summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/cms/CMSEnvelopedGenerator.cs14
-rw-r--r--crypto/src/cms/CMSUtils.cs45
-rw-r--r--crypto/src/security/AgreementUtilities.cs43
-rw-r--r--crypto/src/security/GeneratorUtilities.cs12
4 files changed, 102 insertions, 12 deletions
diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs
index a0c73be67..bd5eaa84f 100644
--- a/crypto/src/cms/CMSEnvelopedGenerator.cs
+++ b/crypto/src/cms/CMSEnvelopedGenerator.cs
@@ -112,12 +112,24 @@ namespace Org.BouncyCastle.Cms
         public static readonly string Gost28147Wrap     = CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap.Id;
 		public static readonly string Gost28147CryptoProWrap = CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.Id;
 
-        public static readonly string ECCDHSha1Kdf      = X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id;
         public static readonly string ECDHSha1Kdf       = X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme.Id;
+        public static readonly string ECCDHSha1Kdf      = X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id;
         public static readonly string ECMqvSha1Kdf      = X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Id;
+
+        public static readonly string ECDHSha224Kdf     = SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme.Id;
+        public static readonly string ECCDHSha224Kdf    = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme.Id;
         public static readonly string ECMqvSha224Kdf    = SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme.Id;
+
+        public static readonly string ECDHSha256Kdf     = SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme.Id;
+        public static readonly string ECCDHSha256Kdf    = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme.Id;
         public static readonly string ECMqvSha256Kdf    = SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme.Id;
+
+        public static readonly string ECDHSha384Kdf     = SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme.Id;
+        public static readonly string ECCDHSha384Kdf    = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme.Id;
         public static readonly string ECMqvSha384Kdf    = SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme.Id;
+
+        public static readonly string ECDHSha512Kdf     = SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme.Id;
+        public static readonly string ECCDHSha512Kdf    = SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme.Id;
         public static readonly string ECMqvSha512Kdf    = SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme.Id;
 
 		internal readonly IList<RecipientInfoGenerator> recipientInfoGenerators = new List<RecipientInfoGenerator>();
diff --git a/crypto/src/cms/CMSUtils.cs b/crypto/src/cms/CMSUtils.cs
index 7cf0d6153..de38f9ad3 100644
--- a/crypto/src/cms/CMSUtils.cs
+++ b/crypto/src/cms/CMSUtils.cs
@@ -4,7 +4,9 @@ using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cms;
+using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.Ocsp;
+using Org.BouncyCastle.Asn1.Rosstandart;
 using Org.BouncyCastle.Asn1.Sec;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
@@ -20,7 +22,41 @@ namespace Org.BouncyCastle.Cms
 		// TODO Is there a .NET equivalent to this?
 //		private static readonly Runtime RUNTIME = Runtime.getRuntime();
 
-		internal static int MaximumMemory
+        private static readonly HashSet<DerObjectIdentifier> ECAlgorithms = new HashSet<DerObjectIdentifier>();
+        private static readonly HashSet<DerObjectIdentifier> GostAlgorithms = new HashSet<DerObjectIdentifier>();
+        private static readonly HashSet<DerObjectIdentifier> MqvAlgorithms = new HashSet<DerObjectIdentifier>();
+
+		static CmsUtilities()
+		{
+            ECAlgorithms.Add(X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme);
+            ECAlgorithms.Add(X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme);
+            ECAlgorithms.Add(SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme);
+
+            GostAlgorithms.Add(CryptoProObjectIdentifiers.GostR3410x2001CryptoProESDH);
+            GostAlgorithms.Add(RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_256);
+            GostAlgorithms.Add(RosstandartObjectIdentifiers.id_tc26_agreement_gost_3410_12_512);
+
+            MqvAlgorithms.Add(X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme);
+            MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme);
+            MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme);
+            MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme);
+            MqvAlgorithms.Add(SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme);
+        }
+
+        internal static bool IsEC(DerObjectIdentifier oid) => ECAlgorithms.Contains(oid);
+
+        internal static bool IsGost(DerObjectIdentifier oid) => GostAlgorithms.Contains(oid);
+
+        internal static bool IsMqv(DerObjectIdentifier oid) => MqvAlgorithms.Contains(oid);
+
+        internal static int MaximumMemory
 		{
 			get
 			{
@@ -234,12 +270,5 @@ namespace Org.BouncyCastle.Cms
                     throw new ArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
             }
         }
-
-		internal static bool IsMqv(DerObjectIdentifier oid) =>
-			X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Equals(oid) ||
-			SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme.Equals(oid) ||
-			SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme.Equals(oid) ||
-			SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme.Equals(oid) ||
-			SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme.Equals(oid);
     }
 }
diff --git a/crypto/src/security/AgreementUtilities.cs b/crypto/src/security/AgreementUtilities.cs
index 41dcb7435..8f1df4c89 100644
--- a/crypto/src/security/AgreementUtilities.cs
+++ b/crypto/src/security/AgreementUtilities.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.EdEC;
+using Org.BouncyCastle.Asn1.Sec;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Agreement;
@@ -22,10 +23,26 @@ namespace Org.BouncyCastle.Security
 
