diff options
author | Adam Vartanian <flooey@google.com> | 2017-06-26 15:45:05 +0100 |
---|---|---|
committer | Adam Vartanian <flooey@google.com> | 2017-06-26 15:46:34 +0100 |
commit | 823ad5bac1616941ae772fe6b69560b49c89d7b3 (patch) | |
tree | 24b263c8c242eb3ef86f60429c056402df23faa9 /bcprov/src/main/java/org/bouncycastle/jcajce | |
parent | eaf604a467ff401cd0e0f74051ff5afa9e07359d (diff) | |
download | bouncycastle-823ad5bac1616941ae772fe6b69560b49c89d7b3.tar.gz |
bouncycastle: Android tree with upstream code for version 1.57
Test: no tests needed, this branch is only for diffing against upstream
Change-Id: I0bfc36b8c07bf4698383ee28ab771907fc1fa7fc
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jcajce')
29 files changed, 1052 insertions, 69 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java index badbfd14..85123951 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java @@ -1,5 +1,8 @@ package org.bouncycastle.jcajce.provider.asymmetric; +import java.util.HashMap; +import java.util.Map; + import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jcajce.provider.asymmetric.dh.KeyFactorySpi; @@ -10,6 +13,14 @@ public class DH { private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".dh."; + private static final Map<String, String> generalDhAttributes = new HashMap<String, String>(); + + static + { + generalDhAttributes.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey|javax.crypto.interfaces.DHPrivateKey"); + generalDhAttributes.put("SupportedKeyFormats", "PKCS#8|X.509"); + } + public static class Mappings extends AsymmetricAlgorithmProvider { @@ -22,6 +33,7 @@ public class DH provider.addAlgorithm("KeyPairGenerator.DH", PREFIX + "KeyPairGeneratorSpi"); provider.addAlgorithm("Alg.Alias.KeyPairGenerator.DIFFIEHELLMAN", "DH"); + provider.addAttributes("KeyAgreement.DH", generalDhAttributes); provider.addAlgorithm("KeyAgreement.DH", PREFIX + "KeyAgreementSpi"); provider.addAlgorithm("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH"); provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_ESDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF"); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java index 1bdc9941..2164cb6e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java @@ -79,7 +79,7 @@ public class DSA provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "DSA"); registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact); - registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA"); + registerOidAlgorithmParameterGenerator(provider, DSAUtil.dsaOids[i], "DSA"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java index 05bf010b..174d9c85 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java @@ -1,5 +1,8 @@ package org.bouncycastle.jcajce.provider.asymmetric; +import java.util.HashMap; +import java.util.Map; + import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; import org.bouncycastle.asn1.eac.EACObjectIdentifiers; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; @@ -15,6 +18,14 @@ public class EC { private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ec."; + private static final Map<String, String> generalEcAttributes = new HashMap<String, String>(); + + static + { + generalEcAttributes.put("SupportedKeyClasses", "java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey"); + generalEcAttributes.put("SupportedKeyFormats", "PKCS#8|X.509"); + } + public static class Mappings extends AsymmetricAlgorithmProvider { @@ -26,8 +37,11 @@ public class EC { provider.addAlgorithm("AlgorithmParameters.EC", PREFIX + "AlgorithmParametersSpi"); + provider.addAttributes("KeyAgreement.ECDH", generalEcAttributes); provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH"); + provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes); provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); + provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes); provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC"); provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo"); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java index 8dfeed08..279e9512 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java @@ -40,7 +40,7 @@ public class ElGamal AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); registerOid(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL", keyFact); - registerOidAlgorithmParameters(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL"); + registerOidAlgorithmParameterGenerator(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GM.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GM.java new file mode 100644 index 00000000..3192904b --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GM.java @@ -0,0 +1,35 @@ +package org.bouncycastle.jcajce.provider.asymmetric; + +import java.util.HashMap; +import java.util.Map; + +import org.bouncycastle.asn1.gm.GMObjectIdentifiers; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; + +public class GM +{ + private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ec."; + + private static final Map<String, String> generalSm2Attributes = new HashMap<String, String>(); + + static + { + generalSm2Attributes.put("SupportedKeyClasses", "java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey"); + generalSm2Attributes.put("SupportedKeyFormats", "PKCS#8|X.509"); + } + + public static class Mappings + extends AsymmetricAlgorithmProvider + { + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("Signature.SM3WITHSM2", PREFIX + "GMSignatureSpi$sm3WithSM2"); + provider.addAlgorithm("Alg.Alias.Signature." + GMObjectIdentifiers.sm2sign_with_sm3, "SM3WITHSM2"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java index 39ab20d3..30b6f2fb 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java @@ -31,7 +31,7 @@ public class GOST provider.addAlgorithm("AlgorithmParameterGenerator.GOST3410", PREFIX + "AlgorithmParameterGeneratorSpi"); registerOid(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410", new KeyFactorySpi()); - registerOidAlgorithmParameters(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); + registerOidAlgorithmParameterGenerator(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); provider.addAlgorithm("Signature.GOST3410", PREFIX + "SignatureSpi"); provider.addAlgorithm("Alg.Alias.Signature.GOST-3410", "GOST3410"); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java