);
}
- protected override int Asn1GetHashCode()
+ protected override int Asn1GetHashCode()
{
- return padBits.GetHashCode() ^ Arrays.GetHashCode(data);
+ return mPadBits.GetHashCode() ^ Arrays.GetHashCode(mData);
}
protected override bool Asn1Equals(
@@ -213,8 +221,8 @@ namespace Org.BouncyCastle.Asn1
if (other == null)
return false;
- return this.padBits == other.padBits
- && Arrays.AreEqual(this.data, other.data);
+ return this.mPadBits == other.mPadBits
+ && Arrays.AreEqual(this.mData, other.mData);
}
public override string GetString()
@@ -236,12 +244,23 @@ namespace Org.BouncyCastle.Asn1
internal static DerBitString FromAsn1Octets(byte[] octets)
{
if (octets.Length < 1)
- throw new ArgumentException("truncated BIT STRING detected");
+ throw new ArgumentException("truncated BIT STRING detected", "octets");
+
+ int padBits = octets[0];
+ byte[] data = Arrays.CopyOfRange(octets, 1, octets.Length);
+
+ if (padBits > 0 && padBits < 8 && data.Length > 0)
+ {
+ int last = data[data.Length - 1];
+ int mask = (1 << padBits) - 1;
+
+ if ((last & mask) != 0)
+ {
+ return new BerBitString(data, padBits);
+ }
+ }
- int padBits = octets[0];
- byte[] data = new byte[octets.Length - 1];
- Array.Copy(octets, 1, data, 0, data.Length);
- return new DerBitString(data, padBits);
+ return new DerBitString(data, padBits);
}
}
}
diff --git a/crypto/src/asn1/DerOutputStream.cs b/crypto/src/asn1/DerOutputStream.cs
index c03d9dc11..69d5d5f28 100644
--- a/crypto/src/asn1/DerOutputStream.cs
+++ b/crypto/src/asn1/DerOutputStream.cs
@@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Asn1
if (length > 127)
{
int size = 1;
- uint val = (uint) length;
+ uint val = (uint)length;
while ((val >>= 8) != 0)
{
@@ -43,18 +43,29 @@ namespace Org.BouncyCastle.Asn1
int tag,
byte[] bytes)
{
- WriteByte((byte) tag);
+ WriteByte((byte)tag);
WriteLength(bytes.Length);
Write(bytes, 0, bytes.Length);
}
- internal void WriteEncoded(
+ internal void WriteEncoded(
+ int tag,
+ byte first,
+ byte[] bytes)
+ {
+ WriteByte((byte)tag);
+ WriteLength(bytes.Length + 1);
+ WriteByte(first);
+ Write(bytes, 0, bytes.Length);
+ }
+
+ internal void WriteEncoded(
int tag,
byte[] bytes,
int offset,
int length)
{
- WriteByte((byte) tag);
+ WriteByte((byte)tag);
WriteLength(length);
Write(bytes, offset, length);
}
diff --git a/crypto/src/asn1/cmp/PKIFailureInfo.cs b/crypto/src/asn1/cmp/PKIFailureInfo.cs
index 1df0e0693..75a3ff0d7 100644
--- a/crypto/src/asn1/cmp/PKIFailureInfo.cs
+++ b/crypto/src/asn1/cmp/PKIFailureInfo.cs
@@ -2,66 +2,89 @@ using System;
namespace Org.BouncyCastle.Asn1.Cmp
{
- /**
- * <pre>
- * PKIFailureInfo ::= BIT STRING {
- * badAlg (0),
- * -- unrecognized or unsupported Algorithm Identifier
- * badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
- * badRequest (2),
- * -- transaction not permitted or supported
- * badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
- * badCertId (4), -- no certificate could be found matching the provided criteria
- * badDataFormat (5),
- * -- the data submitted has the wrong format
- * wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
- * incorrectData (7), -- the requester's data is incorrect (for notary services)
- * missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
- * badPOP (9) -- the proof-of-possession failed
- * timeNotAvailable (14),
- * -- the TSA's time source is not available
- * unacceptedPolicy (15),
- * -- the requested TSA policy is not supported by the TSA
- * unacceptedExtension (16),
- * -- the requested extension is not supported by the TSA
- * addInfoNotAvailable (17)
- * -- the additional information requested could not be understood
- * -- or is not available
- * systemFailure (25)
- * -- the request cannot be handled due to system failure
- * </pre>
- */
+ /**
+ * <pre>
+ * PKIFailureInfo ::= BIT STRING {
+ * badAlg (0),
+ * -- unrecognized or unsupported Algorithm Identifier
+ * badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
+ * badRequest (2),
+ * -- transaction not permitted or supported
+ * badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
+ * badCertId (4), -- no certificate could be found matching the provided criteria
+ * badDataFormat (5),
+ * -- the data submitted has the wrong format
+ * wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
+ * incorrectData (7), -- the requester's data is incorrect (for notary services)
+ * missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
+ * badPOP (9) -- the proof-of-possession failed
+ * certRevoked (10),
+ * certConfirmed (11),
+ * wrongIntegrity (12),
+ * badRecipientNonce (13),
+ * timeNotAvailable (14),
+ * -- the TSA's time source is not available
+ * unacceptedPolicy (15),
+ * -- the requested TSA policy is not supported by the TSA
+ * unacceptedExtension (16),
+ * -- the requested extension is not supported by the TSA
+ * addInfoNotAvailable (17)
+ * -- the additional information requested could not be understood
+ * -- or is not available
+ * badSenderNonce (18),
+ * badCertTemplate (19),
+ * signerNotTrusted (20),
+ * transactionIdInUse (21),
+ * unsupportedVersion (22),
+ * notAuthorized (23),
+ * systemUnavail (24),
+ * systemFailure (25),
+ * -- the request cannot be handled due to system failure
+ * duplicateCertReq (26)
+ * </pre>
+ */
public class PkiFailureInfo
: DerBitString
{
- public const int BadAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier
- public const int BadMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify)
- public const int BadRequest = (1 << 5);
- public const int BadTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy
- public const int BadCertId = (1 << 3); // no certificate could be found matching the provided criteria
- public const int BadDataFormat = (1 << 2);
- public const int WrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token
- public const int IncorrectData = 1; // the requester's data is incorrect (for notary services)
- public const int MissingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy)
- public const int BadPop = (1 << 14); // the proof-of-possession failed
- public const int TimeNotAvailable = (1 << 9); // the TSA's time source is not available
- public const int UnacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA
- public const int UnacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA
- public const int AddInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available
- public const int SystemFailure = (1 << 30); //the request cannot be handled due to system failure
+ public const int BadAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier
+ public const int BadMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify)
+ public const int BadRequest = (1 << 5);
+ public const int BadTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy
+ public const int BadCertId = (1 << 3); // no certificate could be found matching the provided criteria
+ public const int BadDataFormat = (1 << 2);
+ public const int WrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token
+ public const int IncorrectData = 1; // the requester's data is incorrect (for notary services)
+ public const int MissingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy)
+ public const int BadPop = (1 << 14); // the proof-of-possession failed
+ public const int CertRevoked = (1 << 13);
+ public const int CertConfirmed = (1 << 12);
+ public const int WrongIntegrity = (1 << 11);
+ public const int BadRecipientNonce = (1 << 10);
+ public const int TimeNotAvailable = (1 << 9); // the TSA's time source is not available
+ public const int UnacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA
+ public const int UnacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA
+ public const int AddInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available
+ public const int BadSenderNonce = (1 << 21);
+ public const int BadCertTemplate = (1 << 20);
+ public const int SignerNotTrusted = (1 << 19);
+ public const int TransactionIdInUse = (1 << 18);
+ public const int UnsupportedVersion = (1 << 17);
+ public const int NotAuthorized = (1 << 16);
+ public const int SystemUnavail = (1 << 31);
+ public const int SystemFailure = (1 << 30); //the request cannot be handled due to system failure
+ public const int DuplicateCertReq = (1 << 29);
- /**
+ /**
* Basic constructor.
