From 33724b02cb3d7c8c398f1d42234bfb4d948f1666 Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Wed, 3 Apr 2013 10:08:43 -0700 Subject: Add bouncycastle-nojarjar for building okhttp-tests Change-Id: Id8cfb06440d6d39e7374aa73d8b5b8991d4d45d5 --- Android.mk | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Android.mk b/Android.mk index 1a8345c..c6814a7 100644 --- a/Android.mk +++ b/Android.mk @@ -34,6 +34,18 @@ LOCAL_JAVACFLAGS := -encoding UTF-8 LOCAL_JAVA_LIBRARIES := core LOCAL_NO_STANDARD_LIBRARIES := true LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt +LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk +include $(BUILD_JAVA_LIBRARY) + +# non-jarjar version to build okhttp-tests +include $(CLEAR_VARS) +LOCAL_MODULE := bouncycastle-nojarjar +LOCAL_MODULE_TAGS := optional +LOCAL_SRC_FILES := $(android_bcprov_src_files) +LOCAL_JAVACFLAGS := -encoding UTF-8 +LOCAL_JAVA_LIBRARIES := core +LOCAL_NO_STANDARD_LIBRARIES := true +LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_JAVA_LIBRARY) # This is used to generate a list of what is unused so it can be removed when bouncycastle is updated. @@ -85,6 +97,7 @@ ifeq ($(WITH_HOST_DALVIK),true) LOCAL_BUILD_HOST_DEX := true LOCAL_MODULE_TAGS := optional LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt + LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_HOST_JAVA_LIBRARY) endif @@ -94,6 +107,7 @@ LOCAL_MODULE_TAGS := optional LOCAL_SRC_FILES := $(ri_bcprov_src_files) LOCAL_JAVACFLAGS := -encoding UTF-8 LOCAL_MODULE_TAGS := optional +LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_HOST_JAVA_LIBRARY) include $(CLEAR_VARS) @@ -103,4 +117,5 @@ LOCAL_SRC_FILES := $(call all-java-files-under,bcpkix/src/main/java) LOCAL_JAVACFLAGS := -encoding UTF-8 LOCAL_MODULE_TAGS := optional LOCAL_JAVA_LIBRARIES := bouncycastle-host +LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_HOST_JAVA_LIBRARY) -- cgit v1.2.3 From 95e17863856b1fa40f0bc207a6ecd470ed1bd077 Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Wed, 3 Apr 2013 18:00:46 -0700 Subject: Make bouncycastle-nojarjar static to keep it off the device Change-Id: I02c3b467e16c10a2259ba75932291029a1804579 --- Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Android.mk b/Android.mk index c6814a7..dfc6e77 100644 --- a/Android.mk +++ b/Android.mk @@ -46,7 +46,7 @@ LOCAL_JAVACFLAGS := -encoding UTF-8 LOCAL_JAVA_LIBRARIES := core LOCAL_NO_STANDARD_LIBRARIES := true LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk -include $(BUILD_JAVA_LIBRARY) +include $(BUILD_STATIC_JAVA_LIBRARY) # This is used to generate a list of what is unused so it can be removed when bouncycastle is updated. # Based on "Finding dead code" example in ProGuard manual at http://proguard.sourceforge.net/ -- cgit v1.2.3 From a2ab0a62bc1ca3978e3ab3a3c1f8288f29a30e7e Mon Sep 17 00:00:00 2001 From: William Luh Date: Wed, 10 Apr 2013 15:02:36 -0700 Subject: Fix PBKDF2WithHmacSHA1 to use high bits Bug: 8312059 Bug: https://code.google.com/p/android/issues/detail?id=40578 Change-Id: I741f2d77604bfd3235e59a1bca65342f13d248d6 --- .../jcajce/provider/symmetric/util/BCPBEKey.java | 6 + .../jcajce/provider/symmetric/util/PBE.java | 21 ++- .../jce/provider/BouncyCastleProvider.java | 1 + .../jce/provider/JCESecretKeyFactory.java | 39 +++- patches/bcprov.patch | 198 +++++++++++++++------ 5 files changed, 198 insertions(+), 67 deletions(-) diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java index 9c4c831..e9ea6a6 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java @@ -78,6 +78,12 @@ public class BCPBEKey { return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBE.PBKDF2) + { + return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); + } + // END android-changed else { return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java index 1074e11..86af83f 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java @@ -48,6 +48,9 @@ public interface PBE static final int PKCS5S2 = 1; static final int PKCS12 = 2; static final int OPENSSL = 3; + // BEGIN android-added + static final int PBKDF2 = 4; + // END android-added /** * uses the appropriate mixer to generate the key and IV if necessary. @@ -83,7 +86,9 @@ public interface PBE throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); } } - else if (type == PKCS5S2) + // BEGIN android-changed + else if ((type == PKCS5S2) || (type == PBKDF2)) + // END android-changed { generator = new PKCS5S2ParametersGenerator(); } @@ -250,6 +255,12 @@ public interface PBE { key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBKDF2) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + // END android-changed else { key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); @@ -293,8 +304,14 @@ public interface PBE { key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBKDF2) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + // END android-changed else - { + { key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index cc6510a..9942975 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -476,6 +476,7 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); // BEGIN android-added + put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1"); put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); // END android-added diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java index faf0ead..ddb3ef1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java @@ -558,12 +558,17 @@ public class JCESecretKeyFactory } } // BEGIN android-added - static public class PBKDF2WithHmacSHA1 + static public class PBKDF2WithHmacSHA1Base extends JCESecretKeyFactory { - public PBKDF2WithHmacSHA1() + int mScheme; + + protected PBKDF2WithHmacSHA1Base( + String algName, + int scheme) { - super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); + super(algName, PKCSObjectIdentifiers.id_PBKDF2); + this.mScheme = scheme; } protected SecretKey engineGenerateSecret( @@ -596,17 +601,35 @@ public class JCESecretKeyFactory throw new IllegalArgumentException("password empty"); } - int scheme = PKCS5S2; int digest = SHA1; int keySize = pbeSpec.getKeyLength(); int ivSize = -1; - CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + + CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize); + + return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param); } - + throw new InvalidKeySpecException("Invalid KeySpec"); } } + + static public class PBKDF2WithHmacSHA1 + extends PBKDF2WithHmacSHA1Base + { + public PBKDF2WithHmacSHA1() + { + super("PBKDF2WithHmacSHA1", PBKDF2); + } + } + + static public class BrokenPBKDF2WithHmacSHA1 + extends PBKDF2WithHmacSHA1Base + { + public BrokenPBKDF2WithHmacSHA1() + { + super("BrokenPBKDF2WithHmacSHA1", PKCS5S2); + } + } // END android-added } diff --git a/patches/bcprov.patch b/patches/bcprov.patch index b0fbd97..7a90260 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -1,6 +1,6 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-148/org/bouncycastle/asn1/ASN1Null.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/ASN1Null.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/ASN1Null.java 2013-01-31 02:26:40.000000000 +0000 @@ -11,9 +11,11 @@ /** * @deprecated use DERNull.INSTANCE @@ -16,7 +16,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jd { diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERBoolean.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERBoolean.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERBoolean.java 2013-01-31 02:26:40.000000000 +0000 @@ -10,7 +10,9 @@ private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff }; private static final byte[] FALSE_VALUE = new byte[] { 0 }; @@ -71,7 +71,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java bcprov- } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERNull.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERNull.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERNull.java 2013-01-31 02:26:40.000000000 +0000 @@ -15,7 +15,9 @@ /** * @deprecated use DERNull.INSTANCE @@ -85,7 +85,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERObjectIdentifier.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-01-31 02:26:40.000000000 +0000 @@ -144,7 +144,13 @@ } } @@ -118,7 +118,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.jav public String getId() diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERPrintableString.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERPrintableString.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERPrintableString.java 2013-01-31 02:26:40.000000000 +0000 @@ -12,7 +12,9 @@ extends ASN1Primitive implements ASN1String @@ -146,7 +146,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java bc private ASN1Encodable content; diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-148/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-01-31 02:26:40.000000000 +0000 @@ -10,8 +10,10 @@ // static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1"); @@ -204,7 +204,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifi static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11"); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-01-31 02:26:40.000000000 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -240,7 +240,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdenti byte[] bytes = spki.getPublicKeyData().getBytes(); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-01-31 02:26:40.000000000 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEROctetString; @@ -265,7 +265,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifi byte[] bytes = spki.getPublicKeyData().getBytes(); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509Name.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509Name.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509Name.java 2013-01-31 02:26:40.000000000 +0000 @@ -255,8 +255,10 @@ */ public static final Hashtable SymbolLookUp = DefaultLookUp; @@ -292,7 +292,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcpr } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509NameTokenizer.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-01-31 02:26:40.000000000 +0000 @@ -96,6 +96,17 @@ } else @@ -698,7 +698,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncodin public OAEPEncoding( diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/PKCS1Encoding.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-01-31 02:26:40.000000000 +0000 @@ -216,6 +216,12 @@ throw new InvalidCipherTextException("unknown block type"); } @@ -714,7 +714,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encodi { diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/AESFastEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/AESFastEngine.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/AESFastEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/AESFastEngine.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/AESFastEngine.java 2013-01-31 02:26:40.000000000 +0000 @@ -3,6 +3,9 @@ import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; @@ -738,7 +738,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/AESFastEngine if (forEncryption) diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeEngine.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeEngine.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeEngine.java 2013-01-31 02:26:40.000000000 +0000 @@ -2,6 +2,9 @@ import org.bouncycastle.crypto.CipherParameters; @@ -927,7 +927,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/PKCS5S2Par public PKCS5S2ParametersGenerator(Digest digest) diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-148/org/bouncycastle/crypto/macs/HMac.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/macs/HMac.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/macs/HMac.java 2013-01-31 02:26:40.000000000 +0000 @@ -33,23 +33,31 @@ { blockLengths = new Hashtable(); @@ -1005,7 +1005,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/signers/RSADigestSign diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/util/PrivateKeyFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 @@ -11,7 +11,9 @@ import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; @@ -1085,7 +1085,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactor } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/util/PublicKeyFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 @@ -13,13 +13,17 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; @@ -1163,7 +1163,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DH.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-01-31 02:26:40.000000000 +0000 @@ -32,11 +32,13 @@ provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi"); @@ -1185,7 +1185,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/D } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DSA.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-01-31 02:26:40.000000000 +0000 @@ -27,33 +27,43 @@ provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); @@ -1249,7 +1249,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/D registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA"); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/EC.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-01-31 02:26:40.000000000 +0000 @@ -1,7 +1,9 @@ package org.bouncycastle.jcajce.provider.asymmetric; @@ -1383,7 +1383,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/E } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/RSA.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2012-11-01 05:41:05.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-01-31 02:26:40.000000000 +0000 @@ -3,7 +3,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; @@ -1794,7 +1794,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/d extends DSASigner diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-01-31 02:26:40.000000000 +0000 @@ -19,8 +19,10 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; @@ -1868,7 +1868,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2012-10-12 07:52:09.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2013-01-31 02:26:40.000000000 +0000 @@ -5,11 +5,15 @@ import java.security.PublicKey; @@ -2310,7 +2310,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e extends KeyFactorySpi diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-01-31 02:26:40.000000000 +0000 @@ -12,7 +12,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; @@ -2384,7 +2384,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2012-10-12 07:52:09.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-01-31 02:26:40.000000000 +0000 @@ -16,15 +16,22 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; @@ -2660,7 +2660,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e +} diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-01-31 02:26:40.000000000 +0000 @@ -26,7 +26,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -4164,6 +4164,22 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE } } } +diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +--- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java 2013-02-10 00:37:58.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java 2013-04-10 22:02:36.000000000 +0000 +@@ -78,6 +78,12 @@ + { + return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); + } ++ // BEGIN android-changed ++ else if (type == PBE.PBKDF2) ++ { ++ return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); ++ } ++ // END android-changed + else + { + return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2013-02-10 00:37:58.000000000 +0000 +++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2012-09-17 23:04:47.000000000 +0000 @@ -4540,7 +4556,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut extends BaseAlgorithmParameters diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-01-31 02:26:40.000000000 +0000 @@ -17,8 +17,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -5346,7 +5362,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut }; diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-01-31 02:26:40.000000000 +0000 @@ -22,8 +22,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -5392,7 +5408,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut Key key) diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-04-10 22:02:36.000000000 +0000 @@ -7,13 +7,18 @@ import org.bouncycastle.crypto.CipherParameters; @@ -5419,7 +5435,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -@@ -29,11 +34,15 @@ +@@ -29,16 +34,23 @@ // static final int MD5 = 0; static final int SHA1 = 1; @@ -5439,7 +5455,15 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut static final int PKCS5S1 = 0; static final int PKCS5S2 = 1; -@@ -55,14 +64,20 @@ + static final int PKCS12 = 2; + static final int OPENSSL = 3; ++ // BEGIN android-added ++ static final int PBKDF2 = 4; ++ // END android-added + + /** + * uses the appropriate mixer to generate the key and IV if necessary. +@@ -55,20 +67,28 @@ { switch (hash) { @@ -5465,7 +5489,16 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut break; default: throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); -@@ -76,27 +91,39 @@ + } + } +- else if (type == PKCS5S2) ++ // BEGIN android-changed ++ else if ((type == PKCS5S2) || (type == PBKDF2)) ++ // END android-changed + { + generator = new PKCS5S2ParametersGenerator(); + } +@@ -76,27 +96,39 @@ { switch (hash) { @@ -5491,11 +5524,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - break; - case TIGER: - generator = new PKCS12ParametersGenerator(new TigerDigest()); -- break; + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); + // END android-changed -+ break; + break; + // BEGIN android-removed + // case RIPEMD160: + // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); @@ -5509,11 +5541,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - break; - case GOST3411: - generator = new PKCS12ParametersGenerator(new GOST3411Digest()); -- break; + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256()); + // END android-changed -+ break; + break; + // BEGIN android-removed + // case GOST3411: + // generator = new PKCS12ParametersGenerator(new GOST3411Digest()); @@ -5522,6 +5553,35 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut default: throw new IllegalStateException("unknown digest scheme for PBE encryption."); } +@@ -223,6 +255,12 @@ + { + key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); + } ++ // BEGIN android-changed ++ else if (type == PBKDF2) ++ { ++ key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); ++ } ++ // END android-changed + else + { + key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); +@@ -266,8 +304,14 @@ + { + key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); + } ++ // BEGIN android-changed ++ else if (type == PBKDF2) ++ { ++ key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); ++ } ++ // END android-changed + else +- { ++ { + key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); + } + diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-02-10 00:37:58.000000000 +0000 +++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-09-17 23:04:47.000000000 +0000 @@ -5716,7 +5776,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/ECNamedCurveTable.java b } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-148/org/bouncycastle/jce/PKCS10CertificationRequest.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-01-31 02:26:40.000000000 +0000 @@ -30,14 +30,18 @@ import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; @@ -5964,7 +6024,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationReque return digestAlgOID.getId(); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-04-10 22:02:36.000000000 +0000 @@ -11,7 +11,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; @@ -6314,12 +6374,13 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -408,20 +474,31 @@ +@@ -408,20 +474,32 @@ put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + // BEGIN android-added + ++ put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1"); + put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); + // END android-added @@ -6353,7 +6414,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro } private void loadAlgorithms(String packageName, String[] names) -@@ -468,21 +545,25 @@ +@@ -468,21 +546,25 @@ private void addMacAlgorithms() { @@ -6621,7 +6682,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertBlacklist.j +} diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-01-31 02:26:40.000000000 +0000 @@ -61,14 +61,18 @@ import org.bouncycastle.asn1.x509.PolicyInformation; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -6781,7 +6842,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidat CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEBlockCipher.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-01-29 02:13:59.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-01-31 02:26:40.000000000 +0000 @@ -24,8 +24,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -7083,7 +7144,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher. throw new InvalidAlgorithmParameterException("unknown parameter type."); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPrivateKey.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-01-31 02:26:40.000000000 +0000 @@ -20,8 +20,10 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; @@ -7157,7 +7218,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPublicKey.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-01-31 02:26:40.000000000 +0000 @@ -18,9 +18,11 @@ import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; @@ -7960,7 +8021,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEMac.java bcp } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-04-10 22:02:36.000000000 +0000 @@ -252,29 +252,31 @@ } } @@ -8078,17 +8139,22 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFac /** * PBEWithSHA1And128BitAES-BC -@@ -551,4 +557,56 @@ +@@ -551,4 +557,79 @@ super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); } } + // BEGIN android-added -+ static public class PBKDF2WithHmacSHA1 ++ static public class PBKDF2WithHmacSHA1Base + extends JCESecretKeyFactory + { -+ public PBKDF2WithHmacSHA1() ++ int mScheme; ++ ++ protected PBKDF2WithHmacSHA1Base( ++ String algName, ++ int scheme) + { -+ super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); ++ super(algName, PKCSObjectIdentifiers.id_PBKDF2); ++ this.mScheme = scheme; + } + + protected SecretKey engineGenerateSecret( @@ -8121,18 +8187,36 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFac + throw new IllegalArgumentException("password empty"); + } + -+ int scheme = PKCS5S2; + int digest = SHA1; + int keySize = pbeSpec.getKeyLength(); + int ivSize = -1; -+ CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); -+ -+ return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); ++ ++ CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize); ++ ++ return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param); + } -+ ++ + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } ++ ++ static public class PBKDF2WithHmacSHA1 ++ extends PBKDF2WithHmacSHA1Base ++ { ++ public PBKDF2WithHmacSHA1() ++ { ++ super("PBKDF2WithHmacSHA1", PBKDF2); ++ } ++ } ++ ++ static public class BrokenPBKDF2WithHmacSHA1 ++ extends PBKDF2WithHmacSHA1Base ++ { ++ public BrokenPBKDF2WithHmacSHA1() ++ { ++ super("BrokenPBKDF2WithHmacSHA1", PKCS5S2); ++ } ++ } + // END android-added } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEStreamCipher.java @@ -8753,7 +8837,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKKeyStore.jav diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2013-01-31 02:26:40.000000000 +0000 @@ -1557,32 +1557,34 @@ } } @@ -8878,7 +8962,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/PKIXCertPathVal // diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509CertificateObject.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-16 18:17:43.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-31 02:26:40.000000000 +0000 @@ -57,6 +57,9 @@ import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.x509.GeneralName; @@ -8924,7 +9008,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509Certificate case GeneralName.rfc822Name: diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509SignatureUtil.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-01-31 02:26:40.000000000 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERNull; @@ -9017,7 +9101,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUt return digestAlgOID.getId(); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-148/org/bouncycastle/x509/X509Util.java --- bcprov-jdk15on-148.orig/org/bouncycastle/x509/X509Util.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/x509/X509Util.java 2012-09-17 23:04:47.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/x509/X509Util.java 2013-01-31 02:26:40.000000000 +0000 @@ -25,12 +25,16 @@ import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERNull; -- cgit v1.2.3 From 9de1ab87afa71c0d39d17fdf260028552202bd3b Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Mon, 22 Apr 2013 19:00:24 -0700 Subject: Revert of DERT61String change from 44021512997b337e6079e46fd4230ce979c20b6f Bug: 8685209 Change-Id: I72865d6db1ff567da4b24566fa3878053819f826 --- .../java/org/bouncycastle/asn1/DERT61String.java | 8 ++++++-- import_bouncycastle.sh | 5 +++++ patches/bcprov.patch | 22 ++++++++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java index bb4e9a8..956b9c7 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java @@ -82,12 +82,16 @@ public class DERT61String public DERT61String( String string) { - this.string = Strings.toUTF8ByteArray(string); + // BEGIN android-changed + this.string = Strings.toByteArray(string); + // END android-changed } public String getString() { - return Strings.fromUTF8ByteArray(string); + // BEGIN android-changed + return Strings.fromByteArray(string); + // END android-changed } public String toString() diff --git a/import_bouncycastle.sh b/import_bouncycastle.sh index 52f65f3..ed278d8 100755 --- a/import_bouncycastle.sh +++ b/import_bouncycastle.sh @@ -163,6 +163,11 @@ function update_timestamps() { find "$git_dir" -type f -print0 | while IFS= read -r -d $'\0' file; do file_rev="$(git rev-list -n 1 HEAD "$file")" + if [ "$file_rev" == "" ]; then + echo + echo -n "WARNING: No file revision for file $file..." + continue + fi file_time="$(git show --pretty=format:%ai --abbrev-commit "$file_rev" | head -n 1)" touch -d "$file_time" "${target_dir}${file#$git_dir}" done diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 695215b..c72b40f 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -130,6 +130,28 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java /** * return a printable string from the passed in object. +diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERT61String.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERT61String.java +--- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERT61String.java 2013-02-10 00:37:58.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERT61String.java 2013-01-31 02:26:40.000000000 +0000 +@@ -82,12 +82,16 @@ + public DERT61String( + String string) + { +- this.string = Strings.toUTF8ByteArray(string); ++ // BEGIN android-changed ++ this.string = Strings.toByteArray(string); ++ // END android-changed + } + + public String getString() + { +- return Strings.fromUTF8ByteArray(string); ++ // BEGIN android-changed ++ return Strings.fromByteArray(string); ++ // END android-changed + } + + public String toString() diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-148/org/bouncycastle/asn1/cms/ContentInfo.java --- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2013-02-10 00:37:58.000000000 +0000 +++ bcprov-jdk15on-148/org/bouncycastle/asn1/cms/ContentInfo.java 2012-09-17 23:04:47.000000000 +0000 -- cgit v1.2.3 From 142ad143c914fba3342822034f18db341647b58f Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 23 Apr 2013 22:37:59 -0700 Subject: Track change to JSSE provider Change-Id: Iaef3e3f325e43736fa19c701f6609e5ffd1535fa --- Android.mk | 5 +++-- .../src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java | 2 +- patches/bcprov.patch | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Android.mk b/Android.mk index dfc6e77..e01982d 100644 --- a/Android.mk +++ b/Android.mk @@ -31,7 +31,7 @@ LOCAL_MODULE := bouncycastle LOCAL_MODULE_TAGS := optional LOCAL_SRC_FILES := $(android_bcprov_src_files) LOCAL_JAVACFLAGS := -encoding UTF-8 -LOCAL_JAVA_LIBRARIES := core +LOCAL_JAVA_LIBRARIES := conscrypt core LOCAL_NO_STANDARD_LIBRARIES := true LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk @@ -43,7 +43,7 @@ LOCAL_MODULE := bouncycastle-nojarjar LOCAL_MODULE_TAGS := optional LOCAL_SRC_FILES := $(android_bcprov_src_files) LOCAL_JAVACFLAGS := -encoding UTF-8 -LOCAL_JAVA_LIBRARIES := core +LOCAL_JAVA_LIBRARIES := conscrypt core LOCAL_NO_STANDARD_LIBRARIES := true LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_STATIC_JAVA_LIBRARY) @@ -96,6 +96,7 @@ ifeq ($(WITH_HOST_DALVIK),true) LOCAL_JAVACFLAGS := -encoding UTF-8 LOCAL_BUILD_HOST_DEX := true LOCAL_MODULE_TAGS := optional + LOCAL_JAVA_LIBRARIES := conscrypt-hostdex LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk include $(BUILD_HOST_JAVA_LIBRARY) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java index 3e7c0e7..07b4e50 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java @@ -16,7 +16,7 @@ package org.bouncycastle.crypto.digests; -import org.apache.harmony.xnet.provider.jsse.NativeCrypto; +import com.android.org.conscrypt.NativeCrypto; import org.bouncycastle.crypto.ExtendedDigest; /** diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 695215b..4e0285e 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -508,7 +508,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest +} diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/OpenSSLDigest.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2013-02-28 01:42:11.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2013-04-24 05:37:59.000000000 +0000 @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2008 The Android Open Source Project @@ -528,7 +528,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest + +package org.bouncycastle.crypto.digests; + -+import org.apache.harmony.xnet.provider.jsse.NativeCrypto; ++import com.android.org.conscrypt.NativeCrypto; +import org.bouncycastle.crypto.ExtendedDigest; + +/** -- cgit v1.2.3 From b90d9ebc1004df6c0faeba68d917f0ded2e594d0 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 30 Apr 2013 18:30:19 -0700 Subject: Track change to JSSE Change-Id: If07ed8c6af6b55738f7df39e7d5f22292500e07f --- Android.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Android.mk b/Android.mk index e01982d..de82f05 100644 --- a/Android.mk +++ b/Android.mk @@ -54,7 +54,7 @@ include $(BUILD_STATIC_JAVA_LIBRARY) bouncycastle-proguard-deadcode: $(full_classes_compiled_jar) $(full_java_libs) $(PROGUARD) \ -injars $(full_classes_compiled_jar) \ - -libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigest.class),$(full_java_libs)))" \ + -libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!com/android/org/conscrypt/OpenSSLMessageDigest.class),$(full_java_libs)))" \ -dontoptimize \ -dontobfuscate \ -dontpreverify \ -- cgit v1.2.3 From 0f9937b494fc6dd31fd04956963a3e258aece11b Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 30 Apr 2013 18:48:41 -0700 Subject: Track changes to JSSE Bug: 8769295 Change-Id: Ib1e8bab3e5fa4f390a2d1e58eca8707b569a79c7 --- .../org/bouncycastle/crypto/digests/AndroidDigestFactory.java | 7 +++++-- patches/bcprov.patch | 11 +++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java index 3dc7059..b7bac28 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java @@ -34,15 +34,18 @@ public final class AndroidDigestFactory { try { factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); // Double check for NativeCrypto in case we are running on RI for testing - Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); + Class.forName("com.android.org.conscrypt.NativeCrypto"); } catch (ClassNotFoundException e1) { try { factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); } catch (ClassNotFoundException e2) { - throw new AssertionError("Failed to load AndroidDigestFactoryInterface " + AssertionError e = new AssertionError("Failed to load " + + "AndroidDigestFactoryInterface " + "implementation. Looked for " + OpenSSLFactoryClassName + " and " + BouncyCastleFactoryClassName); + e.initCause(e1); + throw e; } } if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 38346e1..da631ed 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -335,8 +335,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer. } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2012-09-28 17:07:22.000000000 +0000 -@@ -0,0 +1,80 @@ ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2013-05-01 01:48:41.000000000 +0000 +@@ -0,0 +1,83 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * @@ -373,15 +373,18 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + try { + factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); + // Double check for NativeCrypto in case we are running on RI for testing -+ Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); ++ Class.forName("com.android.org.conscrypt.NativeCrypto"); + } catch (ClassNotFoundException e1) { + try { + factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); + } catch (ClassNotFoundException e2) { -+ throw new AssertionError("Failed to load AndroidDigestFactoryInterface " ++ AssertionError e = new AssertionError("Failed to load " ++ + "AndroidDigestFactoryInterface " + + "implementation. Looked for " + + OpenSSLFactoryClassName + " and " + + BouncyCastleFactoryClassName); ++ e.initCause(e1); ++ throw e; + } + } + if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { -- cgit v1.2.3 From 75c3c026ef41e02402ae1bdaaac0284465e7b89f Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 30 Apr 2013 18:48:41 -0700 Subject: Track changes to JSSE (cherry picked from commit 0f9937b494fc6dd31fd04956963a3e258aece11b) Bug: 8769295 Change-Id: Ib1e8bab3e5fa4f390a2d1e58eca8707b569a79c7 --- .../org/bouncycastle/crypto/digests/AndroidDigestFactory.java | 7 +++++-- patches/bcprov.patch | 11 +++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java index 3dc7059..b7bac28 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java @@ -34,15 +34,18 @@ public final class AndroidDigestFactory { try { factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); // Double check for NativeCrypto in case we are running on RI for testing - Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); + Class.forName("com.android.org.conscrypt.NativeCrypto"); } catch (ClassNotFoundException e1) { try { factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); } catch (ClassNotFoundException e2) { - throw new AssertionError("Failed to load AndroidDigestFactoryInterface " + AssertionError e = new AssertionError("Failed to load " + + "AndroidDigestFactoryInterface " + "implementation. Looked for " + OpenSSLFactoryClassName + " and " + BouncyCastleFactoryClassName); + e.initCause(e1); + throw e; } } if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { diff --git a/patches/bcprov.patch b/patches/bcprov.patch index a4f25d9..90a8723 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -335,8 +335,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer. } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2012-09-28 17:07:22.000000000 +0000 -@@ -0,0 +1,80 @@ ++++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2013-05-01 01:48:41.000000000 +0000 +@@ -0,0 +1,83 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * @@ -373,15 +373,18 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + try { + factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); + // Double check for NativeCrypto in case we are running on RI for testing -+ Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); ++ Class.forName("com.android.org.conscrypt.NativeCrypto"); + } catch (ClassNotFoundException e1) { + try { + factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); + } catch (ClassNotFoundException e2) { -+ throw new AssertionError("Failed to load AndroidDigestFactoryInterface " ++ AssertionError e = new AssertionError("Failed to load " ++ + "AndroidDigestFactoryInterface " + + "implementation. Looked for " + + OpenSSLFactoryClassName + " and " + + BouncyCastleFactoryClassName); ++ e.initCause(e1); ++ throw e; + } + } + if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { -- cgit v1.2.3 From 2768c2948c0b1931bff087e43a8db8059c183b56 Mon Sep 17 00:00:00 2001 From: William Luh Date: Wed, 10 Apr 2013 15:02:36 -0700 Subject: Fix PBKDF2WithHmacSHA1 to use high bits Bug: 8312059 Bug: https://code.google.com/p/android/issues/detail?id=40578 Cherry picked from commit a2ab0a62bc1ca3978e3ab3a3c1f8288f29a30e7e Change-Id: I749380979671709d63cc87f798b77ed5d8eaef6e --- .../jcajce/provider/symmetric/util/BCPBEKey.java | 6 + .../jcajce/provider/symmetric/util/PBE.java | 21 +++- .../jce/provider/BouncyCastleProvider.java | 1 + .../jce/provider/JCESecretKeyFactory.java | 39 +++++-- patches/bcprov.patch | 126 +++++++++++++++++---- 5 files changed, 162 insertions(+), 31 deletions(-) diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java index 9c4c831..e9ea6a6 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java @@ -78,6 +78,12 @@ public class BCPBEKey { return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBE.PBKDF2) + { + return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); + } + // END android-changed else { return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java index 1074e11..86af83f 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java @@ -48,6 +48,9 @@ public interface PBE static final int PKCS5S2 = 1; static final int PKCS12 = 2; static final int OPENSSL = 3; + // BEGIN android-added + static final int PBKDF2 = 4; + // END android-added /** * uses the appropriate mixer to generate the key and IV if necessary. @@ -83,7 +86,9 @@ public interface PBE throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); } } - else if (type == PKCS5S2) + // BEGIN android-changed + else if ((type == PKCS5S2) || (type == PBKDF2)) + // END android-changed { generator = new PKCS5S2ParametersGenerator(); } @@ -250,6 +255,12 @@ public interface PBE { key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBKDF2) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + // END android-changed else { key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); @@ -293,8 +304,14 @@ public interface PBE { key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBKDF2) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + // END android-changed else - { + { key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index cc6510a..9942975 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -476,6 +476,7 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); // BEGIN android-added + put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1"); put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); // END android-added diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java index faf0ead..ddb3ef1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java @@ -558,12 +558,17 @@ public class JCESecretKeyFactory } } // BEGIN android-added - static public class PBKDF2WithHmacSHA1 + static public class PBKDF2WithHmacSHA1Base extends JCESecretKeyFactory { - public PBKDF2WithHmacSHA1() + int mScheme; + + protected PBKDF2WithHmacSHA1Base( + String algName, + int scheme) { - super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); + super(algName, PKCSObjectIdentifiers.id_PBKDF2); + this.mScheme = scheme; } protected SecretKey engineGenerateSecret( @@ -596,17 +601,35 @@ public class JCESecretKeyFactory throw new IllegalArgumentException("password empty"); } - int scheme = PKCS5S2; int digest = SHA1; int keySize = pbeSpec.getKeyLength(); int ivSize = -1; - CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + + CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize); + + return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param); } - + throw new InvalidKeySpecException("Invalid KeySpec"); } } + + static public class PBKDF2WithHmacSHA1 + extends PBKDF2WithHmacSHA1Base + { + public PBKDF2WithHmacSHA1() + { + super("PBKDF2WithHmacSHA1", PBKDF2); + } + } + + static public class BrokenPBKDF2WithHmacSHA1 + extends PBKDF2WithHmacSHA1Base + { + public BrokenPBKDF2WithHmacSHA1() + { + super("BrokenPBKDF2WithHmacSHA1", PKCS5S2); + } + } // END android-added } diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 803992c..348f17b 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -4184,6 +4184,22 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE } } } +diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +--- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java 2013-02-10 00:37:58.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java 2013-04-10 22:02:36.000000000 +0000 +@@ -78,6 +78,12 @@ + { + return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); + } ++ // BEGIN android-changed ++ else if (type == PBE.PBKDF2) ++ { ++ return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); ++ } ++ // END android-changed + else + { + return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2013-02-10 00:37:58.000000000 +0000 +++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2012-09-17 23:04:47.000000000 +0000 @@ -5412,7 +5428,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut Key key) diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-01-31 02:26:40.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-04-10 22:02:36.000000000 +0000 @@ -7,13 +7,18 @@ import org.bouncycastle.crypto.CipherParameters; @@ -5439,7 +5455,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -@@ -29,11 +34,15 @@ +@@ -29,16 +34,23 @@ // static final int MD5 = 0; static final int SHA1 = 1; @@ -5459,7 +5475,15 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut static final int PKCS5S1 = 0; static final int PKCS5S2 = 1; -@@ -55,14 +64,20 @@ + static final int PKCS12 = 2; + static final int OPENSSL = 3; ++ // BEGIN android-added ++ static final int PBKDF2 = 4; ++ // END android-added + + /** + * uses the appropriate mixer to generate the key and IV if necessary. +@@ -55,20 +67,28 @@ { switch (hash) { @@ -5485,7 +5509,16 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut break; default: throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); -@@ -76,27 +91,39 @@ + } + } +- else if (type == PKCS5S2) ++ // BEGIN android-changed ++ else if ((type == PKCS5S2) || (type == PBKDF2)) ++ // END android-changed + { + generator = new PKCS5S2ParametersGenerator(); + } +@@ -76,27 +96,39 @@ { switch (hash) { @@ -5511,11 +5544,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - break; - case TIGER: - generator = new PKCS12ParametersGenerator(new TigerDigest()); -- break; + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); + // END android-changed -+ break; + break; + // BEGIN android-removed + // case RIPEMD160: + // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); @@ -5529,11 +5561,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut - break; - case GOST3411: - generator = new PKCS12ParametersGenerator(new GOST3411Digest()); -- break; + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256()); + // END android-changed -+ break; + break; + // BEGIN android-removed + // case GOST3411: + // generator = new PKCS12ParametersGenerator(new GOST3411Digest()); @@ -5542,6 +5573,35 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ut default: throw new IllegalStateException("unknown digest scheme for PBE encryption."); } +@@ -223,6 +255,12 @@ + { + key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); + } ++ // BEGIN android-changed ++ else if (type == PBKDF2) ++ { ++ key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); ++ } ++ // END android-changed + else + { + key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); +@@ -266,8 +304,14 @@ + { + key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); + } ++ // BEGIN android-changed ++ else if (type == PBKDF2) ++ { ++ key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); ++ } ++ // END android-changed + else +- { ++ { + key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); + } + diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-02-10 00:37:58.000000000 +0000 +++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-09-17 23:04:47.000000000 +0000 @@ -5984,7 +6044,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationReque return digestAlgOID.getId(); diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-01-31 02:26:40.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-04-10 22:02:36.000000000 +0000 @@ -11,7 +11,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; @@ -6334,12 +6394,13 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -408,20 +474,31 @@ +@@ -408,20 +474,32 @@ put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + // BEGIN android-added + ++ put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1"); + put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); + // END android-added @@ -6373,7 +6434,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastlePro } private void loadAlgorithms(String packageName, String[] names) -@@ -468,21 +545,25 @@ +@@ -468,21 +546,25 @@ private void addMacAlgorithms() { @@ -7980,7 +8041,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEMac.java bcp } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java --- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 ++++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-04-10 22:02:36.000000000 +0000 @@ -252,29 +252,31 @@ } } @@ -8098,17 +8159,22 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFac /** * PBEWithSHA1And128BitAES-BC -@@ -551,4 +557,56 @@ +@@ -551,4 +557,79 @@ super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); } } + // BEGIN android-added -+ static public class PBKDF2WithHmacSHA1 ++ static public class PBKDF2WithHmacSHA1Base + extends JCESecretKeyFactory + { -+ public PBKDF2WithHmacSHA1() ++ int mScheme; ++ ++ protected PBKDF2WithHmacSHA1Base( ++ String algName, ++ int scheme) + { -+ super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); ++ super(algName, PKCSObjectIdentifiers.id_PBKDF2); ++ this.mScheme = scheme; + } + + protected SecretKey engineGenerateSecret( @@ -8141,18 +8207,36 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFac + throw new IllegalArgumentException("password empty"); + } + -+ int scheme = PKCS5S2; + int digest = SHA1; + int keySize = pbeSpec.getKeyLength(); + int ivSize = -1; -+ CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); -+ -+ return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); ++ ++ CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize); ++ ++ return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param); + } -+ ++ + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } ++ ++ static public class PBKDF2WithHmacSHA1 ++ extends PBKDF2WithHmacSHA1Base ++ { ++ public PBKDF2WithHmacSHA1() ++ { ++ super("PBKDF2WithHmacSHA1", PBKDF2); ++ } ++ } ++ ++ static public class BrokenPBKDF2WithHmacSHA1 ++ extends PBKDF2WithHmacSHA1Base ++ { ++ public BrokenPBKDF2WithHmacSHA1() ++ { ++ super("BrokenPBKDF2WithHmacSHA1", PKCS5S2); ++ } ++ } + // END android-added } diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEStreamCipher.java -- cgit v1.2.3 From a198e1ecc615e26a167d0f2dca9fa7e5fc62de10 Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Fri, 24 May 2013 19:14:15 -0700 Subject: bouncycastle 1.49 upgrade Change-Id: Icbf5a147409c810060a5acc884834fb2a778e860 --- NOTICE | 2 +- README.android | 4 +- .../java/org/bouncycastle/cms/CMSSignedData.java | 435 +- .../bouncycastle/cms/CMSSignedDataGenerator.java | 2 + .../org/bouncycastle/cms/CMSSignedGenerator.java | 90 +- .../java/org/bouncycastle/cms/CMSSignedHelper.java | 351 +- .../main/java/org/bouncycastle/cms/CMSUtils.java | 33 + .../org/bouncycastle/cms/SignerInfoGenerator.java | 4 +- .../bouncycastle/cms/SignerInformationStore.java | 2 +- .../operator/bc/BcDefaultDigestProvider.java | 156 + .../operator/bc/BcDigestCalculatorProvider.java | 6 +- .../bouncycastle/operator/bc/BcDigestProvider.java | 11 + .../java/org/bouncycastle/operator/bc/BcUtil.java | 98 - .../org/bouncycastle/asn1/ASN1EncodableVector.java | 2 +- .../bouncycastle/asn1/ASN1ObjectIdentifier.java | 7 +- .../java/org/bouncycastle/asn1/DERBoolean.java | 2 +- .../org/bouncycastle/asn1/DERObjectIdentifier.java | 155 +- .../java/org/bouncycastle/asn1/DERT61String.java | 25 +- .../java/org/bouncycastle/asn1/StreamUtil.java | 4 +- .../java/org/bouncycastle/asn1/cms/Attributes.java | 16 +- .../asn1/cms/CMSObjectIdentifiers.java | 10 + .../org/bouncycastle/asn1/cms/ContentInfo.java | 10 + .../asn1/cms/IssuerAndSerialNumber.java | 4 + .../java/org/bouncycastle/asn1/cms/SignedData.java | 17 +- .../java/org/bouncycastle/asn1/cms/SignerInfo.java | 28 + .../bouncycastle/asn1/nist/NISTNamedCurves.java | 9 +- .../asn1/nist/NISTObjectIdentifiers.java | 16 +- .../asn1/pkcs/CertificationRequestInfo.java | 16 + .../bouncycastle/asn1/pkcs/EncryptionScheme.java | 37 +- .../bouncycastle/asn1/pkcs/KeyDerivationFunc.java | 51 +- .../bouncycastle/asn1/pkcs/PBES2Algorithms.java | 6 +- .../bouncycastle/asn1/pkcs/PBES2Parameters.java | 25 +- .../org/bouncycastle/asn1/pkcs/PBKDF2Params.java | 2 +- .../org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java | 4 + .../java/org/bouncycastle/asn1/util/ASN1Dump.java | 6 +- .../org/bouncycastle/asn1/x500/X500NameStyle.java | 51 +- .../org/bouncycastle/asn1/x500/style/BCStyle.java | 10 + .../bouncycastle/asn1/x500/style/IETFUtils.java | 249 +- .../bouncycastle/asn1/x500/style/RFC4519Style.java | 10 + .../asn1/x500/style/X500NameTokenizer.java | 25 +- .../asn1/x509/AlgorithmIdentifier.java | 16 +- .../asn1/x509/AuthorityKeyIdentifier.java | 4 +- .../java/org/bouncycastle/asn1/x509/Extension.java | 67 +- .../org/bouncycastle/asn1/x509/Extensions.java | 56 +- .../org/bouncycastle/asn1/x509/KeyPurposeId.java | 6 + .../java/org/bouncycastle/asn1/x509/V2Form.java | 37 +- .../java/org/bouncycastle/asn1/x509/X509Name.java | 159 +- .../bouncycastle/asn1/x509/X509NameTokenizer.java | 25 +- .../java/org/bouncycastle/asn1/x9/X9Curve.java | 72 +- .../bouncycastle/asn1/x9/X9ObjectIdentifiers.java | 6 +- .../crypto/PBEParametersGenerator.java | 9 +- .../bouncycastle/crypto/digests/GeneralDigest.java | 9 +- .../bouncycastle/crypto/digests/LongDigest.java | 9 +- .../org/bouncycastle/crypto/digests/MD5Digest.java | 21 + .../bouncycastle/crypto/digests/SHA1Digest.java | 21 +- .../bouncycastle/crypto/digests/SHA256Digest.java | 21 +- .../bouncycastle/crypto/digests/SHA384Digest.java | 14 +- .../bouncycastle/crypto/digests/SHA512Digest.java | 13 + .../crypto/encodings/OAEPEncoding.java | 25 +- .../org/bouncycastle/crypto/engines/AESEngine.java | 3 +- .../bouncycastle/crypto/engines/AESFastEngine.java | 4 - .../crypto/engines/BlowfishEngine.java | 3 +- .../org/bouncycastle/crypto/engines/DESEngine.java | 3 +- .../bouncycastle/crypto/engines/DESedeEngine.java | 4 - .../org/bouncycastle/crypto/engines/RC2Engine.java | 3 +- .../org/bouncycastle/crypto/engines/RC4Engine.java | 3 +- .../bouncycastle/crypto/engines/TwofishEngine.java | 3 +- .../crypto/generators/DSAParametersGenerator.java | 179 +- .../generators/PKCS12ParametersGenerator.java | 3 +- .../generators/PKCS5S2ParametersGenerator.java | 49 +- .../java/org/bouncycastle/crypto/macs/HMac.java | 95 +- .../bouncycastle/crypto/modes/CCMBlockCipher.java | 59 +- .../params/DSAParameterGenerationParameters.java | 80 + .../crypto/params/DSAValidationParameters.java | 15 + .../crypto/params/ECDomainParameters.java | 25 +- .../bouncycastle/crypto/signers/ECDSASigner.java | 6 + .../java/org/bouncycastle/crypto/util/Pack.java | 122 +- .../jcajce/provider/asymmetric/DH.java | 1 - .../jcajce/provider/asymmetric/EC.java | 2 + .../jcajce/provider/asymmetric/dh/DHUtil.java | 50 - .../dsa/AlgorithmParameterGeneratorSpi.java | 47 +- .../asymmetric/dsa/AlgorithmParametersSpi.java | 1 - .../jcajce/provider/asymmetric/dsa/DSASigner.java | 14 +- .../provider/asymmetric/ec/BCECPrivateKey.java | 2 + .../provider/asymmetric/ec/BCECPublicKey.java | 2 + .../jcajce/provider/asymmetric/ec/EC5Util.java | 123 - .../jcajce/provider/asymmetric/ec/ECUtil.java | 295 - .../provider/asymmetric/ec/KeyAgreementSpi.java | 1 + .../provider/asymmetric/ec/KeyFactorySpi.java | 1 + .../asymmetric/ec/KeyPairGeneratorSpi.java | 1 + .../provider/asymmetric/ec/SignatureSpi.java | 29 +- .../jcajce/provider/asymmetric/util/DHUtil.java | 50 + .../jcajce/provider/asymmetric/util/EC5Util.java | 123 + .../jcajce/provider/asymmetric/util/ECUtil.java | 296 + .../asymmetric/x509/CertificateFactory.java | 4 - .../provider/asymmetric/x509/ExtCRLException.java | 20 + .../asymmetric/x509/X509CRLEntryObject.java | 301 + .../provider/asymmetric/x509/X509CRLObject.java | 578 ++ .../asymmetric/x509/X509CertificateObject.java | 916 ++ .../asymmetric/x509/X509SignatureUtil.java | 144 + .../provider/config/ConfigurableProvider.java | 8 +- .../provider/config/PKCS12StoreParameter.java | 51 + .../bouncycastle/jcajce/provider/digest/MD5.java | 11 +- .../bouncycastle/jcajce/provider/digest/SHA1.java | 129 +- .../jcajce/provider/digest/SHA256.java | 33 +- .../jcajce/provider/digest/SHA384.java | 26 +- .../jcajce/provider/digest/SHA512.java | 123 +- .../bouncycastle/jcajce/provider/keystore/BC.java | 29 + .../jcajce/provider/keystore/PKCS12.java | 32 + .../jcajce/provider/keystore/bc/BcKeyStoreSpi.java | 1061 +++ .../keystore/pkcs12/PKCS12KeyStoreSpi.java | 1676 ++++ .../jcajce/provider/symmetric/AES.java | 234 +- .../jcajce/provider/symmetric/ARC4.java | 72 +- .../jcajce/provider/symmetric/DES.java | 355 +- .../jcajce/provider/symmetric/DESede.java | 50 + .../jcajce/provider/symmetric/PBEPKCS12.java | 120 + .../jcajce/provider/symmetric/RC2.java | 547 ++ .../symmetric/SymmetricAlgorithmProvider.java | 23 + .../jcajce/provider/symmetric/Twofish.java | 128 + .../jcajce/provider/symmetric/util/BCPBEKey.java | 4 +- .../symmetric/util/BaseAlgorithmParameters.java | 356 - .../provider/symmetric/util/BaseBlockCipher.java | 41 +- .../jcajce/provider/symmetric/util/BaseMac.java | 342 - .../symmetric/util/BaseSecretKeyFactory.java | 103 - .../symmetric/util/BlockCipherProvider.java | 8 + .../jcajce/provider/symmetric/util/PBE.java | 89 +- .../jcajce/provider/util/SecretKeyUtil.java | 40 + .../org/bouncycastle/jce/ECNamedCurveTable.java | 125 - .../jce/provider/BouncyCastleProvider.java | 416 +- .../BouncyCastleProviderConfiguration.java | 2 +- .../bouncycastle/jce/provider/JCEBlockCipher.java | 1133 --- .../bouncycastle/jce/provider/JCEECPrivateKey.java | 4 +- .../bouncycastle/jce/provider/JCEECPublicKey.java | 4 +- .../java/org/bouncycastle/jce/provider/JCEMac.java | 455 - .../jce/provider/JCESecretKeyFactory.java | 635 -- .../bouncycastle/jce/provider/JCEStreamCipher.java | 24 - .../jce/provider/JDKAlgorithmParameters.java | 320 - .../org/bouncycastle/jce/provider/JDKKeyStore.java | 1048 --- .../jce/provider/JDKPKCS12KeyStore.java | 1639 ---- .../jce/provider/JDKPKCS12StoreParameter.java | 3 + .../jce/provider/RFC3280CertPathUtilities.java | 30 +- .../java/org/bouncycastle/math/ec/ECCurve.java | 243 +- .../java/org/bouncycastle/math/ec/ECPoint.java | 17 +- .../main/java/org/bouncycastle/util/Arrays.java | 112 +- .../main/java/org/bouncycastle/util/Memoable.java | 23 + .../org/bouncycastle/util/encoders/Base64.java | 36 +- .../java/org/bouncycastle/util/encoders/Hex.java | 17 + bouncycastle.config | 52 +- bouncycastle.version | 2 +- patches/bcpkix.patch | 1051 ++- patches/bcprov.patch | 9343 +++++++++----------- 151 files changed, 14890 insertions(+), 13776 deletions(-) create mode 100644 bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java create mode 100644 bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestProvider.java delete mode 100644 bcpkix/src/main/java/org/bouncycastle/operator/bc/BcUtil.java create mode 100644 bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java create mode 100644 bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java delete mode 100644 bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java create mode 100644 bcprov/src/main/java/org/bouncycastle/util/Memoable.java diff --git a/NOTICE b/NOTICE index 95c0068..d89ebe3 100644 --- a/NOTICE +++ b/NOTICE @@ -1,4 +1,4 @@ -Copyright (c) 2000-2011 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) +Copyright (c) 2000-2013 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, diff --git a/README.android b/README.android index 3dfa8bf..8b7bb78 100644 --- a/README.android +++ b/README.android @@ -114,6 +114,8 @@ The following steps are recommended for porting new Bouncy Castle versions. libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestInputStreamTest.java - java.security.DigestOutputStream libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestOutputStreamTest.java + - javax.crypto.spec.GCMParameterSpec + libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/spec/GCMParameterSpecTest.java - java.security.GuardedObject libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/GuardedObjectTest.java - java.security.Identity @@ -212,10 +214,10 @@ The following steps are recommended for porting new Bouncy Castle versions. - java.security.SecureRandomSpi libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecureRandomSpiTest.java - java.security.Signature + libcore/crypto/src/test/java/org/conscrypt/OpenSSLSignatureTest.java libcore/luni/src/test/java/libcore/java/security/SignatureTest.java libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Signature2Test.java libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureTest.java - libcore/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignatureTest.java libcore/luni/src/test/java/tests/targets/security/SignatureTestMD2withRSA.java - java.security.SignatureSpi libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureSpiTest.java diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index c976dfe..ae71f31 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -9,34 +9,28 @@ import java.security.Provider; import java.security.cert.CertStore; import java.security.cert.CertStoreException; import java.util.ArrayList; -import java.util.Enumeration; +import java.util.Collection; import java.util.Iterator; import java.util.List; import java.util.Map; -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.BERSequence; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; import org.bouncycastle.asn1.cms.SignerInfo; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.cert.X509AttributeCertificateHolder; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; +// BEGIN android-removed +// import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; +// END android-removed import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; +import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; -import org.bouncycastle.util.CollectionStore; import org.bouncycastle.util.Store; import org.bouncycastle.x509.NoSuchStoreException; import org.bouncycastle.x509.X509Store; @@ -311,208 +305,201 @@ public class CMSSignedData { if (attributeStore == null) { - attributeStore = HELPER.createAttributeStore(type, provider, signedData.getCertificates()); + attributeStore = HELPER.createAttributeStore(type, provider, this.getAttributeCertificates()); } return attributeStore; } - /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of public key certificates - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCertificates( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException - { - return getCertificates(type, CMSUtils.getProvider(provider)); - } + // BEGIN android-removed + // /** + // * return a X509Store containing the public key certificates, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider name of provider to use + // * @return a store of public key certificates + // * @exception NoSuchProviderException if the provider requested isn't available. + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCertificates( + // String type, + // String provider) + // throws NoSuchStoreException, NoSuchProviderException, CMSException + // { + // return getCertificates(type, CMSUtils.getProvider(provider)); + // } + // + // /** + // * return a X509Store containing the public key certificates, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider provider to use + // * @return a store of public key certificates + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCertificates( + // String type, + // Provider provider) + // throws NoSuchStoreException, CMSException + // { + // if (certificateStore == null) + // { + // certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); + // } + // + // return certificateStore; + // } + // + // /** + // * return a X509Store containing CRLs, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider name of provider to use + // * @return a store of CRLs + // * @exception NoSuchProviderException if the provider requested isn't available. + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCRLs( + // String type, + // String provider) + // throws NoSuchStoreException, NoSuchProviderException, CMSException + // { + // return getCRLs(type, CMSUtils.getProvider(provider)); + // } + // + // /** + // * return a X509Store containing CRLs, if any, contained + // * in this message. + // * + // * @param type type of store to create + // * @param provider provider to use + // * @return a store of CRLs + // * @exception NoSuchStoreException if the store type isn't available. + // * @exception CMSException if a general exception prevents creation of the X509Store + // * @deprecated use base Store returning method + // */ + // public X509Store getCRLs( + // String type, + // Provider provider) + // throws NoSuchStoreException, CMSException + // { + // if (crlStore == null) + // { + // crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); + // } + // + // return crlStore; + // } + // + // /** + // * return a CertStore containing the certificates and CRLs associated with + // * this message. + // * + // * @exception NoSuchProviderException if the provider requested isn't available. + // * @exception NoSuchAlgorithmException if the cert store isn't available. + // * @exception CMSException if a general exception prevents creation of the CertStore + // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder + // */ + // public CertStore getCertificatesAndCRLs( + // String type, + // String provider) + // throws NoSuchAlgorithmException, NoSuchProviderException, CMSException + // { + // return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); + // } + // + // /** + // * return a CertStore containing the certificates and CRLs associated with + // * this message. + // * + // * @exception NoSuchAlgorithmException if the cert store isn't available. + // * @exception CMSException if a general exception prevents creation of the CertStore + // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder + // */ + // public CertStore getCertificatesAndCRLs( + // String type, + // Provider provider) + // throws NoSuchAlgorithmException, CMSException + // { + // try + // { + // JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); + // + // if (provider != null) + // { + // certStoreBuilder.setProvider(provider); + // } + // + // certStoreBuilder.addCertificates(this.getCertificates()); + // certStoreBuilder.addCRLs(this.getCRLs()); + // + // return certStoreBuilder.build(); + // } + // catch (NoSuchAlgorithmException e) + // { + // throw e; + // } + // catch (Exception e) + // { + // throw new CMSException("exception creating CertStore: " + e.getMessage(), e); + // } + // } + // END android-removed /** - * return a X509Store containing the public key certificates, if any, contained - * in this message. + * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. * - * @param type type of store to create - * @param provider provider to use - * @return a store of public key certificates - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method + * @return a Store of X509CertificateHolder objects. */ - public X509Store getCertificates( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (certificateStore == null) - { - certificateStore = HELPER.createCertificateStore(type, provider, signedData.getCertificates()); - } - - return certificateStore; - } - - /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider name of provider to use - * @return a store of CRLs - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCRLs( - String type, - String provider) - throws NoSuchStoreException, NoSuchProviderException, CMSException + public Store getCertificates() { - return getCRLs(type, CMSUtils.getProvider(provider)); + return HELPER.getCertificates(signedData.getCertificates()); } /** - * return a X509Store containing CRLs, if any, contained - * in this message. - * - * @param type type of store to create - * @param provider provider to use - * @return a store of CRLs - * @exception NoSuchStoreException if the store type isn't available. - * @exception CMSException if a general exception prevents creation of the X509Store - * @deprecated use base Store returning method - */ - public X509Store getCRLs( - String type, - Provider provider) - throws NoSuchStoreException, CMSException - { - if (crlStore == null) - { - crlStore = HELPER.createCRLsStore(type, provider, signedData.getCRLs()); - } - - return crlStore; - } - - /** - * return a CertStore containing the certificates and CRLs associated with - * this message. + * Return any X.509 CRL objects in this SignedData structure as a Store of X509CRLHolder objects. * - * @exception NoSuchProviderException if the provider requested isn't available. - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use base Store returning method + * @return a Store of X509CRLHolder objects. */ - public CertStore getCertificatesAndCRLs( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, CMSException + public Store getCRLs() { - return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); + return HELPER.getCRLs(signedData.getCRLs()); } /** - * return a CertStore containing the certificates and CRLs associated with - * this message. + * Return any X.509 attribute certificate objects in this SignedData structure as a Store of X509AttributeCertificateHolder objects. * - * @exception NoSuchAlgorithmException if the cert store isn't available. - * @exception CMSException if a general exception prevents creation of the CertStore - * @deprecated use base Store returning method + * @return a Store of X509AttributeCertificateHolder objects. */ - public CertStore getCertificatesAndCRLs( - String type, - Provider provider) - throws NoSuchAlgorithmException, CMSException - { - ASN1Set certSet = signedData.getCertificates(); - ASN1Set crlSet = signedData.getCRLs(); - - return HELPER.createCertStore(type, provider, certSet, crlSet); - } - - public Store getCertificates() - { - ASN1Set certSet = signedData.getCertificates(); - - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - certList.add(new X509CertificateHolder(Certificate.getInstance(obj))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); - } - - public Store getCRLs() - { - ASN1Set crlSet = signedData.getCRLs(); - - if (crlSet != null) - { - List crlList = new ArrayList(crlSet.size()); - - for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1Sequence) - { - crlList.add(new X509CRLHolder(CertificateList.getInstance(obj))); - } - } - - return new CollectionStore(crlList); - } - - return new CollectionStore(new ArrayList()); - } - public Store getAttributeCertificates() { - ASN1Set certSet = signedData.getCertificates(); - - if (certSet != null) - { - List certList = new ArrayList(certSet.size()); - - for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) - { - ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(((ASN1TaggedObject)obj).getObject()))); - } - } - - return new CollectionStore(certList); - } - - return new CollectionStore(new ArrayList()); + return HELPER.getAttributeCertificates(signedData.getCertificates()); } + // BEGIN android-removed + // /** + // * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in + // * this SignedData structure. + // * + // * @param otherRevocationInfoFormat OID of the format type been looked for. + // * + // * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. + // */ + // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) + // { + // return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); + // } + // END android-removed + /** * Return the a string representation of the OID associated with the * encapsulated content info structure carried in the signed data. @@ -554,9 +541,77 @@ public class CMSSignedData { return contentInfo.getEncoded(); } - + + // BEGIN android-removed + // /** + // * Verify all the SignerInformation objects and their associated counter signatures attached + // * to this CMS SignedData object. + // * + // * @param verifierProvider a provider of SignerInformationVerifier objects. + // * @return true if all verify, false otherwise. + // * @throws CMSException if an exception occurs during the verification process. + // */ + // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) + // throws CMSException + // { + // return verifySignatures(verifierProvider, false); + // } + // + // /** + // * Verify all the SignerInformation objects and optionally their associated counter signatures attached + // * to this CMS SignedData object. + // * + // * @param verifierProvider a provider of SignerInformationVerifier objects. + // * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. + // * @return true if all verify, false otherwise. + // * @throws CMSException if an exception occurs during the verification process. + // */ + // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) + // throws CMSException + // { + // Collection signers = this.getSignerInfos().getSigners(); + // + // for (Iterator it = signers.iterator(); it.hasNext();) + // { + // SignerInformation signer = (SignerInformation)it.next(); + // + // try + // { + // SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); + // + // if (!signer.verify(verifier)) + // { + // return false; + // } + // + // if (!ignoreCounterSignatures) + // { + // Collection counterSigners = signer.getCounterSignatures().getSigners(); + // + // for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) + // { + // SignerInformation counterSigner = (SignerInformation)cIt.next(); + // SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); + // + // if (!counterSigner.verify(counterVerifier)) + // { + // return false; + // } + // } + // } + // } + // catch (OperatorCreationException e) + // { + // throw new CMSException("failure in verifier provider: " + e.getMessage(), e); + // } + // } + // + // return true; + // } + // END android-removed + /** - * Replace the signerinformation store associated with this + * Replace the SignerInformation store associated with this * CMSSignedData object with the new one passed in. You would * probably only want to do this if you wanted to change the unsigned * attributes associated with a signer, or perhaps delete one. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java index f50791e..9692e15 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java @@ -146,6 +146,7 @@ public class CMSSignedDataGenerator /** * constructor allowing specific source of randomness * @param rand instance of SecureRandom to use + * @deprecated rand ignored in new API, use base constructor. */ public CMSSignedDataGenerator( SecureRandom rand) @@ -479,6 +480,7 @@ public class CMSSignedDataGenerator * addDefaultAttributes indicates whether or not a default set of signed attributes * need to be added automatically. If the argument is set to false, no * attributes will get added at all. + * @deprecated use setDirectSignature() on SignerInformationGenerator. */ public CMSSignedData generate( String eContentType, diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java index 365522d..8b9d4ce 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java @@ -15,6 +15,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; @@ -23,6 +24,7 @@ import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; // BEGIN android-removed +// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; @@ -32,9 +34,13 @@ import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.AttributeCertificate; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.cert.X509AttributeCertificateHolder; +import org.bouncycastle.cert.X509CRLHolder; +import org.bouncycastle.cert.X509CertificateHolder; // BEGIN android-removed // import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; // END android-removed +import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Store; import org.bouncycastle.x509.X509AttributeCertificate; import org.bouncycastle.x509.X509Store; @@ -173,7 +179,7 @@ public class CMSSignedGenerator Map param = new HashMap(); param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, hash.clone()); + param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); return param; } @@ -207,6 +213,25 @@ public class CMSSignedGenerator crls.addAll(CMSUtils.getCRLsFromStore(certStore)); } + /** + * Add a certificate to the certificate set to be included with the generated SignedData message. + * + * @param certificate the certificate to be included. + * @throws CMSException if the certificate cannot be encoded for adding. + */ + public void addCertificate( + X509CertificateHolder certificate) + throws CMSException + { + certs.add(certificate.toASN1Structure()); + } + + /** + * Add the certificates in certStore to the certificate set to be included with the generated SignedData message. + * + * @param certStore the store containing the certificates to be included. + * @throws CMSException if the certificates cannot be encoded for adding. + */ public void addCertificates( Store certStore) throws CMSException @@ -214,6 +239,22 @@ public class CMSSignedGenerator certs.addAll(CMSUtils.getCertificatesFromStore(certStore)); } + /** + * Add a CRL to the CRL set to be included with the generated SignedData message. + * + * @param crl the CRL to be included. + */ + public void addCRL(X509CRLHolder crl) + { + crls.add(crl.toASN1Structure()); + } + + /** + * Add the CRLs in crlStore to the CRL set to be included with the generated SignedData message. + * + * @param crlStore the store containing the CRLs to be included. + * @throws CMSException if the CRLs cannot be encoded for adding. + */ public void addCRLs( Store crlStore) throws CMSException @@ -221,6 +262,25 @@ public class CMSSignedGenerator crls.addAll(CMSUtils.getCRLsFromStore(crlStore)); } + /** + * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. + * + * @param attrCert the store containing the certificates to be included. + * @throws CMSException if the attribute certificate cannot be encoded for adding. + */ + public void addAttributeCertificate( + X509AttributeCertificateHolder attrCert) + throws CMSException + { + certs.add(new DERTaggedObject(false, 2, attrCert.toASN1Structure())); + } + + /** + * Add the attribute certificates in attrStore to the certificate set to be included with the generated SignedData message. + * + * @param attrStore the store containing the certificates to be included. + * @throws CMSException if the attribute certificate cannot be encoded for adding. + */ public void addAttributeCertificates( Store attrStore) throws CMSException @@ -228,6 +288,34 @@ public class CMSSignedGenerator certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore)); } + // BEGIN android-removed + // /** + // * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. + // * + // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. + // * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. + // */ + // public void addOtherRevocationInfo( + // ASN1ObjectIdentifier otherRevocationInfoFormat, + // ASN1Encodable otherRevocationInfo) + // { + // crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); + // } + // + // /** + // * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. + // * + // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. + // * @param otherRevocationInfos a Store of otherRevocationInfo data to add. + // */ + // public void addOtherRevocationInfo( + // ASN1ObjectIdentifier otherRevocationInfoFormat, + // Store otherRevocationInfos) + // { + // crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); + // } + // END android-removed + /** * Add the attribute certificates contained in the passed in store to the * generator. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java index 457a97e..7612b5f 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java @@ -1,18 +1,14 @@ package org.bouncycastle.cms; -import java.io.ByteArrayInputStream; import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.cert.CRLException; -import java.security.cert.CertStore; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; import java.util.ArrayList; +import java.util.Collection; import java.util.Enumeration; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -24,6 +20,7 @@ import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; // BEGIN android-removed +// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // END android-removed import org.bouncycastle.asn1.eac.EACObjectIdentifiers; @@ -32,8 +29,20 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.AttributeCertificate; +import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.CertificateList; import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.cert.X509AttributeCertificateHolder; +import org.bouncycastle.cert.X509CRLHolder; +import org.bouncycastle.cert.X509CertificateHolder; +// BEGIN android-removed +// import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; +// import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +// END android-removed +import org.bouncycastle.util.CollectionStore; +import org.bouncycastle.util.Store; import org.bouncycastle.x509.NoSuchStoreException; import org.bouncycastle.x509.X509CollectionStoreParameters; import org.bouncycastle.x509.X509Store; @@ -176,45 +185,22 @@ class CMSSignedHelper return encryptionAlgOID; } - X509Store createAttributeStore( String type, Provider provider, - ASN1Set certSet) + Store certStore) throws NoSuchStoreException, CMSException { - List certs = new ArrayList(); - - if (certSet != null) + try { - Enumeration e = certSet.getObjects(); + Collection certHldrs = certStore.getMatches(null); + List certs = new ArrayList(certHldrs.size()); - while (e.hasMoreElements()) + for (Iterator it = certHldrs.iterator(); it.hasNext();) { - try - { - ASN1Primitive obj = ((ASN1Encodable)e.nextElement()).toASN1Primitive(); - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)obj; - - if (tagged.getTagNo() == 2) - { - certs.add(new X509V2AttributeCertificate(ASN1Sequence.getInstance(tagged, false).getEncoded())); - } - } - } - catch (IOException ex) - { - throw new CMSException( - "can't re-encode attribute certificate!", ex); - } + certs.add(new X509V2AttributeCertificate(((X509AttributeCertificateHolder)it.next()).getEncoded())); } - } - try - { return X509Store.getInstance( "AttributeCertificate/" +type, new X509CollectionStoreParameters(certs), provider); } @@ -222,202 +208,189 @@ class CMSSignedHelper { throw new CMSException("can't setup the X509Store", e); } - } - - X509Store createCertificateStore( - String type, - Provider provider, - ASN1Set certSet) - throws NoSuchStoreException, CMSException - { - List certs = new ArrayList(); - - if (certSet != null) - { - addCertsFromSet(certs, certSet, provider); - } - - try - { - return X509Store.getInstance( - "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); - } - catch (IllegalArgumentException e) + catch (IOException e) { throw new CMSException("can't setup the X509Store", e); } } - X509Store createCRLsStore( - String type, - Provider provider, - ASN1Set crlSet) - throws NoSuchStoreException, CMSException - { - List crls = new ArrayList(); + // BEGIN android-removed + // X509Store createCertificateStore( + // String type, + // Provider provider, + // Store certStore) + // throws NoSuchStoreException, CMSException + // { + // try + // { + // JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); + // Collection certHldrs = certStore.getMatches(null); + // List certs = new ArrayList(certHldrs.size()); + // + // for (Iterator it = certHldrs.iterator(); it.hasNext();) + // { + // certs.add(converter.getCertificate((X509CertificateHolder)it.next())); + // } + // + // return X509Store.getInstance( + // "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); + // } + // catch (IllegalArgumentException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // catch (CertificateException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // } + // + // X509Store createCRLsStore( + // String type, + // Provider provider, + // Store crlStore) + // throws NoSuchStoreException, CMSException + // { + // try + // { + // JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); + // Collection crlHldrs = crlStore.getMatches(null); + // List crls = new ArrayList(crlHldrs.size()); + // + // for (Iterator it = crlHldrs.iterator(); it.hasNext();) + // { + // crls.add(converter.getCRL((X509CRLHolder)it.next())); + // } + // + // return X509Store.getInstance( + // "CRL/" +type, new X509CollectionStoreParameters(crls), provider); + // } + // catch (IllegalArgumentException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // catch (CRLException e) + // { + // throw new CMSException("can't setup the X509Store", e); + // } + // } + // END android-removed - if (crlSet != null) + AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) + { + if (algId.getParameters() == null) { - addCRLsFromSet(crls, crlSet, provider); + return new AlgorithmIdentifier(algId.getAlgorithm(), DERNull.INSTANCE); } - try - { - return X509Store.getInstance( - "CRL/" +type, new X509CollectionStoreParameters(crls), provider); - } - catch (IllegalArgumentException e) - { - throw new CMSException("can't setup the X509Store", e); - } + return algId; } - CertStore createCertStore( - String type, - Provider provider, - ASN1Set certSet, - ASN1Set crlSet) - throws CMSException, NoSuchAlgorithmException + void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) { - List certsAndcrls = new ArrayList(); + encryptionAlgs.put(oid.getId(), algorithmName); + } - // - // load the certificates and revocation lists if we have any - // + void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) + { + digestAlgs.put(oid.getId(), algorithmName); + } + Store getCertificates(ASN1Set certSet) + { if (certSet != null) { - addCertsFromSet(certsAndcrls, certSet, provider); - } - - if (crlSet != null) - { - addCRLsFromSet(certsAndcrls, crlSet, provider); - } + List certList = new ArrayList(certSet.size()); - try - { - if (provider != null) + for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) { - return CertStore.getInstance(type, new CollectionCertStoreParameters(certsAndcrls), provider); - } - else - { - return CertStore.getInstance(type, new CollectionCertStoreParameters(certsAndcrls)); + ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); + + if (obj instanceof ASN1Sequence) + { + certList.add(new X509CertificateHolder(Certificate.getInstance(obj))); + } } + + return new CollectionStore(certList); } - catch (InvalidAlgorithmParameterException e) - { - throw new CMSException("can't setup the CertStore", e); - } + + return new CollectionStore(new ArrayList()); } - private void addCertsFromSet(List certs, ASN1Set certSet, Provider provider) - throws CMSException + Store getAttributeCertificates(ASN1Set certSet) { - CertificateFactory cf; - - try - { - if (provider != null) - { - cf = CertificateFactory.getInstance("X.509", provider); - } - else - { - cf = CertificateFactory.getInstance("X.509"); - } - } - catch (CertificateException ex) + if (certSet != null) { - throw new CMSException("can't get certificate factory.", ex); - } - Enumeration e = certSet.getObjects(); + List certList = new ArrayList(certSet.size()); - while (e.hasMoreElements()) - { - try + for (Enumeration en = certSet.getObjects(); en.hasMoreElements();) { - ASN1Primitive obj = ((ASN1Encodable)e.nextElement()).toASN1Primitive(); + ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - if (obj instanceof ASN1Sequence) + if (obj instanceof ASN1TaggedObject) { - certs.add(cf.generateCertificate( - new ByteArrayInputStream(obj.getEncoded()))); + certList.add(new X509AttributeCertificateHolder(AttributeCertificate.getInstance(((ASN1TaggedObject)obj).getObject()))); } } - catch (IOException ex) - { - throw new CMSException( - "can't re-encode certificate!", ex); - } - catch (CertificateException ex) - { - throw new CMSException( - "can't re-encode certificate!", ex); - } + + return new CollectionStore(certList); } + + return new CollectionStore(new ArrayList()); } - private void addCRLsFromSet(List crls, ASN1Set certSet, Provider provider) - throws CMSException + Store getCRLs(ASN1Set crlSet) { - CertificateFactory cf; - - try - { - if (provider != null) - { - cf = CertificateFactory.getInstance("X.509", provider); - } - else - { - cf = CertificateFactory.getInstance("X.509"); - } - } - catch (CertificateException ex) + if (crlSet != null) { - throw new CMSException("can't get certificate factory.", ex); - } - Enumeration e = certSet.getObjects(); + List crlList = new ArrayList(crlSet.size()); - while (e.hasMoreElements()) - { - try + for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) { - ASN1Primitive obj = ((ASN1Encodable)e.nextElement()).toASN1Primitive(); + ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); - crls.add(cf.generateCRL( - new ByteArrayInputStream(obj.getEncoded()))); - } - catch (IOException ex) - { - throw new CMSException("can't re-encode CRL!", ex); - } - catch (CRLException ex) - { - throw new CMSException("can't re-encode CRL!", ex); + if (obj instanceof ASN1Sequence) + { + crlList.add(new X509CRLHolder(CertificateList.getInstance(obj))); + } } - } - } - AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) - { - if (algId.getParameters() == null) - { - return new AlgorithmIdentifier(algId.getAlgorithm(), DERNull.INSTANCE); + return new CollectionStore(crlList); } - return algId; - } - - void setSigningEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - encryptionAlgs.put(oid.getId(), algorithmName); + return new CollectionStore(new ArrayList()); } - void setSigningDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algorithmName) - { - digestAlgs.put(oid.getId(), algorithmName); - } + // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) + // { + // if (crlSet != null) + // { + // List crlList = new ArrayList(crlSet.size()); + // + // for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) + // { + // ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); + // + // if (obj instanceof ASN1TaggedObject) + // { + // ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); + // + // if (tObj.getTagNo() == 1) + // { + // OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); + // + // if (otherRevocationInfoFormat.equals(other.getInfoFormat())) + // { + // crlList.add(other.getInfo()); + // } + // } + // } + // } + // + // return new CollectionStore(crlList); + // } + // + // return new CollectionStore(new ArrayList()); + // } } diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index 907fcc0..ccfab32 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -20,14 +20,21 @@ import java.util.List; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.BEROctetStringGenerator; import org.bouncycastle.asn1.BERSet; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +// BEGIN android-removed +// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +// import org.bouncycastle.asn1.ocsp.OCSPResponse; +// import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; +// END android-removed import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.CertificateList; import org.bouncycastle.asn1.x509.TBSCertificate; @@ -184,6 +191,32 @@ class CMSUtils } } + // BEGIN android-removed + // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) + // { + // List others = new ArrayList(); + // + // for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) + // { + // ASN1Encodable info = (ASN1Encodable)it.next(); + // + // if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) + // { + // OCSPResponse resp = OCSPResponse.getInstance(info); + // + // if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) + // { + // throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); + // } + // } + // + // others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); + // } + // + // return others; + // } + // END android-removed + static ASN1Set createBerSetFromList(List derObjects) { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java index f5ac174..e378629 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java @@ -123,12 +123,12 @@ public class SignerInfoGenerator public SignerIdentifier getSID() { - return signerIdentifier; + return signerIdentifier; } public ASN1Integer getGeneratedVersion() { - return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1); + return new ASN1Integer(signerIdentifier.isTagged() ? 3 : 1); } public boolean hasAssociatedCertificate() diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java index 70a8727..b65ab5e 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java @@ -9,7 +9,7 @@ import java.util.Map; public class SignerInformationStore { - private ArrayList all = new ArrayList(); + private List all = new ArrayList(); private Map table = new HashMap(); public SignerInformationStore( diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java new file mode 100644 index 0000000..a2c47c2 --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java @@ -0,0 +1,156 @@ +package org.bouncycastle.operator.bc; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.ExtendedDigest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.GOST3411Digest; +// import org.bouncycastle.crypto.digests.MD2Digest; +// import org.bouncycastle.crypto.digests.MD4Digest; +// END android-removed +import org.bouncycastle.crypto.digests.MD5Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.RIPEMD128Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.RIPEMD256Digest; +// END android-removed +import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA224Digest; +// END android-removed +import org.bouncycastle.crypto.digests.SHA256Digest; +import org.bouncycastle.crypto.digests.SHA384Digest; +import org.bouncycastle.crypto.digests.SHA512Digest; +import org.bouncycastle.operator.OperatorCreationException; + +public class BcDefaultDigestProvider + implements BcDigestProvider +{ + private static final Map lookup = createTable(); + + private static Map createTable() + { + Map table = new HashMap(); + + table.put(OIWObjectIdentifiers.idSHA1, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA1Digest(); + } + }); + // BEGIN android-removed + // table.put(NISTObjectIdentifiers.id_sha224, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new SHA224Digest(); + // } + // }); + // END android-removed + table.put(NISTObjectIdentifiers.id_sha256, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA256Digest(); + } + }); + table.put(NISTObjectIdentifiers.id_sha384, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA384Digest(); + } + }); + table.put(NISTObjectIdentifiers.id_sha512, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new SHA512Digest(); + } + }); + table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider() + { + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + { + return new MD5Digest(); + } + }); + // BEGIN android-removed + // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new MD4Digest(); + // } + // }); + // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new MD2Digest(); + // } + // }); + // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new GOST3411Digest(); + // } + // }); + // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new RIPEMD128Digest(); + // } + // }); + // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new RIPEMD160Digest(); + // } + // }); + // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider() + // { + // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + // { + // return new RIPEMD256Digest(); + // } + // }); + // END android-removed + + return Collections.unmodifiableMap(table); + } + + public static final BcDigestProvider INSTANCE = new BcDefaultDigestProvider(); + + private BcDefaultDigestProvider() + { + + } + + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + throws OperatorCreationException + { + BcDigestProvider extProv = (BcDigestProvider)lookup.get(digestAlgorithmIdentifier.getAlgorithm()); + + if (extProv == null) + { + throw new OperatorCreationException("cannot recognise digest"); + } + + return extProv.get(digestAlgorithmIdentifier); + } +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java index 233b31b..4d029dd 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestCalculatorProvider.java @@ -2,9 +2,11 @@ package org.bouncycastle.operator.bc; import java.io.IOException; import java.io.OutputStream; +import java.util.Map; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.crypto.Digest; +import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.OperatorCreationException; @@ -12,10 +14,12 @@ import org.bouncycastle.operator.OperatorCreationException; public class BcDigestCalculatorProvider implements DigestCalculatorProvider { + private BcDigestProvider digestProvider = BcDefaultDigestProvider.INSTANCE; + public DigestCalculator get(final AlgorithmIdentifier algorithm) throws OperatorCreationException { - Digest dig = BcUtil.createDigest(algorithm); + Digest dig = digestProvider.get(algorithm); final DigestOutputStream stream = new DigestOutputStream(dig); diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestProvider.java new file mode 100644 index 0000000..691a56a --- /dev/null +++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDigestProvider.java @@ -0,0 +1,11 @@ +package org.bouncycastle.operator.bc; + +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.ExtendedDigest; +import org.bouncycastle.operator.OperatorCreationException; + +public interface BcDigestProvider +{ + ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) + throws OperatorCreationException; +} diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcUtil.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcUtil.java deleted file mode 100644 index 368c1f3..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcUtil.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.operator.bc; - -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// END android-removed -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.GOST3411Digest; -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// END android-removed -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.RIPEMD256Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.SHA224Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.operator.OperatorCreationException; - -class BcUtil -{ - static Digest createDigest(AlgorithmIdentifier digAlg) - throws OperatorCreationException - { - Digest dig; - - if (digAlg.getAlgorithm().equals(OIWObjectIdentifiers.idSHA1)) - { - dig = new SHA1Digest(); - } - // BEGIN android-removed - // else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224)) - // { - // dig = new SHA224Digest(); - // } - // END android-removed - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256)) - { - dig = new SHA256Digest(); - } - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha384)) - { - dig = new SHA384Digest(); - } - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha512)) - { - dig = new SHA512Digest(); - } - else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md5)) - { - dig = new MD5Digest(); - } - // BEGIN android-removed - // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md4)) - // { - // dig = new MD4Digest(); - // } - // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md2)) - // { - // dig = new MD2Digest(); - // } - // else if (digAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411)) - // { - // dig = new GOST3411Digest(); - // } - // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd128)) - // { - // dig = new RIPEMD128Digest(); - // } - // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd160)) - // { - // dig = new RIPEMD160Digest(); - // } - // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd256)) - // { - // dig = new RIPEMD256Digest(); - // } - // END android-removed - else - { - throw new OperatorCreationException("cannot recognise digest"); - } - - return dig; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java index ecfca6a..2819a8d 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java @@ -20,7 +20,7 @@ public class ASN1EncodableVector { for (Enumeration en = other.v.elements(); en.hasMoreElements();) { - v.addElement(en.nextElement()); + v.addElement(en.nextElement()); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java index eb29838..98f46a6 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java @@ -13,6 +13,11 @@ public class ASN1ObjectIdentifier super(bytes); } + ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branch) + { + super(oid, branch); + } + /** * Return an OID that creates a branch under the current one. * @@ -21,7 +26,7 @@ public class ASN1ObjectIdentifier */ public ASN1ObjectIdentifier branch(String branchID) { - return new ASN1ObjectIdentifier(getId() + "." + branchID); + return new ASN1ObjectIdentifier(this, branchID); } /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java index c8d7bd0..74acda6 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERBoolean.java @@ -77,7 +77,7 @@ public class DERBoolean * @exception IllegalArgumentException if the tagged object cannot * be converted. */ - public static DERBoolean getInstance( + public static ASN1Boolean getInstance( ASN1TaggedObject obj, boolean explicit) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java index 8e2ee4e..13e1195 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java @@ -9,17 +9,17 @@ import org.bouncycastle.util.Arrays; public class DERObjectIdentifier extends ASN1Primitive { - String identifier; + String identifier; - private byte[] body; + private byte[] body; /** * return an OID from the passed in object * - * @exception IllegalArgumentException if the object cannot be converted. + * @throws IllegalArgumentException if the object cannot be converted. */ public static ASN1ObjectIdentifier getInstance( - Object obj) + Object obj) { if (obj == null || obj instanceof ASN1ObjectIdentifier) { @@ -47,15 +47,15 @@ public class DERObjectIdentifier /** * return an Object Identifier from a tagged object. * - * @param obj the tagged object holding the object we want + * @param obj the tagged object holding the object we want * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. + * tagged false otherwise. + * @throws IllegalArgumentException if the tagged object cannot + * be converted. */ public static ASN1ObjectIdentifier getInstance( ASN1TaggedObject obj, - boolean explicit) + boolean explicit) { ASN1Primitive o = obj.getObject(); @@ -72,38 +72,38 @@ public class DERObjectIdentifier private static final long LONG_LIMIT = (Long.MAX_VALUE >> 7) - 0x7f; DERObjectIdentifier( - byte[] bytes) + byte[] bytes) { - StringBuffer objId = new StringBuffer(); - long value = 0; - BigInteger bigValue = null; - boolean first = true; + StringBuffer objId = new StringBuffer(); + long value = 0; + BigInteger bigValue = null; + boolean first = true; for (int i = 0; i != bytes.length; i++) { int b = bytes[i] & 0xff; - if (value <= LONG_LIMIT) + if (value <= LONG_LIMIT) { value += (b & 0x7f); if ((b & 0x80) == 0) // end of number reached { if (first) { - if (value < 40) - { - objId.append('0'); - } - else if (value < 80) - { - objId.append('1'); + if (value < 40) + { + objId.append('0'); + } + else if (value < 80) + { + objId.append('1'); value -= 40; - } - else - { - objId.append('2'); + } + else + { + objId.append('2'); value -= 80; - } + } first = false; } @@ -115,20 +115,20 @@ public class DERObjectIdentifier { value <<= 7; } - } - else + } + else { if (bigValue == null) { bigValue = BigInteger.valueOf(value); } bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f)); - if ((b & 0x80) == 0) + if ((b & 0x80) == 0) { if (first) { - objId.append('2'); - bigValue = bigValue.subtract(BigInteger.valueOf(80)); + objId.append('2'); + bigValue = bigValue.subtract(BigInteger.valueOf(80)); first = false; } @@ -155,8 +155,12 @@ public class DERObjectIdentifier } public DERObjectIdentifier( - String identifier) + String identifier) { + if (identifier == null) + { + throw new IllegalArgumentException("'identifier' cannot be null"); + } if (!isValidIdentifier(identifier)) { throw new IllegalArgumentException("string " + identifier + " not an OID"); @@ -171,14 +175,24 @@ public class DERObjectIdentifier // END android-changed } + DERObjectIdentifier(DERObjectIdentifier oid, String branchID) + { + if (!isValidBranchID(branchID, 0)) + { + throw new IllegalArgumentException("string " + branchID + " not a valid OID branch"); + } + + this.identifier = oid.getId() + "." + branchID; + } + public String getId() { return identifier; } private void writeField( - ByteArrayOutputStream out, - long fieldValue) + ByteArrayOutputStream out, + long fieldValue) { byte[] result = new byte[9]; int pos = 8; @@ -192,24 +206,24 @@ public class DERObjectIdentifier } private void writeField( - ByteArrayOutputStream out, - BigInteger fieldValue) + ByteArrayOutputStream out, + BigInteger fieldValue) { - int byteCount = (fieldValue.bitLength()+6)/7; - if (byteCount == 0) + int byteCount = (fieldValue.bitLength() + 6) / 7; + if (byteCount == 0) { out.write(0); - } - else + } + else { BigInteger tmpValue = fieldValue; byte[] tmp = new byte[byteCount]; - for (int i = byteCount-1; i >= 0; i--) + for (int i = byteCount - 1; i >= 0; i--) { - tmp[i] = (byte) ((tmpValue.intValue() & 0x7f) | 0x80); - tmpValue = tmpValue.shiftRight(7); + tmp[i] = (byte)((tmpValue.intValue() & 0x7f) | 0x80); + tmpValue = tmpValue.shiftRight(7); } - tmp[byteCount-1] &= 0x7f; + tmp[byteCount - 1] &= 0x7f; out.write(tmp, 0, tmp.length); } } @@ -218,15 +232,15 @@ public class DERObjectIdentifier { OIDTokenizer tok = new OIDTokenizer(identifier); int first = Integer.parseInt(tok.nextToken()) * 40; - + String secondToken = tok.nextToken(); if (secondToken.length() <= 18) { - writeField(aOut, first + Long.parseLong(secondToken)); + writeField(aOut, first + Long.parseLong(secondToken)); } else { - writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first))); + writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first))); } while (tok.hasMoreTokens()) @@ -274,7 +288,7 @@ public class DERObjectIdentifier ASN1OutputStream out) throws IOException { - byte[] enc = getBody(); + byte[] enc = getBody(); out.write(BERTags.OBJECT_IDENTIFIER); out.writeLength(enc.length); @@ -287,7 +301,7 @@ public class DERObjectIdentifier } boolean asn1Equals( - ASN1Primitive o) + ASN1Primitive o) { if (!(o instanceof DERObjectIdentifier)) { @@ -302,25 +316,15 @@ public class DERObjectIdentifier return getId(); } - private static boolean isValidIdentifier( - String identifier) + private static boolean isValidBranchID( + String branchID, int start) { - if (identifier.length() < 3 - || identifier.charAt(1) != '.') - { - return false; - } - - char first = identifier.charAt(0); - if (first < '0' || first > '2') - { - return false; - } - boolean periodAllowed = false; - for (int i = identifier.length() - 1; i >= 2; i--) + + int pos = branchID.length(); + while (--pos >= start) { - char ch = identifier.charAt(i); + char ch = branchID.charAt(pos); // TODO Leading zeroes? if ('0' <= ch && ch <= '9') @@ -346,6 +350,23 @@ public class DERObjectIdentifier return periodAllowed; } + private static boolean isValidIdentifier( + String identifier) + { + if (identifier.length() < 3 || identifier.charAt(1) != '.') + { + return false; + } + + char first = identifier.charAt(0); + if (first < '0' || first > '2') + { + return false; + } + + return isValidBranchID(identifier, 2); + } + private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[256][]; static ASN1ObjectIdentifier fromOctetString(byte[] enc) @@ -364,7 +385,7 @@ public class DERObjectIdentifier synchronized (cache) { ASN1ObjectIdentifier[] first = cache[idx1]; - if (first == null) + if (first == null) { first = cache[idx1] = new ASN1ObjectIdentifier[128]; } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java index 956b9c7..d50fb7c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java @@ -6,7 +6,8 @@ import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Strings; /** - * DER T61String (also the teletex string) + * DER T61String (also the teletex string), try not to use this if you don't need to. The standard support the encoding for + * this has been withdrawn. */ public class DERT61String extends ASN1Primitive @@ -68,30 +69,30 @@ public class DERT61String } /** - * basic constructor - with bytes. + * basic constructor - string encoded as a sequence of bytes. */ - DERT61String( + public DERT61String( byte[] string) { this.string = string; } /** - * basic constructor - with string. + * basic constructor - with string 8 bit assumed. */ public DERT61String( String string) { - // BEGIN android-changed - this.string = Strings.toByteArray(string); - // END android-changed + this(Strings.toByteArray(string)); } + /** + * Decode the encoded string and return it, 8 bit encoding assumed. + * @return the decoded String + */ public String getString() { - // BEGIN android-changed return Strings.fromByteArray(string); - // END android-changed } public String toString() @@ -115,7 +116,11 @@ public class DERT61String { out.writeEncoded(BERTags.T61_STRING, string); } - + + /** + * Return the encoded string as a byte array. + * @return the actual bytes making up the encoded body of the T61 string. + */ public byte[] getOctets() { return Arrays.clone(string); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java index 0a3c4aa..b6cb070 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java @@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.channels.FileChannel; class StreamUtil { @@ -33,7 +34,8 @@ class StreamUtil { try { - long size = ((FileInputStream)in).getChannel().size(); + FileChannel channel = ((FileInputStream)in).getChannel(); + long size = (channel != null) ? channel.size() : Integer.MAX_VALUE; if (size < Integer.MAX_VALUE) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java index 0c5a518..614e224 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Attributes.java @@ -4,7 +4,7 @@ import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSet; +import org.bouncycastle.asn1.DLSet; public class Attributes extends ASN1Object @@ -18,7 +18,7 @@ public class Attributes public Attributes(ASN1EncodableVector v) { - attributes = new BERSet(v); + attributes = new DLSet(v); } public static Attributes getInstance(Object obj) @@ -35,6 +35,18 @@ public class Attributes return null; } + public Attribute[] getAttributes() + { + Attribute[] rv = new Attribute[attributes.size()]; + + for (int i = 0; i != rv.length; i++) + { + rv[i] = Attribute.getInstance(attributes.getObjectAt(i)); + } + + return rv; + } + /** * 
      * Attributes ::=
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java
index e8f4541..6294d97 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java
@@ -15,4 +15,14 @@ public interface CMSObjectIdentifiers
     static final ASN1ObjectIdentifier    compressedData = PKCSObjectIdentifiers.id_ct_compressedData;
     static final ASN1ObjectIdentifier    authEnvelopedData = PKCSObjectIdentifiers.id_ct_authEnvelopedData;
     static final ASN1ObjectIdentifier    timestampedData = PKCSObjectIdentifiers.id_ct_timestampedData;
+
+    /**
+     * The other Revocation Info arc
+     * id-ri OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+     *                                   dod(6) internet(1) security(5) mechanisms(5) pkix(7) ri(16) }
+     */
+    static final ASN1ObjectIdentifier    id_ri = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.16");
+
+    static final ASN1ObjectIdentifier    id_ri_ocsp_response = id_ri.branch("2");
+    static final ASN1ObjectIdentifier    id_ri_scvp = id_ri.branch("4");
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
index a66c4a1..688ac58 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
@@ -34,6 +34,16 @@ public class ContentInfo
         return null;
     }
 
