diff options
Diffstat (limited to 'crypto/src/cms')
| -rw-r--r-- | crypto/src/cms/CMSAttributeTableGenerator.cs | 9 | ||||
| -rw-r--r-- | crypto/src/cms/CMSSignedDataParser.cs | 1 | ||||
| -rw-r--r-- | crypto/src/cms/CMSSignedDataStreamGenerator.cs | 20 | ||||
| -rw-r--r-- | crypto/src/cms/CMSSignedHelper.cs | 54 | ||||
| -rw-r--r-- | crypto/src/cms/DefaultSignedAttributeTableGenerator.cs | 39 | ||||
| -rw-r--r-- | crypto/src/cms/OriginatorId.cs | 4 | ||||
| -rw-r--r-- | crypto/src/cms/OriginatorInformation.cs | 2 | ||||
| -rw-r--r-- | crypto/src/cms/RecipientId.cs | 2 | ||||
| -rw-r--r-- | crypto/src/cms/RecipientInformationStore.cs | 2 | ||||
| -rw-r--r-- | crypto/src/cms/SignerId.cs | 2 | ||||
| -rw-r--r-- | crypto/src/cms/SignerInfoGenerator.cs | 15 | ||||
| -rw-r--r-- | crypto/src/cms/SignerInformationStore.cs | 19 |
12 files changed, 96 insertions, 73 deletions
diff --git a/crypto/src/cms/CMSAttributeTableGenerator.cs b/crypto/src/cms/CMSAttributeTableGenerator.cs index a113bd8d4..36d1bdcff 100644 --- a/crypto/src/cms/CMSAttributeTableGenerator.cs +++ b/crypto/src/cms/CMSAttributeTableGenerator.cs @@ -9,13 +9,8 @@ namespace Org.BouncyCastle.Cms /// </remarks> public enum CmsAttributeTableParameter { -// const string ContentType = "contentType"; -// const string Digest = "digest"; -// const string Signature = "encryptedDigest"; -// const string DigestAlgorithmIdentifier = "digestAlgID"; - - ContentType, Digest, Signature, DigestAlgorithmIdentifier - } + ContentType, Digest, Signature, DigestAlgorithmIdentifier, SignatureAlgorithmIdentifier + } public interface CmsAttributeTableGenerator { diff --git a/crypto/src/cms/CMSSignedDataParser.cs b/crypto/src/cms/CMSSignedDataParser.cs index 83f87718f..8b02770d6 100644 --- a/crypto/src/cms/CMSSignedDataParser.cs +++ b/crypto/src/cms/CMSSignedDataParser.cs @@ -8,7 +8,6 @@ using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.IO; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.IO; using Org.BouncyCastle.X509; diff --git a/crypto/src/cms/CMSSignedDataStreamGenerator.cs b/crypto/src/cms/CMSSignedDataStreamGenerator.cs index 33b661761..48abfbfa2 100644 --- a/crypto/src/cms/CMSSignedDataStreamGenerator.cs +++ b/crypto/src/cms/CMSSignedDataStreamGenerator.cs @@ -102,18 +102,18 @@ namespace Org.BouncyCastle.Cms if (_sAttr != null) { - _sig = Helper.GetSignatureInstance(signatureName); - } - else + _sig = SignerUtilities.InitSigner(signatureName, true, key, outer.m_random); + } + else { // Note: Need to use raw signatures here since we have already calculated the digest if (_encName.Equals("RSA")) { - _sig = Helper.GetSignatureInstance("RSA"); - } - else if (_encName.Equals("DSA")) + _sig = SignerUtilities.InitSigner("RSA", true, key, outer.m_random); + } + else if (_encName.Equals("DSA")) { - _sig = Helper.GetSignatureInstance("NONEwithDSA"); + _sig = SignerUtilities.InitSigner("NONEwithDSA", true, key, outer.m_random); } // TODO Add support for raw PSS // else if (_encName.equals("RSAandMGF1")) @@ -135,10 +135,8 @@ namespace Org.BouncyCastle.Cms { throw new SignatureException("algorithm: " + _encName + " not supported in base signatures."); } - } - - _sig.Init(true, new ParametersWithRandom(key, outer.m_random)); - } + } + } public SignerInfo Generate(DerObjectIdentifier contentType, AlgorithmIdentifier