*/
- public PkiFailureInfo(
- int info)
- : base(GetBytes(info), GetPadBits(info))
+ public PkiFailureInfo(int info)
+ : base(info)
{
}
public PkiFailureInfo(
DerBitString info)
- : base(info.GetBytes(), info.PadBits)
+ : base(info.GetBytes(), info.PadBits)
{
}
diff --git a/crypto/src/asn1/ess/OtherCertID.cs b/crypto/src/asn1/ess/OtherCertID.cs
index 972ef8c6b..3d221b0ec 100644
--- a/crypto/src/asn1/ess/OtherCertID.cs
+++ b/crypto/src/asn1/ess/OtherCertID.cs
@@ -1,5 +1,6 @@
using System;
+using Org.BouncyCastle.Asn1.Oiw;
using Org.BouncyCastle.Asn1.X509;
namespace Org.BouncyCastle.Asn1.Ess
@@ -78,7 +79,7 @@ namespace Org.BouncyCastle.Asn1.Ess
if (otherCertHash.ToAsn1Object() is Asn1OctetString)
{
// SHA-1
- return new AlgorithmIdentifier("1.3.14.3.2.26");
+ return new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1);
}
return DigestInfo.GetInstance(otherCertHash).AlgorithmID;
diff --git a/crypto/src/asn1/misc/NetscapeCertType.cs b/crypto/src/asn1/misc/NetscapeCertType.cs
index d5db6523d..d809eae66 100644
--- a/crypto/src/asn1/misc/NetscapeCertType.cs
+++ b/crypto/src/asn1/misc/NetscapeCertType.cs
@@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Asn1.Misc
* e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA)
*/
public NetscapeCertType(int usage)
- : base(GetBytes(usage), GetPadBits(usage))
+ : base(usage)
{
}
diff --git a/crypto/src/asn1/ocsp/BasicOCSPResponse.cs b/crypto/src/asn1/ocsp/BasicOCSPResponse.cs
index dd666addf..064335ae8 100644
--- a/crypto/src/asn1/ocsp/BasicOCSPResponse.cs
+++ b/crypto/src/asn1/ocsp/BasicOCSPResponse.cs
@@ -94,7 +94,12 @@ namespace Org.BouncyCastle.Asn1.Ocsp
get { return signature; }
}
- [Obsolete("Use Certs property instead")]
+ public byte[] GetSignatureOctets()
+ {
+ return signature.GetOctets();
+ }
+
+ [Obsolete("Use Certs property instead")]
public Asn1Sequence GetCerts()
{
return certs;
diff --git a/crypto/src/asn1/ocsp/Signature.cs b/crypto/src/asn1/ocsp/Signature.cs
index a07e7a709..df6f43332 100644
--- a/crypto/src/asn1/ocsp/Signature.cs
+++ b/crypto/src/asn1/ocsp/Signature.cs
@@ -80,7 +80,12 @@ namespace Org.BouncyCastle.Asn1.Ocsp
get { return signatureValue; }
}
- public Asn1Sequence Certs
+ public byte[] GetSignatureOctets()
+ {
+ return signatureValue.GetOctets();
+ }
+
+ public Asn1Sequence Certs
{
get { return certs; }
}
diff --git a/crypto/src/asn1/pkcs/CertificationRequest.cs b/crypto/src/asn1/pkcs/CertificationRequest.cs
index 32b1612d2..35bdd56eb 100644
--- a/crypto/src/asn1/pkcs/CertificationRequest.cs
+++ b/crypto/src/asn1/pkcs/CertificationRequest.cs
@@ -73,7 +73,12 @@ namespace Org.BouncyCastle.Asn1.Pkcs
get { return sigBits; }
}
- public override Asn1Object ToAsn1Object()
+ public byte[] GetSignatureOctets()
+ {
+ return sigBits.GetOctets();
+ }
+
+ public override Asn1Object ToAsn1Object()
{
return new DerSequence(reqInfo, sigAlgId, sigBits);
}
diff --git a/crypto/src/asn1/pkcs/EncryptionScheme.cs b/crypto/src/asn1/pkcs/EncryptionScheme.cs
index 5b64d6f67..ff9103d12 100644
--- a/crypto/src/asn1/pkcs/EncryptionScheme.cs
+++ b/crypto/src/asn1/pkcs/EncryptionScheme.cs
@@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Asn1.Pkcs
public override Asn1Object ToAsn1Object()
{
- return new DerSequence(ObjectID, Parameters);
+ return new DerSequence(Algorithm, Parameters);
}
}
}
diff --git a/crypto/src/asn1/x509/AttributeCertificate.cs b/crypto/src/asn1/x509/AttributeCertificate.cs
index 5f85910da..41893b6b4 100644
--- a/crypto/src/asn1/x509/AttributeCertificate.cs
+++ b/crypto/src/asn1/x509/AttributeCertificate.cs
@@ -63,7 +63,12 @@ namespace Org.BouncyCastle.Asn1.X509
get { return signatureValue; }
}
- /**
+ public byte[] GetSignatureOctets()
+ {
+ return signatureValue.GetOctets();
+ }
+
+ /**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* AttributeCertificate ::= Sequence {
diff --git a/crypto/src/asn1/x509/CertificateList.cs b/crypto/src/asn1/x509/CertificateList.cs
index 0412e0816..567cf132a 100644
--- a/crypto/src/asn1/x509/CertificateList.cs
+++ b/crypto/src/asn1/x509/CertificateList.cs
@@ -80,7 +80,12 @@ namespace Org.BouncyCastle.Asn1.X509
get { return sig; }
}
- public int Version
+ public byte[] GetSignatureOctets()
+ {
+ return sig.GetOctets();
+ }
+
+ public int Version
{
get { return tbsCertList.Version; }
}
diff --git a/crypto/src/asn1/x509/KeyUsage.cs b/crypto/src/asn1/x509/KeyUsage.cs
index fef04e8b9..aeaffb708 100644
--- a/crypto/src/asn1/x509/KeyUsage.cs
+++ b/crypto/src/asn1/x509/KeyUsage.cs
@@ -53,9 +53,8 @@ namespace Org.BouncyCastle.Asn1.X509
* allowed uses for the key.
* e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment)
*/
- public KeyUsage(
- int usage)
- : base(GetBytes(usage), GetPadBits(usage))
+ public KeyUsage(int usage)
+ : base(usage)
{
}
diff --git a/crypto/src/asn1/x509/ReasonFlags.cs b/crypto/src/asn1/x509/ReasonFlags.cs
index f204c36aa..ad45e84ae 100644
--- a/crypto/src/asn1/x509/ReasonFlags.cs
+++ b/crypto/src/asn1/x509/ReasonFlags.cs
@@ -31,13 +31,12 @@ namespace Org.BouncyCastle.Asn1.X509
* @param reasons - the bitwise OR of the Key Reason flags giving the
* allowed uses for the key.
*/
- public ReasonFlags(
- int reasons)
- : base(GetBytes(reasons), GetPadBits(reasons))
+ public ReasonFlags(int reasons)
+ : base(reasons)
{
}
- public ReasonFlags(
+ public ReasonFlags(
DerBitString reasons)
: base(reasons.GetBytes(), reasons.PadBits)
{
diff --git a/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs b/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs
index 8ce4b2762..477329b7e 100644
--- a/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs
+++ b/crypto/src/asn1/x509/SubjectPublicKeyInfo.cs
@@ -75,7 +75,7 @@ namespace Org.BouncyCastle.Asn1.X509
*/
public Asn1Object GetPublicKey()
{
- return Asn1Object.FromByteArray(keyData.GetBytes());
+ return Asn1Object.FromByteArray(keyData.GetOctets());
}
/**
diff --git a/crypto/src/asn1/x509/X509CertificateStructure.cs b/crypto/src/asn1/x509/X509CertificateStructure.cs
index c8558ae61..6e7c85de6 100644
--- a/crypto/src/asn1/x509/X509CertificateStructure.cs
+++ b/crypto/src/asn1/x509/X509CertificateStructure.cs
@@ -119,6 +119,11 @@ namespace Org.BouncyCastle.Asn1.X509
get { return sig; }
}
+ public byte[] GetSignatureOctets()
+ {
+ return sig.GetOctets();
+ }
+
public override Asn1Object ToAsn1Object()
{
return new DerSequence(tbsCert, sigAlgID, sig);
diff --git a/crypto/src/cms/CMSAuthenticatedData.cs b/crypto/src/cms/CMSAuthenticatedData.cs
index 5e234da2b..33b4cc22c 100644
--- a/crypto/src/cms/CMSAuthenticatedData.cs
+++ b/crypto/src/cms/CMSAuthenticatedData.cs
@@ -83,7 +83,7 @@ namespace Org.BouncyCastle.Cms
*/
public string MacAlgOid
{
- get { return macAlg.ObjectID.Id; }
+ get { return macAlg.Algorithm.Id; }
}
/**
diff --git a/crypto/src/cms/CMSAuthenticatedDataParser.cs b/crypto/src/cms/CMSAuthenticatedDataParser.cs
index c99aac61c..7defafc07 100644
--- a/crypto/src/cms/CMSAuthenticatedDataParser.cs
+++ b/crypto/src/cms/CMSAuthenticatedDataParser.cs
@@ -111,7 +111,7 @@ namespace Org.BouncyCastle.Cms
*/
public string MacAlgOid
{
- get { return macAlg.ObjectID.Id; }
+ get { return macAlg.Algorithm.Id; }
}
diff --git a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
index a135cdd11..4d18d10d4 100644
--- a/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSAuthenticatedDataStreamGenerator.cs
@@ -165,7 +165,7 @@ namespace Org.BouncyCastle.Cms
Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream(
eiGen.GetRawOutputStream(), 0, false, _bufferSize);
- IMac mac = MacUtilities.GetMac(macAlgId.ObjectID);
+ IMac mac = MacUtilities.GetMac(macAlgId.Algorithm);
// TODO Confirm no ParametersWithRandom needed
mac.Init(cipherParameters);
Stream mOut = new TeeOutputStream(octetOutputStream, new MacOutputStream(mac));
diff --git a/crypto/src/cms/CMSEnvelopedData.cs b/crypto/src/cms/CMSEnvelopedData.cs
index 0731c307e..223d0ca73 100644
--- a/crypto/src/cms/CMSEnvelopedData.cs
+++ b/crypto/src/cms/CMSEnvelopedData.cs
@@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Cms
*/
