Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/BEROctetString.java

@@ -2,6 +2,8 @@
 
 import java.io.IOException;
 
+import org.bouncycastle.util.Arrays;
+
 /**
  * ASN.1 OctetStrings, with indefinite length rules, and <i>constructed form</i> support.
  * <p>
@@ -19,10 +21,37 @@
 public class BEROctetString
     extends ASN1OctetString
 {
-    private static final int DEFAULT_SEGMENT_LIMIT = 1000;
+    public static final BEROctetString EMPTY = new BEROctetString(EMPTY_OCTETS);
 
-    private final int segmentLimit;
-    private final ASN1OctetString[] elements;
+    public static BEROctetString fromContents(byte[] contents)
+    {
+        if (contents == null)
+        {
+            throw new NullPointerException("'contents' cannot be null");
+        }
+
+        return internalFromContents(contents);
+    }
+
+    public static BEROctetString fromContentsOptional(byte[] contents)
+    {
+        return contents == null ? null : internalFromContents(contents);
+    }
+
+    public static BEROctetString withContents(byte[] contents)
+    {
+        if (contents == null)
+        {
+            throw new NullPointerException("'contents' cannot be null");
+        }
+
+        return internalWithContents(contents);
+    }
+
+    public static BEROctetString withContentsOptional(byte[] contents)
+    {
+        return contents == null ? null : internalWithContents(contents);
+    }
 
     /**
      * Convert a vector of octet strings into a single byte string
@@ -58,6 +87,21 @@ static byte[] flattenOctetStrings(ASN1OctetString[] octetStrings)
         }
     }
 
+    static BEROctetString internalFromContents(byte[] contents)
+    {
+        return contents.length < 1 ? EMPTY : new BEROctetString(Arrays.clone(contents));
+    }
+
+    static BEROctetString internalWithContents(byte[] contents)
+    {
+        return contents.length < 1 ? EMPTY : new BEROctetString(contents);
+    }
+
+    private static final int DEFAULT_SEGMENT_LIMIT = 1000;
+
+    private final int segmentLimit;
+    private final ASN1OctetString[] elements;
+
     /**
      * Create an OCTET-STRING object from a byte[]
      * @param string the octets making up the octet string.

core/src/main/java/org/bouncycastle/asn1/DEROctetString.java

@@ -2,12 +2,56 @@
 
 import java.io.IOException;
 
+import org.bouncycastle.util.Arrays;
+
 /**
  * Carrier class for a DER encoding OCTET STRING
  */
 public class DEROctetString
     extends ASN1OctetString
 {
+    public static final DEROctetString EMPTY = new DEROctetString(EMPTY_OCTETS);
+
+    public static DEROctetString fromContents(byte[] contents)
+    {
+        if (contents == null)
+        {
+            throw new NullPointerException("'contents' cannot be null");
+        }
+
+        return internalFromContents(contents);
+    }
+
+    public static DEROctetString fromContentsOptional(byte[] contents)
+    {
+        return contents == null ? null : internalFromContents(contents);
+    }
+
+    public static DEROctetString withContents(byte[] contents)
+    {
+        if (contents == null)
+        {
+            throw new NullPointerException("'contents' cannot be null");
+        }
+
+        return internalWithContents(contents);
+    }
+
+    public static DEROctetString withContentsOptional(byte[] contents)
+    {
+        return contents == null ? null : internalWithContents(contents);
+    }
+
+    static DEROctetString internalFromContents(byte[] contents)
+    {
+        return contents.length < 1 ? EMPTY : new DEROctetString(Arrays.clone(contents));
+    }
+
+    static DEROctetString internalWithContents(byte[] contents)
+    {
+        return contents.length < 1 ? EMPTY : new DEROctetString(contents);
+    }
+
     /**
      * Base constructor.
      *

core/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java

@@ -15,8 +15,9 @@
  */
 public interface SECObjectIdentifiers
 {
-    /** Base OID: 1.3.132.0 */
-    static final ASN1ObjectIdentifier ellipticCurve = new ASN1ObjectIdentifier("1.3.132.0");
+    static final ASN1ObjectIdentifier certicom = new ASN1ObjectIdentifier("1.3.132");
+
+    static final ASN1ObjectIdentifier ellipticCurve = certicom.branch("0");
 
     /**  sect163k1 OID: 1.3.132.0.1 */
     static final ASN1ObjectIdentifier sect163k1 = ellipticCurve.branch("1");
@@ -86,25 +87,52 @@ public interface SECObjectIdentifiers
     /**  secp256r1 OID: 1.3.132.0.prime256v1 */
     static final ASN1ObjectIdentifier secp256r1 = X9ObjectIdentifiers.prime256v1;
 
