From 27c1d7797c79cd799ba04132e0d4b571de509e24 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sat, 20 Jan 2024 17:55:07 +0700 Subject: Overhaul algorithm registries --- crypto/src/asn1/smime/SMIMECapabilities.cs | 8 +- crypto/src/asn1/smime/SMIMECapability.cs | 3 +- .../src/crypto/util/AlgorithmIdentifierFactory.cs | 4 +- crypto/src/security/AgreementUtilities.cs | 193 +++++++++--- crypto/src/security/CipherUtilities.cs | 333 ++++++++++++-------- crypto/src/security/DigestUtilities.cs | 343 ++++++++++++--------- crypto/src/security/GeneratorUtilities.cs | 16 +- crypto/src/security/MacUtilities.cs | 212 ++++++++----- crypto/src/security/ParameterUtilities.cs | 13 +- crypto/src/security/SignerUtilities.cs | 264 ++++++++++------ crypto/test/src/cms/test/EnvelopedDataTest.cs | 8 +- 11 files changed, 884 insertions(+), 513 deletions(-) (limited to 'crypto') diff --git a/crypto/src/asn1/smime/SMIMECapabilities.cs b/crypto/src/asn1/smime/SMIMECapabilities.cs index 0142f0797..47710d9cb 100644 --- a/crypto/src/asn1/smime/SMIMECapabilities.cs +++ b/crypto/src/asn1/smime/SMIMECapabilities.cs @@ -1,7 +1,9 @@ using System; using System.Collections.Generic; +using Org.BouncyCastle.Asn1.Misc; using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; @@ -28,9 +30,9 @@ namespace Org.BouncyCastle.Asn1.Smime public static readonly DerObjectIdentifier Aes256Cbc = NistObjectIdentifiers.IdAes256Cbc; public static readonly DerObjectIdentifier Aes192Cbc = NistObjectIdentifiers.IdAes192Cbc; public static readonly DerObjectIdentifier Aes128Cbc = NistObjectIdentifiers.IdAes128Cbc; - public static readonly DerObjectIdentifier IdeaCbc = new DerObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2"); - public static readonly DerObjectIdentifier Cast5Cbc = new DerObjectIdentifier("1.2.840.113533.7.66.10"); - public static readonly DerObjectIdentifier DesCbc = new DerObjectIdentifier("1.3.14.3.2.7"); + public static readonly DerObjectIdentifier IdeaCbc = MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC; + public static readonly DerObjectIdentifier Cast5Cbc = MiscObjectIdentifiers.cast5CBC; + public static readonly DerObjectIdentifier DesCbc = OiwObjectIdentifiers.DesCbc; public static readonly DerObjectIdentifier DesEde3Cbc = PkcsObjectIdentifiers.DesEde3Cbc; public static readonly DerObjectIdentifier RC2Cbc = PkcsObjectIdentifiers.RC2Cbc; diff --git a/crypto/src/asn1/smime/SMIMECapability.cs b/crypto/src/asn1/smime/SMIMECapability.cs index 9b30c6dba..7b9255a46 100644 --- a/crypto/src/asn1/smime/SMIMECapability.cs +++ b/crypto/src/asn1/smime/SMIMECapability.cs @@ -1,6 +1,7 @@ using System; using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; namespace Org.BouncyCastle.Asn1.Smime @@ -18,7 +19,7 @@ namespace Org.BouncyCastle.Asn1.Smime /** * encryption algorithms preferences */ - public static readonly DerObjectIdentifier DesCbc = new DerObjectIdentifier("1.3.14.3.2.7"); + public static readonly DerObjectIdentifier DesCbc = OiwObjectIdentifiers.DesCbc; public static readonly DerObjectIdentifier DesEde3Cbc = PkcsObjectIdentifiers.DesEde3Cbc; public static readonly DerObjectIdentifier RC2Cbc = PkcsObjectIdentifiers.RC2Cbc; diff --git a/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs b/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs index ad4d31ede..686502ebe 100644 --- a/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs +++ b/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs @@ -14,8 +14,8 @@ namespace Org.BouncyCastle.Crypto.Utilities { public class AlgorithmIdentifierFactory { - public static readonly DerObjectIdentifier IDEA_CBC = new DerObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2"); - public static readonly DerObjectIdentifier CAST5_CBC = new DerObjectIdentifier("1.2.840.113533.7.66.10"); + public static readonly DerObjectIdentifier IDEA_CBC = MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC; + public static readonly DerObjectIdentifier CAST5_CBC = MiscObjectIdentifiers.cast5CBC; private static readonly short[] rc2Table = { 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, diff --git a/crypto/src/security/AgreementUtilities.cs b/crypto/src/security/AgreementUtilities.cs index 041aeeed2..41dcb7435 100644 --- a/crypto/src/security/AgreementUtilities.cs +++ b/crypto/src/security/AgreementUtilities.cs @@ -12,35 +12,86 @@ using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.Security { - /// - /// Utility class for creating IBasicAgreement objects from their names/Oids - /// - public static class AgreementUtilities + /// + /// Utility class for creating IBasicAgreement objects from their names/Oids + /// + public static class AgreementUtilities { - private static readonly IDictionary Algorithms = - new Dictionary(StringComparer.OrdinalIgnoreCase); + private static readonly Dictionary AlgorithmOidMap = + new Dictionary(); static AgreementUtilities() { - Algorithms[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id] = "ECCDHWITHSHA1KDF"; - Algorithms[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme.Id] = "ECDHWITHSHA1KDF"; - Algorithms[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Id] = "ECMQVWITHSHA1KDF"; + AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF"; + AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme] = "ECDHWITHSHA1KDF"; + AlgorithmOidMap[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme] = "ECMQVWITHSHA1KDF"; + + AlgorithmOidMap[EdECObjectIdentifiers.id_X25519] = "X25519"; + AlgorithmOidMap[EdECObjectIdentifiers.id_X448] = "X448"; + +#if DEBUG + //foreach (var key in AlgorithmMap.Keys) + //{ + // if (DerObjectIdentifier.TryFromID(key, out var ignore)) + // throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key); + //} + + //var mechanisms = new HashSet(AlgorithmMap.Values); + var mechanisms = new HashSet(); + mechanisms.UnionWith(AlgorithmOidMap.Values); + + foreach (var mechanism in mechanisms) + { + //if (AlgorithmMap.TryGetValue(mechanism, out var check)) + //{ + // if (mechanism != check) + // throw new Exception("Mechanism mapping MUST be to self: " + mechanism); + //} + //else + { + if (!mechanism.Equals(mechanism.ToUpperInvariant())) + throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism); + } + } +#endif + } - Algorithms[EdECObjectIdentifiers.id_X25519.Id] = "X25519"; - Algorithms[EdECObjectIdentifiers.id_X448.Id] = "X448"; + public static string GetAlgorithmName(DerObjectIdentifier oid) + { + return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid); } - public static IBasicAgreement GetBasicAgreement( - DerObjectIdentifier oid) + public static IBasicAgreement GetBasicAgreement(DerObjectIdentifier oid) { - return GetBasicAgreement(oid.Id); - } + if (oid == null) + throw new ArgumentNullException(nameof(oid)); - public static IBasicAgreement GetBasicAgreement( - string algorithm) + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism)) + { + var basicAgreement = GetBasicAgreementForMechanism(mechanism); + if (basicAgreement != null) + return basicAgreement; + } + + throw new SecurityUtilityException("Basic Agreement OID not recognised."); + } + + public static IBasicAgreement GetBasicAgreement(string algorithm) { - string mechanism = GetMechanism(algorithm); + if (algorithm == null) + throw new ArgumentNullException(nameof(algorithm)); + + string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant(); + var basicAgreement = GetBasicAgreementForMechanism(mechanism); + if (basicAgreement != null) + return basicAgreement; + + throw new SecurityUtilityException("Basic Agreement " + algorithm + " not recognised."); + } + + private static IBasicAgreement GetBasicAgreementForMechanism(string mechanism) + { if (mechanism == "DH" || mechanism == "DIFFIEHELLMAN") return new DHBasicAgreement(); @@ -48,71 +99,121 @@ namespace Org.BouncyCastle.Security return new ECDHBasicAgreement(); if (mechanism == "ECDHC" || mechanism == "ECCDH") - return new ECDHCBasicAgreement(); + return new ECDHCBasicAgreement(); if (mechanism == "ECMQV") return new ECMqvBasicAgreement(); - throw new SecurityUtilityException("Basic Agreement " + algorithm + " not recognised."); + return null; } public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier agreeAlgOid, DerObjectIdentifier wrapAlgOid) { - return GetBasicAgreementWithKdf(agreeAlgOid.Id, wrapAlgOid.Id); + return GetBasicAgreementWithKdf(agreeAlgOid, wrapAlgOid?.Id); } + // TODO[api] Change parameter name to 'agreeAlgOid' public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier oid, string wrapAlgorithm) { - return GetBasicAgreementWithKdf(oid.Id, wrapAlgorithm); - } + if (oid == null) + throw new ArgumentNullException(nameof(oid)); + if (wrapAlgorithm == null) + throw new ArgumentNullException(nameof(wrapAlgorithm)); + + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism)) + { + var basicAgreement = GetBasicAgreementWithKdfForMechanism(mechanism, wrapAlgorithm); + if (basicAgreement != null) + return basicAgreement; + } + + throw new SecurityUtilityException("Basic Agreement (with KDF) OID not recognised."); + } - public static IBasicAgreement GetBasicAgreementWithKdf(string agreeAlgorithm, string wrapAlgorithm) + public static IBasicAgreement GetBasicAgreementWithKdf(string agreeAlgorithm, string wrapAlgorithm) { - string mechanism = GetMechanism(agreeAlgorithm); + if (agreeAlgorithm == null) + throw new ArgumentNullException(nameof(agreeAlgorithm)); + if (wrapAlgorithm == null) + throw new ArgumentNullException(nameof(wrapAlgorithm)); + + string mechanism = GetMechanism(agreeAlgorithm) ?? agreeAlgorithm.ToUpperInvariant(); + + var basicAgreement = GetBasicAgreementWithKdfForMechanism(mechanism, wrapAlgorithm); + if (basicAgreement != null) + return basicAgreement; + + throw new SecurityUtilityException("Basic Agreement (with KDF) " + agreeAlgorithm + " not recognised."); + } + private static IBasicAgreement GetBasicAgreementWithKdfForMechanism(string mechanism, string wrapAlgorithm) + { // 'DHWITHSHA1KDF' retained for backward compatibility - if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF") - return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); + if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF") + return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); - if (mechanism == "ECCDHWITHSHA1KDF") - return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); + if (mechanism == "ECCDHWITHSHA1KDF") + return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); - if (mechanism == "ECMQVWITHSHA1KDF") - return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); + if (mechanism == "ECMQVWITHSHA1KDF") + return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); - throw new SecurityUtilityException("Basic Agreement (with KDF) " + agreeAlgorithm + " not recognised."); - } + return null; + } - public static IRawAgreement GetRawAgreement( - DerObjectIdentifier oid) + public static IRawAgreement GetRawAgreement(DerObjectIdentifier oid) { - return GetRawAgreement(oid.Id); + if (oid == null) + throw new ArgumentNullException(nameof(oid)); + + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism)) + { + var rawAgreement = GetRawAgreementForMechanism(mechanism); + if (rawAgreement != null) + return rawAgreement; + } + + throw new SecurityUtilityException("Raw Agreement OID not recognised."); } public static IRawAgreement GetRawAgreement(string algorithm) { - string mechanism = GetMechanism(algorithm); + if (algorithm == null) + throw new ArgumentNullException(nameof(algorithm)); + + string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant(); + + var rawAgreement = GetRawAgreementForMechanism(mechanism); + if (rawAgreement != null) + return