diff options
| author | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-11-01 16:04:09 +0000 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-11-01 16:04:09 +0000 |
| commit | 7e37934b87aae3eddb9817663a20d9f9bb554bf2 (patch) | |
| tree | 41518fd9391a5d52127ea2920ee0b578e2392f75 | |
| parent | b9107e03cbb02e73f61e2105df4d5de9d2c6ab52 (diff) | |
| parent | b1e4d28d756235ec33e45485994581f4590c37ff (diff) | |
| download | android_external_bouncycastle-cm-11.0-XNPH22R-bacon-03d77315ea.tar.gz android_external_bouncycastle-cm-11.0-XNPH22R-bacon-03d77315ea.tar.bz2 android_external_bouncycastle-cm-11.0-XNPH22R-bacon-03d77315ea.zip | |
Merge tag 'android-4.4_r1' into cm-11.0cm-11.0-XNPH25R-bacon-d22b777afacm-11.0-XNPH22R-bacon-03d77315ea
Android 4.4 Release 1.0
149 files changed, 9958 insertions, 8686 deletions
@@ -34,19 +34,30 @@ LOCAL_MODULE := bouncycastle LOCAL_MODULE_TAGS := optional LOCAL_SRC_FILES := $(android_bcprov_src_files) LOCAL_JAVACFLAGS := -encoding UTF-8 -LOCAL_JAVA_LIBRARIES := core +LOCAL_JAVA_LIBRARIES := conscrypt core LOCAL_NO_STANDARD_LIBRARIES := true LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_JAVA_LIBRARY) +# non-jarjar version to build okhttp-tests +include $(CLEAR_VARS) +LOCAL_MODULE := bouncycastle-nojarjar +LOCAL_MODULE_TAGS := optional +LOCAL_SRC_FILES := $(android_bcprov_src_files) +LOCAL_JAVACFLAGS := -encoding UTF-8 +LOCAL_JAVA_LIBRARIES := conscrypt core +LOCAL_NO_STANDARD_LIBRARIES := true +LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk +include $(BUILD_STATIC_JAVA_LIBRARY) + # This is used to generate a list of what is unused so it can be removed when bouncycastle is updated. # Based on "Finding dead code" example in ProGuard manual at http://proguard.sourceforge.net/ .PHONY: bouncycastle-proguard-deadcode bouncycastle-proguard-deadcode: $(full_classes_compiled_jar) $(full_java_libs) $(PROGUARD) \ -injars $(full_classes_compiled_jar) \ - -libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigest.class),$(full_java_libs)))" \ + -libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!com/android/org/conscrypt/OpenSSLMessageDigest.class),$(full_java_libs)))" \ -dontoptimize \ -dontobfuscate \ -dontpreverify \ @@ -88,6 +99,7 @@ ifeq ($(WITH_HOST_DALVIK),true) LOCAL_JAVACFLAGS := -encoding UTF-8 LOCAL_BUILD_HOST_DEX := true LOCAL_MODULE_TAGS := optional + LOCAL_JAVA_LIBRARIES := conscrypt-hostdex LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_HOST_JAVA_LIBRARY) @@ -1,4 +1,4 @@ -Copyright (c) 2000-2011 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) +Copyright (c) 2000-2013 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, diff --git a/README.android b/README.android index 3dfa8bf..5a3e9b5 100644 --- a/README.android +++ b/README.android @@ -114,6 +114,8 @@ The following steps are recommended for porting new Bouncy Castle versions. libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestInputStreamTest.java - java.security.DigestOutputStream libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestOutputStreamTest.java + - javax.crypto.spec.GCMParameterSpec + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/spec/GCMParameterSpecTest.java - java.security.GuardedObject libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/GuardedObjectTest.java - java.security.Identity @@ -212,10 +214,10 @@ The following steps are recommended for porting new Bouncy Castle versions. - java.security.SecureRandomSpi libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecureRandomSpiTest.java - java.security.Signature + libcore/crypto/src/test/java/org/conscrypt/OpenSSLSignatureTest.java libcore/luni/src/test/java/libcore/java/security/SignatureTest.java libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Signature2Test.java libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureTest.java - libcore/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignatureTest.java libcore/luni/src/test/java/tests/targets/security/SignatureTestMD2withRSA.java - java.security.SignatureSpi libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureSpiTest.java @@ -225,8 +227,17 @@ The following steps are recommended for porting new Bouncy Castle versions. libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignerTest.java - java.security.Timestamp libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/TimestampTest.java + - java.security.cert.TrustAnchor + libcore/luni/src/test/java/tests/security/cert/TrustAnchorTest.java - javax.net.ssl.TrustManagerFactory libcore/luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java + - java.net.URLConnection + libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java + libcore/luni/src/test/java/org/apache/harmony/luni/tests/java/net/URLConnectionTest.java + - javax.security.auth.x500.X500Principal + libcore/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java + libcore/luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java + libcore/luni/src/test/java/tests/api/javax/security/auth/X500PrincipalTest.java - javax.net.ssl.SSLSocket and javax.net.ssl.SSLEngine (which touch on Cipher, MessageDigest, Signature) libcore/luni/src/test/java/libcore/javax/net/ssl/ - Test Android additions to bouncycastle such as org.bouncycastle.crypto.digests.OpenSSLDigest and org.bouncycastle.jce.provider.CertBlacklist diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index c976dfe..ae71f31 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -9,34 +9,28 @@ import java.security.Provider; import java.security.cert.CertStore; import java.security.cert.CertStoreException; import java.util.ArrayList; -import java.util.Enumeration; +import java.util.Collection; import java.util.Iterator; import java.util.List; import java.util.Map; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BERSequence; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; +// BEGIN android-removed +// import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; +// END android-removed import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; +import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; -import org.bouncycastle.util.CollectionStore; import org.bouncycastle.util.Store; import org.bouncycastle.x509.NoSuchStoreException; import org.bouncycastle.x509.X509Store; @@ -311,208 +305,201 @@ public class CMSSignedData { if (attributeStore == null) { - attributeStore = HELPER.createAttributeStore(type, provider, signedData.getCertificates()); + attributeStore = HELPER.createAttributeStore(type, provider, this.getAttributeCertificates()); } return attributeStore; } - /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of public key certificates - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCertificates( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getCertificates(type, CMSUtils.getProvider(provider)); - } + // BEGIN android-removed + // /** + // * return a X509Store containing the public key certificates, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider name of provider to use + // * @return a store of public key certificates + // * @exception NoSuchProviderException if the provider requested isn't available. + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCertificates( + // String type, + // String provider) + // throws NoSuchStoreException, NoSuchProviderException, CMSException + // { + // return getCertificates(type, CMSUtils.getProvider(provider)); + // } + // + // /** + // * return a X509Store containing the public key certificates, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider provider to use + // * @return a store of public key certificates + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCertificates( + // String type, + // Provider provider) + // throws NoSuchStoreException, CMSException + // { + // if (certificateStore == null) + // { + // certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); + // } + // + // return certificateStore; + // } + // + // /** + // * return a X509Store containing CRLs, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider name of provider to use + // * @return a store of CRLs + // * @exception NoSuchProviderException if the provider requested isn't available. + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCRLs( + // String type, + // String provider) + // throws NoSuchStoreException, NoSuchProviderException, CMSException + // { + // return getCRLs(type, CMSUtils.getProvider(provider)); + // } + // + // /** + // * return a X509Store containing CRLs, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider provider to use + // * @return a store of CRLs + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCRLs( + // String type, + // Provider provider) + // throws NoSuchStoreException, CMSException + // { + // if (crlStore == null) + // { + // crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); + // } + // + // return crlStore; + // } + // + // /** + // * return a CertStore containing the certificates and CRLs associated with + // * this message. + // * + // * @exception NoSuchProviderException if the provider requested isn't available. + // * @exception NoSuchAlgorithmException if the cert store isn't available. + // * @exception CMSException if a general exception prevents creation of the CertStore + // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder + // */ + // public CertStore getCertificatesAndCRLs( + // String type, + // String provider) + // throws NoSuchAlgorithmException, NoSuchProviderException, CMSException + // { + // return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); + // } + // + // /** + // * return a CertStore containing the certificates and CRLs associated with + // * this message. + // * + // * @exception NoSuchAlgorithmException if the cert store isn't available. + // * @exception CMSException if a general exception prevents creation of the CertStore + // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder + // */ + // public CertStore getCertificatesAndCRLs( + // String type, + // Provider provider) + // throws NoSuchAlgorithmException, CMSException + // { + // try + // { + // JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); + // + // if (provider != null) + // { + // certStoreBuilder.setProvider(provider); + // } + // + // certStoreBuilder.addCertificates(this.getCertificates()); + // certStoreBuilder.addCRLs(this.getCRLs()); + // + // return certStoreBuilder.build(); + // } + // catch (NoSuchAlgorithmException e) + // { + // throw e; + // } + // catch (Exception e) + // { + // throw new CMSException("exception creating CertStore: " + e.getMessage(), e); + // } + // } + // END android-removed /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. + * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. * - * @param type type of store to create - * @param provider provider to use - * @return a store of public key certificates - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method + * @return a Store of X509CertificateHolder objects. */ - public X509Store getCertificates( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (certificateStore == null) - { - certificateStore = HELPER.createCertificateStore(type, provider, signedData.getCertificates()); - } - - return certificateStore; - } - - /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of CRLs - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCRLs( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException + public Store getCertificates() { - return getCRLs(type, CMSUtils.getProvider(provider)); + return HELPER.getCertificates(signedData.getCertificates()); } /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of CRLs - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCRLs( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (crlStore == null) - { - crlStore = HELPER.createCRLsStore(type, provider, signedData.getCRLs()); - } - - return crlStore; - } - - /** - * return a CertStore containing the certificates and CRLs associated with - * this message. + * Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects. * - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use base Store returning method + * @return a Store of X509CRLHolder objects. */ - public CertStore getCertificatesAndCRLs( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException + public Store getCRLs() { - return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); + return HELPER.getCRLs(signedData.getCRLs()); } /** - * return a CertStore containing the certificates and CRLs associated with - * this message. + * Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects. * - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use base Store returning method + * @return a Store of X509AttributeCertificateHolder objects. */ - public CertStore getCertificatesAndCRLs( - String type, - Provider provider) - throws NoSuchAlgorithmException, CMSException - { - ASN1Set certSet = signedData.getCertificates(); - ASN1Set crlSet = signedData.getCRLs(); - - return HELPER.createCertStore(type, provider, certSet, crlSet); - } - - public Store getCertificates() - { - ASN1Set certSet = signedData.getCertificates(); - - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - certList.add(new X509CertificateHolder(Certificate.getInstance(obj))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); - } - - public Store getCRLs() - { - ASN1Set crlSet = signedData.getCRLs(); - - if (crlSet != null) - { - List crlList = new ArrayList(crlSet.size()); - - for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - crlList.add(new X509CRLHolder(CertificateList.getInstance(obj))); - } - } - - return new CollectionStore(crlList); - } - - return new CollectionStore(new ArrayList()); - } - public Store getAttributeCertificates() { - ASN1Set certSet = signedData.getCertificates(); - - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(((ASN1TaggedObject)obj).getObject()))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); + return HELPER.getAttributeCertificates(signedData.getCertificates()); } + // BEGIN android-removed + // /** + // * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in + // * this SignedData structure. + // * + // * @param otherRevocationInfoFormat OID of the format type been looked for. + // * + // * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. + // */ + // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) + // { + // return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); + // } + // END android-removed + /** * Return the a string representation of the OID associated with the * encapsulated content info structure carried in the signed data. @@ -554,9 +541,77 @@ public class CMSSignedData { return contentInfo.getEncoded(); } - + + // BEGIN android-removed + // /** + // * Verify all the SignerInformation objects and their associated counter signatures attached + // * to this CMS SignedData object. + // * + // * @param verifierProvider a provider of SignerInformationVerifier objects. + // * @return true if all verify, false otherwise. + // * @throws CMSException if an exception occurs during the verification process. + // */ + // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) + // throws CMSException + // { + // return verifySignatures(verifierProvider, false); + // } + // + // /** + // * Verify all the SignerInformation objects and optionally their associated counter signatures attached + // * to this CMS SignedData object. + // * + // * @param verifierProvider a provider of SignerInformationVerifier objects. + // * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. + // * @return true if all verify, false otherwise. + // * @throws CMSException if an exception occurs during the verification process. + // */ + // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) + // throws CMSException + // { + // Collection signers = this.getSignerInfos().getSigners(); + // + // for (Iterator it = signers.iterator(); it.hasNext();) + // { + // SignerInformation signer = (SignerInformation)it.next(); + // + // try + // { + // SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); + // + // if (!signer.verify(verifier)) + // { + // return false; + // } + // + // if (!ignoreCounterSignatures) + // { + // Collection counterSigners = signer.getCounterSignatures().getSigners(); + // + // for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) + // { + // SignerInformation counterSigner = (SignerInformation)cIt.next(); + // SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); + // + // if (!counterSigner.verify(counterVerifier)) + // { + // return false; + // } + // } + // } + // } + // catch (OperatorCreationException e) + // { + // throw new CMSException("failure in verifier provider: " + e.getMessage(), e); + // } + // } + // + // return true; + // } + // END android-removed + /** - * Replace the signerinformation store associated with this + * Replace the SignerInformation store associated with this * CMSSignedData object with the new one passed in. You would * probably only want to do this if you wanted to change the unsigned * attributes associated with a signer, or perhaps delete one. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java index f50791e..9692e15 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java @@ -146,6 +146,7 @@ public class CMSSignedDataGenerator /** * constructor allowing specific source of randomness * @param rand instance of SecureRandom to use + * @deprecated rand ignored in new API, use base constructor. */ public CMSSignedDataGenerator( SecureRandom rand) @@ -479,6 +480,7 @@ public class CMSSignedDataGenerator * addDefaultAttributes indicates whether or not a default set of signed attributes * need to be added automatically. If the argument is set to false, no * attributes will get added at all. + * @deprecated use setDirectSignature() on SignerInformationGenerator. */ public CMSSignedData generate( String eContentType, diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java index 365522d..8b9d4ce 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java @@ -15,6 +15,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; @@ -23,6 +24,7 @@ import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; // BEGIN android-removed +// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; @@ -32,9 +34,13 @@ import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.cert.X509AttributeCertificateHolder; +import org.bouncycastle.cert.X509CRLHolder; +import org.bouncycastle.cert.X509CertificateHolder; // BEGIN android-removed // import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; // END android-removed +import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Store; import org.bouncycastle.x509.X509AttributeCertificate; import org.bouncycastle.x509.X509Store; @@ -173,7 +179,7 @@ public class CMSSignedGenerator Map param = new HashMap(); param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, hash.clone()); + param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); return param; } @@ -207,6 +213,25 @@ public class CMSSignedGenerator crls.addAll(CMSUtils.getCRLsFromStore(certStore)); } + /** + * Add a certificate to the certificate set to be included with the generated SignedData message. + * + * @param certificate the certificate to be included. + * @throws CMSException if the certificate cannot be encoded for adding. + */ + public void addCertificate( + X509CertificateHolder certificate) + throws CMSException + { + certs.add(certificate.toASN1Structure()); + } + + /** + * Add the certificates in certStore to the certificate set to be included with the generated SignedData message. + * + * @param certStore the store containing the certificates to be included. + * @throws CMSException if the certificates cannot be encoded for adding. + */ public void addCertificates( Store certStore) throws CMSException @@ -214,6 +239,22 @@ public class CMSSignedGenerator certs.addAll(CMSUtils.getCertificatesFromStore(certStore)); } + /** + * Add a CRL to the CRL set to be included with the generated SignedData message. + * + * @param crl the CRL to be included. + */ + public void addCRL(X509CRLHolder crl) + { + crls.add(crl.toASN1Structure()); + } + + /** + * Add the CRLs in crlStore to the CRL set to be included with the generated SignedData message. + * + * @param crlStore the store containing the CRLs to be included. + * @throws CMSException if the CRLs cannot be encoded for adding. + */ public void addCRLs( Store crlStore) throws CMSException @@ -221,6 +262,25 @@ public class CMSSignedGenerator crls.addAll(CMSUtils.getCRLsFromStore(crlStore)); } + /** + * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. + * + * @param attrCert the store containing the certificates to be included. + * @throws CMSException if the attribute certificate cannot be encoded for adding. + */ + public void addAttributeCertificate( + X509AttributeCertificateHolder attrCert) + throws CMSException + { + certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure())); + } + + /** + * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. + * + * @param attrStore the store containing the certificates to be included. + * @throws CMSException if the attribute certificate cannot be encoded for adding. + */ public void addAttributeCertificates( Store attrStore) throws CMSException @@ -228,6 +288,34 @@ public class CMSSignedGenerator certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore)); } + // BEGIN android-removed + // /** + // * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. + // * + // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. + // * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. + // */ + // public void addOtherRevocationInfo( + // ASN1ObjectIdentifier otherRevocationInfoFormat, + // ASN1Encodable otherRevocationInfo) + // { + // crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); + // } + // + // /** + // * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. + // * + // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. + // * @param otherRevocationInfos a Store of otherRevocationInfo data to add. + // */ + // public void addOtherRevocationInfo( + // ASN1ObjectIdentifier otherRevocationInfoFormat, + // Store otherRevocationInfos) + // { + // crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); + // } + // END android-removed + /** * Add the attribute certificates contained in the passed in store to the * generator. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java index 457a97e..7612b5f 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java @@ -1,18 +1,14 @@ package org.bouncycastle.cms; -import java.io.ByteArrayInputStream; import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.cert.CRLException; -import java.security.cert.CertStore; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; import java.util.ArrayList; +import java.util.Collection; import java.util.Enumeration; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -24,6 +20,7 @@ import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; // BEGIN android-removed +// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // END android-removed import org.bouncycastle.asn1.eac.EACObjectIdentifiers; @@ -32,8 +29,20 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.AttributeCertificate; +import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.CertificateList; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.cert.X509AttributeCertificateHolder; +import org.bouncycastle.cert.X509CRLHolder; +import org.bouncycastle.cert.X509CertificateHolder; +// BEGIN android-removed +// import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; +// import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +// END android-removed +import org.bouncycastle.util.CollectionStore; +import org.bouncycastle.util.Store; import org.bouncycastle.x509.NoSuchStoreException; import org.bouncycastle.x509.X509CollectionStoreParameters; import org.bouncycastle.x509.X509Store; @@ -176,45 +185,22 @@ class CMSSignedHelper return encryptionAlgOID; } - X509Store createAttributeStore( String type, Provider provider, - ASN1Set certSet) + Store certStore) throws NoSuchStoreException, CMSException { - List certs = new ArrayList(); - - if (certSet != null) + try { - Enumeration e = certSet.getObjects(); + Collection certHldrs = certStore.getMatches(null); + List certs = new ArrayList(certHldrs.size()); - while (e.hasMoreElements()) + for (Iterator it = certHldrs.iterator(); it.hasNext();) { - try - { - ASN1Primitive obj = ((ASN1Encodable)e.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)obj; - - if (tagged.getTagNo() == 2) - { - certs.add(new X509V2AttributeCertificate(ASN1Sequence.getInstance(tagged, false).getEncoded())); - } - } - } - catch (IOException ex) - { - throw new CMSException( - "can't re-encode attribute certificate!", ex); - } + certs.add(new X509V2AttributeCertificate(((X509AttributeCertificateHolder)it.next()).getEncoded())); } - } - try - { return X509Store.getInstance( "AttributeCertificate/" +type, new X509CollectionStoreParameters(certs), provider); } @@ -222,202 +208,189 @@ class CMSSignedHelper { throw new CMSException("can't setup the X509Store", e); } - } - - X509Store createCertificateStore( - String type, - Provider provider, - ASN1Set certSet) - throws NoSuchStoreException, CMSException - { - List certs = new ArrayList(); - - if (certSet != null) - { - addCertsFromSet(certs, certSet, provider); - } - - try - { - return X509Store.getInstance( - "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); - } - catch (IllegalArgumentException e) + catch (IOException e) { throw new CMSException("can't setup the X509Store", e); } } - X509Store createCRLsStore( - String type, - Provider provider, - ASN1Set crlSet) - throws NoSuchStoreException, CMSException - { - List crls = new ArrayList(); + // BEGIN android-removed + // X509Store createCertificateStore( + // String type, + // Provider provider, + // Store certStore) + // throws NoSuchStoreException, CMSException + // { + // try + // { + // JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); + // Collection certHldrs = certStore.getMatches(null); + // List certs = new ArrayList(certHldrs.size()); + // + // for (Iterator it = certHldrs.iterator(); it.hasNext();) + // { + // certs.add(converter.getCertificate((X509CertificateHolder)it.next())); + // } + // + // return X509Store.getInstance( + // "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); + // } + // catch (IllegalArgumentException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // catch (CertificateException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // } + // + // X509Store createCRLsStore( + // String type, + // Provider provider, + // Store crlStore) + // throws NoSuchStoreException, CMSException + // { + // try + // { + // JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); + // Collection crlHldrs = crlStore.getMatches(null); + // List crls = new ArrayList(crlHldrs.size()); + // + // for (Iterator it = crlHldrs.iterator(); it.hasNext();) + // { + // crls.add(converter.getCRL((X509CRLHolder)it.next())); + // } + // + // return X509Store.getInstance( + // "CRL/" +type, new X509CollectionStoreParameters(crls), provider); + // } + // catch (IllegalArgumentException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // catch (CRLException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // } + // END android-removed - if (crlSet != null) + AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) + { + if (algId.getParameters() == null) { - addCRLsFromSet(crls, crlSet, provider); + return new AlgorithmIdentifier(algId.getAlgorithm(), DERNull.INSTANCE); } - try - { - return X509Store.getInstance( - "CRL/" +type, new X509CollectionStoreParameters(crls), provider); - } - catch (IllegalArgumentException e) - { - throw new CMSException("can't setup the X509Store", e); - } + return algId; } - CertStore createCertStore( - String type, - Provider provider, - ASN1Set certSet, - ASN1Set crlSet) - throws CMSException, NoSuchAlgorithmException + void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) { - List certsAndcrls = new ArrayList(); + encryptionAlgs.put(oid.getId(), algorithmName); + } - // - // load the certificates and revocation lists if we have any - // + void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) + { + digestAlgs.put(oid.getId(), algorithmName); + } + Store getCertificates(ASN1Set certSet) + { if (certSet != null) { - addCertsFromSet(certsAndcrls, certSet, provider); - } - - if (crlSet != null) - { - addCRLsFromSet(certsAndcrls, crlSet, provider); - } + List certList = new ArrayList(certSet.size()); - try - { - if (provider != null) + for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) { - return CertStore.getInstance(type, new CollectionCertStoreParameters(certsAndcrls), provider); - } - else - { - return CertStore.getInstance(type, new CollectionCertStoreParameters(certsAndcrls)); + ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); + + if (obj instanceof ASN1Sequence) + { + certList.add(new X509CertificateHolder(Certificate.getInstance(obj))); + } } + + return new CollectionStore(certList); } - catch (InvalidAlgorithmParameterException e) - { - throw new CMSException("can't setup the CertStore", e); - } + + return new CollectionStore(new ArrayList()); } - private void addCertsFromSet(List certs, ASN1Set certSet, Provider provider) - throws CMSException + Store getAttributeCertificates(ASN1Set certSet) { - CertificateFactory cf; - - try - { - if (provider != null) - { - cf = CertificateFactory.getInstance("X.509", provider); - } - else - { - cf = CertificateFactory.getInstance("X.509"); - } - } - catch (CertificateException ex) + if (certSet != null) { - throw new CMSException("can't get certificate factory.", ex); - } - Enumeration e = certSet.getObjects(); + List certList = new ArrayList(certSet.size()); - while (e.hasMoreElements()) - { - try + for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) { - ASN1Primitive obj = ((ASN1Encodable)e.nextElement()).toASN1Primitive(); + ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - if (obj instanceof ASN1Sequence) + if (obj instanceof ASN1TaggedObject) { - certs.add(cf.generateCertificate( - new ByteArrayInputStream(obj.getEncoded()))); + certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(((ASN1TaggedObject)obj).getObject()))); } } - catch (IOException ex) - { - throw new CMSException( - "can't re-encode certificate!", ex); - } - catch (CertificateException ex) - { - throw new CMSException( - "can't re-encode certificate!", ex); - } + + return new CollectionStore(certList); } + + return new CollectionStore(new ArrayList()); } - private void addCRLsFromSet(List crls, ASN1Set certSet, Provider provider) - throws CMSException + Store getCRLs(ASN1Set crlSet) { - CertificateFactory cf; - - try - { - if (provider != null) - { - cf = CertificateFactory.getInstance("X.509", provider); - } - else - { - cf = CertificateFactory.getInstance("X.509"); - } - } - catch (CertificateException ex) + if (crlSet != null) { - throw new CMSException("can't get certificate factory.", ex); - } - Enumeration e = certSet.getObjects(); + List crlList = new ArrayList(crlSet.size()); - while (e.hasMoreElements()) - { - try + for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) { - ASN1Primitive obj = ((ASN1Encodable)e.nextElement()).toASN1Primitive(); + ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - crls.add(cf.generateCRL( - new ByteArrayInputStream(obj.getEncoded()))); - } - catch (IOException ex) - { - throw new CMSException("can't re-encode CRL!", ex); - } - catch (CRLException ex) - { - throw new CMSException("can't re-encode CRL!", ex); + if (obj instanceof ASN1Sequence) + { + crlList.add(new X509CRLHolder(CertificateList.getInstance(obj))); + } } - } - } - AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) - { - if (algId.getParameters() == null) - { - return new AlgorithmIdentifier(algId.getAlgorithm(), DERNull.INSTANCE); + return new CollectionStore(crlList); } - return algId; - } - - void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - encryptionAlgs.put(oid.getId(), algorithmName); + return new CollectionStore(new ArrayList()); } - void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - digestAlgs.put(oid.getId(), algorithmName); - } + // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) + // { + // if (crlSet != null) + // { + // List crlList = new ArrayList(crlSet.size()); + // + // for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) + // { + // ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); + // + // if (obj instanceof ASN1TaggedObject) + // { + // ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); + // + // if (tObj.getTagNo() == 1) + // { + // OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); + // + // if (otherRevocationInfoFormat.equals(other.getInfoFormat())) + // { + // crlList.add(other.getInfo()); + // } + // } + // } + // } + // + // return new CollectionStore(crlList); + // } + // + // return new CollectionStore(new ArrayList()); + // } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index 907fcc0..ccfab32 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -20,14 +20,21 @@ import java.util.List; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetStringGenerator; import org.bouncycastle.asn1.BERSet; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +// BEGIN android-removed +// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +// import org.bouncycastle.asn1.ocsp.OCSPResponse; +// import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; +// END android-removed import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.CertificateList; import org.bouncycastle.asn1.x509.TBSCertificate; @@ -184,6 +191,32 @@ class CMSUtils } } + // BEGIN android-removed + // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) + // { + // List others = new ArrayList(); + // + // for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) + // { + // ASN1Encodable info = (ASN1Encodable)it.next(); + // + // if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) + // { + // OCSPResponse resp = OCSPResponse.getInstance(info); + // + // if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) + // { + // throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); + // } + // } + // + // others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); + // } + // + // return others; + // } + // END android-removed + static ASN1Set createBerSetFromList(List derObjects) { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java index f5ac174..e378629 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java @@ -123,12 +123,12 @@ public class SignerInfoGenerator public SignerIdentifier getSID() { - return signerIdentifier; + return signerIdentifier; } public ASN1Integer getGeneratedVersion() { - return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1); + return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1); } public boolean hasAssociatedCertificate() diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java index 70a8727..b65ab5e 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java @@ -9,7 +9,7 @@ import java.util.Map; public class SignerInformationStore { - private ArrayList all = new ArrayList(); + private List all = new ArrayList(); private Map table = new HashMap(); public SignerInformationStore( diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java new file mode 100644 index 0000000..a2c47c2 --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java @@ -0,0 +1,156 @@ +package org.bouncycastle.operator.bc; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.ExtendedDigest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.GOST3411Digest; +// import org.bouncycastle.crypto.digests.MD2Digest; +// import org.bouncycastle.crypto.digests.MD4Digest; +// END android-removed +import org.bouncycastle.crypto.digests.MD5Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.RIPEMD128Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.RIPEMD256Digest; +// END android-removed +import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA224Digest; +// END android-removed +import org.bouncycastle.crypto.digests.SHA256Digest; +import org.bouncycastle.crypto.digests.SHA384Digest; +import org.bouncycastle.crypto.digests.SHA512Digest; +import org.bouncycastle.operator.OperatorCreationException; + +public class BcDefaultDigestProvider + implements BcDigestProvider +{ + private static final Map lookup = createTable(); + + private static Map createTable() + { + Map table = new HashMap(); + + table.put(OIWObjectIdentifiers.idSHA1, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA1Digest(); + } + }); + // BEGIN android-removed + // table.put(NISTObjectIdentifiers.id_sha224, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new SHA224Digest(); + // } + // }); + // END android-removed + table.put(NISTObjectIdentifiers.id_sha256, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA256Digest(); + } + }); + table.put(NISTObjectIdentifiers.id_sha384, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA384Digest(); + } + }); + table.put(NISTObjectIdentifiers.id_sha512, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA512Digest(); + } + }); + table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new MD5Digest(); + } + }); + // BEGIN android-removed + // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new MD4Digest(); + // } + // }); + // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new MD2Digest(); + // } + // }); + // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new GOST3411Digest(); + // } + // }); + // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new RIPEMD128Digest(); + // } + // }); + // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new RIPEMD160Digest(); + // } + // }); + // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new RIPEMD256Digest(); + // } + // }); + // END android-removed + + return Collections.unmodifiableMap(table); + } + + public static final BcDigestProvider INSTANCE = new BcDefaultDigestProvider(); + + private BcDefaultDigestProvider() + { + + } + + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + throws OperatorCreationException + { + BcDigestProvider extProv = (BcDigestProvider)lookup.get(digestAlgorithmIdentifier.getAlgorithm()); + + if (extProv == null) + { + throw new OperatorCreationException("cannot recognise digest"); + } + + return extProv.get(digestAlgorithmIdentifier); + } +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java index 233b31b..4d029dd 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java @@ -2,9 +2,11 @@ package org.bouncycastle.operator.bc; import java.io.IOException; import java.io.OutputStream; +import java.util.Map; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.crypto.Digest; +import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; @@ -12,10 +14,12 @@ import org.bouncycastle.operator.OperatorCreationException; public class BcDigestCalculatorProvider implements DigestCalculatorProvider { + private BcDigestProvider digestProvider = BcDefaultDigestProvider.INSTANCE; + public DigestCalculator get(final AlgorithmIdentifier algorithm) throws OperatorCreationException { - Digest dig = BcUtil.createDigest(algorithm); + Digest dig = digestProvider.get(algorithm); final DigestOutputStream stream = new DigestOutputStream(dig); diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestProvider.java new file mode 100644 index 0000000..691a56a --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestProvider.java @@ -0,0 +1,11 @@ +package org.bouncycastle.operator.bc; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.ExtendedDigest; +import org.bouncycastle.operator.OperatorCreationException; + +public interface BcDigestProvider +{ + ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + throws OperatorCreationException; +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcUtil.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcUtil.java deleted file mode 100644 index 368c1f3..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcUtil.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.operator.bc; - -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// END android-removed -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.GOST3411Digest; -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// END android-removed -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.RIPEMD256Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.SHA224Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.operator.OperatorCreationException; - -class BcUtil -{ - static Digest createDigest(AlgorithmIdentifier digAlg) - throws OperatorCreationException - { - Digest dig; - - if (digAlg.getAlgorithm().equals(OIWObjectIdentifiers.idSHA1)) - { - dig = new SHA1Digest(); - } - // BEGIN android-removed - // else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224)) - // { - // dig = new SHA224Digest(); - // } - // END android-removed - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256)) - { - dig = new SHA256Digest(); - } - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha384)) - { - dig = new SHA384Digest(); - } - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha512)) - { - dig = new SHA512Digest(); - } - else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md5)) - { - dig = new MD5Digest(); - } - // BEGIN android-removed - // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md4)) - // { - // dig = new MD4Digest(); - // } - // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md2)) - // { - // dig = new MD2Digest(); - // } - // else if (digAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411)) - // { - // dig = new GOST3411Digest(); - // } - // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd128)) - // { - // dig = new RIPEMD128Digest(); - // } - // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd160)) - // { - // dig = new RIPEMD160Digest(); - // } - // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd256)) - // { - // dig = new RIPEMD256Digest(); - // } - // END android-removed - else - { - throw new OperatorCreationException("cannot recognise digest"); - } - - return dig; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java index ecfca6a..2819a8d 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java @@ -20,7 +20,7 @@ public class ASN1EncodableVector { for (Enumeration en = other.v.elements(); en.hasMoreElements();) { - v.addElement(en.nextElement()); + v.addElement(en.nextElement()); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java index eb29838..98f46a6 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java @@ -13,6 +13,11 @@ public class ASN1ObjectIdentifier super(bytes); } + ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branch) + { + super(oid, branch); + } + /** * Return an OID that creates a branch under the current one. * @@ -21,7 +26,7 @@ public class ASN1ObjectIdentifier */ public ASN1ObjectIdentifier branch(String branchID) { - return new ASN1ObjectIdentifier(getId() + "." + branchID); + return new ASN1ObjectIdentifier(this, branchID); } /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java index c8d7bd0..74acda6 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java @@ -77,7 +77,7 @@ public class DERBoolean * @exception IllegalArgumentException if the tagged object cannot * be converted. */ - public static DERBoolean getInstance( + public static ASN1Boolean getInstance( ASN1TaggedObject obj, boolean explicit) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java index 8e2ee4e..13e1195 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java @@ -9,17 +9,17 @@ import org.bouncycastle.util.Arrays; public class DERObjectIdentifier extends ASN1Primitive { - String identifier; + String identifier; - private byte[] body; + private byte[] body; /** * return an OID from the passed in object * - * @exception IllegalArgumentException if the object cannot be converted. + * @throws IllegalArgumentException if the object cannot be converted. */ public static ASN1ObjectIdentifier getInstance( - Object obj) + Object obj) { if (obj == null || obj instanceof ASN1ObjectIdentifier) { @@ -47,15 +47,15 @@ public class DERObjectIdentifier /** * return an Object Identifier from a tagged object. * - * @param obj the tagged object holding the object we want + * @param obj the tagged object holding the object we want * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. + * tagged false otherwise. + * @throws IllegalArgumentException if the tagged object cannot + * be converted. */ public static ASN1ObjectIdentifier getInstance( ASN1TaggedObject obj, - boolean explicit) + boolean explicit) { ASN1Primitive o = obj.getObject(); @@ -72,38 +72,38 @@ public class DERObjectIdentifier private static final long LONG_LIMIT = (Long.MAX_VALUE >> 7) - 0x7f; DERObjectIdentifier( - byte[] bytes) + byte[] bytes) { - StringBuffer objId = new StringBuffer(); - long value = 0; - BigInteger bigValue = null; - boolean first = true; + StringBuffer objId = new StringBuffer(); + long value = 0; + BigInteger bigValue = null; + boolean first = true; for (int i = 0; i != bytes.length; i++) { int b = bytes[i] & 0xff; - if (value <= LONG_LIMIT) + if (value <= LONG_LIMIT) { value += (b & 0x7f); if ((b & 0x80) == 0) // end of number reached { if (first) { - if (value < 40) - { - objId.append('0'); - } - else if (value < 80) - { - objId.append('1'); + if (value < 40) + { + objId.append('0'); + } + else if (value < 80) + { + objId.append('1'); value -= 40; - } - else - { - objId.append('2'); + } + else + { + objId.append('2'); value -= 80; - } + } first = false; } @@ -115,20 +115,20 @@ public class DERObjectIdentifier { value <<= 7; } - } - else + } + else { if (bigValue == null) { bigValue = BigInteger.valueOf(value); } bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f)); - if ((b & 0x80) == 0) + if ((b & 0x80) == 0) { if (first) { - objId.append('2'); - bigValue = bigValue.subtract(BigInteger.valueOf(80)); + objId.append('2'); + bigValue = bigValue.subtract(BigInteger.valueOf(80)); first = false; } @@ -155,8 +155,12 @@ public class DERObjectIdentifier } public DERObjectIdentifier( - String identifier) + String identifier) { + if (identifier == null) + { + throw new IllegalArgumentException("'identifier' cannot be null"); + } if (!isValidIdentifier(identifier)) { throw new IllegalArgumentException("string " + identifier + " not an OID"); @@ -171,14 +175,24 @@ public class DERObjectIdentifier // END android-changed } + DERObjectIdentifier(DERObjectIdentifier oid, String branchID) + { + if (!isValidBranchID(branchID, 0)) + { + throw new IllegalArgumentException("string " + branchID + " not a valid OID branch"); + } + + this.identifier = oid.getId() + "." + branchID; + } + public String getId() { return identifier; } private void writeField( - ByteArrayOutputStream out, - long fieldValue) + ByteArrayOutputStream out, + long fieldValue) { byte[] result = new byte[9]; int pos = 8; @@ -192,24 +206,24 @@ public class DERObjectIdentifier } private void writeField( - ByteArrayOutputStream out, - BigInteger fieldValue) + ByteArrayOutputStream out, + BigInteger fieldValue) { - int byteCount = (fieldValue.bitLength()+6)/7; - if (byteCount == 0) + int byteCount = (fieldValue.bitLength() + 6) / 7; + if (byteCount == 0) { out.write(0); - } - else + } + else { BigInteger tmpValue = fieldValue; byte[] tmp = new byte[byteCount]; - for (int i = byteCount-1; i >= 0; i--) + for (int i = byteCount - 1; i >= 0; i--) { - tmp[i] = (byte) ((tmpValue.intValue() & 0x7f) | 0x80); - tmpValue = tmpValue.shiftRight(7); + tmp[i] = (byte)((tmpValue.intValue() & 0x7f) | 0x80); + tmpValue = tmpValue.shiftRight(7); } - tmp[byteCount-1] &= 0x7f; + tmp[byteCount - 1] &= 0x7f; out.write(tmp, 0, tmp.length); } } @@ -218,15 +232,15 @@ public class DERObjectIdentifier { OIDTokenizer tok = new OIDTokenizer(identifier); int first = Integer.parseInt(tok.nextToken()) * 40; - + String secondToken = tok.nextToken(); if (secondToken.length() <= 18) { - writeField(aOut, first + Long.parseLong(secondToken)); + writeField(aOut, first + Long.parseLong(secondToken)); } else { - writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first))); + writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first))); } while (tok.hasMoreTokens()) @@ -274,7 +288,7 @@ public class DERObjectIdentifier ASN1OutputStream out) throws IOException { - byte[] enc = getBody(); + byte[] enc = getBody(); out.write(BERTags.OBJECT_IDENTIFIER); out.writeLength(enc.length); @@ -287,7 +301,7 @@ public class DERObjectIdentifier } boolean asn1Equals( - ASN1Primitive o) + ASN1Primitive o) { if (!(o instanceof DERObjectIdentifier)) { @@ -302,25 +316,15 @@ public class DERObjectIdentifier return getId(); } - private static boolean isValidIdentifier( - String identifier) + private static boolean isValidBranchID( + String branchID, int start) { - if (identifier.length() < 3 - || identifier.charAt(1) != '.') - { - return false; - } - - char first = identifier.charAt(0); - if (first < '0' || first > '2') - { - return false; - } - boolean periodAllowed = false; - for (int i = identifier.length() - 1; i >= 2; i--) + + int pos = branchID.length(); + while (--pos >= start) { - char ch = identifier.charAt(i); + char ch = branchID.charAt(pos); // TODO Leading zeroes? if ('0' <= ch && ch <= '9') @@ -346,6 +350,23 @@ public class DERObjectIdentifier return periodAllowed; } + private static boolean isValidIdentifier( + String identifier) + { + if (identifier.length() < 3 || identifier.charAt(1) != '.') + { + return false; + } + + char first = identifier.charAt(0); + if (first < '0' || first > '2') + { + return false; + } + + return isValidBranchID(identifier, 2); + } + private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[256][]; static ASN1ObjectIdentifier fromOctetString(byte[] enc) @@ -364,7 +385,7 @@ public class DERObjectIdentifier synchronized (cache) { ASN1ObjectIdentifier[] first = cache[idx1]; - if (first == null) + if (first == null) { first = cache[idx1] = new ASN1ObjectIdentifier[128]; } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java index 956b9c7..d50fb7c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java @@ -6,7 +6,8 @@ import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Strings; /** - * DER T61String (also the teletex string) + * DER T61String (also the teletex string), try not to use this if you don't need to. The standard support the encoding for + * this has been withdrawn. */ public class DERT61String extends ASN1Primitive @@ -68,30 +69,30 @@ public class DERT61String } /** - * basic constructor - with bytes. + * basic constructor - string encoded as a sequence of bytes. */ - DERT61String( + public DERT61String( byte[] string) { this.string = string; } /** - * basic constructor - with string. + * basic constructor - with string 8 bit assumed. */ public DERT61String( String string) { - // BEGIN android-changed - this.string = Strings.toByteArray(string); - // END android-changed + this(Strings.toByteArray(string)); } + /** + * Decode the encoded string and return it, 8 bit encoding assumed. + * @return the decoded String + */ public String getString() { - // BEGIN android-changed return Strings.fromByteArray(string); - // END android-changed } public String toString() @@ -115,7 +116,11 @@ public class DERT61String { out.writeEncoded(BERTags.T61_STRING, string); } - + + /** + * Return the encoded string as a byte array. + * @return the actual bytes making up the encoded body of the T61 string. + */ public byte[] getOctets() { return Arrays.clone(string); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java index 0a3c4aa..b6cb070 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java @@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.channels.FileChannel; class StreamUtil { @@ -33,7 +34,8 @@ class StreamUtil { try { - long size = ((FileInputStream)in).getChannel().size(); + FileChannel channel = ((FileInputStream)in).getChannel(); + long size = (channel != null) ? channel.size() : Integer.MAX_VALUE; if (size < Integer.MAX_VALUE) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java index 0c5a518..614e224 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java @@ -4,7 +4,7 @@ import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSet; +import org.bouncycastle.asn1.DLSet; public class Attributes extends ASN1Object @@ -18,7 +18,7 @@ public class Attributes public Attributes(ASN1EncodableVector v) { - attributes = new BERSet(v); + attributes = new DLSet(v); } public static Attributes getInstance(Object obj) @@ -35,6 +35,18 @@ public class Attributes return null; } + public Attribute[] getAttributes() + { + Attribute[] rv = new Attribute[attributes.size()]; + + for (int i = 0; i != rv.length; i++) + { + rv[i] = Attribute.getInstance(attributes.getObjectAt(i)); + } + + return rv; + } + /** * <pre> * Attributes ::= diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java index e8f4541..6294d97 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java @@ -15,4 +15,14 @@ public interface CMSObjectIdentifiers static final ASN1ObjectIdentifier compressedData = PKCSObjectIdentifiers.id_ct_compressedData; static final ASN1ObjectIdentifier authEnvelopedData = PKCSObjectIdentifiers.id_ct_authEnvelopedData; static final ASN1ObjectIdentifier timestampedData = PKCSObjectIdentifiers.id_ct_timestampedData; + + /** + * The other Revocation Info arc + * id-ri OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + * dod(6) internet(1) security(5) mechanisms(5) pkix(7) ri(16) } + */ + static final ASN1ObjectIdentifier id_ri = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.16"); + + static final ASN1ObjectIdentifier id_ri_ocsp_response = id_ri.branch("2"); + static final ASN1ObjectIdentifier id_ri_scvp = id_ri.branch("4"); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java index a66c4a1..688ac58 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java @@ -34,6 +34,16 @@ public class ContentInfo return null; } + public static ContentInfo getInstance( + ASN1TaggedObject obj, + boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + /** + * @deprecated use getInstance() + */ public ContentInfo( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java index 29348d2..ad0dbb1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java @@ -34,6 +34,10 @@ public class IssuerAndSerialNumber return null; } + /** + * @deprecated use getInstance() method. + * @param seq + */ public IssuerAndSerialNumber( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java index a0a34ef..fd2718a 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java @@ -21,6 +21,11 @@ import org.bouncycastle.asn1.DERTaggedObject; public class SignedData extends ASN1Object { + private static final ASN1Integer VERSION_1 = new ASN1Integer(1); + private static final ASN1Integer VERSION_3 = new ASN1Integer(3); + private static final ASN1Integer VERSION_4 = new ASN1Integer(4); + private static final ASN1Integer VERSION_5 = new ASN1Integer(5); + private ASN1Integer version; private ASN1Set digestAlgorithms; private ContentInfo contentInfo; @@ -136,30 +141,30 @@ public class SignedData if (otherCrl) { - return new ASN1Integer(5); + return VERSION_5; } if (attrCertV2Found) { - return new ASN1Integer(4); + return VERSION_4; } if (attrCertV1Found) { - return new ASN1Integer(3); + return VERSION_3; } if (checkForVersion3(signerInfs)) { - return new ASN1Integer(3); + return VERSION_3; } if (!CMSObjectIdentifiers.data.equals(contentOid)) { - return new ASN1Integer(3); + return VERSION_3; } - return new ASN1Integer(1); + return VERSION_1; } private boolean checkForVersion3(ASN1Set signerInfs) diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java index 0727b68..8aafd67 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java @@ -68,6 +68,34 @@ public class SignerInfo } public SignerInfo( + SignerIdentifier sid, + AlgorithmIdentifier digAlgorithm, + Attributes authenticatedAttributes, + AlgorithmIdentifier digEncryptionAlgorithm, + ASN1OctetString encryptedDigest, + Attributes unauthenticatedAttributes) + { + if (sid.isTagged()) + { + this.version = new ASN1Integer(3); + } + else + { + this.version = new ASN1Integer(1); + } + + this.sid = sid; + this.digAlgorithm = digAlgorithm; + this.authenticatedAttributes = ASN1Set.getInstance(authenticatedAttributes); + this.digEncryptionAlgorithm = digEncryptionAlgorithm; + this.encryptedDigest = encryptedDigest; + this.unauthenticatedAttributes = ASN1Set.getInstance(unauthenticatedAttributes); + } + + /** + * @deprecated use getInstance() method. + */ + public SignerInfo( ASN1Sequence seq) { Enumeration e = seq.getObjects(); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java index 97712b5..ba7e518 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java @@ -10,7 +10,7 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.util.Strings; /** - * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2 + * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-3 */ public class NISTNamedCurves { @@ -25,13 +25,16 @@ public class NISTNamedCurves static { - // TODO Missing the "K-" curves - defineCurve("B-571", SECObjectIdentifiers.sect571r1); defineCurve("B-409", SECObjectIdentifiers.sect409r1); defineCurve("B-283", SECObjectIdentifiers.sect283r1); defineCurve("B-233", SECObjectIdentifiers.sect233r1); defineCurve("B-163", SECObjectIdentifiers.sect163r2); + defineCurve("K-571", SECObjectIdentifiers.sect571k1); + defineCurve("K-409", SECObjectIdentifiers.sect409k1); + defineCurve("K-283", SECObjectIdentifiers.sect283k1); + defineCurve("K-233", SECObjectIdentifiers.sect233k1); + defineCurve("K-163", SECObjectIdentifiers.sect163k1); defineCurve("P-521", SECObjectIdentifiers.secp521r1); defineCurve("P-384", SECObjectIdentifiers.secp384r1); defineCurve("P-256", SECObjectIdentifiers.secp256r1); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java index 258f269..afa93c4 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java @@ -11,13 +11,17 @@ public interface NISTObjectIdentifiers // // nistalgorithms(4) // - static final ASN1ObjectIdentifier nistAlgorithm = new ASN1ObjectIdentifier("2.16.840.1.101.3.4"); + static final ASN1ObjectIdentifier nistAlgorithm = new ASN1ObjectIdentifier("2.16.840.1.101.3.4"); + + static final ASN1ObjectIdentifier hashAlgs = nistAlgorithm.branch("2"); + + static final ASN1ObjectIdentifier id_sha256 = hashAlgs.branch("1"); + static final ASN1ObjectIdentifier id_sha384 = hashAlgs.branch("2"); + static final ASN1ObjectIdentifier id_sha512 = hashAlgs.branch("3"); + static final ASN1ObjectIdentifier id_sha224 = hashAlgs.branch("4"); + static final ASN1ObjectIdentifier id_sha512_224 = hashAlgs.branch("5"); + static final ASN1ObjectIdentifier id_sha512_256 = hashAlgs.branch("6"); - static final ASN1ObjectIdentifier id_sha256 = nistAlgorithm.branch("2.1"); - static final ASN1ObjectIdentifier id_sha384 = nistAlgorithm.branch("2.2"); - static final ASN1ObjectIdentifier id_sha512 = nistAlgorithm.branch("2.3"); - static final ASN1ObjectIdentifier id_sha224 = nistAlgorithm.branch("2.4"); - static final ASN1ObjectIdentifier aes = nistAlgorithm.branch("1"); static final ASN1ObjectIdentifier id_aes128_ECB = aes.branch("1"); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java index aac2bb7..c9c14fe 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java @@ -53,6 +53,19 @@ public class CertificationRequestInfo return null; } + /** + * Basic constructor. + * <p> + * Note: Early on a lot of CAs would only accept messages with attributes missing. As the ASN.1 def shows + * the attributes field is not optional so should always at least contain an empty set. If a fully compliant + * request is required, pass in an empty set, the class will otherwise interpret a null as it should + * encode the request with the field missing. + * </p> + * + * @param subject subject to be associated with the public key + * @param pkInfo public key to be associated with subject + * @param attributes any attributes to be associated with the request. + */ public CertificationRequestInfo( X500Name subject, SubjectPublicKeyInfo pkInfo, @@ -86,6 +99,9 @@ public class CertificationRequestInfo } } + /** + * @deprecated use getInstance(). + */ public CertificationRequestInfo( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java index 613c3f4..c885a6c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java @@ -1,55 +1,56 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class EncryptionScheme - extends AlgorithmIdentifier + extends ASN1Object { + private AlgorithmIdentifier algId; + public EncryptionScheme( ASN1ObjectIdentifier objectId, ASN1Encodable parameters) { - super(objectId, parameters); + this.algId = new AlgorithmIdentifier(objectId, parameters); } - EncryptionScheme( + private EncryptionScheme( ASN1Sequence seq) { - this((ASN1ObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1)); + this.algId = AlgorithmIdentifier.getInstance(seq); } - public static final AlgorithmIdentifier getInstance(Object obj) + public static final EncryptionScheme getInstance(Object obj) { if (obj instanceof EncryptionScheme) { return (EncryptionScheme)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new EncryptionScheme((ASN1Sequence)obj); + return new EncryptionScheme(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public ASN1Primitive getObject() + public ASN1ObjectIdentifier getAlgorithm() { - return (ASN1Primitive)getParameters(); + return algId.getAlgorithm(); } - public ASN1Primitive getASN1Primitive() + public ASN1Encodable getParameters() { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(getObjectId()); - v.add(getParameters()); + return algId.getParameters(); + } - return new DERSequence(v); + public ASN1Primitive toASN1Primitive() + { + return algId.toASN1Primitive(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java index fef4f07..3b40836 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java @@ -1,23 +1,56 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class KeyDerivationFunc - extends AlgorithmIdentifier + extends ASN1Object { - KeyDerivationFunc( - ASN1Sequence seq) + private AlgorithmIdentifier algId; + + public KeyDerivationFunc( + ASN1ObjectIdentifier objectId, + ASN1Encodable parameters) { - super(seq); + this.algId = new AlgorithmIdentifier(objectId, parameters); } - - public KeyDerivationFunc( - ASN1ObjectIdentifier id, - ASN1Encodable params) + + private KeyDerivationFunc( + ASN1Sequence seq) + { + this.algId = AlgorithmIdentifier.getInstance(seq); + } + + public static final KeyDerivationFunc getInstance(Object obj) + { + if (obj instanceof KeyDerivationFunc) + { + return (KeyDerivationFunc)obj; + } + else if (obj != null) + { + return new KeyDerivationFunc(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + public ASN1ObjectIdentifier getAlgorithm() + { + return algId.getAlgorithm(); + } + + public ASN1Encodable getParameters() + { + return algId.getParameters(); + } + + public ASN1Primitive toASN1Primitive() { - super(id, params); + return algId.toASN1Primitive(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java index 06c9455..db44a82 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java @@ -17,7 +17,7 @@ public class PBES2Algorithms { private ASN1ObjectIdentifier objectId; private KeyDerivationFunc func; - private EncryptionScheme scheme; + private EncryptionScheme scheme; public PBES2Algorithms( ASN1Sequence obj) @@ -40,10 +40,10 @@ public class PBES2Algorithms } else { - func = new KeyDerivationFunc(funcSeq); + func = KeyDerivationFunc.getInstance(funcSeq); } - scheme = new EncryptionScheme((ASN1Sequence)e.nextElement()); + scheme = EncryptionScheme.getInstance(e.nextElement()); } public ASN1ObjectIdentifier getObjectId() diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java index 5ada493..b47e9cd 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java @@ -13,26 +13,31 @@ public class PBES2Parameters extends ASN1Object implements PKCSObjectIdentifiers { - private KeyDerivationFunc func; - private EncryptionScheme scheme; + private KeyDerivationFunc func; + private EncryptionScheme scheme; public static PBES2Parameters getInstance( Object obj) { - if (obj== null || obj instanceof PBES2Parameters) + if (obj instanceof PBES2Parameters) { return (PBES2Parameters)obj; } - - if (obj instanceof ASN1Sequence) + if (obj != null) { - return new PBES2Parameters((ASN1Sequence)obj); + return new PBES2Parameters(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; + } + + public PBES2Parameters(KeyDerivationFunc keyDevFunc, EncryptionScheme encScheme) + { + this.func = keyDevFunc; + this.scheme = encScheme; } - public PBES2Parameters( + private PBES2Parameters( ASN1Sequence obj) { Enumeration e = obj.getObjects(); @@ -44,10 +49,10 @@ public class PBES2Parameters } else { - func = new KeyDerivationFunc(funcSeq); + func = KeyDerivationFunc.getInstance(funcSeq); } - scheme = (EncryptionScheme)EncryptionScheme.getInstance(e.nextElement()); + scheme = EncryptionScheme.getInstance(e.nextElement()); } public KeyDerivationFunc getKeyDerivationFunc() diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java index f46c294..65c0fa8 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java @@ -48,7 +48,7 @@ public class PBKDF2Params int iterationCount, int keyLength) { - this(salt, iterationCount); + this(salt, iterationCount); this.keyLength = new ASN1Integer(keyLength); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java index 6b42763..dad8650 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java @@ -67,6 +67,10 @@ public class PrivateKeyInfo this.attributes = attributes; } + /** + * @deprectaed use PrivateKeyInfo.getInstance() + * @param seq + */ public PrivateKeyInfo( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java index 9886b73..5302552 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java @@ -184,7 +184,8 @@ public class ASN1Dump { buf.append(dumpBinaryDataAsString(indent, oct.getOctets())); } - else{ + else + { buf.append(nl); } } @@ -208,7 +209,8 @@ public class ASN1Dump { buf.append(dumpBinaryDataAsString(indent, bt.getBytes())); } - else{ + else + { buf.append(nl); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java index 7a7c837..704ea72 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java @@ -16,19 +16,64 @@ public interface X500NameStyle * Convert the passed in String value into the appropriate ASN.1 * encoded object. * - * @param oid the oid associated with the value in the DN. + * @param oid the OID associated with the value in the DN. * @param value the value of the particular DN component. * @return the ASN.1 equivalent for the value. */ ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value); + /** + * Return the OID associated with the passed in name. + * + * @param attrName the string to match. + * @return an OID + */ ASN1ObjectIdentifier attrNameToOID(String attrName); - boolean areEqual(X500Name name1, X500Name name2); - + /** + * Return an array of RDN generated from the passed in String. + * @param dirName the String representation. + * @return an array of corresponding RDNs. + */ RDN[] fromString(String dirName); + /** + * Return true if the two names are equal. + * + * @param name1 first name for comparison. + * @param name2 second name for comparison. + * @return true if name1 = name 2, false otherwise. + */ + boolean areEqual(X500Name name1, X500Name name2); + + /** + * Calculate a hashCode for the passed in name. + * + * @param name the name the hashCode is required for. + * @return the calculated hashCode. + */ int calculateHashCode(X500Name name); + /** + * Convert the passed in X500Name to a String. + * @param name the name to convert. + * @return a String representation. + */ String toString(X500Name name); + + /** + * Return the display name for toString() associated with the OID. + * + * @param oid the OID of interest. + * @return the name displayed in toString(), null if no mapping provided. + */ + String oidToDisplayName(ASN1ObjectIdentifier oid); + + /** + * Return the acceptable names in a String DN that map to OID. + * + * @param oid the OID of interest. + * @return an array of String aliases for the OID, zero length if there are none. + */ + String[] oidToAttrNames(ASN1ObjectIdentifier oid); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java index 777cc56..714a32c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java @@ -315,6 +315,16 @@ public class BCStyle return new DERUTF8String(value); } + public String oidToDisplayName(ASN1ObjectIdentifier oid) + { + return (String)DefaultSymbols.get(oid); + } + + public String[] oidToAttrNames(ASN1ObjectIdentifier oid) + { + return IETFUtils.findAttrNamesForOID(oid, DefaultLookUp); + } + public ASN1ObjectIdentifier attrNameToOID(String attrName) { return IETFUtils.decodeAttrName(attrName, DefaultLookUp); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java index 861108d..c73107e 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java @@ -1,6 +1,7 @@ package org.bouncycastle.asn1.x500.style; import java.io.IOException; +import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -19,6 +20,112 @@ import org.bouncycastle.util.encoders.Hex; public class IETFUtils { + private static String unescape(String elt) + { + if (elt.length() == 0 || (elt.indexOf('\\') < 0 && elt.indexOf('"') < 0)) + { + return elt.trim(); + } + + char[] elts = elt.toCharArray(); + boolean escaped = false; + boolean quoted = false; + StringBuffer buf = new StringBuffer(elt.length()); + int start = 0; + + // if it's an escaped hash string and not an actual encoding in string form + // we need to leave it escaped. + if (elts[0] == '\\') + { + if (elts[1] == '#') + { + start = 2; + buf.append("\\#"); + } + } + + boolean nonWhiteSpaceEncountered = false; + int lastEscaped = 0; + char hex1 = 0; + + for (int i = start; i != elts.length; i++) + { + char c = elts[i]; + + if (c != ' ') + { + nonWhiteSpaceEncountered = true; + } + + if (c == '"') + { + if (!escaped) + { + quoted = !quoted; + } + else + { + buf.append(c); + } + escaped = false; + } + else if (c == '\\' && !