diff options
| author | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-11-01 16:04:09 +0000 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-11-01 16:04:09 +0000 |
| commit | 7e37934b87aae3eddb9817663a20d9f9bb554bf2 (patch) | |
| tree | 41518fd9391a5d52127ea2920ee0b578e2392f75 /bcprov/src/main | |
| parent | b9107e03cbb02e73f61e2105df4d5de9d2c6ab52 (diff) | |
| parent | b1e4d28d756235ec33e45485994581f4590c37ff (diff) | |
| download | android_external_bouncycastle-7e37934b87aae3eddb9817663a20d9f9bb554bf2.tar.gz android_external_bouncycastle-7e37934b87aae3eddb9817663a20d9f9bb554bf2.tar.bz2 android_external_bouncycastle-7e37934b87aae3eddb9817663a20d9f9bb554bf2.zip | |
Merge tag 'android-4.4_r1' into cm-11.0cm-11.0-XNPH25R-bacon-d22b777afacm-11.0-XNPH22R-bacon-03d77315ea
Android 4.4 Release 1.0
Diffstat (limited to 'bcprov/src/main')
131 files changed, 6246 insertions, 5050 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java index ecfca6a..2819a8d 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java @@ -20,7 +20,7 @@ public class ASN1EncodableVector { for (Enumeration en = other.v.elements(); en.hasMoreElements();) { - v.addElement(en.nextElement()); + v.addElement(en.nextElement()); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java index eb29838..98f46a6 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java @@ -13,6 +13,11 @@ public class ASN1ObjectIdentifier super(bytes); } + ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branch) + { + super(oid, branch); + } + /** * Return an OID that creates a branch under the current one. * @@ -21,7 +26,7 @@ public class ASN1ObjectIdentifier */ public ASN1ObjectIdentifier branch(String branchID) { - return new ASN1ObjectIdentifier(getId() + "." + branchID); + return new ASN1ObjectIdentifier(this, branchID); } /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java index c8d7bd0..74acda6 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java @@ -77,7 +77,7 @@ public class DERBoolean * @exception IllegalArgumentException if the tagged object cannot * be converted. */ - public static DERBoolean getInstance( + public static ASN1Boolean getInstance( ASN1TaggedObject obj, boolean explicit) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java index 8e2ee4e..13e1195 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java @@ -9,17 +9,17 @@ import org.bouncycastle.util.Arrays; public class DERObjectIdentifier extends ASN1Primitive { - String identifier; + String identifier; - private byte[] body; + private byte[] body; /** * return an OID from the passed in object * - * @exception IllegalArgumentException if the object cannot be converted. + * @throws IllegalArgumentException if the object cannot be converted. */ public static ASN1ObjectIdentifier getInstance( - Object obj) + Object obj) { if (obj == null || obj instanceof ASN1ObjectIdentifier) { @@ -47,15 +47,15 @@ public class DERObjectIdentifier /** * return an Object Identifier from a tagged object. * - * @param obj the tagged object holding the object we want + * @param obj the tagged object holding the object we want * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. + * tagged false otherwise. + * @throws IllegalArgumentException if the tagged object cannot + * be converted. */ public static ASN1ObjectIdentifier getInstance( ASN1TaggedObject obj, - boolean explicit) + boolean explicit) { ASN1Primitive o = obj.getObject(); @@ -72,38 +72,38 @@ public class DERObjectIdentifier private static final long LONG_LIMIT = (Long.MAX_VALUE >> 7) - 0x7f; DERObjectIdentifier( - byte[] bytes) + byte[] bytes) { - StringBuffer objId = new StringBuffer(); - long value = 0; - BigInteger bigValue = null; - boolean first = true; + StringBuffer objId = new StringBuffer(); + long value = 0; + BigInteger bigValue = null; + boolean first = true; for (int i = 0; i != bytes.length; i++) { int b = bytes[i] & 0xff; - if (value <= LONG_LIMIT) + if (value <= LONG_LIMIT) { value += (b & 0x7f); if ((b & 0x80) == 0) // end of number reached { if (first) { - if (value < 40) - { - objId.append('0'); - } - else if (value < 80) - { - objId.append('1'); + if (value < 40) + { + objId.append('0'); + } + else if (value < 80) + { + objId.append('1'); value -= 40; - } - else - { - objId.append('2'); + } + else + { + objId.append('2'); value -= 80; - } + } first = false; } @@ -115,20 +115,20 @@ public class DERObjectIdentifier { value <<= 7; } - } - else + } + else { if (bigValue == null) { bigValue = BigInteger.valueOf(value); } bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f)); - if ((b & 0x80) == 0) + if ((b & 0x80) == 0) { if (first) { - objId.append('2'); - bigValue = bigValue.subtract(BigInteger.valueOf(80)); + objId.append('2'); + bigValue = bigValue.subtract(BigInteger.valueOf(80)); first = false; } @@ -155,8 +155,12 @@ public class DERObjectIdentifier } public DERObjectIdentifier( - String identifier) + String identifier) { + if (identifier == null) + { + throw new IllegalArgumentException("'identifier' cannot be null"); + } if (!isValidIdentifier(identifier)) { throw new IllegalArgumentException("string " + identifier + " not an OID"); @@ -171,14 +175,24 @@ public class DERObjectIdentifier // END android-changed } + DERObjectIdentifier(DERObjectIdentifier oid, String branchID) + { + if (!isValidBranchID(branchID, 0)) + { + throw new IllegalArgumentException("string " + branchID + " not a valid OID branch"); + } + + this.identifier = oid.getId() + "." + branchID; + } + public String getId() { return identifier; } private void writeField( - ByteArrayOutputStream out, - long fieldValue) + ByteArrayOutputStream out, + long fieldValue) { byte[] result = new byte[9]; int pos = 8; @@ -192,24 +206,24 @@ public class DERObjectIdentifier } private void writeField( - ByteArrayOutputStream out, - BigInteger fieldValue) + ByteArrayOutputStream out, + BigInteger fieldValue) { - int byteCount = (fieldValue.bitLength()+6)/7; - if (byteCount == 0) + int byteCount = (fieldValue.bitLength() + 6) / 7; + if (byteCount == 0) { out.write(0); - } - else + } + else { BigInteger tmpValue = fieldValue; byte[] tmp = new byte[byteCount]; - for (int i = byteCount-1; i >= 0; i--) + for (int i = byteCount - 1; i >= 0; i--) { - tmp[i] = (byte) ((tmpValue.intValue() & 0x7f) | 0x80); - tmpValue = tmpValue.shiftRight(7); + tmp[i] = (byte)((tmpValue.intValue() & 0x7f) | 0x80); + tmpValue = tmpValue.shiftRight(7); } - tmp[byteCount-1] &= 0x7f; + tmp[byteCount - 1] &= 0x7f; out.write(tmp, 0, tmp.length); } } @@ -218,15 +232,15 @@ public class DERObjectIdentifier { OIDTokenizer tok = new OIDTokenizer(identifier); int first = Integer.parseInt(tok.nextToken()) * 40; - + String secondToken = tok.nextToken(); if (secondToken.length() <= 18) { - writeField(aOut, first + Long.parseLong(secondToken)); + writeField(aOut, first + Long.parseLong(secondToken)); } else { - writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first))); + writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first))); } while (tok.hasMoreTokens()) @@ -274,7 +288,7 @@ public class DERObjectIdentifier ASN1OutputStream out) throws IOException { - byte[] enc = getBody(); + byte[] enc = getBody(); out.write(BERTags.OBJECT_IDENTIFIER); out.writeLength(enc.length); @@ -287,7 +301,7 @@ public class DERObjectIdentifier } boolean asn1Equals( - ASN1Primitive o) + ASN1Primitive o) { if (!(o instanceof DERObjectIdentifier)) { @@ -302,25 +316,15 @@ public class DERObjectIdentifier return getId(); } - private static boolean isValidIdentifier( - String identifier) + private static boolean isValidBranchID( + String branchID, int start) { - if (identifier.length() < 3 - || identifier.charAt(1) != '.') - { - return false; - } - - char first = identifier.charAt(0); - if (first < '0' || first > '2') - { - return false; - } - boolean periodAllowed = false; - for (int i = identifier.length() - 1; i >= 2; i--) + + int pos = branchID.length(); + while (--pos >= start) { - char ch = identifier.charAt(i); + char ch = branchID.charAt(pos); // TODO Leading zeroes? if ('0' <= ch && ch <= '9') @@ -346,6 +350,23 @@ public class DERObjectIdentifier return periodAllowed; } + private static boolean isValidIdentifier( + String identifier) + { + if (identifier.length() < 3 || identifier.charAt(1) != '.') + { + return false; + } + + char first = identifier.charAt(0); + if (first < '0' || first > '2') + { + return false; + } + + return isValidBranchID(identifier, 2); + } + private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[256][]; static ASN1ObjectIdentifier fromOctetString(byte[] enc) @@ -364,7 +385,7 @@ public class DERObjectIdentifier synchronized (cache) { ASN1ObjectIdentifier[] first = cache[idx1]; - if (first == null) + if (first == null) { first = cache[idx1] = new ASN1ObjectIdentifier[128]; } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java index 956b9c7..d50fb7c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java @@ -6,7 +6,8 @@ import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Strings; /** - * DER T61String (also the teletex string) + * DER T61String (also the teletex string), try not to use this if you don't need to. The standard support the encoding for + * this has been withdrawn. */ public class DERT61String extends ASN1Primitive @@ -68,30 +69,30 @@ public class DERT61String } /** - * basic constructor - with bytes. + * basic constructor - string encoded as a sequence of bytes. */ - DERT61String( + public DERT61String( byte[] string) { this.string = string; } /** - * basic constructor - with string. + * basic constructor - with string 8 bit assumed. */ public DERT61String( String string) { - // BEGIN android-changed - this.string = Strings.toByteArray(string); - // END android-changed + this(Strings.toByteArray(string)); } + /** + * Decode the encoded string and return it, 8 bit encoding assumed. + * @return the decoded String + */ public String getString() { - // BEGIN android-changed return Strings.fromByteArray(string); - // END android-changed } public String toString() @@ -115,7 +116,11 @@ public class DERT61String { out.writeEncoded(BERTags.T61_STRING, string); } - + + /** + * Return the encoded string as a byte array. + * @return the actual bytes making up the encoded body of the T61 string. + */ public byte[] getOctets() { return Arrays.clone(string); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java index 0a3c4aa..b6cb070 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java @@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.channels.FileChannel; class StreamUtil { @@ -33,7 +34,8 @@ class StreamUtil { try { - long size = ((FileInputStream)in).getChannel().size(); + FileChannel channel = ((FileInputStream)in).getChannel(); + long size = (channel != null) ? channel.size() : Integer.MAX_VALUE; if (size < Integer.MAX_VALUE) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java index 0c5a518..614e224 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java @@ -4,7 +4,7 @@ import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSet; +import org.bouncycastle.asn1.DLSet; public class Attributes extends ASN1Object @@ -18,7 +18,7 @@ public class Attributes public Attributes(ASN1EncodableVector v) { - attributes = new BERSet(v); + attributes = new DLSet(v); } public static Attributes getInstance(Object obj) @@ -35,6 +35,18 @@ public class Attributes return null; } + public Attribute[] getAttributes() + { + Attribute[] rv = new Attribute[attributes.size()]; + + for (int i = 0; i != rv.length; i++) + { + rv[i] = Attribute.getInstance(attributes.getObjectAt(i)); + } + + return rv; + } + /** * <pre> * Attributes ::= diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java index e8f4541..6294d97 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java @@ -15,4 +15,14 @@ public interface CMSObjectIdentifiers static final ASN1ObjectIdentifier compressedData = PKCSObjectIdentifiers.id_ct_compressedData; static final ASN1ObjectIdentifier authEnvelopedData = PKCSObjectIdentifiers.id_ct_authEnvelopedData; static final ASN1ObjectIdentifier timestampedData = PKCSObjectIdentifiers.id_ct_timestampedData; + + /** + * The other Revocation Info arc + * id-ri OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + * dod(6) internet(1) security(5) mechanisms(5) pkix(7) ri(16) } + */ + static final ASN1ObjectIdentifier id_ri = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.16"); + + static final ASN1ObjectIdentifier id_ri_ocsp_response = id_ri.branch("2"); + static final ASN1ObjectIdentifier id_ri_scvp = id_ri.branch("4"); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java index a66c4a1..688ac58 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java @@ -34,6 +34,16 @@ public class ContentInfo return null; } + public static ContentInfo getInstance( + ASN1TaggedObject obj, + boolean explicit) + { + return getInstance(ASN1Sequence.getInstance(obj, explicit)); + } + + /** + * @deprecated use getInstance() + */ public ContentInfo( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java index 29348d2..ad0dbb1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java @@ -34,6 +34,10 @@ public class IssuerAndSerialNumber return null; } + /** + * @deprecated use getInstance() method. + * @param seq + */ public IssuerAndSerialNumber( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java index a0a34ef..fd2718a 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java @@ -21,6 +21,11 @@ import org.bouncycastle.asn1.DERTaggedObject; public class SignedData extends ASN1Object { + private static final ASN1Integer VERSION_1 = new ASN1Integer(1); + private static final ASN1Integer VERSION_3 = new ASN1Integer(3); + private static final ASN1Integer VERSION_4 = new ASN1Integer(4); + private static final ASN1Integer VERSION_5 = new ASN1Integer(5); + private ASN1Integer version; private ASN1Set digestAlgorithms; private ContentInfo contentInfo; @@ -136,30 +141,30 @@ public class SignedData if (otherCrl) { - return new ASN1Integer(5); + return VERSION_5; } if (attrCertV2Found) { - return new ASN1Integer(4); + return VERSION_4; } if (attrCertV1Found) { - return new ASN1Integer(3); + return VERSION_3; } if (checkForVersion3(signerInfs)) { - return new ASN1Integer(3); + return VERSION_3; } if (!CMSObjectIdentifiers.data.equals(contentOid)) { - return new ASN1Integer(3); + return VERSION_3; } - return new ASN1Integer(1); + return VERSION_1; } private boolean checkForVersion3(ASN1Set signerInfs) diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java index 0727b68..8aafd67 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java @@ -68,6 +68,34 @@ public class SignerInfo } public SignerInfo( + SignerIdentifier sid, + AlgorithmIdentifier digAlgorithm, + Attributes authenticatedAttributes, + AlgorithmIdentifier digEncryptionAlgorithm, + ASN1OctetString encryptedDigest, + Attributes unauthenticatedAttributes) + { + if (sid.isTagged()) + { + this.version = new ASN1Integer(3); + } + else + { + this.version = new ASN1Integer(1); + } + + this.sid = sid; + this.digAlgorithm = digAlgorithm; + this.authenticatedAttributes = ASN1Set.getInstance(authenticatedAttributes); + this.digEncryptionAlgorithm = digEncryptionAlgorithm; + this.encryptedDigest = encryptedDigest; + this.unauthenticatedAttributes = ASN1Set.getInstance(unauthenticatedAttributes); + } + + /** + * @deprecated use getInstance() method. + */ + public SignerInfo( ASN1Sequence seq) { Enumeration e = seq.getObjects(); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java index 97712b5..ba7e518 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java @@ -10,7 +10,7 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.util.Strings; /** - * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2 + * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-3 */ public class NISTNamedCurves { @@ -25,13 +25,16 @@ public class NISTNamedCurves static { - // TODO Missing the "K-" curves - defineCurve("B-571", SECObjectIdentifiers.sect571r1); defineCurve("B-409", SECObjectIdentifiers.sect409r1); defineCurve("B-283", SECObjectIdentifiers.sect283r1); defineCurve("B-233", SECObjectIdentifiers.sect233r1); defineCurve("B-163", SECObjectIdentifiers.sect163r2); + defineCurve("K-571", SECObjectIdentifiers.sect571k1); + defineCurve("K-409", SECObjectIdentifiers.sect409k1); + defineCurve("K-283", SECObjectIdentifiers.sect283k1); + defineCurve("K-233", SECObjectIdentifiers.sect233k1); + defineCurve("K-163", SECObjectIdentifiers.sect163k1); defineCurve("P-521", SECObjectIdentifiers.secp521r1); defineCurve("P-384", SECObjectIdentifiers.secp384r1); defineCurve("P-256", SECObjectIdentifiers.secp256r1); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java index 258f269..afa93c4 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java @@ -11,13 +11,17 @@ public interface NISTObjectIdentifiers // // nistalgorithms(4) // - static final ASN1ObjectIdentifier nistAlgorithm = new ASN1ObjectIdentifier("2.16.840.1.101.3.4"); + static final ASN1ObjectIdentifier nistAlgorithm = new ASN1ObjectIdentifier("2.16.840.1.101.3.4"); + + static final ASN1ObjectIdentifier hashAlgs = nistAlgorithm.branch("2"); + + static final ASN1ObjectIdentifier id_sha256 = hashAlgs.branch("1"); + static final ASN1ObjectIdentifier id_sha384 = hashAlgs.branch("2"); + static final ASN1ObjectIdentifier id_sha512 = hashAlgs.branch("3"); + static final ASN1ObjectIdentifier id_sha224 = hashAlgs.branch("4"); + static final ASN1ObjectIdentifier id_sha512_224 = hashAlgs.branch("5"); + static final ASN1ObjectIdentifier id_sha512_256 = hashAlgs.branch("6"); - static final ASN1ObjectIdentifier id_sha256 = nistAlgorithm.branch("2.1"); - static final ASN1ObjectIdentifier id_sha384 = nistAlgorithm.branch("2.2"); - static final ASN1ObjectIdentifier id_sha512 = nistAlgorithm.branch("2.3"); - static final ASN1ObjectIdentifier id_sha224 = nistAlgorithm.branch("2.4"); - static final ASN1ObjectIdentifier aes = nistAlgorithm.branch("1"); static final ASN1ObjectIdentifier id_aes128_ECB = aes.branch("1"); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java index aac2bb7..c9c14fe 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java @@ -53,6 +53,19 @@ public class CertificationRequestInfo return null; } + /** + * Basic constructor. + * <p> + * Note: Early on a lot of CAs would only accept messages with attributes missing. As the ASN.1 def shows + * the attributes field is not optional so should always at least contain an empty set. If a fully compliant + * request is required, pass in an empty set, the class will otherwise interpret a null as it should + * encode the request with the field missing. + * </p> + * + * @param subject subject to be associated with the public key + * @param pkInfo public key to be associated with subject + * @param attributes any attributes to be associated with the request. + */ public CertificationRequestInfo( X500Name subject, SubjectPublicKeyInfo pkInfo, @@ -86,6 +99,9 @@ public class CertificationRequestInfo } } + /** + * @deprecated use getInstance(). + */ public CertificationRequestInfo( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java index 613c3f4..c885a6c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java @@ -1,55 +1,56 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class EncryptionScheme - extends AlgorithmIdentifier + extends ASN1Object { + private AlgorithmIdentifier algId; + public EncryptionScheme( ASN1ObjectIdentifier objectId, ASN1Encodable parameters) { - super(objectId, parameters); + this.algId = new AlgorithmIdentifier(objectId, parameters); } - EncryptionScheme( + private EncryptionScheme( ASN1Sequence seq) { - this((ASN1ObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1)); + this.algId = AlgorithmIdentifier.getInstance(seq); } - public static final AlgorithmIdentifier getInstance(Object obj) + public static final EncryptionScheme getInstance(Object obj) { if (obj instanceof EncryptionScheme) { return (EncryptionScheme)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new EncryptionScheme((ASN1Sequence)obj); + return new EncryptionScheme(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } - public ASN1Primitive getObject() + public ASN1ObjectIdentifier getAlgorithm() { - return (ASN1Primitive)getParameters(); + return algId.getAlgorithm(); } - public ASN1Primitive getASN1Primitive() + public ASN1Encodable getParameters() { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(getObjectId()); - v.add(getParameters()); + return algId.getParameters(); + } - return new DERSequence(v); + public ASN1Primitive toASN1Primitive() + { + return algId.toASN1Primitive(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java index fef4f07..3b40836 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java @@ -1,23 +1,56 @@ package org.bouncycastle.asn1.pkcs; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public class KeyDerivationFunc - extends AlgorithmIdentifier + extends ASN1Object { - KeyDerivationFunc( - ASN1Sequence seq) + private AlgorithmIdentifier algId; + + public KeyDerivationFunc( + ASN1ObjectIdentifier objectId, + ASN1Encodable parameters) { - super(seq); + this.algId = new AlgorithmIdentifier(objectId, parameters); } - - public KeyDerivationFunc( - ASN1ObjectIdentifier id, - ASN1Encodable params) + + private KeyDerivationFunc( + ASN1Sequence seq) + { + this.algId = AlgorithmIdentifier.getInstance(seq); + } + + public static final KeyDerivationFunc getInstance(Object obj) + { + if (obj instanceof KeyDerivationFunc) + { + return (KeyDerivationFunc)obj; + } + else if (obj != null) + { + return new KeyDerivationFunc(ASN1Sequence.getInstance(obj)); + } + + return null; + } + + public ASN1ObjectIdentifier getAlgorithm() + { + return algId.getAlgorithm(); + } + + public ASN1Encodable getParameters() + { + return algId.getParameters(); + } + + public ASN1Primitive toASN1Primitive() { - super(id, params); + return algId.toASN1Primitive(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java index 06c9455..db44a82 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java @@ -17,7 +17,7 @@ public class PBES2Algorithms { private ASN1ObjectIdentifier objectId; private KeyDerivationFunc func; - private EncryptionScheme scheme; + private EncryptionScheme scheme; public PBES2Algorithms( ASN1Sequence obj) @@ -40,10 +40,10 @@ public class PBES2Algorithms } else { - func = new KeyDerivationFunc(funcSeq); + func = KeyDerivationFunc.getInstance(funcSeq); } - scheme = new EncryptionScheme((ASN1Sequence)e.nextElement()); + scheme = EncryptionScheme.getInstance(e.nextElement()); } public ASN1ObjectIdentifier getObjectId() diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java index 5ada493..b47e9cd 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java @@ -13,26 +13,31 @@ public class PBES2Parameters extends ASN1Object implements PKCSObjectIdentifiers { - private KeyDerivationFunc func; - private EncryptionScheme scheme; + private KeyDerivationFunc func; + private EncryptionScheme scheme; public static PBES2Parameters getInstance( Object obj) { - if (obj== null || obj instanceof PBES2Parameters) + if (obj instanceof PBES2Parameters) { return (PBES2Parameters)obj; } - - if (obj instanceof ASN1Sequence) + if (obj != null) { - return new PBES2Parameters((ASN1Sequence)obj); + return new PBES2Parameters(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; + } + + public PBES2Parameters(KeyDerivationFunc keyDevFunc, EncryptionScheme encScheme) + { + this.func = keyDevFunc; + this.scheme = encScheme; } - public PBES2Parameters( + private PBES2Parameters( ASN1Sequence obj) { Enumeration e = obj.getObjects(); @@ -44,10 +49,10 @@ public class PBES2Parameters } else { - func = new KeyDerivationFunc(funcSeq); + func = KeyDerivationFunc.getInstance(funcSeq); } - scheme = (EncryptionScheme)EncryptionScheme.getInstance(e.nextElement()); + scheme = EncryptionScheme.getInstance(e.nextElement()); } public KeyDerivationFunc getKeyDerivationFunc() diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java index f46c294..65c0fa8 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java @@ -48,7 +48,7 @@ public class PBKDF2Params int iterationCount, int keyLength) { - this(salt, iterationCount); + this(salt, iterationCount); this.keyLength = new ASN1Integer(keyLength); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java index 6b42763..dad8650 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java @@ -67,6 +67,10 @@ public class PrivateKeyInfo this.attributes = attributes; } + /** + * @deprectaed use PrivateKeyInfo.getInstance() + * @param seq + */ public PrivateKeyInfo( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java index 9886b73..5302552 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java @@ -184,7 +184,8 @@ public class ASN1Dump { buf.append(dumpBinaryDataAsString(indent, oct.getOctets())); } - else{ + else + { buf.append(nl); } } @@ -208,7 +209,8 @@ public class ASN1Dump { buf.append(dumpBinaryDataAsString(indent, bt.getBytes())); } - else{ + else + { buf.append(nl); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java index 7a7c837..704ea72 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java @@ -16,19 +16,64 @@ public interface X500NameStyle * Convert the passed in String value into the appropriate ASN.1 * encoded object. * - * @param oid the oid associated with the value in the DN. + * @param oid the OID associated with the value in the DN. * @param value the value of the particular DN component. * @return the ASN.1 equivalent for the value. */ ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value); + /** + * Return the OID associated with the passed in name. + * + * @param attrName the string to match. + * @return an OID + */ ASN1ObjectIdentifier attrNameToOID(String attrName); - boolean areEqual(X500Name name1, X500Name name2); - + /** + * Return an array of RDN generated from the passed in String. + * @param dirName the String representation. + * @return an array of corresponding RDNs. + */ RDN[] fromString(String dirName); + /** + * Return true if the two names are equal. + * + * @param name1 first name for comparison. + * @param name2 second name for comparison. + * @return true if name1 = name 2, false otherwise. + */ + boolean areEqual(X500Name name1, X500Name name2); + + /** + * Calculate a hashCode for the passed in name. + * + * @param name the name the hashCode is required for. + * @return the calculated hashCode. + */ int calculateHashCode(X500Name name); + /** + * Convert the passed in X500Name to a String. + * @param name the name to convert. + * @return a String representation. + */ String toString(X500Name name); + + /** + * Return the display name for toString() associated with the OID. + * + * @param oid the OID of interest. + * @return the name displayed in toString(), null if no mapping provided. + */ + String oidToDisplayName(ASN1ObjectIdentifier oid); + + /** + * Return the acceptable names in a String DN that map to OID. + * + * @param oid the OID of interest. + * @return an array of String aliases for the OID, zero length if there are none. + */ + String[] oidToAttrNames(ASN1ObjectIdentifier oid); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java index 777cc56..714a32c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java @@ -315,6 +315,16 @@ public class BCStyle return new DERUTF8String(value); } + public String oidToDisplayName(ASN1ObjectIdentifier oid) + { + return (String)DefaultSymbols.get(oid); + } + + public String[] oidToAttrNames(ASN1ObjectIdentifier oid) + { + return IETFUtils.findAttrNamesForOID(oid, DefaultLookUp); + } + public ASN1ObjectIdentifier attrNameToOID(String attrName) { return IETFUtils.decodeAttrName(attrName, DefaultLookUp); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java index 861108d..c73107e 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java @@ -1,6 +1,7 @@ package org.bouncycastle.asn1.x500.style; import java.io.IOException; +import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -19,6 +20,112 @@ import org.bouncycastle.util.encoders.Hex; public class IETFUtils { + private static String unescape(String elt) + { + if (elt.length() == 0 || (elt.indexOf('\\') < 0 && elt.indexOf('"') < 0)) + { + return elt.trim(); + } + + char[] elts = elt.toCharArray(); + boolean escaped = false; + boolean quoted = false; + StringBuffer buf = new StringBuffer(elt.length()); + int start = 0; + + // if it's an escaped hash string and not an actual encoding in string form + // we need to leave it escaped. + if (elts[0] == '\\') + { + if (elts[1] == '#') + { + start = 2; + buf.append("\\#"); + } + } + + boolean nonWhiteSpaceEncountered = false; + int lastEscaped = 0; + char hex1 = 0; + + for (int i = start; i != elts.length; i++) + { + char c = elts[i]; + + if (c != ' ') + { + nonWhiteSpaceEncountered = true; + } + + if (c == '"') + { + if (!escaped) + { + quoted = !quoted; + } + else + { + buf.append(c); + } + escaped = false; + } + else if (c == '\\' && !(escaped || quoted)) + { + escaped = true; + lastEscaped = buf.length(); + } + else + { + if (c == ' ' && !escaped && !nonWhiteSpaceEncountered) + { + continue; + } + if (escaped && isHexDigit(c)) + { + if (hex1 != 0) + { + buf.append((char)(convertHex(hex1) * 16 + convertHex(c))); + escaped = false; + hex1 = 0; + continue; + } + hex1 = c; + continue; + } + buf.append(c); + escaped = false; + } + } + + if (buf.length() > 0) + { + while (buf.charAt(buf.length() - 1) == ' ' && lastEscaped != (buf.length() - 1)) + { + buf.setLength(buf.length() - 1); + } + } + + return buf.toString(); + } + + private static boolean isHexDigit(char c) + { + return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F'); + } + + private static int convertHex(char c) + { + if ('0' <= c && c <= '9') + { + return c - '0'; + } + if ('a' <= c && c <= 'f') + { + return c - 'a' + 10; + } + return c - 'A' + 10; + } + public static RDN[] rDNsFromString(String name, X500NameStyle x500Style) { X500NameTokenizer nTok = new X500NameTokenizer(name); @@ -27,45 +134,71 @@ public class IETFUtils while (nTok.hasMoreTokens()) { String token = nTok.nextToken(); - int index = token.indexOf('='); - if (index == -1) + if (token.indexOf('+') > 0) { - throw new IllegalArgumentException("badly formated directory string"); - } + X500NameTokenizer pTok = new X500NameTokenizer(token, '+'); + X500NameTokenizer vTok = new X500NameTokenizer(pTok.nextToken(), '='); - String attr = token.substring(0, index); - String value = token.substring(index + 1); - ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr); + String attr = vTok.nextToken(); - if (value.indexOf('+') > 0) - { - X500NameTokenizer vTok = new X500NameTokenizer(value, '+'); - String v = vTok.nextToken(); - - Vector oids = new Vector(); - Vector values = new Vector(); + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } - oids.addElement(oid); - values.addElement(v); + String value = vTok.nextToken(); + ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr.trim()); - while (vTok.hasMoreTokens()) + if (pTok.hasMoreTokens()) { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); + Vector oids = new Vector(); + Vector values = new Vector(); - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); + oids.addElement(oid); + values.addElement(unescape(value)); - oids.addElement(x500Style.attrNameToOID(nm)); - values.addElement(vl); - } + while (pTok.hasMoreTokens()) + { + vTok = new X500NameTokenizer(pTok.nextToken(), '='); + + attr = vTok.nextToken(); + + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } - builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values)); + value = vTok.nextToken(); + oid = x500Style.attrNameToOID(attr.trim()); + + + oids.addElement(oid); + values.addElement(unescape(value)); + } + + builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values)); + } + else + { + builder.addRDN(oid, unescape(value)); + } } else { - builder.addRDN(oid, value); + X500NameTokenizer vTok = new X500NameTokenizer(token, '='); + + String attr = vTok.nextToken(); + + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } + + String value = vTok.nextToken(); + ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr.trim()); + + builder.addRDN(oid, unescape(value)); } } @@ -96,6 +229,34 @@ public class IETFUtils return tmp; } + public static String[] findAttrNamesForOID( + ASN1ObjectIdentifier oid, + Hashtable lookup) + { + int count = 0; + for (Enumeration en = lookup.elements(); en.hasMoreElements();) + { + if (oid.equals(en.nextElement())) + { + count++; + } + } + + String[] aliases = new String[count]; + count = 0; + + for (Enumeration en = lookup.keys(); en.hasMoreElements();) + { + String key = (String)en.nextElement(); + if (oid.equals(lookup.get(key))) + { + aliases[count++] = key; + } + } + + return aliases; + } + public static ASN1ObjectIdentifier decodeAttrName( String name, Hashtable lookUp) @@ -123,29 +284,13 @@ public class IETFUtils int off) throws IOException { - str = Strings.toLowerCase(str); byte[] data = new byte[(str.length() - off) / 2]; for (int index = 0; index != data.length; index++) { char left = str.charAt((index * 2) + off); char right = str.charAt((index * 2) + off + 1); - if (left < 'a') - { - data[index] = (byte)((left - '0') << 4); - } - else - { - data[index] = (byte)((left - 'a' + 10) << 4); - } - if (right < 'a') - { - data[index] |= (byte)(right - '0'); - } - else - { - data[index] |= (byte)(right - 'a' + 10); - } + data[index] = (byte)((convertHex(left) << 4) | convertHex(right)); } return ASN1Primitive.fromByteArray(data); @@ -257,6 +402,24 @@ public class IETFUtils index++; } + int start = 0; + if (vBuf.length() > 0) + { + while (vBuf.charAt(start) == ' ') + { + vBuf.insert(start, "\\"); + start += 2; + } + } + + int endBuf = vBuf.length() - 1; + + while (endBuf >= 0 && vBuf.charAt(endBuf) == ' ') + { + vBuf.insert(endBuf, '\\'); + endBuf--; + } + return vBuf.toString(); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java index 430d379..8486989 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java @@ -204,6 +204,16 @@ public class RFC4519Style return new DERUTF8String(value); } + public String oidToDisplayName(ASN1ObjectIdentifier oid) + { + return (String)DefaultSymbols.get(oid); + } + + public String[] oidToAttrNames(ASN1ObjectIdentifier oid) + { + return IETFUtils.findAttrNamesForOID(oid, DefaultLookUp); + } + public ASN1ObjectIdentifier attrNameToOID(String attrName) { return IETFUtils.decodeAttrName(attrName, DefaultLookUp); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java index a02295a..2c8e3fc 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java @@ -56,37 +56,19 @@ class X500NameTokenizer { quoted = !quoted; } - else - { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } - buf.append(c); - } + buf.append(c); escaped = false; } else { if (escaped || quoted) { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } buf.append(c); escaped = false; } else if (c == '\\') { + buf.append(c); escaped = true; } else if (c == separator) @@ -102,6 +84,7 @@ class X500NameTokenizer } index = end; - return buf.toString().trim(); + + return buf.toString(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java index 6f7c3be..d250bf1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java @@ -6,7 +6,6 @@ import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1SequenceParser; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; @@ -33,23 +32,20 @@ public class AlgorithmIdentifier { return (AlgorithmIdentifier)obj; } - + + // TODO: delete if (obj instanceof ASN1ObjectIdentifier) { return new AlgorithmIdentifier((ASN1ObjectIdentifier)obj); } + // TODO: delete if (obj instanceof String) { return new AlgorithmIdentifier((String)obj); } - if (obj instanceof ASN1Sequence || obj instanceof ASN1SequenceParser) - { - return new AlgorithmIdentifier(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return new AlgorithmIdentifier(ASN1Sequence.getInstance(obj)); } public AlgorithmIdentifier( @@ -101,6 +97,10 @@ public class AlgorithmIdentifier this.parameters = parameters; } + /** + * @deprecated use AlgorithmIdentifier.getInstance() + * @param seq + */ public AlgorithmIdentifier( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java index 3746f9e..9c5ed46 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java @@ -156,7 +156,7 @@ public class AuthorityKeyIdentifier } /** - * create an AuthorityKeyIdentifier with a precomupted key identifier + * create an AuthorityKeyIdentifier with a