digestAlgorithm, byte[] calculatedDigest) diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs index 9db39549b..37fefe140 100644 --- a/crypto/src/cms/CMSSignedHelper.cs +++ b/crypto/src/cms/CMSSignedHelper.cs @@ -35,7 +35,7 @@ namespace Org.BouncyCastle.Cms private static readonly IDictionary<string, string> m_digestAlgs = new Dictionary<string, string>(); private static readonly IDictionary<string, string[]> m_digestAliases = new Dictionary<string, string[]>(); - private static readonly HashSet<string> noParams = new HashSet<string>(); + private static readonly HashSet<string> m_noParams = new HashSet<string>(); private static readonly IDictionary<string, string> m_ecAlgorithms = new Dictionary<string, string>(); private static void AddEntries(DerObjectIdentifier oid, string digest, string encryption) @@ -130,13 +130,13 @@ namespace Org.BouncyCastle.Cms m_digestAliases.Add("SHA384", new string[]{ "SHA-384" }); m_digestAliases.Add("SHA512", new string[]{ "SHA-512" }); - noParams.Add(CmsSignedGenerator.EncryptionDsa); - //noParams.Add(EncryptionECDsa); - noParams.Add(EncryptionECDsaWithSha1); - noParams.Add(EncryptionECDsaWithSha224); - noParams.Add(EncryptionECDsaWithSha256); - noParams.Add(EncryptionECDsaWithSha384); - noParams.Add(EncryptionECDsaWithSha512); + m_noParams.Add(CmsSignedGenerator.EncryptionDsa); + //m_noParams.Add(EncryptionECDsa); + m_noParams.Add(EncryptionECDsaWithSha1); + m_noParams.Add(EncryptionECDsaWithSha224); + m_noParams.Add(EncryptionECDsaWithSha256); + m_noParams.Add(EncryptionECDsaWithSha384); + m_noParams.Add(EncryptionECDsaWithSha512); m_ecAlgorithms.Add(CmsSignedGenerator.DigestSha1, EncryptionECDsaWithSha1); m_ecAlgorithms.Add(CmsSignedGenerator.DigestSha224, EncryptionECDsaWithSha224); @@ -151,13 +151,13 @@ namespace Org.BouncyCastle.Cms */ internal string GetDigestAlgName(string digestAlgOid) { - return m_digestAlgs.TryGetValue(digestAlgOid, out var algName) ? algName : digestAlgOid; + return CollectionUtilities.GetValueOrKey(m_digestAlgs, digestAlgOid); } - internal AlgorithmIdentifier GetEncAlgorithmIdentifier(DerObjectIdentifier encOid, + internal AlgorithmIdentifier GetEncAlgorithmIdentifier(DerObjectIdentifier encOid, Asn1Encodable sigX509Parameters) { - if (noParams.Contains(encOid.Id)) + if (m_noParams.Contains(encOid.Id)) { return new AlgorithmIdentifier(encOid); } @@ -177,10 +177,10 @@ namespace Org.BouncyCastle.Cms */ internal string GetEncryptionAlgName(string encryptionAlgOid) { - return m_encryptionAlgs.TryGetValue(encryptionAlgOid, out var algName) ? algName : encryptionAlgOid; + return CollectionUtilities.GetValueOrKey(m_encryptionAlgs, encryptionAlgOid); } - internal IDigest GetDigestInstance( + internal IDigest GetDigestInstance( string algorithm) { try @@ -326,10 +326,17 @@ namespace Org.BouncyCastle.Cms { foreach (Asn1Encodable ae in certSet) { - if (ae != null && ae.ToAsn1Object() is Asn1Sequence s) + if (ae == null) + continue; + + if (ae is X509CertificateStructure c) { - contents.Add(new X509Certificate(X509CertificateStructure.GetInstance(s))); - } + contents.Add(new X509Certificate(c)); + } + else if (ae.ToAsn1Object() is Asn1Sequence s) + { + contents.Add(new X509Certificate(X509CertificateStructure.GetInstance(s))); + } } } return CollectionUtilities.CreateStore(contents); @@ -342,10 +349,17 @@ namespace