Example 1 with RSASSAPSSparams
use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.
the class AlgorithmUtil method extractDigesetAlgFromSigAlg.
public static AlgorithmIdentifier extractDigesetAlgFromSigAlg(AlgorithmIdentifier sigAlgId) throws NoSuchAlgorithmException {
ASN1ObjectIdentifier algOid = sigAlgId.getAlgorithm();
ASN1ObjectIdentifier digestAlgOid;
if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
ASN1Encodable asn1Encodable = sigAlgId.getParameters();
RSASSAPSSparams param = RSASSAPSSparams.getInstance(asn1Encodable);
digestAlgOid = param.getHashAlgorithm().getAlgorithm();
} else {
HashAlgo digestAlg = sigAlgOidToDigestMap.get(algOid);
if (digestAlg == null) {
throw new NoSuchAlgorithmException("unknown signature algorithm " + algOid.getId());
}
digestAlgOid = digestAlg.getOid();
}
return new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
}
Also used :
HashAlgo(org.xipki.security.HashAlgo)
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 2 with RSASSAPSSparams
use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.
the class AlgorithmUtil method getSigOrMacAlgoCode.
// method getHashOutputSizeInOctets
public static AlgorithmCode getSigOrMacAlgoCode(AlgorithmIdentifier algId) throws NoSuchAlgorithmException {
ASN1ObjectIdentifier oid = algId.getAlgorithm();
AlgorithmCode code = algOidToCodeMap.get(oid);
if (code != null) {
return code;
}
if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(oid)) {
RSASSAPSSparams param = RSASSAPSSparams.getInstance(algId.getParameters());
ASN1ObjectIdentifier digestAlgOid = param.getHashAlgorithm().getAlgorithm();
code = digestToMgf1AlgCodeMap.get(digestAlgOid);
if (code == null) {
throw new NoSuchAlgorithmException("unsupported digest algorithm " + digestAlgOid);
}
return code;
} else {
throw new NoSuchAlgorithmException("unsupported signature algorithm " + oid.getId());
}
}
Also used :
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmCode(org.xipki.security.AlgorithmCode)
Example 3 with RSASSAPSSparams
use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.
the class AlgorithmUtil method createPSSRSAParams.
// CHECKSTYLE:SKIP
private static RSASSAPSSparams createPSSRSAParams(HashAlgo digestAlg) throws NoSuchAlgorithmException {
ParamUtil.requireNonNull("digestAlg", digestAlg);
int saltSize = digestAlg.getLength();
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlg.getOid(), DERNull.INSTANCE);
return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used :
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 4 with RSASSAPSSparams
use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.
the class SignerUtil method createPSSRSASigner.
// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
ParamUtil.requireNonNull("sigAlgId", sigAlgId);
if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
}
AlgorithmIdentifier digAlgId;
try {
digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
Digest dig = getDigest(digAlgId);
Digest mfgDig = getDigest(mfgDigAlgId);
int saltSize = param.getSaltLength().intValue();
int trailerField = param.getTrailerField().intValue();
AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
Digest(org.bouncycastle.crypto.Digest)
RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine)
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
PSSSigner(org.bouncycastle.crypto.signers.PSSSigner)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
AsymmetricBlockCipher(org.bouncycastle.crypto.AsymmetricBlockCipher)
Example 5 with RSASSAPSSparams
use of com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams in project xipki by xipki.
the class RequestOptions method createPSSRSAParams.
// method createAlgId
// CHECKSTYLE:SKIP
public static RSASSAPSSparams createPSSRSAParams(ASN1ObjectIdentifier digestAlgOid) {
int saltSize;
if (X509ObjectIdentifiers.id_SHA1.equals(digestAlgOid)) {
saltSize = 20;
} else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOid)) {
saltSize = 28;
} else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOid)) {
saltSize = 32;
} else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOid)) {
saltSize = 48;
} else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOid)) {
saltSize = 64;
} else {
throw new RuntimeException("unknown digest algorithm " + digestAlgOid);
}
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used :
RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
RSASSAPSSparams (org.bouncycastle.asn1.pkcs.RSASSAPSSparams)10
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)5
RSASSAPSSparams (com.github.zhenwei.core.asn1.pkcs.RSASSAPSSparams)4
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3
ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)2
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2
MessageDigest (java.security.MessageDigest)2
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2
ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)1
DefaultDigestAlgorithmIdentifierFinder (com.github.zhenwei.pkix.operator.DefaultDigestAlgorithmIdentifierFinder)1
DigestAlgorithmIdentifierFinder (com.github.zhenwei.pkix.operator.DigestAlgorithmIdentifierFinder)1
AsymmetricBlockCipher (org.bouncycastle.crypto.AsymmetricBlockCipher)1
Digest (org.bouncycastle.crypto.Digest)1
RSABlindedEngine (org.bouncycastle.crypto.engines.RSABlindedEngine)1
PSSSigner (org.bouncycastle.crypto.signers.PSSSigner)1
AlgorithmCode (org.xipki.security.AlgorithmCode)1
