Reconcile with gingerbread-release gingerbread-mr4-release honeycomb-LTE-release
Change-Id: I320527540fdce2e199519850517b765fee6724e5
diff --git a/Android.mk b/Android.mk
index d67dd89..9d162fb 100644
--- a/Android.mk
+++ b/Android.mk
@@ -24,6 +24,7 @@
LOCAL_JAVACFLAGS := -encoding UTF-8
LOCAL_JAVA_LIBRARIES := core
LOCAL_NO_STANDARD_LIBRARIES := true
+LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
include $(BUILD_JAVA_LIBRARY)
# This is used to generate a list of what is unused so it can be removed when bouncycastle is updated.
@@ -76,5 +77,6 @@
LOCAL_NO_STANDARD_LIBRARIES := true
LOCAL_BUILD_HOST_DEX := true
LOCAL_MODULE_TAGS := optional
+ LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
include $(BUILD_HOST_JAVA_LIBRARY)
endif
diff --git a/NOTICE b/NOTICE
index 9c07f83..d2e4437 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,22 +1,16 @@
-<html>
-<body bgcolor=#ffffff>
+Copyright (c) 2000-2010 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
-Copyright (c) 2000-2009 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
-<p>
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software
-and associated documentation files (the "Software"), to deal in the Software without restriction,
-including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
-<p>
+
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
-<p>
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
-PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-</body>
-</html>
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.android b/README.android
index 4e041ed..fe40d40 100644
--- a/README.android
+++ b/README.android
@@ -12,13 +12,14 @@
1) Retrieve the appropriate version of the Bouncy Castle source from
www.bouncycastle.org/latest_releases.html (in bcprov-jdk*-*.tar.gz
- file). Check the checksum (found at bouncycastle.org/checksums.html) with:
+ file). Check the checksum (found at http://bouncycastle.org/checksums.html) with:
md5sum bcprov-jdk*-*.tar.gz
sha1sum bcprov-jdk*-*.tar.gz
2) Update the variables in bouncycastle.config and bouncycastle.version as appropriate.
At the very least you will need to update the bouncycastle.version.
+ Similarly update ThirdPartyProject.prop.
3) Run:
diff --git a/ThirdPartyProject.prop b/ThirdPartyProject.prop
index 38a8176..fc91c28 100644
--- a/ThirdPartyProject.prop
+++ b/ThirdPartyProject.prop
@@ -1,7 +1,7 @@
# Copyright 2010 Google Inc. All Rights Reserved.
#Fri Jul 16 10:03:08 PDT 2010
-currentVersion=bcprov-jdk16-145
-version=bcprov-jdk16-145
+currentVersion=bcprov-jdk16-146
+version=bcprov-jdk16-146
isNative=false
feedurl=http\://www.bouncycastle.org/releasenotes.html
name=bouncy_castle
diff --git a/bouncycastle.config b/bouncycastle.config
index 42ca610..bcc47ee 100644
--- a/bouncycastle.config
+++ b/bouncycastle.config
@@ -13,14 +13,13 @@
org/bouncycastle/asn1/mozilla \
org/bouncycastle/asn1/ntt \
org/bouncycastle/asn1/ocsp \
-org/bouncycastle/asn1/sec \
org/bouncycastle/asn1/smime \
org/bouncycastle/asn1/test \
org/bouncycastle/asn1/tsp \
-org/bouncycastle/asn1/x500 \
org/bouncycastle/asn1/x509/qualified \
org/bouncycastle/asn1/x509/sigi \
org/bouncycastle/bcpg \
+org/bouncycastle/cert \
org/bouncycastle/cms \
org/bouncycastle/crypto/agreement/kdf \
org/bouncycastle/crypto/agreement/srp \
@@ -30,15 +29,14 @@
org/bouncycastle/crypto/tls/ \
org/bouncycastle/i18n/ \
org/bouncycastle/jce/examples \
-org/bouncycastle/jce/provider/asymmetric/ \
org/bouncycastle/jce/provider/test \
org/bouncycastle/mail \
-org/bouncycastle/math \
org/bouncycastle/mozilla \
org/bouncycastle/ocsp \
org/bouncycastle/openpgp \
org/bouncycastle/openssl/test \
-org/bouncycastle/sasn1 \
+org/bouncycastle/operator \
+org/bouncycastle/pkcs \
org/bouncycastle/tsp \
org/bouncycastle/util/encoders/test \
org/bouncycastle/util/test \
@@ -49,6 +47,7 @@
# files
UNNEEDED_SOURCES+=" \
org/bouncycastle/LICENSE.java \
+org/bouncycastle/asn1/ASN1Boolean.java \
org/bouncycastle/asn1/ASN1Generator.java \
org/bouncycastle/asn1/BERGenerator.java \
org/bouncycastle/asn1/BERNull.java \
@@ -58,11 +57,13 @@
org/bouncycastle/asn1/DERSequenceGenerator.java \
org/bouncycastle/asn1/cms/Attribute.java \
org/bouncycastle/asn1/cms/AttributeTable.java \
+org/bouncycastle/asn1/cms/Attributes.java \
org/bouncycastle/asn1/cms/AuthEnvelopedData.java \
org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java \
org/bouncycastle/asn1/cms/AuthenticatedData.java \
org/bouncycastle/asn1/cms/AuthenticatedDataParser.java \
org/bouncycastle/asn1/cms/CMSAttributes.java \
+org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java \
org/bouncycastle/asn1/cms/CompressedData.java \
org/bouncycastle/asn1/cms/CompressedDataParser.java \
org/bouncycastle/asn1/cms/ContentInfoParser.java \
@@ -71,12 +72,14 @@
org/bouncycastle/asn1/cms/EncryptedData.java \
org/bouncycastle/asn1/cms/EnvelopedData.java \
org/bouncycastle/asn1/cms/EnvelopedDataParser.java \
+org/bouncycastle/asn1/cms/Evidence.java \
org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java \
org/bouncycastle/asn1/cms/KEKIdentifier.java \
org/bouncycastle/asn1/cms/KEKRecipientInfo.java \
org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.java \
org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java \
org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java \
+org/bouncycastle/asn1/cms/MetaData.java \
org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java \
org/bouncycastle/asn1/cms/OriginatorInfo.java \
org/bouncycastle/asn1/cms/OriginatorPublicKey.java \
@@ -92,6 +95,10 @@
org/bouncycastle/asn1/cms/SignerIdentifier.java \
org/bouncycastle/asn1/cms/SignerInfo.java \
org/bouncycastle/asn1/cms/Time.java \
+org/bouncycastle/asn1/cms/TimeStampAndCRL.java \
+org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java \
+org/bouncycastle/asn1/cms/TimeStampedData.java \
+org/bouncycastle/asn1/cms/TimeStampedDataParser.java \
org/bouncycastle/asn1/cms/package.html \
org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java \
org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.java \
@@ -114,7 +121,6 @@
org/bouncycastle/asn1/misc/CAST5CBCParameters.java \
org/bouncycastle/asn1/misc/IDEACBCPar.java \
org/bouncycastle/asn1/misc/package.html \
-org/bouncycastle/asn1/nist/NISTNamedCurves.java \
org/bouncycastle/asn1/nist/package.html \
org/bouncycastle/asn1/oiw/ElGamalParameter.java \
org/bouncycastle/asn1/oiw/package.html \
@@ -123,6 +129,7 @@
org/bouncycastle/asn1/pkcs/RC2CBCParameter.java \
org/bouncycastle/asn1/pkcs/SignerInfo.java \
org/bouncycastle/asn1/pkcs/package.html \
+org/bouncycastle/asn1/sec/package.html \
org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java \
org/bouncycastle/asn1/teletrust/package.html \
org/bouncycastle/asn1/util/DERDump.java \
@@ -152,20 +159,10 @@
org/bouncycastle/asn1/x509/package.html \
org/bouncycastle/asn1/x9/KeySpecificInfo.java \
org/bouncycastle/asn1/x9/OtherInfo.java \
-org/bouncycastle/asn1/x9/X962NamedCurves.java \
-org/bouncycastle/asn1/x9/X962Parameters.java \
-org/bouncycastle/asn1/x9/X9Curve.java \
-org/bouncycastle/asn1/x9/X9ECParameters.java \
-org/bouncycastle/asn1/x9/X9ECParametersHolder.java \
-org/bouncycastle/asn1/x9/X9ECPoint.java \
-org/bouncycastle/asn1/x9/X9FieldElement.java \
-org/bouncycastle/asn1/x9/X9FieldID.java \
-org/bouncycastle/asn1/x9/X9IntegerConverter.java \
org/bouncycastle/asn1/x9/package.html \
org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java \
org/bouncycastle/crypto/MaxBytesExceededException.java \
org/bouncycastle/crypto/agreement/DHAgreement.java \
-org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java \
org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java \
org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java \
org/bouncycastle/crypto/agreement/package.html \
@@ -220,7 +217,6 @@
org/bouncycastle/crypto/engines/package.html \
org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java \
org/bouncycastle/crypto/generators/DHKeyPairGenerator.java \
-org/bouncycastle/crypto/generators/ECKeyPairGenerator.java \
org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java \
org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java \
org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java \
@@ -236,25 +232,25 @@
org/bouncycastle/crypto/io/package.html \
org/bouncycastle/crypto/macs/BlockCipherMac.java \
org/bouncycastle/crypto/macs/CFBBlockCipherMac.java \
+org/bouncycastle/crypto/macs/CMac.java \
org/bouncycastle/crypto/macs/GOST28147Mac.java \
org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java \
org/bouncycastle/crypto/macs/OldHMac.java \
org/bouncycastle/crypto/macs/VMPCMac.java \
org/bouncycastle/crypto/macs/package.html \
+org/bouncycastle/crypto/modes/EAXBlockCipher.java \
org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java \
org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java \
org/bouncycastle/crypto/modes/PaddedBlockCipher.java \
+org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.java \
org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java \
+org/bouncycastle/crypto/modes/gcm/GCMExponentiator.java \
+org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.java \
org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java \
org/bouncycastle/crypto/modes/package.html \
org/bouncycastle/crypto/package.html \
org/bouncycastle/crypto/paddings/package.html \
org/bouncycastle/crypto/params/CCMParameters.java \
-org/bouncycastle/crypto/params/ECDomainParameters.java \
-org/bouncycastle/crypto/params/ECKeyGenerationParameters.java \
-org/bouncycastle/crypto/params/ECKeyParameters.java \
-org/bouncycastle/crypto/params/ECPrivateKeyParameters.java \
-org/bouncycastle/crypto/params/ECPublicKeyParameters.java \
org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java \
org/bouncycastle/crypto/params/ElGamalKeyParameters.java \
org/bouncycastle/crypto/params/ElGamalParameters.java \
@@ -282,7 +278,6 @@
org/bouncycastle/crypto/params/RSABlindingParameters.java \
org/bouncycastle/crypto/params/package.html \
org/bouncycastle/crypto/signers/DSADigestSigner.java \
-org/bouncycastle/crypto/signers/ECDSASigner.java \
org/bouncycastle/crypto/signers/ECGOST3410Signer.java \
org/bouncycastle/crypto/signers/ECNRSigner.java \
org/bouncycastle/crypto/signers/GOST3410Signer.java \
@@ -294,21 +289,13 @@
org/bouncycastle/crypto/util/package.html \
org/bouncycastle/jce/ECGOST3410NamedCurveTable.java \
org/bouncycastle/jce/ECKeyUtil.java \
-org/bouncycastle/jce/ECNamedCurveTable.java \
org/bouncycastle/jce/ECPointUtil.java \
org/bouncycastle/jce/MultiCertStoreParameters.java \
-org/bouncycastle/jce/PKCS7SignedData.java \
+org/bouncycastle/jce/PKCS12Util.java \
org/bouncycastle/jce/X509KeyUsage.java \
org/bouncycastle/jce/X509LDAPCertStoreParameters.java \
-org/bouncycastle/jce/X509V1CertificateGenerator.java \
-org/bouncycastle/jce/X509V2CRLGenerator.java \
-org/bouncycastle/jce/X509V3CertificateGenerator.java \
org/bouncycastle/jce/exception/ExtCertificateEncodingException.java \
org/bouncycastle/jce/exception/ExtIOException.java \
-org/bouncycastle/jce/interfaces/ECKey.java \
-org/bouncycastle/jce/interfaces/ECPointEncoder.java \
-org/bouncycastle/jce/interfaces/ECPrivateKey.java \
-org/bouncycastle/jce/interfaces/ECPublicKey.java \
org/bouncycastle/jce/interfaces/ElGamalKey.java \
org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java \
org/bouncycastle/jce/interfaces/ElGamalPublicKey.java \
@@ -324,12 +311,8 @@
org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java \
org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java \
org/bouncycastle/jce/provider/BrokenPBE.java \
-org/bouncycastle/jce/provider/DSABase.java \
-org/bouncycastle/jce/provider/DSAEncoder.java \
org/bouncycastle/jce/provider/ElGamalUtil.java \
org/bouncycastle/jce/provider/GOST3410Util.java \
-org/bouncycastle/jce/provider/JCEECPrivateKey.java \
-org/bouncycastle/jce/provider/JCEECPublicKey.java \
org/bouncycastle/jce/provider/JCEElGamalCipher.java \
org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java \
org/bouncycastle/jce/provider/JCEElGamalPublicKey.java \
@@ -358,25 +341,26 @@
org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java \
org/bouncycastle/jce/provider/X509StoreLDAPCerts.java \
org/bouncycastle/jce/provider/symmetric/CAST5.java \
-org/bouncycastle/jce/provider/symmetric/CAST5Mappings.java \
+org/bouncycastle/jce/provider/symmetric/CAST6.java \
org/bouncycastle/jce/provider/symmetric/Camellia.java \
-org/bouncycastle/jce/provider/symmetric/CamelliaMappings.java \
org/bouncycastle/jce/provider/symmetric/Grain128.java \
-org/bouncycastle/jce/provider/symmetric/Grain128Mappings.java \
org/bouncycastle/jce/provider/symmetric/Grainv1.java \
-org/bouncycastle/jce/provider/symmetric/Grainv1Mappings.java \
+org/bouncycastle/jce/provider/symmetric/HC128.java \
+org/bouncycastle/jce/provider/symmetric/HC256.java \
org/bouncycastle/jce/provider/symmetric/IDEA.java \
-org/bouncycastle/jce/provider/symmetric/IDEAMappings.java \
org/bouncycastle/jce/provider/symmetric/Noekeon.java \
-org/bouncycastle/jce/provider/symmetric/NoekeonMappings.java \
+org/bouncycastle/jce/provider/symmetric/RC5.java \
+org/bouncycastle/jce/provider/symmetric/RC6.java \
+org/bouncycastle/jce/provider/symmetric/Rijndael.java \
org/bouncycastle/jce/provider/symmetric/SEED.java \
-org/bouncycastle/jce/provider/symmetric/SEEDMappings.java \
-org/bouncycastle/jce/spec/ECKeySpec.java \
-org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java \
-org/bouncycastle/jce/spec/ECNamedCurveSpec.java \
-org/bouncycastle/jce/spec/ECParameterSpec.java \
-org/bouncycastle/jce/spec/ECPrivateKeySpec.java \
-org/bouncycastle/jce/spec/ECPublicKeySpec.java \
+org/bouncycastle/jce/provider/symmetric/Salsa20.java \
+org/bouncycastle/jce/provider/symmetric/Serpent.java \
+org/bouncycastle/jce/provider/symmetric/Skipjack.java \
+org/bouncycastle/jce/provider/symmetric/TEA.java \
+org/bouncycastle/jce/provider/symmetric/Twofish.java \
+org/bouncycastle/jce/provider/symmetric/VMPC.java \
+org/bouncycastle/jce/provider/symmetric/VMPCKSA3.java \
+org/bouncycastle/jce/provider/symmetric/XTEA.java \
org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java \
org/bouncycastle/jce/spec/ElGamalKeySpec.java \
org/bouncycastle/jce/spec/ElGamalParameterSpec.java \
@@ -392,10 +376,10 @@
org/bouncycastle/jce/spec/MQVPrivateKeySpec.java \
org/bouncycastle/jce/spec/MQVPublicKeySpec.java \
org/bouncycastle/jce/spec/package.html \
-org/bouncycastle/openssl/PEMException.java \
-org/bouncycastle/openssl/PEMReader.java \
-org/bouncycastle/openssl/PasswordException.java \
-org/bouncycastle/openssl/PasswordFinder.java \
+org/bouncycastle/math/ec/ReferenceMultiplier.java \
+org/bouncycastle/math/ec/package.html \
+org/bouncycastle/math/ec/test \
+org/bouncycastle/openssl/PKCS8Generator.java \
org/bouncycastle/openssl/package.html \
org/bouncycastle/util/AllTests.java \
org/bouncycastle/util/CollectionStore.java \
@@ -409,6 +393,9 @@
org/bouncycastle/util/encoders/UrlBase64.java \
org/bouncycastle/util/encoders/UrlBase64Encoder.java \
org/bouncycastle/util/encoders/package.html \
+org/bouncycastle/util/io/TeeInputStream.java \
+org/bouncycastle/util/io/TeeOutputStream.java \
+org/bouncycastle/util/io/pem/AllTests.java \
org/bouncycastle/x509/CertPathReviewerException.java \
org/bouncycastle/x509/CertPathReviewerMessages_de.properties \
org/bouncycastle/x509/NoSuchParserException.java \
diff --git a/bouncycastle.version b/bouncycastle.version
index 4f5851f..281f7f5 100644
--- a/bouncycastle.version
+++ b/bouncycastle.version
@@ -1,2 +1,2 @@
BOUNCYCASTLE_JDK=16
-BOUNCYCASTLE_VERSION=145
+BOUNCYCASTLE_VERSION=146
diff --git a/import_bouncycastle.sh b/import_bouncycastle.sh
index 2271dc0..297efef 100755
--- a/import_bouncycastle.sh
+++ b/import_bouncycastle.sh
@@ -104,7 +104,7 @@
cd $BOUNCYCASTLE_DIR
- cp -f LICENSE.html ../NOTICE
+ sed 's/<p>/& <BR>/g' LICENSE.html | html2text -width 102 -nobs -ascii > ../NOTICE
touch ../MODULE_LICENSE_BSD_LIKE
cd ..
diff --git a/jarjar-rules.txt b/jarjar-rules.txt
new file mode 100644
index 0000000..2f40de1
--- /dev/null
+++ b/jarjar-rules.txt
@@ -0,0 +1 @@
+rule org.bouncycastle.** com.android.@0
diff --git a/patches/README b/patches/README
index 7b4b872..d56a5d8 100644
--- a/patches/README
+++ b/patches/README
@@ -12,27 +12,28 @@
- MD2
- RC2
-Other performance (both speed and memory) changes:
+Other performance (both speed and memory) and correctness changes:
- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
+- removed use of Boolean constructor
- DERPrintableString interns its internal String values
- DERObjectIdentifier interns its internal String indentifer value
- changed uses of 'new Integer' to 'Integer.valueOf'
-- Added X509NameElementList to reduce small Vector allocation for X509Name key/value operations
-- Replaced X509Extensions hash/vector with new OrderedTable instance to cut down on memory allocation
-- PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation
- X509CertificateObject.getEncoded caches its result
-- Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor
-- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi
-- Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation
- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
- OpenSSLDigest uses NativeCrypto JNI API
- KeyStoreSpis made more tolerant of non-existant and null aliases
- PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
- Make PKCS12 KeyStore tolerate setting with an empty certificate chain
+- Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo
+- Make BouncyCastleProvider.PROVIDER_NAME final
- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
+- Added DSA support to JDKKeyManager.engineGetKeySpec
Other security changes:
-- blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
-- blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
+- Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
+- Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
+
+Other changes:
+- Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
diff --git a/patches/android.patch b/patches/android.patch
index f18dcab..452ec68 100644
--- a/patches/android.patch
+++ b/patches/android.patch
@@ -1,322 +1,20 @@
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java 2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,298 @@
-+package org.bouncycastle.asn1;
-+
-+import java.io.ByteArrayOutputStream;
-+import java.io.IOException;
-+import java.util.Enumeration;
-+import java.util.ConcurrentModificationException;
-+
-+// BEGIN android-note
-+/*
-+ * This is a new class that was synthesized from ASN1Sequence and
-+ * ASN1Set, but with extra smarts about efficiently storing its
-+ * elements.
-+ */
-+// END android-note
-+
-+/**
-+ * Base class for collection-like <code>DERObject</code>s. Instances
-+ * of this class will keep up to four elements directly, resorting to
-+ * an external collection only if more elements than that need to be
-+ * stored.
-+ */
-+public abstract class ASN1Collection
-+ extends ASN1Object
-+{
-+ /** >= 0; size of the collection */
-+ private int size;
-+
-+ /** null-ok; element #0 */
-+ private DEREncodable obj0;
-+
-+ /** null-ok; element #1 */
-+ private DEREncodable obj1;
-+
-+ /** null-ok; element #2 */
-+ private DEREncodable obj2;
-+
-+ /** null-ok; element #3 */
-+ private DEREncodable obj3;
-+
-+ /** null-ok; elements #4 and higher */
-+ private DEREncodable[] rest;
-+
-+ /**
-+ * Returns the object at the postion indicated by index.
-+ *
-+ * @param index the index (starting at zero) of the object
-+ * @return the object at the postion indicated by index
-+ */
-+ public DEREncodable getObjectAt(int index) {
-+ if ((index < 0) || (index >= size)) {
-+ throw new IndexOutOfBoundsException(Integer.toString(index));
-+ }
-+
-+ switch (index) {
-+ case 0: return obj0;
-+ case 1: return obj1;
-+ case 2: return obj2;
-+ case 3: return obj3;
-+ default: return rest[index - 4];
-+ }
-+ }
-+
-+ /**
-+ * Returns the number of objects in this instance.
-+ *
-+ * @return the number of objects in this instance
-+ */
-+ public int size() {
-+ return size;
-+ }
-+
-+ /** {@inheritDoc} */
-+ public final int hashCode() {
-+ Enumeration e = this.getObjects();
-+ int hashCode = 0;
-+
-+ while (e.hasMoreElements()) {
-+ Object o = e.nextElement();
-+
-+ if (o != null) {
-+ hashCode ^= o.hashCode();
-+ }
-+ }
-+
-+ return hashCode;
-+ }
-+
-+ /**
-+ * Adds a new element to this instance.
-+ *
-+ * @param obj non-null; the instance to add
-+ */
-+ protected void addObject(DEREncodable obj) {
-+ if (obj == null) {
-+ throw new NullPointerException("obj == null");
-+ }
-+
-+ int sz = size;
-+
-+ switch (sz) {
-+ case 0: obj0 = obj; break;
-+ case 1: obj1 = obj; break;
-+ case 2: obj2 = obj; break;
-+ case 3: obj3 = obj; break;
-+ case 4: {
-+ // Initial allocation of rest.
-+ rest = new DEREncodable[5];
-+ rest[0] = obj;
-+ break;
-+ }
-+ default: {
-+ int index = sz - 4;
-+ if (index >= rest.length) {
-+ // Grow rest.
-+ DEREncodable[] newRest = new DEREncodable[index * 2 + 10];
-+ System.arraycopy(rest, 0, newRest, 0, rest.length);
-+ rest = newRest;
-+ }
-+ rest[index] = obj;
-+ break;
-+ }
-+ }
-+
-+ size++;
-+ }
-+
-+ /**
-+ * Sets the element at a given index (used by {@link #sort}).
-+ *
-+ * @param obj non-null; the object to set
-+ * @param index >= 0; the index
-+ */
-+ private void setObjectAt(DEREncodable obj, int index) {
-+ switch (index) {
-+ case 0: obj0 = obj; break;
-+ case 1: obj1 = obj; break;
-+ case 2: obj2 = obj; break;
-+ case 3: obj3 = obj; break;
-+ default: {
-+ rest[index - 4] = obj;
-+ break;
-+ }
-+ }
-+ }
-+
-+ /**
-+ * Encodes this instance to the given stream.
-+ *
-+ * @param out non-null; stream to encode to
-+ */
-+ /*package*/ abstract void encode(DEROutputStream out) throws IOException;
-+
-+ /**
-+ * Gets an enumeration of all the objects in this collection.
-+ *
-+ * @return non-null; the enumeration
-+ */
-+ public Enumeration getObjects() {
-+ return new ASN1CollectionEnumeration();
-+ }
-+
-+ /**
-+ * Associated enumeration class.
-+ */
-+ private class ASN1CollectionEnumeration implements Enumeration {
-+ /** original size; used for modification detection */
-+ private final int origSize = size;
-+
-+ /** >= 0; current cursor */
-+ private int at = 0;
-+
-+ /** {@inheritDoc} */
-+ public boolean hasMoreElements() {
-+ if (size != origSize) {
-+ throw new ConcurrentModificationException();
-+ }
-+
-+ return at < origSize;
-+ }
-+
-+ /** {@inheritDoc} */
-+ public Object nextElement() {
-+ if (size != origSize) {
-+ throw new ConcurrentModificationException();
-+ }
-+
-+ switch (at++) {
-+ case 0: return obj0;
-+ case 1: return obj1;
-+ case 2: return obj2;
-+ case 3: return obj3;
-+ default: return rest[at - 5];
-+ }
-+ }
-+ }
-+
-+ /**
-+ * Sorts the elements in this instance.
-+ */
-+ protected void sort() {
-+ if (size <= 1) {
-+ return;
-+ }
-+
-+ boolean swapped = true;
-+
-+ // TODO: This is bubble sort. Probably not the best choice.
-+ while (swapped) {
-+ int index = 0;
-+ byte[] a = getEncoded(getObjectAt(0));
-+
-+ swapped = false;
-+
-+ while (index != size - 1) {
-+ int nextIndex = index + 1;
-+ byte[] b = getEncoded(getObjectAt(nextIndex));
-+
-+ if (lessThanOrEqual(a, b)) {
-+ a = b;
-+ } else {
-+ DEREncodable o = getObjectAt(index);
-+
-+ setObjectAt(getObjectAt(nextIndex), index);
-+ setObjectAt(o, nextIndex);
-+
-+ swapped = true;
-+ }
-+
-+ index++;
-+ }
-+ }
-+ }
-+
-+ /**
-+ * Returns true if a <= b (arrays are assumed padded with zeros).
-+ */
-+ private static boolean lessThanOrEqual(byte[] a, byte[] b) {
-+ if (a.length <= b.length) {
-+ for (int i = 0; i != a.length; i++) {
-+ int l = a[i] & 0xff;
-+ int r = b[i] & 0xff;
-+
-+ if (r > l) {
-+ return true;
-+ } else if (l > r) {
-+ return false;
-+ }
-+ }
-+
-+ return true;
-+ } else {
-+ for (int i = 0; i != b.length; i++) {
-+ int l = a[i] & 0xff;
-+ int r = b[i] & 0xff;
-+
-+ if (r > l) {
-+ return true;
-+ } else if (l > r) {
-+ return false;
-+ }
-+ }
-+
-+ return false;
-+ }
-+ }
-+
-+ /**
-+ * Gets the encoded form of an object.
-+ *
-+ * @param obj non-null; object to encode
-+ * @return non-null; the encoded form
-+ */
-+ private static byte[] getEncoded(DEREncodable obj) {
-+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
-+
-+ try {
-+ aOut.writeObject(obj);
-+ } catch (IOException e) {
-+ throw new IllegalArgumentException(
-+ "cannot encode object added to collection");
-+ }
-+
-+ return bOut.toByteArray();
-+ }
-+
-+ /** {@inheritDoc} */
-+ public final String toString() {
-+ StringBuilder sb = new StringBuilder();
-+ sb.append('[');
-+ for (int i = 0; i < size; i++) {
-+ if (i != 0) sb.append(", ");
-+ sb.append(getObjectAt(i));
-+ }
-+ sb.append(']');
-+ return sb.toString();
-+ }
-+}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java 2011-09-01 17:21:06.000000000 +0000
-@@ -348,7 +348,9 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java 2011-09-08 21:28:50.000000000 +0000
+@@ -363,7 +363,9 @@
case BMP_STRING:
return new DERBMPString(bytes);
case BOOLEAN:
-- return new DERBoolean(bytes);
+- return new ASN1Boolean(bytes);
+ // BEGIN android-changed
+ return DERBoolean.getInstance(bytes);
+ // END android-changed
case ENUMERATED:
- return new DEREnumerated(bytes);
+ return new ASN1Enumerated(bytes);
case GENERALIZED_TIME:
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java 2011-09-08 21:28:50.000000000 +0000
@@ -8,9 +8,11 @@
public abstract class ASN1Null
extends ASN1Object
@@ -330,522 +28,9 @@
public int hashCode()
{
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java 2011-09-01 17:21:06.000000000 +0000
-@@ -2,12 +2,20 @@
-
- import java.io.IOException;
- import java.util.Enumeration;
--import java.util.Vector;
-+// BEGIN android-removed
-+// import java.util.Vector;
-+// END android-removed
-+
-+// BEGIN android-note
-+// Changed inheritence of class.
