summaryrefslogtreecommitdiff
path: root/bcprov/src/main/java/org/bouncycastle/jcajce
diff options
context:
space:
mode:
authorAdam Vartanian <flooey@google.com>2017-06-26 15:45:05 +0100
committerAdam Vartanian <flooey@google.com>2017-06-26 15:46:34 +0100
commit823ad5bac1616941ae772fe6b69560b49c89d7b3 (patch)
tree24b263c8c242eb3ef86f60429c056402df23faa9 /bcprov/src/main/java/org/bouncycastle/jcajce
parenteaf604a467ff401cd0e0f74051ff5afa9e07359d (diff)
downloadbouncycastle-823ad5bac1616941ae772fe6b69560b49c89d7b3.tar.gz
bouncycastle: Android tree with upstream code for version 1.57
Test: no tests needed, this branch is only for diffing against upstream Change-Id: I0bfc36b8c07bf4698383ee28ab771907fc1fa7fc
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jcajce')
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java12
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java2
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java14
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java2
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GM.java35
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java2
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java12
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java9
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java1
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java1
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java6
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java11
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java1
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java6
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/GMSignatureSpi.java172
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java1
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java7
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java8
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java13
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PrimeCertaintyCalculator.java21
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java59
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java8
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java4
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java120
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java36
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARIA.java508
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java41
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java4
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java5
29 files changed, 1052 insertions, 69 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
index badbfd14..85123951 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
@@ -1,5 +1,8 @@
package org.bouncycastle.jcajce.provider.asymmetric;
+import java.util.HashMap;
+import java.util.Map;
+
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jcajce.provider.asymmetric.dh.KeyFactorySpi;
@@ -10,6 +13,14 @@ public class DH
{
private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".dh.";
+ private static final Map<String, String> generalDhAttributes = new HashMap<String, String>();
+
+ static
+ {
+ generalDhAttributes.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey|javax.crypto.interfaces.DHPrivateKey");
+ generalDhAttributes.put("SupportedKeyFormats", "PKCS#8|X.509");
+ }
+
public static class Mappings
extends AsymmetricAlgorithmProvider
{
@@ -22,6 +33,7 @@ public class DH
provider.addAlgorithm("KeyPairGenerator.DH", PREFIX + "KeyPairGeneratorSpi");
provider.addAlgorithm("Alg.Alias.KeyPairGenerator.DIFFIEHELLMAN", "DH");
+ provider.addAttributes("KeyAgreement.DH", generalDhAttributes);
provider.addAlgorithm("KeyAgreement.DH", PREFIX + "KeyAgreementSpi");
provider.addAlgorithm("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH");
provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_ESDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
index 1bdc9941..2164cb6e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
@@ -79,7 +79,7 @@ public class DSA
provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "DSA");
registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact);
- registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA");
+ registerOidAlgorithmParameterGenerator(provider, DSAUtil.dsaOids[i], "DSA");
}
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
index 05bf010b..174d9c85 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
@@ -1,5 +1,8 @@
package org.bouncycastle.jcajce.provider.asymmetric;
+import java.util.HashMap;
+import java.util.Map;
+
import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -15,6 +18,14 @@ public class EC
{
private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ec.";
+ private static final Map<String, String> generalEcAttributes = new HashMap<String, String>();
+
+ static
+ {
+ generalEcAttributes.put("SupportedKeyClasses", "java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey");
+ generalEcAttributes.put("SupportedKeyFormats", "PKCS#8|X.509");
+ }
+
public static class Mappings
extends AsymmetricAlgorithmProvider
{
@@ -26,8 +37,11 @@ public class EC
{
provider.addAlgorithm("AlgorithmParameters.EC", PREFIX + "AlgorithmParametersSpi");
+ provider.addAttributes("KeyAgreement.ECDH", generalEcAttributes);
provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH");
+ provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes);
provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
+ provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes);
provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC");
provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java
index 8dfeed08..279e9512 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java
@@ -40,7 +40,7 @@ public class ElGamal
AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
registerOid(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL", keyFact);
- registerOidAlgorithmParameters(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL");
+ registerOidAlgorithmParameterGenerator(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL");
}
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GM.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GM.java
new file mode 100644
index 00000000..3192904b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GM.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.jcajce.provider.asymmetric;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
+
+public class GM
+{
+ private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ec.";
+
+ private static final Map<String, String> generalSm2Attributes = new HashMap<String, String>();
+
+ static
+ {
+ generalSm2Attributes.put("SupportedKeyClasses", "java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey");
+ generalSm2Attributes.put("SupportedKeyFormats", "PKCS#8|X.509");
+ }
+
+ public static class Mappings
+ extends AsymmetricAlgorithmProvider
+ {
+ public Mappings()
+ {
+ }
+
+ public void configure(ConfigurableProvider provider)
+ {