Org.BouncyCastle.Cms { foreach (Asn1Encodable ae in crlSet) { - if (ae != null && ae.ToAsn1Object() is Asn1Sequence s) - { - contents.Add(new X509Crl(CertificateList.GetInstance(s))); - } + if (ae == null) + continue; + + if (ae is CertificateList c) + { + contents.Add(new X509Crl(c)); + } + else if (ae.ToAsn1Object() is Asn1Sequence s) + { + contents.Add(new X509Crl(CertificateList.GetInstance(s))); + } } } return CollectionUtilities.CreateStore(contents); diff --git a/crypto/src/cms/DefaultSignedAttributeTableGenerator.cs b/crypto/src/cms/DefaultSignedAttributeTableGenerator.cs index d8b668c4e..dea4de0a3 100644 --- a/crypto/src/cms/DefaultSignedAttributeTableGenerator.cs +++ b/crypto/src/cms/DefaultSignedAttributeTableGenerator.cs @@ -60,23 +60,22 @@ namespace Org.BouncyCastle.Cms private void DoCreateStandardAttributeTable(IDictionary<CmsAttributeTableParameter, object> parameters, IDictionary<DerObjectIdentifier, object> std) { - // contentType will be absent if we're trying to generate a counter signature. - - if (parameters.ContainsKey(CmsAttributeTableParameter.ContentType)) + if (!std.ContainsKey(CmsAttributes.ContentType)) { - if (!std.ContainsKey(CmsAttributes.ContentType)) + // contentType will be absent if we're trying to generate a counter signature. + if (parameters.TryGetValue(CmsAttributeTableParameter.ContentType, out var contentType)) { - DerObjectIdentifier contentType = (DerObjectIdentifier) - parameters[CmsAttributeTableParameter.ContentType]; - Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute(CmsAttributes.ContentType, - new DerSet(contentType)); + Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute( + CmsAttributes.ContentType, + new DerSet((DerObjectIdentifier)contentType)); std[attr.AttrType] = attr; } } if (!std.ContainsKey(CmsAttributes.SigningTime)) { - Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute(CmsAttributes.SigningTime, + Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute( + CmsAttributes.SigningTime, new DerSet(new Time(DateTime.UtcNow))); std[attr.AttrType] = attr; } @@ -84,17 +83,35 @@ namespace Org.BouncyCastle.Cms if (!std.ContainsKey(CmsAttributes.MessageDigest)) { byte[] messageDigest = (byte[])parameters[CmsAttributeTableParameter.Digest]; - Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute(CmsAttributes.MessageDigest, + + Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute( + CmsAttributes.MessageDigest, new DerSet(new DerOctetString(messageDigest))); std[attr.AttrType] = attr; } + + // TODO CmsAlgorithmProtect support (see bc-fips-csharp) + //if (!std.ContainsKey(CmsAttributes.CmsAlgorithmProtect)) + //{ + // var digestAlgorithmIdentifier = (Asn1.X509.AlgorithmIdentifier) + // parameters[CmsAttributeTableParameter.DigestAlgorithmIdentifier]; + // var signatureAlgorithmIdentifier = (Asn1.X509.AlgorithmIdentifier) + // parameters[CmsAttributeTableParameter.SignatureAlgorithmIdentifier]; + // var cmsAlgorithmProtection = new CmsAlgorithmProtection( + // digestAlgorithmIdentifier, CmsAlgorithmProtection.Signature, signatureAlgorithmIdentifier); + + // Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute( + // CmsAttributes.CmsAlgorithmProtect, + // new DerSet(cmsAlgorithmProtection)); + // std[attr.AttrType] = attr; + //} } /** * @param parameters source parameters * @return the populated