index ebb483e3..c32690ab 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java @@ -1,5 +1,8 @@ package org.bouncycastle.jcajce.provider.asymmetric; +import java.util.HashMap; +import java.util.Map; + import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; @@ -15,6 +18,14 @@ public class RSA { private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".rsa."; + private static final Map<String, String> generalRsaAttributes = new HashMap<String, String>(); + + static + { + generalRsaAttributes.put("SupportedKeyClasses", "javax.crypto.interfaces.RSAPublicKey|javax.crypto.interfaces.RSAPrivateKey"); + generalRsaAttributes.put("SupportedKeyFormats", "PKCS#8|X.509"); + } + public static class Mappings extends AsymmetricAlgorithmProvider { @@ -49,6 +60,7 @@ public class RSA provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); + provider.addAttributes("Cipher.RSA", generalRsaAttributes); provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding"); provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding"); provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java index e4c8172c..bf6bfe71 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java @@ -11,12 +11,13 @@ import javax.crypto.spec.DHParameterSpec; import org.bouncycastle.crypto.generators.DHParametersGenerator; import org.bouncycastle.crypto.params.DHParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi; +import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator; public class AlgorithmParameterGeneratorSpi extends BaseAlgorithmParameterGeneratorSpi { protected SecureRandom random; - protected int strength = 1024; + protected int strength = 2048; private int l = 0; @@ -48,13 +49,15 @@ public class AlgorithmParameterGeneratorSpi { DHParametersGenerator pGen = new DHParametersGenerator(); + int certainty = PrimeCertaintyCalculator.getDefaultCertainty(strength); + if (random != null) { - pGen.init(strength, 20, random); + pGen.init(strength, certainty, random); } else { - pGen.init(strength, 20, new SecureRandom()); + pGen.init(strength, certainty, new SecureRandom()); } DHParameters p = pGen.generateParameters(); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java index 6af56f53..02f7fe41 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java @@ -25,7 +25,6 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.KeyEncoder; import org.bouncycastle.crypto.agreement.DHBasicAgreement; -import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.engines.AESEngine; import org.bouncycastle.crypto.engines.DESedeEngine; import org.bouncycastle.crypto.engines.IESEngine; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java index b75b5e1a..801a04a2 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java @@ -17,7 +17,6 @@ import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.crypto.DerivationFunction; import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator; -import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.util.DigestFactory; import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi; import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java index 793f7299..864bf56f 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java @@ -15,6 +15,7 @@ import org.bouncycastle.crypto.params.DHKeyGenerationParameters; import org.bouncycastle.crypto.params.DHParameters; import org.bouncycastle.crypto.params.DHPrivateKeyParameters; import org.bouncycastle.crypto.params.DHPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.Integers; @@ -26,8 +27,7 @@ public class KeyPairGeneratorSpi DHKeyGenerationParameters param; DHBasicKeyPairGenerator engine = new DHBasicKeyPairGenerator(); - int strength = 1024; - int certainty = 20; + int strength = 2048; SecureRandom random = new SecureRandom(); boolean initialised = false; @@ -95,7 +95,7 @@ public class KeyPairGeneratorSpi DHParametersGenerator pGen = new DHParametersGenerator(); - pGen.init(strength, certainty, random); + pGen.init(strength, PrimeCertaintyCalculator.getDefaultCertainty(strength), random); param = new DHKeyGenerationParameters(random, pGen.generateParameters()); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java index 2d7c4c5d..9a79659c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java @@ -12,12 +12,13 @@ import org.bouncycastle.crypto.generators.DSAParametersGenerator; import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi; +import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator; public class AlgorithmParameterGeneratorSpi extends BaseAlgorithmParameterGeneratorSpi { protected SecureRandom random; - protected int strength = 1024; + protected int strength = 2048; protected DSAParameterGenerationParameters params; protected void engineInit( @@ -69,19 +70,21 @@ public class AlgorithmParameterGeneratorSpi random = new SecureRandom(); } + int certainty = PrimeCertaintyCalculator.getDefaultCertainty(strength); + if (strength == 1024) { - params = new DSAParameterGenerationParameters(1024, 160, 80, random); + params = new DSAParameterGenerationParameters(1024, 160, certainty, random); pGen.init(params); } else if (strength > 1024) { - params = new DSAParameterGenerationParameters(strength, 256, 80, random); + params = new DSAParameterGenerationParameters(strength, 256, certainty, random); pGen.init(params); } else { - pGen.init(strength, 20, random); + pGen.init(strength, certainty, random); } DSAParameters p = pGen.generateParameters(); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java index a9aeff59..02379783 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java @@ -21,7 +21,6 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.params.ParametersWithRandom; import org.bouncycastle.crypto.signers.HMacDSAKCalculator; import org.bouncycastle.crypto.util.DigestFactory; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java index bacbb6c2..0c019e7d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java @@ -17,6 +17,7 @@ import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; import org.bouncycastle.crypto.params.DSAPublicKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator; import org.bouncycastle.util.Integers; import org.bouncycastle.util.Properties; @@ -28,8 +29,7 @@ public class KeyPairGeneratorSpi DSAKeyGenerationParameters