public string EncryptionAlgOid
{
- get { return encAlg.ObjectID.Id; }
+ get { return encAlg.Algorithm.Id; }
}
/**
diff --git a/crypto/src/cms/CMSEnvelopedDataParser.cs b/crypto/src/cms/CMSEnvelopedDataParser.cs
index 01a949d47..d5dfaf53d 100644
--- a/crypto/src/cms/CMSEnvelopedDataParser.cs
+++ b/crypto/src/cms/CMSEnvelopedDataParser.cs
@@ -101,7 +101,7 @@ namespace Org.BouncyCastle.Cms
*/
public string EncryptionAlgOid
{
- get { return _encAlg.ObjectID.Id; }
+ get { return _encAlg.Algorithm.Id; }
}
/**
diff --git a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs
index 0a9e5bece..e0822aa8b 100644
--- a/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSEnvelopedDataStreamGenerator.cs
@@ -166,7 +166,7 @@ namespace Org.BouncyCastle.Cms
Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream(
eiGen.GetRawOutputStream(), 0, false, _bufferSize);
- IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.ObjectID);
+ IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.Algorithm);
cipher.Init(true, new ParametersWithRandom(cipherParameters, rand));
CipherStream cOut = new CipherStream(octetOutputStream, null, cipher);
diff --git a/crypto/src/cms/CMSEnvelopedHelper.cs b/crypto/src/cms/CMSEnvelopedHelper.cs
index fe2b14cd9..77d2da47a 100644
--- a/crypto/src/cms/CMSEnvelopedHelper.cs
+++ b/crypto/src/cms/CMSEnvelopedHelper.cs
@@ -160,7 +160,7 @@ namespace Org.BouncyCastle.Cms
public CmsReadable GetReadable(KeyParameter sKey)
{
- string macAlg = this.algorithm.ObjectID.Id;
+ string macAlg = this.algorithm.Algorithm.Id;
// Asn1Object sParams = this.algorithm.Parameters.ToAsn1Object();
try
@@ -190,11 +190,11 @@ namespace Org.BouncyCastle.Cms
// if (asn1Params != null && !(asn1Params is Asn1Null))
// {
// cipherParameters = ParameterUtilities.GetCipherParameters(
-// macAlg.ObjectID, cipherParameters, asn1Params);
+// macAlg.Algorithm, cipherParameters, asn1Params);
// }
// else
// {
-// string alg = macAlg.ObjectID.Id;
+// string alg = macAlg.Algorithm.Id;
// if (alg.Equals(CmsEnvelopedDataGenerator.DesEde3Cbc)
// || alg.Equals(CmsEnvelopedDataGenerator.IdeaCbc)
// || alg.Equals(CmsEnvelopedDataGenerator.Cast5Cbc))
@@ -258,7 +258,7 @@ namespace Org.BouncyCastle.Cms
{
try
{
- this.cipher = CipherUtilities.GetCipher(this.algorithm.ObjectID);
+ this.cipher = CipherUtilities.GetCipher(this.algorithm.Algorithm);
Asn1Encodable asn1Enc = this.algorithm.Parameters;
Asn1Object asn1Params = asn1Enc == null ? null : asn1Enc.ToAsn1Object();
@@ -268,11 +268,11 @@ namespace Org.BouncyCastle.Cms
if (asn1Params != null && !(asn1Params is Asn1Null))
{
cipherParameters = ParameterUtilities.GetCipherParameters(
- this.algorithm.ObjectID, cipherParameters, asn1Params);
+ this.algorithm.Algorithm, cipherParameters, asn1Params);
}
else
{
- string alg = this.algorithm.ObjectID.Id;
+ string alg = this.algorithm.Algorithm.Id;
if (alg.Equals(CmsEnvelopedDataGenerator.DesEde3Cbc)
|| alg.Equals(CmsEnvelopedDataGenerator.IdeaCbc)
|| alg.Equals(CmsEnvelopedDataGenerator.Cast5Cbc))
diff --git a/crypto/src/cms/CMSPBEKey.cs b/crypto/src/cms/CMSPBEKey.cs
index cb1e54c36..e03307e57 100644
--- a/crypto/src/cms/CMSPBEKey.cs
+++ b/crypto/src/cms/CMSPBEKey.cs
@@ -50,9 +50,9 @@ namespace Org.BouncyCastle.Cms
char[] password,
AlgorithmIdentifier keyDerivationAlgorithm)
{
- if (!keyDerivationAlgorithm.ObjectID.Equals(PkcsObjectIdentifiers.IdPbkdf2))
+ if (!keyDerivationAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdPbkdf2))
throw new ArgumentException("Unsupported key derivation algorithm: "
- + keyDerivationAlgorithm.ObjectID);
+ + keyDerivationAlgorithm.Algorithm);
Pbkdf2Params kdfParams = Pbkdf2Params.GetInstance(
keyDerivationAlgorithm.Parameters.ToAsn1Object());
diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs
index 81c87a426..237c1528e 100644
--- a/crypto/src/cms/CMSSignedData.cs
+++ b/crypto/src/cms/CMSSignedData.cs
@@ -172,7 +172,7 @@ namespace Org.BouncyCastle.Cms
}
else
{
- byte[] hash = (byte[]) hashes[info.DigestAlgorithm.ObjectID.Id];
+ byte[] hash = (byte[])hashes[info.DigestAlgorithm.Algorithm.Id];
signerInfos.Add(new SignerInformation(info, contentType, null, new BaseDigestCalculator(hash)));
}
diff --git a/crypto/src/cms/CMSSignedDataParser.cs b/crypto/src/cms/CMSSignedDataParser.cs
index e5e6edc58..fb51ab119 100644
--- a/crypto/src/cms/CMSSignedDataParser.cs
+++ b/crypto/src/cms/CMSSignedDataParser.cs
@@ -122,7 +122,7 @@ namespace Org.BouncyCastle.Cms
try
{
- string digestOid = id.ObjectID.Id;
+ string digestOid = id.Algorithm.Id;
string digestName = Helper.GetDigestAlgName(digestOid);
if (!this._digests.Contains(digestName))
@@ -216,7 +216,7 @@ namespace Org.BouncyCastle.Cms
{
SignerInfo info = SignerInfo.GetInstance(o.ToAsn1Object());
string digestName = Helper.GetDigestAlgName(
- info.DigestAlgorithm.ObjectID.Id);
+ info.DigestAlgorithm.Algorithm.Id);
byte[] hash = (byte[]) hashes[digestName];
diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs
index 59837e397..55fde90df 100644
--- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs
+++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs
@@ -459,7 +459,7 @@ namespace Org.BouncyCastle.Cms
// NB: Would need to call FixAlgID on the DigestAlgorithmID
// For precalculated signers, just need to register the algorithm, not configure a digest
- RegisterDigestOid(si.DigestAlgorithmID.ObjectID.Id);
+ RegisterDigestOid(si.DigestAlgorithmID.Algorithm.Id);
}
/**
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 23657ef86..5b6c93b6a 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -348,7 +348,7 @@ namespace Org.BouncyCastle.Cms
AlgorithmIdentifier algId)
{
if (algId.Parameters == null)
- return new AlgorithmIdentifier(algId.ObjectID, DerNull.Instance);
+ return new AlgorithmIdentifier(algId.Algorithm, DerNull.Instance);
return algId;
}
diff --git a/crypto/src/cms/KEKRecipientInfoGenerator.cs b/crypto/src/cms/KEKRecipientInfoGenerator.cs
index a9bedade6..c66f27547 100644
--- a/crypto/src/cms/KEKRecipientInfoGenerator.cs
+++ b/crypto/src/cms/KEKRecipientInfoGenerator.cs
@@ -52,7 +52,7 @@ namespace Org.BouncyCastle.Cms
{
byte[] keyBytes = contentEncryptionKey.GetKey();
- IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id);
+ IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id);
keyWrapper.Init(true, new ParametersWithRandom(keyEncryptionKey, random));
Asn1OctetString encryptedKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
diff --git a/crypto/src/cms/KEKRecipientInformation.cs b/crypto/src/cms/KEKRecipientInformation.cs
index f960197d6..871dc76d4 100644
--- a/crypto/src/cms/KEKRecipientInformation.cs
+++ b/crypto/src/cms/KEKRecipientInformation.cs
@@ -40,7 +40,7 @@ namespace Org.BouncyCastle.Cms
try
{
byte[] encryptedKey = info.EncryptedKey.GetOctets();
- IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyEncAlg.ObjectID.Id);
+ IWrapper keyWrapper = WrapperUtilities.GetWrapper(keyEncAlg.Algorithm.Id);
keyWrapper.Init(false, key);
diff --git a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
index 4fafb7c6e..6bd2cea91 100644
--- a/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
+++ b/crypto/src/cms/KeyAgreeRecipientInfoGenerator.cs
@@ -164,7 +164,7 @@ namespace Org.BouncyCastle.Cms
{
SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
return new OriginatorPublicKey(
- new AlgorithmIdentifier(spki.AlgorithmID.ObjectID, DerNull.Instance),
+ new AlgorithmIdentifier(spki.AlgorithmID.Algorithm, DerNull.Instance),
spki.PublicKeyData.GetBytes());
}
}
diff --git a/crypto/src/cms/KeyAgreeRecipientInformation.cs b/crypto/src/cms/KeyAgreeRecipientInformation.cs
index 8e006e545..73e57a76a 100644
--- a/crypto/src/cms/KeyAgreeRecipientInformation.cs
+++ b/crypto/src/cms/KeyAgreeRecipientInformation.cs
@@ -130,7 +130,7 @@ namespace Org.BouncyCastle.Cms
AsymmetricKeyParameter senderPublicKey,
AsymmetricKeyParameter receiverPrivateKey)
{
- DerObjectIdentifier agreeAlgID = keyEncAlg.ObjectID;
+ DerObjectIdentifier agreeAlgID = keyEncAlg.Algorithm;
ICipherParameters senderPublicParams = senderPublicKey;
