diff options
| author | Kenny Root <kroot@google.com> | 2014-07-28 12:51:54 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2014-08-06 14:58:37 -0700 |
| commit | d001700a15b8bd733ae344c1fc315b97c43c6590 (patch) | |
| tree | 6c876ccbb5560aa6f9b7d42eeae00495568e5bc4 /bcpkix/src/main/java/org | |
| parent | 234720ebe66540a53cff98b2448dddbc884bd09f (diff) | |
| download | android_external_bouncycastle-d001700a15b8bd733ae344c1fc315b97c43c6590.tar.gz android_external_bouncycastle-d001700a15b8bd733ae344c1fc315b97c43c6590.tar.bz2 android_external_bouncycastle-d001700a15b8bd733ae344c1fc315b97c43c6590.zip | |
Upgrade to 1.51
f98b02ab394044a3c237d2c7a2ee5ef65793e8e9 bcpkix-jdk15on-151.tar.gz
95e59ad2492598d729cfc559b480c3f172de5dc3 bcprov-jdk15on-151.tar.gz
Bug: 16578237
Change-Id: Ie4a3cd01b52b504a1098b00b413f1418273a6ef2
Diffstat (limited to 'bcpkix/src/main/java/org')
16 files changed, 727 insertions, 95 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java b/bcpkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java index 3f4e22c..8f6d119 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java @@ -4,14 +4,16 @@ import java.io.IOException; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.util.Pack; class MSOutlookKeyIdCalculator { + // This is less than ideal, but it seems to be the best way of supporting this without exposing SHA-1 + // as the class is only used to workout the MSOutlook Key ID, you can think of the fact it's SHA-1 as + // a coincidence... static byte[] calculateKeyId(SubjectPublicKeyInfo info) { - Digest dig = new SHA1Digest(); // TODO: include definition of SHA-1 here + SHA1Digest dig = new SHA1Digest(); byte[] hash = new byte[dig.getDigestSize()]; byte[] spkiEnc = new byte[0]; try @@ -30,4 +32,391 @@ class MSOutlookKeyIdCalculator return hash; } + + private static abstract class GeneralDigest + { + private static final int BYTE_LENGTH = 64; + private byte[] xBuf; + private int xBufOff; + + private long byteCount; + + /** + * Standard constructor + */ + protected GeneralDigest() + { + xBuf = new byte[4]; + xBufOff = 0; + } + + /** + * Copy constructor. We are using copy constructors in place + * of the Object.clone() interface as this interface is not + * supported by J2ME. + */ + protected GeneralDigest(GeneralDigest t) + { + xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(GeneralDigest t) + { + System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); + + xBufOff = t.xBufOff; + byteCount = t.byteCount; + } + + public void update( + byte in) + { + xBuf[xBufOff++] = in; + + if (xBufOff == xBuf.length) + { + processWord(xBuf, 0); + xBufOff = 0; + } + + byteCount++; + } + + public void update( + byte[] in, + int inOff, + int len) + { + // + // fill the current word + // + while ((xBufOff != 0) && (len > 0)) + { + update(in[inOff]); + + inOff++; + len--; + } + + // + // process whole words. + // + while (len > xBuf.length) + { + processWord(in, inOff); + + inOff += xBuf.length; + len -= xBuf.length; + byteCount += xBuf.length; + } + + // + // load in the remainder. + // + while (len > 0) + { + update(in[inOff]); + + inOff++; + len--; + } + } + + public void finish() + { + long bitLength = (byteCount << 3); + + // + // add the pad bytes. + // + update((byte)128); + + while (xBufOff != 0) + { + update((byte)0); + } + + processLength(bitLength); + + processBlock(); + } + + public void reset() + { + byteCount = 0; + + xBufOff = 0; + for (int i = 0; i < xBuf.length; i++) + { + xBuf[i] = 0; + } + } + + protected abstract void processWord(byte[] in, int inOff); + + protected abstract void processLength(long bitLength); + + protected abstract void processBlock(); + } + + private static class SHA1Digest + extends GeneralDigest + { + private static final int DIGEST_LENGTH = 20; + + private int H1, H2, H3, H4, H5; + + private int[] X = new int[80]; + private int xOff; + + /** + * Standard constructor + */ + public SHA1Digest() + { + reset(); + } + + public String getAlgorithmName() + { + return "SHA-1"; + } + + public int getDigestSize() + { + return DIGEST_LENGTH; + } + + protected void processWord( + byte[] in, + int inOff) + { + // Note: Inlined for performance + // X[xOff] = Pack.bigEndianToInt(in, inOff); + int n = in[ inOff] << 24; + n |= (in[++inOff] & 0xff) << 16; + n |= (in[++inOff] & 0xff) << 8; + n |= (in[++inOff] & 0xff); + X[xOff] = n; + + if (++xOff == 16) + { + processBlock(); + } + } + + protected void processLength( + long bitLength) + { + if (xOff > 14) + { + processBlock(); + } + + X[14] = (int)(bitLength >>> 32); + X[15] = (int)(bitLength & 0xffffffff); + } + + public int doFinal( + byte[] out, + int outOff) + { + finish(); + + Pack.intToBigEndian(H1, out, outOff); + Pack.intToBigEndian(H2, out, outOff + 4); + Pack.intToBigEndian(H3, out, outOff + 8); + Pack.intToBigEndian(H4, out, outOff + 12); + Pack.intToBigEndian(H5, out, outOff + 16); + + reset(); + + return DIGEST_LENGTH; + } + + /** + * reset the chaining variables + */ + public void reset() + { + super.reset(); + + H1 = 0x67452301; + H2 = 0xefcdab89; + H3 = 0x98badcfe; + H4 = 0x10325476; + H5 = 0xc3d2e1f0; + + xOff = 0; + for (int i = 0; i != X.length; i++) + { + X[i] = 0; + } + } + + // + // Additive constants + // + private static final int Y1 = 0x5a827999; + private static final int Y2 = 0x6ed9eba1; + private static final int Y3 = 0x8f1bbcdc; + private static final int Y4 = 0xca62c1d6; + + private int f( + int u, + int v, + int w) + { + return ((u & v) | ((~u) & w)); + } + + private int h( + int u, + int v, + int w) + { + return (u ^ v ^ w); + } + + private int g( + int u, + int v, + int w) + { + return ((u & v) | (u & w) | (v & w)); + } + + protected void processBlock() + { + // + // expand 16 word block into 80 word block. + // + for (int i = 16; i < 80; i++) + { + int t = X[i - 3] ^ X[i - 8] ^ X[i - 14] ^ X[i - 16]; + X[i] = t << 1 | t >>> 31; + } + + // + // set up working variables. + // + int A = H1; + int B = H2; + int C = H3; + int D = H4; + int E = H5; + + // + // round 1 + // + int idx = 0; + + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + f(B, C, D) + E + X[idx++] + Y1 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + f(B, C, D) + X[idx++] + Y1; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + f(A, B, C) + X[idx++] + Y1; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + f(E, A, B) + X[idx++] + Y1; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + f(D, E, A) + X[idx++] + Y1; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + f(C, D, E) + X[idx++] + Y1; + C = C << 30 | C >>> 2; + } + + // + // round 2 + // + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y2 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y2; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y2; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y2; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y2; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y2; + C = C << 30 | C >>> 2; + } + + // + // round 3 + // + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + g(B, C, D) + E + X[idx++] + Y3 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + g(B, C, D) + X[idx++] + Y3; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + g(A, B, C) + X[idx++] + Y3; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + g(E, A, B) + X[idx++] + Y3; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + g(D, E, A) + X[idx++] + Y3; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + g(C, D, E) + X[idx++] + Y3; + C = C << 30 | C >>> 2; + } + + // + // round 4 + // + for (int j = 0; j <= 3; j++) + { + // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y4 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y4; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y4; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y4; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y4; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y4; + C = C << 30 | C >>> 2; + } + + + H1 += A; + H2 += B; + H3 += C; + H4 += D; + H5 += E; + + // + // reset start of the buffer. + // + xOff = 0; + for (int i = 0; i < 16; i++) + { + X[i] = 0; + } + } + } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index 0c52082..ec4da91 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -475,7 +475,7 @@ public class CMSSignedData * @param signedData the signed data object to be used as a base. * @param certificates the new certificates to be used. * @param attrCerts the new attribute certificates to be used. - * @param crls the new CRLs to be used. + * @param revocations the new CRLs to be used - a collection of X509CRLHolder objects, OtherRevocationInfoFormat, or both. * @return a new signed data object. * @exception CMSException if there is an error processing the CertStore */ @@ -483,7 +483,7 @@ public class CMSSignedData CMSSignedData signedData, Store certificates, Store attrCerts, - Store crls) + Store revocations) throws CMSException { // @@ -492,7 +492,7 @@ public class CMSSignedData CMSSignedData cms = new CMSSignedData(signedData); // - // replace the certs and crls in the SignedData object + // replace the certs and revocations in the SignedData object // ASN1Set certSet = null; ASN1Set crlSet = null; @@ -518,9 +518,9 @@ public class CMSSignedData } } - if (crls != null) + if (revocations != null) { - ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(crls)); + ASN1Set set = CMSUtils.createBerSetFromList(CMSUtils.getCRLsFromStore(revocations)); if (set.size() != 0) { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java index eea8a1a..5417ce4 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java @@ -140,7 +140,7 @@ public class CMSSignedDataGenerator ASN1OctetString octs = null; - if (content != null) + if (content.getContent() != null) { ByteArrayOutputStream bOut = null; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index d6126b6..e5f7e9b 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -13,6 +13,7 @@ import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BEROctetStringGenerator; import org.bouncycastle.asn1.BERSet; import org.bouncycastle.asn1.DERSet; @@ -29,6 +30,7 @@ import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.util.Store; +import org.bouncycastle.util.Strings; import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.TeeInputStream; import org.bouncycastle.util.io.TeeOutputStream; @@ -99,18 +101,37 @@ class CMSUtils static List getCRLsFromStore(Store crlStore) throws CMSException { - List certs = new ArrayList(); + List crls = new ArrayList(); try { for (Iterator it = crlStore.getMatches(null).iterator(); it.hasNext();) { - X509CRLHolder c = (X509CRLHolder)it.next(); - - certs.add(c.toASN1Structure()); + Object rev = it.next(); + + if (rev instanceof X509CRLHolder) + { + X509CRLHolder c = (X509CRLHolder)rev; + + crls.add(c.toASN1Structure()); + } + // BEGIN android-removed + // else if (rev instanceof OtherRevocationInfoFormat) + // { + // OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev); + // + // validateInfoFormat(infoFormat); + // + // crls.add(new DERTaggedObject(false, 1, infoFormat)); + // } + // END android-removed + else if (rev instanceof ASN1TaggedObject) + { + crls.add(rev); + } } - return certs; + return crls; } catch (ClassCastException e) { @@ -119,6 +140,19 @@ class CMSUtils } // BEGIN android-removed + // private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat) + // { + // if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat())) + // { + // OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo()); + // + // if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) + // { + // throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); + // } + // } + // } + // // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) // { // List others = new ArrayList(); @@ -126,18 +160,10 @@ class CMSUtils // for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) // { // ASN1Encodable info = (ASN1Encodable)it.next(); + // OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info); + // validateInfoFormat(infoFormat); // - // if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) - // { - // OCSPResponse resp = OCSPResponse.getInstance(info); - // - // if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) - // { - // throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); - // } - // } - // - // others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); + // others.add(new DERTaggedObject(false, 1, infoFormat)); // } // // return others; @@ -202,7 +228,64 @@ class CMSUtils throw new CMSException("Malformed content.", e); } } - + + static byte[] getPasswordBytes(int scheme, char[] password) + { + if (scheme == PasswordRecipient.PKCS5_SCHEME2) + { + return PKCS5PasswordToBytes(password); + } + + return PKCS5PasswordToUTF8Bytes(password); + } + + /** + * converts a password to a byte array according to the scheme in + * PKCS5 (ascii, no padding) + * + * @param password a character array representing the password. + * @return a byte array representing the password. + */ + private static byte[] PKCS5PasswordToBytes( + char[] password) + { + if (password != null) + { + byte[] bytes = new byte[password.length]; + + for (int i = 0; i != bytes.length; i++) + { + bytes[i] = (byte)password[i]; + } + + return bytes; + } + else + { + return new byte[0]; + } + } + + /** + * converts a password to a byte array according to the scheme in + * PKCS5 (UTF-8, no padding) + * + * @param password a character array representing the password. + * @return a byte array representing the password. + */ + private static byte[] PKCS5PasswordToUTF8Bytes( + char[] password) + { + if (password != null) + { + return Strings.toUTF8ByteArray(password); + } + else + { + return new byte[0]; + } + } + public static byte[] streamToByteArray( InputStream in) throws IOException diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java index a9997a4..f69772d 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java @@ -5,6 +5,7 @@ import java.util.Map; import org.bouncycastle.asn1.ASN1ObjectIdentifier; // BEGIN android-removed +// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // END android-removed import org.bouncycastle.asn1.eac.EACObjectIdentifiers; @@ -66,6 +67,14 @@ public class DefaultCMSSignatureAlgorithmNameGenerator addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA"); addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1"); addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1"); + // BEGIN android-removed + // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1", "PLAIN-ECDSA"); + // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224", "PLAIN-ECDSA"); + // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256", "PLAIN-ECDSA"); + // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384", "PLAIN-ECDSA"); + // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512", "PLAIN-ECDSA"); + // addEntries(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160", "PLAIN-ECDSA"); + // END android-removed encryptionAlgs.put(X9ObjectIdentifiers.id_dsa, "DSA"); encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java b/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java new file mode 100644 index 0000000..c81c302 --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java @@ -0,0 +1,20 @@ +package org.bouncycastle.cms; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + +public interface PasswordRecipient + extends Recipient +{ + public static final int PKCS5_SCHEME2 = 0; + public static final int PKCS5_SCHEME2_UTF8 = 1; + + byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException; + + RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedEncryptedContentKey) + throws CMSException; + + int getPasswordConversionScheme(); + + char[] getPassword(); +} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/Recipient.java b/bcpkix/src/main/java/org/bouncycastle/cms/Recipient.java new file mode 100644 index 0000000..88c88a6 --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/cms/Recipient.java @@ -0,0 +1,5 @@ +package org.bouncycastle.cms; + +public interface Recipient +{ +} diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/RecipientOperator.java b/bcpkix/src/main/java/org/bouncycastle/cms/RecipientOperator.java new file mode 100644 index 0000000..7b3e3e5 --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/cms/RecipientOperator.java @@ -0,0 +1,48 @@ +package org.bouncycastle.cms; + +import java.io.InputStream; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.operator.InputDecryptor; +import org.bouncycastle.operator.MacCalculator; +import org.bouncycastle.util.io.TeeInputStream; + +public class RecipientOperator +{ + private final AlgorithmIdentifier algorithmIdentifier; + private final Object operator; + + public RecipientOperator(InputDecryptor decryptor) + { + this.algorithmIdentifier = decryptor.getAlgorithmIdentifier(); + this.operator = decryptor; + } + + public RecipientOperator(MacCalculator macCalculator) + { + this.algorithmIdentifier = macCalculator.getAlgorithmIdentifier(); + this.operator = macCalculator; + } + + public InputStream getInputStream(InputStream dataIn) + { + if (operator instanceof InputDecryptor) + { + return ((InputDecryptor)operator).getInputStream(dataIn); + } + else + { + return new TeeInputStream(dataIn, ((MacCalculator)operator).getOutputStream()); + } + } + + public boolean isMacBased() + { + return operator instanceof MacCalculator; + } + + public byte[] getMac() + { + return ((MacCalculator)operator).getMac(); + } +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java index 808eb4e..f6a5482 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java @@ -10,7 +10,9 @@ import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERNull; // BEGIN android-removed +// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; // END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; @@ -88,8 +90,18 @@ public class DefaultSignatureAlgorithmIdentifierFinder // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1); + // algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224); + // algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256); + // algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384); + // algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512); + // algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160); + // algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); + // algorithms.put("SHA224WITHPCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); + // algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + // algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); + // algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); // END android-removed - // // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. // The parameters field SHALL be NULL for RSA based signature algorithms. @@ -227,4 +239,4 @@ public class DefaultSignatureAlgorithmIdentifierFinder { return generate(sigAlgName); } -}
