diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2024-03-04 21:09:20 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2024-03-04 21:09:20 +0700 |
| commit | 4fab3eb443554ebc060043ef8972d1b7bc6ee0f8 (patch) | |
| tree | 38a5f04424dec086214f92860af141b160d7f8fc | |
| parent | Add regression test for #524 (diff) | |
| download | BouncyCastle.NET-ed25519-4fab3eb443554ebc060043ef8972d1b7bc6ee0f8.tar.xz | |
Add other dhSinglePass OID entries to registries
| -rw-r--r-- | crypto/src/cms/CMSEnvelopedGenerator.cs | 14 | ||||
| -rw-r--r-- | crypto/src/cms/CMSUtils.cs | 45 | ||||
| -rw-r--r-- | crypto/src/security/AgreementUtilities.cs | 43 | ||||
| -rw-r--r-- | crypto/src/security/GeneratorUtilities.cs | 12 |
4 files changed, 102 insertions, 12 deletions
diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs index a0c73be67..bd5eaa84f 100644 --- a/crypto/src/cms/CMSEnvelopedGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedGenerator.cs @@ -112,12 +112,24 @@ namespace Org.BouncyCastle.Cms public static readonly string Gost28147Wrap = CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap.Id; public static readonly string Gost28147CryptoProWrap = CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.Id; - public static readonly string ECCDHSha1Kdf = X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id; public static readonly string ECDHSha1Kdf = X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme.Id; + public static readonly string ECCDHSha1Kdf = X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id; public static readonly string ECMqvSha1Kdf = X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Id; + + public static readonly string ECDHSha224Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme.Id; + public static readonly string ECCDHSha224Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme.Id; public static readonly string ECMqvSha224Kdf = SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme.Id; + + public static readonly string ECDHSha256Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme.Id; + public static readonly string ECCDHSha256Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme.Id; public static readonly string ECMqvSha256Kdf = SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme.Id; + + public static readonly string ECDHSha384Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme.Id; + public static readonly string ECCDHSha384Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme.Id; public static readonly string ECMqvSha384Kdf = SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme.Id; + + public static readonly string ECDHSha512Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme.Id; + public static readonly string ECCDHSha512Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme.Id; public static readonly string ECMqvSha512Kdf = SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme.Id; internal readonly IList<RecipientInfoGenerator> recipientInfoGenerators = new List<RecipientInfoGenerator>(); diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs index 7cf0d6153..de38f9ad3 100644 --- a/crypto/src/cms/CMSUtils.cs +++ b/crypto/src/cms/CMSUtils.cs @@ -4,7 +4,9 @@ using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; +using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.Ocsp; +using Org.BouncyCastle.Asn1.Rosstandart; using Org.BouncyCastle.Asn1.Sec; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; @@ -20,7 +22,41 @@ namespace Org.BouncyCastle.Cms // TODO Is there a .NET equivalent to this? // private static readonly Runtime RUNTIME = Runtime.getRuntime(); - internal static int MaximumMemory + private static readonly HashSet<DerObjectIdentifier> ECAlgorithms = new HashSet<DerObjectIdentifier>(); + private static readonly HashSet<DerObjectIdentifier> GostAlgorithms = new HashSet<DerObjectIdentifier>(); + private static readonly HashSet<DerObjectIdentifier> MqvAlgorithms = new HashSet<DerObjectIdentifier>(); + + static CmsUtilities() + { + ECAlgorithms.Add(X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme); + ECAlgorithms.Add(X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme); + ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme); + + GostAlgorithms.Add(CryptoProObjectIdentifiers.GostR3410x2001CryptoProESDH); + GostAlgorithms.Add(RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_256); + GostAlgorithms.Add(RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_512); + + MqvAlgorithms.Add(X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme); + MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme); + MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme); + MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme); + MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme); + } + + internal static bool IsEC(DerObjectIdentifier oid) => ECAlgorithms.Contains(oid); + + internal static bool IsGost(DerObjectIdentifier oid) => GostAlgorithms.Contains(oid); + + internal static bool IsMqv(DerObjectIdentifier oid) => MqvAlgorithms.Contains(oid); + + internal static int MaximumMemory { get { @@ -234,12 +270,5 @@ namespace Org.BouncyCastle.Cms throw new ArgumentException("cannot add unsuccessful OCSP response to CMS SignedData"); } } - - internal static bool IsMqv(DerObjectIdentifier oid) => - X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Equals(oid) || - SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme.Equals(oid) || - SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme.Equals(oid) || - SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme.Equals(oid) || - SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme.Equals(oid); } } diff --git a/crypto/src/security/AgreementUtilities.cs b/crypto/src/security/AgreementUtilities.cs index 41dcb7435..8f1df4c89 100644 --- a/crypto/src/security/AgreementUtilities.cs +++ b/crypto/src/security/AgreementUtilities.