+    public static ContentInfo getInstance(
+        ASN1TaggedObject obj,
+        boolean explicit)
+    {
+        return getInstance(ASN1Sequence.getInstance(obj, explicit));
+    }
+
+    /**
+     * @deprecated use getInstance()
+     */
     public ContentInfo(
         ASN1Sequence  seq)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java
index 29348d2..ad0dbb1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java
@@ -34,6 +34,10 @@ public class IssuerAndSerialNumber
         return null;
     }
 
+    /**
+     * @deprecated  use getInstance() method.
+     * @param seq
+     */
     public IssuerAndSerialNumber(
         ASN1Sequence    seq)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java
index a0a34ef..fd2718a 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignedData.java
@@ -21,6 +21,11 @@ import org.bouncycastle.asn1.DERTaggedObject;
 public class SignedData
     extends ASN1Object
 {
+    private static final ASN1Integer VERSION_1 = new ASN1Integer(1);
+    private static final ASN1Integer VERSION_3 = new ASN1Integer(3);
+    private static final ASN1Integer VERSION_4 = new ASN1Integer(4);
+    private static final ASN1Integer VERSION_5 = new ASN1Integer(5);
+
     private ASN1Integer version;
     private ASN1Set     digestAlgorithms;
     private ContentInfo contentInfo;
@@ -136,30 +141,30 @@ public class SignedData
 
         if (otherCrl)
         {
-            return new ASN1Integer(5);
+            return VERSION_5;
         }
 
         if (attrCertV2Found)
         {
-            return new ASN1Integer(4);
+            return VERSION_4;
         }
 
         if (attrCertV1Found)
         {
-            return new ASN1Integer(3);
+            return VERSION_3;
         }
 
         if (checkForVersion3(signerInfs))
         {
-            return new ASN1Integer(3);
+            return VERSION_3;
         }
 
         if (!CMSObjectIdentifiers.data.equals(contentOid))
         {
-            return new ASN1Integer(3);
+            return VERSION_3;
         }
 
-        return new ASN1Integer(1);
+        return VERSION_1;
     }
 
     private boolean checkForVersion3(ASN1Set signerInfs)
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java
index 0727b68..8aafd67 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java
@@ -67,6 +67,34 @@ public class SignerInfo
         this.unauthenticatedAttributes = unauthenticatedAttributes;
     }
 
+    public SignerInfo(
+        SignerIdentifier        sid,
+        AlgorithmIdentifier     digAlgorithm,
+        Attributes              authenticatedAttributes,
+        AlgorithmIdentifier     digEncryptionAlgorithm,
+        ASN1OctetString         encryptedDigest,
+        Attributes              unauthenticatedAttributes)
+    {
+        if (sid.isTagged())
+        {
+            this.version = new ASN1Integer(3);
+        }
+        else
+        {
+            this.version = new ASN1Integer(1);
+        }
+
+        this.sid = sid;
+        this.digAlgorithm = digAlgorithm;
+        this.authenticatedAttributes = ASN1Set.getInstance(authenticatedAttributes);
+        this.digEncryptionAlgorithm = digEncryptionAlgorithm;
+        this.encryptedDigest = encryptedDigest;
+        this.unauthenticatedAttributes = ASN1Set.getInstance(unauthenticatedAttributes);
+    }
+
+    /**
+     * @deprecated use getInstance() method.
+     */
     public SignerInfo(
         ASN1Sequence seq)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java
index 97712b5..ba7e518 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java
@@ -10,7 +10,7 @@ import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.util.Strings;
 
 /**
- * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2
+ * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-3
  */
 public class NISTNamedCurves
 {
@@ -25,13 +25,16 @@ public class NISTNamedCurves
 
     static
     {
-        // TODO Missing the "K-" curves
-
         defineCurve("B-571", SECObjectIdentifiers.sect571r1);
         defineCurve("B-409", SECObjectIdentifiers.sect409r1);
         defineCurve("B-283", SECObjectIdentifiers.sect283r1);
         defineCurve("B-233", SECObjectIdentifiers.sect233r1);
         defineCurve("B-163", SECObjectIdentifiers.sect163r2);
+        defineCurve("K-571", SECObjectIdentifiers.sect571k1);
+        defineCurve("K-409", SECObjectIdentifiers.sect409k1);
+        defineCurve("K-283", SECObjectIdentifiers.sect283k1);
+        defineCurve("K-233", SECObjectIdentifiers.sect233k1);
+        defineCurve("K-163", SECObjectIdentifiers.sect163k1);
         defineCurve("P-521", SECObjectIdentifiers.secp521r1);
         defineCurve("P-384", SECObjectIdentifiers.secp384r1);
         defineCurve("P-256", SECObjectIdentifiers.secp256r1);
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
index 258f269..afa93c4 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
@@ -11,13 +11,17 @@ public interface NISTObjectIdentifiers
     //
     // nistalgorithms(4)
     //
-    static final ASN1ObjectIdentifier    nistAlgorithm          = new ASN1ObjectIdentifier("2.16.840.1.101.3.4");
+    static final ASN1ObjectIdentifier    nistAlgorithm           = new ASN1ObjectIdentifier("2.16.840.1.101.3.4");
+
+    static final ASN1ObjectIdentifier    hashAlgs                = nistAlgorithm.branch("2");
+
+    static final ASN1ObjectIdentifier    id_sha256               = hashAlgs.branch("1");
+    static final ASN1ObjectIdentifier    id_sha384               = hashAlgs.branch("2");
+    static final ASN1ObjectIdentifier    id_sha512               = hashAlgs.branch("3");
+    static final ASN1ObjectIdentifier    id_sha224               = hashAlgs.branch("4");
+    static final ASN1ObjectIdentifier    id_sha512_224           = hashAlgs.branch("5");
+    static final ASN1ObjectIdentifier    id_sha512_256           = hashAlgs.branch("6");
 
-    static final ASN1ObjectIdentifier    id_sha256               = nistAlgorithm.branch("2.1");
-    static final ASN1ObjectIdentifier    id_sha384               = nistAlgorithm.branch("2.2");
-    static final ASN1ObjectIdentifier    id_sha512               = nistAlgorithm.branch("2.3");
-    static final ASN1ObjectIdentifier    id_sha224               = nistAlgorithm.branch("2.4");
-    
     static final ASN1ObjectIdentifier    aes                     =  nistAlgorithm.branch("1");
     
     static final ASN1ObjectIdentifier    id_aes128_ECB           = aes.branch("1"); 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
index aac2bb7..c9c14fe 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
@@ -53,6 +53,19 @@ public class CertificationRequestInfo
         return null;
     }
 
+    /**
+     * Basic constructor.
+     * 

+     * Note: Early on a lot of CAs would only accept messages with attributes missing. As the ASN.1 def shows
+     * the attributes field is not optional so should always at least contain an empty set. If a fully compliant
+     * request is required, pass in an empty set, the class will otherwise interpret a null as it should
+     * encode the request with the field missing.
+     * 

+     *
+     * @param subject subject to be associated with the public key
+     * @param pkInfo public key to be associated with subject
+     * @param attributes any attributes to be associated with the request.
+     */
     public CertificationRequestInfo(
         X500Name subject,
         SubjectPublicKeyInfo    pkInfo,
@@ -86,6 +99,9 @@ public class CertificationRequestInfo
         }
     }
 
+    /**
+     * @deprecated use getInstance().
+     */
     public CertificationRequestInfo(
         ASN1Sequence  seq)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
index 613c3f4..c885a6c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
@@ -1,55 +1,56 @@
 package org.bouncycastle.asn1.pkcs;
 
 import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 
 public class EncryptionScheme
-    extends AlgorithmIdentifier
+    extends ASN1Object
 {
+    private AlgorithmIdentifier algId;
+
     public EncryptionScheme(
         ASN1ObjectIdentifier objectId,
         ASN1Encodable parameters)
     {
-        super(objectId, parameters);
+        this.algId = new AlgorithmIdentifier(objectId, parameters);
     }
 
-    EncryptionScheme(
+    private EncryptionScheme(
         ASN1Sequence  seq)
     {   
-        this((ASN1ObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1));
+        this.algId = AlgorithmIdentifier.getInstance(seq);
     }
 
-    public static final AlgorithmIdentifier getInstance(Object obj)
+    public static final EncryptionScheme getInstance(Object obj)
     {
         if (obj instanceof EncryptionScheme)
         {
             return (EncryptionScheme)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new EncryptionScheme((ASN1Sequence)obj);
+            return new EncryptionScheme(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
     }
 
-    public ASN1Primitive getObject()
+    public ASN1ObjectIdentifier getAlgorithm()
     {
-        return (ASN1Primitive)getParameters();
+        return algId.getAlgorithm();
     }
 
-    public ASN1Primitive getASN1Primitive()
+    public ASN1Encodable getParameters()
     {
-        ASN1EncodableVector  v = new ASN1EncodableVector();
-
-        v.add(getObjectId());
-        v.add(getParameters());
+        return algId.getParameters();
+    }
 
-        return new DERSequence(v);
+    public ASN1Primitive toASN1Primitive()
+    {
+        return algId.toASN1Primitive();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
index fef4f07..3b40836 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
@@ -1,23 +1,56 @@
 package org.bouncycastle.asn1.pkcs;
 
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 
 public class KeyDerivationFunc
-    extends AlgorithmIdentifier
+    extends ASN1Object
 {
-    KeyDerivationFunc(
-        ASN1Sequence  seq)
+    private AlgorithmIdentifier algId;
+
+    public KeyDerivationFunc(
+        ASN1ObjectIdentifier objectId,
+        ASN1Encodable parameters)
     {
-        super(seq);
+        this.algId = new AlgorithmIdentifier(objectId, parameters);
     }
-    
-    public KeyDerivationFunc(
-        ASN1ObjectIdentifier id,
-        ASN1Encodable       params)
+
+    private KeyDerivationFunc(
+        ASN1Sequence seq)
+    {
+        this.algId = AlgorithmIdentifier.getInstance(seq);
+    }
+
+    public static final KeyDerivationFunc getInstance(Object obj)
+    {
+        if (obj instanceof KeyDerivationFunc)
+        {
+            return (KeyDerivationFunc)obj;
+        }
+        else if (obj != null)
+        {
+            return new KeyDerivationFunc(ASN1Sequence.getInstance(obj));
+        }
+
+        return null;
+    }
+
+    public ASN1ObjectIdentifier getAlgorithm()
+    {
+        return algId.getAlgorithm();
+    }
+
+    public ASN1Encodable getParameters()
+    {
+        return algId.getParameters();
+    }
+
+    public ASN1Primitive toASN1Primitive()
     {
-        super(id, params);
+        return algId.toASN1Primitive();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java
index 06c9455..db44a82 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java
@@ -17,7 +17,7 @@ public class PBES2Algorithms
 {
     private ASN1ObjectIdentifier objectId;
     private KeyDerivationFunc   func;
-    private EncryptionScheme    scheme;
+    private EncryptionScheme scheme;
 
     public PBES2Algorithms(
         ASN1Sequence  obj)
@@ -40,10 +40,10 @@ public class PBES2Algorithms
         }
         else
         {
-            func = new KeyDerivationFunc(funcSeq);
+            func = KeyDerivationFunc.getInstance(funcSeq);
         }
 
-        scheme = new EncryptionScheme((ASN1Sequence)e.nextElement());
+        scheme = EncryptionScheme.getInstance(e.nextElement());
     }
 
     public ASN1ObjectIdentifier getObjectId()
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
index 5ada493..b47e9cd 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
@@ -13,26 +13,31 @@ public class PBES2Parameters
     extends ASN1Object
     implements PKCSObjectIdentifiers
 {
-    private KeyDerivationFunc   func;
-    private EncryptionScheme    scheme;
+    private KeyDerivationFunc func;
+    private EncryptionScheme scheme;
 
     public static PBES2Parameters getInstance(
         Object  obj)
     {
-        if (obj== null || obj instanceof PBES2Parameters)
+        if (obj instanceof PBES2Parameters)
         {
             return (PBES2Parameters)obj;
         }
-
-        if (obj instanceof ASN1Sequence)
+        if (obj != null)
         {
-            return new PBES2Parameters((ASN1Sequence)obj);
+            return new PBES2Parameters(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
+    }
+
+    public PBES2Parameters(KeyDerivationFunc keyDevFunc, EncryptionScheme encScheme)
+    {
+        this.func = keyDevFunc;
+        this.scheme = encScheme;
     }
 
-    public PBES2Parameters(
+    private PBES2Parameters(
         ASN1Sequence  obj)
     {
         Enumeration e = obj.getObjects();
@@ -44,10 +49,10 @@ public class PBES2Parameters
         }
         else
         {
-            func = new KeyDerivationFunc(funcSeq);
+            func = KeyDerivationFunc.getInstance(funcSeq);
         }
 
-        scheme = (EncryptionScheme)EncryptionScheme.getInstance(e.nextElement());
+        scheme = EncryptionScheme.getInstance(e.nextElement());
     }
 
     public KeyDerivationFunc getKeyDerivationFunc()
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java
index f46c294..65c0fa8 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java
@@ -48,7 +48,7 @@ public class PBKDF2Params
         int     iterationCount,
         int     keyLength)
     {
-    	this(salt, iterationCount);
+        this(salt, iterationCount);
 
         this.keyLength = new ASN1Integer(keyLength);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
index 6b42763..dad8650 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
@@ -67,6 +67,10 @@ public class PrivateKeyInfo
         this.attributes = attributes;
     }
 
+    /**
+     * @deprectaed use PrivateKeyInfo.getInstance()
+     * @param seq
+     */
     public PrivateKeyInfo(
         ASN1Sequence  seq)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
index 9886b73..5302552 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
@@ -184,7 +184,8 @@ public class ASN1Dump
             {
                 buf.append(dumpBinaryDataAsString(indent, oct.getOctets()));
             }
-            else{
+            else
+            {
                 buf.append(nl);
             }
         }
@@ -208,7 +209,8 @@ public class ASN1Dump
             {
                 buf.append(dumpBinaryDataAsString(indent, bt.getBytes()));
             }
-            else{
+            else
+            {
                 buf.append(nl);
             }
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java
index 7a7c837..704ea72 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java
@@ -16,19 +16,64 @@ public interface X500NameStyle
      * Convert the passed in String value into the appropriate ASN.1
      * encoded object.
      * 
-     * @param oid the oid associated with the value in the DN.
+     * @param oid the OID associated with the value in the DN.
      * @param value the value of the particular DN component.
      * @return the ASN.1 equivalent for the value.
      */
     ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value);
 
+    /**
+     * Return the OID associated with the passed in name.
+     *
+     * @param attrName the string to match.
+     * @return an OID
+     */
     ASN1ObjectIdentifier attrNameToOID(String attrName);
 
-    boolean areEqual(X500Name name1, X500Name name2);
-
+    /**
+     * Return an array of RDN generated from the passed in String.
+     * @param dirName  the String representation.
+     * @return  an array of corresponding RDNs.
+     */
     RDN[] fromString(String dirName);
 
+    /**
+     * Return true if the two names are equal.
+     *
+     * @param name1 first name for comparison.
+     * @param name2 second name for comparison.
+     * @return true if name1 = name 2, false otherwise.
+     */
+    boolean areEqual(X500Name name1, X500Name name2);
+
+    /**
+     * Calculate a hashCode for the passed in name.
+     *
+     * @param name the name the hashCode is required for.
+     * @return the calculated hashCode.
+     */
     int calculateHashCode(X500Name name);
 
+    /**
+     * Convert the passed in X500Name to a String.
+     * @param name the name to convert.
+     * @return a String representation.
+     */
     String toString(X500Name name);
+
+    /**
+     * Return the display name for toString() associated with the OID.
+     *
+     * @param oid  the OID of interest.
+     * @return the name displayed in toString(), null if no mapping provided.
+     */
+    String oidToDisplayName(ASN1ObjectIdentifier oid);
+
+    /**
+     * Return the acceptable names in a String DN that map to OID.
+     *
+     * @param oid  the OID of interest.
+     * @return an array of String aliases for the OID, zero length if there are none.
+     */
+    String[] oidToAttrNames(ASN1ObjectIdentifier oid);
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
index 777cc56..714a32c 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
@@ -315,6 +315,16 @@ public class BCStyle
         return new DERUTF8String(value);
     }
 
+    public String oidToDisplayName(ASN1ObjectIdentifier oid)
+    {
+        return (String)DefaultSymbols.get(oid);
+    }
+
+    public String[] oidToAttrNames(ASN1ObjectIdentifier oid)
+    {
+        return IETFUtils.findAttrNamesForOID(oid, DefaultLookUp);
+    }
+
     public ASN1ObjectIdentifier attrNameToOID(String attrName)
     {
         return IETFUtils.decodeAttrName(attrName, DefaultLookUp);
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
index 861108d..c73107e 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
@@ -1,6 +1,7 @@
 package org.bouncycastle.asn1.x500.style;
 
 import java.io.IOException;
+import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
 
@@ -19,6 +20,112 @@ import org.bouncycastle.util.encoders.Hex;
 
 public class IETFUtils
 {
+    private static String unescape(String elt)
+    {
+        if (elt.length() == 0 || (elt.indexOf('\\') < 0 && elt.indexOf('"') < 0))
+        {
+            return elt.trim();
+        }
+
+        char[] elts = elt.toCharArray();
+        boolean escaped = false;
+        boolean quoted = false;
+        StringBuffer buf = new StringBuffer(elt.length());
+        int start = 0;
+
+        // if it's an escaped hash string and not an actual encoding in string form
+        // we need to leave it escaped.
+        if (elts[0] == '\\')
+        {
+            if (elts[1] == '#')
+            {
+                start = 2;
+                buf.append("\\#");
+            }
+        }
+
+        boolean nonWhiteSpaceEncountered = false;
+        int     lastEscaped = 0;
+        char    hex1 = 0;
+
+        for (int i = start; i != elts.length; i++)
+        {
+            char c = elts[i];
+
+            if (c != ' ')
+            {
+                nonWhiteSpaceEncountered = true;
+            }
+
+            if (c == '"')
+            {
+                if (!escaped)
+                {
+                    quoted = !quoted;
+                }
+                else
+                {
+                    buf.append(c);
+                }
+                escaped = false;
+            }
+            else if (c == '\\' && !(escaped || quoted))
+            {
+                escaped = true;
+                lastEscaped = buf.length();
+            }
+            else
+            {
+                if (c == ' ' && !escaped && !nonWhiteSpaceEncountered)
+                {
+                    continue;
+                }
+                if (escaped && isHexDigit(c))
+                {
+                    if (hex1 != 0)
+                    {
+                        buf.append((char)(convertHex(hex1) * 16 + convertHex(c)));
+                        escaped = false;
+                        hex1 = 0;
+                        continue;
+                    }
+                    hex1 = c;
+                    continue;
+                }
+                buf.append(c);
+                escaped = false;
+            }
+        }
+
+        if (buf.length() > 0)
+        {
+            while (buf.charAt(buf.length() - 1) == ' ' && lastEscaped != (buf.length() - 1))
+            {
+                buf.setLength(buf.length() - 1);
+            }
+        }
+
+        return buf.toString();
+    }
+
+    private static boolean isHexDigit(char c)
+    {
+        return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F');
+    }
+
+    private static int convertHex(char c)
+    {
+        if ('0' <= c && c <= '9')
+        {
+            return c - '0';
+        }
+        if ('a' <= c && c <= 'f')
+        {
+            return c - 'a' + 10;
+        }
+        return c - 'A' + 10;
+    }
+
     public static RDN[] rDNsFromString(String name, X500NameStyle x500Style)
     {
         X500NameTokenizer nTok = new X500NameTokenizer(name);
@@ -27,45 +134,71 @@ public class IETFUtils
         while (nTok.hasMoreTokens())
         {
             String  token = nTok.nextToken();
-            int     index = token.indexOf('=');
 
-            if (index == -1)
+            if (token.indexOf('+') > 0)
             {
-                throw new IllegalArgumentException("badly formated directory string");
-            }
+                X500NameTokenizer   pTok = new X500NameTokenizer(token, '+');
+                X500NameTokenizer   vTok = new X500NameTokenizer(pTok.nextToken(), '=');
 
-            String               attr = token.substring(0, index);
-            String               value = token.substring(index + 1);
-            ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr);
+                String              attr = vTok.nextToken();
 
-            if (value.indexOf('+') > 0)
-            {
-                X500NameTokenizer   vTok = new X500NameTokenizer(value, '+');
-                String  v = vTok.nextToken();
-
-                Vector oids = new Vector();
-                Vector values = new Vector();
+                if (!vTok.hasMoreTokens())
+                {
+                    throw new IllegalArgumentException("badly formatted directory string");
+                }
 
-                oids.addElement(oid);
-                values.addElement(v);
+                String               value = vTok.nextToken();
+                ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr.trim());
 
-                while (vTok.hasMoreTokens())
+                if (pTok.hasMoreTokens())
                 {
-                    String  sv = vTok.nextToken();
-                    int     ndx = sv.indexOf('=');
+                    Vector oids = new Vector();
+                    Vector values = new Vector();
 
-                    String  nm = sv.substring(0, ndx);
-                    String  vl = sv.substring(ndx + 1);
+                    oids.addElement(oid);
+                    values.addElement(unescape(value));
 
-                    oids.addElement(x500Style.attrNameToOID(nm));
-                    values.addElement(vl);
-                }
+                    while (pTok.hasMoreTokens())
+                    {
+                        vTok = new X500NameTokenizer(pTok.nextToken(), '=');
+
+                        attr = vTok.nextToken();
+
+                        if (!vTok.hasMoreTokens())
+                        {
+                            throw new IllegalArgumentException("badly formatted directory string");
+                        }
 
-                builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values));
+                        value = vTok.nextToken();
+                        oid = x500Style.attrNameToOID(attr.trim());
+
+
+                        oids.addElement(oid);
+                        values.addElement(unescape(value));
+                    }
+
+                    builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values));
+                }
+                else
+                {
+                    builder.addRDN(oid, unescape(value));
+                }
             }
             else
             {
-                builder.addRDN(oid, value);
+                X500NameTokenizer   vTok = new X500NameTokenizer(token, '=');
+
+                String              attr = vTok.nextToken();
+
+                if (!vTok.hasMoreTokens())
+                {
+                    throw new IllegalArgumentException("badly formatted directory string");
+                }
+
+                String               value = vTok.nextToken();
+                ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr.trim());
+
+                builder.addRDN(oid, unescape(value));
             }
         }
 
@@ -96,6 +229,34 @@ public class IETFUtils
         return tmp;
     }
 
+    public static String[] findAttrNamesForOID(
+        ASN1ObjectIdentifier oid,
+        Hashtable            lookup)
+    {
+        int count = 0;
+        for (Enumeration en = lookup.elements(); en.hasMoreElements();)
+        {
+            if (oid.equals(en.nextElement()))
+            {
+                count++;
+            }
+        }
+
+        String[] aliases = new String[count];
+        count = 0;
+
+        for (Enumeration en = lookup.keys(); en.hasMoreElements();)
+        {
+            String key = (String)en.nextElement();
+            if (oid.equals(lookup.get(key)))
+            {
+                aliases[count++] = key;
+            }
+        }
+
+        return aliases;
+    }
+
     public static ASN1ObjectIdentifier decodeAttrName(
         String      name,
         Hashtable   lookUp)
@@ -123,29 +284,13 @@ public class IETFUtils
         int     off)
         throws IOException
     {
-        str = Strings.toLowerCase(str);
         byte[] data = new byte[(str.length() - off) / 2];
         for (int index = 0; index != data.length; index++)
         {
             char left = str.charAt((index * 2) + off);
             char right = str.charAt((index * 2) + off + 1);
 
-            if (left < 'a')
-            {
-                data[index] = (byte)((left - '0') << 4);
-            }
-            else
-            {
-                data[index] = (byte)((left - 'a' + 10) << 4);
-            }
-            if (right < 'a')
-            {
-                data[index] |= (byte)(right - '0');
-            }
-            else
-            {
-                data[index] |= (byte)(right - 'a' + 10);
-            }
+            data[index] = (byte)((convertHex(left) << 4) | convertHex(right));
         }
 
         return ASN1Primitive.fromByteArray(data);
@@ -257,6 +402,24 @@ public class IETFUtils
             index++;
         }
 
+        int start = 0;
+        if (vBuf.length() > 0)
+        {
+            while (vBuf.charAt(start) == ' ')
+            {
+                vBuf.insert(start, "\\");
+                start += 2;
+            }
+        }
+
+        int endBuf = vBuf.length() - 1;
+
+        while (endBuf >= 0 && vBuf.charAt(endBuf) == ' ')
+        {
+            vBuf.insert(endBuf, '\\');
+            endBuf--;
+        }
+
         return vBuf.toString();
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
index 430d379..8486989 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
@@ -204,6 +204,16 @@ public class RFC4519Style
         return new DERUTF8String(value);
     }
 
+    public String oidToDisplayName(ASN1ObjectIdentifier oid)
+    {
+        return (String)DefaultSymbols.get(oid);
+    }
+
+    public String[] oidToAttrNames(ASN1ObjectIdentifier oid)
+    {
+        return IETFUtils.findAttrNamesForOID(oid, DefaultLookUp);
+    }
+
     public ASN1ObjectIdentifier attrNameToOID(String attrName)
     {
         return IETFUtils.decodeAttrName(attrName, DefaultLookUp);
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
index a02295a..2c8e3fc 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
@@ -56,37 +56,19 @@ class X500NameTokenizer
                 {
                     quoted = !quoted;
                 }
-                else
-                {
-                    if (c == '#' && buf.charAt(buf.length() - 1) == '=')
-                    {
-                        buf.append('\\');
-                    }
-                    else if (c == '+' && separator != '+')
-                    {
-                        buf.append('\\');
-                    }
-                    buf.append(c);
-                }
+                buf.append(c);
                 escaped = false;
             }
             else
             {
                 if (escaped || quoted)
                 {
-                    if (c == '#' && buf.charAt(buf.length() - 1) == '=')
-                    {
-                        buf.append('\\');
-                    }
-                    else if (c == '+' && separator != '+')
-                    {
-                        buf.append('\\');
-                    }
                     buf.append(c);
                     escaped = false;
                 }
                 else if (c == '\\')
                 {
+                    buf.append(c);
                     escaped = true;
                 }
                 else if (c == separator)
@@ -102,6 +84,7 @@ class X500NameTokenizer
         }
 
         index = end;
-        return buf.toString().trim();
+
+        return buf.toString();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
index 6f7c3be..d250bf1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
@@ -6,7 +6,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1SequenceParser;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -33,23 +32,20 @@ public class AlgorithmIdentifier
         {
             return (AlgorithmIdentifier)obj;
         }
-        
+
+        // TODO: delete
         if (obj instanceof ASN1ObjectIdentifier)
         {
             return new AlgorithmIdentifier((ASN1ObjectIdentifier)obj);
         }
 
+        // TODO: delete
         if (obj instanceof String)
         {
             return new AlgorithmIdentifier((String)obj);
         }
 
-        if (obj instanceof ASN1Sequence || obj instanceof ASN1SequenceParser)
-        {
-            return new AlgorithmIdentifier(ASN1Sequence.getInstance(obj));
-        }
-
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return new AlgorithmIdentifier(ASN1Sequence.getInstance(obj));
     }
 
     public AlgorithmIdentifier(
@@ -101,6 +97,10 @@ public class AlgorithmIdentifier
         this.parameters = parameters;
     }
 
+    /**
+     * @deprecated use AlgorithmIdentifier.getInstance()
+     * @param seq
+     */
     public AlgorithmIdentifier(
         ASN1Sequence   seq)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
index 3746f9e..9c5ed46 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
@@ -156,7 +156,7 @@ public class AuthorityKeyIdentifier
     }
 
     /**
-      * create an AuthorityKeyIdentifier with a precomupted key identifier
+      * create an AuthorityKeyIdentifier with a precomputed key identifier
       */
      public AuthorityKeyIdentifier(
          byte[]                  keyIdentifier)
@@ -167,7 +167,7 @@ public class AuthorityKeyIdentifier
      }
 
     /**
-     * create an AuthorityKeyIdentifier with a precomupted key identifier
+     * create an AuthorityKeyIdentifier with a precomputed key identifier
      * and the GeneralNames tag and the serial number provided as well.
      */
     public AuthorityKeyIdentifier(
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java
index e6a06d8..4d566b1 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java
@@ -4,15 +4,20 @@ import java.io.IOException;
 
 import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
 
 /**
  * an object for the elements in the X.509 V3 extension block.
  */
 public class Extension
+    extends ASN1Object
 {
     /**
      * Subject Directory Attributes
@@ -170,9 +175,8 @@ public class Extension
     public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55");
 
     private ASN1ObjectIdentifier extnId;
-
-    boolean             critical;
-    ASN1OctetString      value;
+    private boolean             critical;
+    private ASN1OctetString      value;
 
     public Extension(
         ASN1ObjectIdentifier extnId,
@@ -200,6 +204,40 @@ public class Extension
         this.value = value;
     }
 
+    private Extension(ASN1Sequence seq)
+    {
+        if (seq.size() == 2)
+        {
+            this.extnId = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
+            this.critical = false;
+            this.value = ASN1OctetString.getInstance(seq.getObjectAt(1));
+        }
+        else if (seq.size() == 3)
+        {
+            this.extnId = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
+            this.critical = ASN1Boolean.getInstance(seq.getObjectAt(1)).isTrue();
+            this.value = ASN1OctetString.getInstance(seq.getObjectAt(2));
+        }
+        else
+        {
+            throw new IllegalArgumentException("Bad sequence size: " + seq.size());
+        }
+    }
+
+    public static Extension getInstance(Object obj)
+    {
+        if (obj instanceof Extension)
+        {
+            return (Extension)obj;
+        }
+        else if (obj != null)
+        {
+            return new Extension(ASN1Sequence.getInstance(obj));
+        }
+
+        return null;
+    }
+
     public ASN1ObjectIdentifier getExtnId()
     {
         return extnId;
@@ -224,10 +262,10 @@ public class Extension
     {
         if (this.isCritical())
         {
-            return this.getExtnValue().hashCode();
+            return this.getExtnValue().hashCode() ^ this.getExtnId().hashCode();
         }
 
-        return ~this.getExtnValue().hashCode();
+        return ~(this.getExtnValue().hashCode() ^ this.getExtnId().hashCode());
     }
 
     public boolean equals(
@@ -240,10 +278,27 @@ public class Extension
 
         Extension other = (Extension)o;
 
-        return other.getExtnValue().equals(this.getExtnValue())
+        return other.getExtnId().equals(this.getExtnId())
+            && other.getExtnValue().equals(this.getExtnValue())
             && (other.isCritical() == this.isCritical());
     }
 
+    public ASN1Primitive toASN1Primitive()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(extnId);
+
+        if (critical)
+        {
+            v.add(ASN1Boolean.getInstance(true));
+        }
+
+        v.add(value);
+
+        return new DERSequence(v);
+    }
+
     /**
      * Convert the value of the passed in extension to an object
      * @param ext the extension to parse
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java
index 33175db..1aeed15 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extensions.java
@@ -4,12 +4,10 @@ import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
 
-import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
@@ -18,18 +16,18 @@ import org.bouncycastle.asn1.DERSequence;
 public class Extensions
     extends ASN1Object
 {
-    private Hashtable               extensions = new Hashtable();
-    private Vector                  ordering = new Vector();
+    private Hashtable extensions = new Hashtable();
+    private Vector ordering = new Vector();
 
     public static Extensions getInstance(
         ASN1TaggedObject obj,
-        boolean          explicit)
+        boolean explicit)
     {
         return getInstance(ASN1Sequence.getInstance(obj, explicit));
     }
 
     public static Extensions getInstance(
-        Object  obj)
+        Object obj)
     {
         if (obj instanceof Extensions)
         {
@@ -45,7 +43,7 @@ public class Extensions
 
     /**
      * Constructor from ASN1Sequence.
-     *
+     * 

      * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString)
      */
     private Extensions(
@@ -55,22 +53,10 @@ public class Extensions
 
         while (e.hasMoreElements())
         {
-            ASN1Sequence            s = ASN1Sequence.getInstance(e.nextElement());
-
-            if (s.size() == 3)
-            {
-                extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), ASN1Boolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
-            }
-            else if (s.size() == 2)
-            {
-                extensions.put(s.getObjectAt(0), new Extension(ASN1ObjectIdentifier.getInstance(s.getObjectAt(0)), false, ASN1OctetString.getInstance(s.getObjectAt(1))));
-            }
-            else
-            {
-                throw new IllegalArgumentException("Bad sequence size: " + s.size());
-            }
+            Extension ext = Extension.getInstance(e.nextElement());
 
-            ordering.addElement(s.getObjectAt(0));
+            extensions.put(ext.getExtnId(), ext);
+            ordering.addElement(ext.getExtnId());
         }
     }
 
@@ -88,7 +74,7 @@ public class Extensions
 
     /**
      * Base Constructor
-     * 
+     *
      * @param extensions an array of extensions.
      */
     public Extensions(
@@ -102,7 +88,7 @@ public class Extensions
             this.extensions.put(ext.getExtnId(), ext);
         }
     }
-    
+
     /**
      * return an Enumeration of the extension field's object ids.
      */
@@ -154,24 +140,14 @@ public class Extensions
     public ASN1Primitive toASN1Primitive()
     {
         ASN1EncodableVector vec = new ASN1EncodableVector();
-        Enumeration             e = ordering.elements();
+        Enumeration e = ordering.elements();
 
         while (e.hasMoreElements())
         {
-            ASN1ObjectIdentifier     oid = (ASN1ObjectIdentifier)e.nextElement();
+            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
             Extension ext = (Extension)extensions.get(oid);
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            v.add(oid);
-
-            if (ext.isCritical())
-            {
-                v.add(ASN1Boolean.getInstance(true));
-            }
 
-            v.add(ext.getExtnValue());
-
-            vec.add(new DERSequence(v));
+            vec.add(ext);
         }
 
         return new DERSequence(vec);
@@ -185,11 +161,11 @@ public class Extensions
             return false;
         }
 
-        Enumeration     e1 = extensions.keys();
+        Enumeration e1 = extensions.keys();
 
         while (e1.hasMoreElements())
         {
-            Object  key = e1.nextElement();
+            Object key = e1.nextElement();
 
             if (!extensions.get(key).equals(other.extensions.get(key)))
             {
@@ -204,7 +180,7 @@ public class Extensions
     {
         return toOidArray(ordering);
     }
-    
+
     public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs()
     {
         return getExtensionOIDs(false);
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
index 3955fb7..01980be 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
@@ -13,6 +13,12 @@ import org.bouncycastle.asn1.ASN1Primitive;
  *          dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3}
  *
  *
+ * To create a new KeyPurposeId where none of the below suit, use + * 
+ *     ASN1ObjectIdentifier newKeyPurposeIdOID = new ASN1ObjectIdentifier("1.3.6.1...");
+ *
+ *     KeyPurposeId newKeyPurposeId = KeyPurposeId.getInstance(newKeyPurposeIdOID);
+ *
*/ public class KeyPurposeId extends ASN1Object diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java index ed5c6ab..5cee847 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/V2Form.java @@ -25,24 +25,51 @@ public class V2Form public static V2Form getInstance( Object obj) { - if (obj == null || obj instanceof V2Form) + if (obj instanceof V2Form) { return (V2Form)obj; } - else if (obj instanceof ASN1Sequence) + else if (obj != null) { - return new V2Form((ASN1Sequence)obj); + return new V2Form(ASN1Sequence.getInstance(obj)); } - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); + return null; } public V2Form( GeneralNames issuerName) + { + this(issuerName, null, null); + } + + public V2Form( + GeneralNames issuerName, + IssuerSerial baseCertificateID) + { + this(issuerName, baseCertificateID, null); + } + + public V2Form( + GeneralNames issuerName, + ObjectDigestInfo objectDigestInfo) + { + this(issuerName, null, objectDigestInfo); + } + + public V2Form( + GeneralNames issuerName, + IssuerSerial baseCertificateID, + ObjectDigestInfo objectDigestInfo) { this.issuerName = issuerName; + this.baseCertificateID = baseCertificateID; + this.objectDigestInfo = objectDigestInfo; } - + + /** + * @deprecated use getInstance(). + */ public V2Form( ASN1Sequence seq) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java index d1c7d8e..9aed4e1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java @@ -400,6 +400,7 @@ public class X509Name * Constructor from ASN1Sequence * * the principal will be a list of constructed sets, each containing an (OID, String) pair. + * @deprecated use X500Name.getInstance() */ public X509Name( ASN1Sequence seq) @@ -497,6 +498,7 @@ public class X509Name *

* The passed in converter will be used to convert the strings into their * ASN.1 counterparts. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector ordering, @@ -539,6 +541,7 @@ public class X509Name /** * Takes two vectors one of the oids and the other of the values. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector oids, @@ -552,6 +555,7 @@ public class X509Name *

* The passed in converter will be used to convert the strings into their * ASN.1 counterparts. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( Vector oids, @@ -586,6 +590,7 @@ public class X509Name /** * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( String dirName) @@ -598,6 +603,7 @@ public class X509Name * some such, converting it into an ordered set of name attributes with each * string value being converted to its associated ASN.1 type using the passed * in converter. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( String dirName, @@ -611,6 +617,7 @@ public class X509Name * some such, converting it into an ordered set of name attributes. If reverse * is true, create the encoded version of the sequence starting from the * last element in the string. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -625,6 +632,7 @@ public class X509Name * string value being converted to its associated ASN.1 type using the passed * in converter. If reverse is true the ASN.1 sequence representing the DN will * be built by starting at the end of the string, rather than the start. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -646,6 +654,7 @@ public class X509Name * @param reverse true if we should start scanning from the end (RFC 2553). * @param lookUp table of names and their oids. * @param dirName the X.500 string to be parsed. + * @deprecated use X500Name, X500NameBuilder */ public X509Name( boolean reverse, @@ -659,6 +668,7 @@ public class X509Name String name, Hashtable lookUp) { + name = name.trim(); if (Strings.toUpperCase(name).startsWith("OID.")) { return new ASN1ObjectIdentifier(name.substring(4)); @@ -677,6 +687,81 @@ public class X509Name return oid; } + private String unescape(String elt) + { + if (elt.length() == 0 || (elt.indexOf('\\') < 0 && elt.indexOf('"') < 0)) + { + return elt.trim(); + } + + char[] elts = elt.toCharArray(); + boolean escaped = false; + boolean quoted = false; + StringBuffer buf = new StringBuffer(elt.length()); + int start = 0; + + // if it's an escaped hash string and not an actual encoding in string form + // we need to leave it escaped. + if (elts[0] == '\\') + { + if (elts[1] == '#') + { + start = 2; + buf.append("\\#"); + } + } + + boolean nonWhiteSpaceEncountered = false; + int lastEscaped = 0; + + for (int i = start; i != elts.length; i++) + { + char c = elts[i]; + + if (c != ' ') + { + nonWhiteSpaceEncountered = true; + } + + if (c == '"') + { + if (!escaped) + { + quoted = !quoted; + } + else + { + buf.append(c); + } + escaped = false; + } + else if (c == '\\' && !(escaped || quoted)) + { + escaped = true; + lastEscaped = buf.length(); + } + else + { + if (c == ' ' && !escaped && !nonWhiteSpaceEncountered) + { + continue; + } + buf.append(c); + escaped = false; + } + } + + if (buf.length() > 0) + { + while (buf.charAt(buf.length() - 1) == ' ' && lastEscaped != (buf.length() - 1)) + { + buf.setLength(buf.length() - 1); + } + } + + return buf.toString(); + } + /** * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or * some such, converting it into an ordered set of name attributes. lookUp @@ -702,43 +787,21 @@ public class X509Name while (nTok.hasMoreTokens()) { String token = nTok.nextToken(); - int index = token.indexOf('='); - if (index == -1) + if (token.indexOf('+') > 0) { - throw new IllegalArgumentException("badly formatted directory string"); - } + X509NameTokenizer pTok = new X509NameTokenizer(token, '+'); - String name = token.substring(0, index); - String value = token.substring(index + 1); - ASN1ObjectIdentifier oid = decodeOID(name, lookUp); + addEntry(lookUp, pTok.nextToken(), FALSE); - if (value.indexOf('+') > 0) - { - X509NameTokenizer vTok = new X509NameTokenizer(value, '+'); - String v = vTok.nextToken(); - - this.ordering.addElement(oid); - this.values.addElement(v); - this.added.addElement(FALSE); - - while (vTok.hasMoreTokens()) + while (pTok.hasMoreTokens()) { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); - - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); - this.ordering.addElement(decodeOID(nm, lookUp)); - this.values.addElement(vl); - this.added.addElement(TRUE); + addEntry(lookUp, pTok.nextToken(), TRUE); } } else { - this.ordering.addElement(oid); - this.values.addElement(value); - this.added.addElement(FALSE); + addEntry(lookUp, token, FALSE); } } @@ -774,6 +837,29 @@ public class X509Name } } + private void addEntry(Hashtable lookUp, String token, Boolean isAdded) + { + X509NameTokenizer vTok; + String name; + String value;ASN1ObjectIdentifier oid; + vTok = new X509NameTokenizer(token, '='); + + name = vTok.nextToken(); + + if (!vTok.hasMoreTokens()) + { + throw new IllegalArgumentException("badly formatted directory string"); + } + + value = vTok.nextToken(); + + oid = decodeOID(name, lookUp); + + this.ordering.addElement(oid); + this.values.addElement(unescape(value)); + this.added.addElement(isAdded); + } + /** * return a vector of the oids in the name, in the order they were found. */ @@ -1157,7 +1243,8 @@ public class X509Name buf.append('='); int index = buf.length(); - + int start = index; + buf.append(value); int end = buf.length(); @@ -1185,6 +1272,20 @@ public class X509Name index++; } + + while (buf.charAt(start) == ' ') + { + buf.insert(start, "\\"); + start += 2; + } + + int endBuf = buf.length() - 1; + + while (endBuf >= 0 && buf.charAt(endBuf) == ' ') + { + buf.insert(endBuf, '\\'); + endBuf--; + } } /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java index ceca1ec..454f322 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java @@ -57,37 +57,19 @@ public class X509NameTokenizer { quoted = !quoted; } - else - { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } - buf.append(c); - } + buf.append(c); escaped = false; } else { if (escaped || quoted) { - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && separator != '+') - { - buf.append('\\'); - } buf.append(c); escaped = false; } else if (c == '\\') { + buf.append(c); escaped = true; } else if (c == separator) @@ -114,6 +96,7 @@ public class X509NameTokenizer } index = end; - return buf.toString().trim(); + + return buf.toString(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java index 5c5afdb..f233657 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java @@ -54,43 +54,44 @@ public class X9Curve X9FieldElement x9B = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(1)); curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); } - else + else if (fieldIdentifier.equals(characteristic_two_field)) { - if (fieldIdentifier.equals(characteristic_two_field)) + // Characteristic two field + ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters()); + int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue(). + intValue(); + ASN1ObjectIdentifier representation + = (ASN1ObjectIdentifier)parameters.getObjectAt(1); + + int k1 = 0; + int k2 = 0; + int k3 = 0; + + if (representation.equals(tpBasis)) + { + // Trinomial basis representation + k1 = ASN1Integer.getInstance(parameters.getObjectAt(2)).getValue().intValue(); + } + else if (representation.equals(ppBasis)) { - // Characteristic two field - ASN1Sequence parameters = ASN1Sequence.getInstance(fieldID.getParameters()); - int m = ((ASN1Integer)parameters.getObjectAt(0)).getValue(). - intValue(); - ASN1ObjectIdentifier representation - = (ASN1ObjectIdentifier)parameters.getObjectAt(1); - - int k1 = 0; - int k2 = 0; - int k3 = 0; - if (representation.equals(tpBasis)) - { - // Trinomial basis representation - k1 = ((ASN1Integer)parameters.getObjectAt(2)).getValue(). - intValue(); - } - else - { - // Pentanomial basis representation - DERSequence pentanomial - = (DERSequence)parameters.getObjectAt(2); - k1 = ((ASN1Integer)pentanomial.getObjectAt(0)).getValue(). - intValue(); - k2 = ((ASN1Integer)pentanomial.getObjectAt(1)).getValue(). - intValue(); - k3 = ((ASN1Integer)pentanomial.getObjectAt(2)).getValue(). - intValue(); - } - X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0)); - X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1)); - // TODO Is it possible to get the order (n) and cofactor(h) too? - curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); + // Pentanomial basis representation + ASN1Sequence pentanomial = ASN1Sequence.getInstance(parameters.getObjectAt(2)); + k1 = ASN1Integer.getInstance(pentanomial.getObjectAt(0)).getValue().intValue(); + k2 = ASN1Integer.getInstance(pentanomial.getObjectAt(1)).getValue().intValue(); + k3 = ASN1Integer.getInstance(pentanomial.getObjectAt(2)).getValue().intValue(); } + else + { + throw new IllegalArgumentException("This type of EC basis is not implemented"); + } + X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0)); + X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1)); + // TODO Is it possible to get the order (n) and cofactor(h) too? + curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger()); + } + else + { + throw new IllegalArgumentException("This type of ECCurve is not implemented"); } if (seq.size() == 3) @@ -111,8 +112,7 @@ public class X9Curve } else { - throw new IllegalArgumentException("This type of ECCurve is not " - + "implemented"); + throw new IllegalArgumentException("This type of ECCurve is not implemented"); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java index 6c1fcd7..f005cfa 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java @@ -17,11 +17,11 @@ public interface X9ObjectIdentifiers static final ASN1ObjectIdentifier characteristic_two_field = id_fieldType.branch("2"); - static final ASN1ObjectIdentifier gnBasis = id_fieldType.branch("2.3.1"); + static final ASN1ObjectIdentifier gnBasis = characteristic_two_field.branch("3.1"); - static final ASN1ObjectIdentifier tpBasis = id_fieldType.branch("2.3.2"); + static final ASN1ObjectIdentifier tpBasis = characteristic_two_field.branch("3.2"); - static final ASN1ObjectIdentifier ppBasis = id_fieldType.branch("2.3.3"); + static final ASN1ObjectIdentifier ppBasis = characteristic_two_field.branch("3.3"); static final ASN1ObjectIdentifier id_ecSigType = ansi_X9_62.branch("4"); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java index 2543b59..18cc648 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java @@ -130,7 +130,14 @@ public abstract class PBEParametersGenerator public static byte[] PKCS5PasswordToUTF8Bytes( char[] password) { - return Strings.toUTF8ByteArray(password); + if (password != null) + { + return Strings.toUTF8ByteArray(password); + } + else + { + return new byte[0]; + } } /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java index f2c9967..15f3ebb 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java @@ -1,13 +1,14 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.ExtendedDigest; +import org.bouncycastle.util.Memoable; /** * base implementation of MD4 family style digest as outlined in * "Handbook of Applied Cryptography", pages 344 - 347. */ public abstract class GeneralDigest - implements ExtendedDigest + implements ExtendedDigest, Memoable { private static final int BYTE_LENGTH = 64; private byte[] xBuf; @@ -32,6 +33,12 @@ public abstract class GeneralDigest protected GeneralDigest(GeneralDigest t) { xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(GeneralDigest t) + { System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); xBufOff = t.xBufOff; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java index 22d457b..5c79e4e 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java @@ -2,12 +2,13 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** * Base class for SHA-384 and SHA-512. */ public abstract class LongDigest - implements ExtendedDigest + implements ExtendedDigest, Memoable { private static final int BYTE_LENGTH = 128; @@ -41,6 +42,12 @@ public abstract class LongDigest protected LongDigest(LongDigest t) { xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(LongDigest t) + { System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); xBufOff = t.xBufOff; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java index 05ed27a..ff9cedf 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java @@ -1,6 +1,8 @@ package org.bouncycastle.crypto.digests; +import org.bouncycastle.util.Memoable; + /** * implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347. */ @@ -30,6 +32,13 @@ public class MD5Digest { super(t); + copyIn(t); + } + + private void copyIn(MD5Digest t) + { + super.copyIn(t); + H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -299,4 +308,16 @@ public class MD5Digest X[i] = 0; } } + + public Memoable copy() + { + return new MD5Digest(this); + } + + public void reset(Memoable other) + { + MD5Digest d = (MD5Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java index 7f8d30a..21b1024 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java @@ -1,12 +1,13 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** * implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349. * * It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5 - * is the "endienness" of the word processing! + * is the "endianness" of the word processing! */ public class SHA1Digest extends GeneralDigest @@ -34,6 +35,11 @@ public class SHA1Digest { super(t); + copyIn(t); + } + + private void copyIn(SHA1Digest t) + { H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -283,6 +289,19 @@ public class SHA1Digest X[i] = 0; } } + + public Memoable copy() + { + return new SHA1Digest(this); + } + + public void reset(Memoable other) + { + SHA1Digest d = (SHA1Digest)other; + + super.copyIn(d); + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java index abd9c1b..a2ceda3 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java @@ -1,8 +1,8 @@ package org.bouncycastle.crypto.digests; -import org.bouncycastle.crypto.digests.GeneralDigest; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -42,6 +42,13 @@ public class SHA256Digest { super(t); + copyIn(t); + } + + private void copyIn(SHA256Digest t) + { + super.copyIn(t); + H1 = t.H1; H2 = t.H2; H3 = t.H3; @@ -291,5 +298,17 @@ public class SHA256Digest 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; + + public Memoable copy() + { + return new SHA256Digest(this); + } + + public void reset(Memoable other) + { + SHA256Digest d = (SHA256Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java index cdd979a..75d195d 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java @@ -1,6 +1,7 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -17,7 +18,6 @@ import org.bouncycastle.crypto.util.Pack; public class SHA384Digest extends LongDigest { - private static final int DIGEST_LENGTH = 48; /** @@ -84,4 +84,16 @@ public class SHA384Digest H7 = 0xdb0c2e0d64f98fa7l; H8 = 0x47b5481dbefa4fa4l; } + + public Memoable copy() + { + return new SHA384Digest(this); + } + + public void reset(Memoable other) + { + SHA384Digest d = (SHA384Digest)other; + + super.copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java index 34a8e4e..7db63ad 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java @@ -1,6 +1,7 @@ package org.bouncycastle.crypto.digests; import org.bouncycastle.crypto.util.Pack; +import org.bouncycastle.util.Memoable; /** @@ -85,5 +86,17 @@ public class SHA512Digest H7 = 0x1f83d9abfb41bd6bL; H8 = 0x5be0cd19137e2179L; } + + public Memoable copy() + { + return new SHA512Digest(this); + } + + public void reset(Memoable other) + { + SHA512Digest d = (SHA512Digest)other; + + copyIn(d); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java index c4719cf..4dbfbff 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java @@ -1,5 +1,7 @@ package org.bouncycastle.crypto.encodings; +import java.security.SecureRandom; + import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -9,8 +11,6 @@ import org.bouncycastle.crypto.digests.AndroidDigestFactory; // END android-changed import org.bouncycastle.crypto.params.ParametersWithRandom; -import java.security.SecureRandom; - /** * Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2. */ @@ -18,7 +18,6 @@ public class OAEPEncoding implements AsymmetricBlockCipher { private byte[] defHash; - private Digest hash; private Digest mgf1Hash; private AsymmetricBlockCipher engine; @@ -55,10 +54,11 @@ public class OAEPEncoding byte[] encodingParams) { this.engine = cipher; - this.hash = hash; this.mgf1Hash = mgf1Hash; this.defHash = new byte[hash.getDigestSize()]; + hash.reset(); + if (encodingParams != null) { hash.update(encodingParams, 0, encodingParams.length); @@ -256,15 +256,23 @@ public class OAEPEncoding // // check the hash of the encoding params. + // long check to try to avoid this been a source of a timing attack. // + boolean defHashWrong = false; + for (int i = 0; i != defHash.length; i++) { if (defHash[i] != block[defHash.length + i]) { - throw new InvalidCipherTextException("data hash wrong"); + defHashWrong = true; } } + if (defHashWrong) + { + throw new InvalidCipherTextException("data hash wrong"); + } + // // find the data block // @@ -322,9 +330,9 @@ public class OAEPEncoding byte[] C = new byte[4]; int counter = 0; - hash.reset(); + mgf1Hash.reset(); - do + while (counter < (length / hashBuf.length)) { ItoOSP(counter, C); @@ -333,8 +341,9 @@ public class OAEPEncoding mgf1Hash.doFinal(hashBuf, 0); System.arraycopy(hashBuf, 0, mask, counter * hashBuf.length, hashBuf.length); + + counter++; } - while (++counter < (length / hashBuf.length)); if ((counter * hashBuf.length) < length) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java index 1bc9aae..756197c 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -392,7 +393,7 @@ private static final int[] Tinv0 = if ((outOff + (32 / 2)) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (forEncryption) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java index 7e91973..ff4b2f8 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java @@ -3,9 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; -// BEGIN android-added import org.bouncycastle.crypto.OutputLengthException; -// END android-added import org.bouncycastle.crypto.params.KeyParameter; /** @@ -726,9 +724,7 @@ public class AESFastEngine if ((outOff + (32 / 2)) > out.length) { - // BEGIN android-changed throw new OutputLengthException("output buffer too short"); - // END android-changed } if (forEncryption) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java index 6ee1c49..cfe7f1f 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/BlowfishEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -363,7 +364,7 @@ implements BlockCipher if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java index b04911c..9b1e404 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -78,7 +79,7 @@ public class DESEngine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } desFunc(workingKey, in, inOff, out, outOff); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java index c908218..513eccd 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java @@ -2,9 +2,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; -// BEGIN android-added import org.bouncycastle.crypto.OutputLengthException; -// END android-added import org.bouncycastle.crypto.params.KeyParameter; /** @@ -102,9 +100,7 @@ public class DESedeEngine if ((outOff + BLOCK_SIZE) > out.length) { - // BEGIN android-changed throw new OutputLengthException("output buffer too short"); - // END android-changed } byte[] temp = new byte[BLOCK_SIZE]; diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java index 62240ea..02cb881 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.RC2Parameters; @@ -174,7 +175,7 @@ public class RC2Engine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java index e7a9cdd..4de7ea6 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/RC4Engine.java @@ -2,6 +2,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.StreamCipher; import org.bouncycastle.crypto.params.KeyParameter; @@ -81,7 +82,7 @@ public class RC4Engine implements StreamCipher if ((outOff + len) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } for (int i = 0; i < len ; i++) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java index bf43ff2..31ac087 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java @@ -3,6 +3,7 @@ package org.bouncycastle.crypto.engines; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; +import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.params.KeyParameter; /** @@ -303,7 +304,7 @@ public final class TwofishEngine if ((outOff + BLOCK_SIZE) > out.length) { - throw new DataLengthException("output buffer too short"); + throw new OutputLengthException("output buffer too short"); } if (encrypting) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java index 98dd0f7..50baa4d 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java @@ -1,23 +1,25 @@ package org.bouncycastle.crypto.generators; +import java.math.BigInteger; +import java.security.SecureRandom; + import org.bouncycastle.crypto.Digest; // BEGIN android-changed import org.bouncycastle.crypto.digests.AndroidDigestFactory; // END android-changed +import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAValidationParameters; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.BigIntegers; +import org.bouncycastle.util.encoders.Hex; -import java.math.BigInteger; -import java.security.SecureRandom; - -// TODO Update javadoc to mention FIPS 186-3 when done /** - * generate suitable parameters for DSA, in line with FIPS 186-2. + * Generate suitable parameters for DSA, in line with FIPS 186-2, or FIPS 186-3. */ public class DSAParametersGenerator { + private Digest digest; private int L, N; private int certainty; private SecureRandom random; @@ -26,6 +28,21 @@ public class DSAParametersGenerator private static final BigInteger ONE = BigInteger.valueOf(1); private static final BigInteger TWO = BigInteger.valueOf(2); + private boolean use186_3; + private int usageIndex; + + public DSAParametersGenerator() + { + // BEGIN android-changed + this(AndroidDigestFactory.getSHA1()); + // END android-changed + } + + public DSAParametersGenerator(Digest digest) + { + this.digest = digest; + } + /** * initialise the key generator. * @@ -38,23 +55,53 @@ public class DSAParametersGenerator int certainty, SecureRandom random) { - init(size, getDefaultN(size), certainty, random); + this.use186_3 = false; + this.L = size; + this.N = getDefaultN(size); + this.certainty = certainty; + this.random = random; } - // TODO Make public to enable support for DSA keys > 1024 bits - private void init( - int L, - int N, - int certainty, - SecureRandom random) + /** + * Initialise the key generator for DSA 2. + *