precomputed key identifier */ public AuthorityKeyIdentifier( byte[] keyIdentifier) @@ -167,7 +167,7 @@ public class AuthorityKeyIdentifier } /** - * create an AuthorityKeyIdentifier with a precomupted key identifier + * create an AuthorityKeyIdentifier with a precomputed key identifier * and the GeneralNames tag and the serial number provided as well. */ public AuthorityKeyIdentifier( diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java index e6a06d8..4d566b1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java @@ -4,15 +4,20 @@ import java.io.IOException; import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DERSequence; /** * an object for the elements in the X.509 V3 extension block. */ public class Extension + extends ASN1Object { /** * Subject Directory Attributes @@ -170,9 +175,8 @@ public class Extension public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55"); private ASN1ObjectIdentifier extnId; - - boolean critical; - ASN1OctetString value; + private boolean critical; + private ASN1OctetString value; public Extension( ASN1ObjectIdentifier extnId, @@ -200,6 +204,40 @@ public class Extension this.value = value; } + private Extension(ASN1Sequence seq) + { + if (seq.size() == 2) + { + this.extnId = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); + this.critical = false; + this.value = ASN1OctetString.getInstance(seq.getObjectAt(1)); + } + else if (seq.size() == 3) + { + this.extnId = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0)); + this.critical = ASN1Boolean.getInstance(seq.getObjectAt(1)).isTrue(); + this.value = ASN1OctetString.getInstance(seq.getObjectAt(2)); + } + else + { + throw new IllegalArgumentException("Bad sequence size: " + seq.size()); + } + } + + public static Extension getInstance(Object obj) + { + if (obj instanceof Extension) + { + return (Extension)obj; + } + else if (obj != null) + { + return new Extension(ASN1Sequence.getInstance(obj)); + } + + return null; + } + public ASN1ObjectIdentifier getExtnId() { return extnId; @@ -224,10 +262,10 @@ public class Extension { if (this.isCritical()) { - return this.getExtnValue().hashCode(); + return this.getExtnValue().hashCode() ^ this.getExtnId().hashCode(); } - return ~this.getExtnValue().hashCode(); + return ~(this.getExtnValue().hashCode() ^ this.getExtnId().hashCode()); } public boolean equals( @@ -240,10 +278,27 @@ public class Extension Extension other = (Extension)o; - return other.getExtnValue().equals(this.getExtnValue()) + return other.getExtnId().equals(this.getExtnId()) + && other.getExtnValue().equals(this.getExtnValue()) && (other.isCritical() == this.isCritical()); } + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(extnId); + + if (critical) + { + v.add(ASN1Boolean.getInstance(true)); + } + + v.add(value); + + return new DERSequence(v); + } + /** * Convert the value of the passed in extension to an object * @param ext the extension to parse diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java index 33175db..1aeed15 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java @@ -4,12 +4,10 @@ import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; -import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; @@ -18,18 +16,18 @@ import org.bouncycastle.asn1.DERSequence; public class Extensions extends ASN1Object { - private Hashtable extensions = new Hashtable(); - private Vector ordering = new Vector(); + private Hashtable extensions = new Hashtable(); + private Vector ordering = new Vector(); public static Extensions getInstance( ASN1TaggedObject obj, - boolean explicit) + boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); } public static Extensions getInstance( - Object obj) + Object obj) { if (obj instanceof Extensions) { @@ -45,7 +43,7 @@ public class Extensions /** * Constructor from ASN1Sequence. - * + * <p/> * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) */ private Extensions( @@ -55,22 +53,10 @@ public class Extensions while (e.hasMoreElements()) { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - - if (s.size() == 3) - { - extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), ASN1Boolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)))); - } - else if (s.size() == 2) - { - extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), false, ASN1OctetString.getInstance(s.getObjectAt(1)))); - } - else - { - throw new IllegalArgumentException("Bad sequence size: " + s.size()); - } + Extension ext = Extension.getInstance(e.nextElement()); - ordering.addElement(s.getObjectAt(0)); + extensions.put(ext.getExtnId(), ext); + ordering.addElement(ext.getExtnId()); } } @@ -88,7 +74,7 @@ public class Extensions /** * Base Constructor - * + * * @param extensions an array of extensions. */ public Extensions( @@ -102,7 +88,7 @@ public class Extensions this.extensions.put(ext.getExtnId(), ext); } } - + /** * return an Enumeration of the extension field's object ids. */ @@ -154,24 +140,14 @@ public class Extensions public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(); - Enumeration e = ordering.elements(); + Enumeration e = ordering.elements(); while (e.hasMoreElements()) { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); Extension ext = (Extension)extensions.get(oid); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oid); - - if (ext.isCritical()) - { - v.add(ASN1Boolean.getInstance(true)); - } - v.add(ext.getExtnValue()); - - vec.add(new DERSequence(v)); + vec.add(ext); } return new DERSequence(vec); @@ -185,11 +161,11 @@ public class Extensions return false; } - Enumeration e1 = extensions.keys(); + Enumeration e1 = extensions.keys(); while (e1.hasMoreElements()) { - Object key = e1.nextElement(); + Object key = e1.nextElement(); if (!extensions.get(key).equals(other.extensions.get(key))) { @@ -204,7 +180,7 @@ public class Extensions { return toOidArray(ordering); } - + public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs() { return getExtensionOIDs(false); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java index 3955fb7..01980be 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java @@ -13,6 +13,12 @@ import org.bouncycastle.asn1.ASN1Primitive; * dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3} * * </pre> + * To create a new KeyPurposeId where none of the below suit, use + * <pre> + * ASN1ObjectIdentifier newKeyPurposeIdOID = new ASN1ObjectIdentifier("1.3.6.1..."); + * + * KeyPurposeId newKeyPurposeId = KeyPurposeId.getInstance(newKeyPurposeIdOID); + * </pre> */ public class KeyPurposeId extends ASN1Object diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java index ed5c6ab..5cee847 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java @@ -25,24 +25,51 @@ public class V2Form public static V2Form getInstance( Object obj) { - if (obj == null || obj instanceof V2Form) + if (obj instanceof V2Form) { return (V2Form)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new V2Form((ASN1Sequence)obj); + return new V2Form(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public V2Form( GeneralNames issuerName) { + this(issuerName, null, null); + } + + public V2Form( + GeneralNames issuerName, + IssuerSerial baseCertificateID) + { + this(issuerName, baseCertificateID, null); + } + + public V2Form( + GeneralNames issuerName, + ObjectDigestInfo objectDigestInfo) + { + this(issuerName, null, objectDigestInfo); + } + + public V2Form( + GeneralNames issuerName, + IssuerSerial baseCertificateID, + ObjectDigestInfo objectDigestInfo) + { this.issuerName = issuerName; + this.baseCertificateID = baseCertificateID; + this.objectDigestInfo = objectDigestInfo; } - + + /** + * @deprecated use getInstance(). + */ public V2Form( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java index d1c7d8e..9aed4e1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java @@ -400,6 +400,7 @@ public class X509Name * Constructor from ASN1Sequence * * the principal will be a list of constructed sets, each containing an (OID, String) pair. + * @deprecated use X500Name.getInstance() */ public X509Name( ASN1Sequence seq) @@ -497,6 +498,7 @@ public class X509Name * <p> * The passed in converter will be used to convert the strings into their * ASN.1 counterparts. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector ordering, @@ -539,6 +541,7 @@ public class X509Name /** * Takes two vectors one of the oids and the other of the values. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector oids, @@ -552,6 +555,7 @@ public class X509Name * <p> * The passed in converter will be used to convert the strings into their * ASN.1 counterparts. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector oids, @@ -586,6 +590,7 @@ public class X509Name /** * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( String dirName) @@ -598,6 +603,7 @@ public class X509Name * some such, converting it into an ordered set of name attributes with each * string value being converted to its associated ASN.1 type using the passed * in converter. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( String dirName, @@ -611,6 +617,7 @@ public class X509Name * some such, converting it into an ordered set of name attributes. If reverse * is true, create the encoded version of the sequence starting from the * last element in the string. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -625,6 +632,7 @@ public class X509Name * string value being converted to its associated ASN.1 type using the passed * in converter. If reverse is true the ASN.1 sequence representing the DN will * be built by starting at the end of the string, rather than the start. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -646,6 +654,7 @@ public class X509Name * @param reverse true if we should start scanning from the end (RFC 2553). * @param lookUp table of names and their oids. * @param dirName the X.500 string to be parsed. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -659,6 +668,7 @@ public class X509Name String name, Hashtable lookUp) { + name = name.trim(); if (Strings.toUpperCase(name).startsWith("OID.")) { return new ASN1ObjectIdentifier(name.substring(4)); @@ -677,6 +687,81 @@ public class X509Name return oid; } + private String unescape(String elt) + { + if (elt.length() == 0 || (elt.indexOf('\\') < 0 && elt.indexOf('"') < 0)) + { + return elt.trim(); + } + + char[] elts = elt.toCharArray(); + boolean escaped = false; + boolean quoted = false; + StringBuffer buf = new StringBuffer(elt.length()); + int start = 0; + + // if it's an escaped hash string and not an actual encoding in string form + // we need to leave it escaped. + if (elts[0] == '\\') + { + if (elts[1] == '#') + { + start = 2; + buf.append("\\#"); + } + } + + boolean nonWhiteSpaceEncountered = false; + int lastEscaped = 0; + + for (int i = start; i != elts.length; i++) + { + char c = elts[i]; + + if (c != ' ') + { + nonWhiteSpaceEncountered = true; + } + + if (c == '"') + { + if (!escaped) + { + quoted = !quoted; + } + else + { + buf.append(c); + } + escaped = false; + } + else if (c == '\\' && !(escaped || quoted)) + { + escaped = true; + lastEscaped = buf.length(); + } + else + { + if (c == ' ' && !escaped && !nonWhiteSpaceEncountered) + { + continue; + } + buf.append(c); + escaped = false; + } + } + + if (buf.length() > 0) + { + while (buf.charAt(buf.length() - 1) == ' ' && lastEscaped != (buf.length() - 1)) + { + buf.setLength(buf.length() - 1); + } + } + + return buf.toString(); + } + /** * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. lookUp @@ -702,43 +787,21 @@ public class X509Name while (nTok.hasMoreTokens()) { String token = nTok.nextToken(); - int index = token.indexOf('='); - if (index == -1) + if (token.indexOf('+') > 0) { - throw new IllegalArgumentException("badly formatted directory string"); - } + X509NameTokenizer pTok = new X509NameTokenizer(token, '+'); - String name = token.substring(0, index); - String value = token.substring(index + 1); - ASN1ObjectIdentifier oid = decodeOID(name, lookUp); + addEntry(lookUp, pTok.nextToken(), FALSE); - if (value.indexOf('+') > 0) - { - X509NameTokenizer vTok = new X509NameTokenizer(value, '+'); - String v = vTok.nextToken(); - - this.ordering.addElement(oid); - this.values.addElement(v); - this.added.addElement(FALSE); - - while (vTok.hasMoreTokens()) + while (pTok.hasMoreTokens()) { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); - - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); - this.ordering.addElement(decodeOID(nm, lookUp)); - this.values.addElement(vl); - this.added.addElement(TRUE); + addEntry(lookUp, pTok.nextToken(), TRUE); } } else { - this.ordering.addElement(oid); - this.values.addElement(value); - this.added.addElement(FALSE); + addEntry(lookUp, token, FALSE); } } @@ -774,6 +837,29 @@ public class X509Name } } + private void addEntry(Hashtable lookUp, String token, Boolean isAdded) + { + X509NameTokenizer vTok; + String name; + String value;ASN1ObjectIdentifier oid; + vTok = new X509NameTokenizer(token, '='); + + name = vTok.nextToken(); + + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } + + value = vTok.nextToken(); + + oid = decodeOID(name, lookUp); + + this.ordering.addElement(oid); + this.values.addElement(unescape(value)); + this.added.addElement(isAdded); + } + /** * return a vector of the oids in the name, in the order they were found. */ @@ -1157,7 +1243,8 @@ public class X509Name buf.append('='); int index = buf.length(); - + int start = index; + buf.append(value); int end = buf.length(); @@ -1185,6 +1272,20 @@ public class X509Name index++; } + + while (buf.charAt(start) == ' ') + { + buf.insert(start, "\\"); + start += 2; + } + + int endBuf = buf.length() - 1; + + while (endBuf >= 0 && buf.charAt(endBuf) == ' ') + { + buf.insert(endBuf, '\\'); + endBuf--; + } } /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java index ceca1ec..454f322 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java @@ -57,37 +57,19 @@ public class X509NameTokenizer { quoted = !quoted; } - else - { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } - buf.append(c); - } + buf.append(c); escaped = false; } else { if (escaped || quoted) { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } buf.append(c); escaped = false; } else if (c == '\\') { + buf.append(c); escaped = true; } else if (c == separator) @@ -114,6 +96,7 @@ public class X509NameTokenizer } index = end; - return buf.toString().trim(); + + return buf.toString(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java index 5c5afdb..f233657 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java @@ -54,43 +54,44 @@ public class X9Curve X9FieldElement x9B = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(1)); curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); } - else + else if (fieldIdentifier.equals(characteristic_two_field)) { - if (fieldIdentifier.equals(characteristic_two_field)) + // Characteristic two field + ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters()); + int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue(). + intValue(); + ASN1ObjectIdentifier representation + = (ASN1ObjectIdentifier)parameters.getObjectAt(1); + + int k1 = 0; + int k2 = 0; + int k3 = 0; + + if (representation.equals(tpBasis)) + { + // Trinomial basis representation + k1 = ASN1Integer.getInstance(parameters.getObjectAt(2)).getValue().intValue(); + } + else if (representation.equals(ppBasis)) { - // Characteristic two field - ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters()); - int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue(). - intValue(); - ASN1ObjectIdentifier representation - = (ASN1ObjectIdentifier)parameters.getObjectAt(1); - - int k1 = 0; - int k2 = 0; - int k3 = 0; - if (representation.equals(tpBasis)) - { - // Trinomial basis representation - k1 = ((ASN1Integer)parameters.getObjectAt(2)).getValue(). - intValue(); - } - else - { - // Pentanomial basis representation - DERSequence pentanomial - = (DERSequence)parameters.getObjectAt(2); - k1 = ((ASN1Integer)pentanomial.getObjectAt(0)).getValue(). - intValue(); - k2 = ((ASN1Integer)pentanomial.getObjectAt(1)).getValue(). - intValue(); - k3 = ((ASN1Integer)pentanomial.getObjectAt(2)).getValue(). - intValue(); - } - X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0)); - X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1)); - // TODO Is it possible to get the order (n) and cofactor(h) too? - curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); + // Pentanomial basis representation + ASN1Sequence pentanomial = ASN1Sequence.getInstance(parameters.getObjectAt(2)); + k1 = ASN1Integer.getInstance(pentanomial.getObjectAt(0)).getValue().intValue(); + k2 = ASN1Integer.getInstance(pentanomial.getObjectAt(1)).getValue().intValue(); + k3 = ASN1Integer.getInstance(pentanomial.getObjectAt(2)).getValue().intValue(); } + else + { + throw new IllegalArgumentException("This type of EC basis is not implemented"); + } + X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0)); + X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1)); + // TODO Is it possible to get the order (n) and cofactor(h) too? + curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); + } + else + { + throw new IllegalArgumentException("This type of ECCurve is not implemented"); } if (seq.size() == 3) @@ -111,8 +112,7 @@ public class X9Curve } else { - throw new IllegalArgumentException("This type of ECCurve is not " - + "implemented"); + throw new IllegalArgumentException("This type of ECCurve is not implemented"); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java index 6c1fcd7..f005cfa 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java @@ -17,11 +17,11 @@ public interface X9ObjectIdentifiers static final ASN1ObjectIdentifier characteristic_two_field = id_fieldType.branch("2"); - static final ASN1ObjectIdentifier gnBasis = id_fieldType.branch("2.3.1"); + static final ASN1ObjectIdentifier gnBasis = characteristic_two_field.branch("3.1"); - static final ASN1ObjectIdentifier tpBasis = id_fieldType.branch("2.3.2"); + static final ASN1ObjectIdentifier tpBasis = characteristic_two_field.branch("3.2"); - static final ASN1ObjectIdentifier ppBasis = id_fieldType.branch("2.3.3"); + static final ASN1ObjectIdentifier ppBasis = characteristic_two_field.branch("3.3"); static final ASN1ObjectIdentifier id_ecSigType = ansi_X9_62.branch("4"); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java index 2543b59..18cc648 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java @@ -130,7 +130,14 @@ public abstract class PBEParametersGenerator public static byte[] PKCS5PasswordToUTF8Bytes( char[] password) { - return Strings.toUTF8ByteArray(password); + if (password != null) + { + return Strings.toUTF8ByteArray(password); + } + else + { + return new byte[0]; + } } /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java index 3dc7059..b7bac28 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java @@ -34,15 +34,18 @@ public final class AndroidDigestFactory { try { factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); // Double check for NativeCrypto in case we are running on RI for testing - Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); + Class.forName("com.android.org.conscrypt.NativeCrypto"); } catch (ClassNotFoundException e1) { try { factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); } catch (ClassNotFoundException e2) { - throw new AssertionError("Failed to load AndroidDigestFactoryInterface " + AssertionError e = new AssertionError("Failed to load " + + "AndroidDigestFactoryInterface " + "implementation. Looked for " + OpenSSLFactoryClassName + " and " + BouncyCastleFactoryClassName); + e.initCause(e1); + throw e; } } if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java index f2c9967..15f3ebb 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java @@ -1,13 +1,14 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.ExtendedDigest; +import org.bouncycastle.util.Memoable; /** * base implementation of MD4 family style digest as outlined in * "Handbook of Applied Cryptography", pages 344 - 347. */ public abstract class GeneralDigest - implements ExtendedDigest + implements ExtendedDigest, Memoable { private static final int BYTE_LENGTH = 64; private byte[] xBuf; @@ -32,6 +33,12 @@ public abstract class GeneralDigest protected GeneralDigest(GeneralDigest t) { xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(GeneralDigest t) + { System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); xBufOff = t.xBufOff; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java index 22d457b..5c79e4e 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java @@ -2,12 +2,13 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** * Base class for SHA-384 and SHA-512. */ public abstract class LongDigest - implements ExtendedDigest + implements ExtendedDigest, Memoable { private static final int BYTE_LENGTH = 128; @@ -41,6 +42,12 @@ public abstract class LongDigest protected LongDigest(LongDigest t) { xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(LongDigest t) + { System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); xBufOff = t.xBufOff; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java index 05ed27a..ff9cedf 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java @@ -1,6 +1,8 @@ package org.bouncycastle.crypto.digests; +import org.bouncycastle.util.Memoable; + /** * implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347. */ @@ -30,6 +32,13 @@ public class MD5Digest { super(t); + copyIn(t); + } + + private void copyIn(MD5Digest t) + { + super.copyIn(t); + H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -299,4 +308,16 @@ public class MD5Digest X[i] = 0; } } + + public Memoable copy() + { + return new MD5Digest(this); + } + + public void reset(Memoable other) + { + MD5Digest d = (MD5Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java index 3e7c0e7..07b4e50 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java @@ -16,7 +16,7 @@ package org.bouncycastle.crypto.digests; -import org.apache.harmony.xnet.provider.jsse.NativeCrypto; +import com.android.org.conscrypt.NativeCrypto; import org.bouncycastle.crypto.ExtendedDigest; /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java index 7f8d30a..21b1024 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java @@ -1,12 +1,13 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** * implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349. * * It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5 - * is the "endienness" of the word processing! + * is the "endianness" of the word processing! */ public class SHA1Digest extends GeneralDigest @@ -34,6 +35,11 @@ public class SHA1Digest { super(t); + copyIn(t); + } + + private void copyIn(SHA1Digest t) + { H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -283,6 +289,19 @@ public class SHA1Digest X[i] = 0; } } + + public Memoable copy() + { + return new SHA1Digest(this); + } + + public void reset(Memoable other) + { + SHA1Digest d = (SHA1Digest)other; + + super.copyIn(d); + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java index abd9c1b..a2ceda3 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java @@ -1,8 +1,8 @@ package org.bouncycastle.crypto.digests; -import org.bouncycastle.crypto.digests.GeneralDigest; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -42,6 +42,13 @@ public class SHA256Digest { super(t); + copyIn(t); + } + + private void copyIn(SHA256Digest t) + { + super.copyIn(t); + H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -291,5 +298,17 @@ public class SHA256Digest 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; + + public Memoable copy() + { + return new SHA256Digest(this); + } + + public void reset(Memoable other) + { + SHA256Digest d = (SHA256Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java index cdd979a..75d195d 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java @@ -1,6 +1,7 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -17,7 +18,6 @@ import org.bouncycastle.crypto.util.Pack; public class SHA384Digest extends LongDigest { - private static final int DIGEST_LENGTH = 48; /** @@ -84,4 +84,16 @@ public class SHA384Digest H7 = 0xdb0c2e0d64f98fa7l; H8 = 0x47b5481dbefa4fa4l; } + + public Memoable copy() + { + return new SHA384Digest(this); + } + + public void reset(Memoable other) + { + SHA384Digest d = (SHA384Digest)other; + + super.copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java index 34a8e4e..7db63ad 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java @@ -1,6 +1,7 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -85,5 +86,17 @@ public class SHA512Digest H7 = 0x1f83d9abfb41bd6bL; H8 = 0x5be0cd19137e2179L; } + + public Memoable copy() + { + return new SHA512Digest(this); + } + + public void reset(Memoable other) + { + SHA512Digest d = (SHA512Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java index c4719cf..4dbfbff 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java @@ -1,5 +1,7 @@ package org.bouncycastle.crypto.encodings; +import java.security.SecureRandom; + import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -9,8 +11,6 @@ import org.bouncycastle.crypto.digests.AndroidDigestFactory; // END android-changed import org.bouncycastle.crypto.params.ParametersWithRandom; -import java.security.SecureRandom; - /** * Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2. */ @@ -18,7 +18,6 @@ public class OAEPEncoding implements AsymmetricBlockCipher { private byte[] defHash; - private Digest hash; private Digest mgf1Hash; private AsymmetricBlockCipher engine; @@ -55,10 +54,11 @@ public class OAEPEncoding byte[] encodingParams) { this.engine = cipher; - this.hash = hash; this.mgf1Hash = mgf1Hash; this.defHash = new byte[hash.getDigestSize()]; + hash.reset(); + if (encodingParams != null) { hash.update(encodingParams, 0, encodingParams.length); @@ -256,15 +256,23 @@ public class OAEPEncoding // // check the hash of the encoding params. + // long check to try to avoid this been a source of a timing attack. // + boolean defHashWrong = false; + for (int i = 0; i != defHash.length; i++) { if (defHash[i] != block[defHash.length + i]) { - throw new InvalidCipherTextException("data hash wrong"); + defHashWrong = true; } } + if (defHashWrong) + { + throw new InvalidCipherTextException("data hash wrong"); + } + // // find the data block // @@ -322,9 +330,9 @@ public class OAEPEncoding byte[] C = new byte[4]; int counter = 0; - hash.reset(); + mgf1Hash.reset(); - do + while (counter < (length / hashBuf.length)) { ItoOSP(counter, C); @@ -333,8 +341,9 @@ public class OAEPEncoding mgf1Hash.doFinal(hashBuf, 0); System.arraycopy(hashBuf, 0, mask, counter * hashBuf.length, hashBuf.length); + + counter++; } - while (++counter < (length / hashBuf.length)); if ((counter * hashBuf.length) < length) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java index 1bc9aae..756197c 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -392,7 +393,7 @@ private static final int[] Tinv0 = if ((outOff + (32 / 2)) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (forEncryption) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java index 7e91973..ff4b2f8 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java @@ -3,9 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; -// BEGIN android-added import org.bouncycastle.crypto.OutputLengthException; -// END android-added import org.bouncycastle.crypto.params.KeyParameter; /** @@ -726,9 +724,7 @@ public class AESFastEngine if ((outOff + (32 / 2)) > out.length) { - // BEGIN android-changed throw new OutputLengthException("output buffer too short"); - // END android-changed } if (forEncryption) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java index 6ee1c49..cfe7f1f 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -363,7 +364,7 @@ implements BlockCipher if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java index b04911c..9b1e404 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -78,7 +79,7 @@ public class DESEngine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } desFunc(workingKey, in, inOff, out, outOff); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java index c908218..513eccd 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java @@ -2,9 +2,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; -// BEGIN android-added import org.bouncycastle.crypto.OutputLengthException; -// END android-added import org.bouncycastle.crypto.params.KeyParameter; /** @@ -102,9 +100,7 @@ public class DESedeEngine if ((outOff + BLOCK_SIZE) > out.length) { - // BEGIN android-changed throw new OutputLengthException("output buffer too short"); - // END android-changed } byte[] temp = new byte[BLOCK_SIZE]; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java index 62240ea..02cb881 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.RC2Parameters; @@ -174,7 +175,7 @@ public class RC2Engine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java index e7a9cdd..4de7ea6 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java @@ -2,6 +2,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.StreamCipher; import org.bouncycastle.crypto.params.KeyParameter; @@ -81,7 +82,7 @@ public class RC4Engine implements StreamCipher if ((outOff + len) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } for (int i = 0; i < len ; i++) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java index bf43ff2..31ac087 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -303,7 +304,7 @@ public final class TwofishEngine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java index 98dd0f7..50baa4d 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java @@ -1,23 +1,25 @@ package org.bouncycastle.crypto.generators; +import java.math.BigInteger; +import java.security.SecureRandom; + import org.bouncycastle.crypto.Digest; // BEGIN android-changed import org.bouncycastle.crypto.digests.AndroidDigestFactory; // END android-changed +import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAValidationParameters; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.BigIntegers; +import org.bouncycastle.util.encoders.Hex; -import java.math.BigInteger; -import java.security.SecureRandom; - -// TODO Update javadoc to mention FIPS 186-3 when done /** - * generate suitable parameters for DSA, in line with FIPS 186-2. + * Generate suitable parameters for DSA, in line with FIPS 186-2, or FIPS 186-3. */ public class DSAParametersGenerator { + private Digest digest; private int L, N; private int certainty; private SecureRandom random; @@ -26,6 +28,21 @@ public class DSAParametersGenerator private static final BigInteger ONE = BigInteger.valueOf(1); private static final BigInteger TWO = BigInteger.valueOf(2); + private boolean use186_3; + private int usageIndex; + + public DSAParametersGenerator() + { + // BEGIN android-changed + this(AndroidDigestFactory.getSHA1()); + // END android-changed + } + + public DSAParametersGenerator(Digest digest) + { + this.digest = digest; + } + /** * initialise the key generator. * @@ -38,23 +55,53 @@ public class DSAParametersGenerator int certainty, SecureRandom random) { - init(size, getDefaultN(size), certainty, random); + this.use186_3 = false; + this.L = size; + this.N = getDefaultN(size); + this.certainty = certainty; + this.random = random; } - // TODO Make public to enable support for DSA keys > 1024 bits - private void init( - int L, - int N, - int certainty, - SecureRandom random) + /** + * Initialise the key generator for DSA 2. + * <p> + * Use this init method if you need to generate parameters for DSA 2 keys. + * </p> + * + * @param params DSA 2 key generation parameters. + */ + public void init( + DSAParameterGenerationParameters params) { - // TODO Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2) // TODO Should we enforce the minimum 'certainty' values as per C.3 Table C.1? + this.use186_3 = true; + this.L = params.getL(); + this.N = params.getN(); + this.certainty = params.getCertainty(); + this.random = params.getRandom(); + this.usageIndex = params.getUsageIndex(); + + if ((L < 1024 || L > 3072) || L % 1024 != 0) + { + throw new IllegalArgumentException("L values must be between 1024 and 3072 and a multiple of 1024"); + } + else if (L == 1024 && N != 160) + { + throw new IllegalArgumentException("N must be 160 for L = 1024"); + } + else if (L == 2048 && (N != 224 && N != 256)) + { + throw new IllegalArgumentException("N must be 224 or 256 for L = 2048"); + } + else if (L == 3072 && N != 256) + { + throw new IllegalArgumentException("N must be 256 for L = 3072"); + } - this.L = L; - this.N = N; - this.certainty = certainty; - this.random = random; + if (digest.getDigestSize() * 8 < N) + { + throw new IllegalStateException("Digest output size too small for value of N"); + } } /** @@ -65,7 +112,7 @@ public class DSAParametersGenerator */ public DSAParameters generateParameters() { - return L > 1024 + return (use186_3) ? generateParameters_FIPS186_3() : generateParameters_FIPS186_2(); } @@ -76,20 +123,24 @@ public class DSAParametersGenerator byte[] part1 = new byte[20]; byte[] part2 = new byte[20]; byte[] u = new byte[20]; - // BEGIN android-changed - Digest sha1 = AndroidDigestFactory.getSHA1(); - // END android-changed int n = (L - 1) / 160; byte[] w = new byte[L / 8]; + // BEGIN android-changed + if (!