PbeUtilities.cs 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697
  1. #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
  2. #pragma warning disable
  3. using System;
  4. using System.Collections;
  5. using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1;
  6. using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.BC;
  7. using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Nist;
  8. using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Oiw;
  9. using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
  10. using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.TeleTrust;
  11. using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
  12. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto;
  13. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Digests;
  14. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Engines;
  15. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Generators;
  16. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Macs;
  17. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Modes;
  18. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Paddings;
  19. using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
  20. using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
  21. namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Security
  22. {
  23. /// <summary>
  24. ///
  25. /// </summary>
  26. public sealed class PbeUtilities
  27. {
  28. private PbeUtilities()
  29. {
  30. }
  31. const string Pkcs5S1 = "Pkcs5S1";
  32. const string Pkcs5S2 = "Pkcs5S2";
  33. const string Pkcs12 = "Pkcs12";
  34. const string OpenSsl = "OpenSsl";
  35. private static readonly IDictionary algorithms = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
  36. private static readonly IDictionary algorithmType = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
  37. private static readonly IDictionary oids = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
  38. static PbeUtilities()
  39. {
  40. algorithms["PKCS5SCHEME1"] = "Pkcs5scheme1";
  41. algorithms["PKCS5SCHEME2"] = "Pkcs5scheme2";
  42. algorithms["PBKDF2"] = "Pkcs5scheme2";
  43. algorithms[PkcsObjectIdentifiers.IdPbeS2.Id] = "Pkcs5scheme2";
  44. // algorithms[PkcsObjectIdentifiers.IdPbkdf2.Id] = "Pkcs5scheme2";
  45. // FIXME Add support for these? (see Pkcs8Generator)
  46. // algorithms[PkcsObjectIdentifiers.DesEde3Cbc.Id] = "Pkcs5scheme2";
  47. // algorithms[NistObjectIdentifiers.IdAes128Cbc.Id] = "Pkcs5scheme2";
  48. // algorithms[NistObjectIdentifiers.IdAes192Cbc.Id] = "Pkcs5scheme2";
  49. // algorithms[NistObjectIdentifiers.IdAes256Cbc.Id] = "Pkcs5scheme2";
  50. algorithms["PBEWITHMD2ANDDES-CBC"] = "PBEwithMD2andDES-CBC";
  51. algorithms[PkcsObjectIdentifiers.PbeWithMD2AndDesCbc.Id] = "PBEwithMD2andDES-CBC";
  52. algorithms["PBEWITHMD2ANDRC2-CBC"] = "PBEwithMD2andRC2-CBC";
  53. algorithms[PkcsObjectIdentifiers.PbeWithMD2AndRC2Cbc.Id] = "PBEwithMD2andRC2-CBC";
  54. algorithms["PBEWITHMD5ANDDES-CBC"] = "PBEwithMD5andDES-CBC";
  55. algorithms[PkcsObjectIdentifiers.PbeWithMD5AndDesCbc.Id] = "PBEwithMD5andDES-CBC";
  56. algorithms["PBEWITHMD5ANDRC2-CBC"] = "PBEwithMD5andRC2-CBC";
  57. algorithms[PkcsObjectIdentifiers.PbeWithMD5AndRC2Cbc.Id] = "PBEwithMD5andRC2-CBC";
  58. algorithms["PBEWITHSHA1ANDDES"] = "PBEwithSHA-1andDES-CBC";
  59. algorithms["PBEWITHSHA-1ANDDES"] = "PBEwithSHA-1andDES-CBC";
  60. algorithms["PBEWITHSHA1ANDDES-CBC"] = "PBEwithSHA-1andDES-CBC";
  61. algorithms["PBEWITHSHA-1ANDDES-CBC"] = "PBEwithSHA-1andDES-CBC";
  62. algorithms[PkcsObjectIdentifiers.PbeWithSha1AndDesCbc.Id] = "PBEwithSHA-1andDES-CBC";
  63. algorithms["PBEWITHSHA1ANDRC2"] = "PBEwithSHA-1andRC2-CBC";