param; DSAKeyPairGenerator engine = new DSAKeyPairGenerator(); - int strength = 1024; - int certainty = 20; + int strength = 2048; SecureRandom random = new SecureRandom(); boolean initialised = false; @@ -94,6 +94,8 @@ public class KeyPairGeneratorSpi DSAParametersGenerator pGen; DSAParameterGenerationParameters dsaParams; + int certainty = PrimeCertaintyCalculator.getDefaultCertainty(strength); + // Typical combination of keysize and size of q. // keysize = 1024, q's size = 160 // keysize = 2048, q's size = 224 diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/GMSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/GMSignatureSpi.java new file mode 100644 index 00000000..3500de39 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/GMSignatureSpi.java @@ -0,0 +1,172 @@ +package org.bouncycastle.jcajce.provider.asymmetric.ec; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.PrivateKey; +import java.security.PublicKey; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.DSA; +import org.bouncycastle.crypto.Digest; +import org.bouncycastle.crypto.digests.SM3Digest; +import org.bouncycastle.crypto.params.ParametersWithRandom; +import org.bouncycastle.crypto.signers.SM2Signer; +import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; +import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; +import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; +import org.bouncycastle.util.Arrays; + +public class GMSignatureSpi + extends DSABase +{ + GMSignatureSpi(Digest digest, DSA signer, DSAEncoder encoder) + { + super(digest, signer, encoder); + } + + protected void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException + { + CipherParameters param = ECUtils.generatePublicKeyParameter(publicKey); + + digest.reset(); + signer.init(false, param); + } + + protected void engineInitSign( + PrivateKey privateKey) + throws InvalidKeyException + { + CipherParameters param = ECUtil.generatePrivateKeyParameter(privateKey); + + digest.reset(); + + if (appRandom != null) + { + signer.init(true, new ParametersWithRandom(param, appRandom)); + } + else + { + signer.init(true, param); + } + } + + static public class sm3WithSM2 + extends GMSignatureSpi + { + public sm3WithSM2() + { + super(new SM3Digest(), new SM2Signer(), new StdDSAEncoder()); + } + } + + private static class StdDSAEncoder + implements DSAEncoder + { + public byte[] encode( + BigInteger r, + BigInteger s) + throws IOException + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(new ASN1Integer(r)); + v.add(new ASN1Integer(s)); + + return new DERSequence(v).getEncoded(ASN1Encoding.DER); + } + + public BigInteger[] decode( + byte[] encoding) + throws IOException + { + ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); + if (s.size() != 2) + { + throw new IOException("malformed signature"); + } + if (!Arrays.areEqual(encoding, s.getEncoded(ASN1Encoding.DER))) + { + throw new IOException("malformed signature"); + } + + BigInteger[] sig = new BigInteger[2]; + + + sig[0] = ASN1Integer.getInstance(s.getObjectAt(0)).getValue(); + sig[1] = ASN1Integer.getInstance(s.getObjectAt(1)).getValue(); + + return sig; + } + } + + private static class PlainDSAEncoder + implements DSAEncoder + { + public byte[] encode( + BigInteger r, + BigInteger s) + throws IOException + { + byte[] first = makeUnsigned(r); + byte[] second = makeUnsigned(s); + byte[] res; + + if (first.length > second.length) + { + res = new byte[first.length * 2]; + } + else + { + res = new byte[second.length * 2]; + } + + System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length); + System.arraycopy(second, 0, res, res.length - second.length, second.length); + + return res; + } + + + private byte[] makeUnsigned(BigInteger val) + { + byte[] res = val.toByteArray(); + + if (res[0] == 0) + { + byte[] tmp = new byte[res.length - 1]; + + System.arraycopy(res, 1, tmp, 0, tmp.length); + + return tmp; + } + + return res; + } + + public BigInteger[] decode( + byte[] encoding) + throws IOException + { + BigInteger[] sig = new BigInteger[2]; + + byte[] first = new byte[encoding.length / 2]; + byte[] second = new byte[encoding.length / 2]; + + System.arraycopy(encoding, 0, first, 0, first.length); + System.arraycopy(encoding, first.length, second, 0, second.length); + + sig[0] = new BigInteger(1, first); + sig[1] = new BigInteger(1, second); + + return sig; + } + } +}
\ No newline at end of file diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java index f500350e..6fdebc73 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java @@ -23,7 +23,6 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.KeyEncoder; import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; -import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.engines.AESEngine; import org.bouncycastle.crypto.engines.DESedeEngine; import org.bouncycastle.crypto.engines.IESEngine; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java index 550c5f6e..8bad9f4d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java @@ -12,14 +12,7 @@ import java.security.spec.AlgorithmParameterSpec; import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.digests.SHA512tDigest; import org.bouncycastle.crypto.digests.WhirlpoolDigest; import org.bouncycastle.crypto.engines.RSABlindedEngine; import org.bouncycastle.crypto.signers.ISO9796d2Signer; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java index f779a66a..4159241b 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java @@ -12,6 +12,7 @@ import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; import org.bouncycastle.crypto.params.RSAKeyParameters; import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; +import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator; public class KeyPairGeneratorSpi extends java.security.KeyPairGenerator @@ -23,7 +24,6 @@ public class KeyPairGeneratorSpi } final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001); - final static int defaultTests = 112; RSAKeyGenerationParameters param; RSAKeyPairGenerator engine; @@ -34,7 +34,7 @@ public class KeyPairGeneratorSpi engine = new RSAKeyPairGenerator(); param = new RSAKeyGenerationParameters(defaultPublicExponent, - new SecureRandom(), 2048, defaultTests); + new SecureRandom(), 2048, PrimeCertaintyCalculator.getDefaultCertainty(2048)); engine.init(param); } @@ -43,7 +43,7 @@ public class KeyPairGeneratorSpi SecureRandom random) { param = new RSAKeyGenerationParameters(defaultPublicExponent, - random, strength, defaultTests); + random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength)); engine.init(param); } @@ -61,7 +61,7 @@ public class KeyPairGeneratorSpi param = new RSAKeyGenerationParameters( rsaParams.getPublicExponent(), - random, rsaParams.getKeysize(), defaultTests); + random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048)); engine.init(param); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java index 7542dba8..d4d91388 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java @@ -10,6 +10,7 @@ import java.util.Map; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.anssi.ANSSINamedCurves; import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +import org.bouncycastle.asn1.gm.GMNamedCurves; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.sec.SECNamedCurves; @@ -345,6 +346,10 @@ public class ECUtil { oid = ANSSINamedCurves.getOID(name); } + if (oid == null) + { + oid = GMNamedCurves.getOID(name); + } } return oid; @@ -391,6 +396,10 @@ public class ECUtil { params = TeleTrusTNamedCurves.getByOID(oid); } + if (params == null) + { + params = GMNamedCurves.getByOID(oid); + } } return params; @@ -416,6 +425,10 @@ public class ECUtil { params = TeleTrusTNamedCurves.getByName(curveName); } + if (params == null) + { + params = GMNamedCurves.getByName(curveName); + } } return params; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PrimeCertaintyCalculator.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PrimeCertaintyCalculator.java new file mode 100644 index 00000000..92431ef4 --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PrimeCertaintyCalculator.java @@ -0,0 +1,21 @@ +package org.bouncycastle.jcajce.provider.asymmetric.util; + +public class PrimeCertaintyCalculator +{ + private PrimeCertaintyCalculator() + { + + } + + /** + * Return the current wisdom on prime certainty requirements. + * + * @param keySizeInBits size of the key being generated. + * @return a certainty value. + */ + public static int getDefaultCertainty(int keySizeInBits) + { + // Based on FIPS 186-4 Table C.1 + return keySizeInBits <= 1024 ? 80 : (96 + 16 * ((keySizeInBits - 1) / 1024)); + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java index 9bd1bf0b..7765c277 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java @@ -4,7 +4,6 @@ import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.io.PushbackInputStream; import java.security.cert.CRL; import java.security.cert.CRLException; import java.security.cert.CertPath; @@ -44,6 +43,7 @@ public class CertificateFactory private static final PEMUtil PEM_CERT_PARSER = new PEMUtil("CERTIFICATE"); private static final PEMUtil PEM_CRL_PARSER = new PEMUtil("CRL"); + private static final PEMUtil PEM_PKCS7_PARSER = new PEMUtil("PKCS7"); private ASN1Set sData = null; private int sDataObjectCount = 0; @@ -57,8 +57,24 @@ public class CertificateFactory ASN1InputStream dIn) throws IOException, CertificateParsingException { - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + return getCertificate(ASN1Sequence.getInstance(dIn.readObject())); + } + + private java.security.cert.Certificate readPEMCertificate( + InputStream in) + throws IOException, CertificateParsingException + { + return getCertificate(PEM_CERT_PARSER.readPEMObject(in)); + } + private java.security.cert.Certificate getCertificate(ASN1Sequence seq) + throws CertificateParsingException + { + if (seq == null) + { + return null; + } + if (seq.size() > 1 && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) { @@ -95,23 +111,9 @@ public class CertificateFactory return null; } - private java.security.cert.Certificate readPEMCertificate( - InputStream in) - throws IOException, CertificateParsingException - { - ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in); - - if (seq != null) - { - return new X509CertificateObject(bcHelper, - Certificate.getInstance(seq)); - } - - return null; - } protected CRL createCRL(CertificateList c) - throws CRLException + throws CRLException { return new X509CRLObject(bcHelper, c); } @@ -120,23 +122,24 @@ public class CertificateFactory InputStream in) throws IOException, CRLException { - ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in); - - if (seq != null) - { - return createCRL( - CertificateList.getInstance(seq)); - } - - return null; + return getCRL(PEM_CRL_PARSER.readPEMObject(in)); } private CRL readDERCRL( ASN1InputStream aIn) throws IOException, CRLException { - ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); + return getCRL(ASN1Sequence.getInstance(aIn.readObject())); + } + private CRL getCRL(ASN1Sequence seq) + throws CRLException + { + if (seq == null) + { + return null; + } + if (seq.size() > 1 && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) { @@ -144,7 +147,7 @@ public class CertificateFactory { sCrlData = SignedData.getInstance(ASN1Sequence.getInstance( (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs(); - + return getCRL(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java index 3efd2d69..7badbdc1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java @@ -10,16 +10,20 @@ class PEMUtil { private final String _header1; private final String _header2; + private final String _header3; private final String _footer1; private final String _footer2; + private final String _footer3; PEMUtil( String type) { _header1 = "-----BEGIN " + type + "-----"; _header2 = "-----BEGIN X509 " + type + "-----"; + _header3 = "-----BEGIN PKCS7-----"; _footer1 = "-----END " + type + "-----"; _footer2 = "-----END X509 " + type + "-----"; + _footer3 = "-----END PKCS7-----"; } private String readLine( @@ -71,7 +75,7 @@ class PEMUtil while ((line = readLine(in)) != null) { - if (line.startsWith(_header1) || line.startsWith(_header2)) + if (line.startsWith(_header1) || line.startsWith(_header2) || line.startsWith(_header3)) { break; } @@ -79,7 +83,7 @@ class PEMUtil while ((line = readLine(in)) != null) { - if (line.startsWith(_footer1) || line.startsWith(_footer2)) + if (line.startsWith(_footer1) || line.startsWith(_footer2) || line.startsWith(_footer3)) { break; } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index 0865b576..768df66e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -1,5 +1,7 @@ package org.bouncycastle.jcajce.provider.config; +import java.util.Map; + import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; @@ -48,4 +50,6 @@ public interface ConfigurableProvider boolean hasAlgorithm(String type, String name); void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter); + + void addAttributes(String key, Map<String, String> attributeMap); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java index b33c3054..d48c4018 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java @@ -5,10 +5,15 @@ import java.security.PrivilegedAction; import java.security.Provider; import java.security.SecureRandom; import java.security.SecureRandomSpi; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicReference; import org.bouncycastle.crypto.digests.SHA512Digest; +import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.prng.EntropySource; import org.bouncycastle.crypto.prng.EntropySourceProvider; +import org.bouncycastle.crypto.prng.SP800SecureRandom; import org.bouncycastle.crypto.prng.SP800SecureRandomBuilder; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; @@ -108,15 +113,22 @@ public class DRBG EntropySource initSource = entropyProvider.get(16 * 8); + byte[] personalisationString = isPredictionResistant ? generateDefaultPersonalizationString(initSource.getEntropy()) + : generateNonceIVPersonalizationString(initSource.getEntropy()); + return new SP800SecureRandomBuilder(entropyProvider) - .setPersonalizationString(generateDefaultPersonalizationString(initSource.getEntropy())) + .setPersonalizationString(personalisationString) .buildHash(new SHA512Digest(), Arrays.concatenate(initSource.getEntropy(), initSource.getEntropy()), isPredictionResistant); } else { - SecureRandom randomSource = createInitialEntropySource(); // needs to be done late, can't use static + SecureRandom randomSource = new HybridSecureRandom(); // needs to be done late, can't use static + + byte[] personalisationString = isPredictionResistant ? generateDefaultPersonalizationString(randomSource.generateSeed(16)) + : generateNonceIVPersonalizationString(randomSource.generateSeed(16)); + return new SP800SecureRandomBuilder(randomSource, true) - .setPersonalizationString(generateDefaultPersonalizationString(randomSource.generateSeed(16))) + .setPersonalizationString(personalisationString) .buildHash(new SHA512Digest(), randomSource.generateSeed(32), isPredictionResistant); } } @@ -196,4 +208,106 @@ public class DRBG return Arrays.concatenate(Strings.toByteArray("Nonce"), seed, Pack.longToLittleEndian(Thread.currentThread().getId()), Pack.longToLittleEndian(System.currentTimeMillis())); } + + private static class HybridSecureRandom + extends SecureRandom + { + private final AtomicBoolean seedAvailable = new AtomicBoolean(false); + private final AtomicInteger samples = new AtomicInteger(0); + private final SecureRandom baseRandom = createInitialEntropySource(); + private final SP800SecureRandom drbg; + + HybridSecureRandom() + { + drbg = new SP800SecureRandomBuilder(new EntropySourceProvider() + { + public EntropySource get(final int bitsRequired) + { + return new SignallingEntropySource(bitsRequired); + } + }) + .setPersonalizationString(Strings.toByteArray("Bouncy Castle Hybrid Entropy Source")) + .buildHMAC(new HMac(new SHA512Digest()), baseRandom.generateSeed(32), false); // 32 byte nonce + } + + public byte[] generateSeed(int numBytes) + { + byte[] data = new byte[numBytes]; + + // after 20 samples we'll start to check if there is new seed material. + if (samples.getAndIncrement() > 20) + { + if (seedAvailable.getAndSet(false)) + { + samples.set(0); + drbg.reseed(null); + } + } + + drbg.nextBytes(data); + + return data; + } + + private class SignallingEntropySource + implements EntropySource + { + private final int byteLength; + private final AtomicReference entropy = new AtomicReference(); + private final AtomicBoolean scheduled = new AtomicBoolean(false); + + SignallingEntropySource(int bitsRequired) + { + this.byteLength = (bitsRequired + 7) / 8; + } + + public boolean isPredictionResistant() + { + return true; + } + + public byte[] getEntropy() + { + byte[] seed = (byte[])entropy.getAndSet(null); + + if (seed == null || seed.length != byteLength) + { + seed = baseRandom.generateSeed(byteLength); + } + else + { + scheduled.set(false); + } + + if (!scheduled.getAndSet(true)) + { + new Thread(new EntropyGatherer(byteLength)).start(); + } + + return seed; + } + + public int entropySize() + { + return byteLength * 8; + } + + private class EntropyGatherer + implements Runnable + { + private final int numBytes; + + EntropyGatherer(int numBytes) + { + this.numBytes = numBytes; + } + + public void run() + { + entropy.set(baseRandom.generateSeed(numBytes)); + seedAvailable.set(true); + } + } + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java index 1c131468..09da0546 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -6,6 +6,8 @@ import java.security.InvalidAlgorithmParameterException; import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; +import java.util.HashMap; +import java.util.Map; import javax.crypto.spec.IvParameterSpec; @@ -22,6 +24,7 @@ import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.Mac; import org.bouncycastle.crypto.engines.AESEngine; import org.bouncycastle.crypto.engines.AESWrapEngine; +import org.bouncycastle.crypto.engines.AESWrapPadEngine; import org.bouncycastle.crypto.engines.RFC3211WrapEngine; import org.bouncycastle.crypto.engines.RFC5649WrapEngine; import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; @@ -49,6 +52,14 @@ public final class AES { private static final Class gcmSpecClass = lookup("javax.crypto.spec.GCMParameterSpec"); + private static final Map<String, String> generalAesAttributes = new HashMap<String, String>(); + + static + { + generalAesAttributes.put("SupportedKeyClasses", "javax.crypto.SecretKey"); + generalAesAttributes.put("SupportedKeyFormats", "RAW"); + } + private AES() { } @@ -232,6 +243,15 @@ public final class AES } } + public static class WrapPad + extends BaseWrapCipher + { + public WrapPad() + { + super(new AESWrapPadEngine()); + } + } + public static class RFC3211Wrap extends BaseWrapCipher { @@ -812,6 +832,7 @@ public final class AES provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + provider.addAttributes("Cipher.AES", generalAesAttributes); provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); @@ -828,12 +849,21 @@ public final class AES provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); + + provider.addAttributes("Cipher.AESWRAP", generalAesAttributes); provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); provider.addAlgorithm("Alg.Alias.Cipher.AESKW", "AESWRAP"); + provider.addAttributes("Cipher.AESWRAPPAD", generalAesAttributes); + provider.addAlgorithm("Cipher.AESWRAPPAD", PREFIX + "$WrapPad"); + provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap_pad, "AESWRAPPAD"); + provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap_pad, "AESWRAPPAD"); + provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap_pad, "AESWRAPPAD"); + provider.addAlgorithm("Alg.Alias.Cipher.AESKWP", "AESWRAPPAD"); + provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap"); @@ -842,6 +872,7 @@ public final class AES provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM"); provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM"); + provider.addAttributes("Cipher.CCM", generalAesAttributes); provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM"); provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_CCM, "CCM"); provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_CCM, "CCM"); @@ -852,6 +883,7 @@ public final class AES provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM"); provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM"); + provider.addAttributes("Cipher.GCM", generalAesAttributes); provider.addAlgorithm("Cipher.GCM", PREFIX + "$GCM"); provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_GCM, "GCM"); provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_GCM, "GCM"); @@ -883,6 +915,10 @@ public final class AES provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128"); provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192"); provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator.AESWRAPPAD", PREFIX + "$KeyGen"); + provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap_pad, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap_pad, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap_pad, PREFIX + "$KeyGen256"); provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARIA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARIA.java new file mode 100644 index 00000000..819a832b --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARIA.java @@ -0,0 +1,508 @@ +package org.bouncycastle.jcajce.provider.symmetric; + +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +import javax.crypto.spec.IvParameterSpec; + +import org.bouncycastle.asn1.cms.CCMParameters; +import org.bouncycastle.asn1.cms.GCMParameters; +import org.bouncycastle.asn1.nsri.NSRIObjectIdentifiers; +import org.bouncycastle.crypto.BlockCipher; +import org.bouncycastle.crypto.BufferedBlockCipher; +import org.bouncycastle.crypto.CipherKeyGenerator; +import org.bouncycastle.crypto.engines.ARIAEngine; +import org.bouncycastle.crypto.engines.ARIAWrapEngine; +import org.bouncycastle.crypto.engines.ARIAWrapPadEngine; +import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; +import org.bouncycastle.crypto.macs.GMac; +import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.crypto.modes.CFBBlockCipher; +import org.bouncycastle.crypto.modes.GCMBlockCipher; +import org.bouncycastle.crypto.modes.OFBBlockCipher; +import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; +import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; +import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; +import org.bouncycastle.jcajce.spec.AEADParameterSpec; + +public final class ARIA +{ + private ARIA() + { + } + + public static class ECB + extends BaseBlockCipher + { + public ECB() + { + super(new BlockCipherProvider() + { + public BlockCipher get() + { + return new ARIAEngine(); + } + }); + } + } + + public static class CBC + extends BaseBlockCipher + { + public CBC() + { + super(new CBCBlockCipher(new ARIAEngine()), 128); + } + } + + static public class CFB + extends BaseBlockCipher + { + public CFB() + { + super(new BufferedBlockCipher(new CFBBlockCipher(new ARIAEngine(), 128)), 128); + } + } + + static public class OFB + extends BaseBlockCipher + { + public OFB() + { + super(new BufferedBlockCipher(new OFBBlockCipher(new ARIAEngine(), 128)), 128); + } + } + + public static class Wrap + extends BaseWrapCipher + { + public Wrap() + { + super(new ARIAWrapEngine()); + } + } + + public static class WrapPad + extends BaseWrapCipher + { + public WrapPad() + { + super(new ARIAWrapPadEngine()); + } + } + + public static class RFC3211Wrap + extends BaseWrapCipher + { + public RFC3211Wrap() + { + super(new RFC3211WrapEngine(new ARIAEngine()), 16); + } + } + + public static class GMAC + extends BaseMac + { + public GMAC() + { + super(new GMac(new GCMBlockCipher(new ARIAEngine()))); + } + } + + public static class Poly1305 + extends BaseMac + { + public Poly1305() + { + super(new org.bouncycastle.crypto.macs.Poly1305(new ARIAEngine())); + } + } + + public static class Poly1305KeyGen + extends BaseKeyGenerator + { + public Poly1305KeyGen() + { + super("Poly1305-ARIA", 256, new Poly1305KeyGenerator()); + } + } + + public static class KeyGen + extends BaseKeyGenerator + { + public KeyGen() + { + this(256); + } + + public KeyGen(int keySize) + { + super("ARIA", keySize, new CipherKeyGenerator()); + } + } + + public static class KeyGen128 + extends KeyGen + { + public KeyGen128() + { + super(128); + } + } + + public static class KeyGen192 + extends KeyGen + { + public KeyGen192() + { + super(192); + } + } + + public static class KeyGen256 + extends KeyGen + { + public KeyGen256() + { + super(256); + } + } + + public static class AlgParamGen + extends BaseAlgorithmParameterGenerator + { + protected void engineInit( + AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for ARIA parameter generation."); + } + + protected AlgorithmParameters engineGenerateParameters() + { + byte[] iv = new byte[16]; + + if (random == null) + { + random = new SecureRandom(); + } + + random.nextBytes(iv); + + AlgorithmParameters params; + + try + { + params = createParametersInstance("ARIA"); + params.init(new IvParameterSpec(iv)); + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage()); + } + + return