\ No newline at end of file +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/GenericKey.java b/bcpkix/src/main/java/org/bouncycastle/operator/GenericKey.java new file mode 100644 index 0000000..c637b66 --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/operator/GenericKey.java @@ -0,0 +1,41 @@ +package org.bouncycastle.operator; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + +public class GenericKey +{ + private AlgorithmIdentifier algorithmIdentifier; + private Object representation; + + /** + * @deprecated provide an AlgorithmIdentifier. + * @param representation key data + */ + public GenericKey(Object representation) + { + this.algorithmIdentifier = null; + this.representation = representation; + } + + public GenericKey(AlgorithmIdentifier algorithmIdentifier, byte[] representation) + { + this.algorithmIdentifier = algorithmIdentifier; + this.representation = representation; + } + + protected GenericKey(AlgorithmIdentifier algorithmIdentifier, Object representation) + { + this.algorithmIdentifier = algorithmIdentifier; + this.representation = representation; + } + + public AlgorithmIdentifier getAlgorithmIdentifier() + { + return algorithmIdentifier; + } + + public Object getRepresentation() + { + return representation; + } +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/InputDecryptor.java b/bcpkix/src/main/java/org/bouncycastle/operator/InputDecryptor.java new file mode 100644 index 0000000..80d7d82 --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/operator/InputDecryptor.java @@ -0,0 +1,29 @@ +package org.bouncycastle.operator; + +import java.io.InputStream; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + +/** + * General interface for an operator that is able to produce + * an InputStream that will decrypt a stream of encrypted data. + */ +public interface InputDecryptor +{ + /** + * Return the algorithm identifier describing the encryption + * algorithm and parameters this decryptor can process. + * + * @return algorithm oid and parameters. + */ + AlgorithmIdentifier getAlgorithmIdentifier(); + + /** + * Wrap the passed in input stream encIn, returning an input stream + * that decrypts what it reads from encIn before returning it. + * + * @param encIn InputStream containing encrypted input. + * @return an decrypting InputStream + */ + InputStream getInputStream(InputStream encIn); +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/MacCalculator.java b/bcpkix/src/main/java/org/bouncycastle/operator/MacCalculator.java new file mode 100644 index 0000000..0572afc --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/operator/MacCalculator.java @@ -0,0 +1,34 @@ +package org.bouncycastle.operator; + +import java.io.OutputStream; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + +public interface MacCalculator +{ + AlgorithmIdentifier getAlgorithmIdentifier(); + + /** + * Returns a stream that will accept data for the purpose of calculating + * the MAC for later verification. Use org.bouncycastle.util.io.TeeOutputStream if you want to accumulate + * the data on the fly as well. + * + * @return an OutputStream + */ + OutputStream getOutputStream(); + + /** + * Return the calculated MAC based on what has been written to the stream. + * + * @return calculated MAC. + */ + byte[] getMac(); + + + /** + * Return the key used for calculating the MAC. + * + * @return the MAC key. + */ + GenericKey getKey(); +}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java index 04885c0..31af916 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentSignerBuilder.java @@ -10,9 +10,9 @@ import java.security.Signature; import java.security.SignatureException; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.NamedJcaJceHelper; -import org.bouncycastle.jcajce.ProviderJcaJceHelper; +import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; +import org.bouncycastle.jcajce.util.NamedJcaJceHelper; +import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.bouncycastle.operator.OperatorCreationException; diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java index 87a6699..14ab78d 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java @@ -15,9 +15,9 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; -import org.bouncycastle.jcajce.