  64. algorithms["PBEWITHSHA-1ANDRC2"] = "PBEwithSHA-1andRC2-CBC";
  65. algorithms["PBEWITHSHA1ANDRC2-CBC"] = "PBEwithSHA-1andRC2-CBC";
  66. algorithms["PBEWITHSHA-1ANDRC2-CBC"] = "PBEwithSHA-1andRC2-CBC";
  67. algorithms[PkcsObjectIdentifiers.PbeWithSha1AndRC2Cbc.Id] = "PBEwithSHA-1andRC2-CBC";
  68. algorithms["PKCS12"] = "Pkcs12";
  69. algorithms[BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.Id] = "PBEwithSHA-1and128bitAES-CBC-BC";
  70. algorithms[BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.Id] = "PBEwithSHA-1and192bitAES-CBC-BC";
  71. algorithms[BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.Id] = "PBEwithSHA-1and256bitAES-CBC-BC";
  72. algorithms[BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.Id] = "PBEwithSHA-256and128bitAES-CBC-BC";
  73. algorithms[BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.Id] = "PBEwithSHA-256and192bitAES-CBC-BC";
  74. algorithms[BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.Id] = "PBEwithSHA-256and256bitAES-CBC-BC";
  75. algorithms["PBEWITHSHAAND128BITRC4"] = "PBEwithSHA-1and128bitRC4";
  76. algorithms["PBEWITHSHA1AND128BITRC4"] = "PBEwithSHA-1and128bitRC4";
  77. algorithms["PBEWITHSHA-1AND128BITRC4"] = "PBEwithSHA-1and128bitRC4";
  78. algorithms[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC4.Id] = "PBEwithSHA-1and128bitRC4";
  79. algorithms["PBEWITHSHAAND40BITRC4"] = "PBEwithSHA-1and40bitRC4";
  80. algorithms["PBEWITHSHA1AND40BITRC4"] = "PBEwithSHA-1and40bitRC4";
  81. algorithms["PBEWITHSHA-1AND40BITRC4"] = "PBEwithSHA-1and40bitRC4";
  82. algorithms[PkcsObjectIdentifiers.PbeWithShaAnd40BitRC4.Id] = "PBEwithSHA-1and40bitRC4";
  83. algorithms["PBEWITHSHAAND3-KEYDESEDE-CBC"] = "PBEwithSHA-1and3-keyDESEDE-CBC";
  84. algorithms["PBEWITHSHAAND3-KEYTRIPLEDES-CBC"] = "PBEwithSHA-1and3-keyDESEDE-CBC";
  85. algorithms["PBEWITHSHA1AND3-KEYDESEDE-CBC"] = "PBEwithSHA-1and3-keyDESEDE-CBC";
  86. algorithms["PBEWITHSHA1AND3-KEYTRIPLEDES-CBC"] = "PBEwithSHA-1and3-keyDESEDE-CBC";
  87. algorithms["PBEWITHSHA-1AND3-KEYDESEDE-CBC"] = "PBEwithSHA-1and3-keyDESEDE-CBC";
  88. algorithms["PBEWITHSHA-1AND3-KEYTRIPLEDES-CBC"] = "PBEwithSHA-1and3-keyDESEDE-CBC";
  89. algorithms[PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc.Id] = "PBEwithSHA-1and3-keyDESEDE-CBC";
  90. algorithms["PBEWITHSHAAND2-KEYDESEDE-CBC"] = "PBEwithSHA-1and2-keyDESEDE-CBC";
  91. algorithms["PBEWITHSHAAND2-KEYTRIPLEDES-CBC"] = "PBEwithSHA-1and2-keyDESEDE-CBC";
  92. algorithms["PBEWITHSHA1AND2-KEYDESEDE-CBC"] = "PBEwithSHA-1and2-keyDESEDE-CBC";
  93. algorithms["PBEWITHSHA1AND2-KEYTRIPLEDES-CBC"] = "PBEwithSHA-1and2-keyDESEDE-CBC";
  94. algorithms["PBEWITHSHA-1AND2-KEYDESEDE-CBC"] = "PBEwithSHA-1and2-keyDESEDE-CBC";
  95. algorithms["PBEWITHSHA-1AND2-KEYTRIPLEDES-CBC"] = "PBEwithSHA-1and2-keyDESEDE-CBC";
  96. algorithms[PkcsObjectIdentifiers.PbeWithShaAnd2KeyTripleDesCbc.Id] = "PBEwithSHA-1and2-keyDESEDE-CBC";
  97. algorithms["PBEWITHSHAAND128BITRC2-CBC"] = "PBEwithSHA-1and128bitRC2-CBC";
  98. algorithms["PBEWITHSHA1AND128BITRC2-CBC"] = "PBEwithSHA-1and128bitRC2-CBC";
  99. algorithms["PBEWITHSHA-1AND128BITRC2-CBC"] = "PBEwithSHA-1and128bitRC2-CBC";
  100. algorithms[PkcsObjectIdentifiers.PbeWithShaAnd128BitRC2Cbc.Id] = "PBEwithSHA-1and128bitRC2-CBC";
  101. algorithms["PBEWITHSHAAND40BITRC2-CBC"] = "PBEwithSHA-1and40bitRC2-CBC";
  102. algorithms["PBEWITHSHA1AND40BITRC2-CBC"] = "PBEwithSHA-1and40bitRC2-CBC";
  103. algorithms["PBEWITHSHA-1AND40BITRC2-CBC"] = "PBEwithSHA-1and40bitRC2-CBC";
  104. algorithms[PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc.Id] = "PBEwithSHA-1and40bitRC2-CBC";
  105. algorithms["PBEWITHSHAAND128BITAES-CBC-BC"] = "PBEwithSHA-1and128bitAES-CBC-BC";