-+// END android-note
-
- public abstract class ASN1Sequence
-- extends ASN1Object
-+ extends ASN1Collection
- {
-- private Vector seq = new Vector();
-+ // BEGIN android-removed
-+ // private Vector seq = new Vector();
-+ // END android-removed
-
- /**
- * return an ASN1Sequence from the given object.
-@@ -85,10 +93,12 @@
- throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
- }
-
-- public Enumeration getObjects()
-- {
-- return seq.elements();
-- }
-+ // BEGIN android-removed
-+ // public Enumeration getObjects()
-+ // {
-+ // return seq.elements();
-+ // }
-+ // END android-removed
-
- public ASN1SequenceParser parser()
- {
-@@ -127,45 +137,47 @@
- };
- }
-
-- /**
-- * return the object at the sequence position indicated by index.
-- *
-- * @param index the sequence number (starting at zero) of the object
-- * @return the object at the sequence position indicated by index.
-- */
-- public DEREncodable getObjectAt(
-- int index)
-- {
-- return (DEREncodable)seq.elementAt(index);
-- }
--
-- /**
-- * return the number of objects in this sequence.
-- *
-- * @return the number of objects in this sequence.
-- */
-- public int size()
-- {
-- return seq.size();
-- }
--
-- public int hashCode()
-- {
-- Enumeration e = this.getObjects();
-- int hashCode = size();
--
-- while (e.hasMoreElements())
-- {
-- Object o = e.nextElement();
-- hashCode *= 17;
-- if (o != null)
-- {
-- hashCode ^= o.hashCode();
-- }
-- }
--
-- return hashCode;
-- }
-+ // BEGIN android-removed
-+ // /**
-+ // * return the object at the sequence position indicated by index.
-+ // *
-+ // * @param index the sequence number (starting at zero) of the object
-+ // * @return the object at the sequence position indicated by index.
-+ // */
-+ // public DEREncodable getObjectAt(
-+ // int index)
-+ // {
-+ // return (DEREncodable)seq.elementAt(index);
-+ // }
-+ //
-+ // /**
-+ // * return the number of objects in this sequence.
-+ // *
-+ // * @return the number of objects in this sequence.
-+ // */
-+ // public int size()
-+ // {
-+ // return seq.size();
-+ // }
-+ //
-+ // public int hashCode()
-+ // {
-+ // Enumeration e = this.getObjects();
-+ // int hashCode = size();
-+ //
-+ // while (e.hasMoreElements())
-+ // {
-+ // Object o = e.nextElement();
-+ // hashCode *= 17;
-+ // if (o != null)
-+ // {
-+ // hashCode ^= o.hashCode();
-+ // }
-+ // }
-+ //
-+ // return hashCode;
-+ // }
-+ // END android-removed
-
- boolean asn1Equals(
- DERObject o)
-@@ -201,17 +213,19 @@
- return true;
- }
-
-- protected void addObject(
-- DEREncodable obj)
-- {
-- seq.addElement(obj);
-- }
--
-- abstract void encode(DEROutputStream out)
-- throws IOException;
--
-- public String toString()
-- {
-- return seq.toString();
-- }
-+ // BEGIN android-removed
-+ //protected void addObject(
-+ // DEREncodable obj)
-+ //{
-+ // seq.addElement(obj);
-+ //}
-+
-+ //abstract void encode(DEROutputStream out)
-+ // throws IOException;
-+
-+ //public String toString()
-+ //{
-+ // return seq.toString();
-+ //}
-+ // END android-removed
- }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java 2011-09-01 17:21:06.000000000 +0000
-@@ -3,12 +3,20 @@
- import java.io.ByteArrayOutputStream;
- import java.io.IOException;
- import java.util.Enumeration;
--import java.util.Vector;
-+// BEGIN android-removed
-+// import java.util.Vector;
-+// END android-removed
-+
-+// BEGIN android-note
-+// Changed inheritence of class.
-+// END android-note
-
- abstract public class ASN1Set
-- extends ASN1Object
-+ extends ASN1Collection
- {
-- protected Vector set = new Vector();
-+ // BEGIN android-removed
-+ // protected Vector set = new Vector();
-+ // END android-removed
-
- /**
- * return an ASN1Set from the given object.
-@@ -104,32 +112,34 @@
- {
- }
-
-- public Enumeration getObjects()
-- {
-- return set.elements();
-- }
--
-- /**
-- * return the object at the set position indicated by index.
-- *
-- * @param index the set number (starting at zero) of the object
-- * @return the object at the set position indicated by index.
-- */
-- public DEREncodable getObjectAt(
-- int index)
-- {
-- return (DEREncodable)set.elementAt(index);
-- }
--
-- /**
-- * return the number of objects in this set.
-- *
-- * @return the number of objects in this set.
-- */
-- public int size()
-- {
-- return set.size();
-- }
-+ // BEGIN android-removed
-+ // public Enumeration getObjects()
-+ // {
-+ // return set.elements();
-+ // }
-+ //
-+ // /**
-+ // * return the object at the set position indicated by index.
-+ // *
-+ // * @param index the set number (starting at zero) of the object
-+ // * @return the object at the set position indicated by index.
-+ // */
-+ // public DEREncodable getObjectAt(
-+ // int index)
-+ // {
-+ // return (DEREncodable)set.elementAt(index);
-+ // }
-+ //
-+ // /**
-+ // * return the number of objects in this set.
-+ // *
-+ // * @return the number of objects in this set.
-+ // */
-+ // public int size()
-+ // {
-+ // return set.size();
-+ // }
-+ // END android-removed
-
- public ASN1SetParser parser()
- {
-@@ -168,23 +178,25 @@
- };
- }
-
-- public int hashCode()
-- {
-- Enumeration e = this.getObjects();
-- int hashCode = size();
--
-- while (e.hasMoreElements())
-- {
-- Object o = e.nextElement();
-- hashCode *= 17;
-- if (o != null)
-- {
-- hashCode ^= o.hashCode();
-- }
-- }
--
-- return hashCode;
-- }
-+ // BEGIN android-removed
-+ // public int hashCode()
-+ // {
-+ // Enumeration e = this.getObjects();
-+ // int hashCode = size();
-+ //
-+ // while (e.hasMoreElements())
-+ // {
-+ // Object o = e.nextElement();
-+ // hashCode *= 17;
-+ // if (o != null)
-+ // {
-+ // hashCode ^= o.hashCode();
-+ // }
-+ // }
-+ //
-+ // return hashCode;
-+ // }
-+ // END android-removed
-
- boolean asn1Equals(
- DERObject o)
-@@ -220,52 +232,54 @@
- return true;
- }
-
-- /**
-- * return true if a <= b (arrays are assumed padded with zeros).
-- */
-- private boolean lessThanOrEqual(
-- byte[] a,
-- byte[] b)
-- {
-- if (a.length <= b.length)
-- {
-- for (int i = 0; i != a.length; i++)
-- {
-- int l = a[i] & 0xff;
-- int r = b[i] & 0xff;
--
-- if (r > l)
-- {
-- return true;
-- }
-- else if (l > r)
-- {
-- return false;
-- }
-- }
--
-- return true;
-- }
-- else
-- {
-- for (int i = 0; i != b.length; i++)
-- {
-- int l = a[i] & 0xff;
-- int r = b[i] & 0xff;
--
-- if (r > l)
-- {
-- return true;
-- }
-- else if (l > r)
-- {
-- return false;
-- }
-- }
--
-- return false;
-- }
-- }
-+ // BEGIN android-removed
-+ // /**
-+ // * return true if a <= b (arrays are assumed padded with zeros).
-+ // */
-+ // private boolean lessThanOrEqual(
-+ // byte[] a,
-+ // byte[] b)
-+ // {
-+ // if (a.length <= b.length)
-+ // {
-+ // for (int i = 0; i != a.length; i++)
-+ // {
-+ // int l = a[i] & 0xff;
-+ // int r = b[i] & 0xff;
-+ //
-+ // if (r > l)
-+ // {
-+ // return true;
-+ // }
-+ // else if (l > r)
-+ // {
-+ // return false;
-+ // }
-+ // }
-+ //
-+ // return true;
-+ // }
-+ // else
-+ // {
-+ // for (int i = 0; i != b.length; i++)
-+ // {
-+ // int l = a[i] & 0xff;
-+ // int r = b[i] & 0xff;
-+ //
-+ // if (r > l)
-+ // {
-+ // return true;
-+ // }
-+ // else if (l > r)
-+ // {
-+ // return false;
-+ // }
-+ // }
-+ //
-+ // return false;
-+ // }
-+ // }
-+ // END android-removed
-
- private byte[] getEncoded(
- DEREncodable obj)
-@@ -285,59 +299,61 @@
- return bOut.toByteArray();
- }
-
-- protected void sort()
-- {
-- if (set.size() > 1)
-- {
-- boolean swapped = true;
-- int lastSwap = set.size() - 1;
--
-- while (swapped)
-- {
-- int index = 0;
-- int swapIndex = 0;
-- byte[] a = getEncoded((DEREncodable)set.elementAt(0));
--
-- swapped = false;
--
-- while (index != lastSwap)
-- {
-- byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
--
-- if (lessThanOrEqual(a, b))
-- {
-- a = b;
-- }
-- else
-- {
-- Object o = set.elementAt(index);
--
-- set.setElementAt(set.elementAt(index + 1), index);
-- set.setElementAt(o, index + 1);
--
-- swapped = true;
-- swapIndex = index;
-- }
--
-- index++;
-- }
--
-- lastSwap = swapIndex;
-- }
-- }
-- }
--
-- protected void addObject(
-- DEREncodable obj)
-- {
-- set.addElement(obj);
-- }
--
-- abstract void encode(DEROutputStream out)
-- throws IOException;
--
-- public String toString()
-- {
-- return set.toString();
-- }
-+ // BEGIN android-removed
-+ // protected void sort()
-+ // {
-+ // if (set.size() > 1)
-+ // {
-+ // boolean swapped = true;
-+ // int lastSwap = set.size() - 1;
-+ //
-+ // while (swapped)
-+ // {
-+ // int index = 0;
-+ // int swapIndex = 0;
-+ // byte[] a = getEncoded((DEREncodable)set.elementAt(0));
-+ //
-+ // swapped = false;
-+ //
-+ // while (index != lastSwap)
-+ // {
-+ // byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
-+ //
-+ // if (lessThanOrEqual(a, b))
-+ // {
-+ // a = b;
-+ // }
-+ // else
-+ // {
-+ // Object o = set.elementAt(index);
-+ //
-+ // set.setElementAt(set.elementAt(index + 1), index);
-+ // set.setElementAt(o, index + 1);
-+ //
-+ // swapped = true;
-+ // swapIndex = index;
-+ // }
-+ //
-+ // index++;
-+ // }
-+ //
-+ // lastSwap = swapIndex;
-+ // }
-+ // }
-+ // }
-+ //
-+ // protected void addObject(
-+ // DEREncodable obj)
-+ // {
-+ // set.addElement(obj);
-+ // }
-+ //
-+ // abstract void encode(DEROutputStream out)
-+ // throws IOException;
-+ //
-+ // public String toString()
-+ // {
-+ // return set.toString();
-+ // }
-+ // END android-removed
- }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java 2011-09-08 21:28:50.000000000 +0000
@@ -5,7 +5,9 @@
public class DERBoolean
extends ASN1Object
@@ -857,18 +42,7 @@
public static final DERBoolean FALSE = new DERBoolean(false);
public static final DERBoolean TRUE = new DERBoolean(true);
-@@ -25,7 +27,9 @@
-
- if (obj instanceof ASN1OctetString)
- {
-- return new DERBoolean(((ASN1OctetString)obj).getOctets());
-+ // BEGIN android-changed
-+ return getInstance(((ASN1OctetString)obj).getOctets());
-+ // END android-changed
- }
-
- if (obj instanceof ASN1TaggedObject)
-@@ -45,6 +49,17 @@
+@@ -35,6 +37,17 @@
return (value ? TRUE : FALSE);
}
@@ -886,64 +60,51 @@
/**
* return a Boolean from a tagged object.
*
-@@ -60,18 +75,22 @@
- {
- return getInstance(obj.getObject());
+@@ -56,23 +69,29 @@
+ }
+ else
+ {
+- return new DERBoolean(((ASN1OctetString)o).getOctets());
++ // BEGIN android-changed
++ return getInstance(((ASN1OctetString)o).getOctets());
++ // END android-changed
+ }
}
--
+
- public DERBoolean(
- byte[] value)
- {
+- if (value.length != 1)
+- {
+- throw new IllegalArgumentException("byte value should have 1 byte in it");
+- }
+-
- this.value = value[0];
- }
++ // BEGIN android-removed
++ // public DERBoolean(
++ // byte[] value)
++ // {
++ // if (value.length != 1)
++ // {
++ // throw new IllegalArgumentException("byte value should have 1 byte in it");
++ // }
++ //
++ // this.value = value[0];
++ // }
++ // END android-removed
- public DERBoolean(
-+ // BEGIN android-removed
-+ //private DERBoolean(
-+ // byte[] value)
-+ //{
-+ // this.value = value[0];
-+ //}
-+ // END android-removed
-+
+ // BEGIN android-changed
-+ private DERBoolean(
++ protected DERBoolean(
boolean value)
++ // END android-changed
{
this.value = (value) ? (byte)0xff : (byte)0;
}
-+ // END android-changed
-
- public boolean isTrue()
- {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java 2011-09-01 17:21:06.000000000 +0000
-@@ -144,7 +144,9 @@
- return new DERConstructedSet(v);
- }
- case BOOLEAN:
-- return new DERBoolean(bytes);
-+ // BEGIN android-changed
-+ return DERBoolean.getInstance(bytes);
-+ // BEGIN android-changed
- case INTEGER:
- return new DERInteger(bytes);
- case ENUMERATED:
-@@ -195,7 +197,9 @@
- {
- if ((tag & CONSTRUCTED) == 0)
- {
-- return new DERTaggedObject(false, tag & 0x1f, new DERNull());
-+ // BEGIN android-changed
-+ return new DERTaggedObject(false, tag & 0x1f, DERNull.INSTANCE);
-+ // END android-changed
- }
- else
- {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java 2011-09-08 21:28:50.000000000 +0000
@@ -10,9 +10,13 @@
{
public static final DERNull INSTANCE = new DERNull();
@@ -960,10 +121,10 @@
{
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java 2011-09-01 17:21:06.000000000 +0000
-@@ -111,7 +111,13 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java 2011-09-08 21:28:50.000000000 +0000
+@@ -110,7 +110,13 @@
}
}
@@ -978,7 +139,7 @@
}
public DERObjectIdentifier(
-@@ -122,7 +128,13 @@
+@@ -121,7 +127,13 @@
throw new IllegalArgumentException("string " + identifier + " not an OID");
}
@@ -993,9 +154,9 @@
}
public String getId()
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java 2011-09-08 21:28:50.000000000 +0000
@@ -9,7 +9,9 @@
extends ASN1Object
implements DERString
@@ -1007,7 +168,7 @@
/**
* return a printable string from the passed in object.
-@@ -66,7 +68,9 @@
+@@ -65,7 +67,9 @@
cs[i] = (char)(string[i] & 0xff);
}
@@ -1018,7 +179,7 @@
}
/**
-@@ -95,7 +99,9 @@
+@@ -94,7 +98,9 @@
throw new IllegalArgumentException("string contains illegal characters");
}
@@ -1029,321 +190,99 @@
}
public String getString()
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java 2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,281 @@
-+package org.bouncycastle.asn1;
-+
-+import java.util.Enumeration;
-+import java.util.ConcurrentModificationException;
-+
-+// BEGIN android-note
-+/*
-+ * This is a new class that was synthesized from the observed
-+ * requirement for a lookup table that preserves order. Since in
-+ * practice the element count is typically very low, we just use a
-+ * flat list rather than doing any hashing / bucketing.
-+ */
-+// END android-note
-+
-+/**
-+ * Ordered lookup table. Instances of this class will keep up to four
-+ * key-value pairs directly, resorting to an external collection only
-+ * if more elements than that need to be stored.
-+ */
-+public final class OrderedTable {
-+ /** null-ok; key #0 */
-+ private DERObjectIdentifier key0;
-+
-+ /** null-ok; key #1 */
-+ private DERObjectIdentifier key1;
-+
-+ /** null-ok; key #2 */
-+ private DERObjectIdentifier key2;
-+
-+ /** null-ok; key #3 */
-+ private DERObjectIdentifier key3;
-+
-+ /** null-ok; value #0 */
-+ private Object value0;
-+
-+ /** null-ok; value #1 */
-+ private Object value1;
-+
-+ /** null-ok; value #2 */
-+ private Object value2;
-+
-+ /** null-ok; value #3 */
-+ private Object value3;
-+
-+ /**
-+ * null-ok; array of additional keys and values, alternating
-+ * key then value, etc.
-+ */
-+ private Object[] rest;
-+
-+ /** >= 0; number of elements in the list */
-+ private int size;
-+
-+ // Note: Default public constructor.
-+
-+ /**
-+ * Adds an element assuming no duplicate key.
-+ *
-+ * @see #put
-+ *
-+ * @param key non-null; the key
-+ * @param value non-null; the value
-+ */
-+ public void add(DERObjectIdentifier key, Object value) {
-+ if (key == null) {
-+ throw new NullPointerException("key == null");
-+ }
-+
-+ if (value == null) {
-+ throw new NullPointerException("value == null");
-+ }
-+
-+ int sz = size;
-+
-+ switch (sz) {
-+ case 0: {
-+ key0 = key;
-+ value0 = value;
-+ break;
-+ }
-+ case 1: {
-+ key1 = key;
-+ value1 = value;
-+ break;
-+ }
-+ case 2: {
-+ key2 = key;
-+ value2 = value;
-+ break;
-+ }
-+ case 3: {
-+ key3 = key;
-+ value3 = value;
-+ break;
-+ }
-+ case 4: {
-+ // Do initial allocation of rest.
-+ rest = new Object[10];
-+ rest[0] = key;
-+ rest[1] = value;
-+ break;
-+ }
-+ default: {
-+ int index = (sz - 4) * 2;
-+ int index1 = index + 1;
-+ if (index1 >= rest.length) {
-+ // Grow rest.
-+ Object[] newRest = new Object[index1 * 2 + 10];
-+ System.arraycopy(rest, 0, newRest, 0, rest.length);
-+ rest = newRest;
-+ }
-+ rest[index] = key;
-+ rest[index1] = value;
-+ break;
-+ }
-+ }
-+
-+ size = sz + 1;
-+ }
-+
-+ /**
-+ * Gets the number of elements in this instance.
-+ */
-+ public int size() {
-+ return size;
-+ }
-+
-+ /**
-+ * Look up the given key, returning the associated value if found.
-+ *
-+ * @param key non-null; the key to look up
-+ * @return null-ok; the associated value
-+ */
-+ public Object get(DERObjectIdentifier key) {
-+ int keyHash = key.hashCode();
-+ int sz = size;
-+
-+ for (int i = 0; i < size; i++) {
-+ DERObjectIdentifier probe = getKey(i);
-+ if ((probe.hashCode() == keyHash) &&
-+ probe.equals(key)) {
-+ return getValue(i);
-+ }
-+ }
-+
-+ return null;
-+ }
-+
-+ /**
-+ * Replace a key if present, otherwise add
-+ *
-+ * @see #add
-+ *
-+ * @param key non-null; the key
-+ * @param value non-null; the value
-+ */
-+ public void put(DERObjectIdentifier key, Object value) {
-+ if (key == null) {
-+ throw new NullPointerException("key == null");
-+ }
-+
-+ if (value == null) {
-+ throw new NullPointerException("value == null");
-+ }
-+
-+ int keyHash = key.hashCode();
-+ int sz = size;
-+
-+ for (int i = 0; i < size; i++) {
-+ DERObjectIdentifier probe = getKey(i);
-+ if ((probe.hashCode() == keyHash) &&
-+ probe.equals(key)) {
-+ setValue(i, value);
-+ return;
-+ }
-+ }
-+
-+ add(key, value);
-+ }
-+
-+ /**
-+ * Gets the nth key.
-+ *
-+ * @param n index
-+ * @return non-null; the nth key
-+ */
-+ public DERObjectIdentifier getKey(int n) {
-+ if ((n < 0) || (n >= size)) {
-+ throw new IndexOutOfBoundsException(Integer.toString(n));
-+ }
-+
-+ switch (n) {
-+ case 0: return key0;
-+ case 1: return key1;
-+ case 2: return key2;
-+ case 3: return key3;
-+ default: return (DERObjectIdentifier) rest[(n - 4) * 2];
-+ }
-+ }
-+
-+ /**
-+ * Gets the nth value.
-+ *
-+ * @param n index
-+ * @return non-null; the nth value
-+ */
-+ public Object getValue(int n) {
-+ if ((n < 0) || (n >= size)) {
-+ throw new IndexOutOfBoundsException(Integer.toString(n));
-+ }
-+
-+ switch (n) {
-+ case 0: return value0;
-+ case 1: return value1;
-+ case 2: return value2;
-+ case 3: return value3;
-+ default: return rest[((n - 4) * 2) + 1];
-+ }
-+ }
-+
-+ /**
-+ * Sets the nth value.
-+ *
-+ * @param n index
-+ * @param value non-null object
-+ */
-+ public void setValue(int n, Object value) {
-+ if ((n < 0) || (n >= size)) {
-+ throw new IndexOutOfBoundsException(Integer.toString(n));
-+ }
-+ if (value == null) {
-+ throw new NullPointerException("value == null");
-+ }
-+
-+ switch (n) {
-+ case 0: value0 = value; return;
-+ case 1: value1 = value; return;
-+ case 2: value2 = value; return;
-+ case 3: value3 = value; return;
-+ default: rest[((n - 4) * 2) + 1] = value; return;
-+ }
-+ }
-+
-+ /**
-+ * Gets an enumeration of the keys, in order.
-+ *
-+ * @return non-null; an enumeration of the keys
-+ */
-+ public Enumeration getKeys() {
-+ return new KeyEnumeration();
-+ }
-+
-+ /**
-+ * Associated enumeration class.
