diff options
Diffstat (limited to 'crypto/src/security')
| -rw-r--r-- | crypto/src/security/GeneratorUtilities.cs | 28 | ||||
| -rw-r--r-- | crypto/src/security/ParameterUtilities.cs | 21 | ||||
| -rw-r--r-- | crypto/src/security/PrivateKeyFactory.cs | 22 | ||||
| -rw-r--r-- | crypto/src/security/PublicKeyFactory.cs | 8 | ||||
| -rw-r--r-- | crypto/src/security/SecurityUtilities.cs | 13 | ||||
| -rw-r--r-- | crypto/src/security/SignerUtilities.cs | 4 | ||||
| -rw-r--r-- | crypto/src/security/WrapperUtilities.cs | 17 |
7 files changed, 88 insertions, 25 deletions
diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs index 26898aaf8..c310cf399 100644 --- a/crypto/src/security/GeneratorUtilities.cs +++ b/crypto/src/security/GeneratorUtilities.cs @@ -12,6 +12,7 @@ using Org.BouncyCastle.Asn1.Ntt; using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.Rosstandart; +using Org.BouncyCastle.Asn1.Sec; using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Generators; @@ -37,32 +38,35 @@ namespace Org.BouncyCastle.Security AddKgAlgorithm("AES", "AESWRAP"); AddKgAlgorithm("AES128", - "2.16.840.1.101.3.4.2", + SecurityUtilities.WrongAes128, NistObjectIdentifiers.IdAes128Cbc, NistObjectIdentifiers.IdAes128Ccm, NistObjectIdentifiers.IdAes128Cfb, NistObjectIdentifiers.IdAes128Ecb, NistObjectIdentifiers.IdAes128Gcm, NistObjectIdentifiers.IdAes128Ofb, - NistObjectIdentifiers.IdAes128Wrap); + NistObjectIdentifiers.IdAes128Wrap, + NistObjectIdentifiers.IdAes128WrapPad); AddKgAlgorithm("AES192", - "2.16.840.1.101.3.4.22", + SecurityUtilities.WrongAes192, NistObjectIdentifiers.IdAes192Cbc, NistObjectIdentifiers.IdAes192Ccm, NistObjectIdentifiers.IdAes192Cfb, NistObjectIdentifiers.IdAes192Ecb, NistObjectIdentifiers.IdAes192Gcm, NistObjectIdentifiers.IdAes192Ofb, - NistObjectIdentifiers.IdAes192Wrap); + NistObjectIdentifiers.IdAes192Wrap, + NistObjectIdentifiers.IdAes192WrapPad); AddKgAlgorithm("AES256", - "2.16.840.1.101.3.4.42", + SecurityUtilities.WrongAes256, NistObjectIdentifiers.IdAes256Cbc, NistObjectIdentifiers.IdAes256Ccm, NistObjectIdentifiers.IdAes256Cfb, NistObjectIdentifiers.IdAes256Ecb, NistObjectIdentifiers.IdAes256Gcm, NistObjectIdentifiers.IdAes256Ofb, - NistObjectIdentifiers.IdAes256Wrap); + NistObjectIdentifiers.IdAes256Wrap, + NistObjectIdentifiers.IdAes256WrapPad); AddKgAlgorithm("BLOWFISH", "1.3.6.1.4.1.3029.1.2"); AddKgAlgorithm("CAMELLIA", @@ -75,6 +79,8 @@ namespace Org.BouncyCastle.Security NsriObjectIdentifiers.id_aria128_ctr, NsriObjectIdentifiers.id_aria128_ecb, NsriObjectIdentifiers.id_aria128_gcm, + NsriObjectIdentifiers.id_aria128_kw, + NsriObjectIdentifiers.id_aria128_kwp, NsriObjectIdentifiers.id_aria128_ocb2, NsriObjectIdentifiers.id_aria128_ofb); AddKgAlgorithm("ARIA192", @@ -84,6 +90,8 @@ namespace Org.BouncyCastle.Security NsriObjectIdentifiers.id_aria192_ctr, NsriObjectIdentifiers.id_aria192_ecb, NsriObjectIdentifiers.id_aria192_gcm, + NsriObjectIdentifiers.id_aria192_kw, + NsriObjectIdentifiers.id_aria192_kwp, NsriObjectIdentifiers.id_aria192_ocb2, NsriObjectIdentifiers.id_aria192_ofb); AddKgAlgorithm("ARIA256", @@ -93,6 +101,8 @@ namespace Org.BouncyCastle.Security NsriObjectIdentifiers.id_aria256_ctr, NsriObjectIdentifiers.id_aria256_ecb, NsriObjectIdentifiers.id_aria256_gcm, + NsriObjectIdentifiers.id_aria256_kw, + NsriObjectIdentifiers.id_aria256_kwp, NsriObjectIdentifiers.id_aria256_ocb2, NsriObjectIdentifiers.id_aria256_ofb); AddKgAlgorithm("CAMELLIA128", @@ -217,7 +227,11 @@ namespace