(escaped || quoted)) + { + escaped = true; + lastEscaped = buf.length(); + } + else + { + if (c == ' ' && !escaped && !nonWhiteSpaceEncountered) + { + continue; + } + if (escaped && isHexDigit(c)) + { + if (hex1 != 0) + { + buf.append((char)(convertHex(hex1) * 16 + convertHex(c))); + escaped = false; + hex1 = 0; + continue; + } + hex1 = c; + continue; + } + buf.append(c); + escaped = false; + } + } + + if (buf.length() > 0) + { + while (buf.charAt(buf.length() - 1) == ' ' && lastEscaped != (buf.length() - 1)) + { + buf.setLength(buf.length() - 1); + } + } + + return buf.toString(); + } + + private static boolean isHexDigit(char c) + { + return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F'); + } + + private static int convertHex(char c) + { + if ('0' <= c && c <= '9') + { + return c - '0'; + } + if ('a' <= c && c <= 'f') + { + return c - 'a' + 10; + } + return c - 'A' + 10; + } + public static RDN[] rDNsFromString(String name, X500NameStyle x500Style) { X500NameTokenizer nTok = new X500NameTokenizer(name); @@ -27,45 +134,71 @@ public class IETFUtils while (nTok.hasMoreTokens()) { String token = nTok.nextToken(); - int index = token.indexOf('='); - if (index == -1) + if (token.indexOf('+') > 0) { - throw new IllegalArgumentException("badly formated directory string"); - } + X500NameTokenizer pTok = new X500NameTokenizer(token, '+'); + X500NameTokenizer vTok = new X500NameTokenizer(pTok.nextToken(), '='); - String attr = token.substring(0, index); - String value = token.substring(index + 1); - ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr); + String attr = vTok.nextToken(); - if (value.indexOf('+') > 0) - { - X500NameTokenizer vTok = new X500NameTokenizer(value, '+'); - String v = vTok.nextToken(); - - Vector oids = new Vector(); - Vector values = new Vector(); + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } - oids.addElement(oid); - values.addElement(v); + String value = vTok.nextToken(); + ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr.trim()); - while (vTok.hasMoreTokens()) + if (pTok.hasMoreTokens()) { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); + Vector oids = new Vector(); + Vector values = new Vector(); - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); + oids.addElement(oid); + values.addElement(unescape(value)); - oids.addElement(x500Style.attrNameToOID(nm)); - values.addElement(vl); - } + while (pTok.hasMoreTokens()) + { + vTok = new X500NameTokenizer(pTok.nextToken(), '='); + + attr = vTok.nextToken(); + + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } - builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values)); + value = vTok.nextToken(); + oid = x500Style.attrNameToOID(attr.trim()); + + + oids.addElement(oid); + values.addElement(unescape(value)); + } + + builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values)); + } + else + { + builder.addRDN(oid, unescape(value)); + } } else { - builder.addRDN(oid, value); + X500NameTokenizer vTok = new X500NameTokenizer(token, '='); + + String attr = vTok.nextToken(); + + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } + + String value = vTok.nextToken(); + ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr.trim()); + + builder.addRDN(oid, unescape(value)); } } @@ -96,6 +229,34 @@ public class IETFUtils return tmp; } + public static String[] findAttrNamesForOID( + ASN1ObjectIdentifier oid, + Hashtable lookup) + { + int count = 0; + for (Enumeration en = lookup.elements(); en.hasMoreElements();) + { + if (oid.equals(en.nextElement())) + { + count++; + } + } + + String[] aliases = new String[count]; + count = 0; + + for (Enumeration en = lookup.keys(); en.hasMoreElements();) + { + String key = (String)en.nextElement(); + if (oid.equals(lookup.get(key))) + { + aliases[count++] = key; + } + } + + return aliases; + } + public static ASN1ObjectIdentifier decodeAttrName( String name, Hashtable lookUp) @@ -123,29 +284,13 @@ public class IETFUtils int off) throws IOException { - str = Strings.toLowerCase(str); byte[] data = new byte[(str.length() - off) / 2]; for (int index = 0; index != data.length; index++) { char left = str.charAt((index * 2) + off); char right = str.charAt((index * 2) + off + 1); - if (left < 'a') - { - data[index] = (byte)((left - '0') << 4); - } - else - { - data[index] = (byte)((left - 'a' + 10) << 4); - } - if (right < 'a') - { - data[index] |= (byte)(right - '0'); - } - else - { - data[index] |= (byte)(right - 'a' + 10); - } + data[index] = (byte)((convertHex(left) << 4) | convertHex(right)); } return ASN1Primitive.fromByteArray(data); @@ -257,6 +402,24 @@ public class IETFUtils index++; } + int start = 0; + if (vBuf.length() > 0) + { + while (vBuf.charAt(start) == ' ') + { + vBuf.insert(start, "\\"); + start += 2; + } + } + + int endBuf = vBuf.length() - 1; + + while (endBuf >= 0 && vBuf.charAt(endBuf) == ' ') + { + vBuf.insert(endBuf, '\\'); + endBuf--; + } + return vBuf.toString(); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java index 430d379..8486989 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java @@ -204,6 +204,16 @@ public class RFC4519Style return new DERUTF8String(value); } + public String oidToDisplayName(ASN1ObjectIdentifier oid) + { + return (String)DefaultSymbols.get(oid); + } + + public String[] oidToAttrNames(ASN1ObjectIdentifier oid) + { + return IETFUtils.findAttrNamesForOID(oid, DefaultLookUp); + } + public ASN1ObjectIdentifier attrNameToOID(String attrName) { return IETFUtils.decodeAttrName(attrName, DefaultLookUp); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java index a02295a..2c8e3fc 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java @@ -56,37 +56,19 @@ class X500NameTokenizer { quoted = !quoted; } - else - { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } - buf.append(c); - } + buf.append(c); escaped = false; } else { if (escaped || quoted) { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } buf.append(c); escaped = false; } else if (c == '\\') { + buf.append(c); escaped = true; } else if (c == separator) @@ -102,6 +84,7 @@ class X500NameTokenizer } index = end; - return buf.toString().trim(); + + return buf.toString(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java index 6f7c3be..d250bf1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java @@ -6,7 +6,6 @@ import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1SequenceParser; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; @@ -33,23 +32,20 @@ public class AlgorithmIdentifier { return (AlgorithmIdentifier)obj; } - + + // TODO: delete if (obj instanceof ASN1ObjectIdentifier) { return new AlgorithmIdentifier((ASN1ObjectIdentifier)obj); } + // TODO: delete if (obj instanceof String) { return new AlgorithmIdentifier((String)obj); } - if (obj instanceof ASN1Sequence || obj instanceof ASN1SequenceParser) - { - return new AlgorithmIdentifier(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return new AlgorithmIdentifier(ASN1Sequence.getInstance(obj)); } public AlgorithmIdentifier( @@ -101,6 +97,10 @@ public class AlgorithmIdentifier this.parameters = parameters; } + /** + * @deprecated use AlgorithmIdentifier.getInstance() + * @param seq + */ public AlgorithmIdentifier( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java index 3746f9e..9c5ed46 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java @@ -156,7 +156,7 @@ public class AuthorityKeyIdentifier } /** - * create an AuthorityKeyIdentifier with a precomupted key identifier + * create an AuthorityKeyIdentifier with a precomputed key identifier */ public AuthorityKeyIdentifier( byte[] keyIdentifier) @@ -167,7 +167,7 @@ public class AuthorityKeyIdentifier } /** - * create an AuthorityKeyIdentifier with a precomupted key identifier + * create an AuthorityKeyIdentifier with a precomputed key identifier * and the GeneralNames tag and the serial number provided as well. */ public AuthorityKeyIdentifier( diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java index e6a06d8..4d566b1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java @@ -4,15 +4,20 @@ import java.io.IOException; import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DERSequence; /** * an object for the elements in the X.509 V3 extension block. */ public class Extension + extends ASN1Object { /** * Subject Directory Attributes @@ -170,9 +175,8 @@ public class Extension public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55"); private ASN1ObjectIdentifier extnId; - - boolean critical; - ASN1OctetString value; + private boolean critical; + private ASN1OctetString value; public Extension( ASN1ObjectIdentifier extnId, @@ -200,6 +204,40 @@ public class Extension this.value = value; } + private Extension(ASN1Sequence seq) + { + if (seq.size() == 2) + { + this.extnId = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); + this.critical = false; + this.value = ASN1OctetString.getInstance(seq.getObjectAt(1)); + } + else if (seq.size() == 3) + { + this.extnId = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); + this.critical = ASN1Boolean.getInstance(seq.getObjectAt(1)).isTrue(); + this.value = ASN1OctetString.getInstance(seq.getObjectAt(2)); + } + else + { + throw new IllegalArgumentException("Bad sequence size: " + seq.size()); + } + } + + public static Extension getInstance(Object obj) + { + if (obj instanceof Extension) + { + return (Extension)obj; + } + else if (obj != null) + { + return new Extension(ASN1Sequence.getInstance(obj)); + } + + return null; + } + public ASN1ObjectIdentifier getExtnId() { return extnId; @@ -224,10 +262,10 @@ public class Extension { if (this.isCritical()) { - return this.getExtnValue().hashCode(); + return this.getExtnValue().hashCode() ^ this.getExtnId().hashCode(); } - return ~this.getExtnValue().hashCode(); + return ~(this.getExtnValue().hashCode() ^ this.getExtnId().hashCode()); } public boolean equals( @@ -240,10 +278,27 @@ public class Extension Extension other = (Extension)o; - return other.getExtnValue().equals(this.getExtnValue()) + return other.getExtnId().equals(this.getExtnId()) + && other.getExtnValue().equals(this.getExtnValue()) && (other.isCritical() == this.isCritical()); } + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(extnId); + + if (critical) + { + v.add(ASN1Boolean.getInstance(true)); + } + + v.add(value); + + return new DERSequence(v); + } + /** * Convert the value of the passed in extension to an object * @param ext the extension to parse diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java index 33175db..1aeed15 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java @@ -4,12 +4,10 @@ import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; -import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; @@ -18,18 +16,18 @@ import org.bouncycastle.asn1.DERSequence; public class Extensions extends ASN1Object { - private Hashtable extensions = new Hashtable(); - private Vector ordering = new Vector(); + private Hashtable extensions = new Hashtable(); + private Vector ordering = new Vector(); public static Extensions getInstance( ASN1TaggedObject obj, - boolean explicit) + boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); } public static Extensions getInstance( - Object obj) + Object obj) { if (obj instanceof Extensions) { @@ -45,7 +43,7 @@ public class Extensions /** * Constructor from ASN1Sequence. - * + * <p/> * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) */ private Extensions( @@ -55,22 +53,10 @@ public class Extensions while (e.hasMoreElements()) { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - - if (s.size() == 3) - { - extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), ASN1Boolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)))); - } - else if (s.size() == 2) - { - extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), false, ASN1OctetString.getInstance(s.getObjectAt(1)))); - } - else - { - throw new IllegalArgumentException("Bad sequence size: " + s.size()); - } + Extension ext = Extension.getInstance(e.nextElement()); - ordering.addElement(s.getObjectAt(0)); + extensions.put(ext.getExtnId(), ext); + ordering.addElement(ext.getExtnId()); } } @@ -88,7 +74,7 @@ public class Extensions /** * Base Constructor - * + * * @param extensions an array of extensions. */ public Extensions( @@ -102,7 +88,7 @@ public class Extensions this.extensions.put(ext.getExtnId(), ext); } } - + /** * return an Enumeration of the extension field's object ids. */ @@ -154,24 +140,14 @@ public class Extensions public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(); - Enumeration e = ordering.elements(); + Enumeration e = ordering.elements(); while (e.hasMoreElements()) { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); Extension ext = (Extension)extensions.get(oid); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oid); - - if (ext.isCritical()) - { - v.add(ASN1Boolean.getInstance(true)); - } - v.add(ext.getExtnValue()); - - vec.add(new DERSequence(v)); + vec.add(ext); } return new DERSequence(vec); @@ -185,11 +161,11 @@ public class Extensions return false; } - Enumeration e1 = extensions.keys(); + Enumeration e1 = extensions.keys(); while (e1.hasMoreElements()) { - Object key = e1.nextElement(); + Object key = e1.nextElement(); if (!extensions.get(key).equals(other.extensions.get(key))) { @@ -204,7 +180,7 @@ public class Extensions { return toOidArray(ordering); } - + public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs() { return getExtensionOIDs(false); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java index 3955fb7..01980be 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java @@ -13,6 +13,12 @@ import org.bouncycastle.asn1.ASN1Primitive; * dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3} * * </pre> + * To create a new KeyPurposeId where none of the below suit, use + * <pre> + * ASN1ObjectIdentifier newKeyPurposeIdOID = new ASN1ObjectIdentifier("1.3.6.1..."); + * + * KeyPurposeId newKeyPurposeId = KeyPurposeId.getInstance(newKeyPurposeIdOID); + * </pre> */ public class KeyPurposeId extends ASN1Object diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java index ed5c6ab..5cee847 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java @@ -25,24 +25,51 @@ public class V2Form public static V2Form getInstance( Object obj) { - if (obj == null || obj instanceof V2Form) + if (obj instanceof V2Form) { return (V2Form)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new V2Form((ASN1Sequence)obj); + return new V2Form(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public V2Form( GeneralNames issuerName) { + this(issuerName, null, null); + } + + public V2Form( + GeneralNames issuerName, + IssuerSerial baseCertificateID) + { + this(issuerName, baseCertificateID, null); + } + + public V2Form( + GeneralNames issuerName, + ObjectDigestInfo objectDigestInfo) + { + this(issuerName, null, objectDigestInfo); + } + + public V2Form( + GeneralNames issuerName, + IssuerSerial baseCertificateID, + ObjectDigestInfo objectDigestInfo) + { this.issuerName = issuerName; + this.baseCertificateID = baseCertificateID; + this.objectDigestInfo = objectDigestInfo; } - + + /** + * @deprecated use getInstance(). + */ public V2Form( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java index d1c7d8e..9aed4e1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java @@ -400,6 +400,7 @@ public class X509Name * Constructor from ASN1Sequence * * the principal will be a list of constructed sets, each containing an (OID, String) pair. + * @deprecated use X500Name.getInstance() */ public X509Name( ASN1Sequence seq) @@ -497,6 +498,7 @@ public class X509Name * <p> * The passed in converter will be used to convert the strings into their * ASN.1 counterparts. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector ordering, @@ -539,6 +541,7 @@ public class X509Name /** * Takes two vectors one of the oids and the other of the values. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector oids, @@ -552,6 +555,7 @@ public class X509Name * <p> * The passed in converter will be used to convert the strings into their * ASN.1 counterparts. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector oids, @@ -586,6 +590,7 @@ public class X509Name /** * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( String dirName) @@ -598,6 +603,7 @@ public class X509Name * some such, converting it into an ordered set of name attributes with each * string value being converted to its associated ASN.1 type using the passed * in converter. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( String dirName, @@ -611,6 +617,7 @@ public class X509Name * some such, converting it into an ordered set of name attributes. If reverse * is true, create the encoded version of the sequence starting from the * last element in the string. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -625,6 +632,7 @@ public class X509Name * string value being converted to its associated ASN.1 type using the passed * in converter. If reverse is true the ASN.1 sequence representing the DN will * be built by starting at the end of the string, rather than the start. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -646,6 +654,7 @@ public class X509Name * @param reverse true if we should start scanning from the end (RFC 2553). * @param lookUp table of names and their oids. * @param dirName the X.500 string to be parsed. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -659,6 +668,7 @@ public class X509Name String name, Hashtable lookUp) { + name = name.trim(); if (Strings.toUpperCase(name).startsWith("OID.")) { return new ASN1ObjectIdentifier(name.substring(4)); @@ -677,6 +687,81 @@ public class X509Name return oid; } + private String unescape(String elt) + { + if (elt.length() == 0 || (elt.indexOf('\\') < 0 && elt.indexOf('"') < 0)) + { + return elt.trim(); + } + + char[] elts = elt.toCharArray(); + boolean escaped = false; + boolean quoted = false; + StringBuffer buf = new StringBuffer(elt.length()); + int start = 0; + + // if it's an escaped hash string and not an actual encoding in string form + // we need to leave it escaped. + if (elts[0] == '\\') + { + if (elts[1] == '#') + { + start = 2; + buf.append("\\#"); + } + } + + boolean nonWhiteSpaceEncountered = false; + int lastEscaped = 0; + + for (int i = start; i != elts.length; i++) + { + char c = elts[i]; + + if (c != ' ') + { + nonWhiteSpaceEncountered = true; + } + + if (c == '"') + { + if (!escaped) + { + quoted = !quoted; + } + else + { + buf.append(c); + } + escaped = false; + } + else if (c == '\\' && !(escaped || quoted)) + { + escaped = true; + lastEscaped = buf.length(); + } + else + { + if (c == ' ' && !escaped && !nonWhiteSpaceEncountered) + { + continue; + } + buf.append(c); + escaped = false; + } + } + + if (buf.length() > 0) + { + while (buf.charAt(buf.length() - 1) == ' ' && lastEscaped != (buf.length() - 1)) + { + buf.setLength(buf.length() - 1); + } + } + + return buf.toString(); + } + /** * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. lookUp @@ -702,43 +787,21 @@ public class X509Name while (nTok.hasMoreTokens()) { String token = nTok.nextToken(); - int index = token.indexOf('='); - if (index == -1) + if (token.indexOf('+') > 0) { - throw new IllegalArgumentException("badly formatted directory string"); - } + X509NameTokenizer pTok = new X509NameTokenizer(token, '+'); - String name = token.substring(0, index); - String value = token.substring(index + 1); - ASN1ObjectIdentifier oid = decodeOID(name, lookUp); + addEntry(lookUp, pTok.nextToken(), FALSE); - if (value.indexOf('+') > 0) - { - X509NameTokenizer vTok = new X509NameTokenizer(value, '+'); - String v = vTok.nextToken(); - - this.ordering.addElement(oid); - this.values.addElement(v); - this.added.addElement(FALSE); - - while (vTok.hasMoreTokens()) + while (pTok.hasMoreTokens()) { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); - - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); - this.ordering.addElement(decodeOID(nm, lookUp)); - this.values.addElement(vl); - this.added.addElement(TRUE); + addEntry(lookUp, pTok.nextToken(), TRUE); } } else { - this.ordering.addElement(oid); - this.values.addElement(value); - this.added.addElement(FALSE); + addEntry(lookUp, token, FALSE); } } @@ -774,6 +837,29 @@ public class X509Name } } + private void addEntry(Hashtable lookUp, String token, Boolean isAdded) + { + X509NameTokenizer vTok; + String name; + String value;ASN1ObjectIdentifier oid; + vTok = new X509NameTokenizer(token, '='); + + name = vTok.nextToken(); + + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } + + value = vTok.nextToken(); + + oid = decodeOID(name, lookUp); + + this.ordering.addElement(oid); + this.values.addElement(unescape(value)); + this.added.addElement(isAdded); + } + /** * return a vector of the oids in the name, in the order they were found. */ @@ -1157,7 +1243,8 @@ public class X509Name buf.append('='); int index = buf.length(); - + int start = index; + buf.append(value); int end = buf.length(); @@ -1185,6 +1272,20 @@ public class X509Name index++; } + + while (buf.charAt(start) == ' ') + { + buf.insert(start, "\\"); + start += 2; + } + + int endBuf = buf.length() - 1; + + while (endBuf >= 0 && buf.charAt(endBuf) == ' ') + { + buf.insert(endBuf, '\\'); + endBuf--; + } } /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java index ceca1ec..454f322 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java @@ -57,37 +57,19 @@ public class X509NameTokenizer { quoted = !quoted; } - else - { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } - buf.append(c); - } + buf.append(c); escaped = false; } else { if (escaped || quoted) { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } buf.append(c); escaped = false; } else if (c == '\\') { + buf.append(c); escaped = true; } else if (c == separator) @@ -114,6 +96,7 @@ public class X509NameTokenizer } index = end; - return buf.toString().trim(); + + return buf.toString(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java index 5c5afdb..f233657 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java @@ -54,43 +54,44 @@ public class X9Curve X9FieldElement x9B = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(1)); curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); } - else + else if (fieldIdentifier.equals(characteristic_two_field)) { - if (fieldIdentifier.equals(characteristic_two_field)) + // Characteristic two field + ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters()); + int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue(). + intValue(); + ASN1ObjectIdentifier representation + = (ASN1ObjectIdentifier)parameters.getObjectAt(1); + + int k1 = 0; + int k2 = 0; + int k3 = 0; + + if (representation.equals(tpBasis)) + { + // Trinomial basis representation + k1 = ASN1Integer.getInstance(parameters.getObjectAt(2)).getValue().intValue(); + } + else if (representation.equals(ppBasis)) { - // Characteristic two field - ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters()); - int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue(). - intValue(); - ASN1ObjectIdentifier representation - = (ASN1ObjectIdentifier)parameters.getObjectAt(1); - - int k1 = 0; - int k2 = 0; - int k3 = 0; - if (representation.equals(tpBasis)) - { - // Trinomial basis representation - k1 = ((ASN1Integer)parameters.getObjectAt(2)).getValue(). - intValue(); - } - else - { - // Pentanomial basis representation - DERSequence pentanomial - = (DERSequence)parameters.getObjectAt(2); - k1 = ((ASN1Integer)pentanomial.getObjectAt(0)).getValue(). - intValue(); - k2 = ((ASN1Integer)pentanomial.getObjectAt(1)).getValue(). - intValue(); - k3 = ((ASN1Integer)pentanomial.getObjectAt(2)).getValue(). - intValue(); - } - X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0)); - X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1)); - // TODO Is it possible to get the order (n) and cofactor(h) too? - curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); + // Pentanomial basis representation + ASN1Sequence pentanomial = ASN1Sequence.getInstance(parameters.getObjectAt(2)); + k1 = ASN1Integer.getInstance(pentanomial.getObjectAt(0)).getValue().intValue(); + k2 = ASN1Integer.getInstance(pentanomial.getObjectAt(1)).getValue().intValue(); + k3 = ASN1Integer.getInstance(pentanomial.getObjectAt(2)).getValue().intValue(); } + else + { + throw new IllegalArgumentException("This type of EC basis is not implemented"); + } + X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0)); + X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1)); + // TODO Is it possible to get the order (n) and cofactor(h) too? + curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); + } + else + { + throw new IllegalArgumentException("This type of ECCurve is not implemented"); } if (seq.size() == 3) @@ -111,8 +112,7 @@ public class X9Curve } else { - throw new IllegalArgumentException("This type of ECCurve is not " - + "implemented"); + throw new IllegalArgumentException("This type of ECCurve is not implemented"); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java index 6c1fcd7..f005cfa 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java @@ -17,11 +17,11 @@ public interface X9ObjectIdentifiers static final ASN1ObjectIdentifier characteristic_two_field = id_fieldType.branch("2"); - static final ASN1ObjectIdentifier gnBasis = id_fieldType.branch("2.3.1"); + static final ASN1ObjectIdentifier gnBasis = characteristic_two_field.branch("3.1"); - static final ASN1ObjectIdentifier tpBasis = id_fieldType.branch("2.3.2"); + static final ASN1ObjectIdentifier tpBasis = characteristic_two_field.branch("3.2"); - static final ASN1ObjectIdentifier ppBasis = id_fieldType.branch("2.3.3"); + static final ASN1ObjectIdentifier ppBasis = characteristic_two_field.branch("3.3"); static final ASN1ObjectIdentifier id_ecSigType = ansi_X9_62.branch("4"); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java index 2543b59..18cc648 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java @@ -130,7 +130,14 @@ public abstract class PBEParametersGenerator public static byte[] PKCS5PasswordToUTF8Bytes( char[] password) { - return Strings.toUTF8ByteArray(password); + if (password != null) + { + return Strings.toUTF8ByteArray(password); + } + else + { + return new byte[0]; + } } /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java index 3dc7059..b7bac28 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java @@ -34,15 +34,18 @@ public final class AndroidDigestFactory { try { factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); // Double check for NativeCrypto in case we are running on RI for testing - Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); + Class.forName("com.android.org.conscrypt.NativeCrypto"); } catch (ClassNotFoundException e1) { try { factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); } catch (ClassNotFoundException e2) { - throw new AssertionError("Failed to load AndroidDigestFactoryInterface " + AssertionError e = new AssertionError("Failed to load " + + "AndroidDigestFactoryInterface " + "implementation. Looked for " + OpenSSLFactoryClassName + " and " + BouncyCastleFactoryClassName); + e.initCause(e1); + throw e; } } if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java index f2c9967..15f3ebb 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java @@ -1,13 +1,14 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.ExtendedDigest; +import org.bouncycastle.util.Memoable; /** * base implementation of MD4 family style digest as outlined in * "Handbook of Applied Cryptography", pages 344 - 347. */ public abstract class GeneralDigest - implements ExtendedDigest + implements ExtendedDigest, Memoable { private static final int BYTE_LENGTH = 64; private byte[] xBuf; @@ -32,6 +33,12 @@ public abstract class GeneralDigest protected GeneralDigest(GeneralDigest t) { xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(GeneralDigest t) + { System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); xBufOff = t.xBufOff; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java index 22d457b..5c79e4e 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java @@ -2,12 +2,13 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** * Base class for SHA-384 and SHA-512. */ public abstract class LongDigest - implements ExtendedDigest + implements ExtendedDigest, Memoable { private static final int BYTE_LENGTH = 128; @@ -41,6 +42,12 @@ public abstract class LongDigest protected LongDigest(LongDigest t) { xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(LongDigest t) + { System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); xBufOff = t.xBufOff; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java index 05ed27a..ff9cedf 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java @@ -1,6 +1,8 @@ package org.bouncycastle.crypto.digests; +import org.bouncycastle.util.Memoable; + /** * implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347. */ @@ -30,6 +32,13 @@ public class MD5Digest { super(t); + copyIn(t); + } + + private void copyIn(MD5Digest t) + { + super.copyIn(t); + H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -299,4 +308,16 @@ public class MD5Digest X[i] = 0; } } + + public Memoable copy() + { + return new MD5Digest(this); + } + + public void reset(Memoable other) + { + MD5Digest d = (MD5Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java index 3e7c0e7..07b4e50 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java @@ -16,7 +16,7 @@ package org.bouncycastle.crypto.digests; -import org.apache.harmony.xnet.provider.jsse.NativeCrypto; +import com.android.org.conscrypt.NativeCrypto; import org.bouncycastle.crypto.ExtendedDigest; /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java index 7f8d30a..21b1024 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java @@ -1,12 +1,13 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** * implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349. * * It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5 - * is the "endienness" of the word processing! + * is the "endianness" of the word processing! */ public class SHA1Digest extends GeneralDigest @@ -34,6 +35,11 @@ public class SHA1Digest { super(t); + copyIn(t); + } + + private void copyIn(SHA1Digest t) + { H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -283,6 +289,19 @@ public class SHA1Digest X[i] = 0; } } + + public Memoable copy() + { + return new SHA1Digest(this); + } + + public void reset(Memoable other) + { + SHA1Digest d = (SHA1Digest)other; + + super.copyIn(d); + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java index abd9c1b..a2ceda3 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java @@ -1,8 +1,8 @@ package org.bouncycastle.crypto.digests; -import org.bouncycastle.crypto.digests.GeneralDigest; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -42,6 +42,13 @@ public class SHA256Digest { super(t); + copyIn(t); + } + + private void copyIn(SHA256Digest t) + { + super.copyIn(t); + H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -291,5 +298,17 @@ public class SHA256Digest 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; + + public Memoable copy() + { + return new SHA256Digest(this); + } + + public void reset(Memoable other) + { + SHA256Digest d = (SHA256Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java index cdd979a..75d195d 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java @@ -1,6 +1,7 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -17,7 +18,6 @@ import org.bouncycastle.crypto.util.Pack; public class SHA384Digest extends LongDigest { - private static final int DIGEST_LENGTH = 48; /** @@ -84,4 +84,16 @@ public class SHA384Digest H7 = 0xdb0c2e0d64f98fa7l; H8 = 0x47b5481dbefa4fa4l; } + + public Memoable copy() + { + return new SHA384Digest(this); + } + + public void reset(Memoable other) + { + SHA384Digest d = (SHA384Digest)other; + + super.copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java index 34a8e4e..7db63ad 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java @@ -1,6 +1,7 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -85,5 +86,17 @@ public class SHA512Digest H7 = 0x1f83d9abfb41bd6bL; H8 = 0x5be0cd19137e2179L; } + + public Memoable copy() + { + return new SHA512Digest(this); + } + + public void reset(Memoable other) + { + SHA512Digest d = (SHA512Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java index c4719cf..4dbfbff 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java @@ -1,5 +1,7 @@ package org.bouncycastle.crypto.encodings; +import java.security.SecureRandom; + import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -9,8 +11,6 @@ import org.bouncycastle.crypto.digests.AndroidDigestFactory; // END android-changed import org.bouncycastle.crypto.params.ParametersWithRandom; -import java.security.SecureRandom; - /** * Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2. */ @@ -18,7 +18,6 @@ public class OAEPEncoding implements AsymmetricBlockCipher { private byte[] defHash; - private Digest hash; private Digest mgf1Hash; private AsymmetricBlockCipher engine; @@ -55,10 +54,11 @@ public class OAEPEncoding byte[] encodingParams) { this.engine = cipher; - this.hash = hash; this.mgf1Hash = mgf1Hash; this.defHash = new byte[hash.getDigestSize()]; + hash.reset(); + if (encodingParams != null) { hash.update(encodingParams, 0, encodingParams.length); @@ -256,15 +256,23 @@ public class OAEPEncoding // // check the hash of the encoding params. + // long check to try to avoid this been a source of a timing attack. // + boolean defHashWrong = false; + for (int i = 0; i != defHash.length; i++) { if (defHash[i] != block[defHash.length + i]) { - throw new InvalidCipherTextException("data hash wrong"); + defHashWrong = true; } } + if (defHashWrong) + { + throw new InvalidCipherTextException("data hash wrong"); + } + // // find the data block // @@ -322,9 +330,9 @@ public class OAEPEncoding byte[] C = new byte[4]; int counter = 0; - hash.reset(); + mgf1Hash.reset(); - do + while (counter < (length / hashBuf.length)) { ItoOSP(counter, C); @@ -333,8 +341,9 @@ public class OAEPEncoding mgf1Hash.doFinal(hashBuf, 0); System.arraycopy(hashBuf, 0, mask, counter * hashBuf.length, hashBuf.length); + + counter++; } - while (++counter < (length / hashBuf.length)); if ((counter * hashBuf.length) < length) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java index 1bc9aae..756197c 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -392,7 +393,7 @@ private static final int[] Tinv0 = if ((outOff + (32 / 2)) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (forEncryption) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java index 7e91973..ff4b2f8 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java @@ -3,9 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; -// BEGIN android-added import org.bouncycastle.crypto.OutputLengthException; -// END android-added import org.bouncycastle.crypto.params.KeyParameter; /** @@ -726,9 +724,7 @@ public class AESFastEngine if ((outOff + (32 / 2)) > out.length) { - // BEGIN android-changed throw new OutputLengthException("output buffer too short"); - // END android-changed } if (forEncryption) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java index 6ee1c49..cfe7f1f 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -363,7 +364,7 @@ implements BlockCipher if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java index b04911c..9b1e404 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -78,7 +79,7 @@ public class DESEngine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } desFunc(workingKey, in, inOff, out, outOff); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java index c908218..513eccd 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java @@ -2,9 +2,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; -// BEGIN android-added import org.bouncycastle.crypto.OutputLengthException; -// END android-added import org.bouncycastle.crypto.params.KeyParameter; /** @@ -102,9 +100,7 @@ public class DESedeEngine if ((outOff + BLOCK_SIZE) > out.length) { - // BEGIN android-changed throw new OutputLengthException("output buffer too short"); - // END android-changed } byte[] temp = new byte[BLOCK_SIZE]; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java index 62240ea..02cb881 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.RC2Parameters; @@ -174,7 +175,7 @@ public class RC2Engine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java index e7a9cdd..4de7ea6 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java @@ -2,6 +2,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.StreamCipher; import org.bouncycastle.crypto.params.KeyParameter; @@ -81,7 +82,7 @@ public class RC4Engine implements StreamCipher if ((outOff + len) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } for (int i = 0; i < len ; i++) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java index bf43ff2..31ac087 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -303,7 +304,7 @@ public final class TwofishEngine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java index 98dd0f7..50baa4d 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java @@ -1,23 +1,25 @@ package org.bouncycastle.crypto.generators; +import java.math.BigInteger; +import java.security.SecureRandom; + import org.bouncycastle.crypto.Digest; // BEGIN android-changed import org.bouncycastle.crypto.digests.AndroidDigestFactory; // END android-changed +import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAValidationParameters; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.BigIntegers; +import org.bouncycastle.util.encoders.Hex; -import java.math.BigInteger; -import java.security.SecureRandom; - -// TODO Update javadoc to mention FIPS 186-3 when done /** - * generate suitable parameters for DSA, in line with FIPS 186-2. + * Generate suitable parameters for DSA, in line with FIPS 186-2, or FIPS 186-3. */ public class DSAParametersGenerator { + private Digest digest; private int L, N; private int certainty; private SecureRandom random; @@ -26,6 +28,21 @@ public class DSAParametersGenerator private static final BigInteger ONE = BigInteger.valueOf(1); private static final BigInteger TWO = BigInteger.valueOf(2); + private boolean use186_3; + private int usageIndex; + + public DSAParametersGenerator() + { + // BEGIN android-changed + this(AndroidDigestFactory.getSHA1()); + // END android-changed + } + + public DSAParametersGenerator(Digest digest) + { + this.digest = digest; + } + /** * initialise the key generator. * @@ -38,23 +55,53 @@ public class DSAParametersGenerator int certainty, SecureRandom random) { - init(size, getDefaultN(size), certainty, random); + this.use186_3 = false; + this.L = size; + this.N = getDefaultN(size); + this.certainty = certainty; + this.random = random; } - // TODO Make public to enable support for DSA keys > 1024 bits - private void init( - int L, - int N, - int certainty, - SecureRandom random) + /** + * Initialise the key generator for DSA 2. + * <p> + * Use this init method if you need to generate parameters for DSA 2 keys. + * </p> + * + * @param params DSA 2 key generation parameters. + */ + public void init( + DSAParameterGenerationParameters params) { - // TODO Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2) // TODO Should we enforce the minimum 'certainty' values as per C.3 Table C.1? + this.use186_3 = true; + this.L = params.getL(); + this.N = params.getN(); + this.certainty = params.getCertainty(); + this.random = params.getRandom(); + this.usageIndex = params.getUsageIndex(); + + if ((L < 1024 || L > 3072) || L % 1024 != 0) + { + throw new IllegalArgumentException("L values must be between 1024 and 3072 and a multiple of 1024"); + } + else if (L == 1024 && N != 160) + { + throw new IllegalArgumentException("N must be 160 for L = 1024"); + } + else if (L == 2048 && (N != 224 && N != 256)) + { + throw new IllegalArgumentException("N must be 224 or 256 for L = 2048"); + } + else if (L == 3072 && N != 256) + { + throw new IllegalArgumentException("N must be 256 for L = 3072"); + } - this.L = L; - this.N = N; - this.certainty = certainty; - this.random = random; + if (digest.getDigestSize() * 8 < N) + { + throw new IllegalStateException("Digest output size too small for value of N"); + } } /** @@ -65,7 +112,7 @@ public class DSAParametersGenerator */ public DSAParameters generateParameters() { - return L > 1024 + return (use186_3) ? generateParameters_FIPS186_3() : generateParameters_FIPS186_2(); } @@ -76,20 +123,24 @@ public class DSAParametersGenerator byte[] part1 = new byte[20]; byte[] part2 = new byte[20]; byte[] u = new byte[20]; - // BEGIN android-changed - Digest sha1 = AndroidDigestFactory.getSHA1(); - // END android-changed int n = (L - 1) / 160; byte[] w = new byte[L / 8]; + // BEGIN android-changed + if (!(digest.getAlgorithmName().equals("SHA-1"))) + // END android-changed + { + throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters"); + } + for (;;) { random.nextBytes(seed); - hash(sha1, seed, part1); + hash(digest, seed, part1); System.arraycopy(seed, 0, part2, 0, seed.length); inc(part2); - hash(sha1, part2, part2); + hash(digest, part2, part2); for (int i = 0; i != u.length; i++) { @@ -114,12 +165,12 @@ public class DSAParametersGenerator for (int k = 0; k < n; k++) { inc(offset); - hash(sha1, offset, part1); + hash(digest, offset, part1); System.arraycopy(part1, 0, w, w.length - (k + 1) * part1.length, part1.length); } inc(offset); - hash(sha1, offset, part1); + hash(digest, offset, part1); System.arraycopy(part1, part1.length - ((w.length - (n) * part1.length)), w, 0, w.length - n * part1.length); w[0] |= (byte)0x80; @@ -169,9 +220,7 @@ public class DSAParametersGenerator { // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function // FIXME This should be configurable (digest size in bits must be >= N) - // BEGIN android-changed - Digest d = AndroidDigestFactory.getSHA256(); - // END android-changed + Digest d = digest; int outlen = d.getDigestSize() * 8; // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If @@ -197,6 +246,7 @@ public class DSAParametersGenerator // 6. U = Hash (domain_parameter_seed) mod 2^(N–1). hash(d, seed, output); + BigInteger U = new BigInteger(1, output).mod(ONE.shiftLeft(N - 1)); // 7. q = 2^(N–1) + U + 1 – ( U mod 2). @@ -258,16 +308,17 @@ public class DSAParametersGenerator { // 11.8 If p is determined to be prime, then return VALID and the values of p, q and // (optionally) the values of domain_parameter_seed and counter. - // TODO Make configurable (8-bit unsigned)? -// int index = 1; -// BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, index); -// if (g != null) -// { -// // TODO Should 'index' be a part of the validation parameters? -// return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)); -// } + if (usageIndex >= 0) + { + BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, usageIndex); + if (g != null) + { + return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter, usageIndex)); + } + } BigInteger g = calculateGenerator_FIPS186_3_Unverifiable(p, q, random); + return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)); } @@ -286,34 +337,34 @@ public class DSAParametersGenerator return calculateGenerator_FIPS186_2(p, q, r); } -// private static BigInteger calculateGenerator_FIPS186_3_Verifiable(Digest d, BigInteger p, BigInteger q, -// byte[] seed, int index) -// { -//// A.2.3 Verifiable Canonical Generation of the Generator g -// BigInteger e = p.subtract(ONE).divide(q); -// byte[] ggen = Hex.decode("6767656E"); -// -// // 7. U = domain_parameter_seed || "ggen" || index || count. -// byte[] U = new byte[seed.length + ggen.length + 1 + 2]; -// System.arraycopy(seed, 0, U, 0, seed.length); -// System.arraycopy(ggen, 0, U, seed.length, ggen.length); -// U[U.length - 3] = (byte)index; -// -// byte[] w = new byte[d.getDigestSize()]; -// for (int count = 1; count < (1 << 16); ++count) -// { -// inc(U); -// hash(d, U, w); -// BigInteger W = new BigInteger(1, w); -// BigInteger g = W.modPow(e, p); -// if (g.compareTo(TWO) >= 0) -// { -// return g; -// } -// } -// -// return null; -// } + private static BigInteger calculateGenerator_FIPS186_3_Verifiable(Digest d, BigInteger p, BigInteger q, + byte[] seed, int index) + { +// A.2.3 Verifiable Canonical Generation of the Generator g + BigInteger e = p.subtract(ONE).divide(q); + byte[] ggen = Hex.decode("6767656E"); + + // 7. U = domain_parameter_seed || "ggen" || index || count. + byte[] U = new byte[seed.length + ggen.length + 1 + 2]; + System.arraycopy(seed, 0, U, 0, seed.length); + System.arraycopy(ggen, 0, U, seed.length, ggen.length); + U[U.length - 3] = (byte)index; + + byte[] w = new byte[d.getDigestSize()]; + for (int count = 1; count < (1 << 16); ++count) + { + inc(U); + hash(d, U, w); + BigInteger W = new BigInteger(1, w); + BigInteger g = W.modPow(e, p); + if (g.compareTo(TWO) >= 0) + { + return g; + } + } + + return null; + } private static void hash(Digest d, byte[] input, byte[] output) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java index 8fb1cc8..d9b82c3 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java @@ -125,11 +125,10 @@ public class PKCS12ParametersGenerator byte[] B = new byte[v]; int c = (n + u - 1) / u; + byte[] A = new byte[u]; for (int i = 1; i <= c; i++) { - byte[] A = new byte[u]; - digest.update(D, 0, D.length); digest.update(I, 0, I.length); digest.doFinal(A, 0); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java index a6d87b9..316de64 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java @@ -23,6 +23,7 @@ public class PKCS5S2ParametersGenerator extends PBEParametersGenerator { private Mac hMac; + private byte[] state; /** * construct a PKCS5 Scheme 2 Parameters generator. @@ -30,27 +31,27 @@ public class PKCS5S2ParametersGenerator public PKCS5S2ParametersGenerator() { // BEGIN android-changed - this(AndroidDigestFactory.getSHA1()); + this(AndroidDigestFactory.getSHA1()); // END android-changed } public PKCS5S2ParametersGenerator(Digest digest) { hMac = new HMac(digest); + state = new byte[hMac.getMacSize()]; } private void F( - byte[] P, byte[] S, int c, byte[] iBuf, byte[] out, int outOff) { - byte[] state = new byte[hMac.getMacSize()]; - CipherParameters param = new KeyParameter(P); - - hMac.init(param); + if (c == 0) + { + throw new IllegalArgumentException("iteration count must be at least 1."); + } if (S != null) { @@ -58,19 +59,12 @@ public class PKCS5S2ParametersGenerator } hMac.update(iBuf, 0, iBuf.length); - hMac.doFinal(state, 0); System.arraycopy(state, 0, out, outOff, state.length); - - if (c == 0) - { - throw new IllegalArgumentException("iteration count must be at least 1."); - } for (int count = 1; count < c; count++) { - hMac.init(param); hMac.update(state, 0, state.length); hMac.doFinal(state, 0); @@ -81,32 +75,33 @@ public class PKCS5S2ParametersGenerator } } - private void intToOctet( - byte[] buf, - int i) - { - buf[0] = (byte)(i >>> 24); - buf[1] = (byte)(i >>> 16); - buf[2] = (byte)(i >>> 8); - buf[3] = (byte)i; - } - private byte[] generateDerivedKey( int dkLen) { int hLen = hMac.getMacSize(); int l = (dkLen + hLen - 1) / hLen; byte[] iBuf = new byte[4]; - byte[] out = new byte[l * hLen]; + byte[] outBytes = new byte[l * hLen]; + int outPos = 0; + + CipherParameters param = new KeyParameter(password); + + hMac.init(param); for (int i = 1; i <= l; i++) { - intToOctet(iBuf, i); + // Increment the value in 'iBuf' + int pos = 3; + while (++iBuf[pos] == 0) + { + --pos; + } - F(password, salt, iterationCount, iBuf, out, (i - 1) * hLen); + F(salt, iterationCount, iBuf, outBytes, outPos); + outPos += hLen; } - return out; + return outBytes; } /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java index f5b931d..c70a981 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java @@ -8,6 +8,7 @@ import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.crypto.Mac; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.util.Integers; +import org.bouncycastle.util.Memoable; /** * HMAC implementation based on RFC2104 @@ -23,9 +24,11 @@ public class HMac private Digest digest; private int digestSize; private int blockLength; - + private Memoable ipadState; + private Memoable opadState; + private byte[] inputPad; - private byte[] outputPad; + private byte[] outputBuf; private static Hashtable blockLengths; @@ -95,14 +98,12 @@ public class HMac int byteLength) { this.digest = digest; - digestSize = digest.getDigestSize(); - + this.digestSize = digest.getDigestSize(); this.blockLength = byteLength; - - inputPad = new byte[blockLength]; - outputPad = new byte[blockLength]; + this.inputPad = new byte[blockLength]; + this.outputBuf = new byte[blockLength + digestSize]; } - + public String getAlgorithmName() { return digest.getAlgorithmName() + "/HMAC"; @@ -119,39 +120,43 @@ public class HMac digest.reset(); byte[] key = ((KeyParameter)params).getKey(); + int keyLength = key.length; - if (key.length > blockLength) + if (keyLength > blockLength) { - digest.update(key, 0, key.length); + digest.update(key, 0, keyLength); digest.doFinal(inputPad, 0); - for (int i = digestSize; i < inputPad.length; i++) - { - inputPad[i] = 0; - } + + keyLength = digestSize; } else { - System.arraycopy(key, 0, inputPad, 0, key.length); - for (int i = key.length; i < inputPad.length; i++) - { - inputPad[i] = 0; - } + System.arraycopy(key, 0, inputPad, 0, keyLength); } - outputPad = new byte[inputPad.length]; - System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length); - - for (int i = 0; i < inputPad.length; i++) + for (int i = keyLength; i < inputPad.length; i++) { - inputPad[i] ^= IPAD; + inputPad[i] = 0; } - for (int i = 0; i < outputPad.length; i++) + System.arraycopy(inputPad, 0, outputBuf, 0, blockLength); + + xorPad(inputPad, blockLength, IPAD); + xorPad(outputBuf, blockLength, OPAD); + + if (digest instanceof Memoable) { - outputPad[i] ^= OPAD; + opadState = ((Memoable)digest).copy(); + + ((Digest)opadState).update(outputBuf, 0, blockLength); } digest.update(inputPad, 0, inputPad.length); + + if (digest instanceof Memoable) + { + ipadState = ((Memoable)digest).copy(); + } } public int getMacSize() @@ -177,15 +182,33 @@ public class HMac byte[] out, int outOff) { - byte[] tmp = new byte[digestSize]; - digest.doFinal(tmp, 0); + digest.doFinal(outputBuf, blockLength); - digest.update(outputPad, 0, outputPad.length); - digest.update(tmp, 0, tmp.length); + if (opadState != null) + { + ((Memoable)digest).reset(opadState); + digest.update(outputBuf, blockLength, digest.getDigestSize()); + } + else + { + digest.update(outputBuf, 0, outputBuf.length); + } - int len = digest.doFinal(out, outOff); + int len = digest.doFinal(out, outOff); - reset(); + for (int i = blockLength; i < outputBuf.length; i++) + { + outputBuf[i] = 0; + } + + if (ipadState != null) + { + ((Memoable)digest).reset(ipadState); + } + else + { + digest.update(inputPad, 0, inputPad.length); + } return len; } @@ -205,4 +228,12 @@ public class HMac */ digest.update(inputPad, 0, inputPad.length); } + + private static void xorPad(byte[] pad, int len, byte n) + { + for (int i = 0; i < len; ++i) + { + pad[i] ^= n; + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java index 18a3425..9a6e2e0 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java @@ -87,6 +87,11 @@ public class CCMBlockCipher { throw new IllegalArgumentException("invalid parameters passed to CCM"); } + + if (nonce == null || nonce.length < 7 || nonce.length > 13) + { + throw new IllegalArgumentException("nonce must have length from 7 to 13 octets"); + } } public String getAlgorithmName() @@ -183,22 +188,31 @@ public class CCMBlockCipher throw new IllegalStateException("CCM cipher unitialized."); } - BlockCipher ctrCipher = new SICBlockCipher(cipher); - byte[] iv = new byte[blockSize]; - byte[] out; - - iv[0] = (byte)(((15 - nonce.length) - 1) & 0x7); + int n = nonce.length; + int q = 15 - n; + if (q < 4) + { + int limitLen = 1 << (8 * q); + if (inLen >= limitLen) + { + throw new IllegalStateException("CCM packet too large for choice of q."); + } + } + byte[] iv = new byte[blockSize]; + iv[0] = (byte)((q - 1) & 0x7); System.arraycopy(nonce, 0, iv, 1, nonce.length); + BlockCipher ctrCipher = new SICBlockCipher(cipher); ctrCipher.init(forEncryption, new ParametersWithIV(keyParam, iv)); + int index = inOff; + int outOff = 0; + byte[] output; + if (forEncryption) { - int index = inOff; - int outOff = 0; - - out = new byte[inLen + macSize]; + output = new byte[inLen + macSize]; calculateMac(in, inOff, inLen, macBlock); @@ -206,7 +220,7 @@ public class CCMBlockCipher while (index < inLen - blockSize) // S1... { - ctrCipher.processBlock(in, index, out, outOff); + ctrCipher.processBlock(in, index, output, outOff); outOff += blockSize; index += blockSize; } @@ -217,18 +231,15 @@ public class CCMBlockCipher ctrCipher.processBlock(block, 0, block, 0); - System.arraycopy(block, 0, out, outOff, inLen - index); + System.arraycopy(block, 0, output, outOff, inLen - index); outOff += inLen - index; - System.arraycopy(macBlock, 0, out, outOff, out.length - outOff); + System.arraycopy(macBlock, 0, output, outOff, output.length - outOff); } else { - int index = inOff; - int outOff = 0; - - out = new byte[inLen - macSize]; + output = new byte[inLen - macSize]; System.arraycopy(in, inOff + inLen - macSize, macBlock, 0, macSize); @@ -239,24 +250,24 @@ public class CCMBlockCipher macBlock[i] = 0; } - while (outOff < out.length - blockSize) + while (outOff < output.length - blockSize) { - ctrCipher.processBlock(in, index, out, outOff); + ctrCipher.processBlock(in, index, output, outOff); outOff += blockSize; index += blockSize; } byte[] block = new byte[blockSize]; - System.arraycopy(in, index, block, 0, out.length - outOff); + System.arraycopy(in, index, block, 0, output.length - outOff); ctrCipher.processBlock(block, 0, block, 0); - System.arraycopy(block, 0, out, outOff, out.length - outOff); + System.arraycopy(block, 0, output, outOff, output.length - outOff); byte[] calculatedMacBlock = new byte[blockSize]; - calculateMac(out, 0, out.length, calculatedMacBlock); + calculateMac(output, 0, output.length, calculatedMacBlock); if (!Arrays.constantTimeAreEqual(macBlock, calculatedMacBlock)) { @@ -264,7 +275,7 @@ public class CCMBlockCipher } } - return out; + return output; } private int calculateMac(byte[] data, int dataOff, int dataLen, byte[] macBlock) @@ -340,13 +351,13 @@ public class CCMBlockCipher extra = (extra + textLength) % 16; if (extra != 0) { - for (int i = 0; i != 16 - extra; i++) + for (int i = extra; i != 16; i++) { cMac.update((byte)0x00); } } } - + // // add the text // diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java new file mode 100644 index 0000000..ba841b8 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java @@ -0,0 +1,80 @@ +package org.bouncycastle.crypto.params; + +import java.security.SecureRandom; + +public class DSAParameterGenerationParameters +{ + public static final int DIGITAL_SIGNATURE_USAGE = 1; + public static final int KEY_ESTABLISHMENT_USAGE = 2; + + private final int l; + private final int n; + private final int usageIndex; + private final int certainty; + private final SecureRandom random; + + /** + * Construct without a usage index, this will do a random construction of G. + * + * @param L desired length of prime P in bits (the effective key size). + * @param N desired length of prime Q in bits. + * @param certainty certainty level for prime number generation. + * @param random the source of randomness to use. + */ + public DSAParameterGenerationParameters( + int L, + int N, + int certainty, + SecureRandom random) + { + this(L, N, certainty, random, -1); + } + + /** + * Construct for a specific usage index - this has the effect of using verifiable canonical generation of G. + * + * @param L desired length of prime P in bits (the effective key size). + * @param N desired length of prime Q in bits. + * @param certainty certainty level for prime number generation. + * @param random the source of randomness to use. + * @param usageIndex a valid usage index. + */ + public DSAParameterGenerationParameters( + int L, + int N, + int certainty, + SecureRandom random, + int usageIndex) + { + this.l = L; + this.n = N; + this.certainty = certainty; + this.usageIndex = usageIndex; + this.random = random; + } + + public int getL() + { + return l; + } + + public int getN() + { + return n; + } + + public int getCertainty() + { + return certainty; + } + + public SecureRandom getRandom() + { + return random; + } + + public int getUsageIndex() + { + return usageIndex; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java index 1cc4b93..07d93d0 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java @@ -4,6 +4,7 @@ import org.bouncycastle.util.Arrays; public class DSAValidationParameters { + private int usageIndex; private byte[] seed; private int counter; @@ -11,8 +12,17 @@ public class DSAValidationParameters byte[] seed, int counter) { + this(seed, counter, -1); + } + + public DSAValidationParameters( + byte[] seed, + int counter, + int usageIndex) + { this.seed = seed; this.counter = counter; + this.usageIndex = usageIndex; } public int getCounter() @@ -25,6 +35,11 @@ public class DSAValidationParameters return seed; } + public int getUsageIndex() + { + return usageIndex; + } + public int hashCode() { return counter ^ Arrays.hashCode(seed); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java index 95a3ec9..05a1327 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java @@ -5,26 +5,23 @@ import java.math.BigInteger; import org.bouncycastle.math.ec.ECConstants; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; +import org.bouncycastle.util.Arrays; public class ECDomainParameters implements ECConstants { - ECCurve curve; - byte[] seed; - ECPoint G; - BigInteger n; - BigInteger h; + private ECCurve curve; + private byte[] seed; + private ECPoint G; + private BigInteger n; + private BigInteger h; public ECDomainParameters( ECCurve curve, ECPoint G, BigInteger n) { - this.curve = curve; - this.G = G; - this.n = n; - this.h = ONE; - this.seed = null; + this(curve, G, n, ONE, null); } public ECDomainParameters( @@ -33,11 +30,7 @@ public class ECDomainParameters BigInteger n, BigInteger h) { - this.curve = curve; - this.G = G; - this.n = n; - this.h = h; - this.seed = null; + this(curve, G, n, h, null); } public ECDomainParameters( @@ -76,6 +69,6 @@ public class ECDomainParameters public byte[] getSeed() { - return seed; + return Arrays.clone(seed); } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java index dac6efe..a80c574 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java @@ -137,6 +137,12 @@ public class ECDSASigner ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2); + // components must be bogus. + if (point.isInfinity()) + { + return false; + } + BigInteger v = point.getX().toBigInteger().mod(n); return v.equals(r); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java index 857b765..f0da0bf 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java @@ -20,6 +20,13 @@ public abstract class Pack } } + public static byte[] intToBigEndian(int n) + { + byte[] bs = new byte[4]; + intToBigEndian(n, bs, 0); + return bs; + } + public static void intToBigEndian(int n, byte[] bs, int off) { bs[ off] = (byte)(n >>> 24); @@ -28,6 +35,13 @@ public abstract class Pack bs[++off] = (byte)(n ); } + public static byte[] intToBigEndian(int[] ns) + { + byte[] bs = new byte[4 * ns.length]; + intToBigEndian(ns, bs, 0); + return bs; + } + public static void intToBigEndian(int[] ns, byte[] bs, int off) { for (int i = 0; i < ns.length; ++i) @@ -44,12 +58,44 @@ public abstract class Pack return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL); } + public static void bigEndianToLong(byte[] bs, int off, long[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = bigEndianToLong(bs, off); + off += 8; + } + } + + public static byte[] longToBigEndian(long n) + { + byte[] bs = new byte[8]; + longToBigEndian(n, bs, 0); + return bs; + } + public static void longToBigEndian(long n, byte[] bs, int off) { intToBigEndian((int)(n >>> 32), bs, off); intToBigEndian((int)(n & 0xffffffffL), bs, off + 4); } + public static byte[] longToBigEndian(long[] ns) + { + byte[] bs = new byte[8 * ns.length]; + longToBigEndian(ns, bs, 0); + return bs; + } + + public static void longToBigEndian(long[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + longToBigEndian(ns[i], bs, off); + off += 8; + } + } + public static int littleEndianToInt(byte[] bs, int off) { int n = bs[ off] & 0xff; @@ -60,13 +106,20 @@ public abstract class Pack } public static void littleEndianToInt(byte[] bs, int off, int[] ns) - { - for (int i = 0; i < ns.length; ++i) - { - ns[i] = littleEndianToInt(bs, off); - off += 4; - } - } + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = littleEndianToInt(bs, off); + off += 4; + } + } + + public static byte[] intToLittleEndian(int n) + { + byte[] bs = new byte[4]; + intToLittleEndian(n, bs, 0); + return bs; + } public static void intToLittleEndian(int n, byte[] bs, int off) { @@ -76,14 +129,21 @@ public abstract class Pack bs[++off] = (byte)(n >>> 24); } - public static void intToLittleEndian(int[] ns, byte[] bs, int off) - { - for (int i = 0; i < ns.length; ++i) - { - intToLittleEndian(ns[i], bs, off); - off += 4; - } - } + public static byte[] intToLittleEndian(int[] ns) + { + byte[] bs = new byte[4 * ns.length]; + intToLittleEndian(ns, bs, 0); + return bs; + } + + public static void intToLittleEndian(int[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + intToLittleEndian(ns[i], bs, off); + off += 4; + } + } public static long littleEndianToLong(byte[] bs, int off) { @@ -92,9 +152,41 @@ public abstract class Pack return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL); } + public static void littleEndianToLong(byte[] bs, int off, long[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = littleEndianToLong(bs, off); + off += 8; + } + } + + public static byte[] longToLittleEndian(long n) + { + byte[] bs = new byte[8]; + longToLittleEndian(n, bs, 0); + return bs; + } + public static void longToLittleEndian(long n, byte[] bs, int off) { intToLittleEndian((int)(n & 0xffffffffL), bs, off); intToLittleEndian((int)(n >>> 32), bs, off + 4); } + + public static byte[] longToLittleEndian(long[] ns) + { + byte[] bs = new