-+ */
-+ private class KeyEnumeration implements Enumeration {
-+ /** original size; used for modification detection */
-+ private final int origSize = size;
-+
-+ /** >= 0; current cursor */
-+ private int at = 0;
-+
-+ /** {@inheritDoc} */
-+ public boolean hasMoreElements() {
-+ if (size != origSize) {
-+ throw new ConcurrentModificationException();
-+ }
-+
-+ return at < origSize;
-+ }
-+
-+ /** {@inheritDoc} */
-+ public Object nextElement() {
-+ if (size != origSize) {
-+ throw new ConcurrentModificationException();
-+ }
-+
-+ return getKey(at++);
-+ }
-+ }
-+}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2011-09-01 17:21:06.000000000 +0000
-@@ -10,7 +10,10 @@
- //
- static final String pkcs_1 = "1.2.840.113549.1.1";
- static final DERObjectIdentifier rsaEncryption = new DERObjectIdentifier(pkcs_1 + ".1");
-- static final DERObjectIdentifier md2WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".2");
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java 2011-09-08 21:28:50.000000000 +0000
+@@ -12,7 +12,9 @@
+
+ public class ContentInfo
+ extends ASN1Encodable
+- implements CMSObjectIdentifiers
+ // BEGIN android-removed
-+ // Dropping MD2
-+ // static final DERObjectIdentifier md2WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".2");
++ // implements CMSObjectIdentifiers
+ // END android-removed
- static final DERObjectIdentifier md4WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".3");
- static final DERObjectIdentifier md5WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".4");
- static final DERObjectIdentifier sha1WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".5");
-@@ -65,7 +68,10 @@
+ {
+ private ASN1ObjectIdentifier contentType;
+ private DEREncodable content;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2011-09-08 21:28:50.000000000 +0000
+@@ -37,10 +37,13 @@
+ public static EncryptedPrivateKeyInfo getInstance(
+ Object obj)
+ {
+- if (obj instanceof EncryptedData)
++ // BEGIN android-changed
++ // fix copy and paste error in instanceof call
++ if (obj instanceof EncryptedPrivateKeyInfo)
+ {
+ return (EncryptedPrivateKeyInfo)obj;
+ }
++ // END android-changed
+ else if (obj instanceof ASN1Sequence)
+ {
+ return new EncryptedPrivateKeyInfo((ASN1Sequence)obj);
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2011-09-08 21:28:50.000000000 +0000
+@@ -10,8 +10,10 @@
+ //
+ static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
+ static final ASN1ObjectIdentifier rsaEncryption = pkcs_1.branch("1");
+- static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2");
+- static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3");
++ // BEGIN android-removed
++ // static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2");
++ // static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3");
++ // END android-removed
+ static final ASN1ObjectIdentifier md5WithRSAEncryption = pkcs_1.branch("4");
+ static final ASN1ObjectIdentifier sha1WithRSAEncryption = pkcs_1.branch("5");
+ static final ASN1ObjectIdentifier srsaOAEPEncryptionSET = pkcs_1.branch("6");
+@@ -22,7 +24,9 @@
+ static final ASN1ObjectIdentifier sha256WithRSAEncryption = pkcs_1.branch("11");
+ static final ASN1ObjectIdentifier sha384WithRSAEncryption = pkcs_1.branch("12");
+ static final ASN1ObjectIdentifier sha512WithRSAEncryption = pkcs_1.branch("13");
+- static final ASN1ObjectIdentifier sha224WithRSAEncryption = pkcs_1.branch("14");
++ // BEGIN android-removed
++ // static final ASN1ObjectIdentifier sha224WithRSAEncryption = pkcs_1.branch("14");
++ // END android-removed
+
+ //
+ // pkcs-3 OBJECT IDENTIFIER ::= {
+@@ -65,13 +69,17 @@
// md2 OBJECT IDENTIFIER ::=
// {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}
//
-- static final DERObjectIdentifier md2 = new DERObjectIdentifier(digestAlgorithm + ".2");
+- static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2");
+ // BEGIN android-removed
-+ // Dropping MD2
-+ // static final DERObjectIdentifier md2 = new DERObjectIdentifier(digestAlgorithm + ".2");
++ // static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2");
+ // END android-removed
//
// md4 OBJECT IDENTIFIER ::=
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2011-09-01 17:21:06.000000000 +0000
+ // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}
+ //
+- static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4");
++ // BEGIN android-removed
++ // static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4");
++ // END android-removed
+
+ //
+ // md5 OBJECT IDENTIFIER ::=
+@@ -80,7 +88,9 @@
+ static final ASN1ObjectIdentifier md5 = digestAlgorithm.branch("5");
+
+ static final ASN1ObjectIdentifier id_hmacWithSHA1 = digestAlgorithm.branch("7");
+- static final ASN1ObjectIdentifier id_hmacWithSHA224 = digestAlgorithm.branch("8");
++ // BEGIN android-removed
++ // static final ASN1ObjectIdentifier id_hmacWithSHA224 = digestAlgorithm.branch("8");
++ // END android-removed
+ static final ASN1ObjectIdentifier id_hmacWithSHA256 = digestAlgorithm.branch("9");
+ static final ASN1ObjectIdentifier id_hmacWithSHA384 = digestAlgorithm.branch("10");
+ static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11");
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2011-09-08 21:28:50.000000000 +0000
@@ -19,7 +19,9 @@
private AlgorithmIdentifier maskGenAlgorithm;
private AlgorithmIdentifier pSourceAlgorithm;
@@ -1355,9 +294,9 @@
public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM);
public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0]));
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2011-09-08 21:28:50.000000000 +0000
@@ -20,7 +20,9 @@
private DERInteger saltLength;
private DERInteger trailerField;
@@ -1369,10 +308,10 @@
public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM);
public final static DERInteger DEFAULT_SALT_LENGTH = new DERInteger(20);
public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java 2011-09-01 17:21:06.000000000 +0000
-@@ -90,7 +90,9 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java 2011-09-08 21:28:50.000000000 +0000
+@@ -79,7 +79,9 @@
{
Object o = e.nextElement();
@@ -1383,9 +322,9 @@
{
buf.append(tab);
buf.append("NULL");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java 2011-09-08 21:28:50.000000000 +0000
@@ -45,7 +45,7 @@
ASN1TaggedObject obj,
boolean explicit)
@@ -1395,9 +334,9 @@
}
/**
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java 2011-09-08 21:28:50.000000000 +0000
@@ -14,7 +14,9 @@
public class BasicConstraints
extends ASN1Encodable
@@ -1442,9 +381,9 @@
this.pathLenConstraint = new DERInteger(pathLenConstraint);
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2011-09-08 21:28:50.000000000 +0000
@@ -96,11 +96,15 @@
}
if (onlyContainsUserCerts)
@@ -1481,156 +420,10 @@
}
seq = new DERSequence(vec);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java 2011-09-01 17:21:06.000000000 +0000
-@@ -9,6 +9,9 @@
- import org.bouncycastle.asn1.DERObject;
- import org.bouncycastle.asn1.DERObjectIdentifier;
- import org.bouncycastle.asn1.DERSequence;
-+// BEGIN android-added
-+import org.bouncycastle.asn1.OrderedTable;
-+// END android-added
-
- import java.util.Enumeration;
- import java.util.Hashtable;
-@@ -172,8 +175,9 @@
- */
- public static final DERObjectIdentifier TargetInformation = new DERObjectIdentifier("2.5.29.55");
-
-- private Hashtable extensions = new Hashtable();
-- private Vector ordering = new Vector();
-+ // BEGIN android-changed
-+ private OrderedTable table = new OrderedTable();
-+ // END android-changed
-
- public static X509Extensions getInstance(
- ASN1TaggedObject obj,
-@@ -217,20 +221,26 @@
- {
- ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement());
-
-- if (s.size() == 3)
-+ // BEGIN android-changed
-+ int sSize = s.size();
-+ DERObjectIdentifier key = (DERObjectIdentifier) s.getObjectAt(0);
-+ Object value;
-+
-+ if (sSize == 3)
- {
-- extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
-+ value = new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)));
- }
-- else if (s.size() == 2)
-+ else if (sSize == 2)
- {
-- extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1))));
-+ value = new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1)));
- }
- else
- {
-- throw new IllegalArgumentException("Bad sequence size: " + s.size());
-+ throw new IllegalArgumentException("Bad sequence size: " + sSize);
- }
-
-- ordering.addElement(s.getObjectAt(0));
-+ table.add(key, value);
-+ // END android-changed
- }
- }
-
-@@ -265,20 +275,14 @@
- e = ordering.elements();
- }
-
-- while (e.hasMoreElements())
-- {
-- this.ordering.addElement(e.nextElement());
-- }
--
-- e = this.ordering.elements();
--
-+ // BEGIN android-changed
- while (e.hasMoreElements())
- {
- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
- X509Extension ext = (X509Extension)extensions.get(oid);
--
-- this.extensions.put(oid, ext);
-+ table.add(oid, ext);
- }
-+ // END android-changed
- }
-
- /**
-@@ -293,23 +297,18 @@
- {
- Enumeration e = objectIDs.elements();
-
-- while (e.hasMoreElements())
-- {
-- this.ordering.addElement(e.nextElement());
-- }
--
-+ // BEGIN android-changed
- int count = 0;
-
-- e = this.ordering.elements();
--
- while (e.hasMoreElements())
- {
- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
- X509Extension ext = (X509Extension)values.elementAt(count);
-
-- this.extensions.put(oid, ext);
-+ table.add(oid, ext);
- count++;
- }
-+ // END android-changed
- }
-
- /**
-@@ -317,7 +316,9 @@
- */
- public Enumeration oids()
- {
-- return ordering.elements();
-+ // BEGIN android-changed
-+ return table.getKeys();
-+ // END android-changed
- }
-
- /**
-@@ -329,7 +330,9 @@
- public X509Extension getExtension(
- DERObjectIdentifier oid)
- {
-- return (X509Extension)extensions.get(oid);
-+ // BEGIN android-changed
-+ return (X509Extension)table.get(oid);
-+ // END android-changed
- }
-
- /**
-@@ -345,19 +348,23 @@
- public DERObject toASN1Object()
- {
- ASN1EncodableVector vec = new ASN1EncodableVector();
-- Enumeration e = ordering.elements();
-+ // BEGIN android-changed
-+ int size = table.size();
-
-- while (e.hasMoreElements())
-+ for (int i = 0; i < size; i++)
- {
-- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-- X509Extension ext = (X509Extension)extensions.get(oid);
-+ DERObjectIdentifier oid = table.getKey(i);
-+ X509Extension ext = (X509Extension)table.getValue(i);
-+ // END android-changed
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(oid);
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java 2011-09-08 21:28:50.000000000 +0000
+@@ -400,7 +400,9 @@
if (ext.isCritical())
{
@@ -1641,714 +434,47 @@
}
v.add(ext.getValue());
-@@ -371,18 +378,24 @@
- public boolean equivalent(
- X509Extensions other)
- {
-- if (extensions.size() != other.extensions.size())
-+ // BEGIN android-changed
-+ if (table.size() != other.table.size())
-+ // END android-changed
- {
- return false;
- }
-
-- Enumeration e1 = extensions.keys();
-+ // BEGIN android-changed
-+ Enumeration e1 = table.getKeys();
-+ // END android-changed
-
- while (e1.hasMoreElements())
- {
-- Object key = e1.nextElement();
-+ // BEGIN android-changed
-+ DERObjectIdentifier key = (DERObjectIdentifier)e1.nextElement();
-
-- if (!extensions.get(key).equals(other.extensions.get(key)))
-+ if (!table.get(key).equals(other.table.get(key)))
-+ // END android-changed
- {
- return false;
- }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java 2011-09-01 17:21:06.000000000 +0000
-@@ -247,8 +247,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java 2011-09-08 21:28:50.000000000 +0000
+@@ -249,8 +249,10 @@
*/
public static final Hashtable SymbolLookUp = DefaultLookUp;
- private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
- private static final Boolean FALSE = new Boolean(false);
-+ // BEGIN android-removed
-+ //private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
-+ //private static final Boolean FALSE = new Boolean(false);
-+ // END android-removed
++ // BEGIN android-changed
++ private static final Boolean TRUE = Boolean.TRUE;
++ private static final Boolean FALSE = Boolean.FALSE;
++ // END android-changed
static
{
-@@ -340,9 +342,9 @@
- }
-
- private X509NameEntryConverter converter = null;
-- private Vector ordering = new Vector();
-- private Vector values = new Vector();
-- private Vector added = new Vector();
-+ // BEGIN android-changed
-+ private X509NameElementList elems = new X509NameElementList();
-+ // END android-changed
-
- private ASN1Sequence seq;
-
-@@ -403,26 +405,30 @@
- throw new IllegalArgumentException("badly sized pair");
- }
-
-- ordering.addElement(DERObjectIdentifier.getInstance(s.getObjectAt(0)));
-+ // BEGIN android-changed
-+ DERObjectIdentifier key = DERObjectIdentifier.getInstance(s.getObjectAt(0));
-
- DEREncodable value = s.getObjectAt(1);
-+ String valueStr;
- if (value instanceof DERString && !(value instanceof DERUniversalString))
+@@ -432,7 +434,9 @@
{
- String v = ((DERString)value).getString();
- if (v.length() > 0 && v.charAt(0) == '#')
- {
-- values.addElement("\\" + v);
-+ valueStr = "\\" + v;
- }
- else
- {
-- values.addElement(v);
-+ valueStr = v;
- }
- }
- else
- {
-- values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
-+ valueStr = "#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()));
+ values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
}
- added.addElement((i != 0) ? TRUE : FALSE); // to allow earlier JDK compatibility
-+ boolean added = (i != 0); // to allow earlier JDK compatibility
-+ elems.add(key, valueStr, added);
++ // BEGIN android-changed
++ added.addElement(Boolean.valueOf(i != 0));
+ // END android-changed
}
}
}
-@@ -476,14 +482,23 @@
- Hashtable attributes,
- X509NameEntryConverter converter)
- {
-+ // BEGIN android-changed
-+ DERObjectIdentifier problem = null;
- this.converter = converter;
-
- if (ordering != null)
- {
- for (int i = 0; i != ordering.size(); i++)
- {
-- this.ordering.addElement(ordering.elementAt(i));
-- this.added.addElement(FALSE);
-+ DERObjectIdentifier key =
-+ (DERObjectIdentifier) ordering.elementAt(i);
-+ String value = (String) attributes.get(key);
-+ if (value == null)
-+ {
-+ problem = key;
-+ break;
-+ }
-+ elems.add(key, value);
- }
- }
- else
-@@ -492,22 +507,23 @@
-
- while (e.hasMoreElements())
- {
-- this.ordering.addElement(e.nextElement());
-- this.added.addElement(FALSE);
-+ DERObjectIdentifier key =
-+ (DERObjectIdentifier) e.nextElement();
-+ String value = (String) attributes.get(key);
-+ if (value == null)
-+ {
-+ problem = key;
-+ break;
-+ }
-+ elems.add(key, value);
- }
- }
-
-- for (int i = 0; i != this.ordering.size(); i++)
-+ if (problem != null)
- {
-- DERObjectIdentifier oid = (DERObjectIdentifier)this.ordering.elementAt(i);
--
-- if (attributes.get(oid) == null)
-- {
-- throw new IllegalArgumentException("No attribute for object id - " + oid.getId() + " - passed to distinguished name");
-- }
--
-- this.values.addElement(attributes.get(oid)); // copy the hash table
-+ throw new IllegalArgumentException("No attribute for object id - " + problem.getId() + " - passed to distinguished name");
- }
-+ // END android-changed
- }
-
- /**
-@@ -540,9 +556,10 @@
-
- for (int i = 0; i < oids.size(); i++)
- {
-- this.ordering.addElement(oids.elementAt(i));
-- this.values.addElement(values.elementAt(i));
-- this.added.addElement(FALSE);
-+ // BEGIN android-changed
-+ elems.add((DERObjectIdentifier) oids.elementAt(i),
-+ (String) values.elementAt(i));
-+ // END android-changed
- }
- }
-
-@@ -679,7 +696,7 @@
+@@ -689,7 +693,9 @@
if (index == -1)
{
- throw new IllegalArgumentException("badly formated directory string");
++ // BEGIN android-changed
+ throw new IllegalArgumentException("badly formatted directory string");
++ // END android-changed
}
String name = token.substring(0, index);
-@@ -691,9 +708,9 @@
- X509NameTokenizer vTok = new X509NameTokenizer(value, '+');
- String v = vTok.nextToken();
-
-- this.ordering.addElement(oid);
-- this.values.addElement(v);
-- this.added.addElement(FALSE);
-+ // BEGIN android-changed
-+ this.elems.add(oid, v);
-+ // END android-changed
-
- while (vTok.hasMoreTokens())
- {
-@@ -702,48 +719,24 @@
-
- String nm = sv.substring(0, ndx);
- String vl = sv.substring(ndx + 1);
-- this.ordering.addElement(decodeOID(nm, lookUp));
-- this.values.addElement(vl);
-- this.added.addElement(TRUE);
-+ // BEGIN android-changed
-+ this.elems.add(decodeOID(nm, lookUp), vl, true);
-+ // END android-changed
- }
- }
- else
- {
-- this.ordering.addElement(oid);
-- this.values.addElement(value);
-- this.added.addElement(FALSE);
-+ // BEGIN android-changed
-+ this.elems.add(oid, value);
-+ // END android-changed
- }
- }
-
- if (reverse)
- {
-- Vector o = new Vector();
-- Vector v = new Vector();
-- Vector a = new Vector();
--
-- int count = 1;
--
-- for (int i = 0; i < this.ordering.size(); i++)
-- {
-- if (((Boolean)this.added.elementAt(i)).booleanValue())
-- {
-- o.insertElementAt(this.ordering.elementAt(i), count);
-- v.insertElementAt(this.values.elementAt(i), count);
-- a.insertElementAt(this.added.elementAt(i), count);
-- count++;
-- }
-- else
-- {
-- o.insertElementAt(this.ordering.elementAt(i), 0);
-- v.insertElementAt(this.values.elementAt(i), 0);
-- a.insertElementAt(this.added.elementAt(i), 0);
-- count = 1;
-- }
-- }
--
-- this.ordering = o;
-- this.values = v;
-- this.added = a;
-+ // BEGIN android-changed
-+ this.elems = this.elems.reverse();
-+ // END android-changed
- }
- }
-
-@@ -752,14 +745,17 @@
- */
- public Vector getOIDs()
- {
-+ // BEGIN android-changed
- Vector v = new Vector();
-+ int size = elems.size();
-
-- for (int i = 0; i != ordering.size(); i++)
-+ for (int i = 0; i < size; i++)
- {
-- v.addElement(ordering.elementAt(i));
-+ v.addElement(elems.getKey(i));
- }
-
- return v;
-+ // END android-changed
- }
-
- /**
-@@ -769,11 +765,14 @@
- public Vector getValues()
- {
- Vector v = new Vector();
-+ // BEGIN android-changed
-+ int size = elems.size();
-
-- for (int i = 0; i != values.size(); i++)
-+ for (int i = 0; i != size; i++)
- {
-- v.addElement(values.elementAt(i));
-+ v.addElement(elems.getValue(i));
- }
-+ // END android-changed
-
- return v;
- }
-@@ -786,12 +785,14 @@
- DERObjectIdentifier oid)
- {
- Vector v = new Vector();
-+ int size = elems.size();
-+ // BEGIN android-changed
-
-- for (int i = 0; i != values.size(); i++)
-+ for (int i = 0; i != size; i++)
- {
-- if (ordering.elementAt(i).equals(oid))
-+ if (elems.getKey(i).equals(oid))
- {
-- String val = (String)values.elementAt(i);
-+ String val = elems.getValue(i);
-
- if (val.length() > 2 && val.charAt(0) == '\\' && val.charAt(1) == '#')
- {
-@@ -803,6 +804,7 @@
- }
- }
- }
-+ // END android-changed
-
- return v;
- }
-@@ -814,20 +816,23 @@
- ASN1EncodableVector vec = new ASN1EncodableVector();
- ASN1EncodableVector sVec = new ASN1EncodableVector();
- DERObjectIdentifier lstOid = null;
-+ // BEGIN android-changed
-+ int size = elems.size();
-
-- for (int i = 0; i != ordering.size(); i++)
-+ for (int i = 0; i != size; i++)
- {
- ASN1EncodableVector v = new ASN1EncodableVector();
-- DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i);
-+ DERObjectIdentifier oid = elems.getKey(i);
-
- v.add(oid);
-
-- String str = (String)values.elementAt(i);
-+ String str = elems.getValue(i);
-
- v.add(converter.getConvertedValue(oid, str));
-
- if (lstOid == null
-- || ((Boolean)this.added.elementAt(i)).booleanValue())
-+ || this.elems.getAdded(i))
-+ // END android-changed
- {
- sVec.add(new DERSequence(v));
- }
-@@ -845,6 +850,7 @@
- vec.add(new DERSet(sVec));
-
- seq = new DERSequence(vec);
-+ // END android-changed
- }
-
- return seq;
-@@ -889,22 +895,28 @@
- return false;
- }
-
-- int orderingSize = ordering.size();
-+ // BEGIN android-changed
-+ int orderingSize = elems.size();
-
-- if (orderingSize != other.ordering.size())
-+ if (orderingSize != other.elems.size())
-+ // END android-changed
- {
- return false;
- }
-
- for (int i = 0; i < orderingSize; i++)
- {
-- DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i);
-- DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(i);
-+ // BEGIN android-changed
-+ DERObjectIdentifier oid = elems.getKey(i);
-+ DERObjectIdentifier oOid = other.elems.getKey(i);
-+ // END android-changed
-
- if (oid.equals(oOid))
- {
-- String value = (String)values.elementAt(i);
-- String oValue = (String)other.values.elementAt(i);
-+ // BEGIN android-changed
-+ String value = elems.getValue(i);
-+ String oValue = other.elems.getValue(i);
-+ // END android-changed
-
- if (!equivalentStrings(value, oValue))
- {
-@@ -930,9 +942,9 @@
- isHashCodeCalculated = true;
-
- // this needs to be order independent, like equals
-- for (int i = 0; i != ordering.size(); i += 1)
-+ for (int i = 0; i != elems.size(); i += 1)
- {
-- String value = (String)values.elementAt(i);
-+ String value = (String)elems.getValue(i);
-
- value = canonicalize(value);
- value = stripInternalSpaces(value);
-@@ -976,9 +988,11 @@
- return false;
- }
-
-- int orderingSize = ordering.size();
-+ // BEGIN android-changed
-+ int orderingSize = elems.size();
-
-- if (orderingSize != other.ordering.size())
-+ if (orderingSize != other.elems.size())
-+ // END android-changed
- {
- return false;
- }
-@@ -986,7 +1000,9 @@
- boolean[] indexes = new boolean[orderingSize];
- int start, end, delta;
-
-- if (ordering.elementAt(0).equals(other.ordering.elementAt(0))) // guess forward
-+ // BEGIN android-changed
-+ if (elems.getKey(0).equals(other.elems.getKey(0))) // guess forward
-+ // END android-changed
- {
- start = 0;
- end = orderingSize;
-@@ -1002,8 +1018,10 @@
- for (int i = start; i != end; i += delta)
- {
- boolean found = false;
-- DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i);
-- String value = (String)values.elementAt(i);
-+ // BEGIN android-changed
-+ DERObjectIdentifier oid = elems.getKey(i);
-+ String value = elems.getValue(i);
-+ // END android-changed
-
- for (int j = 0; j < orderingSize; j++)
- {
-@@ -1012,11 +1030,15 @@
- continue;
- }
-
-- DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(j);
-+ // BEGIN android-changed
-+ DERObjectIdentifier oOid = other.elems.getKey(j);
-+ // END android-changed
-
- if (oid.equals(oOid))
- {
-- String oValue = (String)other.values.elementAt(j);
-+ // BEGIN android-changed
-+ String oValue = other.elems.getValue(j);
-+ // END android-changed
-
- if (equivalentStrings(value, oValue))
- {
-@@ -1181,28 +1203,36 @@
-
- StringBuffer ava = null;
-
-- for (int i = 0; i < ordering.size(); i++)
-+ // BEGIN android-changed
-+ for (int i = 0; i < elems.size(); i++)
-+ // END android-changed
- {
-- if (((Boolean)added.elementAt(i)).booleanValue())
-+ if (elems.getAdded(i))
- {
- ava.append('+');
- appendValue(ava, oidSymbols,
-- (DERObjectIdentifier)ordering.elementAt(i),
-- (String)values.elementAt(i));
-+ // BEGIN android-changed
-+ elems.getKey(i),
-+ elems.getValue(i));
-+ // END android-changed
- }
- else
- {
- ava = new StringBuffer();
- appendValue(ava, oidSymbols,
-- (DERObjectIdentifier)ordering.elementAt(i),
-- (String)values.elementAt(i));
-+ // BEGIN android-changed
-+ elems.getKey(i),
-+ elems.getValue(i));
-+ // END android-changed
- components.addElement(ava);
- }
- }
-
- if (reverse)
- {
-- for (int i = components.size() - 1; i >= 0; i--)
-+ // BEGIN android-changed
-+ for (int i = elems.size() - 1; i >= 0; i--)
-+ // END android-changed
- {
- if (first)
- {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java 2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,206 @@
-+package org.bouncycastle.asn1.x509;
-+
-+import java.util.ArrayList;
-+import java.util.BitSet;
-+import org.bouncycastle.asn1.DERObjectIdentifier;
-+
-+// BEGIN android-note
-+// This class was extracted from X509Name as a way to keep the element
-+// list in a more controlled fashion.
-+// END android-note
-+
-+/**
-+ * List of elements of an X509 name. Each element has a key, a value, and
-+ * an "added" flag.
-+ */
-+public class X509NameElementList {
-+ /** null-ok; key #0 */
-+ private DERObjectIdentifier key0;
-+
-+ /** null-ok; key #1 */
-+ private DERObjectIdentifier key1;
-+
-+ /** null-ok; key #2 */
-+ private DERObjectIdentifier key2;
-+
-+ /** null-ok; key #3 */
-+ private DERObjectIdentifier key3;
-+
-+ /** null-ok; value #0 */
-+ private String value0;
-+
-+ /** null-ok; value #1 */
-+ private String value1;
-+
-+ /** null-ok; value #2 */
-+ private String value2;
-+
-+ /** null-ok; value #3 */
-+ private String value3;
-+
-+ /**
-+ * null-ok; array of additional keys and values, alternating
-+ * key then value, etc.
-+ */
-+ private ArrayList<Object> rest;
-+
-+ /** bit vector for all the "added" bits */
-+ private BitSet added = new BitSet();
-+
-+ /** >= 0; number of elements in the list */
-+ private int size;
-+
-+ // Note: Default public constructor.
-+
-+ /**
-+ * Adds an element. The "added" flag is set to false for the element.
-+ *
-+ * @param key non-null; the key
-+ * @param value non-null; the value
-+ */
-+ public void add(DERObjectIdentifier key, String value) {
-+ add(key, value, false);
-+ }
-+
-+ /**
-+ * Adds an element.
-+ *
-+ * @param key non-null; the key
-+ * @param value non-null; the value
-+ * @param added the added bit
-+ */
-+ public void add(DERObjectIdentifier key, String value, boolean added) {
-+ if (key == null) {
-+ throw new NullPointerException("key == null");
-+ }
-+
-+ if (value == null) {
-+ throw new NullPointerException("value == null");
-+ }
-+
-+ int sz = size;
-+
-+ switch (sz) {
-+ case 0: {
-+ key0 = key;
-+ value0 = value;
-+ break;
-+ }
-+ case 1: {
-+ key1 = key;
-+ value1 = value;
-+ break;
-+ }
-+ case 2: {
-+ key2 = key;
-+ value2 = value;
-+ break;
-+ }
-+ case 3: {
-+ key3 = key;
-+ value3 = value;
-+ break;
-+ }
-+ case 4: {
-+ // Do initial allocation of rest.
-+ rest = new ArrayList<Object>();
-+ // Fall through...
-+ }
-+ default: {
-+ rest.add(key);
-+ rest.add(value);
-+ break;
-+ }
-+ }
-+
-+ if (added) {
-+ this.added.set(sz);
-+ }
-+
-+ size = sz + 1;
-+ }
-+
-+ /**
-+ * Sets the "added" flag on the most recently added element.
-+ */
-+ public void setLastAddedFlag() {
-+ added.set(size - 1);
-+ }
-+
-+ /**
-+ * Gets the number of elements in this instance.
-+ */
-+ public int size() {
-+ return size;
-+ }
-+
-+ /**
-+ * Gets the nth key.
-+ *
-+ * @param n index
-+ * @return non-null; the nth key
-+ */
-+ public DERObjectIdentifier getKey(int n) {
-+ if ((n < 0) || (n >= size)) {
-+ throw new IndexOutOfBoundsException(Integer.toString(n));
-+ }
-+
-+ switch (n) {
-+ case 0: return key0;
-+ case 1: return key1;
-+ case 2: return key2;
-+ case 3: return key3;
-+ default: return (DERObjectIdentifier) rest.get((n - 4) * 2);
-+ }
-+ }
-+
-+ /**
-+ * Gets the nth value.
-+ *
-+ * @param n index
-+ * @return non-null; the nth value
-+ */
-+ public String getValue(int n) {
-+ if ((n < 0) || (n >= size)) {
-+ throw new IndexOutOfBoundsException(Integer.toString(n));
-+ }
-+
-+ switch (n) {
-+ case 0: return value0;
-+ case 1: return value1;
-+ case 2: return value2;
-+ case 3: return value3;
-+ default: return (String) rest.get(((n - 4) * 2) + 1);
-+ }
-+ }
-+
-+ /**
-+ * Gets the nth added flag bit.
-+ *
-+ * @param n index
-+ * @return the nth added flag bit
-+ */
-+ public boolean getAdded(int n) {
-+ if ((n < 0) || (n >= size)) {
-+ throw new IndexOutOfBoundsException(Integer.toString(n));
-+ }
-+
-+ return added.get(n);
-+ }
-+
-+ /**
-+ * Constructs and returns a new instance which consists of the
-+ * elements of this one in reverse order
-+ *
-+ * @return non-null; the reversed instance
-+ */
-+ public X509NameElementList reverse() {
-+ X509NameElementList result = new X509NameElementList();
-+
-+ for (int i = size - 1; i >= 0; i--) {
-+ result.add(getKey(i), getValue(i), getAdded(i));
-+ }
-+
-+ return result;
-+ }
-+}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2011-09-08 21:28:50.000000000 +0000
@@ -58,6 +58,17 @@
}
else
@@ -2374,9 +500,9 @@
-}
+}
\ No newline at end of file
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java 2011-09-08 21:28:49.000000000 +0000
@@ -136,7 +136,8 @@
public static byte[] PKCS12PasswordToBytes(
char[] password)
@@ -2394,10 +520,10 @@
+ // END android-changed
}
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,122 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2011-09-08 21:28:49.000000000 +0000
+@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
@@ -2430,12 +556,24 @@
+ private final String algorithm;
+
+ /**
-+ * Holds the OpenSSL name of the hashing algorithm, e.g. "sha1";
++ * Holds the EVP_MD for the hashing algorithm, e.g. EVP_get_digestbyname("sha1");
+ */
-+ private final String openssl;
++ private final int evp_md;
+
+ /**
-+ * Holds a pointer to the native message digest context.
++ * Holds the output size of the message digest.
++ */
++ private final int size;
++
++ /**
++ * Holds the block size of the message digest.
++ */
++ private final int blockSize;
++
++ /**
++ * Holds a pointer to the native message digest context. It is
++ * lazily initialized to avoid having to reallocate on reset when
++ * its unlikely to be reused.
+ */
+ private int ctx;
+
@@ -2447,25 +585,12 @@
+ /**
+ * Creates a new OpenSSLMessageDigest instance for the given algorithm
+ * name.
-+ *
-+ * @param algorithm The standard name of the algorithm, e.g. "SHA-1".
-+ * @param algorithm The name of the openssl algorithm, e.g. "sha1".