-    static final ASN1ObjectIdentifier secg_scheme = new ASN1ObjectIdentifier("1.3.132.1");
+    static final ASN1ObjectIdentifier secg_scheme = certicom.branch("1");
+
+    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_recommendedKDF = secg_scheme.branch("1");
+    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_specifiedKDF = secg_scheme.branch("2");
+    static final ASN1ObjectIdentifier mqvSinglePass_recommendedKDF = secg_scheme.branch("3");
+    static final ASN1ObjectIdentifier mqvSinglePass_specifiedKDF = secg_scheme.branch("4");
+    static final ASN1ObjectIdentifier mqvFull_recommendedKDF = secg_scheme.branch("5");
+    static final ASN1ObjectIdentifier mqvFull_specifiedKDF = secg_scheme.branch("6");
+    static final ASN1ObjectIdentifier ecies_recommendedParameters = secg_scheme.branch("7");
+    static final ASN1ObjectIdentifier ecies_specifiedParameters = secg_scheme.branch("8");
+
+    static final ASN1ObjectIdentifier dhSinglePass_stdDH_kdf_schemes = secg_scheme.branch("11");
+
+    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha224kdf_scheme = dhSinglePass_stdDH_kdf_schemes.branch("0");
+    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha256kdf_scheme = dhSinglePass_stdDH_kdf_schemes.branch("1");
+    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha384kdf_scheme = dhSinglePass_stdDH_kdf_schemes.branch("2");
+    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha512kdf_scheme = dhSinglePass_stdDH_kdf_schemes.branch("3");
+
+    static final ASN1ObjectIdentifier ecdh = secg_scheme.branch("12");
+    static final ASN1ObjectIdentifier ecmqv = secg_scheme.branch("13");
+
+    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_kdf_schemes = secg_scheme.branch("14");
+
+    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha224kdf_scheme = dhSinglePass_cofactorDH_kdf_schemes.branch("0");
+    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha256kdf_scheme = dhSinglePass_cofactorDH_kdf_schemes.branch("1");
+    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha384kdf_scheme = dhSinglePass_cofactorDH_kdf_schemes.branch("2");
+    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha512kdf_scheme = dhSinglePass_cofactorDH_kdf_schemes.branch("3");
+
+    static final ASN1ObjectIdentifier mqvSinglePass_kdf_schemes = secg_scheme.branch("15");
+
+    static final ASN1ObjectIdentifier mqvSinglePass_sha224kdf_scheme = mqvSinglePass_kdf_schemes.branch("0");
+    static final ASN1ObjectIdentifier mqvSinglePass_sha256kdf_scheme = mqvSinglePass_kdf_schemes.branch("1");
+    static final ASN1ObjectIdentifier mqvSinglePass_sha384kdf_scheme = mqvSinglePass_kdf_schemes.branch("2");
+    static final ASN1ObjectIdentifier mqvSinglePass_sha512kdf_scheme = mqvSinglePass_kdf_schemes.branch("3");
 
-    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha224kdf_scheme = secg_scheme.branch("11.0");
-    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha256kdf_scheme = secg_scheme.branch("11.1");
-    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha384kdf_scheme = secg_scheme.branch("11.2");
-    static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha512kdf_scheme = secg_scheme.branch("11.3");
+    static final ASN1ObjectIdentifier mqvFull_kdf_schemes = secg_scheme.branch("16");
 
-    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha224kdf_scheme = secg_scheme.branch("14.0");
-    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha256kdf_scheme = secg_scheme.branch("14.1");
-    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha384kdf_scheme = secg_scheme.branch("14.2");
-    static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha512kdf_scheme = secg_scheme.branch("14.3");
+    static final ASN1ObjectIdentifier mqvFull_sha224kdf_scheme = mqvFull_kdf_schemes.branch("0");
+    static final ASN1ObjectIdentifier mqvFull_sha256kdf_scheme = mqvFull_kdf_schemes.branch("1");
+    static final ASN1ObjectIdentifier mqvFull_sha384kdf_scheme = mqvFull_kdf_schemes.branch("2");
+    static final ASN1ObjectIdentifier mqvFull_sha512kdf_scheme = mqvFull_kdf_schemes.branch("3");
 
-    static final ASN1ObjectIdentifier mqvSinglePass_sha224kdf_scheme = secg_scheme.branch("15.0");
-    static final ASN1ObjectIdentifier mqvSinglePass_sha256kdf_scheme = secg_scheme.branch("15.1");
-    static final ASN1ObjectIdentifier mqvSinglePass_sha384kdf_scheme = secg_scheme.branch("15.2");
-    static final ASN1ObjectIdentifier mqvSinglePass_sha512kdf_scheme = secg_scheme.branch("15.3");
+    static final ASN1ObjectIdentifier kdf_algorithms = secg_scheme.branch("17");
 