(digest.getAlgorithmName().equals("SHA-1"))) + // END android-changed + { + throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters"); + } + for (;;) { random.nextBytes(seed); - hash(sha1, seed, part1); + hash(digest, seed, part1); System.arraycopy(seed, 0, part2, 0, seed.length); inc(part2); - hash(sha1, part2, part2); + hash(digest, part2, part2); for (int i = 0; i != u.length; i++) { @@ -114,12 +165,12 @@ public class DSAParametersGenerator for (int k = 0; k < n; k++) { inc(offset); - hash(sha1, offset, part1); + hash(digest, offset, part1); System.arraycopy(part1, 0, w, w.length - (k + 1) * part1.length, part1.length); } inc(offset); - hash(sha1, offset, part1); + hash(digest, offset, part1); System.arraycopy(part1, part1.length - ((w.length - (n) * part1.length)), w, 0, w.length - n * part1.length); w[0] |= (byte)0x80; @@ -169,9 +220,7 @@ public class DSAParametersGenerator { // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function // FIXME This should be configurable (digest size in bits must be >= N) - // BEGIN android-changed - Digest d = AndroidDigestFactory.getSHA256(); - // END android-changed + Digest d = digest; int outlen = d.getDigestSize() * 8; // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If @@ -197,6 +246,7 @@ public class DSAParametersGenerator // 6. U = Hash (domain_parameter_seed) mod 2^(N–1). hash(d, seed, output); + BigInteger U = new BigInteger(1, output).mod(ONE.shiftLeft(N - 1)); // 7. q = 2^(N–1) + U + 1 – ( U mod 2). @@ -258,16 +308,17 @@ public class DSAParametersGenerator { // 11.8 If p is determined to be prime, then return VALID and the values of p, q and // (optionally) the values of domain_parameter_seed and counter. - // TODO Make configurable (8-bit unsigned)? -// int index = 1; -// BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, index); -// if (g != null) -// { -// // TODO Should 'index' be a part of the validation parameters? -// return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)); -// } + if (usageIndex >= 0) + { + BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, usageIndex); + if (g != null) + { + return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter, usageIndex)); + } + } BigInteger g = calculateGenerator_FIPS186_3_Unverifiable(p, q, random); + return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)); } @@ -286,34 +337,34 @@ public class DSAParametersGenerator return calculateGenerator_FIPS186_2(p, q, r); } -// private static BigInteger calculateGenerator_FIPS186_3_Verifiable(Digest d, BigInteger p, BigInteger q, -// byte[] seed, int index) -// { -//// A.2.3 Verifiable Canonical Generation of the Generator g -// BigInteger e = p.subtract(ONE).divide(q); -// byte[] ggen = Hex.decode("6767656E"); -// -// // 7. U = domain_parameter_seed || "ggen" || index || count. -// byte[] U = new byte[seed.length + ggen.length + 1 + 2]; -// System.arraycopy(seed, 0, U, 0, seed.length); -// System.arraycopy(ggen, 0, U, seed.length, ggen.length); -// U[U.length - 3] = (byte)index; -// -// byte[] w = new byte[d.getDigestSize()]; -// for (int count = 1; count < (1 << 16); ++count) -// { -// inc(U); -// hash(d, U, w); -// BigInteger W = new BigInteger(1, w); -// BigInteger g = W.modPow(e, p); -// if (g.compareTo(TWO) >= 0) -// { -// return g; -// } -// } -// -// return null; -// } + private static BigInteger calculateGenerator_FIPS186_3_Verifiable(Digest d, BigInteger p, BigInteger q, + byte[] seed, int index) + { +// A.2.3 Verifiable Canonical Generation of the Generator g + BigInteger e = p.subtract(ONE).divide(q); + byte[] ggen = Hex.decode("6767656E"); + + // 7. U = domain_parameter_seed || "ggen" || index || count. + byte[] U = new byte[seed.length + ggen.length + 1 + 2]; + System.arraycopy(seed, 0, U, 0, seed.length); + System.arraycopy(ggen, 0, U, seed.length, ggen.length); + U[U.length - 3] = (byte)index; + + byte[] w = new byte[d.getDigestSize()]; + for (int count = 1; count < (1 << 16); ++count) + { + inc(U); + hash(d, U, w); + BigInteger W = new BigInteger(1, w); + BigInteger g = W.modPow(e, p); + if (g.compareTo(TWO) >= 0) + { + return g; + } + } + + return null; + } private static void hash(Digest d, byte[] input, byte[] output) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java index 8fb1cc8..d9b82c3 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java @@ -125,11 +125,10 @@ public class PKCS12ParametersGenerator byte[] B = new byte[v]; int c = (n + u - 1) / u; + byte[] A = new byte[u]; for (int i = 1; i <= c; i++) { - byte[] A = new byte[u]; - digest.update(D, 0, D.length); digest.update(I, 0, I.length); digest.doFinal(A, 0); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java index a6d87b9..316de64 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java @@ -23,6 +23,7 @@ public class PKCS5S2ParametersGenerator extends PBEParametersGenerator { private Mac hMac; + private byte[] state; /** * construct a PKCS5 Scheme 2 Parameters generator. @@ -30,27 +31,27 @@ public class PKCS5S2ParametersGenerator public PKCS5S2ParametersGenerator() { // BEGIN android-changed - this(AndroidDigestFactory.getSHA1()); + this(AndroidDigestFactory.getSHA1()); // END android-changed } public PKCS5S2ParametersGenerator(Digest digest) { hMac = new HMac(digest); + state = new byte[hMac.getMacSize()]; } private void F( - byte[] P, byte[] S, int c, byte[] iBuf, byte[] out, int outOff) { - byte[] state = new byte[hMac.getMacSize()]; - CipherParameters param = new KeyParameter(P); - - hMac.init(param); + if (c == 0) + { + throw new IllegalArgumentException("iteration count must be at least 1."); + } if (S != null) { @@ -58,19 +59,12 @@ public class PKCS5S2ParametersGenerator } hMac.update(iBuf, 0, iBuf.length); - hMac.doFinal(state, 0); System.arraycopy(state, 0, out, outOff, state.length); - - if (c == 0) - { - throw new IllegalArgumentException("iteration count must be at least 1."); - } for (int count = 1; count < c; count++) { - hMac.init(param); hMac.update(state, 0, state.length); hMac.doFinal(state, 0); @@ -81,32 +75,33 @@ public class PKCS5S2ParametersGenerator } } - private void intToOctet( - byte[] buf, - int i) - { - buf[0] = (byte)(i >>> 24); - buf[1] = (byte)(i >>> 16); - buf[2] = (byte)(i >>> 8); - buf[3] = (byte)i; - } - private byte[] generateDerivedKey( int dkLen) { int hLen = hMac.getMacSize(); int l = (dkLen + hLen - 1) / hLen; byte[] iBuf = new byte[4]; - byte[] out = new byte[l * hLen]; + byte[] outBytes = new byte[l * hLen]; + int outPos = 0; + + CipherParameters param = new KeyParameter(password); + + hMac.init(param); for (int i = 1; i <= l; i++) { - intToOctet(iBuf, i); + // Increment the value in 'iBuf' + int pos = 3; + while (++iBuf[pos] == 0) + { + --pos; + } - F(password, salt, iterationCount, iBuf, out, (i - 1) * hLen); + F(salt, iterationCount, iBuf, outBytes, outPos); + outPos += hLen; } - return out; + return outBytes; } /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java index f5b931d..c70a981 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java @@ -8,6 +8,7 @@ import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.crypto.Mac; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.util.Integers; +import org.bouncycastle.util.Memoable; /** * HMAC implementation based on RFC2104 @@ -23,9 +24,11 @@ public class HMac private Digest digest; private int digestSize; private int blockLength; - + private Memoable ipadState; + private Memoable opadState; + private byte[] inputPad; - private byte[] outputPad; + private byte[] outputBuf; private static Hashtable blockLengths; @@ -95,14 +98,12 @@ public class HMac int byteLength) { this.digest = digest; - digestSize = digest.getDigestSize(); - + this.digestSize = digest.getDigestSize(); this.blockLength = byteLength; - - inputPad = new byte[blockLength]; - outputPad = new byte[blockLength]; + this.inputPad = new byte[blockLength]; + this.outputBuf = new byte[blockLength + digestSize]; } - + public String getAlgorithmName() { return digest.getAlgorithmName() + "/HMAC"; @@ -119,39 +120,43 @@ public class HMac digest.reset(); byte[] key = ((KeyParameter)params).getKey(); + int keyLength = key.length; - if (key.length > blockLength) + if (keyLength > blockLength) { - digest.update(key, 0, key.length); + digest.update(key, 0, keyLength); digest.doFinal(inputPad, 0); - for (int i = digestSize; i < inputPad.length; i++) - { - inputPad[i] = 0; - } + + keyLength = digestSize; } else { - System.arraycopy(key, 0, inputPad, 0, key.length); - for (int i = key.length; i < inputPad.length; i++) - { - inputPad[i] = 0; - } + System.arraycopy(key, 0, inputPad, 0, keyLength); } - outputPad = new byte[inputPad.length]; - System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length); - - for (int i = 0; i < inputPad.length; i++) + for (int i = keyLength; i < inputPad.length; i++) { - inputPad[i] ^= IPAD; + inputPad[i] = 0; } - for (int i = 0; i < outputPad.length; i++) + System.arraycopy(inputPad, 0, outputBuf, 0, blockLength); + + xorPad(inputPad, blockLength, IPAD); + xorPad(outputBuf, blockLength, OPAD); + + if (digest instanceof Memoable) { - outputPad[i] ^= OPAD; + opadState = ((Memoable)digest).copy(); + + ((Digest)opadState).update(outputBuf, 0, blockLength); } digest.update(inputPad, 0, inputPad.length); + + if (digest instanceof Memoable) + { + ipadState = ((Memoable)digest).copy(); + } } public int getMacSize() @@ -177,15 +182,33 @@ public class HMac byte[] out, int outOff) { - byte[] tmp = new byte[digestSize]; - digest.doFinal(tmp, 0); + digest.doFinal(outputBuf, blockLength); - digest.update(outputPad, 0, outputPad.length); - digest.update(tmp, 0, tmp.length); + if (opadState != null) + { + ((Memoable)digest).reset(opadState); + digest.update(outputBuf, blockLength, digest.getDigestSize()); + } + else + { + digest.update(outputBuf, 0, outputBuf.length); + } - int len = digest.doFinal(out, outOff); + int len = digest.doFinal(out, outOff); - reset(); + for (int i = blockLength; i < outputBuf.length; i++) + { + outputBuf[i] = 0; + } + + if (ipadState != null) + { + ((Memoable)digest).reset(ipadState); + } + else + { + digest.update(inputPad, 0, inputPad.length); + } return len; } @@ -205,4 +228,12 @@ public class HMac */ digest.update(inputPad, 0, inputPad.length); } + + private static void xorPad(byte[] pad, int len, byte n) + { + for (int i = 0; i < len; ++i) + { + pad[i] ^= n; + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java index 18a3425..9a6e2e0 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java @@ -87,6 +87,11 @@ public class CCMBlockCipher { throw new IllegalArgumentException("invalid parameters passed to CCM"); } + + if (nonce == null || nonce.length < 7 || nonce.length > 13) + { + throw new IllegalArgumentException("nonce must have length from 7 to 13 octets"); + } } public String getAlgorithmName() @@ -183,22 +188,31 @@ public class CCMBlockCipher throw new IllegalStateException("CCM cipher unitialized."); } - BlockCipher ctrCipher = new SICBlockCipher(cipher); - byte[] iv = new byte[blockSize]; - byte[] out; - - iv[0] = (byte)(((15 - nonce.length) - 1) & 0x7); + int n = nonce.length; + int q = 15 - n; + if (q < 4) + { + int limitLen = 1 << (8 * q); + if (inLen >= limitLen) + { + throw new IllegalStateException("CCM packet too large for choice of q."); + } + } + byte[] iv = new byte[blockSize]; + iv[0] = (byte)((q - 1) & 0x7); System.arraycopy(nonce, 0, iv, 1, nonce.length); + BlockCipher ctrCipher = new SICBlockCipher(cipher); ctrCipher.init(forEncryption, new ParametersWithIV(keyParam, iv)); + int index = inOff; + int outOff = 0; + byte[] output; + if (forEncryption) { - int index = inOff; - int outOff = 0; - - out = new byte[inLen + macSize]; + output = new byte[inLen + macSize]; calculateMac(in, inOff, inLen, macBlock); @@ -206,7 +220,7 @@ public class CCMBlockCipher while (index < inLen - blockSize) // S1... { - ctrCipher.processBlock(in, index, out, outOff); + ctrCipher.processBlock(in, index, output, outOff); outOff += blockSize; index += blockSize; } @@ -217,18 +231,15 @@ public class CCMBlockCipher ctrCipher.processBlock(block, 0, block, 0); - System.arraycopy(block, 0, out, outOff, inLen - index); + System.arraycopy(block, 0, output, outOff, inLen - index); outOff += inLen - index; - System.arraycopy(macBlock, 0, out, outOff, out.length - outOff); + System.arraycopy(macBlock, 0, output, outOff, output.length - outOff); } else { - int index = inOff; - int outOff = 0; - - out = new byte[inLen - macSize]; + output = new byte[inLen - macSize]; System.arraycopy(in, inOff + inLen - macSize, macBlock, 0, macSize); @@ -239,24 +250,24 @@ public class CCMBlockCipher macBlock[i] = 0; } - while (outOff < out.length - blockSize) + while (outOff < output.length - blockSize) { - ctrCipher.processBlock(in, index, out, outOff); + ctrCipher.processBlock(in, index, output, outOff); outOff += blockSize; index += blockSize; } byte[] block = new byte[blockSize]; - System.arraycopy(in, index, block, 0, out.length - outOff); + System.arraycopy(in, index, block, 0, output.length - outOff); ctrCipher.processBlock(block, 0, block, 0); - System.arraycopy(block, 0, out, outOff, out.length - outOff); + System.arraycopy(block, 0, output, outOff, output.length - outOff); byte[] calculatedMacBlock = new byte[blockSize]; - calculateMac(out, 0, out.length, calculatedMacBlock); + calculateMac(output, 0, output.length, calculatedMacBlock); if (!Arrays.constantTimeAreEqual(macBlock, calculatedMacBlock)) { @@ -264,7 +275,7 @@ public class CCMBlockCipher } } - return out; + return output; } private int calculateMac(byte[] data, int dataOff, int dataLen, byte[] macBlock) @@ -340,13 +351,13 @@ public class CCMBlockCipher extra = (extra + textLength) % 16; if (extra != 0) { - for (int i = 0; i != 16 - extra; i++) + for (int i = extra; i != 16; i++) { cMac.update((byte)0x00); } } } - + // // add the text // diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java new file mode 100644 index 0000000..ba841b8 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java @@ -0,0 +1,80 @@ +package org.bouncycastle.crypto.params; + +import java.security.SecureRandom; + +public class DSAParameterGenerationParameters +{ + public static final int DIGITAL_SIGNATURE_USAGE = 1; + public static final int KEY_ESTABLISHMENT_USAGE = 2; + + private final int l; + private final int n; + private final int usageIndex; + private final int certainty; + private final SecureRandom random; + + /** + * Construct without a usage index, this will do a random construction of G. + * + * @param L desired length of prime P in bits (the effective key size). + * @param N desired length of prime Q in bits. + * @param certainty certainty level for prime number generation. + * @param random the source of randomness to use. + */ + public DSAParameterGenerationParameters( + int L, + int N, + int certainty, + SecureRandom random) + { + this(L, N, certainty, random, -1); + } + + /** + * Construct for a specific usage index - this has the effect of using verifiable canonical generation of G. + * + * @param L desired length of prime P in bits (the effective key size). + * @param N desired length of prime Q in bits. + * @param certainty certainty level for prime number generation. + * @param random the source of randomness to use. + * @param usageIndex a valid usage index. + */ + public DSAParameterGenerationParameters( + int L, + int N, + int certainty, + SecureRandom random, + int usageIndex) + { + this.l = L; + this.n = N; + this.certainty = certainty; + this.usageIndex = usageIndex; + this.random = random; + } + + public int getL() + { + return l; + } + + public int getN() + { + return n; + } + + public int getCertainty() + { + return certainty; + } + + public SecureRandom getRandom() + { + return random; + } + + public int getUsageIndex() + { + return usageIndex; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java index 1cc4b93..07d93d0 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java @@ -4,6 +4,7 @@ import org.bouncycastle.util.Arrays; public class DSAValidationParameters { + private int usageIndex; private byte[] seed; private int counter; @@ -11,8 +12,17 @@ public class DSAValidationParameters byte[] seed, int counter) { + this(seed, counter, -1); + } + + public DSAValidationParameters( + byte[] seed, + int counter, + int usageIndex) + { this.seed = seed; this.counter = counter; + this.usageIndex = usageIndex; } public int getCounter() @@ -25,6 +35,11 @@ public class DSAValidationParameters return seed; } + public int getUsageIndex() + { + return usageIndex; + } + public int hashCode() { return counter ^ Arrays.hashCode(seed); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java index 95a3ec9..05a1327 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java @@ -5,26 +5,23 @@ import java.math.BigInteger; import org.bouncycastle.math.ec.ECConstants; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; +import org.bouncycastle.util.Arrays; public class ECDomainParameters implements ECConstants { - ECCurve curve; - byte[] seed; - ECPoint G; - BigInteger n; - BigInteger h; + private ECCurve curve; + private byte[] seed; + private ECPoint G; + private BigInteger n; + private BigInteger h; public ECDomainParameters( ECCurve curve, ECPoint G, BigInteger n) { - this.curve = curve; - this.G = G; - this.n = n; - this.h = ONE; - this.seed = null; + this(curve, G, n, ONE, null); } public ECDomainParameters( @@ -33,11 +30,7 @@ public class ECDomainParameters BigInteger n, BigInteger h) { - this.curve = curve; - this.G = G; - this.n = n; - this.h = h; - this.seed = null; + this(curve, G, n, h, null); } public ECDomainParameters( @@ -76,6 +69,6 @@ public class ECDomainParameters public byte[] getSeed() { - return seed; + return Arrays.clone(seed); } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java index dac6efe..a80c574 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java @@ -137,6 +137,12 @@ public class ECDSASigner ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2); + // components must be bogus. + if (point.isInfinity()) + { + return false; + } + BigInteger v = point.getX().toBigInteger().mod(n); return v.equals(r); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java index 857b765..f0da0bf 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java @@ -20,6 +20,13 @@ public abstract class Pack } } + public static byte[] intToBigEndian(int n) + { + byte[] bs = new byte[4]; + intToBigEndian(n, bs, 0); + return bs; + } + public static void intToBigEndian(int n, byte[] bs, int off) { bs[ off] = (byte)(n >>> 24); @@ -28,6 +35,13 @@ public abstract class Pack bs[++off] = (byte)(n ); } + public static byte[] intToBigEndian(int[] ns) + { + byte[] bs = new byte[4 * ns.length]; + intToBigEndian(ns, bs, 0); + return bs; + } + public static void intToBigEndian(int[] ns, byte[] bs, int off) { for (int i = 0; i < ns.length; ++i) @@ -44,12 +58,44 @@ public abstract class Pack return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL); } + public static void bigEndianToLong(byte[] bs, int off, long[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = bigEndianToLong(bs, off); + off += 8; + } + } + + public static byte[] longToBigEndian(long n) + { + byte[] bs = new byte[8]; + longToBigEndian(n, bs, 0); + return bs; + } + public static void longToBigEndian(long n, byte[] bs, int off) { intToBigEndian((int)(n >>> 32), bs, off); intToBigEndian((int)(n & 0xffffffffL), bs, off + 4); } + public static byte[] longToBigEndian(long[] ns) + { + byte[] bs = new byte[8 * ns.length]; + longToBigEndian(ns, bs, 0); + return bs; + } + + public static void longToBigEndian(long[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + longToBigEndian(ns[i], bs, off); + off += 8; + } + } + public static int littleEndianToInt(byte[] bs, int off) { int n = bs[ off] & 0xff; @@ -60,13 +106,20 @@ public abstract class Pack } public static void littleEndianToInt(byte[] bs, int off, int[] ns) - { - for (int i = 0; i < ns.length; ++i) - { - ns[i] = littleEndianToInt(bs, off); - off += 4; - } - } + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = littleEndianToInt(bs, off); + off += 4; + } + } + + public static byte[] intToLittleEndian(int n) + { + byte[] bs = new byte[4]; + intToLittleEndian(n, bs, 0); + return bs; + } public static void intToLittleEndian(int n, byte[] bs, int off) { @@ -76,14 +129,21 @@ public abstract class Pack bs[++off] = (byte)(n >>> 24); } - public static void intToLittleEndian(int[] ns, byte[] bs, int off) - { - for (int i = 0; i < ns.length; ++i) - { - intToLittleEndian(ns[i], bs, off); - off += 4; - } - } + public static byte[] intToLittleEndian(int[] ns) + { + byte[] bs = new byte[4 * ns.length]; + intToLittleEndian(ns, bs, 0); + return bs; + } + + public static void intToLittleEndian(int[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + intToLittleEndian(ns[i], bs, off); + off += 4; + } + } public static long littleEndianToLong(byte[] bs, int off) { @@ -92,9 +152,41 @@ public abstract class Pack return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL); } + public static void littleEndianToLong(byte[] bs, int off, long[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = littleEndianToLong(bs, off); + off += 8; + } + } + + public static byte[] longToLittleEndian(long n) + { + byte[] bs = new byte[8]; + longToLittleEndian(n, bs, 0); + return bs; + } + public static void longToLittleEndian(long n, byte[] bs, int off) { intToLittleEndian((int)(n & 0xffffffffL), bs, off); intToLittleEndian((int)(n >>> 32), bs, off + 4); } + + public static byte[] longToLittleEndian(long[] ns) + { + byte[] bs = new byte[8 * ns.length]; + longToLittleEndian(ns, bs, 0); + return bs; + } + + public static void longToLittleEndian(long[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + longToLittleEndian(ns[i], bs, off); + off += 8; + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java index ba7dd80..28a1a6a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java @@ -37,7 +37,6 @@ public class DH // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); - // provider.addAlgorithm("KeyPairGenerator.IES", PREFIX + "KeyPairGeneratorSpi"); // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java index 8f93a68..8d50a54 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java @@ -99,6 +99,8 @@ public class EC // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); + // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java index 2e5ee56..d850e5d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java @@ -7,25 +7,36 @@ import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.DSAParameterSpec; +import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.generators.DSAParametersGenerator; +import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.jce.provider.BouncyCastleProvider; -//import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -//import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; public class AlgorithmParameterGeneratorSpi extends java.security.AlgorithmParameterGeneratorSpi { protected SecureRandom random; protected int strength = 1024; + protected DSAParameterGenerationParameters params; protected void engineInit( int strength, SecureRandom random) { - if (strength < 512 || strength > 1024 || strength % 64 != 0) + if (strength < 512 || strength > 3072) { - throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64"); + throw new InvalidParameterException("strength must be from 512 - 3072"); + } + + if (strength <= 1024 && strength % 64 != 0) + { + throw new InvalidParameterException("strength must be a multiple of 64 below 1024 bits."); + } + + if (strength > 1024 && strength % 1024 != 0) + { + throw new InvalidParameterException("strength must be a multiple of 1024 above 1024 bits."); } this.strength = strength; @@ -42,15 +53,35 @@ public class AlgorithmParameterGeneratorSpi protected AlgorithmParameters engineGenerateParameters() { - DSAParametersGenerator pGen = new DSAParametersGenerator(); + DSAParametersGenerator pGen; - if (random != null) + if (strength <= 1024) { - pGen.init(strength, 20, random); + pGen = new DSAParametersGenerator(); } else { - pGen.init(strength, 20, new SecureRandom()); + pGen = new DSAParametersGenerator(new SHA256Digest()); + } + + if (random == null) + { + random = new SecureRandom(); + } + + if (strength == 1024) + { + params = new DSAParameterGenerationParameters(1024, 160, 80, random); + pGen.init(params); + } + else if (strength > 1024) + { + params = new DSAParameterGenerationParameters(strength, 256, 80, random); + pGen.init(params); + } + else + { + pGen.init(strength, 20, random); } DSAParameters p = pGen.generateParameters(); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java index 1ddb815..61fa33c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java @@ -7,7 +7,6 @@ import java.security.spec.InvalidParameterSpecException; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.x509.DSAParameter; public class AlgorithmParametersSpi diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java index d9d5857..c8b326f 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java @@ -57,11 +57,6 @@ public class DSASigner { CipherParameters param; -// if (publicKey instanceof GOST3410Key) -// { -// param = GOST3410Util.generatePublicKeyParameter(publicKey); -// } -// else if (publicKey instanceof DSAKey) if (publicKey instanceof DSAKey) { param = DSAUtil.generatePublicKeyParameter(publicKey); @@ -108,14 +103,7 @@ public class DSASigner { CipherParameters param; -// if (privateKey instanceof GOST3410Key) -// { -// param = GOST3410Util.generatePrivateKeyParameter(privateKey); -// } -// else -// { - param = DSAUtil.generatePrivateKeyParameter(privateKey); -// } + param = DSAUtil.generatePrivateKeyParameter(privateKey); if (random != null) { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java index f34f482..3d64c83 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java @@ -31,6 +31,8 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.interfaces.ECPointEncoder; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java index 14cc9dc..2b61727 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java @@ -26,6 +26,8 @@ import org.bouncycastle.asn1.x9.X9IntegerConverter; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.interfaces.ECPointEncoder; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java index cade228..35a804c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java @@ -37,6 +37,7 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters; // import org.bouncycastle.crypto.params.MQVPrivateParameters; // import org.bouncycastle.crypto.params.MQVPublicParameters; // END android-removed +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; // BEGIN android-removed diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java index 156b1d0..5769bac 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java @@ -15,6 +15,7 @@ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; import org.bouncycastle.jce.provider.BouncyCastleProvider; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java index 4cbefb6..c0c825c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java @@ -23,6 +23,7 @@ import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECKeyGenerationParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java index 86a407c..c6b4bce 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java @@ -8,9 +8,9 @@ import java.security.PublicKey; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DSA; @@ -34,6 +34,7 @@ import org.bouncycastle.crypto.signers.ECDSASigner; // END android-removed import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; public class SignatureSpi extends DSABase @@ -215,6 +216,24 @@ public class SignatureSpi // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); // } // } + // + // static public class ecCVCDSA384 + // extends SignatureSpi + // { + // public ecCVCDSA384() + // { + // super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } + // + // static public class ecCVCDSA512 + // extends SignatureSpi + // { + // public ecCVCDSA512() + // { + // super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } // END android-removed private static class StdDSAEncoder @@ -227,8 +246,8 @@ public class SignatureSpi { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(r)); - v.add(new DERInteger(s)); + v.add(new ASN1Integer(r)); + v.add(new ASN1Integer(s)); return new DERSequence(v).getEncoded(ASN1Encoding.DER); } @@ -240,8 +259,8 @@ public class SignatureSpi ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); BigInteger[] sig = new BigInteger[2]; - sig[0] = ((DERInteger)s.getObjectAt(0)).getValue(); - sig[1] = ((DERInteger)s.getObjectAt(1)).getValue(); + sig[0] = ASN1Integer.getInstance(s.getObjectAt(0)).getValue(); + sig[1] = ASN1Integer.getInstance(s.getObjectAt(1)).getValue(); return sig; } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java index 4bd7805..52c84ec 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; +package org.bouncycastle.jcajce.provider.asymmetric.util; import java.security.InvalidKeyException; import java.security.PrivateKey; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java index 38025e7..d4065ac 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.util; import java.math.BigInteger; import java.security.spec.ECField; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java index 820bf4b..442b340 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; +package org.bouncycastle.jcajce.provider.asymmetric.util; import java.security.InvalidKeyException; import java.security.PrivateKey; @@ -21,6 +21,7 @@ import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; import org.bouncycastle.jce.provider.BouncyCastleProvider; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java index 5b79864..03a1fe8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java @@ -24,8 +24,6 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.jce.provider.X509CRLObject; -import org.bouncycastle.jce.provider.X509CertificateObject; /** * class for dealing with X509 certificates. @@ -334,9 +332,7 @@ public class CertificateFactory public Iterator engineGetCertPathEncodings() { - // BEGIN android-changed return PKIXCertPath.certPathEncodings.iterator(); - // END android-changed } public CertPath engineGenerateCertPath( diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java new file mode 100644 index 0000000..e27acfb --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java @@ -0,0 +1,20 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.security.cert.CRLException; + +class ExtCRLException + extends CRLException +{ + Throwable cause; + + ExtCRLException(String message, Throwable cause) + { + super(message); + this.cause = cause; + } + + public Throwable getCause() + { + return cause; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java new file mode 100644 index 0000000..1888328 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java @@ -0,0 +1,301 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.cert.CRLException; +import java.security.cert.X509CRLEntry; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.CRLReason; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.TBSCertList; +import org.bouncycastle.asn1.x509.X509Extension; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRL Entries + * + * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer + * (critical) + */ +class X509CRLEntryObject extends X509CRLEntry +{ + private TBSCertList.CRLEntry c; + + private X500Name certificateIssuer; + private int hashValue; + private boolean isHashValueSet; + + public X509CRLEntryObject(TBSCertList.CRLEntry c) + { + this.c = c; + this.certificateIssuer = null; + } + + /** + * Constructor for CRLEntries of indirect CRLs. If <code>isIndirect</code> + * is <code>false</code> {@link #getCertificateIssuer()} will always + * return <code>null</code>, <code>previousCertificateIssuer</code> is + * ignored. If this <code>isIndirect</code> is specified and this CRLEntry + * has no certificate issuer CRL entry extension + * <code>previousCertificateIssuer</code> is returned by + * {@link #getCertificateIssuer()}. + * + * @param c + * TBSCertList.CRLEntry object. + * @param isIndirect + * <code>true</code> if the corresponding CRL is a indirect + * CRL. + * @param previousCertificateIssuer + * Certificate issuer of the previous CRLEntry. + */ + public X509CRLEntryObject( + TBSCertList.CRLEntry c, + boolean isIndirect, + X500Name previousCertificateIssuer) + { + this.c = c; + this.certificateIssuer = loadCertificateIssuer(isIndirect, previousCertificateIssuer); + } + + /** + * Will return true if any extensions are present and marked as critical as + * we currently don't handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + + return extns != null && !extns.isEmpty(); + } + + private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer) + { + if (!isIndirect) + { + return null; + } + + Extension ext = getExtension(Extension.certificateIssuer); + if (ext == null) + { + return previousCertificateIssuer; + } + + try + { + GeneralName[] names = GeneralNames.getInstance(ext.getParsedValue()).getNames(); + for (int i = 0; i < names.length; i++) + { + if (names[i].getTagNo() == GeneralName.directoryName) + { + return X500Name.getInstance(names[i].getName()); + } + } + return null; + } + catch (Exception e) + { + return null; + } + } + + public X500Principal getCertificateIssuer() + { + if (certificateIssuer == null) + { + return null; + } + try + { + return new X500Principal(certificateIssuer.getEncoded()); + } + catch (IOException e) + { + return null; + } + } + + private Set getExtensionOIDs(boolean critical) + { + Extensions extensions = c.getExtensions(); + + if (extensions != null) + { + Set set = new HashSet(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + private Extension getExtension(ASN1ObjectIdentifier oid) + { + Extensions exts = c.getExtensions(); + + if (exts != null) + { + return exts.getExtension(oid); + } + + return null; + } + + public byte[] getExtensionValue(String oid) + { + Extension ext = getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new RuntimeException("error encoding " + e.toString()); + } + } + + return null; + } + + /** + * Cache the hashCode value - calculating it with the standard method. + * @return calculated hashCode. + */ + public int hashCode() + { + if (!isHashValueSet) + { + hashValue = super.hashCode(); + isHashValueSet = true; + } + + return hashValue; + } + + public byte[] getEncoded() + throws CRLException + { + try + { + return c.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public BigInteger getSerialNumber() + { + return c.getUserCertificate().getValue(); + } + + public Date getRevocationDate() + { + return c.getRevocationDate().getDate(); + } + + public boolean hasExtensions() + { + return c.getExtensions() != null; + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); + buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); + buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl); + + Extensions extensions = c.getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + if (e.hasMoreElements()) + { + buf.append(" crlEntryExtensions:").append(nl); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append(ext.isCritical()).append(") "); + try + { + if (oid.equals(X509Extension.reasonCode)) + { + buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl); + } + else if (oid.equals(X509Extension.certificateIssuer)) + { + buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + } + + return buf.toString(); + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java new file mode 100644 index 0000000..2fc0826 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java @@ -0,0 +1,578 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.CRLException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509CRL; +import java.security.cert.X509CRLEntry; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.CRLDistPoint; +import org.bouncycastle.asn1.x509.CRLNumber; +import org.bouncycastle.asn1.x509.CertificateList; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.IssuingDistributionPoint; +import org.bouncycastle.asn1.x509.TBSCertList; +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; +import org.bouncycastle.util.encoders.Hex; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRLs + * + * Authority Key Identifier + * Issuer Alternative Name + * CRL Number + * Delta CRL Indicator (critical) + * Issuing Distribution Point (critical) + */ +class X509CRLObject + extends X509CRL +{ + private CertificateList c; + private String sigAlgName; + private byte[] sigAlgParams; + private boolean isIndirect; + + static boolean isIndirectCRL(X509CRL crl) + throws CRLException + { + try + { + byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); + return idp != null + && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(idp).getOctets()).isIndirectCRL(); + } + catch (Exception e) + { + throw new ExtCRLException( + "Exception reading IssuingDistributionPoint", e); + } + } + + public X509CRLObject( + CertificateList c) + throws CRLException + { + this.c = c; + + try + { + this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + + if (c.getSignatureAlgorithm().getParameters() != null) + { + this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + else + { + this.sigAlgParams = null; + } + + this.isIndirect = isIndirectCRL(this); + } + catch (Exception e) + { + throw new CRLException("CRL contents invalid: " + e); + } + } + + /** + * Will return true if any extensions are present and marked + * as critical as we currently dont handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + + if (extns == null) + { + return false; + } + + extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); + extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); + + return !extns.isEmpty(); + } + + private Set getExtensionOIDs(boolean critical) + { + if (this.getVersion() == 2) + { + Extensions extensions = c.getTBSCertList().getExtensions(); + + if (extensions != null) + { + Set set = new HashSet(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + public byte[] getExtensionValue(String oid) + { + Extensions exts = c.getTBSCertList().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new IllegalStateException("error parsing " + e.toString()); + } + } + } + + return null; + } + + public byte[] getEncoded() + throws CRLException + { + try + { + return c.