+ provider.addAlgorithm("Signature.SM3WITHSM2", PREFIX + "GMSignatureSpi$sm3WithSM2");
+ provider.addAlgorithm("Alg.Alias.Signature." + GMObjectIdentifiers.sm2sign_with_sm3, "SM3WITHSM2");
+ }
+ }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java
index 39ab20d3..30b6f2fb 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java
@@ -31,7 +31,7 @@ public class GOST
provider.addAlgorithm("AlgorithmParameterGenerator.GOST3410", PREFIX + "AlgorithmParameterGeneratorSpi");
registerOid(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410", new KeyFactorySpi());
- registerOidAlgorithmParameters(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
+ registerOidAlgorithmParameterGenerator(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
provider.addAlgorithm("Signature.GOST3410", PREFIX + "SignatureSpi");
provider.addAlgorithm("Alg.Alias.Signature.GOST-3410", "GOST3410");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
index ebb483e3..c32690ab 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
@@ -1,5 +1,8 @@
package org.bouncycastle.jcajce.provider.asymmetric;
+import java.util.HashMap;
+import java.util.Map;
+
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -15,6 +18,14 @@ public class RSA
{
private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".rsa.";
+ private static final Map<String, String> generalRsaAttributes = new HashMap<String, String>();
+
+ static
+ {
+ generalRsaAttributes.put("SupportedKeyClasses", "javax.crypto.interfaces.RSAPublicKey|javax.crypto.interfaces.RSAPrivateKey");
+ generalRsaAttributes.put("SupportedKeyFormats", "PKCS#8|X.509");
+ }
+
public static class Mappings
extends AsymmetricAlgorithmProvider
{
@@ -49,6 +60,7 @@ public class RSA
provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+ provider.addAttributes("Cipher.RSA", generalRsaAttributes);
provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding");
provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding");
provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java
index e4c8172c..bf6bfe71 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java
@@ -11,12 +11,13 @@ import javax.crypto.spec.DHParameterSpec;
import org.bouncycastle.crypto.generators.DHParametersGenerator;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi;
+import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator;
public class AlgorithmParameterGeneratorSpi
extends BaseAlgorithmParameterGeneratorSpi
{
protected SecureRandom random;
- protected int strength = 1024;
+ protected int strength = 2048;
private int l = 0;
@@ -48,13 +49,15 @@ public class AlgorithmParameterGeneratorSpi
{
DHParametersGenerator pGen = new DHParametersGenerator();
+ int certainty = PrimeCertaintyCalculator.getDefaultCertainty(strength);
+
if (random != null)
{
- pGen.init(strength, 20, random);
+ pGen.init(strength, certainty, random);
}
else
{
- pGen.init(strength, 20, new SecureRandom());
+ pGen.init(strength, certainty, new SecureRandom());
}
DHParameters p = pGen.generateParameters();
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java
index 6af56f53..02f7fe41 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java
@@ -25,7 +25,6 @@ import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.KeyEncoder;
import org.bouncycastle.crypto.agreement.DHBasicAgreement;
-import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.IESEngine;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
index b75b5e1a..801a04a2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
@@ -17,7 +17,6 @@ import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.DerivationFunction;
import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
-import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.util.DigestFactory;
import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
index 793f7299..864bf56f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
@@ -15,6 +15,7 @@ import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Integers;
@@ -26,8 +27,7 @@ public class KeyPairGeneratorSpi
DHKeyGenerationParameters param;
DHBasicKeyPairGenerator engine = new DHBasicKeyPairGenerator();
- int strength = 1024;
- int certainty = 20;
+ int strength = 2048;
SecureRandom random = new SecureRandom();
boolean initialised = false;
@@ -95,7 +95,7 @@ public class KeyPairGeneratorSpi
DHParametersGenerator pGen = new DHParametersGenerator();
- pGen.init(strength, certainty, random);
+ pGen.init(strength, PrimeCertaintyCalculator.getDefaultCertainty(strength), random);
param = new DHKeyGenerationParameters(random, pGen.generateParameters());
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java
index 2d7c4c5d..9a79659c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java
@@ -12,12 +12,13 @@ import org.bouncycastle.crypto.generators.DSAParametersGenerator;
import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAlgorithmParameterGeneratorSpi;
+import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator;
public class AlgorithmParameterGeneratorSpi
extends BaseAlgorithmParameterGeneratorSpi
{
protected SecureRandom random;
- protected int strength = 1024;
+ protected int strength = 2048;
protected DSAParameterGenerationParameters params;
protected void engineInit(
@@ -69,19 +70,21 @@ public class AlgorithmParameterGeneratorSpi
random = new SecureRandom();
}
+ int certainty = PrimeCertaintyCalculator.getDefaultCertainty(strength);
+
if (strength == 1024)
{
- params = new DSAParameterGenerationParameters(1024, 160, 80, random);
+ params = new DSAParameterGenerationParameters(1024, 160, certainty, random);
pGen.init(params);
}
else if (strength > 1024)
{
- params = new DSAParameterGenerationParameters(strength, 256, 80, random);
+ params = new DSAParameterGenerationParameters(strength, 256, certainty, random);
pGen.init(params);
}
else
{
- pGen.init(strength, 20, random);
+ pGen.init(strength, certainty, random);
}
DSAParameters p = pGen.generateParameters();
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
index a9aeff59..02379783 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
@@ -21,7 +21,6 @@ import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DSA;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.crypto.util.DigestFactory;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java
index bacbb6c2..0c019e7d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java
@@ -17,6 +17,7 @@ import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
+import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Properties;
@@ -28,8 +29,7 @@ public class KeyPairGeneratorSpi
DSAKeyGenerationParameters param;
DSAKeyPairGenerator engine = new DSAKeyPairGenerator();
- int strength = 1024;
- int certainty = 20;
+ int strength = 2048;
SecureRandom random = new SecureRandom();
boolean initialised = false;
@@ -94,6 +94,8 @@ public class KeyPairGeneratorSpi
DSAParametersGenerator pGen;
DSAParameterGenerationParameters dsaParams;
+ int certainty = PrimeCertaintyCalculator.getDefaultCertainty(strength);
+
// Typical combination of keysize and size of q.