+ */
-+ private OpenSSLDigest(String algorithm, String openssl) {
++ private OpenSSLDigest(String algorithm, int evp_md, int size, int blockSize) {
+ this.algorithm = algorithm;
-+ this.openssl = openssl;
-+ ctx = NativeCrypto.EVP_MD_CTX_create();
-+ try {
-+ NativeCrypto.EVP_DigestInit(ctx, openssl);
-+ } catch (Exception ex) {
-+ throw new RuntimeException(ex.getMessage() + " (" + algorithm + ")");
-+ }
-+ }
-+
-+ public int doFinal(byte[] out, int outOff) {
-+ int i = NativeCrypto.EVP_DigestFinal(ctx, out, outOff);
-+ reset();
-+ return i;
++ this.evp_md = evp_md;
++ this.size = size;
++ this.blockSize = blockSize;
+ }
+
+ public String getAlgorithmName() {
@@ -2473,56 +598,94 @@
+ }
+
+ public int getDigestSize() {
-+ return NativeCrypto.EVP_MD_CTX_size(ctx);
++ return size;
+ }
+
+ public int getByteLength() {
-+ return NativeCrypto.EVP_MD_CTX_block_size(ctx);
++ return blockSize;
+ }
+
+ public void reset() {
-+ NativeCrypto.EVP_DigestInit(ctx, openssl);
++ free();
+ }
+
+ public void update(byte in) {
+ singleByte[0] = in;
-+ NativeCrypto.EVP_DigestUpdate(ctx, singleByte, 0, 1);
++ update(singleByte, 0, 1);
+ }
+
+ public void update(byte[] in, int inOff, int len) {
-+ NativeCrypto.EVP_DigestUpdate(ctx, in, inOff, len);
++ NativeCrypto.EVP_DigestUpdate(getCtx(), in, inOff, len);
++ }
++
++ public int doFinal(byte[] out, int outOff) {
++ int i = NativeCrypto.EVP_DigestFinal(getCtx(), out, outOff);
++ ctx = 0; // EVP_DigestFinal frees the context as a side effect
++ reset();
++ return i;
++ }
++
++ private int getCtx() {
++ if (ctx == 0) {
++ ctx = NativeCrypto.EVP_DigestInit(evp_md);
++ }
++ return ctx;
++ }
++
++ private void free() {
++ if (ctx != 0) {
++ NativeCrypto.EVP_MD_CTX_destroy(ctx);
++ ctx = 0;
++ }
+ }
+
+ @Override
+ protected void finalize() throws Throwable {
-+ super.finalize();
-+ NativeCrypto.EVP_MD_CTX_destroy(ctx);
-+ ctx = 0;
++ try {
++ free();
++ } finally {
++ super.finalize();
++ }
+ }
+
+ public static class MD5 extends OpenSSLDigest {
-+ public MD5() { super("MD5", "md5"); }
++ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("md5");
++ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++ public MD5() { super("MD5", EVP_MD, SIZE, BLOCK_SIZE); }
+ }
+
+ public static class SHA1 extends OpenSSLDigest {
-+ public SHA1() { super("SHA-1", "sha1"); }
++ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1");
++ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++ public SHA1() { super("SHA-1", EVP_MD, SIZE, BLOCK_SIZE); }
+ }
+
+ public static class SHA256 extends OpenSSLDigest {
-+ public SHA256() { super("SHA-256", "sha256"); }
++ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256");
++ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++ public SHA256() { super("SHA-256", EVP_MD, SIZE, BLOCK_SIZE); }
+ }
+
+ public static class SHA384 extends OpenSSLDigest {
-+ public SHA384() { super("SHA-384", "sha384"); }
++ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384");
++ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++ public SHA384() { super("SHA-384", EVP_MD, SIZE, BLOCK_SIZE); }
+ }
+
+ public static class SHA512 extends OpenSSLDigest {
-+ public SHA512() { super("SHA-512", "sha512"); }
++ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512");
++ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++ public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); }
+ }
+}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java 2011-09-08 21:28:49.000000000 +0000
@@ -313,4 +313,4 @@
out[outOff + 6] = (byte)x76;
out[outOff + 7] = (byte)(x76 >> 8);
@@ -2530,9 +693,62 @@
-}
+}
\ No newline at end of file
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java 2011-09-08 21:28:49.000000000 +0000
+@@ -3,10 +3,17 @@
+ import java.math.BigInteger;
+ import java.security.SecureRandom;
+
++// BEGIN android-added
++import java.util.logging.Logger;
++// END android-added
+ import org.bouncycastle.util.BigIntegers;
+
+ class DHParametersHelper
+ {
++ // BEGIN android-added
++ private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
++ // END android-added
++
+ private static final BigInteger ONE = BigInteger.valueOf(1);
+ private static final BigInteger TWO = BigInteger.valueOf(2);
+
+@@ -17,11 +24,19 @@
+ */
+ static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
+ {
++ // BEGIN android-added
++ logger.info("Generating safe primes. This may take a long time.");
++ long start = System.currentTimeMillis();
++ int tries = 0;
++ // END android-added
+ BigInteger p, q;
+ int qLength = size - 1;
+
+ for (;;)
+ {
++ // BEGIN android-added
++ tries++;
++ // END android-added
+ q = new BigInteger(qLength, 2, random);
+
+ // p <- 2q + 1
+@@ -32,6 +47,11 @@
+ break;
+ }
+ }
++ // BEGIN android-added
++ long end = System.currentTimeMillis();
++ long duration = end - start;
++ logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
++ // END android-added
+
+ return new BigInteger[] { p, q };
+ }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java 2011-09-08 21:28:49.000000000 +0000
@@ -32,23 +32,23 @@
{
blockLengths = new Hashtable();
@@ -2572,9 +788,9 @@
}
private static int getByteLength(
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java 2011-09-08 21:28:49.000000000 +0000
@@ -46,8 +46,10 @@
oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
@@ -2588,405 +804,235 @@
oidMap.put("MD5", PKCSObjectIdentifiers.md5);
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2011-09-01 17:21:06.000000000 +0000
-@@ -7,31 +7,39 @@
- import org.bouncycastle.asn1.DERInteger;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2011-09-08 21:28:49.000000000 +0000
+@@ -12,7 +12,9 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
--import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// BEGIN android-removed
-+// import org.bouncycastle.asn1.nist.NISTNamedCurves;
+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// END android-removed
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.DHParameter;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+@@ -20,7 +22,9 @@
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
--import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
--import org.bouncycastle.asn1.sec.SECNamedCurves;
+ import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
-+// import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
-+// import org.bouncycastle.asn1.sec.SECNamedCurves;
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DSAParameter;
--import org.bouncycastle.asn1.x9.X962NamedCurves;
--import org.bouncycastle.asn1.x9.X962Parameters;
--import org.bouncycastle.asn1.x9.X9ECParameters;
--import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.x9.X962NamedCurves;
-+// import org.bouncycastle.asn1.x9.X962Parameters;
-+// import org.bouncycastle.asn1.x9.X9ECParameters;
-+// import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
- import org.bouncycastle.crypto.params.DHParameters;
- import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
- import org.bouncycastle.crypto.params.DSAParameters;
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+@@ -34,8 +38,10 @@
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
--import org.bouncycastle.crypto.params.ECDomainParameters;
--import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.ECDomainParameters;
-+// import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+// import org.bouncycastle.crypto.params.ElGamalParameters;
+// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+// END android-removed
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
- import java.io.IOException;
-@@ -113,75 +121,77 @@
+ /**
+@@ -103,15 +109,17 @@
return new DHPrivateKeyParameters(derX.getValue(), dhParams);
}
- else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
- {
-- ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-- DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
--
-- return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG()));
-- }
-- else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
-- {
+- ElGamalParameter params = new ElGamalParameter(
+- (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
- DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-- DEREncodable de = keyInfo.getAlgorithmId().getParameters();
-
-- DSAParameters parameters = null;
-- if (de != null)
-- {
-- DSAParameter params = DSAParameter.getInstance(de.getDERObject());
-- parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
-- }
--
-- return new DSAPrivateKeyParameters(derX.getValue(), parameters);
-- }
-- else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-- {
-- X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-- ECDomainParameters dParams = null;
--
-- if (params.isNamedCurve())
-- {
-- DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-- X9ECParameters ecP = X962NamedCurves.getByOID(oid);
--
-- if (ecP == null)
-- {
-- ecP = SECNamedCurves.getByOID(oid);
--
-- if (ecP == null)
-- {
-- ecP = NISTNamedCurves.getByOID(oid);
--
-- if (ecP == null)
-- {
-- ecP = TeleTrusTNamedCurves.getByOID(oid);
-- }
-- }
-- }
--
-- dParams = new ECDomainParameters(
-- ecP.getCurve(),
-- ecP.getG(),
-- ecP.getN(),
-- ecP.getH(),
-- ecP.getSeed());
-- }
-- else
-- {
-- X9ECParameters ecP = new X9ECParameters(
-- (ASN1Sequence)params.getParameters());
-- dParams = new ECDomainParameters(
-- ecP.getCurve(),
-- ecP.getG(),
-- ecP.getN(),
-- ecP.getH(),
-- ecP.getSeed());
-- }
--
-- ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
--
-- return new ECPrivateKeyParameters(ec.getKey(), dParams);
+- return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+- params.getP(), params.getG()));
- }
+ // BEGIN android-removed
+ // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+ // {
-+ // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-+ // DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-+ //
-+ // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG()));
-+ // }
-+ // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
-+ // {
++ // ElGamalParameter params = new ElGamalParameter(
++ // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+ // DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-+ // DEREncodable de = keyInfo.getAlgorithmId().getParameters();
+ //
-+ // DSAParameters parameters = null;
-+ // if (de != null)
-+ // {
-+ // DSAParameter params = DSAParameter.getInstance(de.getDERObject());
-+ // parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
-+ // }
-+ //
-+ // return new DSAPrivateKeyParameters(derX.getValue(), parameters);
-+ // }
-+ // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-+ // {
-+ // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-+ // ECDomainParameters dParams = null;
-+ //
-+ // if (params.isNamedCurve())
-+ // {
-+ // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-+ // X9ECParameters ecP = X962NamedCurves.getByOID(oid);
-+ //
-+ // if (ecP == null)
-+ // {
-+ // ecP = SECNamedCurves.getByOID(oid);
-+ //
-+ // if (ecP == null)
-+ // {
-+ // ecP = NISTNamedCurves.getByOID(oid);
-+ //
-+ // if (ecP == null)
-+ // {
-+ // ecP = TeleTrusTNamedCurves.getByOID(oid);
-+ // }
-+ // }
-+ // }
-+ //
-+ // dParams = new ECDomainParameters(
-+ // ecP.getCurve(),
-+ // ecP.getG(),
-+ // ecP.getN(),
-+ // ecP.getH(),
-+ // ecP.getSeed());
-+ // }
-+ // else
-+ // {
-+ // X9ECParameters ecP = new X9ECParameters(
-+ // (ASN1Sequence)params.getParameters());
-+ // dParams = new ECDomainParameters(
-+ // ecP.getCurve(),
-+ // ecP.getG(),
-+ // ecP.getN(),
-+ // ecP.getH(),
-+ // ecP.getSeed());
-+ // }
-+ //
-+ // ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
-+ //
-+ // return new ECPrivateKeyParameters(ec.getKey(), dParams);
++ // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
++ // params.getP(), params.getG()));
+ // }
+ // END android-removed
- else
+ else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
{
- throw new RuntimeException("algorithm identifier in key not recognised");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java 2011-09-01 17:21:06.000000000 +0000
-@@ -10,32 +10,40 @@
- import org.bouncycastle.asn1.DERObject;
+ DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
+@@ -145,10 +153,12 @@
+ {
+ ecP = NISTNamedCurves.getByOID(oid);
+
+- if (ecP == null)
+- {
+- ecP = TeleTrusTNamedCurves.getByOID(oid);
+- }
++ // BEGIN android-removed
++ // if (ecP == null)
++ // {
++ // ecP = TeleTrusTNamedCurves.getByOID(oid);
++ // }
++ // END android-removed
+ }
+ }
+
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java 2011-09-08 21:28:49.000000000 +0000
+@@ -15,12 +15,16 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
--import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// BEGIN android-removed
-+// import org.bouncycastle.asn1.nist.NISTNamedCurves;
+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// END android-removed
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.DHParameter;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
--import org.bouncycastle.asn1.sec.SECNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
-+// import org.bouncycastle.asn1.sec.SECNamedCurves;
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DSAParameter;
import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
- import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
- import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
--import org.bouncycastle.asn1.x9.X962NamedCurves;
--import org.bouncycastle.asn1.x9.X962Parameters;
--import org.bouncycastle.asn1.x9.X9ECParameters;
--import org.bouncycastle.asn1.x9.X9ECPoint;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.x9.X962NamedCurves;
-+// import org.bouncycastle.asn1.x9.X962Parameters;
-+// import org.bouncycastle.asn1.x9.X9ECParameters;
-+// import org.bouncycastle.asn1.x9.X9ECPoint;
-+// END android-removed
- import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
- import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
- import org.bouncycastle.crypto.params.DHParameters;
- import org.bouncycastle.crypto.params.DHPublicKeyParameters;
- import org.bouncycastle.crypto.params.DSAParameters;
+@@ -42,8 +46,10 @@
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
--import org.bouncycastle.crypto.params.ECDomainParameters;
--import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.ECDomainParameters;
-+// import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+// import org.bouncycastle.crypto.params.ElGamalParameters;
+// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+// END android-removed
import org.bouncycastle.crypto.params.RSAKeyParameters;
- import java.io.IOException;
-@@ -112,13 +120,15 @@
+ /**
+@@ -139,15 +145,17 @@
return new DHPublicKeyParameters(derY.getValue(), dhParams);
}
- else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
- {
-- ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-- DERInteger derY = (DERInteger)keyInfo.getPublicKey();
+- ElGamalParameter params = new ElGamalParameter(
+- (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+- DERInteger derY = (DERInteger)keyInfo.getPublicKey();
-
-- return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG()));
+- return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+- params.getP(), params.getG()));
- }
+ // BEGIN android-removed
+ // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+ // {
-+ // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-+ // DERInteger derY = (DERInteger)keyInfo.getPublicKey();
++ // ElGamalParameter params = new ElGamalParameter(
++ // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
++ // DERInteger derY = (DERInteger)keyInfo.getPublicKey();
+ //
-+ // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG()));
++ // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
++ // params.getP(), params.getG()));
+ // }
+ // END android-removed
else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)
- || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
+ || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
{
-@@ -134,58 +144,60 @@
+@@ -182,10 +190,12 @@
+ {
+ ecP = NISTNamedCurves.getByOID(oid);
- return new DSAPublicKeyParameters(derY.getValue(), parameters);
- }
-- else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-- {
-- X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-- ECDomainParameters dParams = null;
--
-- if (params.isNamedCurve())
-- {
-- DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-- X9ECParameters ecP = X962NamedCurves.getByOID(oid);
--
-- if (ecP == null)
-- {
-- ecP = SECNamedCurves.getByOID(oid);
--
-- if (ecP == null)
-- {
-- ecP = NISTNamedCurves.getByOID(oid);
--
- if (ecP == null)
- {
- ecP = TeleTrusTNamedCurves.getByOID(oid);
- }
-- }
-- }
--
-- dParams = new ECDomainParameters(
-- ecP.getCurve(),
-- ecP.getG(),
-- ecP.getN(),
-- ecP.getH(),
-- ecP.getSeed());
-- }
-- else
++ // BEGIN android-removed
++ // if (ecP == null)
++ // {
++ // ecP = TeleTrusTNamedCurves.getByOID(oid);
++ // }
++ // END android-removed
+ }
+ }
+
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java 2011-09-08 21:28:49.000000000 +0000
+@@ -3,7 +3,9 @@
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+ import org.bouncycastle.asn1.x9.X9ECParameters;
+ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+@@ -55,21 +57,23 @@
+ }
+ }
+
+- if (ecP == null)
+- {
+- ecP = TeleTrusTNamedCurves.getByName(name);
+- if (ecP == null)
- {
-- X9ECParameters ecP = new X9ECParameters(
-- (ASN1Sequence)params.getParameters());
-- dParams = new ECDomainParameters(
-- ecP.getCurve(),
-- ecP.getG(),
-- ecP.getN(),
-- ecP.getH(),
-- ecP.getSeed());
+- try
+- {
+- ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name));
+- }
+- catch (IllegalArgumentException e)
+- {
+- // ignore - not an oid
+- }
- }
--
-- DERBitString bits = keyInfo.getPublicKeyData();
-- byte[] data = bits.getBytes();
-- ASN1OctetString key = new DEROctetString(data);
--
-- X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
--
-- return new ECPublicKeyParameters(derQ.getPoint(), dParams);
- }
+ // BEGIN android-removed
-+ // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
++ // if (ecP == null)
+ // {
-+ // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-+ // ECDomainParameters dParams = null;
-+ //
-+ // if (params.isNamedCurve())
++ // ecP = TeleTrusTNamedCurves.getByName(name);
++ // if (ecP == null)
+ // {
-+ // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-+ // X9ECParameters ecP = X962NamedCurves.getByOID(oid);
-+ //
-+ // if (ecP == null)
++ // try
+ // {
-+ // ecP = SECNamedCurves.getByOID(oid);
-+ //
-+ // if (ecP == null)
-+ // {
-+ // ecP = NISTNamedCurves.getByOID(oid);
-+ //
-+ // if (ecP == null)
-+ // {
-+ // ecP = TeleTrusTNamedCurves.getByOID(oid);
-+ // }
-+ // }
++ // ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name));
+ // }
-+ //
-+ // dParams = new ECDomainParameters(
-+ // ecP.getCurve(),
-+ // ecP.getG(),
-+ // ecP.getN(),
-+ // ecP.getH(),
-+ // ecP.getSeed());
++ // catch (IllegalArgumentException e)
++ // {
++ // // ignore - not an oid
++ // }
+ // }
-+ // else
-+ // {
-+ // X9ECParameters ecP = new X9ECParameters(
-+ // (ASN1Sequence)params.getParameters());
-+ // dParams = new ECDomainParameters(
-+ // ecP.getCurve(),
-+ // ecP.getG(),
-+ // ecP.getN(),
-+ // ecP.getH(),
-+ // ecP.getSeed());
-+ // }
-+ //
-+ // DERBitString bits = keyInfo.getPublicKeyData();
-+ // byte[] data = bits.getBytes();
-+ // ASN1OctetString key = new DEROctetString(data);
-+ //
-+ // X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
-+ //
-+ // return new ECPublicKeyParameters(derQ.getPoint(), dParams);
+ // }
+ // END android-removed
- else
+
+ if (ecP == null)
{
- throw new RuntimeException("algorithm identifier in key not recognised");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java 2011-09-01 17:21:06.000000000 +0000
-@@ -78,8 +78,11 @@
+@@ -102,7 +106,9 @@
+ addEnumeration(v, X962NamedCurves.getNames());
+ addEnumeration(v, SECNamedCurves.getNames());
+ addEnumeration(v, NISTNamedCurves.getNames());
+- addEnumeration(v, TeleTrusTNamedCurves.getNames());
++ // BEGIN android-removed
++ // addEnumeration(v, TeleTrusTNamedCurves.getNames());
++ // END android-removed
+
+ return v.elements();
+ }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java 2011-09-08 21:28:49.000000000 +0000
+@@ -80,15 +80,20 @@
static
{
@@ -3000,8 +1046,91 @@
algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-@@ -129,7 +132,10 @@
- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+ algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+ algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+- algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+- algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++ // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++ // END android-removed
+ algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+ algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+ algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+@@ -96,57 +101,78 @@
+ algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+ algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+ algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+- algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++ // END android-removed
+ algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++ // BEGIN android-removed
++ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++ // END android-removed
+ algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
+ algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
+- algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++ // END android-removed
+ algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+ algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+ algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
+ algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
+- algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // END android-removed
+ algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
+ algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
+ algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
+ algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
+- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+- algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // BEGIN android-removed
++ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++ // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // END android-removed
+
+ //
+ // reverse mappings
+ //
+ oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
+- oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
++ // BEGIN android-removed
++ // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
++ // END android-removed
+ oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
+ oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
+ oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
+- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
+- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
++ // BEGIN android-removed
++ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
++ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
++ // END android-removed
oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
- oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
@@ -3011,8 +1140,49 @@
+ // END android-removed
oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
- oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
-@@ -168,19 +174,29 @@
+- oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
++ // BEGIN android-removed
++ // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
++ // END android-removed
+ oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
+ oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
+ oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
+ oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
+ oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
+- oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
++ // BEGIN android-removed
++ // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
++ // END android-removed
+ oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
+
+ //
+@@ -160,35 +186,53 @@
+ // The parameters field SHALL be NULL for RSA based signature algorithms.
+ //
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
+- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // BEGIN android-removed
++ // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // END android-removed
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
+ noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
+- noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++ // BEGIN android-removed
++ // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++ // END android-removed
+ noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
+
+ //
+ // RFC 4491
+ //
+- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // BEGIN android-removed
++ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // END android-removed
//
// explicit params
//
@@ -3023,12 +1193,16 @@
params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-+ // BEGIN android-changed
-+ AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-+ // END android-changed
- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
+- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+-
- AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
++ // BEGIN android-removed
++ // // BEGIN android-changed
++ // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
++ // // END android-changed
++ // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
++ // END android-removed
++
+ // BEGIN android-changed
+ AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
+ // END android-changed
@@ -3047,35 +1221,97 @@
params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2011-09-01 17:21:06.000000000 +0000
-@@ -53,7 +53,12 @@
+@@ -594,10 +638,12 @@
+ {
+ return "SHA1";
+ }
+- else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+- {
+- return "SHA224";
+- }
++ // BEGIN android-removed
++ // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
++ // {
++ // return "SHA224";
++ // }
++ // END android-removed
+ else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
+ {
+ return "SHA256";
+@@ -610,22 +656,24 @@
+ {
+ return "SHA512";
+ }
+- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+- {
+- return "RIPEMD128";
+- }
+- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+- {
+- return "RIPEMD160";
+- }
+- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+- {
+- return "RIPEMD256";
+- }
+- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+- {
+- return "GOST3411";
+- }
++ // BEGIN android-removed
++ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
++ // {
++ // return "RIPEMD128";
++ // }
++ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
++ // {
++ // return "RIPEMD160";
++ // }
++ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
++ // {
++ // return "RIPEMD256";
++ // }
++ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
++ // {
++ // return "GOST3411";
++ // }
++ // END android-removed
+ else
+ {
+ return digestAlgOID.getId();
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2011-09-08 21:28:49.000000000 +0000
+@@ -45,7 +45,10 @@
+ {
+ private static String info = "BouncyCastle Security Provider v1.46";
+
+- public static String PROVIDER_NAME = "BC";
++ // BEGIN android-changed
++ // this constant should be final
++ public static final String PROVIDER_NAME = "BC";
++ // END android-changed
+
+ /*
+ * Configurable symmetric ciphers
+@@ -53,8 +56,14 @@
private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.symmetric.";
private static final String[] SYMMETRIC_CIPHERS =
{
-- "AES", "Camellia", "CAST5", "Grainv1", "Grain128", "IDEA", "Noekeon", "SEED"
+- "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
+- "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
+ // BEGIN android-removed
-+ // "AES", "Camellia", "CAST5", "Grainv1", "Grain128", "IDEA", "Noekeon", "SEED"
++ // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
++ // "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
+ // END android-removed
+ // BEGIN android-added
-+ "AES",
++ "AES", "ARC4", "Blowfish", "DESede",
+ // END android-added
++
};
/*
-@@ -62,7 +67,9 @@
- private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.asymmetric.";
- private static final String[] ASYMMETRIC_CIPHERS =
- {
-- "EC"
-+ // BEGIN android-removed
-+ // "EC"
-+ // END android-removed
- };
-
- /**
-@@ -89,26 +96,28 @@
+@@ -90,26 +99,28 @@
loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS);
loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS);
@@ -3124,7 +1360,7 @@
//
-@@ -117,14 +126,24 @@
+@@ -118,14 +129,24 @@
put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore");
put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore");
put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
@@ -3157,7 +1393,7 @@
put("Alg.Alias.KeyStore.UBER", "BouncyCastle");
put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
-@@ -141,44 +160,63 @@
+@@ -142,44 +163,63 @@
//
put("AlgorithmParameterGenerator.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DH");
put("AlgorithmParameterGenerator.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DSA");
@@ -3245,7 +1481,7 @@
put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE");
put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE");
put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE");
-@@ -192,7 +230,7 @@
+@@ -193,7 +233,7 @@
put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE");
put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE");
put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE");
@@ -3254,7 +1490,7 @@
put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE");
put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
-@@ -202,22 +240,24 @@
+@@ -203,22 +243,24 @@
put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
@@ -3295,7 +1531,7 @@
put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE");
put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE");
-@@ -234,12 +274,14 @@
+@@ -235,12 +277,14 @@
put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE");
put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE");
put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE");
@@ -3316,95 +1552,38 @@
//
// key agreement
-@@ -252,97 +294,129 @@
+@@ -252,71 +296,91 @@
+ // cipher engines
//
put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES");
- put("Cipher.DESEDE", "org.bouncycastle.jce.provider.JCEBlockCipher$DESede");
-- put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESedeCBC");
- put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
-+ // BEGIN android-removed
-+ // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESedeCBC");
-+ // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
-+ // END android-removed
- put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap");
-- put("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap");
-- put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack");
-+ // BEGIN android-changed
-+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
-+ // END android-changed
-+ // BEGIN android-removed
-+ // put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack");
-+ // END android-removed
- put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Blowfish");
-- put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$BlowfishCBC");
-- put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish");
+-
- put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2");
- put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
- put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
+-
+- put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
+ // BEGIN android-removed
-+ // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$BlowfishCBC");
-+ // put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish");
++ // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
++ //
+ // put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2");
+ // put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
+ // put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
-+ // END android-removed
- put("Cipher.ARC4", "org.bouncycastle.jce.provider.JCEStreamCipher$RC4");
- put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4");
- put("Alg.Alias.Cipher.ARCFOUR", "ARC4");
- put("Alg.Alias.Cipher.RC4", "ARC4");
-- put("Cipher.SALSA20", "org.bouncycastle.jce.provider.JCEStreamCipher$Salsa20");
-- put("Cipher.HC128", "org.bouncycastle.jce.provider.JCEStreamCipher$HC128");
-- put("Cipher.HC256", "org.bouncycastle.jce.provider.JCEStreamCipher$HC256");
-- put("Cipher.VMPC", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPC");
-- put("Cipher.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPCKSA3");
-- put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5");
-- put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
-- put("Alg.Alias.Cipher.RC5-32", "RC5");
-- put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564");
-- put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6");
-- put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael");
-- put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RFC3211DESedeWrap");
-- put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent");
--
--
-- put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6");
-+ // BEGIN android-removed
-+ // put("Cipher.SALSA20", "org.bouncycastle.jce.provider.JCEStreamCipher$Salsa20");
-+ // put("Cipher.HC128", "org.bouncycastle.jce.provider.JCEStreamCipher$HC128");
-+ // put("Cipher.HC256", "org.bouncycastle.jce.provider.JCEStreamCipher$HC256");
-+ // put("Cipher.VMPC", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPC");
-+ // put("Cipher.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPCKSA3");
-+ // put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5");
++ //
+ // put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
-+ // put("Alg.Alias.Cipher.RC5-32", "RC5");
-+ // put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564");
-+ // put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6");
-+ // put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael");
-+ // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RFC3211DESedeWrap");
-+ // put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent");
+ // END android-removed
-+
-+
-+ // BEGIN android-removed
-+ // put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6");
-+ // END android-removed
+
put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
- put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147");
- put("Alg.Alias.Cipher.GOST", "GOST28147");
- put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
- put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc");
--
-- put("Cipher.TEA", "org.bouncycastle.jce.provider.JCEBlockCipher$TEA");
-- put("Cipher.XTEA", "org.bouncycastle.jce.provider.JCEBlockCipher$XTEA");
+ // BEGIN android-removed
+ // put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147");
+ // put("Alg.Alias.Cipher.GOST", "GOST28147");
+ // put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
+ // put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc");
-+ //
-+ // put("Cipher.TEA", "org.bouncycastle.jce.provider.JCEBlockCipher$TEA");
-+ // put("Cipher.XTEA", "org.bouncycastle.jce.provider.JCEBlockCipher$XTEA");
+ // END android-removed
put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding");
@@ -3436,9 +1615,7 @@
+ // put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
+ // put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
+ // put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding");
-+ // END android-removed
-+
-+ // BEGIN android-removed
++ //
+ // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES");
+ // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES");
+ // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
@@ -3460,9 +1637,7 @@
+ // put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
+ // put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
+ // put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-+ // END android-removed
-+
-+ // BEGIN android-removed
++ //
+ // put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1");
+ // put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1");
+ // put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL");
@@ -3503,16 +1678,18 @@
- put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "Cipher.PBEWITHSHAAND40BITRC2-CBC");
- put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "Cipher.PBEWITHSHAAND128BITRC4");
- put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "Cipher.PBEWITHSHAAND40BITRC4");
++ // BEGIN android-changed
+ put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
+ put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
+ put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC");
+ put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC");
+ put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4");
+ put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4");
++ // END android-changed
put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
-@@ -350,7 +424,7 @@
+@@ -324,7 +388,7 @@
put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC");
put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC");
put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
@@ -3521,86 +1698,37 @@
put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-@@ -372,7 +446,9 @@
+@@ -346,10 +410,12 @@
put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish");
- put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+-
+- put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+- put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+ // BEGIN android-removed
+ // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
++ //
++ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
++ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+ // END android-removed
-
- put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4");
- put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4");
-@@ -387,38 +463,49 @@
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+@@ -368,13 +434,15 @@
put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES");
put("Alg.Alias.KeyGenerator." + OIWObjectIdentifiers.desCBC, "DES");
- put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
-- put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3");
-- put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
-- put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack");
-+ // BEGIN android-removed
-+ // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3");
-+ // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
-+ // put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack");
-+ // END android-removed
- put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Blowfish");
- put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
-- put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish");
+
- put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
- put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-+ // BEGIN android-removed
-+ // put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish");
-+ // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-+ // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-+ // END android-removed
- put("KeyGenerator.RC4", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC4");
- put("Alg.Alias.KeyGenerator.ARC4", "RC4");
-- put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4");
-- put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5");
-- put("Alg.Alias.KeyGenerator.RC5-32", "RC5");
-- put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564");
-- put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6");
-- put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael");
--
-- put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent");
-- put("KeyGenerator.SALSA20", "org.bouncycastle.jce.provider.JCEKeyGenerator$Salsa20");
-- put("KeyGenerator.HC128", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC128");
-- put("KeyGenerator.HC256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC256");
-- put("KeyGenerator.VMPC", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPC");
-- put("KeyGenerator.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPCKSA3");
--
-- put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6");
-- put("KeyGenerator.TEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$TEA");
-- put("KeyGenerator.XTEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$XTEA");
-
- put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147");
- put("Alg.Alias.KeyGenerator.GOST", "GOST28147");
- put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147");
- put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147");
-+ // BEGIN android-added
-+ put("Alg.Alias.KeyGenerator.ARCFOUR", "RC4");
-+ // END android-added
+ // BEGIN android-removed
-+ // put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4");
-+ // put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5");
-+ // put("Alg.Alias.KeyGenerator.RC5-32", "RC5");
-+ // put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564");
-+ // put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6");
-+ // put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael");
-+ //
-+ // put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent");
-+ // put("KeyGenerator.SALSA20", "org.bouncycastle.jce.provider.JCEKeyGenerator$Salsa20");
-+ // put("KeyGenerator.HC128", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC128");
-+ // put("KeyGenerator.HC256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC256");
-+ // put("KeyGenerator.VMPC", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPC");
-+ // put("KeyGenerator.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPCKSA3");
-+ // END android-removed
-+
-+ // BEGIN android-removed
-+ // put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6");
-+ // put("KeyGenerator.TEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$TEA");
-+ // put("KeyGenerator.XTEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$XTEA");
++ // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
++ // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
+ //
+ // put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147");
+ // put("Alg.Alias.KeyGenerator.GOST", "GOST28147");
@@ -3610,7 +1738,7 @@
//
// key pair generators.
-@@ -426,14 +513,18 @@
+@@ -382,14 +450,18 @@
put("KeyPairGenerator.RSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$RSA");
put("KeyPairGenerator.DH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DH");
put("KeyPairGenerator.DSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DSA");
@@ -3633,7 +1761,7 @@
//
// key factories
-@@ -441,20 +532,24 @@
+@@ -397,20 +469,24 @@
put("KeyFactory.RSA", "org.bouncycastle.jce.provider.JDKKeyFactory$RSA");
put("KeyFactory.DH", "org.bouncycastle.jce.provider.JDKKeyFactory$DH");
put("KeyFactory.DSA", "org.bouncycastle.jce.provider.JDKKeyFactory$DSA");
@@ -3666,51 +1794,50 @@
//
// Algorithm parameters
-@@ -462,16 +557,22 @@
+@@ -418,24 +494,34 @@
put("AlgorithmParameters.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
put("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES");
put("AlgorithmParameters.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- put("AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
- put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
-- put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-- put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
+ // BEGIN android-changed
+ put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
+ // END android-changed
+ // BEGIN android-removed
+ // put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
+ // put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
-+ // put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+ // put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
+ // END android-removed
- put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
-- put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-- put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-- put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+ // BEGIN android-removed
-+ // put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+ // put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+ // put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+ // END android-removed
-
//
-@@ -479,8 +580,10 @@
+ // secret key factories.