  106. algorithms["PBEWITHSHA1AND128BITAES-CBC-BC"] = "PBEwithSHA-1and128bitAES-CBC-BC";
  107. algorithms["PBEWITHSHA-1AND128BITAES-CBC-BC"] = "PBEwithSHA-1and128bitAES-CBC-BC";
  108. algorithms["PBEWITHSHAAND192BITAES-CBC-BC"] = "PBEwithSHA-1and192bitAES-CBC-BC";
  109. algorithms["PBEWITHSHA1AND192BITAES-CBC-BC"] = "PBEwithSHA-1and192bitAES-CBC-BC";
  110. algorithms["PBEWITHSHA-1AND192BITAES-CBC-BC"] = "PBEwithSHA-1and192bitAES-CBC-BC";
  111. algorithms["PBEWITHSHAAND256BITAES-CBC-BC"] = "PBEwithSHA-1and256bitAES-CBC-BC";
  112. algorithms["PBEWITHSHA1AND256BITAES-CBC-BC"] = "PBEwithSHA-1and256bitAES-CBC-BC";
  113. algorithms["PBEWITHSHA-1AND256BITAES-CBC-BC"] = "PBEwithSHA-1and256bitAES-CBC-BC";
  114. algorithms["PBEWITHSHA256AND128BITAES-CBC-BC"] = "PBEwithSHA-256and128bitAES-CBC-BC";
  115. algorithms["PBEWITHSHA-256AND128BITAES-CBC-BC"] = "PBEwithSHA-256and128bitAES-CBC-BC";
  116. algorithms["PBEWITHSHA256AND192BITAES-CBC-BC"] = "PBEwithSHA-256and192bitAES-CBC-BC";
  117. algorithms["PBEWITHSHA-256AND192BITAES-CBC-BC"] = "PBEwithSHA-256and192bitAES-CBC-BC";
  118. algorithms["PBEWITHSHA256AND256BITAES-CBC-BC"] = "PBEwithSHA-256and256bitAES-CBC-BC";
  119. algorithms["PBEWITHSHA-256AND256BITAES-CBC-BC"] = "PBEwithSHA-256and256bitAES-CBC-BC";
  120. algorithms["PBEWITHSHAANDIDEA"] = "PBEwithSHA-1andIDEA-CBC";
  121. algorithms["PBEWITHSHAANDIDEA-CBC"] = "PBEwithSHA-1andIDEA-CBC";
  122. algorithms["PBEWITHSHAANDTWOFISH"] = "PBEwithSHA-1andTWOFISH-CBC";
  123. algorithms["PBEWITHSHAANDTWOFISH-CBC"] = "PBEwithSHA-1andTWOFISH-CBC";
  124. algorithms["PBEWITHHMACSHA1"] = "PBEwithHmacSHA-1";
  125. algorithms["PBEWITHHMACSHA-1"] = "PBEwithHmacSHA-1";
  126. algorithms[OiwObjectIdentifiers.IdSha1.Id] = "PBEwithHmacSHA-1";
  127. algorithms["PBEWITHHMACSHA224"] = "PBEwithHmacSHA-224";
  128. algorithms["PBEWITHHMACSHA-224"] = "PBEwithHmacSHA-224";
  129. algorithms[NistObjectIdentifiers.IdSha224.Id] = "PBEwithHmacSHA-224";
  130. algorithms["PBEWITHHMACSHA256"] = "PBEwithHmacSHA-256";
  131. algorithms["PBEWITHHMACSHA-256"] = "PBEwithHmacSHA-256";
  132. algorithms[NistObjectIdentifiers.IdSha256.Id] = "PBEwithHmacSHA-256";
  133. algorithms["PBEWITHHMACRIPEMD128"] = "PBEwithHmacRipeMD128";
  134. algorithms[TeleTrusTObjectIdentifiers.RipeMD128.Id] = "PBEwithHmacRipeMD128";
  135. algorithms["PBEWITHHMACRIPEMD160"] = "PBEwithHmacRipeMD160";
  136. algorithms[TeleTrusTObjectIdentifiers.RipeMD160.Id] = "PBEwithHmacRipeMD160";
  137. algorithms["PBEWITHHMACRIPEMD256"] = "PBEwithHmacRipeMD256";
  138. algorithms[TeleTrusTObjectIdentifiers.RipeMD256.Id] = "PBEwithHmacRipeMD256";
  139. algorithms["PBEWITHHMACTIGER"] = "PBEwithHmacTiger";
  140. algorithms["PBEWITHMD5AND128BITAES-CBC-OPENSSL"] = "PBEwithMD5and128bitAES-CBC-OpenSSL";
  141. algorithms["PBEWITHMD5AND192BITAES-CBC-OPENSSL"] = "PBEwithMD5and192bitAES-CBC-OpenSSL";
  142. algorithms["PBEWITHMD5AND256BITAES-CBC-OPENSSL"] = "PBEwithMD5and256bitAES-CBC-OpenSSL";
  143. algorithmType["Pkcs5scheme1"] = Pkcs5S1;
  144. algorithmType["Pkcs5scheme2"] = Pkcs5S2;
  145. algorithmType["PBEwithMD2andDES-CBC"] = Pkcs5S1;
  146. algorithmType["PBEwithMD2andRC2-CBC"] = Pkcs5S1;
  147. algorithmType["PBEwithMD5andDES-CBC"] = Pkcs5S1;
  148. algorithmType["PBEwithMD5andRC2-CBC"] = Pkcs5S1;
  149. algorithmType["PBEwithSHA-1andDES-CBC"] = Pkcs5S1;
  150. algorithmType["PBEwithSHA-1andRC2-CBC"] = Pkcs5S1;
  151. algorithmType["Pkcs12"] = Pkcs12;
  152. algorithmType["PBEwithSHA-1and128bitRC4"] = Pkcs12;
  153. algorithmType["PBEwithSHA-1and40bitRC4"] = Pkcs12;
  154. algorithmType["PBEwithSHA-1and3-keyDESEDE-CBC"] = Pkcs12;
  155. algorithmType["PBEwithSHA-1and2-keyDESEDE-CBC"] = Pkcs12;