// keysize = 1024, q's size = 160
// keysize = 2048, q's size = 224
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/GMSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/GMSignatureSpi.java
new file mode 100644
index 00000000..3500de39
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/GMSignatureSpi.java
@@ -0,0 +1,172 @@
+package org.bouncycastle.jcajce.provider.asymmetric.ec;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.SM3Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.SM2Signer;
+import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase;
+import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder;
+import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
+import org.bouncycastle.util.Arrays;
+
+public class GMSignatureSpi
+ extends DSABase
+{
+ GMSignatureSpi(Digest digest, DSA signer, DSAEncoder encoder)
+ {
+ super(digest, signer, encoder);
+ }
+
+ protected void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException
+ {
+ CipherParameters param = ECUtils.generatePublicKeyParameter(publicKey);
+
+ digest.reset();
+ signer.init(false, param);
+ }
+
+ protected void engineInitSign(
+ PrivateKey privateKey)
+ throws InvalidKeyException
+ {
+ CipherParameters param = ECUtil.generatePrivateKeyParameter(privateKey);
+
+ digest.reset();
+
+ if (appRandom != null)
+ {
+ signer.init(true, new ParametersWithRandom(param, appRandom));
+ }
+ else
+ {
+ signer.init(true, param);
+ }
+ }
+
+ static public class sm3WithSM2
+ extends GMSignatureSpi
+ {
+ public sm3WithSM2()
+ {
+ super(new SM3Digest(), new SM2Signer(), new StdDSAEncoder());
+ }
+ }
+
+ private static class StdDSAEncoder
+ implements DSAEncoder
+ {
+ public byte[] encode(
+ BigInteger r,
+ BigInteger s)
+ throws IOException
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(new ASN1Integer(r));
+ v.add(new ASN1Integer(s));
+
+ return new DERSequence(v).getEncoded(ASN1Encoding.DER);
+ }
+
+ public BigInteger[] decode(
+ byte[] encoding)
+ throws IOException
+ {
+ ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding);
+ if (s.size() != 2)
+ {
+ throw new IOException("malformed signature");
+ }
+ if (!Arrays.areEqual(encoding, s.getEncoded(ASN1Encoding.DER)))
+ {
+ throw new IOException("malformed signature");
+ }
+
+ BigInteger[] sig = new BigInteger[2];
+
+
+ sig[0] = ASN1Integer.getInstance(s.getObjectAt(0)).getValue();
+ sig[1] = ASN1Integer.getInstance(s.getObjectAt(1)).getValue();
+
+ return sig;
+ }
+ }
+
+ private static class PlainDSAEncoder
+ implements DSAEncoder
+ {
+ public byte[] encode(
+ BigInteger r,
+ BigInteger s)
+ throws IOException
+ {
+ byte[] first = makeUnsigned(r);
+ byte[] second = makeUnsigned(s);
+ byte[] res;
+
+ if (first.length > second.length)
+ {
+ res = new byte[first.length * 2];
+ }
+ else
+ {
+ res = new byte[second.length * 2];
+ }
+
+ System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
+ System.arraycopy(second, 0, res, res.length - second.length, second.length);
+
+ return res;
+ }
+
+
+ private byte[] makeUnsigned(BigInteger val)
+ {
+ byte[] res = val.toByteArray();
+
+ if (res[0] == 0)
+ {
+ byte[] tmp = new byte[res.length - 1];
+
+ System.arraycopy(res, 1, tmp, 0, tmp.length);
+
+ return tmp;
+ }
+
+ return res;
+ }
+
+ public BigInteger[] decode(
+ byte[] encoding)
+ throws IOException
+ {
+ BigInteger[] sig = new BigInteger[2];
+
+ byte[] first = new byte[encoding.length / 2];
+ byte[] second = new byte[encoding.length / 2];
+
+ System.arraycopy(encoding, 0, first, 0, first.length);
+ System.arraycopy(encoding, first.length, second, 0, second.length);
+
+ sig[0] = new BigInteger(1, first);
+ sig[1] = new BigInteger(1, second);
+
+ return sig;
+ }
+ }
+} \ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java
index f500350e..6fdebc73 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java
@@ -23,7 +23,6 @@ import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.KeyEncoder;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.IESEngine;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java
index 550c5f6e..8bad9f4d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java
@@ -12,14 +12,7 @@ import java.security.spec.AlgorithmParameterSpec;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.digests.SHA512tDigest;
import org.bouncycastle.crypto.digests.WhirlpoolDigest;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.signers.ISO9796d2Signer;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
index f779a66a..4159241b 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
@@ -12,6 +12,7 @@ import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator;
public class KeyPairGeneratorSpi
extends java.security.KeyPairGenerator
@@ -23,7 +24,6 @@ public class KeyPairGeneratorSpi
}
final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001);
- final static int defaultTests = 112;
RSAKeyGenerationParameters param;
RSAKeyPairGenerator engine;
@@ -34,7 +34,7 @@ public class KeyPairGeneratorSpi
engine = new RSAKeyPairGenerator();
param = new RSAKeyGenerationParameters(defaultPublicExponent,
- new SecureRandom(), 2048, defaultTests);
+ new SecureRandom(), 2048, PrimeCertaintyCalculator.getDefaultCertainty(2048));
engine.init(param);
}
@@ -43,7 +43,7 @@ public class KeyPairGeneratorSpi
SecureRandom random)
{
param = new RSAKeyGenerationParameters(defaultPublicExponent,
- random, strength, defaultTests);
+ random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
engine.init(param);
}
@@ -61,7 +61,7 @@ public class KeyPairGeneratorSpi
param = new RSAKeyGenerationParameters(
rsaParams.getPublicExponent(),
- random, rsaParams.getKeysize(), defaultTests);
+ random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
engine.init(param);
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
index 7542dba8..d4d91388 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
@@ -10,6 +10,7 @@ import java.util.Map;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.anssi.ANSSINamedCurves;
import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.sec.SECNamedCurves;
@@ -345,6 +346,10 @@ public class ECUtil
{
oid = ANSSINamedCurves.getOID(name);
}
+ if (oid == null)
+ {
+ oid = GMNamedCurves.getOID(name);
+ }
}
return oid;
@@ -391,6 +396,10 @@ public class ECUtil
{
params = TeleTrusTNamedCurves.getByOID(oid);
}
+ if (params == null)
+ {
+ params = GMNamedCurves.getByOID(oid);
+ }
}
return params;
@@ -416,6 +425,10 @@ public class ECUtil
{
params = TeleTrusTNamedCurves.getByName(curveName);
}
+ if (params == null)
+ {
+ params = GMNamedCurves.getByName(curveName);
+ }
}
return params;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PrimeCertaintyCalculator.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PrimeCertaintyCalculator.java
new file mode 100644
index 00000000..92431ef4
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PrimeCertaintyCalculator.java
@@ -0,0 +1,21 @@
+package org.bouncycastle.jcajce.provider.asymmetric.util;
+
+public class PrimeCertaintyCalculator
+{
+ private PrimeCertaintyCalculator()
+ {
+
+ }
+
+ /**
+ * Return the current wisdom on prime certainty requirements.
