diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jce')
9 files changed, 297 insertions, 302 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java index 0c41c882..22373486 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java @@ -30,18 +30,16 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; -// BEGIN android-removed +// Android-removed: Unsupported algorithms // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.CertificationRequest; import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -// BEGIN android-removed +// Android-removed: Unsupported algorithms // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Name; @@ -85,11 +83,10 @@ public class PKCS10CertificationRequest static { - // BEGIN android-removed - // Dropping MD2 + // Android-removed: Unsupported algorithms // algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); // algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); - // END android-removed + // END Android-removed: Unsupported algorithms algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); @@ -109,14 +106,14 @@ public class PKCS10CertificationRequest algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")); - // BEGIN android-removed + // BEGIN Android-removed: Unsupported algorithms // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - // END android-removed + // END Android-removed: Unsupported algorithms algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3")); algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3")); algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); @@ -129,13 +126,13 @@ public class PKCS10CertificationRequest algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - // BEGIN android-removed + // BEGIN Android-removed: Unsupported algorithms // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - // END android-removed + // END Android-removed: Unsupported algorithms // // reverse mappings @@ -145,15 +142,15 @@ public class PKCS10CertificationRequest oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); - // BEGIN android-removed + // BEGIN Android-removed: Unsupported algorithms // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); - // END android-removed + // END Android-removed: Unsupported algorithms oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); - // BEGIN android-removed + // BEGIN Android-removed: Unsupported algorithms // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); - // END android-removed + // END Android-removed: Unsupported algorithms oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); @@ -187,10 +184,10 @@ public class PKCS10CertificationRequest // // RFC 4491 // - // BEGIN android-removed + // BEGIN Android-removed: Unsupported algorithms // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - // END android-removed + // END Android-removed: Unsupported algorithms // // explicit params // @@ -633,24 +630,26 @@ public class PKCS10CertificationRequest { return "SHA512"; } - // BEGIN android-removed - // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - // { - // return "RIPEMD128"; - // } - // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - // { - // return "RIPEMD160"; - // } - // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - // { - // return "RIPEMD256"; - // } - // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - // { - // return "GOST3411"; - // } - // END android-removed + // BEGIN Android-removed: Unsupported algorithms + /* + else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) + { + return "RIPEMD128"; + } + else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) + { + return "RIPEMD160"; + } + else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) + { + return "RIPEMD256"; + } + else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) + { + return "GOST3411"; + } + */ + // END Android-removed: Unsupported algorithms else { return digestAlgOID.getId(); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 5cb5d526..dfc56d7e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -60,29 +60,25 @@ public final class BouncyCastleProvider extends Provider private static final String[] SYMMETRIC_GENERIC = { - // BEGIN android-changed - // Was: "PBEPBKDF2", "TLSKDF" + // Android-changed: Remove unsupported algorithms, add our own version of PBEv2 AlgParams + // "PBEPBKDF2", "TLSKDF" "PBEPBKDF2", "PBEPKCS12", "PBES2AlgorithmParameters" }; private static final String[] SYMMETRIC_MACS = { - // BEGIN android-removed + // Android-removed: Unsupported algorithms // "SipHash", "Poly1305" - // END android-removed }; private static final String[] SYMMETRIC_CIPHERS = { - // BEGIN android-removed + // Android-changed: Unsupported algorithms // "AES", "ARC4", "ARIA", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede", // "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5", // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "SM4", "TEA", "Twofish", "Threefish", // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20", "OpenSSLPBKDF" - // END android-removed - // BEGIN android-added "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish", - // END android-added }; /* @@ -94,22 +90,16 @@ public final class BouncyCastleProvider extends Provider // later ones configure it. private static final String[] ASYMMETRIC_GENERIC = { - // BEGIN android-removed + // Android-changed: Unsupported algorithms // "X509", "IES" - // END android-removed - // BEGIN android-added "X509" - // END android-added }; private static final String[] ASYMMETRIC_CIPHERS = { - // BEGIN android-removed + // Android-changed: Unsupported algorithms // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145", "GM" - // END android-removed - // BEGIN android-added "DSA", "DH", "EC", "RSA", - // END android-added }; /* @@ -118,13 +108,10 @@ public final class BouncyCastleProvider extends Provider private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; private static final String[] DIGESTS = { - // BEGIN android-removed + // Android-changed: Unsupported algorithms // "GOST3411", "Keccak", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", // "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool", "Blake2b" - // END android-removed - // BEGIN android-added "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", - // END android-added }; /* @@ -136,7 +123,7 @@ public final class BouncyCastleProvider extends Provider "BC", "BCFKS", "PKCS12" }; - // BEGIN android-removed + // Android-removed: Unsupported algorithms // /* // * Configurable secure random // */ @@ -181,54 +168,56 @@ public final class BouncyCastleProvider extends Provider loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); - // BEGIN android-removed - // loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS); - // - // // - // // X509Store - // // - // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); - // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); - // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); - // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); - // - // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); - // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); - // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); - // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); + // Android-removed: Unsupported algorithms + /* + loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS); + // - // // - // // X509StreamParser - // // - // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); - // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); - // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); - // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); + // X509Store // - // // - // // cipher engines - // // - // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); + put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); + put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); + put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); + put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); + + put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); + put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); + put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); + put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); + // - // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); + // X509StreamParser // + put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); + put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); + put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); + put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); + // - // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); + // cipher engines // - // // Certification Path API - // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); - // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); - // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); - // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); - // END android-removed + put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); + + put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); + + + put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); + + // Certification Path API + put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); + put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); + put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); + put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); + */ + // END Android-removed: Unsupported algorithms put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); - // BEGIN android-removed + // BEGIN Android-removed: Unsupported algorithms // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); // put("Alg.Alias.CertStore.X509LDAP", "LDAP"); - // END android-removed + // END Android-removed: Unsupported algorithms } private void loadAlgorithms(String packageName, String[] names) diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java index b6a9d6a5..b72a6f44 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java @@ -75,9 +75,7 @@ import org.bouncycastle.util.Selector; import org.bouncycastle.util.Store; import org.bouncycastle.util.StoreException; import org.bouncycastle.x509.X509AttributeCertificate; -// BEGIN android-removed -// import org.bouncycastle.x509.extension.X509ExtensionUtil; -// END android-removed +import org.bouncycastle.x509.extension.X509ExtensionUtil; class CertPathValidatorUtilities { @@ -657,22 +655,24 @@ class CertPathValidatorUtilities { Object obj = iter.next(); - // BEGIN android-removed - // if (obj instanceof X509Store) - // { - // X509Store certStore = (X509Store)obj; - // try - // { - // certs.addAll(certStore.getMatches(certSelect)); - // } - // catch (StoreException e) - // { - // throw new AnnotatedException( - // "Problem while picking certificates from X.509 store.", e); - // } - // } - // else - // END android-removed + // BEGIN Android-removed: Unknown reason + /* + if (obj instanceof Store) + { + Store certStore = (Store)obj; + try + { + certs.addAll(certStore.getMatches(certSelect)); + } + catch (StoreException e) + { + throw new AnnotatedException( + "Problem while picking certificates from X.509 store.", e); + } + } + else + */ + // END Android-removed: Unknown reason { CertStore certStore = (CertStore)obj; @@ -894,7 +894,9 @@ class CertPathValidatorUtilities { return; } + X500Principal certificateIssuer = crl_entry.getCertificateIssuer(); + X500Name certIssuer; if (certificateIssuer == null) { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java index 20ca6f27..7d6a50cf 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java @@ -19,10 +19,9 @@ import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; -// BEGIN android-removed +// Android-removed: Unsupported algorithms // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -// END android-removed import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -205,23 +204,25 @@ public class JCEECPrivateKey ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - // BEGIN android-removed - // if (ecP == null) // GOST Curve - // { - // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); - // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); - // - // ecSpec = new ECNamedCurveSpec( - // ECGOST3410NamedCurves.getName(oid), - // ellipticCurve, - // new ECPoint( - // gParam.getG().getAffineXCoord().toBigInteger(), - // gParam.getG().getAffineYCoord().toBigInteger()), - // gParam.getN(), - // gParam.getH()); - // } - // else - // END android-removed + // BEGIN Android-removed: Unsupported algorithms + /* + if (ecP == null) // GOST Curve + { + ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); + EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); + + ecSpec = new ECNamedCurveSpec( + ECGOST3410NamedCurves.getName(oid), + ellipticCurve, + new ECPoint( + gParam.getG().getAffineXCoord().toBigInteger(), + gParam.getG().getAffineYCoord().toBigInteger()), + gParam.getN(), + gParam.getH()); + } + else + */ + // END Android-removed: Unsupported algorithms { EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); @@ -335,13 +336,13 @@ public class JCEECPrivateKey try { - // BEGIN android-removed + // BEGIN Android-removed: Unsupported algorithms // if (algorithm.equals("ECGOST3410")) // { // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); // } // else - // END android-removed + // END Android-removed: Unsupported algorithms { info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java index 94fb7289..654b5e1d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java @@ -18,11 +18,10 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROctetString; -// BEGIN android-removed +// Android-removed: Unsupported algorithms // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; // import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; @@ -35,13 +34,11 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -// BEGIN android-removed +// Android-removed: Unsupported algorithms // import org.bouncycastle.jce.ECGOST3410NamedCurveTable; -// END android-removed import org.bouncycastle.jce.interfaces.ECPointEncoder; -// BEGIN android-removed +// Android-removed: Unsupported algorithms // import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -// END android-removed import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.custom.sec.SecP256K1Point; @@ -55,9 +52,8 @@ public class JCEECPublicKey private org.bouncycastle.math.ec.ECPoint q; private ECParameterSpec ecSpec; private boolean withCompression; - // BEGIN android-removed + // Android-removed: Unsupported algorithms // private GOST3410PublicKeyAlgParameters gostParams; - // END android-removed public JCEECPublicKey( String algorithm, @@ -67,9 +63,8 @@ public class JCEECPublicKey this.q = key.q; this.ecSpec = key.ecSpec; this.withCompression = key.withCompression; - // BEGIN android-removed + // Android-removed: Unsupported algorithms // this.gostParams = key.gostParams; - // END android-removed } public JCEECPublicKey( @@ -192,56 +187,58 @@ public class JCEECPublicKey private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) { - // BEGIN android-removed - // if (info.getAlgorithmId().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001)) - // { - // DERBitString bits = info.getPublicKeyData(); - // ASN1OctetString key; - // this.algorithm = "ECGOST3410"; - // - // try - // { - // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); - // } - // catch (IOException ex) - // { - // throw new IllegalArgumentException("error recovering public key"); - // } - // - // byte[] keyEnc = key.getOctets(); - // byte[] x = new byte[32]; - // byte[] y = new byte[32]; - // - // for (int i = 0; i != x.length; i++) - // { - // x[i] = keyEnc[32 - 1 - i]; - // } - // - // for (int i = 0; i != y.length; i++) - // { - // y[i] = keyEnc[64 - 1 - i]; - // } - // - // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); - // - // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - // - // ECCurve curve = spec.getCurve(); - // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - // - // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); - // - // ecSpec = new ECNamedCurveSpec( - // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), - // ellipticCurve, - // new ECPoint( - // spec.getG().getAffineXCoord().toBigInteger(), - // spec.getG().getAffineYCoord().toBigInteger()), - // spec.getN(), spec.getH()); - // - // } - // else - // END android-removed + // BEGIN Android-removed: Unsupported algorithms + /* + if (info.getAlgorithmId().