rawAgreement; + + throw new SecurityUtilityException("Raw Agreement " + algorithm + " not recognised."); + } + private static IRawAgreement GetRawAgreementForMechanism(string mechanism) + { if (mechanism == "X25519") return new X25519Agreement(); if (mechanism == "X448") return new X448Agreement(); - throw new SecurityUtilityException("Raw Agreement " + algorithm + " not recognised."); + return null; } - public static string GetAlgorithmName(DerObjectIdentifier oid) - { - return CollectionUtilities.GetValueOrNull(Algorithms, oid.Id); - } - - private static string GetMechanism(string algorithm) + private static string GetMechanism(string algorithm) { - var mechanism = CollectionUtilities.GetValueOrKey(Algorithms, algorithm); + //if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1)) + // return mechanism1; + + if (DerObjectIdentifier.TryFromID(algorithm, out var oid)) + { + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2)) + return mechanism2; + } - return mechanism.ToUpperInvariant(); + return null; } } } diff --git a/crypto/src/security/CipherUtilities.cs b/crypto/src/security/CipherUtilities.cs index 11bf45680..715bd81fe 100644 --- a/crypto/src/security/CipherUtilities.cs +++ b/crypto/src/security/CipherUtilities.cs @@ -4,6 +4,7 @@ using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.Kisa; +using Org.BouncyCastle.Asn1.Misc; using Org.BouncyCastle.Asn1.Nist; using Org.BouncyCastle.Asn1.Nsri; using Org.BouncyCastle.Asn1.Ntt; @@ -112,8 +113,10 @@ namespace Org.BouncyCastle.Security ZEROBYTEPADDING, }; - private static readonly Dictionary Algorithms = + private static readonly Dictionary AlgorithmMap = new Dictionary(StringComparer.OrdinalIgnoreCase); + private static readonly Dictionary AlgorithmOidMap = + new Dictionary(); static CipherUtilities() { @@ -124,148 +127,192 @@ namespace Org.BouncyCastle.Security // TODO Flesh out the list of aliases - Algorithms[NistObjectIdentifiers.IdAes128Cbc.Id] = "AES/CBC/PKCS7PADDING"; - Algorithms[NistObjectIdentifiers.IdAes192Cbc.Id] = "AES/CBC/PKCS7PADDING"; - Algorithms[NistObjectIdentifiers.IdAes256Cbc.Id] = "AES/CBC/PKCS7PADDING"; - - Algorithms[NistObjectIdentifiers.IdAes128Ccm.Id] = "AES/CCM/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes192Ccm.Id] = "AES/CCM/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes256Ccm.Id] = "AES/CCM/NOPADDING"; - - Algorithms[NistObjectIdentifiers.IdAes128Cfb.Id] = "AES/CFB/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes192Cfb.Id] = "AES/CFB/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes256Cfb.Id] = "AES/CFB/NOPADDING"; - - Algorithms[NistObjectIdentifiers.IdAes128Ecb.Id] = "AES/ECB/PKCS7PADDING"; - Algorithms[NistObjectIdentifiers.IdAes192Ecb.Id] = "AES/ECB/PKCS7PADDING"; - Algorithms[NistObjectIdentifiers.IdAes256Ecb.Id] = "AES/ECB/PKCS7PADDING"; - Algorithms["AES//PKCS7"] = "AES/ECB/PKCS7PADDING"; - Algorithms["AES//PKCS7PADDING"] = "AES/ECB/PKCS7PADDING"; - Algorithms["AES//PKCS5"] = "AES/ECB/PKCS7PADDING"; - Algorithms["AES//PKCS5PADDING"] = "AES/ECB/PKCS7PADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes128Cbc] = "AES/CBC/PKCS7PADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes192Cbc] = "AES/CBC/PKCS7PADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes256Cbc] = "AES/CBC/PKCS7PADDING"; + + AlgorithmOidMap[NistObjectIdentifiers.IdAes128Ccm] = "AES/CCM/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes192Ccm] = "AES/CCM/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes256Ccm] = "AES/CCM/NOPADDING"; + + AlgorithmOidMap[NistObjectIdentifiers.IdAes128Cfb] = "AES/CFB/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes192Cfb] = "AES/CFB/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes256Cfb] = "AES/CFB/NOPADDING"; + + AlgorithmOidMap[NistObjectIdentifiers.IdAes128Ecb] = "AES/ECB/PKCS7PADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes192Ecb] = "AES/ECB/PKCS7PADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes256Ecb] = "AES/ECB/PKCS7PADDING"; + AlgorithmMap["AES//PKCS7"] = "AES/ECB/PKCS7PADDING"; + AlgorithmMap["AES//PKCS7PADDING"] = "AES/ECB/PKCS7PADDING"; + AlgorithmMap["AES//PKCS5"] = "AES/ECB/PKCS7PADDING"; + AlgorithmMap["AES//PKCS5PADDING"] = "AES/ECB/PKCS7PADDING"; - Algorithms[NistObjectIdentifiers.IdAes128Gcm.Id] = "AES/GCM/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes192Gcm.Id] = "AES/GCM/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes256Gcm.Id] = "AES/GCM/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes128Gcm] = "AES/GCM/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes192Gcm] = "AES/GCM/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes256Gcm] = "AES/GCM/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes128Ofb.Id] = "AES/OFB/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes192Ofb.Id] = "AES/OFB/NOPADDING"; - Algorithms[NistObjectIdentifiers.IdAes256Ofb.Id] = "AES/OFB/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes128Ofb] = "AES/OFB/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes192Ofb] = "AES/OFB/NOPADDING"; + AlgorithmOidMap[NistObjectIdentifiers.IdAes256Ofb] = "AES/OFB/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria128_cbc.Id] = "ARIA/CBC/PKCS7PADDING"; - Algorithms[NsriObjectIdentifiers.id_aria192_cbc.Id] = "ARIA/CBC/PKCS7PADDING"; - Algorithms[NsriObjectIdentifiers.id_aria256_cbc.Id] = "ARIA/CBC/PKCS7PADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_cbc] = "ARIA/CBC/PKCS7PADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_cbc] = "ARIA/CBC/PKCS7PADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_cbc] = "ARIA/CBC/PKCS7PADDING"; - Algorithms[NsriObjectIdentifiers.id_aria128_ccm.Id] = "ARIA/CCM/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria192_ccm.Id] = "ARIA/CCM/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria256_ccm.Id] = "ARIA/CCM/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ccm] = "ARIA/CCM/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ccm] = "ARIA/CCM/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ccm] = "ARIA/CCM/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria128_cfb.Id] = "ARIA/CFB/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria192_cfb.Id] = "ARIA/CFB/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria256_cfb.Id] = "ARIA/CFB/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_cfb] = "ARIA/CFB/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_cfb] = "ARIA/CFB/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_cfb] = "ARIA/CFB/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria128_ctr.Id] = "ARIA/CTR/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria192_ctr.Id] = "ARIA/CTR/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria256_ctr.Id] = "ARIA/CTR/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ctr] = "ARIA/CTR/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ctr] = "ARIA/CTR/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ctr] = "ARIA/CTR/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria128_ecb.Id] = "ARIA/ECB/PKCS7PADDING"; - Algorithms[NsriObjectIdentifiers.id_aria192_ecb.Id] = "ARIA/ECB/PKCS7PADDING"; - Algorithms[NsriObjectIdentifiers.id_aria256_ecb.Id] = "ARIA/ECB/PKCS7PADDING"; - Algorithms["ARIA//PKCS7"] = "ARIA/ECB/PKCS7PADDING"; - Algorithms["ARIA//PKCS7PADDING"] = "ARIA/ECB/PKCS7PADDING"; - Algorithms["ARIA//PKCS5"] = "ARIA/ECB/PKCS7PADDING"; - Algorithms["ARIA//PKCS5PADDING"] = "ARIA/ECB/PKCS7PADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ecb] = "ARIA/ECB/PKCS7PADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ecb] = "ARIA/ECB/PKCS7PADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ecb] = "ARIA/ECB/PKCS7PADDING"; + AlgorithmMap["ARIA//PKCS7"] = "ARIA/ECB/PKCS7PADDING"; + AlgorithmMap["ARIA//PKCS7PADDING"] = "ARIA/ECB/PKCS7PADDING"; + AlgorithmMap["ARIA//PKCS5"] = "ARIA/ECB/PKCS7PADDING"; + AlgorithmMap["ARIA//PKCS5PADDING"] = "ARIA/ECB/PKCS7PADDING"; - Algorithms[NsriObjectIdentifiers.id_aria128_gcm.Id] = "ARIA/GCM/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria192_gcm.Id] = "ARIA/GCM/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria256_gcm.Id] = "ARIA/GCM/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_gcm] = "ARIA/GCM/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_gcm] = "ARIA/GCM/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_gcm] = "ARIA/GCM/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria128_ofb.Id] = "ARIA/OFB/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria192_ofb.Id] = "ARIA/OFB/NOPADDING"; - Algorithms[NsriObjectIdentifiers.id_aria256_ofb.Id] = "ARIA/OFB/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria128_ofb] = "ARIA/OFB/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria192_ofb] = "ARIA/OFB/NOPADDING"; + AlgorithmOidMap[NsriObjectIdentifiers.id_aria256_ofb] = "ARIA/OFB/NOPADDING"; - Algorithms["RSA/ECB/PKCS1"] = "RSA//PKCS1PADDING"; - Algorithms["RSA/ECB/PKCS1PADDING"] = "RSA//PKCS1PADDING"; - Algorithms[PkcsObjectIdentifiers.RsaEncryption.Id] = "RSA//PKCS1PADDING"; - Algorithms[PkcsObjectIdentifiers.IdRsaesOaep.Id] = "RSA//OAEPPADDING"; + AlgorithmMap["RSA/ECB/PKCS1"] = "RSA//PKCS1PADDING"; + AlgorithmMap["RSA/ECB/PKCS1PADDING"] = "RSA//PKCS1PADDING"; + AlgorithmOidMap[PkcsObjectIdentifiers.RsaEncryption] = "RSA//PKCS1PADDING"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdRsaesOaep] = "RSA//OAEPPADDING"; - Algorithms[OiwObjectIdentifiers.DesCbc.Id] = "DES/CBC"; - Algorithms[OiwObjectIdentifiers.DesCfb.Id] = "DES/CFB"; - Algorithms[OiwObjectIdentifiers.DesEcb.Id] = "DES/ECB"; - Algorithms[OiwObjectIdentifiers.DesOfb.Id] = "DES/OFB"; - Algorithms[OiwObjectIdentifiers.DesEde.Id] = "DESEDE"; - Algorithms["TDEA"] = "DESEDE"; - Algorithms[PkcsObjectIdentifiers.DesEde3Cbc.Id] = "DESEDE/CBC"; - Algorithms[PkcsObjectIdentifiers.RC2Cbc.Id] = "RC2/CBC"; - Algorithms["1.3.6.1.4.1.188.7.1.1.2"] = "IDEA/CBC"; - Algorithms["1.2.840.113533.7.66.10"] = "CAST5/CBC"; + AlgorithmOidMap[OiwObjectIdentifiers.DesCbc] = "DES/CBC"; + AlgorithmOidMap[OiwObjectIdentifiers.DesCfb] = "DES/CFB"; + AlgorithmOidMap[OiwObjectIdentifiers.DesEcb] = "DES/ECB"; + AlgorithmOidMap[OiwObjectIdentifiers.DesOfb] = "DES/OFB"; + AlgorithmOidMap[OiwObjectIdentifiers.DesEde] = "DESEDE"; + AlgorithmMap["TDEA"] = "DESEDE"; + AlgorithmOidMap[PkcsObjectIdentifiers.DesEde3Cbc] = "DESEDE/CBC"; + AlgorithmOidMap[PkcsObjectIdentifiers.RC2Cbc] = "RC2/CBC"; + AlgorithmOidMap[MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC] = "IDEA/CBC"; + AlgorithmOidMap[MiscObjectIdentifiers.cast5CBC] = "CAST5/CBC"; - Algorithms["RC4"] = "ARC4"; - Algorithms["ARCFOUR"] = "ARC4"; - Algorithms["1.2.840.113549.3.4"] = "ARC4"; + AlgorithmMap["RC4"] = "ARC4"; + AlgorithmMap["ARCFOUR"] = "ARC4"; + AlgorithmOidMap[PkcsObjectIdentifiers.rc4] = "ARC4"; - Algorithms["PBEWITHSHA1AND128BITRC4"] = "PBEWITHSHAAND128BITRC4"; - Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC4.Id] = "PBEWITHSHAAND128BITRC4"; - Algorithms["PBEWITHSHA1AND40BITRC4"] = "PBEWITHSHAAND40BITRC4"; - Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd40BitRC4.Id] = "PBEWITHSHAAND40BITRC4"; + AlgorithmMap["PBEWITHSHA1AND128BITRC4"] = "PBEWITHSHAAND128BITRC4"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC4] = "PBEWITHSHAAND128BITRC4"; + AlgorithmMap["PBEWITHSHA1AND40BITRC4"] = "PBEWITHSHAAND40BITRC4"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd40BitRC4] = "PBEWITHSHAAND40BITRC4"; - Algorithms["PBEWITHSHA1ANDDES"] = "PBEWITHSHA1ANDDES-CBC"; - Algorithms[PkcsObjectIdentifiers.PbeWithSha1AndDesCbc.Id] = "PBEWITHSHA1ANDDES-CBC"; - Algorithms["PBEWITHSHA1ANDRC2"] = "PBEWITHSHA1ANDRC2-CBC"; - Algorithms[PkcsObjectIdentifiers.PbeWithSha1AndRC2Cbc.Id] = "PBEWITHSHA1ANDRC2-CBC"; + AlgorithmMap["PBEWITHSHA1ANDDES"] = "PBEWITHSHA1ANDDES-CBC"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithSha1AndDesCbc] = "PBEWITHSHA1ANDDES-CBC"; + AlgorithmMap["PBEWITHSHA1ANDRC2"] = "PBEWITHSHA1ANDRC2-CBC"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithSha1AndRC2Cbc] = "PBEWITHSHA1ANDRC2-CBC"; - Algorithms["PBEWITHSHA1AND3-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; - Algorithms["PBEWITHSHAAND3KEYTRIPLEDES"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; - Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc.Id] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; - Algorithms["PBEWITHSHA1ANDDESEDE"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; + AlgorithmMap["PBEWITHSHA1AND3-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; + AlgorithmMap["PBEWITHSHAAND3KEYTRIPLEDES"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; + AlgorithmMap["PBEWITHSHA1ANDDESEDE"] = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"; - Algorithms["PBEWITHSHA1AND2-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"; - Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd2KeyTripleDesCbc.Id] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"; + AlgorithmMap["PBEWITHSHA1AND2-KEYTRIPLEDES-CBC"] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd2KeyTripleDesCbc] = "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"; - Algorithms["PBEWITHSHA1AND128BITRC2-CBC"] = "PBEWITHSHAAND128BITRC2-CBC"; - Algorithms[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC2Cbc.Id] = "PBEWITHSHAAND128BITRC2-CBC"; + AlgorithmMap["PBEWITHSHA1AND128BITRC2-CBC"] = "PBEWITHSHAAND128BITRC2-CBC"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC2Cbc] = "PBEWITHSHAAND128BITRC2-CBC"; - Algorithms["PBEWITHSHA1AND40BITRC2-CBC"] = "PBEWITHSHAAND40BITRC2-CBC"; - Algorithms[PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc.Id] = "PBEWITHSHAAND40BITRC2-CBC"; + AlgorithmMap["PBEWITHSHA1AND40BITRC2-CBC"] = "PBEWITHSHAAND40BITRC2-CBC"; + AlgorithmOidMap[PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc] = "PBEWITHSHAAND40BITRC2-CBC"; - Algorithms["PBEWITHSHA1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC"; - Algorithms["PBEWITHSHA-1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA-1AND128BITAES-CBC-BC"] = "PBEWITHSHAAND128BITAES-CBC-BC"; + + AlgorithmMap["PBEWITHSHA1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA-1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC"; - Algorithms["PBEWITHSHA1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC"; - Algorithms["PBEWITHSHA-1AND192BITAES-CBC-BC"] = "PBEWITHSHAAND192BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA-1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC"; - Algorithms["PBEWITHSHA1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC"; - Algorithms["PBEWITHSHA-1AND256BITAES-CBC-BC"] = "PBEWITHSHAAND256BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA-256AND128BITAES-CBC-BC"] = "PBEWITHSHA256AND128BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA-256AND192BITAES-CBC-BC"] = "PBEWITHSHA256AND192BITAES-CBC-BC"; + AlgorithmMap["PBEWITHSHA-256AND256BITAES-CBC-BC"] = "PBEWITHSHA256AND256BITAES-CBC-BC"; - Algorithms["PBEWITHSHA-256AND128BITAES-CBC-BC"] = "PBEWITHSHA256AND128BITAES-CBC-BC"; - Algorithms["PBEWITHSHA-256AND192BITAES-CBC-BC"] = "PBEWITHSHA256AND192BITAES-CBC-BC"; - Algorithms["PBEWITHSHA-256AND256BITAES-CBC-BC"] = "PBEWITHSHA256AND256BITAES-CBC-BC"; + AlgorithmMap["GOST"] = "GOST28147"; + AlgorithmMap["GOST-28147"] = "GOST28147"; + AlgorithmOidMap[CryptoProObjectIdentifiers.GostR28147Gcfb] = "GOST28147/CBC/PKCS7PADDING"; - Algorithms["GOST"] = "GOST28147"; - Algorithms["GOST-28147"] = "GOST28147"; - Algorithms[CryptoProObjectIdentifiers.GostR28147Gcfb.Id] = "GOST28147/CBC/PKCS7PADDING"; + AlgorithmMap["RC5-32"] = "RC5"; - Algorithms["RC5-32"] = "RC5"; + AlgorithmOidMap[NttObjectIdentifiers.IdCamellia128Cbc] = "CAMELLIA/CBC/PKCS7PADDING"; + AlgorithmOidMap[NttObjectIdentifiers.IdCamellia192Cbc] = "CAMELLIA/CBC/PKCS7PADDING"; + AlgorithmOidMap[NttObjectIdentifiers.IdCamellia256Cbc] = "CAMELLIA/CBC/PKCS7PADDING"; - Algorithms[NttObjectIdentifiers.IdCamellia128Cbc.Id] = "CAMELLIA/CBC/PKCS7PADDING"; - Algorithms[NttObjectIdentifiers.IdCamellia192Cbc.Id] = "CAMELLIA/CBC/PKCS7PADDING"; - Algorithms[NttObjectIdentifiers.IdCamellia256Cbc.Id] = "CAMELLIA/CBC/PKCS7PADDING"; + AlgorithmOidMap[KisaObjectIdentifiers.IdSeedCbc] = "SEED/CBC/PKCS7PADDING"; - Algorithms[KisaObjectIdentifiers.IdSeedCbc.Id] = "SEED/CBC/PKCS7PADDING"; + /* + * TODO[api] Incorrect version of cryptlib_algorithm_blowfish_CBC + * Remove at major version update and delete bad test data "pbes2.bf-cbc.key" + */ + AlgorithmOidMap[new DerObjectIdentifier("1.3.6.1.4.1.3029.1.2")] = "BLOWFISH/CBC"; + AlgorithmOidMap[MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC] = "BLOWFISH/CBC"; - Algorithms["1.3.6.1.4.1.3029.1.2"] = "BLOWFISH/CBC"; + AlgorithmMap["CHACHA20"] = "CHACHA7539"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdAlgAeadChaCha20Poly1305] = "CHACHA20-POLY1305"; - Algorithms["CHACHA20"] = "CHACHA7539"; - Algorithms[PkcsObjectIdentifiers.IdAlgAeadChaCha20Poly1305.Id] = "CHACHA20-POLY1305"; +#if DEBUG + foreach (var key in AlgorithmMap.Keys) + { + if (DerObjectIdentifier.TryFromID(key, out var ignore)) + throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key); + } + + var mechanisms = new HashSet(AlgorithmMap.Values); + mechanisms.UnionWith(AlgorithmOidMap.Values); + + foreach (var mechanism in mechanisms) + { + if (AlgorithmMap.TryGetValue(mechanism, out var check)) + { + if (mechanism != check) + throw new Exception("Mechanism mapping MUST be to self: " + mechanism); + } + else + { + if (!mechanism.Equals(mechanism.ToUpperInvariant())) + throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism); + } + } +#endif } - public static IBufferedCipher GetCipher( - DerObjectIdentifier oid) + public static string GetAlgorithmName(DerObjectIdentifier oid) { - return GetCipher(oid.Id); + return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid); + } + + public static IBufferedCipher GetCipher(DerObjectIdentifier oid) + { + if (oid == null) + throw new ArgumentNullException(nameof(oid)); + + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism)) + { + var cipher = GetCipherForMechanism(mechanism); + if (cipher != null) + return cipher; + } + + throw new SecurityUtilityException("Cipher OID not recognised."); } public static IBufferedCipher GetCipher(string algorithm) @@ -273,14 +320,23 @@ namespace Org.BouncyCastle.Security if (algorithm == null) throw new ArgumentNullException(nameof(algorithm)); - algorithm = CollectionUtilities.GetValueOrKey(Algorithms, algorithm).ToUpperInvariant(); + string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant(); + + var cipher = GetCipherForMechanism(mechanism); + if (cipher != null) + return cipher; + + throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); + } + private static IBufferedCipher GetCipherForMechanism(string mechanism) + { IBasicAgreement iesAgreement = null; - if (algorithm == "IES") + if (mechanism == "IES") { iesAgreement = new DHBasicAgreement(); } - else if (algorithm == "ECIES") + else if (mechanism == "ECIES") { iesAgreement = new ECDHBasicAgreement(); } @@ -298,36 +354,36 @@ namespace Org.BouncyCastle.Security - if (Platform.StartsWith(algorithm, "PBE")) + if (Platform.StartsWith(mechanism, "PBE")) { - if (Platform.EndsWith(algorithm, "-CBC")) + if (Platform.EndsWith(mechanism, "-CBC")) { - if (algorithm == "PBEWITHSHA1ANDDES-CBC") + if (mechanism == "PBEWITHSHA1ANDDES-CBC") { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new DesEngine())); } - else if (algorithm == "PBEWITHSHA1ANDRC2-CBC") + else if (mechanism == "PBEWITHSHA1ANDRC2-CBC") { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new RC2Engine())); } - else if (Strings.IsOneOf(algorithm, + else if (Strings.IsOneOf(mechanism, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC")) { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new DesEdeEngine())); } - else if (Strings.IsOneOf(algorithm, + else if (Strings.IsOneOf(mechanism, "PBEWITHSHAAND128BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC")) { return new PaddedBufferedBlockCipher( new CbcBlockCipher(new RC2Engine())); } } - else if (Platform.EndsWith(algorithm, "-BC") || Platform.EndsWith(algorithm, "-OPENSSL")) + else if (Platform.EndsWith(mechanism, "-BC") || Platform.EndsWith(mechanism, "-OPENSSL")) { - if (Strings.IsOneOf(algorithm, + if (Strings.IsOneOf(mechanism, "PBEWITHSHAAND128BITAES-CBC-BC", "PBEWITHSHAAND192BITAES-CBC-BC", "PBEWITHSHAAND256BITAES-CBC-BC", @@ -346,14 +402,14 @@ namespace Org.BouncyCastle.Security - string[] parts = algorithm.Split('/'); + string[] parts = mechanism.Split('/'); IAeadCipher aeadCipher = null; IBlockCipher blockCipher = null; IAsymmetricBlockCipher asymBlockCipher = null; IStreamCipher streamCipher = null; - string algorithmName = CollectionUtilities.GetValueOrKey(Algorithms, parts[0]).ToUpperInvariant(); + string algorithmName = CollectionUtilities.GetValueOrKey(AlgorithmMap, parts[0]).ToUpperInvariant(); CipherAlgorithm cipherAlgorithm; try @@ -362,7 +418,7 @@ namespace Org.BouncyCastle.Security } catch (ArgumentException) { - throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); + return null; } switch (cipherAlgorithm) @@ -486,7 +542,7 @@ namespace Org.BouncyCastle.Security blockCipher = new XteaEngine(); break; default: - throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); + return null; } if (aeadCipher != null) @@ -535,7 +591,7 @@ namespace Org.BouncyCastle.Security } catch (ArgumentException) { - throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); + return null; } } @@ -615,7 +671,7 @@ namespace Org.BouncyCastle.Security padding = new ZeroBytePadding(); break; default: - throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); + return null; } } @@ -693,12 +749,12 @@ namespace Org.BouncyCastle.Security blockCipherMode = new SicBlockCipher(blockCipher); break; default: - throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); + return null; } } catch (ArgumentException) { - throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); + return null; } } @@ -742,12 +798,7 @@ namespace Org.BouncyCastle.Security return new BufferedAsymmetricBlockCipher(asymBlockCipher); } - throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); - } - - public static string GetAlgorithmName(DerObjectIdentifier oid) - { - return CollectionUtilities.GetValueOrNull(Algorithms, oid.Id); + return null; } private static int GetDigitIndex(string s) @@ -761,6 +812,20 @@ namespace Org.BouncyCastle.Security return -1; } + private static string GetMechanism(string algorithm) + { + if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1)) + return mechanism1; + + if (DerObjectIdentifier.TryFromID(algorithm, out var oid)) + { + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2)) + return mechanism2; + } + + return null; + } + private static IBlockCipher CreateBlockCipher(CipherAlgorithm cipherAlgorithm) { switch (cipherAlgorithm) diff --git a/crypto/src/security/DigestUtilities.cs b/crypto/src/security/DigestUtilities.cs index 8c175b056..0c5e12994 100644 --- a/crypto/src/security/DigestUtilities.cs +++ b/crypto/src/security/DigestUtilities.cs @@ -6,8 +6,8 @@ using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.GM; using Org.BouncyCastle.Asn1.Misc; using Org.BouncyCastle.Asn1.Nist; -using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.Oiw; +using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.Rosstandart; using