+ *
+ * @param keySizeInBits size of the key being generated.
+ * @return a certainty value.
+ */
+ public static int getDefaultCertainty(int keySizeInBits)
+ {
+ // Based on FIPS 186-4 Table C.1
+ return keySizeInBits <= 1024 ? 80 : (96 + 16 * ((keySizeInBits - 1) / 1024));
+ }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
index 9bd1bf0b..7765c277 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
@@ -4,7 +4,6 @@ import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.PushbackInputStream;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
@@ -44,6 +43,7 @@ public class CertificateFactory
private static final PEMUtil PEM_CERT_PARSER = new PEMUtil("CERTIFICATE");
private static final PEMUtil PEM_CRL_PARSER = new PEMUtil("CRL");
+ private static final PEMUtil PEM_PKCS7_PARSER = new PEMUtil("PKCS7");
private ASN1Set sData = null;
private int sDataObjectCount = 0;
@@ -57,8 +57,24 @@ public class CertificateFactory
ASN1InputStream dIn)
throws IOException, CertificateParsingException
{
- ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
+ return getCertificate(ASN1Sequence.getInstance(dIn.readObject()));
+ }
+
+ private java.security.cert.Certificate readPEMCertificate(
+ InputStream in)
+ throws IOException, CertificateParsingException
+ {
+ return getCertificate(PEM_CERT_PARSER.readPEMObject(in));
+ }
+ private java.security.cert.Certificate getCertificate(ASN1Sequence seq)
+ throws CertificateParsingException
+ {
+ if (seq == null)
+ {
+ return null;
+ }
+
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
@@ -95,23 +111,9 @@ public class CertificateFactory
return null;
}
- private java.security.cert.Certificate readPEMCertificate(
- InputStream in)
- throws IOException, CertificateParsingException
- {
- ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in);
-
- if (seq != null)
- {
- return new X509CertificateObject(bcHelper,
- Certificate.getInstance(seq));
- }
-
- return null;
- }
protected CRL createCRL(CertificateList c)
- throws CRLException
+ throws CRLException
{
return new X509CRLObject(bcHelper, c);
}
@@ -120,23 +122,24 @@ public class CertificateFactory
InputStream in)
throws IOException, CRLException
{
- ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in);
-
- if (seq != null)
- {
- return createCRL(
- CertificateList.getInstance(seq));
- }
-
- return null;
+ return getCRL(PEM_CRL_PARSER.readPEMObject(in));
}
private CRL readDERCRL(
ASN1InputStream aIn)
throws IOException, CRLException
{
- ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
+ return getCRL(ASN1Sequence.getInstance(aIn.readObject()));
+ }
+ private CRL getCRL(ASN1Sequence seq)
+ throws CRLException
+ {
+ if (seq == null)
+ {
+ return null;
+ }
+
if (seq.size() > 1
&& seq.getObjectAt(0) instanceof ASN1ObjectIdentifier)
{
@@ -144,7 +147,7 @@ public class CertificateFactory
{
sCrlData = SignedData.getInstance(ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
-
+
return getCRL();
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java
index 3efd2d69..7badbdc1 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java
@@ -10,16 +10,20 @@ class PEMUtil
{
private final String _header1;
private final String _header2;
+ private final String _header3;
private final String _footer1;
private final String _footer2;
+ private final String _footer3;
PEMUtil(
String type)
{
_header1 = "-----BEGIN " + type + "-----";
_header2 = "-----BEGIN X509 " + type + "-----";
+ _header3 = "-----BEGIN PKCS7-----";
_footer1 = "-----END " + type + "-----";
_footer2 = "-----END X509 " + type + "-----";
+ _footer3 = "-----END PKCS7-----";
}
private String readLine(
@@ -71,7 +75,7 @@ class PEMUtil
while ((line = readLine(in)) != null)
{
- if (line.startsWith(_header1) || line.startsWith(_header2))
+ if (line.startsWith(_header1) || line.startsWith(_header2) || line.startsWith(_header3))
{
break;
}
@@ -79,7 +83,7 @@ class PEMUtil
while ((line = readLine(in)) != null)
{
- if (line.startsWith(_footer1) || line.startsWith(_footer2))
+ if (line.startsWith(_footer1) || line.startsWith(_footer2) || line.startsWith(_footer3))
{
break;
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
index 0865b576..768df66e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
@@ -1,5 +1,7 @@
package org.bouncycastle.jcajce.provider.config;
+import java.util.Map;
+
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
@@ -48,4 +50,6 @@ public interface ConfigurableProvider
boolean hasAlgorithm(String type, String name);
void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter);
+
+ void addAttributes(String key, Map<String, String> attributeMap);
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java
index b33c3054..d48c4018 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java
@@ -5,10 +5,15 @@ import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.SecureRandomSpi;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicReference;
import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.prng.EntropySource;
import org.bouncycastle.crypto.prng.EntropySourceProvider;
+import org.bouncycastle.crypto.prng.SP800SecureRandom;
import org.bouncycastle.crypto.prng.SP800SecureRandomBuilder;
import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
@@ -108,15 +113,22 @@ public class DRBG
EntropySource initSource = entropyProvider.get(16 * 8);
+ byte[] personalisationString = isPredictionResistant ? generateDefaultPersonalizationString(initSource.getEntropy())
+ : generateNonceIVPersonalizationString(initSource.getEntropy());
+
return new SP800SecureRandomBuilder(entropyProvider)
- .setPersonalizationString(generateDefaultPersonalizationString(initSource.getEntropy()))
+ .setPersonalizationString(personalisationString)
.buildHash(new SHA512Digest(), Arrays.concatenate(initSource.getEntropy(), initSource.getEntropy()), isPredictionResistant);