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public void verify(PublicKey key) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + verify(key, BouncyCastleProvider.PROVIDER_NAME); + } + + public void verify(PublicKey key, String sigProvider) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) + { + throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); + } + + Signature sig; + + if (sigProvider != null) + { + sig = Signature.getInstance(getSigAlgName(), sigProvider); + } + else + { + sig = Signature.getInstance(getSigAlgName()); + } + + sig.initVerify(key); + sig.update(this.getTBSCertList()); + + if (!sig.verify(this.getSignature())) + { + throw new SignatureException("CRL does not verify with supplied public key."); + } + } + + public int getVersion() + { + return c.getVersionNumber(); + } + + public Principal getIssuerDN() + { + return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive())); + } + + public X500Principal getIssuerX500Principal() + { + try + { + return new X500Principal(c.getIssuer().getEncoded()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Date getThisUpdate() + { + return c.getThisUpdate().getDate(); + } + + public Date getNextUpdate() + { + if (c.getNextUpdate() != null) + { + return c.getNextUpdate().getDate(); + } + + return null; + } + + private Set loadCRLEntries() + { + Set entrySet = new HashSet(); + Enumeration certs = c.getRevokedCertificateEnumeration(); + + X500Name previousCertificateIssuer = null; // the issuer + while (certs.hasMoreElements()) + { + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + entrySet.add(crlEntry); + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + } + + return entrySet; + } + + public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) + { + Enumeration certs = c.getRevokedCertificateEnumeration(); + + X500Name previousCertificateIssuer = null; // the issuer + while (certs.hasMoreElements()) + { + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + + if (serialNumber.equals(entry.getUserCertificate().getValue())) + { + return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + } + + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + } + + return null; + } + + public Set getRevokedCertificates() + { + Set entrySet = loadCRLEntries(); + + if (!entrySet.isEmpty()) + { + return Collections.unmodifiableSet(entrySet); + } + + return null; + } + + public byte[] getTBSCertList() + throws CRLException + { + try + { + return c.getTBSCertList().getEncoded("DER"); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + public String getSigAlgName() + { + return sigAlgName; + } + + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getAlgorithm().getId(); + } + + public byte[] getSigAlgParams() + { + if (sigAlgParams != null) + { + byte[] tmp = new byte[sigAlgParams.length]; + + System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length); + + return tmp; + } + + return null; + } + + /** + * Returns a string representation of this CRL. + * + * @return a string representation of this CRL. + */ + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" Version: ").append(this.getVersion()).append( + nl); + buf.append(" IssuerDN: ").append(this.getIssuerDN()) + .append(nl); + buf.append(" This update: ").append(this.getThisUpdate()) + .append(nl); + buf.append(" Next update: ").append(this.getNextUpdate()) + .append(nl); + buf.append(" Signature Algorithm: ").append(this.getSigAlgName()) + .append(nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: ").append( + new String(Hex.encode(sig, 0, 20))).append(nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" ").append( + new String(Hex.encode(sig, i, 20))).append(nl); + } + else + { + buf.append(" ").append( + new String(Hex.encode(sig, i, sig.length - i))).append(nl); + } + } + + Extensions extensions = c.getTBSCertList().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: ").append(nl); + } + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append( + ext.isCritical()).append(") "); + try + { + if (oid.equals(Extension.cRLNumber)) + { + buf.append( + new CRLNumber(ASN1Integer.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid.equals(Extension.deltaCRLIndicator)) + { + buf.append( + "Base CRL: " + + new CRLNumber(ASN1Integer.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid + .equals(Extension.issuingDistributionPoint)) + { + buf.append( + IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid + .equals(Extension.cRLDistributionPoints)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(Extension.freshestCRL)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append( + ASN1Dump.dumpAsString(dIn.readObject())) + .append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + Set set = getRevokedCertificates(); + if (set != null) + { + Iterator it = set.iterator(); + while (it.hasNext()) + { + buf.append(it.next()); + buf.append(nl); + } + } + return buf.toString(); + } + + /** + * Checks whether the given certificate is on this CRL. + * + * @param cert the certificate to check for. + * @return true if the given certificate is on this CRL, + * false otherwise. + */ + public boolean isRevoked(Certificate cert) + { + if (!cert.getType().equals("X.509")) + { + throw new RuntimeException("X.509 CRL used with non X.509 Cert"); + } + + TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + + X500Name caName = c.getIssuer(); + + if (certs != null) + { + BigInteger serial = ((X509Certificate)cert).getSerialNumber(); + + for (int i = 0; i < certs.length; i++) + { + if (isIndirect && certs[i].hasExtensions()) + { + Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + + if (certs[i].getUserCertificate().getValue().equals(serial)) + { + X500Name issuer; + + if (cert instanceof X509Certificate) + { + issuer = X500Name.getInstance(((X509Certificate)cert).getIssuerX500Principal().getEncoded()); + } + else + { + try + { + issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer(); + } + catch (CertificateEncodingException e) + { + throw new RuntimeException("Cannot process certificate"); + } + } + + if (!caName.equals(issuer)) + { + return false; + } + + return true; + } + } + } + + return false; + } +} + diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java new file mode 100644 index 0000000..6604b4a --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java @@ -0,0 +1,916 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OutputStream; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1String; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.misc.MiscObjectIdentifiers; +import org.bouncycastle.asn1.misc.NetscapeCertType; +import org.bouncycastle.asn1.misc.NetscapeRevocationURL; +import org.bouncycastle.asn1.misc.VerisignCzagExtension; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.style.RFC4519Style; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.KeyUsage; +// BEGIN android-added +import org.bouncycastle.asn1.x509.X509Name; +// END android-added +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Integers; +import org.bouncycastle.util.encoders.Hex; + +class X509CertificateObject + extends X509Certificate + implements PKCS12BagAttributeCarrier +{ + private org.bouncycastle.asn1.x509.Certificate c; + private BasicConstraints basicConstraints; + private boolean[] keyUsage; + private boolean hashValueSet; + private int hashValue; + + private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl(); + + public X509CertificateObject( + org.bouncycastle.asn1.x509.Certificate c) + throws CertificateParsingException + { + this.c = c; + + try + { + byte[] bytes = this.getExtensionBytes("2.5.29.19"); + + if (bytes != null) + { + basicConstraints = BasicConstraints.getInstance(ASN1Primitive.fromByteArray(bytes)); + } + } + catch (Exception e) + { + throw new CertificateParsingException("cannot construct BasicConstraints: " + e); + } + + try + { + byte[] bytes = this.getExtensionBytes("2.5.29.15"); + if (bytes != null) + { + DERBitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); + + bytes = bits.getBytes(); + int length = (bytes.length * 8) - bits.getPadBits(); + + keyUsage = new boolean[(length < 9) ? 9 : length]; + + for (int i = 0; i != length; i++) + { + keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + } + else + { + keyUsage = null; + } + } + catch (Exception e) + { + throw new CertificateParsingException("cannot construct KeyUsage: " + e); + } + } + + public void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException + { + this.checkValidity(new Date()); + } + + public void checkValidity( + Date date) + throws CertificateExpiredException, CertificateNotYetValidException + { + if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility + { + throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); + } + + if (date.getTime() < this.getNotBefore().getTime()) + { + throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); + } + } + + public int getVersion() + { + return c.getVersionNumber(); + } + + public BigInteger getSerialNumber() + { + return c.getSerialNumber().getValue(); + } + + public Principal getIssuerDN() + { + try + { + return new X509Principal(X500Name.getInstance(c.getIssuer().getEncoded())); + } + catch (IOException e) + { + return null; + } + } + + public X500Principal getIssuerX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getIssuer()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Principal getSubjectDN() + { + return new X509Principal(X500Name.getInstance(c.getSubject().toASN1Primitive())); + } + + public X500Principal getSubjectX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getSubject()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Date getNotBefore() + { + return c.getStartDate().getDate(); + } + + public Date getNotAfter() + { + return c.getEndDate().getDate(); + } + + public byte[] getTBSCertificate() + throws CertificateEncodingException + { + try + { + return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CertificateEncodingException(e.toString()); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + /** + * return a more "meaningful" representation for the signature algorithm used in + * the certficate. + */ + public String getSigAlgName() + { + Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); + + if (prov != null) + { + String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + + if (algName != null) + { + return algName; + } + } + + Provider[] provs = Security.getProviders(); + + // + // search every provider looking for a real algorithm + // + for (int i = 0; i != provs.length; i++) + { + String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + if (algName != null) + { + return algName; + } + } + + return this.getSigAlgOID(); + } + + /** + * return the object identifier for the signature. + */ + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getAlgorithm().getId(); + } + + /** + * return the signature parameters, or null if there aren't any. + */ + public byte[] getSigAlgParams() + { + if (c.getSignatureAlgorithm().getParameters() != null) + { + try + { + return c.getSignatureAlgorithm().getParameters().toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } + } + else + { + return null; + } + } + + public boolean[] getIssuerUniqueID() + { + DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getSubjectUniqueID() + { + DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getKeyUsage() + { + return keyUsage; + } + + public List getExtendedKeyUsage() + throws CertificateParsingException + { + byte[] bytes = this.getExtensionBytes("2.5.29.37"); + + if (bytes != null) + { + try + { + ASN1InputStream dIn = new ASN1InputStream(bytes); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + List list = new ArrayList(); + + for (int i = 0; i != seq.size(); i++) + { + list.add(((ASN1ObjectIdentifier)seq.getObjectAt(i)).getId()); + } + + return Collections.unmodifiableList(list); + } + catch (Exception e) + { + throw new CertificateParsingException("error processing extended key usage extension"); + } + } + + return null; + } + + public int getBasicConstraints() + { + if (basicConstraints != null) + { + if (basicConstraints.isCA()) + { + if (basicConstraints.getPathLenConstraint() == null) + { + return Integer.MAX_VALUE; + } + else + { + return basicConstraints.getPathLenConstraint().intValue(); + } + } + else + { + return -1; + } + } + + return -1; + } + + public Collection getSubjectAlternativeNames() + throws CertificateParsingException + { + return getAlternativeNames(getExtensionBytes(Extension.subjectAlternativeName.getId())); + } + + public Collection getIssuerAlternativeNames() + throws CertificateParsingException + { + return getAlternativeNames(getExtensionBytes(Extension.issuerAlternativeName.getId())); + } + + public Set getCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + Set set = new HashSet(); + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + private byte[] getExtensionBytes(String oid) + { + Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + if (ext != null) + { + return ext.getExtnValue().getOctets(); + } + } + + return null; + } + + public byte[] getExtensionValue(String oid) + { + Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new IllegalStateException("error parsing " + e.toString()); + } + } + } + + return null; + } + + public Set getNonCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + Set set = new HashSet(); + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (!ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + public boolean hasUnsupportedCriticalExtension() + { + if (this.getVersion() == 3) + { + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + String oidId = oid.getId(); + + if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE) + || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES) + || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS) + || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY) + || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS) + || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT) + || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR) + || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS) + || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS) + || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME) + || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS)) + { + continue; + } + + Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + return true; + } + } + } + } + + return false; + } + + public PublicKey getPublicKey() + { + try + { + return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); + } + catch (IOException e) + { + return null; // should never happen... + } + } + + // BEGIN android-changed + private byte[] encoded; + // END android-changed + public byte[] getEncoded() + throws CertificateEncodingException + { + try + { + // BEGIN android-changed + if (encoded == null) { + encoded = c.getEncoded(ASN1Encoding.DER); + } + return encoded; + // END android-changed + } + catch (IOException e) + { + throw new CertificateEncodingException(e.toString()); + } + } + + public boolean equals( + Object o) + { + if (o == this) + { + return true; + } + + if (!(o instanceof Certificate)) + { + return false; + } + + Certificate other = (Certificate)o; + + try + { + byte[] b1 = this.getEncoded(); + byte[] b2 = other.getEncoded(); + + return Arrays.areEqual(b1, b2); + } + catch (CertificateEncodingException e) + { + return false; + } + } + + public synchronized int hashCode() + { + if (!hashValueSet) + { + hashValue = calculateHashCode(); + hashValueSet = true; + } + + return hashValue; + } + + private int calculateHashCode() + { + try + { + int hashCode = 0; + byte[] certData = this.getEncoded(); + for (int i = 1; i < certData.length; i++) + { + hashCode += certData[i] * i; + } + return hashCode; + } + catch (CertificateEncodingException e) + { + return 0; + } + } + + public void setBagAttribute( + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) + { + attrCarrier.setBagAttribute(oid, attribute); + } + + public ASN1Encodable getBagAttribute( + ASN1ObjectIdentifier oid) + { + return attrCarrier.getBagAttribute(oid); + } + + public Enumeration getBagAttributeKeys() + { + return attrCarrier.getBagAttributeKeys(); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" [0] Version: ").append(this.getVersion()).append(nl); + buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); + buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl); + buf.append(" Start Date: ").append(this.getNotBefore()).append(nl); + buf.append(" Final Date: ").append(this.getNotAfter()).append(nl); + buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl); + buf.append(" Public Key: ").append(this.getPublicKey()).append(nl); + buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl); + } + else + { + buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl); + } + } + + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: \n"); + } + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append(ext.isCritical()).append(") "); + try + { + if (oid.equals(Extension.basicConstraints)) + { + buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(Extension.keyUsage)) + { + buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) + { + buf.append(new NetscapeCertType((DERBitString)dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) + { + buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) + { + buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); + //buf.append(" value = ").append("*****").append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + // buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + + return buf.toString(); + } + + public final void verify( + PublicKey key) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + Signature signature; + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + + try + { + signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME); + } + catch (Exception e) + { + signature = Signature.getInstance(sigName); + } + + checkSignature(key, signature); + } + + public final void verify( + PublicKey key, + String sigProvider) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + Signature signature = Signature.getInstance(sigName, sigProvider); + + checkSignature(key, signature); + } + + private void checkSignature( + PublicKey key, + Signature signature) + throws CertificateException, NoSuchAlgorithmException, + SignatureException, InvalidKeyException + { + if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) + { + throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); + } + + ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); + + // TODO This should go after the initVerify? + X509SignatureUtil.setSignatureParameters(signature, params); + + signature.initVerify(key); + + signature.update(this.getTBSCertificate()); + + if (!signature.verify(this.getSignature())) + { + throw new SignatureException("certificate does not verify with supplied key"); + } + } + + private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) + { + if (!id1.getAlgorithm().equals(id2.getAlgorithm())) + { + return false; + } + + if (id1.getParameters() == null) + { + if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + if (id2.getParameters() == null) + { + if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + return id1.getParameters().equals(id2.getParameters()); + } + + private static Collection getAlternativeNames(byte[] extVal) + throws CertificateParsingException + { + if (extVal == null) + { + return null; + } + try + { + Collection temp = new ArrayList(); + Enumeration it = ASN1Sequence.getInstance(extVal).getObjects(); + while (it.hasMoreElements()) + { + GeneralName genName = GeneralName.getInstance(it.nextElement()); + List list = new ArrayList(); + list.add(Integers.valueOf(genName.getTagNo())); + switch (genName.getTagNo()) + { + case GeneralName.ediPartyName: + case GeneralName.x400Address: + case GeneralName.otherName: + list.add(genName.getEncoded()); + break; + case GeneralName.directoryName: + // BEGIN android-changed + list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); + // END android-changed + break; + case GeneralName.dNSName: + case GeneralName.rfc822Name: + case GeneralName.uniformResourceIdentifier: + list.add(((ASN1String)genName.getName()).getString()); + break; + case GeneralName.registeredID: + list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); + break; + case GeneralName.iPAddress: + byte[] addrBytes = DEROctetString.getInstance(genName.getName()).getOctets(); + final String addr; + try + { + addr = InetAddress.getByAddress(addrBytes).getHostAddress(); + } + catch (UnknownHostException e) + { + continue; + } + list.add(addr); + break; + default: + throw new IOException("Bad tag number: " + genName.getTagNo()); + } + + temp.add(Collections.unmodifiableList(list)); + } + if (temp.size() == 0) + { + return null; + } + return Collections.unmodifiableCollection(temp); + } + catch (Exception e) + { + throw new CertificateParsingException(e.getMessage()); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java new file mode 100644 index 0000000..4ca9e89 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java @@ -0,0 +1,144 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.PSSParameterSpec; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Null; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERObjectIdentifier; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + +class X509SignatureUtil +{ + private static final ASN1Null derNull = DERNull.INSTANCE; + + static void setSignatureParameters( + Signature signature, + ASN1Encodable params) + throws NoSuchAlgorithmException, SignatureException, InvalidKeyException + { + if (params != null && !derNull.equals(params)) + { + AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); + + try + { + sigParams.init(params.toASN1Primitive().getEncoded()); + } + catch (IOException e) + { + throw new SignatureException("IOException decoding parameters: " + e.getMessage()); + } + + if (signature.getAlgorithm().endsWith("MGF1")) + { + try + { + signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); + } + catch (GeneralSecurityException e) + { + throw new SignatureException("Exception extracting parameters: " + e.getMessage()); + } + } + } + } + + static String getSignatureName( + AlgorithmIdentifier sigAlgId) + { + ASN1Encodable params = sigAlgId.getParameters(); + + if (params != null && !derNull.equals(params)) + { + if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) + { + RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); + + return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; + } + if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) + { + ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); + + return getDigestAlgName((DERObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA"; + } + } + + return sigAlgId.getAlgorithm().getId(); + } + + /** + * Return the digest algorithm using one of the standard JCA string + * representations rather the the algorithm identifier (if possible). + */ + private static String getDigestAlgName( + DERObjectIdentifier digestAlgOID) + { + if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) + { + return "MD5"; + } + else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) + { + return "SHA1"; + } + else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) + { + return "SHA224"; + } + else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) + { + return "SHA256"; + } + else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) + { + return "SHA384"; + } + else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) + { + return "SHA512"; + } + // BEGIN android-removed + // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) + // { + // return "RIPEMD128"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) + // { + // return "RIPEMD160"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) + // { + // return "RIPEMD256"; + // } + // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) + // { + // return "GOST3411"; + // } + // END android-removed + else + { + return digestAlgOID.getId(); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index c3f148b..05bfa1c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -12,22 +12,22 @@ public interface ConfigurableProvider /** * Elliptic Curve CA parameters - thread local version */ - static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; + static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; /** * Elliptic Curve CA parameters - thread local version */ - static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; + static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; /** * Diffie-Hellman Default Parameters - thread local version */ - static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; + static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; /** * Diffie-Hellman Default Parameters - VM wide version */ - static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; + static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; void setParameter(String parameterName, Object parameter); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java new file mode 100644 index 0000000..36a32b1 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java @@ -0,0 +1,51 @@ +package org.bouncycastle.jcajce.provider.config; + +import java.io.OutputStream; +import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStore.ProtectionParameter; + +public class PKCS12StoreParameter + implements LoadStoreParameter +{ + private final OutputStream out; + private final ProtectionParameter protectionParameter; + private final boolean forDEREncoding; + + public PKCS12StoreParameter(OutputStream out, char[] password) + { + this(out, password, false); + } + + public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter) + { + this(out, protectionParameter, false); + } + + public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREncoding) + { + this(out, new KeyStore.PasswordProtection(password), forDEREncoding); + } + + public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding) + { + this.out = out; + this.protectionParameter = protectionParameter; + this.forDEREncoding = forDEREncoding; + } + + public OutputStream getOutputStream() + { + return out; + } + + public ProtectionParameter getProtectionParameter() + { + return protectionParameter; + } + + public boolean isForDEREncoding() + { + return forDEREncoding; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java index 6834e3c..93a7d71 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java @@ -7,15 +7,20 @@ import org.bouncycastle.crypto.digests.MD5Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class MD5 { + private MD5() + { + + } + /** - * MD5 HMac + * MD5 HashMac */ public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java index 2a9eceb..df5d41a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java @@ -1,17 +1,33 @@ package org.bouncycastle.jcajce.provider.digest; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.spec.PBEKeySpec; + import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; public class SHA1 { + private SHA1() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -35,7 +51,7 @@ public class SHA1 * SHA1 HMac */ public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -52,6 +68,103 @@ public class SHA1 } } + /** + * SHA1 HMac + */ + public static class SHA1Mac + extends BaseMac + { + public SHA1Mac() + { + super(new HMac(new SHA1Digest())); + } + } + + /** + * PBEWithHmacSHA + */ + public static class PBEWithMacKeyFactory + extends PBESecretKeyFactory + { + public PBEWithMacKeyFactory() + { + super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); + } + } + + + public static class BasePBKDF2WithHmacSHA1 + extends BaseSecretKeyFactory + { + private int scheme; + + public BasePBKDF2WithHmacSHA1(String name, int scheme) + { + super(name, PKCSObjectIdentifiers.id_PBKDF2); + + this.scheme = scheme; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + + if (pbeSpec.getSalt() == null) + { + throw new InvalidKeySpecException("missing required salt"); + } + + if (pbeSpec.getIterationCount() <= 0) + { + throw new InvalidKeySpecException("positive iteration count required: " + + pbeSpec.getIterationCount()); + } + + if (pbeSpec.getKeyLength() <= 0) + { + throw new InvalidKeySpecException("positive key length required: " + + pbeSpec.getKeyLength()); + } + + if (pbeSpec.getPassword().length == 0) + { + throw new IllegalArgumentException("password empty"); + } + + int digest = SHA1; + int keySize = pbeSpec.getKeyLength(); + int ivSize = -1; // JDK 1,2 and earlier does not understand simplified version. + CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + + public static class PBKDF2WithHmacSHA1UTF8 + extends BasePBKDF2WithHmacSHA1 + { + public PBKDF2WithHmacSHA1UTF8() + { + super("PBKDF2WithHmacSHA1", PKCS5S2_UTF8); + } + } + + public static class PBKDF2WithHmacSHA18BIT + extends BasePBKDF2WithHmacSHA1 + { + public PBKDF2WithHmacSHA18BIT() + { + super("PBKDF2WithHmacSHA1And8bit", PKCS5S2); + } + } + public static class Mappings extends DigestAlgorithmProvider { @@ -71,6 +184,18 @@ public class SHA1 addHMACAlgorithm(provider, "SHA1", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); addHMACAlias(provider, "SHA1", IANAObjectIdentifiers.hmacSHA1); + + provider.addAlgorithm("Mac.PBEWITHHMACSHA", PREFIX + "$SHA1Mac"); + provider.addAlgorithm("Mac.PBEWITHHMACSHA1", PREFIX + "$SHA1Mac"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA1"); + provider.addAlgorithm("Alg.Alias.Mac." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA1", PREFIX + "$PBEWithMacKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1", PREFIX + "$PBKDF2WithHmacSHA1UTF8"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2WithHmacSHA1"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WithHmacSHA1AndUTF8", "PBKDF2WithHmacSHA1"); + provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java index 4e25c39..4504f30 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -7,10 +7,16 @@ import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; public class SHA256 { + private SHA256() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -31,7 +37,7 @@ public class SHA256 } public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -39,7 +45,21 @@ public class SHA256 } } - /** + // BEGIN android-removed + // /** + // * PBEWithHmacSHA + // */ + // public static class PBEWithMacKeyFactory + // extends PBESecretKeyFactory + // { + // public PBEWithMacKeyFactory() + // { + // super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); + // } + // } + // END android-removed + + /** * HMACSHA256 */ public static class KeyGenerator @@ -66,8 +86,15 @@ public class SHA256 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); + // END android-removed + addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); + addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java index c724310..e563579 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -5,12 +5,20 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.digests.SHA384Digest; import org.bouncycastle.crypto.macs.HMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class SHA384 { + private SHA384() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -31,7 +39,7 @@ public class SHA384 } public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -51,6 +59,17 @@ public class SHA384 } } + // BEGIN android-removed + // public static class OldSHA384 + // extends BaseMac + // { + // public OldSHA384() + // { + // super(new OldHMac(new SHA384Digest())); + // } + // } + // END android-removed + public static class Mappings extends DigestAlgorithmProvider { @@ -65,6 +84,9 @@ public class SHA384 provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); + // BEGIN android-removed + // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); + // END android-removed addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java index cae9e7b..903eec1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -4,13 +4,24 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA512tDigest; +// END android-removed import org.bouncycastle.crypto.macs.HMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class SHA512 { + private SHA512() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -30,8 +41,47 @@ public class SHA512 } } + // BEGIN android-removed + // static public class DigestT + // extends BCMessageDigest + // implements Cloneable + // { + // public DigestT(int bitLength) + // { + // super(new SHA512tDigest(bitLength)); + // } + // + // public Object clone() + // throws CloneNotSupportedException + // { + // DigestT d = (DigestT)super.clone(); + // d.digest = new SHA512tDigest((SHA512tDigest)digest); + // + // return d; + // } + // } + // + // static public class DigestT224 + // extends DigestT + // { + // public DigestT224() + // { + // super(224); + // } + // } + // + // static public class DigestT256 + // extends DigestT + // { + // public DigestT256() + // { + // super(256); + // } + // } + // END android-removed + public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -39,6 +89,38 @@ public class SHA512 } } + // BEGIN android-removed + // public static class HashMacT224 + // extends BaseMac + // { + // public HashMacT224() + // { + // super(new HMac(new SHA512tDigest(224))); + // } + // } + // + // public static class HashMacT256 + // extends BaseMac + // { + // public HashMacT256() + // { + // super(new HMac(new SHA512tDigest(256))); + // } + // } + // + // /** + // * SHA-512 HMac + // */ + // public static class OldSHA512 + // extends BaseMac + // { + // public OldSHA512() + // { + // super(new OldHMac(new SHA512Digest())); + // } + // } + // END android-removed + /** * HMACSHA512 */ @@ -51,6 +133,26 @@ public class SHA512 } } + // BEGIN android-removed + // public static class KeyGeneratorT224 + // extends BaseKeyGenerator + // { + // public KeyGeneratorT224() + // { + // super("HMACSHA512/224", 224, new CipherKeyGenerator()); + // } + // } + // + // public static class KeyGeneratorT256 + // extends BaseKeyGenerator + // { + // public KeyGeneratorT256() + // { + // super("HMACSHA512/256", 256, new CipherKeyGenerator()); + // } + // } + // END android-removed + public static class Mappings extends DigestAlgorithmProvider { @@ -66,8 +168,25 @@ public class SHA512 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); + // BEGIN android-removed + // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); + // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); + // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); + // + // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); + // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); + // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); + // + // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); + // END android-removed + addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); + + // BEGIN android-removed + // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); + // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); + // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java new file mode 100644 index 0000000..9711426 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java @@ -0,0 +1,29 @@ +package org.bouncycastle.jcajce.provider.keystore; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class BC +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".bc."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std"); + // BEGIN android-removed + // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); + // END android-removed + provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore"); + provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java new file mode 100644 index 0000000..1d4e146 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java @@ -0,0 +1,32 @@ +package org.bouncycastle.jcajce.provider.keystore; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class PKCS12 +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".pkcs12."