ICipherParameters receiverPrivateParams = receiverPrivateKey;
diff --git a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs
index 0992e6da6..a1d8fbfa8 100644
--- a/crypto/src/cms/KeyTransRecipientInfoGenerator.cs
+++ b/crypto/src/cms/KeyTransRecipientInfoGenerator.cs
@@ -64,7 +64,7 @@ namespace Org.BouncyCastle.Cms
byte[] keyBytes = contentEncryptionKey.GetKey();
AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID;
- IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id);
+ IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id);
keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random));
byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
diff --git a/crypto/src/cms/KeyTransRecipientInformation.cs b/crypto/src/cms/KeyTransRecipientInformation.cs
index 24121cb2c..3b1ea7b5e 100644
--- a/crypto/src/cms/KeyTransRecipientInformation.cs
+++ b/crypto/src/cms/KeyTransRecipientInformation.cs
@@ -68,7 +68,7 @@ namespace Org.BouncyCastle.Cms
internal KeyParameter UnwrapKey(ICipherParameters key)
{
byte[] encryptedKey = info.EncryptedKey.GetOctets();
- string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg.ObjectID);
+ string keyExchangeAlgorithm = GetExchangeEncryptionAlgorithmName(keyEncAlg.Algorithm);
try
{
diff --git a/crypto/src/cms/RecipientInformation.cs b/crypto/src/cms/RecipientInformation.cs
index 8b0316be4..272b841f2 100644
--- a/crypto/src/cms/RecipientInformation.cs
+++ b/crypto/src/cms/RecipientInformation.cs
@@ -33,8 +33,8 @@ namespace Org.BouncyCastle.Cms
internal string GetContentAlgorithmName()
{
AlgorithmIdentifier algorithm = secureReadable.Algorithm;
-// return CmsEnvelopedHelper.Instance.GetSymmetricCipherName(algorithm.ObjectID.Id);
- return algorithm.ObjectID.Id;
+// return CmsEnvelopedHelper.Instance.GetSymmetricCipherName(algorithm.Algorithm.Id);
+ return algorithm.Algorithm.Id;
}
public RecipientID RecipientID
@@ -54,7 +54,7 @@ namespace Org.BouncyCastle.Cms
*/
public string KeyEncryptionAlgOid
{
- get { return keyEncAlg.ObjectID.Id; }
+ get { return keyEncAlg.Algorithm.Id; }
}
/**
diff --git a/crypto/src/cms/SignerInformation.cs b/crypto/src/cms/SignerInformation.cs
index 581286a3f..dad128263 100644
--- a/crypto/src/cms/SignerInformation.cs
+++ b/crypto/src/cms/SignerInformation.cs
@@ -117,7 +117,7 @@ namespace Org.BouncyCastle.Cms
*/
public string DigestAlgOid
{
- get { return digestAlgorithm.ObjectID.Id; }
+ get { return digestAlgorithm.Algorithm.Id; }
}
/**
@@ -156,7 +156,7 @@ namespace Org.BouncyCastle.Cms
*/
public string EncryptionAlgOid
{
- get { return encryptionAlgorithm.ObjectID.Id; }
+ get { return encryptionAlgorithm.Algorithm.Id; }
}
/**
@@ -272,7 +272,7 @@ namespace Org.BouncyCastle.Cms
*/
SignerInfo si = SignerInfo.GetInstance(asn1Obj.ToAsn1Object());
- string digestName = CmsSignedHelper.Instance.GetDigestAlgName(si.DigestAlgorithm.ObjectID.Id);
+ string digestName = CmsSignedHelper.Instance.GetDigestAlgName(si.DigestAlgorithm.Algorithm.Id);
counterSignatures.Add(new SignerInformation(si, null, null, new CounterSignatureDigestCalculator(digestName, GetSignature())));
}
@@ -298,7 +298,7 @@ namespace Org.BouncyCastle.Cms
string digestName = Helper.GetDigestAlgName(this.DigestAlgOid);
IDigest digest = Helper.GetDigestInstance(digestName);
- DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.ObjectID;
+ DerObjectIdentifier sigAlgOid = this.encryptionAlgorithm.Algorithm;
Asn1Encodable sigParams = this.encryptionAlgorithm.Parameters;
ISigner sig;
@@ -318,12 +318,12 @@ namespace Org.BouncyCastle.Cms
Asn1.Pkcs.RsassaPssParameters pss = Asn1.Pkcs.RsassaPssParameters.GetInstance(
sigParams.ToAsn1Object());
- if (!pss.HashAlgorithm.ObjectID.Equals(this.digestAlgorithm.ObjectID))
+ if (!pss.HashAlgorithm.Algorithm.Equals(this.digestAlgorithm.Algorithm))
throw new CmsException("RSASSA-PSS signature parameters specified incorrect hash algorithm");
- if (!pss.MaskGenAlgorithm.ObjectID.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1))
+ if (!pss.MaskGenAlgorithm.Algorithm.Equals(Asn1.Pkcs.PkcsObjectIdentifiers.IdMgf1))
throw new CmsException("RSASSA-PSS signature parameters specified unknown MGF");
- IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.ObjectID);
+ IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.Algorithm);
int saltLength = pss.SaltLength.Value.IntValue;
byte trailerField = (byte) pss.TrailerField.Value.IntValue;
@@ -532,7 +532,7 @@ namespace Org.BouncyCastle.Cms
DigestInfo digInfo = DerDecode(decrypt);
- if (!digInfo.AlgorithmID.ObjectID.Equals(digestAlgorithm.ObjectID))
+ if (!digInfo.AlgorithmID.Algorithm.Equals(digestAlgorithm.Algorithm))
{
return false;
}
diff --git a/crypto/src/crypto/modes/SicBlockCipher.cs b/crypto/src/crypto/modes/SicBlockCipher.cs
index 239f99478..0bea4a455 100644
--- a/crypto/src/crypto/modes/SicBlockCipher.cs
+++ b/crypto/src/crypto/modes/SicBlockCipher.cs
@@ -56,16 +56,18 @@ namespace Org.BouncyCastle.Crypto.Modes
if (blockSize < IV.Length)
throw new ArgumentException("CTR/SIC mode requires IV no greater than: " + blockSize + " bytes.");
- if (blockSize - IV.Length > 8)
- throw new ArgumentException("CTR/SIC mode requires IV of at least: " + (blockSize - 8) + " bytes.");
- Reset();
+ int maxCounterSize = System.Math.Min(8, blockSize / 2);
+ if (blockSize - IV.Length > maxCounterSize)
+ throw new ArgumentException("CTR/SIC mode requires IV of at least: " + (blockSize - maxCounterSize) + " bytes.");
// if null it's an IV changed only.
if (ivParam.Parameters != null)
{
cipher.Init(true, ivParam.Parameters);
}
+
+ Reset();
}
public virtual string AlgorithmName
diff --git a/crypto/src/crypto/operators/Asn1Signature.cs b/crypto/src/crypto/operators/Asn1Signature.cs
index 3a20e4bff..e023c1d18 100644
--- a/crypto/src/crypto/operators/Asn1Signature.cs
+++ b/crypto/src/crypto/operators/Asn1Signature.cs
@@ -170,13 +170,13 @@ namespace Org.BouncyCastle.Crypto.Operators
if (parameters != null && !derNull.Equals(parameters))
{
- if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+ if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
{
RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(parameters);
- return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1";
+ return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
}
- if (sigAlgId.ObjectID.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
+ if (sigAlgId.Algorithm.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
{
Asn1Sequence ecDsaParams = Asn1Sequence.GetInstance(parameters);
@@ -184,7 +184,7 @@ namespace Org.BouncyCastle.Crypto.Operators
}
}
- return sigAlgId.ObjectID.Id;
+ return sigAlgId.Algorithm.Id;
}
private static RsassaPssParameters CreatePssParams(
diff --git a/crypto/src/math/BigInteger.cs b/crypto/src/math/BigInteger.cs
index 3d0509fe0..794f252e8 100644
--- a/crypto/src/math/BigInteger.cs
+++ b/crypto/src/math/BigInteger.cs
@@ -681,6 +681,7 @@ namespace Org.BouncyCastle.Math
int xBits = BitsPerByte * nBytes - bitLength;
byte mask = (byte)(255U >> xBits);
+ byte lead = (byte)(1 << (7 - xBits));
for (;;)
{
@@ -690,7 +691,7 @@ namespace Org.BouncyCastle.Math
b[0] &= mask;
// ensure the leading bit is 1 (to meet the strength requirement)
- b[0] |= (byte)(1 << (7 - xBits));
+ b[0] |= lead;
// ensure the trailing bit is 1 (i.e. must be odd)
b[nBytes - 1] |= 1;
@@ -705,18 +706,13 @@ namespace Org.BouncyCastle.Math
if (CheckProbablePrime(certainty, random, true))
break;
- if (bitLength > 32)
+ for (int j = 1; j < magnitude.Length; ++j)
{
- for (int rep = 0; rep < 10000; ++rep)
- {
- int n = 33 + random.Next(bitLength - 2);
- this.magnitude[this.magnitude.Length - (n >> 5)] ^= (1 << (n & 31));
- this.magnitude[this.magnitude.Length - 1] ^= ((random.Next() + 1) << 1);
- this.mQuote = 0;
+ this.magnitude[j] ^= (random.Next() << 1);
+ this.mQuote = 0;
- if (CheckProbablePrime(certainty, random, true))
- return;
- }
+ if (CheckProbablePrime(certainty, random, true))
+ return;
}
}
}
@@ -968,7 +964,7 @@ namespace Org.BouncyCastle.Math
//
// BitLen(value) is the number of bits in value.