}
else
{
- SecureRandom randomSource = createInitialEntropySource(); // needs to be done late, can't use static
+ SecureRandom randomSource = new HybridSecureRandom(); // needs to be done late, can't use static
+
+ byte[] personalisationString = isPredictionResistant ? generateDefaultPersonalizationString(randomSource.generateSeed(16))
+ : generateNonceIVPersonalizationString(randomSource.generateSeed(16));
+
return new SP800SecureRandomBuilder(randomSource, true)
- .setPersonalizationString(generateDefaultPersonalizationString(randomSource.generateSeed(16)))
+ .setPersonalizationString(personalisationString)
.buildHash(new SHA512Digest(), randomSource.generateSeed(32), isPredictionResistant);
}
}
@@ -196,4 +208,106 @@ public class DRBG
return Arrays.concatenate(Strings.toByteArray("Nonce"), seed,
Pack.longToLittleEndian(Thread.currentThread().getId()), Pack.longToLittleEndian(System.currentTimeMillis()));
}
+
+ private static class HybridSecureRandom
+ extends SecureRandom
+ {
+ private final AtomicBoolean seedAvailable = new AtomicBoolean(false);
+ private final AtomicInteger samples = new AtomicInteger(0);
+ private final SecureRandom baseRandom = createInitialEntropySource();
+ private final SP800SecureRandom drbg;
+
+ HybridSecureRandom()
+ {
+ drbg = new SP800SecureRandomBuilder(new EntropySourceProvider()
+ {
+ public EntropySource get(final int bitsRequired)
+ {
+ return new SignallingEntropySource(bitsRequired);
+ }
+ })
+ .setPersonalizationString(Strings.toByteArray("Bouncy Castle Hybrid Entropy Source"))
+ .buildHMAC(new HMac(new SHA512Digest()), baseRandom.generateSeed(32), false); // 32 byte nonce
+ }
+
+ public byte[] generateSeed(int numBytes)
+ {
+ byte[] data = new byte[numBytes];
+
+ // after 20 samples we'll start to check if there is new seed material.
+ if (samples.getAndIncrement() > 20)
+ {
+ if (seedAvailable.getAndSet(false))
+ {
+ samples.set(0);
+ drbg.reseed(null);
+ }
+ }
+
+ drbg.nextBytes(data);
+
+ return data;
+ }
+
+ private class SignallingEntropySource
+ implements EntropySource
+ {
+ private final int byteLength;
+ private final AtomicReference entropy = new AtomicReference();
+ private final AtomicBoolean scheduled = new AtomicBoolean(false);
+
+ SignallingEntropySource(int bitsRequired)
+ {
+ this.byteLength = (bitsRequired + 7) / 8;
+ }
+
+ public boolean isPredictionResistant()
+ {
+ return true;
+ }
+
+ public byte[] getEntropy()
+ {
+ byte[] seed = (byte[])entropy.getAndSet(null);
+
+ if (seed == null || seed.length != byteLength)
+ {
+ seed = baseRandom.generateSeed(byteLength);
+ }
+ else
+ {
+ scheduled.set(false);
+ }
+
+ if (!scheduled.getAndSet(true))
+ {
+ new Thread(new EntropyGatherer(byteLength)).start();
+ }
+
+ return seed;
+ }
+
+ public int entropySize()
+ {
+ return byteLength * 8;
+ }
+
+ private class EntropyGatherer
+ implements Runnable
+ {
+ private final int numBytes;
+
+ EntropyGatherer(int numBytes)
+ {
+ this.numBytes = numBytes;
+ }
+
+ public void run()
+ {
+ entropy.set(baseRandom.generateSeed(numBytes));
+ seedAvailable.set(true);
+ }
+ }
+ }
+ }
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
index 1c131468..09da0546 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -6,6 +6,8 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
+import java.util.HashMap;
+import java.util.Map;
import javax.crypto.spec.IvParameterSpec;
@@ -22,6 +24,7 @@ import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.Mac;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.AESWrapEngine;
+import org.bouncycastle.crypto.engines.AESWrapPadEngine;
import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
import org.bouncycastle.crypto.engines.RFC5649WrapEngine;
import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
@@ -49,6 +52,14 @@ public final class AES
{
private static final Class gcmSpecClass = lookup("javax.crypto.spec.GCMParameterSpec");
+ private static final Map<String, String> generalAesAttributes = new HashMap<String, String>();
+
+ static
+ {
+ generalAesAttributes.put("SupportedKeyClasses", "javax.crypto.SecretKey");
+ generalAesAttributes.put("SupportedKeyFormats", "RAW");
+ }
+
private AES()
{
}
@@ -232,6 +243,15 @@ public final class AES
}
}
+ public static class WrapPad
+ extends BaseWrapCipher
+ {
+ public WrapPad()
+ {
+ super(new AESWrapPadEngine());
+ }
+ }
+
public static class RFC3211Wrap
extends BaseWrapCipher
{
@@ -812,6 +832,7 @@ public final class AES
provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+ provider.addAttributes("Cipher.AES", generalAesAttributes);
provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB");
provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES");
provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES");
@@ -828,12 +849,21 @@ public final class AES
provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
+
+ provider.addAttributes("Cipher.AESWRAP", generalAesAttributes);
provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap");
provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
provider.addAlgorithm("Alg.Alias.Cipher.AESKW", "AESWRAP");
+ provider.addAttributes("Cipher.AESWRAPPAD", generalAesAttributes);
+ provider.addAlgorithm("Cipher.AESWRAPPAD", PREFIX + "$WrapPad");
+ provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap_pad, "AESWRAPPAD");
+ provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap_pad, "AESWRAPPAD");
+ provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap_pad, "AESWRAPPAD");
+ provider.addAlgorithm("Alg.Alias.Cipher.AESKWP", "AESWRAPPAD");
+
provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
@@ -842,6 +872,7 @@ public final class AES
provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+ provider.addAttributes("Cipher.CCM", generalAesAttributes);
provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_CCM, "CCM");
provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_CCM, "CCM");
@@ -852,6 +883,7 @@ public final class AES
provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
+ provider.addAttributes("Cipher.GCM", generalAesAttributes);
provider.addAlgorithm("Cipher.GCM", PREFIX + "$GCM");
provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_GCM, "GCM");
provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_GCM, "GCM");
@@ -883,6 +915,10 @@ public final class AES
provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator.AESWRAPPAD", PREFIX + "$KeyGen");
+ provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap_pad, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap_pad, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap_pad, PREFIX + "$KeyGen256");
provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARIA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARIA.java
new file mode 100644
index 00000000..819a832b
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARIA.java
@@ -0,0 +1,508 @@
+package org.bouncycastle.jcajce.provider.symmetric;
+
+import java.io.IOException;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+
+import javax.crypto.spec.IvParameterSpec;
+
+import org.bouncycastle.asn1.cms.CCMParameters;
+import org.bouncycastle.asn1.cms.GCMParameters;
+import org.bouncycastle.asn1.nsri.NSRIObjectIdentifiers;
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.engines.ARIAEngine;
+import org.bouncycastle.crypto.engines.ARIAWrapEngine;
+import org.bouncycastle.crypto.engines.ARIAWrapPadEngine;
+import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
+import org.bouncycastle.crypto.macs.GMac;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
+import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
+import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
+import org.bouncycastle.jcajce.spec.AEADParameterSpec;
+
+public final class ARIA
+{
+ private ARIA()
+ {
+ }
+
+ public static class ECB
+ extends BaseBlockCipher
+ {
+ public ECB()
+ {
+ super(new BlockCipherProvider()
+ {
+ public BlockCipher get()
+ {
+ return new ARIAEngine();
+ }
+ });
+ }
+ }
+
+ public static class CBC
+ extends BaseBlockCipher
+ {
+ public CBC()
+ {
+ super(new CBCBlockCipher(new ARIAEngine()), 128);
+ }
+ }
+
+ static public class CFB
+ extends BaseBlockCipher
+ {
+ public CFB()
+ {
+ super(new BufferedBlockCipher(new CFBBlockCipher(new ARIAEngine(), 128)), 128);
+ }
+ }
+
+ static public class OFB
+ extends BaseBlockCipher
+ {
+ public OFB()
+ {
+ super(new BufferedBlockCipher(new OFBBlockCipher(new ARIAEngine(), 128)), 128);
+ }
+ }
+
+ public static class Wrap
+ extends BaseWrapCipher
+ {
+ public Wrap()
+ {
+ super(new ARIAWrapEngine());
+ }
+ }
+
+ public static class WrapPad
+ extends BaseWrapCipher
+ {
+ public WrapPad()
+ {
+ super(new ARIAWrapPadEngine());
+ }
+ }
+
+ public static class RFC3211Wrap
+ extends BaseWrapCipher
+ {
+ public RFC3211Wrap()
+ {
+ super(new RFC3211WrapEngine(new ARIAEngine()), 16);
+ }
+ }
+
+ public static class GMAC
+ extends BaseMac
+ {
+ public GMAC()
+ {
+ super(new GMac(new GCMBlockCipher(new ARIAEngine())));
+ }
+ }
+
+ public static class Poly1305
+ extends BaseMac
+ {
+ public Poly1305()
+ {
+ super(new org.bouncycastle.crypto.macs.Poly1305(new ARIAEngine()));
+ }
+ }
+
+ public static class Poly1305KeyGen
+ extends BaseKeyGenerator
+ {
+ public Poly1305KeyGen()
+ {
+ super("Poly1305-ARIA", 256, new Poly1305KeyGenerator());
+ }
+ }
+
+ public static class KeyGen
+ extends BaseKeyGenerator
+ {
+ public KeyGen()
+ {
+ this(256);
+ }
+
+ public KeyGen(int keySize)
+ {
+ super("ARIA", keySize, new CipherKeyGenerator());
+ }
+ }
+
+ public static class KeyGen128
+ extends KeyGen
+ {
+ public KeyGen128()
+ {
+ super(128);
+ }
+ }
+
+ public static class KeyGen192
+ extends KeyGen
+ {
+ public KeyGen192()
+ {
+ super(192);
+ }
+ }
+
+ public static class KeyGen256
+ extends KeyGen
+ {
+ public KeyGen256()
+ {
+ super(256);
+ }
+ }
+
+ public static class AlgParamGen
+ extends BaseAlgorithmParameterGenerator
+ {
+ protected void engineInit(
+ AlgorithmParameterSpec genParamSpec,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for ARIA parameter generation.");
+ }
+
+ protected AlgorithmParameters engineGenerateParameters()
+ {
+ byte[] iv = new byte[16];
+
+ if (random == null)
+ {
+ random = new SecureRandom();
+ }
+
+ random.nextBytes(iv);
+
+ AlgorithmParameters params;
+
+ try
+ {
+ params = createParametersInstance("ARIA");
+ params.init(new IvParameterSpec(iv));
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e.getMessage());
+ }
+
+ return params;
+ }
+ }
+
+ public static class AlgParams
+ extends IvAlgorithmParameters
+ {
+ protected String engineToString()
+ {
+ return "ARIA IV";
+ }
+ }
+
+ public static class AlgParamsGCM
+ extends BaseAlgorithmParameters
+ {
+ private GCMParameters gcmParams;
+
+ protected void engineInit(AlgorithmParameterSpec paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (GcmSpecUtil.isGcmSpec(paramSpec))
+ {
+ gcmParams = GcmSpecUtil.extractGcmParameters(paramSpec);
+ }
+ else if (paramSpec instanceof AEADParameterSpec)
+ {
+ gcmParams = new GCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8);
+ }
+ else
+ {
+ throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName());
+ }
+ }
+
+ protected void engineInit(byte[] params)
+ throws IOException
+ {
+ gcmParams = GCMParameters.getInstance(params);
+ }
+
+ protected void engineInit(byte[] params, String format)
+ throws IOException
+ {
+ if (!isASN1FormatString(format))
+ {
+ throw new IOException("unknown format specified");
+ }
+
+ gcmParams = GCMParameters.getInstance(params);
+ }
+
+ protected byte[] engineGetEncoded()