         static AgreementUtilities()
 		{
-            AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF";
             AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme] = "ECDHWITHSHA1KDF";
+            AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF";
             AlgorithmOidMap[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme] = "ECMQVWITHSHA1KDF";
 
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme] = "ECDHWITHSHA224KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme] = "ECCDHWITHSHA224KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha224kdf_scheme] = "ECMQVWITHSHA224KDF";
+
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme] = "ECDHWITHSHA256KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme] = "ECCDHWITHSHA256KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha256kdf_scheme] = "ECMQVWITHSHA256KDF";
+
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme] = "ECDHWITHSHA384KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme] = "ECCDHWITHSHA384KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha384kdf_scheme] = "ECMQVWITHSHA384KDF";
+
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme] = "ECDHWITHSHA512KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme] = "ECCDHWITHSHA512KDF";
+            AlgorithmOidMap[SecObjectIdentifiers.mqvSinglePass_sha512kdf_scheme] = "ECMQVWITHSHA512KDF";
+
             AlgorithmOidMap[EdECObjectIdentifiers.id_X25519] = "X25519";
             AlgorithmOidMap[EdECObjectIdentifiers.id_X448] = "X448";
 
@@ -152,12 +169,36 @@ namespace Org.BouncyCastle.Security
             // 'DHWITHSHA1KDF' retained for backward compatibility
             if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF")
                 return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "ECDHWITHSHA224KDF")
+                return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest()));
+            if (mechanism == "ECDHWITHSHA256KDF")
+                return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest()));
+            if (mechanism == "ECDHWITHSHA384KDF")
+                return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest()));
+            if (mechanism == "ECDHWITHSHA512KDF")
+                return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest()));
 
             if (mechanism == "ECCDHWITHSHA1KDF")
                 return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "ECCDHWITHSHA224KDF")
+                return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest()));
+            if (mechanism == "ECCDHWITHSHA256KDF")
+                return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest()));
+            if (mechanism == "ECCDHWITHSHA384KDF")
+                return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest()));
+            if (mechanism == "ECCDHWITHSHA512KDF")
+                return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest()));
 
             if (mechanism == "ECMQVWITHSHA1KDF")
                 return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "ECMQVWITHSHA224KDF")
+                return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha224Digest()));
+            if (mechanism == "ECMQVWITHSHA256KDF")
+                return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha256Digest()));
+            if (mechanism == "ECMQVWITHSHA384KDF")
+                return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha384Digest()));
+            if (mechanism == "ECMQVWITHSHA512KDF")
+                return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha512Digest()));
 
             return null;
         }
diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs
index e22fbd139..bed981739 100644
--- a/crypto/src/security/GeneratorUtilities.cs
+++ b/crypto/src/security/GeneratorUtilities.cs
@@ -227,8 +227,16 @@ namespace Org.BouncyCastle.Security
                 "DIFFIEHELLMAN");
             AddKpgAlgorithm("DSA");
             AddKpgAlgorithm("EC",
-                // TODO Should this be an alias for ECDH?
-                X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme);
+                X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme,
+                SecObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme,
+                SecObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme,
+                SecObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme,
+                SecObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme,
+                X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme,
+                SecObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme,
+                SecObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme,
+                SecObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme,
+                SecObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme);
             AddKpgAlgorithm("ECDH",
                 "ECIES");
             AddKpgAlgorithm("ECDHC");