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.NamedJcaJceHelper; -import org.bouncycastle.jcajce.ProviderJcaJceHelper; +import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; +import org.bouncycastle.jcajce.util.NamedJcaJceHelper; +import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; import org.bouncycastle.operator.ContentVerifier; import org.bouncycastle.operator.ContentVerifierProvider; import org.bouncycastle.operator.OperatorCreationException; diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java index 6f59cd0..e356796 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaDigestCalculatorProviderBuilder.java @@ -7,9 +7,9 @@ import java.security.MessageDigest; import java.security.Provider; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.NamedJcaJceHelper; -import org.bouncycastle.jcajce.ProviderJcaJceHelper; +import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; +import org.bouncycastle.jcajce.util.NamedJcaJceHelper; +import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java index 74c1b28..927b4d7 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java @@ -25,7 +25,9 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERNull; // BEGIN android-removed +// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; // END android-removed import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; @@ -38,8 +40,8 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.jcajce.JcaJceHelper; -import org.bouncycastle.jcajce.JcaJceUtils; +import org.bouncycastle.jcajce.util.JcaJceHelper; +import org.bouncycastle.jcajce.util.JcaJceUtils; import org.bouncycastle.operator.OperatorCreationException; class OperatorHelper @@ -62,6 +64,17 @@ class OperatorHelper // BEGIN android-removed // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); + // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA"); + // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224WITHPLAIN-ECDSA"); + // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256WITHPLAIN-ECDSA"); + // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384WITHPLAIN-ECDSA"); + // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512WITHPLAIN-ECDSA"); + // oids.put(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160WITHPLAIN-ECDSA"); + // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1WITHCVC-ECDSA"); + // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224WITHCVC-ECDSA"); + // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA"); + // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA"); + // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA"); // END android-removed oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); @@ -84,9 +97,9 @@ class OperatorHelper oids.put(NISTObjectIdentifiers.id_sha256, "SHA-256"); oids.put(NISTObjectIdentifiers.id_sha384, "SHA-384"); oids.put(NISTObjectIdentifiers.id_sha512, "SHA-512"); - oids.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD-128"); - oids.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD-160"); - oids.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD-256"); + oids.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); + oids.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); + oids.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); asymmetricWrapperAlgNames.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding"); @@ -235,7 +248,7 @@ class OperatorHelper try { - dig = helper.createDigest(getDigestAlgName(digAlgId.getAlgorithm())); + dig = helper.createDigest(JcaJceUtils.getDigestAlgName(digAlgId.getAlgorithm())); } catch (NoSuchAlgorithmException e) { @@ -329,7 +342,7 @@ class OperatorHelper if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAANDMGF1"; + return JcaJceUtils.getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAANDMGF1"; } } @@ -341,57 +354,6 @@ class OperatorHelper return sigAlgId.getAlgorithm().getId(); } - private static String getDigestAlgName( - ASN1ObjectIdentifier digestAlgOID) - { - if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) - { - return "MD5"; - } - else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) - { - return "SHA1"; - } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; - } - else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) - { - return "SHA384"; - } - else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) - { - return "SHA512"; - } - // BEGIN android-removed - // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - // { - // return "RIPEMD128"; - // } - // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - // { - // return "RIPEMD160"; - // } - // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - // { - // return "RIPEMD256"; - // } - // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - // { - // return "GOST3411"; - // } - // END android-removed - else - { - return digestAlgOID.getId(); - } - } - public X509Certificate convertCertificate(X509CertificateHolder certHolder) throws CertificateException { |