//
- private static int BitLen(int w)
+ internal static int BitLen(int w)
{
uint v = (uint)w;
uint t = v >> 24;
diff --git a/crypto/src/ocsp/BasicOCSPResp.cs b/crypto/src/ocsp/BasicOCSPResp.cs
index 4253726bb..63ab8921e 100644
--- a/crypto/src/ocsp/BasicOCSPResp.cs
+++ b/crypto/src/ocsp/BasicOCSPResp.cs
@@ -95,12 +95,12 @@ namespace Org.BouncyCastle.Ocsp
public string SignatureAlgName
{
- get { return OcspUtilities.GetAlgorithmName(resp.SignatureAlgorithm.ObjectID); }
+ get { return OcspUtilities.GetAlgorithmName(resp.SignatureAlgorithm.Algorithm); }
}
public string SignatureAlgOid
{
- get { return resp.SignatureAlgorithm.ObjectID.Id; }
+ get { return resp.SignatureAlgorithm.Algorithm.Id; }
}
[Obsolete("RespData class is no longer required as all functionality is available on this class")]
@@ -111,7 +111,7 @@ namespace Org.BouncyCastle.Ocsp
public byte[] GetSignature()
{
- return resp.Signature.GetBytes();
+ return resp.GetSignatureOctets();
}
private IList GetCertList()
diff --git a/crypto/src/ocsp/CertificateID.cs b/crypto/src/ocsp/CertificateID.cs
index a8f035759..ec902d5c3 100644
--- a/crypto/src/ocsp/CertificateID.cs
+++ b/crypto/src/ocsp/CertificateID.cs
@@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Ocsp
public string HashAlgOid
{
- get { return id.HashAlgorithm.ObjectID.Id; }
+ get { return id.HashAlgorithm.Algorithm.Id; }
}
public byte[] GetIssuerNameHash()
@@ -118,7 +118,7 @@ namespace Org.BouncyCastle.Ocsp
{
try
{
- String hashAlgorithm = hashAlg.ObjectID.Id;
+ String hashAlgorithm = hashAlg.Algorithm.Id;
X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert);
byte[] issuerNameHash = DigestUtilities.CalculateDigest(
diff --git a/crypto/src/ocsp/OCSPReq.cs b/crypto/src/ocsp/OCSPReq.cs
index 84808e50a..0cd95c6d6 100644
--- a/crypto/src/ocsp/OCSPReq.cs
+++ b/crypto/src/ocsp/OCSPReq.cs
@@ -144,7 +144,7 @@ namespace Org.BouncyCastle.Ocsp
if (!this.IsSigned)
return null;
- return req.OptionalSignature.SignatureAlgorithm.ObjectID.Id;
+ return req.OptionalSignature.SignatureAlgorithm.Algorithm.Id;
}
}
@@ -153,10 +153,10 @@ namespace Org.BouncyCastle.Ocsp
if (!this.IsSigned)
return null;
- return req.OptionalSignature.SignatureValue.GetBytes();
+ return req.OptionalSignature.GetSignatureOctets();
}
- private IList GetCertList()
+ private IList GetCertList()
{
// load the certificates if we have any
diff --git a/crypto/src/openssl/MiscPemGenerator.cs b/crypto/src/openssl/MiscPemGenerator.cs
index 6b91e8b1c..568465fe4 100644
--- a/crypto/src/openssl/MiscPemGenerator.cs
+++ b/crypto/src/openssl/MiscPemGenerator.cs
@@ -218,7 +218,7 @@ namespace Org.BouncyCastle.OpenSsl
{
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp);
AlgorithmIdentifier algID = info.PrivateKeyAlgorithm;
- DerObjectIdentifier oid = algID.ObjectID;
+ DerObjectIdentifier oid = algID.Algorithm;
if (oid.Equals(X9ObjectIdentifiers.IdDsa))
{
diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
index 1789f2a70..0411d9190 100644
--- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs
+++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
@@ -344,7 +344,7 @@ namespace Org.BouncyCastle.Pkcs
Platform.Dispose(streamCalculator.Stream);
- return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetBytes());
+ return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets());
}
catch (Exception e)
{
@@ -402,14 +402,14 @@ namespace Org.BouncyCastle.Pkcs
if (asn1Params != null && !(asn1Params is Asn1Null))
{
- if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+ if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
{
RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(asn1Params);
- return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1";
+ return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
}
}
- return sigAlgId.ObjectID.Id;
+ return sigAlgId.Algorithm.Id;
}
private static string GetDigestAlgName(
diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs
index ba3c208e8..137c3d6a6 100644
--- a/crypto/src/pkcs/Pkcs12Store.cs
+++ b/crypto/src/pkcs/Pkcs12Store.cs
@@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pkcs
byte[] data = ((Asn1OctetString) info.Content).GetOctets();
- byte[] mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, false, data);
+ byte[] mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, false, data);
byte[] dig = dInfo.GetDigest();
if (!Arrays.ConstantTimeAreEqual(mac, dig))
@@ -222,7 +222,7 @@ namespace Org.BouncyCastle.Pkcs
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
// Try with incorrect zero length password
- mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, true, data);
+ mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, true, data);
if (!Arrays.ConstantTimeAreEqual(mac, dig))
throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file.");
@@ -1015,14 +1015,14 @@ namespace Org.BouncyCastle.Pkcs
bool wrongPkcs12Zero,
byte[] data)
{
- IBufferedCipher cipher = PbeUtilities.CreateEngine(algId.ObjectID) as IBufferedCipher;
+ IBufferedCipher cipher = PbeUtilities.CreateEngine(algId.Algorithm) as IBufferedCipher;
if (cipher == null)
- throw new Exception("Unknown encryption algorithm: " + algId.ObjectID);
+ throw new Exception("Unknown encryption algorithm: " + algId.Algorithm);
Pkcs12PbeParams pbeParameters = Pkcs12PbeParams.GetInstance(algId.Parameters);
ICipherParameters cipherParams = PbeUtilities.GenerateCipherParameters(
- algId.ObjectID, password, wrongPkcs12Zero, pbeParameters);
+ algId.Algorithm, password, wrongPkcs12Zero, pbeParameters);
cipher.Init(forEncryption, cipherParams);
return cipher.DoFinal(data);
}
diff --git a/crypto/src/pkcs/Pkcs12Utilities.cs b/crypto/src/pkcs/Pkcs12Utilities.cs
index d35c8b6a2..923eca5a5 100644
--- a/crypto/src/pkcs/Pkcs12Utilities.cs
+++ b/crypto/src/pkcs/Pkcs12Utilities.cs
@@ -56,10 +56,10 @@ namespace Org.BouncyCastle.Pkcs
int itCount = mData.IterationCount.IntValue;
byte[] data = Asn1OctetString.GetInstance(info.Content).GetOctets();
byte[] res = Pkcs12Store.CalculatePbeMac(
- mData.Mac.AlgorithmID.ObjectID, mData.GetSalt(), itCount, passwd, false, data);
+ mData.Mac.AlgorithmID.Algorithm, mData.GetSalt(), itCount, passwd, false, data);
AlgorithmIdentifier algId = new AlgorithmIdentifier(
- mData.Mac.AlgorithmID.ObjectID, DerNull.Instance);
+ mData.Mac.AlgorithmID.Algorithm, DerNull.Instance);
DigestInfo dInfo = new DigestInfo(algId, res);
mData = new MacData(dInfo, mData.GetSalt(), itCount);
diff --git a/crypto/src/pkcs/PrivateKeyInfoFactory.cs b/crypto/src/pkcs/PrivateKeyInfoFactory.cs
index 723d50f08..c6aab4884 100644
--- a/crypto/src/pkcs/PrivateKeyInfoFactory.cs
+++ b/crypto/src/pkcs/PrivateKeyInfoFactory.cs
@@ -195,7 +195,7 @@ namespace Org.BouncyCastle.Pkcs
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
if (cipher == null)
- throw new Exception("Unknown encryption algorithm: " + algID.ObjectID);
+ throw new Exception("Unknown encryption algorithm: " + algID.Algorithm);
ICipherParameters cipherParameters = PbeUtilities.GenerateCipherParameters(
algID, passPhrase, wrongPkcs12Zero);
diff --git a/crypto/src/pkix/PkixCertPathValidator.cs b/crypto/src/pkix/PkixCertPathValidator.cs
index 7eb838886..fcfa63837 100644
--- a/crypto/src/pkix/PkixCertPathValidator.cs
+++ b/crypto/src/pkix/PkixCertPathValidator.cs
@@ -204,7 +204,7 @@ namespace Org.BouncyCastle.Pkix
"Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);
}
-// DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.ObjectID;
+// DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.Algorithm;
// Asn1Encodable workingPublicKeyParameters = workingAlgId.Parameters;
//
@@ -358,7 +358,7 @@ namespace Org.BouncyCastle.Pkix
workingAlgId = PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
// (f)
-// workingPublicKeyAlgorithm = workingAlgId.ObjectID;
+// workingPublicKeyAlgorithm = workingAlgId.Algorithm;
// (e)
// workingPublicKeyParameters = workingAlgId.Parameters;
}
diff --git a/crypto/src/security/PbeUtilities.cs b/crypto/src/security/PbeUtilities.cs
index 56d68ba0a..0cb235ae6 100644
--- a/crypto/src/security/PbeUtilities.cs
+++ b/crypto/src/security/PbeUtilities.cs
@@ -345,7 +345,7 @@ namespace Org.BouncyCastle.Security
AlgorithmIdentifier algID,
char[] password)
{
- return GenerateCipherParameters(algID.ObjectID.Id, password, false, algID.Parameters);
+ return GenerateCipherParameters(algID.Algorithm.Id, password, false, algID.Parameters);
}
public static ICipherParameters GenerateCipherParameters(
@@ -353,7 +353,7 @@ namespace Org.BouncyCastle.Security
char[] password,
bool wrongPkcs12Zero)
{
- return GenerateCipherParameters(algID.ObjectID.Id, password, wrongPkcs12Zero, algID.Parameters);
+ return GenerateCipherParameters(algID.Algorithm.Id, password, wrongPkcs12Zero, algID.Parameters);
}
public static ICipherParameters GenerateCipherParameters(
@@ -401,10 +401,10 @@ namespace Org.BouncyCastle.Security
{
PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object());
AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
- DerObjectIdentifier encOid = encScheme.ObjectID;
+ DerObjectIdentifier encOid = encScheme.Algorithm;
Asn1Object encParams = encScheme.Parameters.ToAsn1Object();
- // TODO What about s2p.KeyDerivationFunc.ObjectID?