byte[8 * ns.length]; + longToLittleEndian(ns, bs, 0); + return bs; + } + + public static void longToLittleEndian(long[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + longToLittleEndian(ns[i], bs, off); + off += 8; + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java index ba7dd80..28a1a6a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java @@ -37,7 +37,6 @@ public class DH // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); - // provider.addAlgorithm("KeyPairGenerator.IES", PREFIX + "KeyPairGeneratorSpi"); // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java index 8f93a68..8d50a54 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java @@ -99,6 +99,8 @@ public class EC // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); + // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java index 2e5ee56..d850e5d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java @@ -7,25 +7,36 @@ import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.DSAParameterSpec; +import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.generators.DSAParametersGenerator; +import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.jce.provider.BouncyCastleProvider; -//import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -//import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; public class AlgorithmParameterGeneratorSpi extends java.security.AlgorithmParameterGeneratorSpi { protected SecureRandom random; protected int strength = 1024; + protected DSAParameterGenerationParameters params; protected void engineInit( int strength, SecureRandom random) { - if (strength < 512 || strength > 1024 || strength % 64 != 0) + if (strength < 512 || strength > 3072) { - throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64"); + throw new InvalidParameterException("strength must be from 512 - 3072"); + } + + if (strength <= 1024 && strength % 64 != 0) + { + throw new InvalidParameterException("strength must be a multiple of 64 below 1024 bits."); + } + + if (strength > 1024 && strength % 1024 != 0) + { + throw new InvalidParameterException("strength must be a multiple of 1024 above 1024 bits."); } this.strength = strength; @@ -42,15 +53,35 @@ public class AlgorithmParameterGeneratorSpi protected AlgorithmParameters engineGenerateParameters() { - DSAParametersGenerator pGen = new DSAParametersGenerator(); + DSAParametersGenerator pGen; - if (random != null) + if (strength <= 1024) { - pGen.init(strength, 20, random); + pGen = new DSAParametersGenerator(); } else { - pGen.init(strength, 20, new SecureRandom()); + pGen = new DSAParametersGenerator(new SHA256Digest()); + } + + if (random == null) + { + random = new SecureRandom(); + } + + if (strength == 1024) + { + params = new DSAParameterGenerationParameters(1024, 160, 80, random); + pGen.init(params); + } + else if (strength > 1024) + { + params = new DSAParameterGenerationParameters(strength, 256, 80, random); + pGen.init(params); + } + else + { + pGen.init(strength, 20, random); } DSAParameters p = pGen.generateParameters(); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java index 1ddb815..61fa33c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java @@ -7,7 +7,6 @@ import java.security.spec.InvalidParameterSpecException; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.x509.DSAParameter; public class AlgorithmParametersSpi diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java index d9d5857..c8b326f 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java @@ -57,11 +57,6 @@ public class DSASigner { CipherParameters param; -// if (publicKey instanceof GOST3410Key) -// { -// param = GOST3410Util.generatePublicKeyParameter(publicKey); -// } -// else if (publicKey instanceof DSAKey) if (publicKey instanceof DSAKey) { param = DSAUtil.generatePublicKeyParameter(publicKey); @@ -108,14 +103,7 @@ public class DSASigner { CipherParameters param; -// if (privateKey instanceof GOST3410Key) -// { -// param = GOST3410Util.generatePrivateKeyParameter(privateKey); -// } -// else -// { - param = DSAUtil.generatePrivateKeyParameter(privateKey); -// } + param = DSAUtil.generatePrivateKeyParameter(privateKey); if (random != null) { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java index f34f482..3d64c83 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java @@ -31,6 +31,8 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.interfaces.ECPointEncoder; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java index 14cc9dc..2b61727 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java @@ -26,6 +26,8 @@ import org.bouncycastle.asn1.x9.X9IntegerConverter; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.interfaces.ECPointEncoder; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java index cade228..35a804c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java @@ -37,6 +37,7 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters; // import org.bouncycastle.crypto.params.MQVPrivateParameters; // import org.bouncycastle.crypto.params.MQVPublicParameters; // END android-removed +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; // BEGIN android-removed diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java index 156b1d0..5769bac 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java @@ -15,6 +15,7 @@ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; import org.bouncycastle.jce.provider.BouncyCastleProvider; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java index 4cbefb6..c0c825c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java @@ -23,6 +23,7 @@ import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECKeyGenerationParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java index 86a407c..c6b4bce 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java @@ -8,9 +8,9 @@ import java.security.PublicKey; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DSA; @@ -34,6 +34,7 @@ import org.bouncycastle.crypto.signers.ECDSASigner; // END android-removed import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; public class SignatureSpi extends DSABase @@ -215,6 +216,24 @@ public class SignatureSpi // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); // } // } + // + // static public class ecCVCDSA384 + // extends SignatureSpi + // { + // public ecCVCDSA384() + // { + // super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } + // + // static public class ecCVCDSA512 + // extends SignatureSpi + // { + // public ecCVCDSA512() + // { + // super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } // END android-removed private static class StdDSAEncoder @@ -227,8 +246,8 @@ public class SignatureSpi { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(r)); - v.add(new DERInteger(s)); + v.add(new ASN1Integer(r)); + v.add(new ASN1Integer(s)); return new DERSequence(v).getEncoded(ASN1Encoding.DER); } @@ -240,8 +259,8 @@ public class SignatureSpi ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); BigInteger[] sig = new BigInteger[2]; - sig[0] = ((DERInteger)s.getObjectAt(0)).getValue(); - sig[1] = ((DERInteger)s.getObjectAt(1)).getValue(); + sig[0] = ASN1Integer.getInstance(s.getObjectAt(0)).getValue(); + sig[1] = ASN1Integer.getInstance(s.getObjectAt(1)).getValue(); return sig; } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java index 4bd7805..52c84ec 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; +package org.bouncycastle.jcajce.provider.asymmetric.util; import java.security.InvalidKeyException; import java.security.PrivateKey; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java index 38025e7..d4065ac 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.util; import java.math.BigInteger; import java.security.spec.ECField; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java index 820bf4b..442b340 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.util; import java.security.InvalidKeyException; import java.security.PrivateKey; @@ -21,6 +21,7 @@ import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; import org.bouncycastle.jce.provider.BouncyCastleProvider; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java index 5b79864..03a1fe8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java @@ -24,8 +24,6 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.jce.provider.X509CRLObject; -import org.bouncycastle.jce.provider.X509CertificateObject; /** * class for dealing with X509 certificates. @@ -334,9 +332,7 @@ public class CertificateFactory public Iterator engineGetCertPathEncodings() { - // BEGIN android-changed return PKIXCertPath.certPathEncodings.iterator(); - // END android-changed } public CertPath engineGenerateCertPath( diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java new file mode 100644 index 0000000..e27acfb --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java @@ -0,0 +1,20 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.security.cert.CRLException; + +class ExtCRLException + extends CRLException +{ + Throwable cause; + + ExtCRLException(String message, Throwable cause) + { + super(message); + this.cause = cause; + } + + public Throwable getCause() + { + return cause; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java new file mode 100644 index 0000000..1888328 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java @@ -0,0 +1,301 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.cert.CRLException; +import java.security.cert.X509CRLEntry; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.CRLReason; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.TBSCertList; +import org.bouncycastle.asn1.x509.X509Extension; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRL Entries + * + * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer + * (critical) + */ +class X509CRLEntryObject extends X509CRLEntry +{ + private TBSCertList.CRLEntry c; + + private X500Name certificateIssuer; + private int hashValue; + private boolean isHashValueSet; + + public X509CRLEntryObject(TBSCertList.CRLEntry c) + { + this.c = c; + this.certificateIssuer = null; + } + + /** + * Constructor for CRLEntries of indirect CRLs. If <code>isIndirect</code> + * is <code>false</code> {@link #getCertificateIssuer()} will always + * return <code>null</code>, <code>previousCertificateIssuer</code> is + * ignored. If this <code>isIndirect</code> is specified and this CRLEntry + * has no certificate issuer CRL entry extension + * <code>previousCertificateIssuer</code> is returned by + * {@link #getCertificateIssuer()}. + * + * @param c + * TBSCertList.CRLEntry object. + * @param isIndirect + * <code>true</code> if the corresponding CRL is a indirect + * CRL. + * @param previousCertificateIssuer + * Certificate issuer of the previous CRLEntry. + */ + public X509CRLEntryObject( + TBSCertList.CRLEntry c, + boolean isIndirect, + X500Name previousCertificateIssuer) + { + this.c = c; + this.certificateIssuer = loadCertificateIssuer(isIndirect, previousCertificateIssuer); + } + + /** + * Will return true if any extensions are present and marked as critical as + * we currently don't handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + + return extns != null && !extns.isEmpty(); + } + + private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer) + { + if (!isIndirect) + { + return null; + } + + Extension ext = getExtension(Extension.certificateIssuer); + if (ext == null) + { + return previousCertificateIssuer; + } + + try + { + GeneralName[] names = GeneralNames.getInstance(ext.getParsedValue()).getNames(); + for (int i = 0; i < names.length; i++) + { + if (names[i].getTagNo() == GeneralName.directoryName) + { + return X500Name.getInstance(names[i].getName()); + } + } + return null; + } + catch (Exception e) + { + return null; + } + } + + public X500Principal getCertificateIssuer() + { + if (certificateIssuer == null) + { + return null; + } + try + { + return new X500Principal(certificateIssuer.getEncoded()); + } + catch (IOException e) + { + return null; + } + } + + private Set getExtensionOIDs(boolean critical) + { + Extensions extensions = c.getExtensions(); + + if (extensions != null) + { + Set set = new HashSet(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + private Extension getExtension(ASN1ObjectIdentifier oid) + { + Extensions exts = c.getExtensions(); + + if (exts != null) + { + return exts.getExtension(oid); + } + + return null; + } + + public byte[] getExtensionValue(String oid) + { + Extension ext = getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new RuntimeException("error encoding " + e.toString()); + } + } + + return null; + } + + /** + * Cache the hashCode value - calculating it with the standard method. + * @return calculated hashCode. + */ + public int hashCode() + { + if (!isHashValueSet) + { + hashValue = super.hashCode(); + isHashValueSet = true; + } + + return hashValue; + } + + public byte[] getEncoded() + throws CRLException + { + try + { + return c.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public BigInteger getSerialNumber() + { + return c.getUserCertificate().getValue(); + } + + public Date getRevocationDate() + { + return c.getRevocationDate().getDate(); + } + + public boolean hasExtensions() + { + return c.getExtensions() != null; + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); + buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); + buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl); + + Extensions extensions = c.getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + if (e.hasMoreElements()) + { + buf.append(" crlEntryExtensions:").append(nl); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append(ext.isCritical()).append(") "); + try + { + if (oid.equals(X509Extension.reasonCode)) + { + buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl); + } + else if (oid.equals(X509Extension.certificateIssuer)) + { + buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + } + + return buf.toString(); + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java new file mode 100644 index 0000000..2fc0826 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java @@ -0,0 +1,578 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.CRLException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509CRL; +import java.security.cert.X509CRLEntry; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.CRLDistPoint; +import org.bouncycastle.asn1.x509.CRLNumber; +import org.bouncycastle.asn1.x509.CertificateList; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.IssuingDistributionPoint; +import org.bouncycastle.asn1.x509.TBSCertList; +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; +import org.bouncycastle.util.encoders.Hex; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRLs + * + * Authority Key Identifier + * Issuer Alternative Name + * CRL Number + * Delta CRL Indicator (critical) + * Issuing Distribution Point (critical) + */ +class X509CRLObject + extends X509CRL +{ + private CertificateList c; + private String sigAlgName; + private byte[] sigAlgParams; + private boolean isIndirect; + + static boolean isIndirectCRL(X509CRL crl) + throws CRLException + { + try + { + byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); + return idp != null + && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(idp).getOctets()).isIndirectCRL(); + } + catch (Exception e) + { + throw new ExtCRLException( + "Exception reading IssuingDistributionPoint", e); + } + } + + public X509CRLObject( + CertificateList c) + throws CRLException + { + this.c = c; + + try + { + this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + + if (c.getSignatureAlgorithm().getParameters() != null) + { + this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + else + { + this.sigAlgParams = null; + } + + this.isIndirect = isIndirectCRL(this); + } + catch (Exception e) + { + throw new CRLException("CRL contents invalid: " + e); + } + } + + /** + * Will return true if any extensions are present and marked + * as critical as we currently dont handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + + if (extns == null) + { + return false; + } + + extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); + extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); + + return !extns.isEmpty(); + } + + private Set getExtensionOIDs(boolean critical) + { + if (this.getVersion() == 2) + { + Extensions extensions = c.getTBSCertList().getExtensions(); + + if (extensions != null) + { + Set set = new HashSet(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + public byte[] getExtensionValue(String oid) + { + Extensions exts = c.getTBSCertList().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new IllegalStateException("error parsing " + e.toString()); + } + } + } + + return null; + } + + public byte[] getEncoded() + throws CRLException + { + try + { + return c.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public void verify(PublicKey key) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + verify(key, BouncyCastleProvider.PROVIDER_NAME); + } + + public void verify(PublicKey key, String sigProvider) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) + { + throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); + } + + Signature sig; + + if (sigProvider != null) + { + sig = Signature.getInstance(getSigAlgName(), sigProvider); + } + else + { + sig = Signature.getInstance(getSigAlgName()); + } + + sig.initVerify(key); + sig.update(this.getTBSCertList()); + + if (!sig.verify(this.getSignature())) + { + throw new SignatureException("CRL does not verify with supplied public key."); + } + } + + public int getVersion() + { + return c.getVersionNumber(); + } + + public Principal getIssuerDN() + { + return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive())); + } + + public X500Principal getIssuerX500Principal() + { + try + { + return new X500Principal(c.getIssuer().getEncoded()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Date getThisUpdate() + { + return c.getThisUpdate().getDate(); + } + + public Date getNextUpdate() + { + if (c.getNextUpdate() != null) + { + return c.getNextUpdate().getDate(); + } + + return null; + } + + private Set loadCRLEntries() + { + Set entrySet = new HashSet(); + Enumeration certs = c.getRevokedCertificateEnumeration(); + + X500Name previousCertificateIssuer = null; // the issuer + while (certs.hasMoreElements()) + { + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + entrySet.add(crlEntry); + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + } + + return entrySet; + } + + public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) + { + Enumeration certs = c.getRevokedCertificateEnumeration(); + + X500Name previousCertificateIssuer = null; // the issuer + while (certs.hasMoreElements()) + { + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + + if (serialNumber.equals(entry.getUserCertificate().getValue())) + { + return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + } + + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + } + + return null; + } + + public Set getRevokedCertificates() + { + Set entrySet = loadCRLEntries(); + + if (!entrySet.isEmpty()) + { + return Collections.unmodifiableSet(entrySet); + } + + return null; + } + + public byte[] getTBSCertList() + throws CRLException + { + try + { + return c.getTBSCertList().getEncoded("DER"); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + public String getSigAlgName() + { + return sigAlgName; + } + + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getAlgorithm().getId(); + } + + public byte[] getSigAlgParams() + { + if (sigAlgParams != null) + { + byte[] tmp = new byte[sigAlgParams.length]; + + System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length); + + return tmp; + } + + return null; + } + + /** + * Returns a string representation of this CRL. + * + * @return a string representation of this CRL. + */ + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" Version: ").append(this.getVersion()).append( + nl); + buf.append(" IssuerDN: ").append(this.getIssuerDN()) + .append(nl); + buf.append(" This update: ").append(this.getThisUpdate()) + .append(nl); + buf.append(" Next update: ").append(this.getNextUpdate()) + .append(nl); + buf.append(" Signature Algorithm: ").append(this.getSigAlgName()) + .append(nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: ").append( + new String(Hex.encode(sig, 0, 20))).append(nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" ").append( + new String(Hex.encode(sig, i, 20))).append(nl); + } + else + { + buf.append(" ").append( + new String(Hex.encode(sig, i, sig.length - i))).append(nl); + } + } + + Extensions extensions = c.getTBSCertList().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: ").append(nl); + } + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append( + ext.isCritical()).append(") "); + try + { + if (oid.equals(Extension.cRLNumber)) + { + buf.append( + new CRLNumber(ASN1Integer.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid.equals(Extension.deltaCRLIndicator)) + { + buf.append( + "Base CRL: " + + new CRLNumber(ASN1Integer.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid + .equals(Extension.issuingDistributionPoint)) + { + buf.append( + IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid + .equals(Extension.cRLDistributionPoints)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(Extension.freshestCRL)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append( + ASN1Dump.dumpAsString(dIn.readObject())) + .append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + Set set = getRevokedCertificates(); + if (set != null) + { + Iterator it = set.iterator(); + while (it.hasNext()) + { + buf.append(it.next()); + buf.append(nl); + } + } + return buf.toString(); + } + + /** + * Checks whether the given certificate is on this CRL. + * + * @param cert the certificate to check for. + * @return true if the given certificate is on this CRL, + * false otherwise. + */ + public boolean isRevoked(Certificate cert) + { + if (!cert.getType().equals("X.509")) + { + throw new RuntimeException("X.509 CRL used with non X.509 Cert"); + } + + TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + + X500Name caName = c.getIssuer(); + + if (certs != null) + { + BigInteger serial = ((X509Certificate)cert).getSerialNumber(); + + for (int i = 0; i < certs.length; i++) + { + if (isIndirect && certs[i].hasExtensions()) + { + Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + + if (certs[i].getUserCertificate().getValue().equals(serial)) + { + X500Name issuer; + + if (cert instanceof X509Certificate) + { + issuer = X500Name.getInstance(((X509Certificate)cert).getIssuerX500Principal().getEncoded()); + } + else + { + try + { + issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer(); + } + catch (CertificateEncodingException e) + { + throw new RuntimeException("Cannot process certificate"); + } + } + + if (!caName.equals(issuer)) + { + return false; + } + + return true; + } + } + } + + return false; + } +} + diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java new file mode 100644 index 0000000..6604b4a --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java @@ -0,0 +1,916 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OutputStream; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1String; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.misc.MiscObjectIdentifiers; +import org.bouncycastle.asn1.misc.NetscapeCertType; +import org.bouncycastle.asn1.misc.NetscapeRevocationURL; +import org.bouncycastle.asn1.misc.VerisignCzagExtension; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.style.RFC4519Style; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.KeyUsage; +// BEGIN android-added +import org.bouncycastle.asn1.x509.X509Name; +// END android-added +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Integers; +import org.bouncycastle.util.encoders.Hex; + +class X509CertificateObject + extends X509Certificate + implements PKCS12BagAttributeCarrier +{ + private org.bouncycastle.asn1.x509.Certificate c; + private BasicConstraints basicConstraints; + private boolean[] keyUsage; + private boolean hashValueSet; + private int hashValue; + + private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl(); + + public X509CertificateObject( + org.bouncycastle.asn1.x509.Certificate c) + throws CertificateParsingException + { + this.c = c; + + try + { + byte[] bytes = this.getExtensionBytes("2.5.29.19"); + + if (bytes != null) + { + basicConstraints = BasicConstraints.getInstance(ASN1Primitive.fromByteArray(bytes)); + } + } + catch (Exception e) + { + throw new CertificateParsingException("cannot construct BasicConstraints: " + e); + } + + try + { + byte[] bytes = this.getExtensionBytes("2.5.29.15"); + if (bytes != null) + { + DERBitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); + + bytes = bits.getBytes(); + int length = (bytes.length * 8) - bits.getPadBits(); + + keyUsage = new boolean[(length < 9) ? 9 : length]; + + for (int i = 0; i != length; i++) + { + keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + } + else + { + keyUsage = null; + } + } + catch (Exception e) + { + throw new CertificateParsingException("cannot construct KeyUsage: " + e); + } + } + + public void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException + { + this.checkValidity(new Date()); + } + + public void checkValidity( + Date date) + throws CertificateExpiredException, CertificateNotYetValidException + { + if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility + { + throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); + } + + if (date.getTime() < this.getNotBefore().getTime()) + { + throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); + } + } + + public int getVersion() + { + return c.getVersionNumber(); + } + + public BigInteger getSerialNumber() + { + return c.getSerialNumber().getValue(); + } + + public Principal getIssuerDN() + { + try + { + return new X509Principal(X500Name.getInstance(c.getIssuer().getEncoded())); + } + catch (IOException e) + { + return null; + } + } + + public X500Principal getIssuerX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getIssuer()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Principal getSubjectDN() + { + return new X509Principal(X500Name.getInstance(c.getSubject().toASN1Primitive())); + } + + public X500Principal getSubjectX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getSubject()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Date getNotBefore() + { + return c.getStartDate().getDate(); + } + + public Date getNotAfter() + { + return c.getEndDate().getDate(); + } + + public byte[] getTBSCertificate() + throws CertificateEncodingException + { + try + { + return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CertificateEncodingException(e.toString()); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + /** + * return a more "meaningful" representation for the signature algorithm used in + * the certficate. + */ + public String getSigAlgName() + { + Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); + + if (prov != null) + { + String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + + if (algName != null) + { + return algName; + } + } + + Provider[] provs = Security.getProviders(); + + // + // search every provider looking for a real algorithm + // + for (int i = 0; i != provs.length; i++) + { + String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + if (algName != null) + { + return algName; + } + } + + return this.getSigAlgOID(); + } + + /** + * return the object identifier for the signature. + */ + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getAlgorithm().getId(); + } + + /** + * return the signature parameters, or null if there aren't any. + */ + public byte[] getSigAlgParams() + { + if (c.getSignatureAlgorithm().getParameters() != null) + { + try + { + return c.getSignatureAlgorithm().getParameters().toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } + } + else + { + return null; + } + } + + public boolean[] getIssuerUniqueID() + { + DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getSubjectUniqueID() + { + DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getKeyUsage() + { + return keyUsage; + } + + public List getExtendedKeyUsage() + throws CertificateParsingException + { + byte[] bytes = this.getExtensionBytes("2.5.29.37"); + + if (bytes != null) + { + try + { + ASN1InputStream dIn = new ASN1InputStream(bytes); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + List list = new ArrayList(); + + for (int i = 0; i != seq.size(); i++) + { + list.add(((ASN1ObjectIdentifier)seq.getObjectAt(i)).getId()); + } + + return Collections.unmodifiableList(list); + } + catch (Exception e) + { + throw new CertificateParsingException("error processing extended key usage extension"); + } + } + + return null; + } + + public int getBasicConstraints() + { + if (basicConstraints != null) + { + if (basicConstraints.isCA()) + { + if (basicConstraints.getPathLenConstraint() == null) + { + return Integer.MAX_VALUE; + } + else + { + return basicConstraints.getPathLenConstraint().intValue(); + } + } + else + { + return -1; + } + } + + return -1; + } + + public Collection getSubjectAlternativeNames() + throws CertificateParsingException + { + return getAlternativeNames(getExtensionBytes(Extension.subjectAlternativeName.getId())); + } + + public Collection getIssuerAlternativeNames() + throws CertificateParsingException + { + return getAlternativeNames(getExtensionBytes(Extension.issuerAlternativeName.getId())); + } + + public Set getCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + Set set = new HashSet(); + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + private byte[] getExtensionBytes(String oid) + { + Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + if (ext != null) + { + return ext.getExtnValue().getOctets(); + } + } + + return null; + } + + public byte[] getExtensionValue(String oid) + { + Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new IllegalStateException("error parsing " + e.toString()); + } + } + } + + return null; + } + + public Set getNonCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + Set set = new HashSet(); + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (!ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + public boolean hasUnsupportedCriticalExtension() + { + if (this.getVersion() == 3) + { + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + String oidId = oid.getId(); + + if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE) + || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES) + || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS) + || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY) + || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS) + || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT) + || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR) + || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS) + || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS) + || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME) + || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS)) + { + continue; + } + + Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + return true; + } + } + } + } + + return false; + } + + public PublicKey getPublicKey() + { + try + { + return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); + } + catch (IOException e) + { + return null; // should never happen... + } + } + + // BEGIN android-changed + private byte[] encoded; + // END android-changed + public byte[] getEncoded() + throws CertificateEncodingException + { + try + { + // BEGIN android-changed + if (encoded == null) { + encoded = c.getEncoded(ASN1Encoding.DER); + } + return encoded; + // END android-changed + } + catch (IOException e) + { + throw new CertificateEncodingException(e.toString()); + } + } + + public boolean equals( + Object o) + { + if (o == this) + { + return true; + } + + if (!(o instanceof Certificate)) + { + return false; + } + + Certificate other = (Certificate)o; + + try + { + byte[] b1 = this.getEncoded(); + byte[] b2 = other.getEncoded(); + + return Arrays.areEqual(b1, b2); + } + catch (CertificateEncodingException e) + { + return false; + } + } + + public synchronized int hashCode() + { + if (!hashValueSet) + { + hashValue = calculateHashCode(); + hashValueSet = true; + } + + return hashValue; + } + + private int calculateHashCode() + { + try + { + int hashCode = 0; + byte[] certData = this.getEncoded(); + for (int i = 1; i < certData.length; i++) + { + hashCode += certData[i] * i; + } + return hashCode; + } + catch (CertificateEncodingException e) + { + return 0; + } + } + + public void setBagAttribute( + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) + { + attrCarrier.setBagAttribute(oid, attribute); + } + + public ASN1Encodable getBagAttribute( + ASN1ObjectIdentifier oid) + { + return attrCarrier.getBagAttribute(oid); + } + + public Enumeration getBagAttributeKeys() + { + return attrCarrier.getBagAttributeKeys(); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" [0] Version: ").append(this.getVersion()).append(nl); + buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); + buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl); + buf.append(" Start Date: ").append(this.getNotBefore()).append(nl); + buf.append(" Final Date: ").append(this.getNotAfter()).append(nl); + buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl); + buf.append(" Public Key: ").append(this.getPublicKey()).append(nl); + buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl); + } + else + { + buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl); + } + } + + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: \n"); + } + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append(ext.isCritical()).append(") "); + try + { + if (oid.equals(Extension.basicConstraints)) + { + buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(Extension.keyUsage)) + { + buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) + { + buf.append(new NetscapeCertType((DERBitString)dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) + { + buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) + { + buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); + //buf.append(" value = ").append("*****").append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + // buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + + return buf.toString(); + } + + public final void verify( + PublicKey key) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + Signature signature; + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + + try + { + signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME); + } + catch (Exception e) + { + signature = Signature.getInstance(sigName); + } + + checkSignature(key, signature); + } + + public final void verify( + PublicKey key, + String sigProvider) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + Signature signature = Signature.getInstance(sigName, sigProvider); + + checkSignature(key, signature); + } + + private void checkSignature( + PublicKey key, + Signature signature) + throws CertificateException, NoSuchAlgorithmException, + SignatureException, InvalidKeyException + { + if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) + { + throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); + } + + ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); + + // TODO This should go after the initVerify? + X509SignatureUtil.setSignatureParameters(signature, params); + + signature.initVerify(key); + + signature.update(this.getTBSCertificate()); + + if (!signature.verify(this.getSignature())) + { + throw new SignatureException("certificate does not verify with supplied key"); + } + } + + private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) + { + if (!id1.getAlgorithm().equals(id2.getAlgorithm())) + { + return false; + } + + if (id1.getParameters() == null) + { + if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + if (id2.getParameters() == null) + { + if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + return id1.getParameters().equals(id2.getParameters()); + } + + private static Collection getAlternativeNames(byte[] extVal) + throws CertificateParsingException + { + if (extVal == null) + { + return null; + } + try + { + Collection temp = new ArrayList(); + Enumeration it = ASN1Sequence.getInstance(extVal).getObjects(); + while (it.hasMoreElements()) + { + GeneralName genName = GeneralName.getInstance(it.nextElement()); + List list = new ArrayList(); + list.add(Integers.valueOf(genName.getTagNo())); + switch (genName.getTagNo()) + { + case GeneralName.ediPartyName: + case GeneralName.x400Address: + case GeneralName.otherName: + list.add(genName.getEncoded()); + break; + case GeneralName.directoryName: + // BEGIN android-changed + list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); + // END android-changed + break; + case GeneralName.dNSName: + case GeneralName.rfc822Name: + case GeneralName.uniformResourceIdentifier: + list.add(((ASN1String)genName.getName()).getString()); + break; + case GeneralName.registeredID: + list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); + break; + case GeneralName.iPAddress: + byte[] addrBytes = DEROctetString.getInstance(genName.getName()).getOctets(); + final String addr; + try + { + addr = InetAddress.getByAddress(addrBytes).getHostAddress(); + } + catch (UnknownHostException e) + { + continue; + } + list.add(addr); + break; + default: + throw new IOException("Bad tag number: " + genName.getTagNo()); + } + + temp.add(Collections.unmodifiableList(list)); + } + if (temp.size() == 0) + { + return null; + } + return Collections.unmodifiableCollection(temp); + } + catch (Exception e) + { + throw new CertificateParsingException(e.getMessage()); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java new file mode 100644 index 0000000..4ca9e89 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java @@ -0,0 +1,144 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.PSSParameterSpec; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Null; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERObjectIdentifier; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + +class X509SignatureUtil +{ + private static final ASN1Null derNull = DERNull.INSTANCE; + + static void setSignatureParameters( + Signature signature, + ASN1Encodable params) + throws NoSuchAlgorithmException, SignatureException, InvalidKeyException + { + if (params != null && !derNull.equals(params)) + { + AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); + + try + { + sigParams.init(params.toASN1Primitive().getEncoded()); + } + catch (IOException e) + { + throw new SignatureException("IOException decoding parameters: " + e.getMessage()); + } + + if (signature.getAlgorithm().endsWith("MGF1")) + { + try + { + signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); + } + catch (GeneralSecurityException e) + { + throw new SignatureException("Exception extracting parameters: " + e.getMessage()); + } + } + } + } + + static String getSignatureName( + AlgorithmIdentifier sigAlgId) + { + ASN1Encodable params = sigAlgId.getParameters(); + + if (params != null && !derNull.equals(params)) + { + if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) + { + RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); + + return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; + } + if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) + { + ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); + + return getDigestAlgName((DERObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA"; + } + } + + return sigAlgId.getAlgorithm().getId(); + } + + /** + * Return the digest algorithm using one of the standard JCA string + * representations rather the the algorithm identifier (if possible). + */ + private static String getDigestAlgName( + DERObjectIdentifier digestAlgOID) + { + if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) + { + return "MD5"; + } + else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) + { + return "SHA1"; + } + else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) + { + return "SHA224"; + } + else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) + { + return "SHA256"; + } + else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) + { + return "SHA384"; + } + else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) + { + return "SHA512"; + } + // BEGIN android-removed + // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) + // { + // return "RIPEMD128"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) + // { + // return "RIPEMD160"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) + // { + // return "RIPEMD256"; + // } + // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) + // { + // return "GOST3411"; + // } + // END android-removed + else + { + return digestAlgOID.getId(); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index c3f148b..05bfa1c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -12,22 +12,22 @@ public interface ConfigurableProvider /** * Elliptic Curve CA parameters - thread local version */ - static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; + static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; /** * Elliptic Curve CA parameters - thread local version */ - static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; + static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; /** * Diffie-Hellman Default Parameters - thread local version */ - static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; + static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; /** * Diffie-Hellman Default Parameters - VM wide version */ - static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; + static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; void setParameter(String parameterName, Object parameter); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java new file mode 100644 index 0000000..36a32b1 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java @@ -0,0 +1,51 @@ +package org.bouncycastle.jcajce.provider.config; + +import java.io.OutputStream; +import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStore.ProtectionParameter; + +public class PKCS12StoreParameter + implements LoadStoreParameter +{ + private final OutputStream out; + private final ProtectionParameter protectionParameter; + private final boolean forDEREncoding; + + public PKCS12StoreParameter(OutputStream out, char[] password) + { + this(out, password, false); + } + + public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter) + { + this(out, protectionParameter, false); + } + + public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREncoding) + { + this(out, new KeyStore.PasswordProtection(password), forDEREncoding); + } + + public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding) + { + this.out = out; + this.protectionParameter = protectionParameter; + this.forDEREncoding = forDEREncoding; + } + + public OutputStream getOutputStream() + { + return out; + } + + public ProtectionParameter getProtectionParameter() + { + return protectionParameter; + } + + public boolean isForDEREncoding() + { + return forDEREncoding; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java index 6834e3c..93a7d71 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java @@ -7,15 +7,20 @@ import org.bouncycastle.crypto.digests.MD5Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class MD5 { + private MD5() + { + + } + /** - * MD5 HMac + * MD5 HashMac */ public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java index 2a9eceb..df5d41a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java @@ -1,17 +1,33 @@ package org.bouncycastle.jcajce.provider.digest; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.spec.PBEKeySpec; + import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; public class SHA1 { + private SHA1() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -35,7 +51,7 @@ public class SHA1 * SHA1 HMac */ public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -52,6 +68,103 @@ public class SHA1 } } + /** + * SHA1 HMac + */ + public static class SHA1Mac + extends BaseMac + { + public SHA1Mac() + { + super(new HMac(new SHA1Digest())); + } + } + + /** + * PBEWithHmacSHA + */ + public static class PBEWithMacKeyFactory + extends PBESecretKeyFactory + { + public PBEWithMacKeyFactory() + { + super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); + } + } + + + public static class BasePBKDF2WithHmacSHA1 + extends BaseSecretKeyFactory + { + private int scheme; + + public BasePBKDF2WithHmacSHA1(String name, int scheme) + { + super(name, PKCSObjectIdentifiers.id_PBKDF2); + + this.scheme = scheme; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + + if (pbeSpec.getSalt() == null) + { + throw new InvalidKeySpecException("missing required salt"); + } + + if (pbeSpec.getIterationCount() <= 0) + { + throw new InvalidKeySpecException("positive iteration count required: " + + pbeSpec.getIterationCount()); + } + + if (pbeSpec.getKeyLength() <= 0) + { + throw new InvalidKeySpecException("positive key length required: " + + pbeSpec.getKeyLength()); + } + + if (pbeSpec.getPassword().length == 0) + { + throw new IllegalArgumentException("password empty"); + } + + int digest = SHA1; + int keySize = pbeSpec.getKeyLength(); + int ivSize = -1; // JDK 1,2 and earlier does not understand simplified version. + CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + + public static class PBKDF2WithHmacSHA1UTF8 + extends BasePBKDF2WithHmacSHA1 + { + public PBKDF2WithHmacSHA1UTF8() + { + super("PBKDF2WithHmacSHA1", PKCS5S2_UTF8); + } + } + + public static class PBKDF2WithHmacSHA18BIT + extends BasePBKDF2WithHmacSHA1 + { + public PBKDF2WithHmacSHA18BIT() + { + super("PBKDF2WithHmacSHA1And8bit", PKCS5S2); + } + } + public static class Mappings extends DigestAlgorithmProvider { @@ -71,6 +184,18 @@ public class SHA1 addHMACAlgorithm(provider, "SHA1", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); addHMACAlias(provider, "SHA1", IANAObjectIdentifiers.hmacSHA1); + + provider.addAlgorithm("Mac.PBEWITHHMACSHA", PREFIX + "$SHA1Mac"); + provider.addAlgorithm("Mac.PBEWITHHMACSHA1", PREFIX + "$SHA1Mac"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA1"); + provider.addAlgorithm("Alg.Alias.Mac." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA1", PREFIX + "$PBEWithMacKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1", PREFIX + "$PBKDF2WithHmacSHA1UTF8"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2WithHmacSHA1"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WithHmacSHA1AndUTF8", "PBKDF2WithHmacSHA1"); + provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java index 4e25c39..4504f30 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -7,10 +7,16 @@ import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; public class SHA256 { + private SHA256() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -31,7 +37,7 @@ public class SHA256 } public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -39,7 +45,21 @@ public class SHA256 } } - /** + // BEGIN android-removed + // /** + // * PBEWithHmacSHA + // */ + // public static class PBEWithMacKeyFactory + // extends PBESecretKeyFactory + // { + // public PBEWithMacKeyFactory() + // { + // super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); + // } + // } + // END android-removed + + /** * HMACSHA256 */ public static class KeyGenerator @@ -66,8 +86,15 @@ public class SHA256 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); + // END android-removed + addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); + addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java index c724310..e563579 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -5,12 +5,20 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.digests.SHA384Digest; import org.bouncycastle.crypto.macs.HMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class SHA384 { + private SHA384() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -31,7 +39,7 @@ public class SHA384 } public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -51,6 +59,17 @@ public class SHA384 } } + // BEGIN android-removed + // public static class OldSHA384 + // extends BaseMac + // { + // public OldSHA384() + // { + // super(new OldHMac(new SHA384Digest())); + // } + // } + // END android-removed + public static class Mappings extends DigestAlgorithmProvider { @@ -65,6 +84,9 @@ public class SHA384 provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); + // BEGIN android-removed + // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); + // END android-removed addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java index cae9e7b..903eec1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -4,13 +4,24 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA512tDigest; +// END android-removed import org.bouncycastle.crypto.macs.HMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class SHA512 { + private SHA512() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -30,8 +41,47 @@ public class SHA512 } } + // BEGIN android-removed + // static public class DigestT + // extends BCMessageDigest + // implements Cloneable + // { + // public DigestT(int bitLength) + // { + // super(new SHA512tDigest(bitLength)); + // } + // + // public Object clone() + // throws CloneNotSupportedException + // { + // DigestT d = (DigestT)super.clone(); + // d.digest = new SHA512tDigest((SHA512tDigest)digest); + // + // return d; + // } + // } + // + // static public class DigestT224 + // extends DigestT + // { + // public DigestT224() + // { + // super(224); + // } + // } + // + // static public class DigestT256 + // extends DigestT + // { + // public DigestT256() + // { + // super(256); + // } + // } + // END android-removed + public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -39,6 +89,38 @@ public class SHA512 } } + // BEGIN android-removed + // public static class HashMacT224 + // extends BaseMac + // { + // public HashMacT224() + // { + // super(new HMac(new SHA512tDigest(224))); + // } + // } + // + // public static class HashMacT256 + // extends BaseMac + // { + // public HashMacT256() + // { + // super(new HMac(new SHA512tDigest(256))); + // } + // } + // + // /** + // * SHA-512 HMac + // */ + // public static class OldSHA512 + // extends BaseMac + // { + // public OldSHA512() + // { + // super(new OldHMac(new SHA512Digest())); + // } + // } + // END android-removed + /** * HMACSHA512 */ @@ -51,6 +133,26 @@ public class SHA512 } } + // BEGIN android-removed + // public static class KeyGeneratorT224 + // extends BaseKeyGenerator + // { + // public KeyGeneratorT224() + // { + // super("HMACSHA512/224", 224, new CipherKeyGenerator()); + // } + // } + // + // public static class KeyGeneratorT256 + // extends BaseKeyGenerator + // { + // public KeyGeneratorT256() + // { + // super("HMACSHA512/256", 256, new CipherKeyGenerator()); + // } + // } + // END android-removed + public static class Mappings extends DigestAlgorithmProvider { @@ -66,8 +168,25 @@ public class SHA512 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); + // BEGIN android-removed + // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); + // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); + // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); + // + // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); + // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); + // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); + // + // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); + // END android-removed + addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); + + // BEGIN android-removed + // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); + // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); + // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java new file mode 100644 index 0000000..9711426 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java @@ -0,0 +1,29 @@ +package org.bouncycastle.jcajce.provider.keystore; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class BC +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".bc."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std"); + // BEGIN android-removed + // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); + // END android-removed + provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore"); + provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java new file mode 100644 index 0000000..1d4e146 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java @@ -0,0 +1,32 @@ +package org.bouncycastle.jcajce.provider.keystore; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class PKCS12 +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".pkcs12."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // BEGIN android-removed + // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); + // + // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); + // + // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); + // END android-removed + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java index 2c9c012..ea89261 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.keystore.bc; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -39,12 +39,7 @@ import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.PBEParametersGenerator; -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.SHA1Digest; -// END android-removed +import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.io.DigestInputStream; import org.bouncycastle.crypto.io.DigestOutputStream; @@ -52,11 +47,12 @@ import org.bouncycastle.crypto.io.MacInputStream; import org.bouncycastle.crypto.io.MacOutputStream; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jce.interfaces.BCKeyStore; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.TeeOutputStream; -public class JDKKeyStore +public class BcKeyStoreSpi extends KeyStoreSpi implements BCKeyStore { @@ -90,8 +86,11 @@ public class JDKKeyStore protected SecureRandom random = new SecureRandom(); - public JDKKeyStore() + protected int version; + + public BcKeyStoreSpi(int version) { + this.version = version; } private class StoreEntry @@ -503,13 +502,7 @@ public class JDKKeyStore if (entry == null) { - // BEGIN android-removed - // Only throw if there is a problem removing, not if missing - // throw new KeyStoreException("no such entry as " + alias); - // END android-removed - // BEGIN android-added return; - // END android-added } table.remove(alias); @@ -828,16 +821,12 @@ public class JDKKeyStore // // we only do an integrity check if the password is provided. // - // BEGIN android-changed - HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); - // END android-changed + HMac hMac = new HMac(new SHA1Digest()); if (password != null && password.length != 0) { byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - // BEGIN android-changed - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); - // END android-changed + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); pbeGen.init(passKey, salt, iterationCount); CipherParameters macParams; @@ -894,21 +883,26 @@ public class JDKKeyStore random.nextBytes(salt); - dOut.writeInt(STORE_VERSION); + dOut.writeInt(version); dOut.writeInt(salt.length); dOut.write(salt); dOut.writeInt(iterationCount); - // BEGIN android-changed - HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); + HMac hMac = new HMac(new SHA1Digest()); MacOutputStream mOut = new MacOutputStream(hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); - // END android-changed + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); + if (version < 2) + { + hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); + } + else + { + hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); + } for (int i = 0; i != passKey.length; i++) { @@ -937,8 +931,13 @@ public class JDKKeyStore * Also referred to by the alias UBER. */ public static class BouncyCastleStore - extends JDKKeyStore + extends BcKeyStoreSpi { + public BouncyCastleStore() + { + super(1); + } + public void engineLoad( InputStream stream, char[] password) @@ -991,9 +990,7 @@ public class JDKKeyStore Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); CipherInputStream cIn = new CipherInputStream(dIn, cipher); - // BEGIN android-changed - Digest dig = AndroidDigestFactory.getSHA1(); - // END android-changed + Digest dig = new SHA1Digest(); DigestInputStream dgIn = new DigestInputStream(cIn, dig); this.loadStore(dgIn); @@ -1024,7 +1021,7 @@ public class JDKKeyStore random.nextBytes(salt); - dOut.writeInt(STORE_VERSION); + dOut.writeInt(version); dOut.writeInt(salt.length); dOut.write(salt); dOut.writeInt(iterationCount); @@ -1032,9 +1029,7 @@ public class JDKKeyStore cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - // BEGIN android-changed - DigestOutputStream dgOut = new DigestOutputStream(AndroidDigestFactory.getSHA1()); - // END android-changed + DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); this.saveStore(new TeeOutputStream(cOut, dgOut)); @@ -1045,4 +1040,22 @@ public class JDKKeyStore cOut.close(); } } + + public static class Std + extends BcKeyStoreSpi + { + public Std() + { + super(STORE_VERSION); + } + } + + public static class Version1 + extends BcKeyStoreSpi + { + public Version1() + { + super(1); + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index e4176fa..0d4f0ad 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.keystore.pkcs12; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; @@ -33,6 +33,7 @@ import javax.crypto.Cipher; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; @@ -58,6 +59,8 @@ import org.bouncycastle.asn1.pkcs.CertBag; import org.bouncycastle.asn1.pkcs.ContentInfo; import org.bouncycastle.asn1.pkcs.EncryptedData; import org.bouncycastle.asn1.pkcs.MacData; +import org.bouncycastle.asn1.pkcs.PBES2Parameters; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.Pfx; @@ -70,63 +73,67 @@ import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.config.PKCS12StoreParameter; import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; +import org.bouncycastle.jcajce.provider.util.SecretKeyUtil; import org.bouncycastle.jce.interfaces.BCKeyStore; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.JDKPKCS12StoreParameter; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; -public class JDKPKCS12KeyStore +public class PKCS12KeyStoreSpi extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore { - private static final int SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 1024; + private static final int SALT_SIZE = 20; + private static final int MIN_ITERATIONS = 1024; - private static final Provider bcProvider = new BouncyCastleProvider(); + private static final Provider bcProvider = new BouncyCastleProvider(); - private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(); - private Hashtable localIds = new Hashtable(); - private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(); - private Hashtable chainCerts = new Hashtable(); - private Hashtable keyCerts = new Hashtable(); + private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(); + private Hashtable localIds = new Hashtable(); + private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(); + private Hashtable chainCerts = new Hashtable(); + private Hashtable keyCerts = new Hashtable(); // // generic object types // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; + static final int NULL = 0; + static final int CERTIFICATE = 1; + static final int KEY = 2; + static final int SECRET = 3; + static final int SEALED = 4; // // key types // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; + static final int KEY_PRIVATE = 0; + static final int KEY_PUBLIC = 1; + static final int KEY_SECRET = 2; - protected SecureRandom random = new SecureRandom(); + protected SecureRandom random = new SecureRandom(); // use of final causes problems with JDK 1.2 compiler - private CertificateFactory certFact; + private CertificateFactory certFact; private ASN1ObjectIdentifier keyAlgorithm; private ASN1ObjectIdentifier certAlgorithm; private class CertId { - byte[] id; + byte[] id; CertId( - PublicKey key) + PublicKey key) { this.id = createSubjectKeyId(key).getKeyIdentifier(); } CertId( - byte[] id) + byte[] id) { this.id = id; } @@ -137,7 +144,7 @@ public class JDKPKCS12KeyStore } public boolean equals( - Object o) + Object o) { if (o == this) { @@ -149,13 +156,13 @@ public class JDKPKCS12KeyStore return false; } - CertId cId = (CertId)o; + CertId cId = (CertId)o; return Arrays.areEqual(id, cId.id); } } - public JDKPKCS12KeyStore( + public PKCS12KeyStoreSpi( Provider provider, ASN1ObjectIdentifier keyAlgorithm, ASN1ObjectIdentifier certAlgorithm) @@ -181,12 +188,12 @@ public class JDKPKCS12KeyStore } private SubjectKeyIdentifier createSubjectKeyId( - PublicKey pubKey) + PublicKey pubKey) { try { SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence) ASN1Primitive.fromByteArray(pubKey.getEncoded())); + (ASN1Sequence)ASN1Primitive.fromByteArray(pubKey.getEncoded())); return new SubjectKeyIdentifier(info); } @@ -197,14 +204,14 @@ public class JDKPKCS12KeyStore } public void setRandom( - SecureRandom rand) + SecureRandom rand) { this.random = rand; } - public Enumeration engineAliases() + public Enumeration engineAliases() { - Hashtable tab = new Hashtable(); + Hashtable tab = new Hashtable(); Enumeration e = certs.keys(); while (e.hasMoreElements()) @@ -215,7 +222,7 @@ public class JDKPKCS12KeyStore e = keys.keys(); while (e.hasMoreElements()) { - String a = (String)e.nextElement(); + String a = (String)e.nextElement(); if (tab.get(a) == null) { tab.put(a, "key"); @@ -226,7 +233,7 @@ public class JDKPKCS12KeyStore } public boolean engineContainsAlias( - String alias) + String alias) { return (certs.get(alias) != null || keys.get(alias) != null); } @@ -236,7 +243,7 @@ public class JDKPKCS12KeyStore * tricky if a certificate appears in more than one chain... */ public void engineDeleteEntry( - String alias) + String alias) throws KeyStoreException { Key k = (Key)keys.remove(alias); @@ -250,7 +257,7 @@ public class JDKPKCS12KeyStore if (k != null) { - String id = (String)localIds.remove(alias); + String id = (String)localIds.remove(alias); if (id != null) { c = (Certificate)keyCerts.remove(id); @@ -266,13 +273,13 @@ public class JDKPKCS12KeyStore * simply return the cert for the private key */ public Certificate engineGetCertificate( - String alias) + String alias) { if (alias == null) { throw new IllegalArgumentException("null alias passed to getCertificate."); } - + Certificate c = (Certificate)certs.get(alias); // @@ -280,7 +287,7 @@ public class JDKPKCS12KeyStore // if (c == null) { - String id = (String)localIds.get(alias); + String id = (String)localIds.get(alias); if (id != null) { c = (Certificate)keyCerts.get(id); @@ -295,7 +302,7 @@ public class JDKPKCS12KeyStore } public String engineGetCertificateAlias( - Certificate cert) + Certificate cert) { Enumeration c = certs.elements(); Enumeration k = certs.keys(); @@ -303,7 +310,7 @@ public class JDKPKCS12KeyStore while (c.hasMoreElements()) { Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); + String ta = (String)k.nextElement(); if (tc.equals(cert)) { @@ -317,47 +324,47 @@ public class JDKPKCS12KeyStore while (c.hasMoreElements()) { Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); + String ta = (String)k.nextElement(); if (tc.equals(cert)) { return ta; } } - + return null; } - + public Certificate[] engineGetCertificateChain( - String alias) + String alias) { if (alias == null) { throw new IllegalArgumentException("null alias passed to getCertificateChain."); } - + if (!engineIsKeyEntry(alias)) { return null; } - + Certificate c = engineGetCertificate(alias); if (c != null) { - Vector cs = new Vector(); + Vector cs = new Vector(); while (c != null) { - X509Certificate x509c = (X509Certificate)c; - Certificate nextC = null; + X509Certificate x509c = (X509Certificate)c; + Certificate nextC = null; - byte[] bytes = x509c.getExtensionValue(Extension.authorityKeyIdentifier.getId()); + byte[] bytes = x509c.getExtensionValue(Extension.authorityKeyIdentifier.getId()); if (bytes != null) { try { - ASN1InputStream aIn = new ASN1InputStream(bytes); + ASN1InputStream aIn = new ASN1InputStream(bytes); byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets(); aIn = new ASN1InputStream(authBytes); @@ -367,7 +374,7 @@ public class JDKPKCS12KeyStore { nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); } - + } catch (IOException e) { @@ -380,8 +387,8 @@ public class JDKPKCS12KeyStore // // no authority key id, try the Issuer DN // - Principal i = x509c.getIssuerDN(); - Principal s = x509c.getSubjectDN(); + Principal i = x509c.getIssuerDN(); + Principal s = x509c.getSubjectDN(); if (!i.equals(s)) { @@ -390,7 +397,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); - Principal sub = crt.getSubjectDN(); + Principal sub = crt.getSubjectDN(); if (sub.equals(i)) { try @@ -419,7 +426,7 @@ public class JDKPKCS12KeyStore } } - Certificate[] certChain = new Certificate[cs.size()]; + Certificate[] certChain = new Certificate[cs.size()]; for (int i = 0; i != certChain.length; i++) { @@ -431,8 +438,8 @@ public class JDKPKCS12KeyStore return null; } - - public Date engineGetCreationDate(String alias) + + public Date engineGetCreationDate(String alias) { if (alias == null) { @@ -447,32 +454,32 @@ public class JDKPKCS12KeyStore public Key engineGetKey( String alias, - char[] password) + char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException { if (alias == null) { throw new IllegalArgumentException("null alias passed to getKey."); } - + return (Key)keys.get(alias); } public boolean engineIsCertificateEntry( - String alias) + String alias) { return (certs.get(alias) != null && keys.get(alias) == null); } public boolean engineIsKeyEntry( - String alias) + String alias) { return (keys.get(alias) != null); } public void engineSetCertificateEntry( - String alias, - Certificate cert) + String alias, + Certificate cert) throws KeyStoreException { if (keys.get(alias) != null) @@ -487,17 +494,17 @@ public class JDKPKCS12KeyStore public void engineSetKeyEntry( String alias, byte[] key, - Certificate[] chain) + Certificate[] chain) throws KeyStoreException { throw new RuntimeException("operation not supported"); } public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) + String alias, + Key key, + char[] password, + Certificate[] chain) throws KeyStoreException { if (!