+ throws IOException
+ {
+ return gcmParams.getEncoded();
+ }
+
+ protected byte[] engineGetEncoded(String format)
+ throws IOException
+ {
+ if (!isASN1FormatString(format))
+ {
+ throw new IOException("unknown format specified");
+ }
+
+ return gcmParams.getEncoded();
+ }
+
+ protected String engineToString()
+ {
+ return "GCM";
+ }
+
+ protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec))
+ {
+ if (GcmSpecUtil.gcmSpecExists())
+ {
+ return GcmSpecUtil.extractGcmSpec(gcmParams.toASN1Primitive());
+ }
+ return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8);
+ }
+ if (paramSpec == AEADParameterSpec.class)
+ {
+ return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8);
+ }
+ if (paramSpec == IvParameterSpec.class)
+ {
+ return new IvParameterSpec(gcmParams.getNonce());
+ }
+
+ throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName());
+ }
+ }
+
+ public static class AlgParamsCCM
+ extends BaseAlgorithmParameters
+ {
+ private CCMParameters ccmParams;
+
+ protected void engineInit(AlgorithmParameterSpec paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (GcmSpecUtil.isGcmSpec(paramSpec))
+ {
+ ccmParams = CCMParameters.getInstance(GcmSpecUtil.extractGcmParameters(paramSpec));
+ }
+ else if (paramSpec instanceof AEADParameterSpec)
+ {
+ ccmParams = new CCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8);
+ }
+ else
+ {
+ throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName());
+ }
+ }
+
+ protected void engineInit(byte[] params)
+ throws IOException
+ {
+ ccmParams = CCMParameters.getInstance(params);
+ }
+
+ protected void engineInit(byte[] params, String format)
+ throws IOException
+ {
+ if (!isASN1FormatString(format))
+ {
+ throw new IOException("unknown format specified");
+ }
+
+ ccmParams = CCMParameters.getInstance(params);
+ }
+
+ protected byte[] engineGetEncoded()
+ throws IOException
+ {
+ return ccmParams.getEncoded();
+ }
+
+ protected byte[] engineGetEncoded(String format)
+ throws IOException
+ {
+ if (!isASN1FormatString(format))
+ {
+ throw new IOException("unknown format specified");
+ }
+
+ return ccmParams.getEncoded();
+ }
+
+ protected String engineToString()
+ {
+ return "CCM";
+ }
+
+ protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec))
+ {
+ if (GcmSpecUtil.gcmSpecExists())
+ {
+ return GcmSpecUtil.extractGcmSpec(ccmParams.toASN1Primitive());
+ }
+ return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
+ }
+ if (paramSpec == AEADParameterSpec.class)
+ {
+ return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
+ }
+ if (paramSpec == IvParameterSpec.class)
+ {
+ return new IvParameterSpec(ccmParams.getNonce());
+ }
+
+ throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName());
+ }
+ }
+
+ public static class Mappings
+ extends SymmetricAlgorithmProvider
+ {
+ private static final String PREFIX = ARIA.class.getName();
+
+ public Mappings()
+ {
+ }
+
+ public void configure(ConfigurableProvider provider)
+ {
+ provider.addAlgorithm("AlgorithmParameters.ARIA", PREFIX + "$AlgParams");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameters", NSRIObjectIdentifiers.id_aria128_cbc, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameters", NSRIObjectIdentifiers.id_aria192_cbc, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameters", NSRIObjectIdentifiers.id_aria256_cbc, "ARIA");
+
+ provider.addAlgorithm("AlgorithmParameterGenerator.ARIA", PREFIX + "$AlgParamGen");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria128_cbc, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria192_cbc, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria256_cbc, "ARIA");
+
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria128_ofb, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria192_ofb, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria256_ofb, "ARIA");
+
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria128_cfb, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria192_cfb, "ARIA");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator", NSRIObjectIdentifiers.id_aria256_cfb, "ARIA");
+
+
+ provider.addAlgorithm("Cipher.ARIA", PREFIX + "$ECB");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_ecb, PREFIX + "$ECB");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_ecb, PREFIX + "$ECB");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_ecb, PREFIX + "$ECB");
+
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_cbc, PREFIX + "$CBC");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_cbc, PREFIX + "$CBC");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_cbc, PREFIX + "$CBC");
+
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_cfb, PREFIX + "$CFB");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_cfb, PREFIX + "$CFB");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_cfb, PREFIX + "$CFB");
+
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria128_ofb, PREFIX + "$OFB");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria192_ofb, PREFIX + "$OFB");
+ provider.addAlgorithm("Cipher", NSRIObjectIdentifiers.id_aria256_ofb, PREFIX + "$OFB");
+
+ provider.addAlgorithm("Cipher.ARIARFC3211WRAP", PREFIX + "$RFC3211Wrap");
+
+ provider.addAlgorithm("Cipher.ARIAWRAP", PREFIX + "$Wrap");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_kw, "ARIAWRAP");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_kw, "ARIAWRAP");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_kw, "ARIAWRAP");
+ provider.addAlgorithm("Alg.Alias.Cipher.ARIAKW", "ARIAWRAP");
+
+ provider.addAlgorithm("Cipher.ARIAWRAPPAD", PREFIX + "$WrapPad");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_kwp, "ARIAWRAPPAD");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_kwp, "ARIAWRAPPAD");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_kwp, "ARIAWRAPPAD");