Org.BouncyCastle.Asn1.TeleTrust; using Org.BouncyCastle.Asn1.UA; @@ -43,9 +43,11 @@ namespace Org.BouncyCastle.Security WHIRLPOOL, }; - private static readonly IDictionary Aliases = + private static readonly Dictionary AlgorithmMap = new Dictionary(StringComparer.OrdinalIgnoreCase); - private static readonly IDictionary Oids = + private static readonly Dictionary AlgorithmOidMap = + new Dictionary(); + private static readonly Dictionary Oids = new Dictionary(StringComparer.OrdinalIgnoreCase); static DigestUtilities() @@ -53,84 +55,84 @@ namespace Org.BouncyCastle.Security // Signal to obfuscation tools not to change enum constants Enums.GetArbitraryValue().ToString(); - Aliases[PkcsObjectIdentifiers.MD2.Id] = "MD2"; - Aliases[PkcsObjectIdentifiers.MD4.Id] = "MD4"; - Aliases[PkcsObjectIdentifiers.MD5.Id] = "MD5"; - - Aliases["SHA1"] = "SHA-1"; - Aliases[OiwObjectIdentifiers.IdSha1.Id] = "SHA-1"; - Aliases[PkcsObjectIdentifiers.IdHmacWithSha1.Id] = "SHA-1"; - Aliases[MiscObjectIdentifiers.HMAC_SHA1.Id] = "SHA-1"; - Aliases["SHA224"] = "SHA-224"; - Aliases[NistObjectIdentifiers.IdSha224.Id] = "SHA-224"; - Aliases[PkcsObjectIdentifiers.IdHmacWithSha224.Id] = "SHA-224"; - Aliases["SHA256"] = "SHA-256"; - Aliases[NistObjectIdentifiers.IdSha256.Id] = "SHA-256"; - Aliases[PkcsObjectIdentifiers.IdHmacWithSha256.Id] = "SHA-256"; - Aliases["SHA384"] = "SHA-384"; - Aliases[NistObjectIdentifiers.IdSha384.Id] = "SHA-384"; - Aliases[PkcsObjectIdentifiers.IdHmacWithSha384.Id] = "SHA-384"; - Aliases["SHA512"] = "SHA-512"; - Aliases[NistObjectIdentifiers.IdSha512.Id] = "SHA-512"; - Aliases[PkcsObjectIdentifiers.IdHmacWithSha512.Id] = "SHA-512"; - - Aliases["SHA512/224"] = "SHA-512/224"; - Aliases["SHA512(224)"] = "SHA-512/224"; - Aliases["SHA-512(224)"] = "SHA-512/224"; - Aliases[NistObjectIdentifiers.IdSha512_224.Id] = "SHA-512/224"; - Aliases["SHA512/256"] = "SHA-512/256"; - Aliases["SHA512(256)"] = "SHA-512/256"; - Aliases["SHA-512(256)"] = "SHA-512/256"; - Aliases[NistObjectIdentifiers.IdSha512_256.Id] = "SHA-512/256"; - - Aliases["RIPEMD-128"] = "RIPEMD128"; - Aliases[TeleTrusTObjectIdentifiers.RipeMD128.Id] = "RIPEMD128"; - Aliases["RIPEMD-160"] = "RIPEMD160"; - Aliases[TeleTrusTObjectIdentifiers.RipeMD160.Id] = "RIPEMD160"; - Aliases["RIPEMD-256"] = "RIPEMD256"; - Aliases[TeleTrusTObjectIdentifiers.RipeMD256.Id] = "RIPEMD256"; - Aliases["RIPEMD-320"] = "RIPEMD320"; - //Aliases[TeleTrusTObjectIdentifiers.RipeMD320.Id] = "RIPEMD320"; - - Aliases[CryptoProObjectIdentifiers.GostR3411.Id] = "GOST3411"; - - Aliases["KECCAK224"] = "KECCAK-224"; - Aliases["KECCAK256"] = "KECCAK-256"; - Aliases["KECCAK288"] = "KECCAK-288"; - Aliases["KECCAK384"] = "KECCAK-384"; - Aliases["KECCAK512"] = "KECCAK-512"; - - Aliases[NistObjectIdentifiers.IdSha3_224.Id] = "SHA3-224"; - Aliases[NistObjectIdentifiers.IdHMacWithSha3_224.Id] = "SHA3-224"; - Aliases[NistObjectIdentifiers.IdSha3_256.Id] = "SHA3-256"; - Aliases[NistObjectIdentifiers.IdHMacWithSha3_256.Id] = "SHA3-256"; - Aliases[NistObjectIdentifiers.IdSha3_384.Id] = "SHA3-384"; - Aliases[NistObjectIdentifiers.IdHMacWithSha3_384.Id] = "SHA3-384"; - Aliases[NistObjectIdentifiers.IdSha3_512.Id] = "SHA3-512"; - Aliases[NistObjectIdentifiers.IdHMacWithSha3_512.Id] = "SHA3-512"; - Aliases["SHAKE128"] = "SHAKE128-256"; - Aliases[NistObjectIdentifiers.IdShake128.Id] = "SHAKE128-256"; - Aliases["SHAKE256"] = "SHAKE256-512"; - Aliases[NistObjectIdentifiers.IdShake256.Id] = "SHAKE256-512"; - - Aliases[GMObjectIdentifiers.sm3.Id] = "SM3"; - - Aliases[MiscObjectIdentifiers.id_blake2b160.Id] = "BLAKE2B-160"; - Aliases[MiscObjectIdentifiers.id_blake2b256.Id] = "BLAKE2B-256"; - Aliases[MiscObjectIdentifiers.id_blake2b384.Id] = "BLAKE2B-384"; - Aliases[MiscObjectIdentifiers.id_blake2b512.Id] = "BLAKE2B-512"; - Aliases[MiscObjectIdentifiers.id_blake2s128.Id] = "BLAKE2S-128"; - Aliases[MiscObjectIdentifiers.id_blake2s160.Id] = "BLAKE2S-160"; - Aliases[MiscObjectIdentifiers.id_blake2s224.Id] = "BLAKE2S-224"; - Aliases[MiscObjectIdentifiers.id_blake2s256.Id] = "BLAKE2S-256"; - Aliases[MiscObjectIdentifiers.blake3_256.Id] = "BLAKE3-256"; - - Aliases[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256.Id] = "GOST3411-2012-256"; - Aliases[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512.Id] = "GOST3411-2012-512"; - - Aliases[UAObjectIdentifiers.dstu7564digest_256.Id] = "DSTU7564-256"; - Aliases[UAObjectIdentifiers.dstu7564digest_384.Id] = "DSTU7564-384"; - Aliases[UAObjectIdentifiers.dstu7564digest_512.Id] = "DSTU7564-512"; + AlgorithmOidMap[PkcsObjectIdentifiers.MD2] = "MD2"; + AlgorithmOidMap[PkcsObjectIdentifiers.MD4] = "MD4"; + AlgorithmOidMap[PkcsObjectIdentifiers.MD5] = "MD5"; + + AlgorithmMap["SHA1"] = "SHA-1"; + AlgorithmOidMap[OiwObjectIdentifiers.IdSha1] = "SHA-1"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha1] = "SHA-1"; + AlgorithmOidMap[MiscObjectIdentifiers.HMAC_SHA1] = "SHA-1"; + AlgorithmMap["SHA224"] = "SHA-224"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha224] = "SHA-224"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha224] = "SHA-224"; + AlgorithmMap["SHA256"] = "SHA-256"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha256] = "SHA-256"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha256] = "SHA-256"; + AlgorithmMap["SHA384"] = "SHA-384"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha384] = "SHA-384"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha384] = "SHA-384"; + AlgorithmMap["SHA512"] = "SHA-512"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha512] = "SHA-512"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha512] = "SHA-512"; + + AlgorithmMap["SHA512/224"] = "SHA-512/224"; + AlgorithmMap["SHA512(224)"] = "SHA-512/224"; + AlgorithmMap["SHA-512(224)"] = "SHA-512/224"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha512_224] = "SHA-512/224"; + AlgorithmMap["SHA512/256"] = "SHA-512/256"; + AlgorithmMap["SHA512(256)"] = "SHA-512/256"; + AlgorithmMap["SHA-512(256)"] = "SHA-512/256"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha512_256] = "SHA-512/256"; + + AlgorithmMap["RIPEMD-128"] = "RIPEMD128"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD128] = "RIPEMD128"; + AlgorithmMap["RIPEMD-160"] = "RIPEMD160"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD160] = "RIPEMD160"; + AlgorithmMap["RIPEMD-256"] = "RIPEMD256"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD256] = "RIPEMD256"; + AlgorithmMap["RIPEMD-320"] = "RIPEMD320"; + //AlgorithmOidMap[TeleTrusTObjectIdentifiers.RipeMD320] = "RIPEMD320"; + + AlgorithmOidMap[CryptoProObjectIdentifiers.GostR3411] = "GOST3411"; + + AlgorithmMap["KECCAK224"] = "KECCAK-224"; + AlgorithmMap["KECCAK256"] = "KECCAK-256"; + AlgorithmMap["KECCAK288"] = "KECCAK-288"; + AlgorithmMap["KECCAK384"] = "KECCAK-384"; + AlgorithmMap["KECCAK512"] = "KECCAK-512"; + + AlgorithmOidMap[NistObjectIdentifiers.IdSha3_224] = "SHA3-224"; + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_224] = "SHA3-224"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha3_256] = "SHA3-256"; + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_256] = "SHA3-256"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha3_384] = "SHA3-384"; + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_384] = "SHA3-384"; + AlgorithmOidMap[NistObjectIdentifiers.IdSha3_512] = "SHA3-512"; + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_512] = "SHA3-512"; + AlgorithmMap["SHAKE128"] = "SHAKE128-256"; + AlgorithmOidMap[NistObjectIdentifiers.IdShake128] = "SHAKE128-256"; + AlgorithmMap["SHAKE256"] = "SHAKE256-512"; + AlgorithmOidMap[NistObjectIdentifiers.IdShake256] = "SHAKE256-512"; + + AlgorithmOidMap[GMObjectIdentifiers.sm3] = "SM3"; + + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b160] = "BLAKE2B-160"; + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b256] = "BLAKE2B-256"; + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b384] = "BLAKE2B-384"; + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2b512] = "BLAKE2B-512"; + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s128] = "BLAKE2S-128"; + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s160] = "BLAKE2S-160"; + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s224] = "BLAKE2S-224"; + AlgorithmOidMap[MiscObjectIdentifiers.id_blake2s256] = "BLAKE2S-256"; + AlgorithmOidMap[MiscObjectIdentifiers.blake3_256] = "BLAKE3-256"; + + AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256] = "GOST3411-2012-256"; + AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512] = "GOST3411-2012-512"; + + AlgorithmOidMap[UAObjectIdentifiers.dstu7564digest_256] = "DSTU7564-256"; + AlgorithmOidMap[UAObjectIdentifiers.dstu7564digest_384] = "DSTU7564-384"; + AlgorithmOidMap[UAObjectIdentifiers.dstu7564digest_512] = "DSTU7564-512"; Oids["MD2"] = PkcsObjectIdentifiers.MD2; Oids["MD4"] = PkcsObjectIdentifiers.MD4; @@ -167,27 +169,105 @@ namespace Org.BouncyCastle.Security Oids["DSTU7564-256"] = UAObjectIdentifiers.dstu7564digest_256; Oids["DSTU7564-384"] = UAObjectIdentifiers.dstu7564digest_384; Oids["DSTU7564-512"] = UAObjectIdentifiers.dstu7564digest_512; + +#if DEBUG + foreach (var key in AlgorithmMap.Keys) + { + if (DerObjectIdentifier.TryFromID(key, out var ignore)) + throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key); + } + + var mechanisms = new HashSet(AlgorithmMap.Values); + mechanisms.UnionWith(AlgorithmOidMap.Values); + + foreach (var mechanism in mechanisms) + { + if (AlgorithmMap.TryGetValue(mechanism, out var check)) + { + if (mechanism != check) + throw new Exception("Mechanism mapping MUST be to self: " + mechanism); + } + else + { + if (!mechanism.Equals(mechanism.ToUpperInvariant())) + throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism); + } + } +#endif } - /// - /// Returns a ObjectIdentifier for a given digest mechanism. - /// - /// A string representation of the digest meanism. - /// A DerObjectIdentifier, null if the Oid is not available. + // TODO[api] Change parameter name to 'oid' + public static byte[] CalculateDigest(DerObjectIdentifier id, byte[] input) + { + return CalculateDigest(id.Id, input); + } - public static DerObjectIdentifier GetObjectIdentifier(string mechanism) + public static byte[] CalculateDigest(string algorithm, byte[] input) { - if (mechanism == null) - throw new ArgumentNullException(nameof(mechanism)); + IDigest digest = GetDigest(algorithm); + return DoFinal(digest, input); + } + + public static byte[] CalculateDigest(string algorithm, byte[] buf, int off, int len) + { + IDigest digest = GetDigest(algorithm); + return DoFinal(digest, buf, off, len); + } - mechanism = CollectionUtilities.GetValueOrKey(Aliases, mechanism).ToUpperInvariant(); +#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER + public static byte[] CalculateDigest(string algorithm, ReadOnlySpan buffer) + { + IDigest digest = GetDigest(algorithm); + return DoFinal(digest, buffer); + } +#endif - return CollectionUtilities.GetValueOrNull(Oids, mechanism); + public static byte[] DoFinal(IDigest digest) + { + byte[] b = new byte[digest.GetDigestSize()]; + digest.DoFinal(b, 0); + return b; + } + + public static byte[] DoFinal(IDigest digest, byte[] input) + { + digest.BlockUpdate(input, 0, input.Length); + return DoFinal(digest); + } + + public static byte[] DoFinal(IDigest digest, byte[] buf, int off, int len) + { + digest.BlockUpdate(buf, off, len); + return DoFinal(digest); + } + +#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER + public static byte[] DoFinal(IDigest digest, ReadOnlySpan buffer) + { + digest.BlockUpdate(buffer); + return DoFinal(digest); + } +#endif + + public static string