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001)) + { + DERBitString bits = info.getPublicKeyData(); + ASN1OctetString key; + this.algorithm = "ECGOST3410"; + + try + { + key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); + } + catch (IOException ex) + { + throw new IllegalArgumentException("error recovering public key"); + } + + byte[] keyEnc = key.getOctets(); + byte[] x = new byte[32]; + byte[] y = new byte[32]; + + for (int i = 0; i != x.length; i++) + { + x[i] = keyEnc[32 - 1 - i]; + } + + for (int i = 0; i != y.length; i++) + { + y[i] = keyEnc[64 - 1 - i]; + } + + gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); + + ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); + + ECCurve curve = spec.getCurve(); + EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); + + this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); + + ecSpec = new ECNamedCurveSpec( + ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), + ellipticCurve, + new ECPoint( + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), + spec.getN(), spec.getH()); + + } + else + */ + // END Android-removed: Unsupported algorithms { X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); ECCurve curve; @@ -330,54 +327,56 @@ public class JCEECPublicKey ASN1Encodable params; SubjectPublicKeyInfo info; - // BEGIN android-removed - // if (algorithm.equals("ECGOST3410")) - // { - // if (gostParams != null) - // { - // params = gostParams; - // } - // else - // { - // if (ecSpec instanceof ECNamedCurveSpec) - // { - // params = new GOST3410PublicKeyAlgParameters( - // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), - // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); - // } - // else - // { // strictly speaking this may not be applicable... - // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - // - // X9ECParameters ecP = new X9ECParameters( - // curve, - // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - // ecSpec.getOrder(), - // BigInteger.valueOf(ecSpec.getCofactor()), - // ecSpec.getCurve().getSeed()); - // - // params = new X962Parameters(ecP); - // } - // } - // - // BigInteger bX = this.q.getAffineXCoord().toBigInteger(); - // BigInteger bY = this.q.getAffineYCoord().toBigInteger(); - // byte[] encKey = new byte[64]; - // - // extractBytes(encKey, 0, bX); - // extractBytes(encKey, 32, bY); - // - // try - // { - // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); - // } - // catch (IOException e) - // { - // return null; - // } - // } - // else - // END android-removed + // BEGIN Android-removed: Unsupported algorithms + /* + if (algorithm.equals("ECGOST3410")) + { + if (gostParams != null) + { + params = gostParams; + } + else + { + if (ecSpec instanceof ECNamedCurveSpec) + { + params = new GOST3410PublicKeyAlgParameters( + ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), + CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); + } + else + { // strictly speaking this may not be applicable... + ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); + + X9ECParameters ecP = new X9ECParameters( + curve, + EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), + ecSpec.getOrder(), + BigInteger.valueOf(ecSpec.getCofactor()), + ecSpec.getCurve().getSeed()); + + params = new X962Parameters(ecP); + } + } + + BigInteger bX = this.q.getAffineXCoord().toBigInteger(); + BigInteger bY = this.q.getAffineYCoord().toBigInteger(); + byte[] encKey = new byte[64]; + + extractBytes(encKey, 0, bX); + extractBytes(encKey, 32, bY); + + try + { + info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); + } + catch (IOException e) + { + return null; + } + } + else + */ + // END Android-removed: Unsupported algorithms { if (ecSpec instanceof ECNamedCurveSpec) { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java index b53b7aa2..97a38aca 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java @@ -88,24 +88,26 @@ class PKIXCRLUtil { Object obj = iter.next(); - // BEGIN android-removed - // if (obj instanceof Store) - // { - // Store store = (Store)obj; - - // try - // { - // crls.addAll(store.getMatches(crlSelect)); - // foundValidStore = true; - // } - // catch (StoreException e) - // { - // lastException = new AnnotatedException( - // "Exception searching in X.509 CRL store.", e); - // } - // } - // else - // END android-removed + // BEGIN Android-removed: Unknown reason + /* + if (obj instanceof Store) + { + Store store = (Store)obj; + + try + { + crls.addAll(store.getMatches(crlSelect)); + foundValidStore = true; + } + catch (StoreException e) + { + lastException = new AnnotatedException( + "Exception searching in X.509 CRL store.", e); + } + } + else + */ + // END Android-removed: Unknown reason { CertStore store = (CertStore)obj; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 5d49d889..bd2331ab 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -1,8 +1,8 @@ package