Search in sources :

Example 1 with RSASSAPSSparams

use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.

the class AlgorithmUtil method extractDigesetAlgFromSigAlg.

public static AlgorithmIdentifier extractDigesetAlgFromSigAlg(AlgorithmIdentifier sigAlgId) throws NoSuchAlgorithmException {
    ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm();
    ASN1ObjectIdentifier digestAlgOid;
    if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
        ASN1Encodable asn1Encodable = sigAlgId.getParameters();
        RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable);
        digestAlgOid = param.getHashAlgorithm().getAlgorithm();
    } else {
        HashAlgo digestAlg = sigAlgOidToDigestMap.get(algOid);
        if (digestAlg == null) {
            throw new NoSuchAlgorithmException("unknown signature algorithm " + algOid.getId());
        }
        digestAlgOid = digestAlg.getOid();
    }
    return new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
}
Also used : HashAlgo(org.xipki.security.HashAlgo) RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 2 with RSASSAPSSparams

use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.

the class AlgorithmUtil method getSigOrMacAlgoCode.

// method getHashOutputSizeInOctets
public static AlgorithmCode getSigOrMacAlgoCode(AlgorithmIdentifier algId) throws NoSuchAlgorithmException {
    ASN1ObjectIdentifier oid = algId.getAlgorithm();
    AlgorithmCode code = algOidToCodeMap.get(oid);
    if (code != null) {
        return code;
    }
    if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(oid)) {
        RSASSAPSSparams param = RSASSAPSSparams.getInstance(algId.getParameters());
        ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm();
        code = digestToMgf1AlgCodeMap.get(digestAlgOid);
        if (code == null) {
            throw new NoSuchAlgorithmException("unsupported digest algorithm " + digestAlgOid);
        }
        return code;
    } else {
        throw new NoSuchAlgorithmException("unsupported signature algorithm " + oid.getId());
    }
}
Also used : RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmCode(org.xipki.security.AlgorithmCode)

Example 3 with RSASSAPSSparams

use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.

the class AlgorithmUtil method createPSSRSAParams.

// CHECKSTYLE:SKIP
private static RSASSAPSSparams createPSSRSAParams(HashAlgo digestAlg) throws NoSuchAlgorithmException {
    ParamUtil.requireNonNull("digestAlg", digestAlg);
    int saltSize = digestAlg.getLength();
    AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlg.getOid(), DERNull.INSTANCE);
    return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used : RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 4 with RSASSAPSSparams

use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.

the class SignerUtil method createPSSRSASigner.

// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
    ParamUtil.requireNonNull("sigAlgId", sigAlgId);
    if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
        throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
    }
    AlgorithmIdentifier digAlgId;
    try {
        digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
    AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
    Digest dig = getDigest(digAlgId);
    Digest mfgDig = getDigest(mfgDigAlgId);
    int saltSize = param.getSaltLength().intValue();
    int trailerField = param.getTrailerField().intValue();
    AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
    return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) Digest(org.bouncycastle.crypto.Digest) RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine) RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) PSSSigner(org.bouncycastle.crypto.signers.PSSSigner) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) AsymmetricBlockCipher(org.bouncycastle.crypto.AsymmetricBlockCipher)

Example 5 with RSASSAPSSparams

use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.

the class RequestOptions method createPSSRSAParams.

// method createAlgId
// CHECKSTYLE:SKIP
public static RSASSAPSSparams createPSSRSAParams(ASN1ObjectIdentifier digestAlgOid) {
    int saltSize;
    if (X509ObjectIdentifiers.id_SHA1.equals(digestAlgOid)) {
        saltSize = 20;
    } else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOid)) {
        saltSize = 28;
    } else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOid)) {
        saltSize = 32;
    } else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOid)) {
        saltSize = 48;
    } else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOid)) {
        saltSize = 64;
    } else {
        throw new RuntimeException("unknown digest algorithm " + digestAlgOid);
    }
    AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
    return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used : RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

RSASSAPSSparams (org.bouncycastle.asn1.pkcs.RSASSAPSSparams)10 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)5 RSASSAPSSparams (com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams)4 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3 ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)2 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2 MessageDigest (java.security.MessageDigest)2 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)1 DefaultDigestAlgorithmIdentifierFinder (com.github.zhenwei.pkix.operator.DefaultDigestAlgorithmIdentifierFinder)1 DigestAlgorithmIdentifierFinder (com.github.zhenwei.pkix.operator.DigestAlgorithmIdentifierFinder)1 AsymmetricBlockCipher (org.bouncycastle.crypto.AsymmetricBlockCipher)1 Digest (org.bouncycastle.crypto.Digest)1 RSABlindedEngine (org.bouncycastle.crypto.engines.RSABlindedEngine)1 PSSSigner (org.bouncycastle.crypto.signers.PSSSigner)1 AlgorithmCode (org.xipki.security.AlgorithmCode)1