//
put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES");
- put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DESede");
- put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
-- put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
+-
+- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+- put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+ // BEGIN android-removed
+ // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
++ // END android-removed
++
++ // BEGIN android-removed
++ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
++ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
++ // END android-removed
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
+
+- put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
++ // BEGIN android-removed
+ // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
+ // END android-removed
put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES");
put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2");
put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES");
-@@ -492,31 +595,41 @@
+@@ -447,31 +533,41 @@
put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2");
put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2");
put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish");
@@ -3767,7 +1894,7 @@
put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
-@@ -553,6 +666,10 @@
+@@ -508,6 +604,10 @@
put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC");
put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC");
put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
@@ -3778,7 +1905,7 @@
addMacAlgorithms();
-@@ -561,16 +678,23 @@
+@@ -516,16 +616,23 @@
addSignatureAlgorithms();
// Certification Path API
@@ -3809,7 +1936,7 @@
}
private void loadAlgorithms(String packageName, String[] names)
-@@ -631,68 +755,72 @@
+@@ -586,42 +693,46 @@
//
private void addMacAlgorithms()
{
@@ -3818,49 +1945,23 @@
- put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8");
- put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-
-- put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.JCEMac$DESede");
-- put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-- put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESedeCFB8");
-- put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
--
- put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
- put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
--
-- put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.JCEMac$DESede64");
-- put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
--
-- put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DESede64with7816d4");
-- put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-- put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-- put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-
- put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
- put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
- put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
- put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
-
-- put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack");
-- put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC");
-- put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8");
-- put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8");
--
- put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2");
- put("Alg.Alias.Mac.RC2", "RC2MAC");
- put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8");
- put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
-
-- put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5");
-- put("Alg.Alias.Mac.RC5", "RC5MAC");
-- put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8");
-- put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8");
-
- put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147");
- put("Alg.Alias.Mac.GOST28147", "GOST28147MAC");
-
-- put("Mac.VMPCMAC", "org.bouncycastle.jce.provider.JCEMac$VMPC");
-- put("Alg.Alias.Mac.VMPC", "VMPCMAC");
-- put("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC");
--
- put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
-
- put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
@@ -3873,49 +1974,23 @@
+ // put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8");
+ // put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
+ //
-+ // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.JCEMac$DESede");
-+ // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-+ // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESedeCFB8");
-+ // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
-+ //
+ // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
+ // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
+ //
-+ // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.JCEMac$DESede64");
-+ // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
-+ //
-+ // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DESede64with7816d4");
-+ // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+ // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+ // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+ //
+ // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
+ // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
+ // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
+ // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+ //
-+ // put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack");
-+ // put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC");
-+ // put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8");
-+ // put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8");
-+ //
+ // put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2");
+ // put("Alg.Alias.Mac.RC2", "RC2MAC");
+ // put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8");
+ // put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
+ //
-+ // put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5");
-+ // put("Alg.Alias.Mac.RC5", "RC5MAC");
-+ // put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8");
-+ // put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8");
+ //
+ // put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147");
+ // put("Alg.Alias.Mac.GOST28147", "GOST28147MAC");
+ //
-+ // put("Mac.VMPCMAC", "org.bouncycastle.jce.provider.JCEMac$VMPC");
-+ // put("Alg.Alias.Mac.VMPC", "VMPCMAC");
-+ // put("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC");
-+ //
+ // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
+ //
+ // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
@@ -3938,7 +2013,7 @@
addHMACAlgorithm("SHA256", "org.bouncycastle.jce.provider.JCEMac$SHA256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA256");
addHMACAlias("SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256);
addHMACAlgorithm("SHA384", "org.bouncycastle.jce.provider.JCEMac$SHA384", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA384");
-@@ -700,16 +828,20 @@
+@@ -629,16 +740,20 @@
addHMACAlgorithm("SHA512", "org.bouncycastle.jce.provider.JCEMac$SHA512", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA512");
addHMACAlias("SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
@@ -3966,7 +2041,7 @@
put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA");
}
-@@ -747,9 +879,11 @@
+@@ -676,9 +791,11 @@
put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
put("Alg.Alias.MessageDigest.SHA", "SHA-1");
put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1");
@@ -3981,7 +2056,7 @@
put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256");
put("Alg.Alias.MessageDigest.SHA256", "SHA-256");
put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
-@@ -760,27 +894,31 @@
+@@ -689,27 +806,31 @@
put("Alg.Alias.MessageDigest.SHA512", "SHA-512");
put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
@@ -4032,7 +2107,7 @@
}
//
-@@ -788,55 +926,70 @@
+@@ -717,55 +838,70 @@
//
private void addSignatureAlgorithms()
{
@@ -4141,7 +2216,7 @@
put("Alg.Alias.Signature.SHA256withRSAEncryption", "SHA256WithRSAEncryption");
put("Alg.Alias.Signature.SHA384withRSAEncryption", "SHA384WithRSAEncryption");
-@@ -850,24 +1003,30 @@
+@@ -779,24 +915,30 @@
put("Alg.Alias.Signature.SHA384WITHRSAENCRYPTION", "SHA384WithRSAEncryption");
put("Alg.Alias.Signature.SHA512WITHRSAENCRYPTION", "SHA512WithRSAEncryption");
@@ -4184,7 +2259,7 @@
put("Alg.Alias.Signature.SHA256WithRSA", "SHA256WithRSAEncryption");
put("Alg.Alias.Signature.SHA256withRSA", "SHA256WithRSAEncryption");
put("Alg.Alias.Signature.SHA384WithRSA", "SHA384WithRSAEncryption");
-@@ -877,92 +1036,110 @@
+@@ -806,92 +948,110 @@
put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSAEncryption");
put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSAEncryption");
put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WithRSAEncryption");
@@ -4277,6 +2352,26 @@
- put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410");
- put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410");
- put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410");
+- }
+-
+- private void addSignatureAlgorithm(
+- String digest,
+- String algorithm,
+- String className,
+- DERObjectIdentifier oid)
+- {
+- String mainName = digest + "WITH" + algorithm;
+- String jdk11Variation1 = digest + "with" + algorithm;
+- String jdk11Variation2 = digest + "With" + algorithm;
+- String alias = digest + "/" + algorithm;
+-
+- put("Signature." + mainName, className);
+- put("Alg.Alias.Signature." + jdk11Variation1, mainName);
+- put("Alg.Alias.Signature." + jdk11Variation2, mainName);
+- put("Alg.Alias.Signature." + alias, mainName);
+- put("Alg.Alias.Signature." + oid, mainName);
+- put("Alg.Alias.Signature.OID." + oid, mainName);
+- }
+ // BEGIN android-removed
+ // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption");
+ // put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption");
@@ -4323,26 +2418,8 @@
+ // put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410");
+ // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410");
+ // END android-removed
- }
-
-- private void addSignatureAlgorithm(
-- String digest,
-- String algorithm,
-- String className,
-- DERObjectIdentifier oid)
-- {
-- String mainName = digest + "WITH" + algorithm;
-- String jdk11Variation1 = digest + "with" + algorithm;
-- String jdk11Variation2 = digest + "With" + algorithm;
-- String alias = digest + "/" + algorithm;
--
-- put("Signature." + mainName, className);
-- put("Alg.Alias.Signature." + jdk11Variation1, mainName);
-- put("Alg.Alias.Signature." + jdk11Variation2, mainName);
-- put("Alg.Alias.Signature." + alias, mainName);
-- put("Alg.Alias.Signature." + oid, mainName);
-- put("Alg.Alias.Signature.OID." + oid, mainName);
-- }
++ }
++
+ // BEGIN android-removed
+ // private void addSignatureAlgorithm(
+ // String digest,
@@ -4366,9 +2443,9 @@
public void setParameter(String parameterName, Object parameter)
{
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2011-09-08 21:28:49.000000000 +0000
@@ -24,6 +24,7 @@
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
@@ -4377,18 +2454,7 @@
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
-@@ -35,6 +36,10 @@
-
- import javax.security.auth.x500.X500Principal;
-
-+// BEGIN android-added
-+import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-+
-+// END android-added
- import org.bouncycastle.asn1.ASN1InputStream;
- import org.bouncycastle.asn1.ASN1Object;
- import org.bouncycastle.asn1.ASN1OctetString;
-@@ -59,13 +64,17 @@
+@@ -59,13 +60,17 @@
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
@@ -4408,161 +2474,7 @@
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CRLStoreSelector;
import org.bouncycastle.x509.X509CertStoreSelector;
-@@ -110,29 +119,32 @@
- "privilegeWithdrawn",
- "aACompromise" };
-
-- /**
-- * Search the given Set of TrustAnchor's for one that is the
-- * issuer of the given X509 certificate. Uses the default provider
-- * for signature verification.
-- *
-- * @param cert the X509 certificate
-- * @param trustAnchors a Set of TrustAnchor's
-- *
-- * @return the <code>TrustAnchor</code> object if found or
-- * <code>null</code> if not.
-- *
-- * @exception AnnotatedException
-- * if a TrustAnchor was found but the signature verification
-- * on the given certificate has thrown an exception.
-- */
-- protected static TrustAnchor findTrustAnchor(
-- X509Certificate cert,
-- Set trustAnchors)
-- throws AnnotatedException
-- {
-- return findTrustAnchor(cert, trustAnchors, null);
-- }
-+ // BEGIN android-removed
-+ // /**
-+ // * Search the given Set of TrustAnchor's for one that is the
-+ // * issuer of the given X509 certificate. Uses the default provider
-+ // * for signature verification.
-+ // *
-+ // * @param cert the X509 certificate
-+ // * @param trustAnchors a Set of TrustAnchor's
-+ // *
-+ // * @return the <code>TrustAnchor</code> object if found or
-+ // * <code>null</code> if not.
-+ // *
-+ // * @exception AnnotatedException
-+ // * if a TrustAnchor was found but the signature verification
-+ // * on the given certificate has thrown an exception.
-+ // */
-+ // protected static TrustAnchor findTrustAnchor(
-+ // X509Certificate cert,
-+ // Set trustAnchors)
-+ // throws AnnotatedException
-+ // {
-+ // return findTrustAnchor(cert, trustAnchors, null);
-+ // }
-+ // END android-removed
-
-+ // BEGIN android-changed
- /**
- * Search the given Set of TrustAnchor's for one that is the
- * issuer of the given X509 certificate. Uses the specified
-@@ -140,8 +152,7 @@
- * if null.
- *
- * @param cert the X509 certificate
-- * @param trustAnchors a Set of TrustAnchor's
-- * @param sigProvider the provider to use for signature verification
-+ * @param params used to find the trust anchors and signature provider
- *
- * @return the <code>TrustAnchor</code> object if found or
- * <code>null</code> if not.
-@@ -152,10 +163,21 @@
- */
- protected static TrustAnchor findTrustAnchor(
- X509Certificate cert,
-- Set trustAnchors,
-- String sigProvider)
-+ PKIXParameters params)
- throws AnnotatedException
-+ // END android-changed
- {
-+ // BEGIN android-changed
-+ // If we have a trust anchor index, use it.
-+ if (params instanceof IndexedPKIXParameters) {
-+ try {
-+ IndexedPKIXParameters indexed = (IndexedPKIXParameters) params;
-+ return indexed.findTrustAnchor(cert);
-+ } catch (CertPathValidatorException e) {
-+ throw new AnnotatedException(e.getMessage(), e);
-+ }
-+ }
-+ // END android-changed
- TrustAnchor trust = null;
- PublicKey trustPublicKey = null;
- Exception invalidKeyEx = null;
-@@ -172,21 +194,49 @@
- throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
- }
-
-- Iterator iter = trustAnchors.iterator();
-+ // BEGIN android-changed
-+ Iterator iter = params.getTrustAnchors().iterator();
-+ // END android-changed
-+ // BEGIN android-added
-+ byte[] certBytes = null;
-+ try {
-+ certBytes = cert.getEncoded();
-+ } catch (Exception e) {
-+ // ignore, just continue
-+ }
-+ // END android-added
- while (iter.hasNext() && trust == null)
- {
- trust = (TrustAnchor) iter.next();
-- if (trust.getTrustedCert() != null)
-+ // BEGIN android-changed
-+ X509Certificate trustCert = trust.getTrustedCert();
-+ // END android-changed
-+ // BEGIN android-added
-+ // If the trust anchor is identical to the certificate we're
-+ // done. Just return the anchor.
-+ // There is similar code in PKIXCertPathValidatorSpi.
-+ try {
-+ byte[] trustBytes = trustCert.getEncoded();
-+ if (certBytes != null && Arrays.equals(trustBytes, certBytes)) {
-+ return trust;
-+ }
-+ } catch (Exception e) {
-+ // ignore, continue and verify the certificate
-+ }
-+ // END android-added
-+ // BEGIN android-changed
-+ if (trustCert != null)
- {
-- if (certSelectX509.match(trust.getTrustedCert()))
-+ if (certSelectX509.match(trustCert))
- {
-- trustPublicKey = trust.getTrustedCert().getPublicKey();
-+ trustPublicKey = trustCert.getPublicKey();
- }
- else
- {
- trust = null;
- }
- }
-+ // END android-changed
- else if (trust.getCAName() != null
- && trust.getCAPublicKey() != null)
- {
-@@ -216,7 +266,9 @@
- {
- try
- {
-- verifyX509Certificate(cert, trustPublicKey, sigProvider);
-+ // BEGIN android-changed
-+ verifyX509Certificate(cert, trustPublicKey, params.getSigProvider());
-+ // END android-changed
- }
- catch (Exception ex)
- {
-@@ -248,7 +300,9 @@
+@@ -250,7 +255,9 @@
{
// look for URI
List list = (List) it.next();
@@ -4573,7 +2485,7 @@
{
// found
String temp = (String) list.get(1);
-@@ -721,38 +775,40 @@
+@@ -660,38 +667,40 @@
{
try
{
@@ -4601,13 +2513,13 @@
- X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
- url, base).build();
- pkixParams.addAdditionalStore(X509Store.getInstance(
-- "CERTIFICATE/LDAP", params, "BC"));
+- "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
- pkixParams.addAdditionalStore(X509Store.getInstance(
-- "CRL/LDAP", params, "BC"));
+- "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
- pkixParams.addAdditionalStore(X509Store.getInstance(
-- "ATTRIBUTECERTIFICATE/LDAP", params, "BC"));
+- "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
- pkixParams.addAdditionalStore(X509Store.getInstance(
-- "CERTIFICATEPAIR/LDAP", params, "BC"));
+- "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
- }
+ // BEGIN android-removed
+ // if (location.startsWith("ldap://"))
@@ -4634,19 +2546,19 @@
+ // X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
+ // url, base).build();
+ // pkixParams.addAdditionalStore(X509Store.getInstance(
-+ // "CERTIFICATE/LDAP", params, "BC"));
++ // "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+ // pkixParams.addAdditionalStore(X509Store.getInstance(
-+ // "CRL/LDAP", params, "BC"));
++ // "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+ // pkixParams.addAdditionalStore(X509Store.getInstance(
-+ // "ATTRIBUTECERTIFICATE/LDAP", params, "BC"));
++ // "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+ // pkixParams.addAdditionalStore(X509Store.getInstance(
-+ // "CERTIFICATEPAIR/LDAP", params, "BC"));
++ // "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+ // }
+ // END android-removed
}
catch (Exception e)
{
-@@ -819,35 +875,37 @@
+@@ -758,35 +767,37 @@
return certs;
}
@@ -4713,19 +2625,24 @@
protected static void addAdditionalStoresFromCRLDistributionPoint(
CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java 2011-09-01 17:21:06.000000000 +0000
-@@ -7,22 +7,31 @@
- import org.bouncycastle.crypto.InvalidCipherTextException;
- import org.bouncycastle.crypto.engines.AESFastEngine;
- import org.bouncycastle.crypto.engines.BlowfishEngine;
--import org.bouncycastle.crypto.engines.CAST5Engine;
--import org.bouncycastle.crypto.engines.CAST6Engine;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java 2011-09-08 21:28:49.000000000 +0000
+@@ -17,8 +17,10 @@
+ import javax.crypto.ShortBufferException;
+ import javax.crypto.spec.IvParameterSpec;
+ import javax.crypto.spec.PBEParameterSpec;
+-import javax.crypto.spec.RC2ParameterSpec;
+-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.CAST5Engine;
-+// import org.bouncycastle.crypto.engines.CAST6Engine;
++// import javax.crypto.spec.RC2ParameterSpec;
++// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
+
+ import org.bouncycastle.crypto.BlockCipher;
+ import org.bouncycastle.crypto.BufferedBlockCipher;
+@@ -28,7 +30,9 @@
+ import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.GOST28147Engine;
@@ -4733,34 +2650,16 @@
+// import org.bouncycastle.crypto.engines.GOST28147Engine;
+// END android-removed
import org.bouncycastle.crypto.engines.RC2Engine;
--import org.bouncycastle.crypto.engines.RC532Engine;
--import org.bouncycastle.crypto.engines.RC564Engine;
--import org.bouncycastle.crypto.engines.RC6Engine;
--import org.bouncycastle.crypto.engines.RijndaelEngine;
--import org.bouncycastle.crypto.engines.SEEDEngine;
--import org.bouncycastle.crypto.engines.SerpentEngine;
--import org.bouncycastle.crypto.engines.SkipjackEngine;
--import org.bouncycastle.crypto.engines.TEAEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RC532Engine;
-+// import org.bouncycastle.crypto.engines.RC564Engine;
-+// END android-removed
-+// import org.bouncycastle.crypto.engines.RC6Engine;
-+// import org.bouncycastle.crypto.engines.RijndaelEngine;
-+// import org.bouncycastle.crypto.engines.SEEDEngine;
-+// import org.bouncycastle.crypto.engines.SerpentEngine;
-+// import org.bouncycastle.crypto.engines.SkipjackEngine;
-+// import org.bouncycastle.crypto.engines.TEAEngine;
-+// END android-removed
import org.bouncycastle.crypto.engines.TwofishEngine;
--import org.bouncycastle.crypto.engines.XTEAEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.XTEAEngine;
-+// END android-removed
import org.bouncycastle.crypto.modes.AEADBlockCipher;
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
+@@ -36,12 +40,16 @@
import org.bouncycastle.crypto.modes.CCMBlockCipher;
-@@ -32,8 +41,10 @@
+ import org.bouncycastle.crypto.modes.CFBBlockCipher;
+ import org.bouncycastle.crypto.modes.CTSBlockCipher;
+-import org.bouncycastle.crypto.modes.EAXBlockCipher;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.modes.EAXBlockCipher;
++// END android-removed
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.modes.GOFBBlockCipher;
import org.bouncycastle.crypto.modes.OFBBlockCipher;
@@ -4773,7 +2672,7 @@
import org.bouncycastle.crypto.modes.SICBlockCipher;
import org.bouncycastle.crypto.paddings.BlockCipherPadding;
import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
-@@ -45,10 +56,12 @@
+@@ -53,10 +61,12 @@
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.crypto.params.ParametersWithRandom;
@@ -4789,21 +2688,8 @@
+// END android-removed
import org.bouncycastle.util.Strings;
- import javax.crypto.BadPaddingException;
-@@ -59,8 +72,10 @@
- import javax.crypto.ShortBufferException;
- import javax.crypto.spec.IvParameterSpec;
- import javax.crypto.spec.PBEParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
--import javax.crypto.spec.RC5ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// import javax.crypto.spec.RC5ParameterSpec;
-+// END android-removed
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.InvalidKeyException;
-@@ -78,11 +93,15 @@
+ public class JCEBlockCipher extends WrapCipherSpi
+@@ -67,11 +77,15 @@
//
private Class[] availableSpecs =
{
@@ -4822,7 +2708,7 @@
};
private BlockCipher baseEngine;
-@@ -237,20 +256,22 @@
+@@ -226,20 +240,22 @@
new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
}
}
@@ -4859,7 +2745,26 @@
else if (modeName.startsWith("SIC"))
{
ivLength = baseEngine.getBlockSize();
-@@ -376,13 +397,15 @@
+@@ -272,11 +288,13 @@
+ ivLength = baseEngine.getBlockSize();
+ cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
+ }
+- else if (modeName.startsWith("EAX"))
+- {
+- ivLength = baseEngine.getBlockSize();
+- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+- }
++ // BEGIN android-removed
++ // else if (modeName.startsWith("EAX"))
++ // {
++ // ivLength = baseEngine.getBlockSize();
++ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
++ // }
++ // END android-removed
+ else if (modeName.startsWith("GCM"))
+ {
+ ivLength = baseEngine.getBlockSize();
+@@ -365,13 +383,15 @@
throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
}
@@ -4882,7 +2787,7 @@
//
// a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
-@@ -448,63 +471,65 @@
+@@ -437,63 +457,65 @@
param = new KeyParameter(key.getEncoded());
}
}
@@ -5005,7 +2910,7 @@
else
{
throw new InvalidAlgorithmParameterException("unknown parameter type.");
-@@ -708,10 +733,21 @@
+@@ -697,10 +719,21 @@
int inputLen,
byte[] output,
int outputOffset)
@@ -5028,7 +2933,7 @@
if (inputLen != 0)
{
len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-@@ -753,17 +789,19 @@
+@@ -742,62 +775,64 @@
}
}
@@ -5043,37 +2948,6 @@
- super(new CBCBlockCipher(new DESEngine()), 64);
- }
- }
-+ // BEGIN android-removed
-+ // /**
-+ // * DESCBC
-+ // */
-+ // static public class DESCBC
-+ // extends JCEBlockCipher
-+ // {
-+ // public DESCBC()
-+ // {
-+ // super(new CBCBlockCipher(new DESEngine()), 64);
-+ // }
-+ // }
-+ // END android-removed
-
- /**
- * DESede
-@@ -777,52 +815,54 @@
- }
- }
-
-- /**
-- * DESedeCBC
-- */
-- static public class DESedeCBC
-- extends JCEBlockCipher
-- {
-- public DESedeCBC()
-- {
-- super(new CBCBlockCipher(new DESedeEngine()), 64);
-- }
-- }
-
- /**
- * GOST28147
@@ -5095,97 +2969,6 @@
- super(new CBCBlockCipher(new GOST28147Engine()), 64);
- }
- }
-+ // BEGIN android-removed
-+ // /**
-+ // * DESedeCBC
-+ // */
-+ // static public class DESedeCBC
-+ // extends JCEBlockCipher
-+ // {
-+ // public DESedeCBC()
-+ // {
-+ // super(new CBCBlockCipher(new DESedeEngine()), 64);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * GOST28147
-+ // */
-+ // static public class GOST28147
-+ // extends JCEBlockCipher
-+ // {
-+ // public GOST28147()
-+ // {
-+ // super(new GOST28147Engine());
-+ // }
-+ // }
-+ //
-+ // static public class GOST28147cbc
-+ // extends JCEBlockCipher
-+ // {
-+ // public GOST28147cbc()
-+ // {
-+ // super(new CBCBlockCipher(new GOST28147Engine()), 64);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * SKIPJACK
-+ // */
-+ // static public class Skipjack
-+ // extends JCEBlockCipher
-+ // {
-+ // public Skipjack()
-+ // {
-+ // super(new SkipjackEngine());
-+ // }
-+ // }
-+ // END android-removed
-
- /**
-- * SKIPJACK
-- */
-- static public class Skipjack
-- extends JCEBlockCipher
-- {
-- public Skipjack()
-- {
-- super(new SkipjackEngine());
-- }
-- }
--
-- /**
- * Blowfish
- */
- static public class Blowfish
-@@ -833,236 +873,238 @@
- super(new BlowfishEngine());
- }
- }
--
-- /**
-- * Blowfish CBC
-- */
-- static public class BlowfishCBC
-- extends JCEBlockCipher
-- {
-- public BlowfishCBC()
-- {
-- super(new CBCBlockCipher(new BlowfishEngine()), 64);
-- }
-- }
--
-- /**
-- * Twofish
-- */
-- static public class Twofish
-- extends JCEBlockCipher
-- {
-- public Twofish()
-- {
-- super(new TwofishEngine());
-- }
-- }
-
- /**
- * RC2
@@ -5210,210 +2993,37 @@
- super(new CBCBlockCipher(new RC2Engine()), 64);
- }
- }
--
-- /**
-- * RC5
-- */
-- static public class RC5
-- extends JCEBlockCipher
-- {
-- public RC5()
-- {
-- super(new RC532Engine());
-- }
-- }
--
-- /**
-- * RC564
-- */
-- static public class RC564
-- extends JCEBlockCipher
-- {
-- public RC564()
-- {
-- super(new RC564Engine());
-- }
-- }
--
-- /**
-- * RC6
-- */
-- static public class RC6
-- extends JCEBlockCipher
-- {
-- public RC6()
-- {
-- super(new RC6Engine());
-- }
-- }
--
-- /**
-- * AES
-- */
-- static public class AES
-- extends JCEBlockCipher
-- {
-- public AES()
-- {
-- super(new AESFastEngine());
-- }
-- }
--
-- /**
-- * AESCBC
-- */
-- static public class AESCBC
-- extends JCEBlockCipher
-- {
-- public AESCBC()
-- {
-- super(new CBCBlockCipher(new AESFastEngine()), 128);
-- }
-- }
--
-- /**
-- * AESCFB
-- */
-- static public class AESCFB
-- extends JCEBlockCipher
-- {
-- public AESCFB()
-- {
-- super(new CFBBlockCipher(new AESFastEngine(), 128), 128);
-- }
-- }
--
-- /**
-- * AESOFB
-- */
-- static public class AESOFB
-- extends JCEBlockCipher
-- {
-- public AESOFB()
-- {
-- super(new OFBBlockCipher(new AESFastEngine(), 128), 128);
-- }
-- }
--
-- /**
-- * Rijndael
-- */
-- static public class Rijndael
-- extends JCEBlockCipher
-- {
-- public Rijndael()
-- {
-- super(new RijndaelEngine());
-- }
-- }
--
-- /**
-- * Serpent
-- */
-- static public class Serpent
-- extends JCEBlockCipher
-- {
-- public Serpent()
-- {
-- super(new SerpentEngine());
-- }
-- }
--
--
-
-- /**
-- * CAST5
-- */
-- static public class CAST5
-- extends JCEBlockCipher
-- {
-- public CAST5()
-- {
-- super(new CAST5Engine());
-- }
-- }
--
-- /**
-- * CAST5 CBC
-- */
-- static public class CAST5CBC
-- extends JCEBlockCipher
-- {
-- public CAST5CBC()
-- {
-- super(new CBCBlockCipher(new CAST5Engine()), 64);
-- }
-- }
--
-- /**
-- * CAST6
-- */
-- static public class CAST6
-- extends JCEBlockCipher
-- {
-- public CAST6()
-- {
-- super(new CAST6Engine());
-- }
-- }
--
-- /**
-- * TEA
-- */
-- static public class TEA
-- extends JCEBlockCipher
-- {
-- public TEA()
-- {
-- super(new TEAEngine());
-- }
-- }
--
-- /**
-- * XTEA
-- */
-- static public class XTEA
-- extends JCEBlockCipher
-- {
-- public XTEA()
-- {
-- super(new XTEAEngine());
-- }
-- }
--
-- /**
-- * SEED
-- */
-- static public class SEED
-- extends JCEBlockCipher
-- {
-- public SEED()
-- {
-- super(new SEEDEngine());
-- }
-- }
+ // BEGIN android-removed
+ // /**
-+ // * Blowfish CBC
++ // * DESCBC
+ // */
-+ // static public class BlowfishCBC
++ // static public class DESCBC
+ // extends JCEBlockCipher
+ // {
-+ // public BlowfishCBC()
++ // public DESCBC()
+ // {
-+ // super(new CBCBlockCipher(new BlowfishEngine()), 64);
++ // super(new CBCBlockCipher(new DESEngine()), 64);
+ // }
+ // }
+ //
+ // /**
-+ // * Twofish
++ // * GOST28147
+ // */
-+ // static public class Twofish
++ // static public class GOST28147
+ // extends JCEBlockCipher
+ // {
-+ // public Twofish()
++ // public GOST28147()
+ // {
-+ // super(new TwofishEngine());
++ // super(new GOST28147Engine());
++ // }
++ // }
++ //
++ // static public class GOST28147cbc
++ // extends JCEBlockCipher
++ // {
++ // public GOST28147cbc()
++ // {
++ // super(new CBCBlockCipher(new GOST28147Engine()), 64);
+ // }
+ // }
+ //
@@ -5440,193 +3050,11 @@
+ // super(new CBCBlockCipher(new RC2Engine()), 64);
+ // }
+ // }
-+ //
-+ // /**
-+ // * RC5
-+ // */
-+ // static public class RC5
-+ // extends JCEBlockCipher
-+ // {
-+ // public RC5()
-+ // {
-+ // super(new RC532Engine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * RC564
-+ // */
-+ // static public class RC564
-+ // extends JCEBlockCipher
-+ // {
-+ // public RC564()
-+ // {
-+ // super(new RC564Engine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * RC6
-+ // */
-+ // static public class RC6
-+ // extends JCEBlockCipher
-+ // {
-+ // public RC6()
-+ // {
-+ // super(new RC6Engine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * AES
-+ // */
-+ // static public class AES
-+ // extends JCEBlockCipher
-+ // {
-+ // public AES()
-+ // {
-+ // super(new AESFastEngine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * AESCBC
-+ // */
-+ // static public class AESCBC
-+ // extends JCEBlockCipher
-+ // {
-+ // public AESCBC()
-+ // {
-+ // super(new CBCBlockCipher(new AESFastEngine()), 128);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * AESCFB
-+ // */
-+ // static public class AESCFB
-+ // extends JCEBlockCipher
-+ // {
-+ // public AESCFB()
-+ // {
-+ // super(new CFBBlockCipher(new AESFastEngine(), 128), 128);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * AESOFB
-+ // */
-+ // static public class AESOFB
-+ // extends JCEBlockCipher
-+ // {
-+ // public AESOFB()
-+ // {
-+ // super(new OFBBlockCipher(new AESFastEngine(), 128), 128);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * Rijndael
-+ // */
-+ // static public class Rijndael
-+ // extends JCEBlockCipher
-+ // {
-+ // public Rijndael()
-+ // {
-+ // super(new RijndaelEngine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * Serpent
-+ // */
-+ // static public class Serpent
-+ // extends JCEBlockCipher
-+ // {
-+ // public Serpent()
-+ // {
-+ // super(new SerpentEngine());
-+ // }
-+ // }
-+ //
-+ //
-+ //
-+ // /**
-+ // * CAST5
-+ // */
-+ // static public class CAST5
-+ // extends JCEBlockCipher
-+ // {
-+ // public CAST5()
-+ // {
-+ // super(new CAST5Engine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * CAST5 CBC
-+ // */
-+ // static public class CAST5CBC
-+ // extends JCEBlockCipher
-+ // {
-+ // public CAST5CBC()
-+ // {
-+ // super(new CBCBlockCipher(new CAST5Engine()), 64);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * CAST6
-+ // */
-+ // static public class CAST6
-+ // extends JCEBlockCipher
-+ // {
-+ // public CAST6()
-+ // {
-+ // super(new CAST6Engine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * TEA
-+ // */
-+ // static public class TEA
-+ // extends JCEBlockCipher
-+ // {
-+ // public TEA()
-+ // {
-+ // super(new TEAEngine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * XTEA
-+ // */
-+ // static public class XTEA
-+ // extends JCEBlockCipher
-+ // {
-+ // public XTEA()
-+ // {
-+ // super(new XTEAEngine());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * SEED
-+ // */
-+ // static public class SEED
-+ // extends JCEBlockCipher
-+ // {
-+ // public SEED()
-+ // {
-+ // super(new SEEDEngine());
-+ // }
-+ // }
+ // END android-removed
/**
* PBEWithMD5AndDES
-@@ -1087,7 +1129,7 @@
+@@ -822,7 +857,7 @@
super(new CBCBlockCipher(new RC2Engine()));
}
}
@@ -5635,7 +3063,7 @@
/**
* PBEWithSHA1AndDES
*/
-@@ -1135,7 +1177,7 @@
+@@ -870,7 +905,7 @@
super(new CBCBlockCipher(new DESedeEngine()));
}
}
@@ -5644,7 +3072,7 @@
/**
* PBEWithSHAAnd128BitRC2-CBC
*/
-@@ -1159,7 +1201,7 @@
+@@ -894,7 +929,7 @@
super(new CBCBlockCipher(new RC2Engine()));
}
}
@@ -5653,7 +3081,7 @@
/**
* PBEWithSHAAndTwofish-CBC
*/
-@@ -1171,7 +1213,7 @@
+@@ -906,7 +941,7 @@
super(new CBCBlockCipher(new TwofishEngine()));
}
}
@@ -5662,27 +3090,29 @@
/**
* PBEWithAES-CBC
*/
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2011-09-01 17:21:06.000000000 +0000
-@@ -37,9 +37,11 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2011-09-08 21:28:49.000000000 +0000
+@@ -36,10 +36,12 @@
static
{
- Integer i64 = new Integer(64);
- Integer i192 = new Integer(192);
- Integer i128 = new Integer(128);
+- Integer i256 = new Integer(256);
+ // BEGIN android-changed
+ Integer i64 = Integer.valueOf(64);
+ Integer i192 = Integer.valueOf(192);
+ Integer i128 = Integer.valueOf(128);
++ Integer i256 = Integer.valueOf(256);
+ // END android-changed
algorithms.put("DES", i64);
algorithms.put("DESEDE", i192);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java 2011-09-08 21:28:49.000000000 +0000
@@ -12,7 +12,9 @@
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.MD5Digest;
@@ -5763,83 +3193,345 @@
|| (sha256.contains(digest1) && sha256.contains(digest2))
|| (sha384.contains(digest1) && sha384.contains(digest2))
|| (sha512.contains(digest1) && sha512.contains(digest2))
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2011-09-01 17:21:06.000000000 +0000
-@@ -145,30 +145,32 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2011-09-08 21:28:49.000000000 +0000
+@@ -20,7 +20,9 @@
+ import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+ import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+@@ -199,21 +201,23 @@
+ DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+ X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
+
+- if (ecP == null) // GOST Curve
+- {
+- ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+- EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+-
+- ecSpec = new ECNamedCurveSpec(
+- ECGOST3410NamedCurves.getName(oid),
+- ellipticCurve,
+- new ECPoint(
+- gParam.getG().getX().toBigInteger(),
+- gParam.getG().getY().toBigInteger()),
+- gParam.getN(),
+- gParam.getH());
+- }
+- else
++ // BEGIN android-removed
++ // if (ecP == null) // GOST Curve
++ // {
++ // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
++ // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
++ //
++ // ecSpec = new ECNamedCurveSpec(
++ // ECGOST3410NamedCurves.getName(oid),
++ // ellipticCurve,
++ // new ECPoint(
++ // gParam.getG().getX().toBigInteger(),
++ // gParam.getG().getY().toBigInteger()),
++ // gParam.getN(),
++ // gParam.getH());
++ // }
++ // else
++ // END android-removed
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
+
+@@ -324,11 +328,13 @@
+ keyStructure = new ECPrivateKeyStructure(this.getS(), params);
}
+
+- if (algorithm.equals("ECGOST3410"))
+- {
+- info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject());
+- }
+- else
++ // BEGIN android-removed
++ // if (algorithm.equals("ECGOST3410"))
++ // {
++ // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject());
++ // }
++ // else
++ // END android-removed
+ {
+
+ info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject());
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java 2011-09-08 21:28:49.000000000 +0000
+@@ -20,8 +20,10 @@
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROctetString;
+ import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
++// END android-removed
+ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+ import org.bouncycastle.asn1.x9.X962Parameters;
+@@ -31,11 +33,15 @@
+ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+-import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
++// BEGIN android-removed
++// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
++// END android-removed
+ import org.bouncycastle.jce.interfaces.ECPointEncoder;
+ import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+ import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
+-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
++// BEGIN android-removed
++// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
++// END android-removed
+ import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+ import org.bouncycastle.math.ec.ECCurve;
+
+@@ -46,7 +52,9 @@
+ private org.bouncycastle.math.ec.ECPoint q;
+ private ECParameterSpec ecSpec;
+ private boolean withCompression;
+- private GOST3410PublicKeyAlgParameters gostParams;
++ // BEGIN android-removed
++ // private GOST3410PublicKeyAlgParameters gostParams;
++ // END android-removed
+
+ public JCEECPublicKey(
+ String algorithm,
+@@ -56,7 +64,9 @@
+ this.q = key.q;
+ this.ecSpec = key.ecSpec;
+ this.withCompression = key.withCompression;
+- this.gostParams = key.gostParams;
++ // BEGIN android-removed
++ // this.gostParams = key.gostParams;
++ // END android-removed
}
-- /**
-- * generate a desEDE key in the a-b-c format.