  156. algorithmType["PBEwithSHA-1and128bitRC2-CBC"] = Pkcs12;
  157. algorithmType["PBEwithSHA-1and40bitRC2-CBC"] = Pkcs12;
  158. algorithmType["PBEwithSHA-1and128bitAES-CBC-BC"] = Pkcs12;
  159. algorithmType["PBEwithSHA-1and192bitAES-CBC-BC"] = Pkcs12;
  160. algorithmType["PBEwithSHA-1and256bitAES-CBC-BC"] = Pkcs12;
  161. algorithmType["PBEwithSHA-256and128bitAES-CBC-BC"] = Pkcs12;
  162. algorithmType["PBEwithSHA-256and192bitAES-CBC-BC"] = Pkcs12;
  163. algorithmType["PBEwithSHA-256and256bitAES-CBC-BC"] = Pkcs12;
  164. algorithmType["PBEwithSHA-1andIDEA-CBC"] = Pkcs12;
  165. algorithmType["PBEwithSHA-1andTWOFISH-CBC"] = Pkcs12;
  166. algorithmType["PBEwithHmacSHA-1"] = Pkcs12;
  167. algorithmType["PBEwithHmacSHA-224"] = Pkcs12;
  168. algorithmType["PBEwithHmacSHA-256"] = Pkcs12;
  169. algorithmType["PBEwithHmacRipeMD128"] = Pkcs12;
  170. algorithmType["PBEwithHmacRipeMD160"] = Pkcs12;
  171. algorithmType["PBEwithHmacRipeMD256"] = Pkcs12;
  172. algorithmType["PBEwithHmacTiger"] = Pkcs12;
  173. algorithmType["PBEwithMD5and128bitAES-CBC-OpenSSL"] = OpenSsl;
  174. algorithmType["PBEwithMD5and192bitAES-CBC-OpenSSL"] = OpenSsl;
  175. algorithmType["PBEwithMD5and256bitAES-CBC-OpenSSL"] = OpenSsl;
  176. oids["PBEwithMD2andDES-CBC"] = PkcsObjectIdentifiers.PbeWithMD2AndDesCbc;
  177. oids["PBEwithMD2andRC2-CBC"] = PkcsObjectIdentifiers.PbeWithMD2AndRC2Cbc;
  178. oids["PBEwithMD5andDES-CBC"] = PkcsObjectIdentifiers.PbeWithMD5AndDesCbc;
  179. oids["PBEwithMD5andRC2-CBC"] = PkcsObjectIdentifiers.PbeWithMD5AndRC2Cbc;
  180. oids["PBEwithSHA-1andDES-CBC"] = PkcsObjectIdentifiers.PbeWithSha1AndDesCbc;
  181. oids["PBEwithSHA-1andRC2-CBC"] = PkcsObjectIdentifiers.PbeWithSha1AndRC2Cbc;
  182. oids["PBEwithSHA-1and128bitRC4"] = PkcsObjectIdentifiers.PbeWithShaAnd128BitRC4;
  183. oids["PBEwithSHA-1and40bitRC4"] = PkcsObjectIdentifiers.PbeWithShaAnd40BitRC4;
  184. oids["PBEwithSHA-1and3-keyDESEDE-CBC"] = PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc;
  185. oids["PBEwithSHA-1and2-keyDESEDE-CBC"] = PkcsObjectIdentifiers.PbeWithShaAnd2KeyTripleDesCbc;
  186. oids["PBEwithSHA-1and128bitRC2-CBC"] = PkcsObjectIdentifiers.PbeWithShaAnd128BitRC2Cbc;
  187. oids["PBEwithSHA-1and40bitRC2-CBC"] = PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc;
  188. oids["PBEwithHmacSHA-1"] = OiwObjectIdentifiers.IdSha1;
  189. oids["PBEwithHmacSHA-224"] = NistObjectIdentifiers.IdSha224;
  190. oids["PBEwithHmacSHA-256"] = NistObjectIdentifiers.IdSha256;
  191. oids["PBEwithHmacRipeMD128"] = TeleTrusTObjectIdentifiers.RipeMD128;
  192. oids["PBEwithHmacRipeMD160"] = TeleTrusTObjectIdentifiers.RipeMD160;
  193. oids["PBEwithHmacRipeMD256"] = TeleTrusTObjectIdentifiers.RipeMD256;
  194. oids["Pkcs5scheme2"] = PkcsObjectIdentifiers.IdPbeS2;
  195. }
  196. static PbeParametersGenerator MakePbeGenerator(
  197. string type,
  198. IDigest digest,
  199. byte[] key,
  200. byte[] salt,
  201. int iterationCount)
  202. {
  203. PbeParametersGenerator generator;
  204. if (type.Equals(Pkcs5S1))
  205. {
  206. generator = new Pkcs5S1ParametersGenerator(digest);
  207. }
  208. else if (type.Equals(Pkcs5S2))
  209. {
  210. generator = new Pkcs5S2ParametersGenerator(digest);
  211. }
  212. else if (type.Equals(Pkcs12))
  213. {
  214. generator = new Pkcs12ParametersGenerator(digest);
  215. }
  216. else if (type.Equals(OpenSsl))
  217. {
  218. generator = new OpenSslPbeParametersGenerator();
  219. }
  220. else
  221. {
  222. throw new ArgumentException("Unknown PBE type: " + type, "type");
  223. }
  224. generator.Init(key, salt, iterationCount);
  225. return generator;
  226. }
  227. /// <summary>
  228. /// Returns a ObjectIdentifier for a give encoding.