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // BEGIN android-removed + // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); + // + // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); + // + // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); + // END android-removed + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java index 2c9c012..ea89261 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.keystore.bc; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -39,12 +39,7 @@ import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.PBEParametersGenerator; -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.SHA1Digest; -// END android-removed +import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.io.DigestInputStream; import org.bouncycastle.crypto.io.DigestOutputStream; @@ -52,11 +47,12 @@ import org.bouncycastle.crypto.io.MacInputStream; import org.bouncycastle.crypto.io.MacOutputStream; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jce.interfaces.BCKeyStore; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.TeeOutputStream; -public class JDKKeyStore +public class BcKeyStoreSpi extends KeyStoreSpi implements BCKeyStore { @@ -90,8 +86,11 @@ public class JDKKeyStore protected SecureRandom random = new SecureRandom(); - public JDKKeyStore() + protected int version; + + public BcKeyStoreSpi(int version) { + this.version = version; } private class StoreEntry @@ -503,13 +502,7 @@ public class JDKKeyStore if (entry == null) { - // BEGIN android-removed - // Only throw if there is a problem removing, not if missing - // throw new KeyStoreException("no such entry as " + alias); - // END android-removed - // BEGIN android-added return; - // END android-added } table.remove(alias); @@ -828,16 +821,12 @@ public class JDKKeyStore // // we only do an integrity check if the password is provided. // - // BEGIN android-changed - HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); - // END android-changed + HMac hMac = new HMac(new SHA1Digest()); if (password != null && password.length != 0) { byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - // BEGIN android-changed - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); - // END android-changed + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); pbeGen.init(passKey, salt, iterationCount); CipherParameters macParams; @@ -894,21 +883,26 @@ public class JDKKeyStore random.nextBytes(salt); - dOut.writeInt(STORE_VERSION); + dOut.writeInt(version); dOut.writeInt(salt.length); dOut.write(salt); dOut.writeInt(iterationCount); - // BEGIN android-changed - HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); + HMac hMac = new HMac(new SHA1Digest()); MacOutputStream mOut = new MacOutputStream(hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); - // END android-changed + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); + if (version < 2) + { + hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); + } + else + { + hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); + } for (int i = 0; i != passKey.length; i++) { @@ -937,8 +931,13 @@ public class JDKKeyStore * Also referred to by the alias UBER. */ public static class BouncyCastleStore - extends JDKKeyStore + extends BcKeyStoreSpi { + public BouncyCastleStore() + { + super(1); + } + public void engineLoad( InputStream stream, char[] password) @@ -991,9 +990,7 @@ public class JDKKeyStore Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); CipherInputStream cIn = new CipherInputStream(dIn, cipher); - // BEGIN android-changed - Digest dig = AndroidDigestFactory.getSHA1(); - // END android-changed + Digest dig = new SHA1Digest(); DigestInputStream dgIn = new DigestInputStream(cIn, dig); this.loadStore(dgIn); @@ -1024,7 +1021,7 @@ public class JDKKeyStore random.nextBytes(salt); - dOut.writeInt(STORE_VERSION); + dOut.writeInt(version); dOut.writeInt(salt.length); dOut.write(salt); dOut.writeInt(iterationCount); @@ -1032,9 +1029,7 @@ public class JDKKeyStore cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - // BEGIN android-changed - DigestOutputStream dgOut = new DigestOutputStream(AndroidDigestFactory.getSHA1()); - // END android-changed + DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); this.saveStore(new TeeOutputStream(cOut, dgOut)); @@ -1045,4 +1040,22 @@ public class JDKKeyStore cOut.close(); } } + + public static class Std + extends BcKeyStoreSpi + { + public Std() + { + super(STORE_VERSION); + } + } + + public static class Version1 + extends BcKeyStoreSpi + { + public Version1() + { + super(1); + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index e4176fa..0d4f0ad 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -1,4 +1,4 @@ -package org.bouncycastle.jce.provider; +package org.bouncycastle.jcajce.provider.keystore.pkcs12; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; @@ -33,6 +33,7 @@ import javax.crypto.Cipher; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; @@ -58,6 +59,8 @@ import org.bouncycastle.asn1.pkcs.CertBag; import org.bouncycastle.asn1.pkcs.ContentInfo; import org.bouncycastle.asn1.pkcs.EncryptedData; import org.bouncycastle.asn1.pkcs.MacData; +import org.bouncycastle.asn1.pkcs.PBES2Parameters; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.Pfx; @@ -70,63 +73,67 @@ import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.config.PKCS12StoreParameter; import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; +import org.bouncycastle.jcajce.provider.util.SecretKeyUtil; import org.bouncycastle.jce.interfaces.BCKeyStore; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.JDKPKCS12StoreParameter; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; -public class JDKPKCS12KeyStore +public class PKCS12KeyStoreSpi extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore { - private static final int SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 1024; + private static final int SALT_SIZE = 20; + private static final int MIN_ITERATIONS = 1024; - private static final Provider bcProvider = new BouncyCastleProvider(); + private static final Provider bcProvider = new BouncyCastleProvider(); - private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(); - private Hashtable localIds = new Hashtable(); - private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(); - private Hashtable chainCerts = new Hashtable(); - private Hashtable keyCerts = new Hashtable(); + private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(); + private Hashtable localIds = new Hashtable(); + private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(); + private Hashtable chainCerts = new Hashtable(); + private Hashtable keyCerts = new Hashtable(); // // generic object types // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; + static final int NULL = 0; + static final int CERTIFICATE = 1; + static final int KEY = 2; + static final int SECRET = 3; + static final int SEALED = 4; // // key types // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; + static final int KEY_PRIVATE = 0; + static final int KEY_PUBLIC = 1; + static final int KEY_SECRET = 2; - protected SecureRandom random = new SecureRandom(); + protected SecureRandom random = new SecureRandom(); // use of final causes problems with JDK 1.2 compiler - private CertificateFactory certFact; + private CertificateFactory certFact; private ASN1ObjectIdentifier keyAlgorithm; private ASN1ObjectIdentifier certAlgorithm; private class CertId { - byte[] id; + byte[] id; CertId( - PublicKey key) + PublicKey key) { this.id = createSubjectKeyId(key).getKeyIdentifier(); } CertId( - byte[] id) + byte[] id) { this.id = id; } @@ -137,7 +144,7 @@ public class JDKPKCS12KeyStore } public boolean equals( - Object o) + Object o) { if (o == this) { @@ -149,13 +156,13 @@ public class JDKPKCS12KeyStore return false; } - CertId cId = (CertId)o; + CertId cId = (CertId)o; return Arrays.areEqual(id, cId.id); } } - public JDKPKCS12KeyStore( + public PKCS12KeyStoreSpi( Provider provider, ASN1ObjectIdentifier keyAlgorithm, ASN1ObjectIdentifier certAlgorithm) @@ -181,12 +188,12 @@ public class JDKPKCS12KeyStore } private SubjectKeyIdentifier createSubjectKeyId( - PublicKey pubKey) + PublicKey pubKey) { try { SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence) ASN1Primitive.fromByteArray(pubKey.getEncoded())); + (ASN1Sequence)ASN1Primitive.fromByteArray(pubKey.getEncoded())); return new SubjectKeyIdentifier(info); } @@ -197,14 +204,14 @@ public class JDKPKCS12KeyStore } public void setRandom( - SecureRandom rand) + SecureRandom rand) { this.random = rand; } - public Enumeration engineAliases() + public Enumeration engineAliases() { - Hashtable tab = new Hashtable(); + Hashtable tab = new Hashtable(); Enumeration e = certs.keys(); while (e.hasMoreElements()) @@ -215,7 +222,7 @@ public class JDKPKCS12KeyStore e = keys.keys(); while (e.hasMoreElements()) { - String a = (String)e.nextElement(); + String a = (String)e.nextElement(); if (tab.get(a) == null) { tab.put(a, "key"); @@ -226,7 +233,7 @@ public class JDKPKCS12KeyStore } public boolean engineContainsAlias( - String alias) + String alias) { return (certs.get(alias) != null || keys.get(alias) != null); } @@ -236,7 +243,7 @@ public class JDKPKCS12KeyStore * tricky if a certificate appears in more than one chain... */ public void engineDeleteEntry( - String alias) + String alias) throws KeyStoreException { Key k = (Key)keys.remove(alias); @@ -250,7 +257,7 @@ public class JDKPKCS12KeyStore if (k != null) { - String id = (String)localIds.remove(alias); + String id = (String)localIds.remove(alias); if (id != null) { c = (Certificate)keyCerts.remove(id); @@ -266,13 +273,13 @@ public class JDKPKCS12KeyStore * simply return the cert for the private key */ public Certificate engineGetCertificate( - String alias) + String alias) { if (alias == null) { throw new IllegalArgumentException("null alias passed to getCertificate."); } - + Certificate c = (Certificate)certs.get(alias); // @@ -280,7 +287,7 @@ public class JDKPKCS12KeyStore // if (c == null) { - String id = (String)localIds.get(alias); + String id = (String)localIds.get(alias); if (id != null) { c = (Certificate)keyCerts.get(id); @@ -295,7 +302,7 @@ public class JDKPKCS12KeyStore } public String engineGetCertificateAlias( - Certificate cert) + Certificate cert) { Enumeration c = certs.elements(); Enumeration k = certs.keys(); @@ -303,7 +310,7 @@ public class JDKPKCS12KeyStore while (c.hasMoreElements()) { Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); + String ta = (String)k.nextElement(); if (tc.equals(cert)) { @@ -317,47 +324,47 @@ public class JDKPKCS12KeyStore while (c.hasMoreElements()) { Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); + String ta = (String)k.nextElement(); if (tc.equals(cert)) { return ta; } } - + return null; } - + public Certificate[] engineGetCertificateChain( - String alias) + String alias) { if (alias == null) { throw new IllegalArgumentException("null alias passed to getCertificateChain."); } - + if (!engineIsKeyEntry(alias)) { return null; } - + Certificate c = engineGetCertificate(alias); if (c != null) { - Vector cs = new Vector(); + Vector cs = new Vector(); while (c != null) { - X509Certificate x509c = (X509Certificate)c; - Certificate nextC = null; + X509Certificate x509c = (X509Certificate)c; + Certificate nextC = null; - byte[] bytes = x509c.getExtensionValue(Extension.authorityKeyIdentifier.getId()); + byte[] bytes = x509c.getExtensionValue(Extension.authorityKeyIdentifier.getId()); if (bytes != null) { try { - ASN1InputStream aIn = new ASN1InputStream(bytes); + ASN1InputStream aIn = new ASN1InputStream(bytes); byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets(); aIn = new ASN1InputStream(authBytes); @@ -367,7 +374,7 @@ public class JDKPKCS12KeyStore { nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); } - + } catch (IOException e) { @@ -380,8 +387,8 @@ public class JDKPKCS12KeyStore // // no authority key id, try the Issuer DN // - Principal i = x509c.getIssuerDN(); - Principal s = x509c.getSubjectDN(); + Principal i = x509c.getIssuerDN(); + Principal s = x509c.getSubjectDN(); if (!i.equals(s)) { @@ -390,7 +397,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); - Principal sub = crt.getSubjectDN(); + Principal sub = crt.getSubjectDN(); if (sub.equals(i)) { try @@ -419,7 +426,7 @@ public class JDKPKCS12KeyStore } } - Certificate[] certChain = new Certificate[cs.size()]; + Certificate[] certChain = new Certificate[cs.size()]; for (int i = 0; i != certChain.length; i++) { @@ -431,8 +438,8 @@ public class JDKPKCS12KeyStore return null; } - - public Date engineGetCreationDate(String alias) + + public Date engineGetCreationDate(String alias) { if (alias == null) { @@ -447,32 +454,32 @@ public class JDKPKCS12KeyStore public Key engineGetKey( String alias, - char[] password) + char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException { if (alias == null) { throw new IllegalArgumentException("null alias passed to getKey."); } - + return (Key)keys.get(alias); } public boolean engineIsCertificateEntry( - String alias) + String alias) { return (certs.get(alias) != null && keys.get(alias) == null); } public boolean engineIsKeyEntry( - String alias) + String alias) { return (keys.get(alias) != null); } public void engineSetCertificateEntry( - String alias, - Certificate cert) + String alias, + Certificate cert) throws KeyStoreException { if (keys.get(alias) != null) @@ -487,17 +494,17 @@ public class JDKPKCS12KeyStore public void engineSetKeyEntry( String alias, byte[] key, - Certificate[] chain) + Certificate[] chain) throws KeyStoreException { throw new RuntimeException("operation not supported"); } public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) + String alias, + Key key, + char[] password, + Certificate[] chain) throws KeyStoreException { if (!(key instanceof PrivateKey)) @@ -527,9 +534,9 @@ public class JDKPKCS12KeyStore } } - public int engineSize() + public int engineSize() { - Hashtable tab = new Hashtable(); + Hashtable tab = new Hashtable(); Enumeration e = certs.keys(); while (e.hasMoreElements()) @@ -540,7 +547,7 @@ public class JDKPKCS12KeyStore e = keys.keys(); while (e.hasMoreElements()) { - String a = (String)e.nextElement(); + String a = (String)e.nextElement(); if (tab.get(a) == null) { tab.put(a, "key"); @@ -551,62 +558,81 @@ public class JDKPKCS12KeyStore } protected PrivateKey unwrapKey( - AlgorithmIdentifier algId, - byte[] data, - char[] password, - boolean wrongPKCS12Zero) + AlgorithmIdentifier algId, + byte[] data, + char[] password, + boolean wrongPKCS12Zero) throws IOException { - String algorithm = algId.getAlgorithm().getId(); - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - - PBEKeySpec pbeSpec = new PBEKeySpec(password); - PrivateKey out; - + ASN1ObjectIdentifier algorithm = algId.getAlgorithm(); try { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); + if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) + { + PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - SecretKey k = keyFact.generateSecret(pbeSpec); - - ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); + PBEKeySpec pbeSpec = new PBEKeySpec(password); + PrivateKey out; - Cipher cipher = Cipher.getInstance(algorithm, bcProvider); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance( + algorithm.getId(), bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec( + pbeParams.getIV(), + pbeParams.getIterations().intValue()); + + SecretKey k = keyFact.generateSecret(pbeSpec); + + ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); + + Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider); - cipher.init(Cipher.UNWRAP_MODE, k, defParams); + cipher.init(Cipher.UNWRAP_MODE, k, defParams); + + // we pass "" as the key algorithm type as it is unknown at this point + return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + } + else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) + { + PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters()); + PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); - // we pass "" as the key algorithm type as it is unknown at this point - out = (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider); + + SecretKey k = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), SecretKeyUtil.getKeySize(alg.getEncryptionScheme().getAlgorithm()))); + + Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId(), bcProvider); + + cipher.init(Cipher.UNWRAP_MODE, k, new IvParameterSpec(ASN1OctetString.getInstance(alg.getEncryptionScheme().getParameters()).getOctets())); + + // we pass "" as the key algorithm type as it is unknown at this point + return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + } } catch (Exception e) { throw new IOException("exception unwrapping private key - " + e.toString()); } - return out; + throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm); } protected byte[] wrapKey( - String algorithm, - Key key, - PKCS12PBEParams pbeParams, - char[] password) + String algorithm, + Key key, + PKCS12PBEParams pbeParams, + char[] password) throws IOException { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - byte[] out; + PBEKeySpec pbeSpec = new PBEKeySpec(password); + byte[] out; try { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance( + algorithm, bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec( + pbeParams.getIV(), + pbeParams.getIterations().intValue()); Cipher cipher = Cipher.getInstance(algorithm, bcProvider); @@ -623,16 +649,16 @@ public class JDKPKCS12KeyStore } protected byte[] cryptData( - boolean forEncryption, - AlgorithmIdentifier algId, - char[] password, - boolean wrongPKCS12Zero, - byte[] data) + boolean forEncryption, + AlgorithmIdentifier algId, + char[] password, + boolean wrongPKCS12Zero, + byte[] data) throws IOException { - String algorithm = algId.getAlgorithm().getId(); + String algorithm = algId.getAlgorithm().getId(); PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - PBEKeySpec pbeSpec = new PBEKeySpec(password); + PBEKeySpec pbeSpec = new PBEKeySpec(password); try { @@ -640,7 +666,7 @@ public class JDKPKCS12KeyStore PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); - BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); + BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPKCS12Zero); @@ -657,7 +683,7 @@ public class JDKPKCS12KeyStore public void engineLoad( InputStream stream, - char[] password) + char[] password) throws IOException { if (stream == null) // just initialising @@ -670,7 +696,7 @@ public class JDKPKCS12KeyStore throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); } - BufferedInputStream bufIn = new BufferedInputStream(stream); + BufferedInputStream bufIn = new BufferedInputStream(stream); bufIn.mark(10); @@ -684,26 +710,26 @@ public class JDKPKCS12KeyStore bufIn.reset(); ASN1InputStream bIn = new ASN1InputStream(bufIn); - ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); - Pfx bag = Pfx.getInstance(obj); - ContentInfo info = bag.getAuthSafe(); - Vector chain = new Vector(); - boolean unmarkedKey = false; - boolean wrongPKCS12Zero = false; + ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); + Pfx bag = Pfx.getInstance(obj); + ContentInfo info = bag.getAuthSafe(); + Vector chain = new Vector(); + boolean unmarkedKey = false; + boolean wrongPKCS12Zero = false; if (bag.getMacData() != null) // check the mac code { - MacData mData = bag.getMacData(); - DigestInfo dInfo = mData.getMac(); - AlgorithmIdentifier algId = dInfo.getAlgorithmId(); - byte[] salt = mData.getSalt(); - int itCount = mData.getIterationCount().intValue(); + MacData mData = bag.getMacData(); + DigestInfo dInfo = mData.getMac(); + AlgorithmIdentifier algId = dInfo.getAlgorithmId(); + byte[] salt = mData.getSalt(); + int itCount = mData.getIterationCount().intValue(); - byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); + byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); try { - byte[] res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, false, data); + byte[] res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, false, data); byte[] dig = dInfo.getDigest(); if (!Arrays.constantTimeAreEqual(res, dig)) @@ -714,7 +740,7 @@ public class JDKPKCS12KeyStore } // Try with incorrect zero length password - res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, true, data); + res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, true, data); if (!Arrays.constantTimeAreEqual(res, dig)) { @@ -741,15 +767,15 @@ public class JDKPKCS12KeyStore { bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); - AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); - ContentInfo[] c = authSafe.getContentInfo(); + AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); + ContentInfo[] c = authSafe.getContentInfo(); for (int i = 0; i != c.length; i++) { if (c[i].getContentType().equals(data)) { ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets()); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); for (int j = 0; j != seq.size(); j++) { @@ -757,25 +783,25 @@ public class JDKPKCS12KeyStore if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); + PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // // set the attributes on the key // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; if (b.getBagAttributes() != null) { Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; - + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; + if (attrSet.size() > 0) { attr = (ASN1Primitive)attrSet.getObjectAt(0); @@ -795,7 +821,7 @@ public class JDKPKCS12KeyStore bagAttr.setBagAttribute(aOid, attr); } } - + if (aOid.equals(pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); @@ -807,11 +833,11 @@ public class JDKPKCS12KeyStore } } } - + if (localId != null) { String name = new String(Hex.encode(localId.getOctets())); - + if (alias == null) { keys.put(name, privKey); @@ -820,12 +846,12 @@ public class JDKPKCS12KeyStore { localIds.put(alias, name); } - } - else - { - unmarkedKey = true; - keys.put("unmarked", privKey); - } + } + else + { + unmarkedKey = true; + keys.put("unmarked", privKey); + } } else if (b.getBagId().equals(certBag)) { @@ -843,12 +869,12 @@ public class JDKPKCS12KeyStore EncryptedData d = EncryptedData.getInstance(c[i].getContent()); byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), password, wrongPKCS12Zero, d.getContent().getOctets()); - ASN1Sequence seq = (ASN1Sequence) ASN1Primitive.fromByteArray(octets); + ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(octets); for (int j = 0; j != seq.size(); j++) { SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); - + if (b.getBagId().equals(certBag)) { chain.addElement(b); @@ -856,22 +882,22 @@ public class JDKPKCS12KeyStore else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); + PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // // set the attributes on the key // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet= (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; if (attrSet.size() > 0) { @@ -917,23 +943,23 @@ public class JDKPKCS12KeyStore } else if (b.getBagId().equals(keyBag)) { - org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue()); - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); + org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(b.getBagValue()); + PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); // // set the attributes on the key // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; if (attrSet.size() > 0) { @@ -998,8 +1024,8 @@ public class JDKPKCS12KeyStore for (int i = 0; i != chain.size(); i++) { - SafeBag b = (SafeBag)chain.elementAt(i); - CertBag cb = CertBag.getInstance(b.getBagValue()); + SafeBag b = (SafeBag)chain.elementAt(i); + CertBag cb = CertBag.getInstance(b.getBagValue()); if (!cb.getCertId().equals(x509Certificate)) { @@ -1010,8 +1036,8 @@ public class JDKPKCS12KeyStore try { - ByteArrayInputStream cIn = new ByteArrayInputStream( - ((ASN1OctetString)cb.getCertValue()).getOctets()); + ByteArrayInputStream cIn = new ByteArrayInputStream( + ((ASN1OctetString)cb.getCertValue()).getOctets()); cert = certFact.generateCertificate(cIn); } catch (Exception e) @@ -1023,17 +1049,17 @@ public class JDKPKCS12KeyStore // set the attributes // ASN1OctetString localId = null; - String alias = null; + String alias = null; if (b.getBagAttributes() != null) { Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); - PKCS12BagAttributeCarrier bagAttr = null; + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); + PKCS12BagAttributeCarrier bagAttr = null; if (cert instanceof PKCS12BagAttributeCarrier) { @@ -1072,8 +1098,8 @@ public class JDKPKCS12KeyStore { if (keyCerts.isEmpty()) { - String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); - + String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); + keyCerts.put(name, cert); keys.put(name, keys.remove("unmarked")); } @@ -1097,21 +1123,32 @@ public class JDKPKCS12KeyStore } } - public void engineStore(LoadStoreParameter param) throws IOException, - NoSuchAlgorithmException, CertificateException + public void engineStore(LoadStoreParameter param) + throws IOException, + NoSuchAlgorithmException, CertificateException { if (param == null) { throw new IllegalArgumentException("'param' arg cannot be null"); } - if (!(param instanceof JDKPKCS12StoreParameter)) + if (!(param instanceof PKCS12StoreParameter || param instanceof JDKPKCS12StoreParameter)) { throw new IllegalArgumentException( "No support for 'param' of type " + param.getClass().getName()); } - JDKPKCS12StoreParameter bcParam = (JDKPKCS12StoreParameter)param; + PKCS12StoreParameter bcParam; + + if (param instanceof PKCS12StoreParameter) + { + bcParam = (PKCS12StoreParameter)param; + } + else + { + bcParam = new PKCS12StoreParameter(((JDKPKCS12StoreParameter)param).getOutputStream(), + param.getProtectionParameter(), ((JDKPKCS12StoreParameter)param).isUseDEREncoding()); + } char[] password; ProtectionParameter protParam = param.getProtectionParameter(); @@ -1129,16 +1166,16 @@ public class JDKPKCS12KeyStore "No support for protection parameter of type " + protParam.getClass().getName()); } - doStore(bcParam.getOutputStream(), password, bcParam.isUseDEREncoding()); + doStore(bcParam.getOutputStream(), password, bcParam.isForDEREncoding()); } - public void engineStore(OutputStream stream, char[] password) + public void engineStore(OutputStream stream, char[] password) throws IOException { doStore(stream, password, false); } - private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) + private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException { if (password == null) @@ -1149,33 +1186,33 @@ public class JDKPKCS12KeyStore // // handle the key // - ASN1EncodableVector keyS = new ASN1EncodableVector(); + ASN1EncodableVector keyS = new ASN1EncodableVector(); Enumeration ks = keys.keys(); while (ks.hasMoreElements()) { - byte[] kSalt = new byte[SALT_SIZE]; + byte[] kSalt = new byte[SALT_SIZE]; random.nextBytes(kSalt); - String name = (String)ks.nextElement(); - PrivateKey privKey = (PrivateKey)keys.get(name); - PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); - byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); - AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); + String name = (String)ks.nextElement(); + PrivateKey privKey = (PrivateKey)keys.get(name); + PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); + byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); + AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); - boolean attrSet = false; - ASN1EncodableVector kName = new ASN1EncodableVector(); + boolean attrSet = false; + ASN1EncodableVector kName = new ASN1EncodableVector(); if (privKey instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; // // make sure we are using the local alias on store // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(name)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); @@ -1186,7 +1223,7 @@ public class JDKPKCS12KeyStore // if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) { - Certificate ct = engineGetCertificate(name); + Certificate ct = engineGetCertificate(name); bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); } @@ -1196,7 +1233,7 @@ public class JDKPKCS12KeyStore while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - ASN1EncodableVector kSeq = new ASN1EncodableVector(); + ASN1EncodableVector kSeq = new ASN1EncodableVector(); kSeq.add(oid); kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); @@ -1212,8 +1249,8 @@ public class JDKPKCS12KeyStore // // set a default friendly name (from the key id) and local id // - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - Certificate ct = engineGetCertificate(name); + ASN1EncodableVector kSeq = new ASN1EncodableVector(); + Certificate ct = engineGetCertificate(name); kSeq.add(pkcs_9_at_localKeyId); kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); @@ -1228,45 +1265,45 @@ public class JDKPKCS12KeyStore kName.add(new DERSequence(kSeq)); } - SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); + SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); keyS.add(kBag); } - byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); + byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); BEROctetString keyString = new BEROctetString(keySEncoded); // // certificate processing // - byte[] cSalt = new byte[SALT_SIZE]; + byte[] cSalt = new byte[SALT_SIZE]; random.nextBytes(cSalt); - ASN1EncodableVector certSeq = new ASN1EncodableVector(); - PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); - AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); - Hashtable doneCerts = new Hashtable(); + ASN1EncodableVector certSeq = new ASN1EncodableVector(); + PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); + AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); + Hashtable doneCerts = new Hashtable(); Enumeration cs = keys.keys(); while (cs.hasMoreElements()) { try { - String name = (String)cs.nextElement(); - Certificate cert = engineGetCertificate(name); - boolean cAttrSet = false; - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); + String name = (String)cs.nextElement(); + Certificate cert = engineGetCertificate(name); + boolean cAttrSet = false; + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; // // make sure we are using the local alias on store // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(name)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); @@ -1297,7 +1334,7 @@ public class JDKPKCS12KeyStore if (!cAttrSet) { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); + ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(pkcs_9_at_localKeyId); fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey()))); @@ -1328,27 +1365,27 @@ public class JDKPKCS12KeyStore { try { - String certId = (String)cs.nextElement(); - Certificate cert = (Certificate)certs.get(certId); - boolean cAttrSet = false; + String certId = (String)cs.nextElement(); + Certificate cert = (Certificate)certs.get(certId); + boolean cAttrSet = false; if (keys.get(certId) != null) { continue; } - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; // // make sure we are using the local alias on store // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(certId)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId)); @@ -1381,7 +1418,7 @@ public class JDKPKCS12KeyStore if (!cAttrSet) { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); + ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(pkcs_9_at_friendlyName); fSeq.add(new DERSet(new DERBMPString(certId))); @@ -1406,22 +1443,22 @@ public class JDKPKCS12KeyStore { try { - CertId certId = (CertId)cs.nextElement(); - Certificate cert = (Certificate)chainCerts.get(certId); + CertId certId = (CertId)cs.nextElement(); + Certificate cert = (Certificate)chainCerts.get(certId); if (doneCerts.get(cert) != null) { continue; } - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; Enumeration e = bagAttrs.getBagAttributeKeys(); while (e.hasMoreElements()) @@ -1455,19 +1492,19 @@ public class JDKPKCS12KeyStore } } - byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); - byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); - EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes)); + byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); + byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); + EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes)); ContentInfo[] info = new ContentInfo[] - { - new ContentInfo(data, keyString), - new ContentInfo(encryptedData, cInfo.toASN1Primitive()) - }; + { + new ContentInfo(data, keyString), + new ContentInfo(encryptedData, cInfo.toASN1Primitive()) + }; - AuthenticatedSafe auth = new AuthenticatedSafe(info); + AuthenticatedSafe auth = new AuthenticatedSafe(info); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); DEROutputStream asn1Out; if (useDEREncoding) { @@ -1480,28 +1517,28 @@ public class JDKPKCS12KeyStore asn1Out.writeObject(auth); - byte[] pkg = bOut.toByteArray(); + byte[] pkg = bOut.toByteArray(); - ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg)); + ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg)); // // create the mac // - byte[] mSalt = new byte[20]; - int itCount = MIN_ITERATIONS; + byte[] mSalt = new byte[20]; + int itCount = MIN_ITERATIONS; random.nextBytes(mSalt); - - byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); - MacData mData; + byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); + + MacData mData; try { byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); - AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); - DigestInfo dInfo = new DigestInfo(algId, res); + AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); + DigestInfo dInfo = new DigestInfo(algId, res); mData = new MacData(dInfo, mSalt, itCount); } @@ -1509,11 +1546,11 @@ public class JDKPKCS12KeyStore { throw new IOException("error constructing MAC: " + e.toString()); } - + // // output the Pfx // - Pfx pfx = new Pfx(mainInfo, mData); + Pfx pfx = new Pfx(mainInfo, mData); if (useDEREncoding) { @@ -1529,17 +1566,17 @@ public class JDKPKCS12KeyStore private static byte[] calculatePbeMac( ASN1ObjectIdentifier oid, - byte[] salt, - int itCount, - char[] password, - boolean wrongPkcs12Zero, - byte[] data) + byte[] salt, + int itCount, + char[] password, + boolean wrongPkcs12Zero, + byte[] data) throws Exception { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); + PBEKeySpec pbeSpec = new PBEKeySpec(password); + BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPkcs12Zero); Mac mac = Mac.getInstance(oid.getId(), bcProvider); @@ -1547,9 +1584,9 @@ public class JDKPKCS12KeyStore mac.update(data); return mac.doFinal(); } - + public static class BCPKCS12KeyStore - extends JDKPKCS12KeyStore + extends PKCS12KeyStoreSpi { public BCPKCS12KeyStore() { @@ -1559,7 +1596,7 @@ public class JDKPKCS12KeyStore // BEGIN android-removed // public static class BCPKCS12KeyStore3DES - // extends JDKPKCS12KeyStore + // extends PKCS12KeyStoreSpi // { // public BCPKCS12KeyStore3DES() // { @@ -1568,7 +1605,7 @@ public class JDKPKCS12KeyStore // } // // public static class DefPKCS12KeyStore - // extends JDKPKCS12KeyStore + // extends PKCS12KeyStoreSpi // { // public DefPKCS12KeyStore() // { @@ -1577,7 +1614,7 @@ public class JDKPKCS12KeyStore // } // // public static class DefPKCS12KeyStore3DES - // extends JDKPKCS12KeyStore + // extends PKCS12KeyStoreSpi // { // public DefPKCS12KeyStore3DES() // { @@ -1627,7 +1664,7 @@ public class JDKPKCS12KeyStore { return null; } - + return orig.get(k); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java index 1e12ee3..f561b8a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -11,7 +11,9 @@ import java.security.SecureRandom; // import javax.crypto.spec.IvParameterSpec; // END android-removed +import org.bouncycastle.asn1.bc.BCObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.AESFastEngine; @@ -19,9 +21,11 @@ import org.bouncycastle.crypto.engines.AESWrapEngine; // BEGIN android-removed // import org.bouncycastle.crypto.engines.RFC3211WrapEngine; // import org.bouncycastle.crypto.macs.CMac; +// import org.bouncycastle.crypto.macs.GMac; // END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; +import org.bouncycastle.crypto.modes.GCMBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; // BEGIN android-removed @@ -33,8 +37,9 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; // END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; // BEGIN android-removed // import org.bouncycastle.jce.provider.BouncyCastleProvider; // END android-removed @@ -50,7 +55,13 @@ public final class AES { public ECB() { - super(new AESFastEngine()); + super(new BlockCipherProvider() + { + public BlockCipher get() + { + return new AESFastEngine(); + } + }); } } @@ -90,8 +101,17 @@ public final class AES // super(new CMac(new AESFastEngine())); // } // } + // + // public static class AESGMAC + // extends BaseMac + // { + // public AESGMAC() + // { + // super(new GMac(new GCMBlockCipher(new AESFastEngine()))); + // } + // } // END android-removed - + static public class Wrap extends BaseWrapCipher { @@ -112,6 +132,19 @@ public final class AES // } // END android-removed + + /** + * PBEWithAES-CBC + */ + static public class PBEWithAESCBC + extends BaseBlockCipher + { + public PBEWithAESCBC() + { + super(new CBCBlockCipher(new AESFastEngine())); + } + } + public static class KeyGen extends BaseKeyGenerator { @@ -153,7 +186,117 @@ public final class AES // super(256); // } // } - // + // END android-removed + + /** + * PBEWithSHA1And128BitAES-BC + */ + static public class PBEWithSHAAnd128BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitAESBC() + { + super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); + } + } + + /** + * PBEWithSHA1And192BitAES-BC + */ + static public class PBEWithSHAAnd192BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd192BitAESBC() + { + super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); + } + } + + /** + * PBEWithSHA1And256BitAES-BC + */ + static public class PBEWithSHAAnd256BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd256BitAESBC() + { + super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); + } + } + + /** + * PBEWithSHA256And128BitAES-BC + */ + static public class PBEWithSHA256And128BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And128BitAESBC() + { + super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); + } + } + + /** + * PBEWithSHA256And192BitAES-BC + */ + static public class PBEWithSHA256And192BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And192BitAESBC() + { + super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); + } + } + + /** + * PBEWithSHA256And256BitAES-BC + */ + static public class PBEWithSHA256And256BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And256BitAESBC() + { + super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); + } + } + + /** + * PBEWithMD5And128BitAES-OpenSSL + */ + static public class PBEWithMD5And128BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And128BitAESCBCOpenSSL() + { + super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); + } + } + + /** + * PBEWithMD5And192BitAES-OpenSSL + */ + static public class PBEWithMD5And192BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And192BitAESCBCOpenSSL() + { + super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); + } + } + + /** + * PBEWithMD5And256BitAES-OpenSSL + */ + static public class PBEWithMD5And256BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And256BitAESCBCOpenSSL() + { + super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); + } + } + + // BEGIN android-removed // public static class AlgParamGen // extends BaseAlgorithmParameterGenerator // { @@ -203,7 +346,7 @@ public final class AES } public static class Mappings - extends AlgorithmProvider + extends SymmetricAlgorithmProvider { private static final String PREFIX = AES.class.getName(); @@ -290,6 +433,87 @@ public final class AES // // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And128BitAESCBCOpenSSL"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And192BitAESCBCOpenSSL"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And256BitAESCBCOpenSSL"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd128BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd192BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd256BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And128BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And192BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And256BitAESBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); + + // BEGIN android-removed + // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); + // END android-removed } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java index 1bbdae7..9de8ef0 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java @@ -1,10 +1,12 @@ package org.bouncycastle.jcajce.provider.symmetric; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.RC4Engine; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; public final class ARC4 @@ -33,6 +35,55 @@ public final class ARC4 } } + /** + * PBEWithSHAAnd128BitRC4 + */ + static public class PBEWithSHAAnd128BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitKeyFactory() + { + super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); + } + } + + /** + * PBEWithSHAAnd40BitRC4 + */ + static public class PBEWithSHAAnd40BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd40BitKeyFactory() + { + super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); + } + } + + + /** + * PBEWithSHAAnd128BitRC4 + */ + static public class PBEWithSHAAnd128Bit + extends BaseStreamCipher + { + public PBEWithSHAAnd128Bit() + { + super(new RC4Engine(), 0); + } + } + + /** + * PBEWithSHAAnd40BitRC4 + */ + static public class PBEWithSHAAnd40Bit + extends BaseStreamCipher + { + public PBEWithSHAAnd40Bit() + { + super(new RC4Engine(), 0); + } + } + public static class Mappings extends AlgorithmProvider { @@ -44,15 +95,32 @@ public final class ARC4 public void configure(ConfigurableProvider provider) { - provider.addAlgorithm("Cipher.ARC4", PREFIX + "$Base"); - provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.rc4, "ARC4"); provider.addAlgorithm("Alg.Alias.Cipher.ARCFOUR", "ARC4"); provider.addAlgorithm("Alg.Alias.Cipher.RC4", "ARC4"); provider.addAlgorithm("KeyGenerator.ARC4", PREFIX + "$KeyGen"); provider.addAlgorithm("Alg.Alias.KeyGenerator.RC4", "ARC4"); provider.addAlgorithm("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128Bit"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40Bit"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); + + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java index 3ba874c..6d5c5e8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java @@ -10,10 +10,13 @@ import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.KeyGenerationParameters; import org.bouncycastle.crypto.engines.DESEngine; // BEGIN android-removed @@ -24,16 +27,22 @@ import org.bouncycastle.crypto.macs.CBCBlockCipherMac; // BEGIN android-removed // import org.bouncycastle.crypto.macs.CFBBlockCipherMac; // import org.bouncycastle.crypto.macs.CMac; +// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; // END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +import org.bouncycastle.crypto.params.DESParameters; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -52,16 +61,16 @@ public final class DES } } + static public class CBC + extends BaseBlockCipher + { + public CBC() + { + super(new CBCBlockCipher(new DESEngine()), 64); + } + } + // BEGIN android-removed - // static public class CBC - // extends BaseBlockCipher - // { - // public CBC() - // { - // super(new CBCBlockCipher(new DESEngine()), 64); - // } - // } - // // /** // * DES CFB8 // */ @@ -73,46 +82,72 @@ public final class DES // super(new CFBBlockCipherMac(new DESEngine())); // } // } - // - // /** - // * DES64 - // */ - // public static class DES64 + // END android-removed + + /** + * DES64 + */ + public static class DES64 + extends BaseMac + { + public DES64() + { + super(new CBCBlockCipherMac(new DESEngine(), 64)); + } + } + + /** + * DES64with7816-4Padding + */ + public static class DES64with7816d4 + extends BaseMac + { + public DES64with7816d4() + { + super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); + } + } + + public static class CBCMAC + extends BaseMac + { + public CBCMAC() + { + super(new CBCBlockCipherMac(new DESEngine())); + } + } + + // BEGIN android-removed + // static public class CMAC // extends BaseMac // { - // public DES64() + // public CMAC() // { - // super(new CBCBlockCipherMac(new DESEngine(), 64)); + // super(new CMac(new DESEngine())); // } // } // // /** - // * DES64with7816-4Padding + // * DES9797Alg3with7816-4Padding // */ - // public static class DES64with7816d4 - // extends BaseMac - // { - // public DES64with7816d4() - // { - // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); - // } - // } - // - // public static class CBCMAC + // public static class DES9797Alg3with7816d4 // extends BaseMac // { - // public CBCMAC() + // public DES9797Alg3with7816d4() // { - // super(new CBCBlockCipherMac(new DESEngine())); + // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); // } // } // - // static public class CMAC + // /** + // * DES9797Alg3 + // */ + // public static class DES9797Alg3 // extends BaseMac // { - // public CMAC() + // public DES9797Alg3() // { - // super(new CMac(new DESEngine())); + // super(new ISO9797Alg3Mac(new DESEngine())); // } // } // @@ -124,46 +159,46 @@ public final class DES // super(new RFC3211WrapEngine(new DESEngine()), 8); // } // } - // - // public static class AlgParamGen - // extends BaseAlgorithmParameterGenerator - // { - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // byte[] iv = new byte[8]; - // - // if (random == null) - // { - // random = new SecureRandom(); - // } - // - // random.nextBytes(iv); - // - // AlgorithmParameters params; - // - // try - // { - // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new IvParameterSpec(iv)); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // - // return params; - // } - // } // END android-removed + public static class AlgParamGen + extends BaseAlgorithmParameterGenerator + { + protected void engineInit( + AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + } + + protected AlgorithmParameters engineGenerateParameters() + { + byte[] iv = new byte[8]; + + if (random == null) + { + random = new SecureRandom(); + } + + random.nextBytes(iv); + + AlgorithmParameters params; + + try + { + params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); + params.init(new IvParameterSpec(iv)); + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage()); + } + + return params; + } + } + /** * DES - the default for this is to generate a key in * a-b-a format that's 24 bytes long but has 16 bytes of @@ -255,6 +290,151 @@ public final class DES } } + static public class DESPBEKeyFactory + extends BaseSecretKeyFactory + { + private boolean forCipher; + private int scheme; + private int digest; + private int keySize; + private int ivSize; + + public DESPBEKeyFactory( + String algorithm, + ASN1ObjectIdentifier oid, + boolean forCipher, + int scheme, + int digest, + int keySize, + int ivSize) + { + super(algorithm, oid); + + this.forCipher = forCipher; + this.scheme = scheme; + this.digest = digest; + this.keySize = keySize; + this.ivSize = ivSize; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + CipherParameters param; + + if (pbeSpec.getSalt() == null) + { + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); + } + + if (forCipher) + { + param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); + } + else + { + param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + } + + KeyParameter kParam; + if (param instanceof ParametersWithIV) + { + kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); + } + else + { + kParam = (KeyParameter)param; + } + + DESParameters.setOddParity(kParam.getKey()); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndDES + // */ + // static public class PBEWithMD2KeyFactory + // extends DESPBEKeyFactory + // { + // public PBEWithMD2KeyFactory() + // { + // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndDES + */ + static public class PBEWithMD5KeyFactory + extends DESPBEKeyFactory + { + public PBEWithMD5KeyFactory() + { + super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64); + } + } + + /** + * PBEWithSHA1AndDES + */ + static public class PBEWithSHA1KeyFactory + extends DESPBEKeyFactory + { + public PBEWithSHA1KeyFactory() + { + super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndDES + // */ + // static public class PBEWithMD2 + // extends BaseBlockCipher + // { + // public PBEWithMD2() + // { + // super(new CBCBlockCipher(new DESEngine())); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndDES + */ + static public class PBEWithMD5 + extends BaseBlockCipher + { + public PBEWithMD5() + { + super(new CBCBlockCipher(new DESEngine())); + } + } + + /** + * PBEWithSHA1AndDES + */ + static public class PBEWithSHA1 + extends BaseBlockCipher + { + public PBEWithSHA1() + { + super(new CBCBlockCipher(new DESEngine())); + } + } + public static class Mappings extends AlgorithmProvider { @@ -296,6 +476,14 @@ public final class DES // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // + // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); + // + // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); + // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); + // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); + // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); // END android-removed provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); @@ -304,7 +492,34 @@ public final class DES // BEGIN android-removed // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); + // + // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); + // END android-removed + provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); + + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); + // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); + // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); } private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java index 8e719d6..6b9b6d6 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java @@ -235,6 +235,30 @@ public final class DESede } } + /** + * PBEWithSHAAnd3-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES3KeyFactory + extends DES.DESPBEKeyFactory + { + public PBEWithSHAAndDES3KeyFactory() + { + super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); + } + } + + /** + * PBEWithSHAAnd2-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES2KeyFactory + extends DES.DESPBEKeyFactory + { + public PBEWithSHAAndDES2KeyFactory() + { + super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); + } + } + // BEGIN android-removed // public static class AlgParamGen // extends BaseAlgorithmParameterGenerator @@ -368,6 +392,15 @@ public final class DESede // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); + // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); + if (provider.hasAlgorithm("MessageDigest", "SHA-1")) { provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); @@ -418,6 +451,23 @@ public final class DESede // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); // END android-removed + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java new file mode 100644 index 0000000..9be3c99 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java @@ -0,0 +1,120 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.PBEParameterSpec; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +public class PBEPKCS12 +{ + private PBEPKCS12() + { + + } + + public static class AlgParams + extends BaseAlgorithmParameters + { + PKCS12PBEParams params; + + protected byte[] engineGetEncoded() + { + try + { + return params.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Oooops! " + e.toString()); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (this.isASN1FormatString(format)) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == PBEParameterSpec.class) + { + return new PBEParameterSpec(params.getIV(), + params.getIterations().intValue()); + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof PBEParameterSpec)) + { + throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); + } + + PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; + + this.params = new PKCS12PBEParams(pbeSpec.getSalt(), + pbeSpec.getIterationCount()); + } + + protected void engineInit( + byte[] params) + throws IOException + { + this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (this.isASN1FormatString(format)) + { + engineInit(params); + return; + } + + throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); + } + + protected String engineToString() + { + return "PKCS12 PBE Parameters"; + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = PBEPKCS12.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.PKCS12PBE", PREFIX + "$AlgParams"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java new file mode 100644 index 0000000..09426b2 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java @@ -0,0 +1,547 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.RC2ParameterSpec; + +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed +import org.bouncycastle.crypto.engines.RC2Engine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RC2WrapEngine; +// import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +// BEGIN android-removed +// import org.bouncycastle.util.Arrays; +// END android-removed + +public final class RC2 +{ + private RC2() + { + } + + // BEGIN android-removed + // /** + // * RC2 + // */ + // static public class ECB + // extends BaseBlockCipher + // { + // public ECB() + // { + // super(new RC2Engine()); + // } + // } + // + // /** + // * RC2CBC + // */ + // static public class CBC + // extends BaseBlockCipher + // { + // public CBC() + // { + // super(new CBCBlockCipher(new RC2Engine()), 64); + // } + // } + // + // public static class Wrap + // extends BaseWrapCipher + // { + // public Wrap() + // { + // super(new RC2WrapEngine()); + // } + // } + // + // /** + // * RC2 + // */ + // public static class CBCMAC + // extends BaseMac + // { + // public CBCMAC() + // { + // super(new CBCBlockCipherMac(new RC2Engine())); + // } + // } + // + // public static class CFB8MAC + // extends BaseMac + // { + // public CFB8MAC() + // { + // super(new CFBBlockCipherMac(new RC2Engine())); + // } + // } + // END android-removed + + /** + * PBEWithSHA1AndRC2 + */ + static public class PBEWithSHA1KeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHA1KeyFactory() + { + super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64); + } + } + + /** + * PBEWithSHAAnd128BitRC2-CBC + */ + static public class PBEWithSHAAnd128BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitKeyFactory() + { + super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); + } + } + + /** + * PBEWithSHAAnd40BitRC2-CBC + */ + static public class PBEWithSHAAnd40BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd40BitKeyFactory() + { + super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); + } + } + + /** + * PBEWithMD5AndRC2 + */ + static public class PBEWithMD5AndRC2 + extends BaseBlockCipher + { + public PBEWithMD5AndRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHA1AndRC2 + */ + static public class PBEWithSHA1AndRC2 + extends BaseBlockCipher + { + public PBEWithSHA1AndRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHAAnd128BitRC2-CBC + */ + static public class PBEWithSHAAnd128BitRC2 + extends BaseBlockCipher + { + public PBEWithSHAAnd128BitRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHAAnd40BitRC2-CBC + */ + static public class PBEWithSHAAnd40BitRC2 + extends BaseBlockCipher + { + public PBEWithSHAAnd40BitRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndRC2 + // */ + // static public class PBEWithMD2KeyFactory + // extends PBESecretKeyFactory + // { + // public PBEWithMD2KeyFactory() + // { + // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndRC2 + */ + static public class PBEWithMD5KeyFactory + extends PBESecretKeyFactory + { + public PBEWithMD5KeyFactory() + { + super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64); + } + } + + // BEGIN android-removed + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // RC2ParameterSpec spec = null; + // + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // if (genParamSpec instanceof RC2ParameterSpec) + // { + // spec = (RC2ParameterSpec)genParamSpec; + // return; + // } + // + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // AlgorithmParameters params; + // + // if (spec == null) + // { + // byte[] iv = new byte[8]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // try + // { + // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // } + // else + // { + // try + // { + // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); + // params.init(spec); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // } + // + // return params; + // } + // } + // + // public static class KeyGenerator + // extends BaseKeyGenerator + // { + // public KeyGenerator() + // { + // super("RC2", 128, new CipherKeyGenerator()); + // } + // } + // + // public static class AlgParams + // extends BaseAlgorithmParameters + // { + // private static final short[] table = { + // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab + // }; + // + // private static final short[] ekb = { + // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, + // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, + // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, + // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, + // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, + // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, + // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, + // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, + // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, + // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, + // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, + // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, + // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, + // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, + // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, + // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd + // }; + // + // private byte[] iv; + // private int parameterVersion = 58; + // + // protected byte[] engineGetEncoded() + // { + // return Arrays.clone(iv); + // } + // + // protected byte[] engineGetEncoded( + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // if (parameterVersion == -1) + // { + // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); + // } + // else + // { + // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); + // } + // } + // + // if (format.equals("RAW")) + // { + // return engineGetEncoded(); + // } + // + // return null; + // } + // + // protected AlgorithmParameterSpec localEngineGetParameterSpec( + // Class paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec == RC2ParameterSpec.class) + // { + // if (parameterVersion != -1) + // { + // if (parameterVersion < 256) + // { + // return new RC2ParameterSpec(ekb[parameterVersion], iv); + // } + // else + // { + // return new RC2ParameterSpec(parameterVersion, iv); + // } + // } + // } + // + // if (paramSpec == IvParameterSpec.class) + // { + // return new IvParameterSpec(iv); + // } + // + // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); + // } + // + // protected void engineInit( + // AlgorithmParameterSpec paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec instanceof IvParameterSpec) + // { + // this.iv = ((IvParameterSpec)paramSpec).getIV(); + // } + // else if (paramSpec instanceof RC2ParameterSpec) + // { + // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); + // if (effKeyBits != -1) + // { + // if (effKeyBits < 256) + // { + // parameterVersion = table[effKeyBits]; + // } + // else + // { + // parameterVersion = effKeyBits; + // } + // } + // + // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); + // } + // else + // { + // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); + // } + // } + // + // protected void engineInit( + // byte[] params) + // throws IOException + // { + // this.iv = Arrays.clone(params); + // } + // + // protected void engineInit( + // byte[] params, + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); + // + // if (p.getRC2ParameterVersion() != null) + // { + // parameterVersion = p.getRC2ParameterVersion().intValue(); + // } + // + // iv = p.getIV(); + // + // return; + // } + // + // if (format.equals("RAW")) + // { + // engineInit(params); + // return; + // } + // + // throw new IOException("Unknown parameters format in IV parameters object"); + // } + // + // protected String engineToString() + // { + // return "RC2 Parameters"; + // } + // } + // END android-removed + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = RC2.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); + // + // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); + // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); + // + // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); + // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); + // + // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); + // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); + // + // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); + // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); + // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); + // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); + // + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); + // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1AndRC2"); + + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitRC2"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitRC2"); + provider.addAlgorithm("Cipher.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5AndRC2"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java new file mode 100644 index 0000000..d96d5e6 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java @@ -0,0 +1,23 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +abstract class SymmetricAlgorithmProvider + extends AlgorithmProvider +{ + // BEGIN android-removed + // protected void addGMacAlgorithm( + // ConfigurableProvider provider, + // String algorithm, + // String algorithmClassName, + // String keyGeneratorClassName) + // { + // provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); + // provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); + // + // provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); + // provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); + // } + // END android-removed +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java new file mode 100644 index 0000000..dafdc39 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java @@ -0,0 +1,128 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +// BEGIN android-removed +// import org.bouncycastle.crypto.BlockCipher; +// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed +import org.bouncycastle.crypto.engines.TwofishEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.GMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GCMBlockCipher; +// END android-removed +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; +// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; + +public final class Twofish +{ + private Twofish() + { + } + + // BEGIN android-removed + // public static class ECB + // extends BaseBlockCipher + // { + // public ECB() + // { + // super(new BlockCipherProvider() + // { + // public BlockCipher get() + // { + // return new TwofishEngine(); + // } + // }); + // } + // } + // + // public static class KeyGen + // extends BaseKeyGenerator + // { + // public KeyGen() + // { + // super("Twofish", 256, new CipherKeyGenerator()); + // } + // } + // + // public static class GMAC + // extends BaseMac + // { + // public GMAC() + // { + // super(new GMac(new GCMBlockCipher(new TwofishEngine()))); + // } + // } + // END android-removed + + /** + * PBEWithSHAAndTwofish-CBC + */ + static public class PBEWithSHAKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAKeyFactory() + { + super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); + } + } + + /** + * PBEWithSHAAndTwofish-CBC + */ + static public class PBEWithSHA + extends BaseBlockCipher + { + public PBEWithSHA() + { + super(new CBCBlockCipher(new TwofishEngine())); + } + } + + // BEGIN android-removed + // public static class AlgParams + // extends IvAlgorithmParameters + // { + // protected String engineToString() + // { + // return "Twofish IV"; + // } + // } + // END android-removed + + public static class Mappings + extends SymmetricAlgorithmProvider + { + private static final String PREFIX = Twofish.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + // BEGIN android-removed + // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); + // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); + // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHA"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory"); + + // BEGIN android-removed + // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); + // END android-removed + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java index 9c4c831..a471972 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java @@ -78,6 +78,10 @@ public class BCPBEKey { return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); } + else if (type == PBE.PKCS5S2_UTF8) + { + return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); + } else { return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java index 8231ad8..ec723db 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java @@ -1,25 +1,9 @@ package org.bouncycastle.jcajce.provider.symmetric.util; -import java.io.IOException; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// END android-removed - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -// BEGIN android-removed -// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -// END android-removed -import org.bouncycastle.util.Arrays; - public abstract class BaseAlgorithmParameters extends AlgorithmParametersSpi { @@ -42,344 +26,4 @@ public abstract class BaseAlgorithmParameters protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException; - - // BEGIN android-removed - // public static class RC2AlgorithmParameters - // extends BaseAlgorithmParameters - // { - // private static final short[] table = { - // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - // }; - // - // private static final short[] ekb = { - // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - // }; - // - // private byte[] iv; - // private int parameterVersion = 58; - // - // protected byte[] engineGetEncoded() - // { - // return Arrays.clone(iv); - // } - // - // protected byte[] engineGetEncoded( - // String format) - // throws IOException - // { - // if (this.isASN1FormatString(format)) - // { - // if (parameterVersion == -1) - // { - // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); - // } - // else - // { - // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); - // } - // } - // - // if (format.equals("RAW")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == RC2ParameterSpec.class) - // { - // if (parameterVersion != -1) - // { - // if (parameterVersion < 256) - // { - // return new RC2ParameterSpec(ekb[parameterVersion], iv); - // } - // else - // { - // return new RC2ParameterSpec(parameterVersion, iv); - // } - // } - // } - // - // if (paramSpec == IvParameterSpec.class) - // { - // return new IvParameterSpec(iv); - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec instanceof IvParameterSpec) - // { - // this.iv = ((IvParameterSpec)paramSpec).getIV(); - // } - // else if (paramSpec instanceof RC2ParameterSpec) - // { - // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - // if (effKeyBits != -1) - // { - // if (effKeyBits < 256) - // { - // parameterVersion = table[effKeyBits]; - // } - // else - // { - // parameterVersion = effKeyBits; - // } - // } - // - // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); - // } - // else - // { - // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); - // } - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // this.iv = Arrays.clone(params); - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (this.isASN1FormatString(format)) - // { - // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); - // - // if (p.getRC2ParameterVersion() != null) - // { - // parameterVersion = p.getRC2ParameterVersion().intValue(); - // } - // - // iv = p.getIV(); - // - // return; - // } - // - // if (format.equals("RAW")) - // { - // engineInit(params); - // return; - // } - // - // throw new IOException("Unknown parameters format in IV parameters object"); - // } - // - // protected String engineToString() - // { - // return "RC2 Parameters"; - // } - // } - // END android-removed - - public static class PBKDF2 - extends BaseAlgorithmParameters - { - PBKDF2Params params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getSalt(), - params.getIterationCount().