+ // TODO What about s2p.KeyDerivationFunc.Algorithm?
Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object());
byte[] iv;
@@ -577,13 +577,13 @@ namespace Org.BouncyCastle.Security
public static object CreateEngine(
AlgorithmIdentifier algID)
{
- string algorithm = algID.ObjectID.Id;
+ string algorithm = algID.Algorithm.Id;
if (IsPkcs5Scheme2(algorithm))
{
PbeS2Parameters s2p = PbeS2Parameters.GetInstance(algID.Parameters.ToAsn1Object());
AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
- return CipherUtilities.GetCipher(encScheme.ObjectID);
+ return CipherUtilities.GetCipher(encScheme.Algorithm);
}
return CreateEngine(algorithm);
diff --git a/crypto/src/security/PrivateKeyFactory.cs b/crypto/src/security/PrivateKeyFactory.cs
index edc5ef85a..b9538b33d 100644
--- a/crypto/src/security/PrivateKeyFactory.cs
+++ b/crypto/src/security/PrivateKeyFactory.cs
@@ -45,7 +45,7 @@ namespace Org.BouncyCastle.Security
PrivateKeyInfo keyInfo)
{
AlgorithmIdentifier algID = keyInfo.PrivateKeyAlgorithm;
- DerObjectIdentifier algOid = algID.ObjectID;
+ DerObjectIdentifier algOid = algID.Algorithm;
// TODO See RSAUtil.isRsaOid in Java build
if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
diff --git a/crypto/src/security/PublicKeyFactory.cs b/crypto/src/security/PublicKeyFactory.cs
index 8c0be4f70..f1b28b774 100644
--- a/crypto/src/security/PublicKeyFactory.cs
+++ b/crypto/src/security/PublicKeyFactory.cs
@@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Security
SubjectPublicKeyInfo keyInfo)
{
AlgorithmIdentifier algID = keyInfo.AlgorithmID;
- DerObjectIdentifier algOid = algID.ObjectID;
+ DerObjectIdentifier algOid = algID.Algorithm;
// TODO See RSAUtil.isRsaOid in Java build
if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
diff --git a/crypto/src/tsp/TimeStampRequest.cs b/crypto/src/tsp/TimeStampRequest.cs
index 6b9699379..f54d33e04 100644
--- a/crypto/src/tsp/TimeStampRequest.cs
+++ b/crypto/src/tsp/TimeStampRequest.cs
@@ -77,7 +77,7 @@ namespace Org.BouncyCastle.Tsp
public string MessageImprintAlgOid
{
- get { return req.MessageImprint.HashAlgorithm.ObjectID.Id; }
+ get { return req.MessageImprint.HashAlgorithm.Algorithm.Id; }
}
public byte[] GetMessageImprintDigest()
diff --git a/crypto/src/tsp/TimeStampResponseGenerator.cs b/crypto/src/tsp/TimeStampResponseGenerator.cs
index 8d798de67..b596f8d97 100644
--- a/crypto/src/tsp/TimeStampResponseGenerator.cs
+++ b/crypto/src/tsp/TimeStampResponseGenerator.cs
@@ -166,9 +166,8 @@ namespace Org.BouncyCastle.Tsp
class FailInfo
: DerBitString
{
- internal FailInfo(
- int failInfoValue)
- : base(GetBytes(failInfoValue), GetPadBits(failInfoValue))
+ internal FailInfo(int failInfoValue)
+ : base(failInfoValue)
{
}
}
diff --git a/crypto/src/tsp/TimeStampToken.cs b/crypto/src/tsp/TimeStampToken.cs
index 51a9592dc..105208a7d 100644
--- a/crypto/src/tsp/TimeStampToken.cs
+++ b/crypto/src/tsp/TimeStampToken.cs
@@ -271,10 +271,10 @@ namespace Org.BouncyCastle.Tsp
if (certID != null)
return "SHA-1";
- if (NistObjectIdentifiers.IdSha256.Equals(certIDv2.HashAlgorithm.ObjectID))
+ if (NistObjectIdentifiers.IdSha256.Equals(certIDv2.HashAlgorithm.Algorithm))
return "SHA-256";
- return certIDv2.HashAlgorithm.ObjectID.Id;
+ return certIDv2.HashAlgorithm.Algorithm.Id;
}
public AlgorithmIdentifier GetHashAlgorithm()
diff --git a/crypto/src/tsp/TimeStampTokenInfo.cs b/crypto/src/tsp/TimeStampTokenInfo.cs
index 5027a87c4..cdef826bc 100644
--- a/crypto/src/tsp/TimeStampTokenInfo.cs
+++ b/crypto/src/tsp/TimeStampTokenInfo.cs
@@ -86,7 +86,7 @@ namespace Org.BouncyCastle.Tsp
public string MessageImprintAlgOid
{
- get { return tstInfo.MessageImprint.HashAlgorithm.ObjectID.Id; }
+ get { return tstInfo.MessageImprint.HashAlgorithm.Algorithm.Id; }
}
public byte[] GetMessageImprintDigest()
diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs
index 3a6af4c20..04460cd59 100644
--- a/crypto/src/x509/AttributeCertificateHolder.cs
+++ b/crypto/src/x509/AttributeCertificateHolder.cs
@@ -103,7 +103,7 @@ namespace Org.BouncyCastle.X509
// TODO Allow 'objectDigest' to be null?
holder = new Holder(new ObjectDigestInfo(digestedObjectType, otherObjectTypeID,
- new AlgorithmIdentifier(digestAlgorithm), Arrays.Clone(objectDigest)));
+ new AlgorithmIdentifier(new DerObjectIdentifier(digestAlgorithm)), Arrays.Clone(objectDigest)));
}
/**
@@ -147,7 +147,7 @@ namespace Org.BouncyCastle.X509
return odi == null
? null
- : odi.DigestAlgorithm.ObjectID.Id;
+ : odi.DigestAlgorithm.Algorithm.Id;
}
}
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index fc7f96aa9..6d7bd7a61 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -237,16 +237,16 @@ namespace Org.BouncyCastle.X509
/// <returns>A byte array containg the signature of the certificate.</returns>
public virtual byte[] GetSignature()
{
- return c.Signature.GetBytes();
+ return c.GetSignatureOctets();
}
- /// <summary>
+ /// <summary>
/// A meaningful version of the Signature Algorithm. (EG SHA1WITHRSA)
/// </summary>
/// <returns>A sting representing the signature algorithm.</returns>
public virtual string SigAlgName
{
- get { return SignerUtilities.GetEncodingName(c.SignatureAlgorithm.ObjectID); }
+ get { return SignerUtilities.GetEncodingName(c.SignatureAlgorithm.Algorithm); }
}
/// <summary>
@@ -255,7 +255,7 @@ namespace Org.BouncyCastle.X509
/// <returns>A string containg a '.' separated object id.</returns>
public virtual string SigAlgOid
{
- get { return c.SignatureAlgorithm.ObjectID.Id; }
+ get { return c.SignatureAlgorithm.Algorithm.Id; }
}
/// <summary>
@@ -586,7 +586,7 @@ namespace Org.BouncyCastle.X509
private static bool IsAlgIDEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
{
- if (!id1.ObjectID.Equals(id2.ObjectID))
+ if (!id1.Algorithm.Equals(id2.Algorithm))
return false;
Asn1Encodable p1 = id1.Parameters;
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs
index 53de3e91f..ecfb14132 100644
--- a/crypto/src/x509/X509Crl.cs
+++ b/crypto/src/x509/X509Crl.cs
@@ -211,7 +211,7 @@ namespace Org.BouncyCastle.X509
public virtual byte[] GetSignature()
{
- return c.Signature.GetBytes();
+ return c.GetSignatureOctets();
}
public virtual string SigAlgName
@@ -221,7 +221,7 @@ namespace Org.BouncyCastle.X509
public virtual string SigAlgOid
{
- get { return c.SignatureAlgorithm.ObjectID.Id; }
+ get { return c.SignatureAlgorithm.Algorithm.Id; }
}
public virtual byte[] GetSigAlgParams()
diff --git a/crypto/src/x509/X509SignatureUtil.cs b/crypto/src/x509/X509SignatureUtil.cs
index 7a4ab1448..858b8f446 100644
--- a/crypto/src/x509/X509SignatureUtil.cs
+++ b/crypto/src/x509/X509SignatureUtil.cs
@@ -55,13 +55,13 @@ namespace Org.BouncyCastle.X509
if (parameters != null && !derNull.Equals(parameters))
{
- if (sigAlgId.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+ if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
{
RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(parameters);
- return GetDigestAlgName(rsaParams.HashAlgorithm.ObjectID) + "withRSAandMGF1";
+ return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
}
- if (sigAlgId.ObjectID.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
+ if (sigAlgId.Algorithm.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
{
Asn1Sequence ecDsaParams = Asn1Sequence.GetInstance(parameters);
@@ -69,7 +69,7 @@ namespace Org.BouncyCastle.X509
}
}
- return sigAlgId.ObjectID.Id;
+ return sigAlgId.Algorithm.Id;