  229. /// </summary>
  230. /// <param name="mechanism">A string representation of the encoding.</param>
  231. /// <returns>A DerObjectIdentifier, null if the Oid is not available.</returns>
  232. public static DerObjectIdentifier GetObjectIdentifier(
  233. string mechanism)
  234. {
  235. mechanism = (string) algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(mechanism)];
  236. if (mechanism != null)
  237. {
  238. return (DerObjectIdentifier)oids[mechanism];
  239. }
  240. return null;
  241. }
  242. public static ICollection Algorithms
  243. {
  244. get { return oids.Keys; }
  245. }
  246. public static bool IsPkcs12(
  247. string algorithm)
  248. {
  249. string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
  250. return mechanism != null && Pkcs12.Equals(algorithmType[mechanism]);
  251. }
  252. public static bool IsPkcs5Scheme1(
  253. string algorithm)
  254. {
  255. string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
  256. return mechanism != null && Pkcs5S1.Equals(algorithmType[mechanism]);
  257. }
  258. public static bool IsPkcs5Scheme2(
  259. string algorithm)
  260. {
  261. string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
  262. return mechanism != null && Pkcs5S2.Equals(algorithmType[mechanism]);
  263. }
  264. public static bool IsOpenSsl(
  265. string algorithm)
  266. {
  267. string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
  268. return mechanism != null && OpenSsl.Equals(algorithmType[mechanism]);
  269. }
  270. public static bool IsPbeAlgorithm(
  271. string algorithm)
  272. {
  273. string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
  274. return mechanism != null && algorithmType[mechanism] != null;
  275. }
  276. public static Asn1Encodable GenerateAlgorithmParameters(
  277. DerObjectIdentifier algorithmOid,
  278. byte[] salt,
  279. int iterationCount)
  280. {
  281. return GenerateAlgorithmParameters(algorithmOid.Id, salt, iterationCount);
  282. }
  283. public static Asn1Encodable GenerateAlgorithmParameters(
  284. string algorithm,
  285. byte[] salt,
  286. int iterationCount)
  287. {
  288. if (IsPkcs12(algorithm))
  289. {
  290. return new Pkcs12PbeParams(salt, iterationCount);
  291. }
  292. else if (IsPkcs5Scheme2(algorithm))
  293. {
  294. return new Pbkdf2Params(salt, iterationCount);
  295. }
  296. else
  297. {
  298. return new PbeParameter(salt, iterationCount);
  299. }
  300. }
  301. public static Asn1Encodable GenerateAlgorithmParameters(
  302. DerObjectIdentifier cipherAlgorithm,
  303. DerObjectIdentifier hashAlgorithm,
  304. byte[] salt,
  305. int iterationCount,
  306. SecureRandom secureRandom)
  307. {
  308. EncryptionScheme encScheme;
  309. if (NistObjectIdentifiers.IdAes128Cbc.Equals(cipherAlgorithm)
  310. || NistObjectIdentifiers.IdAes192Cbc.Equals(cipherAlgorithm)
  311. || NistObjectIdentifiers.IdAes256Cbc.Equals(cipherAlgorithm)
  312. || NistObjectIdentifiers.IdAes128Cfb.Equals(cipherAlgorithm)
  313. || NistObjectIdentifiers.IdAes192Cfb.Equals(cipherAlgorithm)
  314. || NistObjectIdentifiers.IdAes256Cfb.Equals(cipherAlgorithm))
  315. {
  316. byte[] iv = new byte[16];
  317. secureRandom.NextBytes(iv);
  318. encScheme = new EncryptionScheme(cipherAlgorithm, new DerOctetString(iv));
  319. }
  320. else
  321. {
  322. throw new ArgumentException("unknown cipher: " + cipherAlgorithm);
  323. }
  324. KeyDerivationFunc func = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(salt, iterationCount, new AlgorithmIdentifier(hashAlgorithm, DerNull.Instance)));
  325. return new PbeS2Parameters(func, encScheme);
  326. }
  327. public static ICipherParameters GenerateCipherParameters(
  328. DerObjectIdentifier algorithmOid,