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PBKDF2Params(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PWRIKEK parameters object"); - } - - protected String engineToString() - { - return "PBKDF2 Parameters"; - } - } - - public static class PKCS12PBE - extends BaseAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 26a73cd..d342775 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -22,6 +22,7 @@ import javax.crypto.spec.PBEParameterSpec; // import javax.crypto.spec.RC5ParameterSpec; // END android-removed +import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; @@ -38,6 +39,7 @@ import org.bouncycastle.crypto.modes.CTSBlockCipher; import org.bouncycastle.crypto.modes.GCMBlockCipher; // BEGIN android-removed // import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// import org.bouncycastle.crypto.modes.OCBBlockCipher; // END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; // BEGIN android-removed @@ -89,7 +91,8 @@ public class BaseBlockCipher // END android-removed }; - private org.bouncycastle.crypto.BlockCipher baseEngine; + private BlockCipher baseEngine; + private BlockCipherProvider engineProvider; private GenericBlockCipher cipher; private ParametersWithIV ivParam; @@ -103,7 +106,7 @@ public class BaseBlockCipher private String modeName = null; protected BaseBlockCipher( - org.bouncycastle.crypto.BlockCipher engine) + BlockCipher engine) { baseEngine = engine; @@ -111,6 +114,15 @@ public class BaseBlockCipher } protected BaseBlockCipher( + BlockCipherProvider provider) + { + baseEngine = provider.get(); + engineProvider = provider; + + cipher = new BufferedGenericBlockCipher(provider.get()); + } + + protected BaseBlockCipher( org.bouncycastle.crypto.BlockCipher engine, int ivLength) { @@ -292,6 +304,18 @@ public class BaseBlockCipher cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); } // BEGIN android-removed + // else if (modeName.startsWith("OCB")) + // { + // if (engineProvider != null) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); + // } + // else + // { + // throw new NoSuchAlgorithmException("can't support mode " + mode); + // } + // } // else if (modeName.startsWith("EAX")) // { // ivLength = baseEngine.getBlockSize(); @@ -413,7 +437,12 @@ public class BaseBlockCipher if (k.getParam() != null) { param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); + if (params instanceof IvParameterSpec) + { + IvParameterSpec iv = (IvParameterSpec)params; + + param = new ParametersWithIV(param, iv.getIV()); + } } else if (params instanceof PBEParameterSpec) { @@ -736,7 +765,7 @@ public class BaseBlockCipher if (inputLen != 0) { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); + len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); } return (len + cipher.doFinal(output, outputOffset + len)); @@ -758,7 +787,9 @@ public class BaseBlockCipher private boolean isAEADModeName( String modeName) { - return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName); + // BEGIN android-changed + return "CCM".equals(modeName) || "GCM".equals(modeName); + // END android-changed } /* diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java index 31f3278..442dcdd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java @@ -11,35 +11,6 @@ import javax.crypto.spec.PBEParameterSpec; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Mac; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// import org.bouncycastle.crypto.digests.MD5Digest; -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.SHA1Digest; -// import org.bouncycastle.crypto.digests.SHA224Digest; -// import org.bouncycastle.crypto.digests.SHA256Digest; -// import org.bouncycastle.crypto.digests.SHA384Digest; -// import org.bouncycastle.crypto.digests.SHA512Digest; -// import org.bouncycastle.crypto.digests.TigerDigest; -// END android-removed -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// import org.bouncycastle.crypto.macs.GOST28147Mac; -// END android-removed -import org.bouncycastle.crypto.macs.HMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -// import org.bouncycastle.crypto.macs.OldHMac; -// END android-removed -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -147,317 +118,4 @@ public class BaseMac return out; } - - /** - * the classes that extend directly off us. - */ - - /** - * DES - */ - public static class DES - extends BaseMac - { - public DES() - { - super(new CBCBlockCipherMac(new DESEngine())); - } - } - - /** - * DES 64 bit MAC - */ - public static class DES64 - extends BaseMac - { - public DES64() - { - super(new CBCBlockCipherMac(new DESEngine(), 64)); - } - } - - /** - * RC2 - */ - public static class RC2 - extends BaseMac - { - public RC2() - { - super(new CBCBlockCipherMac(new RC2Engine())); - } - } - - // BEGIN android-removed - // /** - // * GOST28147 - // */ - // public static class GOST28147 - // extends BaseMac - // { - // public GOST28147() - // { - // super(new GOST28147Mac()); - // } - // } - // - // - // - // /** - // * DES - // */ - // public static class DESCFB8 - // extends BaseMac - // { - // public DESCFB8() - // { - // super(new CFBBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * RC2CFB8 - // */ - // public static class RC2CFB8 - // extends BaseMac - // { - // public RC2CFB8() - // { - // super(new CFBBlockCipherMac(new RC2Engine())); - // } - // } - // - // /** - // * DES9797Alg3with7816-4Padding - // */ - // public static class DES9797Alg3with7816d4 - // extends BaseMac - // { - // public DES9797Alg3with7816d4() - // { - // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - // } - // } - // - // /** - // * DES9797Alg3 - // */ - // public static class DES9797Alg3 - // extends BaseMac - // { - // public DES9797Alg3() - // { - // super(new ISO9797Alg3Mac(new DESEngine())); - // } - // } - // - // /** - // * MD2 HMac - // */ - // public static class MD2 - // extends BaseMac - // { - // public MD2() - // { - // super(new HMac(new MD2Digest())); - // } - // } - // - // /** - // * MD4 HMac - // */ - // public static class MD4 - // extends BaseMac - // { - // public MD4() - // { - // super(new HMac(new MD4Digest())); - // } - // } - // END android-removed - - /** - * MD5 HMac - */ - public static class MD5 - extends BaseMac - { - public MD5() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getMD5())); - // END android-changed - } - } - - /** - * SHA1 HMac - */ - public static class SHA1 - extends BaseMac - { - public SHA1() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1())); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * SHA-224 HMac - // */ - // public static class SHA224 - // extends BaseMac - // { - // public SHA224() - // { - // super(new HMac(new SHA224Digest())); - // } - // } - // END android-removed - - /** - * SHA-256 HMac - */ - public static class SHA256 - extends BaseMac - { - public SHA256() - { - super(new HMac(AndroidDigestFactory.getSHA256())); - } - } - - /** - * SHA-384 HMac - */ - public static class SHA384 - extends BaseMac - { - public SHA384() - { - super(new HMac(AndroidDigestFactory.getSHA384())); - } - } - - // BEGIN android-removed - // public static class OldSHA384 - // extends BaseMac - // { - // public OldSHA384() - // { - // super(new OldHMac(new SHA384Digest())); - // } - // } - // END android-removed - - /** - * SHA-512 HMac - */ - public static class SHA512 - extends BaseMac - { - public SHA512() - { - super(new HMac(AndroidDigestFactory.getSHA512())); - } - } - - // BEGIN android-removed - // /** - // * SHA-512 HMac - // */ - // public static class OldSHA512 - // extends BaseMac - // { - // public OldSHA512() - // { - // super(new OldHMac(new SHA512Digest())); - // } - // } - // - // /** - // * RIPEMD128 HMac - // */ - // public static class RIPEMD128 - // extends BaseMac - // { - // public RIPEMD128() - // { - // super(new HMac(new RIPEMD128Digest())); - // } - // } - // - // /** - // * RIPEMD160 HMac - // */ - // public static class RIPEMD160 - // extends BaseMac - // { - // public RIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest())); - // } - // } - // - // /** - // * Tiger HMac - // */ - // public static class Tiger - // extends BaseMac - // { - // public Tiger() - // { - // super(new HMac(new TigerDigest())); - // } - // } - // - // // - // // PKCS12 states that the same algorithm should be used - // // for the key generation as is used in the HMAC, so that - // // is what we do here. - // // - // - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends BaseMac - // { - // public PBEWithRIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends BaseMac - { - public PBEWithSHA() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends BaseMac - // { - // public PBEWithTiger() - // { - // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - // } - // } - // END android-removed } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java index 9c59b1b..31896cd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java @@ -7,15 +7,9 @@ import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; public class BaseSecretKeyFactory extends SecretKeyFactorySpi @@ -96,101 +90,4 @@ public class BaseSecretKeyFactory return new SecretKeySpec(key.getEncoded(), algName); } - - /* - * classes that inherit from us - */ - - - - static public class DESPBEKeyFactory - extends BaseSecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - KeyParameter kParam; - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - DESParameters.setOddParity(kParam.getKey()); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DES - extends BaseSecretKeyFactory - { - public DES() - { - super("DES", null); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java new file mode 100644 index 0000000..f5ab9ad --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java @@ -0,0 +1,8 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import org.bouncycastle.crypto.BlockCipher; + +public interface BlockCipherProvider +{ + BlockCipher get(); +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java index 1074e11..951beee 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java @@ -32,22 +32,24 @@ public interface PBE // // PBE Based encryption constants - by default we do PKCS12 with SHA-1 // - static final int MD5 = 0; - static final int SHA1 = 1; + static final int MD5 = 0; + static final int SHA1 = 1; // BEGIN android-removed - // static final int RIPEMD160 = 2; - // static final int TIGER = 3; + // static final int RIPEMD160 = 2; + // static final int TIGER = 3; // END android-removed - static final int SHA256 = 4; + static final int SHA256 = 4; // BEGIN android-removed - // static final int MD2 = 5; - // static final int GOST3411 = 6; + // static final int MD2 = 5; + // static final int GOST3411 = 6; // END android-removed - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OPENSSL = 3; + static final int PKCS5S1 = 0; + static final int PKCS5S2 = 1; + static final int PKCS12 = 2; + static final int OPENSSL = 3; + static final int PKCS5S1_UTF8 = 4; + static final int PKCS5S2_UTF8 = 5; /** * uses the appropriate mixer to generate the key and IV if necessary. @@ -60,7 +62,7 @@ public interface PBE { PBEParametersGenerator generator; - if (type == PKCS5S1) + if (type == PKCS5S1 || type == PKCS5S1_UTF8) { switch (hash) { @@ -83,7 +85,7 @@ public interface PBE throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); } } - else if (type == PKCS5S2) + else if (type == PKCS5S2 || type == PKCS5S2_UTF8) { generator = new PKCS5S2ParametersGenerator(); } @@ -245,16 +247,9 @@ public interface PBE PBEParametersGenerator generator = makePBEGenerator(type, hash); byte[] key; CipherParameters param; - - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } - + + key = convertPassword(type, keySpec); + generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); if (ivSize != 0) @@ -273,7 +268,8 @@ public interface PBE return param; } - + + /** * generate a PBE based key suitable for a MAC algorithm, the * key size is chosen according the MAC size, or the hashing algorithm, @@ -289,14 +285,7 @@ public interface PBE byte[] key; CipherParameters param; - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } + key = convertPassword(type, keySpec); generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); @@ -309,5 +298,24 @@ public interface PBE return param; } + + private static byte[] convertPassword(int type, PBEKeySpec keySpec) + { + byte[] key; + + if (type == PKCS12) + { + key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); + } + else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + else + { + key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); + } + return key; + } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java new file mode 100644 index 0000000..56d6c5b --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java @@ -0,0 +1,40 @@ +package org.bouncycastle.jcajce.provider.util; + +import java.util.HashMap; +import java.util.Map; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.util.Integers; + +public class SecretKeyUtil +{ + private static Map keySizes = new HashMap(); + + static + { + keySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integers.valueOf(192)); + + keySizes.put(NISTObjectIdentifiers.id_aes128_CBC, Integers.valueOf(128)); + keySizes.put(NISTObjectIdentifiers.id_aes192_CBC, Integers.valueOf(192)); + keySizes.put(NISTObjectIdentifiers.id_aes256_CBC, Integers.valueOf(256)); + + keySizes.put(NTTObjectIdentifiers.id_camellia128_cbc, Integers.valueOf(128)); + keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192)); + keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256)); + } + + public static int getKeySize(ASN1ObjectIdentifier oid) + { + Integer size = (Integer)keySizes.get(oid); + + if (size != null) + { + return size.intValue(); + } + + return -1; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java deleted file mode 100644 index b56351b..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.jce; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.sec.SECNamedCurves; -// BEGIN android-removed -// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -// END android-removed -import org.bouncycastle.asn1.x9.X962NamedCurves; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; - -/** - * a table of locally supported named curves. - */ -public class ECNamedCurveTable -{ - /** - * return a parameter spec representing the passed in named - * curve. The routine returns null if the curve is not present. - * - * @param name the name of the curve requested - * @return a parameter spec for the curve, null if it is not available. - */ - public static ECNamedCurveParameterSpec getParameterSpec( - String name) - { - X9ECParameters ecP = X962NamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = X962NamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - - if (ecP == null) - { - ecP = SECNamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = SECNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - } - - // BEGIN android-removed - // if (ecP == null) - // { - // ecP = TeleTrusTNamedCurves.getByName(name); - // if (ecP == null) - // { - // try - // { - // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - // } - // catch (IllegalArgumentException e) - // { - // // ignore - not an oid - // } - // } - // } - // END android-removed - - if (ecP == null) - { - ecP = NISTNamedCurves.getByName(name); - } - - if (ecP == null) - { - return null; - } - - return new ECNamedCurveParameterSpec( - name, - ecP.getCurve(), - ecP.getG(), - ecP.getN(), - ecP.getH(), - ecP.getSeed()); - } - - /** - * return an enumeration of the names of the available curves. - * - * @return an enumeration of the names of the available curves. - */ - public static Enumeration getNames() - { - Vector v = new Vector(); - - addEnumeration(v, X962NamedCurves.getNames()); - addEnumeration(v, SECNamedCurves.getNames()); - addEnumeration(v, NISTNamedCurves.getNames()); - // BEGIN android-removed - // addEnumeration(v, TeleTrusTNamedCurves.getNames()); - // END android-removed - - return v.elements(); - } - - private static void addEnumeration( - Vector v, - Enumeration e) - { - while (e.hasMoreElements()) - { - v.addElement(e.nextElement()); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index cc6510a..b3c34d3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -10,11 +10,6 @@ import java.util.HashMap; import java.util.Map; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.bc.BCObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// END android-removed -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; @@ -49,22 +44,31 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; public final class BouncyCastleProvider extends Provider implements ConfigurableProvider { - private static String info = "BouncyCastle Security Provider v1.48"; + private static String info = "BouncyCastle Security Provider v1.49"; - // BEGIN android-changed - // this constant should be final public static final String PROVIDER_NAME = "BC"; - // END android-changed public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); - private static final Map keyInfoConverters = new HashMap(); /* * Configurable symmetric ciphers */ - private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; + private static final String SYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; + + private static final String[] SYMMETRIC_GENERIC = + { + "PBEPBKDF2", "PBEPKCS12" + }; + + private static final String[] SYMMETRIC_MACS = + { + // BEGIN android-removed + // "SipHash" + // END android-removed + }; + private static final String[] SYMMETRIC_CIPHERS = { // BEGIN android-removed @@ -72,20 +76,25 @@ public final class BouncyCastleProvider extends Provider // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" // END android-removed // BEGIN android-added - "AES", "ARC4", "Blowfish", "DES", "DESede", + "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish" // END android-added }; /* * Configurable asymmetric ciphers */ - private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; + private static final String ASYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; // this one is required for GNU class path - it needs to be loaded first as the // later ones configure it. private static final String[] ASYMMETRIC_GENERIC = { + // BEGIN android-removed + // "X509", "IES" + // END android-removed + // BEGIN android-added "X509" + // END android-added }; private static final String[] ASYMMETRIC_CIPHERS = @@ -112,6 +121,15 @@ public final class BouncyCastleProvider extends Provider // END android-added }; + /* + * Configurable digests + */ + private static final String KEYSTORE_PACKAGE = "org.bouncycastle.jcajce.provider.keystore."; + private static final String[] KEYSTORES = + { + "BC", "PKCS12" + }; + /** * Construct a new provider. This should only be required when * using runtime registration of the provider using the @@ -119,7 +137,7 @@ public final class BouncyCastleProvider extends Provider */ public BouncyCastleProvider() { - super(PROVIDER_NAME, 1.48, info); + super(PROVIDER_NAME, 1.49, info); AccessController.doPrivileged(new PrivilegedAction() { @@ -135,11 +153,17 @@ public final class BouncyCastleProvider extends Provider { loadAlgorithms(DIGEST_PACKAGE, DIGESTS); - loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS); + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_GENERIC); + + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_MACS); + + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_CIPHERS); - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_GENERIC); + loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_GENERIC); - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); + loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_CIPHERS); + + loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); // BEGIN android-removed // // @@ -162,335 +186,23 @@ public final class BouncyCastleProvider extends Provider // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); - // END android-removed - - // - // KeyStore - // - put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); - put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); - put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - // BEGIN android-changed - put("Alg.Alias.KeyStore.BCPKCS12", "PKCS12"); - // END android-changed - // BEGIN android-removed - // put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - // END android-removed - - // BEGIN android-changed - put("Alg.Alias.KeyStore.PKCS12-3DES-40RC2", "PKCS12"); - // END android-changed - // BEGIN android-removed - // put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); - // END android-removed - - // BEGIN android-removed - // put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - // put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); - // END android-removed - - put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); - put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); - put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); - - // - // algorithm parameters - // - // BEGIN android-removed - // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); - // END android-removed - put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - - // BEGIN android-removed - // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); - // END android-removed - - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); - - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); - - // BEGIN android-removed - // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // END android-removed - - // - // key agreement - // - - - // - // cipher engines - // - put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - // BEGIN android-removed - // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); - // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); - // END android-removed - - put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); - // BEGIN android-removed + // // + // // cipher engines + // // // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); - // END android-removed - put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); - put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); - // BEGIN android-removed - // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); - // END android-removed - put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - - put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); - put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2"); - put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); - put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); - - - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); - - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - - put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - - put("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - - put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); - // BEGIN android-removed - // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); - // - // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - - // - // key generators. - // - - - // - // key pair generators. // - - - - // - // key factories - // - - - - - // - // Algorithm parameters - // - - // - // secret key factories. - // - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); - // - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); - // END android-removed - put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); - put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); - put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); - put("SecretKeyFactory.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndRC2"); - put("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES3Key"); - put("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES2Key"); - put("SecretKeyFactory.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC4"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC4"); - put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); - put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); - // END android-removed - put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); - // END android-removed - - put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL"); - - // BEGIN android-removed - // put("SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithGOST3411"); + // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); // - // put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); // - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); - // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); + // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); // - // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); - // BEGIN android-removed - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.1.3.14.3.2.26", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - put("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd256BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And256BitAESBC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - // BEGIN android-added - - put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); - // END android-added - - addMacAlgorithms(); - - // Certification Path API - // BEGIN android-removed + // // Certification Path API // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); + // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); + // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); // END android-removed - // BEGIN android-changed - // Use Alg.Alias so RFC3280 doesn't show up when iterating provider services, only PKIX - put("Alg.Alias.CertPathValidator.RFC3280", "PKIX"); - put("Alg.Alias.CertPathBuilder.RFC3280", "PKIX"); - // END android-changed put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); @@ -539,35 +251,6 @@ public final class BouncyCastleProvider extends Provider } } - // - // macs - // - private void addMacAlgorithms() - { - - // BEGIN android-removed - // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); - // - // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); - // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); - // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); - // - // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); - // - // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); - // END android-removed - - put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - // BEGIN android-removed - // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); - // END android-removed - put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); - } - - public void setParameter(String parameterName, Object parameter) { synchronized (CONFIGURATION) diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java index 8fb1616..cda05e8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java @@ -4,7 +4,7 @@ import java.security.Permission; import javax.crypto.spec.DHParameterSpec; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jcajce.provider.config.ProviderConfigurationPermission; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java deleted file mode 100644 index 6f4d129..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java +++ /dev/null @@ -1,1133 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// import javax.crypto.spec.RC5ParameterSpec; -// END android-removed -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.OutputLengthException; -import org.bouncycastle.crypto.engines.AESFastEngine; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.engines.TwofishEngine; -import org.bouncycastle.crypto.modes.AEADBlockCipher; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CCMBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.CTSBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.EAXBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.GCMBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.GOFBBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.OFBBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.SICBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.paddings.TBCPadding; -import org.bouncycastle.crypto.paddings.X923Padding; -import org.bouncycastle.crypto.paddings.ZeroBytePadding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.ParametersWithRandom; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ParametersWithSBox; -// import org.bouncycastle.crypto.params.RC2Parameters; -// import org.bouncycastle.crypto.params.RC5Parameters; -// END android-removed -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; -// END android-removed -import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; -import org.bouncycastle.util.Strings; - -public class JCEBlockCipher - extends CipherSpi - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - // BEGIN android-removed - // RC2ParameterSpec.class, - // RC5ParameterSpec.class, - // END android-removed - IvParameterSpec.class, - PBEParameterSpec.class, - // BEGIN android-removed - // GOST28147ParameterSpec.class - // END android-removed - }; - - private BlockCipher baseEngine; - private GenericBlockCipher cipher; - private ParametersWithIV ivParam; - - private int ivLength = 0; - - private boolean padded; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - private String modeName = null; - - private AlgorithmParameters engineParams; - - protected JCEBlockCipher( - BlockCipher engine) - { - baseEngine = engine; - - cipher = new BufferedGenericBlockCipher(engine); - } - - protected JCEBlockCipher( - BlockCipher engine, - int ivLength) - { - baseEngine = engine; - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected JCEBlockCipher( - BufferedBlockCipher engine, - int ivLength) - { - baseEngine = engine.getUnderlyingCipher(); - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected int engineGetBlockSize() - { - return baseEngine.getBlockSize(); - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputSize(inputLen); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(pbeSpec); - } - catch (Exception e) - { - return null; - } - } - else if (ivParam != null) - { - String name = cipher.getUnderlyingCipher().getAlgorithmName(); - - if (name.indexOf('/') >= 0) - { - name = name.substring(0, name.indexOf('/')); - } - - try - { - engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(ivParam.getIV()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - modeName = Strings.toUpperCase(mode); - - if (modeName.equals("ECB")) - { - ivLength = 0; - cipher = new BufferedGenericBlockCipher(baseEngine); - } - else if (modeName.equals("CBC")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher( - new CBCBlockCipher(baseEngine)); - } - else if (modeName.startsWith("OFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - else if (modeName.startsWith("CFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - // BEGIN android-removed - // else if (modeName.startsWith("PGP")) - // { - // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); - // - // ivLength = baseEngine.getBlockSize(); - // cipher = new BufferedGenericBlockCipher( - // new PGPCFBBlockCipher(baseEngine, inlineIV)); - // } - // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) - // { - // ivLength = 0; - // cipher = new BufferedGenericBlockCipher( - // new OpenPGPCFBBlockCipher(baseEngine)); - // } - // END android-removed - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); - if (ivLength < 16) - { - throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); - } - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CTR")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - // BEGIN android-removed - // else if (modeName.startsWith("GOFB")) - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - // new GOFBBlockCipher(baseEngine))); - // } - // END android-removed - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(new CBCBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CCM")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); - } - // BEGIN android-removed - // else if (modeName.startsWith("EAX")) - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); - // } - // END android-removed - else if (modeName.startsWith("GCM")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine)); - } - else - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - if (paddingName.equals("NOPADDING")) - { - if (cipher.wrapOnNoPadding()) - { - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(cipher.getUnderlyingCipher())); - } - } - else if (paddingName.equals("WITHCTS")) - { - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(cipher.getUnderlyingCipher())); - } - else - { - padded = true; - - if (isAEADModeName(modeName)) - { - throw new NoSuchPaddingException("Only NoPadding can be used with AEAD modes."); - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("ZEROBYTEPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ZeroBytePadding()); - } - else if (paddingName.equals("ISO10126PADDING") || paddingName.equals("ISO10126-2PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO10126d2Padding()); - } - else if (paddingName.equals("X9.23PADDING") || paddingName.equals("X923PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new X923Padding()); - } - else if (paddingName.equals("ISO7816-4PADDING") || paddingName.equals("ISO9797-1PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO7816d4Padding()); - } - else if (paddingName.equals("TBCPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new TBCPadding()); - } - else - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - this.engineParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - // BEGIN android-removed - // // - // // for RC5-64 we must have some default parameters - // // - // if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) - // { - // throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); - // } - // END android-removed - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). - // - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); - } - else if (params instanceof PBEParameterSpec) - { - pbeSpec = (PBEParameterSpec)params; - param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName()); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (param instanceof ParametersWithIV) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - if (ivLength != 0) - { - IvParameterSpec p = (IvParameterSpec)params; - - if (p.getIV().length != ivLength && !isAEADModeName(modeName)) - { - throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); - } - - if (key instanceof RepeatedSecretKeySpec) - { - param = new ParametersWithIV(null, p.getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else - { - if (modeName != null && modeName.equals("ECB")) - { - throw new InvalidAlgorithmParameterException("ECB mode does not use an IV"); - } - - param = new KeyParameter(key.getEncoded()); - } - } - // BEGIN android-removed - // else if (params instanceof GOST28147ParameterSpec) - // { - // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - // - // param = new ParametersWithSBox( - // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); - // - // if (gost28147Param.getIV() != null && ivLength != 0) - // { - // param = new ParametersWithIV(param, gost28147Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // else if (params instanceof RC2ParameterSpec) - // { - // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - // - // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - // - // if (rc2Param.getIV() != null && ivLength != 0) - // { - // param = new ParametersWithIV(param, rc2Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // else if (params instanceof RC5ParameterSpec) - // { - // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - // - // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - // if (baseEngine.getAlgorithmName().startsWith("RC5")) - // { - // if (baseEngine.getAlgorithmName().equals("RC5-32")) - // { - // if (rc5Param.getWordSize() != 32) - // { - // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); - // } - // } - // else if (baseEngine.getAlgorithmName().equals("RC5-64")) - // { - // if (rc5Param.getWordSize() != 64) - // { - // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); - // } - // } - // } - // else - // { - // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); - // } - // if ((rc5Param.getIV() != null) && (ivLength != 0)) - // { - // param = new ParametersWithIV(param, rc5Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // END android-removed - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - if (random != null && padded) - { - param = new ParametersWithRandom(param, random); - } - - try - { - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed"); - } - } - catch (Exception e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - // try again if possible - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - int length = cipher.getUpdateOutputSize(inputLen); - - if (length > 0) - { - byte[] out = new byte[length]; - - int len = cipher.processBytes(input, inputOffset, inputLen, out, 0); - - if (len == 0) - { - return null; - } - else if (len != out.length) - { - byte[] tmp = new byte[len]; - - System.arraycopy(out, 0, tmp, 0, len); - - return tmp; - } - - return out; - } - - cipher.processBytes(input, inputOffset, inputLen, null, 0); - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - byte[] tmp = new byte[engineGetOutputSize(inputLen)]; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); - } - - try - { - len += cipher.doFinal(tmp, len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - if (len == tmp.length) - { - return tmp; - } - - byte[] out = new byte[len]; - - System.arraycopy(tmp, 0, out, 0, len); - - return out; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - try - { - int len = 0; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - return (len + cipher.doFinal(output, outputOffset + len)); - } - catch (OutputLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - private boolean isAEADModeName( - String modeName) - { - return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName); - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - return engineDoFinal(encoded, 0, encoded.length); - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException - { - byte[] encoded; - try - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) - { - /* - * The caller doesn't know the algorithm as it is part of - * the encrypted data. - */ - try - { - PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); - - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); - - if (privKey != null) - { - return privKey; - } - else - { - throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("Invalid key encoding."); - } - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - - /* - * The ciphers that inherit from us. - */ - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends JCEBlockCipher - { - public PBEWithMD5AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends JCEBlockCipher - { - public PBEWithMD5AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends JCEBlockCipher - { - public PBEWithSHA1AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends JCEBlockCipher - { - public PBEWithSHA1AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitRC2 - extends JCEBlockCipher - { - public PBEWithSHAAnd128BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends JCEBlockCipher - { - public PBEWithSHAAnd40BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHAAndTwofish - extends JCEBlockCipher - { - public PBEWithSHAAndTwofish() - { - super(new CBCBlockCipher(new TwofishEngine())); - } - } - - /** - * PBEWithAES-CBC - */ - static public class PBEWithAESCBC - extends JCEBlockCipher - { - public PBEWithAESCBC() - { - super(new CBCBlockCipher(new AESFastEngine())); - } - } - - static private interface GenericBlockCipher - { - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException; - - public boolean wrapOnNoPadding(); - - public String getAlgorithmName(); - - public BlockCipher getUnderlyingCipher(); - - public int getOutputSize(int len); - - public int getUpdateOutputSize(int len); - - public int processByte(byte in, byte[] out, int outOff) - throws DataLengthException; - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) - throws DataLengthException; - - public int doFinal(byte[] out, int outOff) - throws IllegalStateException, InvalidCipherTextException; - } - - private static class BufferedGenericBlockCipher - implements GenericBlockCipher - { - private BufferedBlockCipher cipher; - - BufferedGenericBlockCipher(BufferedBlockCipher cipher) - { - this.cipher = cipher; - } - - BufferedGenericBlockCipher(BlockCipher cipher) - { - this.cipher = new PaddedBufferedBlockCipher(cipher); - } - - BufferedGenericBlockCipher(BlockCipher cipher, BlockCipherPadding padding) - { - this.cipher = new PaddedBufferedBlockCipher(cipher, padding); - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public boolean wrapOnNoPadding() - { - return !