(key instanceof PrivateKey)) @@ -527,9 +534,9 @@ public class JDKPKCS12KeyStore } } - public int engineSize() + public int engineSize() { - Hashtable tab = new Hashtable(); + Hashtable tab = new Hashtable(); Enumeration e = certs.keys(); while (e.hasMoreElements()) @@ -540,7 +547,7 @@ public class JDKPKCS12KeyStore e = keys.keys(); while (e.hasMoreElements()) { - String a = (String)e.nextElement(); + String a = (String)e.nextElement(); if (tab.get(a) == null) { tab.put(a, "key"); @@ -551,62 +558,81 @@ public class JDKPKCS12KeyStore } protected PrivateKey unwrapKey( - AlgorithmIdentifier algId, - byte[] data, - char[] password, - boolean wrongPKCS12Zero) + AlgorithmIdentifier algId, + byte[] data, + char[] password, + boolean wrongPKCS12Zero) throws IOException { - String algorithm = algId.getAlgorithm().getId(); - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - - PBEKeySpec pbeSpec = new PBEKeySpec(password); - PrivateKey out; - + ASN1ObjectIdentifier algorithm = algId.getAlgorithm(); try { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); + if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) + { + PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - SecretKey k = keyFact.generateSecret(pbeSpec); - - ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); + PBEKeySpec pbeSpec = new PBEKeySpec(password); + PrivateKey out; - Cipher cipher = Cipher.getInstance(algorithm, bcProvider); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance( + algorithm.getId(), bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec( + pbeParams.getIV(), + pbeParams.getIterations().intValue()); + + SecretKey k = keyFact.generateSecret(pbeSpec); + + ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); + + Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider); - cipher.init(Cipher.UNWRAP_MODE, k, defParams); + cipher.init(Cipher.UNWRAP_MODE, k, defParams); + + // we pass "" as the key algorithm type as it is unknown at this point + return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + } + else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) + { + PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters()); + PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); - // we pass "" as the key algorithm type as it is unknown at this point - out = (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider); + + SecretKey k = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), SecretKeyUtil.getKeySize(alg.getEncryptionScheme().getAlgorithm()))); + + Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId(), bcProvider); + + cipher.init(Cipher.UNWRAP_MODE, k, new IvParameterSpec(ASN1OctetString.getInstance(alg.getEncryptionScheme().getParameters()).getOctets())); + + // we pass "" as the key algorithm type as it is unknown at this point + return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + } } catch (Exception e) { throw new IOException("exception unwrapping private key - " + e.toString()); } - return out; + throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm); } protected byte[] wrapKey( - String algorithm, - Key key, - PKCS12PBEParams pbeParams, - char[] password) + String algorithm, + Key key, + PKCS12PBEParams pbeParams, + char[] password) throws IOException { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - byte[] out; + PBEKeySpec pbeSpec = new PBEKeySpec(password); + byte[] out; try { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance( + algorithm, bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec( + pbeParams.getIV(), + pbeParams.getIterations().intValue()); Cipher cipher = Cipher.getInstance(algorithm, bcProvider); @@ -623,16 +649,16 @@ public class JDKPKCS12KeyStore } protected byte[] cryptData( - boolean forEncryption, - AlgorithmIdentifier algId, - char[] password, - boolean wrongPKCS12Zero, - byte[] data) + boolean forEncryption, + AlgorithmIdentifier algId, + char[] password, + boolean wrongPKCS12Zero, + byte[] data) throws IOException { - String algorithm = algId.getAlgorithm().getId(); + String algorithm = algId.getAlgorithm().getId(); PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - PBEKeySpec pbeSpec = new PBEKeySpec(password); + PBEKeySpec pbeSpec = new PBEKeySpec(password); try { @@ -640,7 +666,7 @@ public class JDKPKCS12KeyStore PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); - BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); + BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPKCS12Zero); @@ -657,7 +683,7 @@ public class JDKPKCS12KeyStore public void engineLoad( InputStream stream, - char[] password) + char[] password) throws IOException { if (stream == null) // just initialising @@ -670,7 +696,7 @@ public class JDKPKCS12KeyStore throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); } - BufferedInputStream bufIn = new BufferedInputStream(stream); + BufferedInputStream bufIn = new BufferedInputStream(stream); bufIn.mark(10); @@ -684,26 +710,26 @@ public class JDKPKCS12KeyStore bufIn.reset(); ASN1InputStream bIn = new ASN1InputStream(bufIn); - ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); - Pfx bag = Pfx.getInstance(obj); - ContentInfo info = bag.getAuthSafe(); - Vector chain = new Vector(); - boolean unmarkedKey = false; - boolean wrongPKCS12Zero = false; + ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); + Pfx bag = Pfx.getInstance(obj); + ContentInfo info = bag.getAuthSafe(); + Vector chain = new Vector(); + boolean unmarkedKey = false; + boolean wrongPKCS12Zero = false; if (bag.getMacData() != null) // check the mac code { - MacData mData = bag.getMacData(); - DigestInfo dInfo = mData.getMac(); - AlgorithmIdentifier algId = dInfo.getAlgorithmId(); - byte[] salt = mData.getSalt(); - int itCount = mData.getIterationCount().intValue(); + MacData mData = bag.getMacData(); + DigestInfo dInfo = mData.getMac(); + AlgorithmIdentifier algId = dInfo.getAlgorithmId(); + byte[] salt = mData.getSalt(); + int itCount = mData.getIterationCount().intValue(); - byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); + byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); try { - byte[] res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, false, data); + byte[] res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, false, data); byte[] dig = dInfo.getDigest(); if (!Arrays.constantTimeAreEqual(res, dig)) @@ -714,7 +740,7 @@ public class JDKPKCS12KeyStore } // Try with incorrect zero length password - res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, true, data); + res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, true, data); if (!Arrays.constantTimeAreEqual(res, dig)) { @@ -741,15 +767,15 @@ public class JDKPKCS12KeyStore { bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); - AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); - ContentInfo[] c = authSafe.getContentInfo(); + AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); + ContentInfo[] c = authSafe.getContentInfo(); for (int i = 0; i != c.length; i++) { if (c[i].getContentType().equals(data)) { ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets()); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); for (int j = 0; j != seq.size(); j++) { @@ -757,25 +783,25 @@ public class JDKPKCS12KeyStore if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); + PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // // set the attributes on the key // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; if (b.getBagAttributes() != null) { Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; - + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; + if (attrSet.size() > 0) { attr = (ASN1Primitive)attrSet.getObjectAt(0); @@ -795,7 +821,7 @@ public class JDKPKCS12KeyStore bagAttr.setBagAttribute(aOid, attr); } } - + if (aOid.equals(pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); @@ -807,11 +833,11 @@ public class JDKPKCS12KeyStore } } } - + if (localId != null) { String name = new String(Hex.encode(localId.getOctets())); - + if (alias == null) { keys.put(name, privKey); @@ -820,12 +846,12 @@ public class JDKPKCS12KeyStore { localIds.put(alias, name); } - } - else - { - unmarkedKey = true; - keys.put("unmarked", privKey); - } + } + else + { + unmarkedKey = true; + keys.put("unmarked", privKey); + } } else if (b.getBagId().equals(certBag)) { @@ -843,12 +869,12 @@ public class JDKPKCS12KeyStore EncryptedData d = EncryptedData.getInstance(c[i].getContent()); byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), password, wrongPKCS12Zero, d.getContent().getOctets()); - ASN1Sequence seq = (ASN1Sequence) ASN1Primitive.fromByteArray(octets); + ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(octets); for (int j = 0; j != seq.size(); j++) { SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); - + if (b.getBagId().equals(certBag)) { chain.addElement(b); @@ -856,22 +882,22 @@ public class JDKPKCS12KeyStore else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); + PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // // set the attributes on the key // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet= (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; if (attrSet.size() > 0) { @@ -917,23 +943,23 @@ public class JDKPKCS12KeyStore } else if (b.getBagId().equals(keyBag)) { - org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue()); - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); + org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(b.getBagValue()); + PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); // // set the attributes on the key // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; if (attrSet.size() > 0) { @@ -998,8 +1024,8 @@ public class JDKPKCS12KeyStore for (int i = 0; i != chain.size(); i++) { - SafeBag b = (SafeBag)chain.elementAt(i); - CertBag cb = CertBag.getInstance(b.getBagValue()); + SafeBag b = (SafeBag)chain.elementAt(i); + CertBag cb = CertBag.getInstance(b.getBagValue()); if (!cb.getCertId().equals(x509Certificate)) { @@ -1010,8 +1036,8 @@ public class JDKPKCS12KeyStore try { - ByteArrayInputStream cIn = new ByteArrayInputStream( - ((ASN1OctetString)cb.getCertValue()).getOctets()); + ByteArrayInputStream cIn = new ByteArrayInputStream( + ((ASN1OctetString)cb.getCertValue()).getOctets()); cert = certFact.generateCertificate(cIn); } catch (Exception e) @@ -1023,17 +1049,17 @@ public class JDKPKCS12KeyStore // set the attributes // ASN1OctetString localId = null; - String alias = null; + String alias = null; if (b.getBagAttributes() != null) { Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); - PKCS12BagAttributeCarrier bagAttr = null; + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); + PKCS12BagAttributeCarrier bagAttr = null; if (cert instanceof PKCS12BagAttributeCarrier) { @@ -1072,8 +1098,8 @@ public class JDKPKCS12KeyStore { if (keyCerts.isEmpty()) { - String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); - + String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); + keyCerts.put(name, cert); keys.put(name, keys.remove("unmarked")); } @@ -1097,21 +1123,32 @@ public class JDKPKCS12KeyStore } } - public void engineStore(LoadStoreParameter param) throws IOException, - NoSuchAlgorithmException, CertificateException + public void engineStore(LoadStoreParameter param) + throws IOException, + NoSuchAlgorithmException, CertificateException { if (param == null) { throw new IllegalArgumentException("'param' arg cannot be null"); } - if (!(param instanceof JDKPKCS12StoreParameter)) + if (!(param instanceof PKCS12StoreParameter || param instanceof JDKPKCS12StoreParameter)) { throw new IllegalArgumentException( "No support for 'param' of type " + param.getClass().getName()); } - JDKPKCS12StoreParameter bcParam = (JDKPKCS12StoreParameter)param; + PKCS12StoreParameter bcParam; + + if (param instanceof PKCS12StoreParameter) + { + bcParam = (PKCS12StoreParameter)param; + } + else + { + bcParam = new PKCS12StoreParameter(((JDKPKCS12StoreParameter)param).getOutputStream(), + param.getProtectionParameter(), ((JDKPKCS12StoreParameter)param).isUseDEREncoding()); + } char[] password; ProtectionParameter protParam = param.getProtectionParameter(); @@ -1129,16 +1166,16 @@ public class JDKPKCS12KeyStore "No support for protection parameter of type " + protParam.getClass().getName()); } - doStore(bcParam.getOutputStream(), password, bcParam.isUseDEREncoding()); + doStore(bcParam.getOutputStream(), password, bcParam.isForDEREncoding()); } - public void engineStore(OutputStream stream, char[] password) + public void engineStore(OutputStream stream, char[] password) throws IOException { doStore(stream, password, false); } - private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) + private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException { if (password == null) @@ -1149,33 +1186,33 @@ public class JDKPKCS12KeyStore // // handle the key // - ASN1EncodableVector keyS = new ASN1EncodableVector(); + ASN1EncodableVector keyS = new ASN1EncodableVector(); Enumeration ks = keys.keys(); while (ks.hasMoreElements()) { - byte[] kSalt = new byte[SALT_SIZE]; + byte[] kSalt = new byte[SALT_SIZE]; random.nextBytes(kSalt); - String name = (String)ks.nextElement(); - PrivateKey privKey = (PrivateKey)keys.get(name); - PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); - byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); - AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); + String name = (String)ks.nextElement(); + PrivateKey privKey = (PrivateKey)keys.get(name); + PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); + byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); + AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); - boolean attrSet = false; - ASN1EncodableVector kName = new ASN1EncodableVector(); + boolean attrSet = false; + ASN1EncodableVector kName = new ASN1EncodableVector(); if (privKey instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; // // make sure we are using the local alias on store // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(name)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); @@ -1186,7 +1223,7 @@ public class JDKPKCS12KeyStore // if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) { - Certificate ct = engineGetCertificate(name); + Certificate ct = engineGetCertificate(name); bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); } @@ -1196,7 +1233,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - ASN1EncodableVector kSeq = new ASN1EncodableVector(); + ASN1EncodableVector kSeq = new ASN1EncodableVector(); kSeq.add(oid); kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); @@ -1212,8 +1249,8 @@ public class JDKPKCS12KeyStore // // set a default friendly name (from the key id) and local id // - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - Certificate ct = engineGetCertificate(name); + ASN1EncodableVector kSeq = new ASN1EncodableVector(); + Certificate ct = engineGetCertificate(name); kSeq.add(pkcs_9_at_localKeyId); kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); @@ -1228,45 +1265,45 @@ public class JDKPKCS12KeyStore kName.add(new DERSequence(kSeq)); } - SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); + SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); keyS.add(kBag); } - byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); + byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); BEROctetString keyString = new BEROctetString(keySEncoded); // // certificate processing // - byte[] cSalt = new byte[SALT_SIZE]; + byte[] cSalt = new byte[SALT_SIZE]; random.nextBytes(cSalt); - ASN1EncodableVector certSeq = new ASN1EncodableVector(); - PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); - AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); - Hashtable doneCerts = new Hashtable(); + ASN1EncodableVector certSeq = new ASN1EncodableVector(); + PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); + AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); + Hashtable doneCerts = new Hashtable(); Enumeration cs = keys.keys(); while (cs.hasMoreElements()) { try { - String name = (String)cs.nextElement(); - Certificate cert = engineGetCertificate(name); - boolean cAttrSet = false; - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); + String name = (String)cs.nextElement(); + Certificate cert = engineGetCertificate(name); + boolean cAttrSet = false; + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; // // make sure we are using the local alias on store // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(name)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); @@ -1297,7 +1334,7 @@ public class JDKPKCS12KeyStore if (!cAttrSet) { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); + ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(pkcs_9_at_localKeyId); fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey()))); @@ -1328,27 +1365,27 @@ public class JDKPKCS12KeyStore { try { - String certId = (String)cs.nextElement(); - Certificate cert = (Certificate)certs.get(certId); - boolean cAttrSet = false; + String certId = (String)cs.nextElement(); + Certificate cert = (Certificate)certs.get(certId); + boolean cAttrSet = false; if (keys.get(certId) != null) { continue; } - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; // // make sure we are using the local alias on store // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(certId)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId)); @@ -1381,7 +1418,7 @@ public class JDKPKCS12KeyStore if (!cAttrSet) { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); + ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(pkcs_9_at_friendlyName); fSeq.add(new DERSet(new DERBMPString(certId))); @@ -1406,22 +1443,22 @@ public class JDKPKCS12KeyStore { try { - CertId certId = (CertId)cs.nextElement(); - Certificate cert = (Certificate)chainCerts.get(certId); + CertId certId = (CertId)cs.nextElement(); + Certificate cert = (Certificate)chainCerts.get(certId); if (doneCerts.get(cert) != null) { continue; } - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; Enumeration e = bagAttrs.getBagAttributeKeys(); while (e.hasMoreElements()) @@ -1455,19 +1492,19 @@ public class JDKPKCS12KeyStore } } - byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); - byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); - EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes)); + byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); + byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); + EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes)); ContentInfo[] info = new ContentInfo[] - { - new ContentInfo(data, keyString), - new ContentInfo(encryptedData, cInfo.toASN1Primitive()) - }; + { + new ContentInfo(data, keyString), + new ContentInfo(encryptedData, cInfo.toASN1Primitive()) + }; - AuthenticatedSafe auth = new AuthenticatedSafe(info); + AuthenticatedSafe auth = new AuthenticatedSafe(info); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream asn1Out; if (useDEREncoding) { @@ -1480,28 +1517,28 @@ public class JDKPKCS12KeyStore asn1Out.writeObject(auth); - byte[] pkg = bOut.toByteArray(); + byte[] pkg = bOut.toByteArray(); - ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg)); + ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg)); // // create the mac // - byte[] mSalt = new byte[20]; - int itCount = MIN_ITERATIONS; + byte[] mSalt = new byte[20]; + int itCount = MIN_ITERATIONS; random.nextBytes(mSalt); - - byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); - MacData mData; + byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); + + MacData mData; try { byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); - AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); - DigestInfo dInfo = new DigestInfo(algId, res); + AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); + DigestInfo dInfo = new DigestInfo(algId, res); mData = new MacData(dInfo, mSalt, itCount); } @@ -1509,11 +1546,11 @@ public class JDKPKCS12KeyStore { throw new IOException("error constructing MAC: " + e.toString()); } - + // // output the Pfx // - Pfx pfx = new Pfx(mainInfo, mData); + Pfx pfx = new Pfx(mainInfo, mData); if (useDEREncoding) { @@ -1529,17 +1566,17 @@ public class JDKPKCS12KeyStore private static byte[] calculatePbeMac( ASN1ObjectIdentifier oid, - byte[] salt, - int itCount, - char[] password, - boolean wrongPkcs12Zero, - byte[] data) + byte[] salt, + int itCount, + char[] password, + boolean wrongPkcs12Zero, + byte[] data) throws Exception { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); + PBEKeySpec pbeSpec = new PBEKeySpec(password); + BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPkcs12Zero); Mac mac = Mac.getInstance(oid.getId(), bcProvider); @@ -1547,9 +1584,9 @@ public class JDKPKCS12KeyStore mac.update(data); return mac.doFinal(); } - + public static class BCPKCS12KeyStore - extends JDKPKCS12KeyStore + extends PKCS12KeyStoreSpi { public BCPKCS12KeyStore() { @@ -1559,7 +1596,7 @@ public class JDKPKCS12KeyStore // BEGIN android-removed // public static class BCPKCS12KeyStore3DES - // extends JDKPKCS12KeyStore + // extends PKCS12KeyStoreSpi // { // public BCPKCS12KeyStore3DES() // { @@ -1568,7 +1605,7 @@ public class JDKPKCS12KeyStore // } // // public static class DefPKCS12KeyStore - // extends JDKPKCS12KeyStore + // extends PKCS12KeyStoreSpi // { // public DefPKCS12KeyStore() // { @@ -1577,7 +1614,7 @@ public class JDKPKCS12KeyStore // } // // public static class DefPKCS12KeyStore3DES - // extends JDKPKCS12KeyStore + // extends PKCS12KeyStoreSpi // { // public DefPKCS12KeyStore3DES() // { @@ -1627,7 +1664,7 @@ public class JDKPKCS12KeyStore { return null; } - + return orig.get(k); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java index 1e12ee3..f561b8a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -11,7 +11,9 @@ import java.security.SecureRandom; // import javax.crypto.spec.IvParameterSpec; // END android-removed +import org.bouncycastle.asn1.bc.BCObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.AESFastEngine; @@ -19,9 +21,11 @@ import org.bouncycastle.crypto.engines.AESWrapEngine; // BEGIN android-removed // import org.bouncycastle.crypto.engines.RFC3211WrapEngine; // import org.bouncycastle.crypto.macs.CMac; +// import org.bouncycastle.crypto.macs.GMac; // END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; +import org.bouncycastle.crypto.modes.GCMBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; // BEGIN android-removed @@ -33,8 +37,9 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; // END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; // BEGIN android-removed // import org.bouncycastle.jce.provider.BouncyCastleProvider; // END android-removed @@ -50,7 +55,13 @@ public final class AES { public ECB() { - super(new AESFastEngine()); + super(new BlockCipherProvider() + { + public BlockCipher get() + { + return new AESFastEngine(); + } + }); } } @@ -90,8 +101,17 @@ public final class AES // super(new CMac(new AESFastEngine())); // } // } + // + // public static class AESGMAC + // extends BaseMac + // { + // public AESGMAC() + // { + // super(new GMac(new GCMBlockCipher(new AESFastEngine()))); + // } + // } // END android-removed - + static public class Wrap extends BaseWrapCipher { @@ -112,6 +132,19 @@ public final class AES // } // END android-removed + + /** + * PBEWithAES-CBC + */ + static public class PBEWithAESCBC + extends BaseBlockCipher + { + public PBEWithAESCBC() + { + super(new CBCBlockCipher(new AESFastEngine())); + } + } + public static class KeyGen extends BaseKeyGenerator { @@ -153,7 +186,117 @@ public final class AES // super(256); // } // } - // + // END android-removed + + /** + * PBEWithSHA1And128BitAES-BC + */ + static public class PBEWithSHAAnd128BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitAESBC() + { + super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); + } + } + + /** + * PBEWithSHA1And192BitAES-BC + */ + static public class PBEWithSHAAnd192BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd192BitAESBC() + { + super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); + } + } + + /** + * PBEWithSHA1And256BitAES-BC + */ + static public class PBEWithSHAAnd256BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd256BitAESBC() + { + super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); + } + } + + /** + * PBEWithSHA256And128BitAES-BC + */ + static public class PBEWithSHA256And128BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And128BitAESBC() + { + super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); + } + } + + /** + * PBEWithSHA256And192BitAES-BC + */ + static public class PBEWithSHA256And192BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And192BitAESBC() + { + super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); + } + } + + /** + * PBEWithSHA256And256BitAES-BC + */ + static public class PBEWithSHA256And256BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And256BitAESBC() + { + super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); + } + } + + /** + * PBEWithMD5And128BitAES-OpenSSL + */ + static public class PBEWithMD5And128BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And128BitAESCBCOpenSSL() + { + super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); + } + } + + /** + * PBEWithMD5And192BitAES-OpenSSL + */ + static public class PBEWithMD5And192BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And192BitAESCBCOpenSSL() + { + super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); + } + } + + /** + * PBEWithMD5And256BitAES-OpenSSL + */ + static public class PBEWithMD5And256BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And256BitAESCBCOpenSSL() + { + super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); + } + } + + // BEGIN android-removed // public static class AlgParamGen // extends BaseAlgorithmParameterGenerator // { @@ -203,7 +346,7 @@ public final class AES } public static class Mappings - extends AlgorithmProvider + extends SymmetricAlgorithmProvider { private static final String PREFIX = AES.class.getName(); @@ -290,6 +433,87 @@ public final class AES // // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And128BitAESCBCOpenSSL"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And192BitAESCBCOpenSSL"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And256BitAESCBCOpenSSL"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd128BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd192BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd256BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And128BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And192BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And256BitAESBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); + + // BEGIN android-removed + // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); + // END android-removed } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java index 1bbdae7..9de8ef0 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java @@ -1,10 +1,12 @@ package org.bouncycastle.jcajce.provider.symmetric; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.RC4Engine; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; public final class ARC4 @@ -33,6 +35,55 @@ public final class ARC4 } } + /** + * PBEWithSHAAnd128BitRC4 + */ + static public class PBEWithSHAAnd128BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitKeyFactory() + { + super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); + } + } + + /** + * PBEWithSHAAnd40BitRC4 + */ + static public class PBEWithSHAAnd40BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd40BitKeyFactory() + { + super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); + } + } + + + /** + * PBEWithSHAAnd128BitRC4 + */ + static public class PBEWithSHAAnd128Bit + extends BaseStreamCipher + { + public PBEWithSHAAnd128Bit() + { + super(new RC4Engine(), 0); + } + } + + /** + * PBEWithSHAAnd40BitRC4 + */ + static public class PBEWithSHAAnd40Bit + extends BaseStreamCipher + { + public PBEWithSHAAnd40Bit() + { + super(new RC4Engine(), 0); + } + } + public static class Mappings extends AlgorithmProvider { @@ -44,15 +95,32 @@ public final class ARC4 public void configure(ConfigurableProvider provider) { - provider.addAlgorithm("Cipher.ARC4", PREFIX + "$Base"); - provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.rc4, "ARC4"); provider.addAlgorithm("Alg.Alias.Cipher.ARCFOUR", "ARC4"); provider.addAlgorithm("Alg.Alias.Cipher.RC4", "ARC4"); provider.addAlgorithm("KeyGenerator.ARC4", PREFIX + "$KeyGen"); provider.addAlgorithm("Alg.Alias.KeyGenerator.RC4", "ARC4"); provider.addAlgorithm("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128Bit"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40Bit"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); + + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java index 3ba874c..6d5c5e8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java @@ -10,10 +10,13 @@ import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.KeyGenerationParameters; import org.bouncycastle.crypto.engines.DESEngine; // BEGIN android-removed @@ -24,16 +27,22 @@ import org.bouncycastle.crypto.macs.CBCBlockCipherMac; // BEGIN android-removed // import org.bouncycastle.crypto.macs.CFBBlockCipherMac; // import org.bouncycastle.crypto.macs.CMac; +// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; // END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +import org.bouncycastle.crypto.params.DESParameters; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -52,16 +61,16 @@ public final class DES } } + static public class CBC + extends BaseBlockCipher + { + public CBC() + { + super(new CBCBlockCipher(new DESEngine()), 64); + } + } + // BEGIN android-removed - // static public class CBC - // extends BaseBlockCipher - // { - // public CBC() - // { - // super(new CBCBlockCipher(new DESEngine()), 64); - // } - // } - // // /** // * DES CFB8 // */ @@ -73,46 +82,72 @@ public final class DES // super(new CFBBlockCipherMac(new DESEngine())); // } // } - // - // /** - // * DES64 - // */ - // public static class DES64 + // END android-removed + + /** + * DES64 + */ + public static class DES64 + extends BaseMac + { + public DES64() + { + super(new CBCBlockCipherMac(new DESEngine(), 64)); + } + } + + /** + * DES64with7816-4Padding + */ + public static class DES64with7816d4 + extends BaseMac + { + public DES64with7816d4() + { + super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); + } + } + + public static class CBCMAC + extends BaseMac + { + public CBCMAC() + { + super(new CBCBlockCipherMac(new DESEngine())); + } + } + + // BEGIN android-removed + // static public class CMAC // extends BaseMac // { - // public DES64() + // public CMAC() // { - // super(new CBCBlockCipherMac(new DESEngine(), 64)); + // super(new CMac(new DESEngine())); // } // } // // /** - // * DES64with7816-4Padding + // * DES9797Alg3with7816-4Padding // */ - // public static class DES64with7816d4 - // extends BaseMac - // { - // public DES64with7816d4() - // { - // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); - // } - // } - // - // public static class CBCMAC + // public static class DES9797Alg3with7816d4 // extends BaseMac // { - // public CBCMAC() + // public DES9797Alg3with7816d4() // { - // super(new CBCBlockCipherMac(new DESEngine())); + // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); // } // } // - // static public class CMAC + // /** + // * DES9797Alg3 + // */ + // public static class DES9797Alg3 // extends BaseMac // { - // public CMAC() + // public DES9797Alg3() // { - // super(new CMac(new DESEngine())); + // super(new ISO9797Alg3Mac(new DESEngine())); // } // } // @@ -124,46 +159,46 @@ public final class DES // super(new RFC3211WrapEngine(new DESEngine()), 8); // } // } - // - // public static class AlgParamGen - // extends BaseAlgorithmParameterGenerator - // { - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // byte[] iv = new byte[8]; - // - // if (random == null) - // { - // random = new SecureRandom(); - // } - // - // random.nextBytes(iv); - // - // AlgorithmParameters params; - // - // try - // { - // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new IvParameterSpec(iv)); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // - // return params; - // } - // } // END android-removed + public static class AlgParamGen + extends BaseAlgorithmParameterGenerator + { + protected void engineInit( + AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + } + + protected AlgorithmParameters engineGenerateParameters() + { + byte[] iv = new byte[8]; + + if (random == null) + { + random = new SecureRandom(); + } + + random.nextBytes(iv); + + AlgorithmParameters params; + + try + { + params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); + params.init(new IvParameterSpec(iv)); + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage()); + } + + return params; + } + } + /** * DES - the default for this is to generate a key in * a-b-a format that's 24 bytes long but has 16 bytes of @@ -255,6 +290,151 @@ public final class DES } } + static public class DESPBEKeyFactory + extends BaseSecretKeyFactory + { + private boolean forCipher; + private int scheme; + private int digest; + private int keySize; + private int ivSize; + + public DESPBEKeyFactory( + String algorithm, + ASN1ObjectIdentifier oid, + boolean forCipher, + int scheme, + int digest, + int keySize, + int ivSize) + { + super(algorithm, oid); + + this.forCipher = forCipher; + this.scheme = scheme; + this.digest = digest; + this.keySize = keySize; + this.ivSize = ivSize; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + CipherParameters param; + + if (pbeSpec.getSalt() == null) + { + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); + } + + if (forCipher) + { + param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); + } + else + { + param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + } + + KeyParameter kParam; + if (param instanceof ParametersWithIV) + { + kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); + } + else + { + kParam = (KeyParameter)param; + } + + DESParameters.setOddParity(kParam.getKey()); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndDES + // */ + // static public class PBEWithMD2KeyFactory + // extends DESPBEKeyFactory + // { + // public PBEWithMD2KeyFactory() + // { + // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndDES + */ + static public class PBEWithMD5KeyFactory + extends DESPBEKeyFactory + { + public PBEWithMD5KeyFactory() + { + super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64); + } + } + + /** + * PBEWithSHA1AndDES + */ + static public class PBEWithSHA1KeyFactory + extends DESPBEKeyFactory + { + public PBEWithSHA1KeyFactory() + { + super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndDES + // */ + // static public class PBEWithMD2 + // extends BaseBlockCipher + // { + // public PBEWithMD2() + // { + // super(new CBCBlockCipher(new DESEngine())); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndDES + */ + static public class PBEWithMD5 + extends BaseBlockCipher + { + public PBEWithMD5() + { + super(new CBCBlockCipher(new DESEngine())); + } + } + + /** + * PBEWithSHA1AndDES + */ + static public class PBEWithSHA1 + extends BaseBlockCipher + { + public PBEWithSHA1() + { + super(new CBCBlockCipher(new DESEngine())); + } + } + public static class Mappings extends AlgorithmProvider { @@ -296,6 +476,14 @@ public final class DES // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // + // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); + // + // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); + // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); + // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); + // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); // END android-removed provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); @@ -304,7 +492,34 @@ public final class DES // BEGIN android-removed // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); + // + // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); + // END android-removed + provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); + + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); + // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); + // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); } private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java index 8e719d6..6b9b6d6 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java @@ -235,6 +235,30 @@ public final class DESede } } + /** + * PBEWithSHAAnd3-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES3KeyFactory + extends DES.DESPBEKeyFactory + { + public PBEWithSHAAndDES3KeyFactory() + { + super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); + } + } + + /** + * PBEWithSHAAnd2-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES2KeyFactory + extends DES.DESPBEKeyFactory + { + public PBEWithSHAAndDES2KeyFactory() + { + super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); + } + } + // BEGIN android-removed // public static class AlgParamGen // extends BaseAlgorithmParameterGenerator @@ -368,6 +392,15 @@ public final class DESede // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); + // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); + if (provider.hasAlgorithm("MessageDigest", "SHA-1")) { provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); @@ -418,6 +451,23 @@ public final class DESede // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); // END android-removed + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java new file mode 100644 index 0000000..9be3c99 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java @@ -0,0 +1,120 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.PBEParameterSpec; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +public class PBEPKCS12 +{ + private PBEPKCS12() + { + + } + + public static class AlgParams + extends BaseAlgorithmParameters + { + PKCS12PBEParams params; + + protected byte[] engineGetEncoded() + { + try + { + return params.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Oooops! " + e.toString()); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (this.isASN1FormatString(format)) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == PBEParameterSpec.class) + { + return new PBEParameterSpec(params.getIV(), + params.getIterations().intValue()); + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof PBEParameterSpec)) + { + throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); + } + + PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; + + this.params = new PKCS12PBEParams(pbeSpec.getSalt(), + pbeSpec.getIterationCount()); + } + + protected void engineInit( + byte[] params) + throws IOException + { + this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (this.isASN1FormatString(format)) + { + engineInit(params); + return; + } + + throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); + } + + protected String engineToString() + { + return "PKCS12 PBE Parameters"; + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = PBEPKCS12.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.PKCS12PBE", PREFIX + "$AlgParams"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java new file mode 100644 index 0000000..09426b2 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java @@ -0,0 +1,547 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.RC2ParameterSpec; + +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed +import org.bouncycastle.crypto.engines.RC2Engine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RC2WrapEngine; +// import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +// BEGIN android-removed +// import org.bouncycastle.util.Arrays; +// END android-removed + +public final class RC2 +{ + private RC2() + { + } + + // BEGIN android-removed + // /** + // * RC2 + // */ + // static public class ECB + // extends BaseBlockCipher + // { + // public ECB() + // { + // super(new RC2Engine()); + // } + // } + // + // /** + // * RC2CBC + // */ + // static public class CBC + // extends BaseBlockCipher + // { + // public CBC() + // { + // super(new CBCBlockCipher(new RC2Engine()), 64); + // } + // } + // + // public static class Wrap + // extends BaseWrapCipher + // { + // public Wrap() + // { + // super(new RC2WrapEngine()); + // } + // } + // + // /** + // * RC2 + // */ + // public static class CBCMAC + // extends BaseMac + // { + // public CBCMAC() + // { + // super(new CBCBlockCipherMac(new RC2Engine())); + // } + // } + // + // public static class CFB8MAC + // extends BaseMac + // { + // public CFB8MAC() + // { + // super(new CFBBlockCipherMac(new RC2Engine())); + // } + // } + // END android-removed + + /** + * PBEWithSHA1AndRC2 + */ + static public class PBEWithSHA1KeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHA1KeyFactory() + { + super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64); + } + } + + /** + * PBEWithSHAAnd128BitRC2-CBC + */ + static public class PBEWithSHAAnd128BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitKeyFactory() + { + super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); + } + } + + /** + * PBEWithSHAAnd40BitRC2-CBC + */ + static public class PBEWithSHAAnd40BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd40BitKeyFactory() + { + super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); + } + } + + /** + * PBEWithMD5AndRC2 + */ + static public class PBEWithMD5AndRC2 + extends BaseBlockCipher + { + public PBEWithMD5AndRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHA1AndRC2 + */ + static public class PBEWithSHA1AndRC2 + extends BaseBlockCipher + { + public PBEWithSHA1AndRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHAAnd128BitRC2-CBC + */ + static public class PBEWithSHAAnd128BitRC2 + extends BaseBlockCipher + { + public PBEWithSHAAnd128BitRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHAAnd40BitRC2-CBC + */ + static public class PBEWithSHAAnd40BitRC2 + extends BaseBlockCipher + { + public PBEWithSHAAnd40BitRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndRC2 + // */ + // static public class PBEWithMD2KeyFactory + // extends PBESecretKeyFactory + // { + // public PBEWithMD2KeyFactory() + // { + // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndRC2 + */ + static public class PBEWithMD5KeyFactory + extends PBESecretKeyFactory + { + public PBEWithMD5KeyFactory() + { + super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64); + } + } + + // BEGIN android-removed + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // RC2ParameterSpec spec = null; + // + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // if (genParamSpec instanceof RC2ParameterSpec) + // { + // spec = (RC2ParameterSpec)genParamSpec; + // return; + // } + // + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // AlgorithmParameters params; + // + // if (spec == null) + // { + // byte[] iv = new byte[8]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // try + // { + // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // } + // else + // { + // try + // { + // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); + // params.init(spec); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // } + // + // return params; + // } + // } + // + // public static class KeyGenerator + // extends BaseKeyGenerator + // { + // public KeyGenerator() + // { + // super("RC2", 128, new CipherKeyGenerator()); + // } + // } + // + // public static class AlgParams + // extends BaseAlgorithmParameters + // { + // private static final short[] table = { + // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab + // }; + // + // private static final short[] ekb = { + // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, + // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, + // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, + // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, + // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, + // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, + // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, + // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, + // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, + // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, + // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, + // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, + // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, + // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, + // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, + // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd + // }; + // + // private byte[] iv; + // private int parameterVersion = 58; + // + // protected byte[] engineGetEncoded() + // { + // return Arrays.clone(iv); + // } + // + // protected byte[] engineGetEncoded( + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // if (parameterVersion == -1) + // { + // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); + // } + // else + // { + // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); + // } + // } + // + // if (format.equals("RAW")) + // { + // return engineGetEncoded(); + // } + // + // return null; + // } + // + // protected AlgorithmParameterSpec localEngineGetParameterSpec( + // Class paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec == RC2ParameterSpec.class) + // { + // if (parameterVersion != -1) + // { + // if (parameterVersion < 256) + // { + // return new RC2ParameterSpec(ekb[parameterVersion], iv); + // } + // else + // { + // return new RC2ParameterSpec(parameterVersion, iv); + // } + // } + // } + // + // if (paramSpec == IvParameterSpec.class) + // { + // return new IvParameterSpec(iv); + // } + // + // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); + // } + // + // protected void engineInit( + // AlgorithmParameterSpec paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec instanceof IvParameterSpec) + // { + // this.iv = ((IvParameterSpec)paramSpec).getIV(); + // } + // else if (paramSpec instanceof RC2ParameterSpec) + // { + // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); + // if (effKeyBits != -1) + // { + // if (effKeyBits < 256) + // { + // parameterVersion = table[effKeyBits]; + // } + // else + // { + // parameterVersion = effKeyBits; + // } + // } + // + // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); + // } + // else + // { + // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); + // } + // } + // + // protected void engineInit( + // byte[] params) + // throws IOException + // { + // this.iv = Arrays.clone(params); + // } + // + // protected void engineInit( + // byte[] params, + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); + // + // if (p.getRC2ParameterVersion() != null) + // { + // parameterVersion = p.getRC2ParameterVersion().intValue(); + // } + // + // iv = p.getIV(); + // + // return; + // } + // + // if (format.equals("RAW")) + // { + // engineInit(params); + // return; + // } + // + // throw new IOException("Unknown parameters format in IV parameters object"); + // } + // + // protected String engineToString() + // { + // return "RC2 Parameters"; + // } + // } + // END android-removed + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = RC2.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); + // + // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); + // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); + // + // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); + // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); + // + // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); + // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); + // + // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); + // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); + // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); + // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); + // + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); + // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1AndRC2"); + + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitRC2"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitRC2"); + provider.addAlgorithm("Cipher.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5AndRC2"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java new file mode 100644 index 0000000..d96d5e6 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java @@ -0,0 +1,23 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +abstract class SymmetricAlgorithmProvider + extends AlgorithmProvider +{ + // BEGIN android-removed + // protected void addGMacAlgorithm( + // ConfigurableProvider provider, + // String algorithm, + // String algorithmClassName, + // String keyGeneratorClassName) + // { + // provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); + // provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); + // + // provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); + // provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); + // } + // END android-removed +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java new file mode 100644 index 0000000..dafdc39 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java @@ -0,0 +1,128 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +// BEGIN android-removed +// import org.bouncycastle.crypto.BlockCipher; +// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed +import org.bouncycastle.crypto.engines.TwofishEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.GMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GCMBlockCipher; +// END android-removed +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; +// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; + +public final class Twofish +{ + private Twofish() + { + } + + // BEGIN android-removed + // public static class ECB + // extends BaseBlockCipher + // { + // public ECB() + // { + // super(new BlockCipherProvider() + // { + // public BlockCipher get() + // { + // return new TwofishEngine(); + // } + // }); + // } + // } + // + // public static class KeyGen + // extends BaseKeyGenerator + // { + // public KeyGen() + // { + // super("Twofish", 256, new CipherKeyGenerator()); + // } + // } + // + // public static class GMAC + // extends BaseMac + // { + // public GMAC() + // { + // super(new GMac(new GCMBlockCipher(new TwofishEngine()))); + // } + // } + // END android-removed + + /** + * PBEWithSHAAndTwofish-CBC + */ + static public class PBEWithSHAKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAKeyFactory() + { + super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); + } + } + + /** + * PBEWithSHAAndTwofish-CBC + */ + static public class PBEWithSHA + extends BaseBlockCipher + { + public PBEWithSHA() + { + super(new CBCBlockCipher(new TwofishEngine())); + } + } + + // BEGIN android-removed + // public static class AlgParams + // extends IvAlgorithmParameters + // { + // protected String engineToString() + // { + // return "Twofish IV"; + // } + // } + // END android-removed + + public static class Mappings + extends SymmetricAlgorithmProvider + { + private static final String PREFIX = Twofish.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + // BEGIN android-removed + // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); + // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); + // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHA"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory"); + + // BEGIN android-removed + // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); + // END android-removed + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java index 9c4c831..a471972 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java @@ -78,6 +78,10 @@ public class BCPBEKey { return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); } + else if (type == PBE.PKCS5S2_UTF8) + { + return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); + } else { return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java index 8231ad8..ec723db 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java @@ -1,25 +1,9 @@ package org.bouncycastle.jcajce.provider.symmetric.util; -import java.io.IOException; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// END android-removed - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -// BEGIN android-removed -// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -// END android-removed -import org.bouncycastle.util.Arrays; - public abstract class BaseAlgorithmParameters extends AlgorithmParametersSpi { @@ -42,344 +26,4 @@ public abstract class BaseAlgorithmParameters protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException; - - // BEGIN android-removed - // public static class RC2AlgorithmParameters - // extends BaseAlgorithmParameters - // { - // private static final short[] table = { - // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - // }; - // - // private static final short[] ekb = { - // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - // }; - // - // private byte[] iv; - // private int parameterVersion = 58; - // - // protected byte[] engineGetEncoded() - // { - // return Arrays.clone(iv); - // } - // - // protected byte[] engineGetEncoded( - // String format) - // throws IOException - // { - // if (this.isASN1FormatString(format)) - // { - // if (parameterVersion == -1) - // { - // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); - // } - // else - // { - // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); - // } - // } - // - // if (format.equals("RAW")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == RC2ParameterSpec.class) - // { - // if (parameterVersion != -1) - // { - // if (parameterVersion < 256) - // { - // return new RC2ParameterSpec(ekb[parameterVersion], iv); - // } - // else - // { - // return new RC2ParameterSpec(parameterVersion, iv); - // } - // } - // } - // - // if (paramSpec == IvParameterSpec.class) - // { - // return new IvParameterSpec(iv); - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec instanceof IvParameterSpec) - // { - // this.iv = ((IvParameterSpec)paramSpec).getIV(); - // } - // else if (paramSpec instanceof RC2ParameterSpec) - // { - // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - // if (effKeyBits != -1) - // { - // if (effKeyBits < 256) - // { - // parameterVersion = table[effKeyBits]; - // } - // else - // { - // parameterVersion = effKeyBits; - // } - // } - // - // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); - // } - // else - // { - // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); - // } - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // this.iv = Arrays.clone(params); - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (this.isASN1FormatString(format)) - // { - // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); - // - // if (p.getRC2ParameterVersion() != null) - // { - // parameterVersion = p.getRC2ParameterVersion().intValue(); - // } - // - // iv = p.getIV(); - // - // return; - // } - // - // if (format.equals("RAW")) - // { - // engineInit(params); - // return; - // } - // - // throw new IOException("Unknown parameters format in IV parameters object"); - // } - // - // protected String engineToString() - // { - // return "RC2 Parameters"; - // } - // } - // END android-removed - - public static class PBKDF2 - extends BaseAlgorithmParameters - { - PBKDF2Params params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getSalt(), - params.getIterationCount().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PBKDF2Params(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PWRIKEK parameters object"); - } - - protected String engineToString() - { - return "PBKDF2 Parameters"; - } - } - - public static class PKCS12PBE - extends BaseAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 26a73cd..d342775 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -22,6 +22,7 @@ import javax.crypto.spec.PBEParameterSpec; // import javax.crypto.spec.RC5ParameterSpec; // END android-removed +import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; @@ -38,6 +39,7 @@ import org.bouncycastle.crypto.modes.CTSBlockCipher; import org.bouncycastle.crypto.modes.GCMBlockCipher; // BEGIN android-removed // import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// import org.bouncycastle.crypto.modes.OCBBlockCipher; // END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; // BEGIN android-removed @@ -89,7 +91,8 @@ public class BaseBlockCipher // END android-removed }; - private org.bouncycastle.crypto.BlockCipher baseEngine; + private BlockCipher baseEngine; + private BlockCipherProvider engineProvider; private GenericBlockCipher cipher; private ParametersWithIV ivParam; @@ -103,7 +106,7 @@ public class BaseBlockCipher private String modeName = null; protected BaseBlockCipher( - org.bouncycastle.crypto.BlockCipher engine) + BlockCipher engine) { baseEngine = engine; @@ -111,6 +114,15 @@ public class BaseBlockCipher } protected BaseBlockCipher( + BlockCipherProvider provider) + { + baseEngine = provider.get(); + engineProvider = provider; + + cipher = new BufferedGenericBlockCipher(provider.get()); + } + + protected BaseBlockCipher( org.bouncycastle.crypto.BlockCipher engine, int ivLength) { @@ -292,6 +304,18 @@ public class BaseBlockCipher cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); } // BEGIN android-removed + // else if (modeName.startsWith("OCB")) + // { + // if (engineProvider != null) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); + // } + // else + // { + // throw new NoSuchAlgorithmException("can't support mode " + mode); + // } + // } // else if (modeName.startsWith("EAX")) // { // ivLength = baseEngine.getBlockSize(); @@ -413,7 +437,12 @@ public class BaseBlockCipher if (k.getParam() != null) { param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); + if (params instanceof IvParameterSpec) + { + IvParameterSpec iv = (IvParameterSpec)params; + + param = new ParametersWithIV(param, iv.getIV()); + } } else if (params instanceof PBEParameterSpec) { @@ -736,7 +765,7 @@ public class BaseBlockCipher if (inputLen != 0) { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); + len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); } return (len + cipher.doFinal(output, outputOffset + len)); @@ -758,7 +787,9 @@ public class BaseBlockCipher private boolean isAEADModeName( String modeName) { - return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName); + // BEGIN android-changed + return "CCM".equals(modeName) || "GCM".equals(modeName); + // END android-changed } /* diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java index 31f3278..442dcdd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java @@ -11,35 +11,6 @@ import javax.crypto.spec.PBEParameterSpec; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Mac; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// import org.bouncycastle.crypto.digests.MD5Digest; -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.SHA1Digest; -// import org.bouncycastle.crypto.digests.SHA224Digest; -// import org.bouncycastle.crypto.digests.SHA256Digest; -// import org.bouncycastle.crypto.digests.SHA384Digest; -// import org.bouncycastle.crypto.digests.SHA512Digest; -// import org.bouncycastle.crypto.digests.TigerDigest; -// END android-removed -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// import org.bouncycastle.crypto.macs.GOST28147Mac; -// END android-removed -import org.bouncycastle.crypto.macs.HMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -// import org.bouncycastle.crypto.macs.OldHMac; -// END android-removed -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -147,317 +118,4 @@ public class BaseMac return out; } - - /** - * the classes that extend directly off us. - */ - - /** - * DES - */ - public static class DES - extends BaseMac - { - public DES() - { - super(new CBCBlockCipherMac(new DESEngine())); - } - } - - /** - * DES 64 bit MAC - */ - public static class DES64 - extends BaseMac - { - public DES64() - { - super(new CBCBlockCipherMac(new DESEngine(), 64)); - } - } - - /** - * RC2 - */ - public static class RC2 - extends BaseMac - { - public RC2() - { - super(new CBCBlockCipherMac(new RC2Engine())); - } - } - - // BEGIN android-removed - // /** - // * GOST28147 - // */ - // public static class GOST28147 - // extends BaseMac - // { - // public GOST28147() - // { - // super(new GOST28147Mac()); - // } - // } - // - // - // - // /** - // * DES - // */ - // public static class DESCFB8 - // extends BaseMac - // { - // public DESCFB8() - // { - // super(new CFBBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * RC2CFB8 - // */ - // public static class RC2CFB8 - // extends BaseMac - // { - // public RC2CFB8() - // { - // super(new CFBBlockCipherMac(new RC2Engine())); - // } - // } - // - // /** - // * DES9797Alg3with7816-4Padding - // */ - // public static class DES9797Alg3with7816d4 - // extends BaseMac - // { - // public DES9797Alg3with7816d4() - // { - // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - // } - // } - // - // /** - // * DES9797Alg3 - // */ - // public static class DES9797Alg3 - // extends BaseMac - // { - // public DES9797Alg3() - // { - // super(new ISO9797Alg3Mac(new DESEngine())); - // } - // } - // - // /** - // * MD2 HMac - // */ - // public static class MD2 - // extends BaseMac - // { - // public MD2() - // { - // super(new HMac(new MD2Digest())); - // } - // } - // - // /** - // * MD4 HMac - // */ - // public static class MD4 - // extends BaseMac - // { - // public MD4() - // { - // super(new HMac(new MD4Digest())); - // } - // } - // END android-removed - - /** - * MD5 HMac - */ - public static class MD5 - extends BaseMac - { - public MD5() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getMD5())); - // END android-changed - } - } - - /** - * SHA1 HMac - */ - public static class SHA1 - extends BaseMac - { - public SHA1() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1())); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * SHA-224 HMac - // */ - // public static class SHA224 - // extends BaseMac - // { - // public SHA224() - // { - // super(new HMac(new SHA224Digest())); - // } - // } - // END android-removed - - /** - * SHA-256 HMac - */ - public static class SHA256 - extends BaseMac - { - public SHA256() - { - super(new HMac(AndroidDigestFactory.getSHA256())); - } - } - - /** - * SHA-384 HMac - */ - public static class SHA384 - extends BaseMac - { - public SHA384() - { - super(new HMac(AndroidDigestFactory.getSHA384())); - } - } - - // BEGIN android-removed - // public static class OldSHA384 - // extends BaseMac - // { - // public OldSHA384() - // { - // super(new OldHMac(new SHA384Digest())); - // } - // } - // END android-removed - - /** - * SHA-512 HMac - */ - public static class SHA512 - extends BaseMac - { - public SHA512() - { - super(new HMac(AndroidDigestFactory.getSHA512())); - } - } - - // BEGIN android-removed - // /** - // * SHA-512 HMac - // */ - // public static class OldSHA512 - // extends BaseMac - // { - // public OldSHA512() - // { - // super(new OldHMac(new SHA512Digest())); - // } - // } - // - // /** - // * RIPEMD128 HMac - // */ - // public static class RIPEMD128 - // extends BaseMac - // { - // public RIPEMD128() - // { - // super(new HMac(new RIPEMD128Digest())); - // } - // } - // - // /** - // * RIPEMD160 HMac - // */ - // public static class RIPEMD160 - // extends BaseMac - // { - // public RIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest())); - // } - // } - // - // /** - // * Tiger HMac - // */ - // public static class Tiger - // extends BaseMac - // { - // public Tiger() - // { - // super(new HMac(new TigerDigest())); - // } - // } - // - // // - // // PKCS12 states that the same algorithm should be used - // // for the key generation as is used in the HMAC, so that - // // is what we do here. - // // - // - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends BaseMac - // { - // public PBEWithRIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends BaseMac - { - public PBEWithSHA() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends BaseMac - // { - // public PBEWithTiger() - // { - // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - // } - // } - // END android-removed } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java index 9c59b1b..31896cd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java @@ -7,15 +7,9 @@ import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; public class BaseSecretKeyFactory extends SecretKeyFactorySpi @@ -96,101 +90,4 @@ public class BaseSecretKeyFactory return new SecretKeySpec(key.getEncoded(), algName); } - - /* - * classes that inherit from us - */ - - - - static public class DESPBEKeyFactory - extends BaseSecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - KeyParameter kParam; - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - DESParameters.setOddParity(kParam.getKey()); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DES - extends BaseSecretKeyFactory - { - public DES() - { - super("DES", null); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java new file mode 100644 index 0000000..f5ab9ad --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java @@ -0,0 +1,8 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import org.bouncycastle.crypto.BlockCipher; + +public interface BlockCipherProvider +{ + BlockCipher get(); +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java index 1074e11..951beee 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java @@ -32,22 +32,24 @@ public interface PBE // // PBE Based encryption constants - by default we do PKCS12 with SHA-1 // - static final int MD5 = 0; - static final int SHA1 = 1; + static final int MD5 = 0; + static final int SHA1 = 1; // BEGIN android-removed - // static final int RIPEMD160 = 2; - // static final int TIGER = 3; + // static final int RIPEMD160 = 2; + // static final int TIGER = 3; // END android-removed - static final int SHA256 = 4; + static final int SHA256 = 4; // BEGIN android-removed - // static final int MD2 = 5; - // static final int GOST3411 = 6; + // static final int MD2 = 5; + // static final int GOST3411 = 6; // END android-removed - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OPENSSL = 3; + static final int PKCS5S1 = 0; + static final int PKCS5S2 = 1; + static final int PKCS12 = 2; + static final int OPENSSL = 3; + static final int PKCS5S1_UTF8 = 4; + static final int PKCS5S2_UTF8 = 5; /** * uses the appropriate mixer to generate the key and IV if necessary. @@ -60,7 +62,7 @@ public interface PBE { PBEParametersGenerator generator; - if (type == PKCS5S1) + if (type == PKCS5S1 || type == PKCS5S1_UTF8) { switch (hash) { @@ -83,7 +85,7 @@ public interface PBE throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); } } - else if (type == PKCS5S2) + else if (type == PKCS5S2 || type == PKCS5S2_UTF8) { generator = new PKCS5S2ParametersGenerator(); } @@ -245,16 +247,9 @@ public interface PBE PBEParametersGenerator generator = makePBEGenerator(type, hash); byte[] key; CipherParameters param; - - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } - + + key = convertPassword(type, keySpec); + generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); if (ivSize != 0) @@ -273,7 +268,8 @@ public interface PBE return param; } - + + /** * generate a PBE based key suitable for a MAC algorithm, the * key size is chosen according the MAC size, or the hashing algorithm, @@ -289,14 +285,7 @@ public interface PBE byte[] key; CipherParameters param; - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } + key = convertPassword(type, keySpec); generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); @@ -309,5 +298,24 @@ public interface PBE return param; } + + private static byte[] convertPassword(int type, PBEKeySpec keySpec) + { + byte[] key; + + if (type == PKCS12) + { + key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); + } + else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + else + { + key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); + } + return key; + } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java new file mode 100644 index 0000000..56d6c5b --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java @@ -0,0 +1,40 @@ +package org.bouncycastle.jcajce.provider.util; + +import java.util.HashMap; +import java.util.Map; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.util.Integers; + +public class SecretKeyUtil +{ + private static Map keySizes = new HashMap(); + + static + { + keySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integers.valueOf(192)); + + keySizes.put(NISTObjectIdentifiers.id_aes128_CBC, Integers.valueOf(128)); + keySizes.put(NISTObjectIdentifiers.id_aes192_CBC, Integers.valueOf(192)); + keySizes.put(NISTObjectIdentifiers.id_aes256_CBC, Integers.valueOf(256)); + + keySizes.put(NTTObjectIdentifiers.id_camellia128_cbc, Integers.valueOf(128)); + keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192)); + keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256)); + } + + public static int getKeySize(ASN1ObjectIdentifier oid) + { + Integer size = (Integer)keySizes.get(oid); + + if (size != null) + { + return size.intValue(); + } + + return -1; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java deleted file mode 100644 index b56351b..