GetAlgorithmName(DerObjectIdentifier oid) + { + return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid); } + // TODO[api] Change parameter name to 'oid' public static IDigest GetDigest(DerObjectIdentifier id) { - return GetDigest(id.Id); + if (id == null) + throw new ArgumentNullException(nameof(id)); + + if (AlgorithmOidMap.TryGetValue(id, out var mechanism)) + { + var digest = GetDigestForMechanism(mechanism); + if (digest != null) + return digest; + } + + throw new SecurityUtilityException("Digest OID not recognised."); } public static IDigest GetDigest(string algorithm) @@ -195,8 +275,17 @@ namespace Org.BouncyCastle.Security if (algorithm == null) throw new ArgumentNullException(nameof(algorithm)); - string mechanism = CollectionUtilities.GetValueOrKey(Aliases, algorithm).ToUpperInvariant(); + string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant(); + + var digest = GetDigestForMechanism(mechanism); + if (digest != null) + return digest; + throw new SecurityUtilityException("Digest " + algorithm + " not recognised."); + } + + private static IDigest GetDigestForMechanism(string mechanism) + { try { DigestAlgorithm digestAlgorithm = Enums.GetEnumValue(mechanism); @@ -253,64 +342,36 @@ namespace Org.BouncyCastle.Security { } - throw new SecurityUtilityException("Digest " + mechanism + " not recognised."); - } - - public static string GetAlgorithmName(DerObjectIdentifier oid) - { - return CollectionUtilities.GetValueOrNull(Aliases, oid.Id); - } - - public static byte[] CalculateDigest(DerObjectIdentifier id, byte[] input) - { - return CalculateDigest(id.Id, input); + return null; } - public static byte[] CalculateDigest(string algorithm, byte[] input) + private static string GetMechanism(string algorithm) { - IDigest digest = GetDigest(algorithm); - return DoFinal(digest, input); - } + if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1)) + return mechanism1; - public static byte[] CalculateDigest(string algorithm, byte[] buf, int off, int len) - { - IDigest digest = GetDigest(algorithm); - return DoFinal(digest, buf, off, len); - } - -#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - public static byte[] CalculateDigest(string algorithm, ReadOnlySpan buffer) - { - IDigest digest = GetDigest(algorithm); - return DoFinal(digest, buffer); - } -#endif + if (DerObjectIdentifier.TryFromID(algorithm, out var oid)) + { + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2)) + return mechanism2; + } - public static byte[] DoFinal(IDigest digest) - { - byte[] b = new byte[digest.GetDigestSize()]; - digest.DoFinal(b, 0); - return b; + return null; } - public static byte[] DoFinal(IDigest digest, byte[] input) + /// + /// Returns an ObjectIdentifier for a given digest mechanism. + /// + /// A string representation of the digest meanism. + /// A DerObjectIdentifier, null if the Oid is not available. + public static DerObjectIdentifier GetObjectIdentifier(string mechanism) { - digest.BlockUpdate(input, 0, input.Length); - return DoFinal(digest); - } + if (mechanism == null) + throw new ArgumentNullException(nameof(mechanism)); - public static byte[] DoFinal(IDigest digest, byte[] buf, int off, int len) - { - digest.BlockUpdate(buf, off, len); - return DoFinal(digest); - } + mechanism = GetMechanism(mechanism) ?? mechanism; -#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - public static byte[] DoFinal(IDigest digest, ReadOnlySpan buffer) - { - digest.BlockUpdate(buffer); - return DoFinal(digest); + return CollectionUtilities.GetValueOrNull(Oids, mechanism); } -#endif } } diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs index c310cf399..e22fbd139 100644 --- a/crypto/src/security/GeneratorUtilities.cs +++ b/crypto/src/security/GeneratorUtilities.cs @@ -6,6 +6,7 @@ using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.EdEC; using Org.BouncyCastle.Asn1.Iana; using Org.BouncyCastle.Asn1.Kisa; +using Org.BouncyCastle.Asn1.Misc; using Org.BouncyCastle.Asn1.Nist; using Org.BouncyCastle.Asn1.Nsri; using Org.BouncyCastle.Asn1.Ntt; @@ -68,7 +69,12 @@ namespace Org.BouncyCastle.Security NistObjectIdentifiers.IdAes256Wrap, NistObjectIdentifiers.IdAes256WrapPad); AddKgAlgorithm("BLOWFISH", - "1.3.6.1.4.1.3029.1.2"); + /* + * TODO[api] Incorrect version of cryptlib_algorithm_blowfish_CBC + * Remove at major version update and delete bad test data "pbes2.bf-cbc.key" + */ + "1.3.6.1.4.1.3029.1.2", + MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC); AddKgAlgorithm("CAMELLIA", "CAMELLIAWRAP"); AddKgAlgorithm("ARIA"); @@ -115,7 +121,7 @@ namespace Org.BouncyCastle.Security NttObjectIdentifiers.IdCamellia256Cbc, NttObjectIdentifiers.IdCamellia256Wrap); AddKgAlgorithm("CAST5", - "1.2.840.113533.7.66.10"); + MiscObjectIdentifiers.cast5CBC); AddKgAlgorithm("CAST6"); AddKgAlgorithm("CHACHA"); AddKgAlgorithm("CHACHA7539", @@ -141,14 +147,14 @@ namespace Org.BouncyCastle.Security AddKgAlgorithm("HC128"); AddKgAlgorithm("HC256"); AddKgAlgorithm("IDEA", - "1.3.6.1.4.1.188.7.1.1.2"); + MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC); AddKgAlgorithm("NOEKEON"); AddKgAlgorithm("RC2", PkcsObjectIdentifiers.RC2Cbc, PkcsObjectIdentifiers.IdAlgCmsRC2Wrap); AddKgAlgorithm("RC4", "ARC4", - "1.2.840.113549.3.4"); + PkcsObjectIdentifiers.rc4); AddKgAlgorithm("RC5", "RC5-32"); AddKgAlgorithm("RC5-64"); @@ -250,7 +256,7 @@ namespace Org.BouncyCastle.Security "GOST-3410", "GOST-3410-94"); AddKpgAlgorithm("RSA", - "1.2.840.113549.1.1.1"); + PkcsObjectIdentifiers.RsaEncryption); AddKpgAlgorithm("RSASSA-PSS"); AddKpgAlgorithm("X25519", EdECObjectIdentifiers.id_X25519); diff --git a/crypto/src/security/MacUtilities.cs b/crypto/src/security/MacUtilities.cs index 9490616be..76b2ed353 100644 --- a/crypto/src/security/MacUtilities.cs +++ b/crypto/src/security/MacUtilities.cs @@ -5,6 +5,7 @@ using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Iana; using Org.BouncyCastle.Asn1.Misc; using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.Rosstandart; using Org.BouncyCastle.Crypto; @@ -21,69 +22,133 @@ namespace Org.BouncyCastle.Security /// public static class MacUtilities { - private static readonly IDictionary Algorithms = + private static readonly Dictionary AlgorithmMap = new Dictionary(StringComparer.OrdinalIgnoreCase); + private static readonly Dictionary AlgorithmOidMap = + new Dictionary(); static MacUtilities() { - Algorithms[IanaObjectIdentifiers.HmacMD5.Id] = "HMAC-MD5"; - Algorithms[IanaObjectIdentifiers.HmacRipeMD160.Id] = "HMAC-RIPEMD160"; - Algorithms[IanaObjectIdentifiers.HmacSha1.Id] = "HMAC-SHA1"; - Algorithms[IanaObjectIdentifiers.HmacTiger.Id] = "HMAC-TIGER"; - - Algorithms[PkcsObjectIdentifiers.IdHmacWithSha1.Id] = "HMAC-SHA1"; - Algorithms[MiscObjectIdentifiers.HMAC_SHA1.Id] = "HMAC-SHA1"; - Algorithms[PkcsObjectIdentifiers.IdHmacWithSha224.Id] = "HMAC-SHA224"; - Algorithms[PkcsObjectIdentifiers.IdHmacWithSha256.Id] = "HMAC-SHA256"; - Algorithms[PkcsObjectIdentifiers.IdHmacWithSha384.Id] = "HMAC-SHA384"; - Algorithms[PkcsObjectIdentifiers.IdHmacWithSha512.Id] = "HMAC-SHA512"; - - Algorithms[NistObjectIdentifiers.IdHMacWithSha3_224.Id] = "HMAC-SHA3-224"; - Algorithms[NistObjectIdentifiers.IdHMacWithSha3_256.Id] = "HMAC-SHA3-256"; - Algorithms[NistObjectIdentifiers.IdHMacWithSha3_384.Id] = "HMAC-SHA3-384"; - Algorithms[NistObjectIdentifiers.IdHMacWithSha3_512.Id] = "HMAC-SHA3-512"; - - Algorithms[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_256.Id] = "HMAC-GOST3411-2012-256"; - Algorithms[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_512.Id] = "HMAC-GOST3411-2012-512"; + AlgorithmOidMap[IanaObjectIdentifiers.HmacMD5] = "HMAC-MD5"; + AlgorithmOidMap[IanaObjectIdentifiers.HmacRipeMD160] = "HMAC-RIPEMD160"; + AlgorithmOidMap[IanaObjectIdentifiers.HmacSha1] = "HMAC-SHA1"; + AlgorithmOidMap[IanaObjectIdentifiers.HmacTiger] = "HMAC-TIGER"; + + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha1] = "HMAC-SHA1"; + AlgorithmOidMap[MiscObjectIdentifiers.HMAC_SHA1] = "HMAC-SHA1"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha224] = "HMAC-SHA224"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha256] = "HMAC-SHA256"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha384] = "HMAC-SHA384"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdHmacWithSha512] = "HMAC-SHA512"; + + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_224] = "HMAC-SHA3-224"; + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_256] = "HMAC-SHA3-256"; + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_384] = "HMAC-SHA3-384"; + AlgorithmOidMap[NistObjectIdentifiers.IdHMacWithSha3_512] = "HMAC-SHA3-512"; + + AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_256] = "HMAC-GOST3411-2012-256"; + AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_512] = "HMAC-GOST3411-2012-512"; // TODO AESMAC? - Algorithms["DES"] = "DESMAC"; - Algorithms["DES/CFB8"] = "DESMAC/CFB8"; - Algorithms["DES64"] = "DESMAC64"; - Algorithms["DESEDE"] = "DESEDEMAC"; - Algorithms[PkcsObjectIdentifiers.DesEde3Cbc.Id] = "DESEDEMAC"; - Algorithms["DESEDE/CFB8"] = "DESEDEMAC/CFB8"; - Algorithms["DESISO9797MAC"] = "DESWITHISO9797"; - Algorithms["DESEDE64"] = "DESEDEMAC64"; - - Algorithms["DESEDE64WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING"; - Algorithms["DESEDEISO9797ALG1MACWITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING"; - Algorithms["DESEDEISO9797ALG1WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING"; - - Algorithms["ISO9797ALG3"] = "ISO9797ALG3MAC"; - Algorithms["ISO9797ALG3MACWITHISO7816-4PADDING"] = "ISO9797ALG3WITHISO7816-4PADDING"; - - Algorithms["SKIPJACK"] = "SKIPJACKMAC"; - Algorithms["SKIPJACK/CFB8"] = "SKIPJACKMAC/CFB8"; - Algorithms["IDEA"] = "IDEAMAC"; - Algorithms["IDEA/CFB8"] = "IDEAMAC/CFB8"; - Algorithms["RC2"] = "RC2MAC"; - Algorithms["RC2/CFB8"] = "RC2MAC/CFB8"; - Algorithms["RC5"] = "RC5MAC"; - Algorithms["RC5/CFB8"] = "RC5MAC/CFB8"; - Algorithms["GOST28147"] = "GOST28147MAC"; - Algorithms["VMPC"] = "VMPCMAC"; - Algorithms["VMPC-MAC"] = "VMPCMAC"; - Algorithms["SIPHASH"] = "SIPHASH-2-4"; - - Algorithms["PBEWITHHMACSHA"] = "PBEWITHHMACSHA1"; - Algorithms["1.3.14.3.2.26"] = "PBEWITHHMACSHA1"; + AlgorithmMap["DES"] = "DESMAC"; + AlgorithmMap["DES/CFB8"] = "DESMAC/CFB8"; + AlgorithmMap["DES64"] = "DESMAC64"; + AlgorithmMap["DESEDE"] = "DESEDEMAC"; + AlgorithmOidMap[PkcsObjectIdentifiers.DesEde3Cbc] = "DESEDEMAC"; + AlgorithmMap["DESEDE/CFB8"] = "DESEDEMAC/CFB8"; + AlgorithmMap["DESISO9797MAC"] = "DESWITHISO9797"; + AlgorithmMap["DESEDE64"] = "DESEDEMAC64"; + + AlgorithmMap["DESEDE64WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING"; + AlgorithmMap["DESEDEISO9797ALG1MACWITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING"; + AlgorithmMap["DESEDEISO9797ALG1WITHISO7816-4PADDING"] = "DESEDEMAC64WITHISO7816-4PADDING"; + + AlgorithmMap["ISO9797ALG3"] = "ISO9797ALG3MAC"; + AlgorithmMap["ISO9797ALG3MACWITHISO7816-4PADDING"] = "ISO9797ALG3WITHISO7816-4PADDING"; + + AlgorithmMap["SKIPJACK"] = "SKIPJACKMAC"; + AlgorithmMap["SKIPJACK/CFB8"] = "SKIPJACKMAC/CFB8"; + AlgorithmMap["IDEA"] = "IDEAMAC"; + AlgorithmMap["IDEA/CFB8"] = "IDEAMAC/CFB8"; + AlgorithmMap["RC2"] = "RC2MAC"; + AlgorithmMap["RC2/CFB8"] = "RC2MAC/CFB8"; + AlgorithmMap["RC5"] = "RC5MAC"; + AlgorithmMap["RC5/CFB8"] = "RC5MAC/CFB8"; + AlgorithmMap["GOST28147"] = "GOST28147MAC"; + AlgorithmMap["VMPC"] = "VMPCMAC"; + AlgorithmMap["VMPC-MAC"] = "VMPCMAC"; + AlgorithmMap["SIPHASH"] = "SIPHASH-2-4"; + + AlgorithmMap["PBEWITHHMACSHA"] = "PBEWITHHMACSHA1"; + AlgorithmOidMap[OiwObjectIdentifiers.IdSha1] = "PBEWITHHMACSHA1"; + +#if DEBUG + foreach (var key in AlgorithmMap.Keys) + { + if (DerObjectIdentifier.TryFromID(key, out var