}
/**
diff --git a/crypto/src/x509/X509V2AttributeCertificate.cs b/crypto/src/x509/X509V2AttributeCertificate.cs
index 9376538a1..c41b31239 100644
--- a/crypto/src/x509/X509V2AttributeCertificate.cs
+++ b/crypto/src/x509/X509V2AttributeCertificate.cs
@@ -147,9 +147,14 @@ namespace Org.BouncyCastle.X509
throw new CertificateNotYetValidException("certificate not valid until " + NotBefore);
}
+ public virtual AlgorithmIdentifier SignatureAlgorithm
+ {
+ get { return cert.SignatureAlgorithm; }
+ }
+
public virtual byte[] GetSignature()
{
- return cert.SignatureValue.GetBytes();
+ return cert.GetSignatureOctets();
}
public virtual void Verify(
diff --git a/crypto/test/src/asn1/test/BitStringTest.cs b/crypto/test/src/asn1/test/BitStringTest.cs
index 3a2dc3156..05be45941 100644
--- a/crypto/test/src/asn1/test/BitStringTest.cs
+++ b/crypto/test/src/asn1/test/BitStringTest.cs
@@ -4,44 +4,120 @@ using System.IO;
using NUnit.Framework;
using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
using Org.BouncyCastle.Utilities.Test;
namespace Org.BouncyCastle.Asn1.Tests
{
[TestFixture]
public class BitStringTest
- : ITest
+ : SimpleTest
{
- public ITestResult Perform()
+ private void DoTestZeroLengthStrings()
+ {
+ // basic construction
+ DerBitString s1 = new DerBitString(new byte[0], 0);
+
+ s1.GetBytes();
+
+ if (!Arrays.AreEqual(s1.GetEncoded(), Hex.Decode("030100")))
+ {
+ Fail("zero encoding wrong");
+ }
+
+ try
+ {
+ new DerBitString(null, 1);
+ Fail("exception not thrown");
+ }
+ catch (ArgumentNullException)
+ {
+ }
+
+ try
+ {
+ new DerBitString(new byte[0], 1);
+ Fail("exception not thrown");
+ }
+ catch (ArgumentException)
+ {
+ }
+
+ try
+ {
+ new DerBitString(new byte[1], 8);
+ Fail("exception not thrown");
+ }
+ catch (ArgumentException)
+ {
+ }
+
+ DerBitString s2 = new DerBitString(0);
+ if (!Arrays.AreEqual(s1.GetEncoded(), s2.GetEncoded()))
+ {
+ Fail("zero encoding wrong");
+ }
+ }
+
+ private void DoTestRandomPadBits()
+ {
+ byte[] test = Hex.Decode("030206c0");
+
+ byte[] test1 = Hex.Decode("030206f0");
+ byte[] test2 = Hex.Decode("030206c1");
+ byte[] test3 = Hex.Decode("030206c7");
+ byte[] test4 = Hex.Decode("030206d1");
+
+ EncodingCheck(test, test1);
+ EncodingCheck(test, test2);
+ EncodingCheck(test, test3);
+ EncodingCheck(test, test4);
+ }
+
+ private void EncodingCheck(byte[] derData, byte[] dlData)
+ {
+ if (Arrays.AreEqual(derData, Asn1Object.FromByteArray(dlData).GetEncoded()))
+ {
+ //Fail("failed DL check");
+ Fail("failed BER check");
+ }
+ if (!Arrays.AreEqual(derData, Asn1Object.FromByteArray(dlData).GetDerEncoded()))
+ {
+ Fail("failed DER check");
+ }
+ }
+
+ public override void PerformTest()
{
KeyUsage k = new KeyUsage(KeyUsage.DigitalSignature);
if ((k.GetBytes()[0] != (byte)KeyUsage.DigitalSignature) || (k.PadBits != 7))
{
- return new SimpleTestResult(false, Name + ": failed digitalSignature");
+ Fail("failed digitalSignature");
}
k = new KeyUsage(KeyUsage.NonRepudiation);
if ((k.GetBytes()[0] != (byte)KeyUsage.NonRepudiation) || (k.PadBits != 6))
{
- return new SimpleTestResult(false, Name + ": failed nonRepudiation");
+ Fail("failed nonRepudiation");
}
k = new KeyUsage(KeyUsage.KeyEncipherment);
if ((k.GetBytes()[0] != (byte)KeyUsage.KeyEncipherment) || (k.PadBits != 5))
{
- return new SimpleTestResult(false, Name + ": failed keyEncipherment");
+ Fail("failed keyEncipherment");
}
k = new KeyUsage(KeyUsage.CrlSign);
if ((k.GetBytes()[0] != (byte)KeyUsage.CrlSign) || (k.PadBits != 1))
{
- return new SimpleTestResult(false, Name + ": failed cRLSign");
+ Fail("failed cRLSign");
}
k = new KeyUsage(KeyUsage.DecipherOnly);
if ((k.GetBytes()[1] != (byte)(KeyUsage.DecipherOnly >> 8)) || (k.PadBits != 7))
{
- return new SimpleTestResult(false, Name + ": failed decipherOnly");
+ Fail("failed decipherOnly");
}
// test for zero length bit string
@@ -51,27 +127,25 @@ namespace Org.BouncyCastle.Asn1.Tests
}
catch (IOException e)
{
- return new SimpleTestResult(false, Name + ": " + e);
+ Fail(e.ToString());
}
- return new SimpleTestResult(true, Name + ": Okay");
+ DoTestRandomPadBits();
+ DoTestZeroLengthStrings();
}
- public string Name
+ public override string Name
{
get { return "BitString"; }
}
- public static void Main(
+ public static void Main(
string[] args)
{
- ITest test = new BitStringTest();
- ITestResult result = test.Perform();
-
- Console.WriteLine(result);
+ RunTest(new BitStringTest());
}
- [Test]
+ [Test]
public void TestFunction()
{
string resultText = Perform().ToString();
diff --git a/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs b/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs
index 042781632..914eda0b8 100644
--- a/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs
+++ b/crypto/test/src/asn1/test/LDSSecurityObjectUnitTest.cs
@@ -4,6 +4,7 @@ using NUnit.Framework;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Icao;
+using Org.BouncyCastle.Asn1.Oiw;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Utilities.Test;
@@ -29,7 +30,7 @@ namespace Org.BouncyCastle.Asn1.Tests
public override void PerformTest()
{
- AlgorithmIdentifier algoId = new AlgorithmIdentifier("1.3.14.3.2.26");
+ AlgorithmIdentifier algoId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1);
DataGroupHash[] datas = new DataGroupHash[2];
datas[0] = new DataGroupHash(1, new DerOctetString(GenerateHash()));
diff --git a/crypto/test/src/asn1/test/PKIFailureInfoTest.cs b/crypto/test/src/asn1/test/PKIFailureInfoTest.cs
index 734dbbc14..7d51dbb5f 100644
--- a/crypto/test/src/asn1/test/PKIFailureInfoTest.cs
+++ b/crypto/test/src/asn1/test/PKIFailureInfoTest.cs
@@ -11,7 +11,7 @@ using Org.BouncyCastle.Utilities.Test;
namespace Org.BouncyCastle.Asn1.Tests
{
/**
- * PKIFailureInfoTest
+ * PkiFailureInfoTest
*/
[TestFixture]
public class PkiFailureInfoTest
@@ -25,12 +25,13 @@ namespace Org.BouncyCastle.Asn1.Tests
get { return "PkiFailureInfo"; }
}
- private void doTestEncoding()
+ private void DoTestEncoding()
{
- DerBitString bitString = (DerBitString) Asn1Object.FromByteArray(CORRECT_FAILURE_INFO);
+ DerBitString bitString = (DerBitString)Asn1Object.FromByteArray(CORRECT_FAILURE_INFO);
PkiFailureInfo correct = new PkiFailureInfo(bitString);
- PkiFailureInfo bug = new PkiFailureInfo(PkiFailureInfo.BadRequest | PkiFailureInfo.BadTime | PkiFailureInfo.BadDataFormat | PkiFailureInfo.IncorrectData);
+ PkiFailureInfo bug = new PkiFailureInfo(
+ PkiFailureInfo.BadRequest | PkiFailureInfo.BadTime | PkiFailureInfo.BadDataFormat | PkiFailureInfo.IncorrectData);
if (!Arrays.AreEqual(correct.GetDerEncoded(), bug.GetDerEncoded()))
{
@@ -40,23 +41,35 @@ namespace Org.BouncyCastle.Asn1.Tests
public override void PerformTest()
{
- BitStringConstantTester.testFlagValueCorrect(0, PkiFailureInfo.BadAlg);
- BitStringConstantTester.testFlagValueCorrect(1, PkiFailureInfo.BadMessageCheck);
- BitStringConstantTester.testFlagValueCorrect(2, PkiFailureInfo.BadRequest);
- BitStringConstantTester.testFlagValueCorrect(3, PkiFailureInfo.BadTime);
- BitStringConstantTester.testFlagValueCorrect(4, PkiFailureInfo.BadCertId);
- BitStringConstantTester.testFlagValueCorrect(5, PkiFailureInfo.BadDataFormat);
- BitStringConstantTester.testFlagValueCorrect(6, PkiFailureInfo.WrongAuthority);
- BitStringConstantTester.testFlagValueCorrect(7, PkiFailureInfo.IncorrectData);
- BitStringConstantTester.testFlagValueCorrect(8, PkiFailureInfo.MissingTimeStamp);