+ * Use this init method if you need to generate parameters for DSA 2 keys. + *

+ * + * @param params DSA 2 key generation parameters. + */ + public void init( + DSAParameterGenerationParameters params) { - // TODO Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2) // TODO Should we enforce the minimum 'certainty' values as per C.3 Table C.1? + this.use186_3 = true; + this.L = params.getL(); + this.N = params.getN(); + this.certainty = params.getCertainty(); + this.random = params.getRandom(); + this.usageIndex = params.getUsageIndex(); + + if ((L < 1024 || L > 3072) || L % 1024 != 0) + { + throw new IllegalArgumentException("L values must be between 1024 and 3072 and a multiple of 1024"); + } + else if (L == 1024 && N != 160) + { + throw new IllegalArgumentException("N must be 160 for L = 1024"); + } + else if (L == 2048 && (N != 224 && N != 256)) + { + throw new IllegalArgumentException("N must be 224 or 256 for L = 2048"); + } + else if (L == 3072 && N != 256) + { + throw new IllegalArgumentException("N must be 256 for L = 3072"); + } - this.L = L; - this.N = N; - this.certainty = certainty; - this.random = random; + if (digest.getDigestSize() * 8 < N) + { + throw new IllegalStateException("Digest output size too small for value of N"); + } } /** @@ -65,7 +112,7 @@ public class DSAParametersGenerator */ public DSAParameters generateParameters() { - return L > 1024 + return (use186_3) ? generateParameters_FIPS186_3() : generateParameters_FIPS186_2(); } @@ -76,20 +123,24 @@ public class DSAParametersGenerator byte[] part1 = new byte[20]; byte[] part2 = new byte[20]; byte[] u = new byte[20]; - // BEGIN android-changed - Digest sha1 = AndroidDigestFactory.getSHA1(); - // END android-changed int n = (L - 1) / 160; byte[] w = new byte[L / 8]; + // BEGIN android-changed + if (!(digest.getAlgorithmName().equals("SHA-1"))) + // END android-changed + { + throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters"); + } + for (;;) { random.nextBytes(seed); - hash(sha1, seed, part1); + hash(digest, seed, part1); System.arraycopy(seed, 0, part2, 0, seed.length); inc(part2); - hash(sha1, part2, part2); + hash(digest, part2, part2); for (int i = 0; i != u.length; i++) { @@ -114,12 +165,12 @@ public class DSAParametersGenerator for (int k = 0; k < n; k++) { inc(offset); - hash(sha1, offset, part1); + hash(digest, offset, part1); System.arraycopy(part1, 0, w, w.length - (k + 1) * part1.length, part1.length); } inc(offset); - hash(sha1, offset, part1); + hash(digest, offset, part1); System.arraycopy(part1, part1.length - ((w.length - (n) * part1.length)), w, 0, w.length - n * part1.length); w[0] |= (byte)0x80; @@ -169,9 +220,7 @@ public class DSAParametersGenerator { // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function // FIXME This should be configurable (digest size in bits must be >= N) - // BEGIN android-changed - Digest d = AndroidDigestFactory.getSHA256(); - // END android-changed + Digest d = digest; int outlen = d.getDigestSize() * 8; // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If @@ -197,6 +246,7 @@ public class DSAParametersGenerator // 6. U = Hash (domain_parameter_seed) mod 2^(N–1). hash(d, seed, output); + BigInteger U = new BigInteger(1, output).mod(ONE.shiftLeft(N - 1)); // 7. q = 2^(N–1) + U + 1 – ( U mod 2). @@ -258,16 +308,17 @@ public class DSAParametersGenerator { // 11.8 If p is determined to be prime, then return VALID and the values of p, q and // (optionally) the values of domain_parameter_seed and counter. - // TODO Make configurable (8-bit unsigned)? -// int index = 1; -// BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, index); -// if (g != null) -// { -// // TODO Should 'index' be a part of the validation parameters? -// return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)); -// } + if (usageIndex >= 0) + { + BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, usageIndex); + if (g != null) + { + return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter, usageIndex)); + } + } BigInteger g = calculateGenerator_FIPS186_3_Unverifiable(p, q, random); + return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)); } @@ -286,34 +337,34 @@ public class DSAParametersGenerator return calculateGenerator_FIPS186_2(p, q, r); } -// private static BigInteger calculateGenerator_FIPS186_3_Verifiable(Digest d, BigInteger p, BigInteger q, -// byte[] seed, int index) -// { -//// A.2.3 Verifiable Canonical Generation of the Generator g -// BigInteger e = p.subtract(ONE).divide(q); -// byte[] ggen = Hex.decode("6767656E"); -// -// // 7. U = domain_parameter_seed || "ggen" || index || count. -// byte[] U = new byte[seed.length + ggen.length + 1 + 2]; -// System.arraycopy(seed, 0, U, 0, seed.length); -// System.arraycopy(ggen, 0, U, seed.length, ggen.length); -// U[U.length - 3] = (byte)index; -// -// byte[] w = new byte[d.getDigestSize()]; -// for (int count = 1; count < (1 << 16); ++count) -// { -// inc(U); -// hash(d, U, w); -// BigInteger W = new BigInteger(1, w); -// BigInteger g = W.modPow(e, p); -// if (g.compareTo(TWO) >= 0) -// { -// return g; -// } -// } -// -// return null; -// } + private static BigInteger calculateGenerator_FIPS186_3_Verifiable(Digest d, BigInteger p, BigInteger q, + byte[] seed, int index) + { +// A.2.3 Verifiable Canonical Generation of the Generator g + BigInteger e = p.subtract(ONE).divide(q); + byte[] ggen = Hex.decode("6767656E"); + + // 7. U = domain_parameter_seed || "ggen" || index || count. + byte[] U = new byte[seed.length + ggen.length + 1 + 2]; + System.arraycopy(seed, 0, U, 0, seed.length); + System.arraycopy(ggen, 0, U, seed.length, ggen.length); + U[U.length - 3] = (byte)index; + + byte[] w = new byte[d.getDigestSize()]; + for (int count = 1; count < (1 << 16); ++count) + { + inc(U); + hash(d, U, w); + BigInteger W = new BigInteger(1, w); + BigInteger g = W.modPow(e, p); + if (g.compareTo(TWO) >= 0) + { + return g; + } + } + + return null; + } private static void hash(Digest d, byte[] input, byte[] output) { diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java index 8fb1cc8..d9b82c3 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java @@ -125,11 +125,10 @@ public class PKCS12ParametersGenerator byte[] B = new byte[v]; int c = (n + u - 1) / u; + byte[] A = new byte[u]; for (int i = 1; i <= c; i++) { - byte[] A = new byte[u]; - digest.update(D, 0, D.length); digest.update(I, 0, I.length); digest.doFinal(A, 0); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java index a6d87b9..316de64 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java @@ -23,6 +23,7 @@ public class PKCS5S2ParametersGenerator extends PBEParametersGenerator { private Mac hMac; + private byte[] state; /** * construct a PKCS5 Scheme 2 Parameters generator. @@ -30,27 +31,27 @@ public class PKCS5S2ParametersGenerator public PKCS5S2ParametersGenerator() { // BEGIN android-changed - this(AndroidDigestFactory.getSHA1()); + this(AndroidDigestFactory.getSHA1()); // END android-changed } public PKCS5S2ParametersGenerator(Digest digest) { hMac = new HMac(digest); + state = new byte[hMac.getMacSize()]; } private void F( - byte[] P, byte[] S, int c, byte[] iBuf, byte[] out, int outOff) { - byte[] state = new byte[hMac.getMacSize()]; - CipherParameters param = new KeyParameter(P); - - hMac.init(param); + if (c == 0) + { + throw new IllegalArgumentException("iteration count must be at least 1."); + } if (S != null) { @@ -58,19 +59,12 @@ public class PKCS5S2ParametersGenerator } hMac.update(iBuf, 0, iBuf.length); - hMac.doFinal(state, 0); System.arraycopy(state, 0, out, outOff, state.length); - - if (c == 0) - { - throw new IllegalArgumentException("iteration count must be at least 1."); - } for (int count = 1; count < c; count++) { - hMac.init(param); hMac.update(state, 0, state.length); hMac.doFinal(state, 0); @@ -81,32 +75,33 @@ public class PKCS5S2ParametersGenerator } } - private void intToOctet( - byte[] buf, - int i) - { - buf[0] = (byte)(i >>> 24); - buf[1] = (byte)(i >>> 16); - buf[2] = (byte)(i >>> 8); - buf[3] = (byte)i; - } - private byte[] generateDerivedKey( int dkLen) { int hLen = hMac.getMacSize(); int l = (dkLen + hLen - 1) / hLen; byte[] iBuf = new byte[4]; - byte[] out = new byte[l * hLen]; + byte[] outBytes = new byte[l * hLen]; + int outPos = 0; + + CipherParameters param = new KeyParameter(password); + + hMac.init(param); for (int i = 1; i <= l; i++) { - intToOctet(iBuf, i); + // Increment the value in 'iBuf' + int pos = 3; + while (++iBuf[pos] == 0) + { + --pos; + } - F(password, salt, iterationCount, iBuf, out, (i - 1) * hLen); + F(salt, iterationCount, iBuf, outBytes, outPos); + outPos += hLen; } - return out; + return outBytes; } /** diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java index f5b931d..c70a981 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java @@ -8,6 +8,7 @@ import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.crypto.Mac; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.util.Integers; +import org.bouncycastle.util.Memoable; /** * HMAC implementation based on RFC2104 @@ -23,9 +24,11 @@ public class HMac private Digest digest; private int digestSize; private int blockLength; - + private Memoable ipadState; + private Memoable opadState; + private byte[] inputPad; - private byte[] outputPad; + private byte[] outputBuf; private static Hashtable blockLengths; @@ -95,14 +98,12 @@ public class HMac int byteLength) { this.digest = digest; - digestSize = digest.getDigestSize(); - + this.digestSize = digest.getDigestSize(); this.blockLength = byteLength; - - inputPad = new byte[blockLength]; - outputPad = new byte[blockLength]; + this.inputPad = new byte[blockLength]; + this.outputBuf = new byte[blockLength + digestSize]; } - + public String getAlgorithmName() { return digest.getAlgorithmName() + "/HMAC"; @@ -119,39 +120,43 @@ public class HMac digest.reset(); byte[] key = ((KeyParameter)params).getKey(); + int keyLength = key.length; - if (key.length > blockLength) + if (keyLength > blockLength) { - digest.update(key, 0, key.length); + digest.update(key, 0, keyLength); digest.doFinal(inputPad, 0); - for (int i = digestSize; i < inputPad.length; i++) - { - inputPad[i] = 0; - } + + keyLength = digestSize; } else { - System.arraycopy(key, 0, inputPad, 0, key.length); - for (int i = key.length; i < inputPad.length; i++) - { - inputPad[i] = 0; - } + System.arraycopy(key, 0, inputPad, 0, keyLength); } - outputPad = new byte[inputPad.length]; - System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length); - - for (int i = 0; i < inputPad.length; i++) + for (int i = keyLength; i < inputPad.length; i++) { - inputPad[i] ^= IPAD; + inputPad[i] = 0; } - for (int i = 0; i < outputPad.length; i++) + System.arraycopy(inputPad, 0, outputBuf, 0, blockLength); + + xorPad(inputPad, blockLength, IPAD); + xorPad(outputBuf, blockLength, OPAD); + + if (digest instanceof Memoable) { - outputPad[i] ^= OPAD; + opadState = ((Memoable)digest).copy(); + + ((Digest)opadState).update(outputBuf, 0, blockLength); } digest.update(inputPad, 0, inputPad.length); + + if (digest instanceof Memoable) + { + ipadState = ((Memoable)digest).copy(); + } } public int getMacSize() @@ -177,15 +182,33 @@ public class HMac byte[] out, int outOff) { - byte[] tmp = new byte[digestSize]; - digest.doFinal(tmp, 0); + digest.doFinal(outputBuf, blockLength); - digest.update(outputPad, 0, outputPad.length); - digest.update(tmp, 0, tmp.length); + if (opadState != null) + { + ((Memoable)digest).reset(opadState); + digest.update(outputBuf, blockLength, digest.getDigestSize()); + } + else + { + digest.update(outputBuf, 0, outputBuf.length); + } - int len = digest.doFinal(out, outOff); + int len = digest.doFinal(out, outOff); - reset(); + for (int i = blockLength; i < outputBuf.length; i++) + { + outputBuf[i] = 0; + } + + if (ipadState != null) + { + ((Memoable)digest).reset(ipadState); + } + else + { + digest.update(inputPad, 0, inputPad.length); + } return len; } @@ -205,4 +228,12 @@ public class HMac */ digest.update(inputPad, 0, inputPad.length); } + + private static void xorPad(byte[] pad, int len, byte n) + { + for (int i = 0; i < len; ++i) + { + pad[i] ^= n; + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java index 18a3425..9a6e2e0 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java @@ -87,6 +87,11 @@ public class CCMBlockCipher { throw new IllegalArgumentException("invalid parameters passed to CCM"); } + + if (nonce == null || nonce.length < 7 || nonce.length > 13) + { + throw new IllegalArgumentException("nonce must have length from 7 to 13 octets"); + } } public String getAlgorithmName() @@ -183,22 +188,31 @@ public class CCMBlockCipher throw new IllegalStateException("CCM cipher unitialized."); } - BlockCipher ctrCipher = new SICBlockCipher(cipher); - byte[] iv = new byte[blockSize]; - byte[] out; - - iv[0] = (byte)(((15 - nonce.length) - 1) & 0x7); + int n = nonce.length; + int q = 15 - n; + if (q < 4) + { + int limitLen = 1 << (8 * q); + if (inLen >= limitLen) + { + throw new IllegalStateException("CCM packet too large for choice of q."); + } + } + byte[] iv = new byte[blockSize]; + iv[0] = (byte)((q - 1) & 0x7); System.arraycopy(nonce, 0, iv, 1, nonce.length); + BlockCipher ctrCipher = new SICBlockCipher(cipher); ctrCipher.init(forEncryption, new ParametersWithIV(keyParam, iv)); + int index = inOff; + int outOff = 0; + byte[] output; + if (forEncryption) { - int index = inOff; - int outOff = 0; - - out = new byte[inLen + macSize]; + output = new byte[inLen + macSize]; calculateMac(in, inOff, inLen, macBlock); @@ -206,7 +220,7 @@ public class CCMBlockCipher while (index < inLen - blockSize) // S1... { - ctrCipher.processBlock(in, index, out, outOff); + ctrCipher.processBlock(in, index, output, outOff); outOff += blockSize; index += blockSize; } @@ -217,18 +231,15 @@ public class CCMBlockCipher ctrCipher.processBlock(block, 0, block, 0); - System.arraycopy(block, 0, out, outOff, inLen - index); + System.arraycopy(block, 0, output, outOff, inLen - index); outOff += inLen - index; - System.arraycopy(macBlock, 0, out, outOff, out.length - outOff); + System.arraycopy(macBlock, 0, output, outOff, output.length - outOff); } else { - int index = inOff; - int outOff = 0; - - out = new byte[inLen - macSize]; + output = new byte[inLen - macSize]; System.arraycopy(in, inOff + inLen - macSize, macBlock, 0, macSize); @@ -239,24 +250,24 @@ public class CCMBlockCipher macBlock[i] = 0; } - while (outOff < out.length - blockSize) + while (outOff < output.length - blockSize) { - ctrCipher.processBlock(in, index, out, outOff); + ctrCipher.processBlock(in, index, output, outOff); outOff += blockSize; index += blockSize; } byte[] block = new byte[blockSize]; - System.arraycopy(in, index, block, 0, out.length - outOff); + System.arraycopy(in, index, block, 0, output.length - outOff); ctrCipher.processBlock(block, 0, block, 0); - System.arraycopy(block, 0, out, outOff, out.length - outOff); + System.arraycopy(block, 0, output, outOff, output.length - outOff); byte[] calculatedMacBlock = new byte[blockSize]; - calculateMac(out, 0, out.length, calculatedMacBlock); + calculateMac(output, 0, output.length, calculatedMacBlock); if (!Arrays.constantTimeAreEqual(macBlock, calculatedMacBlock)) { @@ -264,7 +275,7 @@ public class CCMBlockCipher } } - return out; + return output; } private int calculateMac(byte[] data, int dataOff, int dataLen, byte[] macBlock) @@ -340,13 +351,13 @@ public class CCMBlockCipher extra = (extra + textLength) % 16; if (extra != 0) { - for (int i = 0; i != 16 - extra; i++) + for (int i = extra; i != 16; i++) { cMac.update((byte)0x00); } } } - + // // add the text // diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java new file mode 100644 index 0000000..ba841b8 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAParameterGenerationParameters.java @@ -0,0 +1,80 @@ +package org.bouncycastle.crypto.params; + +import java.security.SecureRandom; + +public class DSAParameterGenerationParameters +{ + public static final int DIGITAL_SIGNATURE_USAGE = 1; + public static final int KEY_ESTABLISHMENT_USAGE = 2; + + private final int l; + private final int n; + private final int usageIndex; + private final int certainty; + private final SecureRandom random; + + /** + * Construct without a usage index, this will do a random construction of G. + * + * @param L desired length of prime P in bits (the effective key size). + * @param N desired length of prime Q in bits. + * @param certainty certainty level for prime number generation. + * @param random the source of randomness to use. + */ + public DSAParameterGenerationParameters( + int L, + int N, + int certainty, + SecureRandom random) + { + this(L, N, certainty, random, -1); + } + + /** + * Construct for a specific usage index - this has the effect of using verifiable canonical generation of G. + * + * @param L desired length of prime P in bits (the effective key size). + * @param N desired length of prime Q in bits. + * @param certainty certainty level for prime number generation. + * @param random the source of randomness to use. + * @param usageIndex a valid usage index. + */ + public DSAParameterGenerationParameters( + int L, + int N, + int certainty, + SecureRandom random, + int usageIndex) + { + this.l = L; + this.n = N; + this.certainty = certainty; + this.usageIndex = usageIndex; + this.random = random; + } + + public int getL() + { + return l; + } + + public int getN() + { + return n; + } + + public int getCertainty() + { + return certainty; + } + + public SecureRandom getRandom() + { + return random; + } + + public int getUsageIndex() + { + return usageIndex; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java index 1cc4b93..07d93d0 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java @@ -4,15 +4,25 @@ import org.bouncycastle.util.Arrays; public class DSAValidationParameters { + private int usageIndex; private byte[] seed; private int counter; public DSAValidationParameters( byte[] seed, int counter) + { + this(seed, counter, -1); + } + + public DSAValidationParameters( + byte[] seed, + int counter, + int usageIndex) { this.seed = seed; this.counter = counter; + this.usageIndex = usageIndex; } public int getCounter() @@ -25,6 +35,11 @@ public class DSAValidationParameters return seed; } + public int getUsageIndex() + { + return usageIndex; + } + public int hashCode() { return counter ^ Arrays.hashCode(seed); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java index 95a3ec9..05a1327 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java @@ -5,26 +5,23 @@ import java.math.BigInteger; import org.bouncycastle.math.ec.ECConstants; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; +import org.bouncycastle.util.Arrays; public class ECDomainParameters implements ECConstants { - ECCurve curve; - byte[] seed; - ECPoint G; - BigInteger n; - BigInteger h; + private ECCurve curve; + private byte[] seed; + private ECPoint G; + private BigInteger n; + private BigInteger h; public ECDomainParameters( ECCurve curve, ECPoint G, BigInteger n) { - this.curve = curve; - this.G = G; - this.n = n; - this.h = ONE; - this.seed = null; + this(curve, G, n, ONE, null); } public ECDomainParameters( @@ -33,11 +30,7 @@ public class ECDomainParameters BigInteger n, BigInteger h) { - this.curve = curve; - this.G = G; - this.n = n; - this.h = h; - this.seed = null; + this(curve, G, n, h, null); } public ECDomainParameters( @@ -76,6 +69,6 @@ public class ECDomainParameters public byte[] getSeed() { - return seed; + return Arrays.clone(seed); } } diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java index dac6efe..a80c574 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java @@ -137,6 +137,12 @@ public class ECDSASigner ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2); + // components must be bogus. + if (point.isInfinity()) + { + return false; + } + BigInteger v = point.getX().toBigInteger().mod(n); return v.equals(r); diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java index 857b765..f0da0bf 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/Pack.java @@ -20,6 +20,13 @@ public abstract class Pack } } + public static byte[] intToBigEndian(int n) + { + byte[] bs = new byte[4]; + intToBigEndian(n, bs, 0); + return bs; + } + public static void intToBigEndian(int n, byte[] bs, int off) { bs[ off] = (byte)(n >>> 24); @@ -28,6 +35,13 @@ public abstract class Pack bs[++off] = (byte)(n ); } + public static byte[] intToBigEndian(int[] ns) + { + byte[] bs = new byte[4 * ns.length]; + intToBigEndian(ns, bs, 0); + return bs; + } + public static void intToBigEndian(int[] ns, byte[] bs, int off) { for (int i = 0; i < ns.length; ++i) @@ -44,12 +58,44 @@ public abstract class Pack return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL); } + public static void bigEndianToLong(byte[] bs, int off, long[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = bigEndianToLong(bs, off); + off += 8; + } + } + + public static byte[] longToBigEndian(long n) + { + byte[] bs = new byte[8]; + longToBigEndian(n, bs, 0); + return bs; + } + public static void longToBigEndian(long n, byte[] bs, int off) { intToBigEndian((int)(n >>> 32), bs, off); intToBigEndian((int)(n & 0xffffffffL), bs, off + 4); } + public static byte[] longToBigEndian(long[] ns) + { + byte[] bs = new byte[8 * ns.length]; + longToBigEndian(ns, bs, 0); + return bs; + } + + public static void longToBigEndian(long[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + longToBigEndian(ns[i], bs, off); + off += 8; + } + } + public static int littleEndianToInt(byte[] bs, int off) { int n = bs[ off] & 0xff; @@ -60,13 +106,20 @@ public abstract class Pack } public static void littleEndianToInt(byte[] bs, int off, int[] ns) - { - for (int i = 0; i < ns.length; ++i) - { - ns[i] = littleEndianToInt(bs, off); - off += 4; - } - } + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = littleEndianToInt(bs, off); + off += 4; + } + } + + public static byte[] intToLittleEndian(int n) + { + byte[] bs = new byte[4]; + intToLittleEndian(n, bs, 0); + return bs; + } public static void intToLittleEndian(int n, byte[] bs, int off) { @@ -76,14 +129,21 @@ public abstract class Pack bs[++off] = (byte)(n >>> 24); } - public static void intToLittleEndian(int[] ns, byte[] bs, int off) - { - for (int i = 0; i < ns.length; ++i) - { - intToLittleEndian(ns[i], bs, off); - off += 4; - } - } + public static byte[] intToLittleEndian(int[] ns) + { + byte[] bs = new byte[4 * ns.length]; + intToLittleEndian(ns, bs, 0); + return bs; + } + + public static void intToLittleEndian(int[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + intToLittleEndian(ns[i], bs, off); + off += 4; + } + } public static long littleEndianToLong(byte[] bs, int off) { @@ -92,9 +152,41 @@ public abstract class Pack return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL); } + public static void littleEndianToLong(byte[] bs, int off, long[] ns) + { + for (int i = 0; i < ns.length; ++i) + { + ns[i] = littleEndianToLong(bs, off); + off += 8; + } + } + + public static byte[] longToLittleEndian(long n) + { + byte[] bs = new byte[8]; + longToLittleEndian(n, bs, 0); + return bs; + } + public static void longToLittleEndian(long n, byte[] bs, int off) { intToLittleEndian((int)(n & 0xffffffffL), bs, off); intToLittleEndian((int)(n >>> 32), bs, off + 4); } + + public static byte[] longToLittleEndian(long[] ns) + { + byte[] bs = new byte[8 * ns.length]; + longToLittleEndian(ns, bs, 0); + return bs; + } + + public static void longToLittleEndian(long[] ns, byte[] bs, int off) + { + for (int i = 0; i < ns.length; ++i) + { + longToLittleEndian(ns[i], bs, off); + off += 8; + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java index ba7dd80..28a1a6a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java @@ -37,7 +37,6 @@ public class DH // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); - // provider.addAlgorithm("KeyPairGenerator.IES", PREFIX + "KeyPairGeneratorSpi"); // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java index 8f93a68..8d50a54 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java @@ -99,6 +99,8 @@ public class EC // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); + // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java deleted file mode 100644 index 4bd7805..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/DHUtil.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; - -/** - * utility class for converting jce/jca DH objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class DHUtil -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeyParameters(k.getY(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH public key."); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeyParameters(k.getX(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH private key."); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java index 2e5ee56..d850e5d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java @@ -7,25 +7,36 @@ import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.DSAParameterSpec; +import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.generators.DSAParametersGenerator; +import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.jce.provider.BouncyCastleProvider; -//import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -//import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; public class AlgorithmParameterGeneratorSpi extends java.security.AlgorithmParameterGeneratorSpi { protected SecureRandom random; protected int strength = 1024; + protected DSAParameterGenerationParameters params; protected void engineInit( int strength, SecureRandom random) { - if (strength < 512 || strength > 1024 || strength % 64 != 0) + if (strength < 512 || strength > 3072) { - throw new InvalidParameterException("strength must be from 512 - 1024 and a multiple of 64"); + throw new InvalidParameterException("strength must be from 512 - 3072"); + } + + if (strength <= 1024 && strength % 64 != 0) + { + throw new InvalidParameterException("strength must be a multiple of 64 below 1024 bits."); + } + + if (strength > 1024 && strength % 1024 != 0) + { + throw new InvalidParameterException("strength must be a multiple of 1024 above 1024 bits."); } this.strength = strength; @@ -42,15 +53,35 @@ public class AlgorithmParameterGeneratorSpi protected AlgorithmParameters engineGenerateParameters() { - DSAParametersGenerator pGen = new DSAParametersGenerator(); + DSAParametersGenerator pGen; - if (random != null) + if (strength <= 1024) { - pGen.init(strength, 20, random); + pGen = new DSAParametersGenerator(); } else { - pGen.init(strength, 20, new SecureRandom()); + pGen = new DSAParametersGenerator(new SHA256Digest()); + } + + if (random == null) + { + random = new SecureRandom(); + } + + if (strength == 1024) + { + params = new DSAParameterGenerationParameters(1024, 160, 80, random); + pGen.init(params); + } + else if (strength > 1024) + { + params = new DSAParameterGenerationParameters(strength, 256, 80, random); + pGen.init(params); + } + else + { + pGen.init(strength, 20, random); } DSAParameters p = pGen.generateParameters(); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java index 1ddb815..61fa33c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java @@ -7,7 +7,6 @@ import java.security.spec.InvalidParameterSpecException; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.x509.DSAParameter; public class AlgorithmParametersSpi diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java index d9d5857..c8b326f 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java @@ -57,11 +57,6 @@ public class DSASigner { CipherParameters param; -// if (publicKey instanceof GOST3410Key) -// { -// param = GOST3410Util.generatePublicKeyParameter(publicKey); -// } -// else if (publicKey instanceof DSAKey) if (publicKey instanceof DSAKey) { param = DSAUtil.generatePublicKeyParameter(publicKey); @@ -108,14 +103,7 @@ public class DSASigner { CipherParameters param; -// if (privateKey instanceof GOST3410Key) -// { -// param = GOST3410Util.generatePrivateKeyParameter(privateKey); -// } -// else -// { - param = DSAUtil.generatePrivateKeyParameter(privateKey); -// } + param = DSAUtil.generatePrivateKeyParameter(privateKey); if (random != null) { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java index f34f482..3d64c83 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java @@ -31,6 +31,8 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.interfaces.ECPointEncoder; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java index 14cc9dc..2b61727 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java @@ -26,6 +26,8 @@ import org.bouncycastle.asn1.x9.X9IntegerConverter; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.interfaces.ECPointEncoder; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java deleted file mode 100644 index 38025e7..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java +++ /dev/null @@ -1,123 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.math.BigInteger; -import java.security.spec.ECField; -import java.security.spec.ECFieldF2m; -import java.security.spec.ECFieldFp; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.EllipticCurve; - -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; - -public class EC5Util -{ - public static EllipticCurve convertCurve( - ECCurve curve, - byte[] seed) - { - // TODO: the Sun EC implementation doesn't currently handle the seed properly - // so at the moment it's set to null. Should probably look at making this configurable - if (curve instanceof ECCurve.Fp) - { - return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); - } - else - { - ECCurve.F2m curveF2m = (ECCurve.F2m)curve; - int ks[]; - - if (curveF2m.isTrinomial()) - { - ks = new int[] { curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); - } - else - { - ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); - } - } - } - - public static ECCurve convertCurve( - EllipticCurve ec) - { - ECField field = ec.getField(); - BigInteger a = ec.getA(); - BigInteger b = ec.getB(); - - if (field instanceof ECFieldFp) - { - return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b); - } - else - { - ECFieldF2m fieldF2m = (ECFieldF2m)field; - int m = fieldF2m.getM(); - int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); - return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b); - } - } - - public static ECParameterSpec convertSpec( - EllipticCurve ellipticCurve, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - if (spec instanceof ECNamedCurveParameterSpec) - { - return new ECNamedCurveSpec( - ((ECNamedCurveParameterSpec)spec).getName(), - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), - spec.getH()); - } - else - { - return new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), - spec.getH().intValue()); - } - } - - public static org.bouncycastle.jce.spec.ECParameterSpec convertSpec( - ECParameterSpec ecSpec, - boolean withCompression) - { - ECCurve curve = convertCurve(ecSpec.getCurve()); - - return new org.bouncycastle.jce.spec.ECParameterSpec( - curve, - convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - } - - public static org.bouncycastle.math.ec.ECPoint convertPoint( - ECParameterSpec ecSpec, - ECPoint point, - boolean withCompression) - { - return convertPoint(convertCurve(ecSpec.getCurve()), point, withCompression); - } - - public static org.bouncycastle.math.ec.ECPoint convertPoint( - ECCurve curve, - ECPoint point, - boolean withCompression) - { - return curve.createPoint(point.getAffineX(), point.getAffineY(), withCompression); - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java deleted file mode 100644 index 820bf4b..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java +++ /dev/null @@ -1,295 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -// END android-removed -import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.sec.SECNamedCurves; -// BEGIN android-removed -// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -// END android-removed -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962NamedCurves; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jce.interfaces.ECPrivateKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECParameterSpec; - -/** - * utility class for converting jce/jca ECDSA, ECDH, and ECDHC - * objects into their org.bouncycastle.crypto counterparts. - */ -public class ECUtil -{ - /** - * Returns a sorted array of middle terms of the reduction polynomial. - * @param k The unsorted array of middle terms of the reduction polynomial - * of length 1 or 3. - * @return the sorted array of middle terms of the reduction polynomial. - * This array always has length 3. - */ - static int[] convertMidTerms( - int[] k) - { - int[] res = new int[3]; - - if (k.length == 1) - { - res[0] = k[0]; - } - else - { - if (k.length != 3) - { - throw new IllegalArgumentException("Only Trinomials and pentanomials supported"); - } - - if (k[0] < k[1] && k[0] < k[2]) - { - res[0] = k[0]; - if (k[1] < k[2]) - { - res[1] = k[1]; - res[2] = k[2]; - } - else - { - res[1] = k[2]; - res[2] = k[1]; - } - } - else if (k[1] < k[2]) - { - res[0] = k[1]; - if (k[0] < k[2]) - { - res[1] = k[0]; - res[2] = k[2]; - } - else - { - res[1] = k[2]; - res[2] = k[0]; - } - } - else - { - res[0] = k[2]; - if (k[0] < k[1]) - { - res[1] = k[0]; - res[2] = k[1]; - } - else - { - res[1] = k[1]; - res[2] = k[0]; - } - } - } - - return res; - } - - public static AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - ECParameterSpec s = k.getParameters(); - - if (s == null) - { - s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new ECPublicKeyParameters( - ((BCECPublicKey)k).engineGetQ(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else - { - return new ECPublicKeyParameters( - k.getQ(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - } - else if (key instanceof java.security.interfaces.ECPublicKey) - { - java.security.interfaces.ECPublicKey pubKey = (java.security.interfaces.ECPublicKey)key; - ECParameterSpec s = EC5Util.convertSpec(pubKey.getParams(), false); - return new ECPublicKeyParameters( - EC5Util.convertPoint(pubKey.getParams(), pubKey.getW(), false), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else - { - // see if we can build a key from key.getEncoded() - try - { - byte[] bytes = key.getEncoded(); - - if (bytes == null) - { - throw new InvalidKeyException("no encoding for EC public key"); - } - - PublicKey publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); - - if (publicKey instanceof java.security.interfaces.ECPublicKey) - { - return ECUtil.generatePublicKeyParameter(publicKey); - } - } - catch (Exception e) - { - throw new InvalidKeyException("cannot identify EC public key: " + e.toString()); - } - } - - throw new InvalidKeyException("cannot identify EC public key."); - } - - public static AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - ECParameterSpec s = k.getParameters(); - - if (s == null) - { - s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - return new ECPrivateKeyParameters( - k.getD(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else if (key instanceof java.security.interfaces.ECPrivateKey) - { - java.security.interfaces.ECPrivateKey privKey = (java.security.interfaces.ECPrivateKey)key; - ECParameterSpec s = EC5Util.convertSpec(privKey.getParams(), false); - return new ECPrivateKeyParameters( - privKey.getS(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else - { - // see if we can build a key from key.getEncoded() - try - { - byte[] bytes = key.getEncoded(); - - if (bytes == null) - { - throw new InvalidKeyException("no encoding for EC private key"); - } - - PrivateKey privateKey = BouncyCastleProvider.getPrivateKey(PrivateKeyInfo.getInstance(bytes)); - - if (privateKey instanceof java.security.interfaces.ECPrivateKey) - { - return ECUtil.generatePrivateKeyParameter(privateKey); - } - } - catch (Exception e) - { - throw new InvalidKeyException("cannot identify EC private key: " + e.toString()); - } - } - - throw new InvalidKeyException("can't identify EC private key."); - } - - public static ASN1ObjectIdentifier getNamedCurveOid( - String name) - { - ASN1ObjectIdentifier oid = X962NamedCurves.getOID(name); - - if (oid == null) - { - oid = SECNamedCurves.getOID(name); - if (oid == null) - { - oid = NISTNamedCurves.getOID(name); - } - // BEGIN android-removed - // if (oid == null) - // { - // oid = TeleTrusTNamedCurves.getOID(name); - // } - // if (oid == null) - // { - // oid = ECGOST3410NamedCurves.getOID(name); - // } - // END android-removed - } - - return oid; - } - - public static X9ECParameters getNamedCurveByOid( - ASN1ObjectIdentifier oid) - { - X9ECParameters params = X962NamedCurves.getByOID(oid); - - if (params == null) - { - params = SECNamedCurves.getByOID(oid); - if (params == null) - { - params = NISTNamedCurves.getByOID(oid); - } - // BEGIN android-removed - // if (params == null) - // { - // params = TeleTrusTNamedCurves.getByOID(oid); - // } - // END android-removed - } - - return params; - } - - public static String getCurveName( - ASN1ObjectIdentifier oid) - { - String name = X962NamedCurves.getName(oid); - - if (name == null) - { - name = SECNamedCurves.getName(oid); - if (name == null) - { - name = NISTNamedCurves.getName(oid); - } - // BEGIN android-removed - // if (name == null) - // { - // name = TeleTrusTNamedCurves.getName(oid); - // } - // if (name == null) - // { - // name = ECGOST3410NamedCurves.getName(oid); - // } - // END android-removed - } - - return name; - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java index cade228..35a804c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java @@ -37,6 +37,7 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters; // import org.bouncycastle.crypto.params.MQVPrivateParameters; // import org.bouncycastle.crypto.params.MQVPublicParameters; // END android-removed +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; // BEGIN android-removed diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java index 156b1d0..5769bac 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java @@ -15,6 +15,7 @@ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; import org.bouncycastle.jce.provider.BouncyCastleProvider; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java index 4cbefb6..c0c825c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java @@ -23,6 +23,7 @@ import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECKeyGenerationParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java index 86a407c..c6b4bce 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java @@ -8,9 +8,9 @@ import java.security.PublicKey; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DSA; @@ -34,6 +34,7 @@ import org.bouncycastle.crypto.signers.ECDSASigner; // END android-removed import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; public class SignatureSpi extends DSABase @@ -215,6 +216,24 @@ public class SignatureSpi // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); // } // } + // + // static public class ecCVCDSA384 + // extends SignatureSpi + // { + // public ecCVCDSA384() + // { + // super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } + // + // static public class ecCVCDSA512 + // extends SignatureSpi + // { + // public ecCVCDSA512() + // { + // super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } // END android-removed private static class StdDSAEncoder @@ -227,8 +246,8 @@ public class SignatureSpi { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(new DERInteger(r)); - v.add(new DERInteger(s)); + v.add(new ASN1Integer(r)); + v.add(new ASN1Integer(s)); return new DERSequence(v).getEncoded(ASN1Encoding.DER); } @@ -240,8 +259,8 @@ public class SignatureSpi ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); BigInteger[] sig = new BigInteger[2]; - sig[0] = ((DERInteger)s.getObjectAt(0)).getValue(); - sig[1] = ((DERInteger)s.getObjectAt(1)).getValue(); + sig[0] = ASN1Integer.getInstance(s.getObjectAt(0)).getValue(); + sig[1] = ASN1Integer.getInstance(s.getObjectAt(1)).getValue(); return sig; } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java new file mode 100644 index 0000000..52c84ec --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java @@ -0,0 +1,50 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +import java.security.InvalidKeyException; +import java.security.PrivateKey; +import java.security.PublicKey; + +import javax.crypto.interfaces.DHPrivateKey; +import javax.crypto.interfaces.DHPublicKey; + +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.DHParameters; +import org.bouncycastle.crypto.params.DHPrivateKeyParameters; +import org.bouncycastle.crypto.params.DHPublicKeyParameters; + +/** + * utility class for converting jce/jca DH objects + * objects into their org.bouncycastle.crypto counterparts. + */ +public class DHUtil +{ + static public AsymmetricKeyParameter generatePublicKeyParameter( + PublicKey key) + throws InvalidKeyException + { + if (key instanceof DHPublicKey) + { + DHPublicKey k = (DHPublicKey)key; + + return new DHPublicKeyParameters(k.getY(), + new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); + } + + throw new InvalidKeyException("can't identify DH public key."); + } + + static public AsymmetricKeyParameter generatePrivateKeyParameter( + PrivateKey key) + throws InvalidKeyException + { + if (key instanceof DHPrivateKey) + { + DHPrivateKey k = (DHPrivateKey)key; + + return new DHPrivateKeyParameters(k.getX(), + new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); + } + + throw new InvalidKeyException("can't identify DH private key."); + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java new file mode 100644 index 0000000..d4065ac --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java @@ -0,0 +1,123 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +import java.math.BigInteger; +import java.security.spec.ECField; +import java.security.spec.ECFieldF2m; +import java.security.spec.ECFieldFp; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.EllipticCurve; + +import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; +import org.bouncycastle.jce.spec.ECNamedCurveSpec; +import org.bouncycastle.math.ec.ECCurve; + +public class EC5Util +{ + public static EllipticCurve convertCurve( + ECCurve curve, + byte[] seed) + { + // TODO: the Sun EC implementation doesn't currently handle the seed properly + // so at the moment it's set to null. Should probably look at making this configurable + if (curve instanceof ECCurve.Fp) + { + return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); + } + else + { + ECCurve.F2m curveF2m = (ECCurve.F2m)curve; + int ks[]; + + if (curveF2m.isTrinomial()) + { + ks = new int[] { curveF2m.getK1() }; + + return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); + } + else + { + ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() }; + + return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); + } + } + } + + public static ECCurve convertCurve( + EllipticCurve ec) + { + ECField field = ec.getField(); + BigInteger a = ec.getA(); + BigInteger b = ec.getB(); + + if (field instanceof ECFieldFp) + { + return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b); + } + else + { + ECFieldF2m fieldF2m = (ECFieldF2m)field; + int m = fieldF2m.getM(); + int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); + return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b); + } + } + + public static ECParameterSpec convertSpec( + EllipticCurve ellipticCurve, + org.bouncycastle.jce.spec.ECParameterSpec spec) + { + if (spec instanceof ECNamedCurveParameterSpec) + { + return new ECNamedCurveSpec( + ((ECNamedCurveParameterSpec)spec).getName(), + ellipticCurve, + new ECPoint( + spec.getG().getX().toBigInteger(), + spec.getG().getY().toBigInteger()), + spec.getN(), + spec.getH()); + } + else + { + return new ECParameterSpec( + ellipticCurve, + new ECPoint( + spec.getG().getX().toBigInteger(), + spec.getG().getY().toBigInteger()), + spec.getN(), + spec.getH().intValue()); + } + } + + public static org.bouncycastle.jce.spec.ECParameterSpec convertSpec( + ECParameterSpec ecSpec, + boolean withCompression) + { + ECCurve curve = convertCurve(ecSpec.getCurve()); + + return new org.bouncycastle.jce.spec.ECParameterSpec( + curve, + convertPoint(curve, ecSpec.getGenerator(), withCompression), + ecSpec.getOrder(), + BigInteger.valueOf(ecSpec.getCofactor()), + ecSpec.getCurve().getSeed()); + } + + public static org.bouncycastle.math.ec.ECPoint convertPoint( + ECParameterSpec ecSpec, + ECPoint point, + boolean withCompression) + { + return convertPoint(convertCurve(ecSpec.getCurve()), point, withCompression); + } + + public static org.bouncycastle.math.ec.ECPoint convertPoint( + ECCurve curve, + ECPoint point, + boolean withCompression) + { + return curve.createPoint(point.getAffineX(), point.getAffineY(), withCompression); + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java new file mode 100644 index 0000000..442b340 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java @@ -0,0 +1,296 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +import java.security.InvalidKeyException; +import java.security.PrivateKey; +import java.security.PublicKey; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// END android-removed +import org.bouncycastle.asn1.nist.NISTNamedCurves; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.sec.SECNamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// END android-removed +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X962NamedCurves; +import org.bouncycastle.asn1.x9.X9ECParameters; +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.ECDomainParameters; +import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey; +import org.bouncycastle.jce.interfaces.ECPrivateKey; +import org.bouncycastle.jce.interfaces.ECPublicKey; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.spec.ECParameterSpec; + +/** + * utility class for converting jce/jca ECDSA, ECDH, and ECDHC + * objects into their org.bouncycastle.crypto counterparts. + */ +public class ECUtil +{ + /** + * Returns a sorted array of middle terms of the reduction polynomial. + * @param k The unsorted array of middle terms of the reduction polynomial + * of length 1 or 3. + * @return the sorted array of middle terms of the reduction polynomial. + * This array always has length 3. + */ + static int[] convertMidTerms( + int[] k) + { + int[] res = new int[3]; + + if (k.length == 1) + { + res[0] = k[0]; + } + else + { + if (k.length != 3) + { + throw new IllegalArgumentException("Only Trinomials and pentanomials supported"); + } + + if (k[0] < k[1] && k[0] < k[2]) + { + res[0] = k[0]; + if (k[1] < k[2]) + { + res[1] = k[1]; + res[2] = k[2]; + } + else + { + res[1] = k[2]; + res[2] = k[1]; + } + } + else if (k[1] < k[2]) + { + res[0] = k[1]; + if (k[0] < k[2]) + { + res[1] = k[0]; + res[2] = k[2]; + } + else + { + res[1] = k[2]; + res[2] = k[0]; + } + } + else + { + res[0] = k[2]; + if (k[0] < k[1]) + { + res[1] = k[0]; + res[2] = k[1]; + } + else + { + res[1] = k[1]; + res[2] = k[0]; + } + } + } + + return res; + } + + public static AsymmetricKeyParameter generatePublicKeyParameter( + PublicKey key) + throws InvalidKeyException + { + if (key instanceof ECPublicKey) + { + ECPublicKey k = (ECPublicKey)key; + ECParameterSpec s = k.getParameters(); + + if (s == null) + { + s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); + + return new ECPublicKeyParameters( + ((BCECPublicKey)k).engineGetQ(), + new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); + } + else + { + return new ECPublicKeyParameters( + k.getQ(), + new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); + } + } + else if (key instanceof java.security.interfaces.ECPublicKey) + { + java.security.interfaces.ECPublicKey pubKey = (java.security.interfaces.ECPublicKey)key; + ECParameterSpec s = EC5Util.convertSpec(pubKey.getParams(), false); + return new ECPublicKeyParameters( + EC5Util.convertPoint(pubKey.getParams(), pubKey.getW(), false), + new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); + } + else + { + // see if we can build a key from key.getEncoded() + try + { + byte[] bytes = key.getEncoded(); + + if (bytes == null) + { + throw new InvalidKeyException("no encoding for EC public key"); + } + + PublicKey publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); + + if (publicKey instanceof java.security.interfaces.ECPublicKey) + { + return ECUtil.generatePublicKeyParameter(publicKey); + } + } + catch (Exception e) + { + throw new InvalidKeyException("cannot identify EC public key: " + e.toString()); + } + } + + throw new InvalidKeyException("cannot identify EC public key."); + } + + public static AsymmetricKeyParameter generatePrivateKeyParameter( + PrivateKey key) + throws InvalidKeyException + { + if (key instanceof ECPrivateKey) + { + ECPrivateKey k = (ECPrivateKey)key; + ECParameterSpec s = k.getParameters(); + + if (s == null) + { + s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); + } + + return new ECPrivateKeyParameters( + k.getD(), + new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); + } + else if (key instanceof java.security.interfaces.ECPrivateKey) + { + java.security.interfaces.ECPrivateKey privKey = (java.security.interfaces.ECPrivateKey)key; + ECParameterSpec s = EC5Util.convertSpec(privKey.getParams(), false); + return new ECPrivateKeyParameters( + privKey.getS(), + new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); + } + else + { + // see if we can build a key from key.getEncoded() + try + { + byte[] bytes = key.getEncoded(); + + if (bytes == null) + { + throw new InvalidKeyException("no encoding for EC private key"); + } + + PrivateKey privateKey = BouncyCastleProvider.getPrivateKey(PrivateKeyInfo.getInstance(bytes)); + + if (privateKey instanceof java.security.interfaces.ECPrivateKey) + { + return ECUtil.generatePrivateKeyParameter(privateKey); + } + } + catch (Exception e) + { + throw new InvalidKeyException("cannot identify EC private key: " + e.toString()); + } + } + + throw new InvalidKeyException("can't identify EC private key."); + } + + public static ASN1ObjectIdentifier getNamedCurveOid( + String name) + { + ASN1ObjectIdentifier oid = X962NamedCurves.getOID(name); + + if (oid == null) + { + oid = SECNamedCurves.getOID(name); + if (oid == null) + { + oid = NISTNamedCurves.getOID(name); + } + // BEGIN android-removed + // if (oid == null) + // { + // oid = TeleTrusTNamedCurves.getOID(name); + // } + // if (oid == null) + // { + // oid = ECGOST3410NamedCurves.getOID(name); + // } + // END android-removed + } + + return oid; + } + + public static X9ECParameters getNamedCurveByOid( + ASN1ObjectIdentifier oid) + { + X9ECParameters params = X962NamedCurves.getByOID(oid); + + if (params == null) + { + params = SECNamedCurves.getByOID(oid); + if (params == null) + { + params = NISTNamedCurves.getByOID(oid); + } + // BEGIN android-removed + // if (params == null) + // { + // params = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed + } + + return params; + } + + public static String getCurveName( + ASN1ObjectIdentifier oid) + { + String name = X962NamedCurves.getName(oid); + + if (name == null) + { + name = SECNamedCurves.getName(oid); + if (name == null) + { + name = NISTNamedCurves.getName(oid); + } + // BEGIN android-removed + // if (name == null) + // { + // name = TeleTrusTNamedCurves.getName(oid); + // } + // if (name == null) + // { + // name = ECGOST3410NamedCurves.getName(oid); + // } + // END android-removed + } + + return name; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java index 5b79864..03a1fe8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java @@ -24,8 +24,6 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.jce.provider.X509CRLObject; -import org.bouncycastle.jce.provider.X509CertificateObject; /** * class for dealing with X509 certificates. @@ -334,9 +332,7 @@ public class CertificateFactory public Iterator engineGetCertPathEncodings() { - // BEGIN android-changed return PKIXCertPath.certPathEncodings.iterator(); - // END android-changed } public CertPath engineGenerateCertPath( diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java new file mode 100644 index 0000000..e27acfb --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java @@ -0,0 +1,20 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.security.cert.CRLException; + +class ExtCRLException + extends CRLException +{ + Throwable cause; + + ExtCRLException(String message, Throwable cause) + { + super(message); + this.cause = cause; + } + + public Throwable getCause() + { + return cause; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java new file mode 100644 index 0000000..1888328 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java @@ -0,0 +1,301 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.cert.CRLException; +import java.security.cert.X509CRLEntry; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.CRLReason; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.TBSCertList; +import org.bouncycastle.asn1.x509.X509Extension; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRL Entries + * + * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer + * (critical) + */ +class X509CRLEntryObject extends X509CRLEntry +{ + private TBSCertList.CRLEntry c; + + private X500Name certificateIssuer; + private int hashValue; + private boolean isHashValueSet; + + public X509CRLEntryObject(TBSCertList.CRLEntry c) + { + this.c = c; + this.certificateIssuer = null; + } + + /** + * Constructor for CRLEntries of indirect CRLs. If isIndirect + * is false {@link #getCertificateIssuer()} will always + * return null, previousCertificateIssuer is + * ignored. If this isIndirect is specified and this CRLEntry + * has no certificate issuer CRL entry extension + * previousCertificateIssuer is returned by + * {@link #getCertificateIssuer()}. + * + * @param c + * TBSCertList.CRLEntry object. + * @param isIndirect + * true if the corresponding CRL is a indirect + * CRL. + * @param previousCertificateIssuer + * Certificate issuer of the previous CRLEntry. + */ + public X509CRLEntryObject( + TBSCertList.CRLEntry c, + boolean isIndirect, + X500Name previousCertificateIssuer) + { + this.c = c; + this.certificateIssuer = loadCertificateIssuer(isIndirect, previousCertificateIssuer); + } + + /** + * Will return true if any extensions are present and marked as critical as + * we currently don't handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + + return extns != null && !extns.isEmpty(); + } + + private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer) + { + if (!isIndirect) + { + return null; + } + + Extension ext = getExtension(Extension.certificateIssuer); + if (ext == null) + { + return previousCertificateIssuer; + } + + try + { + GeneralName[] names = GeneralNames.getInstance(ext.getParsedValue()).getNames(); + for (int i = 0; i < names.length; i++) + { + if (names[i].getTagNo() == GeneralName.directoryName) + { + return X500Name.getInstance(names[i].getName()); + } + } + return null; + } + catch (Exception e) + { + return null; + } + } + + public X500Principal getCertificateIssuer() + { + if (certificateIssuer == null) + { + return null; + } + try + { + return new X500Principal(certificateIssuer.getEncoded()); + } + catch (IOException e) + { + return null; + } + } + + private Set getExtensionOIDs(boolean critical) + { + Extensions extensions = c.getExtensions(); + + if (extensions != null) + { + Set set = new HashSet(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + private Extension getExtension(ASN1ObjectIdentifier oid) + { + Extensions exts = c.getExtensions(); + + if (exts != null) + { + return exts.getExtension(oid); + } + + return null; + } + + public byte[] getExtensionValue(String oid) + { + Extension ext = getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new RuntimeException("error encoding " + e.toString()); + } + } + + return null; + } + + /** + * Cache the hashCode value - calculating it with the standard method. + * @return calculated hashCode. + */ + public int hashCode() + { + if (!isHashValueSet) + { + hashValue = super.hashCode(); + isHashValueSet = true; + } + + return hashValue; + } + + public byte[] getEncoded() + throws CRLException + { + try + { + return c.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public BigInteger getSerialNumber() + { + return c.getUserCertificate().getValue(); + } + + public Date getRevocationDate() + { + return c.getRevocationDate().getDate(); + } + + public boolean hasExtensions() + { + return c.getExtensions() != null; + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); + buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); + buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl); + + Extensions extensions = c.getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + if (e.hasMoreElements()) + { + buf.append(" crlEntryExtensions:").append(nl); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append(ext.isCritical()).append(") "); + try + { + if (oid.equals(X509Extension.reasonCode)) + { + buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl); + } + else if (oid.equals(X509Extension.certificateIssuer)) + { + buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + } + + return buf.toString(); + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java new file mode 100644 index 0000000..2fc0826 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java @@ -0,0 +1,578 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.CRLException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509CRL; +import java.security.cert.X509CRLEntry; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.CRLDistPoint; +import org.bouncycastle.asn1.x509.CRLNumber; +import org.bouncycastle.asn1.x509.CertificateList; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.IssuingDistributionPoint; +import org.bouncycastle.asn1.x509.TBSCertList; +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; +import org.bouncycastle.util.encoders.Hex; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRLs + * + * Authority Key Identifier + * Issuer Alternative Name + * CRL Number + * Delta CRL Indicator (critical) + * Issuing Distribution Point (critical) + */ +class X509CRLObject + extends X509CRL +{ + private CertificateList c; + private String sigAlgName; + private byte[] sigAlgParams; + private boolean isIndirect; + + static boolean isIndirectCRL(X509CRL crl) + throws CRLException + { + try + { + byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); + return idp != null + && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(idp).getOctets()).isIndirectCRL(); + } + catch (Exception e) + { + throw new ExtCRLException( + "Exception reading IssuingDistributionPoint", e); + } + } + + public X509CRLObject( + CertificateList c) + throws CRLException + { + this.c = c; + + try + { + this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + + if (c.getSignatureAlgorithm().getParameters() != null) + { + this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + else + { + this.sigAlgParams = null; + } + + this.isIndirect = isIndirectCRL(this); + } + catch (Exception e) + { + throw new CRLException("CRL contents invalid: " + e); + } + } + + /** + * Will return true if any extensions are present and marked + * as critical as we currently dont handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + + if (extns == null) + { + return false; + } + + extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); + extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); + + return !extns.isEmpty(); + } + + private Set getExtensionOIDs(boolean critical) + { + if (this.getVersion() == 2) + { + Extensions extensions = c.getTBSCertList().getExtensions(); + + if (extensions != null) + { + Set set = new HashSet(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + public byte[] getExtensionValue(String oid) + { + Extensions exts = c.getTBSCertList().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new IllegalStateException("error parsing " + e.toString()); + } + } + } + + return null; + } + + public byte[] getEncoded() + throws CRLException + { + try + { + return c.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public void verify(PublicKey key) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + verify(key, BouncyCastleProvider.PROVIDER_NAME); + } + + public void verify(PublicKey key, String sigProvider) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) + { + throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); + } + + Signature sig; + + if (sigProvider != null) + { + sig = Signature.getInstance(getSigAlgName(), sigProvider); + } + else + { + sig = Signature.getInstance(getSigAlgName()); + } + + sig.initVerify(key); + sig.update(this.getTBSCertList()); + + if (!sig.verify(this.getSignature())) + { + throw new SignatureException("CRL does not verify with supplied public key."); + } + } + + public int getVersion() + { + return c.getVersionNumber(); + } + + public Principal getIssuerDN() + { + return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive())); + } + + public X500Principal getIssuerX500Principal() + { + try + { + return new X500Principal(c.getIssuer().getEncoded()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Date getThisUpdate() + { + return c.getThisUpdate().getDate(); + } + + public Date getNextUpdate() + { + if (c.getNextUpdate() != null) + { + return c.getNextUpdate().getDate(); + } + + return null; + } + + private Set loadCRLEntries() + { + Set entrySet = new HashSet(); + Enumeration certs = c.getRevokedCertificateEnumeration(); + + X500Name previousCertificateIssuer = null; // the issuer + while (certs.hasMoreElements()) + { + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + entrySet.add(crlEntry); + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + } + + return entrySet; + } + + public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) + { + Enumeration certs = c.getRevokedCertificateEnumeration(); + + X500Name previousCertificateIssuer = null; // the issuer + while (certs.hasMoreElements()) + { + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + + if (serialNumber.equals(entry.getUserCertificate().getValue())) + { + return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + } + + if (isIndirect && entry.hasExtensions()) + { + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + } + + return null; + } + + public Set getRevokedCertificates() + { + Set entrySet = loadCRLEntries(); + + if (!entrySet.isEmpty()) + { + return Collections.unmodifiableSet(entrySet); + } + + return null; + } + + public byte[] getTBSCertList() + throws CRLException + { + try + { + return c.getTBSCertList().getEncoded("DER"); + } + catch (IOException e) + { + throw new CRLException(e.toString()); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + public String getSigAlgName() + { + return sigAlgName; + } + + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getAlgorithm().getId(); + } + + public byte[] getSigAlgParams() + { + if (sigAlgParams != null) + { + byte[] tmp = new byte[sigAlgParams.length]; + + System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length); + + return tmp; + } + + return null; + } + + /** + * Returns a string representation of this CRL. + * + * @return a string representation of this CRL. + */ + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" Version: ").append(this.getVersion()).append( + nl); + buf.append(" IssuerDN: ").append(this.getIssuerDN()) + .append(nl); + buf.append(" This update: ").append(this.getThisUpdate()) + .append(nl); + buf.append(" Next update: ").append(this.getNextUpdate()) + .append(nl); + buf.append(" Signature Algorithm: ").append(this.getSigAlgName()) + .append(nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: ").append( + new String(Hex.encode(sig, 0, 20))).append(nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" ").append( + new String(Hex.encode(sig, i, 20))).append(nl); + } + else + { + buf.append(" ").append( + new String(Hex.encode(sig, i, sig.length - i))).append(nl); + } + } + + Extensions extensions = c.getTBSCertList().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: ").append(nl); + } + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append( + ext.isCritical()).append(") "); + try + { + if (oid.equals(Extension.cRLNumber)) + { + buf.append( + new CRLNumber(ASN1Integer.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid.equals(Extension.deltaCRLIndicator)) + { + buf.append( + "Base CRL: " + + new CRLNumber(ASN1Integer.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid + .equals(Extension.issuingDistributionPoint)) + { + buf.append( + IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid + .equals(Extension.cRLDistributionPoints)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(Extension.freshestCRL)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append( + ASN1Dump.dumpAsString(dIn.readObject())) + .append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + Set set = getRevokedCertificates(); + if (set != null) + { + Iterator it = set.iterator(); + while (it.hasNext()) + { + buf.append(it.next()); + buf.append(nl); + } + } + return buf.toString(); + } + + /** + * Checks whether the given certificate is on this CRL. + * + * @param cert the certificate to check for. + * @return true if the given certificate is on this CRL, + * false otherwise. + */ + public boolean isRevoked(Certificate cert) + { + if (!cert.getType().equals("X.509")) + { + throw new RuntimeException("X.509 CRL used with non X.509 Cert"); + } + + TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + + X500Name caName = c.getIssuer(); + + if (certs != null) + { + BigInteger serial = ((X509Certificate)cert).getSerialNumber(); + + for (int i = 0; i < certs.length; i++) + { + if (isIndirect && certs[i].hasExtensions()) + { + Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + + if (certs[i].getUserCertificate().getValue().equals(serial)) + { + X500Name issuer; + + if (cert instanceof X509Certificate) + { + issuer = X500Name.getInstance(((X509Certificate)cert).getIssuerX500Principal().getEncoded()); + } + else + { + try + { + issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer(); + } + catch (CertificateEncodingException e) + { + throw new RuntimeException("Cannot process certificate"); + } + } + + if (!caName.equals(issuer)) + { + return false; + } + + return true; + } + } + } + + return false; + } +} + diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java new file mode 100644 index 0000000..6604b4a --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java @@ -0,0 +1,916 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OutputStream; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1String; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.misc.MiscObjectIdentifiers; +import org.bouncycastle.asn1.misc.NetscapeCertType; +import org.bouncycastle.asn1.misc.NetscapeRevocationURL; +import org.bouncycastle.asn1.misc.VerisignCzagExtension; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.style.RFC4519Style; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.KeyUsage; +// BEGIN android-added +import org.bouncycastle.asn1.x509.X509Name; +// END android-added +import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Integers; +import org.bouncycastle.util.encoders.Hex; + +class X509CertificateObject + extends X509Certificate + implements PKCS12BagAttributeCarrier +{ + private org.bouncycastle.asn1.x509.Certificate c; + private BasicConstraints basicConstraints; + private boolean[] keyUsage; + private boolean hashValueSet; + private int hashValue; + + private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl(); + + public X509CertificateObject( + org.bouncycastle.asn1.x509.Certificate c) + throws CertificateParsingException + { + this.c = c; + + try + { + byte[] bytes = this.getExtensionBytes("2.5.29.19"); + + if (bytes != null) + { + basicConstraints = BasicConstraints.getInstance(ASN1Primitive.fromByteArray(bytes)); + } + } + catch (Exception e) + { + throw new CertificateParsingException("cannot construct BasicConstraints: " + e); + } + + try + { + byte[] bytes = this.getExtensionBytes("2.5.29.15"); + if (bytes != null) + { + DERBitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); + + bytes = bits.getBytes(); + int length = (bytes.length * 8) - bits.getPadBits(); + + keyUsage = new boolean[(length < 9) ? 9 : length]; + + for (int i = 0; i != length; i++) + { + keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + } + else + { + keyUsage = null; + } + } + catch (Exception e) + { + throw new CertificateParsingException("cannot construct KeyUsage: " + e); + } + } + + public void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException + { + this.checkValidity(new Date()); + } + + public void checkValidity( + Date date) + throws CertificateExpiredException, CertificateNotYetValidException + { + if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility + { + throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); + } + + if (date.getTime() < this.getNotBefore().getTime()) + { + throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); + } + } + + public int getVersion() + { + return c.getVersionNumber(); + } + + public BigInteger getSerialNumber() + { + return c.getSerialNumber().getValue(); + } + + public Principal getIssuerDN() + { + try + { + return new X509Principal(X500Name.getInstance(c.getIssuer().getEncoded())); + } + catch (IOException e) + { + return null; + } + } + + public X500Principal getIssuerX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getIssuer()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Principal getSubjectDN() + { + return new X509Principal(X500Name.getInstance(c.getSubject().toASN1Primitive())); + } + + public X500Principal getSubjectX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getSubject()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN"); + } + } + + public Date getNotBefore() + { + return c.getStartDate().getDate(); + } + + public Date getNotAfter() + { + return c.getEndDate().getDate(); + } + + public byte[] getTBSCertificate() + throws CertificateEncodingException + { + try + { + return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new CertificateEncodingException(e.toString()); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + /** + * return a more "meaningful" representation for the signature algorithm used in + * the certficate. + */ + public String getSigAlgName() + { + Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); + + if (prov != null) + { + String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + + if (algName != null) + { + return algName; + } + } + + Provider[] provs = Security.getProviders(); + + // + // search every provider looking for a real algorithm + // + for (int i = 0; i != provs.length; i++) + { + String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + if (algName != null) + { + return algName; + } + } + + return this.getSigAlgOID(); + } + + /** + * return the object identifier for the signature. + */ + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getAlgorithm().getId(); + } + + /** + * return the signature parameters, or null if there aren't any. + */ + public byte[] getSigAlgParams() + { + if (c.getSignatureAlgorithm().getParameters() != null) + { + try + { + return c.getSignatureAlgorithm().getParameters().toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; + } + } + else + { + return null; + } + } + + public boolean[] getIssuerUniqueID() + { + DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getSubjectUniqueID() + { + DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getKeyUsage() + { + return keyUsage; + } + + public List getExtendedKeyUsage() + throws CertificateParsingException + { + byte[] bytes = this.getExtensionBytes("2.5.29.37"); + + if (bytes != null) + { + try + { + ASN1InputStream dIn = new ASN1InputStream(bytes); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + List list = new ArrayList(); + + for (int i = 0; i != seq.size(); i++) + { + list.add(((ASN1ObjectIdentifier)seq.getObjectAt(i)).getId()); + } + + return Collections.unmodifiableList(list); + } + catch (Exception e) + { + throw new CertificateParsingException("error processing extended key usage extension"); + } + } + + return null; + } + + public int getBasicConstraints() + { + if (basicConstraints != null) + { + if (basicConstraints.isCA()) + { + if (basicConstraints.getPathLenConstraint() == null) + { + return Integer.MAX_VALUE; + } + else + { + return basicConstraints.getPathLenConstraint().intValue(); + } + } + else + { + return -1; + } + } + + return -1; + } + + public Collection getSubjectAlternativeNames() + throws CertificateParsingException + { + return getAlternativeNames(getExtensionBytes(Extension.subjectAlternativeName.getId())); + } + + public Collection getIssuerAlternativeNames() + throws CertificateParsingException + { + return getAlternativeNames(getExtensionBytes(Extension.issuerAlternativeName.getId())); + } + + public Set getCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + Set set = new HashSet(); + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + private byte[] getExtensionBytes(String oid) + { + Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + if (ext != null) + { + return ext.getExtnValue().getOctets(); + } + } + + return null; + } + + public byte[] getExtensionValue(String oid) + { + Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getExtnValue().getEncoded(); + } + catch (Exception e) + { + throw new IllegalStateException("error parsing " + e.toString()); + } + } + } + + return null; + } + + public Set getNonCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + Set set = new HashSet(); + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (!ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + public boolean hasUnsupportedCriticalExtension() + { + if (this.getVersion() == 3) + { + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + String oidId = oid.getId(); + + if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE) + || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES) + || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS) + || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY) + || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS) + || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT) + || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR) + || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS) + || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS) + || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME) + || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS)) + { + continue; + } + + Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + return true; + } + } + } + } + + return false; + } + + public PublicKey getPublicKey() + { + try + { + return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); + } + catch (IOException e) + { + return null; // should never happen... + } + } + + // BEGIN android-changed + private byte[] encoded; + // END android-changed + public byte[] getEncoded() + throws CertificateEncodingException + { + try + { + // BEGIN android-changed + if (encoded == null) { + encoded = c.getEncoded(ASN1Encoding.DER); + } + return encoded; + // END android-changed + } + catch (IOException e) + { + throw new CertificateEncodingException(e.toString()); + } + } + + public boolean equals( + Object o) + { + if (o == this) + { + return true; + } + + if (!(o instanceof Certificate)) + { + return false; + } + + Certificate other = (Certificate)o; + + try + { + byte[] b1 = this.getEncoded(); + byte[] b2 = other.getEncoded(); + + return Arrays.areEqual(b1, b2); + } + catch (CertificateEncodingException e) + { + return false; + } + } + + public synchronized int hashCode() + { + if (!hashValueSet) + { + hashValue = calculateHashCode(); + hashValueSet = true; + } + + return hashValue; + } + + private int calculateHashCode() + { + try + { + int hashCode = 0; + byte[] certData = this.getEncoded(); + for (int i = 1; i < certData.length; i++) + { + hashCode += certData[i] * i; + } + return hashCode; + } + catch (CertificateEncodingException e) + { + return 0; + } + } + + public void setBagAttribute( + ASN1ObjectIdentifier oid, + ASN1Encodable attribute) + { + attrCarrier.setBagAttribute(oid, attribute); + } + + public ASN1Encodable getBagAttribute( + ASN1ObjectIdentifier oid) + { + return attrCarrier.getBagAttribute(oid); + } + + public Enumeration getBagAttributeKeys() + { + return attrCarrier.getBagAttributeKeys(); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" [0] Version: ").append(this.getVersion()).append(nl); + buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); + buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl); + buf.append(" Start Date: ").append(this.getNotBefore()).append(nl); + buf.append(" Final Date: ").append(this.getNotAfter()).append(nl); + buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl); + buf.append(" Public Key: ").append(this.getPublicKey()).append(nl); + buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl); + } + else + { + buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl); + } + } + + Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: \n"); + } + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append(ext.isCritical()).append(") "); + try + { + if (oid.equals(Extension.basicConstraints)) + { + buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(Extension.keyUsage)) + { + buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) + { + buf.append(new NetscapeCertType((DERBitString)dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) + { + buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())).append(nl); + } + else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) + { + buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); + //buf.append(" value = ").append("*****").append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + // buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + + return buf.toString(); + } + + public final void verify( + PublicKey key) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + Signature signature; + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + + try + { + signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME); + } + catch (Exception e) + { + signature = Signature.getInstance(sigName); + } + + checkSignature(key, signature); + } + + public final void verify( + PublicKey key, + String sigProvider) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + Signature signature = Signature.getInstance(sigName, sigProvider); + + checkSignature(key, signature); + } + + private void checkSignature( + PublicKey key, + Signature signature) + throws CertificateException, NoSuchAlgorithmException, + SignatureException, InvalidKeyException + { + if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) + { + throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); + } + + ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); + + // TODO This should go after the initVerify? + X509SignatureUtil.setSignatureParameters(signature, params); + + signature.initVerify(key); + + signature.update(this.getTBSCertificate()); + + if (!signature.verify(this.getSignature())) + { + throw new SignatureException("certificate does not verify with supplied key"); + } + } + + private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) + { + if (!id1.getAlgorithm().equals(id2.getAlgorithm())) + { + return false; + } + + if (id1.getParameters() == null) + { + if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + if (id2.getParameters() == null) + { + if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) + { + return false; + } + + return true; + } + + return id1.getParameters().equals(id2.getParameters()); + } + + private static Collection getAlternativeNames(byte[] extVal) + throws CertificateParsingException + { + if (extVal == null) + { + return null; + } + try + { + Collection temp = new ArrayList(); + Enumeration it = ASN1Sequence.getInstance(extVal).getObjects(); + while (it.hasMoreElements()) + { + GeneralName genName = GeneralName.getInstance(it.nextElement()); + List list = new ArrayList(); + list.add(Integers.valueOf(genName.getTagNo())); + switch (genName.getTagNo()) + { + case GeneralName.ediPartyName: + case GeneralName.x400Address: + case GeneralName.otherName: + list.add(genName.getEncoded()); + break; + case GeneralName.directoryName: + // BEGIN android-changed + list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); + // END android-changed + break; + case GeneralName.dNSName: + case GeneralName.rfc822Name: + case GeneralName.uniformResourceIdentifier: + list.add(((ASN1String)genName.getName()).getString()); + break; + case GeneralName.registeredID: + list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); + break; + case GeneralName.iPAddress: + byte[] addrBytes = DEROctetString.getInstance(genName.getName()).getOctets(); + final String addr; + try + { + addr = InetAddress.getByAddress(addrBytes).getHostAddress(); + } + catch (UnknownHostException e) + { + continue; + } + list.add(addr); + break; + default: + throw new IOException("Bad tag number: " + genName.getTagNo()); + } + + temp.add(Collections.unmodifiableList(list)); + } + if (temp.size() == 0) + { + return null; + } + return Collections.unmodifiableCollection(temp); + } + catch (Exception e) + { + throw new CertificateParsingException(e.getMessage()); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java new file mode 100644 index 0000000..4ca9e89 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java @@ -0,0 +1,144 @@ +package org.bouncycastle.jcajce.provider.asymmetric.x509; + +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.PSSParameterSpec; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Null; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERObjectIdentifier; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; + +class X509SignatureUtil +{ + private static final ASN1Null derNull = DERNull.INSTANCE; + + static void setSignatureParameters( + Signature signature, + ASN1Encodable params) + throws NoSuchAlgorithmException, SignatureException, InvalidKeyException + { + if (params != null && !derNull.equals(params)) + { + AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); + + try + { + sigParams.init(params.toASN1Primitive().getEncoded()); + } + catch (IOException e) + { + throw new SignatureException("IOException decoding parameters: " + e.getMessage()); + } + + if (signature.getAlgorithm().endsWith("MGF1")) + { + try + { + signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); + } + catch (GeneralSecurityException e) + { + throw new SignatureException("Exception extracting parameters: " + e.getMessage()); + } + } + } + } + + static String getSignatureName( + AlgorithmIdentifier sigAlgId) + { + ASN1Encodable params = sigAlgId.getParameters(); + + if (params != null && !derNull.equals(params)) + { + if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) + { + RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); + + return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; + } + if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) + { + ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); + + return getDigestAlgName((DERObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA"; + } + } + + return sigAlgId.getAlgorithm().getId(); + } + + /** + * Return the digest algorithm using one of the standard JCA string + * representations rather the the algorithm identifier (if possible). + */ + private static String getDigestAlgName( + DERObjectIdentifier digestAlgOID) + { + if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) + { + return "MD5"; + } + else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) + { + return "SHA1"; + } + else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) + { + return "SHA224"; + } + else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) + { + return "SHA256"; + } + else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) + { + return "SHA384"; + } + else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) + { + return "SHA512"; + } + // BEGIN android-removed + // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) + // { + // return "RIPEMD128"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) + // { + // return "RIPEMD160"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) + // { + // return "RIPEMD256"; + // } + // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) + // { + // return "GOST3411"; + // } + // END android-removed + else + { + return digestAlgOID.getId(); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index c3f148b..05bfa1c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -12,22 +12,22 @@ public interface ConfigurableProvider /** * Elliptic Curve CA parameters - thread local version */ - static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; + static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; /** * Elliptic Curve CA parameters - thread local version */ - static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; + static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; /** * Diffie-Hellman Default Parameters - thread local version */ - static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; + static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; /** * Diffie-Hellman Default Parameters - VM wide version */ - static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; + static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; void setParameter(String parameterName, Object parameter); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java new file mode 100644 index 0000000..36a32b1 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java @@ -0,0 +1,51 @@ +package org.bouncycastle.jcajce.provider.config; + +import java.io.OutputStream; +import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStore.ProtectionParameter; + +public class PKCS12StoreParameter + implements LoadStoreParameter +{ + private final OutputStream out; + private final ProtectionParameter protectionParameter; + private final boolean forDEREncoding; + + public PKCS12StoreParameter(OutputStream out, char[] password) + { + this(out, password, false); + } + + public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter) + { + this(out, protectionParameter, false); + } + + public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREncoding) + { + this(out, new KeyStore.PasswordProtection(password), forDEREncoding); + } + + public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding) + { + this.out = out; + this.protectionParameter = protectionParameter; + this.forDEREncoding = forDEREncoding; + } + + public OutputStream getOutputStream() + { + return out; + } + + public ProtectionParameter getProtectionParameter() + { + return protectionParameter; + } + + public boolean isForDEREncoding() + { + return forDEREncoding; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java index 6834e3c..93a7d71 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java @@ -7,15 +7,20 @@ import org.bouncycastle.crypto.digests.MD5Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class MD5 { + private MD5() + { + + } + /** - * MD5 HMac + * MD5 HashMac */ public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java index 2a9eceb..df5d41a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java @@ -1,17 +1,33 @@ package org.bouncycastle.jcajce.provider.digest; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.spec.PBEKeySpec; + import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; public class SHA1 { + private SHA1() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -35,7 +51,7 @@ public class SHA1 * SHA1 HMac */ public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -52,6 +68,103 @@ public class SHA1 } } + /** + * SHA1 HMac + */ + public static class SHA1Mac + extends BaseMac + { + public SHA1Mac() + { + super(new HMac(new SHA1Digest())); + } + } + + /** + * PBEWithHmacSHA + */ + public static class PBEWithMacKeyFactory + extends PBESecretKeyFactory + { + public PBEWithMacKeyFactory() + { + super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); + } + } + + + public static class BasePBKDF2WithHmacSHA1 + extends BaseSecretKeyFactory + { + private int scheme; + + public BasePBKDF2WithHmacSHA1(String name, int scheme) + { + super(name, PKCSObjectIdentifiers.id_PBKDF2); + + this.scheme = scheme; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + + if (pbeSpec.getSalt() == null) + { + throw new InvalidKeySpecException("missing required salt"); + } + + if (pbeSpec.getIterationCount() <= 0) + { + throw new InvalidKeySpecException("positive iteration count required: " + + pbeSpec.getIterationCount()); + } + + if (pbeSpec.getKeyLength() <= 0) + { + throw new InvalidKeySpecException("positive key length required: " + + pbeSpec.getKeyLength()); + } + + if (pbeSpec.getPassword().length == 0) + { + throw new IllegalArgumentException("password empty"); + } + + int digest = SHA1; + int keySize = pbeSpec.getKeyLength(); + int ivSize = -1; // JDK 1,2 and earlier does not understand simplified version. + CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + + public static class PBKDF2WithHmacSHA1UTF8 + extends BasePBKDF2WithHmacSHA1 + { + public PBKDF2WithHmacSHA1UTF8() + { + super("PBKDF2WithHmacSHA1", PKCS5S2_UTF8); + } + } + + public static class PBKDF2WithHmacSHA18BIT + extends BasePBKDF2WithHmacSHA1 + { + public PBKDF2WithHmacSHA18BIT() + { + super("PBKDF2WithHmacSHA1And8bit", PKCS5S2); + } + } + public static class Mappings extends DigestAlgorithmProvider { @@ -71,6 +184,18 @@ public class SHA1 addHMACAlgorithm(provider, "SHA1", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); addHMACAlias(provider, "SHA1", IANAObjectIdentifiers.hmacSHA1); + + provider.addAlgorithm("Mac.PBEWITHHMACSHA", PREFIX + "$SHA1Mac"); + provider.addAlgorithm("Mac.PBEWITHHMACSHA1", PREFIX + "$SHA1Mac"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA1"); + provider.addAlgorithm("Alg.Alias.Mac." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA1", PREFIX + "$PBEWithMacKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1", PREFIX + "$PBKDF2WithHmacSHA1UTF8"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2WithHmacSHA1"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WithHmacSHA1AndUTF8", "PBKDF2WithHmacSHA1"); + provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java index 4e25c39..4504f30 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -7,10 +7,16 @@ import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; public class SHA256 { + private SHA256() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -31,7 +37,7 @@ public class SHA256 } public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -39,7 +45,21 @@ public class SHA256 } } - /** + // BEGIN android-removed + // /** + // * PBEWithHmacSHA + // */ + // public static class PBEWithMacKeyFactory + // extends PBESecretKeyFactory + // { + // public PBEWithMacKeyFactory() + // { + // super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); + // } + // } + // END android-removed + + /** * HMACSHA256 */ public static class KeyGenerator @@ -66,8 +86,15 @@ public class SHA256 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); + // END android-removed + addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); + addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java index c724310..e563579 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -5,12 +5,20 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.digests.SHA384Digest; import org.bouncycastle.crypto.macs.HMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class SHA384 { + private SHA384() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -31,7 +39,7 @@ public class SHA384 } public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -51,6 +59,17 @@ public class SHA384 } } + // BEGIN android-removed + // public static class OldSHA384 + // extends BaseMac + // { + // public OldSHA384() + // { + // super(new OldHMac(new SHA384Digest())); + // } + // } + // END android-removed + public static class Mappings extends DigestAlgorithmProvider { @@ -65,6 +84,9 @@ public class SHA384 provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); + // BEGIN android-removed + // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); + // END android-removed addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java index cae9e7b..903eec1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -4,13 +4,24 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA512tDigest; +// END android-removed import org.bouncycastle.crypto.macs.HMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jce.provider.JCEMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; public class SHA512 { + private SHA512() + { + + } + static public class Digest extends BCMessageDigest implements Cloneable @@ -30,8 +41,47 @@ public class SHA512 } } + // BEGIN android-removed + // static public class DigestT + // extends BCMessageDigest + // implements Cloneable + // { + // public DigestT(int bitLength) + // { + // super(new SHA512tDigest(bitLength)); + // } + // + // public Object clone() + // throws CloneNotSupportedException + // { + // DigestT d = (DigestT)super.clone(); + // d.digest = new SHA512tDigest((SHA512tDigest)digest); + // + // return d; + // } + // } + // + // static public class DigestT224 + // extends DigestT + // { + // public DigestT224() + // { + // super(224); + // } + // } + // + // static public class DigestT256 + // extends DigestT + // { + // public DigestT256() + // { + // super(256); + // } + // } + // END android-removed + public static class HashMac - extends JCEMac + extends BaseMac { public HashMac() { @@ -39,6 +89,38 @@ public class SHA512 } } + // BEGIN android-removed + // public static class HashMacT224 + // extends BaseMac + // { + // public HashMacT224() + // { + // super(new HMac(new SHA512tDigest(224))); + // } + // } + // + // public static class HashMacT256 + // extends BaseMac + // { + // public HashMacT256() + // { + // super(new HMac(new SHA512tDigest(256))); + // } + // } + // + // /** + // * SHA-512 HMac + // */ + // public static class OldSHA512 + // extends BaseMac + // { + // public OldSHA512() + // { + // super(new OldHMac(new SHA512Digest())); + // } + // } + // END android-removed + /** * HMACSHA512 */ @@ -51,6 +133,26 @@ public class SHA512 } } + // BEGIN android-removed + // public static class KeyGeneratorT224 + // extends BaseKeyGenerator + // { + // public KeyGeneratorT224() + // { + // super("HMACSHA512/224", 224, new CipherKeyGenerator()); + // } + // } + // + // public static class KeyGeneratorT256 + // extends BaseKeyGenerator + // { + // public KeyGeneratorT256() + // { + // super("HMACSHA512/256", 256, new CipherKeyGenerator()); + // } + // } + // END android-removed + public static class Mappings extends DigestAlgorithmProvider { @@ -66,8 +168,25 @@ public class SHA512 provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); + // BEGIN android-removed + // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); + // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); + // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); + // + // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); + // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); + // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); + // + // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); + // END android-removed + addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); + + // BEGIN android-removed + // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); + // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); + // END android-removed } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java new file mode 100644 index 0000000..9711426 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java @@ -0,0 +1,29 @@ +package org.bouncycastle.jcajce.provider.keystore; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class BC +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".bc."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std"); + // BEGIN android-removed + // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); + // END android-removed + provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore"); + provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java new file mode 100644 index 0000000..1d4e146 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java @@ -0,0 +1,32 @@ +package org.bouncycastle.jcajce.provider.keystore; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class PKCS12 +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".pkcs12."; + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // BEGIN android-removed + // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); + // + // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); + // + // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); + // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); + // END android-removed + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java new file mode 100644 index 0000000..ea89261 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java @@ -0,0 +1,1061 @@ +package org.bouncycastle.jcajce.provider.keystore.bc; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyStoreException; +import java.security.KeyStoreSpi; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Date; +import java.util.Enumeration; +import java.util.Hashtable; + +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.CipherOutputStream; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.PBEParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.Digest; +import org.bouncycastle.crypto.PBEParametersGenerator; +import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; +import org.bouncycastle.crypto.io.DigestInputStream; +import org.bouncycastle.crypto.io.DigestOutputStream; +import org.bouncycastle.crypto.io.MacInputStream; +import org.bouncycastle.crypto.io.MacOutputStream; +import org.bouncycastle.crypto.macs.HMac; +import org.bouncycastle.jce.interfaces.BCKeyStore; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.io.Streams; +import org.bouncycastle.util.io.TeeOutputStream; + +public class BcKeyStoreSpi + extends KeyStoreSpi + implements BCKeyStore +{ + private static final int STORE_VERSION = 2; + + private static final int STORE_SALT_SIZE = 20; + private static final String STORE_CIPHER = "PBEWithSHAAndTwofish-CBC"; + + private static final int KEY_SALT_SIZE = 20; + private static final int MIN_ITERATIONS = 1024; + + private static final String KEY_CIPHER = "PBEWithSHAAnd3-KeyTripleDES-CBC"; + + // + // generic object types + // + static final int NULL = 0; + static final int CERTIFICATE = 1; + static final int KEY = 2; + static final int SECRET = 3; + static final int SEALED = 4; + + // + // key types + // + static final int KEY_PRIVATE = 0; + static final int KEY_PUBLIC = 1; + static final int KEY_SECRET = 2; + + protected Hashtable table = new Hashtable(); + + protected SecureRandom random = new SecureRandom(); + + protected int version; + + public BcKeyStoreSpi(int version) + { + this.version = version; + } + + private class StoreEntry + { + int type; + String alias; + Object obj; + Certificate[] certChain; + Date date = new Date(); + + StoreEntry( + String alias, + Certificate obj) + { + this.type = CERTIFICATE; + this.alias = alias; + this.obj = obj; + this.certChain = null; + } + + StoreEntry( + String alias, + byte[] obj, + Certificate[] certChain) + { + this.type = SECRET; + this.alias = alias; + this.obj = obj; + this.certChain = certChain; + } + + StoreEntry( + String alias, + Key key, + char[] password, + Certificate[] certChain) + throws Exception + { + this.type = SEALED; + this.alias = alias; + this.certChain = certChain; + + byte[] salt = new byte[KEY_SALT_SIZE]; + + random.setSeed(System.currentTimeMillis()); + random.nextBytes(salt); + + int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); + + + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DataOutputStream dOut = new DataOutputStream(bOut); + + dOut.writeInt(salt.length); + dOut.write(salt); + dOut.writeInt(iterationCount); + + Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); + CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); + + dOut = new DataOutputStream(cOut); + + encodeKey(key, dOut); + + dOut.close(); + + obj = bOut.toByteArray(); + } + + StoreEntry( + String alias, + Date date, + int type, + Object obj) + { + this.alias = alias; + this.date = date; + this.type = type; + this.obj = obj; + } + + StoreEntry( + String alias, + Date date, + int type, + Object obj, + Certificate[] certChain) + { + this.alias = alias; + this.date = date; + this.type = type; + this.obj = obj; + this.certChain = certChain; + } + + int getType() + { + return type; + } + + String getAlias() + { + return alias; + } + + Object getObject() + { + return obj; + } + + Object getObject( + char[] password) + throws NoSuchAlgorithmException, UnrecoverableKeyException + { + if (password == null || password.length == 0) + { + if (obj instanceof Key) + { + return obj; + } + } + + if (type == SEALED) + { + ByteArrayInputStream bIn = new ByteArrayInputStream((byte[])obj); + DataInputStream dIn = new DataInputStream(bIn); + + try + { + byte[] salt = new byte[dIn.readInt()]; + + dIn.readFully(salt); + + int iterationCount = dIn.readInt(); + + Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); + + CipherInputStream cIn = new CipherInputStream(dIn, cipher); + + try + { + return decodeKey(new DataInputStream(cIn)); + } + catch (Exception x) + { + bIn = new ByteArrayInputStream((byte[])obj); + dIn = new DataInputStream(bIn); + + salt = new byte[dIn.readInt()]; + + dIn.readFully(salt); + + iterationCount = dIn.readInt(); + + cipher = makePBECipher("Broken" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); + + cIn = new CipherInputStream(dIn, cipher); + + Key k = null; + + try + { + k = decodeKey(new DataInputStream(cIn)); + } + catch (Exception y) + { + bIn = new ByteArrayInputStream((byte[])obj); + dIn = new DataInputStream(bIn); + + salt = new byte[dIn.readInt()]; + + dIn.readFully(salt); + + iterationCount = dIn.readInt(); + + cipher = makePBECipher("Old" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); + + cIn = new CipherInputStream(dIn, cipher); + + k = decodeKey(new DataInputStream(cIn)); + } + + // + // reencrypt key with correct cipher. + // + if (k != null) + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DataOutputStream dOut = new DataOutputStream(bOut); + + dOut.writeInt(salt.length); + dOut.write(salt); + dOut.writeInt(iterationCount); + + Cipher out = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); + CipherOutputStream cOut = new CipherOutputStream(dOut, out); + + dOut = new DataOutputStream(cOut); + + encodeKey(k, dOut); + + dOut.close(); + + obj = bOut.toByteArray(); + + return k; + } + else + { + throw new UnrecoverableKeyException("no match"); + } + } + } + catch (Exception e) + { + throw new UnrecoverableKeyException("no match"); + } + } + else + { + throw new RuntimeException("forget something!"); + // TODO + // if we get to here key was saved as byte data, which + // according to the docs means it must be a private key + // in EncryptedPrivateKeyInfo (PKCS8 format), later... + // + } + } + + Certificate[] getCertificateChain() + { + return certChain; + } + + Date getDate() + { + return date; + } + } + + private void encodeCertificate( + Certificate cert, + DataOutputStream dOut) + throws IOException + { + try + { + byte[] cEnc = cert.getEncoded(); + + dOut.writeUTF(cert.getType()); + dOut.writeInt(cEnc.length); + dOut.write(cEnc); + } + catch (CertificateEncodingException ex) + { + throw new IOException(ex.toString()); + } + } + + private Certificate decodeCertificate( + DataInputStream dIn) + throws IOException + { + String type = dIn.readUTF(); + byte[] cEnc = new byte[dIn.readInt()]; + + dIn.readFully(cEnc); + + try + { + CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME); + ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc); + + return cFact.generateCertificate(bIn); + } + catch (NoSuchProviderException ex) + { + throw new IOException(ex.toString()); + } + catch (CertificateException ex) + { + throw new IOException(ex.toString()); + } + } + + private void encodeKey( + Key key, + DataOutputStream dOut) + throws IOException + { + byte[] enc = key.getEncoded(); + + if (key instanceof PrivateKey) + { + dOut.write(KEY_PRIVATE); + } + else if (key instanceof PublicKey) + { + dOut.write(KEY_PUBLIC); + } + else + { + dOut.write(KEY_SECRET); + } + + dOut.writeUTF(key.getFormat()); + dOut.writeUTF(key.getAlgorithm()); + dOut.writeInt(enc.length); + dOut.write(enc); + } + + private Key decodeKey( + DataInputStream dIn) + throws IOException + { + int keyType = dIn.read(); + String format = dIn.readUTF(); + String algorithm = dIn.readUTF(); + byte[] enc = new byte[dIn.readInt()]; + KeySpec spec; + + dIn.readFully(enc); + + if (format.equals("PKCS#8") || format.equals("PKCS8")) + { + spec = new PKCS8EncodedKeySpec(enc); + } + else if (format.equals("X.509") || format.equals("X509")) + { + spec = new X509EncodedKeySpec(enc); + } + else if (format.equals("RAW")) + { + return new SecretKeySpec(enc, algorithm); + } + else + { + throw new IOException("Key format " + format + " not recognised!"); + } + + try + { + switch (keyType) + { + case KEY_PRIVATE: + return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(spec); + case KEY_PUBLIC: + return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePublic(spec); + case KEY_SECRET: + return SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generateSecret(spec); + default: + throw new IOException("Key type " + keyType + " not recognised!"); + } + } + catch (Exception e) + { + throw new IOException("Exception creating key: " + e.toString()); + } + } + + protected Cipher makePBECipher( + String algorithm, + int mode, + char[] password, + byte[] salt, + int iterationCount) + throws IOException + { + try + { + PBEKeySpec pbeSpec = new PBEKeySpec(password); + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); + PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); + + Cipher cipher = Cipher.