-    static final ASN1ObjectIdentifier mqvFull_sha224kdf_scheme = secg_scheme.branch("16.0");
-    static final ASN1ObjectIdentifier mqvFull_sha256kdf_scheme = secg_scheme.branch("16.1");
-    static final ASN1ObjectIdentifier mqvFull_sha384kdf_scheme = secg_scheme.branch("16.2");
-    static final ASN1ObjectIdentifier mqvFull_sha512kdf_scheme = secg_scheme.branch("16.3");
+    static final ASN1ObjectIdentifier x9_63_kdf = kdf_algorithms.branch("0");
+    static final ASN1ObjectIdentifier nist_concatenation_kdf = kdf_algorithms.branch("1");
+    static final ASN1ObjectIdentifier tls_kdf = kdf_algorithms.branch("2");
+    static final ASN1ObjectIdentifier ikev2_kdf = kdf_algorithms.branch("3");
 }

core/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java

@@ -161,6 +161,7 @@ public interface X9ObjectIdentifiers
      * <p>
      * Base OID: 1.3.133.16.840.63.0
      */
+    // TODO Seems this ought to be be 1.3.133.16.840.9.63.0, but may be in common use
     ASN1ObjectIdentifier x9_63_scheme = new ASN1ObjectIdentifier("1.3.133.16.840.63.0");
     /** OID: 1.3.133.16.840.63.0.2 */
     ASN1ObjectIdentifier dhSinglePass_stdDH_sha1kdf_scheme      = x9_63_scheme.branch("2");

core/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java

@@ -152,8 +152,16 @@ else if (algOID.equals(X9ObjectIdentifiers.id_dsa))
 
             return new DSAPrivateKeyParameters(derX.getValue(), parameters);
         }
+        /*
+         * TODO id-ecDH (SECObjectIdentifiers.ecdh) and/or id-ecMQV (SECObjectIdentifiers.ecmqv) could be supported if
+         * we could properly restrict usage of the resulting key.
+         */
         else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey))
         {
+            /*
+             * TODO Consistency checks in case parameters and/or public key are specified at both the
+             * PrivateKeyInfo and ECPrivateKey levels?
+             */
             ECPrivateKey ecPrivateKey = ECPrivateKey.getInstance(keyInfo.parsePrivateKey());
 
             X962Parameters parameters = X962Parameters.getInstance(algId.getParameters().toASN1Primitive());

core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java

@@ -81,6 +81,10 @@ public class PublicKeyFactory
         converters.put(X9ObjectIdentifiers.id_dsa, new DSAConverter());
         converters.put(OIWObjectIdentifiers.dsaWithSHA1, new DSAConverter());
         converters.put(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalConverter());
+        /*
+         * TODO id-ecDH (SECObjectIdentifiers.ecdh) and/or id-ecMQV (SECObjectIdentifiers.ecmqv) could be supported if
+         * we could properly restrict usage of the resulting key.
+         */
         converters.put(X9ObjectIdentifiers.id_ecPublicKey, new ECConverter());
         converters.put(CryptoProObjectIdentifiers.gostR3410_2001, new GOST3410_2001Converter());
         converters.put(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256, new GOST3410_2012Converter());

pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java

@@ -61,18 +61,16 @@
 
 class CMSUtils
 {
-    private static final Set<String> des = new HashSet<String>();
+    private static final Set desAlgs = new HashSet();
     private static final Set mqvAlgs = new HashSet();
     private static final Set ecAlgs = new HashSet();
     private static final Set gostAlgs = new HashSet();
 
     static
     {
-        des.add("DES");
-        des.add("DESEDE");
-        des.add(OIWObjectIdentifiers.desCBC.getId());
-        des.add(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
-        des.add(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId());
+        desAlgs.add(OIWObjectIdentifiers.desCBC);
+        desAlgs.add(PKCSObjectIdentifiers.des_EDE3_CBC);
+        desAlgs.add(PKCSObjectIdentifiers.id_alg_CMS3DESwrap);
 
         mqvAlgs.add(X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme);
         mqvAlgs.add(SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme);
@@ -113,14 +111,13 @@ static boolean isGOST(ASN1ObjectIdentifier algorithm)
 
     static boolean isRFC2631(ASN1ObjectIdentifier algorithm)
     {
-        return algorithm.equals(PKCSObjectIdentifiers.id_alg_ESDH) || algorithm.equals(PKCSObjectIdentifiers.id_alg_SSDH);
+        return PKCSObjectIdentifiers.id_alg_ESDH.equals(algorithm)
+            || PKCSObjectIdentifiers.id_alg_SSDH.equals(algorithm);
     }
 
-    static boolean isDES(String algorithmID)
+    static boolean isDES(ASN1ObjectIdentifier algorithm)
     {
-        String name = Strings.toUpperCase(algorithmID);
-
-        return des.contains(name);
+        return desAlgs.contains(algorithm);
     }
 
     static boolean isEquivalent(AlgorithmIdentifier algId1, AlgorithmIdentifier algId2)

pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java

@@ -1,6 +1,8 @@
 package org.bouncycastle.cms;
 