- BitStringConstantTester.testFlagValueCorrect(9, PkiFailureInfo.BadPop);
- BitStringConstantTester.testFlagValueCorrect(14, PkiFailureInfo.TimeNotAvailable);
- BitStringConstantTester.testFlagValueCorrect(15, PkiFailureInfo.UnacceptedPolicy);
- BitStringConstantTester.testFlagValueCorrect(16, PkiFailureInfo.UnacceptedExtension);
- BitStringConstantTester.testFlagValueCorrect(17, PkiFailureInfo.AddInfoNotAvailable);
- BitStringConstantTester.testFlagValueCorrect(25, PkiFailureInfo.SystemFailure);
+ BitStringConstantTester.testFlagValueCorrect(0, PkiFailureInfo.BadAlg);
+ BitStringConstantTester.testFlagValueCorrect(1, PkiFailureInfo.BadMessageCheck);
+ BitStringConstantTester.testFlagValueCorrect(2, PkiFailureInfo.BadRequest);
+ BitStringConstantTester.testFlagValueCorrect(3, PkiFailureInfo.BadTime);
+ BitStringConstantTester.testFlagValueCorrect(4, PkiFailureInfo.BadCertId);
+ BitStringConstantTester.testFlagValueCorrect(5, PkiFailureInfo.BadDataFormat);
+ BitStringConstantTester.testFlagValueCorrect(6, PkiFailureInfo.WrongAuthority);
+ BitStringConstantTester.testFlagValueCorrect(7, PkiFailureInfo.IncorrectData);
+ BitStringConstantTester.testFlagValueCorrect(8, PkiFailureInfo.MissingTimeStamp);
+ BitStringConstantTester.testFlagValueCorrect(9, PkiFailureInfo.BadPop);
+ BitStringConstantTester.testFlagValueCorrect(10, PkiFailureInfo.CertRevoked);
+ BitStringConstantTester.testFlagValueCorrect(11, PkiFailureInfo.CertConfirmed);
+ BitStringConstantTester.testFlagValueCorrect(12, PkiFailureInfo.WrongIntegrity);
+ BitStringConstantTester.testFlagValueCorrect(13, PkiFailureInfo.BadRecipientNonce);
+ BitStringConstantTester.testFlagValueCorrect(14, PkiFailureInfo.TimeNotAvailable);
+ BitStringConstantTester.testFlagValueCorrect(15, PkiFailureInfo.UnacceptedPolicy);
+ BitStringConstantTester.testFlagValueCorrect(16, PkiFailureInfo.UnacceptedExtension);
+ BitStringConstantTester.testFlagValueCorrect(17, PkiFailureInfo.AddInfoNotAvailable);
+ BitStringConstantTester.testFlagValueCorrect(18, PkiFailureInfo.BadSenderNonce);
+ BitStringConstantTester.testFlagValueCorrect(19, PkiFailureInfo.BadCertTemplate);
+ BitStringConstantTester.testFlagValueCorrect(20, PkiFailureInfo.SignerNotTrusted);
+ BitStringConstantTester.testFlagValueCorrect(21, PkiFailureInfo.TransactionIdInUse);
+ BitStringConstantTester.testFlagValueCorrect(22, PkiFailureInfo.UnsupportedVersion);
+ BitStringConstantTester.testFlagValueCorrect(23, PkiFailureInfo.NotAuthorized);
+ BitStringConstantTester.testFlagValueCorrect(24, PkiFailureInfo.SystemUnavail);
+ BitStringConstantTester.testFlagValueCorrect(25, PkiFailureInfo.SystemFailure);
+ BitStringConstantTester.testFlagValueCorrect(26, PkiFailureInfo.DuplicateCertReq);
- doTestEncoding();
+ DoTestEncoding();
}
public static void Main(
diff --git a/crypto/test/src/crypto/test/Pkcs5Test.cs b/crypto/test/src/crypto/test/Pkcs5Test.cs
index 8066e8e41..fdf1e7a66 100644
--- a/crypto/test/src/crypto/test/Pkcs5Test.cs
+++ b/crypto/test/src/crypto/test/Pkcs5Test.cs
@@ -115,7 +115,7 @@ namespace Org.BouncyCastle.Crypto.Tests
generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, iterationCount);
- DerObjectIdentifier algOid = scheme.ObjectID;
+ DerObjectIdentifier algOid = scheme.Algorithm;
byte[] iv;
if (algOid.Equals(PkcsObjectIdentifiers.RC2Cbc))
diff --git a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
index 48af9e0f8..0cc1883ba 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
@@ -128,14 +128,14 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(cert.TbsCertificate);
v.Add(cert.SignatureAlgorithm);
- v.Add(CorruptBitString(cert.Signature));
+ v.Add(CorruptSignature(cert.Signature));
return X509CertificateStructure.GetInstance(new DerSequence(v));
}
- protected virtual DerBitString CorruptBitString(DerBitString bs)
+ protected virtual DerBitString CorruptSignature(DerBitString bs)
{
- return new DerBitString(CorruptBit(bs.GetBytes()));
+ return new DerBitString(CorruptBit(bs.GetOctets()));
}
protected virtual byte[] CorruptBit(byte[] bs)
diff --git a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
index c6b39135e..cd9dfcfad 100644
--- a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
+++ b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
@@ -837,7 +837,7 @@ namespace Org.BouncyCastle.Pkcs.Tests
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(sb.BagValue);
// check the key encryption
- if (!encInfo.EncryptionAlgorithm.ObjectID.Equals(keyAlgorithm))
+ if (!encInfo.EncryptionAlgorithm.Algorithm.Equals(keyAlgorithm))
{
Fail("key encryption algorithm wrong");
}
@@ -845,7 +845,7 @@ namespace Org.BouncyCastle.Pkcs.Tests
// check the certificate encryption
EncryptedData cb = EncryptedData.GetInstance(c2.Content);
- if (!cb.EncryptionAlgorithm.ObjectID.Equals(certAlgorithm))
+ if (!cb.EncryptionAlgorithm.Algorithm.Equals(certAlgorithm))
{
Fail("cert encryption algorithm wrong");
}
diff --git a/crypto/test/src/test/CertTest.cs b/crypto/test/src/test/CertTest.cs
index 9bb4df7d1..72e17e458 100644
--- a/crypto/test/src/test/CertTest.cs
+++ b/crypto/test/src/test/CertTest.cs
@@ -2452,7 +2452,7 @@ namespace Org.BouncyCastle.Tests
DerSequence seq = new DerSequence(
tbsCertificate,
- new AlgorithmIdentifier(sig.ObjectID),
+ new AlgorithmIdentifier(sig.Algorithm),
certStruct.Signature);
try
diff --git a/crypto/test/src/test/PKCS10CertRequestTest.cs b/crypto/test/src/test/PKCS10CertRequestTest.cs
index 819439cd8..9bad0a678 100644
--- a/crypto/test/src/test/PKCS10CertRequestTest.cs
+++ b/crypto/test/src/test/PKCS10CertRequestTest.cs
@@ -193,7 +193,7 @@ namespace Org.BouncyCastle.Tests
Fail("Failed Verify check EC uncompressed encoded.");
}
- if (!req.SignatureAlgorithm.ObjectID.Equals(algOid))
+ if (!req.SignatureAlgorithm.Algorithm.Equals(algOid))
{
Fail("ECDSA oid incorrect.");
}
@@ -210,7 +210,7 @@ namespace Org.BouncyCastle.Tests
byte[] b = req.GetCertificationRequestInfo().GetEncoded();
sig.BlockUpdate(b, 0, b.Length);
- if (!sig.VerifySignature(req.Signature.GetBytes()))
+ if (!sig.VerifySignature(req.GetSignatureOctets()))
{
Fail("signature not mapped correctly.");
}
@@ -247,7 +247,7 @@ namespace Org.BouncyCastle.Tests
Fail("Failed Verify check EC encoded.");
}
- if (!req.SignatureAlgorithm.ObjectID.Equals(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001))
+ if (!req.SignatureAlgorithm.Algorithm.Equals(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001))
{
Fail("ECGOST oid incorrect.");
}
@@ -264,7 +264,7 @@ namespace Org.BouncyCastle.Tests
byte[] b = req.GetCertificationRequestInfo().GetEncoded();
sig.BlockUpdate(b, 0, b.Length);
- if (!sig.VerifySignature(req.Signature.GetBytes()))
+ if (!sig.VerifySignature(req.GetSignatureOctets()))
{
Fail("signature not mapped correctly.");
}
@@ -308,7 +308,7 @@ namespace Org.BouncyCastle.Tests
Fail("Failed verify check PSS encoded.");
}
- if (!req.SignatureAlgorithm.ObjectID.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+ if (!req.SignatureAlgorithm.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
{
Fail("PSS oid incorrect.");
}
@@ -325,7 +325,7 @@ namespace Org.BouncyCastle.Tests
byte[] encoded = req.GetCertificationRequestInfo().GetEncoded();
sig.BlockUpdate(encoded, 0, encoded.Length);
- if (!sig.VerifySignature(req.Signature.GetBytes()))
+ if (!sig.VerifySignature(req.GetSignatureOctets()))
{
Fail("signature not mapped correctly.");
}
|