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); + + cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams); + + return cipher; + } + catch (Exception e) + { + throw new IOException("Error initialising store of key store: " + e); + } + } + + public void setRandom( + SecureRandom rand) + { + this.random = rand; + } + + public Enumeration engineAliases() + { + return table.keys(); + } + + public boolean engineContainsAlias( + String alias) + { + return (table.get(alias) != null); + } + + public void engineDeleteEntry( + String alias) + throws KeyStoreException + { + Object entry = table.get(alias); + + if (entry == null) + { + return; + } + + table.remove(alias); + } + + public Certificate engineGetCertificate( + String alias) + { + StoreEntry entry = (StoreEntry)table.get(alias); + + if (entry != null) + { + if (entry.getType() == CERTIFICATE) + { + return (Certificate)entry.getObject(); + } + else + { + Certificate[] chain = entry.getCertificateChain(); + + if (chain != null) + { + return chain[0]; + } + } + } + + return null; + } + + public String engineGetCertificateAlias( + Certificate cert) + { + Enumeration e = table.elements(); + while (e.hasMoreElements()) + { + StoreEntry entry = (StoreEntry)e.nextElement(); + + if (entry.getObject() instanceof Certificate) + { + Certificate c = (Certificate)entry.getObject(); + + if (c.equals(cert)) + { + return entry.getAlias(); + } + } + else + { + Certificate[] chain = entry.getCertificateChain(); + + if (chain != null && chain[0].equals(cert)) + { + return entry.getAlias(); + } + } + } + + return null; + } + + public Certificate[] engineGetCertificateChain( + String alias) + { + StoreEntry entry = (StoreEntry)table.get(alias); + + if (entry != null) + { + return entry.getCertificateChain(); + } + + return null; + } + + public Date engineGetCreationDate(String alias) + { + StoreEntry entry = (StoreEntry)table.get(alias); + + if (entry != null) + { + return entry.getDate(); + } + + return null; + } + + public Key engineGetKey( + String alias, + char[] password) + throws NoSuchAlgorithmException, UnrecoverableKeyException + { + StoreEntry entry = (StoreEntry)table.get(alias); + + if (entry == null || entry.getType() == CERTIFICATE) + { + return null; + } + + return (Key)entry.getObject(password); + } + + public boolean engineIsCertificateEntry( + String alias) + { + StoreEntry entry = (StoreEntry)table.get(alias); + + if (entry != null && entry.getType() == CERTIFICATE) + { + return true; + } + + return false; + } + + public boolean engineIsKeyEntry( + String alias) + { + StoreEntry entry = (StoreEntry)table.get(alias); + + if (entry != null && entry.getType() != CERTIFICATE) + { + return true; + } + + return false; + } + + public void engineSetCertificateEntry( + String alias, + Certificate cert) + throws KeyStoreException + { + StoreEntry entry = (StoreEntry)table.get(alias); + + if (entry != null && entry.getType() != CERTIFICATE) + { + throw new KeyStoreException("key store already has a key entry with alias " + alias); + } + + table.put(alias, new StoreEntry(alias, cert)); + } + + public void engineSetKeyEntry( + String alias, + byte[] key, + Certificate[] chain) + throws KeyStoreException + { + table.put(alias, new StoreEntry(alias, key, chain)); + } + + public void engineSetKeyEntry( + String alias, + Key key, + char[] password, + Certificate[] chain) + throws KeyStoreException + { + if ((key instanceof PrivateKey) && (chain == null)) + { + throw new KeyStoreException("no certificate chain for private key"); + } + + try + { + table.put(alias, new StoreEntry(alias, key, password, chain)); + } + catch (Exception e) + { + throw new KeyStoreException(e.toString()); + } + } + + public int engineSize() + { + return table.size(); + } + + protected void loadStore( + InputStream in) + throws IOException + { + DataInputStream dIn = new DataInputStream(in); + int type = dIn.read(); + + while (type > NULL) + { + String alias = dIn.readUTF(); + Date date = new Date(dIn.readLong()); + int chainLength = dIn.readInt(); + Certificate[] chain = null; + + if (chainLength != 0) + { + chain = new Certificate[chainLength]; + + for (int i = 0; i != chainLength; i++) + { + chain[i] = decodeCertificate(dIn); + } + } + + switch (type) + { + case CERTIFICATE: + Certificate cert = decodeCertificate(dIn); + + table.put(alias, new StoreEntry(alias, date, CERTIFICATE, cert)); + break; + case KEY: + Key key = decodeKey(dIn); + table.put(alias, new StoreEntry(alias, date, KEY, key, chain)); + break; + case SECRET: + case SEALED: + byte[] b = new byte[dIn.readInt()]; + + dIn.readFully(b); + table.put(alias, new StoreEntry(alias, date, type, b, chain)); + break; + default: + throw new RuntimeException("Unknown object type in store."); + } + + type = dIn.read(); + } + } + + protected void saveStore( + OutputStream out) + throws IOException + { + Enumeration e = table.elements(); + DataOutputStream dOut = new DataOutputStream(out); + + while (e.hasMoreElements()) + { + StoreEntry entry = (StoreEntry)e.nextElement(); + + dOut.write(entry.getType()); + dOut.writeUTF(entry.getAlias()); + dOut.writeLong(entry.getDate().getTime()); + + Certificate[] chain = entry.getCertificateChain(); + if (chain == null) + { + dOut.writeInt(0); + } + else + { + dOut.writeInt(chain.length); + for (int i = 0; i != chain.length; i++) + { + encodeCertificate(chain[i], dOut); + } + } + + switch (entry.getType()) + { + case CERTIFICATE: + encodeCertificate((Certificate)entry.getObject(), dOut); + break; + case KEY: + encodeKey((Key)entry.getObject(), dOut); + break; + case SEALED: + case SECRET: + byte[] b = (byte[])entry.getObject(); + + dOut.writeInt(b.length); + dOut.write(b); + break; + default: + throw new RuntimeException("Unknown object type in store."); + } + } + + dOut.write(NULL); + } + + public void engineLoad( + InputStream stream, + char[] password) + throws IOException + { + table.clear(); + + if (stream == null) // just initialising + { + return; + } + + DataInputStream dIn = new DataInputStream(stream); + int version = dIn.readInt(); + + if (version != STORE_VERSION) + { + if (version != 0 && version != 1) + { + throw new IOException("Wrong version of key store."); + } + } + + int saltLength = dIn.readInt(); + if (saltLength <= 0) + { + throw new IOException("Invalid salt detected"); + } + + byte[] salt = new byte[saltLength]; + + dIn.readFully(salt); + + int iterationCount = dIn.readInt(); + + // + // we only do an integrity check if the password is provided. + // + HMac hMac = new HMac(new SHA1Digest()); + if (password != null && password.length != 0) + { + byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); + + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); + pbeGen.init(passKey, salt, iterationCount); + + CipherParameters macParams; + + if (version != 2) + { + macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize()); + } + else + { + macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8); + } + + Arrays.fill(passKey, (byte)0); + + hMac.init(macParams); + MacInputStream mIn = new MacInputStream(dIn, hMac); + + loadStore(mIn); + + // Finalise our mac calculation + byte[] mac = new byte[hMac.getMacSize()]; + hMac.doFinal(mac, 0); + + // TODO Should this actually be reading the remainder of the stream? + // Read the original mac from the stream + byte[] oldMac = new byte[hMac.getMacSize()]; + dIn.readFully(oldMac); + + if (!Arrays.constantTimeAreEqual(mac, oldMac)) + { + table.clear(); + throw new IOException("KeyStore integrity check failed."); + } + } + else + { + loadStore(dIn); + + // TODO Should this actually be reading the remainder of the stream? + // Parse the original mac from the stream too + byte[] oldMac = new byte[hMac.getMacSize()]; + dIn.readFully(oldMac); + } + } + + + public void engineStore(OutputStream stream, char[] password) + throws IOException + { + DataOutputStream dOut = new DataOutputStream(stream); + byte[] salt = new byte[STORE_SALT_SIZE]; + int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); + + random.nextBytes(salt); + + dOut.writeInt(version); + dOut.writeInt(salt.length); + dOut.write(salt); + dOut.writeInt(iterationCount); + + HMac hMac = new HMac(new SHA1Digest()); + MacOutputStream mOut = new MacOutputStream(hMac); + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); + byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); + + pbeGen.init(passKey, salt, iterationCount); + + if (version < 2) + { + hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); + } + else + { + hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); + } + + for (int i = 0; i != passKey.length; i++) + { + passKey[i] = 0; + } + + saveStore(new TeeOutputStream(dOut, mOut)); + + byte[] mac = new byte[hMac.getMacSize()]; + + hMac.doFinal(mac, 0); + + dOut.write(mac); + + dOut.close(); + } + + /** + * the BouncyCastle store. This wont work with the key tool as the + * store is stored encrypted on disk, so the password is mandatory, + * however if you hard drive is in a bad part of town and you absolutely, + * positively, don't want nobody peeking at your things, this is the + * one to use, no problem! After all in a Bouncy Castle nothing can + * touch you. + * + * Also referred to by the alias UBER. + */ + public static class BouncyCastleStore + extends BcKeyStoreSpi + { + public BouncyCastleStore() + { + super(1); + } + + public void engineLoad( + InputStream stream, + char[] password) + throws IOException + { + table.clear(); + + if (stream == null) // just initialising + { + return; + } + + DataInputStream dIn = new DataInputStream(stream); + int version = dIn.readInt(); + + if (version != STORE_VERSION) + { + if (version != 0 && version != 1) + { + throw new IOException("Wrong version of key store."); + } + } + + byte[] salt = new byte[dIn.readInt()]; + + if (salt.length != STORE_SALT_SIZE) + { + throw new IOException("Key store corrupted."); + } + + dIn.readFully(salt); + + int iterationCount = dIn.readInt(); + + if ((iterationCount < 0) || (iterationCount > 4 * MIN_ITERATIONS)) + { + throw new IOException("Key store corrupted."); + } + + String cipherAlg; + if (version == 0) + { + cipherAlg = "Old" + STORE_CIPHER; + } + else + { + cipherAlg = STORE_CIPHER; + } + + Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); + CipherInputStream cIn = new CipherInputStream(dIn, cipher); + + Digest dig = new SHA1Digest(); + DigestInputStream dgIn = new DigestInputStream(cIn, dig); + + this.loadStore(dgIn); + + // Finalise our digest calculation + byte[] hash = new byte[dig.getDigestSize()]; + dig.doFinal(hash, 0); + + // TODO Should this actually be reading the remainder of the stream? + // Read the original digest from the stream + byte[] oldHash = new byte[dig.getDigestSize()]; + Streams.readFully(cIn, oldHash); + + if (!Arrays.constantTimeAreEqual(hash, oldHash)) + { + table.clear(); + throw new IOException("KeyStore integrity check failed."); + } + } + + public void engineStore(OutputStream stream, char[] password) + throws IOException + { + Cipher cipher; + DataOutputStream dOut = new DataOutputStream(stream); + byte[] salt = new byte[STORE_SALT_SIZE]; + int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); + + random.nextBytes(salt); + + dOut.writeInt(version); + dOut.writeInt(salt.length); + dOut.write(salt); + dOut.writeInt(iterationCount); + + cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); + + CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); + DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); + + this.saveStore(new TeeOutputStream(cOut, dgOut)); + + byte[] dig = dgOut.getDigest(); + + cOut.write(dig); + + cOut.close(); + } + } + + public static class Std + extends BcKeyStoreSpi + { + public Std() + { + super(STORE_VERSION); + } + } + + public static class Version1 + extends BcKeyStoreSpi + { + public Version1() + { + super(1); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java new file mode 100644 index 0000000..0d4f0ad --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -0,0 +1,1676 @@ +package org.bouncycastle.jcajce.provider.keystore.pkcs12; + +import java.io.BufferedInputStream; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStore.ProtectionParameter; +import java.security.KeyStoreException; +import java.security.KeyStoreSpi; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Vector; + +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.PBEParameterSpec; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.BEROctetString; +import org.bouncycastle.asn1.BEROutputStream; +import org.bouncycastle.asn1.DERBMPString; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DEROutputStream; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERSet; +import org.bouncycastle.asn1.pkcs.AuthenticatedSafe; +import org.bouncycastle.asn1.pkcs.CertBag; +import org.bouncycastle.asn1.pkcs.ContentInfo; +import org.bouncycastle.asn1.pkcs.EncryptedData; +import org.bouncycastle.asn1.pkcs.MacData; +import org.bouncycastle.asn1.pkcs.PBES2Parameters; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; +import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.Pfx; +import org.bouncycastle.asn1.pkcs.SafeBag; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; +import org.bouncycastle.asn1.x509.DigestInfo; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; +import org.bouncycastle.jcajce.provider.config.PKCS12StoreParameter; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; +import org.bouncycastle.jcajce.provider.util.SecretKeyUtil; +import org.bouncycastle.jce.interfaces.BCKeyStore; +import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.JDKPKCS12StoreParameter; +import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; +import org.bouncycastle.util.encoders.Hex; + +public class PKCS12KeyStoreSpi + extends KeyStoreSpi + implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore +{ + private static final int SALT_SIZE = 20; + private static final int MIN_ITERATIONS = 1024; + + private static final Provider bcProvider = new BouncyCastleProvider(); + + private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(); + private Hashtable localIds = new Hashtable(); + private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(); + private Hashtable chainCerts = new Hashtable(); + private Hashtable keyCerts = new Hashtable(); + + // + // generic object types + // + static final int NULL = 0; + static final int CERTIFICATE = 1; + static final int KEY = 2; + static final int SECRET = 3; + static final int SEALED = 4; + + // + // key types + // + static final int KEY_PRIVATE = 0; + static final int KEY_PUBLIC = 1; + static final int KEY_SECRET = 2; + + protected SecureRandom random = new SecureRandom(); + + // use of final causes problems with JDK 1.2 compiler + private CertificateFactory certFact; + private ASN1ObjectIdentifier keyAlgorithm; + private ASN1ObjectIdentifier certAlgorithm; + + private class CertId + { + byte[] id; + + CertId( + PublicKey key) + { + this.id = createSubjectKeyId(key).getKeyIdentifier(); + } + + CertId( + byte[] id) + { + this.id = id; + } + + public int hashCode() + { + return Arrays.hashCode(id); + } + + public boolean equals( + Object o) + { + if (o == this) + { + return true; + } + + if (!(o instanceof CertId)) + { + return false; + } + + CertId cId = (CertId)o; + + return Arrays.areEqual(id, cId.id); + } + } + + public PKCS12KeyStoreSpi( + Provider provider, + ASN1ObjectIdentifier keyAlgorithm, + ASN1ObjectIdentifier certAlgorithm) + { + this.keyAlgorithm = keyAlgorithm; + this.certAlgorithm = certAlgorithm; + + try + { + if (provider != null) + { + certFact = CertificateFactory.getInstance("X.509", provider); + } + else + { + certFact = CertificateFactory.getInstance("X.509"); + } + } + catch (Exception e) + { + throw new IllegalArgumentException("can't create cert factory - " + e.toString()); + } + } + + private SubjectKeyIdentifier createSubjectKeyId( + PublicKey pubKey) + { + try + { + SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( + (ASN1Sequence)ASN1Primitive.fromByteArray(pubKey.getEncoded())); + + return new SubjectKeyIdentifier(info); + } + catch (Exception e) + { + throw new RuntimeException("error creating key"); + } + } + + public void setRandom( + SecureRandom rand) + { + this.random = rand; + } + + public Enumeration engineAliases() + { + Hashtable tab = new Hashtable(); + + Enumeration e = certs.keys(); + while (e.hasMoreElements()) + { + tab.put(e.nextElement(), "cert"); + } + + e = keys.keys(); + while (e.hasMoreElements()) + { + String a = (String)e.nextElement(); + if (tab.get(a) == null) + { + tab.put(a, "key"); + } + } + + return tab.keys(); + } + + public boolean engineContainsAlias( + String alias) + { + return (certs.get(alias) != null || keys.get(alias) != null); + } + + /** + * this is not quite complete - we should follow up on the chain, a bit + * tricky if a certificate appears in more than one chain... + */ + public void engineDeleteEntry( + String alias) + throws KeyStoreException + { + Key k = (Key)keys.remove(alias); + + Certificate c = (Certificate)certs.remove(alias); + + if (c != null) + { + chainCerts.remove(new CertId(c.getPublicKey())); + } + + if (k != null) + { + String id = (String)localIds.remove(alias); + if (id != null) + { + c = (Certificate)keyCerts.remove(id); + } + if (c != null) + { + chainCerts.remove(new CertId(c.getPublicKey())); + } + } + } + + /** + * simply return the cert for the private key + */ + public Certificate engineGetCertificate( + String alias) + { + if (alias == null) + { + throw new IllegalArgumentException("null alias passed to getCertificate."); + } + + Certificate c = (Certificate)certs.get(alias); + + // + // look up the key table - and try the local key id + // + if (c == null) + { + String id = (String)localIds.get(alias); + if (id != null) + { + c = (Certificate)keyCerts.get(id); + } + else + { + c = (Certificate)keyCerts.get(alias); + } + } + + return c; + } + + public String engineGetCertificateAlias( + Certificate cert) + { + Enumeration c = certs.elements(); + Enumeration k = certs.keys(); + + while (c.hasMoreElements()) + { + Certificate tc = (Certificate)c.nextElement(); + String ta = (String)k.nextElement(); + + if (tc.equals(cert)) + { + return ta; + } + } + + c = keyCerts.elements(); + k = keyCerts.keys(); + + while (c.hasMoreElements()) + { + Certificate tc = (Certificate)c.nextElement(); + String ta = (String)k.nextElement(); + + if (tc.equals(cert)) + { + return ta; + } + } + + return null; + } + + public Certificate[] engineGetCertificateChain( + String alias) + { + if (alias == null) + { + throw new IllegalArgumentException("null alias passed to getCertificateChain."); + } + + if (!engineIsKeyEntry(alias)) + { + return null; + } + + Certificate c = engineGetCertificate(alias); + + if (c != null) + { + Vector cs = new Vector(); + + while (c != null) + { + X509Certificate x509c = (X509Certificate)c; + Certificate nextC = null; + + byte[] bytes = x509c.getExtensionValue(Extension.authorityKeyIdentifier.getId()); + if (bytes != null) + { + try + { + ASN1InputStream aIn = new ASN1InputStream(bytes); + + byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets(); + aIn = new ASN1InputStream(authBytes); + + AuthorityKeyIdentifier id = AuthorityKeyIdentifier.getInstance(aIn.readObject()); + if (id.getKeyIdentifier() != null) + { + nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); + } + + } + catch (IOException e) + { + throw new RuntimeException(e.toString()); + } + } + + if (nextC == null) + { + // + // no authority key id, try the Issuer DN + // + Principal i = x509c.getIssuerDN(); + Principal s = x509c.getSubjectDN(); + + if (!i.equals(s)) + { + Enumeration e = chainCerts.keys(); + + while (e.hasMoreElements()) + { + X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); + Principal sub = crt.getSubjectDN(); + if (sub.equals(i)) + { + try + { + x509c.verify(crt.getPublicKey()); + nextC = crt; + break; + } + catch (Exception ex) + { + // continue + } + } + } + } + } + + cs.addElement(c); + if (nextC != c) // self signed - end of the chain + { + c = nextC; + } + else + { + c = null; + } + } + + Certificate[] certChain = new Certificate[cs.size()]; + + for (int i = 0; i != certChain.length; i++) + { + certChain[i] = (Certificate)cs.elementAt(i); + } + + return certChain; + } + + return null; + } + + public Date engineGetCreationDate(String alias) + { + if (alias == null) + { + throw new NullPointerException("alias == null"); + } + if (keys.get(alias) == null && certs.get(alias) == null) + { + return null; + } + return new Date(); + } + + public Key engineGetKey( + String alias, + char[] password) + throws NoSuchAlgorithmException, UnrecoverableKeyException + { + if (alias == null) + { + throw new IllegalArgumentException("null alias passed to getKey."); + } + + return (Key)keys.get(alias); + } + + public boolean engineIsCertificateEntry( + String alias) + { + return (certs.get(alias) != null && keys.get(alias) == null); + } + + public boolean engineIsKeyEntry( + String alias) + { + return (keys.get(alias) != null); + } + + public void engineSetCertificateEntry( + String alias, + Certificate cert) + throws KeyStoreException + { + if (keys.get(alias) != null) + { + throw new KeyStoreException("There is a key entry with the name " + alias + "."); + } + + certs.put(alias, cert); + chainCerts.put(new CertId(cert.getPublicKey()), cert); + } + + public void engineSetKeyEntry( + String alias, + byte[] key, + Certificate[] chain) + throws KeyStoreException + { + throw new RuntimeException("operation not supported"); + } + + public void engineSetKeyEntry( + String alias, + Key key, + char[] password, + Certificate[] chain) + throws KeyStoreException + { + if (!(key instanceof PrivateKey)) + { + throw new KeyStoreException("PKCS12 does not support non-PrivateKeys"); + } + + if ((key instanceof PrivateKey) && (chain == null)) + { + throw new KeyStoreException("no certificate chain for private key"); + } + + if (keys.get(alias) != null) + { + engineDeleteEntry(alias); + } + + keys.put(alias, key); + if (chain != null) + { + certs.put(alias, chain[0]); + + for (int i = 0; i != chain.length; i++) + { + chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]); + } + } + } + + public int engineSize() + { + Hashtable tab = new Hashtable(); + + Enumeration e = certs.keys(); + while (e.hasMoreElements()) + { + tab.put(e.nextElement(), "cert"); + } + + e = keys.keys(); + while (e.hasMoreElements()) + { + String a = (String)e.nextElement(); + if (tab.get(a) == null) + { + tab.put(a, "key"); + } + } + + return tab.size(); + } + + protected PrivateKey unwrapKey( + AlgorithmIdentifier algId, + byte[] data, + char[] password, + boolean wrongPKCS12Zero) + throws IOException + { + ASN1ObjectIdentifier algorithm = algId.getAlgorithm(); + try + { + if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) + { + PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); + + PBEKeySpec pbeSpec = new PBEKeySpec(password); + PrivateKey out; + + SecretKeyFactory keyFact = SecretKeyFactory.getInstance( + algorithm.getId(), bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec( + pbeParams.getIV(), + pbeParams.getIterations().intValue()); + + SecretKey k = keyFact.generateSecret(pbeSpec); + + ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); + + Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider); + + cipher.init(Cipher.UNWRAP_MODE, k, defParams); + + // we pass "" as the key algorithm type as it is unknown at this point + return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + } + else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) + { + PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters()); + PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); + + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider); + + SecretKey k = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), SecretKeyUtil.getKeySize(alg.getEncryptionScheme().getAlgorithm()))); + + Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId(), bcProvider); + + cipher.init(Cipher.UNWRAP_MODE, k, new IvParameterSpec(ASN1OctetString.getInstance(alg.getEncryptionScheme().getParameters()).getOctets())); + + // we pass "" as the key algorithm type as it is unknown at this point + return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); + } + } + catch (Exception e) + { + throw new IOException("exception unwrapping private key - " + e.toString()); + } + + throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm); + } + + protected byte[] wrapKey( + String algorithm, + Key key, + PKCS12PBEParams pbeParams, + char[] password) + throws IOException + { + PBEKeySpec pbeSpec = new PBEKeySpec(password); + byte[] out; + + try + { + SecretKeyFactory keyFact = SecretKeyFactory.getInstance( + algorithm, bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec( + pbeParams.getIV(), + pbeParams.getIterations().intValue()); + + Cipher cipher = Cipher.getInstance(algorithm, bcProvider); + + cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams); + + out = cipher.wrap(key); + } + catch (Exception e) + { + throw new IOException("exception encrypting data - " + e.toString()); + } + + return out; + } + + protected byte[] cryptData( + boolean forEncryption, + AlgorithmIdentifier algId, + char[] password, + boolean wrongPKCS12Zero, + byte[] data) + throws IOException + { + String algorithm = algId.getAlgorithm().getId(); + PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); + PBEKeySpec pbeSpec = new PBEKeySpec(password); + + try + { + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec( + pbeParams.getIV(), + pbeParams.getIterations().intValue()); + BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); + + key.setTryWrongPKCS12Zero(wrongPKCS12Zero); + + Cipher cipher = Cipher.getInstance(algorithm, bcProvider); + int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE; + cipher.init(mode, key, defParams); + return cipher.doFinal(data); + } + catch (Exception e) + { + throw new IOException("exception decrypting data - " + e.toString()); + } + } + + public void engineLoad( + InputStream stream, + char[] password) + throws IOException + { + if (stream == null) // just initialising + { + return; + } + + if (password == null) + { + throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); + } + + BufferedInputStream bufIn = new BufferedInputStream(stream); + + bufIn.mark(10); + + int head = bufIn.read(); + + if (head != 0x30) + { + throw new IOException("stream does not represent a PKCS12 key store"); + } + + bufIn.reset(); + + ASN1InputStream bIn = new ASN1InputStream(bufIn); + ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); + Pfx bag = Pfx.getInstance(obj); + ContentInfo info = bag.getAuthSafe(); + Vector chain = new Vector(); + boolean unmarkedKey = false; + boolean wrongPKCS12Zero = false; + + if (bag.getMacData() != null) // check the mac code + { + MacData mData = bag.getMacData(); + DigestInfo dInfo = mData.getMac(); + AlgorithmIdentifier algId = dInfo.getAlgorithmId(); + byte[] salt = mData.getSalt(); + int itCount = mData.getIterationCount().intValue(); + + byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); + + try + { + byte[] res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, false, data); + byte[] dig = dInfo.getDigest(); + + if (!Arrays.constantTimeAreEqual(res, dig)) + { + if (password.length > 0) + { + throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); + } + + // Try with incorrect zero length password + res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, true, data); + + if (!Arrays.constantTimeAreEqual(res, dig)) + { + throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); + } + + wrongPKCS12Zero = true; + } + } + catch (IOException e) + { + throw e; + } + catch (Exception e) + { + throw new IOException("error constructing MAC: " + e.toString()); + } + } + + keys = new IgnoresCaseHashtable(); + localIds = new Hashtable(); + + if (info.getContentType().equals(data)) + { + bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); + + AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); + ContentInfo[] c = authSafe.getContentInfo(); + + for (int i = 0; i != c.length; i++) + { + if (c[i].getContentType().equals(data)) + { + ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets()); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + + for (int j = 0; j != seq.size(); j++) + { + SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); + if (b.getBagId().equals(pkcs8ShroudedKeyBag)) + { + org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); + PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); + + // + // set the attributes on the key + // + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; + + if (b.getBagAttributes() != null) + { + Enumeration e = b.getBagAttributes().getObjects(); + while (e.hasMoreElements()) + { + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; + + if (attrSet.size() > 0) + { + attr = (ASN1Primitive)attrSet.getObjectAt(0); + + ASN1Encodable existing = bagAttr.getBagAttribute(aOid); + if (existing != null) + { + // OK, but the value has to be the same + if (!existing.toASN1Primitive().equals(attr)) + { + throw new IOException( + "attempt to add existing attribute with different value"); + } + } + else + { + bagAttr.setBagAttribute(aOid, attr); + } + } + + if (aOid.equals(pkcs_9_at_friendlyName)) + { + alias = ((DERBMPString)attr).getString(); + keys.put(alias, privKey); + } + else if (aOid.equals(pkcs_9_at_localKeyId)) + { + localId = (ASN1OctetString)attr; + } + } + } + + if (localId != null) + { + String name = new String(Hex.encode(localId.getOctets())); + + if (alias == null) + { + keys.put(name, privKey); + } + else + { + localIds.put(alias, name); + } + } + else + { + unmarkedKey = true; + keys.put("unmarked", privKey); + } + } + else if (b.getBagId().equals(certBag)) + { + chain.addElement(b); + } + else + { + System.out.println("extra in data " + b.getBagId()); + System.out.println(ASN1Dump.dumpAsString(b)); + } + } + } + else if (c[i].getContentType().equals(encryptedData)) + { + EncryptedData d = EncryptedData.getInstance(c[i].getContent()); + byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), + password, wrongPKCS12Zero, d.getContent().getOctets()); + ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(octets); + + for (int j = 0; j != seq.size(); j++) + { + SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); + + if (b.getBagId().equals(certBag)) + { + chain.addElement(b); + } + else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) + { + org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); + PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); + + // + // set the attributes on the key + // + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; + + Enumeration e = b.getBagAttributes().getObjects(); + while (e.hasMoreElements()) + { + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; + + if (attrSet.size() > 0) + { + attr = (ASN1Primitive)attrSet.getObjectAt(0); + + ASN1Encodable existing = bagAttr.getBagAttribute(aOid); + if (existing != null) + { + // OK, but the value has to be the same + if (!existing.toASN1Primitive().equals(attr)) + { + throw new IOException( + "attempt to add existing attribute with different value"); + } + } + else + { + bagAttr.setBagAttribute(aOid, attr); + } + } + + if (aOid.equals(pkcs_9_at_friendlyName)) + { + alias = ((DERBMPString)attr).getString(); + keys.put(alias, privKey); + } + else if (aOid.equals(pkcs_9_at_localKeyId)) + { + localId = (ASN1OctetString)attr; + } + } + + String name = new String(Hex.encode(localId.getOctets())); + + if (alias == null) + { + keys.put(name, privKey); + } + else + { + localIds.put(alias, name); + } + } + else if (b.getBagId().equals(keyBag)) + { + org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(b.getBagValue()); + PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); + + // + // set the attributes on the key + // + PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; + String alias = null; + ASN1OctetString localId = null; + + Enumeration e = b.getBagAttributes().getObjects(); + while (e.hasMoreElements()) + { + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); + ASN1Primitive attr = null; + + if (attrSet.size() > 0) + { + attr = (ASN1Primitive)attrSet.getObjectAt(0); + + ASN1Encodable existing = bagAttr.getBagAttribute(aOid); + if (existing != null) + { + // OK, but the value has to be the same + if (!existing.toASN1Primitive().equals(attr)) + { + throw new IOException( + "attempt to add existing attribute with different value"); + } + } + else + { + bagAttr.setBagAttribute(aOid, attr); + } + } + + if (aOid.equals(pkcs_9_at_friendlyName)) + { + alias = ((DERBMPString)attr).getString(); + keys.put(alias, privKey); + } + else if (aOid.equals(pkcs_9_at_localKeyId)) + { + localId = (ASN1OctetString)attr; + } + } + + String name = new String(Hex.encode(localId.getOctets())); + + if (alias == null) + { + keys.put(name, privKey); + } + else + { + localIds.put(alias, name); + } + } + else + { + System.out.println("extra in encryptedData " + b.getBagId()); + System.out.println(ASN1Dump.dumpAsString(b)); + } + } + } + else + { + System.out.println("extra " + c[i].getContentType().getId()); + System.out.println("extra " + ASN1Dump.dumpAsString(c[i].getContent())); + } + } + } + + certs = new IgnoresCaseHashtable(); + chainCerts = new Hashtable(); + keyCerts = new Hashtable(); + + for (int i = 0; i != chain.size(); i++) + { + SafeBag b = (SafeBag)chain.elementAt(i); + CertBag cb = CertBag.getInstance(b.getBagValue()); + + if (!cb.getCertId().equals(x509Certificate)) + { + throw new RuntimeException("Unsupported certificate type: " + cb.getCertId()); + } + + Certificate cert; + + try + { + ByteArrayInputStream cIn = new ByteArrayInputStream( + ((ASN1OctetString)cb.getCertValue()).getOctets()); + cert = certFact.generateCertificate(cIn); + } + catch (Exception e) + { + throw new RuntimeException(e.toString()); + } + + // + // set the attributes + // + ASN1OctetString localId = null; + String alias = null; + + if (b.getBagAttributes() != null) + { + Enumeration e = b.getBagAttributes().getObjects(); + while (e.hasMoreElements()) + { + ASN1Sequence sq = (ASN1Sequence)e.nextElement(); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0); + ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); + PKCS12BagAttributeCarrier bagAttr = null; + + if (cert instanceof PKCS12BagAttributeCarrier) + { + bagAttr = (PKCS12BagAttributeCarrier)cert; + + ASN1Encodable existing = bagAttr.getBagAttribute(oid); + if (existing != null) + { + // OK, but the value has to be the same + if (!existing.toASN1Primitive().equals(attr)) + { + throw new IOException( + "attempt to add existing attribute with different value"); + } + } + else + { + bagAttr.setBagAttribute(oid, attr); + } + } + + if (oid.equals(pkcs_9_at_friendlyName)) + { + alias = ((DERBMPString)attr).getString(); + } + else if (oid.equals(pkcs_9_at_localKeyId)) + { + localId = (ASN1OctetString)attr; + } + } + } + + chainCerts.put(new CertId(cert.getPublicKey()), cert); + + if (unmarkedKey) + { + if (keyCerts.isEmpty()) + { + String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); + + keyCerts.put(name, cert); + keys.put(name, keys.remove("unmarked")); + } + } + else + { + // + // the local key id needs to override the friendly name + // + if (localId != null) + { + String name = new String(Hex.encode(localId.getOctets())); + + keyCerts.put(name, cert); + } + if (alias != null) + { + certs.put(alias, cert); + } + } + } + } + + public void engineStore(LoadStoreParameter param) + throws IOException, + NoSuchAlgorithmException, CertificateException + { + if (param == null) + { + throw new IllegalArgumentException("'param' arg cannot be null"); + } + + if (!(param instanceof PKCS12StoreParameter || param instanceof JDKPKCS12StoreParameter)) + { + throw new IllegalArgumentException( + "No support for 'param' of type " + param.getClass().getName()); + } + + PKCS12StoreParameter bcParam; + + if (param instanceof PKCS12StoreParameter) + { + bcParam = (PKCS12StoreParameter)param; + } + else + { + bcParam = new PKCS12StoreParameter(((JDKPKCS12StoreParameter)param).getOutputStream(), + param.getProtectionParameter(), ((JDKPKCS12StoreParameter)param).isUseDEREncoding()); + } + + char[] password; + ProtectionParameter protParam = param.getProtectionParameter(); + if (protParam == null) + { + password = null; + } + else if (protParam instanceof KeyStore.PasswordProtection) + { + password = ((KeyStore.PasswordProtection)protParam).getPassword(); + } + else + { + throw new IllegalArgumentException( + "No support for protection parameter of type " + protParam.getClass().getName()); + } + + doStore(bcParam.getOutputStream(), password, bcParam.isForDEREncoding()); + } + + public void engineStore(OutputStream stream, char[] password) + throws IOException + { + doStore(stream, password, false); + } + + private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) + throws IOException + { + if (password == null) + { + throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); + } + + // + // handle the key + // + ASN1EncodableVector keyS = new ASN1EncodableVector(); + + + Enumeration ks = keys.keys(); + + while (ks.hasMoreElements()) + { + byte[] kSalt = new byte[SALT_SIZE]; + + random.nextBytes(kSalt); + + String name = (String)ks.nextElement(); + PrivateKey privKey = (PrivateKey)keys.get(name); + PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); + byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); + AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); + org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); + boolean attrSet = false; + ASN1EncodableVector kName = new ASN1EncodableVector(); + + if (privKey instanceof PKCS12BagAttributeCarrier) + { + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; + // + // make sure we are using the local alias on store + // + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + if (nm == null || !nm.getString().equals(name)) + { + bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); + } + + // + // make sure we have a local key-id + // + if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) + { + Certificate ct = engineGetCertificate(name); + + bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); + } + + Enumeration e = bagAttrs.getBagAttributeKeys(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + ASN1EncodableVector kSeq = new ASN1EncodableVector(); + + kSeq.add(oid); + kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); + + attrSet = true; + + kName.add(new DERSequence(kSeq)); + } + } + + if (!attrSet) + { + // + // set a default friendly name (from the key id) and local id + // + ASN1EncodableVector kSeq = new ASN1EncodableVector(); + Certificate ct = engineGetCertificate(name); + + kSeq.add(pkcs_9_at_localKeyId); + kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); + + kName.add(new DERSequence(kSeq)); + + kSeq = new ASN1EncodableVector(); + + kSeq.add(pkcs_9_at_friendlyName); + kSeq.add(new DERSet(new DERBMPString(name))); + + kName.add(new DERSequence(kSeq)); + } + + SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); + keyS.add(kBag); + } + + byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); + BEROctetString keyString = new BEROctetString(keySEncoded); + + // + // certificate processing + // + byte[] cSalt = new byte[SALT_SIZE]; + + random.nextBytes(cSalt); + + ASN1EncodableVector certSeq = new ASN1EncodableVector(); + PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); + AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); + Hashtable doneCerts = new Hashtable(); + + Enumeration cs = keys.keys(); + while (cs.hasMoreElements()) + { + try + { + String name = (String)cs.nextElement(); + Certificate cert = engineGetCertificate(name); + boolean cAttrSet = false; + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); + ASN1EncodableVector fName = new ASN1EncodableVector(); + + if (cert instanceof PKCS12BagAttributeCarrier) + { + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + // + // make sure we are using the local alias on store + // + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + if (nm == null || !nm.getString().equals(name)) + { + bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); + } + + // + // make sure we have a local key-id + // + if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) + { + bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey())); + } + + Enumeration e = bagAttrs.getBagAttributeKeys(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + ASN1EncodableVector fSeq = new ASN1EncodableVector(); + + fSeq.add(oid); + fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); + fName.add(new DERSequence(fSeq)); + + cAttrSet = true; + } + } + + if (!cAttrSet) + { + ASN1EncodableVector fSeq = new ASN1EncodableVector(); + + fSeq.add(pkcs_9_at_localKeyId); + fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey()))); + fName.add(new DERSequence(fSeq)); + + fSeq = new ASN1EncodableVector(); + + fSeq.add(pkcs_9_at_friendlyName); + fSeq.add(new DERSet(new DERBMPString(name))); + + fName.add(new DERSequence(fSeq)); + } + + SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); + + certSeq.add(sBag); + + doneCerts.put(cert, cert); + } + catch (CertificateEncodingException e) + { + throw new IOException("Error encoding certificate: " + e.toString()); + } + } + + cs = certs.keys(); + while (cs.hasMoreElements()) + { + try + { + String certId = (String)cs.nextElement(); + Certificate cert = (Certificate)certs.get(certId); + boolean cAttrSet = false; + + if (keys.get(certId) != null) + { + continue; + } + + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); + ASN1EncodableVector fName = new ASN1EncodableVector(); + + if (cert instanceof PKCS12BagAttributeCarrier) + { + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + // + // make sure we are using the local alias on store + // + DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); + if (nm == null || !nm.getString().equals(certId)) + { + bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId)); + } + + Enumeration e = bagAttrs.getBagAttributeKeys(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + + // a certificate not immediately linked to a key doesn't require + // a localKeyID and will confuse some PKCS12 implementations. + // + // If we find one, we'll prune it out. + if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) + { + continue; + } + + ASN1EncodableVector fSeq = new ASN1EncodableVector(); + + fSeq.add(oid); + fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); + fName.add(new DERSequence(fSeq)); + + cAttrSet = true; + } + } + + if (!cAttrSet) + { + ASN1EncodableVector fSeq = new ASN1EncodableVector(); + + fSeq.add(pkcs_9_at_friendlyName); + fSeq.add(new DERSet(new DERBMPString(certId))); + + fName.add(new DERSequence(fSeq)); + } + + SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); + + certSeq.add(sBag); + + doneCerts.put(cert, cert); + } + catch (CertificateEncodingException e) + { + throw new IOException("Error encoding certificate: " + e.toString()); + } + } + + cs = chainCerts.keys(); + while (cs.hasMoreElements()) + { + try + { + CertId certId = (CertId)cs.nextElement(); + Certificate cert = (Certificate)chainCerts.get(certId); + + if (doneCerts.get(cert) != null) + { + continue; + } + + CertBag cBag = new CertBag( + x509Certificate, + new DEROctetString(cert.getEncoded())); + ASN1EncodableVector fName = new ASN1EncodableVector(); + + if (cert instanceof PKCS12BagAttributeCarrier) + { + PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; + Enumeration e = bagAttrs.getBagAttributeKeys(); + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + + // a certificate not immediately linked to a key doesn't require + // a localKeyID and will confuse some PKCS12 implementations. + // + // If we find one, we'll prune it out. + if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) + { + continue; + } + + ASN1EncodableVector fSeq = new ASN1EncodableVector(); + + fSeq.add(oid); + fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); + fName.add(new DERSequence(fSeq)); + } + } + + SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); + + certSeq.add(sBag); + } + catch (CertificateEncodingException e) + { + throw new IOException("Error encoding certificate: " + e.toString()); + } + } + + byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); + byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); + EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes)); + + ContentInfo[] info = new ContentInfo[] + { + new ContentInfo(data, keyString), + new ContentInfo(encryptedData, cInfo.toASN1Primitive()) + }; + + AuthenticatedSafe auth = new AuthenticatedSafe(info); + + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream asn1Out; + if (useDEREncoding) + { + asn1Out = new DEROutputStream(bOut); + } + else + { + asn1Out = new BEROutputStream(bOut); + } + + asn1Out.writeObject(auth); + + byte[] pkg = bOut.toByteArray(); + + ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg)); + + // + // create the mac + // + byte[] mSalt = new byte[20]; + int itCount = MIN_ITERATIONS; + + random.nextBytes(mSalt); + + byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); + + MacData mData; + + try + { + byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); + + AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); + DigestInfo dInfo = new DigestInfo(algId, res); + + mData = new MacData(dInfo, mSalt, itCount); + } + catch (Exception e) + { + throw new IOException("error constructing MAC: " + e.toString()); + } + + // + // output the Pfx + // + Pfx pfx = new Pfx(mainInfo, mData); + + if (useDEREncoding) + { + asn1Out = new DEROutputStream(stream); + } + else + { + asn1Out = new BEROutputStream(stream); + } + + asn1Out.writeObject(pfx); + } + + private static byte[] calculatePbeMac( + ASN1ObjectIdentifier oid, + byte[] salt, + int itCount, + char[] password, + boolean wrongPkcs12Zero, + byte[] data) + throws Exception + { + SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); + PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); + PBEKeySpec pbeSpec = new PBEKeySpec(password); + BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); + key.setTryWrongPKCS12Zero(wrongPkcs12Zero); + + Mac mac = Mac.getInstance(oid.getId(), bcProvider); + mac.init(key, defParams); + mac.update(data); + return mac.doFinal(); + } + + public static class BCPKCS12KeyStore + extends PKCS12KeyStoreSpi + { + public BCPKCS12KeyStore() + { + super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); + } + } + + // BEGIN android-removed + // public static class BCPKCS12KeyStore3DES + // extends PKCS12KeyStoreSpi + // { + // public BCPKCS12KeyStore3DES() + // { + // super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); + // } + // } + // + // public static class DefPKCS12KeyStore + // extends PKCS12KeyStoreSpi + // { + // public DefPKCS12KeyStore() + // { + // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); + // } + // } + // + // public static class DefPKCS12KeyStore3DES + // extends PKCS12KeyStoreSpi + // { + // public DefPKCS12KeyStore3DES() + // { + // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); + // } + // } + // END android-removed + + private static class IgnoresCaseHashtable + { + private Hashtable orig = new Hashtable(); + private Hashtable keys = new Hashtable(); + + public void put(String key, Object value) + { + String lower = (key == null) ? null : Strings.toLowerCase(key); + String k = (String)keys.get(lower); + if (k != null) + { + orig.remove(k); + } + + keys.put(lower, key); + orig.put(key, value); + } + + public Enumeration keys() + { + return orig.keys(); + } + + public Object remove(String alias) + { + String k = (String)keys.remove(alias == null ? null : Strings.toLowerCase(alias)); + if (k == null) + { + return null; + } + + return orig.remove(k); + } + + public Object get(String alias) + { + String k = (String)keys.get(alias == null ? null : Strings.toLowerCase(alias)); + if (k == null) + { + return null; + } + + return orig.get(k); + } + + public Enumeration elements() + { + return orig.elements(); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java index 1e12ee3..f561b8a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -11,7 +11,9 @@ import java.security.SecureRandom; // import javax.crypto.spec.IvParameterSpec; // END android-removed +import org.bouncycastle.asn1.bc.BCObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.AESFastEngine; @@ -19,9 +21,11 @@ import org.bouncycastle.crypto.engines.AESWrapEngine; // BEGIN android-removed // import org.bouncycastle.crypto.engines.RFC3211WrapEngine; // import org.bouncycastle.crypto.macs.CMac; +// import org.bouncycastle.crypto.macs.GMac; // END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; +import org.bouncycastle.crypto.modes.GCMBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; // BEGIN android-removed @@ -33,8 +37,9 @@ import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; // END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; // BEGIN android-removed // import org.bouncycastle.jce.provider.BouncyCastleProvider; // END android-removed @@ -50,7 +55,13 @@ public final class AES { public ECB() { - super(new AESFastEngine()); + super(new BlockCipherProvider() + { + public BlockCipher get() + { + return new AESFastEngine(); + } + }); } } @@ -90,8 +101,17 @@ public final class AES // super(new CMac(new AESFastEngine())); // } // } + // + // public static class AESGMAC + // extends BaseMac + // { + // public AESGMAC() + // { + // super(new GMac(new GCMBlockCipher(new AESFastEngine()))); + // } + // } // END android-removed - + static public class Wrap extends BaseWrapCipher { @@ -112,6 +132,19 @@ public final class AES // } // END android-removed + + /** + * PBEWithAES-CBC + */ + static public class PBEWithAESCBC + extends BaseBlockCipher + { + public PBEWithAESCBC() + { + super(new CBCBlockCipher(new AESFastEngine())); + } + } + public static class KeyGen extends BaseKeyGenerator { @@ -153,7 +186,117 @@ public final class AES // super(256); // } // } - // + // END android-removed + + /** + * PBEWithSHA1And128BitAES-BC + */ + static public class PBEWithSHAAnd128BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitAESBC() + { + super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); + } + } + + /** + * PBEWithSHA1And192BitAES-BC + */ + static public class PBEWithSHAAnd192BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd192BitAESBC() + { + super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); + } + } + + /** + * PBEWithSHA1And256BitAES-BC + */ + static public class PBEWithSHAAnd256BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHAAnd256BitAESBC() + { + super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); + } + } + + /** + * PBEWithSHA256And128BitAES-BC + */ + static public class PBEWithSHA256And128BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And128BitAESBC() + { + super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); + } + } + + /** + * PBEWithSHA256And192BitAES-BC + */ + static public class PBEWithSHA256And192BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And192BitAESBC() + { + super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); + } + } + + /** + * PBEWithSHA256And256BitAES-BC + */ + static public class PBEWithSHA256And256BitAESBC + extends PBESecretKeyFactory + { + public PBEWithSHA256And256BitAESBC() + { + super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); + } + } + + /** + * PBEWithMD5And128BitAES-OpenSSL + */ + static public class PBEWithMD5And128BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And128BitAESCBCOpenSSL() + { + super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); + } + } + + /** + * PBEWithMD5And192BitAES-OpenSSL + */ + static public class PBEWithMD5And192BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And192BitAESCBCOpenSSL() + { + super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); + } + } + + /** + * PBEWithMD5And256BitAES-OpenSSL + */ + static public class PBEWithMD5And256BitAESCBCOpenSSL + extends PBESecretKeyFactory + { + public PBEWithMD5And256BitAESCBCOpenSSL() + { + super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); + } + } + + // BEGIN android-removed // public static class AlgParamGen // extends BaseAlgorithmParameterGenerator // { @@ -203,7 +346,7 @@ public final class AES } public static class Mappings - extends AlgorithmProvider + extends SymmetricAlgorithmProvider { private static final String PREFIX = AES.class.getName(); @@ -290,6 +433,87 @@ public final class AES // // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); + + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + provider.addAlgorithm("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And128BitAESCBCOpenSSL"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And192BitAESCBCOpenSSL"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And256BitAESCBCOpenSSL"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd128BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd192BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd256BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And128BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And192BitAESBC"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And256BitAESBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); + + // BEGIN android-removed + // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); + // END android-removed } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java index 1bbdae7..9de8ef0 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java @@ -1,10 +1,12 @@ package org.bouncycastle.jcajce.provider.symmetric; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.RC4Engine; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; public final class ARC4 @@ -33,6 +35,55 @@ public final class ARC4 } } + /** + * PBEWithSHAAnd128BitRC4 + */ + static public class PBEWithSHAAnd128BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitKeyFactory() + { + super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); + } + } + + /** + * PBEWithSHAAnd40BitRC4 + */ + static public class PBEWithSHAAnd40BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd40BitKeyFactory() + { + super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); + } + } + + + /** + * PBEWithSHAAnd128BitRC4 + */ + static public class PBEWithSHAAnd128Bit + extends BaseStreamCipher + { + public PBEWithSHAAnd128Bit() + { + super(new RC4Engine(), 0); + } + } + + /** + * PBEWithSHAAnd40BitRC4 + */ + static public class PBEWithSHAAnd40Bit + extends BaseStreamCipher + { + public PBEWithSHAAnd40Bit() + { + super(new RC4Engine(), 0); + } + } + public static class Mappings extends AlgorithmProvider { @@ -44,15 +95,32 @@ public final class ARC4 public void configure(ConfigurableProvider provider) { - provider.addAlgorithm("Cipher.ARC4", PREFIX + "$Base"); - provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.rc4, "ARC4"); provider.addAlgorithm("Alg.Alias.Cipher.ARCFOUR", "ARC4"); provider.addAlgorithm("Alg.Alias.Cipher.RC4", "ARC4"); provider.addAlgorithm("KeyGenerator.ARC4", PREFIX + "$KeyGen"); provider.addAlgorithm("Alg.Alias.KeyGenerator.RC4", "ARC4"); provider.addAlgorithm("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128Bit"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40Bit"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); + + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java index 3ba874c..6d5c5e8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java @@ -10,10 +10,13 @@ import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.KeyGenerationParameters; import org.bouncycastle.crypto.engines.DESEngine; // BEGIN android-removed @@ -24,16 +27,22 @@ import org.bouncycastle.crypto.macs.CBCBlockCipherMac; // BEGIN android-removed // import org.bouncycastle.crypto.macs.CFBBlockCipherMac; // import org.bouncycastle.crypto.macs.CMac; +// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; // END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; +import org.bouncycastle.crypto.params.DESParameters; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.PBE; import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -52,16 +61,16 @@ public final class DES } } + static public class CBC + extends BaseBlockCipher + { + public CBC() + { + super(new CBCBlockCipher(new DESEngine()), 64); + } + } + // BEGIN android-removed - // static public class CBC - // extends BaseBlockCipher - // { - // public CBC() - // { - // super(new CBCBlockCipher(new DESEngine()), 64); - // } - // } - // // /** // * DES CFB8 // */ @@ -73,46 +82,72 @@ public final class DES // super(new CFBBlockCipherMac(new DESEngine())); // } // } - // - // /** - // * DES64 - // */ - // public static class DES64 + // END android-removed + + /** + * DES64 + */ + public static class DES64 + extends BaseMac + { + public DES64() + { + super(new CBCBlockCipherMac(new DESEngine(), 64)); + } + } + + /** + * DES64with7816-4Padding + */ + public static class DES64with7816d4 + extends BaseMac + { + public DES64with7816d4() + { + super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); + } + } + + public static class CBCMAC + extends BaseMac + { + public CBCMAC() + { + super(new CBCBlockCipherMac(new DESEngine())); + } + } + + // BEGIN android-removed + // static public class CMAC // extends BaseMac // { - // public DES64() + // public CMAC() // { - // super(new CBCBlockCipherMac(new DESEngine(), 64)); + // super(new CMac(new DESEngine())); // } // } // // /** - // * DES64with7816-4Padding + // * DES9797Alg3with7816-4Padding // */ - // public static class DES64with7816d4 - // extends BaseMac - // { - // public DES64with7816d4() - // { - // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); - // } - // } - // - // public static class CBCMAC + // public static class DES9797Alg3with7816d4 // extends BaseMac // { - // public CBCMAC() + // public DES9797Alg3with7816d4() // { - // super(new CBCBlockCipherMac(new DESEngine())); + // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); // } // } // - // static public class CMAC + // /** + // * DES9797Alg3 + // */ + // public static class DES9797Alg3 // extends BaseMac // { - // public CMAC() + // public DES9797Alg3() // { - // super(new CMac(new DESEngine())); + // super(new ISO9797Alg3Mac(new DESEngine())); // } // } // @@ -124,46 +159,46 @@ public final class DES // super(new RFC3211WrapEngine(new DESEngine()), 8); // } // } - // - // public static class AlgParamGen - // extends BaseAlgorithmParameterGenerator - // { - // protected void engineInit( - // AlgorithmParameterSpec genParamSpec, - // SecureRandom random) - // throws InvalidAlgorithmParameterException - // { - // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - // } - // - // protected AlgorithmParameters engineGenerateParameters() - // { - // byte[] iv = new byte[8]; - // - // if (random == null) - // { - // random = new SecureRandom(); - // } - // - // random.nextBytes(iv); - // - // AlgorithmParameters params; - // - // try - // { - // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - // params.init(new IvParameterSpec(iv)); - // } - // catch (Exception e) - // { - // throw new RuntimeException(e.getMessage()); - // } - // - // return params; - // } - // } // END android-removed + public static class AlgParamGen + extends BaseAlgorithmParameterGenerator + { + protected void engineInit( + AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + } + + protected AlgorithmParameters engineGenerateParameters() + { + byte[] iv = new byte[8]; + + if (random == null) + { + random = new SecureRandom(); + } + + random.nextBytes(iv); + + AlgorithmParameters params; + + try + { + params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); + params.init(new IvParameterSpec(iv)); + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage()); + } + + return params; + } + } + /** * DES - the default for this is to generate a key in * a-b-a format that's 24 bytes long but has 16 bytes of @@ -255,6 +290,151 @@ public final class DES } } + static public class DESPBEKeyFactory + extends BaseSecretKeyFactory + { + private boolean forCipher; + private int scheme; + private int digest; + private int keySize; + private int ivSize; + + public DESPBEKeyFactory( + String algorithm, + ASN1ObjectIdentifier oid, + boolean forCipher, + int scheme, + int digest, + int keySize, + int ivSize) + { + super(algorithm, oid); + + this.forCipher = forCipher; + this.scheme = scheme; + this.digest = digest; + this.keySize = keySize; + this.ivSize = ivSize; + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + CipherParameters param; + + if (pbeSpec.getSalt() == null) + { + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); + } + + if (forCipher) + { + param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); + } + else + { + param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + } + + KeyParameter kParam; + if (param instanceof ParametersWithIV) + { + kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); + } + else + { + kParam = (KeyParameter)param; + } + + DESParameters.setOddParity(kParam.getKey()); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndDES + // */ + // static public class PBEWithMD2KeyFactory + // extends DESPBEKeyFactory + // { + // public PBEWithMD2KeyFactory() + // { + // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndDES + */ + static public class PBEWithMD5KeyFactory + extends DESPBEKeyFactory + { + public PBEWithMD5KeyFactory() + { + super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64); + } + } + + /** + * PBEWithSHA1AndDES + */ + static public class PBEWithSHA1KeyFactory + extends DESPBEKeyFactory + { + public PBEWithSHA1KeyFactory() + { + super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndDES + // */ + // static public class PBEWithMD2 + // extends BaseBlockCipher + // { + // public PBEWithMD2() + // { + // super(new CBCBlockCipher(new DESEngine())); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndDES + */ + static public class PBEWithMD5 + extends BaseBlockCipher + { + public PBEWithMD5() + { + super(new CBCBlockCipher(new DESEngine())); + } + } + + /** + * PBEWithSHA1AndDES + */ + static public class PBEWithSHA1 + extends BaseBlockCipher + { + public PBEWithSHA1() + { + super(new CBCBlockCipher(new DESEngine())); + } + } + public static class Mappings extends AlgorithmProvider { @@ -296,6 +476,14 @@ public final class DES // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // + // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); + // + // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); + // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); + // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); + // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); // END android-removed provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); @@ -304,7 +492,34 @@ public final class DES // BEGIN android-removed // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); + // + // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); + // END android-removed + provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); + + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); + // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); + // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); } private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java index 8e719d6..6b9b6d6 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java @@ -235,6 +235,30 @@ public final class DESede } } + /** + * PBEWithSHAAnd3-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES3KeyFactory + extends DES.DESPBEKeyFactory + { + public PBEWithSHAAndDES3KeyFactory() + { + super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); + } + } + + /** + * PBEWithSHAAnd2-KeyTripleDES-CBC + */ + static public class PBEWithSHAAndDES2KeyFactory + extends DES.DESPBEKeyFactory + { + public PBEWithSHAAndDES2KeyFactory() + { + super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); + } + } + // BEGIN android-removed // public static class AlgParamGen // extends BaseAlgorithmParameterGenerator @@ -368,6 +392,15 @@ public final class DESede // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); + // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); + if (provider.hasAlgorithm("MessageDigest", "SHA-1")) { provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); @@ -418,6 +451,23 @@ public final class DESede // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); // END android-removed + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java new file mode 100644 index 0000000..9be3c99 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java @@ -0,0 +1,120 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.PBEParameterSpec; + +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +public class PBEPKCS12 +{ + private PBEPKCS12() + { + + } + + public static class AlgParams + extends BaseAlgorithmParameters + { + PKCS12PBEParams params; + + protected byte[] engineGetEncoded() + { + try + { + return params.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + throw new RuntimeException("Oooops! " + e.toString()); + } + } + + protected byte[] engineGetEncoded( + String format) + { + if (this.isASN1FormatString(format)) + { + return engineGetEncoded(); + } + + return null; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec( + Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == PBEParameterSpec.class) + { + return new PBEParameterSpec(params.getIV(), + params.getIterations().intValue()); + } + + throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); + } + + protected void engineInit( + AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (!(paramSpec instanceof PBEParameterSpec)) + { + throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); + } + + PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; + + this.params = new PKCS12PBEParams(pbeSpec.getSalt(), + pbeSpec.getIterationCount()); + } + + protected void engineInit( + byte[] params) + throws IOException + { + this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); + } + + protected void engineInit( + byte[] params, + String format) + throws IOException + { + if (this.isASN1FormatString(format)) + { + engineInit(params); + return; + } + + throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); + } + + protected String engineToString() + { + return "PKCS12 PBE Parameters"; + } + } + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = PBEPKCS12.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.PKCS12PBE", PREFIX + "$AlgParams"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java new file mode 100644 index 0000000..09426b2 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java @@ -0,0 +1,547 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.RC2ParameterSpec; + +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed +import org.bouncycastle.crypto.engines.RC2Engine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RC2WrapEngine; +// import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +// BEGIN android-removed +// import org.bouncycastle.util.Arrays; +// END android-removed + +public final class RC2 +{ + private RC2() + { + } + + // BEGIN android-removed + // /** + // * RC2 + // */ + // static public class ECB + // extends BaseBlockCipher + // { + // public ECB() + // { + // super(new RC2Engine()); + // } + // } + // + // /** + // * RC2CBC + // */ + // static public class CBC + // extends BaseBlockCipher + // { + // public CBC() + // { + // super(new CBCBlockCipher(new RC2Engine()), 64); + // } + // } + // + // public static class Wrap + // extends BaseWrapCipher + // { + // public Wrap() + // { + // super(new RC2WrapEngine()); + // } + // } + // + // /** + // * RC2 + // */ + // public static class CBCMAC + // extends BaseMac + // { + // public CBCMAC() + // { + // super(new CBCBlockCipherMac(new RC2Engine())); + // } + // } + // + // public static class CFB8MAC + // extends BaseMac + // { + // public CFB8MAC() + // { + // super(new CFBBlockCipherMac(new RC2Engine())); + // } + // } + // END android-removed + + /** + * PBEWithSHA1AndRC2 + */ + static public class PBEWithSHA1KeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHA1KeyFactory() + { + super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64); + } + } + + /** + * PBEWithSHAAnd128BitRC2-CBC + */ + static public class PBEWithSHAAnd128BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd128BitKeyFactory() + { + super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); + } + } + + /** + * PBEWithSHAAnd40BitRC2-CBC + */ + static public class PBEWithSHAAnd40BitKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAAnd40BitKeyFactory() + { + super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); + } + } + + /** + * PBEWithMD5AndRC2 + */ + static public class PBEWithMD5AndRC2 + extends BaseBlockCipher + { + public PBEWithMD5AndRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHA1AndRC2 + */ + static public class PBEWithSHA1AndRC2 + extends BaseBlockCipher + { + public PBEWithSHA1AndRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHAAnd128BitRC2-CBC + */ + static public class PBEWithSHAAnd128BitRC2 + extends BaseBlockCipher + { + public PBEWithSHAAnd128BitRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + /** + * PBEWithSHAAnd40BitRC2-CBC + */ + static public class PBEWithSHAAnd40BitRC2 + extends BaseBlockCipher + { + public PBEWithSHAAnd40BitRC2() + { + super(new CBCBlockCipher(new RC2Engine())); + } + } + + // BEGIN android-removed + // /** + // * PBEWithMD2AndRC2 + // */ + // static public class PBEWithMD2KeyFactory + // extends PBESecretKeyFactory + // { + // public PBEWithMD2KeyFactory() + // { + // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed + + /** + * PBEWithMD5AndRC2 + */ + static public class PBEWithMD5KeyFactory + extends PBESecretKeyFactory + { + public PBEWithMD5KeyFactory() + { + super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64); + } + } + + // BEGIN android-removed + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // RC2ParameterSpec spec = null; + // + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // if (genParamSpec instanceof RC2ParameterSpec) + // { + // spec = (RC2ParameterSpec)genParamSpec; + // return; + // } + // + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // AlgorithmParameters params; + // + // if (spec == null) + // { + // byte[] iv = new byte[8]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // try + // { + // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // } + // else + // { + // try + // { + // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); + // params.init(spec); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // } + // + // return params; + // } + // } + // + // public static class KeyGenerator + // extends BaseKeyGenerator + // { + // public KeyGenerator() + // { + // super("RC2", 128, new CipherKeyGenerator()); + // } + // } + // + // public static class AlgParams + // extends BaseAlgorithmParameters + // { + // private static final short[] table = { + // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab + // }; + // + // private static final short[] ekb = { + // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, + // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, + // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, + // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, + // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, + // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, + // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, + // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, + // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, + // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, + // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, + // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, + // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, + // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, + // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, + // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd + // }; + // + // private byte[] iv; + // private int parameterVersion = 58; + // + // protected byte[] engineGetEncoded() + // { + // return Arrays.clone(iv); + // } + // + // protected byte[] engineGetEncoded( + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // if (parameterVersion == -1) + // { + // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); + // } + // else + // { + // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); + // } + // } + // + // if (format.equals("RAW")) + // { + // return engineGetEncoded(); + // } + // + // return null; + // } + // + // protected AlgorithmParameterSpec localEngineGetParameterSpec( + // Class paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec == RC2ParameterSpec.class) + // { + // if (parameterVersion != -1) + // { + // if (parameterVersion < 256) + // { + // return new RC2ParameterSpec(ekb[parameterVersion], iv); + // } + // else + // { + // return new RC2ParameterSpec(parameterVersion, iv); + // } + // } + // } + // + // if (paramSpec == IvParameterSpec.class) + // { + // return new IvParameterSpec(iv); + // } + // + // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); + // } + // + // protected void engineInit( + // AlgorithmParameterSpec paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec instanceof IvParameterSpec) + // { + // this.iv = ((IvParameterSpec)paramSpec).getIV(); + // } + // else if (paramSpec instanceof RC2ParameterSpec) + // { + // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); + // if (effKeyBits != -1) + // { + // if (effKeyBits < 256) + // { + // parameterVersion = table[effKeyBits]; + // } + // else + // { + // parameterVersion = effKeyBits; + // } + // } + // + // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); + // } + // else + // { + // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); + // } + // } + // + // protected void engineInit( + // byte[] params) + // throws IOException + // { + // this.iv = Arrays.clone(params); + // } + // + // protected void engineInit( + // byte[] params, + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); + // + // if (p.getRC2ParameterVersion() != null) + // { + // parameterVersion = p.getRC2ParameterVersion().intValue(); + // } + // + // iv = p.getIV(); + // + // return; + // } + // + // if (format.equals("RAW")) + // { + // engineInit(params); + // return; + // } + // + // throw new IOException("Unknown parameters format in IV parameters object"); + // } + // + // protected String engineToString() + // { + // return "RC2 Parameters"; + // } + // } + // END android-removed + + public static class Mappings + extends AlgorithmProvider + { + private static final String PREFIX = RC2.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); + // + // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); + // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); + // + // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); + // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); + // + // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); + // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); + // + // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); + // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); + // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); + // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); + // + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + + // BEGIN android-removed + // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); + // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); + + provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1AndRC2"); + + provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitRC2"); + provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitRC2"); + provider.addAlgorithm("Cipher.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5AndRC2"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java new file mode 100644 index 0000000..d96d5e6 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java @@ -0,0 +1,23 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; + +abstract class SymmetricAlgorithmProvider + extends AlgorithmProvider +{ + // BEGIN android-removed + // protected void addGMacAlgorithm( + // ConfigurableProvider provider, + // String algorithm, + // String algorithmClassName, + // String keyGeneratorClassName) + // { + // provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); + // provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); + // + // provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); + // provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); + // } + // END android-removed +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java new file mode 100644 index 0000000..dafdc39 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java @@ -0,0 +1,128 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +// BEGIN android-removed +// import org.bouncycastle.crypto.BlockCipher; +// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed +import org.bouncycastle.crypto.engines.TwofishEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.GMac; +// END android-removed +import org.bouncycastle.crypto.modes.CBCBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GCMBlockCipher; +// END android-removed +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; +// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; +// END android-removed +import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; + +public final class Twofish +{ + private Twofish() + { + } + + // BEGIN android-removed + // public static class ECB + // extends BaseBlockCipher + // { + // public ECB() + // { + // super(new BlockCipherProvider() + // { + // public BlockCipher get() + // { + // return new TwofishEngine(); + // } + // }); + // } + // } + // + // public static class KeyGen + // extends BaseKeyGenerator + // { + // public KeyGen() + // { + // super("Twofish", 256, new CipherKeyGenerator()); + // } + // } + // + // public static class GMAC + // extends BaseMac + // { + // public GMAC() + // { + // super(new GMac(new GCMBlockCipher(new TwofishEngine()))); + // } + // } + // END android-removed + + /** + * PBEWithSHAAndTwofish-CBC + */ + static public class PBEWithSHAKeyFactory + extends PBESecretKeyFactory + { + public PBEWithSHAKeyFactory() + { + super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); + } + } + + /** + * PBEWithSHAAndTwofish-CBC + */ + static public class PBEWithSHA + extends BaseBlockCipher + { + public PBEWithSHA() + { + super(new CBCBlockCipher(new TwofishEngine())); + } + } + + // BEGIN android-removed + // public static class AlgParams + // extends IvAlgorithmParameters + // { + // protected String engineToString() + // { + // return "Twofish IV"; + // } + // } + // END android-removed + + public static class Mappings + extends SymmetricAlgorithmProvider + { + private static final String PREFIX = Twofish.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + // BEGIN android-removed + // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); + // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); + // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHA"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory"); + + // BEGIN android-removed + // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); + // END android-removed + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java index e9ea6a6..a471972 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java @@ -78,12 +78,10 @@ public class BCPBEKey { return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); } - // BEGIN android-changed - else if (type == PBE.PBKDF2) + else if (type == PBE.PKCS5S2_UTF8) { return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); } - // END android-changed else { return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java index 8231ad8..ec723db 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java @@ -1,25 +1,9 @@ package org.bouncycastle.jcajce.provider.symmetric.util; -import java.io.IOException; import java.security.AlgorithmParametersSpi; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// END android-removed - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -// BEGIN android-removed -// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -// END android-removed -import org.bouncycastle.util.Arrays; - public abstract class BaseAlgorithmParameters extends AlgorithmParametersSpi { @@ -42,344 +26,4 @@ public abstract class BaseAlgorithmParameters protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException; - - // BEGIN android-removed - // public static class RC2AlgorithmParameters - // extends BaseAlgorithmParameters - // { - // private static final short[] table = { - // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - // }; - // - // private static final short[] ekb = { - // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - // }; - // - // private byte[] iv; - // private int parameterVersion = 58; - // - // protected byte[] engineGetEncoded() - // { - // return Arrays.clone(iv); - // } - // - // protected byte[] engineGetEncoded( - // String format) - // throws IOException - // { - // if (this.isASN1FormatString(format)) - // { - // if (parameterVersion == -1) - // { - // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); - // } - // else - // { - // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); - // } - // } - // - // if (format.equals("RAW")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == RC2ParameterSpec.class) - // { - // if (parameterVersion != -1) - // { - // if (parameterVersion < 256) - // { - // return new RC2ParameterSpec(ekb[parameterVersion], iv); - // } - // else - // { - // return new RC2ParameterSpec(parameterVersion, iv); - // } - // } - // } - // - // if (paramSpec == IvParameterSpec.class) - // { - // return new IvParameterSpec(iv); - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec instanceof IvParameterSpec) - // { - // this.iv = ((IvParameterSpec)paramSpec).getIV(); - // } - // else if (paramSpec instanceof RC2ParameterSpec) - // { - // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - // if (effKeyBits != -1) - // { - // if (effKeyBits < 256) - // { - // parameterVersion = table[effKeyBits]; - // } - // else - // { - // parameterVersion = effKeyBits; - // } - // } - // - // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); - // } - // else - // { - // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); - // } - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // this.iv = Arrays.clone(params); - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (this.isASN1FormatString(format)) - // { - // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); - // - // if (p.getRC2ParameterVersion() != null) - // { - // parameterVersion = p.getRC2ParameterVersion().intValue(); - // } - // - // iv = p.getIV(); - // - // return; - // } - // - // if (format.equals("RAW")) - // { - // engineInit(params); - // return; - // } - // - // throw new IOException("Unknown parameters format in IV parameters object"); - // } - // - // protected String engineToString() - // { - // return "RC2 Parameters"; - // } - // } - // END android-removed - - public static class PBKDF2 - extends BaseAlgorithmParameters - { - PBKDF2Params params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getSalt(), - params.getIterationCount().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PBKDF2Params(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PWRIKEK parameters object"); - } - - protected String engineToString() - { - return "PBKDF2 Parameters"; - } - } - - public static class PKCS12PBE - extends BaseAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 26a73cd..d342775 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -22,6 +22,7 @@ import javax.crypto.spec.PBEParameterSpec; // import javax.crypto.spec.RC5ParameterSpec; // END android-removed +import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; @@ -38,6 +39,7 @@ import org.bouncycastle.crypto.modes.CTSBlockCipher; import org.bouncycastle.crypto.modes.GCMBlockCipher; // BEGIN android-removed // import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// import org.bouncycastle.crypto.modes.OCBBlockCipher; // END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; // BEGIN android-removed @@ -89,7 +91,8 @@ public class BaseBlockCipher // END android-removed }; - private org.bouncycastle.crypto.BlockCipher baseEngine; + private BlockCipher baseEngine; + private BlockCipherProvider engineProvider; private GenericBlockCipher cipher; private ParametersWithIV ivParam; @@ -103,13 +106,22 @@ public class BaseBlockCipher private String modeName = null; protected BaseBlockCipher( - org.bouncycastle.crypto.BlockCipher engine) + BlockCipher engine) { baseEngine = engine; cipher = new BufferedGenericBlockCipher(engine); } + protected BaseBlockCipher( + BlockCipherProvider provider) + { + baseEngine = provider.get(); + engineProvider = provider; + + cipher = new BufferedGenericBlockCipher(provider.get()); + } + protected BaseBlockCipher( org.bouncycastle.crypto.BlockCipher engine, int ivLength) @@ -292,6 +304,18 @@ public class BaseBlockCipher cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); } // BEGIN android-removed + // else if (modeName.startsWith("OCB")) + // { + // if (engineProvider != null) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); + // } + // else + // { + // throw new NoSuchAlgorithmException("can't support mode " + mode); + // } + // } // else if (modeName.startsWith("EAX")) // { // ivLength = baseEngine.getBlockSize(); @@ -413,7 +437,12 @@ public class BaseBlockCipher if (k.getParam() != null) { param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); + if (params instanceof IvParameterSpec) + { + IvParameterSpec iv = (IvParameterSpec)params; + + param = new ParametersWithIV(param, iv.getIV()); + } } else if (params instanceof PBEParameterSpec) { @@ -736,7 +765,7 @@ public class BaseBlockCipher if (inputLen != 0) { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); + len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); } return (len + cipher.doFinal(output, outputOffset + len)); @@ -758,7 +787,9 @@ public class BaseBlockCipher private boolean isAEADModeName( String modeName) { - return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName); + // BEGIN android-changed + return "CCM".equals(modeName) || "GCM".equals(modeName); + // END android-changed } /* diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java index 31f3278..442dcdd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java @@ -11,35 +11,6 @@ import javax.crypto.spec.PBEParameterSpec; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Mac; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// import org.bouncycastle.crypto.digests.MD5Digest; -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.SHA1Digest; -// import org.bouncycastle.crypto.digests.SHA224Digest; -// import org.bouncycastle.crypto.digests.SHA256Digest; -// import org.bouncycastle.crypto.digests.SHA384Digest; -// import org.bouncycastle.crypto.digests.SHA512Digest; -// import org.bouncycastle.crypto.digests.TigerDigest; -// END android-removed -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// import org.bouncycastle.crypto.macs.GOST28147Mac; -// END android-removed -import org.bouncycastle.crypto.macs.HMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -// import org.bouncycastle.crypto.macs.OldHMac; -// END android-removed -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -147,317 +118,4 @@ public class BaseMac return out; } - - /** - * the classes that extend directly off us. - */ - - /** - * DES - */ - public static class DES - extends BaseMac - { - public DES() - { - super(new CBCBlockCipherMac(new DESEngine())); - } - } - - /** - * DES 64 bit MAC - */ - public static class DES64 - extends BaseMac - { - public DES64() - { - super(new CBCBlockCipherMac(new DESEngine(), 64)); - } - } - - /** - * RC2 - */ - public static class RC2 - extends BaseMac - { - public RC2() - { - super(new CBCBlockCipherMac(new RC2Engine())); - } - } - - // BEGIN android-removed - // /** - // * GOST28147 - // */ - // public static class GOST28147 - // extends BaseMac - // { - // public GOST28147() - // { - // super(new GOST28147Mac()); - // } - // } - // - // - // - // /** - // * DES - // */ - // public static class DESCFB8 - // extends BaseMac - // { - // public DESCFB8() - // { - // super(new CFBBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * RC2CFB8 - // */ - // public static class RC2CFB8 - // extends BaseMac - // { - // public RC2CFB8() - // { - // super(new CFBBlockCipherMac(new RC2Engine())); - // } - // } - // - // /** - // * DES9797Alg3with7816-4Padding - // */ - // public static class DES9797Alg3with7816d4 - // extends BaseMac - // { - // public DES9797Alg3with7816d4() - // { - // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - // } - // } - // - // /** - // * DES9797Alg3 - // */ - // public static class DES9797Alg3 - // extends BaseMac - // { - // public DES9797Alg3() - // { - // super(new ISO9797Alg3Mac(new DESEngine())); - // } - // } - // - // /** - // * MD2 HMac - // */ - // public static class MD2 - // extends BaseMac - // { - // public MD2() - // { - // super(new HMac(new MD2Digest())); - // } - // } - // - // /** - // * MD4 HMac - // */ - // public static class MD4 - // extends BaseMac - // { - // public MD4() - // { - // super(new HMac(new MD4Digest())); - // } - // } - // END android-removed - - /** - * MD5 HMac - */ - public static class MD5 - extends BaseMac - { - public MD5() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getMD5())); - // END android-changed - } - } - - /** - * SHA1 HMac - */ - public static class SHA1 - extends BaseMac - { - public SHA1() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1())); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * SHA-224 HMac - // */ - // public static class SHA224 - // extends BaseMac - // { - // public SHA224() - // { - // super(new HMac(new SHA224Digest())); - // } - // } - // END android-removed - - /** - * SHA-256 HMac - */ - public static class SHA256 - extends BaseMac - { - public SHA256() - { - super(new HMac(AndroidDigestFactory.getSHA256())); - } - } - - /** - * SHA-384 HMac - */ - public static class SHA384 - extends BaseMac - { - public SHA384() - { - super(new HMac(AndroidDigestFactory.getSHA384())); - } - } - - // BEGIN android-removed - // public static class OldSHA384 - // extends BaseMac - // { - // public OldSHA384() - // { - // super(new OldHMac(new SHA384Digest())); - // } - // } - // END android-removed - - /** - * SHA-512 HMac - */ - public static class SHA512 - extends BaseMac - { - public SHA512() - { - super(new HMac(AndroidDigestFactory.getSHA512())); - } - } - - // BEGIN android-removed - // /** - // * SHA-512 HMac - // */ - // public static class OldSHA512 - // extends BaseMac - // { - // public OldSHA512() - // { - // super(new OldHMac(new SHA512Digest())); - // } - // } - // - // /** - // * RIPEMD128 HMac - // */ - // public static class RIPEMD128 - // extends BaseMac - // { - // public RIPEMD128() - // { - // super(new HMac(new RIPEMD128Digest())); - // } - // } - // - // /** - // * RIPEMD160 HMac - // */ - // public static class RIPEMD160 - // extends BaseMac - // { - // public RIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest())); - // } - // } - // - // /** - // * Tiger HMac - // */ - // public static class Tiger - // extends BaseMac - // { - // public Tiger() - // { - // super(new HMac(new TigerDigest())); - // } - // } - // - // // - // // PKCS12 states that the same algorithm should be used - // // for the key generation as is used in the HMAC, so that - // // is what we do here. - // // - // - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends BaseMac - // { - // public PBEWithRIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends BaseMac - { - public PBEWithSHA() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends BaseMac - // { - // public PBEWithTiger() - // { - // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - // } - // } - // END android-removed } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java index 9c59b1b..31896cd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java @@ -7,15 +7,9 @@ import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; public class BaseSecretKeyFactory extends SecretKeyFactorySpi @@ -96,101 +90,4 @@ public class BaseSecretKeyFactory return new SecretKeySpec(key.getEncoded(), algName); } - - /* - * classes that inherit from us - */ - - - - static public class DESPBEKeyFactory - extends BaseSecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - KeyParameter kParam; - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - DESParameters.setOddParity(kParam.getKey()); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DES - extends BaseSecretKeyFactory - { - public DES() - { - super("DES", null); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java new file mode 100644 index 0000000..f5ab9ad --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java @@ -0,0 +1,8 @@ +package org.bouncycastle.jcajce.provider.symmetric.util; + +import org.bouncycastle.crypto.BlockCipher; + +public interface BlockCipherProvider +{ + BlockCipher get(); +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java index 86af83f..951beee 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java @@ -32,25 +32,24 @@ public interface PBE // // PBE Based encryption constants - by default we do PKCS12 with SHA-1 // - static final int MD5 = 0; - static final int SHA1 = 1; + static final int MD5 = 0; + static final int SHA1 = 1; // BEGIN android-removed - // static final int RIPEMD160 = 2; - // static final int TIGER = 3; + // static final int RIPEMD160 = 2; + // static final int TIGER = 3; // END android-removed - static final int SHA256 = 4; + static final int SHA256 = 4; // BEGIN android-removed - // static final int MD2 = 5; - // static final int GOST3411 = 6; + // static final int MD2 = 5; + // static final int GOST3411 = 6; // END android-removed - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OPENSSL = 3; - // BEGIN android-added - static final int PBKDF2 = 4; - // END android-added + static final int PKCS5S1 = 0; + static final int PKCS5S2 = 1; + static final int PKCS12 = 2; + static final int OPENSSL = 3; + static final int PKCS5S1_UTF8 = 4; + static final int PKCS5S2_UTF8 = 5; /** * uses the appropriate mixer to generate the key and IV if necessary. @@ -63,7 +62,7 @@ public interface PBE { PBEParametersGenerator generator; - if (type == PKCS5S1) + if (type == PKCS5S1 || type == PKCS5S1_UTF8) { switch (hash) { @@ -86,9 +85,7 @@ public interface PBE throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); } } - // BEGIN android-changed - else if ((type == PKCS5S2) || (type == PBKDF2)) - // END android-changed + else if (type == PKCS5S2 || type == PKCS5S2_UTF8) { generator = new PKCS5S2ParametersGenerator(); } @@ -250,22 +247,9 @@ public interface PBE PBEParametersGenerator generator = makePBEGenerator(type, hash); byte[] key; CipherParameters param; - - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - // BEGIN android-changed - else if (type == PBKDF2) - { - key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); - } - // END android-changed - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } - + + key = convertPassword(type, keySpec); + generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); if (ivSize != 0) @@ -284,7 +268,8 @@ public interface PBE return param; } - + + /** * generate a PBE based key suitable for a MAC algorithm, the * key size is chosen according the MAC size, or the hashing algorithm, @@ -300,20 +285,7 @@ public interface PBE byte[] key; CipherParameters param; - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - // BEGIN android-changed - else if (type == PBKDF2) - { - key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); - } - // END android-changed - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } + key = convertPassword(type, keySpec); generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); @@ -326,5 +298,24 @@ public interface PBE return param; } + + private static byte[] convertPassword(int type, PBEKeySpec keySpec) + { + byte[] key; + + if (type == PKCS12) + { + key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); + } + else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + else + { + key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); + } + return key; + } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java new file mode 100644 index 0000000..56d6c5b --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java @@ -0,0 +1,40 @@ +package org.bouncycastle.jcajce.provider.util; + +import java.util.HashMap; +import java.util.Map; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.util.Integers; + +public class SecretKeyUtil +{ + private static Map keySizes = new HashMap(); + + static + { + keySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integers.valueOf(192)); + + keySizes.put(NISTObjectIdentifiers.id_aes128_CBC, Integers.valueOf(128)); + keySizes.put(NISTObjectIdentifiers.id_aes192_CBC, Integers.valueOf(192)); + keySizes.put(NISTObjectIdentifiers.id_aes256_CBC, Integers.valueOf(256)); + + keySizes.put(NTTObjectIdentifiers.id_camellia128_cbc, Integers.valueOf(128)); + keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192)); + keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256)); + } + + public static int getKeySize(ASN1ObjectIdentifier oid) + { + Integer size = (Integer)keySizes.get(oid); + + if (size != null) + { + return size.intValue(); + } + + return -1; + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java deleted file mode 100644 index b56351b..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.jce; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.sec.SECNamedCurves; -// BEGIN android-removed -// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -// END android-removed -import org.bouncycastle.asn1.x9.X962NamedCurves; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; - -/** - * a table of locally supported named curves. - */ -public class ECNamedCurveTable -{ - /** - * return a parameter spec representing the passed in named - * curve. The routine returns null if the curve is not present. - * - * @param name the name of the curve requested - * @return a parameter spec for the curve, null if it is not available. - */ - public static ECNamedCurveParameterSpec getParameterSpec( - String name) - { - X9ECParameters ecP = X962NamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = X962NamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - - if (ecP == null) - { - ecP = SECNamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = SECNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - } - - // BEGIN android-removed - // if (ecP == null) - // { - // ecP = TeleTrusTNamedCurves.getByName(name); - // if (ecP == null) - // { - // try - // { - // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - // } - // catch (IllegalArgumentException e) - // { - // // ignore - not an oid - // } - // } - // } - // END android-removed - - if (ecP == null) - { - ecP = NISTNamedCurves.getByName(name); - } - - if (ecP == null) - { - return null; - } - - return new ECNamedCurveParameterSpec( - name, - ecP.getCurve(), - ecP.getG(), - ecP.getN(), - ecP.getH(), - ecP.getSeed()); - } - - /** - * return an enumeration of the names of the available curves. - * - * @return an enumeration of the names of the available curves. - */ - public static Enumeration getNames() - { - Vector v = new Vector(); - - addEnumeration(v, X962NamedCurves.getNames()); - addEnumeration(v, SECNamedCurves.getNames()); - addEnumeration(v, NISTNamedCurves.getNames()); - // BEGIN android-removed - // addEnumeration(v, TeleTrusTNamedCurves.getNames()); - // END android-removed - - return v.elements(); - } - - private static void addEnumeration( - Vector v, - Enumeration e) - { - while (e.hasMoreElements()) - { - v.addElement(e.nextElement()); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 9942975..b3c34d3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -10,11 +10,6 @@ import java.util.HashMap; import java.util.Map; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.bc.BCObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// END android-removed -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; @@ -49,22 +44,31 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; public final class BouncyCastleProvider extends Provider implements ConfigurableProvider { - private static String info = "BouncyCastle Security Provider v1.48"; + private static String info = "BouncyCastle Security Provider v1.49"; - // BEGIN android-changed - // this constant should be final public static final String PROVIDER_NAME = "BC"; - // END android-changed public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); - private static final Map keyInfoConverters = new HashMap(); /* * Configurable symmetric ciphers */ - private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; + private static final String SYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; + + private static final String[] SYMMETRIC_GENERIC = + { + "PBEPBKDF2", "PBEPKCS12" + }; + + private static final String[] SYMMETRIC_MACS = + { + // BEGIN android-removed + // "SipHash" + // END android-removed + }; + private static final String[] SYMMETRIC_CIPHERS = { // BEGIN android-removed @@ -72,20 +76,25 @@ public final class BouncyCastleProvider extends Provider // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" // END android-removed // BEGIN android-added - "AES", "ARC4", "Blowfish", "DES", "DESede", + "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish" // END android-added }; /* * Configurable asymmetric ciphers */ - private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; + private static final String ASYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; // this one is required for GNU class path - it needs to be loaded first as the // later ones configure it. private static final String[] ASYMMETRIC_GENERIC = { + // BEGIN android-removed + // "X509", "IES" + // END android-removed + // BEGIN android-added "X509" + // END android-added }; private static final String[] ASYMMETRIC_CIPHERS = @@ -112,6 +121,15 @@ public final class BouncyCastleProvider extends Provider // END android-added }; + /* + * Configurable digests + */ + private static final String KEYSTORE_PACKAGE = "org.bouncycastle.jcajce.provider.keystore."; + private static final String[] KEYSTORES = + { + "BC", "PKCS12" + }; + /** * Construct a new provider. This should only be required when * using runtime registration of the provider using the @@ -119,7 +137,7 @@ public final class BouncyCastleProvider extends Provider */ public BouncyCastleProvider() { - super(PROVIDER_NAME, 1.48, info); + super(PROVIDER_NAME, 1.49, info); AccessController.doPrivileged(new PrivilegedAction() { @@ -135,11 +153,17 @@ public final class BouncyCastleProvider extends Provider { loadAlgorithms(DIGEST_PACKAGE, DIGESTS); - loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS); + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_GENERIC); + + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_MACS); + + loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_CIPHERS); - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_GENERIC); + loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_GENERIC); - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); + loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_CIPHERS); + + loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); // BEGIN android-removed // // @@ -162,336 +186,23 @@ public final class BouncyCastleProvider extends Provider // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); - // END android-removed - - // - // KeyStore - // - put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); - put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); - put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - // BEGIN android-changed - put("Alg.Alias.KeyStore.BCPKCS12", "PKCS12"); - // END android-changed - // BEGIN android-removed - // put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - // END android-removed - - // BEGIN android-changed - put("Alg.Alias.KeyStore.PKCS12-3DES-40RC2", "PKCS12"); - // END android-changed - // BEGIN android-removed - // put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); - // END android-removed - - // BEGIN android-removed - // put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - // put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); - // END android-removed - - put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); - put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); - put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); - - // - // algorithm parameters - // - // BEGIN android-removed - // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); - // END android-removed - put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - - // BEGIN android-removed - // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); - // END android-removed - - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); - - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); - - // BEGIN android-removed - // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // END android-removed - - // - // key agreement - // - - - // - // cipher engines - // - put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - // BEGIN android-removed - // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); - // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); - // END android-removed - - put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); - // BEGIN android-removed + // // + // // cipher engines + // // // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); - // END android-removed - put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); - put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); - // BEGIN android-removed - // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); - // END android-removed - put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - - put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); - put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2"); - put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); - put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); - - - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); - - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - - put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - - put("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - - put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); - // BEGIN android-removed - // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); - // - // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - - // - // key generators. - // - - - // - // key pair generators. // - - - - // - // key factories - // - - - - - // - // Algorithm parameters - // - - // - // secret key factories. - // - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); - // - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); - // END android-removed - put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); - put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); - put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); - put("SecretKeyFactory.