ignore)) + throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key); + } + + var mechanisms = new HashSet(AlgorithmMap.Values); + mechanisms.UnionWith(AlgorithmOidMap.Values); + + foreach (var mechanism in mechanisms) + { + if (AlgorithmMap.TryGetValue(mechanism, out var check)) + { + if (mechanism != check) + throw new Exception("Mechanism mapping MUST be to self: " + mechanism); + } + else + { + if (!mechanism.Equals(mechanism.ToUpperInvariant())) + throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism); + } + } +#endif + } + + public static byte[] CalculateMac(string algorithm, ICipherParameters cp, byte[] input) + { + IMac mac = GetMac(algorithm); + mac.Init(cp); + mac.BlockUpdate(input, 0, input.Length); + return DoFinal(mac); + } + + public static byte[] DoFinal(IMac mac) + { + byte[] b = new byte[mac.GetMacSize()]; + mac.DoFinal(b, 0); + return b; + } + + public static byte[] DoFinal(IMac mac, byte[] input) + { + mac.BlockUpdate(input, 0, input.Length); + return DoFinal(mac); + } + + public static string GetAlgorithmName(DerObjectIdentifier oid) + { + return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid); } + // TODO[api] Change parameter name to 'oid' public static IMac GetMac(DerObjectIdentifier id) { - return GetMac(id.Id); + if (id == null) + throw new ArgumentNullException(nameof(id)); + + if (AlgorithmOidMap.TryGetValue(id, out var mechanism)) + { + var mac = GetMacForMechanism(mechanism); + if (mac != null) + return mac; + } + + throw new SecurityUtilityException("Mac OID not recognised."); } public static IMac GetMac(string algorithm) @@ -91,8 +156,17 @@ namespace Org.BouncyCastle.Security if (algorithm == null) throw new ArgumentNullException(nameof(algorithm)); - string mechanism = CollectionUtilities.GetValueOrKey(Algorithms, algorithm).ToUpperInvariant(); + string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant(); + + var mac = GetMacForMechanism(mechanism); + if (mac != null) + return mac; + throw new SecurityUtilityException("Mac " + algorithm + " not recognised."); + } + + private static IMac GetMacForMechanism(string mechanism) + { if (Platform.StartsWith(mechanism, "PBEWITH")) { mechanism = mechanism.Substring("PBEWITH".Length); @@ -202,33 +276,21 @@ namespace Org.BouncyCastle.Security { return new SipHash(); } - throw new SecurityUtilityException("Mac " + mechanism + " not recognised."); + return null; } - public static string GetAlgorithmName(DerObjectIdentifier oid) + private static string GetMechanism(string algorithm) { - return CollectionUtilities.GetValueOrNull(Algorithms, oid.Id); - } + if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1)) + return mechanism1; - public static byte[] CalculateMac(string algorithm, ICipherParameters cp, byte[] input) - { - IMac mac = GetMac(algorithm); - mac.Init(cp); - mac.BlockUpdate(input, 0, input.Length); - return DoFinal(mac); - } - - public static byte[] DoFinal(IMac mac) - { - byte[] b = new byte[mac.GetMacSize()]; - mac.DoFinal(b, 0); - return b; - } + if (DerObjectIdentifier.TryFromID(algorithm, out var oid)) + { + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2)) + return mechanism2; + } - public static byte[] DoFinal(IMac mac, byte[] input) - { - mac.BlockUpdate(input, 0, input.Length); - return DoFinal(mac); + return null; } } } diff --git a/crypto/src/security/ParameterUtilities.cs b/crypto/src/security/ParameterUtilities.cs index 690195443..36f1dbbb2 100644 --- a/crypto/src/security/ParameterUtilities.cs +++ b/crypto/src/security/ParameterUtilities.cs @@ -93,7 +93,12 @@ namespace Org.BouncyCastle.Security NsriObjectIdentifiers.id_aria256_ocb2, NsriObjectIdentifiers.id_aria256_ofb); AddAlgorithm("BLOWFISH", - "1.3.6.1.4.1.3029.1.2"); + /* + * TODO[api] Incorrect version of cryptlib_algorithm_blowfish_CBC + * Remove at major version update and delete bad test data "pbes2.bf-cbc.key" + */ + "1.3.6.1.4.1.3029.1.2", + MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC); AddAlgorithm("CAMELLIA", "CAMELLIAWRAP"); AddAlgorithm("CAMELLIA128", @@ -106,7 +111,7 @@ namespace Org.BouncyCastle.Security NttObjectIdentifiers.IdCamellia256Cbc, NttObjectIdentifiers.IdCamellia256Wrap); AddAlgorithm("CAST5", - "1.2.840.113533.7.66.10"); + MiscObjectIdentifiers.cast5CBC); AddAlgorithm("CAST6"); AddAlgorithm("CHACHA"); AddAlgorithm("CHACHA7539", @@ -132,14 +137,14 @@ namespace Org.BouncyCastle.Security AddAlgorithm("HC128"); AddAlgorithm("HC256"); AddAlgorithm("IDEA", - "1.3.6.1.4.1.188.7.1.1.2"); + MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC); AddAlgorithm("NOEKEON"); AddAlgorithm("RC2", PkcsObjectIdentifiers.RC2Cbc, PkcsObjectIdentifiers.IdAlgCmsRC2Wrap); AddAlgorithm("RC4", "ARC4", - "1.2.840.113549.3.4"); + PkcsObjectIdentifiers.rc4); AddAlgorithm("RC5", "RC5-32"); AddAlgorithm("RC5-64"); diff --git a/crypto/src/security/SignerUtilities.cs b/crypto/src/security/SignerUtilities.cs index 918356450..e2a98343c 100644 --- a/crypto/src/security/SignerUtilities.cs +++ b/crypto/src/security/SignerUtilities.cs @@ -28,88 +28,90 @@ namespace Org.BouncyCastle.Security /// public static class SignerUtilities { - private static readonly IDictionary AlgorithmMap = + private static readonly Dictionary AlgorithmMap = new Dictionary(StringComparer.OrdinalIgnoreCase); + private static readonly Dictionary AlgorithmOidMap = + new Dictionary(); private static readonly HashSet NoRandom = new HashSet(StringComparer.OrdinalIgnoreCase); - private static readonly IDictionary Oids = + private static readonly Dictionary Oids = new Dictionary(StringComparer.OrdinalIgnoreCase); static SignerUtilities() { AlgorithmMap["MD2WITHRSA"] = "MD2withRSA"; AlgorithmMap["MD2WITHRSAENCRYPTION"] = "MD2withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.MD2WithRsaEncryption.Id] = "MD2withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.MD2WithRsaEncryption] = "MD2withRSA"; AlgorithmMap["MD4WITHRSA"] = "MD4withRSA"; AlgorithmMap["MD4WITHRSAENCRYPTION"] = "MD4withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.MD4WithRsaEncryption.Id] = "MD4withRSA"; - AlgorithmMap[OiwObjectIdentifiers.MD4WithRsa.Id] = "MD4withRSA"; - AlgorithmMap[OiwObjectIdentifiers.MD4WithRsaEncryption.Id] = "MD4withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.MD4WithRsaEncryption] = "MD4withRSA"; + AlgorithmOidMap[OiwObjectIdentifiers.MD4WithRsa] = "MD4withRSA"; + AlgorithmOidMap[OiwObjectIdentifiers.MD4WithRsaEncryption] = "MD4withRSA"; AlgorithmMap["MD5WITHRSA"] = "MD5withRSA"; AlgorithmMap["MD5WITHRSAENCRYPTION"] = "MD5withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.MD5WithRsaEncryption.Id] = "MD5withRSA"; - AlgorithmMap[OiwObjectIdentifiers.MD5WithRsa.Id] = "MD5withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.MD5WithRsaEncryption] = "MD5withRSA"; + AlgorithmOidMap[OiwObjectIdentifiers.MD5WithRsa] = "MD5withRSA"; AlgorithmMap["SHA1WITHRSA"] = "SHA-1withRSA"; AlgorithmMap["SHA-1WITHRSA"] = "SHA-1withRSA"; AlgorithmMap["SHA1WITHRSAENCRYPTION"] = "SHA-1withRSA"; AlgorithmMap["SHA-1WITHRSAENCRYPTION"] = "SHA-1withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id] = "SHA-1withRSA"; - AlgorithmMap[OiwObjectIdentifiers.Sha1WithRsa.Id] = "SHA-1withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.Sha1WithRsaEncryption] = "SHA-1withRSA"; + AlgorithmOidMap[OiwObjectIdentifiers.Sha1WithRsa] = "SHA-1withRSA"; AlgorithmMap["SHA224WITHRSA"] = "SHA-224withRSA"; AlgorithmMap["SHA-224WITHRSA"] = "SHA-224withRSA"; AlgorithmMap["SHA224WITHRSAENCRYPTION"] = "SHA-224withRSA"; AlgorithmMap["SHA-224WITHRSAENCRYPTION"] = "SHA-224withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.Sha224WithRsaEncryption.Id] = "SHA-224withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.Sha224WithRsaEncryption] = "SHA-224withRSA"; AlgorithmMap["SHA256WITHRSA"] = "SHA-256withRSA"; AlgorithmMap["SHA-256WITHRSA"] = "SHA-256withRSA"; AlgorithmMap["SHA256WITHRSAENCRYPTION"] = "SHA-256withRSA"; AlgorithmMap["SHA-256WITHRSAENCRYPTION"] = "SHA-256withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id] = "SHA-256withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.Sha256WithRsaEncryption] = "SHA-256withRSA"; AlgorithmMap["SHA384WITHRSA"] = "SHA-384withRSA"; AlgorithmMap["SHA-384WITHRSA"] = "SHA-384withRSA"; AlgorithmMap["SHA384WITHRSAENCRYPTION"] = "SHA-384withRSA"; AlgorithmMap["SHA-384WITHRSAENCRYPTION"] = "SHA-384withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.Sha384WithRsaEncryption.Id] = "SHA-384withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.Sha384WithRsaEncryption] = "SHA-384withRSA"; AlgorithmMap["SHA512WITHRSA"] = "SHA-512withRSA"; AlgorithmMap["SHA-512WITHRSA"] = "SHA-512withRSA"; AlgorithmMap["SHA512WITHRSAENCRYPTION"] = "SHA-512withRSA"; AlgorithmMap["SHA-512WITHRSAENCRYPTION"] = "SHA-512withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id] = "SHA-512withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.Sha512WithRsaEncryption] = "SHA-512withRSA"; AlgorithmMap["SHA512(224)WITHRSA"] = "SHA-512(224)withRSA"; AlgorithmMap["SHA-512(224)WITHRSA"] = "SHA-512(224)withRSA"; AlgorithmMap["SHA512(224)WITHRSAENCRYPTION"] = "SHA-512(224)withRSA"; AlgorithmMap["SHA-512(224)WITHRSAENCRYPTION"] = "SHA-512(224)withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.Sha512_224WithRSAEncryption.Id] = "SHA-512(224)withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.Sha512_224WithRSAEncryption] = "SHA-512(224)withRSA"; AlgorithmMap["SHA512(256)WITHRSA"] = "SHA-512(256)withRSA"; AlgorithmMap["SHA-512(256)WITHRSA"] = "SHA-512(256)withRSA"; AlgorithmMap["SHA512(256)WITHRSAENCRYPTION"] = "SHA-512(256)withRSA"; AlgorithmMap["SHA-512(256)WITHRSAENCRYPTION"] = "SHA-512(256)withRSA"; - AlgorithmMap[PkcsObjectIdentifiers.Sha512_256WithRSAEncryption.Id] = "SHA-512(256)withRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.Sha512_256WithRSAEncryption] = "SHA-512(256)withRSA"; AlgorithmMap["SHA3-224WITHRSA"] = "SHA3-224withRSA"; AlgorithmMap["SHA3-224WITHRSAENCRYPTION"] = "SHA3-224withRSA"; - AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224.Id] = "SHA3-224withRSA"; + AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224] = "SHA3-224withRSA"; AlgorithmMap["SHA3-256WITHRSA"] = "SHA3-256withRSA"; AlgorithmMap["SHA3-256WITHRSAENCRYPTION"] = "SHA3-256withRSA"; - AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256.Id] = "SHA3-256withRSA"; + AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256] = "SHA3-256withRSA"; AlgorithmMap["SHA3-384WITHRSA"] = "SHA3-384withRSA"; AlgorithmMap["SHA3-384WITHRSAENCRYPTION"] = "SHA3-384withRSA"; - AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384.Id] = "SHA3-384withRSA"; + AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384] = "SHA3-384withRSA"; AlgorithmMap["SHA3-512WITHRSA"] = "SHA3-512withRSA"; AlgorithmMap["SHA3-512WITHRSAENCRYPTION"] = "SHA3-512withRSA"; - AlgorithmMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512.Id] = "SHA3-512withRSA"; + AlgorithmOidMap[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512] = "SHA3-512withRSA"; AlgorithmMap["PSSWITHRSA"] = "PSSwithRSA"; AlgorithmMap["RSASSA-PSS"] = "PSSwithRSA"; - AlgorithmMap[PkcsObjectIdentifiers.IdRsassaPss.Id] = "PSSwithRSA"; + AlgorithmOidMap[PkcsObjectIdentifiers.IdRsassaPss] = "PSSwithRSA"; AlgorithmMap["RSAPSS"] = "PSSwithRSA"; AlgorithmMap["SHA1WITHRSAANDMGF1"] = "SHA-1withRSAandMGF1"; @@ -149,15 +151,15 @@ namespace Org.BouncyCastle.Security