Org.BouncyCastle.Security "ECIES"); AddKpgAlgorithm("ECDHC"); AddKpgAlgorithm("ECMQV", - X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme); + X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme, + SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, + SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, + SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, + SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme); AddKpgAlgorithm("ECDSA"); AddKpgAlgorithm("ECGOST3410", "ECGOST-3410", diff --git a/crypto/src/security/ParameterUtilities.cs b/crypto/src/security/ParameterUtilities.cs index d393e3d36..690195443 100644 --- a/crypto/src/security/ParameterUtilities.cs +++ b/crypto/src/security/ParameterUtilities.cs @@ -29,32 +29,35 @@ namespace Org.BouncyCastle.Security AddAlgorithm("AES", "AESWRAP"); AddAlgorithm("AES128", - "2.16.840.1.101.3.4.2", + SecurityUtilities.WrongAes128, NistObjectIdentifiers.IdAes128Cbc, NistObjectIdentifiers.IdAes128Ccm, NistObjectIdentifiers.IdAes128Cfb, NistObjectIdentifiers.IdAes128Ecb, NistObjectIdentifiers.IdAes128Gcm, NistObjectIdentifiers.IdAes128Ofb, - NistObjectIdentifiers.IdAes128Wrap); + NistObjectIdentifiers.IdAes128Wrap, + NistObjectIdentifiers.IdAes128WrapPad); AddAlgorithm("AES192", - "2.16.840.1.101.3.4.22", + SecurityUtilities.WrongAes192, NistObjectIdentifiers.IdAes192Cbc, NistObjectIdentifiers.IdAes192Ccm, NistObjectIdentifiers.IdAes192Cfb, NistObjectIdentifiers.IdAes192Ecb, NistObjectIdentifiers.IdAes192Gcm, NistObjectIdentifiers.IdAes192Ofb, - NistObjectIdentifiers.IdAes192Wrap); + NistObjectIdentifiers.IdAes192Wrap, + NistObjectIdentifiers.IdAes192WrapPad); AddAlgorithm("AES256", - "2.16.840.1.101.3.4.42", + SecurityUtilities.WrongAes256, NistObjectIdentifiers.IdAes256Cbc, NistObjectIdentifiers.IdAes256Ccm, NistObjectIdentifiers.IdAes256Cfb, NistObjectIdentifiers.IdAes256Ecb, NistObjectIdentifiers.IdAes256Gcm, NistObjectIdentifiers.IdAes256Ofb, - NistObjectIdentifiers.IdAes256Wrap); + NistObjectIdentifiers.IdAes256Wrap, + NistObjectIdentifiers.IdAes256WrapPad); AddAlgorithm("ARIA"); AddAlgorithm("ARIA128", NsriObjectIdentifiers.id_aria128_cbc, @@ -63,6 +66,8 @@ namespace Org.BouncyCastle.Security NsriObjectIdentifiers.id_aria128_ctr, NsriObjectIdentifiers.id_aria128_ecb, NsriObjectIdentifiers.id_aria128_gcm, + NsriObjectIdentifiers.id_aria128_kw, + NsriObjectIdentifiers.id_aria128_kwp, NsriObjectIdentifiers.id_aria128_ocb2, NsriObjectIdentifiers.id_aria128_ofb); AddAlgorithm("ARIA192", @@ -72,6 +77,8 @@ namespace Org.BouncyCastle.Security NsriObjectIdentifiers.id_aria192_ctr, NsriObjectIdentifiers.id_aria192_ecb, NsriObjectIdentifiers.id_aria192_gcm, + NsriObjectIdentifiers.id_aria192_kw, + NsriObjectIdentifiers.id_aria192_kwp, NsriObjectIdentifiers.id_aria192_ocb2, NsriObjectIdentifiers.id_aria192_ofb); AddAlgorithm("ARIA256", @@ -81,6 +88,8 @@ namespace Org.BouncyCastle.Security NsriObjectIdentifiers.id_aria256_ctr, NsriObjectIdentifiers.id_aria256_ecb, NsriObjectIdentifiers.id_aria256_gcm, + NsriObjectIdentifiers.id_aria256_kw, + NsriObjectIdentifiers.id_aria256_kwp, NsriObjectIdentifiers.id_aria256_ocb2, NsriObjectIdentifiers.id_aria256_ofb); AddAlgorithm("BLOWFISH", diff --git a/crypto/src/security/PrivateKeyFactory.cs b/crypto/src/security/PrivateKeyFactory.cs index d6fa87943..205a604a8 100644 --- a/crypto/src/security/PrivateKeyFactory.cs +++ b/crypto/src/security/PrivateKeyFactory.cs @@ -148,10 +148,11 @@ namespace Org.BouncyCastle.Security