  329. char[] password,
  330. Asn1Encodable pbeParameters)
  331. {
  332. return GenerateCipherParameters(algorithmOid.Id, password, false, pbeParameters);
  333. }
  334. public static ICipherParameters GenerateCipherParameters(
  335. DerObjectIdentifier algorithmOid,
  336. char[] password,
  337. bool wrongPkcs12Zero,
  338. Asn1Encodable pbeParameters)
  339. {
  340. return GenerateCipherParameters(algorithmOid.Id, password, wrongPkcs12Zero, pbeParameters);
  341. }
  342. public static ICipherParameters GenerateCipherParameters(
  343. AlgorithmIdentifier algID,
  344. char[] password)
  345. {
  346. return GenerateCipherParameters(algID.Algorithm.Id, password, false, algID.Parameters);
  347. }
  348. public static ICipherParameters GenerateCipherParameters(
  349. AlgorithmIdentifier algID,
  350. char[] password,
  351. bool wrongPkcs12Zero)
  352. {
  353. return GenerateCipherParameters(algID.Algorithm.Id, password, wrongPkcs12Zero, algID.Parameters);
  354. }
  355. public static ICipherParameters GenerateCipherParameters(
  356. string algorithm,
  357. char[] password,
  358. Asn1Encodable pbeParameters)
  359. {
  360. return GenerateCipherParameters(algorithm, password, false, pbeParameters);
  361. }
  362. public static ICipherParameters GenerateCipherParameters(
  363. string algorithm,
  364. char[] password,
  365. bool wrongPkcs12Zero,
  366. Asn1Encodable pbeParameters)
  367. {
  368. string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
  369. byte[] keyBytes = null;
  370. byte[] salt = null;
  371. int iterationCount = 0;
  372. if (IsPkcs12(mechanism))
  373. {
  374. Pkcs12PbeParams pbeParams = Pkcs12PbeParams.GetInstance(pbeParameters);
  375. salt = pbeParams.GetIV();
  376. iterationCount = pbeParams.Iterations.IntValue;
  377. keyBytes = PbeParametersGenerator.Pkcs12PasswordToBytes(password, wrongPkcs12Zero);
  378. }
  379. else if (IsPkcs5Scheme2(mechanism))
  380. {
  381. // See below
  382. }
  383. else
  384. {
  385. PbeParameter pbeParams = PbeParameter.GetInstance(pbeParameters);
  386. salt = pbeParams.GetSalt();
  387. iterationCount = pbeParams.IterationCount.IntValue;
  388. keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
  389. }
  390. ICipherParameters parameters = null;
  391. if (IsPkcs5Scheme2(mechanism))
  392. {
  393. PbeS2Parameters s2p = PbeS2Parameters.GetInstance(pbeParameters.ToAsn1Object());
  394. AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
  395. DerObjectIdentifier encOid = encScheme.Algorithm;
  396. Asn1Object encParams = encScheme.Parameters.ToAsn1Object();
  397. Pbkdf2Params pbeParams = Pbkdf2Params.GetInstance(s2p.KeyDerivationFunc.Parameters.ToAsn1Object());
  398. IDigest digest = DigestUtilities.GetDigest(pbeParams.Prf.Algorithm);
  399. byte[] iv;
  400. if (encOid.Equals(PkcsObjectIdentifiers.RC2Cbc)) // PKCS5.B.2.3
  401. {
  402. RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(encParams);
  403. iv = rc2Params.GetIV();
  404. }
  405. else
  406. {
  407. iv = Asn1OctetString.GetInstance(encParams).GetOctets();
  408. }
  409. salt = pbeParams.GetSalt();
  410. iterationCount = pbeParams.IterationCount.IntValue;
  411. keyBytes = PbeParametersGenerator.Pkcs5PasswordToBytes(password);
  412. int keyLength = pbeParams.KeyLength != null
  413. ? pbeParams.KeyLength.IntValue * 8
  414. : GeneratorUtilities.GetDefaultKeySize(encOid);
  415. PbeParametersGenerator gen = MakePbeGenerator(
  416. (string)algorithmType[mechanism], digest, keyBytes, salt, iterationCount);
  417. parameters = gen.GenerateDerivedParameters(encOid.Id, keyLength);
  418. if (iv != null)
  419. {
  420. // FIXME? OpenSSL weirdness with IV of zeros (for ECB keys?)