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.jce; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.sec.SECNamedCurves; -// BEGIN android-removed -// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -// END android-removed -import org.bouncycastle.asn1.x9.X962NamedCurves; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; - -/** - * a table of locally supported named curves. - */ -public class ECNamedCurveTable -{ - /** - * return a parameter spec representing the passed in named - * curve. The routine returns null if the curve is not present. - * - * @param name the name of the curve requested - * @return a parameter spec for the curve, null if it is not available. - */ - public static ECNamedCurveParameterSpec getParameterSpec( - String name) - { - X9ECParameters ecP = X962NamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = X962NamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - - if (ecP == null) - { - ecP = SECNamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = SECNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - } - - // BEGIN android-removed - // if (ecP == null) - // { - // ecP = TeleTrusTNamedCurves.getByName(name); - // if (ecP == null) - // { - // try - // { - // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - // } - // catch (IllegalArgumentException e) - // { - // // ignore - not an oid - // } - // } - // } - // END android-removed - - if (ecP == null) - { - ecP = NISTNamedCurves.getByName(name); - } - - if (ecP == null) - { - return null; - } - - return new ECNamedCurveParameterSpec( - name, - ecP.getCurve(), - ecP.getG(), - ecP.getN(), - ecP.getH(), - ecP.getSeed()); - } - - /** - * return an enumeration of the names of the available curves. - * - * @return an enumeration of the names of the available curves. - */ - public static Enumeration getNames() - { - Vector v = new Vector(); - - addEnumeration(v, X962NamedCurves.getNames()); - addEnumeration(v, SECNamedCurves.getNames()); - addEnumeration(v, NISTNamedCurves.getNames()); - // BEGIN android-removed - // addEnumeration(v, TeleTrusTNamedCurves.getNames()); - // END android-removed - - return v.elements(); - } - - private static void addEnumeration( - Vector v, - Enumeration e) - { - while (e.hasMoreElements()) - { - v.addElement(e.nextElement()); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index cc6510a..b3c34d3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -10,11 +10,6 @@ import java.util.HashMap; import java.util.Map; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.bc.BCObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// END android-removed -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; @@ -49,22 +44,31 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; public final class BouncyCastleProvider extends Provider implements ConfigurableProvider { - private static String info = "BouncyCastle Security Provider v1.48"; + private static String info = "BouncyCastle Security Provider v1.49"; - // BEGIN android-changed - // this constant should be final public static final String PROVIDER_NAME = "BC"; - // END android-changed public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); - private static final Map keyInfoConverters = new HashMap(); /* * Configurable symmetric ciphers */ - private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; + private static final String SYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; + + private static final String[] SYMMETRIC_GENERIC = + { + "PBEPBKDF2", "PBEPKCS12" + }; + + private static final String[] SYMMETRIC_MACS = + { + // BEGIN android-removed + // "SipHash" + // END android-removed + }; + private static final String[] SYMMETRIC_CIPHERS = { // BEGIN android-removed @@ -72,20 +76,25 @@ public final class BouncyCastleProvider extends Provider // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" // END android-removed // BEGIN android-added - "AES", "ARC4", "Blowfish", "DES", "DESede", + "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish" // END android-added }; /* * Configurable asymmetric ciphers */ - private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; + private static final String ASYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; // this one is required for GNU class path - it needs to be loaded first as the // later ones configure it. private static final String[] ASYMMETRIC_GENERIC = { + // BEGIN android-removed + // "X509", "IES" + // END android-removed + // BEGIN android-added "X509" + // END android-added }; private static final String[] ASYMMETRIC_CIPHERS = @@ -112,6 +121,15 @@ public final class BouncyCastleProvider extends Provider // END android-added }; + /* + * Configurable digests + */ + private static final String KEYSTORE_PACKAGE = "org.bouncycastle.jcajce.provider.keystore."; + private static final String[] KEYSTORES = + { + "BC", "PKCS12" + }; + /** * Construct a new provider. This should only be required when * using runtime registration of the provider using the @@ -119,7 +137,7 @@ public final class BouncyCastleProvider extends Provider */ public BouncyCastleProvider() { - super(PROVIDER_NAME, 1.48, info); + super(PROVIDER_NAME, 1.49, info); AccessController.doPrivileged(new PrivilegedAction() { @@ -135,11 +153,17 @@ public final class BouncyCastleProvider extends Provider { loadAlgorithms(DIGEST_PACKAGE, DIGESTS); - loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS); + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_GENERIC); + + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_MACS); + + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_CIPHERS); - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_GENERIC); + loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_GENERIC); - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); + loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_CIPHERS); + + loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); // BEGIN android-removed // // @@ -162,335 +186,23 @@ public final class BouncyCastleProvider extends Provider // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); - // END android-removed - - // - // KeyStore - // - put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); - put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); - put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - // BEGIN android-changed - put("Alg.Alias.KeyStore.BCPKCS12", "PKCS12"); - // END android-changed - // BEGIN android-removed - // put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - // END android-removed - - // BEGIN android-changed - put("Alg.Alias.KeyStore.PKCS12-3DES-40RC2", "PKCS12"); - // END android-changed - // BEGIN android-removed - // put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); - // END android-removed - - // BEGIN android-removed - // put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - // put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); - // END android-removed - - put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); - put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); - put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); - - // - // algorithm parameters - // - // BEGIN android-removed - // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); - // END android-removed - put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - - // BEGIN android-removed - // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); - // END android-removed - - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); - - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); - - // BEGIN android-removed - // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // END android-removed - - // - // key agreement - // - - - // - // cipher engines - // - put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - // BEGIN android-removed - // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); - // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); - // END android-removed - - put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); - // BEGIN android-removed + // // + // // cipher engines + // // // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); - // END android-removed - put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); - put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); - // BEGIN android-removed - // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); - // END android-removed - put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - - put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); - put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2"); - put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); - put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); - - - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); - - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - - put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - - put("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - - put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); - // BEGIN android-removed - // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); - // - // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - - // - // key generators. - // - - - // - // key pair generators. // - - - - // - // key factories - // - - - - - // - // Algorithm parameters - // - - // - // secret key factories. - // - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); - // - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); - // END android-removed - put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); - put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); - put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); - put("SecretKeyFactory.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndRC2"); - put("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES3Key"); - put("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES2Key"); - put("SecretKeyFactory.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC4"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC4"); - put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); - put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); - // END android-removed - put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); - // END android-removed - - put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL"); - - // BEGIN android-removed - // put("SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithGOST3411"); + // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); // - // put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); // - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); - // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); + // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); // - // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); - // BEGIN android-removed - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.1.3.14.3.2.26", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - put("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd256BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And256BitAESBC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - // BEGIN android-added - - put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); - // END android-added - - addMacAlgorithms(); - - // Certification Path API - // BEGIN android-removed + // // Certification Path API // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); + // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); + // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); // END android-removed - // BEGIN android-changed - // Use Alg.Alias so RFC3280 doesn't show up when iterating provider services, only PKIX - put("Alg.Alias.CertPathValidator.RFC3280", "PKIX"); - put("Alg.Alias.CertPathBuilder.RFC3280", "PKIX"); - // END android-changed put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); @@ -539,35 +251,6 @@ public final class BouncyCastleProvider extends Provider } } - // - // macs - // - private void addMacAlgorithms() - { - - // BEGIN android-removed - // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); - // - // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); - // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); - // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); - // - // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); - // - // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); - // END android-removed - - put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - // BEGIN android-removed - // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); - // END android-removed - put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); - } - - public void setParameter(String parameterName, Object parameter) { synchronized (CONFIGURATION) diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java index 8fb1616..cda05e8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java @@ -4,7 +4,7 @@ import java.security.Permission; import javax.crypto.spec.DHParameterSpec; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jcajce.provider.config.ProviderConfigurationPermission; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java deleted file mode 100644 index 6f4d129..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java +++ /dev/null @@ -1,1133 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// import javax.crypto.spec.RC5ParameterSpec; -// END android-removed -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.OutputLengthException; -import org.bouncycastle.crypto.engines.AESFastEngine; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.engines.TwofishEngine; -import org.bouncycastle.crypto.modes.AEADBlockCipher; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CCMBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.CTSBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.EAXBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.GCMBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.GOFBBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.OFBBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.SICBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.paddings.TBCPadding; -import org.bouncycastle.crypto.paddings.X923Padding; -import org.bouncycastle.crypto.paddings.ZeroBytePadding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.ParametersWithRandom; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ParametersWithSBox; -// import org.bouncycastle.crypto.params.RC2Parameters; -// import org.bouncycastle.crypto.params.RC5Parameters; -// END android-removed -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; -// END android-removed -import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; -import org.bouncycastle.util.Strings; - -public class JCEBlockCipher - extends CipherSpi - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - // BEGIN android-removed - // RC2ParameterSpec.class, - // RC5ParameterSpec.class, - // END android-removed - IvParameterSpec.class, - PBEParameterSpec.class, - // BEGIN android-removed - // GOST28147ParameterSpec.class - // END android-removed - }; - - private BlockCipher baseEngine; - private GenericBlockCipher cipher; - private ParametersWithIV ivParam; - - private int ivLength = 0; - - private boolean padded; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - private String modeName = null; - - private AlgorithmParameters engineParams; - - protected JCEBlockCipher( - BlockCipher engine) - { - baseEngine = engine; - - cipher = new BufferedGenericBlockCipher(engine); - } - - protected JCEBlockCipher( - BlockCipher engine, - int ivLength) - { - baseEngine = engine; - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected JCEBlockCipher( - BufferedBlockCipher engine, - int ivLength) - { - baseEngine = engine.getUnderlyingCipher(); - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected int engineGetBlockSize() - { - return baseEngine.getBlockSize(); - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputSize(inputLen); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(pbeSpec); - } - catch (Exception e) - { - return null; - } - } - else if (ivParam != null) - { - String name = cipher.getUnderlyingCipher().getAlgorithmName(); - - if (name.indexOf('/') >= 0) - { - name = name.substring(0, name.indexOf('/')); - } - - try - { - engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(ivParam.getIV()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - modeName = Strings.toUpperCase(mode); - - if (modeName.equals("ECB")) - { - ivLength = 0; - cipher = new BufferedGenericBlockCipher(baseEngine); - } - else if (modeName.equals("CBC")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher( - new CBCBlockCipher(baseEngine)); - } - else if (modeName.startsWith("OFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - else if (modeName.startsWith("CFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - // BEGIN android-removed - // else if (modeName.startsWith("PGP")) - // { - // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); - // - // ivLength = baseEngine.getBlockSize(); - // cipher = new BufferedGenericBlockCipher( - // new PGPCFBBlockCipher(baseEngine, inlineIV)); - // } - // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) - // { - // ivLength = 0; - // cipher = new BufferedGenericBlockCipher( - // new OpenPGPCFBBlockCipher(baseEngine)); - // } - // END android-removed - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); - if (ivLength < 16) - { - throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); - } - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CTR")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - // BEGIN android-removed - // else if (modeName.startsWith("GOFB")) - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - // new GOFBBlockCipher(baseEngine))); - // } - // END android-removed - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(new CBCBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CCM")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); - } - // BEGIN android-removed - // else if (modeName.startsWith("EAX")) - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); - // } - // END android-removed - else if (modeName.startsWith("GCM")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine)); - } - else - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - if (paddingName.equals("NOPADDING")) - { - if (cipher.wrapOnNoPadding()) - { - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(cipher.getUnderlyingCipher())); - } - } - else if (paddingName.equals("WITHCTS")) - { - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(cipher.getUnderlyingCipher())); - } - else - { - padded = true; - - if (isAEADModeName(modeName)) - { - throw new NoSuchPaddingException("Only NoPadding can be used with AEAD modes."); - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("ZEROBYTEPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ZeroBytePadding()); - } - else if (paddingName.equals("ISO10126PADDING") || paddingName.equals("ISO10126-2PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO10126d2Padding()); - } - else if (paddingName.equals("X9.23PADDING") || paddingName.equals("X923PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new X923Padding()); - } - else if (paddingName.equals("ISO7816-4PADDING") || paddingName.equals("ISO9797-1PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO7816d4Padding()); - } - else if (paddingName.equals("TBCPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new TBCPadding()); - } - else - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - this.engineParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - // BEGIN android-removed - // // - // // for RC5-64 we must have some default parameters - // // - // if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) - // { - // throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); - // } - // END android-removed - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). - // - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); - } - else if (params instanceof PBEParameterSpec) - { - pbeSpec = (PBEParameterSpec)params; - param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName()); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (param instanceof ParametersWithIV) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - if (ivLength != 0) - { - IvParameterSpec p = (IvParameterSpec)params; - - if (p.getIV().length != ivLength && !isAEADModeName(modeName)) - { - throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); - } - - if (key instanceof RepeatedSecretKeySpec) - { - param = new ParametersWithIV(null, p.getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else - { - if (modeName != null && modeName.equals("ECB")) - { - throw new InvalidAlgorithmParameterException("ECB mode does not use an IV"); - } - - param = new KeyParameter(key.getEncoded()); - } - } - // BEGIN android-removed - // else if (params instanceof GOST28147ParameterSpec) - // { - // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - // - // param = new ParametersWithSBox( - // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); - // - // if (gost28147Param.getIV() != null && ivLength != 0) - // { - // param = new ParametersWithIV(param, gost28147Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // else if (params instanceof RC2ParameterSpec) - // { - // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - // - // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - // - // if (rc2Param.getIV() != null && ivLength != 0) - // { - // param = new ParametersWithIV(param, rc2Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // else if (params instanceof RC5ParameterSpec) - // { - // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - // - // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - // if (baseEngine.getAlgorithmName().startsWith("RC5")) - // { - // if (baseEngine.getAlgorithmName().equals("RC5-32")) - // { - // if (rc5Param.getWordSize() != 32) - // { - // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); - // } - // } - // else if (baseEngine.getAlgorithmName().equals("RC5-64")) - // { - // if (rc5Param.getWordSize() != 64) - // { - // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); - // } - // } - // } - // else - // { - // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); - // } - // if ((rc5Param.getIV() != null) && (ivLength != 0)) - // { - // param = new ParametersWithIV(param, rc5Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // END android-removed - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - if (random != null && padded) - { - param = new ParametersWithRandom(param, random); - } - - try - { - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed"); - } - } - catch (Exception e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - // try again if possible - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - int length = cipher.getUpdateOutputSize(inputLen); - - if (length > 0) - { - byte[] out = new byte[length]; - - int len = cipher.processBytes(input, inputOffset, inputLen, out, 0); - - if (len == 0) - { - return null; - } - else if (len != out.length) - { - byte[] tmp = new byte[len]; - - System.arraycopy(out, 0, tmp, 0, len); - - return tmp; - } - - return out; - } - - cipher.processBytes(input, inputOffset, inputLen, null, 0); - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - byte[] tmp = new byte[engineGetOutputSize(inputLen)]; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); - } - - try - { - len += cipher.doFinal(tmp, len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - if (len == tmp.length) - { - return tmp; - } - - byte[] out = new byte[len]; - - System.arraycopy(tmp, 0, out, 0, len); - - return out; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - try - { - int len = 0; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - return (len + cipher.doFinal(output, outputOffset + len)); - } - catch (OutputLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - private boolean isAEADModeName( - String modeName) - { - return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName); - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - return engineDoFinal(encoded, 0, encoded.length); - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException - { - byte[] encoded; - try - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) - { - /* - * The caller doesn't know the algorithm as it is part of - * the encrypted data. - */ - try - { - PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); - - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); - - if (privKey != null) - { - return privKey; - } - else - { - throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("Invalid key encoding."); - } - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - - /* - * The ciphers that inherit from us. - */ - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends JCEBlockCipher - { - public PBEWithMD5AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends JCEBlockCipher - { - public PBEWithMD5AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends JCEBlockCipher - { - public PBEWithSHA1AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends JCEBlockCipher - { - public PBEWithSHA1AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitRC2 - extends JCEBlockCipher - { - public PBEWithSHAAnd128BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends JCEBlockCipher - { - public PBEWithSHAAnd40BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHAAndTwofish - extends JCEBlockCipher - { - public PBEWithSHAAndTwofish() - { - super(new CBCBlockCipher(new TwofishEngine())); - } - } - - /** - * PBEWithAES-CBC - */ - static public class PBEWithAESCBC - extends JCEBlockCipher - { - public PBEWithAESCBC() - { - super(new CBCBlockCipher(new AESFastEngine())); - } - } - - static private interface GenericBlockCipher - { - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException; - - public boolean wrapOnNoPadding(); - - public String getAlgorithmName(); - - public BlockCipher getUnderlyingCipher(); - - public int getOutputSize(int len); - - public int getUpdateOutputSize(int len); - - public int processByte(byte in, byte[] out, int outOff) - throws DataLengthException; - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) - throws DataLengthException; - - public int doFinal(byte[] out, int outOff) - throws IllegalStateException, InvalidCipherTextException; - } - - private static class BufferedGenericBlockCipher - implements GenericBlockCipher - { - private BufferedBlockCipher cipher; - - BufferedGenericBlockCipher(BufferedBlockCipher cipher) - { - this.cipher = cipher; - } - - BufferedGenericBlockCipher(BlockCipher cipher) - { - this.cipher = new PaddedBufferedBlockCipher(cipher); - } - - BufferedGenericBlockCipher(BlockCipher cipher, BlockCipherPadding padding) - { - this.cipher = new PaddedBufferedBlockCipher(cipher, padding); - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public boolean wrapOnNoPadding() - { - return !(cipher instanceof CTSBlockCipher); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException - { - return cipher.doFinal(out, outOff); - } - } - - private static class AEADGenericBlockCipher - implements GenericBlockCipher - { - private AEADBlockCipher cipher; - - AEADGenericBlockCipher(AEADBlockCipher cipher) - { - this.cipher = cipher; - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public boolean wrapOnNoPadding() - { - return false; - } - - public BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException - { - return cipher.doFinal(out, outOff); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java index 9aaca5b..7d561b3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java @@ -33,8 +33,8 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java index 863f9d3..cfed770 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java @@ -32,8 +32,8 @@ import org.bouncycastle.asn1.x9.X9IntegerConverter; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; // BEGIN android-removed // import org.bouncycastle.jce.ECGOST3410NamedCurveTable; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java deleted file mode 100644 index 6a3df68..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java +++ /dev/null @@ -1,455 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.MacSpi; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// import org.bouncycastle.crypto.digests.MD5Digest; -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.SHA1Digest; -// import org.bouncycastle.crypto.digests.SHA224Digest; -// import org.bouncycastle.crypto.digests.SHA256Digest; -// import org.bouncycastle.crypto.digests.SHA384Digest; -// import org.bouncycastle.crypto.digests.SHA512Digest; -// import org.bouncycastle.crypto.digests.TigerDigest; -// END android-removed -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -import org.bouncycastle.crypto.engines.DESEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.RC2Engine; -// END android-removed -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// END android-removed -import org.bouncycastle.crypto.macs.HMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -// import org.bouncycastle.crypto.macs.OldHMac; -// END android-removed -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; - -public class JCEMac - extends MacSpi implements PBE -{ - private Mac macEngine; - - private int pbeType = PKCS12; - private int pbeHash = SHA1; - private int keySize = 160; - - protected JCEMac( - Mac macEngine) - { - this.macEngine = macEngine; - } - - protected JCEMac( - Mac macEngine, - int pbeType, - int pbeHash, - int keySize) - { - this.macEngine = macEngine; - this.pbeType = pbeType; - this.pbeHash = pbeHash; - this.keySize = keySize; - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (key == null) - { - throw new InvalidKeyException("key is null"); - } - - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getParam() != null) - { - param = k.getParam(); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEMacParameters(k, params); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - macEngine.init(param); - } - - protected int engineGetMacLength() - { - return macEngine.getMacSize(); - } - - protected void engineReset() - { - macEngine.reset(); - } - - protected void engineUpdate( - byte input) - { - macEngine.update(input); - } - - protected void engineUpdate( - byte[] input, - int offset, - int len) - { - macEngine.update(input, offset, len); - } - - protected byte[] engineDoFinal() - { - byte[] out = new byte[engineGetMacLength()]; - - macEngine.doFinal(out, 0); - - return out; - } - - /** - * the classes that extend directly off us. - */ - - // BEGIN android-removed - // /** - // * DES - // */ - // public static class DES - // extends JCEMac - // { - // public DES() - // { - // super(new CBCBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * DES 64 bit MAC - // */ - // public static class DES64 - // extends JCEMac - // { - // public DES64() - // { - // super(new CBCBlockCipherMac(new DESEngine(), 64)); - // } - // } - // - // /** - // * RC2 - // */ - // public static class RC2 - // extends JCEMac - // { - // public RC2() - // { - // super(new CBCBlockCipherMac(new RC2Engine())); - // } - // } - // - // - // - // - // /** - // * DES - // */ - // public static class DESCFB8 - // extends JCEMac - // { - // public DESCFB8() - // { - // super(new CFBBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * RC2CFB8 - // */ - // - // - // /** - // * DES9797Alg3with7816-4Padding - // */ - // public static class DES9797Alg3with7816d4 - // extends JCEMac - // { - // public DES9797Alg3with7816d4() - // { - // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - // } - // } - // - // /** - // * DES9797Alg3 - // */ - // public static class DES9797Alg3 - // extends JCEMac - // { - // public DES9797Alg3() - // { - // super(new ISO9797Alg3Mac(new DESEngine())); - // } - // } - // - // /** - // * MD2 HMac - // */ - // public static class MD2 - // extends JCEMac - // { - // public MD2() - // { - // super(new HMac(new MD2Digest())); - // } - // } - // - // /** - // * MD4 HMac - // */ - // public static class MD4 - // extends JCEMac - // { - // public MD4() - // { - // super(new HMac(new MD4Digest())); - // } - // } - // END android-removed - - /** - * MD5 HMac - */ - public static class MD5 - extends JCEMac - { - public MD5() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getMD5())); - // END android-changed - } - } - - /** - * SHA1 HMac - */ - public static class SHA1 - extends JCEMac - { - public SHA1() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1())); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * SHA-224 HMac - // */ - // public static class SHA224 - // extends JCEMac - // { - // public SHA224() - // { - // super(new HMac(new SHA224Digest())); - // } - // } - // END android-removed - - /** - * SHA-256 HMac - */ - public static class SHA256 - extends JCEMac - { - public SHA256() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA256())); - // END android-changed - } - } - - /** - * SHA-384 HMac - */ - public static class SHA384 - extends JCEMac - { - public SHA384() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA384())); - // END android-changed - } - } - - // BEGIN android-removed - // public static class OldSHA384 - // extends JCEMac - // { - // public OldSHA384() - // { - // super(new OldHMac(new SHA384Digest())); - // } - // } - // END android-removed - - /** - * SHA-512 HMac - */ - public static class SHA512 - extends JCEMac - { - public SHA512() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA512())); - // END android-changed - } - } - - - // BEGIN android-removed - // /** - // * SHA-512 HMac - // */ - // public static class OldSHA512 - // extends JCEMac - // { - // public OldSHA512() - // { - // super(new OldHMac(new SHA512Digest())); - // } - // } - // - // /** - // * RIPEMD128 HMac - // */ - // public static class RIPEMD128 - // extends JCEMac - // { - // public RIPEMD128() - // { - // super(new HMac(new RIPEMD128Digest())); - // } - // } - // - // /** - // * RIPEMD160 HMac - // */ - // public static class RIPEMD160 - // extends JCEMac - // { - // public RIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest())); - // } - // } - // - // /** - // * Tiger HMac - // */ - // public static class Tiger - // extends JCEMac - // { - // public Tiger() - // { - // super(new HMac(new TigerDigest())); - // } - // } - // - // // - // // PKCS12 states that the same algorithm should be used - // // for the key generation as is used in the HMAC, so that - // // is what we do here. - // // - // - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends JCEMac - // { - // public PBEWithRIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends JCEMac - { - public PBEWithSHA() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends JCEMac - // { - // public PBEWithTiger() - // { - // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - // } - // } - // END android-removed -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java deleted file mode 100644 index faf0ead..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ /dev/null @@ -1,612 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.lang.reflect.Constructor; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; - -public class JCESecretKeyFactory - extends SecretKeyFactorySpi - implements PBE -{ - protected String algName; - protected ASN1ObjectIdentifier algOid; - - protected JCESecretKeyFactory( - String algName, - ASN1ObjectIdentifier algOid) - { - this.algName = algName; - this.algOid = algOid; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof SecretKeySpec) - { - return (SecretKey)keySpec; - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - - try - { - Class[] parameters = { byte[].class }; - - Constructor c = keySpec.getConstructor(parameters); - Object[] p = new Object[1]; - - p[0] = key.getEncoded(); - - return (KeySpec)c.newInstance(p); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - protected SecretKey engineTranslateKey( - SecretKey key) - throws InvalidKeyException - { - if (key == null) - { - throw new InvalidKeyException("key parameter is null"); - } - - if (!key.getAlgorithm().equalsIgnoreCase(algName)) - { - throw new InvalidKeyException("Key not of type " + algName + "."); - } - - return new SecretKeySpec(key.getEncoded(), algName); - } - - /* - * classes that inherit from us - */ - - static public class PBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public PBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DESPBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - KeyParameter kParam; - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - DESParameters.setOddParity(kParam.getKey()); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DES - extends JCESecretKeyFactory - { - public DES() - { - super("DES", null); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - // BEGIN android-removed - // /** - // * PBEWithMD2AndDES - // */ - // static public class PBEWithMD2AndDES - // extends DESPBEKeyFactory - // { - // public PBEWithMD2AndDES() - // { - // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); - // } - // } - // - // /** - // * PBEWithMD2AndRC2 - // */ - // static public class PBEWithMD2AndRC2 - // extends PBEKeyFactory - // { - // public PBEWithMD2AndRC2() - // { - // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); - // } - // } - // END android-removed - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends DESPBEKeyFactory - { - public PBEWithMD5AndDES() - { - super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends PBEKeyFactory - { - public PBEWithMD5AndRC2() - { - super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends DESPBEKeyFactory - { - public PBEWithSHA1AndDES() - { - super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends PBEKeyFactory - { - public PBEWithSHA1AndRC2() - { - super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3Key - extends DESPBEKeyFactory - { - public PBEWithSHAAndDES3Key() - { - super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2Key - extends DESPBEKeyFactory - { - public PBEWithSHAAndDES2Key() - { - super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitRC2 - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitRC2() - { - super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends PBEKeyFactory - { - public PBEWithSHAAnd40BitRC2() - { - super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHAAndTwofish - extends PBEKeyFactory - { - public PBEWithSHAAndTwofish() - { - super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128BitRC4 - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitRC4() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40BitRC4 - extends PBEKeyFactory - { - public PBEWithSHAAnd40BitRC4() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends PBEKeyFactory - // { - // public PBEWithRIPEMD160() - // { - // super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends PBEKeyFactory - { - public PBEWithSHA() - { - super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends PBEKeyFactory - // { - // public PBEWithTiger() - // { - // super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); - // } - // } - // END android-removed - - /** - * PBEWithSHA1And128BitAES-BC - */ - static public class PBEWithSHAAnd128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitAESBC() - { - super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); - } - } - - /** - * PBEWithSHA1And192BitAES-BC - */ - static public class PBEWithSHAAnd192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd192BitAESBC() - { - super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); - } - } - - /** - * PBEWithSHA1And256BitAES-BC - */ - static public class PBEWithSHAAnd256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd256BitAESBC() - { - super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHA256And128BitAES-BC - */ - static public class PBEWithSHA256And128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And128BitAESBC() - { - super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); - } - } - - /** - * PBEWithSHA256And192BitAES-BC - */ - static public class PBEWithSHA256And192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And192BitAESBC() - { - super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); - } - } - - /** - * PBEWithSHA256And256BitAES-BC - */ - static public class PBEWithSHA256And256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And256BitAESBC() - { - super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); - } - } - - /** - * PBEWithMD5And128BitAES-OpenSSL - */ - static public class PBEWithMD5And128BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And128BitAESCBCOpenSSL() - { - super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); - } - } - - /** - * PBEWithMD5And192BitAES-OpenSSL - */ - static public class PBEWithMD5And192BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And192BitAESCBCOpenSSL() - { - super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); - } - } - - /** - * PBEWithMD5And256BitAES-OpenSSL - */ - static public class PBEWithMD5And256BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And256BitAESCBCOpenSSL() - { - super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); - } - } - // BEGIN android-added - static public class PBKDF2WithHmacSHA1 - extends JCESecretKeyFactory - { - public PBKDF2WithHmacSHA1() - { - super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - - if (pbeSpec.getSalt() == null) - { - throw new InvalidKeySpecException("missing required salt"); - } - - if (pbeSpec.getIterationCount() <= 0) - { - throw new InvalidKeySpecException("positive iteration count required: " - + pbeSpec.getIterationCount()); - } - - if (pbeSpec.getKeyLength() <= 0) - { - throw new InvalidKeySpecException("positive key length required: " - + pbeSpec.getKeyLength()); - } - - if (pbeSpec.getPassword().length == 0) - { - throw new IllegalArgumentException("password empty"); - } - - int scheme = PKCS5S2; - int digest = SHA1; - int keySize = pbeSpec.getKeyLength(); - int ivSize = -1; - CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - // END android-added -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java index 4600679..7471b0b 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java @@ -620,28 +620,4 @@ public class JCEStreamCipher // } // } // END android-removed - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128BitRC4 - extends JCEStreamCipher - { - public PBEWithSHAAnd128BitRC4() - { - super(new RC4Engine(), 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40BitRC4 - extends JCEStreamCipher - { - public PBEWithSHAAnd40BitRC4() - { - super(new RC4Engine(), 0); - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java deleted file mode 100644 index 9a8cf9b..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java +++ /dev/null @@ -1,320 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.AlgorithmParametersSpi; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.IESParameterSpec; -// END android-removed - -public abstract class JDKAlgorithmParameters - extends AlgorithmParametersSpi -{ - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException; - - public static class PBKDF2 - extends JDKAlgorithmParameters - { - PBKDF2Params params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getSalt(), - params.getIterationCount().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PBKDF2Params(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PWRIKEK parameters object"); - } - - protected String engineToString() - { - return "PBKDF2 Parameters"; - } - } - - public static class PKCS12PBE - extends JDKAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } - - // BEGIN android-removed - // public static class IES - // extends JDKAlgorithmParameters - // { - // IESParameterSpec currentSpec; - // - // /** - // * in the absence of a standard way of doing it this will do for - // * now... - // */ - // protected byte[] engineGetEncoded() - // { - // try - // { - // ASN1EncodableVector v = new ASN1EncodableVector(); - // - // v.add(new DEROctetString(currentSpec.getDerivationV())); - // v.add(new DEROctetString(currentSpec.getEncodingV())); - // v.add(new DERInteger(currentSpec.getMacKeySize())); - // - // return new DERSequence(v).getEncoded(ASN1Encoding.DER); - // } - // catch (IOException e) - // { - // throw new RuntimeException("Error encoding IESParameters"); - // } - // } - // - // protected byte[] engineGetEncoded( - // String format) - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == IESParameterSpec.class) - // { - // return currentSpec; - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (!(paramSpec instanceof IESParameterSpec)) - // { - // throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); - // } - // - // this.currentSpec = (IESParameterSpec)paramSpec; - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // try - // { - // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); - // - // this.currentSpec = new IESParameterSpec( - // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - // ((DERInteger)s.getObjectAt(0)).getValue().intValue()); - // } - // catch (ClassCastException e) - // { - // throw new IOException("Not a valid IES Parameter encoding."); - // } - // catch (ArrayIndexOutOfBoundsException e) - // { - // throw new IOException("Not a valid IES Parameter encoding."); - // } - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // engineInit(params); - // } - // else - // { - // throw new IOException("Unknown parameter format " + format); - // } - // } - // - // protected String engineToString() - // { - // return "IES Parameters"; - // } - // } - // END android-removed -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java index 865481f..7e8340a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java @@ -5,6 +5,9 @@ import java.security.KeyStore; import java.security.KeyStore.LoadStoreParameter; import java.security.KeyStore.ProtectionParameter; +/** + * @deprecated use org.bouncycastle.jcajce.config.PKCS12StoreParameter + */ public class JDKPKCS12StoreParameter implements LoadStoreParameter { private OutputStream outputStream; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java index 415f840..769edb8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java @@ -375,35 +375,35 @@ public class RFC3280CertPathUtilities } - protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); + public static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); - protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); + public static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); - protected static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); + public static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); - protected static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); + public static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); - protected static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId(); + public static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId(); - protected static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); + public static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); - protected static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); + public static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); - protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); + public static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); - protected static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId(); + public static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId(); - protected static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); + public static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); - protected static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); + public static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); - protected static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); + public static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); - protected static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); + public static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); - protected static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); + public static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); - protected static final String ANY_POLICY = "2.5.29.32.0"; + public static final String ANY_POLICY = "2.5.29.32.0"; /* * key usage bits diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java index c984104..58281af 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java @@ -16,8 +16,6 @@ public abstract class ECCurve public abstract ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression); - public abstract ECPoint decodePoint(byte[] encoded); - public abstract ECPoint getInfinity(); public ECFieldElement getA() @@ -30,6 +28,74 @@ public abstract class ECCurve return b; } + protected abstract ECPoint decompressPoint(int yTilde, BigInteger X1); + + /** + * Decode a point on this curve from its ASN.1 encoding. The different + * encodings are taken account of, including point compression for + * <code>F<sub>p</sub></code> (X9.62 s 4.2.1 pg 17). + * @return The decoded point. + */ + public ECPoint decodePoint(byte[] encoded) + { + ECPoint p = null; + int expectedLength = (getFieldSize() + 7) / 8; + + switch (encoded[0]) + { + case 0x00: // infinity + { + if (encoded.length != 1) + { + throw new IllegalArgumentException("Incorrect length for infinity encoding"); + } + + p = getInfinity(); + break; + } + case 0x02: // compressed + case 0x03: // compressed + { + if (encoded.length != (expectedLength + 1)) + { + throw new IllegalArgumentException("Incorrect length for compressed encoding"); + } + + int yTilde = encoded[0] & 1; + BigInteger X1 = fromArray(encoded, 1, expectedLength); + + p = decompressPoint(yTilde, X1); + break; + } + case 0x04: // uncompressed + case 0x06: // hybrid + case 0x07: // hybrid + { + if (encoded.length != (2 * expectedLength + 1)) + { + throw new IllegalArgumentException("Incorrect length for uncompressed/hybrid encoding"); + } + + BigInteger X1 = fromArray(encoded, 1, expectedLength); + BigInteger Y1 = fromArray(encoded, 1 + expectedLength, expectedLength); + + p = createPoint(X1, Y1, false); + break; + } + default: + throw new IllegalArgumentException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); + } + + return p; + } + + private static BigInteger fromArray(byte[] buf, int off, int length) + { + byte[] mag = new byte[length]; + System.arraycopy(buf, off, mag, 0, length); + return new BigInteger(1, mag); + } + /** * Elliptic curve over Fp */ @@ -66,79 +132,31 @@ public abstract class ECCurve return new ECPoint.Fp(this, fromBigInteger(x), fromBigInteger(y), withCompression); } - /** - * Decode a point on this curve from its ASN.1 encoding. The different - * encodings are taken account of, including point compression for - * <code>F<sub>p</sub></code> (X9.62 s 4.2.1 pg 17). - * @return The decoded point. - */ - public ECPoint decodePoint(byte[] encoded) + protected ECPoint decompressPoint(int yTilde, BigInteger X1) { - ECPoint p = null; + ECFieldElement x = fromBigInteger(X1); + ECFieldElement alpha = x.multiply(x.square().add(a)).add(b); + ECFieldElement beta = alpha.sqrt(); - switch (encoded[0]) + // + // if we can't find a sqrt we haven't got a point on the + // curve - run! + // + if (beta == null) { - // infinity - case 0x00: - if (encoded.length > 1) - { - throw new RuntimeException("Invalid point encoding"); - } - p = getInfinity(); - break; - // compressed - case 0x02: - case 0x03: - int ytilde = encoded[0] & 1; - byte[] i = new byte[encoded.length - 1]; - - System.arraycopy(encoded, 1, i, 0, i.length); - - ECFieldElement x = new ECFieldElement.Fp(this.q, new BigInteger(1, i)); - ECFieldElement alpha = x.multiply(x.square().add(a)).add(b); - ECFieldElement beta = alpha.sqrt(); - - // - // if we can't find a sqrt we haven't got a point on the - // curve - run! - // - if (beta == null) - { - throw new RuntimeException("Invalid point compression"); - } + throw new RuntimeException("Invalid point compression"); + } - int bit0 = (beta.toBigInteger().testBit(0) ? 1 : 0); + BigInteger betaValue = beta.toBigInteger(); + int bit0 = betaValue.testBit(0) ? 1 : 0; - if (bit0 == ytilde) - { - p = new ECPoint.Fp(this, x, beta, true); - } - else - { - p = new ECPoint.Fp(this, x, - new ECFieldElement.Fp(this.q, q.subtract(beta.toBigInteger())), true); - } - break; - // uncompressed - case 0x04: - // hybrid - case 0x06: - case 0x07: - byte[] xEnc = new byte[(encoded.length - 1) / 2]; - byte[] yEnc = new byte[(encoded.length - 1) / 2]; - - System.arraycopy(encoded, 1, xEnc, 0, xEnc.length); - System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length); - - p = new ECPoint.Fp(this, - new ECFieldElement.Fp(this.q, new BigInteger(1, xEnc)), - new ECFieldElement.Fp(this.q, new BigInteger(1, yEnc))); - break; - default: - throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); + if (bit0 != yTilde) + { + // Use the other root + beta = fromBigInteger(q.subtract(betaValue)); } - return p; + return new ECPoint.Fp(this, x, beta, true); } public ECPoint getInfinity() @@ -403,62 +421,6 @@ public abstract class ECCurve return new ECPoint.F2m(this, fromBigInteger(x), fromBigInteger(y), withCompression); } - /* (non-Javadoc) - * @see org.bouncycastle.math.ec.ECCurve#decodePoint(byte[]) - */ - public ECPoint decodePoint(byte[] encoded) - { - ECPoint p = null; - - switch (encoded[0]) - { - // infinity - case 0x00: - if (encoded.length > 1) - { - throw new RuntimeException("Invalid point encoding"); - } - p = getInfinity(); - break; - // compressed - case 0x02: - case 0x03: - byte[] enc = new byte[encoded.length - 1]; - System.arraycopy(encoded, 1, enc, 0, enc.length); - if (encoded[0] == 0x02) - { - p = decompressPoint(enc, 0); - } - else - { - p = decompressPoint(enc, 1); - } - break; - // uncompressed - case 0x04: - // hybrid - case 0x06: - case 0x07: - byte[] xEnc = new byte[(encoded.length - 1) / 2]; - byte[] yEnc = new byte[(encoded.length - 1) / 2]; - - System.arraycopy(encoded, 1, xEnc, 0, xEnc.length); - System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length); - - p = new ECPoint.F2m(this, - new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, - new BigInteger(1, xEnc)), - new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, - new BigInteger(1, yEnc)), false); - break; - - default: - throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); - } - - return p; - } - public ECPoint getInfinity() { return infinity; @@ -508,18 +470,15 @@ public abstract class ECCurve /** * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2). * - * @param xEnc - * The encoding of field element xp. - * @param ypBit + * @param yTilde * ~yp, an indication bit for the decompression of yp. + * @param X1 + * The field element xp. * @return the decompressed point. */ - private ECPoint decompressPoint( - byte[] xEnc, - int ypBit) + protected ECPoint decompressPoint(int yTilde, BigInteger X1) { - ECFieldElement xp = new ECFieldElement.F2m( - this.m, this.k1, this.k2, this.k3, new BigInteger(1, xEnc)); + ECFieldElement xp = fromBigInteger(X1); ECFieldElement yp = null; if (xp.toBigInteger().equals(ECConstants.ZERO)) { @@ -531,27 +490,21 @@ public abstract class ECCurve } else { - ECFieldElement beta = xp.add(a).add( - b.multiply(xp.square().invert())); + ECFieldElement beta = xp.add(a).add(b.multiply(xp.square().invert())); ECFieldElement z = solveQuadradicEquation(beta); if (z == null) { - throw new RuntimeException("Invalid point compression"); + throw new IllegalArgumentException("Invalid point compression"); } - int zBit = 0; - if (z.toBigInteger().testBit(0)) + int zBit = z.toBigInteger().testBit(0) ? 1 : 0; + if (zBit != yTilde) { - zBit = 1; - } - if (zBit != ypBit) - { - z = z.add(new ECFieldElement.F2m(this.m, this.k1, this.k2, - this.k3, ECConstants.ONE)); + z = z.add(fromBigInteger(ECConstants.ONE)); } yp = xp.multiply(z); } - - return new ECPoint.F2m(this, xp, yp); + + return new ECPoint.F2m(this, xp, yp, true); } /** diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java index b14e4c1..cbc5aaf 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java @@ -108,7 +108,12 @@ public abstract class ECPoint this.preCompInfo = preCompInfo; } - public abstract byte[] getEncoded(); + public byte[] getEncoded() + { + return getEncoded(withCompression); + } + + public abstract byte[] getEncoded(boolean compressed); public abstract ECPoint add(ECPoint b); public abstract ECPoint subtract(ECPoint b); @@ -193,7 +198,7 @@ public abstract class ECPoint /** * return the field element encoded with point compression. (S 4.3.6) */ - public byte[] getEncoded() + public byte[] getEncoded(boolean compressed) { if (this.isInfinity()) { @@ -202,7 +207,7 @@ public abstract class ECPoint int qLength = converter.getByteLength(x); - if (withCompression) + if (compressed) { byte PC; @@ -268,7 +273,7 @@ public abstract class ECPoint ECFieldElement x3 = gamma.square().subtract(this.x).subtract(b.x); ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y); - return new ECPoint.Fp(curve, x3, y3); + return new ECPoint.Fp(curve, x3, y3, withCompression); } // B.3 pg 62 @@ -374,7 +379,7 @@ public abstract class ECPoint /* (non-Javadoc) * @see org.bouncycastle.math.ec.ECPoint#getEncoded() */ - public byte[] getEncoded() + public byte[] getEncoded(boolean compressed) { if (this.isInfinity()) { @@ -385,7 +390,7 @@ public abstract class ECPoint byte[] X = converter.integerToBytes(this.getX().toBigInteger(), byteCount); byte[] PO; - if (withCompression) + if (compressed) { // See X9.62 4.3.6 and 4.2.2 PO = new byte[byteCount + 1]; diff --git a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java index d1c3111..457320e 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java +++ b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java @@ -423,6 +423,40 @@ public final class Arrays return copy; } + public static byte[][] clone(byte[][] data) + { + if (data == null) + { + return null; + } + + byte[][] copy = new byte[data.length][]; + + for (int i = 0; i != copy.length; i++) + { + copy[i] = clone(data[i]); + } + + return copy; + } + + public static byte[][][] clone(byte[][][] data) + { + if (data == null) + { + return null; + } + + byte[][][] copy = new byte[data.length][][]; + + for (int i = 0; i != copy.length; i++) + { + copy[i] = clone(data[i]); + } + + return copy; + } + public static int[] clone(int[] data) { if (data == null) @@ -619,10 +653,84 @@ public final class Arrays int newLength = to - from; if (newLength < 0) { - StringBuffer sb = new StringBuffer(from); - sb.append(" > ").append(to); + StringBuffer sb = new StringBuffer(from); + sb.append(" > ").append(to); throw new IllegalArgumentException(sb.toString()); } return newLength; } + + public static byte[] concatenate(byte[] a, byte[] b) + { + if (a != null && b != null) + { + byte[] rv = new byte[a.length + b.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + + return rv; + } + else if (b != null) + { + return clone(b); + } + else + { + return clone(a); + } + } + + public static byte[] concatenate(byte[] a, byte[] b, byte[] c) + { + if (a != null && b != null && c != null) + { + byte[] rv = new byte[a.length + b.length + c.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + System.arraycopy(c, 0, rv, a.length + b.length, c.length); + + return rv; + } + else if (b == null) + { + return concatenate(a, c); + } + else + { + return concatenate(a, b); + } + } + + public static byte[] concatenate(byte[] a, byte[] b, byte[] c, byte[] d) + { + if (a != null && b != null && c != null && d != null) + { + byte[] rv = new byte[a.length + b.length + c.length + d.