-- */
-- public static class DESede3
-- extends JCEKeyGenerator
-- {
-- public DESede3()
+ public JCEECPublicKey(
+@@ -179,54 +189,56 @@
+
+ private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
+ {
+- if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
- {
-- super("DESede3", 192, new DESedeKeyGenerator());
-- }
-- }
+- DERBitString bits = info.getPublicKeyData();
+- ASN1OctetString key;
+- this.algorithm = "ECGOST3410";
-
-- /**
-- * SKIPJACK
-- */
-- public static class Skipjack
-- extends JCEKeyGenerator
-- {
-- public Skipjack()
+- try
+- {
+- key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes());
+- }
+- catch (IOException ex)
+- {
+- throw new IllegalArgumentException("error recovering public key");
+- }
+-
+- byte[] keyEnc = key.getOctets();
+- byte[] x = new byte[32];
+- byte[] y = new byte[32];
+-
+- for (int i = 0; i != x.length; i++)
+- {
+- x[i] = keyEnc[32 - 1 - i];
+- }
+-
+- for (int i = 0; i != y.length; i++)
+- {
+- y[i] = keyEnc[64 - 1 - i];
+- }
+-
+- gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+-
+- ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+-
+- ECCurve curve = spec.getCurve();
+- EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+-
+- this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+-
+- ecSpec = new ECNamedCurveSpec(
+- ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+- ellipticCurve,
+- new ECPoint(
+- spec.getG().getX().toBigInteger(),
+- spec.getG().getY().toBigInteger()),
+- spec.getN(), spec.getH());
+-
+- }
+- else
++ // BEGIN android-removed
++ // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
++ // {
++ // DERBitString bits = info.getPublicKeyData();
++ // ASN1OctetString key;
++ // this.algorithm = "ECGOST3410";
++ //
++ // try
++ // {
++ // key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes());
++ // }
++ // catch (IOException ex)
++ // {
++ // throw new IllegalArgumentException("error recovering public key");
++ // }
++ //
++ // byte[] keyEnc = key.getOctets();
++ // byte[] x = new byte[32];
++ // byte[] y = new byte[32];
++ //
++ // for (int i = 0; i != x.length; i++)
++ // {
++ // x[i] = keyEnc[32 - 1 - i];
++ // }
++ //
++ // for (int i = 0; i != y.length; i++)
++ // {
++ // y[i] = keyEnc[64 - 1 - i];
++ // }
++ //
++ // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
++ //
++ // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
++ //
++ // ECCurve curve = spec.getCurve();
++ // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
++ //
++ // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
++ //
++ // ecSpec = new ECNamedCurveSpec(
++ // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
++ // ellipticCurve,
++ // new ECPoint(
++ // spec.getG().getX().toBigInteger(),
++ // spec.getG().getY().toBigInteger()),
++ // spec.getN(), spec.getH());
++ //
++ // }
++ // else
++ // END android-removed
+ {
+ X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
+ ECCurve curve;
+@@ -315,45 +327,47 @@
+ ASN1Encodable params;
+ SubjectPublicKeyInfo info;
+
+- if (algorithm.equals("ECGOST3410"))
- {
-- super("SKIPJACK", 80, new CipherKeyGenerator());
-- }
-- }
+- if (gostParams != null)
+- {
+- params = gostParams;
+- }
+- else
+- {
+- if (ecSpec instanceof ECNamedCurveSpec)
+- {
+- params = new GOST3410PublicKeyAlgParameters(
+- ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+- CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+- }
+- else
+- { // strictly speaking this may not be applicable...
+- ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
-
-+ // BEGIN android-removed
-+ // /**
-+ // * generate a desEDE key in the a-b-c format.
-+ // */
-+ // public static class DESede3
-+ // extends JCEKeyGenerator
-+ // {
-+ // public DESede3()
-+ // {
-+ // super("DESede3", 192, new DESedeKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * SKIPJACK
-+ // */
-+ // public static class Skipjack
-+ // extends JCEKeyGenerator
-+ // {
-+ // public Skipjack()
-+ // {
-+ // super("SKIPJACK", 80, new CipherKeyGenerator());
-+ // }
-+ // }
-+ // END android-removed
-+
- /**
- * Blowfish
- */
-@@ -180,31 +182,33 @@
- super("Blowfish", 128, new CipherKeyGenerator());
+- X9ECParameters ecP = new X9ECParameters(
+- curve,
+- EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+- ecSpec.getOrder(),
+- BigInteger.valueOf(ecSpec.getCofactor()),
+- ecSpec.getCurve().getSeed());
+-
+- params = new X962Parameters(ecP);
+- }
+- }
+-
+- BigInteger bX = this.q.getX().toBigInteger();
+- BigInteger bY = this.q.getY().toBigInteger();
+- byte[] encKey = new byte[64];
+-
+- extractBytes(encKey, 0, bX);
+- extractBytes(encKey, 32, bY);
+-
+- info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
+- }
+- else
++ // BEGIN android-removed
++ // if (algorithm.equals("ECGOST3410"))
++ // {
++ // if (gostParams != null)
++ // {
++ // params = gostParams;
++ // }
++ // else
++ // {
++ // if (ecSpec instanceof ECNamedCurveSpec)
++ // {
++ // params = new GOST3410PublicKeyAlgParameters(
++ // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
++ // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
++ // }
++ // else
++ // { // strictly speaking this may not be applicable...
++ // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
++ //
++ // X9ECParameters ecP = new X9ECParameters(
++ // curve,
++ // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
++ // ecSpec.getOrder(),
++ // BigInteger.valueOf(ecSpec.getCofactor()),
++ // ecSpec.getCurve().getSeed());
++ //
++ // params = new X962Parameters(ecP);
++ // }
++ // }
++ //
++ // BigInteger bX = this.q.getX().toBigInteger();
++ // BigInteger bY = this.q.getY().toBigInteger();
++ // byte[] encKey = new byte[64];
++ //
++ // extractBytes(encKey, 0, bX);
++ // extractBytes(encKey, 32, bY);
++ //
++ // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
++ // }
++ // else
++ // END android-removed
+ {
+ if (ecSpec instanceof ECNamedCurveSpec)
+ {
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2011-09-08 21:28:49.000000000 +0000
+@@ -57,6 +57,11 @@
+ {
+ try
+ {
++ // BEGIN android-added
++ if (random == null) {
++ random = new SecureRandom();
++ }
++ // END android-added
+ engine.init(new KeyGenerationParameters(random, keySize));
+ uninitialised = false;
+ }
+@@ -93,56 +98,60 @@
}
}
--
-- /**
-- * Twofish
-- */
-- public static class Twofish
-- extends JCEKeyGenerator
-- {
-- public Twofish()
-- {
-- super("Twofish", 256, new CipherKeyGenerator());
-- }
-- }
--
+
- /**
- * RC2
- */
@@ -5852,77 +3544,6 @@
- }
- }
-
-+
-+ // BEGIN android-removed
-+ // /**
-+ // * Twofish
-+ // */
-+ // public static class Twofish
-+ // extends JCEKeyGenerator
-+ // {
-+ // public Twofish()
-+ // {
-+ // super("Twofish", 256, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * RC2
-+ // */
-+ // public static class RC2
-+ // extends JCEKeyGenerator
-+ // {
-+ // public RC2()
-+ // {
-+ // super("RC2", 128, new CipherKeyGenerator());
-+ // }
-+ // }
-+ // END android-removed
-+
- /**
- * RC4
- */
-@@ -216,203 +220,207 @@
- super("RC4", 128, new CipherKeyGenerator());
- }
- }
--
-- /**
-- * RC5
-- */
-- public static class RC5
-- extends JCEKeyGenerator
-- {
-- public RC5()
-- {
-- super("RC5", 128, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * RC5
-- */
-- public static class RC564
-- extends JCEKeyGenerator
-- {
-- public RC564()
-- {
-- super("RC5-64", 256, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * RC6
-- */
-- public static class RC6
-- extends JCEKeyGenerator
-- {
-- public RC6()
-- {
-- super("RC6", 256, new CipherKeyGenerator());
-- }
-- }
--
- /**
- * GOST28147
- */
@@ -5934,64 +3555,16 @@
- super("GOST28147", 256, new CipherKeyGenerator());
- }
- }
-
-- /**
-- * Rijndael
-- */
-- public static class Rijndael
-- extends JCEKeyGenerator
-- {
-- public Rijndael()
-- {
-- super("Rijndael", 192, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * Serpent
-- */
-- public static class Serpent
-- extends JCEKeyGenerator
-- {
-- public Serpent()
-- {
-- super("Serpent", 192, new CipherKeyGenerator());
-- }
-- }
+ // BEGIN android-removed
+ // /**
-+ // * RC5
++ // * RC2
+ // */
-+ // public static class RC5
++ // public static class RC2
+ // extends JCEKeyGenerator
+ // {
-+ // public RC5()
++ // public RC2()
+ // {
-+ // super("RC5", 128, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * RC5
-+ // */
-+ // public static class RC564
-+ // extends JCEKeyGenerator
-+ // {
-+ // public RC564()
-+ // {
-+ // super("RC5-64", 256, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * RC6
-+ // */
-+ // public static class RC6
-+ // extends JCEKeyGenerator
-+ // {
-+ // public RC6()
-+ // {
-+ // super("RC6", 256, new CipherKeyGenerator());
++ // super("RC2", 128, new CipherKeyGenerator());
+ // }
+ // }
+ //
@@ -6006,225 +3579,6 @@
+ // super("GOST28147", 256, new CipherKeyGenerator());
+ // }
+ // }
-
--
--
-- /**
-- * CAST6
-- */
-- public static class CAST6
-- extends JCEKeyGenerator
-- {
-- public CAST6()
-- {
-- super("CAST6", 256, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * TEA
-- */
-- public static class TEA
-- extends JCEKeyGenerator
-- {
-- public TEA()
-- {
-- super("TEA", 128, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * XTEA
-- */
-- public static class XTEA
-- extends JCEKeyGenerator
-- {
-- public XTEA()
-- {
-- super("XTEA", 128, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * Salsa20
-- */
-- public static class Salsa20
-- extends JCEKeyGenerator
-- {
-- public Salsa20()
-- {
-- super("Salsa20", 128, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * HC128
-- */
-- public static class HC128
-- extends JCEKeyGenerator
-- {
-- public HC128()
-- {
-- super("HC128", 128, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * HC256
-- */
-- public static class HC256
-- extends JCEKeyGenerator
-- {
-- public HC256()
-- {
-- super("HC256", 256, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * VMPC
-- */
-- public static class VMPC
-- extends JCEKeyGenerator
-- {
-- public VMPC()
-- {
-- super("VMPC", 128, new CipherKeyGenerator());
-- }
-- }
--
-- /**
-- * VMPC-KSA3
-- */
-- public static class VMPCKSA3
-- extends JCEKeyGenerator
-- {
-- public VMPCKSA3()
-- {
-- super("VMPC-KSA3", 128, new CipherKeyGenerator());
-- }
-- }
-+ // /**
-+ // * Rijndael
-+ // */
-+ // public static class Rijndael
-+ // extends JCEKeyGenerator
-+ // {
-+ // public Rijndael()
-+ // {
-+ // super("Rijndael", 192, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * Serpent
-+ // */
-+ // public static class Serpent
-+ // extends JCEKeyGenerator
-+ // {
-+ // public Serpent()
-+ // {
-+ // super("Serpent", 192, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ //
-+ //
-+ // /**
-+ // * CAST6
-+ // */
-+ // public static class CAST6
-+ // extends JCEKeyGenerator
-+ // {
-+ // public CAST6()
-+ // {
-+ // super("CAST6", 256, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * TEA
-+ // */
-+ // public static class TEA
-+ // extends JCEKeyGenerator
-+ // {
-+ // public TEA()
-+ // {
-+ // super("TEA", 128, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * XTEA
-+ // */
-+ // public static class XTEA
-+ // extends JCEKeyGenerator
-+ // {
-+ // public XTEA()
-+ // {
-+ // super("XTEA", 128, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * Salsa20
-+ // */
-+ // public static class Salsa20
-+ // extends JCEKeyGenerator
-+ // {
-+ // public Salsa20()
-+ // {
-+ // super("Salsa20", 128, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * HC128
-+ // */
-+ // public static class HC128
-+ // extends JCEKeyGenerator
-+ // {
-+ // public HC128()
-+ // {
-+ // super("HC128", 128, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * HC256
-+ // */
-+ // public static class HC256
-+ // extends JCEKeyGenerator
-+ // {
-+ // public HC256()
-+ // {
-+ // super("HC256", 256, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * VMPC
-+ // */
-+ // public static class VMPC
-+ // extends JCEKeyGenerator
-+ // {
-+ // public VMPC()
-+ // {
-+ // super("VMPC", 128, new CipherKeyGenerator());
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * VMPC-KSA3
-+ // */
-+ // public static class VMPCKSA3
-+ // extends JCEKeyGenerator
-+ // {
-+ // public VMPCKSA3()
-+ // {
-+ // super("VMPC-KSA3", 128, new CipherKeyGenerator());
-+ // }
-+ // }
+ // END android-removed
// HMAC Related secret keys..
@@ -6282,7 +3636,7 @@
/**
* MD5HMAC
-@@ -427,29 +435,29 @@
+@@ -157,29 +166,29 @@
}
@@ -6335,7 +3689,7 @@
/**
-@@ -464,17 +472,19 @@
+@@ -194,17 +203,19 @@
}
}
@@ -6366,7 +3720,7 @@
/**
* HMACSHA256
-@@ -512,15 +522,17 @@
+@@ -242,15 +253,17 @@
}
}
@@ -6395,10 +3749,10 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java 2011-09-01 17:21:06.000000000 +0000
-@@ -2,29 +2,43 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java 2011-09-08 21:28:49.000000000 +0000
+@@ -11,25 +11,39 @@
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Mac;
@@ -6428,14 +3782,9 @@
+// import org.bouncycastle.crypto.digests.TigerDigest;
+// END android-removed
import org.bouncycastle.crypto.engines.DESEngine;
- import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.RC2Engine;
--import org.bouncycastle.crypto.engines.RC532Engine;
--import org.bouncycastle.crypto.engines.SkipjackEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RC2Engine;
-+// import org.bouncycastle.crypto.engines.RC532Engine;
-+// import org.bouncycastle.crypto.engines.SkipjackEngine;
+// END android-removed
import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
@@ -6447,16 +3796,14 @@
import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-import org.bouncycastle.crypto.macs.OldHMac;
--import org.bouncycastle.crypto.macs.VMPCMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
+// import org.bouncycastle.crypto.macs.OldHMac;
-+// import org.bouncycastle.crypto.macs.VMPCMac;
+// END android-removed
import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
-@@ -146,224 +160,226 @@
+@@ -143,115 +157,117 @@
* the classes that extend directly off us.