+import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DEROctetString;
@@ -18,64 +20,50 @@
 public abstract class KeyAgreeRecipientInfoGenerator
     implements RecipientInfoGenerator
 {
-    private ASN1ObjectIdentifier keyAgreementOID;
-    private ASN1ObjectIdentifier keyEncryptionOID;
-    private SubjectPublicKeyInfo originatorKeyInfo;
+    private final ASN1ObjectIdentifier keyAgreementOID;
+    private final ASN1ObjectIdentifier keyEncryptionOID;
+    private final SubjectPublicKeyInfo originatorKeyInfo;
 
-    protected KeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, SubjectPublicKeyInfo originatorKeyInfo, ASN1ObjectIdentifier keyEncryptionOID)
+    protected KeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID,
+        SubjectPublicKeyInfo originatorKeyInfo, ASN1ObjectIdentifier keyEncryptionOID)
     {
         this.originatorKeyInfo = originatorKeyInfo;
         this.keyAgreementOID = keyAgreementOID;
         this.keyEncryptionOID = keyEncryptionOID;
     }
 
-    public RecipientInfo generate(GenericKey contentEncryptionKey)
-        throws CMSException
+    public RecipientInfo generate(GenericKey contentEncryptionKey) throws CMSException
     {
-        OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey(
-            createOriginatorPublicKey(originatorKeyInfo));
+        OriginatorPublicKey originatorPublicKey = createOriginatorPublicKey(originatorKeyInfo); 
+        OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey(originatorPublicKey);
 
-        AlgorithmIdentifier keyEncAlg;
-        if (CMSUtils.isDES(keyEncryptionOID.getId()) || keyEncryptionOID.equals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap))
+        ASN1Encodable keyEncAlgParams = null;
+        if (CMSUtils.isDES(keyEncryptionOID) || PKCSObjectIdentifiers.id_alg_CMSRC2wrap.equals(keyEncryptionOID))
         {
-            keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, DERNull.INSTANCE);
+            keyEncAlgParams = DERNull.INSTANCE;
         }
         else if (CMSUtils.isGOST(keyAgreementOID))
         {
-            keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, new Gost2814789KeyWrapParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet));
-        }
-        else
-        {
-            keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID);
+            keyEncAlgParams = new Gost2814789KeyWrapParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet);
         }
 
-        AlgorithmIdentifier keyAgreeAlg = new AlgorithmIdentifier(keyAgreementOID, keyEncAlg);
+        AlgorithmIdentifier keyEncAlgorithm = new AlgorithmIdentifier(keyEncryptionOID, keyEncAlgParams);
+        AlgorithmIdentifier keyAgreeAlgorithm = new AlgorithmIdentifier(keyAgreementOID, keyEncAlgorithm);
 
-        ASN1Sequence recipients = generateRecipientEncryptedKeys(keyAgreeAlg, keyEncAlg, contentEncryptionKey);
-        byte[] userKeyingMaterial = getUserKeyingMaterial(keyAgreeAlg);
+        ASN1Sequence recipients = generateRecipientEncryptedKeys(keyAgreeAlgorithm, keyEncAlgorithm, contentEncryptionKey);
 
-        if (userKeyingMaterial != null)
-        {
-            return new RecipientInfo(new KeyAgreeRecipientInfo(originator, new DEROctetString(userKeyingMaterial),
-                keyAgreeAlg, recipients));
-        }
-        else
-        {
-            return new RecipientInfo(new KeyAgreeRecipientInfo(originator, null, keyAgreeAlg, recipients));
-        }
+        ASN1OctetString ukm = DEROctetString.fromContentsOptional(getUserKeyingMaterial(keyAgreeAlgorithm));
+
+        return new RecipientInfo(new KeyAgreeRecipientInfo(originator, ukm, keyAgreeAlgorithm, recipients));
     }
 
     protected OriginatorPublicKey createOriginatorPublicKey(SubjectPublicKeyInfo originatorKeyInfo)
     {
-        return new OriginatorPublicKey(
-            originatorKeyInfo.getAlgorithm(),
-            originatorKeyInfo.getPublicKeyData().getBytes());
+        return new OriginatorPublicKey(originatorKeyInfo.getAlgorithm(), originatorKeyInfo.getPublicKeyData());
     }
 
-    protected abstract ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncAlgorithm, GenericKey contentEncryptionKey)
-        throws CMSException;
-
-    protected abstract byte[] getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlgorithm)
-        throws CMSException;
+    protected abstract ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm,
+        AlgorithmIdentifier keyEncAlgorithm, GenericKey contentEncryptionKey) throws CMSException;
 
-}
+    protected abstract byte[] getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlgorithm) throws CMSException;
+}