AlgorithmMap["RIPEMD128WITHRSA"] = "RIPEMD128withRSA"; AlgorithmMap["RIPEMD128WITHRSAENCRYPTION"] = "RIPEMD128withRSA"; - AlgorithmMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128.Id] = "RIPEMD128withRSA"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128] = "RIPEMD128withRSA"; AlgorithmMap["RIPEMD160WITHRSA"] = "RIPEMD160withRSA"; AlgorithmMap["RIPEMD160WITHRSAENCRYPTION"] = "RIPEMD160withRSA"; - AlgorithmMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160.Id] = "RIPEMD160withRSA"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160] = "RIPEMD160withRSA"; AlgorithmMap["RIPEMD256WITHRSA"] = "RIPEMD256withRSA"; AlgorithmMap["RIPEMD256WITHRSAENCRYPTION"] = "RIPEMD256withRSA"; - AlgorithmMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256.Id] = "RIPEMD256withRSA"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256] = "RIPEMD256withRSA"; AlgorithmMap["NONEWITHRSA"] = "RSA"; AlgorithmMap["RSAWITHNONE"] = "RSA"; @@ -179,8 +181,8 @@ namespace Org.BouncyCastle.Security AlgorithmMap["SHA-1/DSA"] = "SHA-1withDSA"; AlgorithmMap["SHA1WITHDSA"] = "SHA-1withDSA"; AlgorithmMap["SHA-1WITHDSA"] = "SHA-1withDSA"; - AlgorithmMap[X9ObjectIdentifiers.IdDsaWithSha1.Id] = "SHA-1withDSA"; - AlgorithmMap[OiwObjectIdentifiers.DsaWithSha1.Id] = "SHA-1withDSA"; + AlgorithmOidMap[X9ObjectIdentifiers.IdDsaWithSha1] = "SHA-1withDSA"; + AlgorithmOidMap[OiwObjectIdentifiers.DsaWithSha1] = "SHA-1withDSA"; AlgorithmMap["DSAWITHSHA224"] = "SHA-224withDSA"; AlgorithmMap["DSAWITHSHA-224"] = "SHA-224withDSA"; @@ -188,7 +190,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["SHA-224/DSA"] = "SHA-224withDSA"; AlgorithmMap["SHA224WITHDSA"] = "SHA-224withDSA"; AlgorithmMap["SHA-224WITHDSA"] = "SHA-224withDSA"; - AlgorithmMap[NistObjectIdentifiers.DsaWithSha224.Id] = "SHA-224withDSA"; + AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha224] = "SHA-224withDSA"; AlgorithmMap["DSAWITHSHA256"] = "SHA-256withDSA"; AlgorithmMap["DSAWITHSHA-256"] = "SHA-256withDSA"; @@ -196,7 +198,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["SHA-256/DSA"] = "SHA-256withDSA"; AlgorithmMap["SHA256WITHDSA"] = "SHA-256withDSA"; AlgorithmMap["SHA-256WITHDSA"] = "SHA-256withDSA"; - AlgorithmMap[NistObjectIdentifiers.DsaWithSha256.Id] = "SHA-256withDSA"; + AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha256] = "SHA-256withDSA"; AlgorithmMap["DSAWITHSHA384"] = "SHA-384withDSA"; AlgorithmMap["DSAWITHSHA-384"] = "SHA-384withDSA"; @@ -204,7 +206,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["SHA-384/DSA"] = "SHA-384withDSA"; AlgorithmMap["SHA384WITHDSA"] = "SHA-384withDSA"; AlgorithmMap["SHA-384WITHDSA"] = "SHA-384withDSA"; - AlgorithmMap[NistObjectIdentifiers.DsaWithSha384.Id] = "SHA-384withDSA"; + AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha384] = "SHA-384withDSA"; AlgorithmMap["DSAWITHSHA512"] = "SHA-512withDSA"; AlgorithmMap["DSAWITHSHA-512"] = "SHA-512withDSA"; @@ -212,7 +214,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["SHA-512/DSA"] = "SHA-512withDSA"; AlgorithmMap["SHA512WITHDSA"] = "SHA-512withDSA"; AlgorithmMap["SHA-512WITHDSA"] = "SHA-512withDSA"; - AlgorithmMap[NistObjectIdentifiers.DsaWithSha512.Id] = "SHA-512withDSA"; + AlgorithmOidMap[NistObjectIdentifiers.DsaWithSha512] = "SHA-512withDSA"; AlgorithmMap["NONEWITHECDSA"] = "NONEwithECDSA"; AlgorithmMap["ECDSAWITHNONE"] = "NONEwithECDSA"; @@ -224,8 +226,8 @@ namespace Org.BouncyCastle.Security AlgorithmMap["ECDSAWITHSHA-1"] = "SHA-1withECDSA"; AlgorithmMap["SHA1WITHECDSA"] = "SHA-1withECDSA"; AlgorithmMap["SHA-1WITHECDSA"] = "SHA-1withECDSA"; - AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha1.Id] = "SHA-1withECDSA"; - AlgorithmMap[TeleTrusTObjectIdentifiers.ECSignWithSha1.Id] = "SHA-1withECDSA"; + AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha1] = "SHA-1withECDSA"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.ECSignWithSha1] = "SHA-1withECDSA"; AlgorithmMap["SHA224/ECDSA"] = "SHA-224withECDSA"; AlgorithmMap["SHA-224/ECDSA"] = "SHA-224withECDSA"; @@ -233,7 +235,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["ECDSAWITHSHA-224"] = "SHA-224withECDSA"; AlgorithmMap["SHA224WITHECDSA"] = "SHA-224withECDSA"; AlgorithmMap["SHA-224WITHECDSA"] = "SHA-224withECDSA"; - AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha224.Id] = "SHA-224withECDSA"; + AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha224] = "SHA-224withECDSA"; AlgorithmMap["SHA256/ECDSA"] = "SHA-256withECDSA"; AlgorithmMap["SHA-256/ECDSA"] = "SHA-256withECDSA"; @@ -241,7 +243,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["ECDSAWITHSHA-256"] = "SHA-256withECDSA"; AlgorithmMap["SHA256WITHECDSA"] = "SHA-256withECDSA"; AlgorithmMap["SHA-256WITHECDSA"] = "SHA-256withECDSA"; - AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha256.Id] = "SHA-256withECDSA"; + AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha256] = "SHA-256withECDSA"; AlgorithmMap["SHA384/ECDSA"] = "SHA-384withECDSA"; AlgorithmMap["SHA-384/ECDSA"] = "SHA-384withECDSA"; @@ -249,7 +251,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["ECDSAWITHSHA-384"] = "SHA-384withECDSA"; AlgorithmMap["SHA384WITHECDSA"] = "SHA-384withECDSA"; AlgorithmMap["SHA-384WITHECDSA"] = "SHA-384withECDSA"; - AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha384.Id] = "SHA-384withECDSA"; + AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha384] = "SHA-384withECDSA"; AlgorithmMap["SHA512/ECDSA"] = "SHA-512withECDSA"; AlgorithmMap["SHA-512/ECDSA"] = "SHA-512withECDSA"; @@ -257,12 +259,12 @@ namespace Org.BouncyCastle.Security AlgorithmMap["ECDSAWITHSHA-512"] = "SHA-512withECDSA"; AlgorithmMap["SHA512WITHECDSA"] = "SHA-512withECDSA"; AlgorithmMap["SHA-512WITHECDSA"] = "SHA-512withECDSA"; - AlgorithmMap[X9ObjectIdentifiers.ECDsaWithSha512.Id] = "SHA-512withECDSA"; + AlgorithmOidMap[X9ObjectIdentifiers.ECDsaWithSha512] = "SHA-512withECDSA"; AlgorithmMap["RIPEMD160/ECDSA"] = "RIPEMD160withECDSA"; AlgorithmMap["ECDSAWITHRIPEMD160"] = "RIPEMD160withECDSA"; AlgorithmMap["RIPEMD160WITHECDSA"] = "RIPEMD160withECDSA"; - AlgorithmMap[TeleTrusTObjectIdentifiers.ECSignWithRipeMD160.Id] = "RIPEMD160withECDSA"; + AlgorithmOidMap[TeleTrusTObjectIdentifiers.ECSignWithRipeMD160] = "RIPEMD160withECDSA"; AlgorithmMap["NONEWITHCVC-ECDSA"] = "NONEwithCVC-ECDSA"; AlgorithmMap["CVC-ECDSAWITHNONE"] = "NONEwithCVC-ECDSA"; @@ -273,7 +275,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["CVC-ECDSAWITHSHA-1"] = "SHA-1withCVC-ECDSA"; AlgorithmMap["SHA1WITHCVC-ECDSA"] = "SHA-1withCVC-ECDSA"; AlgorithmMap["SHA-1WITHCVC-ECDSA"] = "SHA-1withCVC-ECDSA"; - AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_1.Id] = "SHA-1withCVC-ECDSA"; + AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_1] = "SHA-1withCVC-ECDSA"; AlgorithmMap["SHA224/CVC-ECDSA"] = "SHA-224withCVC-ECDSA"; AlgorithmMap["SHA-224/CVC-ECDSA"] = "SHA-224withCVC-ECDSA"; @@ -281,7 +283,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["CVC-ECDSAWITHSHA-224"] = "SHA-224withCVC-ECDSA"; AlgorithmMap["SHA224WITHCVC-ECDSA"] = "SHA-224withCVC-ECDSA"; AlgorithmMap["SHA-224WITHCVC-ECDSA"] = "SHA-224withCVC-ECDSA"; - AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_224.Id] = "SHA-224withCVC-ECDSA"; + AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_224] = "SHA-224withCVC-ECDSA"; AlgorithmMap["SHA256/CVC-ECDSA"] = "SHA-256withCVC-ECDSA"; AlgorithmMap["SHA-256/CVC-ECDSA"] = "SHA-256withCVC-ECDSA"; @@ -289,7 +291,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["CVC-ECDSAWITHSHA-256"] = "SHA-256withCVC-ECDSA"; AlgorithmMap["SHA256WITHCVC-ECDSA"] = "SHA-256withCVC-ECDSA"; AlgorithmMap["SHA-256WITHCVC-ECDSA"] = "SHA-256withCVC-ECDSA"; - AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_256.Id] = "SHA-256withCVC-ECDSA"; + AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_256] = "SHA-256withCVC-ECDSA"; AlgorithmMap["SHA384/CVC-ECDSA"] = "SHA-384withCVC-ECDSA"; AlgorithmMap["SHA-384/CVC-ECDSA"] = "SHA-384withCVC-ECDSA"; @@ -297,7 +299,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["CVC-ECDSAWITHSHA-384"] = "SHA-384withCVC-ECDSA"; AlgorithmMap["SHA384WITHCVC-ECDSA"] = "SHA-384withCVC-ECDSA"; AlgorithmMap["SHA-384WITHCVC-ECDSA"] = "SHA-384withCVC-ECDSA"; - AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_384.Id] = "SHA-384withCVC-ECDSA"; + AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_384] = "SHA-384withCVC-ECDSA"; AlgorithmMap["SHA512/CVC-ECDSA"] = "SHA-512withCVC-ECDSA"; AlgorithmMap["SHA-512/CVC-ECDSA"] = "SHA-512withCVC-ECDSA"; @@ -305,7 +307,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["CVC-ECDSAWITHSHA-512"] = "SHA-512withCVC-ECDSA"; AlgorithmMap["SHA512WITHCVC-ECDSA"] = "SHA-512withCVC-ECDSA"; AlgorithmMap["SHA-512WITHCVC-ECDSA"] = "SHA-512withCVC-ECDSA"; - AlgorithmMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_512.Id] = "SHA-512withCVC-ECDSA"; + AlgorithmOidMap[EacObjectIdentifiers.id_TA_ECDSA_SHA_512] = "SHA-512withCVC-ECDSA"; AlgorithmMap["NONEWITHPLAIN-ECDSA"] = "NONEwithPLAIN-ECDSA"; AlgorithmMap["PLAIN-ECDSAWITHNONE"] = "NONEwithPLAIN-ECDSA"; @@ -316,7 +318,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["PLAIN-ECDSAWITHSHA-1"] = "SHA-1withPLAIN-ECDSA"; AlgorithmMap["SHA1WITHPLAIN-ECDSA"] = "SHA-1withPLAIN-ECDSA"; AlgorithmMap["SHA-1WITHPLAIN-ECDSA"] = "SHA-1withPLAIN-ECDSA"; - AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA1.Id] = "SHA-1withPLAIN-ECDSA"; + AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA1] = "SHA-1withPLAIN-ECDSA"; AlgorithmMap["SHA224/PLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA"; AlgorithmMap["SHA-224/PLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA"; @@ -324,7 +326,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["PLAIN-ECDSAWITHSHA-224"] = "SHA-224withPLAIN-ECDSA"; AlgorithmMap["SHA224WITHPLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA"; AlgorithmMap["SHA-224WITHPLAIN-ECDSA"] = "SHA-224withPLAIN-ECDSA"; - AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA224.Id] = "SHA-224withPLAIN-ECDSA"; + AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA224] = "SHA-224withPLAIN-ECDSA"; AlgorithmMap["SHA256/PLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA"; AlgorithmMap["SHA-256/PLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA"; @@ -332,7 +334,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["PLAIN-ECDSAWITHSHA-256"] = "SHA-256withPLAIN-ECDSA"; AlgorithmMap["SHA256WITHPLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA"; AlgorithmMap["SHA-256WITHPLAIN-ECDSA"] = "SHA-256withPLAIN-ECDSA"; - AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA256.Id] = "SHA-256withPLAIN-ECDSA"; + AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA256] = "SHA-256withPLAIN-ECDSA"; AlgorithmMap["SHA384/PLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA"; AlgorithmMap["SHA-384/PLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA"; @@ -340,7 +342,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["PLAIN-ECDSAWITHSHA-384"] = "SHA-384withPLAIN-ECDSA"; AlgorithmMap["SHA384WITHPLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA"; AlgorithmMap["SHA-384WITHPLAIN-ECDSA"] = "SHA-384withPLAIN-ECDSA"; - AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA384.Id] = "SHA-384withPLAIN-ECDSA"; + AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA384] = "SHA-384withPLAIN-ECDSA"; AlgorithmMap["SHA512/PLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA"; AlgorithmMap["SHA-512/PLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA"; @@ -348,12 +350,12 @@ namespace Org.BouncyCastle.Security