*/
@@ -6473,30 +3820,6 @@
- }
-
- /**
-- * DESede
-- */
-- public static class DESede
-- extends JCEMac
-- {
-- public DESede()
-- {
-- super(new CBCBlockCipherMac(new DESedeEngine()));
-- }
-- }
--
-- /**
-- * SKIPJACK
-- */
-- public static class Skipjack
-- extends JCEMac
-- {
-- public Skipjack()
-- {
-- super(new CBCBlockCipherMac(new SkipjackEngine()));
-- }
-- }
--
-- /**
- * RC2
- */
- public static class RC2
@@ -6509,18 +3832,6 @@
- }
-
- /**
-- * RC5
-- */
-- public static class RC5
-- extends JCEMac
-- {
-- public RC5()
-- {
-- super(new CBCBlockCipherMac(new RC532Engine()));
-- }
-- }
--
-- /**
- * GOST28147
- */
- public static class GOST28147
@@ -6532,17 +3843,7 @@
- }
- }
-
-- /**
-- * VMPC
-- */
-- public static class VMPC
-- extends JCEMac
-- {
-- public VMPC()
-- {
-- super(new VMPCMac());
-- }
-- }
+-
-
- /**
- * DES
@@ -6557,30 +3858,6 @@
- }
-
- /**
-- * DESede
-- */
-- public static class DESedeCFB8
-- extends JCEMac
-- {
-- public DESedeCFB8()
-- {
-- super(new CFBBlockCipherMac(new DESedeEngine()));
-- }
-- }
--
-- /**
-- * SKIPJACK
-- */
-- public static class SkipjackCFB8
-- extends JCEMac
-- {
-- public SkipjackCFB8()
-- {
-- super(new CFBBlockCipherMac(new SkipjackEngine()));
-- }
-- }
--
-- /**
- * RC2CFB8
- */
- public static class RC2CFB8
@@ -6593,17 +3870,52 @@
- }
-
- /**
-- * RC5CFB8
+- * DES9797Alg3with7816-4Padding
- */
-- public static class RC5CFB8
+- public static class DES9797Alg3with7816d4
- extends JCEMac
- {
-- public RC5CFB8()
+- public DES9797Alg3with7816d4()
- {
-- super(new CFBBlockCipherMac(new RC532Engine()));
+- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
- }
- }
--
+-
+- /**
+- * DES9797Alg3
+- */
+- public static class DES9797Alg3
+- extends JCEMac
+- {
+- public DES9797Alg3()
+- {
+- super(new ISO9797Alg3Mac(new DESEngine()));
+- }
+- }
+-
+- /**
+- * MD2 HMac
+- */
+- public static class MD2
+- extends JCEMac
+- {
+- public MD2()
+- {
+- super(new HMac(new MD2Digest()));
+- }
+- }
+-
+- /**
+- * MD4 HMac
+- */
+- public static class MD4
+- extends JCEMac
+- {
+- public MD4()
+- {
+- super(new HMac(new MD4Digest()));
+- }
+- }
+ // BEGIN android-removed
+ // /**
+ // * DES
@@ -6618,30 +3930,6 @@
+ // }
+ //
+ // /**
-+ // * DESede
-+ // */
-+ // public static class DESede
-+ // extends JCEMac
-+ // {
-+ // public DESede()
-+ // {
-+ // super(new CBCBlockCipherMac(new DESedeEngine()));
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * SKIPJACK
-+ // */
-+ // public static class Skipjack
-+ // extends JCEMac
-+ // {
-+ // public Skipjack()
-+ // {
-+ // super(new CBCBlockCipherMac(new SkipjackEngine()));
-+ // }
-+ // }
-+ //
-+ // /**
+ // * RC2
+ // */
+ // public static class RC2
@@ -6654,18 +3942,6 @@
+ // }
+ //
+ // /**
-+ // * RC5
-+ // */
-+ // public static class RC5
-+ // extends JCEMac
-+ // {
-+ // public RC5()
-+ // {
-+ // super(new CBCBlockCipherMac(new RC532Engine()));
-+ // }
-+ // }
-+ //
-+ // /**
+ // * GOST28147
+ // */
+ // public static class GOST28147
@@ -6677,17 +3953,7 @@
+ // }
+ // }
+ //
-+ // /**
-+ // * VMPC
-+ // */
-+ // public static class VMPC
-+ // extends JCEMac
-+ // {
-+ // public VMPC()
-+ // {
-+ // super(new VMPCMac());
-+ // }
-+ // }
++ //
+ //
+ // /**
+ // * DES
@@ -6702,30 +3968,6 @@
+ // }
+ //
+ // /**
-+ // * DESede
-+ // */
-+ // public static class DESedeCFB8
-+ // extends JCEMac
-+ // {
-+ // public DESedeCFB8()
-+ // {
-+ // super(new CFBBlockCipherMac(new DESedeEngine()));
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * SKIPJACK
-+ // */
-+ // public static class SkipjackCFB8
-+ // extends JCEMac
-+ // {
-+ // public SkipjackCFB8()
-+ // {
-+ // super(new CFBBlockCipherMac(new SkipjackEngine()));
-+ // }
-+ // }
-+ //
-+ // /**
+ // * RC2CFB8
+ // */
+ // public static class RC2CFB8
@@ -6738,43 +3980,6 @@
+ // }
+ //
+ // /**
-+ // * RC5CFB8
-+ // */
-+ // public static class RC5CFB8
-+ // extends JCEMac
-+ // {
-+ // public RC5CFB8()
-+ // {
-+ // super(new CFBBlockCipherMac(new RC532Engine()));
-+ // }
-+ // }
-+ //
-+ //
-+ // /**
-+ // * DESede64
-+ // */
-+ // public static class DESede64
-+ // extends JCEMac
-+ // {
-+ // public DESede64()
-+ // {
-+ // super(new CBCBlockCipherMac(new DESedeEngine(), 64));
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * DESede64with7816-4Padding
-+ // */
-+ // public static class DESede64with7816d4
-+ // extends JCEMac
-+ // {
-+ // public DESede64with7816d4()
-+ // {
-+ // super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
-+ // }
-+ // }
-+ //
-+ // /**
+ // * DES9797Alg3with7816-4Padding
+ // */
+ // public static class DES9797Alg3with7816d4
@@ -6822,84 +4027,10 @@
+ // }
+ // }
+ // END android-removed
-
+
/**
-- * DESede64
-- */
-- public static class DESede64
-- extends JCEMac
-- {
-- public DESede64()
-- {
-- super(new CBCBlockCipherMac(new DESedeEngine(), 64));
-- }
-- }
--
-- /**
-- * DESede64with7816-4Padding
-- */
-- public static class DESede64with7816d4
-- extends JCEMac
-- {
-- public DESede64with7816d4()
-- {
-- super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
-- }
-- }
--
-- /**
-- * DES9797Alg3with7816-4Padding
-- */
-- public static class DES9797Alg3with7816d4
-- extends JCEMac
-- {
-- public DES9797Alg3with7816d4()
-- {
-- super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-- }
-- }
--
-- /**
-- * DES9797Alg3
-- */
-- public static class DES9797Alg3
-- extends JCEMac
-- {
-- public DES9797Alg3()
-- {
-- super(new ISO9797Alg3Mac(new DESEngine()));
-- }
-- }
--
-- /**
-- * MD2 HMac
-- */
-- public static class MD2
-- extends JCEMac
-- {
-- public MD2()
-- {
-- super(new HMac(new MD2Digest()));
-- }
-- }
--
-- /**
-- * MD4 HMac
-- */
-- public static class MD4
-- extends JCEMac
-- {
-- public MD4()
-- {
-- super(new HMac(new MD4Digest()));
-- }
-- }
--
-- /**
* MD5 HMac
- */
- public static class MD5
-@@ -374,7 +390,7 @@
+@@ -264,7 +280,7 @@
super(new HMac(new MD5Digest()));
}
}
@@ -6908,7 +4039,7 @@
/**
* SHA1 HMac
*/
-@@ -386,18 +402,20 @@
+@@ -276,18 +292,20 @@
super(new HMac(new SHA1Digest()));
}
}
@@ -6941,7 +4072,7 @@
/**
* SHA-256 HMac
-@@ -410,7 +428,7 @@
+@@ -300,7 +318,7 @@
super(new HMac(new SHA256Digest()));
}
}
@@ -6950,7 +4081,7 @@
/**
* SHA-384 HMac
*/
-@@ -422,15 +440,17 @@
+@@ -312,15 +330,17 @@
super(new HMac(new SHA384Digest()));
}
}
@@ -6977,7 +4108,7 @@
/**
* SHA-512 HMac
-@@ -443,73 +463,75 @@
+@@ -333,73 +353,75 @@
super(new HMac(new SHA512Digest()));
}
}
@@ -7117,7 +4248,7 @@
/**
* PBEWithHmacSHA
*/
-@@ -521,16 +543,18 @@
+@@ -411,16 +433,18 @@
super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160);
}
}
@@ -7148,10 +4279,10 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java 2011-09-01 17:21:06.000000000 +0000
-@@ -534,48 +534,50 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java 2011-09-08 21:28:49.000000000 +0000
+@@ -535,48 +535,50 @@
}
}
@@ -7246,9 +4377,9 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2011-09-08 21:28:49.000000000 +0000
@@ -125,7 +125,9 @@
*/
public byte[] getEncoded()
@@ -7260,9 +4391,9 @@
return info.getDEREncoded();
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2011-09-08 21:28:49.000000000 +0000
@@ -77,7 +77,9 @@
public byte[] getEncoded()
@@ -7274,9 +4405,9 @@
return info.getDEREncoded();
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2011-09-08 21:28:49.000000000 +0000
@@ -90,7 +90,9 @@
public byte[] getEncoded()
@@ -7288,13 +4419,13 @@
return info.getDEREncoded();
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2011-09-01 17:21:06.000000000 +0000
-@@ -321,29 +321,31 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2011-09-08 21:28:49.000000000 +0000
+@@ -250,29 +250,31 @@
}
}
-
+
- /**
- * PBEWithMD2AndDES
- */
@@ -7346,7 +4477,7 @@
/**
* PBEWithMD5AndDES
-@@ -477,17 +479,19 @@
+@@ -406,17 +408,19 @@
}
}
@@ -7377,7 +4508,7 @@
/**
* PBEWithHmacSHA
-@@ -501,17 +505,19 @@
+@@ -430,17 +434,19 @@
}
}
@@ -7408,7 +4539,7 @@
/**
* PBEWithSHA1And128BitAES-BC
-@@ -620,4 +626,56 @@
+@@ -549,4 +555,56 @@
super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128);
}
}
@@ -7465,42 +4596,10 @@
+ }
+ // END android-added
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java 2011-09-01 17:21:06.000000000 +0000
-@@ -5,17 +5,21 @@
- import org.bouncycastle.crypto.DataLengthException;
- import org.bouncycastle.crypto.StreamBlockCipher;
- import org.bouncycastle.crypto.StreamCipher;
--import org.bouncycastle.crypto.engines.BlowfishEngine;
--import org.bouncycastle.crypto.engines.DESEngine;
--import org.bouncycastle.crypto.engines.DESedeEngine;
--import org.bouncycastle.crypto.engines.HC128Engine;
--import org.bouncycastle.crypto.engines.HC256Engine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.BlowfishEngine;
-+// import org.bouncycastle.crypto.engines.DESEngine;
-+// import org.bouncycastle.crypto.engines.DESedeEngine;
-+// import org.bouncycastle.crypto.engines.HC128Engine;
-+// import org.bouncycastle.crypto.engines.HC256Engine;
-+// END android-removed
- import org.bouncycastle.crypto.engines.RC4Engine;
--import org.bouncycastle.crypto.engines.Salsa20Engine;
--import org.bouncycastle.crypto.engines.SkipjackEngine;
--import org.bouncycastle.crypto.engines.TwofishEngine;
--import org.bouncycastle.crypto.engines.VMPCEngine;
--import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.Salsa20Engine;
-+// import org.bouncycastle.crypto.engines.SkipjackEngine;
-+// import org.bouncycastle.crypto.engines.TwofishEngine;
-+// import org.bouncycastle.crypto.engines.VMPCEngine;
-+// import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CFBBlockCipher;
- import org.bouncycastle.crypto.modes.OFBBlockCipher;
- import org.bouncycastle.crypto.params.KeyParameter;
-@@ -27,8 +31,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java 2011-09-08 21:28:49.000000000 +0000
+@@ -13,20 +13,26 @@
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEParameterSpec;
@@ -7510,10 +4609,31 @@
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.InvalidKeyException;
-@@ -44,8 +50,10 @@
+
+ import org.bouncycastle.crypto.BlockCipher;
+ import org.bouncycastle.crypto.CipherParameters;
+ import org.bouncycastle.crypto.DataLengthException;
+ import org.bouncycastle.crypto.StreamBlockCipher;
+ import org.bouncycastle.crypto.StreamCipher;
+-import org.bouncycastle.crypto.engines.BlowfishEngine;
+-import org.bouncycastle.crypto.engines.DESEngine;
+-import org.bouncycastle.crypto.engines.DESedeEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.BlowfishEngine;
++// import org.bouncycastle.crypto.engines.DESEngine;
++// import org.bouncycastle.crypto.engines.DESedeEngine;
++// END android-removed
+ import org.bouncycastle.crypto.engines.RC4Engine;
+-import org.bouncycastle.crypto.engines.SkipjackEngine;
+-import org.bouncycastle.crypto.engines.TwofishEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.SkipjackEngine;
++// import org.bouncycastle.crypto.engines.TwofishEngine;
++// END android-removed
+ import org.bouncycastle.crypto.modes.CFBBlockCipher;
+ import org.bouncycastle.crypto.modes.OFBBlockCipher;
+ import org.bouncycastle.crypto.params.KeyParameter;
+@@ -40,8 +46,10 @@
//
private Class[] availableSpecs =
{
@@ -7526,7 +4646,7 @@
IvParameterSpec.class,
PBEParameterSpec.class
};
-@@ -374,125 +382,127 @@
+@@ -370,125 +378,127 @@
* The ciphers that inherit from us.
*/
@@ -7772,8 +4892,8 @@
+ // END android-removed
/**
- * RC4
-@@ -517,7 +527,7 @@
+ * PBEWithSHAAnd128BitRC4
+@@ -501,7 +511,7 @@
super(new RC4Engine(), 0);
}
}
@@ -7782,137 +4902,17 @@
/**
* PBEWithSHAAnd40BitRC4
*/
-@@ -529,64 +539,66 @@
- super(new RC4Engine(), 0);
- }
- }
--
-- /**
-- * Salsa20
-- */
-- static public class Salsa20
-- extends JCEStreamCipher
-- {
-- public Salsa20()
-- {
-- super(new Salsa20Engine(), 8);
-- }
-- }
--
-- /**
-- * HC-128
-- */
-- static public class HC128
-- extends JCEStreamCipher
-- {
-- public HC128()
-- {
-- super(new HC128Engine(), 16);
-- }
-- }
--
-- /**
-- * HC-256
-- */
-- static public class HC256
-- extends JCEStreamCipher
-- {
-- public HC256()
-- {
-- super(new HC256Engine(), 32);
-- }
-- }
--
-- /**
-- * VMPC
-- */
-- static public class VMPC
-- extends JCEStreamCipher
-- {
-- public VMPC()
-- {
-- super(new VMPCEngine(), 16);
-- }
-- }
--
-- /**
-- * VMPC-KSA3
-- */
-- static public class VMPCKSA3
-- extends JCEStreamCipher
-- {
-- public VMPCKSA3()
-- {
-- super(new VMPCKSA3Engine(), 16);
-- }
-- }
-+
-+ // BEGIN android-removed
-+ // /**
-+ // * Salsa20
-+ // */
-+ // static public class Salsa20
-+ // extends JCEStreamCipher
-+ // {
-+ // public Salsa20()
-+ // {
-+ // super(new Salsa20Engine(), 8);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * HC-128
-+ // */
-+ // static public class HC128
-+ // extends JCEStreamCipher
-+ // {
-+ // public HC128()
-+ // {
-+ // super(new HC128Engine(), 16);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * HC-256
-+ // */
-+ // static public class HC256
-+ // extends JCEStreamCipher
-+ // {
-+ // public HC256()
-+ // {
-+ // super(new HC256Engine(), 32);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * VMPC
-+ // */
-+ // static public class VMPC
-+ // extends JCEStreamCipher
-+ // {
-+ // public VMPC()
-+ // {
-+ // super(new VMPCEngine(), 16);
-+ // }
-+ // }
-+ //
-+ // /**
-+ // * VMPC-KSA3
-+ // */
-+ // static public class VMPCKSA3
-+ // extends JCEStreamCipher
-+ // {
-+ // public VMPCKSA3()
-+ // {
-+ // super(new VMPCKSA3Engine(), 16);
-+ // }
-+ // }
-+ // END android-removed
- }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2011-09-01 17:21:06.000000000 +0000
-@@ -2,19 +2,25 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2011-09-08 21:28:49.000000000 +0000
+@@ -11,18 +11,24 @@
+ import javax.crypto.spec.DHGenParameterSpec;
+ import javax.crypto.spec.DHParameterSpec;
+ import javax.crypto.spec.IvParameterSpec;
+-import javax.crypto.spec.RC2ParameterSpec;
++// BEGIN android-removed
++// import javax.crypto.spec.RC2ParameterSpec;
++// END android-removed
import org.bouncycastle.crypto.generators.DHParametersGenerator;
import org.bouncycastle.crypto.generators.DSAParametersGenerator;
@@ -7935,17 +4935,9 @@
+// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
+// END android-removed
- import javax.crypto.spec.DHGenParameterSpec;
- import javax.crypto.spec.DHParameterSpec;
- import javax.crypto.spec.IvParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// END android-removed
- import java.security.AlgorithmParameterGeneratorSpi;
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
-@@ -144,196 +150,198 @@
+ public abstract class JDKAlgorithmParameterGenerator
+ extends AlgorithmParameterGeneratorSpi
+@@ -145,196 +151,198 @@
}
}
@@ -7979,7 +4971,7 @@
-
- try
- {
-- params = AlgorithmParameters.getInstance("GOST3410", "BC");
+- params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
- params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
- }
- catch (Exception e)
@@ -8031,7 +5023,7 @@
-
- try
- {
-- params = AlgorithmParameters.getInstance("ElGamal", "BC");
+- params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
- params.init(new DHParameterSpec(p.getP(), p.getG(), l));
- }
- catch (Exception e)
@@ -8069,7 +5061,7 @@
-
- try
- {
-- params = AlgorithmParameters.getInstance("DES", "BC");
+- params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
- params.init(new IvParameterSpec(iv));
- }
- catch (Exception e)
@@ -8117,7 +5109,7 @@
-
- try
- {
-- params = AlgorithmParameters.getInstance("RC2", "BC");
+- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
- params.init(new IvParameterSpec(iv));
- }
- catch (Exception e)
@@ -8129,7 +5121,7 @@
- {
- try
- {
-- params = AlgorithmParameters.getInstance("RC2", "BC");
+- params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
- params.init(spec);
- }
- catch (Exception e)
@@ -8141,204 +5133,204 @@
- return params;
- }
- }
-+ // BEGIN android-removed
-+ // public static class GOST3410
-+ // extends JDKAlgorithmParameterGenerator
-+ // {
-+ // protected void engineInit(
-+ // AlgorithmParameterSpec genParamSpec,
-+ // SecureRandom random)
-+ // throws InvalidAlgorithmParameterException
-+ // {
-+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
-+ // }
-+ //
-+ // protected AlgorithmParameters engineGenerateParameters()
-+ // {
-+ // GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
-+ //
-+ // if (random != null)
-+ // {
-+ // pGen.init(strength, 2, random);
-+ // }
-+ // else
-+ // {
-+ // pGen.init(strength, 2, new SecureRandom());
-+ // }
-+ //
-+ // GOST3410Parameters p = pGen.generateParameters();
-+ //
-+ // AlgorithmParameters params;
-+ //
-+ // try
-+ // {
-+ // params = AlgorithmParameters.getInstance("GOST3410", "BC");
-+ // params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
-+ // }
-+ // catch (Exception e)
-+ // {
-+ // throw new RuntimeException(e.getMessage());
-+ // }
-+ //
-+ // return params;
-+ // }
-+ // }
-+ //
-+ // public static class ElGamal
-+ // extends JDKAlgorithmParameterGenerator
-+ // {
-+ // private int l = 0;
-+ //
-+ // protected void engineInit(
-+ // AlgorithmParameterSpec genParamSpec,
-+ // SecureRandom random)
-+ // throws InvalidAlgorithmParameterException
-+ // {
-+ // if (!(genParamSpec instanceof DHGenParameterSpec))
-+ // {
-+ // throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
-+ // }
-+ // DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec;
-+ //
-+ // this.strength = spec.getPrimeSize();
-+ // this.l = spec.getExponentSize();
-+ // this.random = random;
-+ // }
-+ //
-+ // protected AlgorithmParameters engineGenerateParameters()
-+ // {
-+ // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
-+ //
-+ // if (random != null)
-+ // {
-+ // pGen.init(strength, 20, random);
-+ // }
-+ // else
-+ // {
-+ // pGen.init(strength, 20, new SecureRandom());
-+ // }
-+ //
-+ // ElGamalParameters p = pGen.generateParameters();
-+ //
-+ // AlgorithmParameters params;
-+ //
-+ // try
-+ // {
-+ // params = AlgorithmParameters.getInstance("ElGamal", "BC");
-+ // params.init(new DHParameterSpec(p.getP(), p.getG(), l));
-+ // }
-+ // catch (Exception e)
-+ // {
-+ // throw new RuntimeException(e.getMessage());
-+ // }
-+ //
-+ // return params;
-+ // }
-+ // }
-+ //
-+ // public static class DES
-+ // extends JDKAlgorithmParameterGenerator
-+ // {
-+ // protected void engineInit(
-+ // AlgorithmParameterSpec genParamSpec,
-+ // SecureRandom random)
-+ // throws InvalidAlgorithmParameterException
-+ // {
-+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-+ // }
-+ //
-+ // protected AlgorithmParameters engineGenerateParameters()
-+ // {
-+ // byte[] iv = new byte[8];
-+ //
-+ // if (random == null)
-+ // {
-+ // random = new SecureRandom();
-+ // }
-+ //
-+ // random.nextBytes(iv);
-+ //
-+ // AlgorithmParameters params;
-+ //
-+ // try
-+ // {
-+ // params = AlgorithmParameters.getInstance("DES", "BC");
-+ // params.init(new IvParameterSpec(iv));
-+ // }
-+ // catch (Exception e)
-+ // {
-+ // throw new RuntimeException(e.getMessage());
-+ // }
-+ //
-+ // return params;
-+ // }
-+ // }
-+ //
-+ // public static class RC2
-+ // extends JDKAlgorithmParameterGenerator
-+ // {
-+ // RC2ParameterSpec spec = null;
-+ //
-+ // protected void engineInit(
-+ // AlgorithmParameterSpec genParamSpec,
-+ // SecureRandom random)
-+ // throws InvalidAlgorithmParameterException
-+ // {
-+ // if (genParamSpec instanceof RC2ParameterSpec)
-+ // {
-+ // spec = (RC2ParameterSpec)genParamSpec;
-+ // return;
-+ // }
-+ //
-+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-+ // }
-+ //
-+ // protected AlgorithmParameters engineGenerateParameters()
-+ // {
-+ // AlgorithmParameters params;
-+ //
-+ // if (spec == null)
-+ // {
-+ // byte[] iv = new byte[8];
-+ //
-+ // if (random == null)
-+ // {
-+ // random = new SecureRandom();
-+ // }
-+ //
-+ // random.nextBytes(iv);
-+ //
-+ // try
-+ // {
-+ // params = AlgorithmParameters.getInstance("RC2", "BC");
-+ // params.init(new IvParameterSpec(iv));
-+ // }
-+ // catch (Exception e)
-+ // {
-+ // throw new RuntimeException(e.getMessage());
-+ // }
-+ // }
-+ // else
-+ // {
-+ // try
-+ // {
-+ // params = AlgorithmParameters.getInstance("RC2", "BC");
-+ // params.init(spec);
-+ // }
-+ // catch (Exception e)
-+ // {
-+ // throw new RuntimeException(e.getMessage());
-+ // }
-+ // }
-+ //
-+ // return params;
-+ // }
-+ // }
-+ // END android-removed
++ // BEGIN android-removed
++ // public static class GOST3410
++ // extends JDKAlgorithmParameterGenerator
++ // {
++ // protected void engineInit(
++ // AlgorithmParameterSpec genParamSpec,
++ // SecureRandom random)
++ // throws InvalidAlgorithmParameterException
++ // {
++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
++ // }
++ //
++ // protected AlgorithmParameters engineGenerateParameters()
++ // {
++ // GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
++ //
++ // if (random != null)
++ // {
++ // pGen.init(strength, 2, random);
++ // }
++ // else
++ // {
++ // pGen.init(strength, 2, new SecureRandom());
++ // }
++ //
++ // GOST3410Parameters p = pGen.generateParameters();
++ //
++ // AlgorithmParameters params;
++ //
++ // try
++ // {
++ // params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
++ // params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
++ // }
++ // catch (Exception e)
++ // {
++ // throw new RuntimeException(e.getMessage());
++ // }
++ //
++ // return params;
++ // }
++ // }
++ //
++ // public static class ElGamal
++ // extends JDKAlgorithmParameterGenerator
++ // {
++ // private int l = 0;
++ //
++ // protected void engineInit(
++ // AlgorithmParameterSpec genParamSpec,
++ // SecureRandom random)
++ // throws InvalidAlgorithmParameterException
++ // {
++ // if (!(genParamSpec instanceof DHGenParameterSpec))
++ // {
++ // throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
++ // }
++ // DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec;
++ //
++ // this.strength = spec.getPrimeSize();
++ // this.l = spec.getExponentSize();
++ // this.random = random;
++ // }
++ //
++ // protected AlgorithmParameters engineGenerateParameters()
++ // {
++ // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
++ //
++ // if (random != null)
++ // {
++ // pGen.init(strength, 20, random);
++ // }
++ // else
++ // {
++ // pGen.init(strength, 20, new SecureRandom());
++ // }
++ //
++ // ElGamalParameters p = pGen.generateParameters();
++ //
++ // AlgorithmParameters params;
++ //
++ // try
++ // {
++ // params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
++ // params.init(new DHParameterSpec(p.getP(), p.getG(), l));
++ // }
++ // catch (Exception e)
++ // {
++ // throw new RuntimeException(e.getMessage());
++ // }
++ //
++ // return params;
++ // }
++ // }
++ //
++ // public static class DES
++ // extends JDKAlgorithmParameterGenerator
++ // {
++ // protected void engineInit(
++ // AlgorithmParameterSpec genParamSpec,
++ // SecureRandom random)
++ // throws InvalidAlgorithmParameterException
++ // {
++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
++ // }
++ //
++ // protected AlgorithmParameters engineGenerateParameters()
++ // {
++ // byte[] iv = new byte[8];
++ //
++ // if (random == null)
++ // {
++ // random = new SecureRandom();
++ // }
++ //
++ // random.nextBytes(iv);
++ //
++ // AlgorithmParameters params;
++ //
++ // try
++ // {
++ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
++ // params.init(new IvParameterSpec(iv));
++ // }
++ // catch (Exception e)
++ // {
++ // throw new RuntimeException(e.getMessage());
++ // }
++ //
++ // return params;
++ // }
++ // }
++ //
++ // public static class RC2
++ // extends JDKAlgorithmParameterGenerator
++ // {
++ // RC2ParameterSpec spec = null;
++ //
++ // protected void engineInit(
++ // AlgorithmParameterSpec genParamSpec,
++ // SecureRandom random)
++ // throws InvalidAlgorithmParameterException
++ // {
++ // if (genParamSpec instanceof RC2ParameterSpec)
++ // {
++ // spec = (RC2ParameterSpec)genParamSpec;
++ // return;
++ // }
++ //
++ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
++ // }
++ //
++ // protected AlgorithmParameters engineGenerateParameters()
++ // {
++ // AlgorithmParameters params;
++ //
++ // if (spec == null)
++ // {
++ // byte[] iv = new byte[8];
++ //
++ // if (random == null)
++ // {
++ // random = new SecureRandom();
++ // }
++ //
++ // random.nextBytes(iv);
++ //
++ // try
++ // {
++ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
++ // params.init(new IvParameterSpec(iv));
++ // }
++ // catch (Exception e)
++ // {
++ // throw new RuntimeException(e.getMessage());
++ // }
++ // }
++ // else
++ // {
++ // try
++ // {
++ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
++ // params.init(spec);
++ // }
++ // catch (Exception e)
++ // {
++ // throw new RuntimeException(e.getMessage());
++ // }
++ // }
++ //
++ // return params;
++ // }
++ // }
++ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2011-09-08 21:28:49.000000000 +0000
@@ -10,21 +10,27 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
@@ -9836,12 +6828,12 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java 2011-09-01 17:21:06.000000000 +0000
-@@ -22,13 +22,17 @@
- import org.bouncycastle.crypto.DSA;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java 2011-09-08 21:28:49.000000000 +0000
+@@ -23,13 +23,17 @@
import org.bouncycastle.crypto.Digest;
+ import org.bouncycastle.crypto.digests.NullDigest;
import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
+// BEGIN android-removed
@@ -9856,9 +6848,9 @@
+// BEGIN android-removed
+// import org.bouncycastle.jce.interfaces.GOST3410Key;
+// END android-removed
- import org.bouncycastle.jce.provider.util.NullDigest;
public class JDKDSASigner
+ extends SignatureSpi
@@ -53,11 +57,16 @@
{
CipherParameters param;
@@ -9987,10 +6979,10 @@
static public class noneDSA
extends JDKDSASigner
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java 2011-09-01 17:21:06.000000000 +0000
-@@ -23,14 +23,20 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java 2011-09-08 21:28:49.000000000 +0000
+@@ -23,15 +23,21 @@
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
@@ -10001,6 +6993,7 @@
+// import org.bouncycastle.crypto.digests.MD4Digest;
+// END android-removed
import org.bouncycastle.crypto.digests.MD5Digest;
+ import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.RIPEMD256Digest;
@@ -10017,32 +7010,6 @@
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
-@@ -179,13 +185,13 @@
- }
- }
- }
-- else if (sig.length == expected.length - 2) // NULL left out
-+ else if (expected.length == sig.length - 2) // NULL left out
- {
- int sigOffset = sig.length - hash.length - 2;
- int expectedOffset = expected.length - hash.length - 2;
-
-- expected[1] -= 2; // adjust lengths
-- expected[3] -= 2;
-+ sig[1] -= 2; // adjust lengths
-+ sig[3] -= 2;
-
- for (int i = 0; i < hash.length; i++)
- {
-@@ -195,7 +201,7 @@
- }
- }
-
-- for (int i = 0; i < sigOffset; i++)
-+ for (int i = 0; i < expectedOffset; i++)
- {
- if (sig[i] != expected[i]) // check header less NULL
- {
@@ -265,14 +271,16 @@
}
}
@@ -10188,9 +7155,9 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java 2011-09-08 21:28:49.000000000 +0000
@@ -36,17 +36,21 @@
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -10220,7 +7187,28 @@
public JDKKeyFactory()
{
-@@ -162,25 +166,33 @@
+@@ -140,6 +144,20 @@
+
+ return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG());
+ }
++ // BEGIN android-added
++ else if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey)
++ {
++ DSAPublicKey k = (DSAPublicKey)key;
++
++ return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
++ }
++ else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof DSAPrivateKey)
++ {
++ DSAPrivateKey k = (DSAPrivateKey)key;
++
++ return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
++ }
++ // END android-added
+
+ throw new RuntimeException("not implemented yet " + key + " " + spec);
+ }
+@@ -162,25 +180,33 @@
}
else if (key instanceof DHPublicKey)
{
@@ -10268,7 +7256,7 @@
}
else if (key instanceof DSAPublicKey)
{
-@@ -190,14 +202,16 @@
+@@ -190,14 +216,16 @@
{
return new JDKDSAPrivateKey((DSAPrivateKey)key);
}
@@ -10293,7 +7281,7 @@
throw new InvalidKeyException("key type unknown");
}
-@@ -233,10 +247,12 @@
+@@ -233,10 +261,12 @@
{
return new JCEDHPublicKey(info);
}
@@ -10310,14 +7298,10 @@
else if (algOid.equals(X9ObjectIdentifiers.id_dsa))
{
return new JDKDSAPublicKey(info);
-@@ -245,18 +261,19 @@
+@@ -249,14 +279,15 @@
{
- return new JDKDSAPublicKey(info);
+ return new JCEECPublicKey(info);
}
-- else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-- {
-- return new JCEECPublicKey(info);
-- }
- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
- {
- return new JDKGOST3410PublicKey(info);
@@ -10327,10 +7311,6 @@
- return new JCEECPublicKey(info);
- }
+ // BEGIN android-removed
-+ // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-+ // {
-+ // return new JCEECPublicKey(info);
-+ // }
+ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
+ // {
+ // return new JDKGOST3410PublicKey(info);
@@ -10342,7 +7322,7 @@
else
{
throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised");
-@@ -290,26 +307,30 @@
+@@ -294,10 +325,12 @@
{
return new JCEDHPrivateKey(info);
}
@@ -10359,11 +7339,10 @@
else if (algOid.equals(X9ObjectIdentifiers.id_dsa))
{
return new JDKDSAPrivateKey(info);
+@@ -306,14 +339,16 @@
+ {
+ return new JCEECPrivateKey(info);
}
-- else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-- {
-- return new JCEECPrivateKey(info);
-- }
- else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
- {
- return new JDKGOST3410PrivateKey(info);
@@ -10373,10 +7352,6 @@
- return new JCEECPrivateKey(info);
- }
+ // BEGIN android-removed
-+ // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-+ // {
-+ // return new JCEECPrivateKey(info);
-+ // }
+ // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
+ // {
+ // return new JDKGOST3410PrivateKey(info);
@@ -10389,7 +7364,7 @@
else
{
throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised");
-@@ -440,89 +461,92 @@
+@@ -444,89 +479,92 @@
}
}
@@ -10566,9 +7541,9 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2011-09-08 21:28:49.000000000 +0000
@@ -6,9 +6,11 @@
import org.bouncycastle.crypto.generators.DHParametersGenerator;
import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
@@ -10910,9 +7885,9 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java 2011-09-08 21:28:49.000000000 +0000
@@ -39,7 +39,12 @@
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
@@ -11013,9 +7988,9 @@
- }
+ }
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java 2011-09-08 21:28:49.000000000 +0000
@@ -57,36 +57,38 @@
{
super(new SHA1Digest());
@@ -11460,10 +8435,10 @@
+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2011-09-01 17:21:06.000000000 +0000
-@@ -255,10 +255,13 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2011-09-08 21:28:49.000000000 +0000
+@@ -260,10 +260,13 @@
}
}
@@ -11481,7 +8456,7 @@
}
/**
-@@ -433,6 +436,14 @@
+@@ -438,6 +441,14 @@
public Date engineGetCreationDate(String alias)
{
@@ -11496,7 +8471,7 @@
return new Date();
}
-@@ -491,6 +502,11 @@
+@@ -496,6 +507,11 @@
Certificate[] chain)
throws KeyStoreException
{
@@ -11508,7 +8483,7 @@
if ((key instanceof PrivateKey) && (chain == null))
{
throw new KeyStoreException("no certificate chain for private key");
-@@ -502,12 +518,18 @@
+@@ -507,12 +523,18 @@
}
keys.put(alias, key);
@@ -11527,7 +8502,7 @@
