diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs
index a0c73be67..bd5eaa84f 100644
--- a/crypto/src/cms/CMSEnvelopedGenerator.cs
+++ b/crypto/src/cms/CMSEnvelopedGenerator.cs
@@ -112,12 +112,24 @@ namespace Org.BouncyCastle.Cms
public static readonly string Gost28147Wrap = CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap.Id;
public static readonly string Gost28147CryptoProWrap = CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.Id;
- public static readonly string ECCDHSha1Kdf = X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id;
public static readonly string ECDHSha1Kdf = X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme.Id;
+ public static readonly string ECCDHSha1Kdf = X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id;
public static readonly string ECMqvSha1Kdf = X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Id;
+
+ public static readonly string ECDHSha224Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme.Id;
+ public static readonly string ECCDHSha224Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme.Id;
public static readonly string ECMqvSha224Kdf = SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme.Id;
+
+ public static readonly string ECDHSha256Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme.Id;
+ public static readonly string ECCDHSha256Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme.Id;
public static readonly string ECMqvSha256Kdf = SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme.Id;
+
+ public static readonly string ECDHSha384Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme.Id;
+ public static readonly string ECCDHSha384Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme.Id;
public static readonly string ECMqvSha384Kdf = SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme.Id;
+
+ public static readonly string ECDHSha512Kdf = SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme.Id;
+ public static readonly string ECCDHSha512Kdf = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme.Id;
public static readonly string ECMqvSha512Kdf = SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme.Id;
internal readonly IList<RecipientInfoGenerator> recipientInfoGenerators = new List<RecipientInfoGenerator>();
diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs
index 7cf0d6153..de38f9ad3 100644
--- a/crypto/src/cms/CMSUtils.cs
+++ b/crypto/src/cms/CMSUtils.cs
@@ -4,7 +4,9 @@ using System.IO;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Cms;
+using Org.BouncyCastle.Asn1.CryptoPro;
using Org.BouncyCastle.Asn1.Ocsp;
+using Org.BouncyCastle.Asn1.Rosstandart;
using Org.BouncyCastle.Asn1.Sec;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1.X9;
@@ -20,7 +22,41 @@ namespace Org.BouncyCastle.Cms
// TODO Is there a .NET equivalent to this?
// private static readonly Runtime RUNTIME = Runtime.getRuntime();
- internal static int MaximumMemory
+ private static readonly HashSet<DerObjectIdentifier> ECAlgorithms = new HashSet<DerObjectIdentifier>();
+ private static readonly HashSet<DerObjectIdentifier> GostAlgorithms = new HashSet<DerObjectIdentifier>();
+ private static readonly HashSet<DerObjectIdentifier> MqvAlgorithms = new HashSet<DerObjectIdentifier>();
+
+ static CmsUtilities()
+ {
+ ECAlgorithms.Add(X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme);
+ ECAlgorithms.Add(X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme);
+ ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme);
+
+ GostAlgorithms.Add(CryptoProObjectIdentifiers.GostR3410x2001CryptoProESDH);
+ GostAlgorithms.Add(RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_256);
+ GostAlgorithms.Add(RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_512);
+
+ MqvAlgorithms.Add(X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme);
+ MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme);
+ MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme);
+ MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme);
+ MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme);
+ }
+
+ internal static bool IsEC(DerObjectIdentifier oid) => ECAlgorithms.Contains(oid);
+
+ internal static bool IsGost(DerObjectIdentifier oid) => GostAlgorithms.Contains(oid);
+
+ internal static bool IsMqv(DerObjectIdentifier oid) => MqvAlgorithms.Contains(oid);
+
+ internal static int MaximumMemory
{
get
{
@@ -234,12 +270,5 @@ namespace Org.BouncyCastle.Cms
throw new ArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
}
}
-
- internal static bool IsMqv(DerObjectIdentifier oid) =>
- X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Equals(oid) ||
- SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme.Equals(oid) ||
- SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme.Equals(oid) ||
- SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme.Equals(oid) ||
- SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme.Equals(oid);
}
}
diff --git a/crypto/src/security/AgreementUtilities.cs b/crypto/src/security/AgreementUtilities.cs
index 41dcb7435..8f1df4c89 100644
--- a/crypto/src/security/AgreementUtilities.cs
+++ b/crypto/src/security/AgreementUtilities.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.EdEC;
+using Org.BouncyCastle.Asn1.Sec;
using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Agreement;
@@ -22,10 +23,26 @@ namespace Org.BouncyCastle.Security
static AgreementUtilities()
{
- AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF";
AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme] = "ECDHWITHSHA1KDF";
+ AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF";
AlgorithmOidMap[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme] = "ECMQVWITHSHA1KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme] = "ECDHWITHSHA224KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme] = "ECCDHWITHSHA224KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme] = "ECMQVWITHSHA224KDF";
+
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme] = "ECDHWITHSHA256KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme] = "ECCDHWITHSHA256KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme] = "ECMQVWITHSHA256KDF";
+
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme] = "ECDHWITHSHA384KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme] = "ECCDHWITHSHA384KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme] = "ECMQVWITHSHA384KDF";
+
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme] = "ECDHWITHSHA512KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme] = "ECCDHWITHSHA512KDF";
+ AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme] = "ECMQVWITHSHA512KDF";
+
AlgorithmOidMap[EdECObjectIdentifiers.id_X25519] = "X25519";
AlgorithmOidMap[EdECObjectIdentifiers.id_X448] = "X448";
@@ -152,12 +169,36 @@ namespace Org.BouncyCastle.Security
// 'DHWITHSHA1KDF' retained for backward compatibility
if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF")
return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+ if (mechanism == "ECDHWITHSHA224KDF")
+ return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest()));
+ if (mechanism == "ECDHWITHSHA256KDF")
+ return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest()));
+ if (mechanism == "ECDHWITHSHA384KDF")
+ return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest()));
+ if (mechanism == "ECDHWITHSHA512KDF")
+ return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest()));
if (mechanism == "ECCDHWITHSHA1KDF")
return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+ if (mechanism == "ECCDHWITHSHA224KDF")
+ return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest()));
+ if (mechanism == "ECCDHWITHSHA256KDF")
+ return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest()));
+ if (mechanism == "ECCDHWITHSHA384KDF")
+ return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest()));
+ if (mechanism == "ECCDHWITHSHA512KDF")
+ return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest()));
if (mechanism == "ECMQVWITHSHA1KDF")
return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+ if (mechanism == "ECMQVWITHSHA224KDF")
+ return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest()));
+ if (mechanism == "ECMQVWITHSHA256KDF")
+ return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest()));
+ if (mechanism == "ECMQVWITHSHA384KDF")
+ return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest()));
+ if (mechanism == "ECMQVWITHSHA512KDF")
+ return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest()));
return null;
}
diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs
index e22fbd139..bed981739 100644
--- a/crypto/src/security/GeneratorUtilities.cs
+++ b/crypto/src/security/GeneratorUtilities.cs
@@ -227,8 +227,16 @@ namespace Org.BouncyCastle.Security
"DIFFIEHELLMAN");
AddKpgAlgorithm("DSA");
AddKpgAlgorithm("EC",
- // TODO Should this be an alias for ECDH?
- X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme);
+ X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme,
+ SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme,
+ SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme,
+ SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme,
+ SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme,
+ X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme,
+ SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme,
+ SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme,
+ SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme,
+ SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme);
AddKpgAlgorithm("ECDH",
"ECIES");
AddKpgAlgorithm("ECDHC");
|