(cipher instanceof CTSBlockCipher); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException - { - return cipher.doFinal(out, outOff); - } - } - - private static class AEADGenericBlockCipher - implements GenericBlockCipher - { - private AEADBlockCipher cipher; - - AEADGenericBlockCipher(AEADBlockCipher cipher) - { - this.cipher = cipher; - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public boolean wrapOnNoPadding() - { - return false; - } - - public BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException - { - return cipher.doFinal(out, outOff); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java index 9aaca5b..7d561b3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java @@ -33,8 +33,8 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java index 863f9d3..cfed770 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java @@ -32,8 +32,8 @@ import org.bouncycastle.asn1.x9.X9IntegerConverter; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; // BEGIN android-removed // import org.bouncycastle.jce.ECGOST3410NamedCurveTable; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java deleted file mode 100644 index 6a3df68..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java +++ /dev/null @@ -1,455 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.MacSpi; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// import org.bouncycastle.crypto.digests.MD5Digest; -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.SHA1Digest; -// import org.bouncycastle.crypto.digests.SHA224Digest; -// import org.bouncycastle.crypto.digests.SHA256Digest; -// import org.bouncycastle.crypto.digests.SHA384Digest; -// import org.bouncycastle.crypto.digests.SHA512Digest; -// import org.bouncycastle.crypto.digests.TigerDigest; -// END android-removed -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -import org.bouncycastle.crypto.engines.DESEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.RC2Engine; -// END android-removed -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// END android-removed -import org.bouncycastle.crypto.macs.HMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -// import org.bouncycastle.crypto.macs.OldHMac; -// END android-removed -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; - -public class JCEMac - extends MacSpi implements PBE -{ - private Mac macEngine; - - private int pbeType = PKCS12; - private int pbeHash = SHA1; - private int keySize = 160; - - protected JCEMac( - Mac macEngine) - { - this.macEngine = macEngine; - } - - protected JCEMac( - Mac macEngine, - int pbeType, - int pbeHash, - int keySize) - { - this.macEngine = macEngine; - this.pbeType = pbeType; - this.pbeHash = pbeHash; - this.keySize = keySize; - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (key == null) - { - throw new InvalidKeyException("key is null"); - } - - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getParam() != null) - { - param = k.getParam(); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEMacParameters(k, params); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - macEngine.init(param); - } - - protected int engineGetMacLength() - { - return macEngine.getMacSize(); - } - - protected void engineReset() - { - macEngine.reset(); - } - - protected void engineUpdate( - byte input) - { - macEngine.update(input); - } - - protected void engineUpdate( - byte[] input, - int offset, - int len) - { - macEngine.update(input, offset, len); - } - - protected byte[] engineDoFinal() - { - byte[] out = new byte[engineGetMacLength()]; - - macEngine.doFinal(out, 0); - - return out; - } - - /** - * the classes that extend directly off us. - */ - - // BEGIN android-removed - // /** - // * DES - // */ - // public static class DES - // extends JCEMac - // { - // public DES() - // { - // super(new CBCBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * DES 64 bit MAC - // */ - // public static class DES64 - // extends JCEMac - // { - // public DES64() - // { - // super(new CBCBlockCipherMac(new DESEngine(), 64)); - // } - // } - // - // /** - // * RC2 - // */ - // public static class RC2 - // extends JCEMac - // { - // public RC2() - // { - // super(new CBCBlockCipherMac(new RC2Engine())); - // } - // } - // - // - // - // - // /** - // * DES - // */ - // public static class DESCFB8 - // extends JCEMac - // { - // public DESCFB8() - // { - // super(new CFBBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * RC2CFB8 - // */ - // - // - // /** - // * DES9797Alg3with7816-4Padding - // */ - // public static class DES9797Alg3with7816d4 - // extends JCEMac - // { - // public DES9797Alg3with7816d4() - // { - // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - // } - // } - // - // /** - // * DES9797Alg3 - // */ - // public static class DES9797Alg3 - // extends JCEMac - // { - // public DES9797Alg3() - // { - // super(new ISO9797Alg3Mac(new DESEngine())); - // } - // } - // - // /** - // * MD2 HMac - // */ - // public static class MD2 - // extends JCEMac - // { - // public MD2() - // { - // super(new HMac(new MD2Digest())); - // } - // } - // - // /** - // * MD4 HMac - // */ - // public static class MD4 - // extends JCEMac - // { - // public MD4() - // { - // super(new HMac(new MD4Digest())); - // } - // } - // END android-removed - - /** - * MD5 HMac - */ - public static class MD5 - extends JCEMac - { - public MD5() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getMD5())); - // END android-changed - } - } - - /** - * SHA1 HMac - */ - public static class SHA1 - extends JCEMac - { - public SHA1() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1())); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * SHA-224 HMac - // */ - // public static class SHA224 - // extends JCEMac - // { - // public SHA224() - // { - // super(new HMac(new SHA224Digest())); - // } - // } - // END android-removed - - /** - * SHA-256 HMac - */ - public static class SHA256 - extends JCEMac - { - public SHA256() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA256())); - // END android-changed - } - } - - /** - * SHA-384 HMac - */ - public static class SHA384 - extends JCEMac - { - public SHA384() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA384())); - // END android-changed - } - } - - // BEGIN android-removed - // public static class OldSHA384 - // extends JCEMac - // { - // public OldSHA384() - // { - // super(new OldHMac(new SHA384Digest())); - // } - // } - // END android-removed - - /** - * SHA-512 HMac - */ - public static class SHA512 - extends JCEMac - { - public SHA512() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA512())); - // END android-changed - } - } - - - // BEGIN android-removed - // /** - // * SHA-512 HMac - // */ - // public static class OldSHA512 - // extends JCEMac - // { - // public OldSHA512() - // { - // super(new OldHMac(new SHA512Digest())); - // } - // } - // - // /** - // * RIPEMD128 HMac - // */ - // public static class RIPEMD128 - // extends JCEMac - // { - // public RIPEMD128() - // { - // super(new HMac(new RIPEMD128Digest())); - // } - // } - // - // /** - // * RIPEMD160 HMac - // */ - // public static class RIPEMD160 - // extends JCEMac - // { - // public RIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest())); - // } - // } - // - // /** - // * Tiger HMac - // */ - // public static class Tiger - // extends JCEMac - // { - // public Tiger() - // { - // super(new HMac(new TigerDigest())); - // } - // } - // - // // - // // PKCS12 states that the same algorithm should be used - // // for the key generation as is used in the HMAC, so that - // // is what we do here. - // // - // - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends JCEMac - // { - // public PBEWithRIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends JCEMac - { - public PBEWithSHA() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends JCEMac - // { - // public PBEWithTiger() - // { - // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - // } - // } - // END android-removed -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java deleted file mode 100644 index faf0ead..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ /dev/null @@ -1,612 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.lang.reflect.Constructor; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; - -public class JCESecretKeyFactory - extends SecretKeyFactorySpi - implements PBE -{ - protected String algName; - protected ASN1ObjectIdentifier algOid; - - protected JCESecretKeyFactory( - String algName, - ASN1ObjectIdentifier algOid) - { - this.algName = algName; - this.algOid = algOid; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof SecretKeySpec) - { - return (SecretKey)keySpec; - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - - try - { - Class[] parameters = { byte[].class }; - - Constructor c = keySpec.getConstructor(parameters); - Object[] p = new Object[1]; - - p[0] = key.getEncoded(); - - return (KeySpec)c.newInstance(p); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - protected SecretKey engineTranslateKey( - SecretKey key) - throws InvalidKeyException - { - if (key == null) - { - throw new InvalidKeyException("key parameter is null"); - } - - if (!key.getAlgorithm().equalsIgnoreCase(algName)) - { - throw new InvalidKeyException("Key not of type " + algName + "."); - } - - return new SecretKeySpec(key.getEncoded(), algName); - } - - /* - * classes that inherit from us - */ - - static public class PBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public PBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DESPBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - KeyParameter kParam; - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - DESParameters.setOddParity(kParam.getKey()); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DES - extends JCESecretKeyFactory - { - public DES() - { - super("DES", null); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - // BEGIN android-removed - // /** - // * PBEWithMD2AndDES - // */ - // static public class PBEWithMD2AndDES - // extends DESPBEKeyFactory - // { - // public PBEWithMD2AndDES() - // { - // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); - // } - // } - // - // /** - // * PBEWithMD2AndRC2 - // */ - // static public class PBEWithMD2AndRC2 - // extends PBEKeyFactory - // { - // public PBEWithMD2AndRC2() - // { - // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); - // } - // } - // END android-removed - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends DESPBEKeyFactory - { - public PBEWithMD5AndDES() - { - super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends PBEKeyFactory - { - public PBEWithMD5AndRC2() - { - super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends DESPBEKeyFactory - { - public PBEWithSHA1AndDES() - { - super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends PBEKeyFactory - { - public PBEWithSHA1AndRC2() - { - super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3Key - extends DESPBEKeyFactory - { - public PBEWithSHAAndDES3Key() - { - super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2Key - extends DESPBEKeyFactory - { - public PBEWithSHAAndDES2Key() - { - super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitRC2 - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitRC2() - { - super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends PBEKeyFactory - { - public PBEWithSHAAnd40BitRC2() - { - super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHAAndTwofish - extends PBEKeyFactory - { - public PBEWithSHAAndTwofish() - { - super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128BitRC4 - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitRC4() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40BitRC4 - extends PBEKeyFactory - { - public PBEWithSHAAnd40BitRC4() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends PBEKeyFactory - // { - // public PBEWithRIPEMD160() - // { - // super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends PBEKeyFactory - { - public PBEWithSHA() - { - super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends PBEKeyFactory - // { - // public PBEWithTiger() - // { - // super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); - // } - // } - // END android-removed - - /** - * PBEWithSHA1And128BitAES-BC - */ - static public class PBEWithSHAAnd128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitAESBC() - { - super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); - } - } - - /** - * PBEWithSHA1And192BitAES-BC - */ - static public class PBEWithSHAAnd192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd192BitAESBC() - { - super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); - } - } - - /** - * PBEWithSHA1And256BitAES-BC - */ - static public class PBEWithSHAAnd256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd256BitAESBC() - { - super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHA256And128BitAES-BC - */ - static public class PBEWithSHA256And128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And128BitAESBC() - { - super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); - } - } - - /** - * PBEWithSHA256And192BitAES-BC - */ - static public class PBEWithSHA256And192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And192BitAESBC() - { - super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); - } - } - - /** - * PBEWithSHA256And256BitAES-BC - */ - static public class PBEWithSHA256And256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And256BitAESBC() - { - super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); - } - } - - /** - * PBEWithMD5And128BitAES-OpenSSL - */ - static public class PBEWithMD5And128BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And128BitAESCBCOpenSSL() - { - super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); - } - } - - /** - * PBEWithMD5And192BitAES-OpenSSL - */ - static public class PBEWithMD5And192BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And192BitAESCBCOpenSSL() - { - super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); - } - } - - /** - * PBEWithMD5And256BitAES-OpenSSL - */ - static public class PBEWithMD5And256BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And256BitAESCBCOpenSSL() - { - super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); - } - } - // BEGIN android-added - static public class PBKDF2WithHmacSHA1 - extends JCESecretKeyFactory - { - public PBKDF2WithHmacSHA1() - { - super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - - if (pbeSpec.getSalt() == null) - { - throw new InvalidKeySpecException("missing required salt"); - } - - if (pbeSpec.getIterationCount() <= 0) - { - throw new InvalidKeySpecException("positive iteration count required: " - + pbeSpec.getIterationCount()); - } - - if (pbeSpec.getKeyLength() <= 0) - { - throw new InvalidKeySpecException("positive key length required: " - + pbeSpec.getKeyLength()); - } - - if (pbeSpec.getPassword().length == 0) - { - throw new IllegalArgumentException("password empty"); - } - - int scheme = PKCS5S2; - int digest = SHA1; - int keySize = pbeSpec.getKeyLength(); - int ivSize = -1; - CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - // END android-added -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java index 4600679..7471b0b 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java @@ -620,28 +620,4 @@ public class JCEStreamCipher // } // } // END android-removed - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128BitRC4 - extends JCEStreamCipher - { - public PBEWithSHAAnd128BitRC4() - { - super(new RC4Engine(), 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40BitRC4 - extends JCEStreamCipher - { - public PBEWithSHAAnd40BitRC4() - { - super(new RC4Engine(), 0); - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java deleted file mode 100644 index 9a8cf9b..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java +++ /dev/null @@ -1,320 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.AlgorithmParametersSpi; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.IESParameterSpec; -// END android-removed - -public abstract class JDKAlgorithmParameters - extends AlgorithmParametersSpi -{ - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException; - - public static class PBKDF2 - extends JDKAlgorithmParameters - { - PBKDF2Params params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getSalt(), - params.getIterationCount().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PBKDF2Params(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PWRIKEK parameters object"); - } - - protected String engineToString() - { - return "PBKDF2 Parameters"; - } - } - - public static class PKCS12PBE - extends JDKAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } - - // BEGIN android-removed - // public static class IES - // extends JDKAlgorithmParameters - // { - // IESParameterSpec currentSpec; - // - // /** - // * in the absence of a standard way of doing it this will do for - // * now... - // */ - // protected byte[] engineGetEncoded() - // { - // try - // { - // ASN1EncodableVector v = new ASN1EncodableVector(); - // - // v.add(new DEROctetString(currentSpec.getDerivationV())); - // v.add(new DEROctetString(currentSpec.getEncodingV())); - // v.add(new DERInteger(currentSpec.getMacKeySize())); - // - // return new DERSequence(v).getEncoded(ASN1Encoding.DER); - // } - // catch (IOException e) - // { - // throw new RuntimeException("Error encoding IESParameters"); - // } - // } - // - // protected byte[] engineGetEncoded( - // String format) - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == IESParameterSpec.class) - // { - // return currentSpec; - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (!(paramSpec instanceof IESParameterSpec)) - // { - // throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); - // } - // - // this.currentSpec = (IESParameterSpec)paramSpec; - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // try - // { - // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); - // - // this.currentSpec = new IESParameterSpec( - // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - // ((DERInteger)s.getObjectAt(0)).getValue().intValue()); - // } - // catch (ClassCastException e) - // { - // throw new IOException("Not a valid IES Parameter encoding."); - // } - // catch (ArrayIndexOutOfBoundsException e) - // { - // throw new IOException("Not a valid IES Parameter encoding."); - // } - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // engineInit(params); - // } - // else - // { - // throw new IOException("Unknown parameter format " + format); - // } - // } - // - // protected String engineToString() - // { - // return "IES Parameters"; - // } - // } - // END android-removed -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java index 865481f..7e8340a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java @@ -5,6 +5,9 @@ import java.security.KeyStore; import java.security.KeyStore.LoadStoreParameter; import java.security.KeyStore.ProtectionParameter; +/** + * @deprecated use org.bouncycastle.jcajce.config.PKCS12StoreParameter + */ public class JDKPKCS12StoreParameter implements LoadStoreParameter { private OutputStream outputStream; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java index 415f840..769edb8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java @@ -375,35 +375,35 @@ public class RFC3280CertPathUtilities } - protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); + public static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); - protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); + public static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); - protected static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); + public static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); - protected static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); + public static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); - protected static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId(); + public static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId(); - protected static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); + public static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); - protected static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); + public static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); - protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); + public static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); - protected static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId(); + public static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId(); - protected static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); + public static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); - protected static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); + public static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); - protected static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); + public static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); - protected static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); + public static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); - protected static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); + public static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); - protected static final String ANY_POLICY = "2.5.29.32.0"; + public static final String ANY_POLICY = "2.5.29.32.0"; /* * key usage bits diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java index c984104..58281af 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java @@ -16,8 +16,6 @@ public abstract class ECCurve public abstract ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression); - public abstract ECPoint decodePoint(byte[] encoded); - public abstract ECPoint getInfinity(); public ECFieldElement getA() @@ -30,6 +28,74 @@ public abstract class ECCurve return b; } + protected abstract ECPoint decompressPoint(int yTilde, BigInteger X1); + + /** + * Decode a point on this curve from its ASN.1 encoding. The different + * encodings are taken account of, including point compression for + * <code>F<sub>p</sub></code> (X9.62 s 4.2.1 pg 17). + * @return The decoded point. + */ + public ECPoint decodePoint(byte[] encoded) + { + ECPoint p = null; + int expectedLength = (getFieldSize() + 7) / 8; + + switch (encoded[0]) + { + case 0x00: // infinity + { + if (encoded.length != 1) + { + throw new IllegalArgumentException("Incorrect length for infinity encoding"); + } + + p = getInfinity(); + break; + } + case 0x02: // compressed + case 0x03: // compressed + { + if (encoded.length != (expectedLength + 1)) + { + throw new IllegalArgumentException("Incorrect length for compressed encoding"); + } + + int yTilde = encoded[0] & 1; + BigInteger X1 = fromArray(encoded, 1, expectedLength); + + p = decompressPoint(yTilde, X1); + break; + } + case 0x04: // uncompressed + case 0x06: // hybrid + case 0x07: // hybrid + { + if (encoded.length != (2 * expectedLength + 1)) + { + throw new IllegalArgumentException("Incorrect length for uncompressed/hybrid encoding"); + } + + BigInteger X1 = fromArray(encoded, 1, expectedLength); + BigInteger Y1 = fromArray(encoded, 1 + expectedLength, expectedLength); + + p = createPoint(X1, Y1, false); + break; + } + default: + throw new IllegalArgumentException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); + } + + return p; + } + + private static BigInteger fromArray(byte[] buf, int off, int length) + { + byte[] mag = new byte[length]; + System.arraycopy(buf, off, mag, 0, length); + return new BigInteger(1, mag); + } + /** * Elliptic curve over Fp */ @@ -66,79 +132,31 @@ public abstract class ECCurve return new ECPoint.Fp(this, fromBigInteger(x), fromBigInteger(y), withCompression); } - /** - * Decode a point on this curve from its ASN.1 encoding. The different - * encodings are taken account of, including point compression for - * <code>F<sub>p</sub></code> (X9.62 s 4.2.1 pg 17). - * @return The decoded point. - */ - public ECPoint decodePoint(byte[] encoded) + protected ECPoint decompressPoint(int yTilde, BigInteger X1) { - ECPoint p = null; + ECFieldElement x = fromBigInteger(X1); + ECFieldElement alpha = x.multiply(x.square().add(a)).add(b); + ECFieldElement beta = alpha.sqrt(); - switch (encoded[0]) + // + // if we can't find a sqrt we haven't got a point on the + // curve - run! + // + if (beta == null) { - // infinity - case 0x00: - if (encoded.length > 1) - { - throw new RuntimeException("Invalid point encoding"); - } - p = getInfinity(); - break; - // compressed - case 0x02: - case 0x03: - int ytilde = encoded[0] & 1; - byte[] i = new byte[encoded.length - 1]; - - System.arraycopy(encoded, 1, i, 0, i.length); - - ECFieldElement x = new ECFieldElement.Fp(this.q, new BigInteger(1, i)); - ECFieldElement alpha = x.multiply(x.square().add(a)).add(b); - ECFieldElement beta = alpha.sqrt(); - - // - // if we can't find a sqrt we haven't got a point on the - // curve - run! - // - if (beta == null) - { - throw new RuntimeException("Invalid point compression"); - } + throw new RuntimeException("Invalid point compression"); + } - int bit0 = (beta.toBigInteger().testBit(0) ? 1 : 0); + BigInteger betaValue = beta.toBigInteger(); + int bit0 = betaValue.testBit(0) ? 1 : 0; - if (bit0 == ytilde) - { - p = new ECPoint.Fp(this, x, beta, true); - } - else - { - p = new ECPoint.Fp(this, x, - new ECFieldElement.Fp(this.q, q.subtract(beta.toBigInteger())), true); - } - break; - // uncompressed - case 0x04: - // hybrid - case 0x06: - case 0x07: - byte[] xEnc = new byte[(encoded.length - 1) / 2]; - byte[] yEnc = new byte[(encoded.length - 1) / 2]; - - System.arraycopy(encoded, 1, xEnc, 0, xEnc.length); - System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length); - - p = new ECPoint.Fp(this, - new ECFieldElement.Fp(this.q, new BigInteger(1, xEnc)), - new ECFieldElement.Fp(this.q, new BigInteger(1, yEnc))); - break; - default: - throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); + if (bit0 != yTilde) + { + // Use the other root + beta = fromBigInteger(q.subtract(betaValue)); } - return p; + return new ECPoint.Fp(this, x, beta, true); } public ECPoint getInfinity() @@ -403,62 +421,6 @@ public abstract class ECCurve return new ECPoint.F2m(this, fromBigInteger(x), fromBigInteger(y), withCompression); } - /* (non-Javadoc) - * @see org.bouncycastle.math.ec.ECCurve#decodePoint(byte[]) - */ - public ECPoint decodePoint(byte[] encoded) - { - ECPoint p = null; - - switch (encoded[0]) - { - // infinity - case 0x00: - if (encoded.length > 1) - { - throw new RuntimeException("Invalid point encoding"); - } - p = getInfinity(); - break; - // compressed - case 0x02: - case 0x03: - byte[] enc = new byte[encoded.length - 1]; - System.arraycopy(encoded, 1, enc, 0, enc.length); - if (encoded[0] == 0x02) - { - p = decompressPoint(enc, 0); - } - else - { - p = decompressPoint(enc, 1); - } - break; - // uncompressed - case 0x04: - // hybrid - case 0x06: - case 0x07: - byte[] xEnc = new byte[(encoded.length - 1) / 2]; - byte[] yEnc = new byte[(encoded.length - 1) / 2]; - - System.arraycopy(encoded, 1, xEnc, 0, xEnc.length); - System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length); - - p = new ECPoint.F2m(this, - new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, - new BigInteger(1, xEnc)), - new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, - new BigInteger(1, yEnc)), false); - break; - - default: - throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); - } - - return p; - } - public ECPoint getInfinity() { return infinity; @@ -508,18 +470,15 @@ public abstract class ECCurve /** * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2). * - * @param xEnc - * The encoding of field element xp. - * @param ypBit + * @param yTilde * ~yp, an indication bit for the decompression of yp. + * @param X1 + * The field element xp. * @return the decompressed point. */ - private ECPoint decompressPoint( - byte[] xEnc, - int ypBit) + protected ECPoint decompressPoint(int yTilde, BigInteger X1) { - ECFieldElement xp = new ECFieldElement.F2m( - this.m, this.k1, this.k2, this.k3, new BigInteger(1, xEnc)); + ECFieldElement xp = fromBigInteger(X1); ECFieldElement yp = null; if (xp.toBigInteger().equals(ECConstants.ZERO)) { @@ -531,27 +490,21 @@ public abstract class ECCurve } else { - ECFieldElement beta = xp.add(a).add( - b.multiply(xp.square().invert())); + ECFieldElement beta = xp.add(a).add(b.multiply(xp.square().invert())); ECFieldElement z = solveQuadradicEquation(beta); if (z == null) { - throw new RuntimeException("Invalid point compression"); + throw new IllegalArgumentException("Invalid point compression"); } - int zBit = 0; - if (z.toBigInteger().testBit(0)) + int zBit = z.toBigInteger().testBit(0) ? 1 : 0; + if (zBit != yTilde) { - zBit = 1; - } - if (zBit != ypBit) - { - z = z.add(new ECFieldElement.F2m(this.m, this.k1, this.k2, - this.k3, ECConstants.ONE)); + z = z.add(fromBigInteger(ECConstants.ONE)); } yp = xp.multiply(z); } - - return new ECPoint.F2m(this, xp, yp); + + return new ECPoint.F2m(this, xp, yp, true); } /** diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java index b14e4c1..cbc5aaf 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java @@ -108,7 +108,12 @@ public abstract class ECPoint this.preCompInfo = preCompInfo; } - public abstract byte[] getEncoded(); + public byte[] getEncoded() + { + return getEncoded(withCompression); + } + + public abstract byte[] getEncoded(boolean compressed); public abstract ECPoint add(ECPoint b); public abstract ECPoint subtract(ECPoint b); @@ -193,7 +198,7 @@ public abstract class ECPoint /** * return the field element encoded with point compression. (S 4.3.6) */ - public byte[] getEncoded() + public byte[] getEncoded(boolean compressed) { if (this.isInfinity()) { @@ -202,7 +207,7 @@ public abstract class ECPoint int qLength = converter.getByteLength(x); - if (withCompression) + if (compressed) { byte PC; @@ -268,7 +273,7 @@ public abstract class ECPoint ECFieldElement x3 = gamma.square().subtract(this.x).subtract(b.x); ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y); - return new ECPoint.Fp(curve, x3, y3); + return new ECPoint.Fp(curve, x3, y3, withCompression); } // B.3 pg 62 @@ -374,7 +379,7 @@ public abstract class ECPoint /* (non-Javadoc) * @see org.bouncycastle.math.ec.ECPoint#getEncoded() */ - public byte[] getEncoded() + public byte[] getEncoded(boolean compressed) { if (this.isInfinity()) { @@ -385,7 +390,7 @@ public abstract class ECPoint byte[] X = converter.integerToBytes(this.getX().toBigInteger(), byteCount); byte[] PO; - if (withCompression) + if (compressed) { // See X9.62 4.3.6 and 4.2.2 PO = new byte[byteCount + 1]; diff --git a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java index d1c3111..457320e 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java +++ b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java @@ -423,6 +423,40 @@ public final class Arrays return copy; } + public static byte[][] clone(byte[][] data) + { + if (data == null) + { + return null; + } + + byte[][] copy = new byte[data.length][]; + + for (int i = 0; i != copy.length; i++) + { + copy[i] = clone(data[i]); + } + + return copy; + } + + public static byte[][][] clone(byte[][][] data) + { + if (data == null) + { + return null; + } + + byte[][][] copy = new byte[data.length][][]; + + for (int i = 0; i != copy.length; i++) + { + copy[i] = clone(data[i]); + } + + return copy; + } + public static int[] clone(int[] data) { if (data == null) @@ -619,10 +653,84 @@ public final class Arrays int newLength = to - from; if (newLength < 0) { - StringBuffer sb = new StringBuffer(from); - sb.append(" > ").append(to); + StringBuffer sb = new StringBuffer(from); + sb.append(" > ").append(to); throw new IllegalArgumentException(sb.toString()); } return newLength; } + + public static byte[] concatenate(byte[] a, byte[] b) + { + if (a != null && b != null) + { + byte[] rv = new byte[a.length + b.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + + return rv; + } + else if (b != null) + { + return clone(b); + } + else + { + return clone(a); + } + } + + public static byte[] concatenate(byte[] a, byte[] b, byte[] c) + { + if (a != null && b != null && c != null) + { + byte[] rv = new byte[a.length + b.length + c.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + System.arraycopy(c, 0, rv, a.length + b.length, c.length); + + return rv; + } + else if (b == null) + { + return concatenate(a, c); + } + else + { + return concatenate(a, b); + } + } + + public static byte[] concatenate(byte[] a, byte[] b, byte[] c, byte[] d) + { + if (a != null && b != null && c != null && d != null) + { + byte[] rv = new byte[a.length + b.length + c.length + d.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + System.arraycopy(c, 0, rv, a.length + b.length, c.length); + System.arraycopy(d, 0, rv, a.length + b.length + c.length, d.length); + + return rv; + } + else if (d == null) + { + return concatenate(a, b, c); + } + else if (c == null) + { + return concatenate(a, b, d); + } + else if (b == null) + { + return concatenate(a, c, d); + } + else + { + return concatenate(b, c, d); + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/util/Memoable.java b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java new file mode 100644 index 0000000..0be9171 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java @@ -0,0 +1,23 @@ +package org.bouncycastle.util; + +public interface Memoable +{ + /** + * Produce a copy of this object with its configuration and in its current state. + * <p/> + * The returned object may be used simply to store the state, or may be used as a similar object + * starting from the copied state. + */ + public Memoable copy(); + + /** + * Restore a copied object state into this object. + * <p/> + * Implementations of this method <em>should</em> try to avoid or minimise memory allocation to perform the reset. + * + * @param other an object originally {@link #copy() copied} from an object of the same type as this instance. + * @throws ClassCastException if the provided object is not of the correct type. + * @throws MemoableResetException if the <b>other</b> parameter is in some other way invalid. + */ + public void reset(Memoable other); +} diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java index 742a961..8380629 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java +++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java @@ -4,10 +4,27 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; +import org.bouncycastle.util.Strings; + public class Base64 { private static final Encoder encoder = new Base64Encoder(); + public static String toBase64String( + byte[] data) + { + return toBase64String(data, 0, data.length); + } + + public static String toBase64String( + byte[] data, + int off, + int length) + { + byte[] encoded = encode(data, off, length); + return Strings.fromByteArray(encoded); + } + /** * encode the input data producing a base 64 encoded byte array. * @@ -16,12 +33,25 @@ public class Base64 public static byte[] encode( byte[] data) { - int len = (data.length + 2) / 3 * 4; + return encode(data, 0, data.length); + } + + /** + * encode the input data producing a base 64 encoded byte array. + * + * @return a byte array containing the base 64 encoded data. + */ + public static byte[] encode( + byte[] data, + int off, + int length) + { + int len = (length + 2) / 3 * 4; ByteArrayOutputStream bOut = new ByteArrayOutputStream(len); - + try { - encoder.encode(data, 0, data.length, bOut); + encoder.encode(data, off, length, bOut); } catch (Exception e) { diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java index 3d058aa..d49f1ef 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java +++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java @@ -4,10 +4,27 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; +import org.bouncycastle.util.Strings; + public class Hex { private static final Encoder encoder = new HexEncoder(); + public static String toHexString( + byte[] data) + { + return toHexString(data, 0, data.length); + } + + public static String toHexString( + byte[] data, + int off, + int length) + { + byte[] encoded = encode(data, off, length); + return Strings.fromByteArray(encoded); + } + /** * encode the input data producing a Hex encoded byte array. * |