gostParams.DigestParamSet, gostParams.EncryptionParamSet); - Asn1OctetString privEnc = keyInfo.PrivateKeyData; - if (privEnc.GetOctets().Length == 32 || privEnc.GetOctets().Length == 64) + int privateKeyLength = keyInfo.PrivateKeyLength; + + if (privateKeyLength == 32 || privateKeyLength == 64) { - d = new BigInteger(1, privEnc.GetOctets(), bigEndian: false); + d = new BigInteger(1, keyInfo.PrivateKey.GetOctets(), bigEndian: false); } else { @@ -241,10 +242,18 @@ namespace Org.BouncyCastle.Security else if (algOid.Equals(EdECObjectIdentifiers.id_X25519) || algOid.Equals(CryptlibObjectIdentifiers.curvey25519)) { + // Java 11 bug: exact length of X25519/X448 secret used in Java 11 + if (X25519PrivateKeyParameters.KeySize == keyInfo.PrivateKeyLength) + return new X25519PrivateKeyParameters(keyInfo.PrivateKey.GetOctets()); + return new X25519PrivateKeyParameters(GetRawKey(keyInfo)); } else if (algOid.Equals(EdECObjectIdentifiers.id_X448)) { + // Java 11 bug: exact length of X25519/X448 secret used in Java 11 + if (X448PrivateKeyParameters.KeySize == keyInfo.PrivateKeyLength) + return new X448PrivateKeyParameters(keyInfo.PrivateKey.GetOctets()); + return new X448PrivateKeyParameters(GetRawKey(keyInfo)); } else if (algOid.Equals(EdECObjectIdentifiers.id_Ed25519) @@ -277,10 +286,11 @@ namespace Org.BouncyCastle.Security gostParams.DigestParamSet, gostParams.EncryptionParamSet); - Asn1OctetString privEnc = keyInfo.PrivateKeyData; - if (privEnc.GetOctets().Length == 32 || privEnc.GetOctets().Length == 64) + int privateKeyLength = keyInfo.PrivateKeyLength; + + if (privateKeyLength == 32 || privateKeyLength == 64) { - d = new BigInteger(1, privEnc.GetOctets(), bigEndian: false); + d = new BigInteger(1, keyInfo.PrivateKey.GetOctets(), bigEndian: false); } else { diff --git a/crypto/src/security/PublicKeyFactory.cs b/crypto/src/security/PublicKeyFactory.cs index d3ecef5c7..dd34b84ff 100644 --- a/crypto/src/security/PublicKeyFactory.cs +++ b/crypto/src/security/PublicKeyFactory.cs @@ -41,7 +41,7 @@ namespace Org.BouncyCastle.Security public static AsymmetricKeyParameter CreateKey( SubjectPublicKeyInfo keyInfo) { - AlgorithmIdentifier algID = keyInfo.AlgorithmID; + AlgorithmIdentifier algID = keyInfo.Algorithm; DerObjectIdentifier algOid = algID.Algorithm; // TODO See RSAUtil.isRsaOid in Java build @@ -139,7 +139,7 @@ namespace Org.BouncyCastle.Security x9 = new X9ECParameters((Asn1Sequence)para.Parameters); } - Asn1OctetString key = new DerOctetString(keyInfo.PublicKeyData.GetBytes()); + Asn1OctetString key = new DerOctetString(keyInfo.PublicKey.GetBytes()); X9ECPoint derQ = new X9ECPoint(x9.Curve, key); ECPoint q = derQ.Point; @@ -287,7 +287,7 @@ namespace Org.BouncyCastle.Security * TODO[RFC 8422] * - Require keyInfo.Algorithm.Parameters == null? */ - return keyInfo.PublicKeyData.GetOctetsSpan(); + return keyInfo.PublicKey.GetOctetsSpan(); } #else private static byte[] GetRawKey(SubjectPublicKeyInfo keyInfo) @@ -296,7 +296,7 @@ namespace Org.BouncyCastle.Security * TODO[RFC 8422] * - Require keyInfo.Algorithm.Parameters == null? */ - return keyInfo.PublicKeyData.GetOctets(); + return keyInfo.PublicKey.GetOctets(); } #endif diff --git a/crypto/src/security/SecurityUtilities.cs b/crypto/src/security/SecurityUtilities.cs new file mode 100644 index 000000000..ff24c6e1e --- /dev/null +++ b/crypto/src/security/SecurityUtilities.cs @@ -0,0 +1,13 @@ +namespace Org.BouncyCastle.Security +{ + internal static class SecurityUtilities + { + /* + * These three got introduced in some messages as a result of a typo in an early document. We don't produce + * anything using these OID values, but we'll read them. + */ + internal static readonly string WrongAes128 = "2.16.840.1.101.3.4.2"; + internal static readonly string WrongAes192 = "2.16.840.1.101.3.4.22"; + internal static readonly string WrongAes256 = "2.16.840.1.101.3.4.42"; + } +} diff --git a/crypto/src/security/SignerUtilities.cs b/crypto/src/security/SignerUtilities.cs index 917759a8e..918356450 100644 --- a/crypto/src/security/SignerUtilities.cs +++ b/crypto/src/security/SignerUtilities.cs @@ -726,7 +726,7 @@ namespace Org.BouncyCastle.Security return CollectionUtilities.GetValueOrNull(AlgorithmMap, oid.Id); } - // TODO Rename 'privateKey' to 'key' + // TODO[api] Rename 'privateKey' to 'key' public static ISigner InitSigner(DerObjectIdentifier algorithmOid, bool forSigning, AsymmetricKeyParameter privateKey, SecureRandom random) { @@ -736,7 +736,7 @@ namespace Org.BouncyCastle.Security return InitSigner(algorithmOid.Id, forSigning, privateKey, random); } - // TODO Rename 'privateKey' to 'key' + // TODO[api] Rename 'privateKey' to 'key' public static ISigner InitSigner(string algorithm, bool forSigning, AsymmetricKeyParameter privateKey, SecureRandom random) { diff --git a/crypto/src/security/WrapperUtilities.cs b/crypto/src/security/WrapperUtilities.cs index e7383a054..782259d9c 100644 --- a/crypto/src/security/WrapperUtilities.cs +++ b/crypto/src/security/WrapperUtilities.cs @@ -23,8 +23,10 @@ namespace Org.BouncyCastle.Security { AESRFC3211WRAP, AESWRAP, + AESWRAPPAD, ARIARFC3211WRAP, ARIAWRAP, + ARIAWRAPPAD, CAMELLIARFC3211WRAP, CAMELLIAWRAP, DESRFC3211WRAP, @@ -47,11 +49,22 @@ namespace Org.BouncyCastle.Security Algorithms[NistObjectIdentifiers.IdAes192Wrap.Id] = "AESWRAP"; Algorithms[NistObjectIdentifiers.IdAes256Wrap.Id] = "AESWRAP"; + Algorithms["AESKWP"] = "AESWRAPPAD"; + Algorithms[NistObjectIdentifiers.IdAes128WrapPad.Id] = "AESWRAPPAD"; + Algorithms[NistObjectIdentifiers.IdAes192WrapPad.Id] = "AESWRAPPAD"; + Algorithms[NistObjectIdentifiers.IdAes256WrapPad.Id] = "AESWRAPPAD"; + Algorithms["AESRFC5649WRAP"] = "AESWRAPPAD"; + Algorithms["ARIAKW"] = "ARIAWRAP"; Algorithms[NsriObjectIdentifiers.id_aria128_kw.Id] = "ARIAWRAP"; Algorithms[NsriObjectIdentifiers.id_aria192_kw.Id] = "ARIAWRAP"; Algorithms[NsriObjectIdentifiers.id_aria256_kw.Id] = "ARIAWRAP"; + Algorithms["ARIAKWP"] = "ARIAWRAPPAD"; + Algorithms[NsriObjectIdentifiers.id_aria128_kwp.Id] = "ARIAWRAPPAD"; + Algorithms[NsriObjectIdentifiers.id_aria192_kwp.Id] = "ARIAWRAPPAD"; + Algorithms[NsriObjectIdentifiers.id_aria256_kwp.Id] = "ARIAWRAPPAD"; + Algorithms[NttObjectIdentifiers.IdCamellia128Wrap.Id] = "CAMELLIAWRAP"; Algorithms[NttObjectIdentifiers.IdCamellia192Wrap.Id] = "CAMELLIAWRAP"; Algorithms[NttObjectIdentifiers.IdCamellia256Wrap.Id] = "CAMELLIAWRAP"; @@ -85,10 +98,14 @@ namespace Org.BouncyCastle.Security return new Rfc3211WrapEngine(AesUtilities.CreateEngine()); case WrapAlgorithm.AESWRAP: return new AesWrapEngine(); + case WrapAlgorithm.AESWRAPPAD: + return new AesWrapPadEngine(); case WrapAlgorithm.ARIARFC3211WRAP: return new Rfc3211WrapEngine(new AriaEngine()); case WrapAlgorithm.ARIAWRAP: return new AriaWrapEngine(); + case WrapAlgorithm.ARIAWRAPPAD: + return new AriaWrapPadEngine(); case WrapAlgorithm.CAMELLIARFC3211WRAP: return new Rfc3211WrapEngine(new CamelliaEngine()); case WrapAlgorithm.CAMELLIAWRAP: |