org.bouncycastle.jce.provider; -// BEGIN android-added +// BEGIN Android-added: Blacklist support import java.math.BigInteger; -// END android-added +// END Android-added: Blacklist support import java.security.InvalidAlgorithmParameterException; import java.security.PublicKey; import java.security.cert.CertPath; @@ -45,11 +45,11 @@ public class PKIXCertPathValidatorSpi public PKIXCertPathValidatorSpi() { } - // BEGIN android-added + // BEGIN Android-added: Avoid loading blacklist during class init private static class NoPreloadHolder { private final static CertBlacklist blacklist = new CertBlacklist(); } - // END android-added + // END Android-added: Avoid loading blacklist during class init public CertPathValidatorResult engineValidate( CertPath certPath, @@ -105,7 +105,7 @@ public class PKIXCertPathValidatorSpi { throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1); } - // BEGIN android-added + // BEGIN Android-added: Support blacklisting known-bad certs { X509Certificate cert = (X509Certificate) certs.get(0); @@ -120,7 +120,7 @@ public class PKIXCertPathValidatorSpi } } } - // END android-added + // END Android-added: Support blacklisting known-bad certs // // (b) @@ -300,7 +300,7 @@ public class PKIXCertPathValidatorSpi for (index = certs.size() - 1; index >= 0; index--) { - // BEGIN android-added + // BEGIN Android-added: Support blacklisting known-bad certs if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of public key " + workingPublicKey; @@ -308,7 +308,7 @@ public class PKIXCertPathValidatorSpi AnnotatedException e = new AnnotatedException(message); throw new CertPathValidatorException(e.getMessage(), e, certPath, index); } - // END android-added + // END Android-added: Support blacklisting known-bad certs // try // { // diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java index 4a0166b2..a35fa650 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java @@ -58,9 +58,9 @@ import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.KeyUsage; -// BEGIN android-added +// BEGIN Android-added: Unknown reason import org.bouncycastle.asn1.x509.X509Name; -// END android-added +// END Android-added: Unknown reason import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; @@ -570,20 +570,20 @@ public class X509CertificateObject } } - // BEGIN android-changed + // BEGIN Android-added: Cache encoded certificates private byte[] encoded; - // END android-changed + // END Android-added: Cache encoded certificates public byte[] getEncoded() throws CertificateEncodingException { try { - // BEGIN android-changed + // BEGIN Android-changed: Cache encoded certificates if (encoded == null) { encoded = c.getEncoded(ASN1Encoding.DER); } return encoded; - // END android-changed + // END Android-changed: Cache encoded certificates } catch (IOException e) { @@ -904,9 +904,9 @@ public class X509CertificateObject list.add(genName.getEncoded()); break; case GeneralName.directoryName: - // BEGIN android-changed + // BEGIN Android-changed: Unknown reason list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols)); - // END android-changed + // END Android-changed: Unknown reason break; case GeneralName.dNSName: case GeneralName.rfc822Name: diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java index b12b1df7..a2ac86f8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java @@ -14,9 +14,8 @@ import org.bouncycastle.asn1.ASN1Null; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERNull; -// BEGIN android-removed +// Android-removed: Unsupported algorithms // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -68,14 +67,16 @@ class X509SignatureUtil if (params != null && !derNull.equals(params)) { - // BEGIN android-removed - // if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - // { - // RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - // - // return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; - // } - // END android-removed + // BEGIN Android-removed: Unsupported algorithms + /* + if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) + { + RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); + + return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; + } + */ + // END Android-removed: Unsupported algorithms if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) { ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); @@ -118,24 +119,26 @@ class X509SignatureUtil { return "SHA512"; } - // BEGIN android-removed - // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - // { - // return "RIPEMD128"; - // } - // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - // { - // return "RIPEMD160"; - // } - // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - // { - // return "RIPEMD256"; - // } - // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - // { - // return "GOST3411"; - // } - // END android-removed + // BEGIN Android-removed: Unsupported algorithms + /* + else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) + { + return "RIPEMD128"; + } + else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) + { + return "RIPEMD160"; + } + else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) + { + return "RIPEMD256"; + } + else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) + { + return "GOST3411"; + } + */ + // END Android-removed: Unsupported algorithms else { return digestAlgOID.getId(); |