params; + } + } + + public static class AlgParams + extends IvAlgorithmParameters + { + protected String engineToString() + { + return "ARIA IV"; + } + } + + public static class AlgParamsGCM + extends BaseAlgorithmParameters + { + private GCMParameters gcmParams; + + protected void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (GcmSpecUtil.isGcmSpec(paramSpec)) + { + gcmParams = GcmSpecUtil.extractGcmParameters(paramSpec); + } + else if (paramSpec instanceof AEADParameterSpec) + { + gcmParams = new GCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8); + } + else + { + throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName()); + } + } + + protected void engineInit(byte[] params) + throws IOException + { + gcmParams = GCMParameters.getInstance(params); + } + + protected void engineInit(byte[] params, String format) + throws IOException + { + if (!isASN1FormatString(format)) + { + throw new IOException("unknown format specified"); + } + + gcmParams = GCMParameters.getInstance(params); + } + + protected byte[] engineGetEncoded() + throws IOException + { + return gcmParams.getEncoded(); + } + + protected byte[] engineGetEncoded(String format) + throws IOException + { + if (!isASN1FormatString(format)) + { + throw new IOException("unknown format specified"); + } + + return gcmParams.getEncoded(); + } + + protected String engineToString() + { + return "GCM"; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec)) + { + if (GcmSpecUtil.gcmSpecExists()) + { + return GcmSpecUtil.extractGcmSpec(gcmParams.toASN1Primitive()); + } + return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8); + } + if (paramSpec == AEADParameterSpec.class) + { + return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8); + } + if (paramSpec == IvParameterSpec.class) + { + return new IvParameterSpec(gcmParams.getNonce()); + } + + throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName()); + } + } + + public static class AlgParamsCCM + extends BaseAlgorithmParameters + { + private CCMParameters ccmParams; + + protected void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + if (GcmSpecUtil.isGcmSpec(paramSpec)) + { + ccmParams = CCMParameters.getInstance(GcmSpecUtil.extractGcmParameters(paramSpec)); + } + else if (paramSpec instanceof AEADParameterSpec) + { + ccmParams = new CCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8); + } + else + { + throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName()); + } + } + + protected void engineInit(byte[] params) + throws IOException + { + ccmParams = CCMParameters.getInstance(params); + } + + protected void engineInit(byte[] params, String format) + throws IOException + { + if (!isASN1FormatString(format)) + { + throw new IOException("unknown format specified"); + } + + ccmParams = CCMParameters.getInstance(params); + } + + protected byte[] engineGetEncoded() + throws IOException + { + return ccmParams.getEncoded(); + } + + protected byte[] engineGetEncoded(String format) + throws IOException + { + if (!isASN1FormatString(format)) + { + throw new IOException("unknown format specified"); + } + + return ccmParams.getEncoded(); + } + + protected String engineToString() + { + return "CCM"; + } + + protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException + { + if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec)) + { + if (GcmSpecUtil.gcmSpecExists()) + { + return GcmSpecUtil.extractGcmSpec(ccmParams.toASN1Primitive()); + } + return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8); + } + if (paramSpec == AEADParameterSpec.class) + { + return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8); + } + if (paramSpec == IvParameterSpec.class) + { + return new IvParameterSpec(ccmParams.getNonce()); + } + + throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName()); + } + } + + public static class Mappings + extends SymmetricAlgorithmProvider + { + private static final String PREFIX = ARIA.class.getName(); + + public Mappings() + { + } + + public void configure(ConfigurableProvider provider) + { + provider.addAlgorithm("AlgorithmParameters.ARIA", PREFIX + "$AlgParams"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters", NSRIObjectIdentifiers.id_aria128_cbc, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters", NSRIObjectIdentifiers.id_aria192_cbc, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameters", NSRIObjectIdentifiers.id_aria256_cbc, "ARIA"); + + provider.addAlgorithm("AlgorithmParameterGenerator.ARIA", PREFIX + "$AlgParamGen"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria128_cbc, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria192_cbc, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria256_cbc, "ARIA"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria128_ofb, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria192_ofb, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria256_ofb, "ARIA"); + + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria128_cfb, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria192_cfb, "ARIA"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria256_cfb, "ARIA"); + + + provider.addAlgorithm("Cipher.ARIA", PREFIX + "$ECB"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_ecb, PREFIX + "$ECB"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_ecb, PREFIX + "$ECB"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_ecb, PREFIX + "$ECB"); + + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_cbc, PREFIX + "$CBC"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_cbc, PREFIX + "$CBC"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_cbc, PREFIX + "$CBC"); + + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_cfb, PREFIX + "$CFB"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_cfb, PREFIX + "$CFB"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_cfb, PREFIX + "$CFB"); + + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_ofb, PREFIX + "$OFB"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_ofb, PREFIX + "$OFB"); + provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_ofb, PREFIX + "$OFB"); + + provider.addAlgorithm("Cipher.ARIARFC3211WRAP", PREFIX + "$RFC3211Wrap"); + + provider.addAlgorithm("Cipher.ARIAWRAP", PREFIX + "$Wrap"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_kw, "ARIAWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_kw, "ARIAWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_kw, "ARIAWRAP"); + provider.addAlgorithm("Alg.Alias.Cipher.ARIAKW", "ARIAWRAP"); + + provider.addAlgorithm("Cipher.ARIAWRAPPAD", PREFIX + "$WrapPad"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_kwp, "ARIAWRAPPAD"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_kwp, "ARIAWRAPPAD"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_kwp, "ARIAWRAPPAD"); + provider.addAlgorithm("Alg.Alias.Cipher.ARIAKWP", "ARIAWRAPPAD"); + + provider.addAlgorithm("KeyGenerator.ARIA", PREFIX + "$KeyGen"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_kw, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_kw, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_kw, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_kwp, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_kwp, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_kwp, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_ecb, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_ecb, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_ecb, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_cbc, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_cbc, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_cbc, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_cfb, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_cfb, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_cfb, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_ofb, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_ofb, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_ofb, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_ccm, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_ccm, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_ccm, PREFIX + "$KeyGen256"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_gcm, PREFIX + "$KeyGen128"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_gcm, PREFIX + "$KeyGen192"); + provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_gcm, PREFIX + "$KeyGen256"); + + provider.addAlgorithm("AlgorithmParameterGenerator.ARIACCM", PREFIX + "$AlgParamGenCCM"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria128_ccm, "CCM"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria192_ccm, "CCM"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria256_ccm, "CCM"); + + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_ccm, "CCM"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_ccm, "CCM"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_ccm, "CCM"); + + provider.addAlgorithm("AlgorithmParameterGenerator.ARIAGCM", PREFIX + "$AlgParamGenGCM"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria128_gcm, "GCM"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria192_gcm, "GCM"); + provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria256_gcm, "GCM"); + + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_gcm, "GCM"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_gcm, "GCM"); + provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_gcm, "GCM"); + + addGMacAlgorithm(provider, "ARIA", PREFIX + "$GMAC", PREFIX + "$KeyGen"); + addPoly1305Algorithm(provider, "ARIA", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); + } + } +} diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java index daa53d78..7c41af04 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java @@ -18,6 +18,7 @@ import javax.crypto.spec.RC2ParameterSpec; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Mac; +import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.params.AEADParameters; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -35,8 +36,8 @@ public class BaseMac private Mac macEngine; private int scheme = PKCS12; - private int pbeHash = SHA1; - private int keySize = 160; + private int pbeHash = SHA1; + private int keySize = 160; protected BaseMac( Mac macEngine) @@ -103,10 +104,40 @@ public class BaseMac digest = GOST3411; keySize = 256; } - else if (macEngine.getAlgorithmName().startsWith("SHA256")) + else if (macEngine instanceof HMac) { - digest = SHA256; - keySize = 256; + if (!macEngine.getAlgorithmName().startsWith("SHA-1")) + { + if (macEngine.getAlgorithmName().startsWith("SHA-224")) + { + digest = SHA224; + keySize = 224; + } + else if (macEngine.getAlgorithmName().startsWith("SHA-256")) + { + digest = SHA256; + keySize = 256; + } + else if (macEngine.getAlgorithmName().startsWith("SHA-384")) + { + digest = SHA384; + keySize = 384; + } + else if (macEngine.getAlgorithmName().startsWith("SHA-512")) + { + digest = SHA512; + keySize = 512; + } + else if (macEngine.getAlgorithmName().startsWith("RIPEMD160")) + { + digest = RIPEMD160; + keySize = 160; + } + else + { + throw new InvalidAlgorithmParameterException("no PKCS12 mapping for HMAC: " + macEngine.getAlgorithmName()); + } + } } // TODO: add correct handling for other digests param = PBE.Util.makePBEMacParameters(k, PKCS12, digest, keySize, pbeSpec); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java index e4a10e1c..598d1fc0 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java @@ -5,6 +5,7 @@ import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.InvalidParameterException; import java.security.Key; +import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; @@ -119,10 +120,11 @@ public class BaseStreamCipher */ protected void engineSetMode( String mode) + throws NoSuchAlgorithmException { if (!mode.equalsIgnoreCase("ECB")) { - throw new IllegalArgumentException("can't support mode " + mode); + throw new NoSuchAlgorithmException("can't support mode " + mode); } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java index c4010844..448c3527 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java @@ -36,6 +36,11 @@ public abstract class AsymmetricAlgorithmProvider protected void registerOidAlgorithmParameters(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) { + provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + oid, name); + } + + protected void registerOidAlgorithmParameterGenerator(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) + { provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + oid, name); provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + oid, name); } |