+ provider.addAlgorithm("Alg.Alias.Cipher.ARIAKWP", "ARIAWRAPPAD");
+
+ provider.addAlgorithm("KeyGenerator.ARIA", PREFIX + "$KeyGen");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_kw, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_kw, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_kw, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_kwp, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_kwp, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_kwp, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_ecb, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_ecb, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_ecb, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_cbc, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_cbc, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_cbc, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_cfb, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_cfb, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_cfb, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_ofb, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_ofb, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_ofb, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_ccm, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_ccm, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_ccm, PREFIX + "$KeyGen256");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria128_gcm, PREFIX + "$KeyGen128");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria192_gcm, PREFIX + "$KeyGen192");
+ provider.addAlgorithm("KeyGenerator", NSRIObjectIdentifiers.id_aria256_gcm, PREFIX + "$KeyGen256");
+
+ provider.addAlgorithm("AlgorithmParameterGenerator.ARIACCM", PREFIX + "$AlgParamGenCCM");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria128_ccm, "CCM");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria192_ccm, "CCM");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria256_ccm, "CCM");
+
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_ccm, "CCM");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_ccm, "CCM");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_ccm, "CCM");
+
+ provider.addAlgorithm("AlgorithmParameterGenerator.ARIAGCM", PREFIX + "$AlgParamGenGCM");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria128_gcm, "GCM");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria192_gcm, "GCM");
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NSRIObjectIdentifiers.id_aria256_gcm, "GCM");
+
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria128_gcm, "GCM");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria192_gcm, "GCM");
+ provider.addAlgorithm("Alg.Alias.Cipher", NSRIObjectIdentifiers.id_aria256_gcm, "GCM");
+
+ addGMacAlgorithm(provider, "ARIA", PREFIX + "$GMAC", PREFIX + "$KeyGen");
+ addPoly1305Algorithm(provider, "ARIA", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
+ }
+ }
+}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
index daa53d78..7c41af04 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
@@ -18,6 +18,7 @@ import javax.crypto.spec.RC2ParameterSpec;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -35,8 +36,8 @@ public class BaseMac
private Mac macEngine;
private int scheme = PKCS12;
- private int pbeHash = SHA1;
- private int keySize = 160;
+ private int pbeHash = SHA1;
+ private int keySize = 160;
protected BaseMac(
Mac macEngine)
@@ -103,10 +104,40 @@ public class BaseMac
digest = GOST3411;
keySize = 256;
}
- else if (macEngine.getAlgorithmName().startsWith("SHA256"))
+ else if (macEngine instanceof HMac)
{
- digest = SHA256;
- keySize = 256;
+ if (!macEngine.getAlgorithmName().startsWith("SHA-1"))
+ {
+ if (macEngine.getAlgorithmName().startsWith("SHA-224"))
+ {
+ digest = SHA224;
+ keySize = 224;
+ }
+ else if (macEngine.getAlgorithmName().startsWith("SHA-256"))
+ {
+ digest = SHA256;
+ keySize = 256;
+ }
+ else if (macEngine.getAlgorithmName().startsWith("SHA-384"))
+ {
+ digest = SHA384;
+ keySize = 384;
+ }
+ else if (macEngine.getAlgorithmName().startsWith("SHA-512"))
+ {
+ digest = SHA512;
+ keySize = 512;
+ }
+ else if (macEngine.getAlgorithmName().startsWith("RIPEMD160"))
+ {
+ digest = RIPEMD160;
+ keySize = 160;
+ }
+ else
+ {
+ throw new InvalidAlgorithmParameterException("no PKCS12 mapping for HMAC: " + macEngine.getAlgorithmName());
+ }
+ }
}
// TODO: add correct handling for other digests
param = PBE.Util.makePBEMacParameters(k, PKCS12, digest, keySize, pbeSpec);
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
index e4a10e1c..598d1fc0 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
@@ -5,6 +5,7 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
+import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
@@ -119,10 +120,11 @@ public class BaseStreamCipher
*/
protected void engineSetMode(
String mode)
+ throws NoSuchAlgorithmException
{
if (!mode.equalsIgnoreCase("ECB"))
{
- throw new IllegalArgumentException("can't support mode " + mode);
+ throw new NoSuchAlgorithmException("can't support mode " + mode);
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java
index c4010844..448c3527 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java
@@ -36,6 +36,11 @@ public abstract class AsymmetricAlgorithmProvider
protected void registerOidAlgorithmParameters(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name)
{
+ provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + oid, name);
+ }
+
+ protected void registerOidAlgorithmParameterGenerator(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name)
+ {
provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + oid, name);
provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + oid, name);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 18:46:46 +0000