  421. if (Arrays.AreEqual(iv, new byte[iv.Length]))
  422. {
  423. //Console.Error.Write("***** IV all 0 (length " + iv.Length + ") *****");
  424. }
  425. else
  426. {
  427. parameters = new ParametersWithIV(parameters, iv);
  428. }
  429. }
  430. }
  431. else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithSHA-1"))
  432. {
  433. PbeParametersGenerator generator = MakePbeGenerator(
  434. (string) algorithmType[mechanism], new Sha1Digest(), keyBytes, salt, iterationCount);
  435. if (mechanism.Equals("PBEwithSHA-1and128bitAES-CBC-BC"))
  436. {
  437. parameters = generator.GenerateDerivedParameters("AES", 128, 128);
  438. }
  439. else if (mechanism.Equals("PBEwithSHA-1and192bitAES-CBC-BC"))
  440. {
  441. parameters = generator.GenerateDerivedParameters("AES", 192, 128);
  442. }
  443. else if (mechanism.Equals("PBEwithSHA-1and256bitAES-CBC-BC"))
  444. {
  445. parameters = generator.GenerateDerivedParameters("AES", 256, 128);
  446. }
  447. else if (mechanism.Equals("PBEwithSHA-1and128bitRC4"))
  448. {
  449. parameters = generator.GenerateDerivedParameters("RC4", 128);
  450. }
  451. else if (mechanism.Equals("PBEwithSHA-1and40bitRC4"))
  452. {
  453. parameters = generator.GenerateDerivedParameters("RC4", 40);
  454. }
  455. else if (mechanism.Equals("PBEwithSHA-1and3-keyDESEDE-CBC"))
  456. {
  457. parameters = generator.GenerateDerivedParameters("DESEDE", 192, 64);
  458. }
  459. else if (mechanism.Equals("PBEwithSHA-1and2-keyDESEDE-CBC"))
  460. {
  461. parameters = generator.GenerateDerivedParameters("DESEDE", 128, 64);
  462. }
  463. else if (mechanism.Equals("PBEwithSHA-1and128bitRC2-CBC"))
  464. {
  465. parameters = generator.GenerateDerivedParameters("RC2", 128, 64);
  466. }
  467. else if (mechanism.Equals("PBEwithSHA-1and40bitRC2-CBC"))
  468. {
  469. parameters = generator.GenerateDerivedParameters("RC2", 40, 64);
  470. }
  471. else if (mechanism.Equals("PBEwithSHA-1andDES-CBC"))
  472. {
  473. parameters = generator.GenerateDerivedParameters("DES", 64, 64);
  474. }
  475. else if (mechanism.Equals("PBEwithSHA-1andRC2-CBC"))
  476. {
  477. parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
  478. }
  479. }
  480. else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithSHA-256"))
  481. {
  482. PbeParametersGenerator generator = MakePbeGenerator(
  483. (string) algorithmType[mechanism], new Sha256Digest(), keyBytes, salt, iterationCount);
  484. if (mechanism.Equals("PBEwithSHA-256and128bitAES-CBC-BC"))
  485. {
  486. parameters = generator.GenerateDerivedParameters("AES", 128, 128);
  487. }
  488. else if (mechanism.Equals("PBEwithSHA-256and192bitAES-CBC-BC"))
  489. {
  490. parameters = generator.GenerateDerivedParameters("AES", 192, 128);
  491. }
  492. else if (mechanism.Equals("PBEwithSHA-256and256bitAES-CBC-BC"))
  493. {
  494. parameters = generator.GenerateDerivedParameters("AES", 256, 128);
  495. }
  496. }
  497. else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithMD5"))
  498. {
  499. PbeParametersGenerator generator = MakePbeGenerator(
  500. (string)algorithmType[mechanism], new MD5Digest(), keyBytes, salt, iterationCount);
  501. if (mechanism.Equals("PBEwithMD5andDES-CBC"))
  502. {
  503. parameters = generator.GenerateDerivedParameters("DES", 64, 64);
  504. }
  505. else if (mechanism.Equals("PBEwithMD5andRC2-CBC"))
  506. {
  507. parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
  508. }
  509. else if (mechanism.Equals("PBEwithMD5and128bitAES-CBC-OpenSSL"))
  510. {
  511. parameters = generator.GenerateDerivedParameters("AES", 128, 128);
  512. }
  513. else if (mechanism.Equals("PBEwithMD5and192bitAES-CBC-OpenSSL"))
  514. {
  515. parameters = generator.GenerateDerivedParameters("AES", 192, 128);
  516. }
  517. else if (mechanism.Equals("PBEwithMD5and256bitAES-CBC-OpenSSL"))
  518. {
  519. parameters = generator.GenerateDerivedParameters("AES", 256, 128);
  520. }
  521. }
  522. else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithMD2"))
  523. {
  524. PbeParametersGenerator generator = MakePbeGenerator(