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndRC2"); - put("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES3Key"); - put("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES2Key"); - put("SecretKeyFactory.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC4"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC4"); - put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); - put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); - // END android-removed - put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); - // END android-removed - - put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL"); - - // BEGIN android-removed - // put("SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithGOST3411"); + // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); // - // put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); // - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); - // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); + // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); // - // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); - // BEGIN android-removed - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.1.3.14.3.2.26", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - put("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd256BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And256BitAESBC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - // BEGIN android-added - - put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1"); - put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); - // END android-added - - addMacAlgorithms(); - - // Certification Path API - // BEGIN android-removed + // // Certification Path API // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); + // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); + // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); // END android-removed - // BEGIN android-changed - // Use Alg.Alias so RFC3280 doesn't show up when iterating provider services, only PKIX - put("Alg.Alias.CertPathValidator.RFC3280", "PKIX"); - put("Alg.Alias.CertPathBuilder.RFC3280", "PKIX"); - // END android-changed put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); @@ -540,35 +251,6 @@ public final class BouncyCastleProvider extends Provider } } - // - // macs - // - private void addMacAlgorithms() - { - - // BEGIN android-removed - // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); - // - // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); - // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); - // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); - // - // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); - // - // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); - // END android-removed - - put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - // BEGIN android-removed - // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); - // END android-removed - put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); - } - - public void setParameter(String parameterName, Object parameter) { synchronized (CONFIGURATION) diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java index 8fb1616..cda05e8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java @@ -4,7 +4,7 @@ import java.security.Permission; import javax.crypto.spec.DHParameterSpec; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; import org.bouncycastle.jcajce.provider.config.ProviderConfigurationPermission; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java deleted file mode 100644 index 6f4d129..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java +++ /dev/null @@ -1,1133 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -// BEGIN android-removed -// import javax.crypto.spec.RC2ParameterSpec; -// import javax.crypto.spec.RC5ParameterSpec; -// END android-removed -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.OutputLengthException; -import org.bouncycastle.crypto.engines.AESFastEngine; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.engines.TwofishEngine; -import org.bouncycastle.crypto.modes.AEADBlockCipher; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CCMBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.CTSBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.EAXBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.GCMBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.GOFBBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.OFBBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.SICBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.paddings.TBCPadding; -import org.bouncycastle.crypto.paddings.X923Padding; -import org.bouncycastle.crypto.paddings.ZeroBytePadding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.ParametersWithRandom; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ParametersWithSBox; -// import org.bouncycastle.crypto.params.RC2Parameters; -// import org.bouncycastle.crypto.params.RC5Parameters; -// END android-removed -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; -// END android-removed -import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; -import org.bouncycastle.util.Strings; - -public class JCEBlockCipher - extends CipherSpi - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - // BEGIN android-removed - // RC2ParameterSpec.class, - // RC5ParameterSpec.class, - // END android-removed - IvParameterSpec.class, - PBEParameterSpec.class, - // BEGIN android-removed - // GOST28147ParameterSpec.class - // END android-removed - }; - - private BlockCipher baseEngine; - private GenericBlockCipher cipher; - private ParametersWithIV ivParam; - - private int ivLength = 0; - - private boolean padded; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - private String modeName = null; - - private AlgorithmParameters engineParams; - - protected JCEBlockCipher( - BlockCipher engine) - { - baseEngine = engine; - - cipher = new BufferedGenericBlockCipher(engine); - } - - protected JCEBlockCipher( - BlockCipher engine, - int ivLength) - { - baseEngine = engine; - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected JCEBlockCipher( - BufferedBlockCipher engine, - int ivLength) - { - baseEngine = engine.getUnderlyingCipher(); - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected int engineGetBlockSize() - { - return baseEngine.getBlockSize(); - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputSize(inputLen); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(pbeSpec); - } - catch (Exception e) - { - return null; - } - } - else if (ivParam != null) - { - String name = cipher.getUnderlyingCipher().getAlgorithmName(); - - if (name.indexOf('/') >= 0) - { - name = name.substring(0, name.indexOf('/')); - } - - try - { - engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(ivParam.getIV()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - modeName = Strings.toUpperCase(mode); - - if (modeName.equals("ECB")) - { - ivLength = 0; - cipher = new BufferedGenericBlockCipher(baseEngine); - } - else if (modeName.equals("CBC")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher( - new CBCBlockCipher(baseEngine)); - } - else if (modeName.startsWith("OFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - else if (modeName.startsWith("CFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - // BEGIN android-removed - // else if (modeName.startsWith("PGP")) - // { - // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); - // - // ivLength = baseEngine.getBlockSize(); - // cipher = new BufferedGenericBlockCipher( - // new PGPCFBBlockCipher(baseEngine, inlineIV)); - // } - // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) - // { - // ivLength = 0; - // cipher = new BufferedGenericBlockCipher( - // new OpenPGPCFBBlockCipher(baseEngine)); - // } - // END android-removed - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); - if (ivLength < 16) - { - throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); - } - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CTR")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - // BEGIN android-removed - // else if (modeName.startsWith("GOFB")) - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - // new GOFBBlockCipher(baseEngine))); - // } - // END android-removed - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(new CBCBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CCM")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); - } - // BEGIN android-removed - // else if (modeName.startsWith("EAX")) - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); - // } - // END android-removed - else if (modeName.startsWith("GCM")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine)); - } - else - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - if (paddingName.equals("NOPADDING")) - { - if (cipher.wrapOnNoPadding()) - { - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(cipher.getUnderlyingCipher())); - } - } - else if (paddingName.equals("WITHCTS")) - { - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(cipher.getUnderlyingCipher())); - } - else - { - padded = true; - - if (isAEADModeName(modeName)) - { - throw new NoSuchPaddingException("Only NoPadding can be used with AEAD modes."); - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("ZEROBYTEPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ZeroBytePadding()); - } - else if (paddingName.equals("ISO10126PADDING") || paddingName.equals("ISO10126-2PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO10126d2Padding()); - } - else if (paddingName.equals("X9.23PADDING") || paddingName.equals("X923PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new X923Padding()); - } - else if (paddingName.equals("ISO7816-4PADDING") || paddingName.equals("ISO9797-1PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO7816d4Padding()); - } - else if (paddingName.equals("TBCPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new TBCPadding()); - } - else - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - this.engineParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - // BEGIN android-removed - // // - // // for RC5-64 we must have some default parameters - // // - // if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) - // { - // throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); - // } - // END android-removed - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). - // - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); - } - else if (params instanceof PBEParameterSpec) - { - pbeSpec = (PBEParameterSpec)params; - param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName()); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (param instanceof ParametersWithIV) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - if (ivLength != 0) - { - IvParameterSpec p = (IvParameterSpec)params; - - if (p.getIV().length != ivLength && !isAEADModeName(modeName)) - { - throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); - } - - if (key instanceof RepeatedSecretKeySpec) - { - param = new ParametersWithIV(null, p.getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else - { - if (modeName != null && modeName.equals("ECB")) - { - throw new InvalidAlgorithmParameterException("ECB mode does not use an IV"); - } - - param = new KeyParameter(key.getEncoded()); - } - } - // BEGIN android-removed - // else if (params instanceof GOST28147ParameterSpec) - // { - // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - // - // param = new ParametersWithSBox( - // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); - // - // if (gost28147Param.getIV() != null && ivLength != 0) - // { - // param = new ParametersWithIV(param, gost28147Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // else if (params instanceof RC2ParameterSpec) - // { - // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - // - // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - // - // if (rc2Param.getIV() != null && ivLength != 0) - // { - // param = new ParametersWithIV(param, rc2Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // else if (params instanceof RC5ParameterSpec) - // { - // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - // - // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - // if (baseEngine.getAlgorithmName().startsWith("RC5")) - // { - // if (baseEngine.getAlgorithmName().equals("RC5-32")) - // { - // if (rc5Param.getWordSize() != 32) - // { - // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); - // } - // } - // else if (baseEngine.getAlgorithmName().equals("RC5-64")) - // { - // if (rc5Param.getWordSize() != 64) - // { - // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); - // } - // } - // } - // else - // { - // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); - // } - // if ((rc5Param.getIV() != null) && (ivLength != 0)) - // { - // param = new ParametersWithIV(param, rc5Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // END android-removed - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - if (random != null && padded) - { - param = new ParametersWithRandom(param, random); - } - - try - { - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed"); - } - } - catch (Exception e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - // try again if possible - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - int length = cipher.getUpdateOutputSize(inputLen); - - if (length > 0) - { - byte[] out = new byte[length]; - - int len = cipher.processBytes(input, inputOffset, inputLen, out, 0); - - if (len == 0) - { - return null; - } - else if (len != out.length) - { - byte[] tmp = new byte[len]; - - System.arraycopy(out, 0, tmp, 0, len); - - return tmp; - } - - return out; - } - - cipher.processBytes(input, inputOffset, inputLen, null, 0); - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - byte[] tmp = new byte[engineGetOutputSize(inputLen)]; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); - } - - try - { - len += cipher.doFinal(tmp, len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - if (len == tmp.length) - { - return tmp; - } - - byte[] out = new byte[len]; - - System.arraycopy(tmp, 0, out, 0, len); - - return out; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - try - { - int len = 0; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - return (len + cipher.doFinal(output, outputOffset + len)); - } - catch (OutputLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - private boolean isAEADModeName( - String modeName) - { - return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName); - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - return engineDoFinal(encoded, 0, encoded.length); - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException - { - byte[] encoded; - try - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) - { - /* - * The caller doesn't know the algorithm as it is part of - * the encrypted data. - */ - try - { - PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); - - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); - - if (privKey != null) - { - return privKey; - } - else - { - throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("Invalid key encoding."); - } - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - - /* - * The ciphers that inherit from us. - */ - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends JCEBlockCipher - { - public PBEWithMD5AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends JCEBlockCipher - { - public PBEWithMD5AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends JCEBlockCipher - { - public PBEWithSHA1AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends JCEBlockCipher - { - public PBEWithSHA1AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitRC2 - extends JCEBlockCipher - { - public PBEWithSHAAnd128BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends JCEBlockCipher - { - public PBEWithSHAAnd40BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHAAndTwofish - extends JCEBlockCipher - { - public PBEWithSHAAndTwofish() - { - super(new CBCBlockCipher(new TwofishEngine())); - } - } - - /** - * PBEWithAES-CBC - */ - static public class PBEWithAESCBC - extends JCEBlockCipher - { - public PBEWithAESCBC() - { - super(new CBCBlockCipher(new AESFastEngine())); - } - } - - static private interface GenericBlockCipher - { - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException; - - public boolean wrapOnNoPadding(); - - public String getAlgorithmName(); - - public BlockCipher getUnderlyingCipher(); - - public int getOutputSize(int len); - - public int getUpdateOutputSize(int len); - - public int processByte(byte in, byte[] out, int outOff) - throws DataLengthException; - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) - throws DataLengthException; - - public int doFinal(byte[] out, int outOff) - throws IllegalStateException, InvalidCipherTextException; - } - - private static class BufferedGenericBlockCipher - implements GenericBlockCipher - { - private BufferedBlockCipher cipher; - - BufferedGenericBlockCipher(BufferedBlockCipher cipher) - { - this.cipher = cipher; - } - - BufferedGenericBlockCipher(BlockCipher cipher) - { - this.cipher = new PaddedBufferedBlockCipher(cipher); - } - - BufferedGenericBlockCipher(BlockCipher cipher, BlockCipherPadding padding) - { - this.cipher = new PaddedBufferedBlockCipher(cipher, padding); - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public boolean wrapOnNoPadding() - { - return !(cipher instanceof CTSBlockCipher); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException - { - return cipher.doFinal(out, outOff); - } - } - - private static class AEADGenericBlockCipher - implements GenericBlockCipher - { - private AEADBlockCipher cipher; - - AEADGenericBlockCipher(AEADBlockCipher cipher) - { - this.cipher = cipher; - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public boolean wrapOnNoPadding() - { - return false; - } - - public BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, InvalidCipherTextException - { - return cipher.doFinal(out, outOff); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java index 9aaca5b..7d561b3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java @@ -33,8 +33,8 @@ import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java index 863f9d3..cfed770 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java @@ -32,8 +32,8 @@ import org.bouncycastle.asn1.x9.X9IntegerConverter; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; +import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; // BEGIN android-removed // import org.bouncycastle.jce.ECGOST3410NamedCurveTable; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java deleted file mode 100644 index 6a3df68..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEMac.java +++ /dev/null @@ -1,455 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.MacSpi; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.MD2Digest; -// import org.bouncycastle.crypto.digests.MD4Digest; -// import org.bouncycastle.crypto.digests.MD5Digest; -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.SHA1Digest; -// import org.bouncycastle.crypto.digests.SHA224Digest; -// import org.bouncycastle.crypto.digests.SHA256Digest; -// import org.bouncycastle.crypto.digests.SHA384Digest; -// import org.bouncycastle.crypto.digests.SHA512Digest; -// import org.bouncycastle.crypto.digests.TigerDigest; -// END android-removed -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -import org.bouncycastle.crypto.engines.DESEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.RC2Engine; -// END android-removed -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// END android-removed -import org.bouncycastle.crypto.macs.HMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -// import org.bouncycastle.crypto.macs.OldHMac; -// END android-removed -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; - -public class JCEMac - extends MacSpi implements PBE -{ - private Mac macEngine; - - private int pbeType = PKCS12; - private int pbeHash = SHA1; - private int keySize = 160; - - protected JCEMac( - Mac macEngine) - { - this.macEngine = macEngine; - } - - protected JCEMac( - Mac macEngine, - int pbeType, - int pbeHash, - int keySize) - { - this.macEngine = macEngine; - this.pbeType = pbeType; - this.pbeHash = pbeHash; - this.keySize = keySize; - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (key == null) - { - throw new InvalidKeyException("key is null"); - } - - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getParam() != null) - { - param = k.getParam(); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEMacParameters(k, params); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - macEngine.init(param); - } - - protected int engineGetMacLength() - { - return macEngine.getMacSize(); - } - - protected void engineReset() - { - macEngine.reset(); - } - - protected void engineUpdate( - byte input) - { - macEngine.update(input); - } - - protected void engineUpdate( - byte[] input, - int offset, - int len) - { - macEngine.update(input, offset, len); - } - - protected byte[] engineDoFinal() - { - byte[] out = new byte[engineGetMacLength()]; - - macEngine.doFinal(out, 0); - - return out; - } - - /** - * the classes that extend directly off us. - */ - - // BEGIN android-removed - // /** - // * DES - // */ - // public static class DES - // extends JCEMac - // { - // public DES() - // { - // super(new CBCBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * DES 64 bit MAC - // */ - // public static class DES64 - // extends JCEMac - // { - // public DES64() - // { - // super(new CBCBlockCipherMac(new DESEngine(), 64)); - // } - // } - // - // /** - // * RC2 - // */ - // public static class RC2 - // extends JCEMac - // { - // public RC2() - // { - // super(new CBCBlockCipherMac(new RC2Engine())); - // } - // } - // - // - // - // - // /** - // * DES - // */ - // public static class DESCFB8 - // extends JCEMac - // { - // public DESCFB8() - // { - // super(new CFBBlockCipherMac(new DESEngine())); - // } - // } - // - // /** - // * RC2CFB8 - // */ - // - // - // /** - // * DES9797Alg3with7816-4Padding - // */ - // public static class DES9797Alg3with7816d4 - // extends JCEMac - // { - // public DES9797Alg3with7816d4() - // { - // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - // } - // } - // - // /** - // * DES9797Alg3 - // */ - // public static class DES9797Alg3 - // extends JCEMac - // { - // public DES9797Alg3() - // { - // super(new ISO9797Alg3Mac(new DESEngine())); - // } - // } - // - // /** - // * MD2 HMac - // */ - // public static class MD2 - // extends JCEMac - // { - // public MD2() - // { - // super(new HMac(new MD2Digest())); - // } - // } - // - // /** - // * MD4 HMac - // */ - // public static class MD4 - // extends JCEMac - // { - // public MD4() - // { - // super(new HMac(new MD4Digest())); - // } - // } - // END android-removed - - /** - * MD5 HMac - */ - public static class MD5 - extends JCEMac - { - public MD5() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getMD5())); - // END android-changed - } - } - - /** - * SHA1 HMac - */ - public static class SHA1 - extends JCEMac - { - public SHA1() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1())); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * SHA-224 HMac - // */ - // public static class SHA224 - // extends JCEMac - // { - // public SHA224() - // { - // super(new HMac(new SHA224Digest())); - // } - // } - // END android-removed - - /** - * SHA-256 HMac - */ - public static class SHA256 - extends JCEMac - { - public SHA256() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA256())); - // END android-changed - } - } - - /** - * SHA-384 HMac - */ - public static class SHA384 - extends JCEMac - { - public SHA384() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA384())); - // END android-changed - } - } - - // BEGIN android-removed - // public static class OldSHA384 - // extends JCEMac - // { - // public OldSHA384() - // { - // super(new OldHMac(new SHA384Digest())); - // } - // } - // END android-removed - - /** - * SHA-512 HMac - */ - public static class SHA512 - extends JCEMac - { - public SHA512() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA512())); - // END android-changed - } - } - - - // BEGIN android-removed - // /** - // * SHA-512 HMac - // */ - // public static class OldSHA512 - // extends JCEMac - // { - // public OldSHA512() - // { - // super(new OldHMac(new SHA512Digest())); - // } - // } - // - // /** - // * RIPEMD128 HMac - // */ - // public static class RIPEMD128 - // extends JCEMac - // { - // public RIPEMD128() - // { - // super(new HMac(new RIPEMD128Digest())); - // } - // } - // - // /** - // * RIPEMD160 HMac - // */ - // public static class RIPEMD160 - // extends JCEMac - // { - // public RIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest())); - // } - // } - // - // /** - // * Tiger HMac - // */ - // public static class Tiger - // extends JCEMac - // { - // public Tiger() - // { - // super(new HMac(new TigerDigest())); - // } - // } - // - // // - // // PKCS12 states that the same algorithm should be used - // // for the key generation as is used in the HMAC, so that - // // is what we do here. - // // - // - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends JCEMac - // { - // public PBEWithRIPEMD160() - // { - // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends JCEMac - { - public PBEWithSHA() - { - // BEGIN android-changed - super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); - // END android-changed - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends JCEMac - // { - // public PBEWithTiger() - // { - // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - // } - // } - // END android-removed -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java deleted file mode 100644 index ddb3ef1..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ /dev/null @@ -1,635 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.lang.reflect.Constructor; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; - -public class JCESecretKeyFactory - extends SecretKeyFactorySpi - implements PBE -{ - protected String algName; - protected ASN1ObjectIdentifier algOid; - - protected JCESecretKeyFactory( - String algName, - ASN1ObjectIdentifier algOid) - { - this.algName = algName; - this.algOid = algOid; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof SecretKeySpec) - { - return (SecretKey)keySpec; - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - - try - { - Class[] parameters = { byte[].class }; - - Constructor c = keySpec.getConstructor(parameters); - Object[] p = new Object[1]; - - p[0] = key.getEncoded(); - - return (KeySpec)c.newInstance(p); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - protected SecretKey engineTranslateKey( - SecretKey key) - throws InvalidKeyException - { - if (key == null) - { - throw new InvalidKeyException("key parameter is null"); - } - - if (!key.getAlgorithm().equalsIgnoreCase(algName)) - { - throw new InvalidKeyException("Key not of type " + algName + "."); - } - - return new SecretKeySpec(key.getEncoded(), algName); - } - - /* - * classes that inherit from us - */ - - static public class PBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public PBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DESPBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - KeyParameter kParam; - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - DESParameters.setOddParity(kParam.getKey()); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DES - extends JCESecretKeyFactory - { - public DES() - { - super("DES", null); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - // BEGIN android-removed - // /** - // * PBEWithMD2AndDES - // */ - // static public class PBEWithMD2AndDES - // extends DESPBEKeyFactory - // { - // public PBEWithMD2AndDES() - // { - // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); - // } - // } - // - // /** - // * PBEWithMD2AndRC2 - // */ - // static public class PBEWithMD2AndRC2 - // extends PBEKeyFactory - // { - // public PBEWithMD2AndRC2() - // { - // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); - // } - // } - // END android-removed - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends DESPBEKeyFactory - { - public PBEWithMD5AndDES() - { - super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends PBEKeyFactory - { - public PBEWithMD5AndRC2() - { - super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends DESPBEKeyFactory - { - public PBEWithSHA1AndDES() - { - super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends PBEKeyFactory - { - public PBEWithSHA1AndRC2() - { - super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3Key - extends DESPBEKeyFactory - { - public PBEWithSHAAndDES3Key() - { - super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2Key - extends DESPBEKeyFactory - { - public PBEWithSHAAndDES2Key() - { - super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitRC2 - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitRC2() - { - super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends PBEKeyFactory - { - public PBEWithSHAAnd40BitRC2() - { - super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHAAndTwofish - extends PBEKeyFactory - { - public PBEWithSHAAndTwofish() - { - super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128BitRC4 - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitRC4() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40BitRC4 - extends PBEKeyFactory - { - public PBEWithSHAAnd40BitRC4() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacRIPEMD160 - // */ - // public static class PBEWithRIPEMD160 - // extends PBEKeyFactory - // { - // public PBEWithRIPEMD160() - // { - // super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); - // } - // } - // END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends PBEKeyFactory - { - public PBEWithSHA() - { - super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); - } - } - - // BEGIN android-removed - // /** - // * PBEWithHmacTiger - // */ - // public static class PBEWithTiger - // extends PBEKeyFactory - // { - // public PBEWithTiger() - // { - // super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); - // } - // } - // END android-removed - - /** - * PBEWithSHA1And128BitAES-BC - */ - static public class PBEWithSHAAnd128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitAESBC() - { - super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); - } - } - - /** - * PBEWithSHA1And192BitAES-BC - */ - static public class PBEWithSHAAnd192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd192BitAESBC() - { - super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); - } - } - - /** - * PBEWithSHA1And256BitAES-BC - */ - static public class PBEWithSHAAnd256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd256BitAESBC() - { - super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHA256And128BitAES-BC - */ - static public class PBEWithSHA256And128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And128BitAESBC() - { - super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); - } - } - - /** - * PBEWithSHA256And192BitAES-BC - */ - static public class PBEWithSHA256And192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And192BitAESBC() - { - super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); - } - } - - /** - * PBEWithSHA256And256BitAES-BC - */ - static public class PBEWithSHA256And256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And256BitAESBC() - { - super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); - } - } - - /** - * PBEWithMD5And128BitAES-OpenSSL - */ - static public class PBEWithMD5And128BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And128BitAESCBCOpenSSL() - { - super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); - } - } - - /** - * PBEWithMD5And192BitAES-OpenSSL - */ - static public class PBEWithMD5And192BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And192BitAESCBCOpenSSL() - { - super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); - } - } - - /** - * PBEWithMD5And256BitAES-OpenSSL - */ - static public class PBEWithMD5And256BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And256BitAESCBCOpenSSL() - { - super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); - } - } - // BEGIN android-added - static public class PBKDF2WithHmacSHA1Base - extends JCESecretKeyFactory - { - int mScheme; - - protected PBKDF2WithHmacSHA1Base( - String algName, - int scheme) - { - super(algName, PKCSObjectIdentifiers.id_PBKDF2); - this.mScheme = scheme; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - - if (pbeSpec.getSalt() == null) - { - throw new InvalidKeySpecException("missing required salt"); - } - - if (pbeSpec.getIterationCount() <= 0) - { - throw new InvalidKeySpecException("positive iteration count required: " - + pbeSpec.getIterationCount()); - } - - if (pbeSpec.getKeyLength() <= 0) - { - throw new InvalidKeySpecException("positive key length required: " - + pbeSpec.getKeyLength()); - } - - if (pbeSpec.getPassword().length == 0) - { - throw new IllegalArgumentException("password empty"); - } - - int digest = SHA1; - int keySize = pbeSpec.getKeyLength(); - int ivSize = -1; - - CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class PBKDF2WithHmacSHA1 - extends PBKDF2WithHmacSHA1Base - { - public PBKDF2WithHmacSHA1() - { - super("PBKDF2WithHmacSHA1", PBKDF2); - } - } - - static public class BrokenPBKDF2WithHmacSHA1 - extends PBKDF2WithHmacSHA1Base - { - public BrokenPBKDF2WithHmacSHA1() - { - super("BrokenPBKDF2WithHmacSHA1", PKCS5S2); - } - } - // END android-added -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java index 4600679..7471b0b 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java @@ -620,28 +620,4 @@ public class JCEStreamCipher // } // } // END android-removed - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128BitRC4 - extends JCEStreamCipher - { - public PBEWithSHAAnd128BitRC4() - { - super(new RC4Engine(), 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40BitRC4 - extends JCEStreamCipher - { - public PBEWithSHAAnd40BitRC4() - { - super(new RC4Engine(), 0); - } - } } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java deleted file mode 100644 index 9a8cf9b..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java +++ /dev/null @@ -1,320 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.AlgorithmParametersSpi; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.IESParameterSpec; -// END android-removed - -public abstract class JDKAlgorithmParameters - extends AlgorithmParametersSpi -{ - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException; - - public static class PBKDF2 - extends JDKAlgorithmParameters - { - PBKDF2Params params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getSalt(), - params.getIterationCount().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PBKDF2Params(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PWRIKEK parameters object"); - } - - protected String engineToString() - { - return "PBKDF2 Parameters"; - } - } - - public static class PKCS12PBE - extends JDKAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } - - // BEGIN android-removed - // public static class IES - // extends JDKAlgorithmParameters - // { - // IESParameterSpec currentSpec; - // - // /** - // * in the absence of a standard way of doing it this will do for - // * now... - // */ - // protected byte[] engineGetEncoded() - // { - // try - // { - // ASN1EncodableVector v = new ASN1EncodableVector(); - // - // v.add(new DEROctetString(currentSpec.getDerivationV())); - // v.add(new DEROctetString(currentSpec.getEncodingV())); - // v.add(new DERInteger(currentSpec.getMacKeySize())); - // - // return new DERSequence(v).getEncoded(ASN1Encoding.DER); - // } - // catch (IOException e) - // { - // throw new RuntimeException("Error encoding IESParameters"); - // } - // } - // - // protected byte[] engineGetEncoded( - // String format) - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // return engineGetEncoded(); - // } - // - // return null; - // } - // - // protected AlgorithmParameterSpec localEngineGetParameterSpec( - // Class paramSpec) - // throws InvalidParameterSpecException - // { - // if (paramSpec == IESParameterSpec.class) - // { - // return currentSpec; - // } - // - // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - // } - // - // protected void engineInit( - // AlgorithmParameterSpec paramSpec) - // throws InvalidParameterSpecException - // { - // if (!(paramSpec instanceof IESParameterSpec)) - // { - // throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); - // } - // - // this.currentSpec = (IESParameterSpec)paramSpec; - // } - // - // protected void engineInit( - // byte[] params) - // throws IOException - // { - // try - // { - // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); - // - // this.currentSpec = new IESParameterSpec( - // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - // ((DERInteger)s.getObjectAt(0)).getValue().intValue()); - // } - // catch (ClassCastException e) - // { - // throw new IOException("Not a valid IES Parameter encoding."); - // } - // catch (ArrayIndexOutOfBoundsException e) - // { - // throw new IOException("Not a valid IES Parameter encoding."); - // } - // } - // - // protected void engineInit( - // byte[] params, - // String format) - // throws IOException - // { - // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - // { - // engineInit(params); - // } - // else - // { - // throw new IOException("Unknown parameter format " + format); - // } - // } - // - // protected String engineToString() - // { - // return "IES Parameters"; - // } - // } - // END android-removed -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java deleted file mode 100644 index 2c9c012..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java +++ /dev/null @@ -1,1048 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyStoreException; -import java.security.KeyStoreSpi; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.CipherOutputStream; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.PBEParametersGenerator; -// BEGIN android-added -import org.bouncycastle.crypto.digests.AndroidDigestFactory; -// END android-added -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.SHA1Digest; -// END android-removed -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.io.DigestInputStream; -import org.bouncycastle.crypto.io.DigestOutputStream; -import org.bouncycastle.crypto.io.MacInputStream; -import org.bouncycastle.crypto.io.MacOutputStream; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jce.interfaces.BCKeyStore; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.io.Streams; -import org.bouncycastle.util.io.TeeOutputStream; - -public class JDKKeyStore - extends KeyStoreSpi - implements BCKeyStore -{ - private static final int STORE_VERSION = 2; - - private static final int STORE_SALT_SIZE = 20; - private static final String STORE_CIPHER = "PBEWithSHAAndTwofish-CBC"; - - private static final int KEY_SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 1024; - - private static final String KEY_CIPHER = "PBEWithSHAAnd3-KeyTripleDES-CBC"; - - // - // generic object types - // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; - - // - // key types - // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; - - protected Hashtable table = new Hashtable(); - - protected SecureRandom random = new SecureRandom(); - - public JDKKeyStore() - { - } - - private class StoreEntry - { - int type; - String alias; - Object obj; - Certificate[] certChain; - Date date = new Date(); - - StoreEntry( - String alias, - Certificate obj) - { - this.type = CERTIFICATE; - this.alias = alias; - this.obj = obj; - this.certChain = null; - } - - StoreEntry( - String alias, - byte[] obj, - Certificate[] certChain) - { - this.type = SECRET; - this.alias = alias; - this.obj = obj; - this.certChain = certChain; - } - - StoreEntry( - String alias, - Key key, - char[] password, - Certificate[] certChain) - throws Exception - { - this.type = SEALED; - this.alias = alias; - this.certChain = certChain; - - byte[] salt = new byte[KEY_SALT_SIZE]; - - random.setSeed(System.currentTimeMillis()); - random.nextBytes(salt); - - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DataOutputStream dOut = new DataOutputStream(bOut); - - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - - dOut = new DataOutputStream(cOut); - - encodeKey(key, dOut); - - dOut.close(); - - obj = bOut.toByteArray(); - } - - StoreEntry( - String alias, - Date date, - int type, - Object obj) - { - this.alias = alias; - this.date = date; - this.type = type; - this.obj = obj; - } - - StoreEntry( - String alias, - Date date, - int type, - Object obj, - Certificate[] certChain) - { - this.alias = alias; - this.date = date; - this.type = type; - this.obj = obj; - this.certChain = certChain; - } - - int getType() - { - return type; - } - - String getAlias() - { - return alias; - } - - Object getObject() - { - return obj; - } - - Object getObject( - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - if (password == null || password.length == 0) - { - if (obj instanceof Key) - { - return obj; - } - } - - if (type == SEALED) - { - ByteArrayInputStream bIn = new ByteArrayInputStream((byte[])obj); - DataInputStream dIn = new DataInputStream(bIn); - - try - { - byte[] salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - - try - { - return decodeKey(new DataInputStream(cIn)); - } - catch (Exception x) - { - bIn = new ByteArrayInputStream((byte[])obj); - dIn = new DataInputStream(bIn); - - salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - iterationCount = dIn.readInt(); - - cipher = makePBECipher("Broken" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - cIn = new CipherInputStream(dIn, cipher); - - Key k = null; - - try - { - k = decodeKey(new DataInputStream(cIn)); - } - catch (Exception y) - { - bIn = new ByteArrayInputStream((byte[])obj); - dIn = new DataInputStream(bIn); - - salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - iterationCount = dIn.readInt(); - - cipher = makePBECipher("Old" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - cIn = new CipherInputStream(dIn, cipher); - - k = decodeKey(new DataInputStream(cIn)); - } - - // - // reencrypt key with correct cipher. - // - if (k != null) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DataOutputStream dOut = new DataOutputStream(bOut); - - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - Cipher out = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - CipherOutputStream cOut = new CipherOutputStream(dOut, out); - - dOut = new DataOutputStream(cOut); - - encodeKey(k, dOut); - - dOut.close(); - - obj = bOut.toByteArray(); - - return k; - } - else - { - throw new UnrecoverableKeyException("no match"); - } - } - } - catch (Exception e) - { - throw new UnrecoverableKeyException("no match"); - } - } - else - { - throw new RuntimeException("forget something!"); - // TODO - // if we get to here key was saved as byte data, which - // according to the docs means it must be a private key - // in EncryptedPrivateKeyInfo (PKCS8 format), later... - // - } - } - - Certificate[] getCertificateChain() - { - return certChain; - } - - Date getDate() - { - return date; - } - } - - private void encodeCertificate( - Certificate cert, - DataOutputStream dOut) - throws IOException - { - try - { - byte[] cEnc = cert.getEncoded(); - - dOut.writeUTF(cert.getType()); - dOut.writeInt(cEnc.length); - dOut.write(cEnc); - } - catch (CertificateEncodingException ex) - { - throw new IOException(ex.toString()); - } - } - - private Certificate decodeCertificate( - DataInputStream dIn) - throws IOException - { - String type = dIn.readUTF(); - byte[] cEnc = new byte[dIn.readInt()]; - - dIn.readFully(cEnc); - - try - { - CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME); - ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc); - - return cFact.generateCertificate(bIn); - } - catch (NoSuchProviderException ex) - { - throw new IOException(ex.toString()); - } - catch (CertificateException ex) - { - throw new IOException(ex.toString()); - } - } - - private void encodeKey( - Key key, - DataOutputStream dOut) - throws IOException - { - byte[] enc = key.getEncoded(); - - if (key instanceof PrivateKey) - { - dOut.write(KEY_PRIVATE); - } - else if (key instanceof PublicKey) - { - dOut.write(KEY_PUBLIC); - } - else - { - dOut.write(KEY_SECRET); - } - - dOut.writeUTF(key.getFormat()); - dOut.writeUTF(key.getAlgorithm()); - dOut.writeInt(enc.length); - dOut.write(enc); - } - - private Key decodeKey( - DataInputStream dIn) - throws IOException - { - int keyType = dIn.read(); - String format = dIn.readUTF(); - String algorithm = dIn.readUTF(); - byte[] enc = new byte[dIn.readInt()]; - KeySpec spec; - - dIn.readFully(enc); - - if (format.equals("PKCS#8") || format.equals("PKCS8")) - { - spec = new PKCS8EncodedKeySpec(enc); - } - else if (format.equals("X.509") || format.equals("X509")) - { - spec = new X509EncodedKeySpec(enc); - } - else if (format.equals("RAW")) - { - return new SecretKeySpec(enc, algorithm); - } - else - { - throw new IOException("Key format " + format + " not recognised!"); - } - - try - { - switch (keyType) - { - case KEY_PRIVATE: - return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(spec); - case KEY_PUBLIC: - return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePublic(spec); - case KEY_SECRET: - return SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generateSecret(spec); - default: - throw new IOException("Key type " + keyType + " not recognised!"); - } - } - catch (Exception e) - { - throw new IOException("Exception creating key: " + e.toString()); - } - } - - protected Cipher makePBECipher( - String algorithm, - int mode, - char[] password, - byte[] salt, - int iterationCount) - throws IOException - { - try - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); - PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); - - Cipher cipher = Cipher.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); - - cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams); - - return cipher; - } - catch (Exception e) - { - throw new IOException("Error initialising store of key store: " + e); - } - } - - public void setRandom( - SecureRandom rand) - { - this.random = rand; - } - - public Enumeration engineAliases() - { - return table.keys(); - } - - public boolean engineContainsAlias( - String alias) - { - return (table.get(alias) != null); - } - - public void engineDeleteEntry( - String alias) - throws KeyStoreException - { - Object entry = table.get(alias); - - if (entry == null) - { - // BEGIN android-removed - // Only throw if there is a problem removing, not if missing - // throw new KeyStoreException("no such entry as " + alias); - // END android-removed - // BEGIN android-added - return; - // END android-added - } - - table.remove(alias); - } - - public Certificate engineGetCertificate( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - if (entry.getType() == CERTIFICATE) - { - return (Certificate)entry.getObject(); - } - else - { - Certificate[] chain = entry.getCertificateChain(); - - if (chain != null) - { - return chain[0]; - } - } - } - - return null; - } - - public String engineGetCertificateAlias( - Certificate cert) - { - Enumeration e = table.elements(); - while (e.hasMoreElements()) - { - StoreEntry entry = (StoreEntry)e.nextElement(); - - if (entry.getObject() instanceof Certificate) - { - Certificate c = (Certificate)entry.getObject(); - - if (c.equals(cert)) - { - return entry.getAlias(); - } - } - else - { - Certificate[] chain = entry.getCertificateChain(); - - if (chain != null && chain[0].equals(cert)) - { - return entry.getAlias(); - } - } - } - - return null; - } - - public Certificate[] engineGetCertificateChain( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - return entry.getCertificateChain(); - } - - return null; - } - - public Date engineGetCreationDate(String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - return entry.getDate(); - } - - return null; - } - - public Key engineGetKey( - String alias, - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry == null || entry.getType() == CERTIFICATE) - { - return null; - } - - return (Key)entry.getObject(password); - } - - public boolean engineIsCertificateEntry( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() == CERTIFICATE) - { - return true; - } - - return false; - } - - public boolean engineIsKeyEntry( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() != CERTIFICATE) - { - return true; - } - - return false; - } - - public void engineSetCertificateEntry( - String alias, - Certificate cert) - throws KeyStoreException - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() != CERTIFICATE) - { - throw new KeyStoreException("key store already has a key entry with alias " + alias); - } - - table.put(alias, new StoreEntry(alias, cert)); - } - - public void engineSetKeyEntry( - String alias, - byte[] key, - Certificate[] chain) - throws KeyStoreException - { - table.put(alias, new StoreEntry(alias, key, chain)); - } - - public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) - throws KeyStoreException - { - if ((key instanceof PrivateKey) && (chain == null)) - { - throw new KeyStoreException("no certificate chain for private key"); - } - - try - { - table.put(alias, new StoreEntry(alias, key, password, chain)); - } - catch (Exception e) - { - throw new KeyStoreException(e.toString()); - } - } - - public int engineSize() - { - return table.size(); - } - - protected void loadStore( - InputStream in) - throws IOException - { - DataInputStream dIn = new DataInputStream(in); - int type = dIn.read(); - - while (type > NULL) - { - String alias = dIn.readUTF(); - Date date = new Date(dIn.readLong()); - int chainLength = dIn.readInt(); - Certificate[] chain = null; - - if (chainLength != 0) - { - chain = new Certificate[chainLength]; - - for (int i = 0; i != chainLength; i++) - { - chain[i] = decodeCertificate(dIn); - } - } - - switch (type) - { - case CERTIFICATE: - Certificate cert = decodeCertificate(dIn); - - table.put(alias, new StoreEntry(alias, date, CERTIFICATE, cert)); - break; - case KEY: - Key key = decodeKey(dIn); - table.put(alias, new StoreEntry(alias, date, KEY, key, chain)); - break; - case SECRET: - case SEALED: - byte[] b = new byte[dIn.readInt()]; - - dIn.readFully(b); - table.put(alias, new StoreEntry(alias, date, type, b, chain)); - break; - default: - throw new RuntimeException("Unknown object type in store."); - } - - type = dIn.read(); - } - } - - protected void saveStore( - OutputStream out) - throws IOException - { - Enumeration e = table.elements(); - DataOutputStream dOut = new DataOutputStream(out); - - while (e.hasMoreElements()) - { - StoreEntry entry = (StoreEntry)e.nextElement(); - - dOut.write(entry.getType()); - dOut.writeUTF(entry.getAlias()); - dOut.writeLong(entry.getDate().getTime()); - - Certificate[] chain = entry.getCertificateChain(); - if (chain == null) - { - dOut.writeInt(0); - } - else - { - dOut.writeInt(chain.length); - for (int i = 0; i != chain.length; i++) - { - encodeCertificate(chain[i], dOut); - } - } - - switch (entry.getType()) - { - case CERTIFICATE: - encodeCertificate((Certificate)entry.getObject(), dOut); - break; - case KEY: - encodeKey((Key)entry.getObject(), dOut); - break; - case SEALED: - case SECRET: - byte[] b = (byte[])entry.getObject(); - - dOut.writeInt(b.length); - dOut.write(b); - break; - default: - throw new RuntimeException("Unknown object type in store."); - } - } - - dOut.write(NULL); - } - - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - table.clear(); - - if (stream == null) // just initialising - { - return; - } - - DataInputStream dIn = new DataInputStream(stream); - int version = dIn.readInt(); - - if (version != STORE_VERSION) - { - if (version != 0 && version != 1) - { - throw new IOException("Wrong version of key store."); - } - } - - int saltLength = dIn.readInt(); - if (saltLength <= 0) - { - throw new IOException("Invalid salt detected"); - } - - byte[] salt = new byte[saltLength]; - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - // - // we only do an integrity check if the password is provided. - // - // BEGIN android-changed - HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); - // END android-changed - if (password != null && password.length != 0) - { - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - // BEGIN android-changed - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); - // END android-changed - pbeGen.init(passKey, salt, iterationCount); - - CipherParameters macParams; - - if (version != 2) - { - macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize()); - } - else - { - macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8); - } - - Arrays.fill(passKey, (byte)0); - - hMac.init(macParams); - MacInputStream mIn = new MacInputStream(dIn, hMac); - - loadStore(mIn); - - // Finalise our mac calculation - byte[] mac = new byte[hMac.getMacSize()]; - hMac.doFinal(mac, 0); - - // TODO Should this actually be reading the remainder of the stream? - // Read the original mac from the stream - byte[] oldMac = new byte[hMac.getMacSize()]; - dIn.readFully(oldMac); - - if (!Arrays.constantTimeAreEqual(mac, oldMac)) - { - table.clear(); - throw new IOException("KeyStore integrity check failed."); - } - } - else - { - loadStore(dIn); - - // TODO Should this actually be reading the remainder of the stream? - // Parse the original mac from the stream too - byte[] oldMac = new byte[hMac.getMacSize()]; - dIn.readFully(oldMac); - } - } - - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - DataOutputStream dOut = new DataOutputStream(stream); - byte[] salt = new byte[STORE_SALT_SIZE]; - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - random.nextBytes(salt); - - dOut.writeInt(STORE_VERSION); - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - // BEGIN android-changed - HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); - MacOutputStream mOut = new MacOutputStream(hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); - // END android-changed - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - pbeGen.init(passKey, salt, iterationCount); - - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); - - for (int i = 0; i != passKey.length; i++) - { - passKey[i] = 0; - } - - saveStore(new TeeOutputStream(dOut, mOut)); - - byte[] mac = new byte[hMac.getMacSize()]; - - hMac.doFinal(mac, 0); - - dOut.write(mac); - - dOut.close(); - } - - /** - * the BouncyCastle store. This wont work with the key tool as the - * store is stored encrypted on disk, so the password is mandatory, - * however if you hard drive is in a bad part of town and you absolutely, - * positively, don't want nobody peeking at your things, this is the - * one to use, no problem! After all in a Bouncy Castle nothing can - * touch you. - * - * Also referred to by the alias UBER. - */ - public static class BouncyCastleStore - extends JDKKeyStore - { - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - table.clear(); - - if (stream == null) // just initialising - { - return; - } - - DataInputStream dIn = new DataInputStream(stream); - int version = dIn.readInt(); - - if (version != STORE_VERSION) - { - if (version != 0 && version != 1) - { - throw new IOException("Wrong version of key store."); - } - } - - byte[] salt = new byte[dIn.readInt()]; - - if (salt.length != STORE_SALT_SIZE) - { - throw new IOException("Key store corrupted."); - } - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - if ((iterationCount < 0) || (iterationCount > 4 * MIN_ITERATIONS)) - { - throw new IOException("Key store corrupted."); - } - - String cipherAlg; - if (version == 0) - { - cipherAlg = "Old" + STORE_CIPHER; - } - else - { - cipherAlg = STORE_CIPHER; - } - - Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - - // BEGIN android-changed - Digest dig = AndroidDigestFactory.getSHA1(); - // END android-changed - DigestInputStream dgIn = new DigestInputStream(cIn, dig); - - this.loadStore(dgIn); - - // Finalise our digest calculation - byte[] hash = new byte[dig.getDigestSize()]; - dig.doFinal(hash, 0); - - // TODO Should this actually be reading the remainder of the stream? - // Read the original digest from the stream - byte[] oldHash = new byte[dig.getDigestSize()]; - Streams.readFully(cIn, oldHash); - - if (!Arrays.constantTimeAreEqual(hash, oldHash)) - { - table.clear(); - throw new IOException("KeyStore integrity check failed."); - } - } - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - Cipher cipher; - DataOutputStream dOut = new DataOutputStream(stream); - byte[] salt = new byte[STORE_SALT_SIZE]; - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - random.nextBytes(salt); - - dOut.writeInt(STORE_VERSION); - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - // BEGIN android-changed - DigestOutputStream dgOut = new DigestOutputStream(AndroidDigestFactory.getSHA1()); - // END android-changed - - this.saveStore(new TeeOutputStream(cOut, dgOut)); - - byte[] dig = dgOut.getDigest(); - - cOut.write(dig); - - cOut.close(); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java deleted file mode 100644 index e4176fa..0000000 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java +++ /dev/null @@ -1,1639 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStore.ProtectionParameter; -import java.security.KeyStoreException; -import java.security.KeyStoreSpi; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import javax.crypto.Cipher; -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.BEROutputStream; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.pkcs.AuthenticatedSafe; -import org.bouncycastle.asn1.pkcs.CertBag; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.EncryptedData; -import org.bouncycastle.asn1.pkcs.MacData; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.Pfx; -import org.bouncycastle.asn1.pkcs.SafeBag; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jce.interfaces.BCKeyStore; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; - -public class JDKPKCS12KeyStore - extends KeyStoreSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore -{ - private static final int SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 1024; - - private static final Provider bcProvider = new BouncyCastleProvider(); - - private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(); - private Hashtable localIds = new Hashtable(); - private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(); - private Hashtable chainCerts = new Hashtable(); - private Hashtable keyCerts = new Hashtable(); - - // - // generic object types - // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; - - // - // key types - // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; - - protected SecureRandom random = new SecureRandom(); - - // use of final causes problems with JDK 1.2 compiler - private CertificateFactory certFact; - private ASN1ObjectIdentifier keyAlgorithm; - private ASN1ObjectIdentifier certAlgorithm; - - private class CertId - { - byte[] id; - - CertId( - PublicKey key) - { - this.id = createSubjectKeyId(key).getKeyIdentifier(); - } - - CertId( - byte[] id) - { - this.id = id; - } - - public int hashCode() - { - return Arrays.hashCode(id); - } - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof CertId)) - { - return false; - } - - CertId cId = (CertId)o; - - return Arrays.areEqual(id, cId.id); - } - } - - public JDKPKCS12KeyStore( - Provider provider, - ASN1ObjectIdentifier keyAlgorithm, - ASN1ObjectIdentifier certAlgorithm) - { - this.keyAlgorithm = keyAlgorithm; - this.certAlgorithm = certAlgorithm; - - try - { - if (provider != null) - { - certFact = CertificateFactory.getInstance("X.509", provider); - } - else - { - certFact = CertificateFactory.getInstance("X.509"); - } - } - catch (Exception e) - { - throw new IllegalArgumentException("can't create cert factory - " + e.toString()); - } - } - - private SubjectKeyIdentifier createSubjectKeyId( - PublicKey pubKey) - { - try - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence) ASN1Primitive.fromByteArray(pubKey.getEncoded())); - - return new SubjectKeyIdentifier(info); - } - catch (Exception e) - { - throw new RuntimeException("error creating key"); - } - } - - public void setRandom( - SecureRandom rand) - { - this.random = rand; - } - - public Enumeration engineAliases() - { - Hashtable tab = new Hashtable(); - - Enumeration e = certs.keys(); - while (e.hasMoreElements()) - { - tab.put(e.nextElement(), "cert"); - } - - e = keys.keys(); - while (e.hasMoreElements()) - { - String a = (String)e.nextElement(); - if (tab.get(a) == null) - { - tab.put(a, "key"); - } - } - - return tab.keys(); - } - - public boolean engineContainsAlias( - String alias) - { - return (certs.get(alias) != null || keys.get(alias) != null); - } - - /** - * this is not quite complete - we should follow up on the chain, a bit - * tricky if a certificate appears in more than one chain... - */ - public void engineDeleteEntry( - String alias) - throws KeyStoreException - { - Key k = (Key)keys.remove(alias); - - Certificate c = (Certificate)certs.remove(alias); - - if (c != null) - { - chainCerts.remove(new CertId(c.getPublicKey())); - } - - if (k != null) - { - String id = (String)localIds.remove(alias); - if (id != null) - { - c = (Certificate)keyCerts.remove(id); - } - if (c != null) - { - chainCerts.remove(new CertId(c.getPublicKey())); - } - } - } - - /** - * simply return the cert for the private key - */ - public Certificate engineGetCertificate( - String alias) - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getCertificate."); - } - - Certificate c = (Certificate)certs.get(alias); - - // - // look up the key table - and try the local key id - // - if (c == null) - { - String id = (String)localIds.get(alias); - if (id != null) - { - c = (Certificate)keyCerts.get(id); - } - else - { - c = (Certificate)keyCerts.get(alias); - } - } - - return c; - } - - public String engineGetCertificateAlias( - Certificate cert) - { - Enumeration c = certs.elements(); - Enumeration k = certs.keys(); - - while (c.hasMoreElements()) - { - Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); - - if (tc.equals(cert)) - { - return ta; - } - } - - c = keyCerts.elements(); - k = keyCerts.keys(); - - while (c.hasMoreElements()) - { - Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); - - if (tc.equals(cert)) - { - return ta; - } - } - - return null; - } - - public Certificate[] engineGetCertificateChain( - String alias) - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getCertificateChain."); - } - - if (!engineIsKeyEntry(alias)) - { - return null; - } - - Certificate c = engineGetCertificate(alias); - - if (c != null) - { - Vector cs = new Vector(); - - while (c != null) - { - X509Certificate x509c = (X509Certificate)c; - Certificate nextC = null; - - byte[] bytes = x509c.getExtensionValue(Extension.authorityKeyIdentifier.getId()); - if (bytes != null) - { - try - { - ASN1InputStream aIn = new ASN1InputStream(bytes); - - byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets(); - aIn = new ASN1InputStream(authBytes); - - AuthorityKeyIdentifier id = AuthorityKeyIdentifier.getInstance(aIn.readObject()); - if (id.getKeyIdentifier() != null) - { - nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); - } - - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - } - - if (nextC == null) - { - // - // no authority key id, try the Issuer DN - // - Principal i = x509c.getIssuerDN(); - Principal s = x509c.getSubjectDN(); - - if (!i.equals(s)) - { - Enumeration e = chainCerts.keys(); - - while (e.hasMoreElements()) - { - X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); - Principal sub = crt.getSubjectDN(); - if (sub.equals(i)) - { - try - { - x509c.verify(crt.getPublicKey()); - nextC = crt; - break; - } - catch (Exception ex) - { - // continue - } - } - } - } - } - - cs.addElement(c); - if (nextC != c) // self signed - end of the chain - { - c = nextC; - } - else - { - c = null; - } - } - - Certificate[] certChain = new Certificate[cs.size()]; - - for (int i = 0; i != certChain.length; i++) - { - certChain[i] = (Certificate)cs.elementAt(i); - } - - return certChain; - } - - return null; - } - - public Date engineGetCreationDate(String alias) - { - if (alias == null) - { - throw new NullPointerException("alias == null"); - } - if (keys.get(alias) == null && certs.get(alias) == null) - { - return null; - } - return new Date(); - } - - public Key engineGetKey( - String alias, - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getKey."); - } - - return (Key)keys.get(alias); - } - - public boolean engineIsCertificateEntry( - String alias) - { - return (certs.get(alias) != null && keys.get(alias) == null); - } - - public boolean engineIsKeyEntry( - String alias) - { - return (keys.get(alias) != null); - } - - public void engineSetCertificateEntry( - String alias, - Certificate cert) - throws KeyStoreException - { - if (keys.get(alias) != null) - { - throw new KeyStoreException("There is a key entry with the name " + alias + "."); - } - - certs.put(alias, cert); - chainCerts.put(new CertId(cert.getPublicKey()), cert); - } - - public void engineSetKeyEntry( - String alias, - byte[] key, - Certificate[] chain) - throws KeyStoreException - { - throw new RuntimeException("operation not supported"); - } - - public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) - throws KeyStoreException - { - if (!(key instanceof PrivateKey)) - { - throw new KeyStoreException("PKCS12 does not support non-PrivateKeys"); - } - - if ((key instanceof PrivateKey) && (chain == null)) - { - throw new KeyStoreException("no certificate chain for private key"); - } - - if (keys.get(alias) != null) - { - engineDeleteEntry(alias); - } - - keys.put(alias, key); - if (chain != null) - { - certs.put(alias, chain[0]); - - for (int i = 0; i != chain.length; i++) - { - chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]); - } - } - } - - public int engineSize() - { - Hashtable tab = new Hashtable(); - - Enumeration e = certs.keys(); - while (e.hasMoreElements()) - { - tab.put(e.nextElement(), "cert"); - } - - e = keys.keys(); - while (e.hasMoreElements()) - { - String a = (String)e.nextElement(); - if (tab.get(a) == null) - { - tab.put(a, "key"); - } - } - - return tab.size(); - } - - protected PrivateKey unwrapKey( - AlgorithmIdentifier algId, - byte[] data, - char[] password, - boolean wrongPKCS12Zero) - throws IOException - { - String algorithm = algId.getAlgorithm().getId(); - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - - PBEKeySpec pbeSpec = new PBEKeySpec(password); - PrivateKey out; - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - SecretKey k = keyFact.generateSecret(pbeSpec); - - ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); - - Cipher cipher = Cipher.getInstance(algorithm, bcProvider); - - cipher.init(Cipher.UNWRAP_MODE, k, defParams); - - // we pass "" as the key algorithm type as it is unknown at this point - out = (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); - } - catch (Exception e) - { - throw new IOException("exception unwrapping private key - " + e.toString()); - } - - return out; - } - - protected byte[] wrapKey( - String algorithm, - Key key, - PKCS12PBEParams pbeParams, - char[] password) - throws IOException - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - byte[] out; - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - Cipher cipher = Cipher.getInstance(algorithm, bcProvider); - - cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams); - - out = cipher.wrap(key); - } - catch (Exception e) - { - throw new IOException("exception encrypting data - " + e.toString()); - } - - return out; - } - - protected byte[] cryptData( - boolean forEncryption, - AlgorithmIdentifier algId, - char[] password, - boolean wrongPKCS12Zero, - byte[] data) - throws IOException - { - String algorithm = algId.getAlgorithm().getId(); - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); - - key.setTryWrongPKCS12Zero(wrongPKCS12Zero); - - Cipher cipher = Cipher.getInstance(algorithm, bcProvider); - int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE; - cipher.init(mode, key, defParams); - return cipher.doFinal(data); - } - catch (Exception e) - { - throw new IOException("exception decrypting data - " + e.toString()); - } - } - - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - if (stream == null) // just initialising - { - return; - } - - if (password == null) - { - throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); - } - - BufferedInputStream bufIn = new BufferedInputStream(stream); - - bufIn.mark(10); - - int head = bufIn.read(); - - if (head != 0x30) - { - throw new IOException("stream does not represent a PKCS12 key store"); - } - - bufIn.reset(); - - ASN1InputStream bIn = new ASN1InputStream(bufIn); - ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); - Pfx bag = Pfx.getInstance(obj); - ContentInfo info = bag.getAuthSafe(); - Vector chain = new Vector(); - boolean unmarkedKey = false; - boolean wrongPKCS12Zero = false; - - if (bag.getMacData() != null) // check the mac code - { - MacData mData = bag.getMacData(); - DigestInfo dInfo = mData.getMac(); - AlgorithmIdentifier algId = dInfo.getAlgorithmId(); - byte[] salt = mData.getSalt(); - int itCount = mData.getIterationCount().intValue(); - - byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); - - try - { - byte[] res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, false, data); - byte[] dig = dInfo.getDigest(); - - if (!Arrays.constantTimeAreEqual(res, dig)) - { - if (password.length > 0) - { - throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); - } - - // Try with incorrect zero length password - res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, true, data); - - if (!Arrays.constantTimeAreEqual(res, dig)) - { - throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); - } - - wrongPKCS12Zero = true; - } - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new IOException("error constructing MAC: " + e.toString()); - } - } - - keys = new IgnoresCaseHashtable(); - localIds = new Hashtable(); - - if (info.getContentType().equals(data)) - { - bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); - - AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); - ContentInfo[] c = authSafe.getContentInfo(); - - for (int i = 0; i != c.length; i++) - { - if (c[i].getContentType().equals(data)) - { - ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets()); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - for (int j = 0; j != seq.size(); j++) - { - SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); - if (b.getBagId().equals(pkcs8ShroudedKeyBag)) - { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - if (b.getBagAttributes() != null) - { - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; - - if (attrSet.size() > 0) - { - attr = (ASN1Primitive)attrSet.getObjectAt(0); - - ASN1Encodable existing = bagAttr.getBagAttribute(aOid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(aOid, attr); - } - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - } - - if (localId != null) - { - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else - { - unmarkedKey = true; - keys.put("unmarked", privKey); - } - } - else if (b.getBagId().equals(certBag)) - { - chain.addElement(b); - } - else - { - System.out.println("extra in data " + b.getBagId()); - System.out.println(ASN1Dump.dumpAsString(b)); - } - } - } - else if (c[i].getContentType().equals(encryptedData)) - { - EncryptedData d = EncryptedData.getInstance(c[i].getContent()); - byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), - password, wrongPKCS12Zero, d.getContent().getOctets()); - ASN1Sequence seq = (ASN1Sequence) ASN1Primitive.fromByteArray(octets); - - for (int j = 0; j != seq.size(); j++) - { - SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); - - if (b.getBagId().equals(certBag)) - { - chain.addElement(b); - } - else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) - { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet= (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; - - if (attrSet.size() > 0) - { - attr = (ASN1Primitive)attrSet.getObjectAt(0); - - ASN1Encodable existing = bagAttr.getBagAttribute(aOid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(aOid, attr); - } - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else if (b.getBagId().equals(keyBag)) - { - org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue()); - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; - - if (attrSet.size() > 0) - { - attr = (ASN1Primitive)attrSet.getObjectAt(0); - - ASN1Encodable existing = bagAttr.getBagAttribute(aOid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(aOid, attr); - } - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else - { - System.out.println("extra in encryptedData " + b.getBagId()); - System.out.println(ASN1Dump.dumpAsString(b)); - } - } - } - else - { - System.out.println("extra " + c[i].getContentType().getId()); - System.out.println("extra " + ASN1Dump.dumpAsString(c[i].getContent())); - } - } - } - - certs = new IgnoresCaseHashtable(); - chainCerts = new Hashtable(); - keyCerts = new Hashtable(); - - for (int i = 0; i != chain.size(); i++) - { - SafeBag b = (SafeBag)chain.elementAt(i); - CertBag cb = CertBag.getInstance(b.getBagValue()); - - if (!cb.getCertId().equals(x509Certificate)) - { - throw new RuntimeException("Unsupported certificate type: " + cb.getCertId()); - } - - Certificate cert; - - try - { - ByteArrayInputStream cIn = new ByteArrayInputStream( - ((ASN1OctetString)cb.getCertValue()).getOctets()); - cert = certFact.generateCertificate(cIn); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - - // - // set the attributes - // - ASN1OctetString localId = null; - String alias = null; - - if (b.getBagAttributes() != null) - { - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Primitive attr = (ASN1Primitive)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); - PKCS12BagAttributeCarrier bagAttr = null; - - if (cert instanceof PKCS12BagAttributeCarrier) - { - bagAttr = (PKCS12BagAttributeCarrier)cert; - - ASN1Encodable existing = bagAttr.getBagAttribute(oid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(oid, attr); - } - } - - if (oid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - } - else if (oid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - } - - chainCerts.put(new CertId(cert.getPublicKey()), cert); - - if (unmarkedKey) - { - if (keyCerts.isEmpty()) - { - String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); - - keyCerts.put(name, cert); - keys.put(name, keys.remove("unmarked")); - } - } - else - { - // - // the local key id needs to override the friendly name - // - if (localId != null) - { - String name = new String(Hex.encode(localId.getOctets())); - - keyCerts.put(name, cert); - } - if (alias != null) - { - certs.put(alias, cert); - } - } - } - } - - public void engineStore(LoadStoreParameter param) throws IOException, - NoSuchAlgorithmException, CertificateException - { - if (param == null) - { - throw new IllegalArgumentException("'param' arg cannot be null"); - } - - if (!(param instanceof JDKPKCS12StoreParameter)) - { - throw new IllegalArgumentException( - "No support for 'param' of type " + param.getClass().getName()); - } - - JDKPKCS12StoreParameter bcParam = (JDKPKCS12StoreParameter)param; - - char[] password; - ProtectionParameter protParam = param.getProtectionParameter(); - if (protParam == null) - { - password = null; - } - else if (protParam instanceof KeyStore.PasswordProtection) - { - password = ((KeyStore.PasswordProtection)protParam).getPassword(); - } - else - { - throw new IllegalArgumentException( - "No support for protection parameter of type " + protParam.getClass().getName()); - } - - doStore(bcParam.getOutputStream(), password, bcParam.isUseDEREncoding()); - } - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - doStore(stream, password, false); - } - - private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) - throws IOException - { - if (password == null) - { - throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); - } - - // - // handle the key - // - ASN1EncodableVector keyS = new ASN1EncodableVector(); - - - Enumeration ks = keys.keys(); - - while (ks.hasMoreElements()) - { - byte[] kSalt = new byte[SALT_SIZE]; - - random.nextBytes(kSalt); - - String name = (String)ks.nextElement(); - PrivateKey privKey = (PrivateKey)keys.get(name); - PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); - byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); - AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); - boolean attrSet = false; - ASN1EncodableVector kName = new ASN1EncodableVector(); - - if (privKey instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(name)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); - } - - // - // make sure we have a local key-id - // - if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) - { - Certificate ct = engineGetCertificate(name); - - bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - - kSeq.add(oid); - kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - - attrSet = true; - - kName.add(new DERSequence(kSeq)); - } - } - - if (!attrSet) - { - // - // set a default friendly name (from the key id) and local id - // - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - Certificate ct = engineGetCertificate(name); - - kSeq.add(pkcs_9_at_localKeyId); - kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); - - kName.add(new DERSequence(kSeq)); - - kSeq = new ASN1EncodableVector(); - - kSeq.add(pkcs_9_at_friendlyName); - kSeq.add(new DERSet(new DERBMPString(name))); - - kName.add(new DERSequence(kSeq)); - } - - SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); - keyS.add(kBag); - } - - byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); - BEROctetString keyString = new BEROctetString(keySEncoded); - - // - // certificate processing - // - byte[] cSalt = new byte[SALT_SIZE]; - - random.nextBytes(cSalt); - - ASN1EncodableVector certSeq = new ASN1EncodableVector(); - PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); - AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); - Hashtable doneCerts = new Hashtable(); - - Enumeration cs = keys.keys(); - while (cs.hasMoreElements()) - { - try - { - String name = (String)cs.nextElement(); - Certificate cert = engineGetCertificate(name); - boolean cAttrSet = false; - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(name)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); - } - - // - // make sure we have a local key-id - // - if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) - { - bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey())); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - - cAttrSet = true; - } - } - - if (!cAttrSet) - { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_localKeyId); - fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey()))); - fName.add(new DERSequence(fSeq)); - - fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_friendlyName); - fSeq.add(new DERSet(new DERBMPString(name))); - - fName.add(new DERSequence(fSeq)); - } - - SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); - - certSeq.add(sBag); - - doneCerts.put(cert, cert); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - cs = certs.keys(); - while (cs.hasMoreElements()) - { - try - { - String certId = (String)cs.nextElement(); - Certificate cert = (Certificate)certs.get(certId); - boolean cAttrSet = false; - - if (keys.get(certId) != null) - { - continue; - } - - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(certId)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId)); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - - // a certificate not immediately linked to a key doesn't require - // a localKeyID and will confuse some PKCS12 implementations. - // - // If we find one, we'll prune it out. - if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) - { - continue; - } - - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - - cAttrSet = true; - } - } - - if (!cAttrSet) - { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_friendlyName); - fSeq.add(new DERSet(new DERBMPString(certId))); - - fName.add(new DERSequence(fSeq)); - } - - SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); - - certSeq.add(sBag); - - doneCerts.put(cert, cert); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - cs = chainCerts.keys(); - while (cs.hasMoreElements()) - { - try - { - CertId certId = (CertId)cs.nextElement(); - Certificate cert = (Certificate)chainCerts.get(certId); - - if (doneCerts.get(cert) != null) - { - continue; - } - - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - - // a certificate not immediately linked to a key doesn't require - // a localKeyID and will confuse some PKCS12 implementations. - // - // If we find one, we'll prune it out. - if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) - { - continue; - } - - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - } - } - - SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); - - certSeq.add(sBag); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); - byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); - EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes)); - - ContentInfo[] info = new ContentInfo[] - { - new ContentInfo(data, keyString), - new ContentInfo(encryptedData, cInfo.toASN1Primitive()) - }; - - AuthenticatedSafe auth = new AuthenticatedSafe(info); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream asn1Out; - if (useDEREncoding) - { - asn1Out = new DEROutputStream(bOut); - } - else - { - asn1Out = new BEROutputStream(bOut); - } - - asn1Out.writeObject(auth); - - byte[] pkg = bOut.toByteArray(); - - ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg)); - - // - // create the mac - // - byte[] mSalt = new byte[20]; - int itCount = MIN_ITERATIONS; - - random.nextBytes(mSalt); - - byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); - - MacData mData; - - try - { - byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); - - AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); - DigestInfo dInfo = new DigestInfo(algId, res); - - mData = new MacData(dInfo, mSalt, itCount); - } - catch (Exception e) - { - throw new IOException("error constructing MAC: " + e.toString()); - } - - // - // output the Pfx - // - Pfx pfx = new Pfx(mainInfo, mData); - - if (useDEREncoding) - { - asn1Out = new DEROutputStream(stream); - } - else - { - asn1Out = new BEROutputStream(stream); - } - - asn1Out.writeObject(pfx); - } - - private static byte[] calculatePbeMac( - ASN1ObjectIdentifier oid, - byte[] salt, - int itCount, - char[] password, - boolean wrongPkcs12Zero, - byte[] data) - throws Exception - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec); - key.setTryWrongPKCS12Zero(wrongPkcs12Zero); - - Mac mac = Mac.getInstance(oid.getId(), bcProvider); - mac.init(key, defParams); - mac.update(data); - return mac.doFinal(); - } - - public static class BCPKCS12KeyStore - extends JDKPKCS12KeyStore - { - public BCPKCS12KeyStore() - { - super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); - } - } - - // BEGIN android-removed - // public static class BCPKCS12KeyStore3DES - // extends JDKPKCS12KeyStore - // { - // public BCPKCS12KeyStore3DES() - // { - // super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - // } - // } - // - // public static class DefPKCS12KeyStore - // extends JDKPKCS12KeyStore - // { - // public DefPKCS12KeyStore() - // { - // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); - // } - // } - // - // public static class DefPKCS12KeyStore3DES - // extends JDKPKCS12KeyStore - // { - // public DefPKCS12KeyStore3DES() - // { - // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - // } - // } - // END android-removed - - private static class IgnoresCaseHashtable - { - private Hashtable orig = new Hashtable(); - private Hashtable keys = new Hashtable(); - - public void put(String key, Object value) - { - String lower = (key == null) ? null : Strings.toLowerCase(key); - String k = (String)keys.get(lower); - if (k != null) - { - orig.remove(k); - } - - keys.put(lower, key); - orig.put(key, value); - } - - public Enumeration keys() - { - return orig.keys(); - } - - public Object remove(String alias) - { - String k = (String)keys.remove(alias == null ? null : Strings.toLowerCase(alias)); - if (k == null) - { - return null; - } - - return orig.remove(k); - } - - public Object get(String alias) - { - String k = (String)keys.get(alias == null ? null : Strings.toLowerCase(alias)); - if (k == null) - { - return null; - } - - return orig.get(k); - } - - public Enumeration elements() - { - return orig.elements(); - } - } -} diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java index 865481f..7e8340a 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java @@ -5,6 +5,9 @@ import java.security.KeyStore; import java.security.KeyStore.LoadStoreParameter; import java.security.KeyStore.ProtectionParameter; +/** + * @deprecated use org.bouncycastle.jcajce.config.PKCS12StoreParameter + */ public class JDKPKCS12StoreParameter implements LoadStoreParameter { private OutputStream outputStream; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java index 415f840..769edb8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java @@ -375,35 +375,35 @@ public class RFC3280CertPathUtilities } - protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); + public static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); - protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); + public static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); - protected static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); + public static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); - protected static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); + public static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); - protected static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId(); + public static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId(); - protected static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); + public static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); - protected static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); + public static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); - protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); + public static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); - protected static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId(); + public static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId(); - protected static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); + public static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); - protected static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); + public static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); - protected static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); + public static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); - protected static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); + public static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); - protected static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); + public static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); - protected static final String ANY_POLICY = "2.5.29.32.0"; + public static final String ANY_POLICY = "2.5.29.32.0"; /* * key usage bits diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java index c984104..58281af 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECCurve.java @@ -16,8 +16,6 @@ public abstract class ECCurve public abstract ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression); - public abstract ECPoint decodePoint(byte[] encoded); - public abstract ECPoint getInfinity(); public ECFieldElement getA() @@ -30,6 +28,74 @@ public abstract class ECCurve return b; } + protected abstract ECPoint decompressPoint(int yTilde, BigInteger X1); + + /** + * Decode a point on this curve from its ASN.1 encoding. The different + * encodings are taken account of, including point compression for + * Fp (X9.62 s 4.2.1 pg 17). + * @return The decoded point. + */ + public ECPoint decodePoint(byte[] encoded) + { + ECPoint p = null; + int expectedLength = (getFieldSize() + 7) / 8; + + switch (encoded[0]) + { + case 0x00: // infinity + { + if (encoded.length != 1) + { + throw new IllegalArgumentException("Incorrect length for infinity encoding"); + } + + p = getInfinity(); + break; + } + case 0x02: // compressed + case 0x03: // compressed + { + if (encoded.length != (expectedLength + 1)) + { + throw new IllegalArgumentException("Incorrect length for compressed encoding"); + } + + int yTilde = encoded[0] & 1; + BigInteger X1 = fromArray(encoded, 1, expectedLength); + + p = decompressPoint(yTilde, X1); + break; + } + case 0x04: // uncompressed + case 0x06: // hybrid + case 0x07: // hybrid + { + if (encoded.length != (2 * expectedLength + 1)) + { + throw new IllegalArgumentException("Incorrect length for uncompressed/hybrid encoding"); + } + + BigInteger X1 = fromArray(encoded, 1, expectedLength); + BigInteger Y1 = fromArray(encoded, 1 + expectedLength, expectedLength); + + p = createPoint(X1, Y1, false); + break; + } + default: + throw new IllegalArgumentException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); + } + + return p; + } + + private static BigInteger fromArray(byte[] buf, int off, int length) + { + byte[] mag = new byte[length]; + System.arraycopy(buf, off, mag, 0, length); + return new BigInteger(1, mag); + } + /** * Elliptic curve over Fp */ @@ -66,79 +132,31 @@ public abstract class ECCurve return new ECPoint.Fp(this, fromBigInteger(x), fromBigInteger(y), withCompression); } - /** - * Decode a point on this curve from its ASN.1 encoding. The different - * encodings are taken account of, including point compression for - * Fp (X9.62 s 4.2.1 pg 17). - * @return The decoded point. - */ - public ECPoint decodePoint(byte[] encoded) + protected ECPoint decompressPoint(int yTilde, BigInteger X1) { - ECPoint p = null; + ECFieldElement x = fromBigInteger(X1); + ECFieldElement alpha = x.multiply(x.square().add(a)).add(b); + ECFieldElement beta = alpha.sqrt(); - switch (encoded[0]) + // + // if we can't find a sqrt we haven't got a point on the + // curve - run! + // + if (beta == null) { - // infinity - case 0x00: - if (encoded.length > 1) - { - throw new RuntimeException("Invalid point encoding"); - } - p = getInfinity(); - break; - // compressed - case 0x02: - case 0x03: - int ytilde = encoded[0] & 1; - byte[] i = new byte[encoded.length - 1]; - - System.arraycopy(encoded, 1, i, 0, i.length); - - ECFieldElement x = new ECFieldElement.Fp(this.q, new BigInteger(1, i)); - ECFieldElement alpha = x.multiply(x.square().add(a)).add(b); - ECFieldElement beta = alpha.sqrt(); - - // - // if we can't find a sqrt we haven't got a point on the - // curve - run! - // - if (beta == null) - { - throw new RuntimeException("Invalid point compression"); - } + throw new RuntimeException("Invalid point compression"); + } - int bit0 = (beta.toBigInteger().testBit(0) ? 1 : 0); + BigInteger betaValue = beta.toBigInteger(); + int bit0 = betaValue.testBit(0) ? 1 : 0; - if (bit0 == ytilde) - { - p = new ECPoint.Fp(this, x, beta, true); - } - else - { - p = new ECPoint.Fp(this, x, - new ECFieldElement.Fp(this.q, q.subtract(beta.toBigInteger())), true); - } - break; - // uncompressed - case 0x04: - // hybrid - case 0x06: - case 0x07: - byte[] xEnc = new byte[(encoded.length - 1) / 2]; - byte[] yEnc = new byte[(encoded.length - 1) / 2]; - - System.arraycopy(encoded, 1, xEnc, 0, xEnc.length); - System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length); - - p = new ECPoint.Fp(this, - new ECFieldElement.Fp(this.q, new BigInteger(1, xEnc)), - new ECFieldElement.Fp(this.q, new BigInteger(1, yEnc))); - break; - default: - throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); + if (bit0 != yTilde) + { + // Use the other root + beta = fromBigInteger(q.subtract(betaValue)); } - return p; + return new ECPoint.Fp(this, x, beta, true); } public ECPoint getInfinity() @@ -403,62 +421,6 @@ public abstract class ECCurve return new ECPoint.F2m(this, fromBigInteger(x), fromBigInteger(y), withCompression); } - /* (non-Javadoc) - * @see org.bouncycastle.math.ec.ECCurve#decodePoint(byte[]) - */ - public ECPoint decodePoint(byte[] encoded) - { - ECPoint p = null; - - switch (encoded[0]) - { - // infinity - case 0x00: - if (encoded.length > 1) - { - throw new RuntimeException("Invalid point encoding"); - } - p = getInfinity(); - break; - // compressed - case 0x02: - case 0x03: - byte[] enc = new byte[encoded.length - 1]; - System.arraycopy(encoded, 1, enc, 0, enc.length); - if (encoded[0] == 0x02) - { - p = decompressPoint(enc, 0); - } - else - { - p = decompressPoint(enc, 1); - } - break; - // uncompressed - case 0x04: - // hybrid - case 0x06: - case 0x07: - byte[] xEnc = new byte[(encoded.length - 1) / 2]; - byte[] yEnc = new byte[(encoded.length - 1) / 2]; - - System.arraycopy(encoded, 1, xEnc, 0, xEnc.length); - System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length); - - p = new ECPoint.F2m(this, - new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, - new BigInteger(1, xEnc)), - new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, - new BigInteger(1, yEnc)), false); - break; - - default: - throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16)); - } - - return p; - } - public ECPoint getInfinity() { return infinity; @@ -508,18 +470,15 @@ public abstract class ECCurve /** * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2). * - * @param xEnc - * The encoding of field element xp. - * @param ypBit + * @param yTilde * ~yp, an indication bit for the decompression of yp. + * @param X1 + * The field element xp. * @return the decompressed point. */ - private ECPoint decompressPoint( - byte[] xEnc, - int ypBit) + protected ECPoint decompressPoint(int yTilde, BigInteger X1) { - ECFieldElement xp = new ECFieldElement.F2m( - this.m, this.k1, this.k2, this.k3, new BigInteger(1, xEnc)); + ECFieldElement xp = fromBigInteger(X1); ECFieldElement yp = null; if (xp.toBigInteger().equals(ECConstants.ZERO)) { @@ -531,27 +490,21 @@ public abstract class ECCurve } else { - ECFieldElement beta = xp.add(a).add( - b.multiply(xp.square().invert())); + ECFieldElement beta = xp.add(a).add(b.multiply(xp.square().invert())); ECFieldElement z = solveQuadradicEquation(beta); if (z == null) { - throw new RuntimeException("Invalid point compression"); + throw new IllegalArgumentException("Invalid point compression"); } - int zBit = 0; - if (z.toBigInteger().testBit(0)) + int zBit = z.toBigInteger().testBit(0) ? 1 : 0; + if (zBit != yTilde) { - zBit = 1; - } - if (zBit != ypBit) - { - z = z.add(new ECFieldElement.F2m(this.m, this.k1, this.k2, - this.k3, ECConstants.ONE)); + z = z.add(fromBigInteger(ECConstants.ONE)); } yp = xp.multiply(z); } - - return new ECPoint.F2m(this, xp, yp); + + return new ECPoint.F2m(this, xp, yp, true); } /** diff --git a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java index b14e4c1..cbc5aaf 100644 --- a/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java +++ b/bcprov/src/main/java/org/bouncycastle/math/ec/ECPoint.java @@ -108,7 +108,12 @@ public abstract class ECPoint this.preCompInfo = preCompInfo; } - public abstract byte[] getEncoded(); + public byte[] getEncoded() + { + return getEncoded(withCompression); + } + + public abstract byte[] getEncoded(boolean compressed); public abstract ECPoint add(ECPoint b); public abstract ECPoint subtract(ECPoint b); @@ -193,7 +198,7 @@ public abstract class ECPoint /** * return the field element encoded with point compression. (S 4.3.6) */ - public byte[] getEncoded() + public byte[] getEncoded(boolean compressed) { if (this.isInfinity()) { @@ -202,7 +207,7 @@ public abstract class ECPoint int qLength = converter.getByteLength(x); - if (withCompression) + if (compressed) { byte PC; @@ -268,7 +273,7 @@ public abstract class ECPoint ECFieldElement x3 = gamma.square().subtract(this.x).subtract(b.x); ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y); - return new ECPoint.Fp(curve, x3, y3); + return new ECPoint.Fp(curve, x3, y3, withCompression); } // B.3 pg 62 @@ -374,7 +379,7 @@ public abstract class ECPoint /* (non-Javadoc) * @see org.bouncycastle.math.ec.ECPoint#getEncoded() */ - public byte[] getEncoded() + public byte[] getEncoded(boolean compressed) { if (this.isInfinity()) { @@ -385,7 +390,7 @@ public abstract class ECPoint byte[] X = converter.integerToBytes(this.getX().toBigInteger(), byteCount); byte[] PO; - if (withCompression) + if (compressed) { // See X9.62 4.3.6 and 4.2.2 PO = new byte[byteCount + 1]; diff --git a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java index d1c3111..457320e 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/Arrays.java +++ b/bcprov/src/main/java/org/bouncycastle/util/Arrays.java @@ -423,6 +423,40 @@ public final class Arrays return copy; } + public static byte[][] clone(byte[][] data) + { + if (data == null) + { + return null; + } + + byte[][] copy = new byte[data.length][]; + + for (int i = 0; i != copy.length; i++) + { + copy[i] = clone(data[i]); + } + + return copy; + } + + public static byte[][][] clone(byte[][][] data) + { + if (data == null) + { + return null; + } + + byte[][][] copy = new byte[data.length][][]; + + for (int i = 0; i != copy.length; i++) + { + copy[i] = clone(data[i]); + } + + return copy; + } + public static int[] clone(int[] data) { if (data == null) @@ -619,10 +653,84 @@ public final class Arrays int newLength = to - from; if (newLength < 0) { - StringBuffer sb = new StringBuffer(from); - sb.append(" > ").append(to); + StringBuffer sb = new StringBuffer(from); + sb.append(" > ").append(to); throw new IllegalArgumentException(sb.toString()); } return newLength; } + + public static byte[] concatenate(byte[] a, byte[] b) + { + if (a != null && b != null) + { + byte[] rv = new byte[a.length + b.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + + return rv; + } + else if (b != null) + { + return clone(b); + } + else + { + return clone(a); + } + } + + public static byte[] concatenate(byte[] a, byte[] b, byte[] c) + { + if (a != null && b != null && c != null) + { + byte[] rv = new byte[a.length + b.length + c.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + System.arraycopy(c, 0, rv, a.length + b.length, c.length); + + return rv; + } + else if (b == null) + { + return concatenate(a, c); + } + else + { + return concatenate(a, b); + } + } + + public static byte[] concatenate(byte[] a, byte[] b, byte[] c, byte[] d) + { + if (a != null && b != null && c != null && d != null) + { + byte[] rv = new byte[a.length + b.length + c.length + d.length]; + + System.arraycopy(a, 0, rv, 0, a.length); + System.arraycopy(b, 0, rv, a.length, b.length); + System.arraycopy(c, 0, rv, a.length + b.length, c.length); + System.arraycopy(d, 0, rv, a.length + b.length + c.length, d.length); + + return rv; + } + else if (d == null) + { + return concatenate(a, b, c); + } + else if (c == null) + { + return concatenate(a, b, d); + } + else if (b == null) + { + return concatenate(a, c, d); + } + else + { + return concatenate(b, c, d); + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/util/Memoable.java b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java new file mode 100644 index 0000000..0be9171 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/util/Memoable.java @@ -0,0 +1,23 @@ +package org.bouncycastle.util; + +public interface Memoable +{ + /** + * Produce a copy of this object with its configuration and in its current state. + *