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + System.arraycopy(c, 0, rv, a.length + b.length, c.length); + System.arraycopy(d, 0, rv, a.length + b.length + c.length, d.length); + + return rv; + } + else if (d == null) + { + return concatenate(a, b, c); + } + else if (c == null) + { + return concatenate(a, b, d); + } + else if (b == null) + { + return concatenate(a, c, d); + } + else + { + return concatenate(b, c, d); + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/util/Memoable.java b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java new file mode 100644 index 0000000..0be9171 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java @@ -0,0 +1,23 @@ +package org.bouncycastle.util; + +public interface Memoable +{ + /** + * Produce a copy of this object with its configuration and in its current state. + * <p/> + * The returned object may be used simply to store the state, or may be used as a similar object + * starting from the copied state. + */ + public Memoable copy(); + + /** + * Restore a copied object state into this object. + * <p/> + * Implementations of this method <em>should</em> try to avoid or minimise memory allocation to perform the reset. + * + * @param other an object originally {@link #copy() copied} from an object of the same type as this instance. + * @throws ClassCastException if the provided object is not of the correct type. + * @throws MemoableResetException if the <b>other</b> parameter is in some other way invalid. + */ + public void reset(Memoable other); +} diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java index 742a961..8380629 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java +++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java @@ -4,10 +4,27 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; +import org.bouncycastle.util.Strings; + public class Base64 { private static final Encoder encoder = new Base64Encoder(); + public static String toBase64String( + byte[] data) + { + return toBase64String(data, 0, data.length); + } + + public static String toBase64String( + byte[] data, + int off, + int length) + { + byte[] encoded = encode(data, off, length); + return Strings.fromByteArray(encoded); + } + /** * encode the input data producing a base 64 encoded byte array. * @@ -16,12 +33,25 @@ public class Base64 public static byte[] encode( byte[] data) { - int len = (data.length + 2) / 3 * 4; + return encode(data, 0, data.length); + } + + /** + * encode the input data producing a base 64 encoded byte array. + * + * @return a byte array containing the base 64 encoded data. + */ + public static byte[] encode( + byte[] data, + int off, + int length) + { + int len = (length + 2) / 3 * 4; ByteArrayOutputStream bOut = new ByteArrayOutputStream(len); - + try { - encoder.encode(data, 0, data.length, bOut); + encoder.encode(data, off, length, bOut); } catch (Exception e) { diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java index 3d058aa..d49f1ef 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java +++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java @@ -4,10 +4,27 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; +import org.bouncycastle.util.Strings; + public class Hex { private static final Encoder encoder = new HexEncoder(); + public static String toHexString( + byte[] data) + { + return toHexString(data, 0, data.length); + } + + public static String toHexString( + byte[] data, + int off, + int length) + { + byte[] encoded = encode(data, off, length); + return Strings.fromByteArray(encoded); + } + /** * encode the input data producing a Hex encoded byte array. * diff --git a/bouncycastle.config b/bouncycastle.config index 3ebc43c..338b572 100644 --- a/bouncycastle.config +++ b/bouncycastle.config @@ -4,6 +4,7 @@ org/bouncycastle/asn1/cmp \ org/bouncycastle/asn1/cms/ecc \ org/bouncycastle/asn1/crmf \ org/bouncycastle/asn1/cryptopro \ +org/bouncycastle/asn1/dvcs \ org/bouncycastle/asn1/esf \ org/bouncycastle/asn1/ess \ org/bouncycastle/asn1/gnu \ @@ -18,7 +19,10 @@ org/bouncycastle/asn1/x509/sigi \ org/bouncycastle/crypto/agreement/kdf \ org/bouncycastle/crypto/agreement/jpake \ org/bouncycastle/crypto/agreement/srp \ +org/bouncycastle/crypto/commitments \ +org/bouncycastle/crypto/ec \ org/bouncycastle/crypto/examples \ +org/bouncycastle/crypto/kems \ org/bouncycastle/crypto/prng \ org/bouncycastle/crypto/tls/ \ org/bouncycastle/i18n/ \ @@ -26,9 +30,9 @@ org/bouncycastle/jcajce/provider/asymmetric/ecgost \ org/bouncycastle/jcajce/provider/asymmetric/elgamal \ org/bouncycastle/jcajce/provider/asymmetric/dstu \ org/bouncycastle/jcajce/provider/asymmetric/gost \ +org/bouncycastle/jcajce/provider/asymmetric/ies \ org/bouncycastle/jce/examples \ org/bouncycastle/jce/provider/test \ -org/bouncycastle/math/ntru \ org/bouncycastle/ocsp \ org/bouncycastle/pqc \ org/bouncycastle/util/test \ @@ -41,6 +45,7 @@ org/bouncycastle/LICENSE.java \ org/bouncycastle/asn1/BERSequenceGenerator.java \ org/bouncycastle/asn1/DERGenerator.java \ org/bouncycastle/asn1/DERSequenceGenerator.java \ +org/bouncycastle/asn1/DERT61UTF8String.java \ org/bouncycastle/asn1/cms/AuthEnvelopedData.java \ org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java \ org/bouncycastle/asn1/cms/AuthenticatedData.java \ @@ -66,11 +71,13 @@ org/bouncycastle/asn1/cms/OriginatorInfo.java \ org/bouncycastle/asn1/cms/OriginatorPublicKey.java \ org/bouncycastle/asn1/cms/OtherKeyAttribute.java \ org/bouncycastle/asn1/cms/OtherRecipientInfo.java \ +org/bouncycastle/asn1/cms/OtherRevocationInfoFormat.java \ org/bouncycastle/asn1/cms/PasswordRecipientInfo.java \ org/bouncycastle/asn1/cms/RecipientEncryptedKey.java \ org/bouncycastle/asn1/cms/RecipientIdentifier.java \ org/bouncycastle/asn1/cms/RecipientInfo.java \ org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java \ +org/bouncycastle/asn1/cms/SCVPReqRes.java \ org/bouncycastle/asn1/cms/SignedDataParser.java \ org/bouncycastle/asn1/cms/TimeStampAndCRL.java \ org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java \ @@ -132,6 +139,7 @@ org/bouncycastle/asn1/x509/CertPolicyId.java \ org/bouncycastle/asn1/x509/CertificatePair.java \ org/bouncycastle/asn1/x509/CertificatePolicies.java \ org/bouncycastle/asn1/x509/DisplayText.java \ +org/bouncycastle/asn1/x509/GeneralNamesBuilder.java \ org/bouncycastle/asn1/x509/IetfAttrSyntax.java \ org/bouncycastle/asn1/x509/NoticeReference.java \ org/bouncycastle/asn1/x509/PolicyMappings.java \ @@ -148,27 +156,34 @@ org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java \ org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java \ org/bouncycastle/asn1/x509/X509AttributeIdentifiers.java \ org/bouncycastle/asn1/x509/package.html \ +org/bouncycastle/asn1/x9/ECNamedCurveTable.java \ org/bouncycastle/asn1/x9/KeySpecificInfo.java \ org/bouncycastle/asn1/x9/OtherInfo.java \ org/bouncycastle/asn1/x9/package.html \ org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java \ +org/bouncycastle/crypto/Commitment.java \ +org/bouncycastle/crypto/Committer.java \ org/bouncycastle/crypto/EphemeralKeyPair.java \ +org/bouncycastle/crypto/KeyEncapsulation.java \ org/bouncycastle/crypto/KeyEncoder.java \ org/bouncycastle/crypto/KeyParser.java \ org/bouncycastle/crypto/MaxBytesExceededException.java \ org/bouncycastle/crypto/agreement/DHAgreement.java \ +org/bouncycastle/crypto/agreement/DHStandardGroups.java \ org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java \ org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java \ org/bouncycastle/crypto/agreement/package.html \ org/bouncycastle/crypto/digests/GOST3411Digest.java \ org/bouncycastle/crypto/digests/MD2Digest.java \ org/bouncycastle/crypto/digests/MD4Digest.java \ +org/bouncycastle/crypto/digests/NonMemoableDigest.java \ org/bouncycastle/crypto/digests/RIPEMD128Digest.java \ org/bouncycastle/crypto/digests/RIPEMD160Digest.java \ org/bouncycastle/crypto/digests/RIPEMD256Digest.java \ org/bouncycastle/crypto/digests/RIPEMD320Digest.java \ org/bouncycastle/crypto/digests/SHA224Digest.java \ org/bouncycastle/crypto/digests/SHA3Digest.java \ +org/bouncycastle/crypto/digests/SHA512tDigest.java \ org/bouncycastle/crypto/digests/ShortenedDigest.java \ org/bouncycastle/crypto/digests/TigerDigest.java \ org/bouncycastle/crypto/digests/WhirlpoolDigest.java \ @@ -190,8 +205,6 @@ org/bouncycastle/crypto/engines/HC256Engine.java \ org/bouncycastle/crypto/engines/IDEAEngine.java \ org/bouncycastle/crypto/engines/IESEngine.java \ org/bouncycastle/crypto/engines/ISAACEngine.java \ -org/bouncycastle/crypto/engines/IndexGenerator.java \ -org/bouncycastle/crypto/engines/NTRUEngine.java \ org/bouncycastle/crypto/engines/NaccacheSternEngine.java \ org/bouncycastle/crypto/engines/NoekeonEngine.java \ org/bouncycastle/crypto/engines/NullEngine.java \ @@ -225,8 +238,6 @@ org/bouncycastle/crypto/generators/HKDFBytesGenerator.java \ org/bouncycastle/crypto/generators/KDF1BytesGenerator.java \ org/bouncycastle/crypto/generators/KDF2BytesGenerator.java \ org/bouncycastle/crypto/generators/MGF1BytesGenerator.java \ -org/bouncycastle/crypto/generators/NTRUEncryptionKeyPairGenerator.java \ -org/bouncycastle/crypto/generators/NTRUSigningKeyPairGenerator.java \ org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java \ org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java \ org/bouncycastle/crypto/generators/SCrypt.java \ @@ -237,13 +248,16 @@ org/bouncycastle/crypto/io/package.html \ org/bouncycastle/crypto/macs/BlockCipherMac.java \ org/bouncycastle/crypto/macs/CFBBlockCipherMac.java \ org/bouncycastle/crypto/macs/CMac.java \ +org/bouncycastle/crypto/macs/GMac.java \ org/bouncycastle/crypto/macs/GOST28147Mac.java \ org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java \ org/bouncycastle/crypto/macs/OldHMac.java \ +org/bouncycastle/crypto/macs/SipHash.java \ org/bouncycastle/crypto/macs/VMPCMac.java \ org/bouncycastle/crypto/macs/package.html \ org/bouncycastle/crypto/modes/EAXBlockCipher.java \ org/bouncycastle/crypto/modes/GOFBBlockCipher.java \ +org/bouncycastle/crypto/modes/OCBBlockCipher.java \ org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java \ org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java \ org/bouncycastle/crypto/modes/PaddedBlockCipher.java \ @@ -273,16 +287,6 @@ org/bouncycastle/crypto/params/KDFParameters.java \ org/bouncycastle/crypto/params/MGFParameters.java \ org/bouncycastle/crypto/params/MQVPrivateParameters.java \ org/bouncycastle/crypto/params/MQVPublicParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionKeyGenerationParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionPrivateKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionPublicKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningKeyGenerationParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningPrivateKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningPublicKeyParameters.java \ org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java \ org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java \ org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java \ @@ -301,8 +305,6 @@ org/bouncycastle/crypto/signers/GOST3410Signer.java \ org/bouncycastle/crypto/signers/GenericSigner.java \ org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java \ org/bouncycastle/crypto/signers/ISO9796d2Signer.java \ -org/bouncycastle/crypto/signers/NTRUSigner.java \ -org/bouncycastle/crypto/signers/NTRUSignerPrng.java \ org/bouncycastle/crypto/signers/PSSSigner.java \ org/bouncycastle/crypto/signers/package.html \ org/bouncycastle/crypto/util/PrivateKeyInfoFactory.java \ @@ -312,10 +314,12 @@ org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.java \ org/bouncycastle/jcajce/provider/asymmetric/ECGOST.java \ org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java \ org/bouncycastle/jcajce/provider/asymmetric/GOST.java \ +org/bouncycastle/jcajce/provider/asymmetric/IES.java \ org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java \ org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java \ org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java \ org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java \ +org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.java \ org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.java \ org/bouncycastle/jcajce/provider/digest/GOST3411.java \ org/bouncycastle/jcajce/provider/digest/MD2.java \ @@ -338,21 +342,22 @@ org/bouncycastle/jcajce/provider/symmetric/HC128.java \ org/bouncycastle/jcajce/provider/symmetric/HC256.java \ org/bouncycastle/jcajce/provider/symmetric/IDEA.java \ org/bouncycastle/jcajce/provider/symmetric/Noekeon.java \ -org/bouncycastle/jcajce/provider/symmetric/RC2.java \ +org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java \ org/bouncycastle/jcajce/provider/symmetric/RC5.java \ org/bouncycastle/jcajce/provider/symmetric/RC6.java \ org/bouncycastle/jcajce/provider/symmetric/Rijndael.java \ org/bouncycastle/jcajce/provider/symmetric/SEED.java \ org/bouncycastle/jcajce/provider/symmetric/Salsa20.java \ org/bouncycastle/jcajce/provider/symmetric/Serpent.java \ +org/bouncycastle/jcajce/provider/symmetric/SipHash.java \ org/bouncycastle/jcajce/provider/symmetric/Skipjack.java \ org/bouncycastle/jcajce/provider/symmetric/TEA.java \ -org/bouncycastle/jcajce/provider/symmetric/Twofish.java \ org/bouncycastle/jcajce/provider/symmetric/VMPC.java \ org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.java \ org/bouncycastle/jcajce/provider/symmetric/XTEA.java \ org/bouncycastle/jce/ECGOST3410NamedCurveTable.java \ org/bouncycastle/jce/ECKeyUtil.java \ +org/bouncycastle/jce/ECNamedCurveTable.java \ org/bouncycastle/jce/ECPointUtil.java \ org/bouncycastle/jce/MultiCertStoreParameters.java \ org/bouncycastle/jce/PKCS12Util.java \ @@ -375,11 +380,8 @@ org/bouncycastle/jce/package.html \ org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java \ org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java \ org/bouncycastle/jce/provider/BrokenPBE.java \ -org/bouncycastle/jce/provider/ElGamalUtil.java \ -org/bouncycastle/jce/provider/GOST3410Util.java \ org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java \ org/bouncycastle/jce/provider/JCEElGamalPublicKey.java \ -org/bouncycastle/jce/provider/JCEIESCipher.java \ org/bouncycastle/jce/provider/MultiCertStoreSpi.java \ org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java \ org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java \ @@ -414,6 +416,7 @@ org/bouncycastle/jce/spec/MQVPublicKeySpec.java \ org/bouncycastle/jce/spec/package.html \ org/bouncycastle/math/ec/ReferenceMultiplier.java \ org/bouncycastle/math/ec/package.html \ +org/bouncycastle/util/MemoableResetException.java \ org/bouncycastle/util/StreamParser.java \ org/bouncycastle/util/StreamParsingException.java \ org/bouncycastle/util/encoders/BufferedDecoder.java \ @@ -452,6 +455,7 @@ org/bouncycastle/cert/selector/jcajce \ org/bouncycastle/cert/test \ org/bouncycastle/cms/bc \ org/bouncycastle/cms/test \ +org/bouncycastle/dvcs \ org/bouncycastle/eac \ org/bouncycastle/mozilla \ org/bouncycastle/openssl \ @@ -462,6 +466,7 @@ org/bouncycastle/voms \ # files UNNEEDED_BCPKIX_SOURCES+=" \ +org/bouncycastle/cert/CertRuntimeException.java \ org/bouncycastle/cert/X509ExtensionUtils.java \ org/bouncycastle/cert/X509v1CertificateBuilder.java \ org/bouncycastle/cert/X509v2AttributeCertificateBuilder.java \ @@ -549,6 +554,7 @@ org/bouncycastle/cms/RecipientInfoGenerator.java \ org/bouncycastle/cms/RecipientInformation.java \ org/bouncycastle/cms/RecipientInformationStore.java \ org/bouncycastle/cms/RecipientOperator.java \ +org/bouncycastle/cms/SignerInformationVerifierProvider.java \ org/bouncycastle/cms/jcajce/CMSUtils.java \ org/bouncycastle/cms/jcajce/DefaultJcaJceExtHelper.java \ org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java \ @@ -585,6 +591,7 @@ org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java \ org/bouncycastle/cms/package.html \ org/bouncycastle/operator/AsymmetricKeyUnwrapper.java \ org/bouncycastle/operator/AsymmetricKeyWrapper.java \ +org/bouncycastle/operator/DefaultSecretKeyProvider.java \ org/bouncycastle/operator/GenericKey.java \ org/bouncycastle/operator/InputDecryptor.java \ org/bouncycastle/operator/InputDecryptorProvider.java \ @@ -596,6 +603,7 @@ org/bouncycastle/operator/MacCalculator.java \ org/bouncycastle/operator/MacCalculatorProvider.java \ org/bouncycastle/operator/OutputCompressor.java \ org/bouncycastle/operator/OutputEncryptor.java \ +org/bouncycastle/operator/SecretKeySizeProvider.java \ org/bouncycastle/operator/SymmetricKeyUnwrapper.java \ org/bouncycastle/operator/SymmetricKeyWrapper.java \ org/bouncycastle/operator/bc/AESUtil.java \ diff --git a/bouncycastle.version b/bouncycastle.version index 1482783..89e1ea4 100644 --- a/bouncycastle.version +++ b/bouncycastle.version @@ -1,2 +1,2 @@ BOUNCYCASTLE_JDK=15on -BOUNCYCASTLE_VERSION=148 +BOUNCYCASTLE_VERSION=149 diff --git a/patches/bcpkix.patch b/patches/bcpkix.patch index 77cee43..78354bd 100644 --- a/patches/bcpkix.patch +++ b/patches/bcpkix.patch @@ -1,29 +1,508 @@ -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedGenerator.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedGenerator.java 2013-01-31 02:26:40.000000000 +0000 -@@ -22,7 +22,9 @@ +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedData.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedData.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedData.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedData.java 2013-05-25 02:14:15.000000000 +0000 +@@ -25,7 +25,9 @@ + import org.bouncycastle.asn1.cms.ContentInfo; + import org.bouncycastle.asn1.cms.SignedData; + import org.bouncycastle.asn1.cms.SignerInfo; +-import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; ++// BEGIN android-removed ++// import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; ++// END android-removed + import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; + import org.bouncycastle.operator.OperatorCreationException; + import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; +@@ -309,147 +311,149 @@ + return attributeStore; + } + +- /** +- * return a X509Store containing the public key certificates, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider name of provider to use +- * @return a store of public key certificates +- * @exception NoSuchProviderException if the provider requested isn't available. +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCertificates( +- String type, +- String provider) +- throws NoSuchStoreException, NoSuchProviderException, CMSException +- { +- return getCertificates(type, CMSUtils.getProvider(provider)); +- } +- +- /** +- * return a X509Store containing the public key certificates, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider provider to use +- * @return a store of public key certificates +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCertificates( +- String type, +- Provider provider) +- throws NoSuchStoreException, CMSException +- { +- if (certificateStore == null) +- { +- certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); +- } +- +- return certificateStore; +- } +- +- /** +- * return a X509Store containing CRLs, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider name of provider to use +- * @return a store of CRLs +- * @exception NoSuchProviderException if the provider requested isn't available. +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCRLs( +- String type, +- String provider) +- throws NoSuchStoreException, NoSuchProviderException, CMSException +- { +- return getCRLs(type, CMSUtils.getProvider(provider)); +- } +- +- /** +- * return a X509Store containing CRLs, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider provider to use +- * @return a store of CRLs +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCRLs( +- String type, +- Provider provider) +- throws NoSuchStoreException, CMSException +- { +- if (crlStore == null) +- { +- crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); +- } +- +- return crlStore; +- } +- +- /** +- * return a CertStore containing the certificates and CRLs associated with +- * this message. +- * +- * @exception NoSuchProviderException if the provider requested isn't available. +- * @exception NoSuchAlgorithmException if the cert store isn't available. +- * @exception CMSException if a general exception prevents creation of the CertStore +- * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder +- */ +- public CertStore getCertificatesAndCRLs( +- String type, +- String provider) +- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException +- { +- return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); +- } +- +- /** +- * return a CertStore containing the certificates and CRLs associated with +- * this message. +- * +- * @exception NoSuchAlgorithmException if the cert store isn't available. +- * @exception CMSException if a general exception prevents creation of the CertStore +- * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder +- */ +- public CertStore getCertificatesAndCRLs( +- String type, +- Provider provider) +- throws NoSuchAlgorithmException, CMSException +- { +- try +- { +- JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); +- +- if (provider != null) +- { +- certStoreBuilder.setProvider(provider); +- } +- +- certStoreBuilder.addCertificates(this.getCertificates()); +- certStoreBuilder.addCRLs(this.getCRLs()); +- +- return certStoreBuilder.build(); +- } +- catch (NoSuchAlgorithmException e) +- { +- throw e; +- } +- catch (Exception e) +- { +- throw new CMSException("exception creating CertStore: " + e.getMessage(), e); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * return a X509Store containing the public key certificates, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider name of provider to use ++ // * @return a store of public key certificates ++ // * @exception NoSuchProviderException if the provider requested isn't available. ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCertificates( ++ // String type, ++ // String provider) ++ // throws NoSuchStoreException, NoSuchProviderException, CMSException ++ // { ++ // return getCertificates(type, CMSUtils.getProvider(provider)); ++ // } ++ // ++ // /** ++ // * return a X509Store containing the public key certificates, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider provider to use ++ // * @return a store of public key certificates ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCertificates( ++ // String type, ++ // Provider provider) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // if (certificateStore == null) ++ // { ++ // certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); ++ // } ++ // ++ // return certificateStore; ++ // } ++ // ++ // /** ++ // * return a X509Store containing CRLs, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider name of provider to use ++ // * @return a store of CRLs ++ // * @exception NoSuchProviderException if the provider requested isn't available. ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCRLs( ++ // String type, ++ // String provider) ++ // throws NoSuchStoreException, NoSuchProviderException, CMSException ++ // { ++ // return getCRLs(type, CMSUtils.getProvider(provider)); ++ // } ++ // ++ // /** ++ // * return a X509Store containing CRLs, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider provider to use ++ // * @return a store of CRLs ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCRLs( ++ // String type, ++ // Provider provider) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // if (crlStore == null) ++ // { ++ // crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); ++ // } ++ // ++ // return crlStore; ++ // } ++ // ++ // /** ++ // * return a CertStore containing the certificates and CRLs associated with ++ // * this message. ++ // * ++ // * @exception NoSuchProviderException if the provider requested isn't available. ++ // * @exception NoSuchAlgorithmException if the cert store isn't available. ++ // * @exception CMSException if a general exception prevents creation of the CertStore ++ // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder ++ // */ ++ // public CertStore getCertificatesAndCRLs( ++ // String type, ++ // String provider) ++ // throws NoSuchAlgorithmException, NoSuchProviderException, CMSException ++ // { ++ // return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); ++ // } ++ // ++ // /** ++ // * return a CertStore containing the certificates and CRLs associated with ++ // * this message. ++ // * ++ // * @exception NoSuchAlgorithmException if the cert store isn't available. ++ // * @exception CMSException if a general exception prevents creation of the CertStore ++ // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder ++ // */ ++ // public CertStore getCertificatesAndCRLs( ++ // String type, ++ // Provider provider) ++ // throws NoSuchAlgorithmException, CMSException ++ // { ++ // try ++ // { ++ // JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); ++ // ++ // if (provider != null) ++ // { ++ // certStoreBuilder.setProvider(provider); ++ // } ++ // ++ // certStoreBuilder.addCertificates(this.getCertificates()); ++ // certStoreBuilder.addCRLs(this.getCRLs()); ++ // ++ // return certStoreBuilder.build(); ++ // } ++ // catch (NoSuchAlgorithmException e) ++ // { ++ // throw e; ++ // } ++ // catch (Exception e) ++ // { ++ // throw new CMSException("exception creating CertStore: " + e.getMessage(), e); ++ // } ++ // } ++ // END android-removed + + /** + * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. +@@ -481,18 +485,20 @@ + return HELPER.getAttributeCertificates(signedData.getCertificates()); + } + +- /** +- * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in +- * this SignedData structure. +- * +- * @param otherRevocationInfoFormat OID of the format type been looked for. +- * +- * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. +- */ +- public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) +- { +- return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); +- } ++ // BEGIN android-removed ++ // /** ++ // * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in ++ // * this SignedData structure. ++ // * ++ // * @param otherRevocationInfoFormat OID of the format type been looked for. ++ // * ++ // * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. ++ // */ ++ // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) ++ // { ++ // return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); ++ // } ++ // END android-removed + + /** + * Return the a string representation of the OID associated with the +@@ -536,71 +542,73 @@ + return contentInfo.getEncoded(); + } + +- /** +- * Verify all the SignerInformation objects and their associated counter signatures attached +- * to this CMS SignedData object. +- * +- * @param verifierProvider a provider of SignerInformationVerifier objects. +- * @return true if all verify, false otherwise. +- * @throws CMSException if an exception occurs during the verification process. +- */ +- public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) +- throws CMSException +- { +- return verifySignatures(verifierProvider, false); +- } +- +- /** +- * Verify all the SignerInformation objects and optionally their associated counter signatures attached +- * to this CMS SignedData object. +- * +- * @param verifierProvider a provider of SignerInformationVerifier objects. +- * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. +- * @return true if all verify, false otherwise. +- * @throws CMSException if an exception occurs during the verification process. +- */ +- public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) +- throws CMSException +- { +- Collection signers = this.getSignerInfos().getSigners(); +- +- for (Iterator it = signers.iterator(); it.hasNext();) +- { +- SignerInformation signer = (SignerInformation)it.next(); +- +- try +- { +- SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); +- +- if (!signer.verify(verifier)) +- { +- return false; +- } +- +- if (!ignoreCounterSignatures) +- { +- Collection counterSigners = signer.getCounterSignatures().getSigners(); +- +- for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) +- { +- SignerInformation counterSigner = (SignerInformation)cIt.next(); +- SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); +- +- if (!counterSigner.verify(counterVerifier)) +- { +- return false; +- } +- } +- } +- } +- catch (OperatorCreationException e) +- { +- throw new CMSException("failure in verifier provider: " + e.getMessage(), e); +- } +- } +- +- return true; +- } ++ // BEGIN android-removed ++ // /** ++ // * Verify all the SignerInformation objects and their associated counter signatures attached ++ // * to this CMS SignedData object. ++ // * ++ // * @param verifierProvider a provider of SignerInformationVerifier objects. ++ // * @return true if all verify, false otherwise. ++ // * @throws CMSException if an exception occurs during the verification process. ++ // */ ++ // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) ++ // throws CMSException ++ // { ++ // return verifySignatures(verifierProvider, false); ++ // } ++ // ++ // /** ++ // * Verify all the SignerInformation objects and optionally their associated counter signatures attached ++ // * to this CMS SignedData object. ++ // * ++ // * @param verifierProvider a provider of SignerInformationVerifier objects. ++ // * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. ++ // * @return true if all verify, false otherwise. ++ // * @throws CMSException if an exception occurs during the verification process. ++ // */ ++ // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) ++ // throws CMSException ++ // { ++ // Collection signers = this.getSignerInfos().getSigners(); ++ // ++ // for (Iterator it = signers.iterator(); it.hasNext();) ++ // { ++ // SignerInformation signer = (SignerInformation)it.next(); ++ // ++ // try ++ // { ++ // SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); ++ // ++ // if (!signer.verify(verifier)) ++ // { ++ // return false; ++ // } ++ // ++ // if (!ignoreCounterSignatures) ++ // { ++ // Collection counterSigners = signer.getCounterSignatures().getSigners(); ++ // ++ // for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) ++ // { ++ // SignerInformation counterSigner = (SignerInformation)cIt.next(); ++ // SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); ++ // ++ // if (!counterSigner.verify(counterVerifier)) ++ // { ++ // return false; ++ // } ++ // } ++ // } ++ // } ++ // catch (OperatorCreationException e) ++ // { ++ // throw new CMSException("failure in verifier provider: " + e.getMessage(), e); ++ // } ++ // } ++ // ++ // return true; ++ // } ++ // END android-removed + + /** + * Replace the SignerInformation store associated with this +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedGenerator.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedGenerator.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedGenerator.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedGenerator.java 2013-05-25 02:14:15.000000000 +0000 +@@ -23,8 +23,10 @@ import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; +-import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed ++// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -@@ -30,7 +32,9 @@ - import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import org.bouncycastle.asn1.x509.AttributeCertificate; - import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +@@ -35,7 +37,9 @@ + import org.bouncycastle.cert.X509AttributeCertificateHolder; + import org.bouncycastle.cert.X509CRLHolder; + import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; +// BEGIN android-removed +// import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; +// END android-removed + import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Store; import org.bouncycastle.x509.X509AttributeCertificate; - import org.bouncycastle.x509.X509Store; -@@ -43,25 +47,33 @@ +@@ -49,25 +53,33 @@ public static final String DATA = CMSObjectIdentifiers.data.getId(); public static final String DIGEST_SHA1 = OIWObjectIdentifiers.idSHA1.getId(); @@ -65,7 +544,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java private static final String ENCRYPTION_ECDSA_WITH_SHA256 = X9ObjectIdentifiers.ecdsa_with_SHA256.getId(); private static final String ENCRYPTION_ECDSA_WITH_SHA384 = X9ObjectIdentifiers.ecdsa_with_SHA384.getId(); private static final String ENCRYPTION_ECDSA_WITH_SHA512 = X9ObjectIdentifiers.ecdsa_with_SHA512.getId(); -@@ -74,13 +86,17 @@ +@@ -80,13 +92,17 @@ NO_PARAMS.add(ENCRYPTION_DSA); NO_PARAMS.add(ENCRYPTION_ECDSA); NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA1); @@ -85,7 +564,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java EC_ALGORITHMS.put(DIGEST_SHA256, ENCRYPTION_ECDSA_WITH_SHA256); EC_ALGORITHMS.put(DIGEST_SHA384, ENCRYPTION_ECDSA_WITH_SHA384); EC_ALGORITHMS.put(DIGEST_SHA512, ENCRYPTION_ECDSA_WITH_SHA512); -@@ -138,14 +154,16 @@ +@@ -144,14 +160,16 @@ throw new IllegalArgumentException("can't mix ECDSA with anything but SHA family digests"); } } @@ -110,21 +589,95 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java return encOID; } -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedHelper.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedHelper.java 2013-01-31 02:26:40.000000000 +0000 -@@ -23,7 +23,9 @@ +@@ -270,31 +288,33 @@ + certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore)); + } + +- /** +- * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. +- * +- * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. +- * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. +- */ +- public void addOtherRevocationInfo( +- ASN1ObjectIdentifier otherRevocationInfoFormat, +- ASN1Encodable otherRevocationInfo) +- { +- crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); +- } +- +- /** +- * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. +- * +- * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. +- * @param otherRevocationInfos a Store of otherRevocationInfo data to add. +- */ +- public void addOtherRevocationInfo( +- ASN1ObjectIdentifier otherRevocationInfoFormat, +- Store otherRevocationInfos) +- { +- crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); +- } ++ // BEGIN android-removed ++ // /** ++ // * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. ++ // * ++ // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. ++ // * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. ++ // */ ++ // public void addOtherRevocationInfo( ++ // ASN1ObjectIdentifier otherRevocationInfoFormat, ++ // ASN1Encodable otherRevocationInfo) ++ // { ++ // crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); ++ // } ++ // ++ // /** ++ // * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. ++ // * ++ // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. ++ // * @param otherRevocationInfos a Store of otherRevocationInfo data to add. ++ // */ ++ // public void addOtherRevocationInfo( ++ // ASN1ObjectIdentifier otherRevocationInfoFormat, ++ // Store otherRevocationInfos) ++ // { ++ // crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); ++ // } ++ // END android-removed + + /** + * Add the attribute certificates contained in the passed in store to the +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedHelper.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedHelper.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedHelper.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedHelper.java 2013-05-25 02:14:15.000000000 +0000 +@@ -19,8 +19,10 @@ import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; +-import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed ++// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.eac.EACObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -@@ -53,31 +55,43 @@ +@@ -35,8 +37,10 @@ + import org.bouncycastle.cert.X509AttributeCertificateHolder; + import org.bouncycastle.cert.X509CRLHolder; + import org.bouncycastle.cert.X509CertificateHolder; +-import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; +-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; ++// BEGIN android-removed ++// import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; ++// import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; ++// END android-removed + import org.bouncycastle.util.CollectionStore; + import org.bouncycastle.util.Store; + import org.bouncycastle.x509.NoSuchStoreException; +@@ -60,31 +64,43 @@ static { @@ -176,7 +729,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java bcp addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256", "ECDSA"); addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384", "ECDSA"); addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512", "ECDSA"); -@@ -90,30 +104,38 @@ +@@ -97,30 +113,38 @@ encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA"); encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA"); encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA"); @@ -232,9 +785,276 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java bcp digestAliases.put("SHA256", new String[] { "SHA-256" }); digestAliases.put("SHA384", new String[] { "SHA-384" }); digestAliases.put("SHA512", new String[] { "SHA-512" }); -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2012-09-17 23:04:47.000000000 +0000 +@@ -190,65 +214,67 @@ + } + } + +- X509Store createCertificateStore( +- String type, +- Provider provider, +- Store certStore) +- throws NoSuchStoreException, CMSException +- { +- try +- { +- JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); +- Collection certHldrs = certStore.getMatches(null); +- List certs = new ArrayList(certHldrs.size()); +- +- for (Iterator it = certHldrs.iterator(); it.hasNext();) +- { +- certs.add(converter.getCertificate((X509CertificateHolder)it.next())); +- } +- +- return X509Store.getInstance( +- "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); +- } +- catch (IllegalArgumentException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- catch (CertificateException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- } +- +- X509Store createCRLsStore( +- String type, +- Provider provider, +- Store crlStore) +- throws NoSuchStoreException, CMSException +- { +- try +- { +- JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); +- Collection crlHldrs = crlStore.getMatches(null); +- List crls = new ArrayList(crlHldrs.size()); +- +- for (Iterator it = crlHldrs.iterator(); it.hasNext();) +- { +- crls.add(converter.getCRL((X509CRLHolder)it.next())); +- } +- +- return X509Store.getInstance( +- "CRL/" +type, new X509CollectionStoreParameters(crls), provider); +- } +- catch (IllegalArgumentException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- catch (CRLException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- } ++ // BEGIN android-removed ++ // X509Store createCertificateStore( ++ // String type, ++ // Provider provider, ++ // Store certStore) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // try ++ // { ++ // JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); ++ // Collection certHldrs = certStore.getMatches(null); ++ // List certs = new ArrayList(certHldrs.size()); ++ // ++ // for (Iterator it = certHldrs.iterator(); it.hasNext();) ++ // { ++ // certs.add(converter.getCertificate((X509CertificateHolder)it.next())); ++ // } ++ // ++ // return X509Store.getInstance( ++ // "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); ++ // } ++ // catch (IllegalArgumentException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // catch (CertificateException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // } ++ // ++ // X509Store createCRLsStore( ++ // String type, ++ // Provider provider, ++ // Store crlStore) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // try ++ // { ++ // JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); ++ // Collection crlHldrs = crlStore.getMatches(null); ++ // List crls = new ArrayList(crlHldrs.size()); ++ // ++ // for (Iterator it = crlHldrs.iterator(); it.hasNext();) ++ // { ++ // crls.add(converter.getCRL((X509CRLHolder)it.next())); ++ // } ++ // ++ // return X509Store.getInstance( ++ // "CRL/" +type, new X509CollectionStoreParameters(crls), provider); ++ // } ++ // catch (IllegalArgumentException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // catch (CRLException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // } ++ // END android-removed + + AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) + { +@@ -336,35 +362,35 @@ + return new CollectionStore(new ArrayList()); + } + +- Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) +- { +- if (crlSet != null) +- { +- List crlList = new ArrayList(crlSet.size()); +- +- for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) +- { +- ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); +- +- if (obj instanceof ASN1TaggedObject) +- { +- ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); +- +- if (tObj.getTagNo() == 1) +- { +- OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); +- +- if (otherRevocationInfoFormat.equals(other.getInfoFormat())) +- { +- crlList.add(other.getInfo()); +- } +- } +- } +- } +- +- return new CollectionStore(crlList); +- } +- +- return new CollectionStore(new ArrayList()); +- } ++ // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) ++ // { ++ // if (crlSet != null) ++ // { ++ // List crlList = new ArrayList(crlSet.size()); ++ // ++ // for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) ++ // { ++ // ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); ++ // ++ // if (obj instanceof ASN1TaggedObject) ++ // { ++ // ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); ++ // ++ // if (tObj.getTagNo() == 1) ++ // { ++ // OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); ++ // ++ // if (otherRevocationInfoFormat.equals(other.getInfoFormat())) ++ // { ++ // crlList.add(other.getInfo()); ++ // } ++ // } ++ // } ++ // } ++ // ++ // return new CollectionStore(crlList); ++ // } ++ // ++ // return new CollectionStore(new ArrayList()); ++ // } + } +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSUtils.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSUtils.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSUtils.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSUtils.java 2013-05-25 02:14:15.000000000 +0000 +@@ -30,9 +30,11 @@ + import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; + import org.bouncycastle.asn1.cms.ContentInfo; + import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +-import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +-import org.bouncycastle.asn1.ocsp.OCSPResponse; +-import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; ++// import org.bouncycastle.asn1.ocsp.OCSPResponse; ++// import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; ++// END android-removed + import org.bouncycastle.asn1.x509.Certificate; + import org.bouncycastle.asn1.x509.CertificateList; + import org.bouncycastle.asn1.x509.TBSCertificate; +@@ -189,29 +191,31 @@ + } + } + +- static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) +- { +- List others = new ArrayList(); +- +- for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) +- { +- ASN1Encodable info = (ASN1Encodable)it.next(); +- +- if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) +- { +- OCSPResponse resp = OCSPResponse.getInstance(info); +- +- if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) +- { +- throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); +- } +- } +- +- others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); +- } +- +- return others; +- } ++ // BEGIN android-removed ++ // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) ++ // { ++ // List others = new ArrayList(); ++ // ++ // for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) ++ // { ++ // ASN1Encodable info = (ASN1Encodable)it.next(); ++ // ++ // if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) ++ // { ++ // OCSPResponse resp = OCSPResponse.getInstance(info); ++ // ++ // if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) ++ // { ++ // throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); ++ // } ++ // } ++ // ++ // others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); ++ // } ++ // ++ // return others; ++ // } ++ // END android-removed + + static ASN1Set createBerSetFromList(List derObjects) + { +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2012-09-17 23:04:47.000000000 +0000 @@ -4,7 +4,9 @@ import java.util.Map; @@ -346,9 +1166,9 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgor } /** -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2012-09-17 23:04:47.000000000 +0000 @@ -16,21 +16,29 @@ static @@ -387,9 +1207,9 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureEncry } public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm) -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 @@ -5,7 +5,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; @@ -494,9 +1314,9 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultDigestAlgori } public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId) -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 @@ -9,7 +9,9 @@ import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; @@ -696,11 +1516,12 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultSignatureAlg } private static AlgorithmIdentifier generate(String signatureAlgorithm) -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java bcpkix-jdk15on-148/org/bouncycastle/operator/bc/BcUtil.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/bc/BcUtil.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1,21 +1,29 @@ - package org.bouncycastle.operator.bc; +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java bcpkix-jdk15on-149/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java 2013-05-25 02:14:15.000000000 +0000 +@@ -4,22 +4,30 @@ + import java.util.HashMap; + import java.util.Map; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed @@ -711,7 +1532,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java bcpk import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.digests.GOST3411Digest; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD4Digest; @@ -737,83 +1558,125 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java bcpk import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.digests.SHA384Digest; import org.bouncycastle.crypto.digests.SHA512Digest; -@@ -32,10 +40,12 @@ - { - dig = new SHA1Digest(); - } -- else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224)) +@@ -41,13 +49,15 @@ + return new SHA1Digest(); + } + }); +- table.put(NISTObjectIdentifiers.id_sha224, new BcDigestProvider() - { -- dig = new SHA224Digest(); -- } +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new SHA224Digest(); +- } +- }); + // BEGIN android-removed -+ // else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224)) ++ // table.put(NISTObjectIdentifiers.id_sha224, new BcDigestProvider() + // { -+ // dig = new SHA224Digest(); -+ // } ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new SHA224Digest(); ++ // } ++ // }); + // END android-removed - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256)) + table.put(NISTObjectIdentifiers.id_sha256, new BcDigestProvider() { - dig = new SHA256Digest(); -@@ -52,30 +62,32 @@ - { - dig = new MD5Digest(); - } -- else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md4)) + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +@@ -76,48 +86,50 @@ + return new MD5Digest(); + } + }); +- table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider() - { -- dig = new MD4Digest(); -- } -- else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md2)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new MD4Digest(); +- } +- }); +- table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider() - { -- dig = new MD2Digest(); -- } -- else if (digAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new MD2Digest(); +- } +- }); +- table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider() - { -- dig = new GOST3411Digest(); -- } -- else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd128)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new GOST3411Digest(); +- } +- }); +- table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider() - { -- dig = new RIPEMD128Digest(); -- } -- else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd160)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new RIPEMD128Digest(); +- } +- }); +- table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider() - { -- dig = new RIPEMD160Digest(); -- } -- else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd256)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new RIPEMD160Digest(); +- } +- }); +- table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider() - { -- dig = new RIPEMD256Digest(); -- } +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new RIPEMD256Digest(); +- } +- }); + // BEGIN android-removed -+ // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md4)) ++ // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider() + // { -+ // dig = new MD4Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md2)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new MD4Digest(); ++ // } ++ // }); ++ // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider() + // { -+ // dig = new MD2Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new MD2Digest(); ++ // } ++ // }); ++ // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider() + // { -+ // dig = new GOST3411Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd128)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new GOST3411Digest(); ++ // } ++ // }); ++ // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider() + // { -+ // dig = new RIPEMD128Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd160)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new RIPEMD128Digest(); ++ // } ++ // }); ++ // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider() + // { -+ // dig = new RIPEMD160Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd256)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new RIPEMD160Digest(); ++ // } ++ // }); ++ // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider() + // { -+ // dig = new RIPEMD256Digest(); -+ // } ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new RIPEMD256Digest(); ++ // } ++ // }); + // END android-removed - else - { - throw new OperatorCreationException("cannot recognise digest"); -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java bcpkix-jdk15on-148/org/bouncycastle/operator/jcajce/OperatorHelper.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-01-31 02:26:40.000000000 +0000 + + return Collections.unmodifiableMap(table); + } +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java bcpkix-jdk15on-149/org/bouncycastle/operator/jcajce/OperatorHelper.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-01-31 02:26:40.000000000 +0000 @@ -20,7 +20,9 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 0384dbb..e6e7f40 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -1,6 +1,6 @@ -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-148/org/bouncycastle/asn1/ASN1Null.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/ASN1Null.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-149/org/bouncycastle/asn1/ASN1Null.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/ASN1Null.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/ASN1Null.java 2013-01-31 02:26:40.000000000 +0000 @@ -11,9 +11,11 @@ /** * @deprecated use DERNull.INSTANCE @@ -14,9 +14,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jd public static ASN1Null getInstance(Object o) { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERBoolean.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERBoolean.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERBoolean.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERBoolean.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERBoolean.java 2013-05-25 02:14:15.000000000 +0000 @@ -10,7 +10,9 @@ private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff }; private static final byte[] FALSE_VALUE = new byte[] { 0 }; @@ -69,9 +69,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java bcprov- { this.value = (value) ? TRUE_VALUE : FALSE_VALUE; } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERNull.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERNull.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERNull.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERNull.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERNull.java 2013-01-31 02:26:40.000000000 +0000 @@ -15,7 +15,9 @@ /** * @deprecated use DERNull.INSTANCE @@ -83,9 +83,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk { } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERObjectIdentifier.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERObjectIdentifier.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-05-25 02:14:15.000000000 +0000 @@ -144,7 +144,13 @@ } } @@ -101,7 +101,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.jav this.body = Arrays.clone(bytes); } -@@ -156,7 +162,13 @@ +@@ -160,7 +166,13 @@ throw new IllegalArgumentException("string " + identifier + " not an OID"); } @@ -115,10 +115,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.jav + // END android-changed } - public String getId() -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERPrintableString.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERPrintableString.java 2012-09-17 23:04:47.000000000 +0000 + DERObjectIdentifier(DERObjectIdentifier oid, String branchID) +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERPrintableString.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERPrintableString.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERPrintableString.java 2013-01-31 02:26:40.000000000 +0000 @@ -12,7 +12,9 @@ extends ASN1Primitive implements ASN1String @@ -130,31 +130,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java /** * return a printable string from the passed in object. -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERT61String.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERT61String.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERT61String.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERT61String.java 2013-01-31 02:26:40.000000000 +0000 -@@ -82,12 +82,16 @@ - public DERT61String( - String string) - { -- this.string = Strings.toUTF8ByteArray(string); -+ // BEGIN android-changed -+ this.string = Strings.toByteArray(string); -+ // END android-changed - } - - public String getString() - { -- return Strings.fromUTF8ByteArray(string); -+ // BEGIN android-changed -+ return Strings.fromByteArray(string); -+ // END android-changed - } - - public String toString() -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-148/org/bouncycastle/asn1/cms/ContentInfo.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/cms/ContentInfo.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-149/org/bouncycastle/asn1/cms/ContentInfo.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/cms/ContentInfo.java 2013-05-25 02:14:15.000000000 +0000 @@ -12,7 +12,9 @@ public class ContentInfo @@ -166,9 +144,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java bc { private ASN1ObjectIdentifier contentType; private ASN1Encodable content; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-148/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-149/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-01-31 02:26:40.000000000 +0000 @@ -10,8 +10,10 @@ // static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1"); @@ -224,9 +202,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifi static final ASN1ObjectIdentifier id_hmacWithSHA256 = digestAlgorithm.branch("9"); static final ASN1ObjectIdentifier id_hmacWithSHA384 = digestAlgorithm.branch("10"); static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11"); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-05-25 02:14:15.000000000 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -260,9 +238,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdenti byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-01-31 02:26:40.000000000 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEROctetString; @@ -285,9 +263,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifi byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509Name.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509Name.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509Name.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509Name.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509Name.java 2013-05-25 02:14:15.000000000 +0000 @@ -255,8 +255,10 @@ */ public static final Hashtable SymbolLookUp = DefaultLookUp; @@ -301,7 +279,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcpr static { -@@ -445,7 +447,9 @@ +@@ -446,7 +448,9 @@ throw new IllegalArgumentException("cannot encode value"); } } @@ -312,10 +290,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcpr } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509NameTokenizer.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-09-17 23:04:47.000000000 +0000 -@@ -96,6 +96,17 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509NameTokenizer.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-05-25 02:14:15.000000000 +0000 +@@ -78,6 +78,17 @@ } else { @@ -333,10 +311,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer. buf.append(c); } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2012-09-28 17:07:22.000000000 +0000 -@@ -0,0 +1,80 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2013-05-01 01:48:41.000000000 +0000 +@@ -0,0 +1,83 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * @@ -373,15 +351,18 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + try { + factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); + // Double check for NativeCrypto in case we are running on RI for testing -+ Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); ++ Class.forName("com.android.org.conscrypt.NativeCrypto"); + } catch (ClassNotFoundException e1) { + try { + factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); + } catch (ClassNotFoundException e2) { -+ throw new AssertionError("Failed to load AndroidDigestFactoryInterface " ++ AssertionError e = new AssertionError("Failed to load " ++ + "AndroidDigestFactoryInterface " + + "implementation. Looked for " + + OpenSSLFactoryClassName + " and " + + BouncyCastleFactoryClassName); ++ e.initCause(e1); ++ throw e; + } + } + if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { @@ -417,9 +398,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + return FACTORY.getSHA512(); + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 2012-09-17 23:04:47.000000000 +0000 @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -458,9 +439,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + return new SHA512Digest(); + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 2012-09-17 23:04:47.000000000 +0000 @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -489,9 +470,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + public Digest getSHA384(); + public Digest getSHA512(); +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 2012-09-17 23:04:47.000000000 +0000 @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -530,9 +511,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + return new OpenSSLDigest.SHA512(); + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/OpenSSLDigest.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2013-02-28 01:42:11.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/OpenSSLDigest.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2013-04-24 05:37:59.000000000 +0000 @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2008 The Android Open Source Project @@ -552,7 +533,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest + +package org.bouncycastle.crypto.digests; + -+import org.apache.harmony.xnet.provider.jsse.NativeCrypto; ++import com.android.org.conscrypt.NativeCrypto; +import org.bouncycastle.crypto.ExtendedDigest; + +/** @@ -693,10 +674,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest + public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); } + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/OAEPEncoding.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2012-09-17 23:04:47.000000000 +0000 -@@ -4,7 +4,9 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/OAEPEncoding.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-05-25 02:14:15.000000000 +0000 +@@ -6,7 +6,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; @@ -706,8 +687,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncodin +// END android-changed import org.bouncycastle.crypto.params.ParametersWithRandom; - import java.security.SecureRandom; -@@ -26,7 +28,9 @@ + /** +@@ -25,7 +27,9 @@ public OAEPEncoding( AsymmetricBlockCipher cipher) { @@ -718,9 +699,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncodin } public OAEPEncoding( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/PKCS1Encoding.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/PKCS1Encoding.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-01-31 02:26:40.000000000 +0000 @@ -216,6 +216,12 @@ throw new InvalidCipherTextException("unknown block type"); } @@ -734,57 +715,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encodi if (useStrictLength && block.length != engine.getOutputBlockSize()) { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/AESFastEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/AESFastEngine.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/AESFastEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/AESFastEngine.java 2012-09-17 23:04:47.000000000 +0000 -@@ -3,6 +3,9 @@ - import org.bouncycastle.crypto.BlockCipher; - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.DataLengthException; -+// BEGIN android-added -+import org.bouncycastle.crypto.OutputLengthException; -+// END android-added - import org.bouncycastle.crypto.params.KeyParameter; - - /** -@@ -723,7 +726,9 @@ - - if ((outOff + (32 / 2)) > out.length) - { -- throw new DataLengthException("output buffer too short"); -+ // BEGIN android-changed -+ throw new OutputLengthException("output buffer too short"); -+ // END android-changed - } - - if (forEncryption) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeEngine.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeEngine.java 2012-09-17 23:04:47.000000000 +0000 -@@ -2,6 +2,9 @@ - - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.DataLengthException; -+// BEGIN android-added -+import org.bouncycastle.crypto.OutputLengthException; -+// END android-added - import org.bouncycastle.crypto.params.KeyParameter; - - /** -@@ -99,7 +102,9 @@ - - if ((outOff + BLOCK_SIZE) > out.length) - { -- throw new DataLengthException("output buffer too short"); -+ // BEGIN android-changed -+ throw new OutputLengthException("output buffer too short"); -+ // END android-changed - } - - byte[] temp = new byte[BLOCK_SIZE]; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeWrapEngine.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-149/org/bouncycastle/crypto/engines/DESedeWrapEngine.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2012-09-17 23:04:47.000000000 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; @@ -807,9 +740,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeWrapEng byte[] digest = new byte[20]; /** -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DHParametersHelper.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DHParametersHelper.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-09-17 23:04:47.000000000 +0000 @@ -3,10 +3,17 @@ import java.math.BigInteger; import java.security.SecureRandom; @@ -860,46 +793,45 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DHParamete return new BigInteger[] { p, q }; } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DSAParametersGenerator.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1,8 +1,9 @@ - package org.bouncycastle.crypto.generators; +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2013-05-25 02:14:15.000000000 +0000 +@@ -4,7 +4,9 @@ + import java.security.SecureRandom; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed + import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAValidationParameters; - import org.bouncycastle.util.Arrays; -@@ -75,7 +76,9 @@ - byte[] part1 = new byte[20]; - byte[] part2 = new byte[20]; - byte[] u = new byte[20]; -- SHA1Digest sha1 = new SHA1Digest(); +@@ -31,7 +33,9 @@ + + public DSAParametersGenerator() + { +- this(new SHA1Digest()); + // BEGIN android-changed -+ Digest sha1 = AndroidDigestFactory.getSHA1(); ++ this(AndroidDigestFactory.getSHA1()); + // END android-changed + } + + public DSAParametersGenerator(Digest digest) +@@ -122,7 +126,9 @@ int n = (L - 1) / 160; byte[] w = new byte[L / 8]; -@@ -166,7 +169,9 @@ - { - // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function - // FIXME This should be configurable (digest size in bits must be >= N) -- Digest d = new SHA256Digest(); +- if (!(digest instanceof SHA1Digest)) + // BEGIN android-changed -+ Digest d = AndroidDigestFactory.getSHA256(); ++ if (!(digest.getAlgorithmName().equals("SHA-1"))) + // END android-changed - int outlen = d.getDigestSize() * 8; - - // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 + { + throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters"); + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 @@ -3,7 +3,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -922,9 +854,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/OpenSSLPBE /** * Construct a OpenSSL Parameters generator. -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-05-25 02:14:15.000000000 +0000 @@ -4,7 +4,9 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Mac; @@ -936,21 +868,21 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/PKCS5S2Par import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; -@@ -27,7 +29,9 @@ +@@ -28,7 +30,9 @@ */ public PKCS5S2ParametersGenerator() { -- this(new SHA1Digest()); +- this(new SHA1Digest()); + // BEGIN android-changed -+ this(AndroidDigestFactory.getSHA1()); ++ this(AndroidDigestFactory.getSHA1()); + // END android-changed } public PKCS5S2ParametersGenerator(Digest digest) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-148/org/bouncycastle/crypto/macs/HMac.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/macs/HMac.java 2012-09-17 23:04:47.000000000 +0000 -@@ -33,23 +33,31 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-149/org/bouncycastle/crypto/macs/HMac.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/macs/HMac.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/macs/HMac.java 2013-05-25 02:14:15.000000000 +0000 +@@ -36,23 +36,31 @@ { blockLengths = new Hashtable(); @@ -991,9 +923,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java bcprov } private static int getByteLength( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-148/org/bouncycastle/crypto/signers/RSADigestSigner.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-149/org/bouncycastle/crypto/signers/RSADigestSigner.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-09-17 23:04:47.000000000 +0000 @@ -39,18 +39,24 @@ */ static @@ -1025,9 +957,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/signers/RSADigestSign oidMap.put("MD5", PKCSObjectIdentifiers.md5); } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/util/PrivateKeyFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/util/PrivateKeyFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 @@ -11,7 +11,9 @@ import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; @@ -1105,9 +1037,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactor } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/util/PublicKeyFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/util/PublicKeyFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 @@ -13,13 +13,17 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; @@ -1183,10 +1115,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DH.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2012-09-17 23:04:47.000000000 +0000 -@@ -32,11 +32,13 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DH.