attribute table */ - public virtual AttributeTable GetAttributes(IDictionary<CmsAttributeTableParameter, object> parameters) + public virtual AttributeTable GetAttributes(IDictionary<CmsAttributeTableParameter, object> parameters) { var table = CreateStandardAttributeTable(parameters); return new AttributeTable(table); diff --git a/crypto/src/cms/OriginatorId.cs b/crypto/src/cms/OriginatorId.cs index 5a3b7374d..6ae64c503 100644 --- a/crypto/src/cms/OriginatorId.cs +++ b/crypto/src/cms/OriginatorId.cs @@ -1,5 +1,3 @@ -using System; - using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Math; using Org.BouncyCastle.Utilities; @@ -44,7 +42,7 @@ namespace Org.BouncyCastle.Cms return false; return Arrays.AreEqual(SubjectKeyIdentifier, id.SubjectKeyIdentifier) - && Platform.Equals(SerialNumber, id.SerialNumber) + && Objects.Equals(SerialNumber, id.SerialNumber) && IssuersMatch(Issuer, id.Issuer); } } diff --git a/crypto/src/cms/OriginatorInformation.cs b/crypto/src/cms/OriginatorInformation.cs index 7186fafc3..6307cbc1f 100644 --- a/crypto/src/cms/OriginatorInformation.cs +++ b/crypto/src/cms/OriginatorInformation.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Cms { private readonly OriginatorInfo originatorInfo; - internal OriginatorInformation(OriginatorInfo originatorInfo) + public OriginatorInformation(OriginatorInfo originatorInfo) { this.originatorInfo = originatorInfo; } diff --git a/crypto/src/cms/RecipientId.cs b/crypto/src/cms/RecipientId.cs index 9b6eb093b..815f3ff90 100644 --- a/crypto/src/cms/RecipientId.cs +++ b/crypto/src/cms/RecipientId.cs @@ -51,7 +51,7 @@ namespace Org.BouncyCastle.Cms return Arrays.AreEqual(keyIdentifier, id.keyIdentifier) && Arrays.AreEqual(SubjectKeyIdentifier, id.SubjectKeyIdentifier) - && Platform.Equals(SerialNumber, id.SerialNumber) + && Objects.Equals(SerialNumber, id.SerialNumber) && IssuersMatch(Issuer, id.Issuer); } } diff --git a/crypto/src/cms/RecipientInformationStore.cs b/crypto/src/cms/RecipientInformationStore.cs index 06d093805..281b51c79 100644 --- a/crypto/src/cms/RecipientInformationStore.cs +++ b/crypto/src/cms/RecipientInformationStore.cs @@ -25,7 +25,7 @@ namespace Org.BouncyCastle.Cms list.Add(recipientInformation); } - this.m_all = new List<RecipientInformation>(recipientInfos); + m_all = new List<RecipientInformation>(recipientInfos); } public RecipientInformation this[RecipientID selector] diff --git a/crypto/src/cms/SignerId.cs b/crypto/src/cms/SignerId.cs index baac9369b..8023ca280 100644 --- a/crypto/src/cms/SignerId.cs +++ b/crypto/src/cms/SignerId.cs @@ -44,7 +44,7 @@ namespace Org.BouncyCastle.Cms return false; return Arrays.AreEqual(SubjectKeyIdentifier, id.SubjectKeyIdentifier) - && Platform.Equals(SerialNumber, id.SerialNumber) + && Objects.Equals(SerialNumber, id.SerialNumber) && IssuersMatch(Issuer, id.Issuer); } } diff --git a/crypto/src/cms/SignerInfoGenerator.cs b/crypto/src/cms/SignerInfoGenerator.cs index 786749cb5..2fa185885 100644 --- a/crypto/src/cms/SignerInfoGenerator.cs +++ b/crypto/src/cms/SignerInfoGenerator.cs @@ -1,5 +1,3 @@ -using System; - using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.X509; @@ -23,7 +21,8 @@ namespace Org.BouncyCastle.Cms internal CmsAttributeTableGenerator unsignedGen; private bool isDirectSignature; - internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureFactory signerFactory): this(sigId, signerFactory, false) + internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureFactory signerFactory) + : this(sigId, signerFactory, false) { } @@ -45,7 +44,8 @@ namespace Org.BouncyCastle.Cms } } - internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureFactory contentSigner, CmsAttributeTableGenerator signedGen, CmsAttributeTableGenerator unsignedGen) + internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureFactory contentSigner, + CmsAttributeTableGenerator signedGen, CmsAttributeTableGenerator unsignedGen) { this.sigId = sigId; this.contentSigner = contentSigner; @@ -54,7 +54,7 @@ namespace Org.BouncyCastle.Cms this.isDirectSignature = false; } - internal void setAssociatedCertificate(X509Certificate certificate) + internal void SetAssociatedCertificate(X509Certificate certificate) { this.certificate = certificate; } @@ -130,11 +130,12 @@ namespace Org.BouncyCastle.Cms */ public SignerInfoGenerator Build(ISignatureFactory contentSigner, X509Certificate certificate) { - SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certificate.IssuerDN, new DerInteger(certificate.SerialNumber))); + SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certificate.IssuerDN, + new DerInteger(certificate.SerialNumber))); SignerInfoGenerator sigInfoGen = CreateGenerator(contentSigner, sigId); - sigInfoGen.setAssociatedCertificate(certificate); + sigInfoGen.SetAssociatedCertificate(certificate); return sigInfoGen; } diff --git a/crypto/src/cms/SignerInformationStore.cs b/crypto/src/cms/SignerInformationStore.cs index 7fa3ef678..bc21f9d39 100644 --- a/crypto/src/cms/SignerInformationStore.cs +++ b/crypto/src/cms/SignerInformationStore.cs @@ -5,7 +5,7 @@ namespace Org.BouncyCastle.Cms { public class SignerInformationStore { - private readonly IList<SignerInformation> all; + private readonly IList<SignerInformation> m_all; private readonly IDictionary<SignerID, IList<SignerInformation>> m_table = new Dictionary<SignerID, IList<SignerInformation>>(); @@ -16,12 +16,12 @@ namespace Org.BouncyCastle.Cms */ public SignerInformationStore(SignerInformation signerInfo) { - this.all = new List<SignerInformation>(1); - this.all.Add(signerInfo); + m_all = new List<SignerInformation>(1); + m_all.Add(signerInfo); SignerID sid = signerInfo.SignerID; - m_table[sid] = all; + m_table[sid] = m_all; } /** @@ -31,19 +31,20 @@ namespace Org.BouncyCastle.Cms */ public SignerInformationStore(IEnumerable<SignerInformation> signerInfos) { + m_all = new List<SignerInformation>(signerInfos); + foreach (SignerInformation signer in signerInfos) { SignerID sid = signer.SignerID; if (!m_table.TryGetValue(sid, out var list)) { - m_table[sid] = list = new List<SignerInformation>(1); + list = new List<SignerInformation>(1); + m_table[sid] = list; } list.Add(signer); } - - this.all = new List<SignerInformation>(signerInfos); } /** @@ -64,13 +65,13 @@ namespace Org.BouncyCastle.Cms /// <summary>The number of signers in the collection.</summary> public int Count { - get { return all.Count; } + get { return m_all.Count; } } /// <returns>An ICollection of all signers in the collection</returns> public IList<SignerInformation> GetSigners() { - return new List<SignerInformation>(all); + return new List<SignerInformation>(m_all); } /** |