+ * The returned object may be used simply to store the state, or may be used as a similar object + * starting from the copied state. + */ + public Memoable copy(); + + /** + * Restore a copied object state into this object. + *

+ * Implementations of this method should try to avoid or minimise memory allocation to perform the reset. + * + * @param other an object originally {@link #copy() copied} from an object of the same type as this instance. + * @throws ClassCastException if the provided object is not of the correct type. + * @throws MemoableResetException if the other parameter is in some other way invalid. + */ + public void reset(Memoable other); +} diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java index 742a961..8380629 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java +++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Base64.java @@ -4,10 +4,27 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; +import org.bouncycastle.util.Strings; + public class Base64 { private static final Encoder encoder = new Base64Encoder(); + public static String toBase64String( + byte[] data) + { + return toBase64String(data, 0, data.length); + } + + public static String toBase64String( + byte[] data, + int off, + int length) + { + byte[] encoded = encode(data, off, length); + return Strings.fromByteArray(encoded); + } + /** * encode the input data producing a base 64 encoded byte array. * @@ -16,12 +33,25 @@ public class Base64 public static byte[] encode( byte[] data) { - int len = (data.length + 2) / 3 * 4; + return encode(data, 0, data.length); + } + + /** + * encode the input data producing a base 64 encoded byte array. + * + * @return a byte array containing the base 64 encoded data. + */ + public static byte[] encode( + byte[] data, + int off, + int length) + { + int len = (length + 2) / 3 * 4; ByteArrayOutputStream bOut = new ByteArrayOutputStream(len); - + try { - encoder.encode(data, 0, data.length, bOut); + encoder.encode(data, off, length, bOut); } catch (Exception e) { diff --git a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java index 3d058aa..d49f1ef 100644 --- a/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java +++ b/bcprov/src/main/java/org/bouncycastle/util/encoders/Hex.java @@ -4,10 +4,27 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; +import org.bouncycastle.util.Strings; + public class Hex { private static final Encoder encoder = new HexEncoder(); + public static String toHexString( + byte[] data) + { + return toHexString(data, 0, data.length); + } + + public static String toHexString( + byte[] data, + int off, + int length) + { + byte[] encoded = encode(data, off, length); + return Strings.fromByteArray(encoded); + } + /** * encode the input data producing a Hex encoded byte array. * diff --git a/bouncycastle.config b/bouncycastle.config index 3ebc43c..338b572 100644 --- a/bouncycastle.config +++ b/bouncycastle.config @@ -4,6 +4,7 @@ org/bouncycastle/asn1/cmp \ org/bouncycastle/asn1/cms/ecc \ org/bouncycastle/asn1/crmf \ org/bouncycastle/asn1/cryptopro \ +org/bouncycastle/asn1/dvcs \ org/bouncycastle/asn1/esf \ org/bouncycastle/asn1/ess \ org/bouncycastle/asn1/gnu \ @@ -18,7 +19,10 @@ org/bouncycastle/asn1/x509/sigi \ org/bouncycastle/crypto/agreement/kdf \ org/bouncycastle/crypto/agreement/jpake \ org/bouncycastle/crypto/agreement/srp \ +org/bouncycastle/crypto/commitments \ +org/bouncycastle/crypto/ec \ org/bouncycastle/crypto/examples \ +org/bouncycastle/crypto/kems \ org/bouncycastle/crypto/prng \ org/bouncycastle/crypto/tls/ \ org/bouncycastle/i18n/ \ @@ -26,9 +30,9 @@ org/bouncycastle/jcajce/provider/asymmetric/ecgost \ org/bouncycastle/jcajce/provider/asymmetric/elgamal \ org/bouncycastle/jcajce/provider/asymmetric/dstu \ org/bouncycastle/jcajce/provider/asymmetric/gost \ +org/bouncycastle/jcajce/provider/asymmetric/ies \ org/bouncycastle/jce/examples \ org/bouncycastle/jce/provider/test \ -org/bouncycastle/math/ntru \ org/bouncycastle/ocsp \ org/bouncycastle/pqc \ org/bouncycastle/util/test \ @@ -41,6 +45,7 @@ org/bouncycastle/LICENSE.java \ org/bouncycastle/asn1/BERSequenceGenerator.java \ org/bouncycastle/asn1/DERGenerator.java \ org/bouncycastle/asn1/DERSequenceGenerator.java \ +org/bouncycastle/asn1/DERT61UTF8String.java \ org/bouncycastle/asn1/cms/AuthEnvelopedData.java \ org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java \ org/bouncycastle/asn1/cms/AuthenticatedData.java \ @@ -66,11 +71,13 @@ org/bouncycastle/asn1/cms/OriginatorInfo.java \ org/bouncycastle/asn1/cms/OriginatorPublicKey.java \ org/bouncycastle/asn1/cms/OtherKeyAttribute.java \ org/bouncycastle/asn1/cms/OtherRecipientInfo.java \ +org/bouncycastle/asn1/cms/OtherRevocationInfoFormat.java \ org/bouncycastle/asn1/cms/PasswordRecipientInfo.java \ org/bouncycastle/asn1/cms/RecipientEncryptedKey.java \ org/bouncycastle/asn1/cms/RecipientIdentifier.java \ org/bouncycastle/asn1/cms/RecipientInfo.java \ org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java \ +org/bouncycastle/asn1/cms/SCVPReqRes.java \ org/bouncycastle/asn1/cms/SignedDataParser.java \ org/bouncycastle/asn1/cms/TimeStampAndCRL.java \ org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java \ @@ -132,6 +139,7 @@ org/bouncycastle/asn1/x509/CertPolicyId.java \ org/bouncycastle/asn1/x509/CertificatePair.java \ org/bouncycastle/asn1/x509/CertificatePolicies.java \ org/bouncycastle/asn1/x509/DisplayText.java \ +org/bouncycastle/asn1/x509/GeneralNamesBuilder.java \ org/bouncycastle/asn1/x509/IetfAttrSyntax.java \ org/bouncycastle/asn1/x509/NoticeReference.java \ org/bouncycastle/asn1/x509/PolicyMappings.java \ @@ -148,27 +156,34 @@ org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java \ org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java \ org/bouncycastle/asn1/x509/X509AttributeIdentifiers.java \ org/bouncycastle/asn1/x509/package.html \ +org/bouncycastle/asn1/x9/ECNamedCurveTable.java \ org/bouncycastle/asn1/x9/KeySpecificInfo.java \ org/bouncycastle/asn1/x9/OtherInfo.java \ org/bouncycastle/asn1/x9/package.html \ org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java \ +org/bouncycastle/crypto/Commitment.java \ +org/bouncycastle/crypto/Committer.java \ org/bouncycastle/crypto/EphemeralKeyPair.java \ +org/bouncycastle/crypto/KeyEncapsulation.java \ org/bouncycastle/crypto/KeyEncoder.java \ org/bouncycastle/crypto/KeyParser.java \ org/bouncycastle/crypto/MaxBytesExceededException.java \ org/bouncycastle/crypto/agreement/DHAgreement.java \ +org/bouncycastle/crypto/agreement/DHStandardGroups.java \ org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java \ org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java \ org/bouncycastle/crypto/agreement/package.html \ org/bouncycastle/crypto/digests/GOST3411Digest.java \ org/bouncycastle/crypto/digests/MD2Digest.java \ org/bouncycastle/crypto/digests/MD4Digest.java \ +org/bouncycastle/crypto/digests/NonMemoableDigest.java \ org/bouncycastle/crypto/digests/RIPEMD128Digest.java \ org/bouncycastle/crypto/digests/RIPEMD160Digest.java \ org/bouncycastle/crypto/digests/RIPEMD256Digest.java \ org/bouncycastle/crypto/digests/RIPEMD320Digest.java \ org/bouncycastle/crypto/digests/SHA224Digest.java \ org/bouncycastle/crypto/digests/SHA3Digest.java \ +org/bouncycastle/crypto/digests/SHA512tDigest.java \ org/bouncycastle/crypto/digests/ShortenedDigest.java \ org/bouncycastle/crypto/digests/TigerDigest.java \ org/bouncycastle/crypto/digests/WhirlpoolDigest.java \ @@ -190,8 +205,6 @@ org/bouncycastle/crypto/engines/HC256Engine.java \ org/bouncycastle/crypto/engines/IDEAEngine.java \ org/bouncycastle/crypto/engines/IESEngine.java \ org/bouncycastle/crypto/engines/ISAACEngine.java \ -org/bouncycastle/crypto/engines/IndexGenerator.java \ -org/bouncycastle/crypto/engines/NTRUEngine.java \ org/bouncycastle/crypto/engines/NaccacheSternEngine.java \ org/bouncycastle/crypto/engines/NoekeonEngine.java \ org/bouncycastle/crypto/engines/NullEngine.java \ @@ -225,8 +238,6 @@ org/bouncycastle/crypto/generators/HKDFBytesGenerator.java \ org/bouncycastle/crypto/generators/KDF1BytesGenerator.java \ org/bouncycastle/crypto/generators/KDF2BytesGenerator.java \ org/bouncycastle/crypto/generators/MGF1BytesGenerator.java \ -org/bouncycastle/crypto/generators/NTRUEncryptionKeyPairGenerator.java \ -org/bouncycastle/crypto/generators/NTRUSigningKeyPairGenerator.java \ org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java \ org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java \ org/bouncycastle/crypto/generators/SCrypt.java \ @@ -237,13 +248,16 @@ org/bouncycastle/crypto/io/package.html \ org/bouncycastle/crypto/macs/BlockCipherMac.java \ org/bouncycastle/crypto/macs/CFBBlockCipherMac.java \ org/bouncycastle/crypto/macs/CMac.java \ +org/bouncycastle/crypto/macs/GMac.java \ org/bouncycastle/crypto/macs/GOST28147Mac.java \ org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java \ org/bouncycastle/crypto/macs/OldHMac.java \ +org/bouncycastle/crypto/macs/SipHash.java \ org/bouncycastle/crypto/macs/VMPCMac.java \ org/bouncycastle/crypto/macs/package.html \ org/bouncycastle/crypto/modes/EAXBlockCipher.java \ org/bouncycastle/crypto/modes/GOFBBlockCipher.java \ +org/bouncycastle/crypto/modes/OCBBlockCipher.java \ org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java \ org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java \ org/bouncycastle/crypto/modes/PaddedBlockCipher.java \ @@ -273,16 +287,6 @@ org/bouncycastle/crypto/params/KDFParameters.java \ org/bouncycastle/crypto/params/MGFParameters.java \ org/bouncycastle/crypto/params/MQVPrivateParameters.java \ org/bouncycastle/crypto/params/MQVPublicParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionKeyGenerationParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionPrivateKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUEncryptionPublicKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningKeyGenerationParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningPrivateKeyParameters.java \ -org/bouncycastle/crypto/params/NTRUSigningPublicKeyParameters.java \ org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java \ org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java \ org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java \ @@ -301,8 +305,6 @@ org/bouncycastle/crypto/signers/GOST3410Signer.java \ org/bouncycastle/crypto/signers/GenericSigner.java \ org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java \ org/bouncycastle/crypto/signers/ISO9796d2Signer.java \ -org/bouncycastle/crypto/signers/NTRUSigner.java \ -org/bouncycastle/crypto/signers/NTRUSignerPrng.java \ org/bouncycastle/crypto/signers/PSSSigner.java \ org/bouncycastle/crypto/signers/package.html \ org/bouncycastle/crypto/util/PrivateKeyInfoFactory.java \ @@ -312,10 +314,12 @@ org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.java \ org/bouncycastle/jcajce/provider/asymmetric/ECGOST.java \ org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java \ org/bouncycastle/jcajce/provider/asymmetric/GOST.java \ +org/bouncycastle/jcajce/provider/asymmetric/IES.java \ org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java \ org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java \ org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java \ org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java \ +org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.java \ org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.java \ org/bouncycastle/jcajce/provider/digest/GOST3411.java \ org/bouncycastle/jcajce/provider/digest/MD2.java \ @@ -338,21 +342,22 @@ org/bouncycastle/jcajce/provider/symmetric/HC128.java \ org/bouncycastle/jcajce/provider/symmetric/HC256.java \ org/bouncycastle/jcajce/provider/symmetric/IDEA.java \ org/bouncycastle/jcajce/provider/symmetric/Noekeon.java \ -org/bouncycastle/jcajce/provider/symmetric/RC2.java \ +org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java \ org/bouncycastle/jcajce/provider/symmetric/RC5.java \ org/bouncycastle/jcajce/provider/symmetric/RC6.java \ org/bouncycastle/jcajce/provider/symmetric/Rijndael.java \ org/bouncycastle/jcajce/provider/symmetric/SEED.java \ org/bouncycastle/jcajce/provider/symmetric/Salsa20.java \ org/bouncycastle/jcajce/provider/symmetric/Serpent.java \ +org/bouncycastle/jcajce/provider/symmetric/SipHash.java \ org/bouncycastle/jcajce/provider/symmetric/Skipjack.java \ org/bouncycastle/jcajce/provider/symmetric/TEA.java \ -org/bouncycastle/jcajce/provider/symmetric/Twofish.java \ org/bouncycastle/jcajce/provider/symmetric/VMPC.java \ org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.java \ org/bouncycastle/jcajce/provider/symmetric/XTEA.java \ org/bouncycastle/jce/ECGOST3410NamedCurveTable.java \ org/bouncycastle/jce/ECKeyUtil.java \ +org/bouncycastle/jce/ECNamedCurveTable.java \ org/bouncycastle/jce/ECPointUtil.java \ org/bouncycastle/jce/MultiCertStoreParameters.java \ org/bouncycastle/jce/PKCS12Util.java \ @@ -375,11 +380,8 @@ org/bouncycastle/jce/package.html \ org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java \ org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java \ org/bouncycastle/jce/provider/BrokenPBE.java \ -org/bouncycastle/jce/provider/ElGamalUtil.java \ -org/bouncycastle/jce/provider/GOST3410Util.java \ org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java \ org/bouncycastle/jce/provider/JCEElGamalPublicKey.java \ -org/bouncycastle/jce/provider/JCEIESCipher.java \ org/bouncycastle/jce/provider/MultiCertStoreSpi.java \ org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java \ org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java \ @@ -414,6 +416,7 @@ org/bouncycastle/jce/spec/MQVPublicKeySpec.java \ org/bouncycastle/jce/spec/package.html \ org/bouncycastle/math/ec/ReferenceMultiplier.java \ org/bouncycastle/math/ec/package.html \ +org/bouncycastle/util/MemoableResetException.java \ org/bouncycastle/util/StreamParser.java \ org/bouncycastle/util/StreamParsingException.java \ org/bouncycastle/util/encoders/BufferedDecoder.java \ @@ -452,6 +455,7 @@ org/bouncycastle/cert/selector/jcajce \ org/bouncycastle/cert/test \ org/bouncycastle/cms/bc \ org/bouncycastle/cms/test \ +org/bouncycastle/dvcs \ org/bouncycastle/eac \ org/bouncycastle/mozilla \ org/bouncycastle/openssl \ @@ -462,6 +466,7 @@ org/bouncycastle/voms \ # files UNNEEDED_BCPKIX_SOURCES+=" \ +org/bouncycastle/cert/CertRuntimeException.java \ org/bouncycastle/cert/X509ExtensionUtils.java \ org/bouncycastle/cert/X509v1CertificateBuilder.java \ org/bouncycastle/cert/X509v2AttributeCertificateBuilder.java \ @@ -549,6 +554,7 @@ org/bouncycastle/cms/RecipientInfoGenerator.java \ org/bouncycastle/cms/RecipientInformation.java \ org/bouncycastle/cms/RecipientInformationStore.java \ org/bouncycastle/cms/RecipientOperator.java \ +org/bouncycastle/cms/SignerInformationVerifierProvider.java \ org/bouncycastle/cms/jcajce/CMSUtils.java \ org/bouncycastle/cms/jcajce/DefaultJcaJceExtHelper.java \ org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java \ @@ -585,6 +591,7 @@ org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java \ org/bouncycastle/cms/package.html \ org/bouncycastle/operator/AsymmetricKeyUnwrapper.java \ org/bouncycastle/operator/AsymmetricKeyWrapper.java \ +org/bouncycastle/operator/DefaultSecretKeyProvider.java \ org/bouncycastle/operator/GenericKey.java \ org/bouncycastle/operator/InputDecryptor.java \ org/bouncycastle/operator/InputDecryptorProvider.java \ @@ -596,6 +603,7 @@ org/bouncycastle/operator/MacCalculator.java \ org/bouncycastle/operator/MacCalculatorProvider.java \ org/bouncycastle/operator/OutputCompressor.java \ org/bouncycastle/operator/OutputEncryptor.java \ +org/bouncycastle/operator/SecretKeySizeProvider.java \ org/bouncycastle/operator/SymmetricKeyUnwrapper.java \ org/bouncycastle/operator/SymmetricKeyWrapper.java \ org/bouncycastle/operator/bc/AESUtil.java \ diff --git a/bouncycastle.version b/bouncycastle.version index 1482783..89e1ea4 100644 --- a/bouncycastle.version +++ b/bouncycastle.version @@ -1,2 +1,2 @@ BOUNCYCASTLE_JDK=15on -BOUNCYCASTLE_VERSION=148 +BOUNCYCASTLE_VERSION=149 diff --git a/patches/bcpkix.patch b/patches/bcpkix.patch index 77cee43..78354bd 100644 --- a/patches/bcpkix.patch +++ b/patches/bcpkix.patch @@ -1,29 +1,508 @@ -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedGenerator.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedGenerator.java 2013-01-31 02:26:40.000000000 +0000 -@@ -22,7 +22,9 @@ +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedData.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedData.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedData.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedData.java 2013-05-25 02:14:15.000000000 +0000 +@@ -25,7 +25,9 @@ + import org.bouncycastle.asn1.cms.ContentInfo; + import org.bouncycastle.asn1.cms.SignedData; + import org.bouncycastle.asn1.cms.SignerInfo; +-import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; ++// BEGIN android-removed ++// import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; ++// END android-removed + import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; + import org.bouncycastle.operator.OperatorCreationException; + import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; +@@ -309,147 +311,149 @@ + return attributeStore; + } + +- /** +- * return a X509Store containing the public key certificates, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider name of provider to use +- * @return a store of public key certificates +- * @exception NoSuchProviderException if the provider requested isn't available. +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCertificates( +- String type, +- String provider) +- throws NoSuchStoreException, NoSuchProviderException, CMSException +- { +- return getCertificates(type, CMSUtils.getProvider(provider)); +- } +- +- /** +- * return a X509Store containing the public key certificates, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider provider to use +- * @return a store of public key certificates +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCertificates( +- String type, +- Provider provider) +- throws NoSuchStoreException, CMSException +- { +- if (certificateStore == null) +- { +- certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); +- } +- +- return certificateStore; +- } +- +- /** +- * return a X509Store containing CRLs, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider name of provider to use +- * @return a store of CRLs +- * @exception NoSuchProviderException if the provider requested isn't available. +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCRLs( +- String type, +- String provider) +- throws NoSuchStoreException, NoSuchProviderException, CMSException +- { +- return getCRLs(type, CMSUtils.getProvider(provider)); +- } +- +- /** +- * return a X509Store containing CRLs, if any, contained +- * in this message. +- * +- * @param type type of store to create +- * @param provider provider to use +- * @return a store of CRLs +- * @exception NoSuchStoreException if the store type isn't available. +- * @exception CMSException if a general exception prevents creation of the X509Store +- * @deprecated use base Store returning method +- */ +- public X509Store getCRLs( +- String type, +- Provider provider) +- throws NoSuchStoreException, CMSException +- { +- if (crlStore == null) +- { +- crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); +- } +- +- return crlStore; +- } +- +- /** +- * return a CertStore containing the certificates and CRLs associated with +- * this message. +- * +- * @exception NoSuchProviderException if the provider requested isn't available. +- * @exception NoSuchAlgorithmException if the cert store isn't available. +- * @exception CMSException if a general exception prevents creation of the CertStore +- * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder +- */ +- public CertStore getCertificatesAndCRLs( +- String type, +- String provider) +- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException +- { +- return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); +- } +- +- /** +- * return a CertStore containing the certificates and CRLs associated with +- * this message. +- * +- * @exception NoSuchAlgorithmException if the cert store isn't available. +- * @exception CMSException if a general exception prevents creation of the CertStore +- * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder +- */ +- public CertStore getCertificatesAndCRLs( +- String type, +- Provider provider) +- throws NoSuchAlgorithmException, CMSException +- { +- try +- { +- JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); +- +- if (provider != null) +- { +- certStoreBuilder.setProvider(provider); +- } +- +- certStoreBuilder.addCertificates(this.getCertificates()); +- certStoreBuilder.addCRLs(this.getCRLs()); +- +- return certStoreBuilder.build(); +- } +- catch (NoSuchAlgorithmException e) +- { +- throw e; +- } +- catch (Exception e) +- { +- throw new CMSException("exception creating CertStore: " + e.getMessage(), e); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * return a X509Store containing the public key certificates, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider name of provider to use ++ // * @return a store of public key certificates ++ // * @exception NoSuchProviderException if the provider requested isn't available. ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCertificates( ++ // String type, ++ // String provider) ++ // throws NoSuchStoreException, NoSuchProviderException, CMSException ++ // { ++ // return getCertificates(type, CMSUtils.getProvider(provider)); ++ // } ++ // ++ // /** ++ // * return a X509Store containing the public key certificates, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider provider to use ++ // * @return a store of public key certificates ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCertificates( ++ // String type, ++ // Provider provider) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // if (certificateStore == null) ++ // { ++ // certificateStore = HELPER.createCertificateStore(type, provider, this.getCertificates()); ++ // } ++ // ++ // return certificateStore; ++ // } ++ // ++ // /** ++ // * return a X509Store containing CRLs, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider name of provider to use ++ // * @return a store of CRLs ++ // * @exception NoSuchProviderException if the provider requested isn't available. ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCRLs( ++ // String type, ++ // String provider) ++ // throws NoSuchStoreException, NoSuchProviderException, CMSException ++ // { ++ // return getCRLs(type, CMSUtils.getProvider(provider)); ++ // } ++ // ++ // /** ++ // * return a X509Store containing CRLs, if any, contained ++ // * in this message. ++ // * ++ // * @param type type of store to create ++ // * @param provider provider to use ++ // * @return a store of CRLs ++ // * @exception NoSuchStoreException if the store type isn't available. ++ // * @exception CMSException if a general exception prevents creation of the X509Store ++ // * @deprecated use base Store returning method ++ // */ ++ // public X509Store getCRLs( ++ // String type, ++ // Provider provider) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // if (crlStore == null) ++ // { ++ // crlStore = HELPER.createCRLsStore(type, provider, getCRLs()); ++ // } ++ // ++ // return crlStore; ++ // } ++ // ++ // /** ++ // * return a CertStore containing the certificates and CRLs associated with ++ // * this message. ++ // * ++ // * @exception NoSuchProviderException if the provider requested isn't available. ++ // * @exception NoSuchAlgorithmException if the cert store isn't available. ++ // * @exception CMSException if a general exception prevents creation of the CertStore ++ // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder ++ // */ ++ // public CertStore getCertificatesAndCRLs( ++ // String type, ++ // String provider) ++ // throws NoSuchAlgorithmException, NoSuchProviderException, CMSException ++ // { ++ // return getCertificatesAndCRLs(type, CMSUtils.getProvider(provider)); ++ // } ++ // ++ // /** ++ // * return a CertStore containing the certificates and CRLs associated with ++ // * this message. ++ // * ++ // * @exception NoSuchAlgorithmException if the cert store isn't available. ++ // * @exception CMSException if a general exception prevents creation of the CertStore ++ // * @deprecated use base Store returning method and org.bouncycastle.cert.jcajce.JcaCertStoreBuilder ++ // */ ++ // public CertStore getCertificatesAndCRLs( ++ // String type, ++ // Provider provider) ++ // throws NoSuchAlgorithmException, CMSException ++ // { ++ // try ++ // { ++ // JcaCertStoreBuilder certStoreBuilder = new JcaCertStoreBuilder().setType(type); ++ // ++ // if (provider != null) ++ // { ++ // certStoreBuilder.setProvider(provider); ++ // } ++ // ++ // certStoreBuilder.addCertificates(this.getCertificates()); ++ // certStoreBuilder.addCRLs(this.getCRLs()); ++ // ++ // return certStoreBuilder.build(); ++ // } ++ // catch (NoSuchAlgorithmException e) ++ // { ++ // throw e; ++ // } ++ // catch (Exception e) ++ // { ++ // throw new CMSException("exception creating CertStore: " + e.getMessage(), e); ++ // } ++ // } ++ // END android-removed + + /** + * Return any X.509 certificate objects in this SignedData structure as a Store of X509CertificateHolder objects. +@@ -481,18 +485,20 @@ + return HELPER.getAttributeCertificates(signedData.getCertificates()); + } + +- /** +- * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in +- * this SignedData structure. +- * +- * @param otherRevocationInfoFormat OID of the format type been looked for. +- * +- * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. +- */ +- public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) +- { +- return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); +- } ++ // BEGIN android-removed ++ // /** ++ // * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in ++ // * this SignedData structure. ++ // * ++ // * @param otherRevocationInfoFormat OID of the format type been looked for. ++ // * ++ // * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found. ++ // */ ++ // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat) ++ // { ++ // return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs()); ++ // } ++ // END android-removed + + /** + * Return the a string representation of the OID associated with the +@@ -536,71 +542,73 @@ + return contentInfo.getEncoded(); + } + +- /** +- * Verify all the SignerInformation objects and their associated counter signatures attached +- * to this CMS SignedData object. +- * +- * @param verifierProvider a provider of SignerInformationVerifier objects. +- * @return true if all verify, false otherwise. +- * @throws CMSException if an exception occurs during the verification process. +- */ +- public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) +- throws CMSException +- { +- return verifySignatures(verifierProvider, false); +- } +- +- /** +- * Verify all the SignerInformation objects and optionally their associated counter signatures attached +- * to this CMS SignedData object. +- * +- * @param verifierProvider a provider of SignerInformationVerifier objects. +- * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. +- * @return true if all verify, false otherwise. +- * @throws CMSException if an exception occurs during the verification process. +- */ +- public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) +- throws CMSException +- { +- Collection signers = this.getSignerInfos().getSigners(); +- +- for (Iterator it = signers.iterator(); it.hasNext();) +- { +- SignerInformation signer = (SignerInformation)it.next(); +- +- try +- { +- SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); +- +- if (!signer.verify(verifier)) +- { +- return false; +- } +- +- if (!ignoreCounterSignatures) +- { +- Collection counterSigners = signer.getCounterSignatures().getSigners(); +- +- for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) +- { +- SignerInformation counterSigner = (SignerInformation)cIt.next(); +- SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); +- +- if (!counterSigner.verify(counterVerifier)) +- { +- return false; +- } +- } +- } +- } +- catch (OperatorCreationException e) +- { +- throw new CMSException("failure in verifier provider: " + e.getMessage(), e); +- } +- } +- +- return true; +- } ++ // BEGIN android-removed ++ // /** ++ // * Verify all the SignerInformation objects and their associated counter signatures attached ++ // * to this CMS SignedData object. ++ // * ++ // * @param verifierProvider a provider of SignerInformationVerifier objects. ++ // * @return true if all verify, false otherwise. ++ // * @throws CMSException if an exception occurs during the verification process. ++ // */ ++ // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider) ++ // throws CMSException ++ // { ++ // return verifySignatures(verifierProvider, false); ++ // } ++ // ++ // /** ++ // * Verify all the SignerInformation objects and optionally their associated counter signatures attached ++ // * to this CMS SignedData object. ++ // * ++ // * @param verifierProvider a provider of SignerInformationVerifier objects. ++ // * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well. ++ // * @return true if all verify, false otherwise. ++ // * @throws CMSException if an exception occurs during the verification process. ++ // */ ++ // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures) ++ // throws CMSException ++ // { ++ // Collection signers = this.getSignerInfos().getSigners(); ++ // ++ // for (Iterator it = signers.iterator(); it.hasNext();) ++ // { ++ // SignerInformation signer = (SignerInformation)it.next(); ++ // ++ // try ++ // { ++ // SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); ++ // ++ // if (!signer.verify(verifier)) ++ // { ++ // return false; ++ // } ++ // ++ // if (!ignoreCounterSignatures) ++ // { ++ // Collection counterSigners = signer.getCounterSignatures().getSigners(); ++ // ++ // for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) ++ // { ++ // SignerInformation counterSigner = (SignerInformation)cIt.next(); ++ // SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); ++ // ++ // if (!counterSigner.verify(counterVerifier)) ++ // { ++ // return false; ++ // } ++ // } ++ // } ++ // } ++ // catch (OperatorCreationException e) ++ // { ++ // throw new CMSException("failure in verifier provider: " + e.getMessage(), e); ++ // } ++ // } ++ // ++ // return true; ++ // } ++ // END android-removed + + /** + * Replace the SignerInformation store associated with this +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedGenerator.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedGenerator.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedGenerator.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedGenerator.java 2013-05-25 02:14:15.000000000 +0000 +@@ -23,8 +23,10 @@ import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.AttributeTable; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; +-import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed ++// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -@@ -30,7 +32,9 @@ - import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import org.bouncycastle.asn1.x509.AttributeCertificate; - import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +@@ -35,7 +37,9 @@ + import org.bouncycastle.cert.X509AttributeCertificateHolder; + import org.bouncycastle.cert.X509CRLHolder; + import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; +// BEGIN android-removed +// import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; +// END android-removed + import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Store; import org.bouncycastle.x509.X509AttributeCertificate; - import org.bouncycastle.x509.X509Store; -@@ -43,25 +47,33 @@ +@@ -49,25 +53,33 @@ public static final String DATA = CMSObjectIdentifiers.data.getId(); public static final String DIGEST_SHA1 = OIWObjectIdentifiers.idSHA1.getId(); @@ -65,7 +544,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java private static final String ENCRYPTION_ECDSA_WITH_SHA256 = X9ObjectIdentifiers.ecdsa_with_SHA256.getId(); private static final String ENCRYPTION_ECDSA_WITH_SHA384 = X9ObjectIdentifiers.ecdsa_with_SHA384.getId(); private static final String ENCRYPTION_ECDSA_WITH_SHA512 = X9ObjectIdentifiers.ecdsa_with_SHA512.getId(); -@@ -74,13 +86,17 @@ +@@ -80,13 +92,17 @@ NO_PARAMS.add(ENCRYPTION_DSA); NO_PARAMS.add(ENCRYPTION_ECDSA); NO_PARAMS.add(ENCRYPTION_ECDSA_WITH_SHA1); @@ -85,7 +564,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java EC_ALGORITHMS.put(DIGEST_SHA256, ENCRYPTION_ECDSA_WITH_SHA256); EC_ALGORITHMS.put(DIGEST_SHA384, ENCRYPTION_ECDSA_WITH_SHA384); EC_ALGORITHMS.put(DIGEST_SHA512, ENCRYPTION_ECDSA_WITH_SHA512); -@@ -138,14 +154,16 @@ +@@ -144,14 +160,16 @@ throw new IllegalArgumentException("can't mix ECDSA with anything but SHA family digests"); } } @@ -110,21 +589,95 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedGenerator.java return encOID; } -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedHelper.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/CMSSignedHelper.java 2013-01-31 02:26:40.000000000 +0000 -@@ -23,7 +23,9 @@ +@@ -270,31 +288,33 @@ + certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore)); + } + +- /** +- * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. +- * +- * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. +- * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. +- */ +- public void addOtherRevocationInfo( +- ASN1ObjectIdentifier otherRevocationInfoFormat, +- ASN1Encodable otherRevocationInfo) +- { +- crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); +- } +- +- /** +- * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. +- * +- * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. +- * @param otherRevocationInfos a Store of otherRevocationInfo data to add. +- */ +- public void addOtherRevocationInfo( +- ASN1ObjectIdentifier otherRevocationInfoFormat, +- Store otherRevocationInfos) +- { +- crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); +- } ++ // BEGIN android-removed ++ // /** ++ // * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message. ++ // * ++ // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. ++ // * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure. ++ // */ ++ // public void addOtherRevocationInfo( ++ // ASN1ObjectIdentifier otherRevocationInfoFormat, ++ // ASN1Encodable otherRevocationInfo) ++ // { ++ // crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo))); ++ // } ++ // ++ // /** ++ // * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message. ++ // * ++ // * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data. ++ // * @param otherRevocationInfos a Store of otherRevocationInfo data to add. ++ // */ ++ // public void addOtherRevocationInfo( ++ // ASN1ObjectIdentifier otherRevocationInfoFormat, ++ // Store otherRevocationInfos) ++ // { ++ // crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos)); ++ // } ++ // END android-removed + + /** + * Add the attribute certificates contained in the passed in store to the +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedHelper.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedHelper.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSSignedHelper.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSSignedHelper.java 2013-05-25 02:14:15.000000000 +0000 +@@ -19,8 +19,10 @@ import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERNull; +-import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed ++// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.eac.EACObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -@@ -53,31 +55,43 @@ +@@ -35,8 +37,10 @@ + import org.bouncycastle.cert.X509AttributeCertificateHolder; + import org.bouncycastle.cert.X509CRLHolder; + import org.bouncycastle.cert.X509CertificateHolder; +-import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; +-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; ++// BEGIN android-removed ++// import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; ++// import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; ++// END android-removed + import org.bouncycastle.util.CollectionStore; + import org.bouncycastle.util.Store; + import org.bouncycastle.x509.NoSuchStoreException; +@@ -60,31 +64,43 @@ static { @@ -176,7 +729,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java bcp addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256", "ECDSA"); addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384", "ECDSA"); addEntries(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512", "ECDSA"); -@@ -90,30 +104,38 @@ +@@ -97,30 +113,38 @@ encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA"); encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA"); encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA"); @@ -232,9 +785,276 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/CMSSignedHelper.java bcp digestAliases.put("SHA256", new String[] { "SHA-256" }); digestAliases.put("SHA384", new String[] { "SHA-384" }); digestAliases.put("SHA512", new String[] { "SHA-512" }); -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2012-09-17 23:04:47.000000000 +0000 +@@ -190,65 +214,67 @@ + } + } + +- X509Store createCertificateStore( +- String type, +- Provider provider, +- Store certStore) +- throws NoSuchStoreException, CMSException +- { +- try +- { +- JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); +- Collection certHldrs = certStore.getMatches(null); +- List certs = new ArrayList(certHldrs.size()); +- +- for (Iterator it = certHldrs.iterator(); it.hasNext();) +- { +- certs.add(converter.getCertificate((X509CertificateHolder)it.next())); +- } +- +- return X509Store.getInstance( +- "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); +- } +- catch (IllegalArgumentException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- catch (CertificateException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- } +- +- X509Store createCRLsStore( +- String type, +- Provider provider, +- Store crlStore) +- throws NoSuchStoreException, CMSException +- { +- try +- { +- JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); +- Collection crlHldrs = crlStore.getMatches(null); +- List crls = new ArrayList(crlHldrs.size()); +- +- for (Iterator it = crlHldrs.iterator(); it.hasNext();) +- { +- crls.add(converter.getCRL((X509CRLHolder)it.next())); +- } +- +- return X509Store.getInstance( +- "CRL/" +type, new X509CollectionStoreParameters(crls), provider); +- } +- catch (IllegalArgumentException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- catch (CRLException e) +- { +- throw new CMSException("can't setup the X509Store", e); +- } +- } ++ // BEGIN android-removed ++ // X509Store createCertificateStore( ++ // String type, ++ // Provider provider, ++ // Store certStore) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // try ++ // { ++ // JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(provider); ++ // Collection certHldrs = certStore.getMatches(null); ++ // List certs = new ArrayList(certHldrs.size()); ++ // ++ // for (Iterator it = certHldrs.iterator(); it.hasNext();) ++ // { ++ // certs.add(converter.getCertificate((X509CertificateHolder)it.next())); ++ // } ++ // ++ // return X509Store.getInstance( ++ // "Certificate/" +type, new X509CollectionStoreParameters(certs), provider); ++ // } ++ // catch (IllegalArgumentException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // catch (CertificateException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // } ++ // ++ // X509Store createCRLsStore( ++ // String type, ++ // Provider provider, ++ // Store crlStore) ++ // throws NoSuchStoreException, CMSException ++ // { ++ // try ++ // { ++ // JcaX509CRLConverter converter = new JcaX509CRLConverter().setProvider(provider); ++ // Collection crlHldrs = crlStore.getMatches(null); ++ // List crls = new ArrayList(crlHldrs.size()); ++ // ++ // for (Iterator it = crlHldrs.iterator(); it.hasNext();) ++ // { ++ // crls.add(converter.getCRL((X509CRLHolder)it.next())); ++ // } ++ // ++ // return X509Store.getInstance( ++ // "CRL/" +type, new X509CollectionStoreParameters(crls), provider); ++ // } ++ // catch (IllegalArgumentException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // catch (CRLException e) ++ // { ++ // throw new CMSException("can't setup the X509Store", e); ++ // } ++ // } ++ // END android-removed + + AlgorithmIdentifier fixAlgID(AlgorithmIdentifier algId) + { +@@ -336,35 +362,35 @@ + return new CollectionStore(new ArrayList()); + } + +- Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) +- { +- if (crlSet != null) +- { +- List crlList = new ArrayList(crlSet.size()); +- +- for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) +- { +- ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); +- +- if (obj instanceof ASN1TaggedObject) +- { +- ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); +- +- if (tObj.getTagNo() == 1) +- { +- OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); +- +- if (otherRevocationInfoFormat.equals(other.getInfoFormat())) +- { +- crlList.add(other.getInfo()); +- } +- } +- } +- } +- +- return new CollectionStore(crlList); +- } +- +- return new CollectionStore(new ArrayList()); +- } ++ // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet) ++ // { ++ // if (crlSet != null) ++ // { ++ // List crlList = new ArrayList(crlSet.size()); ++ // ++ // for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();) ++ // { ++ // ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive(); ++ // ++ // if (obj instanceof ASN1TaggedObject) ++ // { ++ // ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj); ++ // ++ // if (tObj.getTagNo() == 1) ++ // { ++ // OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false); ++ // ++ // if (otherRevocationInfoFormat.equals(other.getInfoFormat())) ++ // { ++ // crlList.add(other.getInfo()); ++ // } ++ // } ++ // } ++ // } ++ // ++ // return new CollectionStore(crlList); ++ // } ++ // ++ // return new CollectionStore(new ArrayList()); ++ // } + } +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSUtils.java bcpkix-jdk15on-149/org/bouncycastle/cms/CMSUtils.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/CMSUtils.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/CMSUtils.java 2013-05-25 02:14:15.000000000 +0000 +@@ -30,9 +30,11 @@ + import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; + import org.bouncycastle.asn1.cms.ContentInfo; + import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +-import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; +-import org.bouncycastle.asn1.ocsp.OCSPResponse; +-import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat; ++// import org.bouncycastle.asn1.ocsp.OCSPResponse; ++// import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; ++// END android-removed + import org.bouncycastle.asn1.x509.Certificate; + import org.bouncycastle.asn1.x509.CertificateList; + import org.bouncycastle.asn1.x509.TBSCertificate; +@@ -189,29 +191,31 @@ + } + } + +- static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) +- { +- List others = new ArrayList(); +- +- for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) +- { +- ASN1Encodable info = (ASN1Encodable)it.next(); +- +- if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) +- { +- OCSPResponse resp = OCSPResponse.getInstance(info); +- +- if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) +- { +- throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); +- } +- } +- +- others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); +- } +- +- return others; +- } ++ // BEGIN android-removed ++ // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos) ++ // { ++ // List others = new ArrayList(); ++ // ++ // for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();) ++ // { ++ // ASN1Encodable info = (ASN1Encodable)it.next(); ++ // ++ // if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(otherRevocationInfoFormat)) ++ // { ++ // OCSPResponse resp = OCSPResponse.getInstance(info); ++ // ++ // if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL) ++ // { ++ // throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); ++ // } ++ // } ++ // ++ // others.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, info))); ++ // } ++ // ++ // return others; ++ // } ++ // END android-removed + + static ASN1Set createBerSetFromList(List derObjects) + { +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java 2012-09-17 23:04:47.000000000 +0000 @@ -4,7 +4,9 @@ import java.util.Map; @@ -346,9 +1166,9 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgor } /** -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java 2012-09-17 23:04:47.000000000 +0000 @@ -16,21 +16,29 @@ static @@ -387,9 +1207,9 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/cms/DefaultCMSSignatureEncry } public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm) -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 @@ -5,7 +5,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; @@ -494,9 +1314,9 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultDigestAlgori } public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId) -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java 2013-01-31 02:26:40.000000000 +0000 @@ -9,7 +9,9 @@ import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; @@ -696,11 +1516,12 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/DefaultSignatureAlg } private static AlgorithmIdentifier generate(String signatureAlgorithm) -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java bcpkix-jdk15on-148/org/bouncycastle/operator/bc/BcUtil.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/bc/BcUtil.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1,21 +1,29 @@ - package org.bouncycastle.operator.bc; +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java bcpkix-jdk15on-149/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java 2013-05-25 02:14:15.000000000 +0000 +@@ -4,22 +4,30 @@ + import java.util.HashMap; + import java.util.Map; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed @@ -711,7 +1532,7 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java bcpk import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import org.bouncycastle.crypto.Digest; + import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.digests.GOST3411Digest; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD4Digest; @@ -737,83 +1558,125 @@ diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/bc/BcUtil.java bcpk import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.digests.SHA384Digest; import org.bouncycastle.crypto.digests.SHA512Digest; -@@ -32,10 +40,12 @@ - { - dig = new SHA1Digest(); - } -- else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224)) +@@ -41,13 +49,15 @@ + return new SHA1Digest(); + } + }); +- table.put(NISTObjectIdentifiers.id_sha224, new BcDigestProvider() - { -- dig = new SHA224Digest(); -- } +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new SHA224Digest(); +- } +- }); + // BEGIN android-removed -+ // else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha224)) ++ // table.put(NISTObjectIdentifiers.id_sha224, new BcDigestProvider() + // { -+ // dig = new SHA224Digest(); -+ // } ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new SHA224Digest(); ++ // } ++ // }); + // END android-removed - else if (digAlg.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256)) + table.put(NISTObjectIdentifiers.id_sha256, new BcDigestProvider() { - dig = new SHA256Digest(); -@@ -52,30 +62,32 @@ - { - dig = new MD5Digest(); - } -- else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md4)) + public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +@@ -76,48 +86,50 @@ + return new MD5Digest(); + } + }); +- table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider() - { -- dig = new MD4Digest(); -- } -- else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md2)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new MD4Digest(); +- } +- }); +- table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider() - { -- dig = new MD2Digest(); -- } -- else if (digAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new MD2Digest(); +- } +- }); +- table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider() - { -- dig = new GOST3411Digest(); -- } -- else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd128)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new GOST3411Digest(); +- } +- }); +- table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider() - { -- dig = new RIPEMD128Digest(); -- } -- else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd160)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new RIPEMD128Digest(); +- } +- }); +- table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider() - { -- dig = new RIPEMD160Digest(); -- } -- else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd256)) +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new RIPEMD160Digest(); +- } +- }); +- table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider() - { -- dig = new RIPEMD256Digest(); -- } +- public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) +- { +- return new RIPEMD256Digest(); +- } +- }); + // BEGIN android-removed -+ // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md4)) ++ // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider() + // { -+ // dig = new MD4Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(PKCSObjectIdentifiers.md2)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new MD4Digest(); ++ // } ++ // }); ++ // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider() + // { -+ // dig = new MD2Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new MD2Digest(); ++ // } ++ // }); ++ // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider() + // { -+ // dig = new GOST3411Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd128)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new GOST3411Digest(); ++ // } ++ // }); ++ // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider() + // { -+ // dig = new RIPEMD128Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd160)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new RIPEMD128Digest(); ++ // } ++ // }); ++ // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider() + // { -+ // dig = new RIPEMD160Digest(); -+ // } -+ // else if (digAlg.getAlgorithm().equals(TeleTrusTObjectIdentifiers.ripemd256)) ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new RIPEMD160Digest(); ++ // } ++ // }); ++ // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider() + // { -+ // dig = new RIPEMD256Digest(); -+ // } ++ // public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier) ++ // { ++ // return new RIPEMD256Digest(); ++ // } ++ // }); + // END android-removed - else - { - throw new OperatorCreationException("cannot recognise digest"); -diff -Naur bcpkix-jdk15on-148.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java bcpkix-jdk15on-148/org/bouncycastle/operator/jcajce/OperatorHelper.java ---- bcpkix-jdk15on-148.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-02-08 17:54:18.000000000 +0000 -+++ bcpkix-jdk15on-148/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-01-31 02:26:40.000000000 +0000 + + return Collections.unmodifiableMap(table); + } +diff -Naur bcpkix-jdk15on-149.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java bcpkix-jdk15on-149/org/bouncycastle/operator/jcajce/OperatorHelper.java +--- bcpkix-jdk15on-149.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-05-31 21:17:22.000000000 +0000 ++++ bcpkix-jdk15on-149/org/bouncycastle/operator/jcajce/OperatorHelper.java 2013-01-31 02:26:40.000000000 +0000 @@ -20,7 +20,9 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 348f17b..744a5a4 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -1,6 +1,6 @@ -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-148/org/bouncycastle/asn1/ASN1Null.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/ASN1Null.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-149/org/bouncycastle/asn1/ASN1Null.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/ASN1Null.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/ASN1Null.java 2013-01-31 02:26:40.000000000 +0000 @@ -11,9 +11,11 @@ /** * @deprecated use DERNull.INSTANCE @@ -14,9 +14,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jd public static ASN1Null getInstance(Object o) { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERBoolean.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERBoolean.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERBoolean.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERBoolean.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERBoolean.java 2013-05-25 02:14:15.000000000 +0000 @@ -10,7 +10,9 @@ private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff }; private static final byte[] FALSE_VALUE = new byte[] { 0 }; @@ -69,9 +69,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERBoolean.java bcprov- { this.value = (value) ? TRUE_VALUE : FALSE_VALUE; } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERNull.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERNull.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERNull.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERNull.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERNull.java 2013-01-31 02:26:40.000000000 +0000 @@ -15,7 +15,9 @@ /** * @deprecated use DERNull.INSTANCE @@ -83,9 +83,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk { } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERObjectIdentifier.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERObjectIdentifier.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-05-25 02:14:15.000000000 +0000 @@ -144,7 +144,13 @@ } } @@ -101,7 +101,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.jav this.body = Arrays.clone(bytes); } -@@ -156,7 +162,13 @@ +@@ -160,7 +166,13 @@ throw new IllegalArgumentException("string " + identifier + " not an OID"); } @@ -115,10 +115,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERObjectIdentifier.jav + // END android-changed } - public String getId() -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERPrintableString.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERPrintableString.java 2013-01-31 02:26:40.000000000 +0000 + DERObjectIdentifier(DERObjectIdentifier oid, String branchID) +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERPrintableString.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERPrintableString.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERPrintableString.java 2013-01-31 02:26:40.000000000 +0000 @@ -12,7 +12,9 @@ extends ASN1Primitive implements ASN1String @@ -130,31 +130,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERPrintableString.java /** * return a printable string from the passed in object. -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERT61String.java bcprov-jdk15on-148/org/bouncycastle/asn1/DERT61String.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/DERT61String.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/DERT61String.java 2013-01-31 02:26:40.000000000 +0000 -@@ -82,12 +82,16 @@ - public DERT61String( - String string) - { -- this.string = Strings.toUTF8ByteArray(string); -+ // BEGIN android-changed -+ this.string = Strings.toByteArray(string); -+ // END android-changed - } - - public String getString() - { -- return Strings.fromUTF8ByteArray(string); -+ // BEGIN android-changed -+ return Strings.fromByteArray(string); -+ // END android-changed - } - - public String toString() -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-148/org/bouncycastle/asn1/cms/ContentInfo.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/cms/ContentInfo.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-149/org/bouncycastle/asn1/cms/ContentInfo.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/cms/ContentInfo.java 2013-05-25 02:14:15.000000000 +0000 @@ -12,7 +12,9 @@ public class ContentInfo @@ -166,9 +144,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/cms/ContentInfo.java bc { private ASN1ObjectIdentifier contentType; private ASN1Encodable content; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-148/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-149/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-01-31 02:26:40.000000000 +0000 @@ -10,8 +10,10 @@ // static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1"); @@ -224,9 +202,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifi static final ASN1ObjectIdentifier id_hmacWithSHA256 = digestAlgorithm.branch("9"); static final ASN1ObjectIdentifier id_hmacWithSHA384 = digestAlgorithm.branch("10"); static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11"); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-05-25 02:14:15.000000000 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -260,9 +238,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdenti byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-01-31 02:26:40.000000000 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEROctetString; @@ -285,9 +263,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifi byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509Name.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509Name.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509Name.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509Name.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509Name.java 2013-05-25 02:14:15.000000000 +0000 @@ -255,8 +255,10 @@ */ public static final Hashtable SymbolLookUp = DefaultLookUp; @@ -301,7 +279,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcpr static { -@@ -445,7 +447,9 @@ +@@ -446,7 +448,9 @@ throw new IllegalArgumentException("cannot encode value"); } } @@ -312,10 +290,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509Name.java bcpr } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509NameTokenizer.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-01-31 02:26:40.000000000 +0000 -@@ -96,6 +96,17 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509NameTokenizer.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-05-25 02:14:15.000000000 +0000 +@@ -78,6 +78,17 @@ } else { @@ -333,9 +311,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/asn1/x509/X509NameTokenizer. buf.append(c); } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2012-09-17 23:04:47.000000000 +0000 @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -415,9 +393,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + return FACTORY.getSHA512(); + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 2012-09-17 23:04:47.000000000 +0000 @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -456,9 +434,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + return new SHA512Digest(); + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 2012-09-17 23:04:47.000000000 +0000 @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -487,9 +465,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + public Digest getSHA384(); + public Digest getSHA512(); +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 2012-09-17 23:04:47.000000000 +0000 @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2012 The Android Open Source Project @@ -528,9 +506,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/AndroidDigest + return new OpenSSLDigest.SHA512(); + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-148/org/bouncycastle/crypto/digests/OpenSSLDigest.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2013-04-24 05:37:59.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/OpenSSLDigest.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2013-04-24 05:37:59.000000000 +0000 @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2008 The Android Open Source Project @@ -691,10 +669,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/digests/OpenSSLDigest + public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); } + } +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/OAEPEncoding.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2012-09-17 23:04:47.000000000 +0000 -@@ -4,7 +4,9 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/OAEPEncoding.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-05-25 02:14:15.000000000 +0000 +@@ -6,7 +6,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; @@ -704,8 +682,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncodin +// END android-changed import org.bouncycastle.crypto.params.ParametersWithRandom; - import java.security.SecureRandom; -@@ -26,7 +28,9 @@ + /** +@@ -25,7 +27,9 @@ public OAEPEncoding( AsymmetricBlockCipher cipher) { @@ -716,9 +694,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/OAEPEncodin } public OAEPEncoding( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/PKCS1Encoding.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/PKCS1Encoding.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-01-31 02:26:40.000000000 +0000 @@ -216,6 +216,12 @@ throw new InvalidCipherTextException("unknown block type"); } @@ -732,57 +710,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/encodings/PKCS1Encodi if (useStrictLength && block.length != engine.getOutputBlockSize()) { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/AESFastEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/AESFastEngine.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/AESFastEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/AESFastEngine.java 2013-01-31 02:26:40.000000000 +0000 -@@ -3,6 +3,9 @@ - import org.bouncycastle.crypto.BlockCipher; - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.DataLengthException; -+// BEGIN android-added -+import org.bouncycastle.crypto.OutputLengthException; -+// END android-added - import org.bouncycastle.crypto.params.KeyParameter; - - /** -@@ -723,7 +726,9 @@ - - if ((outOff + (32 / 2)) > out.length) - { -- throw new DataLengthException("output buffer too short"); -+ // BEGIN android-changed -+ throw new OutputLengthException("output buffer too short"); -+ // END android-changed - } - - if (forEncryption) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeEngine.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeEngine.java 2013-01-31 02:26:40.000000000 +0000 -@@ -2,6 +2,9 @@ - - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.DataLengthException; -+// BEGIN android-added -+import org.bouncycastle.crypto.OutputLengthException; -+// END android-added - import org.bouncycastle.crypto.params.KeyParameter; - - /** -@@ -99,7 +102,9 @@ - - if ((outOff + BLOCK_SIZE) > out.length) - { -- throw new DataLengthException("output buffer too short"); -+ // BEGIN android-changed -+ throw new OutputLengthException("output buffer too short"); -+ // END android-changed - } - - byte[] temp = new byte[BLOCK_SIZE]; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeWrapEngine.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-149/org/bouncycastle/crypto/engines/DESedeWrapEngine.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2012-09-17 23:04:47.000000000 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; @@ -805,9 +735,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/engines/DESedeWrapEng byte[] digest = new byte[20]; /** -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DHParametersHelper.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DHParametersHelper.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-09-17 23:04:47.000000000 +0000 @@ -3,10 +3,17 @@ import java.math.BigInteger; import java.security.SecureRandom; @@ -858,46 +788,45 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DHParamete return new BigInteger[] { p, q }; } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DSAParametersGenerator.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1,8 +1,9 @@ - package org.bouncycastle.crypto.generators; +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2013-05-25 02:14:15.000000000 +0000 +@@ -4,7 +4,9 @@ + import java.security.SecureRandom; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed + import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAValidationParameters; - import org.bouncycastle.util.Arrays; -@@ -75,7 +76,9 @@ - byte[] part1 = new byte[20]; - byte[] part2 = new byte[20]; - byte[] u = new byte[20]; -- SHA1Digest sha1 = new SHA1Digest(); +@@ -31,7 +33,9 @@ + + public DSAParametersGenerator() + { +- this(new SHA1Digest()); + // BEGIN android-changed -+ Digest sha1 = AndroidDigestFactory.getSHA1(); ++ this(AndroidDigestFactory.getSHA1()); + // END android-changed + } + + public DSAParametersGenerator(Digest digest) +@@ -122,7 +126,9 @@ int n = (L - 1) / 160; byte[] w = new byte[L / 8]; -@@ -166,7 +169,9 @@ - { - // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function - // FIXME This should be configurable (digest size in bits must be >= N) -- Digest d = new SHA256Digest(); +- if (!(digest instanceof SHA1Digest)) + // BEGIN android-changed -+ Digest d = AndroidDigestFactory.getSHA256(); ++ if (!(digest.getAlgorithmName().equals("SHA-1"))) + // END android-changed - int outlen = d.getDigestSize() * 8; - - // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 + { + throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters"); + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 @@ -3,7 +3,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -920,9 +849,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/OpenSSLPBE /** * Construct a OpenSSL Parameters generator. -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-148/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-05-25 02:14:15.000000000 +0000 @@ -4,7 +4,9 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Mac; @@ -934,21 +863,21 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/generators/PKCS5S2Par import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; -@@ -27,7 +29,9 @@ +@@ -28,7 +30,9 @@ */ public PKCS5S2ParametersGenerator() { -- this(new SHA1Digest()); +- this(new SHA1Digest()); + // BEGIN android-changed -+ this(AndroidDigestFactory.getSHA1()); ++ this(AndroidDigestFactory.getSHA1()); + // END android-changed } public PKCS5S2ParametersGenerator(Digest digest) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-148/org/bouncycastle/crypto/macs/HMac.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/macs/HMac.java 2013-01-31 02:26:40.000000000 +0000 -@@ -33,23 +33,31 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-149/org/bouncycastle/crypto/macs/HMac.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/macs/HMac.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/macs/HMac.java 2013-05-25 02:14:15.000000000 +0000 +@@ -36,23 +36,31 @@ { blockLengths = new Hashtable(); @@ -989,9 +918,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/macs/HMac.java bcprov } private static int getByteLength( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-148/org/bouncycastle/crypto/signers/RSADigestSigner.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-149/org/bouncycastle/crypto/signers/RSADigestSigner.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-09-17 23:04:47.000000000 +0000 @@ -39,18 +39,24 @@ */ static @@ -1023,9 +952,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/signers/RSADigestSign oidMap.put("MD5", PKCSObjectIdentifiers.md5); } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/util/PrivateKeyFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/util/PrivateKeyFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 @@ -11,7 +11,9 @@ import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; @@ -1103,9 +1032,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PrivateKeyFactor } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/crypto/util/PublicKeyFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/util/PublicKeyFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-01-31 02:26:40.000000000 +0000 @@ -13,13 +13,17 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; @@ -1181,10 +1110,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/crypto/util/PublicKeyFactory } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DH.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-01-31 02:26:40.000000000 +0000 -@@ -32,11 +32,13 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DH.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DH.java 2013-05-25 02:14:15.000000000 +0000 +@@ -32,10 +32,12 @@ provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi"); @@ -1192,20 +1121,18 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/D - provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); - provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); - provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); -- provider.addAlgorithm("KeyPairGenerator.IES", PREFIX + "KeyPairGeneratorSpi"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES"); + // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); + // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); + // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); -+ // provider.addAlgorithm("KeyPairGenerator.IES", PREFIX + "KeyPairGeneratorSpi"); + // END android-removed } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DSA.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DSA.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-01-31 02:26:40.000000000 +0000 @@ -27,33 +27,43 @@ provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); @@ -1267,9 +1194,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/D registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact); registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA"); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/EC.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/EC.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-05-25 02:14:15.000000000 +0000 @@ -1,7 +1,9 @@ package org.bouncycastle.jcajce.provider.asymmetric; @@ -1357,7 +1284,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/E provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA"); provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone"); -@@ -65,23 +77,29 @@ +@@ -65,25 +77,31 @@ provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); @@ -1385,6 +1312,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/E - addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); - addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); - addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); +- addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); +- addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); + // BEGIN android-removed + // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); + // @@ -1397,13 +1326,15 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/E + // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); + // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); + // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); ++ // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); ++ // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); + // END android-removed } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/RSA.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/RSA.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-01-31 02:26:40.000000000 +0000 @@ -3,7 +3,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; @@ -1685,9 +1616,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/R } private void addDigestSignature( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/X509.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/X509.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-09-17 23:04:47.000000000 +0000 @@ -18,8 +18,10 @@ public void configure(ConfigurableProvider provider) @@ -1701,9 +1632,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/X // // certificate factories. -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2013-05-25 02:14:15.000000000 +0000 @@ -23,11 +23,16 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; @@ -1726,7 +1657,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/d import org.bouncycastle.crypto.params.ParametersWithRandom; public class DSASigner -@@ -228,45 +233,49 @@ +@@ -216,45 +221,49 @@ { public stdDSA() { @@ -1812,9 +1743,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/d static public class noneDSA extends DSASigner -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-05-25 02:14:15.000000000 +0000 @@ -19,8 +19,10 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; @@ -1828,7 +1759,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -@@ -222,21 +224,23 @@ +@@ -224,21 +226,23 @@ ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); @@ -1867,7 +1798,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); -@@ -350,11 +354,13 @@ +@@ -352,11 +356,13 @@ try { @@ -1886,98 +1817,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2013-01-31 02:26:40.000000000 +0000 -@@ -5,11 +5,15 @@ - import java.security.PublicKey; - - import org.bouncycastle.asn1.ASN1ObjectIdentifier; --import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// END android-removed - import org.bouncycastle.asn1.nist.NISTNamedCurves; - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; - import org.bouncycastle.asn1.sec.SECNamedCurves; --import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// END android-removed - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - import org.bouncycastle.asn1.x9.X962NamedCurves; - import org.bouncycastle.asn1.x9.X9ECParameters; -@@ -224,14 +228,16 @@ - { - oid = NISTNamedCurves.getOID(name); - } -- if (oid == null) -- { -- oid = TeleTrusTNamedCurves.getOID(name); -- } -- if (oid == null) -- { -- oid = ECGOST3410NamedCurves.getOID(name); -- } -+ // BEGIN android-removed -+ // if (oid == null) -+ // { -+ // oid = TeleTrusTNamedCurves.getOID(name); -+ // } -+ // if (oid == null) -+ // { -+ // oid = ECGOST3410NamedCurves.getOID(name); -+ // } -+ // END android-removed - } - - return oid; -@@ -249,10 +255,12 @@ - { - params = NISTNamedCurves.getByOID(oid); - } -- if (params == null) -- { -- params = TeleTrusTNamedCurves.getByOID(oid); -- } -+ // BEGIN android-removed -+ // if (params == null) -+ // { -+ // params = TeleTrusTNamedCurves.getByOID(oid); -+ // } -+ // END android-removed - } - - return params; -@@ -270,14 +278,16 @@ - { - name = NISTNamedCurves.getName(oid); - } -- if (name == null) -- { -- name = TeleTrusTNamedCurves.getName(oid); -- } -- if (name == null) -- { -- name = ECGOST3410NamedCurves.getName(oid); -- } -+ // BEGIN android-removed -+ // if (name == null) -+ // { -+ // name = TeleTrusTNamedCurves.getName(oid); -+ // } -+ // if (name == null) -+ // { -+ // name = ECGOST3410NamedCurves.getName(oid); -+ // } -+ // END android-removed - } - - return name; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-03-19 19:26:57.000000000 +0000 -@@ -23,20 +23,26 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-05-25 02:14:15.000000000 +0000 +@@ -23,21 +23,27 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DerivationFunction; import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; @@ -2001,6 +1844,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e +// import org.bouncycastle.crypto.params.MQVPrivateParameters; +// import org.bouncycastle.crypto.params.MQVPublicParameters; +// END android-removed + import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.MQVPrivateKey; @@ -2012,7 +1856,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e import org.bouncycastle.util.Integers; /** -@@ -70,7 +76,9 @@ +@@ -71,7 +77,9 @@ private BigInteger result; private ECDomainParameters parameters; private BasicAgreement agreement; @@ -2023,7 +1867,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e private byte[] bigIntToBytes( BigInteger r) -@@ -85,7 +93,9 @@ +@@ -86,7 +94,9 @@ { this.kaAlgorithm = kaAlgorithm; this.agreement = agreement; @@ -2034,7 +1878,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } protected Key engineDoPhase( -@@ -104,25 +114,27 @@ +@@ -105,25 +115,27 @@ } CipherParameters pubKey; @@ -2081,7 +1925,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { if (!(key instanceof PublicKey)) { -@@ -143,11 +155,13 @@ +@@ -144,11 +156,13 @@ protected byte[] engineGenerateSecret() throws IllegalStateException { @@ -2100,7 +1944,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e return bigIntToBytes(result); } -@@ -175,23 +189,25 @@ +@@ -176,23 +190,25 @@ { byte[] secret = bigIntToBytes(result); @@ -2143,7 +1987,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { // TODO Should we be ensuring the key is the right length? } -@@ -205,6 +221,12 @@ +@@ -206,6 +222,12 @@ SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { @@ -2156,7 +2000,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e initFromKey(key); } -@@ -219,35 +241,37 @@ +@@ -220,35 +242,37 @@ private void initFromKey(Key key) throws InvalidKeyException { @@ -2223,7 +2067,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e { if (!(key instanceof PrivateKey)) { -@@ -278,39 +302,41 @@ +@@ -279,39 +303,41 @@ } } @@ -2300,10 +2144,10 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e + // } + // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2012-09-17 23:04:47.000000000 +0000 -@@ -200,14 +200,16 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-05-25 02:14:15.000000000 +0000 +@@ -201,14 +201,16 @@ } } @@ -2328,9 +2172,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e public static class ECDH extends KeyFactorySpi -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-05-25 02:14:15.000000000 +0000 @@ -12,7 +12,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; @@ -2342,7 +2186,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e import org.bouncycastle.asn1.x9.X962NamedCurves; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -@@ -86,7 +88,13 @@ +@@ -87,7 +89,13 @@ SecureRandom random) { this.strength = strength; @@ -2356,7 +2200,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength)); if (ecParams != null) -@@ -111,6 +119,11 @@ +@@ -112,6 +120,11 @@ SecureRandom random) throws InvalidAlgorithmParameterException { @@ -2368,7 +2212,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e if (params instanceof ECParameterSpec) { ECParameterSpec p = (ECParameterSpec)params; -@@ -155,10 +168,12 @@ +@@ -156,10 +169,12 @@ { ecP = NISTNamedCurves.getByName(curveName); } @@ -2385,7 +2229,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e if (ecP == null) { // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) -@@ -174,10 +189,12 @@ +@@ -175,10 +190,12 @@ { ecP = NISTNamedCurves.getByOID(oid); } @@ -2402,9 +2246,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e if (ecP == null) { throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-05-25 02:14:15.000000000 +0000 @@ -16,15 +16,22 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; @@ -2434,8 +2278,8 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e +// END android-removed import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; - -@@ -68,7 +75,9 @@ + import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; +@@ -69,7 +76,9 @@ { public ecDSA() { @@ -2446,7 +2290,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } } -@@ -81,21 +90,25 @@ +@@ -82,21 +91,25 @@ } } @@ -2481,7 +2325,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } } -@@ -104,7 +117,9 @@ +@@ -105,7 +118,9 @@ { public ecDSA384() { @@ -2492,7 +2336,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e } } -@@ -113,90 +128,94 @@ +@@ -114,108 +129,112 @@ { public ecDSA512() { @@ -2580,6 +2424,24 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e - super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); - } - } +- +- static public class ecCVCDSA384 +- extends SignatureSpi +- { +- public ecCVCDSA384() +- { +- super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder()); +- } +- } +- +- static public class ecCVCDSA512 +- extends SignatureSpi +- { +- public ecCVCDSA512() +- { +- super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder()); +- } +- } + // BEGIN android-changed + super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed @@ -2667,20 +2529,38 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/e + // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } ++ // ++ // static public class ecCVCDSA384 ++ // extends SignatureSpi ++ // { ++ // public ecCVCDSA384() ++ // { ++ // super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder()); ++ // } ++ // } ++ // ++ // static public class ecCVCDSA512 ++ // extends SignatureSpi ++ // { ++ // public ecCVCDSA512() ++ // { ++ // super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder()); ++ // } ++ // } + // END android-removed private static class StdDSAEncoder implements DSAEncoder -@@ -290,4 +309,4 @@ +@@ -309,4 +328,4 @@ return sig; } } -} \ No newline at end of file +} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-01-31 02:26:40.000000000 +0000 @@ -26,7 +26,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -2821,9 +2701,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/r + // } + // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2012-09-17 23:04:47.000000000 +0000 @@ -17,24 +17,31 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; @@ -3055,9 +2935,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/r + // } + // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2012-09-17 23:04:47.000000000 +0000 @@ -18,8 +18,10 @@ import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; @@ -3084,23 +2964,97 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/u }; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java 2013-02-21 00:01:31.000000000 +0000 -@@ -334,7 +334,9 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java 2013-05-25 02:14:15.000000000 +0000 +@@ -5,11 +5,15 @@ + import java.security.PublicKey; - public Iterator engineGetCertPathEncodings() - { -- return null; // TODO: PKIXCertPath.certPathEncodings.iterator(); -+ // BEGIN android-changed -+ return PKIXCertPath.certPathEncodings.iterator(); -+ // END android-changed - } + import org.bouncycastle.asn1.ASN1ObjectIdentifier; +-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// END android-removed + import org.bouncycastle.asn1.nist.NISTNamedCurves; + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; + import org.bouncycastle.asn1.sec.SECNamedCurves; +-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; ++// END android-removed + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x9.X962NamedCurves; + import org.bouncycastle.asn1.x9.X9ECParameters; +@@ -225,14 +229,16 @@ + { + oid = NISTNamedCurves.getOID(name); + } +- if (oid == null) +- { +- oid = TeleTrusTNamedCurves.getOID(name); +- } +- if (oid == null) +- { +- oid = ECGOST3410NamedCurves.getOID(name); +- } ++ // BEGIN android-removed ++ // if (oid == null) ++ // { ++ // oid = TeleTrusTNamedCurves.getOID(name); ++ // } ++ // if (oid == null) ++ // { ++ // oid = ECGOST3410NamedCurves.getOID(name); ++ // } ++ // END android-removed + } + + return oid; +@@ -250,10 +256,12 @@ + { + params = NISTNamedCurves.getByOID(oid); + } +- if (params == null) +- { +- params = TeleTrusTNamedCurves.getByOID(oid); +- } ++ // BEGIN android-removed ++ // if (params == null) ++ // { ++ // params = TeleTrusTNamedCurves.getByOID(oid); ++ // } ++ // END android-removed + } + + return params; +@@ -271,14 +279,16 @@ + { + name = NISTNamedCurves.getName(oid); + } +- if (name == null) +- { +- name = TeleTrusTNamedCurves.getName(oid); +- } +- if (name == null) +- { +- name = ECGOST3410NamedCurves.getName(oid); +- } ++ // BEGIN android-removed ++ // if (name == null) ++ // { ++ // name = TeleTrusTNamedCurves.getName(oid); ++ // } ++ // if (name == null) ++ // { ++ // name = ECGOST3410NamedCurves.getName(oid); ++ // } ++ // END android-removed + } - public CertPath engineGenerateCertPath( -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-02-21 00:01:31.000000000 +0000 + return name; +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-02-21 00:01:31.000000000 +0000 @@ -36,7 +36,9 @@ import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -3174,502 +3128,778 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/asymmetric/x else { throw new CertificateEncodingException("unsupported encoding: " + encoding); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/AES.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/AES.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1,31 +1,43 @@ - package org.bouncycastle.jcajce.provider.symmetric; - --import java.security.AlgorithmParameters; --import java.security.InvalidAlgorithmParameterException; -+// BEGIN android-removed -+// import java.security.AlgorithmParameters; -+// import java.security.InvalidAlgorithmParameterException; -+// END android-removed - import java.security.SecureRandom; --import java.security.spec.AlgorithmParameterSpec; -- --import javax.crypto.spec.IvParameterSpec; -+// BEGIN android-removed -+// import java.security.spec.AlgorithmParameterSpec; -+// -+// import javax.crypto.spec.IvParameterSpec; -+// END android-removed +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java 2013-05-25 02:14:15.000000000 +0000 +@@ -57,6 +57,9 @@ + import org.bouncycastle.asn1.x509.Extensions; + import org.bouncycastle.asn1.x509.GeneralName; + import org.bouncycastle.asn1.x509.KeyUsage; ++// BEGIN android-added ++import org.bouncycastle.asn1.x509.X509Name; ++// END android-added + import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; + import org.bouncycastle.jce.X509Principal; + import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; +@@ -564,12 +567,20 @@ + } + } - import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; - import org.bouncycastle.crypto.BufferedBlockCipher; - import org.bouncycastle.crypto.CipherKeyGenerator; - import org.bouncycastle.crypto.engines.AESFastEngine; - import org.bouncycastle.crypto.engines.AESWrapEngine; --import org.bouncycastle.crypto.engines.RFC3211WrapEngine; --import org.bouncycastle.crypto.macs.CMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -+// import org.bouncycastle.crypto.macs.CMac; -+// END android-removed - import org.bouncycastle.crypto.modes.CBCBlockCipher; - import org.bouncycastle.crypto.modes.CFBBlockCipher; - import org.bouncycastle.crypto.modes.OFBBlockCipher; - import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; --import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -+// BEGIN android-removed -+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -+// END android-removed - import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; - import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; --import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++ // BEGIN android-changed ++ private byte[] encoded; ++ // END android-changed + public byte[] getEncoded() + throws CertificateEncodingException + { + try + { +- return c.getEncoded(ASN1Encoding.DER); ++ // BEGIN android-changed ++ if (encoded == null) { ++ encoded = c.getEncoded(ASN1Encoding.DER); ++ } ++ return encoded; ++ // END android-changed + } + catch (IOException e) + { +@@ -860,7 +871,9 @@ + list.add(genName.getEncoded()); + break; + case GeneralName.directoryName: +- list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString()); ++ // BEGIN android-changed ++ list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); ++ // END android-changed + break; + case GeneralName.dNSName: + case GeneralName.rfc822Name: +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java 2013-05-25 02:14:15.000000000 +0000 +@@ -14,12 +14,16 @@ + import org.bouncycastle.asn1.ASN1Sequence; + import org.bouncycastle.asn1.DERNull; + import org.bouncycastle.asn1.DERObjectIdentifier; +-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed -+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed - import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; - import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; - import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; --import org.bouncycastle.jce.provider.BouncyCastleProvider; + import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed -+// import org.bouncycastle.jce.provider.BouncyCastleProvider; ++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - public final class AES - { -@@ -69,15 +81,17 @@ +@@ -114,22 +118,24 @@ + { + return "SHA512"; + } +- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) +- { +- return "RIPEMD128"; +- } +- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) +- { +- return "RIPEMD160"; +- } +- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) +- { +- return "RIPEMD256"; +- } +- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) +- { +- return "GOST3411"; +- } ++ // BEGIN android-removed ++ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD128"; ++ // } ++ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD160"; ++ // } ++ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD256"; ++ // } ++ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) ++ // { ++ // return "GOST3411"; ++ // } ++ // END android-removed + else + { + return digestAlgOID.getId(); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA256.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA256.java 2013-05-25 02:14:15.000000000 +0000 +@@ -45,17 +45,19 @@ } } -- public static class AESCMAC -- extends BaseMac +- /** +- * PBEWithHmacSHA +- */ +- public static class PBEWithMacKeyFactory +- extends PBESecretKeyFactory - { -- public AESCMAC() +- public PBEWithMacKeyFactory() - { -- super(new CMac(new AESFastEngine())); +- super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); - } - } -- + // BEGIN android-removed -+ // public static class AESCMAC -+ // extends BaseMac ++ // /** ++ // * PBEWithHmacSHA ++ // */ ++ // public static class PBEWithMacKeyFactory ++ // extends PBESecretKeyFactory + // { -+ // public AESCMAC() ++ // public PBEWithMacKeyFactory() + // { -+ // super(new CMac(new AESFastEngine())); ++ // super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); + // } + // } + // END android-removed -+ - static public class Wrap - extends BaseWrapCipher - { -@@ -86,15 +100,17 @@ - super(new AESWrapEngine()); + + /** + * HMACSHA256 +@@ -84,9 +86,11 @@ + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); + +- provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); ++ // END android-removed + + addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA384.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA384.java 2013-05-25 02:14:15.000000000 +0000 +@@ -5,7 +5,9 @@ + import org.bouncycastle.crypto.CipherKeyGenerator; + import org.bouncycastle.crypto.digests.SHA384Digest; + import org.bouncycastle.crypto.macs.HMac; +-import org.bouncycastle.crypto.macs.OldHMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.OldHMac; ++// END android-removed + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +@@ -57,14 +59,16 @@ } } -- -- public static class RFC3211Wrap -- extends BaseWrapCipher + +- public static class OldSHA384 +- extends BaseMac - { -- public RFC3211Wrap() +- public OldSHA384() - { -- super(new RFC3211WrapEngine(new AESFastEngine()), 16); +- super(new OldHMac(new SHA384Digest())); - } - } -+ + // BEGIN android-removed -+ // public static class RFC3211Wrap -+ // extends BaseWrapCipher ++ // public static class OldSHA384 ++ // extends BaseMac + // { -+ // public RFC3211Wrap() ++ // public OldSHA384() + // { -+ // super(new RFC3211WrapEngine(new AESFastEngine()), 16); ++ // super(new OldHMac(new SHA384Digest())); + // } + // } + // END android-removed - public static class KeyGen - extends BaseKeyGenerator -@@ -110,70 +126,72 @@ + public static class Mappings + extends DigestAlgorithmProvider +@@ -80,7 +84,9 @@ + provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); +- provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); ++ // END android-removed + + addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA512.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA512.java 2013-05-25 02:14:15.000000000 +0000 +@@ -4,9 +4,13 @@ + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.crypto.CipherKeyGenerator; + import org.bouncycastle.crypto.digests.SHA512Digest; +-import org.bouncycastle.crypto.digests.SHA512tDigest; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.digests.SHA512tDigest; ++// END android-removed + import org.bouncycastle.crypto.macs.HMac; +-import org.bouncycastle.crypto.macs.OldHMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.OldHMac; ++// END android-removed + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +@@ -37,42 +41,44 @@ } } -- public static class KeyGen128 -- extends KeyGen +- static public class DigestT +- extends BCMessageDigest +- implements Cloneable - { -- public KeyGen128() +- public DigestT(int bitLength) - { -- super(128); +- super(new SHA512tDigest(bitLength)); - } -- } - -- public static class KeyGen192 -- extends KeyGen -- { -- public KeyGen192() +- public Object clone() +- throws CloneNotSupportedException - { -- super(192); +- DigestT d = (DigestT)super.clone(); +- d.digest = new SHA512tDigest((SHA512tDigest)digest); +- +- return d; - } - } - -- public static class KeyGen256 -- extends KeyGen +- static public class DigestT224 +- extends DigestT - { -- public KeyGen256() +- public DigestT224() - { -- super(256); +- super(224); - } - } - -- public static class AlgParamGen -- extends BaseAlgorithmParameterGenerator +- static public class DigestT256 +- extends DigestT - { -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); -- } -- -- protected AlgorithmParameters engineGenerateParameters() +- public DigestT256() - { -- byte[] iv = new byte[16]; -- -- if (random == null) -- { -- random = new SecureRandom(); -- } -- -- random.nextBytes(iv); -- -- AlgorithmParameters params; -- -- try -- { -- params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new IvParameterSpec(iv)); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- -- return params; +- super(256); - } - } + // BEGIN android-removed -+ // public static class KeyGen128 -+ // extends KeyGen ++ // static public class DigestT ++ // extends BCMessageDigest ++ // implements Cloneable + // { -+ // public KeyGen128() ++ // public DigestT(int bitLength) + // { -+ // super(128); ++ // super(new SHA512tDigest(bitLength)); ++ // } ++ // ++ // public Object clone() ++ // throws CloneNotSupportedException ++ // { ++ // DigestT d = (DigestT)super.clone(); ++ // d.digest = new SHA512tDigest((SHA512tDigest)digest); ++ // ++ // return d; + // } + // } + // -+ // public static class KeyGen192 -+ // extends KeyGen ++ // static public class DigestT224 ++ // extends DigestT + // { -+ // public KeyGen192() ++ // public DigestT224() + // { -+ // super(192); ++ // super(224); + // } + // } + // -+ // public static class KeyGen256 -+ // extends KeyGen ++ // static public class DigestT256 ++ // extends DigestT + // { -+ // public KeyGen256() ++ // public DigestT256() + // { + // super(256); + // } + // } -+ // -+ // public static class AlgParamGen -+ // extends BaseAlgorithmParameterGenerator ++ // END android-removed + + public static class HashMac + extends BaseMac +@@ -83,35 +89,37 @@ + } + } + +- public static class HashMacT224 +- extends BaseMac +- { +- public HashMacT224() +- { +- super(new HMac(new SHA512tDigest(224))); +- } +- } +- +- public static class HashMacT256 +- extends BaseMac +- { +- public HashMacT256() +- { +- super(new HMac(new SHA512tDigest(256))); +- } +- } +- +- /** +- * SHA-512 HMac +- */ +- public static class OldSHA512 +- extends BaseMac +- { +- public OldSHA512() +- { +- super(new OldHMac(new SHA512Digest())); +- } +- } ++ // BEGIN android-removed ++ // public static class HashMacT224 ++ // extends BaseMac + // { -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException ++ // public HashMacT224() + // { -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); ++ // super(new HMac(new SHA512tDigest(224))); + // } ++ // } + // -+ // protected AlgorithmParameters engineGenerateParameters() ++ // public static class HashMacT256 ++ // extends BaseMac ++ // { ++ // public HashMacT256() + // { -+ // byte[] iv = new byte[16]; -+ // -+ // if (random == null) -+ // { -+ // random = new SecureRandom(); -+ // } -+ // -+ // random.nextBytes(iv); -+ // -+ // AlgorithmParameters params; ++ // super(new HMac(new SHA512tDigest(256))); ++ // } ++ // } + // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new IvParameterSpec(iv)); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } ++ // /** ++ // * SHA-512 HMac ++ // */ ++ // public static class OldSHA512 ++ // extends BaseMac ++ // { ++ // public OldSHA512() ++ // { ++ // super(new OldHMac(new SHA512Digest())); ++ // } ++ // } ++ // END android-removed + + /** + * HMACSHA512 +@@ -125,23 +133,25 @@ + } + } + +- public static class KeyGeneratorT224 +- extends BaseKeyGenerator +- { +- public KeyGeneratorT224() +- { +- super("HMACSHA512/224", 224, new CipherKeyGenerator()); +- } +- } +- +- public static class KeyGeneratorT256 +- extends BaseKeyGenerator +- { +- public KeyGeneratorT256() +- { +- super("HMACSHA512/256", 256, new CipherKeyGenerator()); +- } +- } ++ // BEGIN android-removed ++ // public static class KeyGeneratorT224 ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGeneratorT224() ++ // { ++ // super("HMACSHA512/224", 224, new CipherKeyGenerator()); ++ // } ++ // } + // -+ // return params; ++ // public static class KeyGeneratorT256 ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGeneratorT256() ++ // { ++ // super("HMACSHA512/256", 256, new CipherKeyGenerator()); + // } + // } + // END android-removed - public static class AlgParams - extends IvAlgorithmParameters -@@ -212,58 +230,66 @@ - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + public static class Mappings + extends DigestAlgorithmProvider +@@ -158,21 +168,25 @@ + provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); + provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); -- provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); +- provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); +- provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); +- provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); +- +- provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); +- provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); +- provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); +- +- provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); + // BEGIN android-removed -+ // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); ++ // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); ++ // ++ // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); ++ // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); ++ // ++ // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); + // END android-removed - provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); - provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); - provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); - provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); -- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); + addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); + addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); + +- addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); +- addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); + // BEGIN android-removed -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); -+ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); ++ // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); ++ // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); + // END android-removed - provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); -- provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); + } + } + +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/BC.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/BC.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/BC.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/BC.java 2013-05-25 02:14:15.000000000 +0000 +@@ -17,7 +17,9 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std"); +- provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); + // BEGIN android-removed -+ // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); ++ // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); + // END android-removed - - provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen"); -- provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); -- provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); -- provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); -- provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); -- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore"); + provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle"); + provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/PKCS12.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/PKCS12.java 2013-05-25 02:14:15.000000000 +0000 +@@ -17,14 +17,16 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); - -- provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); +- provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); +- +- provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); +- provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); + // BEGIN android-removed -+ // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); -+ // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); -+ // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); -+ // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); -+ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); ++ // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); + // -+ // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); ++ // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); ++ // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); ++ // ++ // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); ++ // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); + // END android-removed } } } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/ARC4.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2012-09-17 23:04:47.000000000 +0000 -@@ -27,7 +27,9 @@ - { - public KeyGen() - { -- super("RC4", 128, new CipherKeyGenerator()); -+ // BEGIN android-changed -+ super("ARC4", 128, new CipherKeyGenerator()); -+ // END android-changed - } - } - -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-09-17 23:04:47.000000000 +0000 -@@ -64,7 +64,9 @@ - { - - provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB"); -- provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); -+ // BEGIN android-removed -+ // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); -+ // END android-removed - provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); - provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DES.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DES.java 2012-09-17 23:04:47.000000000 +0000 -@@ -16,11 +16,15 @@ - import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; - import org.bouncycastle.crypto.KeyGenerationParameters; - import org.bouncycastle.crypto.engines.DESEngine; --import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -+// END android-removed - import org.bouncycastle.crypto.generators.DESKeyGenerator; - import org.bouncycastle.crypto.macs.CBCBlockCipherMac; --import org.bouncycastle.crypto.macs.CFBBlockCipherMac; --import org.bouncycastle.crypto.macs.CMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -+// import org.bouncycastle.crypto.macs.CMac; -+// END android-removed - import org.bouncycastle.crypto.modes.CBCBlockCipher; - import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -@@ -48,115 +52,117 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java 2013-05-25 02:14:15.000000000 +0000 +@@ -1594,32 +1594,34 @@ } } -- static public class CBC -- extends BaseBlockCipher +- public static class BCPKCS12KeyStore3DES +- extends PKCS12KeyStoreSpi - { -- public CBC() +- public BCPKCS12KeyStore3DES() - { -- super(new CBCBlockCipher(new DESEngine()), 64); +- super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - } - } - -- /** -- * DES CFB8 -- */ -- public static class DESCFB8 -- extends BaseMac +- public static class DefPKCS12KeyStore +- extends PKCS12KeyStoreSpi - { -- public DESCFB8() +- public DefPKCS12KeyStore() - { -- super(new CFBBlockCipherMac(new DESEngine())); +- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); - } - } - -- /** -- * DES64 -- */ -- public static class DES64 -- extends BaseMac +- public static class DefPKCS12KeyStore3DES +- extends PKCS12KeyStoreSpi - { -- public DES64() +- public DefPKCS12KeyStore3DES() - { -- super(new CBCBlockCipherMac(new DESEngine(), 64)); +- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - } - } ++ // BEGIN android-removed ++ // public static class BCPKCS12KeyStore3DES ++ // extends PKCS12KeyStoreSpi ++ // { ++ // public BCPKCS12KeyStore3DES() ++ // { ++ // super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); ++ // } ++ // } ++ // ++ // public static class DefPKCS12KeyStore ++ // extends PKCS12KeyStoreSpi ++ // { ++ // public DefPKCS12KeyStore() ++ // { ++ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); ++ // } ++ // } ++ // ++ // public static class DefPKCS12KeyStore3DES ++ // extends PKCS12KeyStoreSpi ++ // { ++ // public DefPKCS12KeyStore3DES() ++ // { ++ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); ++ // } ++ // } ++ // END android-removed + + private static class IgnoresCaseHashtable + { +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/AES.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/AES.java 2013-05-25 02:14:15.000000000 +0000 +@@ -1,11 +1,15 @@ + package org.bouncycastle.jcajce.provider.symmetric; + +-import java.security.AlgorithmParameters; +-import java.security.InvalidAlgorithmParameterException; ++// BEGIN android-removed ++// import java.security.AlgorithmParameters; ++// import java.security.InvalidAlgorithmParameterException; ++// END android-removed + import java.security.SecureRandom; +-import java.security.spec.AlgorithmParameterSpec; - -- /** -- * DES64with7816-4Padding -- */ -- public static class DES64with7816d4 +-import javax.crypto.spec.IvParameterSpec; ++// BEGIN android-removed ++// import java.security.spec.AlgorithmParameterSpec; ++// ++// import javax.crypto.spec.IvParameterSpec; ++// END android-removed + + import org.bouncycastle.asn1.bc.BCObjectIdentifiers; + import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; +@@ -14,23 +18,31 @@ + import org.bouncycastle.crypto.CipherKeyGenerator; + import org.bouncycastle.crypto.engines.AESFastEngine; + import org.bouncycastle.crypto.engines.AESWrapEngine; +-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +-import org.bouncycastle.crypto.macs.CMac; +-import org.bouncycastle.crypto.macs.GMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; ++// import org.bouncycastle.crypto.macs.CMac; ++// import org.bouncycastle.crypto.macs.GMac; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.crypto.modes.CFBBlockCipher; + import org.bouncycastle.crypto.modes.GCMBlockCipher; + import org.bouncycastle.crypto.modes.OFBBlockCipher; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; + import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; + import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; +-import org.bouncycastle.jce.provider.BouncyCastleProvider; ++// BEGIN android-removed ++// import org.bouncycastle.jce.provider.BouncyCastleProvider; ++// END android-removed + + public final class AES + { +@@ -80,23 +92,25 @@ + } + } + +- public static class AESCMAC - extends BaseMac - { -- public DES64with7816d4() +- public AESCMAC() - { -- super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); +- super(new CMac(new AESFastEngine())); - } - } -- -- public static class CBCMAC +- +- public static class AESGMAC - extends BaseMac - { -- public CBCMAC() +- public AESGMAC() - { -- super(new CBCBlockCipherMac(new DESEngine())); +- super(new GMac(new GCMBlockCipher(new AESFastEngine()))); - } - } ++ // BEGIN android-removed ++ // public static class AESCMAC ++ // extends BaseMac ++ // { ++ // public AESCMAC() ++ // { ++ // super(new CMac(new AESFastEngine())); ++ // } ++ // } ++ // ++ // public static class AESGMAC ++ // extends BaseMac ++ // { ++ // public AESGMAC() ++ // { ++ // super(new GMac(new GCMBlockCipher(new AESFastEngine()))); ++ // } ++ // } ++ // END android-removed + + static public class Wrap + extends BaseWrapCipher +@@ -106,15 +120,17 @@ + super(new AESWrapEngine()); + } + } - -- static public class CMAC -- extends BaseMac +- public static class RFC3211Wrap +- extends BaseWrapCipher - { -- public CMAC() +- public RFC3211Wrap() - { -- super(new CMac(new DESEngine())); +- super(new RFC3211WrapEngine(new AESFastEngine()), 16); +- } +- } ++ ++ // BEGIN android-removed ++ // public static class RFC3211Wrap ++ // extends BaseWrapCipher ++ // { ++ // public RFC3211Wrap() ++ // { ++ // super(new RFC3211WrapEngine(new AESFastEngine()), 16); ++ // } ++ // } ++ // END android-removed + + + /** +@@ -143,32 +159,34 @@ + } + } + +- public static class KeyGen128 +- extends KeyGen +- { +- public KeyGen128() +- { +- super(128); - } - } - -- public static class RFC3211 -- extends BaseWrapCipher +- public static class KeyGen192 +- extends KeyGen - { -- public RFC3211() +- public KeyGen192() - { -- super(new RFC3211WrapEngine(new DESEngine()), 8); +- super(192); - } - } - +- public static class KeyGen256 +- extends KeyGen +- { +- public KeyGen256() +- { +- super(256); +- } +- } ++ // BEGIN android-removed ++ // public static class KeyGen128 ++ // extends KeyGen ++ // { ++ // public KeyGen128() ++ // { ++ // super(128); ++ // } ++ // } ++ // ++ // public static class KeyGen192 ++ // extends KeyGen ++ // { ++ // public KeyGen192() ++ // { ++ // super(192); ++ // } ++ // } ++ // ++ // public static class KeyGen256 ++ // extends KeyGen ++ // { ++ // public KeyGen256() ++ // { ++ // super(256); ++ // } ++ // } ++ // END android-removed + + /** + * PBEWithSHA1And128BitAES-BC +@@ -278,43 +296,45 @@ + } + } + - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, -- SecureRandom random) +- SecureRandom random) - throws InvalidAlgorithmParameterException - { -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { -- byte[] iv = new byte[8]; +- byte[] iv = new byte[16]; - - if (random == null) - { @@ -3682,7 +3912,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE - - try - { -- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); +- params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) @@ -3694,97 +3924,25 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE - } - } + // BEGIN android-removed -+ // static public class CBC -+ // extends BaseBlockCipher ++ // public static class AlgParamGen ++ // extends BaseAlgorithmParameterGenerator + // { -+ // public CBC() ++ // protected void engineInit( ++ // AlgorithmParameterSpec genParamSpec, ++ // SecureRandom random) ++ // throws InvalidAlgorithmParameterException + // { -+ // super(new CBCBlockCipher(new DESEngine()), 64); ++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); + // } -+ // } + // -+ // /** -+ // * DES CFB8 -+ // */ -+ // public static class DESCFB8 -+ // extends BaseMac -+ // { -+ // public DESCFB8() ++ // protected AlgorithmParameters engineGenerateParameters() + // { -+ // super(new CFBBlockCipherMac(new DESEngine())); -+ // } -+ // } ++ // byte[] iv = new byte[16]; + // -+ // /** -+ // * DES64 -+ // */ -+ // public static class DES64 -+ // extends BaseMac -+ // { -+ // public DES64() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine(), 64)); -+ // } -+ // } -+ // -+ // /** -+ // * DES64with7816-4Padding -+ // */ -+ // public static class DES64with7816d4 -+ // extends BaseMac -+ // { -+ // public DES64with7816d4() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); -+ // } -+ // } -+ // -+ // public static class CBCMAC -+ // extends BaseMac -+ // { -+ // public CBCMAC() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine())); -+ // } -+ // } -+ // -+ // static public class CMAC -+ // extends BaseMac -+ // { -+ // public CMAC() -+ // { -+ // super(new CMac(new DESEngine())); -+ // } -+ // } -+ // -+ // public static class RFC3211 -+ // extends BaseWrapCipher -+ // { -+ // public RFC3211() -+ // { -+ // super(new RFC3211WrapEngine(new DESEngine()), 8); -+ // } -+ // } -+ // -+ // public static class AlgParamGen -+ // extends BaseAlgorithmParameterGenerator -+ // { -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); -+ // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() -+ // { -+ // byte[] iv = new byte[8]; -+ // -+ // if (random == null) -+ // { -+ // random = new SecureRandom(); -+ // } ++ // if (random == null) ++ // { ++ // random = new SecureRandom(); ++ // } + // + // random.nextBytes(iv); + // @@ -3792,7 +3950,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE + // + // try + // { -+ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); ++ // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) @@ -3805,158 +3963,211 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE + // } + // END android-removed - /** - * DES - the default for this is to generate a key in -@@ -263,36 +269,42 @@ - { + public static class AlgParams + extends IvAlgorithmParameters +@@ -353,58 +373,66 @@ + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); - provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); -- provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); -- -- addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); -- -- provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); +- provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + // BEGIN android-removed -+ // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); -+ // -+ // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); -+ // -+ // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); ++ // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + // END android-removed - provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator"); - - provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory"); + provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); + provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); +- provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); ++ // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); ++ // END android-removed + provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); +- provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); ++ // END android-removed -- provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); -- provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); -- provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); -- -- provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); -- provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); -- -- provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); -- provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); + provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen"); +- provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); +- provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); +- provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); - -- provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); -- provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); -- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); -- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); + // BEGIN android-removed -+ // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); -+ // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); -+ // -+ // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); -+ // -+ // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); ++ // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); ++ // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); ++ // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); + // -+ // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); + // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); + provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); +@@ -483,7 +511,9 @@ + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); - -- provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); +- addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); + // BEGIN android-removed -+ // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); ++ // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); + // END android-removed } + } + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/ARC4.