AlgorithmMap["PLAIN-ECDSAWITHSHA-512"] = "SHA-512withPLAIN-ECDSA"; AlgorithmMap["SHA512WITHPLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA"; AlgorithmMap["SHA-512WITHPLAIN-ECDSA"] = "SHA-512withPLAIN-ECDSA"; - AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_SHA512.Id] = "SHA-512withPLAIN-ECDSA"; + AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_SHA512] = "SHA-512withPLAIN-ECDSA"; AlgorithmMap["RIPEMD160/PLAIN-ECDSA"] = "RIPEMD160withPLAIN-ECDSA"; AlgorithmMap["PLAIN-ECDSAWITHRIPEMD160"] = "RIPEMD160withPLAIN-ECDSA"; AlgorithmMap["RIPEMD160WITHPLAIN-ECDSA"] = "RIPEMD160withPLAIN-ECDSA"; - AlgorithmMap[BsiObjectIdentifiers.ecdsa_plain_RIPEMD160.Id] = "RIPEMD160withPLAIN-ECDSA"; + AlgorithmOidMap[BsiObjectIdentifiers.ecdsa_plain_RIPEMD160] = "RIPEMD160withPLAIN-ECDSA"; AlgorithmMap["SHA1WITHECNR"] = "SHA-1withECNR"; AlgorithmMap["SHA-1WITHECNR"] = "SHA-1withECNR"; @@ -370,13 +372,13 @@ namespace Org.BouncyCastle.Security AlgorithmMap["GOST-3410-94"] = "GOST3410"; AlgorithmMap["GOST3411WITHGOST3410"] = "GOST3410"; AlgorithmMap["GOST3411/GOST3410"] = "GOST3410"; - AlgorithmMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94.Id] = "GOST3410"; + AlgorithmOidMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94] = "GOST3410"; AlgorithmMap["ECGOST-3410"] = "ECGOST3410"; AlgorithmMap["GOST-3410-2001"] = "ECGOST3410"; AlgorithmMap["GOST3411WITHECGOST3410"] = "ECGOST3410"; AlgorithmMap["GOST3411/ECGOST3410"] = "ECGOST3410"; - AlgorithmMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001.Id] = "ECGOST3410"; + AlgorithmOidMap[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001] = "ECGOST3410"; AlgorithmMap["GOST-3410-2012-256"] = "ECGOST3410-2012-256"; AlgorithmMap["GOST3411WITHECGOST3410-2012-256"] = "ECGOST3410-2012-256"; @@ -384,7 +386,7 @@ namespace Org.BouncyCastle.Security AlgorithmMap["GOST3411-2012-256WITHECGOST3410-2012-256"] = "ECGOST3410-2012-256"; AlgorithmMap["GOST3411-2012-256/ECGOST3410"] = "ECGOST3410-2012-256"; AlgorithmMap["GOST3411-2012-256/ECGOST3410-2012-256"] = "ECGOST3410-2012-256"; - AlgorithmMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256.Id] = + AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256] = "ECGOST3410-2012-256"; AlgorithmMap["GOST-3410-2012-512"] = "ECGOST3410-2012-512"; @@ -393,28 +395,26 @@ namespace Org.BouncyCastle.Security AlgorithmMap["GOST3411-2012-512WITHECGOST3410-2012-512"] = "ECGOST3410-2012-512"; AlgorithmMap["GOST3411-2012-512/ECGOST3410"] = "ECGOST3410-2012-512"; AlgorithmMap["GOST3411-2012-512/ECGOST3410-2012-512"] = "ECGOST3410-2012-512"; - AlgorithmMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512.Id] = + AlgorithmOidMap[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512] = "ECGOST3410-2012-512"; AlgorithmMap["ED25519"] = "Ed25519"; - AlgorithmMap[EdECObjectIdentifiers.id_Ed25519.Id] = "Ed25519"; + AlgorithmOidMap[EdECObjectIdentifiers.id_Ed25519] = "Ed25519"; AlgorithmMap["ED25519CTX"] = "Ed25519ctx"; AlgorithmMap["ED25519PH"] = "Ed25519ph"; AlgorithmMap["ED448"] = "Ed448"; - AlgorithmMap[EdECObjectIdentifiers.id_Ed448.Id] = "Ed448"; + AlgorithmOidMap[EdECObjectIdentifiers.id_Ed448] = "Ed448"; AlgorithmMap["ED448PH"] = "Ed448ph"; AlgorithmMap["SHA256WITHSM2"] = "SHA256withSM2"; - AlgorithmMap[GMObjectIdentifiers.sm2sign_with_sha256.Id] = "SHA256withSM2"; + AlgorithmOidMap[GMObjectIdentifiers.sm2sign_with_sha256] = "SHA256withSM2"; AlgorithmMap["SM3WITHSM2"] = "SM3withSM2"; - AlgorithmMap[GMObjectIdentifiers.sm2sign_with_sm3.Id] = "SM3withSM2"; + AlgorithmOidMap[GMObjectIdentifiers.sm2sign_with_sm3] = "SM3withSM2"; NoRandom.Add("Ed25519"); - NoRandom.Add(EdECObjectIdentifiers.id_Ed25519.Id); NoRandom.Add("Ed25519ctx"); NoRandom.Add("Ed25519ph"); NoRandom.Add("Ed448"); - NoRandom.Add(EdECObjectIdentifiers.id_Ed448.Id); NoRandom.Add("Ed448ph"); Oids["MD2withRSA"] = PkcsObjectIdentifiers.MD2WithRsaEncryption; @@ -477,32 +477,45 @@ namespace Org.BouncyCastle.Security Oids["SHA256withSM2"] = GMObjectIdentifiers.sm2sign_with_sha256; Oids["SM3withSM2"] = GMObjectIdentifiers.sm2sign_with_sm3; - } - /// - /// Returns an ObjectIdentifier for a given encoding. - /// - /// A string representation of the encoding. - /// A DerObjectIdentifier, null if the OID is not available. - // TODO Don't really want to support this - public static DerObjectIdentifier GetObjectIdentifier(string mechanism) - { - if (mechanism == null) - throw new ArgumentNullException(nameof(mechanism)); +#if DEBUG + foreach (var key in AlgorithmMap.Keys) + { + if (DerObjectIdentifier.TryFromID(key, out var ignore)) + throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key); + } - string algorithm = CollectionUtilities.GetValueOrKey(AlgorithmMap, mechanism); + var mechanisms = new HashSet(AlgorithmMap.Values); + mechanisms.UnionWith(AlgorithmOidMap.Values); - return CollectionUtilities.GetValueOrNull(Oids, algorithm); + foreach (var mechanism in mechanisms) + { + if (AlgorithmMap.TryGetValue(mechanism, out var check)) + { + if (mechanism != check) + throw new Exception("Mechanism mapping MUST be to self: " + mechanism); + } + else + { + if (!mechanism.Equals(mechanism.ToUpperInvariant())) + throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism); + } + } +#endif } - public static ICollection Algorithms - { - get { return CollectionUtilities.ReadOnly(Oids.Keys); } - } + public static ICollection Algorithms => CollectionUtilities.ReadOnly(Oids.Keys); + // TODO[api] Change parameter name to 'oid' public static Asn1Encodable GetDefaultX509Parameters(DerObjectIdentifier id) { - return GetDefaultX509Parameters(id.Id); + if (id == null) + throw new ArgumentNullException(nameof(id)); + + if (!AlgorithmOidMap.TryGetValue(id, out var mechanism)) + return DerNull.Instance; + + return GetDefaultX509ParametersForMechanism(mechanism); } public static Asn1Encodable GetDefaultX509Parameters(string algorithm) @@ -510,8 +523,13 @@ namespace Org.BouncyCastle.Security if (algorithm == null) throw new ArgumentNullException(nameof(algorithm)); - string mechanism = CollectionUtilities.GetValueOrKey(AlgorithmMap, algorithm); + string mechanism = GetMechanism(algorithm) ?? algorithm; + + return GetDefaultX509ParametersForMechanism(mechanism); + } + private static Asn1Encodable GetDefaultX509ParametersForMechanism(string mechanism) + { if (mechanism == "PSSwithRSA") { // TODO The Sha1Digest here is a default. In JCE version, the actual digest @@ -528,9 +546,38 @@ namespace Org.BouncyCastle.Security return DerNull.Instance; } + public static string GetEncodingName(DerObjectIdentifier oid) + { + return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid); + } + private static string GetMechanism(string algorithm) { - return AlgorithmMap.TryGetValue(algorithm, out var v) ? v : algorithm.ToUpperInvariant(); + if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1)) + return mechanism1; + + if (DerObjectIdentifier.TryFromID(algorithm, out var oid)) + { + if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2)) + return mechanism2; + } + + return null; + } + + /// + /// Returns an ObjectIdentifier for a given signature mechanism. + /// + /// A string representation of the signature mechanism. + /// A DerObjectIdentifier, null if the OID is not available. + public static DerObjectIdentifier GetObjectIdentifier(string mechanism) + { + if (mechanism == null) + throw new ArgumentNullException(nameof(mechanism)); + + mechanism = GetMechanism(mechanism) ?? mechanism; + + return CollectionUtilities.GetValueOrNull(Oids, mechanism); } private static Asn1Encodable GetPssX509Parameters( @@ -548,12 +595,20 @@ namespace Org.BouncyCastle.Security new DerInteger(saltLen), new DerInteger(1)); } + // TODO[api] Change parameter name to 'oid' public static ISigner GetSigner(DerObjectIdentifier id) { if (id == null) throw new ArgumentNullException(nameof(id)); - return GetSigner(id.Id); + if (AlgorithmOidMap.TryGetValue(id, out var mechanism)) + { + var signer = GetSignerForMechanism(mechanism); + if (signer != null) + return signer; + } + + throw new SecurityUtilityException("Signer OID not recognised."); } public static ISigner GetSigner(string algorithm) @@ -561,13 +616,13 @@ namespace Org.BouncyCastle.Security if (algorithm == null) throw new ArgumentNullException(nameof(algorithm)); - string mechanism = GetMechanism(algorithm); + string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant(); var signer = GetSignerForMechanism(mechanism); - if (signer == null) - throw new SecurityUtilityException("Signer " + algorithm + " not recognised."); + if (signer != null) + return signer; - return signer; + throw new SecurityUtilityException("Signer " + algorithm + " not recognised."); } private static ISigner GetSignerForMechanism(string mechanism) @@ -721,11 +776,6 @@ namespace Org.BouncyCastle.Security return null; } - public static string GetEncodingName(DerObjectIdentifier oid) - { - return CollectionUtilities.GetValueOrNull(AlgorithmMap, oid.Id); - } - // TODO[api] Rename 'privateKey' to 'key' public static ISigner InitSigner(DerObjectIdentifier algorithmOid, bool forSigning, AsymmetricKeyParameter privateKey, SecureRandom random) @@ -733,7 +783,23 @@ namespace Org.BouncyCastle.Security if (algorithmOid == null) throw new ArgumentNullException(nameof(algorithmOid)); - return InitSigner(algorithmOid.Id, forSigning, privateKey, random); + if (AlgorithmOidMap.TryGetValue(algorithmOid, out var mechanism)) + { + var signer = GetSignerForMechanism(mechanism); + if (signer != null) + { + ICipherParameters cipherParameters = privateKey; + if (forSigning && !NoRandom.Contains(mechanism)) + { + cipherParameters = ParameterUtilities.WithRandom(cipherParameters, random); + } + + signer.Init(forSigning, cipherParameters); + return signer; + } + } + + throw new SecurityUtilityException("Signer OID not recognised."); } // TODO[api] Rename 'privateKey' to 'key' @@ -743,20 +809,22 @@ namespace Org.BouncyCastle.Security if (algorithm == null) throw new ArgumentNullException(nameof(algorithm)); - string mechanism = GetMechanism(algorithm); + string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant(); var signer = GetSignerForMechanism(mechanism); - if (signer == null) - throw new SecurityUtilityException("Signer " + algorithm + " not recognised."); - - ICipherParameters cipherParameters = privateKey; - if (forSigning && !NoRandom.Contains(mechanism)) + if (signer != null) { - cipherParameters = ParameterUtilities.WithRandom(cipherParameters, random); + ICipherParameters cipherParameters = privateKey; + if (forSigning && !NoRandom.Contains(mechanism)) + { + cipherParameters = ParameterUtilities.WithRandom(cipherParameters, random); + } + + signer.Init(forSigning, cipherParameters); + return signer; } - signer.Init(forSigning, cipherParameters); - return signer; + throw new SecurityUtilityException("Signer " + algorithm + " not recognised."); } } } diff --git a/crypto/test/src/cms/test/EnvelopedDataTest.cs b/crypto/test/src/cms/test/EnvelopedDataTest.cs index 02c76a0c1..36b3c7db4 100644 --- a/crypto/test/src/cms/test/EnvelopedDataTest.cs +++ b/crypto/test/src/cms/test/EnvelopedDataTest.cs @@ -374,11 +374,11 @@ namespace Org.BouncyCastle.Cms.Tests CmsEnvelopedData ed = edGen.Generate( new CmsProcessableByteArray(data), - "1.2.840.113549.3.4"); // RC4 OID + PkcsObjectIdentifiers.rc4.GetID()); RecipientInformationStore recipients = ed.GetRecipientInfos(); - Assert.AreEqual(ed.EncryptionAlgOid, "1.2.840.113549.3.4"); + Assert.AreEqual(ed.EncryptionAlgOid, PkcsObjectIdentifiers.rc4.GetID()); var c = recipients.GetRecipients(); @@ -404,11 +404,11 @@ namespace Org.BouncyCastle.Cms.Tests CmsEnvelopedData ed = edGen.Generate( new CmsProcessableByteArray(data), - "1.2.840.113549.3.4", 128); // RC4 OID + PkcsObjectIdentifiers.rc4.GetID(), 128); RecipientInformationStore recipients = ed.GetRecipientInfos(); - Assert.AreEqual(ed.EncryptionAlgOid, "1.2.840.113549.3.4"); + Assert.AreEqual(ed.EncryptionAlgOid, PkcsObjectIdentifiers.rc4.GetID()); var c = recipients.GetRecipients(); -- cgit 1.4.1