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.EdEC; +using Org.BouncyCastle.Asn1.Sec; using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Agreement; @@ -22,10 +23,26 @@ namespace Org.BouncyCastle.Security static AgreementUtilities() { - AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF"; AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme] = "ECDHWITHSHA1KDF"; + AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF"; AlgorithmOidMap[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme] = "ECMQVWITHSHA1KDF"; + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme] = "ECDHWITHSHA224KDF"; + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme] = "ECCDHWITHSHA224KDF"; + AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme] = "ECMQVWITHSHA224KDF"; + + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme] = "ECDHWITHSHA256KDF"; + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme] = "ECCDHWITHSHA256KDF"; + AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme] = "ECMQVWITHSHA256KDF"; + + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme] = "ECDHWITHSHA384KDF"; + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme] = "ECCDHWITHSHA384KDF"; + AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme] = "ECMQVWITHSHA384KDF"; + + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme] = "ECDHWITHSHA512KDF"; + AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme] = "ECCDHWITHSHA512KDF"; + AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme] = "ECMQVWITHSHA512KDF"; + AlgorithmOidMap[EdECObjectIdentifiers.id_X25519] = "X25519"; AlgorithmOidMap[EdECObjectIdentifiers.id_X448] = "X448"; @@ -152,12 +169,36 @@ namespace Org.BouncyCastle.Security // 'DHWITHSHA1KDF' retained for backward compatibility if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF") return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); + if (mechanism == "ECDHWITHSHA224KDF") + return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest())); + if (mechanism == "ECDHWITHSHA256KDF") + return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest())); + if (mechanism == "ECDHWITHSHA384KDF") + return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest())); + if (mechanism == "ECDHWITHSHA512KDF") + return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest())); if (mechanism == "ECCDHWITHSHA1KDF") return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); + if (mechanism == "ECCDHWITHSHA224KDF") + return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest())); + if (mechanism == "ECCDHWITHSHA256KDF") + return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest())); + if (mechanism == "ECCDHWITHSHA384KDF") + return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest())); + if (mechanism == "ECCDHWITHSHA512KDF") + return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest())); if (mechanism == "ECMQVWITHSHA1KDF") return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest())); + if (mechanism == "ECMQVWITHSHA224KDF") + return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest())); + if (mechanism == "ECMQVWITHSHA256KDF") + return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest())); + if (mechanism == "ECMQVWITHSHA384KDF") + return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest())); + if (mechanism == "ECMQVWITHSHA512KDF") + return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest())); return null; } diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs index e22fbd139..bed981739 100644 --- a/crypto/src/security/GeneratorUtilities.cs +++ b/crypto/src/security/GeneratorUtilities.cs @@ -227,8 +227,16 @@ namespace Org.BouncyCastle.Security "DIFFIEHELLMAN"); AddKpgAlgorithm("DSA"); AddKpgAlgorithm("EC", - // TODO Should this be an alias for ECDH? - X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme); + X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme, + SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, + SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, + SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, + SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, + X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme, + SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, + SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, + SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, + SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme); AddKpgAlgorithm("ECDH", "ECIES"); AddKpgAlgorithm("ECDHC"); |