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-05-25 02:14:15.000000000 +0000 +@@ -29,7 +29,9 @@ + { + public KeyGen() + { +- super("RC4", 128, new CipherKeyGenerator()); ++ // BEGIN android-changed ++ super("ARC4", 128, new CipherKeyGenerator()); ++ // END android-changed + } + } - private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DESede.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2012-09-17 23:04:47.000000000 +0000 -@@ -1,30 +1,42 @@ - package org.bouncycastle.jcajce.provider.symmetric; - --import java.security.AlgorithmParameters; --import java.security.InvalidAlgorithmParameterException; -+// BEGIN android-removed -+// import java.security.AlgorithmParameters; -+// import java.security.InvalidAlgorithmParameterException; -+// END android-removed - import java.security.SecureRandom; --import java.security.spec.AlgorithmParameterSpec; -+// BEGIN android-removed -+// import java.security.spec.AlgorithmParameterSpec; -+// END android-removed - import java.security.spec.InvalidKeySpecException; - import java.security.spec.KeySpec; - - import javax.crypto.SecretKey; - import javax.crypto.spec.DESedeKeySpec; --import javax.crypto.spec.IvParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.IvParameterSpec; -+// END android-removed - import javax.crypto.spec.SecretKeySpec; +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-09-17 23:04:47.000000000 +0000 +@@ -64,7 +64,9 @@ + { - import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); ++ // END android-removed + provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); + provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DES.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DES.java 2013-05-25 02:14:15.000000000 +0000 +@@ -19,12 +19,16 @@ + import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.KeyGenerationParameters; - import org.bouncycastle.crypto.engines.DESedeEngine; - import org.bouncycastle.crypto.engines.DESedeWrapEngine; + import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// END android-removed - import org.bouncycastle.crypto.generators.DESedeKeyGenerator; + import org.bouncycastle.crypto.generators.DESKeyGenerator; import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.macs.CMac; +-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.CMac; ++// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +// END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; --import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -+// BEGIN android-removed -+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -+// END android-removed - import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; - import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; - import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -@@ -57,17 +69,19 @@ + import org.bouncycastle.crypto.params.DESParameters; +@@ -66,17 +70,19 @@ } } - /** -- * DESede CFB8 +- * DES CFB8 - */ -- public static class DESedeCFB8 +- public static class DESCFB8 - extends BaseMac - { -- public DESedeCFB8() +- public DESCFB8() - { -- super(new CFBBlockCipherMac(new DESedeEngine())); +- super(new CFBBlockCipherMac(new DESEngine())); - } - } + // BEGIN android-removed + // /** -+ // * DESede CFB8 ++ // * DES CFB8 + // */ -+ // public static class DESedeCFB8 ++ // public static class DESCFB8 + // extends BaseMac + // { -+ // public DESedeCFB8() ++ // public DESCFB8() + // { -+ // super(new CFBBlockCipherMac(new DESedeEngine())); ++ // super(new CFBBlockCipherMac(new DESEngine())); + // } + // } + // END android-removed /** - * DESede64 -@@ -102,15 +116,17 @@ + * DES64 +@@ -111,47 +117,49 @@ } } @@ -3965,2905 +4176,1863 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/DE - { - public CMAC() - { -- super(new CMac(new DESedeEngine())); +- super(new CMac(new DESEngine())); +- } +- } +- +- /** +- * DES9797Alg3with7816-4Padding +- */ +- public static class DES9797Alg3with7816d4 +- extends BaseMac +- { +- public DES9797Alg3with7816d4() +- { +- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); +- } +- } +- +- /** +- * DES9797Alg3 +- */ +- public static class DES9797Alg3 +- extends BaseMac +- { +- public DES9797Alg3() +- { +- super(new ISO9797Alg3Mac(new DESEngine())); - } - } - +- public static class RFC3211 +- extends BaseWrapCipher +- { +- public RFC3211() +- { +- super(new RFC3211WrapEngine(new DESEngine()), 8); +- } +- } + // BEGIN android-removed + // static public class CMAC + // extends BaseMac + // { + // public CMAC() + // { -+ // super(new CMac(new DESedeEngine())); ++ // super(new CMac(new DESEngine())); ++ // } ++ // } ++ // ++ // /** ++ // * DES9797Alg3with7816-4Padding ++ // */ ++ // public static class DES9797Alg3with7816d4 ++ // extends BaseMac ++ // { ++ // public DES9797Alg3with7816d4() ++ // { ++ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); ++ // } ++ // } ++ // ++ // /** ++ // * DES9797Alg3 ++ // */ ++ // public static class DES9797Alg3 ++ // extends BaseMac ++ // { ++ // public DES9797Alg3() ++ // { ++ // super(new ISO9797Alg3Mac(new DESEngine())); ++ // } ++ // } ++ // ++ // public static class RFC3211 ++ // extends BaseWrapCipher ++ // { ++ // public RFC3211() ++ // { ++ // super(new RFC3211WrapEngine(new DESEngine()), 8); + // } + // } + // END android-removed -+ - public static class Wrap - extends BaseWrapCipher - { -@@ -119,15 +135,17 @@ - super(new DESedeWrapEngine()); + + public static class AlgParamGen + extends BaseAlgorithmParameterGenerator +@@ -351,17 +359,19 @@ } } -- -- public static class RFC3211 -- extends BaseWrapCipher + +- /** +- * PBEWithMD2AndDES +- */ +- static public class PBEWithMD2KeyFactory +- extends DESPBEKeyFactory - { -- public RFC3211() +- public PBEWithMD2KeyFactory() - { -- super(new RFC3211WrapEngine(new DESedeEngine()), 8); +- super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); - } - } -+ + // BEGIN android-removed -+ // public static class RFC3211 -+ // extends BaseWrapCipher ++ // /** ++ // * PBEWithMD2AndDES ++ // */ ++ // static public class PBEWithMD2KeyFactory ++ // extends DESPBEKeyFactory + // { -+ // public RFC3211() ++ // public PBEWithMD2KeyFactory() + // { -+ // super(new RFC3211WrapEngine(new DESedeEngine()), 8); ++ // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed - /** - * DESede - the default for this is to generate a key in -@@ -217,43 +235,45 @@ + /** + * PBEWithMD5AndDES +@@ -387,17 +397,19 @@ } } -- public static class AlgParamGen -- extends BaseAlgorithmParameterGenerator +- /** +- * PBEWithMD2AndDES +- */ +- static public class PBEWithMD2 +- extends BaseBlockCipher - { -- protected void engineInit( -- AlgorithmParameterSpec genParamSpec, -- SecureRandom random) -- throws InvalidAlgorithmParameterException -- { -- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); -- } -- -- protected AlgorithmParameters engineGenerateParameters() +- public PBEWithMD2() - { -- byte[] iv = new byte[8]; -- -- if (random == null) -- { -- random = new SecureRandom(); -- } -- -- random.nextBytes(iv); -- -- AlgorithmParameters params; -- -- try -- { -- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); -- params.init(new IvParameterSpec(iv)); -- } -- catch (Exception e) -- { -- throw new RuntimeException(e.getMessage()); -- } -- -- return params; +- super(new CBCBlockCipher(new DESEngine())); - } - } + // BEGIN android-removed -+ // public static class AlgParamGen -+ // extends BaseAlgorithmParameterGenerator ++ // /** ++ // * PBEWithMD2AndDES ++ // */ ++ // static public class PBEWithMD2 ++ // extends BaseBlockCipher + // { -+ // protected void engineInit( -+ // AlgorithmParameterSpec genParamSpec, -+ // SecureRandom random) -+ // throws InvalidAlgorithmParameterException -+ // { -+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); -+ // } -+ // -+ // protected AlgorithmParameters engineGenerateParameters() ++ // public PBEWithMD2() + // { -+ // byte[] iv = new byte[8]; -+ // -+ // if (random == null) -+ // { -+ // random = new SecureRandom(); -+ // } -+ // -+ // random.nextBytes(iv); -+ // -+ // AlgorithmParameters params; -+ // -+ // try -+ // { -+ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); -+ // params.init(new IvParameterSpec(iv)); -+ // } -+ // catch (Exception e) -+ // { -+ // throw new RuntimeException(e.getMessage()); -+ // } -+ // -+ // return params; ++ // super(new CBCBlockCipher(new DESEngine())); + // } + // } + // END android-removed - static public class KeyFactory - extends BaseSecretKeyFactory -@@ -337,18 +357,28 @@ - public void configure(ConfigurableProvider provider) + /** + * PBEWithMD5AndDES +@@ -437,61 +449,75 @@ { - provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); -- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); -+ // BEGIN android-removed -+ // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); -+ // END android-removed - provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap"); -- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap"); -- provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); -+ // BEGIN android-changed -+ provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); -+ // END android-changed -+ // BEGIN android-removed -+ // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); -+ // END android-removed - - if (provider.hasAlgorithm("MessageDigest", "SHA-1")) - { - provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); -- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); -- provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); -+ // BEGIN android-removed -+ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); -+ // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); -+ // END android-removed - provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key"); -- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); -+ // BEGIN android-removed -+ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); -+ // END android-removed - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); -@@ -357,31 +387,37 @@ - } - provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); -- provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); -- provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); + provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); +- +- addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); +- +- provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); + // BEGIN android-removed -+ // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); -+ // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); ++ // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); ++ // ++ // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); ++ // ++ // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); + // END android-removed - provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory"); + provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator"); -- provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); -- provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); -- provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); -- -- provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); -- provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); + provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory"); + +- provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); +- provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); +- provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); - -- provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); -- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); +- provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); +- provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); - -- provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); -- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); +- provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); +- +- provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); +- provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); +- +- provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); +- provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); +- +- provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); +- provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); +- provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); +- provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); + // BEGIN android-removed -+ // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); -+ // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); ++ // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); ++ // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); + // -+ // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); ++ // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); + // -+ // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); ++ // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); + // -+ // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); -+ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); ++ // ++ // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); ++ // ++ // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); ++ // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); ++ // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); ++ // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); + // END android-removed - provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); -- provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); -- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); +- provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); +- +- provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); + // BEGIN android-removed -+ // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); -+ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); ++ // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); ++ // ++ // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); ++ // END android-removed + provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5"); + provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1"); + +- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); + +- provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); ++ // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory"); + +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); } - } - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java 2013-04-10 22:02:36.000000000 +0000 -@@ -78,6 +78,12 @@ - { - return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); - } -+ // BEGIN android-changed -+ else if (type == PBE.PBKDF2) -+ { -+ return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); -+ } -+ // END android-changed - else - { - return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2012-09-17 23:04:47.000000000 +0000 -@@ -7,13 +7,17 @@ +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DESede.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2013-05-25 02:14:15.000000000 +0000 +@@ -1,30 +1,42 @@ + package org.bouncycastle.jcajce.provider.symmetric; - import javax.crypto.spec.IvParameterSpec; - import javax.crypto.spec.PBEParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; +-import java.security.AlgorithmParameters; +-import java.security.InvalidAlgorithmParameterException; +// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; ++// import java.security.AlgorithmParameters; ++// import java.security.InvalidAlgorithmParameterException; ++// END android-removed + import java.security.SecureRandom; +-import java.security.spec.AlgorithmParameterSpec; ++// BEGIN android-removed ++// import java.security.spec.AlgorithmParameterSpec; ++// END android-removed + import java.security.spec.InvalidKeySpecException; + import java.security.spec.KeySpec; + + import javax.crypto.SecretKey; + import javax.crypto.spec.DESedeKeySpec; +-import javax.crypto.spec.IvParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.IvParameterSpec; +// END android-removed + import javax.crypto.spec.SecretKeySpec; - import org.bouncycastle.asn1.ASN1Encoding; - import org.bouncycastle.asn1.ASN1Primitive; - import org.bouncycastle.asn1.pkcs.PBKDF2Params; - import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; --import org.bouncycastle.asn1.pkcs.RC2CBCParameter; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.crypto.KeyGenerationParameters; + import org.bouncycastle.crypto.engines.DESedeEngine; + import org.bouncycastle.crypto.engines.DESedeWrapEngine; +-import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// BEGIN android-removed -+// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; ++// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; ++// END android-removed + import org.bouncycastle.crypto.generators.DESedeKeyGenerator; + import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +-import org.bouncycastle.crypto.macs.CMac; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; ++// import org.bouncycastle.crypto.macs.CMac; ++// END android-removed + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.crypto.paddings.ISO7816d4Padding; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// END android-removed - import org.bouncycastle.util.Arrays; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +@@ -57,17 +69,19 @@ + } + } - public abstract class BaseAlgorithmParameters -@@ -39,177 +43,179 @@ - protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException; +- /** +- * DESede CFB8 +- */ +- public static class DESedeCFB8 +- extends BaseMac +- { +- public DESedeCFB8() +- { +- super(new CFBBlockCipherMac(new DESedeEngine())); +- } +- } ++ // BEGIN android-removed ++ // /** ++ // * DESede CFB8 ++ // */ ++ // public static class DESedeCFB8 ++ // extends BaseMac ++ // { ++ // public DESedeCFB8() ++ // { ++ // super(new CFBBlockCipherMac(new DESedeEngine())); ++ // } ++ // } ++ // END android-removed -- public static class RC2AlgorithmParameters -- extends BaseAlgorithmParameters + /** + * DESede64 +@@ -102,15 +116,17 @@ + } + } + +- static public class CMAC +- extends BaseMac - { -- private static final short[] table = { -- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, -- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, -- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, -- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, -- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, -- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, -- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, -- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, -- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, -- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, -- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, -- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, -- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, -- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, -- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, -- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab -- }; -- -- private static final short[] ekb = { -- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, -- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, -- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, -- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, -- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, -- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, -- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, -- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, -- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, -- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, -- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, -- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, -- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, -- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, -- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, -- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd -- }; +- public CMAC() +- { +- super(new CMac(new DESedeEngine())); +- } +- } - -- private byte[] iv; -- private int parameterVersion = 58; ++ // BEGIN android-removed ++ // static public class CMAC ++ // extends BaseMac ++ // { ++ // public CMAC() ++ // { ++ // super(new CMac(new DESedeEngine())); ++ // } ++ // } ++ // END android-removed ++ + public static class Wrap + extends BaseWrapCipher + { +@@ -119,15 +135,17 @@ + super(new DESedeWrapEngine()); + } + } - -- protected byte[] engineGetEncoded() +- public static class RFC3211 +- extends BaseWrapCipher +- { +- public RFC3211() - { -- return Arrays.clone(iv); +- super(new RFC3211WrapEngine(new DESedeEngine()), 8); +- } +- } ++ ++ // BEGIN android-removed ++ // public static class RFC3211 ++ // extends BaseWrapCipher ++ // { ++ // public RFC3211() ++ // { ++ // super(new RFC3211WrapEngine(new DESedeEngine()), 8); ++ // } ++ // } ++ // END android-removed + + /** + * DESede - the default for this is to generate a key in +@@ -241,43 +259,45 @@ + } + } + +- public static class AlgParamGen +- extends BaseAlgorithmParameterGenerator +- { +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException +- { +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - } - -- protected byte[] engineGetEncoded( -- String format) -- throws IOException +- protected AlgorithmParameters engineGenerateParameters() - { -- if (this.isASN1FormatString(format)) -- { -- if (parameterVersion == -1) -- { -- return new RC2CBCParameter(engineGetEncoded()).getEncoded(); -- } -- else -- { -- return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); -- } -- } +- byte[] iv = new byte[8]; - -- if (format.equals("RAW")) +- if (random == null) - { -- return engineGetEncoded(); +- random = new SecureRandom(); - } - -- return null; -- } +- random.nextBytes(iv); - -- protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec == RC2ParameterSpec.class) -- { -- if (parameterVersion != -1) -- { -- if (parameterVersion < 256) -- { -- return new RC2ParameterSpec(ekb[parameterVersion], iv); -- } -- else -- { -- return new RC2ParameterSpec(parameterVersion, iv); -- } -- } -- } -- -- if (paramSpec == IvParameterSpec.class) -- { -- return new IvParameterSpec(iv); -- } -- -- throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); -- } -- -- protected void engineInit( -- AlgorithmParameterSpec paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec instanceof IvParameterSpec) -- { -- this.iv = ((IvParameterSpec)paramSpec).getIV(); -- } -- else if (paramSpec instanceof RC2ParameterSpec) -- { -- int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); -- if (effKeyBits != -1) -- { -- if (effKeyBits < 256) -- { -- parameterVersion = table[effKeyBits]; -- } -- else -- { -- parameterVersion = effKeyBits; -- } -- } -- -- this.iv = ((RC2ParameterSpec)paramSpec).getIV(); -- } -- else -- { -- throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); -- } -- } -- -- protected void engineInit( -- byte[] params) -- throws IOException -- { -- this.iv = Arrays.clone(params); -- } +- AlgorithmParameters params; - -- protected void engineInit( -- byte[] params, -- String format) -- throws IOException -- { -- if (this.isASN1FormatString(format)) +- try - { -- RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); -- -- if (p.getRC2ParameterVersion() != null) -- { -- parameterVersion = p.getRC2ParameterVersion().intValue(); -- } -- -- iv = p.getIV(); -- -- return; +- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); +- params.init(new IvParameterSpec(iv)); - } -- -- if (format.equals("RAW")) +- catch (Exception e) - { -- engineInit(params); -- return; +- throw new RuntimeException(e.getMessage()); - } - -- throw new IOException("Unknown parameters format in IV parameters object"); -- } -- -- protected String engineToString() -- { -- return "RC2 Parameters"; +- return params; - } - } + // BEGIN android-removed -+ // public static class RC2AlgorithmParameters -+ // extends BaseAlgorithmParameters ++ // public static class AlgParamGen ++ // extends BaseAlgorithmParameterGenerator + // { -+ // private static final short[] table = { -+ // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, -+ // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, -+ // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, -+ // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, -+ // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, -+ // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, -+ // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, -+ // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, -+ // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, -+ // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, -+ // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, -+ // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, -+ // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, -+ // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, -+ // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, -+ // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab -+ // }; -+ // -+ // private static final short[] ekb = { -+ // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, -+ // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, -+ // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, -+ // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, -+ // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, -+ // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, -+ // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, -+ // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, -+ // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, -+ // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, -+ // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, -+ // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, -+ // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, -+ // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, -+ // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, -+ // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd -+ // }; -+ // -+ // private byte[] iv; -+ // private int parameterVersion = 58; -+ // -+ // protected byte[] engineGetEncoded() -+ // { -+ // return Arrays.clone(iv); -+ // } -+ // -+ // protected byte[] engineGetEncoded( -+ // String format) -+ // throws IOException ++ // protected void engineInit( ++ // AlgorithmParameterSpec genParamSpec, ++ // SecureRandom random) ++ // throws InvalidAlgorithmParameterException + // { -+ // if (this.isASN1FormatString(format)) -+ // { -+ // if (parameterVersion == -1) -+ // { -+ // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); -+ // } -+ // else -+ // { -+ // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); -+ // } -+ // } -+ // -+ // if (format.equals("RAW")) -+ // { -+ // return engineGetEncoded(); -+ // } -+ // -+ // return null; ++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + // } + // -+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) -+ // throws InvalidParameterSpecException ++ // protected AlgorithmParameters engineGenerateParameters() + // { -+ // if (paramSpec == RC2ParameterSpec.class) -+ // { -+ // if (parameterVersion != -1) -+ // { -+ // if (parameterVersion < 256) -+ // { -+ // return new RC2ParameterSpec(ekb[parameterVersion], iv); -+ // } -+ // else -+ // { -+ // return new RC2ParameterSpec(parameterVersion, iv); -+ // } -+ // } -+ // } -+ // -+ // if (paramSpec == IvParameterSpec.class) -+ // { -+ // return new IvParameterSpec(iv); -+ // } -+ // -+ // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); -+ // } ++ // byte[] iv = new byte[8]; + // -+ // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec instanceof IvParameterSpec) ++ // if (random == null) + // { -+ // this.iv = ((IvParameterSpec)paramSpec).getIV(); ++ // random = new SecureRandom(); + // } -+ // else if (paramSpec instanceof RC2ParameterSpec) -+ // { -+ // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); -+ // if (effKeyBits != -1) -+ // { -+ // if (effKeyBits < 256) -+ // { -+ // parameterVersion = table[effKeyBits]; -+ // } -+ // else -+ // { -+ // parameterVersion = effKeyBits; -+ // } -+ // } + // -+ // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); -+ // } -+ // else -+ // { -+ // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); -+ // } -+ // } ++ // random.nextBytes(iv); + // -+ // protected void engineInit( -+ // byte[] params) -+ // throws IOException -+ // { -+ // this.iv = Arrays.clone(params); -+ // } ++ // AlgorithmParameters params; + // -+ // protected void engineInit( -+ // byte[] params, -+ // String format) -+ // throws IOException -+ // { -+ // if (this.isASN1FormatString(format)) ++ // try + // { -+ // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); -+ // -+ // if (p.getRC2ParameterVersion() != null) -+ // { -+ // parameterVersion = p.getRC2ParameterVersion().intValue(); -+ // } -+ // -+ // iv = p.getIV(); -+ // -+ // return; ++ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(new IvParameterSpec(iv)); + // } -+ // -+ // if (format.equals("RAW")) ++ // catch (Exception e) + // { -+ // engineInit(params); -+ // return; ++ // throw new RuntimeException(e.getMessage()); + // } + // -+ // throw new IOException("Unknown parameters format in IV parameters object"); -+ // } -+ // -+ // protected String engineToString() -+ // { -+ // return "RC2 Parameters"; ++ // return params; + // } + // } + // END android-removed - public static class PBKDF2 - extends BaseAlgorithmParameters -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-01-31 02:26:40.000000000 +0000 -@@ -17,8 +17,10 @@ - import javax.crypto.ShortBufferException; - import javax.crypto.spec.IvParameterSpec; - import javax.crypto.spec.PBEParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; --import javax.crypto.spec.RC5ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// import javax.crypto.spec.RC5ParameterSpec; -+// END android-removed + static public class KeyFactory + extends BaseSecretKeyFactory +@@ -361,25 +381,37 @@ + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); ++ // END android-removed + provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap"); +- provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap"); +- provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); ++ // BEGIN android-changed ++ provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); ++ // END android-changed ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); ++ // END android-removed - import org.bouncycastle.crypto.BufferedBlockCipher; - import org.bouncycastle.crypto.CipherParameters; -@@ -30,12 +32,18 @@ - import org.bouncycastle.crypto.modes.CCMBlockCipher; - import org.bouncycastle.crypto.modes.CFBBlockCipher; - import org.bouncycastle.crypto.modes.CTSBlockCipher; --import org.bouncycastle.crypto.modes.EAXBlockCipher; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.EAXBlockCipher; -+// END android-removed - import org.bouncycastle.crypto.modes.GCMBlockCipher; --import org.bouncycastle.crypto.modes.GOFBBlockCipher; + provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP"); + provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); + + if (provider.hasAlgorithm("MessageDigest", "SHA-1")) + { + provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); +- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); +- provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); ++ // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); ++ // END android-removed + provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key"); +- provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); ++ // END android-removed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); + provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); +@@ -388,31 +420,37 @@ + } + + provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); +- provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); +- provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); ++ // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); ++ // END android-removed + + provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory"); + +- provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); +- provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); +- +- provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); +- +- provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); +- +- provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); +- provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); ++ // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); ++ // ++ // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); ++ // ++ // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); ++ // ++ // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); ++ // END android-removed + + provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + +- provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); ++ // END android-removed + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory"); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/RC2.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/RC2.java 2013-05-25 02:14:15.000000000 +0000 +@@ -12,24 +12,34 @@ + + import org.bouncycastle.asn1.ASN1Primitive; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +-import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +-import org.bouncycastle.crypto.CipherKeyGenerator; +// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.GOFBBlockCipher; ++// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; ++// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed - import org.bouncycastle.crypto.modes.OFBBlockCipher; --import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; --import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; + import org.bouncycastle.crypto.engines.RC2Engine; +-import org.bouncycastle.crypto.engines.RC2WrapEngine; +-import org.bouncycastle.crypto.macs.CBCBlockCipherMac; +-import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// import org.bouncycastle.crypto.engines.RC2WrapEngine; ++// import org.bouncycastle.crypto.macs.CBCBlockCipherMac; ++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// END android-removed - import org.bouncycastle.crypto.modes.SICBlockCipher; - import org.bouncycastle.crypto.paddings.BlockCipherPadding; - import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -@@ -47,11 +55,17 @@ - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; - import org.bouncycastle.crypto.params.ParametersWithRandom; --import org.bouncycastle.crypto.params.ParametersWithSBox; + import org.bouncycastle.crypto.modes.CBCBlockCipher; + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +// BEGIN android-removed -+// import org.bouncycastle.crypto.params.ParametersWithSBox; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +// END android-removed - import org.bouncycastle.crypto.params.RC2Parameters; --import org.bouncycastle.crypto.params.RC5Parameters; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +// BEGIN android-removed -+// import org.bouncycastle.crypto.params.RC5Parameters; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; + import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider; --import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +-import org.bouncycastle.util.Arrays; +// BEGIN android-removed -+// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// import org.bouncycastle.util.Arrays; +// END android-removed - import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; - import org.bouncycastle.util.Strings; -@@ -64,11 +78,15 @@ - // - private Class[] availableSpecs = - { -- RC2ParameterSpec.class, -- RC5ParameterSpec.class, -+ // BEGIN android-removed -+ // RC2ParameterSpec.class, -+ // RC5ParameterSpec.class, -+ // END android-removed - IvParameterSpec.class, - PBEParameterSpec.class, -- GOST28147ParameterSpec.class -+ // BEGIN android-removed -+ // GOST28147ParameterSpec.class -+ // END android-removed - }; + public final class RC2 + { +@@ -37,59 +47,61 @@ + { + } - private org.bouncycastle.crypto.BlockCipher baseEngine; -@@ -223,20 +241,22 @@ - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } -- else if (modeName.startsWith("PGP")) +- /** +- * RC2 +- */ +- static public class ECB +- extends BaseBlockCipher +- { +- public ECB() - { -- boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); -- -- ivLength = baseEngine.getBlockSize(); -- cipher = new BufferedGenericBlockCipher( -- new PGPCFBBlockCipher(baseEngine, inlineIV)); +- super(new RC2Engine()); - } -- else if (modeName.equalsIgnoreCase("OpenPGPCFB")) +- } +- +- /** +- * RC2CBC +- */ +- static public class CBC +- extends BaseBlockCipher +- { +- public CBC() - { -- ivLength = 0; -- cipher = new BufferedGenericBlockCipher( -- new OpenPGPCFBBlockCipher(baseEngine)); +- super(new CBCBlockCipher(new RC2Engine()), 64); - } -+ // BEGIN android-removed -+ // else if (modeName.startsWith("PGP")) -+ // { -+ // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); -+ -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new BufferedGenericBlockCipher( -+ // new PGPCFBBlockCipher(baseEngine, inlineIV)); -+ // } -+ // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) -+ // { -+ // ivLength = 0; -+ // cipher = new BufferedGenericBlockCipher( -+ // new OpenPGPCFBBlockCipher(baseEngine)); -+ // } -+ // END android-removed - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); -@@ -253,12 +273,14 @@ - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } -- else if (modeName.startsWith("GOFB")) +- } +- +- public static class Wrap +- extends BaseWrapCipher +- { +- public Wrap() - { -- ivLength = baseEngine.getBlockSize(); -- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( -- new GOFBBlockCipher(baseEngine))); +- super(new RC2WrapEngine()); - } -+ // BEGIN android-removed -+ // else if (modeName.startsWith("GOFB")) -+ // { -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( -+ // new GOFBBlockCipher(baseEngine))); -+ // } -+ // END android-removed - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); -@@ -269,11 +291,13 @@ - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); - } -- else if (modeName.startsWith("EAX")) +- } +- +- /** +- * RC2 +- */ +- public static class CBCMAC +- extends BaseMac +- { +- public CBCMAC() - { -- ivLength = baseEngine.getBlockSize(); -- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); +- super(new CBCBlockCipherMac(new RC2Engine())); - } -+ // BEGIN android-removed -+ // else if (modeName.startsWith("EAX")) -+ // { -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); -+ // } -+ // END android-removed - else if (modeName.startsWith("GCM")) - { - ivLength = baseEngine.getBlockSize(); -@@ -442,63 +466,65 @@ - param = new KeyParameter(key.getEncoded()); - } - } -- else if (params instanceof GOST28147ParameterSpec) -- { -- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; -- -- param = new ParametersWithSBox( -- new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); +- } - -- if (gost28147Param.getIV() != null && ivLength != 0) -- { -- param = new ParametersWithIV(param, gost28147Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } -- } -- else if (params instanceof RC2ParameterSpec) +- public static class CFB8MAC +- extends BaseMac +- { +- public CFB8MAC() - { -- RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; -- -- param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); -- -- if (rc2Param.getIV() != null && ivLength != 0) -- { -- param = new ParametersWithIV(param, rc2Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } -- } -- else if (params instanceof RC5ParameterSpec) -- { -- RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; -- -- param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); -- if (baseEngine.getAlgorithmName().startsWith("RC5")) -- { -- if (baseEngine.getAlgorithmName().equals("RC5-32")) -- { -- if (rc5Param.getWordSize() != 32) -- { -- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); -- } -- } -- else if (baseEngine.getAlgorithmName().equals("RC5-64")) -- { -- if (rc5Param.getWordSize() != 64) -- { -- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); -- } -- } -- } -- else -- { -- throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); -- } -- if ((rc5Param.getIV() != null) && (ivLength != 0)) -- { -- param = new ParametersWithIV(param, rc5Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } -- } -+ // BEGIN android-removed -+ // else if (params instanceof GOST28147ParameterSpec) -+ // { -+ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; -+ // -+ // param = new ParametersWithSBox( -+ // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); -+ // -+ // if (gost28147Param.getIV() != null && ivLength != 0) -+ // { -+ // param = new ParametersWithIV(param, gost28147Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // else if (params instanceof RC2ParameterSpec) -+ // { -+ // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; -+ // -+ // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); -+ // -+ // if (rc2Param.getIV() != null && ivLength != 0) -+ // { -+ // param = new ParametersWithIV(param, rc2Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // else if (params instanceof RC5ParameterSpec) -+ // { -+ // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; -+ // -+ // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); -+ // if (baseEngine.getAlgorithmName().startsWith("RC5")) -+ // { -+ // if (baseEngine.getAlgorithmName().equals("RC5-32")) -+ // { -+ // if (rc5Param.getWordSize() != 32) -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); -+ // } -+ // } -+ // else if (baseEngine.getAlgorithmName().equals("RC5-64")) -+ // { -+ // if (rc5Param.getWordSize() != 64) -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); -+ // } -+ // } -+ // } -+ // else -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); -+ // } -+ // if ((rc5Param.getIV() != null) && (ivLength != 0)) -+ // { -+ // param = new ParametersWithIV(param, rc5Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // END android-removed - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2012-09-17 23:04:47.000000000 +0000 -@@ -11,25 +11,34 @@ - - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.Mac; --import org.bouncycastle.crypto.digests.MD2Digest; --import org.bouncycastle.crypto.digests.MD4Digest; --import org.bouncycastle.crypto.digests.MD5Digest; --import org.bouncycastle.crypto.digests.RIPEMD128Digest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; --import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; --import org.bouncycastle.crypto.digests.SHA384Digest; --import org.bouncycastle.crypto.digests.SHA512Digest; --import org.bouncycastle.crypto.digests.TigerDigest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// import org.bouncycastle.crypto.digests.MD4Digest; -+// import org.bouncycastle.crypto.digests.MD5Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// import org.bouncycastle.crypto.digests.SHA256Digest; -+// import org.bouncycastle.crypto.digests.SHA384Digest; -+// import org.bouncycastle.crypto.digests.SHA512Digest; -+// import org.bouncycastle.crypto.digests.TigerDigest; -+// END android-removed -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added - import org.bouncycastle.crypto.engines.DESEngine; - import org.bouncycastle.crypto.engines.RC2Engine; - import org.bouncycastle.crypto.macs.CBCBlockCipherMac; --import org.bouncycastle.crypto.macs.CFBBlockCipherMac; --import org.bouncycastle.crypto.macs.GOST28147Mac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -+// import org.bouncycastle.crypto.macs.GOST28147Mac; -+// END android-removed - import org.bouncycastle.crypto.macs.HMac; --import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; --import org.bouncycastle.crypto.macs.OldHMac; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -+// import org.bouncycastle.crypto.macs.OldHMac; -+// END android-removed - import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; -@@ -179,91 +188,93 @@ - } - } - -- /** -- * GOST28147 -- */ -- public static class GOST28147 -- extends BaseMac -- { -- public GOST28147() -- { -- super(new GOST28147Mac()); -- } -- } -- -- -- -- /** -- * DES -- */ -- public static class DESCFB8 -- extends BaseMac -- { -- public DESCFB8() -- { -- super(new CFBBlockCipherMac(new DESEngine())); -- } -- } -- -- /** -- * RC2CFB8 -- */ -- public static class RC2CFB8 -- extends BaseMac -- { -- public RC2CFB8() -- { -- super(new CFBBlockCipherMac(new RC2Engine())); -- } -- } -- -- /** -- * DES9797Alg3with7816-4Padding -- */ -- public static class DES9797Alg3with7816d4 -- extends BaseMac -- { -- public DES9797Alg3with7816d4() -- { -- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); -- } -- } -- -- /** -- * DES9797Alg3 -- */ -- public static class DES9797Alg3 -- extends BaseMac -- { -- public DES9797Alg3() -- { -- super(new ISO9797Alg3Mac(new DESEngine())); -- } -- } -- -- /** -- * MD2 HMac -- */ -- public static class MD2 -- extends BaseMac -- { -- public MD2() -- { -- super(new HMac(new MD2Digest())); -- } -- } -- -- /** -- * MD4 HMac -- */ -- public static class MD4 -- extends BaseMac -- { -- public MD4() -- { -- super(new HMac(new MD4Digest())); +- super(new CFBBlockCipherMac(new RC2Engine())); - } - } + // BEGIN android-removed + // /** -+ // * GOST28147 -+ // */ -+ // public static class GOST28147 -+ // extends BaseMac -+ // { -+ // public GOST28147() -+ // { -+ // super(new GOST28147Mac()); -+ // } -+ // } -+ // -+ // -+ // -+ // /** -+ // * DES ++ // * RC2 + // */ -+ // public static class DESCFB8 -+ // extends BaseMac ++ // static public class ECB ++ // extends BaseBlockCipher + // { -+ // public DESCFB8() ++ // public ECB() + // { -+ // super(new CFBBlockCipherMac(new DESEngine())); ++ // super(new RC2Engine()); + // } + // } + // + // /** -+ // * RC2CFB8 ++ // * RC2CBC + // */ -+ // public static class RC2CFB8 -+ // extends BaseMac ++ // static public class CBC ++ // extends BaseBlockCipher + // { -+ // public RC2CFB8() ++ // public CBC() + // { -+ // super(new CFBBlockCipherMac(new RC2Engine())); ++ // super(new CBCBlockCipher(new RC2Engine()), 64); + // } + // } + // -+ // /** -+ // * DES9797Alg3with7816-4Padding -+ // */ -+ // public static class DES9797Alg3with7816d4 -+ // extends BaseMac ++ // public static class Wrap ++ // extends BaseWrapCipher + // { -+ // public DES9797Alg3with7816d4() ++ // public Wrap() + // { -+ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); ++ // super(new RC2WrapEngine()); + // } + // } + // + // /** -+ // * DES9797Alg3 ++ // * RC2 + // */ -+ // public static class DES9797Alg3 ++ // public static class CBCMAC + // extends BaseMac + // { -+ // public DES9797Alg3() ++ // public CBCMAC() + // { -+ // super(new ISO9797Alg3Mac(new DESEngine())); ++ // super(new CBCBlockCipherMac(new RC2Engine())); + // } + // } + // -+ // /** -+ // * MD2 HMac -+ // */ -+ // public static class MD2 ++ // public static class CFB8MAC + // extends BaseMac + // { -+ // public MD2() ++ // public CFB8MAC() + // { -+ // super(new HMac(new MD2Digest())); -+ // } -+ // } -+ // -+ // /** -+ // * MD4 HMac -+ // */ -+ // public static class MD4 -+ // extends BaseMac -+ // { -+ // public MD4() -+ // { -+ // super(new HMac(new MD4Digest())); ++ // super(new CFBBlockCipherMac(new RC2Engine())); + // } + // } + // END android-removed /** - * MD5 HMac -@@ -273,7 +284,9 @@ - { - public MD5() - { -- super(new HMac(new MD5Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getMD5())); -+ // END android-changed - } - } - -@@ -285,21 +298,25 @@ - { - public SHA1() - { -- super(new HMac(new SHA1Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1())); -+ // END android-changed + * PBEWithSHA1AndRC2 +@@ -175,17 +187,19 @@ } } - /** -- * SHA-224 HMac +- * PBEWithMD2AndRC2 - */ -- public static class SHA224 -- extends BaseMac +- static public class PBEWithMD2KeyFactory +- extends PBESecretKeyFactory - { -- public SHA224() +- public PBEWithMD2KeyFactory() - { -- super(new HMac(new SHA224Digest())); +- super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); - } - } + // BEGIN android-removed + // /** -+ // * SHA-224 HMac ++ // * PBEWithMD2AndRC2 + // */ -+ // public static class SHA224 -+ // extends BaseMac ++ // static public class PBEWithMD2KeyFactory ++ // extends PBESecretKeyFactory + // { -+ // public SHA224() ++ // public PBEWithMD2KeyFactory() + // { -+ // super(new HMac(new SHA224Digest())); ++ // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed - - /** - * SHA-256 HMac -@@ -309,7 +326,7 @@ - { - public SHA256() - { -- super(new HMac(new SHA256Digest())); -+ super(new HMac(AndroidDigestFactory.getSHA256())); - } - } -@@ -321,18 +338,20 @@ - { - public SHA384() - { -- super(new HMac(new SHA384Digest())); -+ super(new HMac(AndroidDigestFactory.getSHA384())); - } - } + /** + * PBEWithMD5AndRC2 +@@ -199,247 +213,249 @@ + } + } -- public static class OldSHA384 -- extends BaseMac +- public static class AlgParamGen +- extends BaseAlgorithmParameterGenerator - { -- public OldSHA384() +- RC2ParameterSpec spec = null; +- +- protected void engineInit( +- AlgorithmParameterSpec genParamSpec, +- SecureRandom random) +- throws InvalidAlgorithmParameterException - { -- super(new OldHMac(new SHA384Digest())); -- } -- } -+ // BEGIN android-removed -+ // public static class OldSHA384 -+ // extends BaseMac -+ // { -+ // public OldSHA384() -+ // { -+ // super(new OldHMac(new SHA384Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * SHA-512 HMac -@@ -342,75 +361,77 @@ - { - public SHA512() - { -- super(new HMac(new SHA512Digest())); +- if (genParamSpec instanceof RC2ParameterSpec) +- { +- spec = (RC2ParameterSpec)genParamSpec; +- return; +- } +- +- throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); - } -- } - -- /** -- * SHA-512 HMac -- */ -- public static class OldSHA512 -- extends BaseMac -- { -- public OldSHA512() +- protected AlgorithmParameters engineGenerateParameters() - { -- super(new OldHMac(new SHA512Digest())); +- AlgorithmParameters params; +- +- if (spec == null) +- { +- byte[] iv = new byte[8]; +- +- if (random == null) +- { +- random = new SecureRandom(); +- } +- +- random.nextBytes(iv); +- +- try +- { +- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); +- params.init(new IvParameterSpec(iv)); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- } +- else +- { +- try +- { +- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); +- params.init(spec); +- } +- catch (Exception e) +- { +- throw new RuntimeException(e.getMessage()); +- } +- } +- +- return params; - } - } -- -- /** -- * RIPEMD128 HMac -- */ -- public static class RIPEMD128 -- extends BaseMac +- +- public static class KeyGenerator +- extends BaseKeyGenerator - { -- public RIPEMD128() +- public KeyGenerator() - { -- super(new HMac(new RIPEMD128Digest())); +- super("RC2", 128, new CipherKeyGenerator()); - } - } - -- /** -- * RIPEMD160 HMac -- */ -- public static class RIPEMD160 -- extends BaseMac +- public static class AlgParams +- extends BaseAlgorithmParameters - { -- public RIPEMD160() +- private static final short[] table = { +- 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, +- 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, +- 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, +- 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, +- 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, +- 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, +- 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, +- 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, +- 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, +- 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, +- 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, +- 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, +- 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, +- 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, +- 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, +- 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab +- }; +- +- private static final short[] ekb = { +- 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, +- 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, +- 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, +- 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, +- 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, +- 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, +- 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, +- 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, +- 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, +- 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, +- 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, +- 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, +- 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, +- 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, +- 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, +- 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd +- }; +- +- private byte[] iv; +- private int parameterVersion = 58; +- +- protected byte[] engineGetEncoded() - { -- super(new HMac(new RIPEMD160Digest())); +- return Arrays.clone(iv); - } -- } - -- /** -- * Tiger HMac -- */ -- public static class Tiger -- extends BaseMac -- { -- public Tiger() +- protected byte[] engineGetEncoded( +- String format) +- throws IOException - { -- super(new HMac(new TigerDigest())); -+ super(new HMac(AndroidDigestFactory.getSHA512())); - } - } - -+ // BEGIN android-removed -+ // /** -+ // * SHA-512 HMac -+ // */ -+ // public static class OldSHA512 -+ // extends BaseMac -+ // { -+ // public OldSHA512() -+ // { -+ // super(new OldHMac(new SHA512Digest())); -+ // } -+ // } -+ // -+ // /** -+ // * RIPEMD128 HMac -+ // */ -+ // public static class RIPEMD128 -+ // extends BaseMac -+ // { -+ // public RIPEMD128() -+ // { -+ // super(new HMac(new RIPEMD128Digest())); -+ // } -+ // } - // -- // PKCS12 states that the same algorithm should be used -- // for the key generation as is used in the HMAC, so that -- // is what we do here. -+ // /** -+ // * RIPEMD160 HMac -+ // */ -+ // public static class RIPEMD160 -+ // extends BaseMac -+ // { -+ // public RIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest())); -+ // } -+ // } - // +- if (this.isASN1FormatString(format)) +- { +- if (parameterVersion == -1) +- { +- return new RC2CBCParameter(engineGetEncoded()).getEncoded(); +- } +- else +- { +- return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); +- } +- } - -- /** -- * PBEWithHmacRIPEMD160 -- */ -- public static class PBEWithRIPEMD160 -- extends BaseMac -- { -- public PBEWithRIPEMD160() -- { -- super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); +- if (format.equals("RAW")) +- { +- return engineGetEncoded(); +- } +- +- return null; - } -- } -+ // /** -+ // * Tiger HMac -+ // */ -+ // public static class Tiger -+ // extends BaseMac -+ // { -+ // public Tiger() -+ // { -+ // super(new HMac(new TigerDigest())); -+ // } -+ // } -+ // -+ // // -+ // // PKCS12 states that the same algorithm should be used -+ // // for the key generation as is used in the HMAC, so that -+ // // is what we do here. -+ // // -+ // -+ // /** -+ // * PBEWithHmacRIPEMD160 -+ // */ -+ // public static class PBEWithRIPEMD160 -+ // extends BaseMac -+ // { -+ // public PBEWithRIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithHmacSHA -@@ -420,19 +441,23 @@ - { - public PBEWithSHA() - { -- super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); -+ // END android-changed - } - } - -- /** -- * PBEWithHmacTiger -- */ -- public static class PBEWithTiger -- extends BaseMac -- { -- public PBEWithTiger() +- +- protected AlgorithmParameterSpec localEngineGetParameterSpec( +- Class paramSpec) +- throws InvalidParameterSpecException - { -- super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); +- if (paramSpec == RC2ParameterSpec.class) +- { +- if (parameterVersion != -1) +- { +- if (parameterVersion < 256) +- { +- return new RC2ParameterSpec(ekb[parameterVersion], iv); +- } +- else +- { +- return new RC2ParameterSpec(parameterVersion, iv); +- } +- } +- } +- +- if (paramSpec == IvParameterSpec.class) +- { +- return new IvParameterSpec(iv); +- } +- +- throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); - } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacTiger -+ // */ -+ // public static class PBEWithTiger -+ // extends BaseMac -+ // { -+ // public PBEWithTiger() -+ // { -+ // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2012-09-17 23:04:47.000000000 +0000 -@@ -13,8 +13,10 @@ - import javax.crypto.ShortBufferException; - import javax.crypto.spec.IvParameterSpec; - import javax.crypto.spec.PBEParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; --import javax.crypto.spec.RC5ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// import javax.crypto.spec.RC5ParameterSpec; -+// END android-removed - - import org.bouncycastle.crypto.BlockCipher; - import org.bouncycastle.crypto.CipherParameters; -@@ -34,8 +36,10 @@ - // - private Class[] availableSpecs = - { -- RC2ParameterSpec.class, -- RC5ParameterSpec.class, -+ // BEGIN android-removed -+ // RC2ParameterSpec.class, -+ // RC5ParameterSpec.class, -+ // END android-removed - IvParameterSpec.class, - PBEParameterSpec.class - }; -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-01-31 02:26:40.000000000 +0000 -@@ -22,8 +22,10 @@ - import javax.crypto.ShortBufferException; - import javax.crypto.spec.IvParameterSpec; - import javax.crypto.spec.PBEParameterSpec; --import javax.crypto.spec.RC2ParameterSpec; --import javax.crypto.spec.RC5ParameterSpec; -+// BEGIN android-removed -+// import javax.crypto.spec.RC2ParameterSpec; -+// import javax.crypto.spec.RC5ParameterSpec; -+// END android-removed - import javax.crypto.spec.SecretKeySpec; - - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -@@ -45,8 +47,10 @@ - { - IvParameterSpec.class, - PBEParameterSpec.class, -- RC2ParameterSpec.class, -- RC5ParameterSpec.class -+ // BEGIN android-removed -+ // RC2ParameterSpec.class, -+ // RC5ParameterSpec.class -+ // END android-removed - }; - - protected int pbeType = PKCS12; -@@ -258,6 +262,8 @@ - return null; - } - -+ // BEGIN android-changed -+ // added ShortBufferException to throws statement - protected int engineDoFinal( - byte[] input, - int inputOffset, -@@ -268,6 +274,7 @@ - { - return 0; - } -+ // END android-changed - - protected byte[] engineWrap( - Key key) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-04-10 22:02:36.000000000 +0000 -@@ -7,13 +7,18 @@ - - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.PBEParametersGenerator; --import org.bouncycastle.crypto.digests.GOST3411Digest; --import org.bouncycastle.crypto.digests.MD2Digest; --import org.bouncycastle.crypto.digests.MD5Digest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; --import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; --import org.bouncycastle.crypto.digests.TigerDigest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.GOST3411Digest; -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// import org.bouncycastle.crypto.digests.MD5Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// import org.bouncycastle.crypto.digests.SHA256Digest; -+// import org.bouncycastle.crypto.digests.TigerDigest; -+// END android-removed -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added - import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; - import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; - import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -@@ -29,16 +34,23 @@ - // - static final int MD5 = 0; - static final int SHA1 = 1; -- static final int RIPEMD160 = 2; -- static final int TIGER = 3; -+ // BEGIN android-removed -+ // static final int RIPEMD160 = 2; -+ // static final int TIGER = 3; -+ // END android-removed - static final int SHA256 = 4; -- static final int MD2 = 5; -- static final int GOST3411 = 6; +- +- protected void engineInit( +- AlgorithmParameterSpec paramSpec) +- throws InvalidParameterSpecException +- { +- if (paramSpec instanceof IvParameterSpec) +- { +- this.iv = ((IvParameterSpec)paramSpec).getIV(); +- } +- else if (paramSpec instanceof RC2ParameterSpec) +- { +- int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); +- if (effKeyBits != -1) +- { +- if (effKeyBits < 256) +- { +- parameterVersion = table[effKeyBits]; +- } +- else +- { +- parameterVersion = effKeyBits; +- } +- } +- +- this.iv = ((RC2ParameterSpec)paramSpec).getIV(); +- } +- else +- { +- throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); +- } +- } +- +- protected void engineInit( +- byte[] params) +- throws IOException +- { +- this.iv = Arrays.clone(params); +- } +- +- protected void engineInit( +- byte[] params, +- String format) +- throws IOException +- { +- if (this.isASN1FormatString(format)) +- { +- RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); +- +- if (p.getRC2ParameterVersion() != null) +- { +- parameterVersion = p.getRC2ParameterVersion().intValue(); +- } +- +- iv = p.getIV(); +- +- return; +- } +- +- if (format.equals("RAW")) +- { +- engineInit(params); +- return; +- } +- +- throw new IOException("Unknown parameters format in IV parameters object"); +- } +- +- protected String engineToString() +- { +- return "RC2 Parameters"; +- } +- } + // BEGIN android-removed -+ // static final int MD2 = 5; -+ // static final int GOST3411 = 6; -+ // END android-removed - - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OPENSSL = 3; -+ // BEGIN android-added -+ static final int PBKDF2 = 4; -+ // END android-added - - /** - * uses the appropriate mixer to generate the key and IV if necessary. -@@ -55,20 +67,28 @@ - { - switch (hash) - { -- case MD2: -- generator = new PKCS5S1ParametersGenerator(new MD2Digest()); -- break; -+ // BEGIN android-removed -+ // case MD2: -+ // generator = new PKCS5S1ParametersGenerator(new MD2Digest()); -+ // break; -+ // END android-removed - case MD5: -- generator = new PKCS5S1ParametersGenerator(new MD5Digest()); -+ // BEGIN android-changed -+ generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5()); -+ // END android-changed - break; - case SHA1: -- generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); -+ // BEGIN android-changed -+ generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1()); -+ // END android-changed - break; - default: - throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); - } - } -- else if (type == PKCS5S2) -+ // BEGIN android-changed -+ else if ((type == PKCS5S2) || (type == PBKDF2)) -+ // END android-changed - { - generator = new PKCS5S2ParametersGenerator(); - } -@@ -76,27 +96,39 @@ - { - switch (hash) - { -- case MD2: -- generator = new PKCS12ParametersGenerator(new MD2Digest()); -- break; -+ // BEGIN android-removed -+ // case MD2: -+ // generator = new PKCS12ParametersGenerator(new MD2Digest()); -+ // break; -+ // END android-removed - case MD5: -- generator = new PKCS12ParametersGenerator(new MD5Digest()); -+ // BEGIN android-changed -+ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5()); -+ // END android-changed - break; - case SHA1: -- generator = new PKCS12ParametersGenerator(new SHA1Digest()); -- break; -- case RIPEMD160: -- generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); -- break; -- case TIGER: -- generator = new PKCS12ParametersGenerator(new TigerDigest()); -+ // BEGIN android-changed -+ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); -+ // END android-changed - break; -+ // BEGIN android-removed -+ // case RIPEMD160: -+ // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); -+ // break; -+ // case TIGER: -+ // generator = new PKCS12ParametersGenerator(new TigerDigest()); -+ // break; -+ // END android-removed - case SHA256: -- generator = new PKCS12ParametersGenerator(new SHA256Digest()); -- break; -- case GOST3411: -- generator = new PKCS12ParametersGenerator(new GOST3411Digest()); -+ // BEGIN android-changed -+ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256()); -+ // END android-changed - break; -+ // BEGIN android-removed -+ // case GOST3411: -+ // generator = new PKCS12ParametersGenerator(new GOST3411Digest()); -+ // break; -+ // END android-removed - default: - throw new IllegalStateException("unknown digest scheme for PBE encryption."); - } -@@ -223,6 +255,12 @@ - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } -+ // BEGIN android-changed -+ else if (type == PBKDF2) -+ { -+ key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); -+ } -+ // END android-changed - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); -@@ -266,8 +304,14 @@ - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } -+ // BEGIN android-changed -+ else if (type == PBKDF2) -+ { -+ key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); -+ } -+ // END android-changed - else -- { -+ { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } - -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-09-17 23:04:47.000000000 +0000 -@@ -10,19 +10,26 @@ - import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; - import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - import org.bouncycastle.crypto.Digest; --import org.bouncycastle.crypto.digests.MD5Digest; --import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; --import org.bouncycastle.crypto.digests.SHA384Digest; --import org.bouncycastle.crypto.digests.SHA512Digest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD5Digest; -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// import org.bouncycastle.crypto.digests.SHA256Digest; -+// import org.bouncycastle.crypto.digests.SHA384Digest; -+// import org.bouncycastle.crypto.digests.SHA512Digest; -+// END android-removed -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added - import org.bouncycastle.util.Strings; - - public class DigestFactory - { - private static Set md5 = new HashSet(); - private static Set sha1 = new HashSet(); -- private static Set sha224 = new HashSet(); -+ // BEGIN android-removed -+ // private static Set sha224 = new HashSet(); -+ // END android-removed - private static Set sha256 = new HashSet(); - private static Set sha384 = new HashSet(); - private static Set sha512 = new HashSet(); -@@ -38,9 +45,11 @@ - sha1.add("SHA-1"); - sha1.add(OIWObjectIdentifiers.idSHA1.getId()); - -- sha224.add("SHA224"); -- sha224.add("SHA-224"); -- sha224.add(NISTObjectIdentifiers.id_sha224.getId()); -+ // BEGIN android-removed -+ // sha224.add("SHA224"); -+ // sha224.add("SHA-224"); -+ // sha224.add(NISTObjectIdentifiers.id_sha224.getId()); -+ // END android-removed - - sha256.add("SHA256"); - sha256.add("SHA-256"); -@@ -61,9 +70,11 @@ - oids.put("SHA-1", OIWObjectIdentifiers.idSHA1); - oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1); - -- oids.put("SHA224", NISTObjectIdentifiers.id_sha224); -- oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); -- oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); -+ // BEGIN android-removed -+ // oids.put("SHA224", NISTObjectIdentifiers.id_sha224); -+ // oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); -+ // oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); -+ // END android-removed - - oids.put("SHA256", NISTObjectIdentifiers.id_sha256); - oids.put("SHA-256", NISTObjectIdentifiers.id_sha256); -@@ -85,27 +96,39 @@ - - if (sha1.contains(digestName)) - { -- return new SHA1Digest(); -+ // BEGIN android-changed -+ return AndroidDigestFactory.getSHA1(); -+ // END android-changed - } - if (md5.contains(digestName)) - { -- return new MD5Digest(); -- } -- if (sha224.contains(digestName)) -- { -- return new SHA224Digest(); -- } -+ // BEGIN android-changed -+ return AndroidDigestFactory.getMD5(); -+ // END android-changed -+ } -+ // BEGIN android-removed -+ // if (sha224.contains(digestName)) -+ // { -+ // return new SHA224Digest(); -+ // } -+ // END android-removed - if (sha256.contains(digestName)) - { -- return new SHA256Digest(); -+ // BEGIN android-changed -+ return AndroidDigestFactory.getSHA256(); -+ // END android-changed - } - if (sha384.contains(digestName)) - { -- return new SHA384Digest(); -+ // BEGIN android-changed -+ return AndroidDigestFactory.getSHA384(); -+ // END android-changed - } - if (sha512.contains(digestName)) - { -- return new SHA512Digest(); -+ // BEGIN android-changed -+ return AndroidDigestFactory.getSHA512(); -+ // END android-changed - } - - return null; -@@ -116,7 +139,9 @@ - String digest2) - { - return (sha1.contains(digest1) && sha1.contains(digest2)) -- || (sha224.contains(digest1) && sha224.contains(digest2)) -+ // BEGIN android-removed -+ // || (sha224.contains(digest1) && sha224.contains(digest2)) -+ // END android-removed - || (sha256.contains(digest1) && sha256.contains(digest2)) - || (sha384.contains(digest1) && sha384.contains(digest2)) - || (sha512.contains(digest1) && sha512.contains(digest2)) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk15on-148/org/bouncycastle/jce/ECNamedCurveTable.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/ECNamedCurveTable.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/ECNamedCurveTable.java 2012-09-17 23:04:47.000000000 +0000 -@@ -6,7 +6,9 @@ - import org.bouncycastle.asn1.ASN1ObjectIdentifier; - import org.bouncycastle.asn1.nist.NISTNamedCurves; - import org.bouncycastle.asn1.sec.SECNamedCurves; --import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -+// END android-removed - import org.bouncycastle.asn1.x9.X962NamedCurves; - import org.bouncycastle.asn1.x9.X9ECParameters; - import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -@@ -55,21 +57,23 @@ - } - } - -- if (ecP == null) -- { -- ecP = TeleTrusTNamedCurves.getByName(name); -- if (ecP == null) -- { -- try -- { -- ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); -- } -- catch (IllegalArgumentException e) -- { -- // ignore - not an oid -- } -- } -- } -+ // BEGIN android-removed -+ // if (ecP == null) -+ // { -+ // ecP = TeleTrusTNamedCurves.getByName(name); -+ // if (ecP == null) -+ // { -+ // try -+ // { -+ // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); -+ // } -+ // catch (IllegalArgumentException e) -+ // { -+ // // ignore - not an oid -+ // } -+ // } -+ // } -+ // END android-removed - - if (ecP == null) - { -@@ -102,7 +106,9 @@ - addEnumeration(v, X962NamedCurves.getNames()); - addEnumeration(v, SECNamedCurves.getNames()); - addEnumeration(v, NISTNamedCurves.getNames()); -- addEnumeration(v, TeleTrusTNamedCurves.getNames()); -+ // BEGIN android-removed -+ // addEnumeration(v, TeleTrusTNamedCurves.getNames()); -+ // END android-removed - - return v.elements(); - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-148/org/bouncycastle/jce/PKCS10CertificationRequest.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-01-31 02:26:40.000000000 +0000 -@@ -30,14 +30,18 @@ - import org.bouncycastle.asn1.DERBitString; - import org.bouncycastle.asn1.DERNull; - import org.bouncycastle.asn1.DERObjectIdentifier; --import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// END android-removed - import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; - import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; - import org.bouncycastle.asn1.pkcs.CertificationRequest; - import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; - import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; --import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -+// END android-removed - import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - import org.bouncycastle.asn1.x509.X509Name; -@@ -81,15 +85,20 @@ - - static - { -- algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); -- algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); -+ // BEGIN android-removed -+ // Dropping MD2 -+ // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); -+ // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); -+ // END android-removed - algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); -- algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); -- algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); -+ // BEGIN android-removed -+ // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); -+ // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); -+ // END android-removed - algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); -@@ -97,57 +106,78 @@ - algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); -- algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); -+ // BEGIN android-removed -+ // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); -+ // END android-removed - algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5")); -- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); -- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); -- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); -- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); -- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); -- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); -+ // BEGIN android-removed -+ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); -+ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); -+ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); -+ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); -+ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); -+ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); -+ // END android-removed - algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); -- algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); -+ // BEGIN android-removed -+ // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); -+ // END android-removed - algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); - algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); - algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); - algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); -- algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); -+ // BEGIN android-removed -+ // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); -+ // END android-removed - algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); -- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); -- algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); -- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -+ // BEGIN android-removed -+ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); -+ // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); -+ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -+ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -+ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -+ // END android-removed - - // - // reverse mappings - // - oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); -- oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); -+ // BEGIN android-removed -+ // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); -+ // END android-removed - oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); -- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); -- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); -+ // BEGIN android-removed -+ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); -+ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); -+ // END android-removed - - oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); -- oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); -+ // BEGIN android-removed -+ // Dropping MD2 -+ // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); -+ // END android-removed - oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); -- oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); -+ // BEGIN android-removed -+ // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); -+ // END android-removed - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); - oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); - oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); -- oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); -+ // BEGIN android-removed -+ // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); -+ // END android-removed - oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); - - // -@@ -161,27 +191,35 @@ - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); -- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); -+ // BEGIN android-removed -+ // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); -+ // END android-removed - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); - noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); -- noParams.add(NISTObjectIdentifiers.dsa_with_sha224); -+ // BEGIN android-removed -+ // noParams.add(NISTObjectIdentifiers.dsa_with_sha224); -+ // END android-removed - noParams.add(NISTObjectIdentifiers.dsa_with_sha256); - - // - // RFC 4491 - // -- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); -- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -+ // BEGIN android-removed -+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); -+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); -+ // END android-removed - // - // explicit params - // - AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); - params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); - -- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); -- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); -+ // BEGIN android-removed -+ // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); -+ // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); -+ // END android-removed - - AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); - params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); -@@ -600,10 +638,12 @@ - { - return "SHA1"; - } -- else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) -- { -- return "SHA224"; -- } -+ // BEGIN android-removed -+ // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) -+ // { -+ // return "SHA224"; -+ // } -+ // END android-removed - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; -@@ -616,22 +656,24 @@ - { - return "SHA512"; - } -- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) -- { -- return "RIPEMD128"; -- } -- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) -- { -- return "RIPEMD160"; -- } -- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) -- { -- return "RIPEMD256"; -- } -- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) -- { -- return "GOST3411"; -- } -+ // BEGIN android-removed -+ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) -+ // { -+ // return "RIPEMD128"; -+ // } -+ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) -+ // { -+ // return "RIPEMD160"; -+ // } -+ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) -+ // { -+ // return "RIPEMD256"; -+ // } -+ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) -+ // { -+ // return "GOST3411"; -+ // } -+ // END android-removed - else - { - return digestAlgOID.getId(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-04-10 22:02:36.000000000 +0000 -@@ -11,7 +11,9 @@ - - import org.bouncycastle.asn1.ASN1ObjectIdentifier; - import org.bouncycastle.asn1.bc.BCObjectIdentifiers; --import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// END android-removed - import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -@@ -49,7 +51,10 @@ - { - private static String info = "BouncyCastle Security Provider v1.48"; - -- public static String PROVIDER_NAME = "BC"; -+ // BEGIN android-changed -+ // this constant should be final -+ public static final String PROVIDER_NAME = "BC"; -+ // END android-changed - - public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); - -@@ -62,8 +67,13 @@ - private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; - private static final String[] SYMMETRIC_CIPHERS = - { -- "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", -- "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" -+ // BEGIN android-removed -+ // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", -+ // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" -+ // END android-removed -+ // BEGIN android-added -+ "AES", "ARC4", "Blowfish", "DES", "DESede", -+ // END android-added - }; - - /* -@@ -80,7 +90,12 @@ - - private static final String[] ASYMMETRIC_CIPHERS = - { -- "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" -+ // BEGIN android-removed -+ // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" -+ // END android-removed -+ // BEGIN android-added -+ "DSA", "DH", "EC", "RSA", -+ // END android-added - }; - - /* -@@ -89,7 +104,12 @@ - private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; - private static final String[] DIGESTS = - { -- "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Tiger", "Whirlpool" -+ // BEGIN android-removed -+ // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Tiger", "Whirlpool" -+ // END android-removed -+ // BEGIN android-added -+ "MD5", "SHA1", "SHA256", "SHA384", "SHA512", -+ // END android-added - }; - - /** -@@ -121,26 +141,28 @@ - - loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); - -- // -- // X509Store -- // -- put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); -- put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); -- put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); -- put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); -- -- put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); -- put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); -- put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); -- put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); -- -- // -- // X509StreamParser -- // -- put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); -- put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); -- put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); -- put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); -+ // BEGIN android-removed -+ // // -+ // // X509Store -+ // // -+ // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); -+ // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); -+ // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); -+ // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); -+ // -+ // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); -+ // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); -+ // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); -+ // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); -+ // -+ // // -+ // // X509StreamParser -+ // // -+ // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); -+ // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); -+ // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); -+ // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); -+ // END android-removed - - - // -@@ -149,14 +171,24 @@ - put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); - put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); - put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); -- put("KeyStore.BCPKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); -- put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -- -- put("KeyStore.PKCS12-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); -- put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); -- -- put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -- put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); -+ // BEGIN android-changed -+ put("Alg.Alias.KeyStore.BCPKCS12", "PKCS12"); -+ // END android-changed -+ // BEGIN android-removed -+ // put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -+ // END android-removed -+ -+ // BEGIN android-changed -+ put("Alg.Alias.KeyStore.PKCS12-3DES-40RC2", "PKCS12"); -+ // END android-changed -+ // BEGIN android-removed -+ // put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); -+ // END android-removed -+ -+ // BEGIN android-removed -+ // put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); -+ // put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); -+ // END android-removed - - put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); - put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); -@@ -165,29 +197,41 @@ - // - // algorithm parameters - // -- put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); -+ // BEGIN android-removed -+ // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); -+ // END android-removed - put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - -- put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); -+ // BEGIN android-removed -+ // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); -+ // END android-removed - - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); -- put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); -+ // BEGIN android-removed -+ // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); -+ // END android-removed - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); -@@ -218,12 +262,14 @@ - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); -- -- put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -- put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ -+ // BEGIN android-removed -+ // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); -+ // END android-removed - - // - // key agreement -@@ -235,14 +281,20 @@ - // - put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - -- put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); -- put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); -+ // BEGIN android-removed -+ // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); -+ // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); -+ // END android-removed - - put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); -- put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); -+ // BEGIN android-removed -+ // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); -+ // END android-removed - put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); - put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); -- put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); -+ // BEGIN android-removed -+ // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); -+ // END android-removed - put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - - put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); -@@ -284,10 +336,12 @@ - put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - - put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); -- put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); -- -- put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -- put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); -+ // -+ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -324,16 +378,20 @@ - // - // secret key factories. - // -- put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); -- -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); -+ // -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - -- put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); -+ // END android-removed - put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); - put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); - put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); -@@ -345,33 +403,41 @@ - put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); - put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); - put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); -- put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); -+ // END android-removed - put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); -- put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); -+ // END android-removed - - put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL"); - -- put("SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithGOST3411"); -- -- put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); -- -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); -- put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -- put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -- put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); -- -- put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); -- put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithGOST3411"); -+ // -+ // put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); -+ // -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); -+ // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -+ // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); -+ // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); -+ // -+ // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // BEGIN android-removed -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); -+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); -+ // END android-removed - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); -@@ -408,20 +474,32 @@ - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); -+ // BEGIN android-added -+ -+ put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1"); -+ put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); -+ // END android-added - - addMacAlgorithms(); - - // Certification Path API -- put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); -- put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); -- put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); -- put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); -+ // BEGIN android-removed -+ // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); -+ // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); -+ // END android-removed -+ // BEGIN android-changed -+ // Use Alg.Alias so RFC3280 doesn't show up when iterating provider services, only PKIX -+ put("Alg.Alias.CertPathValidator.RFC3280", "PKIX"); -+ put("Alg.Alias.CertPathBuilder.RFC3280", "PKIX"); -+ // END android-changed - put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); - put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); - put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); -- put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); -- put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); -- put("Alg.Alias.CertStore.X509LDAP", "LDAP"); -+ // BEGIN android-removed -+ // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); -+ // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); -+ // put("Alg.Alias.CertStore.X509LDAP", "LDAP"); -+ // END android-removed - } - - private void loadAlgorithms(String packageName, String[] names) -@@ -468,21 +546,25 @@ - private void addMacAlgorithms() - { - -- put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -- put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); -- -- put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -- put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); -- put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); -- put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); -- -- put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); -- -- put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); -+ // BEGIN android-removed -+ // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -+ // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); -+ // -+ // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); -+ // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); -+ // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); -+ // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); -+ // -+ // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); -+ // -+ // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); -+ // END android-removed - - put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); -- put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); -+ // BEGIN android-removed -+ // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); -+ // END android-removed - put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); - } - -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertBlacklist.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertBlacklist.java 2013-01-16 01:38:43.000000000 +0000 -@@ -0,0 +1,224 @@ -+/* -+ * Copyright (C) 2012 The Android Open Source Project -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+package org.bouncycastle.jce.provider; -+ -+import java.io.Closeable; -+import java.io.ByteArrayOutputStream; -+import java.io.FileNotFoundException; -+import java.io.IOException; -+import java.io.RandomAccessFile; -+import java.math.BigInteger; -+import java.security.PublicKey; -+import java.util.Arrays; -+import java.util.Collections; -+import java.util.HashSet; -+import java.util.Set; -+import java.util.logging.Level; -+import java.util.logging.Logger; -+import org.bouncycastle.crypto.Digest; -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+import org.bouncycastle.util.encoders.Hex; -+ -+public class CertBlacklist { -+ -+ private static final String ANDROID_DATA = System.getenv("ANDROID_DATA"); -+ private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/"; -+ public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt"; -+ public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt"; -+ -+ private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); -+ -+ // public for testing -+ public final Set serialBlacklist; -+ public final Set pubkeyBlacklist; -+ -+ public CertBlacklist() { -+ this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH); -+ } -+ -+ /** Test only interface, not for public use */ -+ public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { -+ serialBlacklist = readSerialBlackList(serialBlacklistPath); -+ pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); -+ } -+ -+ private static boolean isHex(String value) { -+ try { -+ new BigInteger(value, 16); -+ return true; -+ } catch (NumberFormatException e) { -+ logger.log(Level.WARNING, "Could not parse hex value " + value, e); -+ return false; -+ } -+ } -+ -+ private static boolean isPubkeyHash(String value) { -+ if (value.length() != 40) { -+ logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length()); -+ return false; -+ } -+ return isHex(value); -+ } -+ -+ private static String readBlacklist(String path) { -+ try { -+ return readFileAsString(path); -+ } catch (FileNotFoundException ignored) { -+ } catch (IOException e) { -+ logger.log(Level.WARNING, "Could not read blacklist", e); -+ } -+ return ""; -+ } -+ -+ // From IoUtils.readFileAsString -+ private static String readFileAsString(String path) throws IOException { -+ return readFileAsBytes(path).toString("UTF-8"); -+ } -+ -+ // Based on IoUtils.readFileAsBytes -+ private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException { -+ RandomAccessFile f = null; -+ try { -+ f = new RandomAccessFile(path, "r"); -+ ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length()); -+ byte[] buffer = new byte[8192]; -+ while (true) { -+ int byteCount = f.read(buffer); -+ if (byteCount == -1) { -+ return bytes; -+ } -+ bytes.write(buffer, 0, byteCount); -+ } -+ } finally { -+ closeQuietly(f); -+ } -+ } -+ -+ // Base on IoUtils.closeQuietly -+ private static void closeQuietly(Closeable closeable) { -+ if (closeable != null) { -+ try { -+ closeable.close(); -+ } catch (RuntimeException rethrown) { -+ throw rethrown; -+ } catch (Exception ignored) { -+ } -+ } -+ } -+ -+ private static final Set readSerialBlackList(String path) { -+ -+ // start out with a base set of known bad values -+ Set bl = new HashSet(Arrays.asList( -+ // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup -+ // Not a real certificate. For testing only. -+ new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16), -+ new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16), -+ new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16), -+ new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16), -+ new BigInteger("9239d5348f40d1695a745470e1f23f43", 16), -+ new BigInteger("e9028b9578e415dc1a710a2b88154447", 16), -+ new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16), -+ new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16), -+ new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16), -+ new BigInteger("3e75ced46b693021218830ae86a82a71", 16), -+ new BigInteger("864", 16), -+ new BigInteger("827", 16) -+ )); -+ -+ // attempt to augment it with values taken from gservices -+ String serialBlacklist = readBlacklist(path); -+ if (!serialBlacklist.equals("")) { -+ for(String value : serialBlacklist.split(",")) { -+ try { -+ bl.add(new BigInteger(value, 16)); -+ } catch (NumberFormatException e) { -+ logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e); -+ } -+ } -+ } -+ -+ // whether that succeeds or fails, send it on its merry way -+ return Collections.unmodifiableSet(bl); -+ } -+ -+ private static final Set readPublicKeyBlackList(String path) { -+ -+ // start out with a base set of known bad values -+ Set bl = new HashSet(Arrays.asList( -+ // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750 -+ // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl -+ "410f36363258f30b347d12ce4863e433437806a8".getBytes(), -+ // Subject: CN=DigiNotar Cyber CA -+ // Issuer: CN=GTE CyberTrust Global Root -+ "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(), -+ // Subject: CN=DigiNotar Services 1024 CA -+ // Issuer: CN=Entrust.net -+ "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(), -+ // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 -+ // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 -+ "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(), -+ // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven -+ // Issuer: CN=Staat der Nederlanden Overheid CA -+ "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(), -+ // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479 -+ // Subject: O=Digicert Sdn. Bhd. -+ // Issuer: CN=GTE CyberTrust Global Root -+ "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(), -+ // Subject: CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org -+ // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri -+ "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(), -+ // Subject: CN=*.EGO.GOV.TR 93 -+ // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri -+ "783333c9687df63377efceddd82efa9101913e8e".getBytes() -+ )); -+ -+ // attempt to augment it with values taken from gservices -+ String pubkeyBlacklist = readBlacklist(path); -+ if (!pubkeyBlacklist.equals("")) { -+ for (String value : pubkeyBlacklist.split(",")) { -+ value = value.trim(); -+ if (isPubkeyHash(value)) { -+ bl.add(value.getBytes()); -+ } else { -+ logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value); -+ } -+ } -+ } -+ -+ return bl; -+ } -+ -+ public boolean isPublicKeyBlackListed(PublicKey publicKey) { -+ byte[] encoded = publicKey.getEncoded(); -+ Digest digest = AndroidDigestFactory.getSHA1(); -+ digest.update(encoded, 0, encoded.length); -+ byte[] out = new byte[digest.getDigestSize()]; -+ digest.doFinal(out, 0); -+ for (byte[] blacklisted : pubkeyBlacklist) { -+ if (Arrays.equals(blacklisted, Hex.encode(out))) { -+ return true; -+ } -+ } -+ return false; -+ } -+ -+ public boolean isSerialNumberBlackListed(BigInteger serial) { -+ return serialBlacklist.contains(serial); -+ } -+ -+} -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-01-31 02:26:40.000000000 +0000 -@@ -61,14 +61,18 @@ - import org.bouncycastle.asn1.x509.PolicyInformation; - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - import org.bouncycastle.asn1.x509.X509Extension; --import org.bouncycastle.jce.X509LDAPCertStoreParameters; ++ // public static class AlgParamGen ++ // extends BaseAlgorithmParameterGenerator ++ // { ++ // RC2ParameterSpec spec = null; ++ // ++ // protected void engineInit( ++ // AlgorithmParameterSpec genParamSpec, ++ // SecureRandom random) ++ // throws InvalidAlgorithmParameterException ++ // { ++ // if (genParamSpec instanceof RC2ParameterSpec) ++ // { ++ // spec = (RC2ParameterSpec)genParamSpec; ++ // return; ++ // } ++ // ++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); ++ // } ++ // ++ // protected AlgorithmParameters engineGenerateParameters() ++ // { ++ // AlgorithmParameters params; ++ // ++ // if (spec == null) ++ // { ++ // byte[] iv = new byte[8]; ++ // ++ // if (random == null) ++ // { ++ // random = new SecureRandom(); ++ // } ++ // ++ // random.nextBytes(iv); ++ // ++ // try ++ // { ++ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(new IvParameterSpec(iv)); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new RuntimeException(e.getMessage()); ++ // } ++ // } ++ // else ++ // { ++ // try ++ // { ++ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); ++ // params.init(spec); ++ // } ++ // catch (Exception e) ++ // { ++ // throw new RuntimeException(e.getMessage()); ++ // } ++ // } ++ // ++ // return params; ++ // } ++ // } ++ // ++ // public static class KeyGenerator ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGenerator() ++ // { ++ // super("RC2", 128, new CipherKeyGenerator()); ++ // } ++ // } ++ // ++ // public static class AlgParams ++ // extends BaseAlgorithmParameters ++ // { ++ // private static final short[] table = { ++ // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, ++ // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, ++ // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, ++ // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, ++ // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, ++ // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, ++ // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, ++ // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, ++ // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, ++ // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, ++ // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, ++ // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, ++ // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, ++ // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, ++ // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, ++ // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab ++ // }; ++ // ++ // private static final short[] ekb = { ++ // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, ++ // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, ++ // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, ++ // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, ++ // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, ++ // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, ++ // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, ++ // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, ++ // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, ++ // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, ++ // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, ++ // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, ++ // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, ++ // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, ++ // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, ++ // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd ++ // }; ++ // ++ // private byte[] iv; ++ // private int parameterVersion = 58; ++ // ++ // protected byte[] engineGetEncoded() ++ // { ++ // return Arrays.clone(iv); ++ // } ++ // ++ // protected byte[] engineGetEncoded( ++ // String format) ++ // throws IOException ++ // { ++ // if (this.isASN1FormatString(format)) ++ // { ++ // if (parameterVersion == -1) ++ // { ++ // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); ++ // } ++ // else ++ // { ++ // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); ++ // } ++ // } ++ // ++ // if (format.equals("RAW")) ++ // { ++ // return engineGetEncoded(); ++ // } ++ // ++ // return null; ++ // } ++ // ++ // protected AlgorithmParameterSpec localEngineGetParameterSpec( ++ // Class paramSpec) ++ // throws InvalidParameterSpecException ++ // { ++ // if (paramSpec == RC2ParameterSpec.class) ++ // { ++ // if (parameterVersion != -1) ++ // { ++ // if (parameterVersion < 256) ++ // { ++ // return new RC2ParameterSpec(ekb[parameterVersion], iv); ++ // } ++ // else ++ // { ++ // return new RC2ParameterSpec(parameterVersion, iv); ++ // } ++ // } ++ // } ++ // ++ // if (paramSpec == IvParameterSpec.class) ++ // { ++ // return new IvParameterSpec(iv); ++ // } ++ // ++ // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); ++ // } ++ // ++ // protected void engineInit( ++ // AlgorithmParameterSpec paramSpec) ++ // throws InvalidParameterSpecException ++ // { ++ // if (paramSpec instanceof IvParameterSpec) ++ // { ++ // this.iv = ((IvParameterSpec)paramSpec).getIV(); ++ // } ++ // else if (paramSpec instanceof RC2ParameterSpec) ++ // { ++ // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); ++ // if (effKeyBits != -1) ++ // { ++ // if (effKeyBits < 256) ++ // { ++ // parameterVersion = table[effKeyBits]; ++ // } ++ // else ++ // { ++ // parameterVersion = effKeyBits; ++ // } ++ // } ++ // ++ // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); ++ // } ++ // else ++ // { ++ // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); ++ // } ++ // } ++ // ++ // protected void engineInit( ++ // byte[] params) ++ // throws IOException ++ // { ++ // this.iv = Arrays.clone(params); ++ // } ++ // ++ // protected void engineInit( ++ // byte[] params, ++ // String format) ++ // throws IOException ++ // { ++ // if (this.isASN1FormatString(format)) ++ // { ++ // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); ++ // ++ // if (p.getRC2ParameterVersion() != null) ++ // { ++ // parameterVersion = p.getRC2ParameterVersion().intValue(); ++ // } ++ // ++ // iv = p.getIV(); ++ // ++ // return; ++ // } ++ // ++ // if (format.equals("RAW")) ++ // { ++ // engineInit(params); ++ // return; ++ // } ++ // ++ // throw new IOException("Unknown parameters format in IV parameters object"); ++ // } ++ // ++ // protected String engineToString() ++ // { ++ // return "RC2 Parameters"; ++ // } ++ // } ++ // END android-removed + + public static class Mappings + extends AlgorithmProvider +@@ -453,32 +469,36 @@ + public void configure(ConfigurableProvider provider) + { + +- provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); +- provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); +- +- provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); +- provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); +- +- provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); +- provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); +- +- provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); +- provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); +- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); +- provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); +- +- provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); +- provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); +- provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); +- provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); +- +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); ++ // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); ++ // ++ // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); ++ // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); ++ // ++ // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); ++ // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); ++ // ++ // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); ++ // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); ++ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); ++ // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); ++ // ++ // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); ++ // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); ++ // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); ++ // ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); + +- provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + +@@ -486,14 +506,18 @@ + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); + provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); + +- provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); ++ // END android-removed + provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory"); + + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); + +- provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); + +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java 2013-05-25 02:14:15.000000000 +0000 +@@ -6,16 +6,18 @@ + abstract class SymmetricAlgorithmProvider + extends AlgorithmProvider + { +- protected void addGMacAlgorithm( +- ConfigurableProvider provider, +- String algorithm, +- String algorithmClassName, +- String keyGeneratorClassName) +- { +- provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); +- provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); +- +- provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); +- provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); +- } ++ // BEGIN android-removed ++ // protected void addGMacAlgorithm( ++ // ConfigurableProvider provider, ++ // String algorithm, ++ // String algorithmClassName, ++ // String keyGeneratorClassName) ++ // { ++ // provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); ++ // provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); ++ // ++ // provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); ++ // provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); ++ // } ++ // END android-removed + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Twofish.