diff options
author | Sergio Giro <sgiro@google.com> | 2017-01-04 18:16:22 +0000 |
---|---|---|
committer | Sergio Giro <sgiro@google.com> | 2017-01-19 19:49:45 +0000 |
commit | 7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4 (patch) | |
tree | 8ebc72ead6f9a80938fdba92e217da96ee451037 /bcpkix/src/main/java/org/bouncycastle/cms | |
parent | fba1a1dba277746d3be0667de9eb4b98494a1963 (diff) | |
parent | eaf604a467ff401cd0e0f74051ff5afa9e07359d (diff) | |
download | bouncycastle-7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4.tar.gz |
bouncycastle: upgrade to version 1.56
Merge remote-tracking branch 'aosp/upstream-master' into merge-to-156
Test: ran the following cts modules: CtsLibcoreFileIOTestCases CtsLibcoreJavaUtilCollectionsTestCases CtsLibcoreJsr166TestCases CtsLibcoreLegacy22TestCases CtsLibcoreOjTestCases CtsLibcoreOkHttpTestCases CtsLibcoreTestCases
Bug: 31076342
Change-Id: Iceb926dc5a312b2047bf19d1c82fb16e42bc1461
Diffstat (limited to 'bcpkix/src/main/java/org/bouncycastle/cms')
6 files changed, 57 insertions, 8 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java index f256e2a2..242d64bb 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSAbsentContent.java @@ -17,7 +17,7 @@ public class CMSAbsentContent public CMSAbsentContent() { - this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId())); + this(CMSObjectIdentifiers.data); } public CMSAbsentContent( diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java index e8ebc83e..780d4660 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java @@ -41,7 +41,7 @@ public class DefaultCMSSignatureEncryptionAlgorithmFinder public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm) { - // RFC3370 section 3.2 + // RFC3370 section 3.2 with RFC 5754 update if (RSA_PKCS1d5.contains(signatureAlgorithm.getAlgorithm())) { return new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java index ddfd2ebd..fb268b29 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultSignedAttributeTableGenerator.java @@ -51,8 +51,8 @@ public class DefaultSignedAttributeTableGenerator /** * Create a standard attribute table from the passed in parameters - this will - * normally include contentType, signingTime, and messageDigest. If the constructor - * using an AttributeTable was used, entries in it for contentType, signingTime, and + * normally include contentType, signingTime, messageDigest, and CMS algorithm protection. + * If the constructor using an AttributeTable was used, entries in it for contentType, signingTime, and * messageDigest will override the generated ones. * * @param parameters source parameters for table generation. diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java b/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java index 7322fdcc..932c2762 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java @@ -1,5 +1,7 @@ package org.bouncycastle.cms; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; public interface PasswordRecipient @@ -8,6 +10,34 @@ public interface PasswordRecipient public static final int PKCS5_SCHEME2 = 0; public static final int PKCS5_SCHEME2_UTF8 = 1; + static final class PRF + { + public static final PRF HMacSHA1 = new PRF("HMacSHA1", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA1, DERNull.INSTANCE)); + public static final PRF HMacSHA224 = new PRF("HMacSHA224", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA224, DERNull.INSTANCE)); + public static final PRF HMacSHA256 = new PRF("HMacSHA256", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA256, DERNull.INSTANCE)); + public static final PRF HMacSHA384 = new PRF("HMacSHA384", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA384, DERNull.INSTANCE)); + public static final PRF HMacSHA512 = new PRF("HMacSHA512", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE)); + + private final String hmac; + final AlgorithmIdentifier prfAlgID; + + private PRF(String hmac, AlgorithmIdentifier prfAlgID) + { + this.hmac = hmac; + this.prfAlgID = prfAlgID; + } + + public String getName() + { + return hmac; + } + + public AlgorithmIdentifier getAlgorithmID() + { + return prfAlgID; + } + } + byte[] calculateDerivedKey(int schemeID, AlgorithmIdentifier derivationAlgorithm, int keySize) throws CMSException; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java index 7a47a2f8..ccb6e2cf 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInfoGeneratorBuilder.java @@ -29,10 +29,11 @@ public class SignerInfoGeneratorBuilder this(digestProvider, new DefaultCMSSignatureEncryptionAlgorithmFinder()); } - /** - * Base constructor. + /** + * Base constructor with a particular finder for signature algorithms. * - * @param digestProvider a provider of digest calculators for the algorithms required in the signature and attribute calculations. + * @param digestProvider a provider of digest calculators for the algorithms required in the signature and attribute calculations. + * @param sigEncAlgFinder finder for algorithm IDs to store for the signature encryption/signature algorithm field. */ public SignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider, CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder) { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java index 4a0e7ca4..17a2f093 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/jcajce/JcaSignerInfoGeneratorBuilder.java @@ -6,6 +6,8 @@ import java.security.cert.X509Certificate; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.cms.CMSAttributeTableGenerator; +import org.bouncycastle.cms.CMSSignatureEncryptionAlgorithmFinder; +import org.bouncycastle.cms.DefaultCMSSignatureEncryptionAlgorithmFinder; import org.bouncycastle.cms.SignerInfoGenerator; import org.bouncycastle.cms.SignerInfoGeneratorBuilder; import org.bouncycastle.operator.ContentSigner; @@ -16,9 +18,25 @@ public class JcaSignerInfoGeneratorBuilder { private SignerInfoGeneratorBuilder builder; + /** + * Base constructor. + * + * @param digestProvider a provider of digest calculators for the algorithms required in the signature and attribute calculations. + */ public JcaSignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider) { - builder = new SignerInfoGeneratorBuilder(digestProvider); + this(digestProvider, new DefaultCMSSignatureEncryptionAlgorithmFinder()); + } + + /** + * Base constructor with a particular finder for signature algorithms. + * + * @param digestProvider a provider of digest calculators for the algorithms required in the signature and attribute calculations. + * @param sigEncAlgFinder finder for algorithm IDs to store for the signature encryption/signature algorithm field. + */ + public JcaSignerInfoGeneratorBuilder(DigestCalculatorProvider digestProvider, CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder) + { + builder = new SignerInfoGeneratorBuilder(digestProvider, sigEncAlgFinder); } /** |