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-05-25 02:14:15.000000000 +0000 +@@ -32,10 +32,12 @@ provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi"); @@ -1194,20 +1126,18 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/D - provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); - provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); - provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); -- provider.addAlgorithm("KeyPairGenerator.IES", PREFIX + "KeyPairGeneratorSpi"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES"); + // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); + // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); + // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); -+ // provider.addAlgorithm("KeyPairGenerator.IES", PREFIX + "KeyPairGeneratorSpi"); + // END android-removed } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DSA.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DSA.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-01-31 02:26:40.000000000 +0000 @@ -27,33 +27,43 @@ provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); @@ -1269,9 +1199,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/D registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact); registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA"); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/EC.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/EC.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-05-25 02:14:15.000000000 +0000 @@ -1,7 +1,9 @@ package org.bouncycastle.jcajce.provider.asymmetric; @@ -1359,7 +1289,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/E provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA"); provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone"); -@@ -65,23 +77,29 @@ +@@ -65,25 +77,31 @@ provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); @@ -1387,6 +1317,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/E - addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); - addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); - addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); +- addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); +- addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); + // BEGIN android-removed + // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); + // @@ -1399,13 +1331,15 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/E + // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); + // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); + // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); ++ // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); ++ // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); + // END android-removed } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/RSA.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2012-11-01 05:41:05.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/RSA.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-01-31 02:26:40.000000000 +0000 @@ -3,7 +3,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; @@ -1687,9 +1621,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/R } private void addDigestSignature( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/X509.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/X509.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-09-17 23:04:47.000000000 +0000 @@ -18,8 +18,10 @@ public void configure(ConfigurableProvider provider) @@ -1703,9 +1637,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/X // // certificate factories. -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2013-05-25 02:14:15.000000000 +0000 @@ -23,11 +23,16 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; @@ -1728,7 +1662,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/d import org.bouncycastle.crypto.params.ParametersWithRandom; public class DSASigner -@@ -228,45 +233,49 @@ +@@ -216,45 +221,49 @@ { public stdDSA() { @@ -1814,9 +1748,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/d static public class noneDSA extends DSASigner -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-05-25 02:14:15.000000000 +0000 @@ -19,8 +19,10 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; @@ -1830,7 +1764,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -@@ -222,21 +224,23 @@ +@@ -224,21 +226,23 @@ ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); @@ -1869,7 +1803,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); -@@ -350,11 +354,13 @@ +@@ -352,11 +356,13 @@ try { @@ -1888,98 +1822,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2012-10-12 07:52:09.000000000 +0000 -@@ -5,11 +5,15 @@ - import java.security.PublicKey; - - import org.bouncycastle.asn1.ASN1ObjectIdentifier; --import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// END android-removed - import org.bouncycastle.asn1.nist.NISTNamedCurves; - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; - import org.bouncycastle.asn1.sec.SECNamedCurves; --import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// END android-removed - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - import org.bouncycastle.asn1.x9.X962NamedCurves; - import org.bouncycastle.asn1.x9.X9ECParameters; -@@ -224,14 +228,16 @@ - { - oid = NISTNamedCurves.getOID(name); - } -- if (oid == null) -- { -- oid = TeleTrusTNamedCurves.getOID(name); -- } -- if (oid == null) -- { -- oid = ECGOST3410NamedCurves.getOID(name); -- } -+ // BEGIN android-removed -+ // if (oid == null) -+ // { -+ // oid = TeleTrusTNamedCurves.getOID(name); -+ // } -+ // if (oid == null) -+ // { -+ // oid = ECGOST3410NamedCurves.getOID(name); -+ // } -+ // END android-removed - } - - return oid; -@@ -249,10 +255,12 @@ - { - params = NISTNamedCurves.getByOID(oid); - } -- if (params == null) -- { -- params = TeleTrusTNamedCurves.getByOID(oid); -- } -+ // BEGIN android-removed -+ // if (params == null) -+ // { -+ // params = TeleTrusTNamedCurves.getByOID(oid); -+ // } -+ // END android-removed - } - - return params; -@@ -270,14 +278,16 @@ - { - name = NISTNamedCurves.getName(oid); - } -- if (name == null) -- { -- name = TeleTrusTNamedCurves.getName(oid); -- } -- if (name == null) -- { -- name = ECGOST3410NamedCurves.getName(oid); -- } -+ // BEGIN android-removed -+ // if (name == null) -+ // { -+ // name = TeleTrusTNamedCurves.getName(oid); -+ // } -+ // if (name == null) -+ // { -+ // name = ECGOST3410NamedCurves.getName(oid); -+ // } -+ // END android-removed - } - - return name; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-03-19 19:26:57.000000000 +0000 -@@ -23,20 +23,26 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-05-25 02:14:15.000000000 +0000 +@@ -23,21 +23,27 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DerivationFunction; import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; @@ -2003,6 +1849,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e +// import org.bouncycastle.crypto.params.MQVPrivateParameters; +// import org.bouncycastle.crypto.params.MQVPublicParameters; +// END android-removed + import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.MQVPrivateKey; @@ -2014,7 +1861,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e import org.bouncycastle.util.Integers; /** -@@ -70,7 +76,9 @@ +@@ -71,7 +77,9 @@ private BigInteger result; private ECDomainParameters parameters; private BasicAgreement agreement; @@ -2025,7 +1872,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e private byte[] bigIntToBytes( BigInteger r) -@@ -85,7 +93,9 @@ +@@ -86,7 +94,9 @@ { this.kaAlgorithm = kaAlgorithm; this.agreement = agreement; @@ -2036,7 +1883,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } protected Key engineDoPhase( -@@ -104,25 +114,27 @@ +@@ -105,25 +115,27 @@ } CipherParameters pubKey; @@ -2083,7 +1930,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { if (!(key instanceof PublicKey)) { -@@ -143,11 +155,13 @@ +@@ -144,11 +156,13 @@ protected byte[] engineGenerateSecret() throws IllegalStateException { @@ -2102,7 +1949,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e return bigIntToBytes(result); } -@@ -175,23 +189,25 @@ +@@ -176,23 +190,25 @@ { byte[] secret = bigIntToBytes(result); @@ -2145,7 +1992,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { // TODO Should we be ensuring the key is the right length? } -@@ -205,6 +221,12 @@ +@@ -206,6 +222,12 @@ SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { @@ -2158,7 +2005,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e initFromKey(key); } -@@ -219,35 +241,37 @@ +@@ -220,35 +242,37 @@ private void initFromKey(Key key) throws InvalidKeyException { @@ -2225,7 +2072,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { if (!(key instanceof PrivateKey)) { -@@ -278,39 +302,41 @@ +@@ -279,39 +303,41 @@ } } @@ -2302,10 +2149,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e + // } + // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2012-09-17 23:04:47.000000000 +0000 -@@ -200,14 +200,16 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-05-25 02:14:15.000000000 +0000 +@@ -201,14 +201,16 @@ } } @@ -2330,9 +2177,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e public static class ECDH extends KeyFactorySpi -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-05-25 02:14:15.000000000 +0000 @@ -12,7 +12,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; @@ -2344,7 +2191,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e import org.bouncycastle.asn1.x9.X962NamedCurves; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -@@ -86,7 +88,13 @@ +@@ -87,7 +89,13 @@ SecureRandom random) { this.strength = strength; @@ -2358,7 +2205,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength)); if (ecParams != null) -@@ -111,6 +119,11 @@ +@@ -112,6 +120,11 @@ SecureRandom random) throws InvalidAlgorithmParameterException { @@ -2370,7 +2217,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e if (params instanceof ECParameterSpec) { ECParameterSpec p = (ECParameterSpec)params; -@@ -155,10 +168,12 @@ +@@ -156,10 +169,12 @@ { ecP = NISTNamedCurves.getByName(curveName); } @@ -2387,7 +2234,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e if (ecP == null) { // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) -@@ -174,10 +189,12 @@ +@@ -175,10 +190,12 @@ { ecP = NISTNamedCurves.getByOID(oid); } @@ -2404,9 +2251,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e if (ecP == null) { throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2012-10-12 07:52:09.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-05-25 02:14:15.000000000 +0000 @@ -16,15 +16,22 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; @@ -2436,8 +2283,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e +// END android-removed import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; - -@@ -68,7 +75,9 @@ + import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; +@@ -69,7 +76,9 @@ { public ecDSA() { @@ -2448,7 +2295,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } } -@@ -81,21 +90,25 @@ +@@ -82,21 +91,25 @@ } } @@ -2483,7 +2330,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } } -@@ -104,7 +117,9 @@ +@@ -105,7 +118,9 @@ { public ecDSA384() { @@ -2494,7 +2341,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } } -@@ -113,90 +128,94 @@ +@@ -114,108 +129,112 @@ { public ecDSA512() { @@ -2582,6 +2429,24 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e - super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); - } - } +- +- static public class ecCVCDSA384 +- extends SignatureSpi +- { +- public ecCVCDSA384() +- { +- super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder()); +- } +- } +- +- static public class ecCVCDSA512 +- extends SignatureSpi +- { +- public ecCVCDSA512() +- { +- super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder()); +- } +- } + // BEGIN android-changed + super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed @@ -2669,20 +2534,38 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e + // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } ++ // ++ // static public class ecCVCDSA384 ++ // extends SignatureSpi ++ // { ++ // public ecCVCDSA384() ++ // { ++ // super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecCVCDSA512 ++ // extends SignatureSpi ++ // { ++ // public ecCVCDSA512() ++ // { ++ // super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder()); ++ // } ++ // } + // END android-removed private static class StdDSAEncoder implements DSAEncoder -@@ -290,4 +309,4 @@ +@@ -309,4 +328,4 @@ return sig; } } -} \ No newline at end of file +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-01-31 02:26:40.000000000 +0000 @@ -26,7 +26,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -2823,9 +2706,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/r + // } + // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2012-09-17 23:04:47.000000000 +0000 @@ -17,24 +17,31 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; @@ -3057,9 +2940,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/r + // } + // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2012-09-17 23:04:47.000000000 +0000 @@ -18,8 +18,10 @@ import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; @@ -3086,23 +2969,97 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/u }; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java 2013-02-21 00:01:31.000000000 +0000 -@@ -334,7 +334,9 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java 2013-05-25 02:14:15.000000000 +0000 +@@ -5,11 +5,15 @@ + import java.security.PublicKey; - public Iterator engineGetCertPathEncodings() - { -- return null; // TODO: PKIXCertPath.certPathEncodings.iterator(); -+ // BEGIN android-changed -+ return PKIXCertPath.certPathEncodings.iterator(); -+ // END android-changed - } + import org.bouncycastle.asn1.ASN1ObjectIdentifier; +-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// END android-removed + import org.bouncycastle.asn1.nist.NISTNamedCurves; + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; + import org.bouncycastle.asn1.sec.SECNamedCurves; +-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// END android-removed + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x9.X962NamedCurves; + import org.bouncycastle.asn1.x9.X9ECParameters; +@@ -225,14 +229,16 @@ + { + oid = NISTNamedCurves.getOID(name); + } +- if (oid == null) +- { +- oid = TeleTrusTNamedCurves.getOID(name); +- } +- if (oid == null) +- { +- oid = ECGOST3410NamedCurves.getOID(name); +- } ++ // BEGIN android-removed ++ // if (oid == null) ++ // { ++ // oid = TeleTrusTNamedCurves.getOID(name); ++ // } ++ // if (oid == null) ++ // { ++ // oid = ECGOST3410NamedCurves.getOID(name); ++ // } ++ // END android-removed + } + + return oid; +@@ -250,10 +256,12 @@ + { + params = NISTNamedCurves.getByOID(oid); + } +- if (params == null) +- { +- params = TeleTrusTNamedCurves.getByOID(oid); +- } ++ // BEGIN android-removed ++ // if (params == null) ++ // { ++ // params = TeleTrusTNamedCurves.getByOID(oid); ++ // } ++ // END android-removed + } + + return params; +@@ -271,14 +279,16 @@ + { + name = NISTNamedCurves.getName(oid); + } +- if (name == null) +- { +- name = TeleTrusTNamedCurves.getName(oid); +- } +- if (name == null) +- { +- name = ECGOST3410NamedCurves.getName(oid); +- } ++ // BEGIN android-removed ++ // if (name == null) ++ // { ++ // name = TeleTrusTNamedCurves.getName(oid); ++ // } ++ // if (name == null) ++ // { ++ // name = ECGOST3410NamedCurves.getName(oid); ++ // } ++ // END android-removed + } - public CertPath engineGenerateCertPath( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-02-21 00:01:31.000000000 +0000 + return name; +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-02-21 00:01:31.000000000 +0000 @@ -36,7 +36,9 @@ import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -3176,10 +3133,571 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x else { throw new CertificateEncodingException("unsupported encoding: " + encoding); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/AES.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/AES.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1,31 +1,43 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java 2013-05-25 02:14:15.000000000 +0000 +@@ -57,6 +57,9 @@ + import org.bouncycastle.asn1.x509.Extensions; + import org.bouncycastle.asn1.x509.GeneralName; + import org.bouncycastle.asn1.x509.KeyUsage; ++// BEGIN android-added ++import org.bouncycastle.asn1.x509.X509Name; ++// END android-added + import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; + import org.bouncycastle.jce.X509Principal; + import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +@@ -564,12 +567,20 @@ + } + } + ++ // BEGIN android-changed ++ private byte[] encoded; ++ // END android-changed + public byte[] getEncoded() + throws CertificateEncodingException + { + try + { +- return c.getEncoded(ASN1Encoding.DER); ++ // BEGIN android-changed ++ if (encoded == null) { ++ encoded = c.getEncoded(ASN1Encoding.DER); ++ } ++ return encoded; ++ // END android-changed + } + catch (IOException e) + { +@@ -860,7 +871,9 @@ + list.add(genName.getEncoded()); + break; + case GeneralName.directoryName: +- list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString()); ++ // BEGIN android-changed ++ list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); ++ // END android-changed + break; + case GeneralName.dNSName: + case GeneralName.rfc822Name: +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java 2013-05-25 02:14:15.000000000 +0000 +@@ -14,12 +14,16 @@ + import org.bouncycastle.asn1.ASN1Sequence; + import org.bouncycastle.asn1.DERNull; + import org.bouncycastle.asn1.DERObjectIdentifier; +-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + +@@ -114,22 +118,24 @@ + { + return "SHA512"; + } +- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) +- { +- return "RIPEMD128"; +- } +- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) +- { +- return "RIPEMD160"; +- } +- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) +- { +- return "RIPEMD256"; +- } +- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) +- { +- return "GOST3411"; +- } ++ // BEGIN android-removed ++ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD128"; ++ // } ++ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD160"; ++ // } ++ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD256"; ++ // } ++ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) ++ // { ++ // return "GOST3411"; ++ // } ++ // END android-removed + else + { + return digestAlgOID.getId(); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA256.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA256.java 2013-05-25 02:14:15.000000000 +0000 +@@ -45,17 +45,19 @@ + } + } + +- /** +- * PBEWithHmacSHA +- */ +- public static class PBEWithMacKeyFactory +- extends PBESecretKeyFactory +- { +- public PBEWithMacKeyFactory() +- { +- super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * PBEWithHmacSHA ++ // */ ++ // public static class PBEWithMacKeyFactory ++ // extends PBESecretKeyFactory ++ // { ++ // public PBEWithMacKeyFactory() ++ // { ++ // super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); ++ // } ++ // } ++ // END android-removed + + /** + * HMACSHA256 +@@ -84,9 +86,11 @@ + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); + +- provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); ++ // END android-removed + + addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA384.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA384.java 2013-05-25 02:14:15.000000000 +0000 +@@ -5,7 +5,9 @@ + import org.bouncycastle.crypto.CipherKeyGenerator; + import org.bouncycastle.crypto.digests.SHA384Digest; + import org.bouncycastle.crypto.macs.HMac; +-import org.bouncycastle.crypto.macs.OldHMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.OldHMac; ++// END android-removed + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +@@ -57,14 +59,16 @@ + } + } + +- public static class OldSHA384 +- extends BaseMac +- { +- public OldSHA384() +- { +- super(new OldHMac(new SHA384Digest())); +- } +- } ++ // BEGIN android-removed ++ // public static class OldSHA384 ++ // extends BaseMac ++ // { ++ // public OldSHA384() ++ // { ++ // super(new OldHMac(new SHA384Digest())); ++ // } ++ // } ++ // END android-removed + + public static class Mappings + extends DigestAlgorithmProvider +@@ -80,7 +84,9 @@ + provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); +- provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); ++ // END android-removed + + addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA512.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA512.java 2013-05-25 02:14:15.000000000 +0000 +@@ -4,9 +4,13 @@ + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.crypto.CipherKeyGenerator; + import org.bouncycastle.crypto.digests.SHA512Digest; +-import org.bouncycastle.crypto.digests.SHA512tDigest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.SHA512tDigest; ++// END android-removed + import org.bouncycastle.crypto.macs.HMac; +-import org.bouncycastle.crypto.macs.OldHMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.OldHMac; ++// END android-removed + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +@@ -37,42 +41,44 @@ + } + } + +- static public class DigestT +- extends BCMessageDigest +- implements Cloneable +- { +- public DigestT(int bitLength) +- { +- super(new SHA512tDigest(bitLength)); +- } +- +- public Object clone() +- throws CloneNotSupportedException +- { +- DigestT d = (DigestT)super.clone(); +- d.digest = new SHA512tDigest((SHA512tDigest)digest); +- +- return d; +- } +- } +- +- static public class DigestT224 +- extends DigestT +- { +- public DigestT224() +- { +- super(224); +- } +- } +- +- static public class DigestT256 +- extends DigestT +- { +- public DigestT256() +- { +- super(256); +- } +- } ++ // BEGIN android-removed ++ // static public class DigestT ++ // extends BCMessageDigest ++ // implements Cloneable ++ // { ++ // public DigestT(int bitLength) ++ // { ++ // super(new SHA512tDigest(bitLength)); ++ // } ++ // ++ // public Object clone() ++ // throws CloneNotSupportedException ++ // { ++ // DigestT d = (DigestT)super.clone(); ++ // d.digest = new SHA512tDigest((SHA512tDigest)digest); ++ // ++ // return d; ++ // } ++ // } ++ // ++ // static public class DigestT224 ++ // extends DigestT ++ // { ++ // public DigestT224() ++ // { ++ // super(224); ++ // } ++ // } ++ // ++ // static public class DigestT256 ++ // extends DigestT ++ // { ++ // public DigestT256() ++ // { ++ // super(256); ++ // } ++ // } ++ // END android-removed + + public static class HashMac + extends BaseMac +@@ -83,35 +89,37 @@ + } + } + +- public static class HashMacT224 +- extends BaseMac +- { +- public HashMacT224() +- { +- super(new HMac(new SHA512tDigest(224))); +- } +- } +- +- public static class HashMacT256 +- extends BaseMac +- { +- public HashMacT256() +- { +- super(new HMac(new SHA512tDigest(256))); +- } +- } +- +- /** +- * SHA-512 HMac +- */ +- public static class OldSHA512 +- extends BaseMac +- { +- public OldSHA512() +- { +- super(new OldHMac(new SHA512Digest())); +- } +- } ++ // BEGIN android-removed ++ // public static class HashMacT224 ++ // extends BaseMac ++ // { ++ // public HashMacT224() ++ // { ++ // super(new HMac(new SHA512tDigest(224))); ++ // } ++ // } ++ // ++ // public static class HashMacT256 ++ // extends BaseMac ++ // { ++ // public HashMacT256() ++ // { ++ // super(new HMac(new SHA512tDigest(256))); ++ // } ++ // } ++ // ++ // /** ++ // * SHA-512 HMac ++ // */ ++ // public static class OldSHA512 ++ // extends BaseMac ++ // { ++ // public OldSHA512() ++ // { ++ // super(new OldHMac(new SHA512Digest())); ++ // } ++ // } ++ // END android-removed + + /** + * HMACSHA512 +@@ -125,23 +133,25 @@ + } + } + +- public static class KeyGeneratorT224 +- extends BaseKeyGenerator +- { +- public KeyGeneratorT224() +- { +- super("HMACSHA512/224", 224, new CipherKeyGenerator()); +- } +- } +- +- public static class KeyGeneratorT256 +- extends BaseKeyGenerator +- { +- public KeyGeneratorT256() +- { +- super("HMACSHA512/256", 256, new CipherKeyGenerator()); +- } +- } ++ // BEGIN android-removed ++ // public static class KeyGeneratorT224 ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGeneratorT224() ++ // { ++ // super("HMACSHA512/224", 224, new CipherKeyGenerator()); ++ // } ++ // } ++ // ++ // public static class KeyGeneratorT256 ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGeneratorT256() ++ // { ++ // super("HMACSHA512/256", 256, new CipherKeyGenerator()); ++ // } ++ // } ++ // END android-removed + + public static class Mappings + extends DigestAlgorithmProvider +@@ -158,21 +168,25 @@ + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); + +- provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); +- provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); +- provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); +- +- provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); +- provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); +- provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); +- +- provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); ++ // ++ // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); ++ // ++ // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); ++ // END android-removed + + addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); + +- addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); +- addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); ++ // BEGIN android-removed ++ // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); ++ // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); ++ // END android-removed + } + } + +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/BC.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/BC.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/BC.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/BC.java 2013-05-25 02:14:15.000000000 +0000 +@@ -17,7 +17,9 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std"); +- provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); ++ // END android-removed + provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore"); + provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/PKCS12.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/PKCS12.java 2013-05-25 02:14:15.000000000 +0000 +@@ -17,14 +17,16 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); +- +- provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); +- +- provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); ++ // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); ++ // ++ // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); ++ // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); ++ // ++ // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); ++ // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); ++ // END android-removed + } + } + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java 2013-05-25 02:14:15.000000000 +0000 +@@ -1594,32 +1594,34 @@ + } + } + +- public static class BCPKCS12KeyStore3DES +- extends PKCS12KeyStoreSpi +- { +- public BCPKCS12KeyStore3DES() +- { +- super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); +- } +- } +- +- public static class DefPKCS12KeyStore +- extends PKCS12KeyStoreSpi +- { +- public DefPKCS12KeyStore() +- { +- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); +- } +- } +- +- public static class DefPKCS12KeyStore3DES +- extends PKCS12KeyStoreSpi +- { +- public DefPKCS12KeyStore3DES() +- { +- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); +- } +- } ++ // BEGIN android-removed ++ // public static class BCPKCS12KeyStore3DES ++ // extends PKCS12KeyStoreSpi ++ // { ++ // public BCPKCS12KeyStore3DES() ++ // { ++ // super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); ++ // } ++ // } ++ // ++ // public static class DefPKCS12KeyStore ++ // extends PKCS12KeyStoreSpi ++ // { ++ // public DefPKCS12KeyStore() ++ // { ++ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); ++ // } ++ // } ++ // ++ // public static class DefPKCS12KeyStore3DES ++ // extends PKCS12KeyStoreSpi ++ // { ++ // public DefPKCS12KeyStore3DES() ++ // { ++ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); ++ // } ++ // } ++ // END android-removed + + private static class IgnoresCaseHashtable + { +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/AES.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/AES.java 2013-05-25 02:14:15.000000000 +0000 +@@ -1,11 +1,15 @@ package org.bouncycastle.jcajce.provider.symmetric; -import java.security.AlgorithmParameters; @@ -3198,19 +3716,23 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE +// import javax.crypto.spec.IvParameterSpec; +// END android-removed + import org.bouncycastle.asn1.bc.BCObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; - import org.bouncycastle.crypto.BufferedBlockCipher; +@@ -14,23 +18,31 @@ import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.AESFastEngine; import org.bouncycastle.crypto.engines.AESWrapEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -import org.bouncycastle.crypto.macs.CMac; +-import org.bouncycastle.crypto.macs.GMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// import org.bouncycastle.crypto.macs.CMac; ++// import org.bouncycastle.crypto.macs.GMac; +// END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; + import org.bouncycastle.crypto.modes.GCMBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; @@ -3224,8 +3746,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; + import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; - import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; -import org.bouncycastle.jce.provider.BouncyCastleProvider; +// BEGIN android-removed +// import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -3233,7 +3756,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE public final class AES { -@@ -69,15 +81,17 @@ +@@ -80,23 +92,25 @@ } } @@ -3246,6 +3769,14 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE - } - } - +- public static class AESGMAC +- extends BaseMac +- { +- public AESGMAC() +- { +- super(new GMac(new GCMBlockCipher(new AESFastEngine()))); +- } +- } + // BEGIN android-removed + // public static class AESCMAC + // extends BaseMac @@ -3255,12 +3786,20 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE + // super(new CMac(new AESFastEngine())); + // } + // } ++ // ++ // public static class AESGMAC ++ // extends BaseMac ++ // { ++ // public AESGMAC() ++ // { ++ // super(new GMac(new GCMBlockCipher(new AESFastEngine()))); ++ // } ++ // } + // END android-removed -+ + static public class Wrap extends BaseWrapCipher - { -@@ -86,15 +100,17 @@ +@@ -106,15 +120,17 @@ super(new AESWrapEngine()); } } @@ -3285,9 +3824,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE + // } + // END android-removed - public static class KeyGen - extends BaseKeyGenerator -@@ -110,70 +126,72 @@ + + /** +@@ -143,32 +159,34 @@ } } @@ -3317,7 +3856,41 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE - super(256); - } - } -- ++ // BEGIN android-removed ++ // public static class KeyGen128 ++ // extends KeyGen ++ // { ++ // public KeyGen128() ++ // { ++ // super(128); ++ // } ++ // } ++ // ++ // public static class KeyGen192 ++ // extends KeyGen ++ // { ++ // public KeyGen192() ++ // { ++ // super(192); ++ // } ++ // } ++ // ++ // public static class KeyGen256 ++ // extends KeyGen ++ // { ++ // public KeyGen256() ++ // { ++ // super(256); ++ // } ++ // } ++ // END android-removed + + /** + * PBEWithSHA1And128BitAES-BC +@@ -278,43 +296,45 @@ + } + } + - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { @@ -3356,33 +3929,6 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE - } - } + // BEGIN android-removed -+ // public static class KeyGen128 -+ // extends KeyGen -+ // { -+ // public KeyGen128() -+ // { -+ // super(128); -+ // } -+ // } -+ // -+ // public static class KeyGen192 -+ // extends KeyGen -+ // { -+ // public KeyGen192() -+ // { -+ // super(192); -+ // } -+ // } -+ // -+ // public static class KeyGen256 -+ // extends KeyGen -+ // { -+ // public KeyGen256() -+ // { -+ // super(256); -+ // } -+ // } -+ // + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { @@ -3424,7 +3970,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE public static class AlgParams extends IvAlgorithmParameters -@@ -212,58 +230,66 @@ +@@ -353,58 +373,66 @@ provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); @@ -3529,13 +4075,24 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AE + // + // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); +@@ -483,7 +511,9 @@ + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); + +- addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); ++ // BEGIN android-removed ++ // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); ++ // END android-removed } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/ARC4.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2012-09-17 23:04:47.000000000 +0000 -@@ -27,7 +27,9 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/ARC4.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-05-25 02:14:15.000000000 +0000 +@@ -29,7 +29,9 @@ { public KeyGen() { @@ -3546,9 +4103,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AR } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-09-17 23:04:47.000000000 +0000 @@ -64,7 +64,9 @@ { @@ -3560,11 +4117,11 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/Bl provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DES.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DES.java 2012-09-17 23:04:47.000000000 +0000 -@@ -16,11 +16,15 @@ - import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DES.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DES.java 2013-05-25 02:14:15.000000000 +0000 +@@ -19,12 +19,16 @@ + import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.KeyGenerationParameters; import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; @@ -3575,26 +4132,19 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.macs.CMac; +-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.CMac; ++// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +// END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -@@ -48,115 +52,117 @@ + import org.bouncycastle.crypto.params.DESParameters; +@@ -66,17 +70,19 @@ } } -- static public class CBC -- extends BaseBlockCipher -- { -- public CBC() -- { -- super(new CBCBlockCipher(new DESEngine()), 64); -- } -- } -- - /** - * DES CFB8 - */ @@ -3606,46 +4156,56 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE - super(new CFBBlockCipherMac(new DESEngine())); - } - } -- -- /** -- * DES64 -- */ -- public static class DES64 ++ // BEGIN android-removed ++ // /** ++ // * DES CFB8 ++ // */ ++ // public static class DESCFB8 ++ // extends BaseMac ++ // { ++ // public DESCFB8() ++ // { ++ // super(new CFBBlockCipherMac(new DESEngine())); ++ // } ++ // } ++ // END android-removed + + /** + * DES64 +@@ -111,47 +117,49 @@ + } + } + +- static public class CMAC - extends BaseMac - { -- public DES64() +- public CMAC() - { -- super(new CBCBlockCipherMac(new DESEngine(), 64)); +- super(new CMac(new DESEngine())); - } - } - - /** -- * DES64with7816-4Padding +- * DES9797Alg3with7816-4Padding - */ -- public static class DES64with7816d4 -- extends BaseMac -- { -- public DES64with7816d4() -- { -- super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); -- } -- } -- -- public static class CBCMAC +- public static class DES9797Alg3with7816d4 - extends BaseMac - { -- public CBCMAC() +- public DES9797Alg3with7816d4() - { -- super(new CBCBlockCipherMac(new DESEngine())); +- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - } - } - -- static public class CMAC +- /** +- * DES9797Alg3 +- */ +- public static class DES9797Alg3 - extends BaseMac - { -- public CMAC() +- public DES9797Alg3() - { -- super(new CMac(new DESEngine())); +- super(new ISO9797Alg3Mac(new DESEngine())); - } - } - @@ -3657,105 +4217,37 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE - super(new RFC3211WrapEngine(new DESEngine()), 8); - } - } -- -- public static class AlgParamGen -- extends BaseAlgorithmParameterGenerator -- { -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); -- } -- -- protected AlgorithmParameters engineGenerateParameters() -- { -- byte[] iv = new byte[8]; -- -- if (random == null) -- { -- random = new SecureRandom(); -- } -- -- random.nextBytes(iv); -- -- AlgorithmParameters params; -- -- try -- { -- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new IvParameterSpec(iv)); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- -- return params; -- } -- } + // BEGIN android-removed -+ // static public class CBC -+ // extends BaseBlockCipher -+ // { -+ // public CBC() -+ // { -+ // super(new CBCBlockCipher(new DESEngine()), 64); -+ // } -+ // } -+ // -+ // /** -+ // * DES CFB8 -+ // */ -+ // public static class DESCFB8 ++ // static public class CMAC + // extends BaseMac + // { -+ // public DESCFB8() ++ // public CMAC() + // { -+ // super(new CFBBlockCipherMac(new DESEngine())); ++ // super(new CMac(new DESEngine())); + // } + // } + // + // /** -+ // * DES64 ++ // * DES9797Alg3with7816-4Padding + // */ -+ // public static class DES64 ++ // public static class DES9797Alg3with7816d4 + // extends BaseMac + // { -+ // public DES64() ++ // public DES9797Alg3with7816d4() + // { -+ // super(new CBCBlockCipherMac(new DESEngine(), 64)); ++ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); + // } + // } + // + // /** -+ // * DES64with7816-4Padding ++ // * DES9797Alg3 + // */ -+ // public static class DES64with7816d4 -+ // extends BaseMac -+ // { -+ // public DES64with7816d4() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); -+ // } -+ // } -+ // -+ // public static class CBCMAC -+ // extends BaseMac -+ // { -+ // public CBCMAC() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine())); -+ // } -+ // } -+ // -+ // static public class CMAC ++ // public static class DES9797Alg3 + // extends BaseMac + // { -+ // public CMAC() ++ // public DES9797Alg3() + // { -+ // super(new CMac(new DESEngine())); ++ // super(new ISO9797Alg3Mac(new DESEngine())); + // } + // } + // @@ -3767,49 +4259,73 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE + // super(new RFC3211WrapEngine(new DESEngine()), 8); + // } + // } -+ // -+ // public static class AlgParamGen -+ // extends BaseAlgorithmParameterGenerator ++ // END android-removed + + public static class AlgParamGen + extends BaseAlgorithmParameterGenerator +@@ -351,17 +359,19 @@ + } + } + +- /** +- * PBEWithMD2AndDES +- */ +- static public class PBEWithMD2KeyFactory +- extends DESPBEKeyFactory +- { +- public PBEWithMD2KeyFactory() +- { +- super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * PBEWithMD2AndDES ++ // */ ++ // static public class PBEWithMD2KeyFactory ++ // extends DESPBEKeyFactory + // { -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException ++ // public PBEWithMD2KeyFactory() + // { -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); ++ // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); + // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() ++ // } ++ // END android-removed + + /** + * PBEWithMD5AndDES +@@ -387,17 +397,19 @@ + } + } + +- /** +- * PBEWithMD2AndDES +- */ +- static public class PBEWithMD2 +- extends BaseBlockCipher +- { +- public PBEWithMD2() +- { +- super(new CBCBlockCipher(new DESEngine())); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * PBEWithMD2AndDES ++ // */ ++ // static public class PBEWithMD2 ++ // extends BaseBlockCipher ++ // { ++ // public PBEWithMD2() + // { -+ // byte[] iv = new byte[8]; -+ // -+ // if (random == null) -+ // { -+ // random = new SecureRandom(); -+ // } -+ // -+ // random.nextBytes(iv); -+ // -+ // AlgorithmParameters params; -+ // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new IvParameterSpec(iv)); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // -+ // return params; ++ // super(new CBCBlockCipher(new DESEngine())); + // } + // } + // END android-removed - /** - * DES - the default for this is to generate a key in -@@ -263,36 +269,42 @@ + /** + * PBEWithMD5AndDES +@@ -437,61 +449,75 @@ { provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); @@ -3844,6 +4360,14 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE - provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); +- +- provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); +- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); +- +- provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); +- provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); +- provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); +- provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); + // BEGIN android-removed + // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); + // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); @@ -3859,6 +4383,14 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE + // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // ++ // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); ++ // ++ // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); ++ // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); ++ // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); ++ // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); + // END android-removed provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); @@ -3866,16 +4398,47 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE - provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); +- +- provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); ++ // ++ // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); + // END android-removed - } + provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1"); + +- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); + +- provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); ++ // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory"); - private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DESede.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2012-09-17 23:04:47.000000000 +0000 +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DESede.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2013-05-25 02:14:15.000000000 +0000 @@ -1,30 +1,42 @@ package org.bouncycastle.jcajce.provider.symmetric; @@ -4012,7 +4575,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE /** * DESede - the default for this is to generate a key in -@@ -217,43 +235,45 @@ +@@ -241,43 +259,45 @@ } } @@ -4095,7 +4658,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE static public class KeyFactory extends BaseSecretKeyFactory -@@ -337,18 +357,28 @@ +@@ -361,25 +381,37 @@ public void configure(ConfigurableProvider provider) { provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); @@ -4113,6 +4676,16 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE + // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); + // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); + if (provider.hasAlgorithm("MessageDigest", "SHA-1")) { provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); @@ -4130,7 +4703,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); -@@ -357,31 +387,37 @@ +@@ -388,31 +420,37 @@ } provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); @@ -4183,87 +4756,329 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE + // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + // END android-removed - } - } - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2012-09-17 23:04:47.000000000 +0000 -@@ -7,13 +7,17 @@ - import javax.crypto.spec.IvParameterSpec; - import javax.crypto.spec.PBEParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory"); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/RC2.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/RC2.java 2013-05-25 02:14:15.000000000 +0000 +@@ -12,24 +12,34 @@ - import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1Primitive; - import org.bouncycastle.asn1.pkcs.PBKDF2Params; - import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +-import org.bouncycastle.crypto.CipherKeyGenerator; +// BEGIN android-removed +// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; ++// import org.bouncycastle.crypto.CipherKeyGenerator; ++// END android-removed + import org.bouncycastle.crypto.engines.RC2Engine; +-import org.bouncycastle.crypto.engines.RC2WrapEngine; +-import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.RC2WrapEngine; ++// import org.bouncycastle.crypto.macs.CBCBlockCipherMac; ++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +// END android-removed - import org.bouncycastle.util.Arrays; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; + import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + import org.bouncycastle.jce.provider.BouncyCastleProvider; +-import org.bouncycastle.util.Arrays; ++// BEGIN android-removed ++// import org.bouncycastle.util.Arrays; ++// END android-removed + + public final class RC2 + { +@@ -37,59 +47,61 @@ + { + } + +- /** +- * RC2 +- */ +- static public class ECB +- extends BaseBlockCipher +- { +- public ECB() +- { +- super(new RC2Engine()); +- } +- } +- +- /** +- * RC2CBC +- */ +- static public class CBC +- extends BaseBlockCipher +- { +- public CBC() +- { +- super(new CBCBlockCipher(new RC2Engine()), 64); +- } +- } +- +- public static class Wrap +- extends BaseWrapCipher +- { +- public Wrap() +- { +- super(new RC2WrapEngine()); +- } +- } +- +- /** +- * RC2 +- */ +- public static class CBCMAC +- extends BaseMac +- { +- public CBCMAC() +- { +- super(new CBCBlockCipherMac(new RC2Engine())); +- } +- } +- +- public static class CFB8MAC +- extends BaseMac +- { +- public CFB8MAC() +- { +- super(new CFBBlockCipherMac(new RC2Engine())); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * RC2 ++ // */ ++ // static public class ECB ++ // extends BaseBlockCipher ++ // { ++ // public ECB() ++ // { ++ // super(new RC2Engine()); ++ // } ++ // } ++ // ++ // /** ++ // * RC2CBC ++ // */ ++ // static public class CBC ++ // extends BaseBlockCipher ++ // { ++ // public CBC() ++ // { ++ // super(new CBCBlockCipher(new RC2Engine()), 64); ++ // } ++ // } ++ // ++ // public static class Wrap ++ // extends BaseWrapCipher ++ // { ++ // public Wrap() ++ // { ++ // super(new RC2WrapEngine()); ++ // } ++ // } ++ // ++ // /** ++ // * RC2 ++ // */ ++ // public static class CBCMAC ++ // extends BaseMac ++ // { ++ // public CBCMAC() ++ // { ++ // super(new CBCBlockCipherMac(new RC2Engine())); ++ // } ++ // } ++ // ++ // public static class CFB8MAC ++ // extends BaseMac ++ // { ++ // public CFB8MAC() ++ // { ++ // super(new CFBBlockCipherMac(new RC2Engine())); ++ // } ++ // } ++ // END android-removed - public abstract class BaseAlgorithmParameters -@@ -39,177 +43,179 @@ - protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException; + /** + * PBEWithSHA1AndRC2 +@@ -175,17 +187,19 @@ + } + } + +- /** +- * PBEWithMD2AndRC2 +- */ +- static public class PBEWithMD2KeyFactory +- extends PBESecretKeyFactory +- { +- public PBEWithMD2KeyFactory() +- { +- super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * PBEWithMD2AndRC2 ++ // */ ++ // static public class PBEWithMD2KeyFactory ++ // extends PBESecretKeyFactory ++ // { ++ // public PBEWithMD2KeyFactory() ++ // { ++ // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); ++ // } ++ // } ++ // END android-removed + + /** + * PBEWithMD5AndRC2 +@@ -199,247 +213,249 @@ + } + } -- public static class RC2AlgorithmParameters +- public static class AlgParamGen +- extends BaseAlgorithmParameterGenerator +- { +- RC2ParameterSpec spec = null; +- +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- if (genParamSpec instanceof RC2ParameterSpec) +- { +- spec = (RC2ParameterSpec)genParamSpec; +- return; +- } +- +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); +- } +- +- protected AlgorithmParameters engineGenerateParameters() +- { +- AlgorithmParameters params; +- +- if (spec == null) +- { +- byte[] iv = new byte[8]; +- +- if (random == null) +- { +- random = new SecureRandom(); +- } +- +- random.nextBytes(iv); +- +- try +- { +- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); +- params.init(new IvParameterSpec(iv)); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- } +- else +- { +- try +- { +- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); +- params.init(spec); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- } +- +- return params; +- } +- } +- +- public static class KeyGenerator +- extends BaseKeyGenerator +- { +- public KeyGenerator() +- { +- super("RC2", 128, new CipherKeyGenerator()); +- } +- } +- +- public static class AlgParams - extends BaseAlgorithmParameters - { - private static final short[] table = { -- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, -- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, -- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, -- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, -- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, -- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, -- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, -- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, -- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, -- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, -- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, -- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, -- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, -- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, -- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, -- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab +- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, +- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, +- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, +- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, +- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, +- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, +- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, +- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, +- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, +- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, +- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, +- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, +- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, +- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, +- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, +- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - }; - - private static final short[] ekb = { -- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, -- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, -- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, -- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, -- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, -- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, -- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, -- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, -- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, -- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, -- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, -- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, -- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, -- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, -- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, -- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd +- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, +- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, +- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, +- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, +- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, +- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, +- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, +- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, +- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, +- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, +- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, +- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, +- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, +- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, +- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, +- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - }; - -- private byte[] iv; -- private int parameterVersion = 58; +- private byte[] iv; +- private int parameterVersion = 58; - -- protected byte[] engineGetEncoded() +- protected byte[] engineGetEncoded() - { - return Arrays.clone(iv); - } - - protected byte[] engineGetEncoded( -- String format) +- String format) - throws IOException - { - if (this.isASN1FormatString(format)) @@ -4287,7 +5102,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) +- Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == RC2ParameterSpec.class) @@ -4314,7 +5129,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - } - - protected void engineInit( -- AlgorithmParameterSpec paramSpec) +- AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec instanceof IvParameterSpec) @@ -4345,7 +5160,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - } - - protected void engineInit( -- byte[] params) +- byte[] params) - throws IOException - { - this.iv = Arrays.clone(params); @@ -4353,7 +5168,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - - protected void engineInit( - byte[] params, -- String format) +- String format) - throws IOException - { - if (this.isASN1FormatString(format)) @@ -4379,63 +5194,133 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - throw new IOException("Unknown parameters format in IV parameters object"); - } - -- protected String engineToString() +- protected String engineToString() - { - return "RC2 Parameters"; - } - } + // BEGIN android-removed -+ // public static class RC2AlgorithmParameters ++ // public static class AlgParamGen ++ // extends BaseAlgorithmParameterGenerator ++ // { ++ // RC2ParameterSpec spec = null; ++ // ++ // protected void engineInit( ++ // AlgorithmParameterSpec genParamSpec, ++ // SecureRandom random) ++ // throws InvalidAlgorithmParameterException ++ // { ++ // if (genParamSpec instanceof RC2ParameterSpec) ++ // { ++ // spec = (RC2ParameterSpec)genParamSpec; ++ // return; ++ // } ++ // ++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); ++ // } ++ // ++ // protected AlgorithmParameters engineGenerateParameters() ++ // { ++ // AlgorithmParameters params; ++ // ++ // if (spec == null) ++ // { ++ // byte[] iv = new byte[8]; ++ // ++ // if (random == null) ++ // { ++ // random = new SecureRandom(); ++ // } ++ // ++ // random.nextBytes(iv); ++ // ++ // try ++ // { ++ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(new IvParameterSpec(iv)); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new RuntimeException(e.getMessage()); ++ // } ++ // } ++ // else ++ // { ++ // try ++ // { ++ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(spec); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new RuntimeException(e.getMessage()); ++ // } ++ // } ++ // ++ // return params; ++ // } ++ // } ++ // ++ // public static class KeyGenerator ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGenerator() ++ // { ++ // super("RC2", 128, new CipherKeyGenerator()); ++ // } ++ // } ++ // ++ // public static class AlgParams + // extends BaseAlgorithmParameters + // { + // private static final short[] table = { -+ // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, -+ // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, -+ // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, -+ // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, -+ // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, -+ // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, -+ // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, -+ // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, -+ // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, -+ // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, -+ // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, -+ // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, -+ // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, -+ // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, -+ // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, -+ // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab ++ // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, ++ // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, ++ // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, ++ // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, ++ // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, ++ // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, ++ // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, ++ // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, ++ // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, ++ // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, ++ // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, ++ // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, ++ // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, ++ // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, ++ // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, ++ // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab + // }; + // + // private static final short[] ekb = { -+ // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, -+ // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, -+ // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, -+ // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, -+ // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, -+ // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, -+ // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, -+ // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, -+ // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, -+ // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, -+ // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, -+ // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, -+ // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, -+ // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, -+ // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, -+ // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd ++ // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, ++ // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, ++ // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, ++ // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, ++ // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, ++ // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, ++ // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, ++ // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, ++ // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, ++ // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, ++ // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, ++ // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, ++ // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, ++ // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, ++ // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, ++ // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd + // }; + // -+ // private byte[] iv; -+ // private int parameterVersion = 58; ++ // private byte[] iv; ++ // private int parameterVersion = 58; + // -+ // protected byte[] engineGetEncoded() ++ // protected byte[] engineGetEncoded() + // { + // return Arrays.clone(iv); + // } + // + // protected byte[] engineGetEncoded( -+ // String format) ++ // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) @@ -4459,7 +5344,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut + // } + // + // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) ++ // Class paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec == RC2ParameterSpec.class) @@ -4486,7 +5371,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut + // } + // + // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) ++ // AlgorithmParameterSpec paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec instanceof IvParameterSpec) @@ -4517,7 +5402,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut + // } + // + // protected void engineInit( -+ // byte[] params) ++ // byte[] params) + // throws IOException + // { + // this.iv = Arrays.clone(params); @@ -4525,7 +5410,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut + // + // protected void engineInit( + // byte[] params, -+ // String format) ++ // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) @@ -4551,18 +5436,291 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut + // throw new IOException("Unknown parameters format in IV parameters object"); + // } + // -+ // protected String engineToString() ++ // protected String engineToString() + // { + // return "RC2 Parameters"; + // } + // } + // END android-removed - public static class PBKDF2 - extends BaseAlgorithmParameters -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2012-09-17 23:04:47.000000000 +0000 + public static class Mappings + extends AlgorithmProvider +@@ -453,32 +469,36 @@ + public void configure(ConfigurableProvider provider) + { + +- provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); +- +- provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); +- provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); +- +- provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); +- provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); +- +- provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); +- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); +- provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); +- +- provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); +- provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); +- provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); +- provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); +- +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); ++ // ++ // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); ++ // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); ++ // ++ // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); ++ // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); ++ // ++ // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); ++ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); ++ // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); ++ // ++ // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); ++ // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); ++ // ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); + +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + +@@ -486,14 +506,18 @@ + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + +- provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); ++ // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + +- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java 2013-05-25 02:14:15.000000000 +0000 +@@ -6,16 +6,18 @@ + abstract class SymmetricAlgorithmProvider + extends AlgorithmProvider + { +- protected void addGMacAlgorithm( +- ConfigurableProvider provider, +- String algorithm, +- String algorithmClassName, +- String keyGeneratorClassName) +- { +- provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); +- provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); +- +- provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); +- provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); +- } ++ // BEGIN android-removed ++ // protected void addGMacAlgorithm( ++ // ConfigurableProvider provider, ++ // String algorithm, ++ // String algorithmClassName, ++ // String keyGeneratorClassName) ++ // { ++ // provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); ++ // provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); ++ // ++ // provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); ++ // provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); ++ // } ++ // END android-removed + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Twofish.