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Twofish.java 2013-05-25 02:14:15.000000000 +0000 +@@ -1,17 +1,25 @@ + package org.bouncycastle.jcajce.provider.symmetric; + +-import org.bouncycastle.crypto.BlockCipher; +-import org.bouncycastle.crypto.CipherKeyGenerator; +// BEGIN android-removed -+// import org.bouncycastle.jce.X509LDAPCertStoreParameters; ++// import org.bouncycastle.crypto.BlockCipher; ++// import org.bouncycastle.crypto.CipherKeyGenerator; +// END android-removed - import org.bouncycastle.jce.exception.ExtCertPathValidatorException; - import org.bouncycastle.util.Integers; - import org.bouncycastle.util.Selector; - import org.bouncycastle.util.StoreException; - import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; - import org.bouncycastle.x509.ExtendedPKIXParameters; --import org.bouncycastle.x509.X509AttributeCertStoreSelector; + import org.bouncycastle.crypto.engines.TwofishEngine; +-import org.bouncycastle.crypto.macs.GMac; +// BEGIN android-removed -+// import org.bouncycastle.x509.X509AttributeCertStoreSelector; ++// import org.bouncycastle.crypto.macs.GMac; +// END android-removed - import org.bouncycastle.x509.X509AttributeCertificate; - import org.bouncycastle.x509.X509CRLStoreSelector; - import org.bouncycastle.x509.X509CertStoreSelector; -@@ -656,38 +660,40 @@ + import org.bouncycastle.crypto.modes.CBCBlockCipher; +-import org.bouncycastle.crypto.modes.GCMBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.GCMBlockCipher; ++// END android-removed + import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; + import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +-import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; +-import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; ++// BEGIN android-removed ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; ++// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; ++// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; ++// END android-removed + import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; + + public final class Twofish +@@ -20,38 +28,40 @@ + { + } + +- public static class ECB +- extends BaseBlockCipher +- { +- public ECB() +- { +- super(new BlockCipherProvider() +- { +- public BlockCipher get() +- { +- return new TwofishEngine(); +- } +- }); +- } +- } +- +- public static class KeyGen +- extends BaseKeyGenerator +- { +- public KeyGen() +- { +- super("Twofish", 256, new CipherKeyGenerator()); +- } +- } +- +- public static class GMAC +- extends BaseMac +- { +- public GMAC() +- { +- super(new GMac(new GCMBlockCipher(new TwofishEngine()))); +- } +- } ++ // BEGIN android-removed ++ // public static class ECB ++ // extends BaseBlockCipher ++ // { ++ // public ECB() ++ // { ++ // super(new BlockCipherProvider() ++ // { ++ // public BlockCipher get() ++ // { ++ // return new TwofishEngine(); ++ // } ++ // }); ++ // } ++ // } ++ // ++ // public static class KeyGen ++ // extends BaseKeyGenerator ++ // { ++ // public KeyGen() ++ // { ++ // super("Twofish", 256, new CipherKeyGenerator()); ++ // } ++ // } ++ // ++ // public static class GMAC ++ // extends BaseMac ++ // { ++ // public GMAC() ++ // { ++ // super(new GMac(new GCMBlockCipher(new TwofishEngine()))); ++ // } ++ // } ++ // END android-removed + + /** + * PBEWithSHAAndTwofish-CBC +@@ -77,14 +87,16 @@ + } + } + +- public static class AlgParams +- extends IvAlgorithmParameters +- { +- protected String engineToString() +- { +- return "Twofish IV"; +- } +- } ++ // BEGIN android-removed ++ // public static class AlgParams ++ // extends IvAlgorithmParameters ++ // { ++ // protected String engineToString() ++ // { ++ // return "Twofish IV"; ++ // } ++ // } ++ // END android-removed + + public static class Mappings + extends SymmetricAlgorithmProvider +@@ -97,16 +109,20 @@ + + public void configure(ConfigurableProvider provider) + { +- provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); +- provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); +- provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); ++ // BEGIN android-removed ++ // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); ++ // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); ++ // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); ++ // END android-removed + + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHA"); + provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory"); + +- addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); ++ // BEGIN android-removed ++ // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); ++ // END android-removed + } + } + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-05-25 02:14:15.000000000 +0000 +@@ -17,8 +17,10 @@ + import javax.crypto.ShortBufferException; + import javax.crypto.spec.IvParameterSpec; + import javax.crypto.spec.PBEParameterSpec; +-import javax.crypto.spec.RC2ParameterSpec; +-import javax.crypto.spec.RC5ParameterSpec; ++// BEGIN android-removed ++// import javax.crypto.spec.RC2ParameterSpec; ++// import javax.crypto.spec.RC5ParameterSpec; ++// END android-removed + + import org.bouncycastle.crypto.BlockCipher; + import org.bouncycastle.crypto.BufferedBlockCipher; +@@ -31,13 +33,19 @@ + import org.bouncycastle.crypto.modes.CCMBlockCipher; + import org.bouncycastle.crypto.modes.CFBBlockCipher; + import org.bouncycastle.crypto.modes.CTSBlockCipher; +-import org.bouncycastle.crypto.modes.EAXBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.EAXBlockCipher; ++// END android-removed + import org.bouncycastle.crypto.modes.GCMBlockCipher; +-import org.bouncycastle.crypto.modes.GOFBBlockCipher; +-import org.bouncycastle.crypto.modes.OCBBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.GOFBBlockCipher; ++// import org.bouncycastle.crypto.modes.OCBBlockCipher; ++// END android-removed + import org.bouncycastle.crypto.modes.OFBBlockCipher; +-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; +-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; ++// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// END android-removed + import org.bouncycastle.crypto.modes.SICBlockCipher; + import org.bouncycastle.crypto.paddings.BlockCipherPadding; + import org.bouncycastle.crypto.paddings.ISO10126d2Padding; +@@ -49,11 +57,17 @@ + import org.bouncycastle.crypto.params.KeyParameter; + import org.bouncycastle.crypto.params.ParametersWithIV; + import org.bouncycastle.crypto.params.ParametersWithRandom; +-import org.bouncycastle.crypto.params.ParametersWithSBox; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.ParametersWithSBox; ++// END android-removed + import org.bouncycastle.crypto.params.RC2Parameters; +-import org.bouncycastle.crypto.params.RC5Parameters; ++// BEGIN android-removed ++// import org.bouncycastle.crypto.params.RC5Parameters; ++// END android-removed + import org.bouncycastle.jce.provider.BouncyCastleProvider; +-import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// BEGIN android-removed ++// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// END android-removed + import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; + import org.bouncycastle.util.Strings; + +@@ -66,11 +80,15 @@ + // + private Class[] availableSpecs = + { +- RC2ParameterSpec.class, +- RC5ParameterSpec.class, ++ // BEGIN android-removed ++ // RC2ParameterSpec.class, ++ // RC5ParameterSpec.class, ++ // END android-removed + IvParameterSpec.class, + PBEParameterSpec.class, +- GOST28147ParameterSpec.class ++ // BEGIN android-removed ++ // GOST28147ParameterSpec.class ++ // END android-removed + }; + + private BlockCipher baseEngine; +@@ -235,20 +253,22 @@ + new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); + } + } +- else if (modeName.startsWith("PGP")) +- { +- boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); +- +- ivLength = baseEngine.getBlockSize(); +- cipher = new BufferedGenericBlockCipher( +- new PGPCFBBlockCipher(baseEngine, inlineIV)); +- } +- else if (modeName.equalsIgnoreCase("OpenPGPCFB")) +- { +- ivLength = 0; +- cipher = new BufferedGenericBlockCipher( +- new OpenPGPCFBBlockCipher(baseEngine)); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("PGP")) ++ // { ++ // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); ++ ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new BufferedGenericBlockCipher( ++ // new PGPCFBBlockCipher(baseEngine, inlineIV)); ++ // } ++ // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) ++ // { ++ // ivLength = 0; ++ // cipher = new BufferedGenericBlockCipher( ++ // new OpenPGPCFBBlockCipher(baseEngine)); ++ // } ++ // END android-removed + else if (modeName.startsWith("SIC")) { - try - { -- if (location.startsWith("ldap://")) -- { -- // ldap://directory.d-trust.net/CN=D-TRUST -- // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE -- // skip "ldap://" -- location = location.substring(7); -- // after first / baseDN starts -- String base = null; -- String url = null; -- if (location.indexOf("/") != -1) -- { -- base = location.substring(location.indexOf("/")); -- // URL -- url = "ldap://" -- + location.substring(0, location.indexOf("/")); -- } -- else -- { -- url = "ldap://" + location; -- } -- // use all purpose parameters -- X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder( -- url, base).build(); -- pkixParams.addAdditionalStore(X509Store.getInstance( -- "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -- pkixParams.addAdditionalStore(X509Store.getInstance( -- "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -- pkixParams.addAdditionalStore(X509Store.getInstance( -- "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -- pkixParams.addAdditionalStore(X509Store.getInstance( -- "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -- } -+ // BEGIN android-removed -+ // if (location.startsWith("ldap://")) -+ // { -+ // // ldap://directory.d-trust.net/CN=D-TRUST -+ // // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE -+ // // skip "ldap://" -+ // location = location.substring(7); -+ // // after first / baseDN starts -+ // String base = null; -+ // String url = null; -+ // if (location.indexOf("/") != -1) -+ // { -+ // base = location.substring(location.indexOf("/")); -+ // // URL -+ // url = "ldap://" -+ // + location.substring(0, location.indexOf("/")); -+ // } -+ // else -+ // { -+ // url = "ldap://" + location; -+ // } -+ // // use all purpose parameters -+ // X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder( -+ // url, base).build(); -+ // pkixParams.addAdditionalStore(X509Store.getInstance( -+ // "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -+ // pkixParams.addAdditionalStore(X509Store.getInstance( -+ // "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -+ // pkixParams.addAdditionalStore(X509Store.getInstance( -+ // "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -+ // pkixParams.addAdditionalStore(X509Store.getInstance( -+ // "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); -+ // } -+ // END android-removed + ivLength = baseEngine.getBlockSize(); +@@ -265,12 +285,14 @@ + cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + new SICBlockCipher(baseEngine))); + } +- else if (modeName.startsWith("GOFB")) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( +- new GOFBBlockCipher(baseEngine))); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("GOFB")) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( ++ // new GOFBBlockCipher(baseEngine))); ++ // } ++ // END android-removed + else if (modeName.startsWith("CTS")) + { + ivLength = baseEngine.getBlockSize(); +@@ -281,23 +303,25 @@ + ivLength = baseEngine.getBlockSize(); + cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); + } +- else if (modeName.startsWith("OCB")) +- { +- if (engineProvider != null) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); +- } +- else +- { +- throw new NoSuchAlgorithmException("can't support mode " + mode); +- } +- } +- else if (modeName.startsWith("EAX")) +- { +- ivLength = baseEngine.getBlockSize(); +- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); +- } ++ // BEGIN android-removed ++ // else if (modeName.startsWith("OCB")) ++ // { ++ // if (engineProvider != null) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); ++ // } ++ // else ++ // { ++ // throw new NoSuchAlgorithmException("can't support mode " + mode); ++ // } ++ // } ++ // else if (modeName.startsWith("EAX")) ++ // { ++ // ivLength = baseEngine.getBlockSize(); ++ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); ++ // } ++ // END android-removed + else if (modeName.startsWith("GCM")) + { + ivLength = baseEngine.getBlockSize(); +@@ -471,63 +495,65 @@ + param = new KeyParameter(key.getEncoded()); } - catch (Exception e) - { -@@ -752,33 +758,35 @@ - return certs; - } - -- protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, -- List certStores) -- throws AnnotatedException -- { -- Set certs = new HashSet(); -- Iterator iter = certStores.iterator(); + } +- else if (params instanceof GOST28147ParameterSpec) +- { +- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - -- while (iter.hasNext()) +- param = new ParametersWithSBox( +- new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); +- +- if (gost28147Param.getIV() != null && ivLength != 0) +- { +- param = new ParametersWithIV(param, gost28147Param.getIV()); +- ivParam = (ParametersWithIV)param; +- } +- } +- else if (params instanceof RC2ParameterSpec) - { -- Object obj = iter.next(); +- RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - -- if (obj instanceof X509Store) +- param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); +- +- if (rc2Param.getIV() != null && ivLength != 0) - { -- X509Store certStore = (X509Store)obj; -- try +- param = new ParametersWithIV(param, rc2Param.getIV()); +- ivParam = (ParametersWithIV)param; +- } +- } +- else if (params instanceof RC5ParameterSpec) +- { +- RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; +- +- param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); +- if (baseEngine.getAlgorithmName().startsWith("RC5")) +- { +- if (baseEngine.getAlgorithmName().equals("RC5-32")) - { -- certs.addAll(certStore.getMatches(certSelect)); +- if (rc5Param.getWordSize() != 32) +- { +- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); +- } - } -- catch (StoreException e) +- else if (baseEngine.getAlgorithmName().equals("RC5-64")) - { -- throw new AnnotatedException( -- "Problem while picking certificates from X.509 store.", e); +- if (rc5Param.getWordSize() != 64) +- { +- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); +- } - } - } +- else +- { +- throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); +- } +- if ((rc5Param.getIV() != null) && (ivLength != 0)) +- { +- param = new ParametersWithIV(param, rc5Param.getIV()); +- ivParam = (ParametersWithIV)param; +- } - } -- return certs; -- } -+ // BEGIN android-removed -+ // protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, -+ // List certStores) -+ // throws AnnotatedException -+ // { -+ // Set certs = new HashSet(); -+ // Iterator iter = certStores.iterator(); -+ // -+ // while (iter.hasNext()) -+ // { -+ // Object obj = iter.next(); -+ // -+ // if (obj instanceof X509Store) -+ // { -+ // X509Store certStore = (X509Store)obj; -+ // try -+ // { -+ // certs.addAll(certStore.getMatches(certSelect)); -+ // } -+ // catch (StoreException e) -+ // { -+ // throw new AnnotatedException( -+ // "Problem while picking certificates from X.509 store.", e); -+ // } -+ // } -+ // } -+ // return certs; -+ // } -+ // END android-removed ++ // BEGIN android-removed ++ // else if (params instanceof GOST28147ParameterSpec) ++ // { ++ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; ++ // ++ // param = new ParametersWithSBox( ++ // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); ++ // ++ // if (gost28147Param.getIV() != null && ivLength != 0) ++ // { ++ // param = new ParametersWithIV(param, gost28147Param.getIV()); ++ // ivParam = (ParametersWithIV)param; ++ // } ++ // } ++ // else if (params instanceof RC2ParameterSpec) ++ // { ++ // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; ++ // ++ // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); ++ // ++ // if (rc2Param.getIV() != null && ivLength != 0) ++ // { ++ // param = new ParametersWithIV(param, rc2Param.getIV()); ++ // ivParam = (ParametersWithIV)param; ++ // } ++ // } ++ // else if (params instanceof RC5ParameterSpec) ++ // { ++ // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; ++ // ++ // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); ++ // if (baseEngine.getAlgorithmName().startsWith("RC5")) ++ // { ++ // if (baseEngine.getAlgorithmName().equals("RC5-32")) ++ // { ++ // if (rc5Param.getWordSize() != 32) ++ // { ++ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); ++ // } ++ // } ++ // else if (baseEngine.getAlgorithmName().equals("RC5-64")) ++ // { ++ // if (rc5Param.getWordSize() != 64) ++ // { ++ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); ++ // } ++ // } ++ // } ++ // else ++ // { ++ // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); ++ // } ++ // if ((rc5Param.getIV() != null) && (ivLength != 0)) ++ // { ++ // param = new ParametersWithIV(param, rc5Param.getIV()); ++ // ivParam = (ParametersWithIV)param; ++ // } ++ // } ++ // END android-removed + else + { + throw new InvalidAlgorithmParameterException("unknown parameter type."); +@@ -761,7 +787,9 @@ + private boolean isAEADModeName( + String modeName) + { +- return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName); ++ // BEGIN android-changed ++ return "CCM".equals(modeName) || "GCM".equals(modeName); ++ // END android-changed + } - protected static void addAdditionalStoresFromCRLDistributionPoint( - CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEBlockCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-01-31 02:26:40.000000000 +0000 -@@ -24,8 +24,10 @@ + /* +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2012-09-17 23:04:47.000000000 +0000 +@@ -13,8 +13,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; @@ -6873,1375 +6042,1461 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEBlockCipher. +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed - import javax.crypto.spec.SecretKeySpec; - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -@@ -44,12 +46,18 @@ - import org.bouncycastle.crypto.modes.CCMBlockCipher; - import org.bouncycastle.crypto.modes.CFBBlockCipher; - import org.bouncycastle.crypto.modes.CTSBlockCipher; --import org.bouncycastle.crypto.modes.EAXBlockCipher; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.EAXBlockCipher; -+// END android-removed - import org.bouncycastle.crypto.modes.GCMBlockCipher; --import org.bouncycastle.crypto.modes.GOFBBlockCipher; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.GOFBBlockCipher; -+// END android-removed - import org.bouncycastle.crypto.modes.OFBBlockCipher; --import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; --import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; + import org.bouncycastle.crypto.BlockCipher; + import org.bouncycastle.crypto.CipherParameters; +@@ -34,8 +36,10 @@ + // + private Class[] availableSpecs = + { +- RC2ParameterSpec.class, +- RC5ParameterSpec.class, ++ // BEGIN android-removed ++ // RC2ParameterSpec.class, ++ // RC5ParameterSpec.class, ++ // END android-removed + IvParameterSpec.class, + PBEParameterSpec.class + }; +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-01-31 02:26:40.000000000 +0000 +@@ -22,8 +22,10 @@ + import javax.crypto.ShortBufferException; + import javax.crypto.spec.IvParameterSpec; + import javax.crypto.spec.PBEParameterSpec; +-import javax.crypto.spec.RC2ParameterSpec; +-import javax.crypto.spec.RC5ParameterSpec; +// BEGIN android-removed -+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; ++// import javax.crypto.spec.RC2ParameterSpec; ++// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed - import org.bouncycastle.crypto.modes.SICBlockCipher; - import org.bouncycastle.crypto.paddings.BlockCipherPadding; - import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -@@ -61,12 +69,16 @@ - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; - import org.bouncycastle.crypto.params.ParametersWithRandom; --import org.bouncycastle.crypto.params.ParametersWithSBox; --import org.bouncycastle.crypto.params.RC2Parameters; --import org.bouncycastle.crypto.params.RC5Parameters; + import javax.crypto.spec.SecretKeySpec; + + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +@@ -45,8 +47,10 @@ + { + IvParameterSpec.class, + PBEParameterSpec.class, +- RC2ParameterSpec.class, +- RC5ParameterSpec.class ++ // BEGIN android-removed ++ // RC2ParameterSpec.class, ++ // RC5ParameterSpec.class ++ // END android-removed + }; + + protected int pbeType = PKCS12; +@@ -258,6 +262,8 @@ + return null; + } + ++ // BEGIN android-changed ++ // added ShortBufferException to throws statement + protected int engineDoFinal( + byte[] input, + int inputOffset, +@@ -268,6 +274,7 @@ + { + return 0; + } ++ // END android-changed + + protected byte[] engineWrap( + Key key) +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-05-25 02:14:15.000000000 +0000 +@@ -7,13 +7,18 @@ + + import org.bouncycastle.crypto.CipherParameters; + import org.bouncycastle.crypto.PBEParametersGenerator; +-import org.bouncycastle.crypto.digests.GOST3411Digest; +-import org.bouncycastle.crypto.digests.MD2Digest; +-import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.RIPEMD160Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.TigerDigest; +// BEGIN android-removed -+// import org.bouncycastle.crypto.params.ParametersWithSBox; -+// import org.bouncycastle.crypto.params.RC2Parameters; -+// import org.bouncycastle.crypto.params.RC5Parameters; ++// import org.bouncycastle.crypto.digests.GOST3411Digest; ++// import org.bouncycastle.crypto.digests.MD2Digest; ++// import org.bouncycastle.crypto.digests.MD5Digest; ++// import org.bouncycastle.crypto.digests.RIPEMD160Digest; ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.TigerDigest; +// END android-removed - import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; - import org.bouncycastle.jcajce.provider.symmetric.util.PBE; --import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.AndroidDigestFactory; ++// END android-added + import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; + import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; + import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; +@@ -29,11 +34,15 @@ + // + static final int MD5 = 0; + static final int SHA1 = 1; +- static final int RIPEMD160 = 2; +- static final int TIGER = 3; ++ // BEGIN android-removed ++ // static final int RIPEMD160 = 2; ++ // static final int TIGER = 3; ++ // END android-removed + static final int SHA256 = 4; +- static final int MD2 = 5; +- static final int GOST3411 = 6; ++ // BEGIN android-removed ++ // static final int MD2 = 5; ++ // static final int GOST3411 = 6; ++ // END android-removed + + static final int PKCS5S1 = 0; + static final int PKCS5S2 = 1; +@@ -57,14 +66,20 @@ + { + switch (hash) + { +- case MD2: +- generator = new PKCS5S1ParametersGenerator(new MD2Digest()); +- break; ++ // BEGIN android-removed ++ // case MD2: ++ // generator = new PKCS5S1ParametersGenerator(new MD2Digest()); ++ // break; ++ // END android-removed + case MD5: +- generator = new PKCS5S1ParametersGenerator(new MD5Digest()); ++ // BEGIN android-changed ++ generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5()); ++ // END android-changed + break; + case SHA1: +- generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); ++ // BEGIN android-changed ++ generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1()); ++ // END android-changed + break; + default: + throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); +@@ -78,27 +93,39 @@ + { + switch (hash) + { +- case MD2: +- generator = new PKCS12ParametersGenerator(new MD2Digest()); +- break; ++ // BEGIN android-removed ++ // case MD2: ++ // generator = new PKCS12ParametersGenerator(new MD2Digest()); ++ // break; ++ // END android-removed + case MD5: +- generator = new PKCS12ParametersGenerator(new MD5Digest()); ++ // BEGIN android-changed ++ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5()); ++ // END android-changed + break; + case SHA1: +- generator = new PKCS12ParametersGenerator(new SHA1Digest()); +- break; +- case RIPEMD160: +- generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); +- break; +- case TIGER: +- generator = new PKCS12ParametersGenerator(new TigerDigest()); +- break; ++ // BEGIN android-changed ++ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); ++ // END android-changed ++ break; ++ // BEGIN android-removed ++ // case RIPEMD160: ++ // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); ++ // break; ++ // case TIGER: ++ // generator = new PKCS12ParametersGenerator(new TigerDigest()); ++ // break; ++ // END android-removed + case SHA256: +- generator = new PKCS12ParametersGenerator(new SHA256Digest()); +- break; +- case GOST3411: +- generator = new PKCS12ParametersGenerator(new GOST3411Digest()); +- break; ++ // BEGIN android-changed ++ generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256()); ++ // END android-changed ++ break; ++ // BEGIN android-removed ++ // case GOST3411: ++ // generator = new PKCS12ParametersGenerator(new GOST3411Digest()); ++ // break; ++ // END android-removed + default: + throw new IllegalStateException("unknown digest scheme for PBE encryption."); + } +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/util/DigestFactory.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-09-17 23:04:47.000000000 +0000 +@@ -10,19 +10,26 @@ + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.crypto.Digest; +-import org.bouncycastle.crypto.digests.MD5Digest; +-import org.bouncycastle.crypto.digests.SHA1Digest; +-import org.bouncycastle.crypto.digests.SHA224Digest; +-import org.bouncycastle.crypto.digests.SHA256Digest; +-import org.bouncycastle.crypto.digests.SHA384Digest; +-import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-removed -+// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; ++// import org.bouncycastle.crypto.digests.MD5Digest; ++// import org.bouncycastle.crypto.digests.SHA1Digest; ++// import org.bouncycastle.crypto.digests.SHA224Digest; ++// import org.bouncycastle.crypto.digests.SHA256Digest; ++// import org.bouncycastle.crypto.digests.SHA384Digest; ++// import org.bouncycastle.crypto.digests.SHA512Digest; +// END android-removed - import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; ++// BEGIN android-added ++import org.bouncycastle.crypto.digests.AndroidDigestFactory; ++// END android-added import org.bouncycastle.util.Strings; -@@ -79,11 +91,15 @@ - // - private Class[] availableSpecs = - { -- RC2ParameterSpec.class, -- RC5ParameterSpec.class, -+ // BEGIN android-removed -+ // RC2ParameterSpec.class, -+ // RC5ParameterSpec.class, -+ // END android-removed - IvParameterSpec.class, - PBEParameterSpec.class, -- GOST28147ParameterSpec.class -+ // BEGIN android-removed -+ // GOST28147ParameterSpec.class -+ // END android-removed - }; - - private BlockCipher baseEngine; -@@ -240,20 +256,22 @@ - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } + public class DigestFactory + { + private static Set md5 = new HashSet(); + private static Set sha1 = new HashSet(); +- private static Set sha224 = new HashSet(); ++ // BEGIN android-removed ++ // private static Set sha224 = new HashSet(); ++ // END android-removed + private static Set sha256 = new HashSet(); + private static Set sha384 = new HashSet(); + private static Set sha512 = new HashSet(); +@@ -38,9 +45,11 @@ + sha1.add("SHA-1"); + sha1.add(OIWObjectIdentifiers.idSHA1.getId()); + +- sha224.add("SHA224"); +- sha224.add("SHA-224"); +- sha224.add(NISTObjectIdentifiers.id_sha224.getId()); ++ // BEGIN android-removed ++ // sha224.add("SHA224"); ++ // sha224.add("SHA-224"); ++ // sha224.add(NISTObjectIdentifiers.id_sha224.getId()); ++ // END android-removed + + sha256.add("SHA256"); + sha256.add("SHA-256"); +@@ -61,9 +70,11 @@ + oids.put("SHA-1", OIWObjectIdentifiers.idSHA1); + oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1); + +- oids.put("SHA224", NISTObjectIdentifiers.id_sha224); +- oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); +- oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); ++ // BEGIN android-removed ++ // oids.put("SHA224", NISTObjectIdentifiers.id_sha224); ++ // oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); ++ // oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); ++ // END android-removed + + oids.put("SHA256", NISTObjectIdentifiers.id_sha256); + oids.put("SHA-256", NISTObjectIdentifiers.id_sha256); +@@ -85,27 +96,39 @@ + + if (sha1.contains(digestName)) + { +- return new SHA1Digest(); ++ // BEGIN android-changed ++ return AndroidDigestFactory.getSHA1(); ++ // END android-changed } -- else if (modeName.startsWith("PGP")) -- { -- boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); -- -- ivLength = baseEngine.getBlockSize(); -- cipher = new BufferedGenericBlockCipher( -- new PGPCFBBlockCipher(baseEngine, inlineIV)); + if (md5.contains(digestName)) + { +- return new MD5Digest(); - } -- else if (modeName.equalsIgnoreCase("OpenPGPCFB")) +- if (sha224.contains(digestName)) - { -- ivLength = 0; -- cipher = new BufferedGenericBlockCipher( -- new OpenPGPCFBBlockCipher(baseEngine)); +- return new SHA224Digest(); - } ++ // BEGIN android-changed ++ return AndroidDigestFactory.getMD5(); ++ // END android-changed ++ } ++ // BEGIN android-removed ++ // if (sha224.contains(digestName)) ++ // { ++ // return new SHA224Digest(); ++ // } ++ // END android-removed + if (sha256.contains(digestName)) + { +- return new SHA256Digest(); ++ // BEGIN android-changed ++ return AndroidDigestFactory.getSHA256(); ++ // END android-changed + } + if (sha384.contains(digestName)) + { +- return new SHA384Digest(); ++ // BEGIN android-changed ++ return AndroidDigestFactory.getSHA384(); ++ // END android-changed + } + if (sha512.contains(digestName)) + { +- return new SHA512Digest(); ++ // BEGIN android-changed ++ return AndroidDigestFactory.getSHA512(); ++ // END android-changed + } + + return null; +@@ -116,7 +139,9 @@ + String digest2) + { + return (sha1.contains(digest1) && sha1.contains(digest2)) +- || (sha224.contains(digest1) && sha224.contains(digest2)) ++ // BEGIN android-removed ++ // || (sha224.contains(digest1) && sha224.contains(digest2)) ++ // END android-removed + || (sha256.contains(digest1) && sha256.contains(digest2)) + || (sha384.contains(digest1) && sha384.contains(digest2)) + || (sha512.contains(digest1) && sha512.contains(digest2)) +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-149/org/bouncycastle/jce/PKCS10CertificationRequest.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-01-31 02:26:40.000000000 +0000 +@@ -30,14 +30,18 @@ + import org.bouncycastle.asn1.DERBitString; + import org.bouncycastle.asn1.DERNull; + import org.bouncycastle.asn1.DERObjectIdentifier; +-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; + import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.CertificationRequest; + import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; + import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; +-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; ++// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x509.X509Name; +@@ -81,15 +85,20 @@ + + static + { +- algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); +- algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); ++ // BEGIN android-removed ++ // Dropping MD2 ++ // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); ++ // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); ++ // END android-removed + algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); + algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); + algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4")); + algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); + algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); +- algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); +- algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); ++ // BEGIN android-removed ++ // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); ++ // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); ++ // END android-removed + algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); + algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); + algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); +@@ -97,57 +106,78 @@ + algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); + algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); + algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); +- algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); ++ // BEGIN android-removed ++ // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); ++ // END android-removed + algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); + algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); + algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); + algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5")); +- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); +- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); +- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); +- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); +- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); +- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); ++ // BEGIN android-removed ++ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); ++ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); ++ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); ++ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); ++ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); ++ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); ++ // END android-removed + algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); + algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); +- algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); ++ // BEGIN android-removed ++ // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); ++ // END android-removed + algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); + algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); + algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); + algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); +- algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); ++ // BEGIN android-removed ++ // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); ++ // END android-removed + algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); + algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); + algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); + algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); +- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); +- algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); +- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); +- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); +- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); ++ // BEGIN android-removed ++ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); ++ // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); ++ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); ++ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); ++ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); ++ // END android-removed + + // + // reverse mappings + // + oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); +- oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); ++ // BEGIN android-removed ++ // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); ++ // END android-removed + oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); + oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); + oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); +- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); +- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); + // BEGIN android-removed -+ // else if (modeName.startsWith("PGP")) -+ // { -+ // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); -+ // -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new BufferedGenericBlockCipher( -+ // new PGPCFBBlockCipher(baseEngine, inlineIV)); -+ // } -+ // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) -+ // { -+ // ivLength = 0; -+ // cipher = new BufferedGenericBlockCipher( -+ // new OpenPGPCFBBlockCipher(baseEngine)); -+ // } ++ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); ++ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); + // END android-removed - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); -@@ -270,12 +288,14 @@ - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } -- else if (modeName.startsWith("GOFB")) -- { -- ivLength = baseEngine.getBlockSize(); -- cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( -- new GOFBBlockCipher(baseEngine))); -- } + + oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); +- oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); + // BEGIN android-removed -+ // else if (modeName.startsWith("GOFB")) -+ // { -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( -+ // new GOFBBlockCipher(baseEngine))); -+ // } ++ // Dropping MD2 ++ // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); + // END android-removed - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); -@@ -286,11 +306,13 @@ - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); - } -- else if (modeName.startsWith("EAX")) -- { -- ivLength = baseEngine.getBlockSize(); -- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); -- } + oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); + oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); +- oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); + // BEGIN android-removed -+ // else if (modeName.startsWith("EAX")) -+ // { -+ // ivLength = baseEngine.getBlockSize(); -+ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); -+ // } ++ // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); + // END android-removed - else if (modeName.startsWith("GCM")) + oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); + oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); + oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); + oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); + oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); +- oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); ++ // BEGIN android-removed ++ // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); ++ // END android-removed + oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); + + // +@@ -161,27 +191,35 @@ + // The parameters field SHALL be NULL for RSA based signature algorithms. + // + noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); +- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); ++ // BEGIN android-removed ++ // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); ++ // END android-removed + noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); + noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); + noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); + noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); +- noParams.add(NISTObjectIdentifiers.dsa_with_sha224); ++ // BEGIN android-removed ++ // noParams.add(NISTObjectIdentifiers.dsa_with_sha224); ++ // END android-removed + noParams.add(NISTObjectIdentifiers.dsa_with_sha256); + + // + // RFC 4491 + // +- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); +- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); ++ // BEGIN android-removed ++ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); ++ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); ++ // END android-removed + // + // explicit params + // + AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); + params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); + +- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); +- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); ++ // BEGIN android-removed ++ // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); ++ // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); ++ // END android-removed + + AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); + params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); +@@ -600,10 +638,12 @@ { - ivLength = baseEngine.getBlockSize(); -@@ -379,13 +401,15 @@ - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); + return "SHA1"; } - -- // -- // for RC5-64 we must have some default parameters -- // -- if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) +- else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { -- throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); +- return "SHA224"; - } + // BEGIN android-removed -+ // // -+ // // for RC5-64 we must have some default parameters -+ // // -+ // if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) ++ // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) + // { -+ // throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); ++ // return "SHA224"; + // } + // END android-removed - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). -@@ -459,63 +483,65 @@ - param = new KeyParameter(key.getEncoded()); - } + else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) + { + return "SHA256"; +@@ -616,22 +656,24 @@ + { + return "SHA512"; } -- else if (params instanceof GOST28147ParameterSpec) -- { -- GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; -- -- param = new ParametersWithSBox( -- new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); -- -- if (gost28147Param.getIV() != null && ivLength != 0) -- { -- param = new ParametersWithIV(param, gost28147Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } -- } -- else if (params instanceof RC2ParameterSpec) +- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { -- RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; -- -- param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); -- -- if (rc2Param.getIV() != null && ivLength != 0) -- { -- param = new ParametersWithIV(param, rc2Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } +- return "RIPEMD128"; - } -- else if (params instanceof RC5ParameterSpec) +- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { -- RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; -- -- param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); -- if (baseEngine.getAlgorithmName().startsWith("RC5")) -- { -- if (baseEngine.getAlgorithmName().equals("RC5-32")) -- { -- if (rc5Param.getWordSize() != 32) -- { -- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); -- } -- } -- else if (baseEngine.getAlgorithmName().equals("RC5-64")) -- { -- if (rc5Param.getWordSize() != 64) -- { -- throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); -- } -- } -- } -- else -- { -- throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); -- } -- if ((rc5Param.getIV() != null) && (ivLength != 0)) -- { -- param = new ParametersWithIV(param, rc5Param.getIV()); -- ivParam = (ParametersWithIV)param; -- } +- return "RIPEMD160"; - } -+ // BEGIN android-removed -+ // else if (params instanceof GOST28147ParameterSpec) -+ // { -+ // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; -+ // -+ // param = new ParametersWithSBox( -+ // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); -+ // -+ // if (gost28147Param.getIV() != null && ivLength != 0) -+ // { -+ // param = new ParametersWithIV(param, gost28147Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // else if (params instanceof RC2ParameterSpec) -+ // { -+ // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; -+ // -+ // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); -+ // -+ // if (rc2Param.getIV() != null && ivLength != 0) -+ // { -+ // param = new ParametersWithIV(param, rc2Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } -+ // } -+ // else if (params instanceof RC5ParameterSpec) -+ // { -+ // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; -+ // -+ // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); -+ // if (baseEngine.getAlgorithmName().startsWith("RC5")) -+ // { -+ // if (baseEngine.getAlgorithmName().equals("RC5-32")) -+ // { -+ // if (rc5Param.getWordSize() != 32) -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); -+ // } -+ // } -+ // else if (baseEngine.getAlgorithmName().equals("RC5-64")) -+ // { -+ // if (rc5Param.getWordSize() != 64) -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); -+ // } -+ // } -+ // } -+ // else -+ // { -+ // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); -+ // } -+ // if ((rc5Param.getIV() != null) && (ivLength != 0)) -+ // { -+ // param = new ParametersWithIV(param, rc5Param.getIV()); -+ // ivParam = (ParametersWithIV)param; -+ // } +- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) +- { +- return "RIPEMD256"; +- } +- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) +- { +- return "GOST3411"; +- } ++ // BEGIN android-removed ++ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD128"; ++ // } ++ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD160"; ++ // } ++ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) ++ // { ++ // return "RIPEMD256"; ++ // } ++ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) ++ // { ++ // return "GOST3411"; + // } + // END android-removed else { - throw new InvalidAlgorithmParameterException("unknown parameter type."); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPrivateKey.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-01-31 02:26:40.000000000 +0000 -@@ -20,8 +20,10 @@ - import org.bouncycastle.asn1.DERInteger; - import org.bouncycastle.asn1.DERNull; - import org.bouncycastle.asn1.DERObjectIdentifier; --import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; --import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// END android-removed - import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; - import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; - import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -@@ -203,21 +205,23 @@ - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - -- if (ecP == null) // GOST Curve -- { -- ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); -- EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); -- -- ecSpec = new ECNamedCurveSpec( -- ECGOST3410NamedCurves.getName(oid), -- ellipticCurve, -- new ECPoint( -- gParam.getG().getX().toBigInteger(), -- gParam.getG().getY().toBigInteger()), -- gParam.getN(), -- gParam.getH()); -- } -- else -+ // BEGIN android-removed -+ // if (ecP == null) // GOST Curve -+ // { -+ // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); -+ // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); -+ // -+ // ecSpec = new ECNamedCurveSpec( -+ // ECGOST3410NamedCurves.getName(oid), -+ // ellipticCurve, -+ // new ECPoint( -+ // gParam.getG().getX().toBigInteger(), -+ // gParam.getG().getY().toBigInteger()), -+ // gParam.getN(), -+ // gParam.getH()); -+ // } -+ // else -+ // END android-removed - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - -@@ -331,11 +335,13 @@ - - try - { -- if (algorithm.equals("ECGOST3410")) -- { -- info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); -- } -- else -+ // BEGIN android-removed -+ // if (algorithm.equals("ECGOST3410")) -+ // { -+ // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); -+ // } -+ // else -+ // END android-removed - { - - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPublicKey.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-01-31 02:26:40.000000000 +0000 -@@ -18,9 +18,11 @@ - import org.bouncycastle.asn1.DERBitString; - import org.bouncycastle.asn1.DERNull; - import org.bouncycastle.asn1.DEROctetString; --import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; --import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; --import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -+// BEGIN android-removed -+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -+// END android-removed - import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - import org.bouncycastle.asn1.x9.X962Parameters; -@@ -33,9 +35,13 @@ - import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; - import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; - import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; --import org.bouncycastle.jce.ECGOST3410NamedCurveTable; -+// BEGIN android-removed -+// import org.bouncycastle.jce.ECGOST3410NamedCurveTable; -+// END android-removed - import org.bouncycastle.jce.interfaces.ECPointEncoder; --import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -+// BEGIN android-removed -+// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -+// END android-removed - import org.bouncycastle.jce.spec.ECNamedCurveSpec; - import org.bouncycastle.math.ec.ECCurve; + return digestAlgOID.getId(); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/BouncyCastleProvider.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-05-25 02:14:15.000000000 +0000 +@@ -64,13 +64,20 @@ -@@ -46,7 +52,9 @@ - private org.bouncycastle.math.ec.ECPoint q; - private ECParameterSpec ecSpec; - private boolean withCompression; -- private GOST3410PublicKeyAlgParameters gostParams; -+ // BEGIN android-removed -+ // private GOST3410PublicKeyAlgParameters gostParams; -+ // END android-removed + private static final String[] SYMMETRIC_MACS = + { +- "SipHash" ++ // BEGIN android-removed ++ // "SipHash" ++ // END android-removed + }; - public JCEECPublicKey( - String algorithm, -@@ -56,7 +64,9 @@ - this.q = key.q; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; -- this.gostParams = key.gostParams; + private static final String[] SYMMETRIC_CIPHERS = + { +- "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", +- "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // BEGIN android-removed -+ // this.gostParams = key.gostParams; ++ // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", ++ // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // END android-removed - } - - public JCEECPublicKey( -@@ -179,54 +189,56 @@ ++ // BEGIN android-added ++ "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish" ++ // END android-added + }; - private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) + /* +@@ -82,12 +89,22 @@ + // later ones configure it. + private static final String[] ASYMMETRIC_GENERIC = { -- if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) -- { -- DERBitString bits = info.getPublicKeyData(); -- ASN1OctetString key; -- this.algorithm = "ECGOST3410"; -- -- try -- { -- key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); -- } -- catch (IOException ex) -- { -- throw new IllegalArgumentException("error recovering public key"); -- } -- -- byte[] keyEnc = key.getOctets(); -- byte[] x = new byte[32]; -- byte[] y = new byte[32]; -- -- for (int i = 0; i != x.length; i++) -- { -- x[i] = keyEnc[32 - 1 - i]; -- } -- -- for (int i = 0; i != y.length; i++) -- { -- y[i] = keyEnc[64 - 1 - i]; -- } -- -- gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); -- -- ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); -- -- ECCurve curve = spec.getCurve(); -- EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); -- -- this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); -- -- ecSpec = new ECNamedCurveSpec( -- ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), -- ellipticCurve, -- new ECPoint( -- spec.getG().getX().toBigInteger(), -- spec.getG().getY().toBigInteger()), -- spec.getN(), spec.getH()); -- -- } -- else +- "X509", "IES" + // BEGIN android-removed -+ // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) -+ // { -+ // DERBitString bits = info.getPublicKeyData(); -+ // ASN1OctetString key; -+ // this.algorithm = "ECGOST3410"; -+ // -+ // try -+ // { -+ // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); -+ // } -+ // catch (IOException ex) -+ // { -+ // throw new IllegalArgumentException("error recovering public key"); -+ // } -+ // -+ // byte[] keyEnc = key.getOctets(); -+ // byte[] x = new byte[32]; -+ // byte[] y = new byte[32]; -+ // -+ // for (int i = 0; i != x.length; i++) -+ // { -+ // x[i] = keyEnc[32 - 1 - i]; -+ // } -+ // -+ // for (int i = 0; i != y.length; i++) -+ // { -+ // y[i] = keyEnc[64 - 1 - i]; -+ // } -+ // -+ // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); -+ // -+ // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); -+ // -+ // ECCurve curve = spec.getCurve(); -+ // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); -+ // -+ // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); -+ // -+ // ecSpec = new ECNamedCurveSpec( -+ // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), -+ // ellipticCurve, -+ // new ECPoint( -+ // spec.getG().getX().toBigInteger(), -+ // spec.getG().getY().toBigInteger()), -+ // spec.getN(), spec.getH()); -+ // -+ // } -+ // else ++ // "X509", "IES" ++ // END android-removed ++ // BEGIN android-added ++ "X509" ++ // END android-added + }; + + private static final String[] ASYMMETRIC_CIPHERS = + { +- "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" ++ // BEGIN android-removed ++ // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" + // END android-removed - { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); - ECCurve curve; -@@ -315,52 +327,54 @@ - ASN1Encodable params; - SubjectPublicKeyInfo info; ++ // BEGIN android-added ++ "DSA", "DH", "EC", "RSA", ++ // END android-added + }; -- if (algorithm.equals("ECGOST3410")) -- { -- if (gostParams != null) -- { -- params = gostParams; -- } -- else -- { -- if (ecSpec instanceof ECNamedCurveSpec) -- { -- params = new GOST3410PublicKeyAlgParameters( -- ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), -- CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); -- } -- else -- { // strictly speaking this may not be applicable... -- ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); + /* +@@ -96,7 +113,12 @@ + private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; + private static final String[] DIGESTS = + { +- "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Tiger", "Whirlpool" ++ // BEGIN android-removed ++ // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Tiger", "Whirlpool" ++ // END android-removed ++ // BEGIN android-added ++ "MD5", "SHA1", "SHA256", "SHA384", "SHA512", ++ // END android-added + }; + + /* +@@ -143,48 +165,52 @@ + + loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); + +- // +- // X509Store +- // +- put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); +- put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); +- put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); +- put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); - -- X9ECParameters ecP = new X9ECParameters( -- curve, -- EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), -- ecSpec.getOrder(), -- BigInteger.valueOf(ecSpec.getCofactor()), -- ecSpec.getCurve().getSeed()); +- put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); +- put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); +- put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); +- put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); +- +- // +- // X509StreamParser +- // +- put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); +- put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); +- put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); +- put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); - -- params = new X962Parameters(ecP); -- } -- } +- // +- // cipher engines +- // +- put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); - -- BigInteger bX = this.q.getX().toBigInteger(); -- BigInteger bY = this.q.getY().toBigInteger(); -- byte[] encKey = new byte[64]; +- put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); - -- extractBytes(encKey, 0, bX); -- extractBytes(encKey, 32, bY); - -- try -- { -- info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); -- } -- catch (IOException e) -- { -- return null; -- } -- } -- else +- put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); +- +- // Certification Path API +- put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); +- put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); +- put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); +- put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); + // BEGIN android-removed -+ // if (algorithm.equals("ECGOST3410")) -+ // { -+ // if (gostParams != null) -+ // { -+ // params = gostParams; -+ // } -+ // else -+ // { -+ // if (ecSpec instanceof ECNamedCurveSpec) -+ // { -+ // params = new GOST3410PublicKeyAlgParameters( -+ // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), -+ // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); -+ // } -+ // else -+ // { // strictly speaking this may not be applicable... -+ // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); ++ // // ++ // // X509Store ++ // // ++ // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); ++ // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); ++ // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); ++ // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); + // -+ // X9ECParameters ecP = new X9ECParameters( -+ // curve, -+ // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), -+ // ecSpec.getOrder(), -+ // BigInteger.valueOf(ecSpec.getCofactor()), -+ // ecSpec.getCurve().getSeed()); ++ // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); ++ // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); ++ // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); ++ // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); + // -+ // params = new X962Parameters(ecP); -+ // } -+ // } ++ // // ++ // // X509StreamParser ++ // // ++ // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); ++ // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); ++ // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); ++ // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); + // -+ // BigInteger bX = this.q.getX().toBigInteger(); -+ // BigInteger bY = this.q.getY().toBigInteger(); -+ // byte[] encKey = new byte[64]; ++ // // ++ // // cipher engines ++ // // ++ // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); + // -+ // extractBytes(encKey, 0, bX); -+ // extractBytes(encKey, 32, bY); ++ // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); + // -+ // try -+ // { -+ // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); -+ // } -+ // catch (IOException e) -+ // { -+ // return null; -+ // } -+ // } -+ // else ++ // ++ // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); ++ // ++ // // Certification Path API ++ // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); ++ // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); ++ // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); ++ // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); + // END android-removed - { - if (ecSpec instanceof ECNamedCurveSpec) - { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEMac.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEMac.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEMac.java 2012-09-17 23:04:47.000000000 +0000 -@@ -11,24 +11,35 @@ + put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); + put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); + put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); +- put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); +- put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); +- put("Alg.Alias.CertStore.X509LDAP", "LDAP"); ++ // BEGIN android-removed ++ // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); ++ // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); ++ // put("Alg.Alias.CertStore.X509LDAP", "LDAP"); ++ // END android-removed + } - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.Mac; --import org.bouncycastle.crypto.digests.MD2Digest; --import org.bouncycastle.crypto.digests.MD4Digest; --import org.bouncycastle.crypto.digests.MD5Digest; --import org.bouncycastle.crypto.digests.RIPEMD128Digest; --import org.bouncycastle.crypto.digests.RIPEMD160Digest; --import org.bouncycastle.crypto.digests.SHA1Digest; --import org.bouncycastle.crypto.digests.SHA224Digest; --import org.bouncycastle.crypto.digests.SHA256Digest; --import org.bouncycastle.crypto.digests.SHA384Digest; --import org.bouncycastle.crypto.digests.SHA512Digest; --import org.bouncycastle.crypto.digests.TigerDigest; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.MD2Digest; -+// import org.bouncycastle.crypto.digests.MD4Digest; -+// import org.bouncycastle.crypto.digests.MD5Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -+// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// import org.bouncycastle.crypto.digests.SHA224Digest; -+// import org.bouncycastle.crypto.digests.SHA256Digest; -+// import org.bouncycastle.crypto.digests.SHA384Digest; -+// import org.bouncycastle.crypto.digests.SHA512Digest; -+// import org.bouncycastle.crypto.digests.TigerDigest; -+// END android-removed -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added - import org.bouncycastle.crypto.engines.DESEngine; --import org.bouncycastle.crypto.engines.RC2Engine; -+// BEGIN android-removed -+// import org.bouncycastle.crypto.engines.RC2Engine; -+// END android-removed - import org.bouncycastle.crypto.macs.CBCBlockCipherMac; --import org.bouncycastle.crypto.macs.CFBBlockCipherMac; + private void loadAlgorithms(String packageName, String[] names) +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertBlacklist.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertBlacklist.java 2013-01-16 01:38:43.000000000 +0000 +@@ -0,0 +1,224 @@ ++/* ++ * Copyright (C) 2012 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++package org.bouncycastle.jce.provider; ++ ++import java.io.Closeable; ++import java.io.ByteArrayOutputStream; ++import java.io.FileNotFoundException; ++import java.io.IOException; ++import java.io.RandomAccessFile; ++import java.math.BigInteger; ++import java.security.PublicKey; ++import java.util.Arrays; ++import java.util.Collections; ++import java.util.HashSet; ++import java.util.Set; ++import java.util.logging.Level; ++import java.util.logging.Logger; ++import org.bouncycastle.crypto.Digest; ++import org.bouncycastle.crypto.digests.AndroidDigestFactory; ++import org.bouncycastle.util.encoders.Hex; ++ ++public class CertBlacklist { ++ ++ private static final String ANDROID_DATA = System.getenv("ANDROID_DATA"); ++ private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/"; ++ public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt"; ++ public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt"; ++ ++ private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); ++ ++ // public for testing ++ public final Set serialBlacklist; ++ public final Set pubkeyBlacklist; ++ ++ public CertBlacklist() { ++ this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH); ++ } ++ ++ /** Test only interface, not for public use */ ++ public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { ++ serialBlacklist = readSerialBlackList(serialBlacklistPath); ++ pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); ++ } ++ ++ private static boolean isHex(String value) { ++ try { ++ new BigInteger(value, 16); ++ return true; ++ } catch (NumberFormatException e) { ++ logger.log(Level.WARNING, "Could not parse hex value " + value, e); ++ return false; ++ } ++ } ++ ++ private static boolean isPubkeyHash(String value) { ++ if (value.length() != 40) { ++ logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length()); ++ return false; ++ } ++ return isHex(value); ++ } ++ ++ private static String readBlacklist(String path) { ++ try { ++ return readFileAsString(path); ++ } catch (FileNotFoundException ignored) { ++ } catch (IOException e) { ++ logger.log(Level.WARNING, "Could not read blacklist", e); ++ } ++ return ""; ++ } ++ ++ // From IoUtils.readFileAsString ++ private static String readFileAsString(String path) throws IOException { ++ return readFileAsBytes(path).toString("UTF-8"); ++ } ++ ++ // Based on IoUtils.readFileAsBytes ++ private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException { ++ RandomAccessFile f = null; ++ try { ++ f = new RandomAccessFile(path, "r"); ++ ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length()); ++ byte[] buffer = new byte[8192]; ++ while (true) { ++ int byteCount = f.read(buffer); ++ if (byteCount == -1) { ++ return bytes; ++ } ++ bytes.write(buffer, 0, byteCount); ++ } ++ } finally { ++ closeQuietly(f); ++ } ++ } ++ ++ // Base on IoUtils.closeQuietly ++ private static void closeQuietly(Closeable closeable) { ++ if (closeable != null) { ++ try { ++ closeable.close(); ++ } catch (RuntimeException rethrown) { ++ throw rethrown; ++ } catch (Exception ignored) { ++ } ++ } ++ } ++ ++ private static final Set readSerialBlackList(String path) { ++ ++ // start out with a base set of known bad values ++ Set bl = new HashSet(Arrays.asList( ++ // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup ++ // Not a real certificate. For testing only. ++ new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16), ++ new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16), ++ new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16), ++ new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16), ++ new BigInteger("9239d5348f40d1695a745470e1f23f43", 16), ++ new BigInteger("e9028b9578e415dc1a710a2b88154447", 16), ++ new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16), ++ new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16), ++ new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16), ++ new BigInteger("3e75ced46b693021218830ae86a82a71", 16), ++ new BigInteger("864", 16), ++ new BigInteger("827", 16) ++ )); ++ ++ // attempt to augment it with values taken from gservices ++ String serialBlacklist = readBlacklist(path); ++ if (!serialBlacklist.equals("")) { ++ for(String value : serialBlacklist.split(",")) { ++ try { ++ bl.add(new BigInteger(value, 16)); ++ } catch (NumberFormatException e) { ++ logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e); ++ } ++ } ++ } ++ ++ // whether that succeeds or fails, send it on its merry way ++ return Collections.unmodifiableSet(bl); ++ } ++ ++ private static final Set readPublicKeyBlackList(String path) { ++ ++ // start out with a base set of known bad values ++ Set bl = new HashSet(Arrays.asList( ++ // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750 ++ // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl ++ "410f36363258f30b347d12ce4863e433437806a8".getBytes(), ++ // Subject: CN=DigiNotar Cyber CA ++ // Issuer: CN=GTE CyberTrust Global Root ++ "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(), ++ // Subject: CN=DigiNotar Services 1024 CA ++ // Issuer: CN=Entrust.net ++ "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(), ++ // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 ++ // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 ++ "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(), ++ // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven ++ // Issuer: CN=Staat der Nederlanden Overheid CA ++ "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(), ++ // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479 ++ // Subject: O=Digicert Sdn. Bhd. ++ // Issuer: CN=GTE CyberTrust Global Root ++ "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(), ++ // Subject: CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org ++ // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri ++ "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(), ++ // Subject: CN=*.EGO.GOV.TR 93 ++ // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri ++ "783333c9687df63377efceddd82efa9101913e8e".getBytes() ++ )); ++ ++ // attempt to augment it with values taken from gservices ++ String pubkeyBlacklist = readBlacklist(path); ++ if (!pubkeyBlacklist.equals("")) { ++ for (String value : pubkeyBlacklist.split(",")) { ++ value = value.trim(); ++ if (isPubkeyHash(value)) { ++ bl.add(value.getBytes()); ++ } else { ++ logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value); ++ } ++ } ++ } ++ ++ return bl; ++ } ++ ++ public boolean isPublicKeyBlackListed(PublicKey publicKey) { ++ byte[] encoded = publicKey.getEncoded(); ++ Digest digest = AndroidDigestFactory.getSHA1(); ++ digest.update(encoded, 0, encoded.length); ++ byte[] out = new byte[digest.getDigestSize()]; ++ digest.doFinal(out, 0); ++ for (byte[] blacklisted : pubkeyBlacklist) { ++ if (Arrays.equals(blacklisted, Hex.encode(out))) { ++ return true; ++ } ++ } ++ return false; ++ } ++ ++ public boolean isSerialNumberBlackListed(BigInteger serial) { ++ return serialBlacklist.contains(serial); ++ } ++ ++} +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-01-31 02:26:40.000000000 +0000 +@@ -61,14 +61,18 @@ + import org.bouncycastle.asn1.x509.PolicyInformation; + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x509.X509Extension; +-import org.bouncycastle.jce.X509LDAPCertStoreParameters; +// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; ++// import org.bouncycastle.jce.X509LDAPCertStoreParameters; +// END android-removed - import org.bouncycastle.crypto.macs.HMac; --import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; --import org.bouncycastle.crypto.macs.OldHMac; + import org.bouncycastle.jce.exception.ExtCertPathValidatorException; + import org.bouncycastle.util.Integers; + import org.bouncycastle.util.Selector; + import org.bouncycastle.util.StoreException; + import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; + import org.bouncycastle.x509.ExtendedPKIXParameters; +-import org.bouncycastle.x509.X509AttributeCertStoreSelector; +// BEGIN android-removed -+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -+// import org.bouncycastle.crypto.macs.OldHMac; ++// import org.bouncycastle.x509.X509AttributeCertStoreSelector; +// END android-removed - import org.bouncycastle.crypto.paddings.ISO7816d4Padding; - import org.bouncycastle.crypto.params.KeyParameter; - import org.bouncycastle.crypto.params.ParametersWithIV; -@@ -144,109 +155,111 @@ - * the classes that extend directly off us. - */ + import org.bouncycastle.x509.X509AttributeCertificate; + import org.bouncycastle.x509.X509CRLStoreSelector; + import org.bouncycastle.x509.X509CertStoreSelector; +@@ -656,38 +660,40 @@ + { + try + { +- if (location.startsWith("ldap://")) +- { +- // ldap://directory.d-trust.net/CN=D-TRUST +- // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE +- // skip "ldap://" +- location = location.substring(7); +- // after first / baseDN starts +- String base = null; +- String url = null; +- if (location.indexOf("/") != -1) +- { +- base = location.substring(location.indexOf("/")); +- // URL +- url = "ldap://" +- + location.substring(0, location.indexOf("/")); +- } +- else +- { +- url = "ldap://" + location; +- } +- // use all purpose parameters +- X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder( +- url, base).build(); +- pkixParams.addAdditionalStore(X509Store.getInstance( +- "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); +- pkixParams.addAdditionalStore(X509Store.getInstance( +- "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); +- pkixParams.addAdditionalStore(X509Store.getInstance( +- "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); +- pkixParams.addAdditionalStore(X509Store.getInstance( +- "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); +- } ++ // BEGIN android-removed ++ // if (location.startsWith("ldap://")) ++ // { ++ // // ldap://directory.d-trust.net/CN=D-TRUST ++ // // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE ++ // // skip "ldap://" ++ // location = location.substring(7); ++ // // after first / baseDN starts ++ // String base = null; ++ // String url = null; ++ // if (location.indexOf("/") != -1) ++ // { ++ // base = location.substring(location.indexOf("/")); ++ // // URL ++ // url = "ldap://" ++ // + location.substring(0, location.indexOf("/")); ++ // } ++ // else ++ // { ++ // url = "ldap://" + location; ++ // } ++ // // use all purpose parameters ++ // X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder( ++ // url, base).build(); ++ // pkixParams.addAdditionalStore(X509Store.getInstance( ++ // "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); ++ // pkixParams.addAdditionalStore(X509Store.getInstance( ++ // "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); ++ // pkixParams.addAdditionalStore(X509Store.getInstance( ++ // "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); ++ // pkixParams.addAdditionalStore(X509Store.getInstance( ++ // "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); ++ // } ++ // END android-removed + } + catch (Exception e) + { +@@ -752,33 +758,35 @@ + return certs; + } -- /** -- * DES -- */ -- public static class DES -- extends JCEMac -- { -- public DES() -- { -- super(new CBCBlockCipherMac(new DESEngine())); -- } -- } -- -- /** -- * DES 64 bit MAC -- */ -- public static class DES64 -- extends JCEMac -- { -- public DES64() -- { -- super(new CBCBlockCipherMac(new DESEngine(), 64)); -- } -- } -- -- /** -- * RC2 -- */ -- public static class RC2 -- extends JCEMac -- { -- public RC2() -- { -- super(new CBCBlockCipherMac(new RC2Engine())); -- } -- } -- -- -- -- -- /** -- * DES -- */ -- public static class DESCFB8 -- extends JCEMac -- { -- public DESCFB8() -- { -- super(new CFBBlockCipherMac(new DESEngine())); -- } -- } -- -- /** -- * RC2CFB8 -- */ -- -- -- /** -- * DES9797Alg3with7816-4Padding -- */ -- public static class DES9797Alg3with7816d4 -- extends JCEMac -- { -- public DES9797Alg3with7816d4() -- { -- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); -- } -- } -- -- /** -- * DES9797Alg3 -- */ -- public static class DES9797Alg3 -- extends JCEMac +- protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, +- List certStores) +- throws AnnotatedException - { -- public DES9797Alg3() -- { -- super(new ISO9797Alg3Mac(new DESEngine())); -- } -- } +- Set certs = new HashSet(); +- Iterator iter = certStores.iterator(); - -- /** -- * MD2 HMac -- */ -- public static class MD2 -- extends JCEMac -- { -- public MD2() +- while (iter.hasNext()) - { -- super(new HMac(new MD2Digest())); -- } -- } +- Object obj = iter.next(); - -- /** -- * MD4 HMac -- */ -- public static class MD4 -- extends JCEMac -- { -- public MD4() -- { -- super(new HMac(new MD4Digest())); +- if (obj instanceof X509Store) +- { +- X509Store certStore = (X509Store)obj; +- try +- { +- certs.addAll(certStore.getMatches(certSelect)); +- } +- catch (StoreException e) +- { +- throw new AnnotatedException( +- "Problem while picking certificates from X.509 store.", e); +- } +- } - } +- return certs; - } + // BEGIN android-removed -+ // /** -+ // * DES -+ // */ -+ // public static class DES -+ // extends JCEMac -+ // { -+ // public DES() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine())); -+ // } -+ // } -+ // -+ // /** -+ // * DES 64 bit MAC -+ // */ -+ // public static class DES64 -+ // extends JCEMac -+ // { -+ // public DES64() -+ // { -+ // super(new CBCBlockCipherMac(new DESEngine(), 64)); -+ // } -+ // } -+ // -+ // /** -+ // * RC2 -+ // */ -+ // public static class RC2 -+ // extends JCEMac -+ // { -+ // public RC2() -+ // { -+ // super(new CBCBlockCipherMac(new RC2Engine())); -+ // } -+ // } -+ // -+ // -+ // -+ // -+ // /** -+ // * DES -+ // */ -+ // public static class DESCFB8 -+ // extends JCEMac -+ // { -+ // public DESCFB8() -+ // { -+ // super(new CFBBlockCipherMac(new DESEngine())); -+ // } -+ // } -+ // -+ // /** -+ // * RC2CFB8 -+ // */ -+ // -+ // -+ // /** -+ // * DES9797Alg3with7816-4Padding -+ // */ -+ // public static class DES9797Alg3with7816d4 -+ // extends JCEMac -+ // { -+ // public DES9797Alg3with7816d4() -+ // { -+ // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); -+ // } -+ // } -+ // -+ // /** -+ // * DES9797Alg3 -+ // */ -+ // public static class DES9797Alg3 -+ // extends JCEMac ++ // protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, ++ // List certStores) ++ // throws AnnotatedException + // { -+ // public DES9797Alg3() -+ // { -+ // super(new ISO9797Alg3Mac(new DESEngine())); -+ // } -+ // } ++ // Set certs = new HashSet(); ++ // Iterator iter = certStores.iterator(); + // -+ // /** -+ // * MD2 HMac -+ // */ -+ // public static class MD2 -+ // extends JCEMac -+ // { -+ // public MD2() ++ // while (iter.hasNext()) + // { -+ // super(new HMac(new MD2Digest())); -+ // } -+ // } ++ // Object obj = iter.next(); + // -+ // /** -+ // * MD4 HMac -+ // */ -+ // public static class MD4 -+ // extends JCEMac -+ // { -+ // public MD4() -+ // { -+ // super(new HMac(new MD4Digest())); ++ // if (obj instanceof X509Store) ++ // { ++ // X509Store certStore = (X509Store)obj; ++ // try ++ // { ++ // certs.addAll(certStore.getMatches(certSelect)); ++ // } ++ // catch (StoreException e) ++ // { ++ // throw new AnnotatedException( ++ // "Problem while picking certificates from X.509 store.", e); ++ // } ++ // } + // } ++ // return certs; + // } + // END android-removed - /** - * MD5 HMac -@@ -256,7 +269,9 @@ - { - public MD5() - { -- super(new HMac(new MD5Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getMD5())); -+ // END android-changed - } - } + protected static void addAdditionalStoresFromCRLDistributionPoint( + CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPrivateKey.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-05-25 02:14:15.000000000 +0000 +@@ -20,8 +20,10 @@ + import org.bouncycastle.asn1.DERInteger; + import org.bouncycastle.asn1.DERNull; + import org.bouncycastle.asn1.DERObjectIdentifier; +-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; ++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// END android-removed + import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; + import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +@@ -203,21 +205,23 @@ + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); + X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); + +- if (ecP == null) // GOST Curve +- { +- ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); +- EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); +- +- ecSpec = new ECNamedCurveSpec( +- ECGOST3410NamedCurves.getName(oid), +- ellipticCurve, +- new ECPoint( +- gParam.getG().getX().toBigInteger(), +- gParam.getG().getY().toBigInteger()), +- gParam.getN(), +- gParam.getH()); +- } +- else ++ // BEGIN android-removed ++ // if (ecP == null) // GOST Curve ++ // { ++ // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); ++ // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); ++ // ++ // ecSpec = new ECNamedCurveSpec( ++ // ECGOST3410NamedCurves.getName(oid), ++ // ellipticCurve, ++ // new ECPoint( ++ // gParam.getG().getX().toBigInteger(), ++ // gParam.getG().getY().toBigInteger()), ++ // gParam.getN(), ++ // gParam.getH()); ++ // } ++ // else ++ // END android-removed + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); + +@@ -331,11 +335,13 @@ -@@ -268,21 +283,25 @@ - { - public SHA1() + try { -- super(new HMac(new SHA1Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1())); -+ // END android-changed - } - } +- if (algorithm.equals("ECGOST3410")) +- { +- info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); +- } +- else ++ // BEGIN android-removed ++ // if (algorithm.equals("ECGOST3410")) ++ // { ++ // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); ++ // } ++ // else ++ // END android-removed + { -- /** -- * SHA-224 HMac -- */ -- public static class SHA224 -- extends JCEMac -- { -- public SHA224() -- { -- super(new HMac(new SHA224Digest())); -- } -- } + info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPublicKey.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-05-25 02:14:15.000000000 +0000 +@@ -18,9 +18,11 @@ + import org.bouncycastle.asn1.DERBitString; + import org.bouncycastle.asn1.DERNull; + import org.bouncycastle.asn1.DEROctetString; +-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; ++// BEGIN android-removed ++// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; ++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; ++// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; ++// END android-removed + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; + import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; + import org.bouncycastle.asn1.x9.X962Parameters; +@@ -33,9 +35,13 @@ + import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; + import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; + import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +-import org.bouncycastle.jce.ECGOST3410NamedCurveTable; ++// BEGIN android-removed ++// import org.bouncycastle.jce.ECGOST3410NamedCurveTable; ++// END android-removed + import org.bouncycastle.jce.interfaces.ECPointEncoder; +-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; ++// BEGIN android-removed ++// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; ++// END android-removed + import org.bouncycastle.jce.spec.ECNamedCurveSpec; + import org.bouncycastle.math.ec.ECCurve; + +@@ -46,7 +52,9 @@ + private org.bouncycastle.math.ec.ECPoint q; + private ECParameterSpec ecSpec; + private boolean withCompression; +- private GOST3410PublicKeyAlgParameters gostParams; + // BEGIN android-removed -+ // /** -+ // * SHA-224 HMac -+ // */ -+ // public static class SHA224 -+ // extends JCEMac -+ // { -+ // public SHA224() -+ // { -+ // super(new HMac(new SHA224Digest())); -+ // } -+ // } ++ // private GOST3410PublicKeyAlgParameters gostParams; + // END android-removed - - /** - * SHA-256 HMac -@@ -292,7 +311,9 @@ - { - public SHA256() - { -- super(new HMac(new SHA256Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA256())); -+ // END android-changed - } - } -@@ -304,18 +325,22 @@ - { - public SHA384() - { -- super(new HMac(new SHA384Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA384())); -+ // END android-changed - } + public JCEECPublicKey( + String algorithm, +@@ -56,7 +64,9 @@ + this.q = key.q; + this.ecSpec = key.ecSpec; + this.withCompression = key.withCompression; +- this.gostParams = key.gostParams; ++ // BEGIN android-removed ++ // this.gostParams = key.gostParams; ++ // END android-removed } + + public JCEECPublicKey( +@@ -179,54 +189,56 @@ -- public static class OldSHA384 -- extends JCEMac -- { -- public OldSHA384() + private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) + { +- if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { -- super(new OldHMac(new SHA384Digest())); +- DERBitString bits = info.getPublicKeyData(); +- ASN1OctetString key; +- this.algorithm = "ECGOST3410"; +- +- try +- { +- key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); +- } +- catch (IOException ex) +- { +- throw new IllegalArgumentException("error recovering public key"); +- } +- +- byte[] keyEnc = key.getOctets(); +- byte[] x = new byte[32]; +- byte[] y = new byte[32]; +- +- for (int i = 0; i != x.length; i++) +- { +- x[i] = keyEnc[32 - 1 - i]; +- } +- +- for (int i = 0; i != y.length; i++) +- { +- y[i] = keyEnc[64 - 1 - i]; +- } +- +- gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); +- +- ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); +- +- ECCurve curve = spec.getCurve(); +- EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); +- +- this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); +- +- ecSpec = new ECNamedCurveSpec( +- ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), +- ellipticCurve, +- new ECPoint( +- spec.getG().getX().toBigInteger(), +- spec.getG().getY().toBigInteger()), +- spec.getN(), spec.getH()); +- - } -- } -+ // BEGIN android-removed -+ // public static class OldSHA384 -+ // extends JCEMac -+ // { -+ // public OldSHA384() -+ // { -+ // super(new OldHMac(new SHA384Digest())); -+ // } -+ // } -+ // END android-removed - - /** - * SHA-512 HMac -@@ -325,75 +350,80 @@ - { - public SHA512() +- else ++ // BEGIN android-removed ++ // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) ++ // { ++ // DERBitString bits = info.getPublicKeyData(); ++ // ASN1OctetString key; ++ // this.algorithm = "ECGOST3410"; ++ // ++ // try ++ // { ++ // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); ++ // } ++ // catch (IOException ex) ++ // { ++ // throw new IllegalArgumentException("error recovering public key"); ++ // } ++ // ++ // byte[] keyEnc = key.getOctets(); ++ // byte[] x = new byte[32]; ++ // byte[] y = new byte[32]; ++ // ++ // for (int i = 0; i != x.length; i++) ++ // { ++ // x[i] = keyEnc[32 - 1 - i]; ++ // } ++ // ++ // for (int i = 0; i != y.length; i++) ++ // { ++ // y[i] = keyEnc[64 - 1 - i]; ++ // } ++ // ++ // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); ++ // ++ // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); ++ // ++ // ECCurve curve = spec.getCurve(); ++ // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); ++ // ++ // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); ++ // ++ // ecSpec = new ECNamedCurveSpec( ++ // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), ++ // ellipticCurve, ++ // new ECPoint( ++ // spec.getG().getX().toBigInteger(), ++ // spec.getG().getY().toBigInteger()), ++ // spec.getN(), spec.getH()); ++ // ++ // } ++ // else ++ // END android-removed { -- super(new HMac(new SHA512Digest())); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA512())); -+ // END android-changed - } - } + X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); + ECCurve curve; +@@ -315,52 +327,54 @@ + ASN1Encodable params; + SubjectPublicKeyInfo info; -- /** -- * SHA-512 HMac -- */ -- public static class OldSHA512 -- extends JCEMac -- { -- public OldSHA512() -- { -- super(new OldHMac(new SHA512Digest())); -- } -- } - -- /** -- * RIPEMD128 HMac -- */ -- public static class RIPEMD128 -- extends JCEMac -- { -- public RIPEMD128() +- if (algorithm.equals("ECGOST3410")) - { -- super(new HMac(new RIPEMD128Digest())); -- } -- } +- if (gostParams != null) +- { +- params = gostParams; +- } +- else +- { +- if (ecSpec instanceof ECNamedCurveSpec) +- { +- params = new GOST3410PublicKeyAlgParameters( +- ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), +- CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); +- } +- else +- { // strictly speaking this may not be applicable... +- ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - -- /** -- * RIPEMD160 HMac -- */ -- public static class RIPEMD160 -- extends JCEMac -- { -- public RIPEMD160() -- { -- super(new HMac(new RIPEMD160Digest())); -- } -- } +- X9ECParameters ecP = new X9ECParameters( +- curve, +- EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), +- ecSpec.getOrder(), +- BigInteger.valueOf(ecSpec.getCofactor()), +- ecSpec.getCurve().getSeed()); - -- /** -- * Tiger HMac -- */ -- public static class Tiger -- extends JCEMac -- { -- public Tiger() -- { -- super(new HMac(new TigerDigest())); -- } -- } +- params = new X962Parameters(ecP); +- } +- } - -+ // BEGIN android-removed -+ // /** -+ // * SHA-512 HMac -+ // */ -+ // public static class OldSHA512 -+ // extends JCEMac -+ // { -+ // public OldSHA512() -+ // { -+ // super(new OldHMac(new SHA512Digest())); -+ // } -+ // } - // -- // PKCS12 states that the same algorithm should be used -- // for the key generation as is used in the HMAC, so that -- // is what we do here. -+ // /** -+ // * RIPEMD128 HMac -+ // */ -+ // public static class RIPEMD128 -+ // extends JCEMac -+ // { -+ // public RIPEMD128() -+ // { -+ // super(new HMac(new RIPEMD128Digest())); -+ // } -+ // } - // +- BigInteger bX = this.q.getX().toBigInteger(); +- BigInteger bY = this.q.getY().toBigInteger(); +- byte[] encKey = new byte[64]; - -- /** -- * PBEWithHmacRIPEMD160 -- */ -- public static class PBEWithRIPEMD160 -- extends JCEMac -- { -- public PBEWithRIPEMD160() -- { -- super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -- } -- } -+ // /** -+ // * RIPEMD160 HMac -+ // */ -+ // public static class RIPEMD160 -+ // extends JCEMac -+ // { -+ // public RIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest())); -+ // } -+ // } -+ // -+ // /** -+ // * Tiger HMac -+ // */ -+ // public static class Tiger -+ // extends JCEMac -+ // { -+ // public Tiger() -+ // { -+ // super(new HMac(new TigerDigest())); -+ // } -+ // } -+ // -+ // // -+ // // PKCS12 states that the same algorithm should be used -+ // // for the key generation as is used in the HMAC, so that -+ // // is what we do here. -+ // // -+ // -+ // /** -+ // * PBEWithHmacRIPEMD160 -+ // */ -+ // public static class PBEWithRIPEMD160 -+ // extends JCEMac -+ // { -+ // public PBEWithRIPEMD160() -+ // { -+ // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithHmacSHA -@@ -403,19 +433,23 @@ - { - public PBEWithSHA() - { -- super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); -+ // BEGIN android-changed -+ super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); -+ // END android-changed - } - } - -- /** -- * PBEWithHmacTiger -- */ -- public static class PBEWithTiger -- extends JCEMac -- { -- public PBEWithTiger() -- { -- super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacTiger -+ // */ -+ // public static class PBEWithTiger -+ // extends JCEMac -+ // { -+ // public PBEWithTiger() -+ // { -+ // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -+ // } -+ // } -+ // END android-removed - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-04-10 22:02:36.000000000 +0000 -@@ -252,29 +252,31 @@ - } - } - -- /** -- * PBEWithMD2AndDES -- */ -- static public class PBEWithMD2AndDES -- extends DESPBEKeyFactory -- { -- public PBEWithMD2AndDES() -- { -- super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); -- } -- } +- extractBytes(encKey, 0, bX); +- extractBytes(encKey, 32, bY); - -- /** -- * PBEWithMD2AndRC2 -- */ -- static public class PBEWithMD2AndRC2 -- extends PBEKeyFactory -- { -- public PBEWithMD2AndRC2() -- { -- super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); +- try +- { +- info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); +- } +- catch (IOException e) +- { +- return null; +- } - } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithMD2AndDES -+ // */ -+ // static public class PBEWithMD2AndDES -+ // extends DESPBEKeyFactory -+ // { -+ // public PBEWithMD2AndDES() -+ // { -+ // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); -+ // } -+ // } -+ // -+ // /** -+ // * PBEWithMD2AndRC2 -+ // */ -+ // static public class PBEWithMD2AndRC2 -+ // extends PBEKeyFactory -+ // { -+ // public PBEWithMD2AndRC2() -+ // { -+ // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithMD5AndDES -@@ -408,17 +410,19 @@ - } - } - -- /** -- * PBEWithHmacRIPEMD160 -- */ -- public static class PBEWithRIPEMD160 -- extends PBEKeyFactory -- { -- public PBEWithRIPEMD160() -- { -- super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacRIPEMD160 -+ // */ -+ // public static class PBEWithRIPEMD160 -+ // extends PBEKeyFactory -+ // { -+ // public PBEWithRIPEMD160() -+ // { -+ // super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithHmacSHA -@@ -432,17 +436,19 @@ - } - } - -- /** -- * PBEWithHmacTiger -- */ -- public static class PBEWithTiger -- extends PBEKeyFactory -- { -- public PBEWithTiger() -- { -- super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); -- } -- } -+ // BEGIN android-removed -+ // /** -+ // * PBEWithHmacTiger -+ // */ -+ // public static class PBEWithTiger -+ // extends PBEKeyFactory -+ // { -+ // public PBEWithTiger() -+ // { -+ // super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); -+ // } -+ // } -+ // END android-removed - - /** - * PBEWithSHA1And128BitAES-BC -@@ -551,4 +557,79 @@ - super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); - } - } -+ // BEGIN android-added -+ static public class PBKDF2WithHmacSHA1Base -+ extends JCESecretKeyFactory -+ { -+ int mScheme; -+ -+ protected PBKDF2WithHmacSHA1Base( -+ String algName, -+ int scheme) -+ { -+ super(algName, PKCSObjectIdentifiers.id_PBKDF2); -+ this.mScheme = scheme; -+ } -+ -+ protected SecretKey engineGenerateSecret( -+ KeySpec keySpec) -+ throws InvalidKeySpecException -+ { -+ if (keySpec instanceof PBEKeySpec) -+ { -+ PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; -+ -+ if (pbeSpec.getSalt() == null) -+ { -+ throw new InvalidKeySpecException("missing required salt"); -+ } -+ -+ if (pbeSpec.getIterationCount() <= 0) -+ { -+ throw new InvalidKeySpecException("positive iteration count required: " -+ + pbeSpec.getIterationCount()); -+ } -+ -+ if (pbeSpec.getKeyLength() <= 0) -+ { -+ throw new InvalidKeySpecException("positive key length required: " -+ + pbeSpec.getKeyLength()); -+ } -+ -+ if (pbeSpec.getPassword().length == 0) -+ { -+ throw new IllegalArgumentException("password empty"); -+ } -+ -+ int digest = SHA1; -+ int keySize = pbeSpec.getKeyLength(); -+ int ivSize = -1; -+ -+ CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize); -+ -+ return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param); -+ } -+ -+ throw new InvalidKeySpecException("Invalid KeySpec"); -+ } -+ } -+ -+ static public class PBKDF2WithHmacSHA1 -+ extends PBKDF2WithHmacSHA1Base -+ { -+ public PBKDF2WithHmacSHA1() -+ { -+ super("PBKDF2WithHmacSHA1", PBKDF2); -+ } -+ } -+ -+ static public class BrokenPBKDF2WithHmacSHA1 -+ extends PBKDF2WithHmacSHA1Base -+ { -+ public BrokenPBKDF2WithHmacSHA1() -+ { -+ super("BrokenPBKDF2WithHmacSHA1", PKCS5S2); -+ } -+ } -+ // END android-added - } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEStreamCipher.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-01-29 02:13:59.000000000 +0000 +- else ++ // BEGIN android-removed ++ // if (algorithm.equals("ECGOST3410")) ++ // { ++ // if (gostParams != null) ++ // { ++ // params = gostParams; ++ // } ++ // else ++ // { ++ // if (ecSpec instanceof ECNamedCurveSpec) ++ // { ++ // params = new GOST3410PublicKeyAlgParameters( ++ // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), ++ // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); ++ // } ++ // else ++ // { // strictly speaking this may not be applicable... ++ // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); ++ // ++ // X9ECParameters ecP = new X9ECParameters( ++ // curve, ++ // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), ++ // ecSpec.getOrder(), ++ // BigInteger.valueOf(ecSpec.getCofactor()), ++ // ecSpec.getCurve().getSeed()); ++ // ++ // params = new X962Parameters(ecP); ++ // } ++ // } ++ // ++ // BigInteger bX = this.q.getX().toBigInteger(); ++ // BigInteger bY = this.q.getY().toBigInteger(); ++ // byte[] encKey = new byte[64]; ++ // ++ // extractBytes(encKey, 0, bX); ++ // extractBytes(encKey, 32, bY); ++ // ++ // try ++ // { ++ // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); ++ // } ++ // catch (IOException e) ++ // { ++ // return null; ++ // } ++ // } ++ // else ++ // END android-removed + { + if (ecSpec instanceof ECNamedCurveSpec) + { +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEStreamCipher.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-05-25 02:14:15.000000000 +0000 @@ -23,8 +23,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; @@ -8290,7 +7545,7 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher IvParameterSpec.class, PBEParameterSpec.class }; -@@ -491,125 +499,127 @@ +@@ -491,123 +499,125 @@ * The ciphers that inherit from us. */ @@ -8533,395 +7788,11 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JCEStreamCipher + // super(new OFBBlockCipher(new TwofishEngine(), 8), 128); + // } + // } -+ // END android-removed - - /** - * PBEWithSHAAnd128BitRC4 -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-09-17 23:04:47.000000000 +0000 -@@ -17,7 +17,9 @@ - import org.bouncycastle.asn1.DERSequence; - import org.bouncycastle.asn1.pkcs.PBKDF2Params; - import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; --import org.bouncycastle.jce.spec.IESParameterSpec; -+// BEGIN android-removed -+// import org.bouncycastle.jce.spec.IESParameterSpec; -+// END android-removed - - public abstract class JDKAlgorithmParameters - extends AlgorithmParametersSpi -@@ -208,109 +210,111 @@ - } - } - -- public static class IES -- extends JDKAlgorithmParameters -- { -- IESParameterSpec currentSpec; -- -- /** -- * in the absence of a standard way of doing it this will do for -- * now... -- */ -- protected byte[] engineGetEncoded() -- { -- try -- { -- ASN1EncodableVector v = new ASN1EncodableVector(); -- -- v.add(new DEROctetString(currentSpec.getDerivationV())); -- v.add(new DEROctetString(currentSpec.getEncodingV())); -- v.add(new DERInteger(currentSpec.getMacKeySize())); -- -- return new DERSequence(v).getEncoded(ASN1Encoding.DER); -- } -- catch (IOException e) -- { -- throw new RuntimeException("Error encoding IESParameters"); -- } -- } -- -- protected byte[] engineGetEncoded( -- String format) -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- return engineGetEncoded(); -- } -- -- return null; -- } -- -- protected AlgorithmParameterSpec localEngineGetParameterSpec( -- Class paramSpec) -- throws InvalidParameterSpecException -- { -- if (paramSpec == IESParameterSpec.class) -- { -- return currentSpec; -- } -- -- throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); -- } -- -- protected void engineInit( -- AlgorithmParameterSpec paramSpec) -- throws InvalidParameterSpecException -- { -- if (!(paramSpec instanceof IESParameterSpec)) -- { -- throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); -- } -- -- this.currentSpec = (IESParameterSpec)paramSpec; -- } -- -- protected void engineInit( -- byte[] params) -- throws IOException -- { -- try -- { -- ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); -- -- this.currentSpec = new IESParameterSpec( -- ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -- ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -- ((DERInteger)s.getObjectAt(0)).getValue().intValue()); -- } -- catch (ClassCastException e) -- { -- throw new IOException("Not a valid IES Parameter encoding."); -- } -- catch (ArrayIndexOutOfBoundsException e) -- { -- throw new IOException("Not a valid IES Parameter encoding."); -- } -- } -- -- protected void engineInit( -- byte[] params, -- String format) -- throws IOException -- { -- if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -- { -- engineInit(params); -- } -- else -- { -- throw new IOException("Unknown parameter format " + format); -- } -- } -- -- protected String engineToString() -- { -- return "IES Parameters"; -- } -- } -+ // BEGIN android-removed -+ // public static class IES -+ // extends JDKAlgorithmParameters -+ // { -+ // IESParameterSpec currentSpec; -+ // -+ // /** -+ // * in the absence of a standard way of doing it this will do for -+ // * now... -+ // */ -+ // protected byte[] engineGetEncoded() -+ // { -+ // try -+ // { -+ // ASN1EncodableVector v = new ASN1EncodableVector(); -+ // -+ // v.add(new DEROctetString(currentSpec.getDerivationV())); -+ // v.add(new DEROctetString(currentSpec.getEncodingV())); -+ // v.add(new DERInteger(currentSpec.getMacKeySize())); -+ // -+ // return new DERSequence(v).getEncoded(ASN1Encoding.DER); -+ // } -+ // catch (IOException e) -+ // { -+ // throw new RuntimeException("Error encoding IESParameters"); -+ // } -+ // } -+ // -+ // protected byte[] engineGetEncoded( -+ // String format) -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // return engineGetEncoded(); -+ // } -+ // -+ // return null; -+ // } -+ // -+ // protected AlgorithmParameterSpec localEngineGetParameterSpec( -+ // Class paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (paramSpec == IESParameterSpec.class) -+ // { -+ // return currentSpec; -+ // } -+ // -+ // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); -+ // } -+ // -+ // protected void engineInit( -+ // AlgorithmParameterSpec paramSpec) -+ // throws InvalidParameterSpecException -+ // { -+ // if (!(paramSpec instanceof IESParameterSpec)) -+ // { -+ // throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); -+ // } -+ // -+ // this.currentSpec = (IESParameterSpec)paramSpec; -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params) -+ // throws IOException -+ // { -+ // try -+ // { -+ // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); -+ // -+ // this.currentSpec = new IESParameterSpec( -+ // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -+ // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), -+ // ((DERInteger)s.getObjectAt(0)).getValue().intValue()); -+ // } -+ // catch (ClassCastException e) -+ // { -+ // throw new IOException("Not a valid IES Parameter encoding."); -+ // } -+ // catch (ArrayIndexOutOfBoundsException e) -+ // { -+ // throw new IOException("Not a valid IES Parameter encoding."); -+ // } -+ // } -+ // -+ // protected void engineInit( -+ // byte[] params, -+ // String format) -+ // throws IOException -+ // { -+ // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) -+ // { -+ // engineInit(params); -+ // } -+ // else -+ // { -+ // throw new IOException("Unknown parameter format " + format); -+ // } -+ // } -+ // -+ // protected String engineToString() -+ // { -+ // return "IES Parameters"; -+ // } -+ // } + // END android-removed } -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKKeyStore.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-09-17 23:04:47.000000000 +0000 -@@ -39,7 +39,12 @@ - import org.bouncycastle.crypto.CipherParameters; - import org.bouncycastle.crypto.Digest; - import org.bouncycastle.crypto.PBEParametersGenerator; --import org.bouncycastle.crypto.digests.SHA1Digest; -+// BEGIN android-added -+import org.bouncycastle.crypto.digests.AndroidDigestFactory; -+// END android-added -+// BEGIN android-removed -+// import org.bouncycastle.crypto.digests.SHA1Digest; -+// END android-removed - import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; - import org.bouncycastle.crypto.io.DigestInputStream; - import org.bouncycastle.crypto.io.DigestOutputStream; -@@ -498,7 +503,13 @@ - - if (entry == null) - { -- throw new KeyStoreException("no such entry as " + alias); -+ // BEGIN android-removed -+ // Only throw if there is a problem removing, not if missing -+ // throw new KeyStoreException("no such entry as " + alias); -+ // END android-removed -+ // BEGIN android-added -+ return; -+ // END android-added - } - - table.remove(alias); -@@ -817,12 +828,16 @@ - // - // we only do an integrity check if the password is provided. - // -- HMac hMac = new HMac(new SHA1Digest()); -+ // BEGIN android-changed -+ HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); -+ // END android-changed - if (password != null && password.length != 0) - { - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - -- PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); -+ // BEGIN android-changed -+ PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); -+ // END android-changed - pbeGen.init(passKey, salt, iterationCount); - - CipherParameters macParams; -@@ -884,9 +899,11 @@ - dOut.write(salt); - dOut.writeInt(iterationCount); - -- HMac hMac = new HMac(new SHA1Digest()); -+ // BEGIN android-changed -+ HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); - MacOutputStream mOut = new MacOutputStream(hMac); -- PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); -+ PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); -+ // END android-changed - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - pbeGen.init(passKey, salt, iterationCount); -@@ -974,7 +991,9 @@ - Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - -- Digest dig = new SHA1Digest(); -+ // BEGIN android-changed -+ Digest dig = AndroidDigestFactory.getSHA1(); -+ // END android-changed - DigestInputStream dgIn = new DigestInputStream(cIn, dig); - - this.loadStore(dgIn); -@@ -1013,7 +1032,9 @@ - cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); -- DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); -+ // BEGIN android-changed -+ DigestOutputStream dgOut = new DigestOutputStream(AndroidDigestFactory.getSHA1()); -+ // END android-changed - - this.saveStore(new TeeOutputStream(cOut, dgOut)); - -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2013-01-31 02:26:40.000000000 +0000 -@@ -1557,32 +1557,34 @@ - } - } - -- public static class BCPKCS12KeyStore3DES -- extends JDKPKCS12KeyStore -- { -- public BCPKCS12KeyStore3DES() -- { -- super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -- } -- } -- -- public static class DefPKCS12KeyStore -- extends JDKPKCS12KeyStore -- { -- public DefPKCS12KeyStore() -- { -- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); -- } -- } -- -- public static class DefPKCS12KeyStore3DES -- extends JDKPKCS12KeyStore -- { -- public DefPKCS12KeyStore3DES() -- { -- super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -- } -- } -+ // BEGIN android-removed -+ // public static class BCPKCS12KeyStore3DES -+ // extends JDKPKCS12KeyStore -+ // { -+ // public BCPKCS12KeyStore3DES() -+ // { -+ // super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -+ // } -+ // } -+ // -+ // public static class DefPKCS12KeyStore -+ // extends JDKPKCS12KeyStore -+ // { -+ // public DefPKCS12KeyStore() -+ // { -+ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); -+ // } -+ // } -+ // -+ // public static class DefPKCS12KeyStore3DES -+ // extends JDKPKCS12KeyStore -+ // { -+ // public DefPKCS12KeyStore3DES() -+ // { -+ // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); -+ // } -+ // } -+ // END android-removed - - private static class IgnoresCaseHashtable - { -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-09-17 23:04:47.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-09-17 23:04:47.000000000 +0000 @@ -1,5 +1,8 @@ package org.bouncycastle.jce.provider; @@ -8980,9 +7851,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/PKIXCertPathVal // try // { // -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509CertificateObject.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509CertificateObject.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-31 02:26:40.000000000 +0000 @@ -57,6 +57,9 @@ import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.x509.GeneralName; @@ -9026,9 +7897,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509Certificate break; case GeneralName.dNSName: case GeneralName.rfc822Name: -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509SignatureUtil.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509SignatureUtil.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-01-31 02:26:40.000000000 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERNull; @@ -9119,9 +7990,9 @@ diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/jce/provider/X509SignatureUt else { return digestAlgOID.getId(); -diff -Naur bcprov-jdk15on-148.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-148/org/bouncycastle/x509/X509Util.java ---- bcprov-jdk15on-148.orig/org/bouncycastle/x509/X509Util.java 2013-02-10 00:37:58.000000000 +0000 -+++ bcprov-jdk15on-148/org/bouncycastle/x509/X509Util.java 2013-01-31 02:26:40.000000000 +0000 +diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-149/org/bouncycastle/x509/X509Util.java +--- bcprov-jdk15on-149.orig/org/bouncycastle/x509/X509Util.java 2013-05-31 21:16:46.000000000 +0000 ++++ bcprov-jdk15on-149/org/bouncycastle/x509/X509Util.java 2013-01-31 02:26:40.000000000 +0000 @@ -25,12 +25,16 @@ import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERNull; -- cgit v1.2.3 From f847b1bef228a29e674e5f8568b4537f85ec7afb Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Fri, 28 Sep 2012 10:07:22 -0700 Subject: Allow CipherTest to run on RI (cherry picked from commit ee1cdde4bcea1635a6af99c2ada1e155cf1b7a3b) Change-Id: Idc2bbd24722f6f2ca046f8dff197c63cf9dfa03b --- Android.mk | 5 ++++- .../java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java | 4 +++- patches/bcprov.patch | 6 ++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/Android.mk b/Android.mk index de82f05..56c4b4f 100644 --- a/Android.mk +++ b/Android.mk @@ -15,12 +15,15 @@ # LOCAL_PATH := $(call my-dir) +# used for bouncycastle-hostdex where we want everything for testing all_bcprov_src_files := $(call all-java-files-under,bcprov/src/main/java) +# used for bouncycastle for target where we want to be sure to use OpenSSLDigest android_bcprov_src_files := $(filter-out \ bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java, \ $(all_bcprov_src_files)) +# used for bouncycastle-host where we can't use OpenSSLDigest ri_bcprov_src_files := $(filter-out \ bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java \ bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java, \ @@ -92,7 +95,7 @@ ifeq ($(WITH_HOST_DALVIK),true) include $(CLEAR_VARS) LOCAL_MODULE := bouncycastle-hostdex LOCAL_MODULE_TAGS := optional - LOCAL_SRC_FILES := $(android_bcprov_src_files) + LOCAL_SRC_FILES := $(all_bcprov_src_files) LOCAL_JAVACFLAGS := -encoding UTF-8 LOCAL_BUILD_HOST_DEX := true LOCAL_MODULE_TAGS := optional diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java index 1a82a46..3dc7059 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java @@ -33,11 +33,13 @@ public final class AndroidDigestFactory { Class factoryImplementationClass; try { factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); + // Double check for NativeCrypto in case we are running on RI for testing + Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); } catch (ClassNotFoundException e1) { try { factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); } catch (ClassNotFoundException e2) { - throw new AssertionError("Failed to find AndroidDigestFactoryInterface " + throw new AssertionError("Failed to load AndroidDigestFactoryInterface " + "implementation. Looked for " + OpenSSLFactoryClassName + " and " + BouncyCastleFactoryClassName); diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 744a5a4..7ea1ec9 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -314,7 +314,7 @@ diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer. diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java --- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 +++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2012-09-17 23:04:47.000000000 +0000 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,80 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * @@ -350,11 +350,13 @@ diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigest + Class factoryImplementationClass; + try { + factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); ++ // Double check for NativeCrypto in case we are running on RI for testing ++ Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); + } catch (ClassNotFoundException e1) { + try { + factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); + } catch (ClassNotFoundException e2) { -+ throw new AssertionError("Failed to find AndroidDigestFactoryInterface " ++ throw new AssertionError("Failed to load AndroidDigestFactoryInterface " + + "implementation. Looked for " + + OpenSSLFactoryClassName + " and " + + BouncyCastleFactoryClassName); -- cgit v1.2.3 From 580c719a4c5ff483af625fcffab41678e091971d Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 30 Apr 2013 18:48:41 -0700 Subject: Track changes to JSSE Bug: 8769295 (cherry picked from commit 0f9937b494fc6dd31fd04956963a3e258aece11b) Change-Id: I8c8f1572c79adc48b0dbd44e5c889c4432dce56a --- .../org/bouncycastle/crypto/digests/AndroidDigestFactory.java | 7 +++++-- patches/bcprov.patch | 11 +++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java index 3dc7059..b7bac28 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java @@ -34,15 +34,18 @@ public final class AndroidDigestFactory { try { factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); // Double check for NativeCrypto in case we are running on RI for testing - Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); + Class.forName("com.android.org.conscrypt.NativeCrypto"); } catch (ClassNotFoundException e1) { try { factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); } catch (ClassNotFoundException e2) { - throw new AssertionError("Failed to load AndroidDigestFactoryInterface " + AssertionError e = new AssertionError("Failed to load " + + "AndroidDigestFactoryInterface " + "implementation. Looked for " + OpenSSLFactoryClassName + " and " + BouncyCastleFactoryClassName); + e.initCause(e1); + throw e; } } if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { diff --git a/patches/bcprov.patch b/patches/bcprov.patch index 7ea1ec9..e6e7f40 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -313,8 +313,8 @@ diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer. } diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java --- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2012-09-17 23:04:47.000000000 +0000 -@@ -0,0 +1,80 @@ ++++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2013-05-01 01:48:41.000000000 +0000 +@@ -0,0 +1,83 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * @@ -351,15 +351,18 @@ diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigest + try { + factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); + // Double check for NativeCrypto in case we are running on RI for testing -+ Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto"); ++ Class.forName("com.android.org.conscrypt.NativeCrypto"); + } catch (ClassNotFoundException e1) { + try { + factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); + } catch (ClassNotFoundException e2) { -+ throw new AssertionError("Failed to load AndroidDigestFactoryInterface " ++ AssertionError e = new AssertionError("Failed to load " ++ + "AndroidDigestFactoryInterface " + + "implementation. Looked for " + + OpenSSLFactoryClassName + " and " + + BouncyCastleFactoryClassName); ++ e.initCause(e1); ++ throw e; + } + } + if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { -- cgit v1.2.3 From bffe79c9d53a7c1312090783c74d42cbbb4b0c40 Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Thu, 6 Jun 2013 15:46:15 -0700 Subject: Add to suggested BouncyCastle upgrade regression tests Change-Id: I846c6416075a5e434dcfe765c50b425ed1faddd5 --- README.android | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.android b/README.android index 8b7bb78..5a3e9b5 100644 --- a/README.android +++ b/README.android @@ -227,8 +227,17 @@ The following steps are recommended for porting new Bouncy Castle versions. libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignerTest.java - java.security.Timestamp libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/TimestampTest.java + - java.security.cert.TrustAnchor + libcore/luni/src/test/java/tests/security/cert/TrustAnchorTest.java - javax.net.ssl.TrustManagerFactory libcore/luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java + - java.net.URLConnection + libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java + libcore/luni/src/test/java/org/apache/harmony/luni/tests/java/net/URLConnectionTest.java + - javax.security.auth.x500.X500Principal + libcore/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java + libcore/luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java + libcore/luni/src/test/java/tests/api/javax/security/auth/X500PrincipalTest.java - javax.net.ssl.SSLSocket and javax.net.ssl.SSLEngine (which touch on Cipher, MessageDigest, Signature) libcore/luni/src/test/java/libcore/javax/net/ssl/ - Test Android additions to bouncycastle such as org.bouncycastle.crypto.digests.OpenSSLDigest and org.bouncycastle.jce.provider.CertBlacklist -- cgit v1.2.3