  525. (string)algorithmType[mechanism], new MD2Digest(), keyBytes, salt, iterationCount);
  526. if (mechanism.Equals("PBEwithMD2andDES-CBC"))
  527. {
  528. parameters = generator.GenerateDerivedParameters("DES", 64, 64);
  529. }
  530. else if (mechanism.Equals("PBEwithMD2andRC2-CBC"))
  531. {
  532. parameters = generator.GenerateDerivedParameters("RC2", 64, 64);
  533. }
  534. }
  535. else if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithHmac"))
  536. {
  537. string digestName = mechanism.Substring("PBEwithHmac".Length);
  538. IDigest digest = DigestUtilities.GetDigest(digestName);
  539. PbeParametersGenerator generator = MakePbeGenerator(
  540. (string) algorithmType[mechanism], digest, keyBytes, salt, iterationCount);
  541. int bitLen = digest.GetDigestSize() * 8;
  542. parameters = generator.GenerateDerivedMacParameters(bitLen);
  543. }
  544. Array.Clear(keyBytes, 0, keyBytes.Length);
  545. return FixDesParity(mechanism, parameters);
  546. }
  547. public static object CreateEngine(
  548. DerObjectIdentifier algorithmOid)
  549. {
  550. return CreateEngine(algorithmOid.Id);
  551. }
  552. public static object CreateEngine(
  553. AlgorithmIdentifier algID)
  554. {
  555. string algorithm = algID.Algorithm.Id;
  556. if (IsPkcs5Scheme2(algorithm))
  557. {
  558. PbeS2Parameters s2p = PbeS2Parameters.GetInstance(algID.Parameters.ToAsn1Object());
  559. AlgorithmIdentifier encScheme = s2p.EncryptionScheme;
  560. return CipherUtilities.GetCipher(encScheme.Algorithm);
  561. }
  562. return CreateEngine(algorithm);
  563. }
  564. public static object CreateEngine(
  565. string algorithm)
  566. {
  567. string mechanism = (string)algorithms[BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithm)];
  568. if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithHmac"))
  569. {
  570. string digestName = mechanism.Substring("PBEwithHmac".Length);
  571. return MacUtilities.GetMac("HMAC/" + digestName);
  572. }
  573. if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithMD2")
  574. || BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithMD5")
  575. || BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithSHA-1")
  576. || BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.StartsWith(mechanism, "PBEwithSHA-256"))
  577. {
  578. if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "AES-CBC-BC") || BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "AES-CBC-OPENSSL"))
  579. {
  580. return CipherUtilities.GetCipher("AES/CBC");
  581. }
  582. if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DES-CBC"))
  583. {
  584. return CipherUtilities.GetCipher("DES/CBC");
  585. }
  586. if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DESEDE-CBC"))
  587. {
  588. return CipherUtilities.GetCipher("DESEDE/CBC");
  589. }
  590. if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "RC2-CBC"))
  591. {
  592. return CipherUtilities.GetCipher("RC2/CBC");
  593. }
  594. if (BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "RC4"))
  595. {
  596. return CipherUtilities.GetCipher("RC4");
  597. }
  598. }
  599. return null;
  600. }
  601. public static string GetEncodingName(
  602. DerObjectIdentifier oid)
  603. {
  604. return (string) algorithms[oid.Id];
  605. }
  606. private static ICipherParameters FixDesParity(string mechanism, ICipherParameters parameters)
  607. {
  608. if (!BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DES-CBC") && !BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.EndsWith(mechanism, "DESEDE-CBC"))
  609. {
  610. return parameters;
  611. }
  612. if (parameters is ParametersWithIV)
  613. {
  614. ParametersWithIV ivParams = (ParametersWithIV)parameters;
  615. return new ParametersWithIV(FixDesParity(mechanism, ivParams.Parameters), ivParams.GetIV());
  616. }
  617. KeyParameter kParam = (KeyParameter)parameters;
  618. byte[] keyBytes = kParam.GetKey();
  619. DesParameters.SetOddParity(keyBytes);
  620. return new KeyParameter(keyBytes);
  621. }
  622. }
  623. }
  624. #pragma warning restore
  625. #endif