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Twofish.java 2013-05-25 02:14:15.000000000 +0000 +@@ -1,17 +1,25 @@ + package org.bouncycastle.jcajce.provider.symmetric; + +-import org.bouncycastle.crypto.BlockCipher; +-import org.bouncycastle.crypto.CipherKeyGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.BlockCipher; ++// import org.bouncycastle.crypto.CipherKeyGenerator; ++// END android-removed + import org.bouncycastle.crypto.engines.TwofishEngine; +-import org.bouncycastle.crypto.macs.GMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.GMac; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; +-import org.bouncycastle.crypto.modes.GCMBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.GCMBlockCipher; ++// END android-removed + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +-import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; ++// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; + + public final class Twofish +@@ -20,38 +28,40 @@ + { + } + +- public static class ECB +- extends BaseBlockCipher +- { +- public ECB() +- { +- super(new BlockCipherProvider() +- { +- public BlockCipher get() +- { +- return new TwofishEngine(); +- } +- }); +- } +- } +- +- public static class KeyGen +- extends BaseKeyGenerator +- { +- public KeyGen() +- { +- super("Twofish", 256, new CipherKeyGenerator()); +- } +- } +- +- public static class GMAC +- extends BaseMac +- { +- public GMAC() +- { +- super(new GMac(new GCMBlockCipher(new TwofishEngine()))); +- } +- } ++ // BEGIN android-removed ++ // public static class ECB ++ // extends BaseBlockCipher ++ // { ++ // public ECB() ++ // { ++ // super(new BlockCipherProvider() ++ // { ++ // public BlockCipher get() ++ // { ++ // return new TwofishEngine(); ++ // } ++ // }); ++ // } ++ // } ++ // ++ // public static class KeyGen ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGen() ++ // { ++ // super("Twofish", 256, new CipherKeyGenerator()); ++ // } ++ // } ++ // ++ // public static class GMAC ++ // extends BaseMac ++ // { ++ // public GMAC() ++ // { ++ // super(new GMac(new GCMBlockCipher(new TwofishEngine()))); ++ // } ++ // } ++ // END android-removed + + /** + * PBEWithSHAAndTwofish-CBC +@@ -77,14 +87,16 @@ + } + } + +- public static class AlgParams +- extends IvAlgorithmParameters +- { +- protected String engineToString() +- { +- return "Twofish IV"; +- } +- } ++ // BEGIN android-removed ++ // public static class AlgParams ++ // extends IvAlgorithmParameters ++ // { ++ // protected String engineToString() ++ // { ++ // return "Twofish IV"; ++ // } ++ // } ++ // END android-removed + + public static class Mappings + extends SymmetricAlgorithmProvider +@@ -97,16 +109,20 @@ + + public void configure(ConfigurableProvider provider) + { +- provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); +- provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); +- provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); ++ // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); ++ // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHA"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory"); + +- addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); ++ // BEGIN android-removed ++ // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); ++ // END android-removed + } + } + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-05-25 02:14:15.000000000 +0000 @@ -17,8 +17,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -4574,9 +5732,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed + import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; - import org.bouncycastle.crypto.CipherParameters; -@@ -30,12 +32,18 @@ +@@ -31,13 +33,19 @@ import org.bouncycastle.crypto.modes.CCMBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.CTSBlockCipher; @@ -4586,8 +5744,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut +// END android-removed import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.modes.GOFBBlockCipher; +-import org.bouncycastle.crypto.modes.OCBBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GOFBBlockCipher; ++// import org.bouncycastle.crypto.modes.OCBBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; @@ -4599,7 +5759,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut import org.bouncycastle.crypto.modes.SICBlockCipher; import org.bouncycastle.crypto.paddings.BlockCipherPadding; import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -@@ -47,11 +55,17 @@ +@@ -49,11 +57,17 @@ import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.crypto.params.ParametersWithRandom; @@ -4620,7 +5780,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; import org.bouncycastle.util.Strings; -@@ -64,11 +78,15 @@ +@@ -66,11 +80,15 @@ // private Class[] availableSpecs = { @@ -4638,8 +5798,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut + // END android-removed }; - private org.bouncycastle.crypto.BlockCipher baseEngine; -@@ -223,20 +241,22 @@ + private BlockCipher baseEngine; +@@ -235,20 +253,22 @@ new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); } } @@ -4676,7 +5836,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut else if (modeName.startsWith("SIC")) { ivLength = baseEngine.getBlockSize(); -@@ -253,12 +273,14 @@ +@@ -265,12 +285,14 @@ cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( new SICBlockCipher(baseEngine))); } @@ -4697,16 +5857,40 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut else if (modeName.startsWith("CTS")) { ivLength = baseEngine.getBlockSize(); -@@ -269,11 +291,13 @@ +@@ -281,23 +303,25 @@ ivLength = baseEngine.getBlockSize(); cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); } +- else if (modeName.startsWith("OCB")) +- { +- if (engineProvider != null) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); +- } +- else +- { +- throw new NoSuchAlgorithmException("can't support mode " + mode); +- } +- } - else if (modeName.startsWith("EAX")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); - } + // BEGIN android-removed ++ // else if (modeName.startsWith("OCB")) ++ // { ++ // if (engineProvider != null) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); ++ // } ++ // else ++ // { ++ // throw new NoSuchAlgorithmException("can't support mode " + mode); ++ // } ++ // } + // else if (modeName.startsWith("EAX")) + // { + // ivLength = baseEngine.getBlockSize(); @@ -4716,7 +5900,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut else if (modeName.startsWith("GCM")) { ivLength = baseEngine.getBlockSize(); -@@ -442,63 +466,65 @@ +@@ -471,63 +495,65 @@ param = new KeyParameter(key.getEncoded()); } } @@ -4839,507 +6023,20 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut else { throw new InvalidAlgorithmParameterException("unknown parameter type."); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2012-09-17 23:04:47.000000000 +0000 -@@ -11,25 +11,34 @@ - - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.Mac; --import org.bouncycastle.crypto.digests.MD2Digest; --import org.bouncycastle.crypto.digests.MD4Digest; --import org.bouncycastle.crypto.digests.MD5Digest; --import org.bouncycastle.crypto.digests.RIPEMD128Digest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; --import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; --import org.bouncycastle.crypto.digests.SHA384Digest; --import org.bouncycastle.crypto.digests.SHA512Digest; --import org.bouncycastle.crypto.digests.TigerDigest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// import org.bouncycastle.crypto.digests.MD4Digest; -+// import org.bouncycastle.crypto.digests.MD5Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// import org.bouncycastle.crypto.digests.SHA256Digest; -+// import org.bouncycastle.crypto.digests.SHA384Digest; -+// import org.bouncycastle.crypto.digests.SHA512Digest; -+// import org.bouncycastle.crypto.digests.TigerDigest; -+// END android-removed -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added - import org.bouncycastle.crypto.engines.DESEngine; - import org.bouncycastle.crypto.engines.RC2Engine; - import org.bouncycastle.crypto.macs.CBCBlockCipherMac; --import org.bouncycastle.crypto.macs.CFBBlockCipherMac; --import org.bouncycastle.crypto.macs.GOST28147Mac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -+// import org.bouncycastle.crypto.macs.GOST28147Mac; -+// END android-removed - import org.bouncycastle.crypto.macs.HMac; --import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; --import org.bouncycastle.crypto.macs.OldHMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -+// import org.bouncycastle.crypto.macs.OldHMac; -+// END android-removed - import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; -@@ -179,91 +188,93 @@ - } - } - -- /** -- * GOST28147 -- */ -- public static class GOST28147 -- extends BaseMac -- { -- public GOST28147() -- { -- super(new GOST28147Mac()); -- } -- } -- -- -- -- /** -- * DES -- */ -- public static class DESCFB8 -- extends BaseMac -- { -- public DESCFB8() -- { -- super(new CFBBlockCipherMac(new DESEngine())); -- } -- } -- -- /** -- * RC2CFB8 -- */ -- public static class RC2CFB8 -- extends BaseMac -- { -- public RC2CFB8() -- { -- super(new CFBBlockCipherMac(new RC2Engine())); -- } -- } -- -- /** -- * DES9797Alg3with7816-4Padding -- */ -- public static class DES9797Alg3with7816d4 -- extends BaseMac -- { -- public DES9797Alg3with7816d4() -- { -- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); -- } -- } -- -- /** -- * DES9797Alg3 -- */ -- public static class DES9797Alg3 -- extends BaseMac -- { -- public DES9797Alg3() -- { -- super(new ISO9797Alg3Mac(new DESEngine())); -- } -- } -- -- /** -- * MD2 HMac -- */ -- public static class MD2 -- extends BaseMac -- { -- public MD2() -- { -- super(new HMac(new MD2Digest())); -- } -- } -- -- /** -- * MD4 HMac -- */ -- public static class MD4 -- extends BaseMac -- { -- public MD4() -- { -- super(new HMac(new MD4Digest())); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * GOST28147 -+ // */ -+ // public static class GOST28147 -+ // extends BaseMac -+ // { -+ // public GOST28147() -+ // { -+ // super(new GOST28147Mac()); -+ // } -+ // } -+ // -+ // -+ // -+ // /** -+ // * DES -+ // */ -+ // public static class DESCFB8 -+ // extends BaseMac -+ // { -+ // public DESCFB8() -+ // { -+ // super(new CFBBlockCipherMac(new DESEngine())); -+ // } -+ // } -+ // -+ // /** -+ // * RC2CFB8 -+ // */ -+ // public static class RC2CFB8 -+ // extends BaseMac -+ // { -+ // public RC2CFB8() -+ // { -+ // super(new CFBBlockCipherMac(new RC2Engine())); -+ // } -+ // } -+ // -+ // /** -+ // * DES9797Alg3with7816-4Padding -+ // */ -+ // public static class DES9797Alg3with7816d4 -+ // extends BaseMac -+ // { -+ // public DES9797Alg3with7816d4() -+ // { -+ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); -+ // } -+ // } -+ // -+ // /** -+ // * DES9797Alg3 -+ // */ -+ // public static class DES9797Alg3 -+ // extends BaseMac -+ // { -+ // public DES9797Alg3() -+ // { -+ // super(new ISO9797Alg3Mac(new DESEngine())); -+ // } -+ // } -+ // -+ // /** -+ // * MD2 HMac -+ // */ -+ // public static class MD2 -+ // extends BaseMac -+ // { -+ // public MD2() -+ // { -+ // super(new HMac(new MD2Digest())); -+ // } -+ // } -+ // -+ // /** -+ // * MD4 HMac -+ // */ -+ // public static class MD4 -+ // extends BaseMac -+ // { -+ // public MD4() -+ // { -+ // super(new HMac(new MD4Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * MD5 HMac -@@ -273,7 +284,9 @@ +@@ -761,7 +787,9 @@ + private boolean isAEADModeName( + String modeName) { - public MD5() - { -- super(new HMac(new MD5Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getMD5())); -+ // END android-changed - } - } - -@@ -285,21 +298,25 @@ - { - public SHA1() - { -- super(new HMac(new SHA1Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1())); -+ // END android-changed - } - } - -- /** -- * SHA-224 HMac -- */ -- public static class SHA224 -- extends BaseMac -- { -- public SHA224() -- { -- super(new HMac(new SHA224Digest())); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * SHA-224 HMac -+ // */ -+ // public static class SHA224 -+ // extends BaseMac -+ // { -+ // public SHA224() -+ // { -+ // super(new HMac(new SHA224Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * SHA-256 HMac -@@ -309,7 +326,7 @@ - { - public SHA256() - { -- super(new HMac(new SHA256Digest())); -+ super(new HMac(AndroidDigestFactory.getSHA256())); - } - } - -@@ -321,18 +338,20 @@ - { - public SHA384() - { -- super(new HMac(new SHA384Digest())); -+ super(new HMac(AndroidDigestFactory.getSHA384())); - } - } - -- public static class OldSHA384 -- extends BaseMac -- { -- public OldSHA384() -- { -- super(new OldHMac(new SHA384Digest())); -- } -- } -+ // BEGIN android-removed -+ // public static class OldSHA384 -+ // extends BaseMac -+ // { -+ // public OldSHA384() -+ // { -+ // super(new OldHMac(new SHA384Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * SHA-512 HMac -@@ -342,75 +361,77 @@ - { - public SHA512() - { -- super(new HMac(new SHA512Digest())); -- } -- } -- -- /** -- * SHA-512 HMac -- */ -- public static class OldSHA512 -- extends BaseMac -- { -- public OldSHA512() -- { -- super(new OldHMac(new SHA512Digest())); -- } -- } -- -- /** -- * RIPEMD128 HMac -- */ -- public static class RIPEMD128 -- extends BaseMac -- { -- public RIPEMD128() -- { -- super(new HMac(new RIPEMD128Digest())); -- } -- } -- -- /** -- * RIPEMD160 HMac -- */ -- public static class RIPEMD160 -- extends BaseMac -- { -- public RIPEMD160() -- { -- super(new HMac(new RIPEMD160Digest())); -- } -- } -- -- /** -- * Tiger HMac -- */ -- public static class Tiger -- extends BaseMac -- { -- public Tiger() -- { -- super(new HMac(new TigerDigest())); -+ super(new HMac(AndroidDigestFactory.getSHA512())); - } - } - -+ // BEGIN android-removed -+ // /** -+ // * SHA-512 HMac -+ // */ -+ // public static class OldSHA512 -+ // extends BaseMac -+ // { -+ // public OldSHA512() -+ // { -+ // super(new OldHMac(new SHA512Digest())); -+ // } -+ // } -+ // -+ // /** -+ // * RIPEMD128 HMac -+ // */ -+ // public static class RIPEMD128 -+ // extends BaseMac -+ // { -+ // public RIPEMD128() -+ // { -+ // super(new HMac(new RIPEMD128Digest())); -+ // } -+ // } - // -- // PKCS12 states that the same algorithm should be used -- // for the key generation as is used in the HMAC, so that -- // is what we do here. -+ // /** -+ // * RIPEMD160 HMac -+ // */ -+ // public static class RIPEMD160 -+ // extends BaseMac -+ // { -+ // public RIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest())); -+ // } -+ // } - // -- -- /** -- * PBEWithHmacRIPEMD160 -- */ -- public static class PBEWithRIPEMD160 -- extends BaseMac -- { -- public PBEWithRIPEMD160() -- { -- super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -- } -- } -+ // /** -+ // * Tiger HMac -+ // */ -+ // public static class Tiger -+ // extends BaseMac -+ // { -+ // public Tiger() -+ // { -+ // super(new HMac(new TigerDigest())); -+ // } -+ // } -+ // -+ // // -+ // // PKCS12 states that the same algorithm should be used -+ // // for the key generation as is used in the HMAC, so that -+ // // is what we do here. -+ // // -+ // -+ // /** -+ // * PBEWithHmacRIPEMD160 -+ // */ -+ // public static class PBEWithRIPEMD160 -+ // extends BaseMac -+ // { -+ // public PBEWithRIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithHmacSHA -@@ -420,19 +441,23 @@ - { - public PBEWithSHA() - { -- super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); -+ // END android-changed - } +- return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName); ++ // BEGIN android-changed ++ return "CCM".equals(modeName) || "GCM".equals(modeName); ++ // END android-changed } -- /** -- * PBEWithHmacTiger -- */ -- public static class PBEWithTiger -- extends BaseMac -- { -- public PBEWithTiger() -- { -- super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacTiger -+ // */ -+ // public static class PBEWithTiger -+ // extends BaseMac -+ // { -+ // public PBEWithTiger() -+ // { -+ // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2012-09-17 23:04:47.000000000 +0000 + /* +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2012-09-17 23:04:47.000000000 +0000 @@ -13,8 +13,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -5366,9 +6063,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut IvParameterSpec.class, PBEParameterSpec.class }; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-01-31 02:26:40.000000000 +0000 @@ -22,8 +22,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -5412,9 +6109,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut protected byte[] engineWrap( Key key) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-05-25 02:14:15.000000000 +0000 @@ -7,13 +7,18 @@ import org.bouncycastle.crypto.CipherParameters; @@ -5443,25 +6140,25 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; @@ -29,11 +34,15 @@ // - static final int MD5 = 0; - static final int SHA1 = 1; -- static final int RIPEMD160 = 2; -- static final int TIGER = 3; + static final int MD5 = 0; + static final int SHA1 = 1; +- static final int RIPEMD160 = 2; +- static final int TIGER = 3; + // BEGIN android-removed -+ // static final int RIPEMD160 = 2; -+ // static final int TIGER = 3; ++ // static final int RIPEMD160 = 2; ++ // static final int TIGER = 3; + // END android-removed - static final int SHA256 = 4; -- static final int MD2 = 5; -- static final int GOST3411 = 6; + static final int SHA256 = 4; +- static final int MD2 = 5; +- static final int GOST3411 = 6; + // BEGIN android-removed -+ // static final int MD2 = 5; -+ // static final int GOST3411 = 6; ++ // static final int MD2 = 5; ++ // static final int GOST3411 = 6; + // END android-removed - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; -@@ -55,14 +64,20 @@ + static final int PKCS5S1 = 0; + static final int PKCS5S2 = 1; +@@ -57,14 +66,20 @@ { switch (hash) { @@ -5487,7 +6184,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut break; default: throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); -@@ -76,27 +91,39 @@ +@@ -78,27 +93,39 @@ { switch (hash) { @@ -5544,9 +6241,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut default: throw new IllegalStateException("unknown digest scheme for PBE encryption."); } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/util/DigestFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-09-17 23:04:47.000000000 +0000 @@ -10,19 +10,26 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -5672,73 +6369,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestF || (sha256.contains(digest1) && sha256.contains(digest2)) || (sha384.contains(digest1) && sha384.contains(digest2)) || (sha512.contains(digest1) && sha512.contains(digest2)) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk15on-148/org/bouncycastle/jce/ECNamedCurveTable.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/ECNamedCurveTable.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/ECNamedCurveTable.java 2012-09-17 23:04:47.000000000 +0000 -@@ -6,7 +6,9 @@ - import org.bouncycastle.asn1.ASN1ObjectIdentifier; - import org.bouncycastle.asn1.nist.NISTNamedCurves; - import org.bouncycastle.asn1.sec.SECNamedCurves; --import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// END android-removed - import org.bouncycastle.asn1.x9.X962NamedCurves; - import org.bouncycastle.asn1.x9.X9ECParameters; - import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -@@ -55,21 +57,23 @@ - } - } - -- if (ecP == null) -- { -- ecP = TeleTrusTNamedCurves.getByName(name); -- if (ecP == null) -- { -- try -- { -- ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); -- } -- catch (IllegalArgumentException e) -- { -- // ignore - not an oid -- } -- } -- } -+ // BEGIN android-removed -+ // if (ecP == null) -+ // { -+ // ecP = TeleTrusTNamedCurves.getByName(name); -+ // if (ecP == null) -+ // { -+ // try -+ // { -+ // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); -+ // } -+ // catch (IllegalArgumentException e) -+ // { -+ // // ignore - not an oid -+ // } -+ // } -+ // } -+ // END android-removed - - if (ecP == null) - { -@@ -102,7 +106,9 @@ - addEnumeration(v, X962NamedCurves.getNames()); - addEnumeration(v, SECNamedCurves.getNames()); - addEnumeration(v, NISTNamedCurves.getNames()); -- addEnumeration(v, TeleTrusTNamedCurves.getNames()); -+ // BEGIN android-removed -+ // addEnumeration(v, TeleTrusTNamedCurves.getNames()); -+ // END android-removed - - return v.elements(); - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-148/org/bouncycastle/jce/PKCS10CertificationRequest.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-149/org/bouncycastle/jce/PKCS10CertificationRequest.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-01-31 02:26:40.000000000 +0000 @@ -30,14 +30,18 @@ import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; @@ -5984,34 +6617,19 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationReque else { return digestAlgOID.getId(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-09-17 23:04:47.000000000 +0000 -@@ -11,7 +11,9 @@ - - import org.bouncycastle.asn1.ASN1ObjectIdentifier; - import org.bouncycastle.asn1.bc.BCObjectIdentifiers; --import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// END android-removed - import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -@@ -49,7 +51,10 @@ - { - private static String info = "BouncyCastle Security Provider v1.48"; - -- public static String PROVIDER_NAME = "BC"; -+ // BEGIN android-changed -+ // this constant should be final -+ public static final String PROVIDER_NAME = "BC"; -+ // END android-changed +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/BouncyCastleProvider.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-05-25 02:14:15.000000000 +0000 +@@ -64,13 +64,20 @@ - public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); + private static final String[] SYMMETRIC_MACS = + { +- "SipHash" ++ // BEGIN android-removed ++ // "SipHash" ++ // END android-removed + }; -@@ -62,8 +67,13 @@ - private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; private static final String[] SYMMETRIC_CIPHERS = { - "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", @@ -6021,12 +6639,23 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro + // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // END android-removed + // BEGIN android-added -+ "AES", "ARC4", "Blowfish", "DES", "DESede", ++ "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish" + // END android-added }; /* -@@ -80,7 +90,12 @@ +@@ -82,12 +89,22 @@ + // later ones configure it. + private static final String[] ASYMMETRIC_GENERIC = + { +- "X509", "IES" ++ // BEGIN android-removed ++ // "X509", "IES" ++ // END android-removed ++ // BEGIN android-added ++ "X509" ++ // END android-added + }; private static final String[] ASYMMETRIC_CIPHERS = { @@ -6040,7 +6669,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro }; /* -@@ -89,7 +104,12 @@ +@@ -96,7 +113,12 @@ private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; private static final String[] DIGESTS = { @@ -6053,10 +6682,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro + // END android-added }; - /** -@@ -121,26 +141,28 @@ + /* +@@ -143,48 +165,52 @@ - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); + loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); - // - // X509Store @@ -6078,6 +6707,22 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro - put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); - put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); - put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); +- +- // +- // cipher engines +- // +- put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); +- +- put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); +- +- +- put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); +- +- // Certification Path API +- put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); +- put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); +- put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); +- put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); + // BEGIN android-removed + // // + // // X509Store @@ -6099,268 +6744,23 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro + // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); + // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); + // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); -+ // END android-removed - - - // -@@ -149,14 +171,24 @@ - put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); - put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); - put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); -- put("KeyStore.BCPKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); -- put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -- -- put("KeyStore.PKCS12-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); -- put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); -- -- put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -- put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); -+ // BEGIN android-changed -+ put("Alg.Alias.KeyStore.BCPKCS12", "PKCS12"); -+ // END android-changed -+ // BEGIN android-removed -+ // put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -+ // END android-removed -+ -+ // BEGIN android-changed -+ put("Alg.Alias.KeyStore.PKCS12-3DES-40RC2", "PKCS12"); -+ // END android-changed -+ // BEGIN android-removed -+ // put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); -+ // END android-removed -+ -+ // BEGIN android-removed -+ // put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -+ // put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); -+ // END android-removed - - put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); - put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); -@@ -165,29 +197,41 @@ - // - // algorithm parameters - // -- put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); -+ // BEGIN android-removed -+ // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); -+ // END android-removed - put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - -- put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); -+ // BEGIN android-removed -+ // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); -+ // END android-removed - - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); -@@ -218,12 +262,14 @@ - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); -- -- put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ -+ // BEGIN android-removed -+ // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // END android-removed - - // - // key agreement -@@ -235,14 +281,20 @@ - // - put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - -- put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); -- put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); -+ // BEGIN android-removed -+ // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); -+ // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); -+ // END android-removed - - put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); -- put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); -+ // BEGIN android-removed -+ // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); -+ // END android-removed - put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); - put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); -- put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); -+ // BEGIN android-removed -+ // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); -+ // END android-removed - put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - - put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); -@@ -284,10 +336,12 @@ - put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - - put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); -- put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); -- -- put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -- put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); + // -+ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -324,16 +378,20 @@ - // - // secret key factories. - // -- put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); -- -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); ++ // // ++ // // cipher engines ++ // // ++ // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); + // -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - -- put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); -+ // END android-removed - put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); - put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); - put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); -@@ -345,33 +403,41 @@ - put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); - put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); -- put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); -+ // END android-removed - put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); -- put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); -+ // END android-removed - - put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL"); - -- put("SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithGOST3411"); -- -- put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); -- -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); -- put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -- put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); -- -- put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); -- put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithGOST3411"); ++ // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); + // -+ // put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); + // -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); -+ // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -+ // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); ++ // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); + // -+ // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -408,20 +474,31 @@ - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); -+ // BEGIN android-added -+ -+ put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); -+ // END android-added - - addMacAlgorithms(); - - // Certification Path API -- put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); -- put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); -- put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); -- put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); -+ // BEGIN android-removed ++ // // Certification Path API + // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); + // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); ++ // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); ++ // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); + // END android-removed -+ // BEGIN android-changed -+ // Use Alg.Alias so RFC3280 doesn't show up when iterating provider services, only PKIX -+ put("Alg.Alias.CertPathValidator.RFC3280", "PKIX"); -+ put("Alg.Alias.CertPathBuilder.RFC3280", "PKIX"); -+ // END android-changed put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); @@ -6375,47 +6775,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro } private void loadAlgorithms(String packageName, String[] names) -@@ -468,21 +545,25 @@ - private void addMacAlgorithms() - { - -- put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -- put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); -- -- put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -- put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); -- put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); -- put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); -- -- put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); -- -- put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); -+ // BEGIN android-removed -+ // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -+ // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); -+ // -+ // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -+ // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); -+ // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); -+ // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); -+ // -+ // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); -+ // -+ // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); -+ // END android-removed - - put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); -- put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); -+ // BEGIN android-removed -+ // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); -+ // END android-removed - put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); - } - -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertBlacklist.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertBlacklist.java 2013-01-16 01:38:43.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertBlacklist.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertBlacklist.java 2013-01-16 01:38:43.000000000 +0000 @@ -0,0 +1,224 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -6641,9 +7003,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertBlacklist.j + } + +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-01-31 02:26:40.000000000 +0000 @@ -61,14 +61,18 @@ import org.bouncycastle.asn1.x509.PolicyInformation; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -6801,311 +7163,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidat protected static void addAdditionalStoresFromCRLDistributionPoint( CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEBlockCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-01-29 02:13:59.000000000 +0000 -@@ -24,8 +24,10 @@ - import javax.crypto.ShortBufferException; - import javax.crypto.spec.IvParameterSpec; - import javax.crypto.spec.PBEParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; --import javax.crypto.spec.RC5ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// import javax.crypto.spec.RC5ParameterSpec; -+// END android-removed - import javax.crypto.spec.SecretKeySpec; - - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -@@ -44,12 +46,18 @@ - import org.bouncycastle.crypto.modes.CCMBlockCipher; - import org.bouncycastle.crypto.modes.CFBBlockCipher; - import org.bouncycastle.crypto.modes.CTSBlockCipher; --import org.bouncycastle.crypto.modes.EAXBlockCipher; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.EAXBlockCipher; -+// END android-removed - import org.bouncycastle.crypto.modes.GCMBlockCipher; --import org.bouncycastle.crypto.modes.GOFBBlockCipher; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.GOFBBlockCipher; -+// END android-removed - import org.bouncycastle.crypto.modes.OFBBlockCipher; --import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; --import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; -+// END android-removed - import org.bouncycastle.crypto.modes.SICBlockCipher; - import org.bouncycastle.crypto.paddings.BlockCipherPadding; - import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -@@ -61,12 +69,16 @@ - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; - import org.bouncycastle.crypto.params.ParametersWithRandom; --import org.bouncycastle.crypto.params.ParametersWithSBox; --import org.bouncycastle.crypto.params.RC2Parameters; --import org.bouncycastle.crypto.params.RC5Parameters; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.params.ParametersWithSBox; -+// import org.bouncycastle.crypto.params.RC2Parameters; -+// import org.bouncycastle.crypto.params.RC5Parameters; -+// END android-removed - import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; - import org.bouncycastle.jcajce.provider.symmetric.util.PBE; --import org.bouncycastle.jce.spec.GOST28147ParameterSpec; -+// BEGIN android-removed -+// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; -+// END android-removed - import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; - import org.bouncycastle.util.Strings; - -@@ -79,11 +91,15 @@ - // - private Class[] availableSpecs = - { -- RC2ParameterSpec.class, -- RC5ParameterSpec.class, -+ // BEGIN android-removed -+ // RC2ParameterSpec.class, -+ // RC5ParameterSpec.class, -+ // END android-removed - IvParameterSpec.class, - PBEParameterSpec.class, -- GOST28147ParameterSpec.class -+ // BEGIN android-removed -+ // GOST28147ParameterSpec.class -+ // END android-removed - }; - - private BlockCipher baseEngine; -@@ -240,20 +256,22 @@ - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } -- else if (modeName.startsWith("PGP")) -- { -- boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); -- -- ivLength = baseEngine.getBlockSize(); -- cipher = new BufferedGenericBlockCipher( -- new PGPCFBBlockCipher(baseEngine, inlineIV)); -- } -- else if (modeName.equalsIgnoreCase("OpenPGPCFB")) -- { -- ivLength = 0; -- cipher = new BufferedGenericBlockCipher( -- new OpenPGPCFBBlockCipher(baseEngine)); -- } -+ // BEGIN android-removed -+ // else if (modeName.startsWith("PGP")) -+ // { -+ // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); -+ // -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new BufferedGenericBlockCipher( -+ // new PGPCFBBlockCipher(baseEngine, inlineIV)); -+ // } -+ // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) -+ // { -+ // ivLength = 0; -+ // cipher = new BufferedGenericBlockCipher( -+ // new OpenPGPCFBBlockCipher(baseEngine)); -+ // } -+ // END android-removed - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); -@@ -270,12 +288,14 @@ - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } -- else if (modeName.startsWith("GOFB")) -- { -- ivLength = baseEngine.getBlockSize(); -- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( -- new GOFBBlockCipher(baseEngine))); -- } -+ // BEGIN android-removed -+ // else if (modeName.startsWith("GOFB")) -+ // { -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( -+ // new GOFBBlockCipher(baseEngine))); -+ // } -+ // END android-removed - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); -@@ -286,11 +306,13 @@ - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); - } -- else if (modeName.startsWith("EAX")) -- { -- ivLength = baseEngine.getBlockSize(); -- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); -- } -+ // BEGIN android-removed -+ // else if (modeName.startsWith("EAX")) -+ // { -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); -+ // } -+ // END android-removed - else if (modeName.startsWith("GCM")) - { - ivLength = baseEngine.getBlockSize(); -@@ -379,13 +401,15 @@ - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - -- // -- // for RC5-64 we must have some default parameters -- // -- if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) -- { -- throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); -- } -+ // BEGIN android-removed -+ // // -+ // // for RC5-64 we must have some default parameters -+ // // -+ // if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); -+ // } -+ // END android-removed - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). -@@ -459,63 +483,65 @@ - param = new KeyParameter(key.getEncoded()); - } - } -- else if (params instanceof GOST28147ParameterSpec) -- { -- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; -- -- param = new ParametersWithSBox( -- new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); -- -- if (gost28147Param.getIV() != null && ivLength != 0) -- { -- param = new ParametersWithIV(param, gost28147Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } -- } -- else if (params instanceof RC2ParameterSpec) -- { -- RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; -- -- param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); -- -- if (rc2Param.getIV() != null && ivLength != 0) -- { -- param = new ParametersWithIV(param, rc2Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } -- } -- else if (params instanceof RC5ParameterSpec) -- { -- RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; -- -- param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); -- if (baseEngine.getAlgorithmName().startsWith("RC5")) -- { -- if (baseEngine.getAlgorithmName().equals("RC5-32")) -- { -- if (rc5Param.getWordSize() != 32) -- { -- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); -- } -- } -- else if (baseEngine.getAlgorithmName().equals("RC5-64")) -- { -- if (rc5Param.getWordSize() != 64) -- { -- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); -- } -- } -- } -- else -- { -- throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); -- } -- if ((rc5Param.getIV() != null) && (ivLength != 0)) -- { -- param = new ParametersWithIV(param, rc5Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } -- } -+ // BEGIN android-removed -+ // else if (params instanceof GOST28147ParameterSpec) -+ // { -+ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; -+ // -+ // param = new ParametersWithSBox( -+ // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); -+ // -+ // if (gost28147Param.getIV() != null && ivLength != 0) -+ // { -+ // param = new ParametersWithIV(param, gost28147Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // else if (params instanceof RC2ParameterSpec) -+ // { -+ // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; -+ // -+ // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); -+ // -+ // if (rc2Param.getIV() != null && ivLength != 0) -+ // { -+ // param = new ParametersWithIV(param, rc2Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // else if (params instanceof RC5ParameterSpec) -+ // { -+ // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; -+ // -+ // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); -+ // if (baseEngine.getAlgorithmName().startsWith("RC5")) -+ // { -+ // if (baseEngine.getAlgorithmName().equals("RC5-32")) -+ // { -+ // if (rc5Param.getWordSize() != 32) -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); -+ // } -+ // } -+ // else if (baseEngine.getAlgorithmName().equals("RC5-64")) -+ // { -+ // if (rc5Param.getWordSize() != 64) -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); -+ // } -+ // } -+ // } -+ // else -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); -+ // } -+ // if ((rc5Param.getIV() != null) && (ivLength != 0)) -+ // { -+ // param = new ParametersWithIV(param, rc5Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // END android-removed - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPrivateKey.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPrivateKey.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-05-25 02:14:15.000000000 +0000 @@ -20,8 +20,10 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; @@ -7177,9 +7237,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey { info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPublicKey.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPublicKey.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-05-25 02:14:15.000000000 +0000 @@ -18,9 +18,11 @@ import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; @@ -7196,8 +7256,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey. import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; @@ -33,9 +35,13 @@ - import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; - import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; + import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; + import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.ECGOST3410NamedCurveTable; +// BEGIN android-removed @@ -7439,727 +7499,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey. { if (ecSpec instanceof ECNamedCurveSpec) { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEMac.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEMac.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEMac.java 2012-09-17 23:04:47.000000000 +0000 -@@ -11,24 +11,35 @@ - - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.Mac; --import org.bouncycastle.crypto.digests.MD2Digest; --import org.bouncycastle.crypto.digests.MD4Digest; --import org.bouncycastle.crypto.digests.MD5Digest; --import org.bouncycastle.crypto.digests.RIPEMD128Digest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; --import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; --import org.bouncycastle.crypto.digests.SHA384Digest; --import org.bouncycastle.crypto.digests.SHA512Digest; --import org.bouncycastle.crypto.digests.TigerDigest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// import org.bouncycastle.crypto.digests.MD4Digest; -+// import org.bouncycastle.crypto.digests.MD5Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// import org.bouncycastle.crypto.digests.SHA256Digest; -+// import org.bouncycastle.crypto.digests.SHA384Digest; -+// import org.bouncycastle.crypto.digests.SHA512Digest; -+// import org.bouncycastle.crypto.digests.TigerDigest; -+// END android-removed -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added - import org.bouncycastle.crypto.engines.DESEngine; --import org.bouncycastle.crypto.engines.RC2Engine; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.engines.RC2Engine; -+// END android-removed - import org.bouncycastle.crypto.macs.CBCBlockCipherMac; --import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -+// END android-removed - import org.bouncycastle.crypto.macs.HMac; --import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; --import org.bouncycastle.crypto.macs.OldHMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -+// import org.bouncycastle.crypto.macs.OldHMac; -+// END android-removed - import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; -@@ -144,109 +155,111 @@ - * the classes that extend directly off us. - */ - -- /** -- * DES -- */ -- public static class DES -- extends JCEMac -- { -- public DES() -- { -- super(new CBCBlockCipherMac(new DESEngine())); -- } -- } -- -- /** -- * DES 64 bit MAC -- */ -- public static class DES64 -- extends JCEMac -- { -- public DES64() -- { -- super(new CBCBlockCipherMac(new DESEngine(), 64)); -- } -- } -- -- /** -- * RC2 -- */ -- public static class RC2 -- extends JCEMac -- { -- public RC2() -- { -- super(new CBCBlockCipherMac(new RC2Engine())); -- } -- } -- -- -- -- -- /** -- * DES -- */ -- public static class DESCFB8 -- extends JCEMac -- { -- public DESCFB8() -- { -- super(new CFBBlockCipherMac(new DESEngine())); -- } -- } -- -- /** -- * RC2CFB8 -- */ -- -- -- /** -- * DES9797Alg3with7816-4Padding -- */ -- public static class DES9797Alg3with7816d4 -- extends JCEMac -- { -- public DES9797Alg3with7816d4() -- { -- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); -- } -- } -- -- /** -- * DES9797Alg3 -- */ -- public static class DES9797Alg3 -- extends JCEMac -- { -- public DES9797Alg3() -- { -- super(new ISO9797Alg3Mac(new DESEngine())); -- } -- } -- -- /** -- * MD2 HMac -- */ -- public static class MD2 -- extends JCEMac -- { -- public MD2() -- { -- super(new HMac(new MD2Digest())); -- } -- } -- -- /** -- * MD4 HMac -- */ -- public static class MD4 -- extends JCEMac -- { -- public MD4() -- { -- super(new HMac(new MD4Digest())); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * DES -+ // */ -+ // public static class DES -+ // extends JCEMac -+ // { -+ // public DES() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine())); -+ // } -+ // } -+ // -+ // /** -+ // * DES 64 bit MAC -+ // */ -+ // public static class DES64 -+ // extends JCEMac -+ // { -+ // public DES64() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine(), 64)); -+ // } -+ // } -+ // -+ // /** -+ // * RC2 -+ // */ -+ // public static class RC2 -+ // extends JCEMac -+ // { -+ // public RC2() -+ // { -+ // super(new CBCBlockCipherMac(new RC2Engine())); -+ // } -+ // } -+ // -+ // -+ // -+ // -+ // /** -+ // * DES -+ // */ -+ // public static class DESCFB8 -+ // extends JCEMac -+ // { -+ // public DESCFB8() -+ // { -+ // super(new CFBBlockCipherMac(new DESEngine())); -+ // } -+ // } -+ // -+ // /** -+ // * RC2CFB8 -+ // */ -+ // -+ // -+ // /** -+ // * DES9797Alg3with7816-4Padding -+ // */ -+ // public static class DES9797Alg3with7816d4 -+ // extends JCEMac -+ // { -+ // public DES9797Alg3with7816d4() -+ // { -+ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); -+ // } -+ // } -+ // -+ // /** -+ // * DES9797Alg3 -+ // */ -+ // public static class DES9797Alg3 -+ // extends JCEMac -+ // { -+ // public DES9797Alg3() -+ // { -+ // super(new ISO9797Alg3Mac(new DESEngine())); -+ // } -+ // } -+ // -+ // /** -+ // * MD2 HMac -+ // */ -+ // public static class MD2 -+ // extends JCEMac -+ // { -+ // public MD2() -+ // { -+ // super(new HMac(new MD2Digest())); -+ // } -+ // } -+ // -+ // /** -+ // * MD4 HMac -+ // */ -+ // public static class MD4 -+ // extends JCEMac -+ // { -+ // public MD4() -+ // { -+ // super(new HMac(new MD4Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * MD5 HMac -@@ -256,7 +269,9 @@ - { - public MD5() - { -- super(new HMac(new MD5Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getMD5())); -+ // END android-changed - } - } - -@@ -268,21 +283,25 @@ - { - public SHA1() - { -- super(new HMac(new SHA1Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1())); -+ // END android-changed - } - } - -- /** -- * SHA-224 HMac -- */ -- public static class SHA224 -- extends JCEMac -- { -- public SHA224() -- { -- super(new HMac(new SHA224Digest())); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * SHA-224 HMac -+ // */ -+ // public static class SHA224 -+ // extends JCEMac -+ // { -+ // public SHA224() -+ // { -+ // super(new HMac(new SHA224Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * SHA-256 HMac -@@ -292,7 +311,9 @@ - { - public SHA256() - { -- super(new HMac(new SHA256Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA256())); -+ // END android-changed - } - } - -@@ -304,18 +325,22 @@ - { - public SHA384() - { -- super(new HMac(new SHA384Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA384())); -+ // END android-changed - } - } - -- public static class OldSHA384 -- extends JCEMac -- { -- public OldSHA384() -- { -- super(new OldHMac(new SHA384Digest())); -- } -- } -+ // BEGIN android-removed -+ // public static class OldSHA384 -+ // extends JCEMac -+ // { -+ // public OldSHA384() -+ // { -+ // super(new OldHMac(new SHA384Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * SHA-512 HMac -@@ -325,75 +350,80 @@ - { - public SHA512() - { -- super(new HMac(new SHA512Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA512())); -+ // END android-changed - } - } - -- /** -- * SHA-512 HMac -- */ -- public static class OldSHA512 -- extends JCEMac -- { -- public OldSHA512() -- { -- super(new OldHMac(new SHA512Digest())); -- } -- } - -- /** -- * RIPEMD128 HMac -- */ -- public static class RIPEMD128 -- extends JCEMac -- { -- public RIPEMD128() -- { -- super(new HMac(new RIPEMD128Digest())); -- } -- } -- -- /** -- * RIPEMD160 HMac -- */ -- public static class RIPEMD160 -- extends JCEMac -- { -- public RIPEMD160() -- { -- super(new HMac(new RIPEMD160Digest())); -- } -- } -- -- /** -- * Tiger HMac -- */ -- public static class Tiger -- extends JCEMac -- { -- public Tiger() -- { -- super(new HMac(new TigerDigest())); -- } -- } -- -+ // BEGIN android-removed -+ // /** -+ // * SHA-512 HMac -+ // */ -+ // public static class OldSHA512 -+ // extends JCEMac -+ // { -+ // public OldSHA512() -+ // { -+ // super(new OldHMac(new SHA512Digest())); -+ // } -+ // } - // -- // PKCS12 states that the same algorithm should be used -- // for the key generation as is used in the HMAC, so that -- // is what we do here. -+ // /** -+ // * RIPEMD128 HMac -+ // */ -+ // public static class RIPEMD128 -+ // extends JCEMac -+ // { -+ // public RIPEMD128() -+ // { -+ // super(new HMac(new RIPEMD128Digest())); -+ // } -+ // } - // -- -- /** -- * PBEWithHmacRIPEMD160 -- */ -- public static class PBEWithRIPEMD160 -- extends JCEMac -- { -- public PBEWithRIPEMD160() -- { -- super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -- } -- } -+ // /** -+ // * RIPEMD160 HMac -+ // */ -+ // public static class RIPEMD160 -+ // extends JCEMac -+ // { -+ // public RIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest())); -+ // } -+ // } -+ // -+ // /** -+ // * Tiger HMac -+ // */ -+ // public static class Tiger -+ // extends JCEMac -+ // { -+ // public Tiger() -+ // { -+ // super(new HMac(new TigerDigest())); -+ // } -+ // } -+ // -+ // // -+ // // PKCS12 states that the same algorithm should be used -+ // // for the key generation as is used in the HMAC, so that -+ // // is what we do here. -+ // // -+ // -+ // /** -+ // * PBEWithHmacRIPEMD160 -+ // */ -+ // public static class PBEWithRIPEMD160 -+ // extends JCEMac -+ // { -+ // public PBEWithRIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithHmacSHA -@@ -403,19 +433,23 @@ - { - public PBEWithSHA() - { -- super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); -+ // END android-changed - } - } - -- /** -- * PBEWithHmacTiger -- */ -- public static class PBEWithTiger -- extends JCEMac -- { -- public PBEWithTiger() -- { -- super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacTiger -+ // */ -+ // public static class PBEWithTiger -+ // extends JCEMac -+ // { -+ // public PBEWithTiger() -+ // { -+ // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-09-17 23:04:47.000000000 +0000 -@@ -252,29 +252,31 @@ - } - } - -- /** -- * PBEWithMD2AndDES -- */ -- static public class PBEWithMD2AndDES -- extends DESPBEKeyFactory -- { -- public PBEWithMD2AndDES() -- { -- super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); -- } -- } -- -- /** -- * PBEWithMD2AndRC2 -- */ -- static public class PBEWithMD2AndRC2 -- extends PBEKeyFactory -- { -- public PBEWithMD2AndRC2() -- { -- super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithMD2AndDES -+ // */ -+ // static public class PBEWithMD2AndDES -+ // extends DESPBEKeyFactory -+ // { -+ // public PBEWithMD2AndDES() -+ // { -+ // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); -+ // } -+ // } -+ // -+ // /** -+ // * PBEWithMD2AndRC2 -+ // */ -+ // static public class PBEWithMD2AndRC2 -+ // extends PBEKeyFactory -+ // { -+ // public PBEWithMD2AndRC2() -+ // { -+ // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithMD5AndDES -@@ -408,17 +410,19 @@ - } - } - -- /** -- * PBEWithHmacRIPEMD160 -- */ -- public static class PBEWithRIPEMD160 -- extends PBEKeyFactory -- { -- public PBEWithRIPEMD160() -- { -- super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacRIPEMD160 -+ // */ -+ // public static class PBEWithRIPEMD160 -+ // extends PBEKeyFactory -+ // { -+ // public PBEWithRIPEMD160() -+ // { -+ // super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithHmacSHA -@@ -432,17 +436,19 @@ - } - } - -- /** -- * PBEWithHmacTiger -- */ -- public static class PBEWithTiger -- extends PBEKeyFactory -- { -- public PBEWithTiger() -- { -- super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacTiger -+ // */ -+ // public static class PBEWithTiger -+ // extends PBEKeyFactory -+ // { -+ // public PBEWithTiger() -+ // { -+ // super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithSHA1And128BitAES-BC -@@ -551,4 +557,56 @@ - super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); - } - } -+ // BEGIN android-added -+ static public class PBKDF2WithHmacSHA1 -+ extends JCESecretKeyFactory -+ { -+ public PBKDF2WithHmacSHA1() -+ { -+ super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); -+ } -+ -+ protected SecretKey engineGenerateSecret( -+ KeySpec keySpec) -+ throws InvalidKeySpecException -+ { -+ if (keySpec instanceof PBEKeySpec) -+ { -+ PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; -+ -+ if (pbeSpec.getSalt() == null) -+ { -+ throw new InvalidKeySpecException("missing required salt"); -+ } -+ -+ if (pbeSpec.getIterationCount() <= 0) -+ { -+ throw new InvalidKeySpecException("positive iteration count required: " -+ + pbeSpec.getIterationCount()); -+ } -+ -+ if (pbeSpec.getKeyLength() <= 0) -+ { -+ throw new InvalidKeySpecException("positive key length required: " -+ + pbeSpec.getKeyLength()); -+ } -+ -+ if (pbeSpec.getPassword().length == 0) -+ { -+ throw new IllegalArgumentException("password empty"); -+ } -+ -+ int scheme = PKCS5S2; -+ int digest = SHA1; -+ int keySize = pbeSpec.getKeyLength(); -+ int ivSize = -1; -+ CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); -+ -+ return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); -+ } -+ -+ throw new InvalidKeySpecException("Invalid KeySpec"); -+ } -+ } -+ // END android-added - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEStreamCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-01-29 02:13:59.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEStreamCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-05-25 02:14:15.000000000 +0000 @@ -23,8 +23,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -8208,7 +7550,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher IvParameterSpec.class, PBEParameterSpec.class }; -@@ -491,125 +499,127 @@ +@@ -491,123 +499,125 @@ * The ciphers that inherit from us. */ @@ -8452,394 +7794,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher + // } + // } + // END android-removed - - /** - * PBEWithSHAAnd128BitRC4 -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-09-17 23:04:47.000000000 +0000 -@@ -17,7 +17,9 @@ - import org.bouncycastle.asn1.DERSequence; - import org.bouncycastle.asn1.pkcs.PBKDF2Params; - import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; --import org.bouncycastle.jce.spec.IESParameterSpec; -+// BEGIN android-removed -+// import org.bouncycastle.jce.spec.IESParameterSpec; -+// END android-removed - - public abstract class JDKAlgorithmParameters - extends AlgorithmParametersSpi -@@ -208,109 +210,111 @@ - } - } - -- public static class IES -- extends JDKAlgorithmParameters -- { -- IESParameterSpec currentSpec; -- -- /** -- * in the absence of a standard way of doing it this will do for -- * now... -- */ -- protected byte[] engineGetEncoded() -- { -- try -- { -- ASN1EncodableVector v = new ASN1EncodableVector(); -- -- v.add(new DEROctetString(currentSpec.getDerivationV())); -- v.add(new DEROctetString(currentSpec.getEncodingV())); -- v.add(new DERInteger(currentSpec.getMacKeySize())); -- -- return new DERSequence(v).getEncoded(ASN1Encoding.DER); -- } -- catch (IOException e) -- { -- throw new RuntimeException("Error encoding IESParameters"); -- } -- } -- -- protected byte[] engineGetEncoded( -- String format) -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- return engineGetEncoded(); -- } -- -- return null; -- } -- -- protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec == IESParameterSpec.class) -- { -- return currentSpec; -- } -- -- throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); -- } -- -- protected void engineInit( -- AlgorithmParameterSpec paramSpec) -- throws InvalidParameterSpecException -- { -- if (!(paramSpec instanceof IESParameterSpec)) -- { -- throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); -- } -- -- this.currentSpec = (IESParameterSpec)paramSpec; -- } -- -- protected void engineInit( -- byte[] params) -- throws IOException -- { -- try -- { -- ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); -- -- this.currentSpec = new IESParameterSpec( -- ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -- ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -- ((DERInteger)s.getObjectAt(0)).getValue().intValue()); -- } -- catch (ClassCastException e) -- { -- throw new IOException("Not a valid IES Parameter encoding."); -- } -- catch (ArrayIndexOutOfBoundsException e) -- { -- throw new IOException("Not a valid IES Parameter encoding."); -- } -- } -- -- protected void engineInit( -- byte[] params, -- String format) -- throws IOException -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- engineInit(params); -- } -- else -- { -- throw new IOException("Unknown parameter format " + format); -- } -- } -- -- protected String engineToString() -- { -- return "IES Parameters"; -- } -- } -+ // BEGIN android-removed -+ // public static class IES -+ // extends JDKAlgorithmParameters -+ // { -+ // IESParameterSpec currentSpec; -+ // -+ // /** -+ // * in the absence of a standard way of doing it this will do for -+ // * now... -+ // */ -+ // protected byte[] engineGetEncoded() -+ // { -+ // try -+ // { -+ // ASN1EncodableVector v = new ASN1EncodableVector(); -+ // -+ // v.add(new DEROctetString(currentSpec.getDerivationV())); -+ // v.add(new DEROctetString(currentSpec.getEncodingV())); -+ // v.add(new DERInteger(currentSpec.getMacKeySize())); -+ // -+ // return new DERSequence(v).getEncoded(ASN1Encoding.DER); -+ // } -+ // catch (IOException e) -+ // { -+ // throw new RuntimeException("Error encoding IESParameters"); -+ // } -+ // } -+ // -+ // protected byte[] engineGetEncoded( -+ // String format) -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // return engineGetEncoded(); -+ // } -+ // -+ // return null; -+ // } -+ // -+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec == IESParameterSpec.class) -+ // { -+ // return currentSpec; -+ // } -+ // -+ // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); -+ // } -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (!(paramSpec instanceof IESParameterSpec)) -+ // { -+ // throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); -+ // } -+ // -+ // this.currentSpec = (IESParameterSpec)paramSpec; -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params) -+ // throws IOException -+ // { -+ // try -+ // { -+ // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); -+ // -+ // this.currentSpec = new IESParameterSpec( -+ // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -+ // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -+ // ((DERInteger)s.getObjectAt(0)).getValue().intValue()); -+ // } -+ // catch (ClassCastException e) -+ // { -+ // throw new IOException("Not a valid IES Parameter encoding."); -+ // } -+ // catch (ArrayIndexOutOfBoundsException e) -+ // { -+ // throw new IOException("Not a valid IES Parameter encoding."); -+ // } -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params, -+ // String format) -+ // throws IOException -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // engineInit(params); -+ // } -+ // else -+ // { -+ // throw new IOException("Unknown parameter format " + format); -+ // } -+ // } -+ // -+ // protected String engineToString() -+ // { -+ // return "IES Parameters"; -+ // } -+ // } -+ // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKKeyStore.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-09-17 23:04:47.000000000 +0000 -@@ -39,7 +39,12 @@ - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.Digest; - import org.bouncycastle.crypto.PBEParametersGenerator; --import org.bouncycastle.crypto.digests.SHA1Digest; -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// END android-removed - import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; - import org.bouncycastle.crypto.io.DigestInputStream; - import org.bouncycastle.crypto.io.DigestOutputStream; -@@ -498,7 +503,13 @@ - - if (entry == null) - { -- throw new KeyStoreException("no such entry as " + alias); -+ // BEGIN android-removed -+ // Only throw if there is a problem removing, not if missing -+ // throw new KeyStoreException("no such entry as " + alias); -+ // END android-removed -+ // BEGIN android-added -+ return; -+ // END android-added - } - - table.remove(alias); -@@ -817,12 +828,16 @@ - // - // we only do an integrity check if the password is provided. - // -- HMac hMac = new HMac(new SHA1Digest()); -+ // BEGIN android-changed -+ HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); -+ // END android-changed - if (password != null && password.length != 0) - { - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - -- PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); -+ // BEGIN android-changed -+ PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); -+ // END android-changed - pbeGen.init(passKey, salt, iterationCount); - - CipherParameters macParams; -@@ -884,9 +899,11 @@ - dOut.write(salt); - dOut.writeInt(iterationCount); - -- HMac hMac = new HMac(new SHA1Digest()); -+ // BEGIN android-changed -+ HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); - MacOutputStream mOut = new MacOutputStream(hMac); -- PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); -+ PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); -+ // END android-changed - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - pbeGen.init(passKey, salt, iterationCount); -@@ -974,7 +991,9 @@ - Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - -- Digest dig = new SHA1Digest(); -+ // BEGIN android-changed -+ Digest dig = AndroidDigestFactory.getSHA1(); -+ // END android-changed - DigestInputStream dgIn = new DigestInputStream(cIn, dig); - - this.loadStore(dgIn); -@@ -1013,7 +1032,9 @@ - cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); -- DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); -+ // BEGIN android-changed -+ DigestOutputStream dgOut = new DigestOutputStream(AndroidDigestFactory.getSHA1()); -+ // END android-changed - - this.saveStore(new TeeOutputStream(cOut, dgOut)); - -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1557,32 +1557,34 @@ - } - } - -- public static class BCPKCS12KeyStore3DES -- extends JDKPKCS12KeyStore -- { -- public BCPKCS12KeyStore3DES() -- { -- super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -- } -- } -- -- public static class DefPKCS12KeyStore -- extends JDKPKCS12KeyStore -- { -- public DefPKCS12KeyStore() -- { -- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); -- } -- } -- -- public static class DefPKCS12KeyStore3DES -- extends JDKPKCS12KeyStore -- { -- public DefPKCS12KeyStore3DES() -- { -- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -- } -- } -+ // BEGIN android-removed -+ // public static class BCPKCS12KeyStore3DES -+ // extends JDKPKCS12KeyStore -+ // { -+ // public BCPKCS12KeyStore3DES() -+ // { -+ // super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -+ // } -+ // } -+ // -+ // public static class DefPKCS12KeyStore -+ // extends JDKPKCS12KeyStore -+ // { -+ // public DefPKCS12KeyStore() -+ // { -+ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); -+ // } -+ // } -+ // -+ // public static class DefPKCS12KeyStore3DES -+ // extends JDKPKCS12KeyStore -+ // { -+ // public DefPKCS12KeyStore3DES() -+ // { -+ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -+ // } -+ // } -+ // END android-removed - - private static class IgnoresCaseHashtable - { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-09-17 23:04:47.000000000 +0000 @@ -1,5 +1,8 @@ package org.bouncycastle.jce.provider; @@ -8898,9 +7856,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/PKIXCertPathVal // try // { // -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509CertificateObject.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-16 18:17:43.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509CertificateObject.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-31 02:26:40.000000000 +0000 @@ -57,6 +57,9 @@ import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.x509.GeneralName; @@ -8944,9 +7902,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509Certificate break; case GeneralName.dNSName: case GeneralName.rfc822Name: -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509SignatureUtil.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509SignatureUtil.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-01-31 02:26:40.000000000 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERNull; @@ -9037,9 +7995,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUt else { return digestAlgOID.getId(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-148/org/bouncycastle/x509/X509Util.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/x509/X509Util.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/x509/X509Util.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-149/org/bouncycastle/x509/X509Util.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/x509/X509Util.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/x509/X509Util.java 2013-01-31 02:26:40.000000000 +0000 @@ -25,12 +25,16 @@ import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERNull; |