}
public int engineSize()
-@@ -1434,7 +1456,9 @@
+@@ -1488,7 +1510,9 @@
{
byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data);
@@ -11538,7 +8513,7 @@
DigestInfo dInfo = new DigestInfo(algId, res);
mData = new MacData(dInfo, mSalt, itCount);
-@@ -1484,32 +1508,34 @@
+@@ -1545,32 +1569,34 @@
}
}
@@ -11599,7 +8574,7 @@
private static class IgnoresCaseHashtable
{
-@@ -1518,7 +1544,7 @@
+@@ -1579,7 +1605,7 @@
public void put(String key, Object value)
{
@@ -11608,7 +8583,7 @@
String k = (String)keys.get(lower);
if (k != null)
{
-@@ -1536,7 +1562,9 @@
+@@ -1597,7 +1623,9 @@
public Object remove(String alias)
{
@@ -11619,7 +8594,7 @@
if (k == null)
{
return null;
-@@ -1547,7 +1575,9 @@
+@@ -1608,7 +1636,9 @@
public Object get(String alias)
{
@@ -11630,9 +8605,9 @@
if (k == null)
{
return null;
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java 2011-09-08 21:28:49.000000000 +0000
@@ -7,12 +7,18 @@
import org.bouncycastle.crypto.CipherParameters;
@@ -11705,152 +8680,9 @@
case SHA256:
generator = new PKCS12ParametersGenerator(new SHA256Digest());
break;
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2011-09-01 17:21:06.000000000 +0000
-@@ -1,6 +1,9 @@
- package org.bouncycastle.jce.provider;
-
- import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-+// BEGIN android-added
-+import org.bouncycastle.asn1.OrderedTable;
-+// END android-added
- import org.bouncycastle.asn1.DERObjectIdentifier;
- import org.bouncycastle.asn1.DEREncodable;
- import org.bouncycastle.asn1.ASN1OutputStream;
-@@ -17,65 +20,73 @@
- class PKCS12BagAttributeCarrierImpl
- implements PKCS12BagAttributeCarrier
- {
-- private Hashtable pkcs12Attributes;
-- private Vector pkcs12Ordering;
--
-- PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
-- {
-- this.pkcs12Attributes = attributes;
-- this.pkcs12Ordering = ordering;
-- }
-+ // BEGIN android-changed
-+ private OrderedTable pkcs12 = new OrderedTable();
-+ // END android-changed
-+
-+ // BEGIN android-removed
-+ // PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
-+ // {
-+ // this.pkcs12Attributes = attributes;
-+ // this.pkcs12Ordering = ordering;
-+ // }
-+ // END android-removed
-
- public PKCS12BagAttributeCarrierImpl()
- {
-- this(new Hashtable(), new Vector());
-+ // BEGIN android-removed
-+ // this(new Hashtable(), new Vector());
-+ // END android-removed
- }
-
- public void setBagAttribute(
- DERObjectIdentifier oid,
- DEREncodable attribute)
- {
-- if (pkcs12Attributes.containsKey(oid))
-- { // preserve original ordering
-- pkcs12Attributes.put(oid, attribute);
-- }
-- else
-- {
-- pkcs12Attributes.put(oid, attribute);
-- pkcs12Ordering.addElement(oid);
-- }
-+ // BEGIN android-changed
-+ // preserve original ordering
-+ pkcs12.put(oid, attribute);
-+ // END android-changed
- }
-
- public DEREncodable getBagAttribute(
- DERObjectIdentifier oid)
- {
-- return (DEREncodable)pkcs12Attributes.get(oid);
-+ // BEGIN android-changed
-+ return (DEREncodable)pkcs12.get(oid);
-+ // END android-changed
- }
-
- public Enumeration getBagAttributeKeys()
- {
-- return pkcs12Ordering.elements();
-+ // BEGIN android-changed
-+ return pkcs12.getKeys();
-+ // END android-changed
- }
-
- int size()
- {
-- return pkcs12Ordering.size();
-- }
--
-- Hashtable getAttributes()
-- {
-- return pkcs12Attributes;
-- }
--
-- Vector getOrdering()
-- {
-- return pkcs12Ordering;
-- }
-+ // BEGIN android-changed
-+ return pkcs12.size();
-+ // END android-changed
-+ }
-+
-+ // BEGIN android-removed
-+ // Hashtable getAttributes()
-+ // {
-+ // return pkcs12Attributes;
-+ // }
-+ //
-+ // Vector getOrdering()
-+ // {
-+ // return pkcs12Ordering;
-+ // }
-+ // END android-removed
-
- public void writeObject(ObjectOutputStream out)
- throws IOException
- {
-- if (pkcs12Ordering.size() == 0)
-+ if (pkcs12.size() == 0)
- {
- out.writeObject(new Hashtable());
- out.writeObject(new Vector());
-@@ -92,7 +103,7 @@
- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
-
- aOut.writeObject(oid);
-- aOut.writeObject(pkcs12Attributes.get(oid));
-+ aOut.writeObject(pkcs12.get(oid));
- }
-
- out.writeObject(bOut.toByteArray());
-@@ -106,8 +117,11 @@
-
- if (obj instanceof Hashtable)
- {
-- this.pkcs12Attributes = (Hashtable)obj;
-- this.pkcs12Ordering = (Vector)in.readObject();
-+ // BEGIN android-changed
-+ // we only write out Hashtable/Vector in empty case
-+ in.readObject(); // consume empty Vector
-+ this.pkcs12 = new OrderedTable();
-+ // END android-changed
- }
- else
- {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java 2011-09-08 21:28:49.000000000 +0000
@@ -33,7 +33,9 @@
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -11913,24 +8745,9 @@
else
{
throw new CertificateEncodingException("unsupported encoding: " + encoding);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2011-09-01 17:21:06.000000000 +0000
-@@ -172,8 +172,9 @@
- try
- {
- // check whether the issuer of <tbvCert> is a TrustAnchor
-- if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
-- pkixParams.getSigProvider()) != null)
-+ // BEGIN android-changed
-+ if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams) != null)
-+ // END android-changed
- {
- // exception message from possibly later tried certification
- // chains
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2011-09-08 21:28:49.000000000 +0000
@@ -1,5 +1,8 @@
package org.bouncycastle.jce.provider;
@@ -11948,14 +8765,7 @@
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
-@@ -20,9 +24,17 @@
-
- import javax.security.auth.x500.X500Principal;
-
-+// BEGIN android-added
-+import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-+
-+// END android-added
+@@ -23,6 +27,10 @@
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -11966,7 +8776,7 @@
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.x509.ExtendedPKIXParameters;
-@@ -33,6 +45,55 @@
+@@ -33,6 +41,63 @@
public class PKIXCertPathValidatorSpi
extends CertPathValidatorSpi
{
@@ -12001,6 +8811,14 @@
+ // Issuer: CN=Entrust.net
+ {(byte)0xe2, (byte)0x3b, (byte)0x8d, (byte)0x10, (byte)0x5f, (byte)0x87, (byte)0x71, (byte)0x0a, (byte)0x68, (byte)0xd9,
+ (byte)0x24, (byte)0x80, (byte)0x50, (byte)0xeb, (byte)0xef, (byte)0xc6, (byte)0x27, (byte)0xbe, (byte)0x4c, (byte)0xa6},
++ // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
++ // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
++ {(byte)0x7b, (byte)0x2e, (byte)0x16, (byte)0xbc, (byte)0x39, (byte)0xbc, (byte)0xd7, (byte)0x2b, (byte)0x45, (byte)0x6e,
++ (byte)0x9f, (byte)0x05, (byte)0x5d, (byte)0x1d, (byte)0xe6, (byte)0x15, (byte)0xb7, (byte)0x49, (byte)0x45, (byte)0xdb},
++ // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
++ // Issuer: CN=Staat der Nederlanden Overheid CA
++ {(byte)0xe8, (byte)0xf9, (byte)0x12, (byte)0x00, (byte)0xc6, (byte)0x5c, (byte)0xee, (byte)0x16, (byte)0xe0, (byte)0x39,
++ (byte)0xb9, (byte)0xf8, (byte)0x83, (byte)0x84, (byte)0x16, (byte)0x61, (byte)0x63, (byte)0x5f, (byte)0x81, (byte)0xc5},
+ };
+
+ private static boolean isPublicKeyBlackListed(PublicKey publicKey) {
@@ -12022,26 +8840,7 @@
public CertPathValidatorResult engineValidate(
CertPath certPath,
-@@ -46,6 +107,18 @@
- + " instance.");
- }
-
-+ // BEGIN android-added
-+ IndexedPKIXParameters indexedParams;
-+ if (params instanceof IndexedPKIXParameters)
-+ {
-+ indexedParams = (IndexedPKIXParameters)params;
-+ }
-+ else
-+ {
-+ indexedParams = null;
-+ }
-+
-+ // END android-added
- ExtendedPKIXParameters paramsPKIX;
- if (params instanceof ExtendedPKIXParameters)
- {
-@@ -75,6 +148,22 @@
+@@ -75,6 +140,22 @@
{
throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
}
@@ -12064,51 +8863,7 @@
//
// (b)
-@@ -90,10 +179,15 @@
- // (d)
- //
- TrustAnchor trust;
-+ // BEGIN android-added
-+ X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1);
-+ // END android-added
- try
- {
-- trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
-- paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
-+ // BEGIN android-changed
-+ trust = CertPathValidatorUtilities.findTrustAnchor(lastCert,
-+ indexedParams != null ? indexedParams : paramsPKIX);
-+ // END android-changed
- }
- catch (AnnotatedException e)
- {
-@@ -189,12 +283,25 @@
- X500Principal workingIssuerName;
-
- X509Certificate sign = trust.getTrustedCert();
-+ // BEGIN android-added
-+ boolean trustAnchorInChain = false;
-+ // END android-added
- try
- {
- if (sign != null)
- {
- workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
- workingPublicKey = sign.getPublicKey();
-+ // BEGIN android-added
-+ // There is similar code in CertPathValidatorUtilities.
-+ try {
-+ byte[] trustBytes = sign.getEncoded();
-+ byte[] certBytes = lastCert.getEncoded();
-+ trustAnchorInChain = Arrays.equals(trustBytes, certBytes);
-+ } catch(Exception e) {
-+ // ignore, continue with trustAnchorInChain being false
-+ }
-+ // END android-added
- }
- else
- {
-@@ -251,6 +358,15 @@
+@@ -251,6 +332,15 @@
for (index = certs.size() - 1; index >= 0; index--)
{
@@ -12124,51 +8879,9 @@
// try
// {
//
-@@ -271,8 +387,10 @@
- // 6.1.3
- //
-
-+ // BEGIN android-changed
- RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
-- verificationAlreadyPerformed, workingIssuerName, sign);
-+ verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain);
-+ // END android-changed
-
- RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
-
-@@ -289,11 +407,18 @@
-
- if (i != n)
- {
-+ // BEGIN android-added
-+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+ {
-+ // END android-added
- if (cert != null && cert.getVersion() == 1)
- {
- throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null,
- certPath, index);
- }
-+ // BEGIN android-added
-+ }
-+ // END android-added
-
- RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
-
-@@ -317,7 +442,9 @@
- inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
-
- // (k)
-- RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
-+ // BEGIN android-changed
-+ RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain);
-+ // END android-changed
-
- // (l)
- maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2011-09-08 21:28:49.000000000 +0000
@@ -1533,7 +1533,9 @@
for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
{
@@ -12180,232 +8893,10 @@
if (subtreesMap.get(tagNo) == null)
{
subtreesMap.put(tagNo, new HashSet());
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java 2011-09-01 17:21:06.000000000 +0000
-@@ -1,9 +1,13 @@
- package org.bouncycastle.jce.provider;
-
- import org.bouncycastle.jce.ProviderConfigurationPermission;
--import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
-+// BEGIN android-removed
-+// import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
-+// END android-removed
- import org.bouncycastle.jce.interfaces.ConfigurableProvider;
--import org.bouncycastle.jce.spec.ECParameterSpec;
-+// BEGIN android-removed
-+// import org.bouncycastle.jce.spec.ECParameterSpec;
-+// END android-removed
-
- import java.io.ByteArrayInputStream;
- import java.io.IOException;
-@@ -20,68 +24,74 @@
- "BC", ConfigurableProvider.EC_IMPLICITLY_CA);
-
- private static ThreadLocal threadSpec = new ThreadLocal();
-- private static volatile ECParameterSpec ecImplicitCaParams;
-+ // BEGIN android-removed
-+ // private static volatile ECParameterSpec ecImplicitCaParams;
-+ // END android-removed
-
- static void setParameter(String parameterName, Object parameter)
- {
- SecurityManager securityManager = System.getSecurityManager();
-
-- if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
-- {
-- ECParameterSpec curveSpec;
--
-- if (securityManager != null)
-- {
-- securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
-- }
--
-- if (parameter instanceof ECParameterSpec || parameter == null)
-- {
-- curveSpec = (ECParameterSpec)parameter;
-- }
-- else // assume java.security.spec
-- {
-- curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-- }
--
-- if (curveSpec == null)
-- {
-- threadSpec.remove();
-- }
-- else
-- {
-- threadSpec.set(curveSpec);
-- }
-- }
-- else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
-- {
-- if (securityManager != null)
-- {
-- securityManager.checkPermission(BC_EC_PERMISSION);
-- }
--
-- if (parameter instanceof ECParameterSpec || parameter == null)
-- {
-- ecImplicitCaParams = (ECParameterSpec)parameter;
-- }
-- else // assume java.security.spec
-- {
-- ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-- }
-- }
-+ // BEGIN android-removed
-+ // if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
-+ // {
-+ // ECParameterSpec curveSpec;
-+ //
-+ // if (securityManager != null)
-+ // {
-+ // securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
-+ // }
-+ //
-+ // if (parameter instanceof ECParameterSpec || parameter == null)
-+ // {
-+ // curveSpec = (ECParameterSpec)parameter;
-+ // }
-+ // else // assume java.security.spec
-+ // {
-+ // curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-+ // }
-+ //
-+ // if (curveSpec == null)
-+ // {
-+ // threadSpec.remove();
-+ // }
-+ // else
-+ // {
-+ // threadSpec.set(curveSpec);
-+ // }
-+ // }
-+ // else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
-+ // {
-+ // if (securityManager != null)
-+ // {
-+ // securityManager.checkPermission(BC_EC_PERMISSION);
-+ // }
-+ //
-+ // if (parameter instanceof ECParameterSpec || parameter == null)
-+ // {
-+ // ecImplicitCaParams = (ECParameterSpec)parameter;
-+ // }
-+ // else // assume java.security.spec
-+ // {
-+ // ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-+ // }
-+ // }
-+ // END android-removed
- }
-
-- public static ECParameterSpec getEcImplicitlyCa()
-- {
-- ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
--
-- if (spec != null)
-- {
-- return spec;
-- }
--
-- return ecImplicitCaParams;
-- }
-+ // BEGIN android-removed
-+ // public static ECParameterSpec getEcImplicitlyCa()
-+ // {
-+ // ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
-+ //
-+ // if (spec != null)
-+ // {
-+ // return spec;
-+ // }
-+ //
-+ // return ecImplicitCaParams;
-+ // }
-+ // END android-removed
-
- static int getReadLimit(InputStream in)
- throws IOException
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2011-09-01 17:21:06.000000000 +0000
-@@ -1471,7 +1471,11 @@
- PublicKey workingPublicKey,
- boolean verificationAlreadyPerformed,
- X500Principal workingIssuerName,
-- X509Certificate sign)
-+ X509Certificate sign,
-+ // BEGIN android-added
-+ int i,
-+ boolean trustAnchorInChain)
-+ // END android-added
- throws ExtCertPathValidatorException
- {
- List certs = certPath.getCertificates();
-@@ -1485,8 +1489,15 @@
- {
- // (a) (1)
- //
-+ // BEGIN android-added
-+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+ {
-+ // END android-added
- CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
- paramsPKIX.getSigProvider());
-+ // BEGIN android-added
-+ }
-+ // END android-added
- }
- catch (GeneralSecurityException e)
- {
-@@ -2077,7 +2088,11 @@
-
- protected static void prepareNextCertK(
- CertPath certPath,
-- int index)
-+ int index,
-+ // BEGIN android-added
-+ int i,
-+ boolean trustAnchorInChain)
-+ // END android-added
- throws CertPathValidatorException
- {
- List certs = certPath.getCertificates();
-@@ -2105,7 +2120,14 @@
- }
- else
- {
-+ // BEGIN android-added
-+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+ {
-+ // END android-added
- throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
-+ // BEGIN android-added
-+ }
-+ // END android-added
- }
- }
-
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java 2011-09-01 17:21:06.000000000 +0000
-@@ -12,8 +12,10 @@
- import org.bouncycastle.crypto.Wrapper;
- import org.bouncycastle.crypto.engines.DESedeEngine;
- import org.bouncycastle.crypto.engines.DESedeWrapEngine;
--import org.bouncycastle.crypto.engines.RC2WrapEngine;
--import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RC2WrapEngine;
-+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// END android-removed
- import org.bouncycastle.crypto.params.KeyParameter;
- import org.bouncycastle.crypto.params.ParametersWithIV;
-
-@@ -25,8 +27,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java 2011-09-08 21:28:49.000000000 +0000
+@@ -22,8 +22,10 @@
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEParameterSpec;
@@ -12416,9 +8907,20 @@
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
import javax.crypto.spec.SecretKeySpec;
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
-@@ -52,8 +56,10 @@
+
+ import org.bouncycastle.asn1.ASN1InputStream;
+@@ -36,7 +38,9 @@
+ import org.bouncycastle.crypto.CipherParameters;
+ import org.bouncycastle.crypto.InvalidCipherTextException;
+ import org.bouncycastle.crypto.Wrapper;
+-import org.bouncycastle.crypto.engines.RC2WrapEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.RC2WrapEngine;
++// END android-removed
+ import org.bouncycastle.crypto.params.KeyParameter;
+ import org.bouncycastle.crypto.params.ParametersWithIV;
+
+@@ -50,8 +54,10 @@
{
IvParameterSpec.class,
PBEParameterSpec.class,
@@ -12431,7 +8933,7 @@
};
protected int pbeType = PKCS12;
-@@ -265,16 +271,19 @@
+@@ -263,16 +269,19 @@
return null;
}
@@ -12452,7 +8954,7 @@
protected byte[] engineWrap(
Key key)
-@@ -307,7 +316,12 @@
+@@ -305,7 +314,12 @@
byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
@@ -12466,37 +8968,24 @@
{
byte[] encoded;
try
-@@ -354,15 +368,20 @@
-
- DERObjectIdentifier oid = in.getAlgorithmId().getObjectId();
-
-- if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-- {
-- privKey = new JCEECPrivateKey(in);
-- }
+@@ -356,10 +370,12 @@
+ {
+ privKey = new JCEECPrivateKey(in);
+ }
- else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94))
- {
- privKey = new JDKGOST3410PrivateKey(in);
- }
-- else if (oid.equals(X9ObjectIdentifiers.id_dsa))
+ // BEGIN android-removed
-+ // if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-+ // {
-+ // privKey = new JCEECPrivateKey(in);
-+ // }
+ // else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94))
+ // {
+ // privKey = new JDKGOST3410PrivateKey(in);
+ // }
-+ // else if (oid.equals(X9ObjectIdentifiers.id_dsa))
+ // END android-removed
-+ // BEGIN android-added
-+ if (oid.equals(X9ObjectIdentifiers.id_dsa))
-+ // END android-added
+ else if (oid.equals(X9ObjectIdentifiers.id_dsa))
{
privKey = new JDKDSAPrivateKey(in);
- }
-@@ -405,10 +424,12 @@
+@@ -403,10 +419,12 @@
{
throw new InvalidKeyException("Unknown key type " + e.getMessage());
}
@@ -12513,9 +9002,9 @@
catch (InvalidKeySpecException e2)
{
throw new InvalidKeyException("Unknown key type " + e2.getMessage());
-@@ -433,21 +454,23 @@
- }
- }
+@@ -420,12 +438,14 @@
+ // classes that inherit directly from us
+ //
- public static class RC2Wrap
- extends WrapCipherSpi
@@ -12525,15 +9014,6 @@
- super(new RC2WrapEngine());
- }
- }
--
-- public static class RFC3211DESedeWrap
-- extends WrapCipherSpi
-- {
-- public RFC3211DESedeWrap()
-- {
-- super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-- }
-- }
+ // BEGIN android-removed
+ // public static class RC2Wrap
+ // extends WrapCipherSpi
@@ -12543,21 +9023,12 @@
+ // super(new RC2WrapEngine());
+ // }
+ // }
-+ //
-+ // public static class RFC3211DESedeWrap
-+ // extends WrapCipherSpi
-+ // {
-+ // public RFC3211DESedeWrap()
-+ // {
-+ // super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-+ // }
-+ // }
+ // END android-removed
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java 2011-09-01 17:21:06.000000000 +0000
-@@ -518,12 +518,20 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java 2011-09-08 21:28:49.000000000 +0000
+@@ -520,12 +520,20 @@
return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
}
@@ -12579,7 +9050,7 @@
}
catch (IOException e)
{
-@@ -703,7 +711,7 @@
+@@ -711,7 +719,7 @@
{
Signature signature;
String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
@@ -12587,10 +9058,10 @@
+
try
{
- signature = Signature.getInstance(sigName, "BC");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java 2011-09-01 17:21:06.000000000 +0000
+ signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java 2011-09-08 21:28:49.000000000 +0000
@@ -25,7 +25,9 @@
class X509SignatureUtil
@@ -12681,21 +9152,998 @@
else
{
return digestAlgOID.getId();
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java 2011-09-01 17:21:06.000000000 +0000
-@@ -5,7 +5,9 @@
- import org.bouncycastle.crypto.engines.AESEngine;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java 2011-09-08 21:28:49.000000000 +0000
+@@ -4,8 +4,10 @@
+
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+-import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+
+ public class EC
+@@ -16,39 +18,49 @@
+ public Mappings()
+ {
+ put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DH");
+- put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC");
+- put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV");
+- put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF");
+- put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF");
++ // BEGIN android-removed
++ // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC");
++ // put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV");
++ // put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF");
++ // put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF");
++ // END android-removed
+
+ put("KeyFactory.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$EC");
+- put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA");
+- put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH");
+- put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC");
+- put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV");
++ // BEGIN android-removed
++ // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA");
++ // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH");
++ // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC");
++ // put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV");
++ // END android-removed
+ put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC");
+ // TODO Should this be an alias for ECDH?
+ put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+- put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+-
+- put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410");
+- put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410");
+- put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410");
+- put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
++ // BEGIN android-removed
++ // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
++ //
++ // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410");
++ // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410");
++ // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410");
++ // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
++ // END android-removed
+
+ put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC");
+- put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA");
+- put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+- put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC");
+- put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+- put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV");
++ // BEGIN android-removed
++ // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA");
++ // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
++ // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC");
++ // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
++ // put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV");
++ // END android-removed
+ // TODO Should this be an alias for ECDH?
+ put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+- put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+-
+- put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410");
+- put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410");
+- put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410");
++ // BEGIN android-removed
++ // put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
++ //
++ // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410");
++ // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410");
++ // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410");
++ // END android-removed
+
+ put("Signature.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA");
+ put("Signature.NONEwithECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSAnone");
+@@ -60,23 +72,27 @@
+ put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
+ put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
+ put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
+- put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
+-
+- addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // BEGIN android-removed
++ // put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
++ //
++ // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // END android-removed
+ addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
+ addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
+ addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
+- addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+-
+- put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR");
+- put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224");
+- put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256");
+- put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384");
+- put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512");
+-
+- addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+- addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+- addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
++ // BEGIN android-removed
++ // addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
++ //
++ // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR");
++ // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224");
++ // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256");
++ // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384");
++ // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512");
++ //
++ // addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
++ // addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
++ // addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
++ // END android-removed
+ }
+
+ private void addSignatureAlgorithm(
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java 2011-09-08 21:28:49.000000000 +0000
+@@ -1,10 +1,14 @@
+ package org.bouncycastle.jce.provider.asymmetric.ec;
+
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+ import org.bouncycastle.asn1.x9.X9ECParameters;
+ import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+@@ -167,14 +171,16 @@
+ {
+ oid = NISTNamedCurves.getOID(name);
+ }
+- if (oid == null)
+- {
+- oid = TeleTrusTNamedCurves.getOID(name);
+- }
+- if (oid == null)
+- {
+- oid = ECGOST3410NamedCurves.getOID(name);
+- }
++ // BEGIN android-removed
++ // if (oid == null)
++ // {
++ // oid = TeleTrusTNamedCurves.getOID(name);
++ // }
++ // if (oid == null)
++ // {
++ // oid = ECGOST3410NamedCurves.getOID(name);
++ // }
++ // END android-removed
+ }
+
+ return oid;
+@@ -192,10 +198,12 @@
+ {
+ params = NISTNamedCurves.getByOID(oid);
+ }
+- if (params == null)
+- {
+- params = TeleTrusTNamedCurves.getByOID(oid);
+- }
++ // BEGIN android-removed
++ // if (params == null)
++ // {
++ // params = TeleTrusTNamedCurves.getByOID(oid);
++ // }
++ // END android-removed
+ }
+
+ return params;
+@@ -213,14 +221,16 @@
+ {
+ name = NISTNamedCurves.getName(oid);
+ }
+- if (name == null)
+- {
+- name = TeleTrusTNamedCurves.getName(oid);
+- }
+- if (name == null)
+- {
+- name = ECGOST3410NamedCurves.getName(oid);
+- }
++ // BEGIN android-removed
++ // if (name == null)
++ // {
++ // name = TeleTrusTNamedCurves.getName(oid);
++ // }
++ // if (name == null)
++ // {
++ // name = ECGOST3410NamedCurves.getName(oid);
++ // }
++ // END android-removed
+ }
+
+ return name;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java 2011-09-08 21:28:49.000000000 +0000
+@@ -24,20 +24,26 @@
+ import org.bouncycastle.crypto.CipherParameters;
+ import org.bouncycastle.crypto.DerivationFunction;
+ import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
+-import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
+-import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
+-import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+-import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
++// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
++// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
++// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
++// END android-removed
+ import org.bouncycastle.crypto.digests.SHA1Digest;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+-import org.bouncycastle.crypto.params.MQVPrivateParameters;
+-import org.bouncycastle.crypto.params.MQVPublicParameters;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.params.MQVPrivateParameters;
++// import org.bouncycastle.crypto.params.MQVPublicParameters;
++// END android-removed
+ import org.bouncycastle.jce.interfaces.ECPrivateKey;
+ import org.bouncycastle.jce.interfaces.ECPublicKey;
+-import org.bouncycastle.jce.interfaces.MQVPrivateKey;
+-import org.bouncycastle.jce.interfaces.MQVPublicKey;
++// BEGIN android-removed
++// import org.bouncycastle.jce.interfaces.MQVPrivateKey;
++// import org.bouncycastle.jce.interfaces.MQVPublicKey;
++// END android-removed
+
+ /**
+ * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
+@@ -53,9 +59,11 @@
+
+ static
+ {
+- Integer i128 = new Integer(128);
+- Integer i192 = new Integer(192);
+- Integer i256 = new Integer(256);
++ // BEGIN android-changed
++ Integer i128 = Integer.valueOf(128);
++ Integer i192 = Integer.valueOf(192);
++ Integer i256 = Integer.valueOf(256);
++ // END android-changed
+
+ algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128);
+ algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192);
+@@ -70,7 +78,9 @@
+ private BigInteger result;
+ private ECDomainParameters parameters;
+ private BasicAgreement agreement;
+- private DerivationFunction kdf;
++ // BEGIN android-removed
++ // private DerivationFunction kdf;
++ // END android-removed
+
+ private byte[] bigIntToBytes(
+ BigInteger r)
+@@ -85,7 +95,9 @@
+ {
+ this.kaAlgorithm = kaAlgorithm;
+ this.agreement = agreement;
+- this.kdf = kdf;
++ // BEGIN android-removed
++ // this.kdf = kdf;
++ // END android-removed
+ }
+
+ protected Key engineDoPhase(
+@@ -104,25 +116,27 @@
+ }
+
+ CipherParameters pubKey;
+- if (agreement instanceof ECMQVBasicAgreement)
+- {
+- if (!(key instanceof MQVPublicKey))
+- {
+- throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+- + getSimpleName(MQVPublicKey.class) + " for doPhase");
+- }
+-
+- MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+- ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+- ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+- ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+- ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+-
+- pubKey = new MQVPublicParameters(staticKey, ephemKey);
+-
+- // TODO Validate that all the keys are using the same parameters?
+- }
+- else
++ // BEGIN android-removed
++ // if (agreement instanceof ECMQVBasicAgreement)
++ // {
++ // if (!(key instanceof MQVPublicKey))
++ // {
++ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
++ // + getSimpleName(MQVPublicKey.class) + " for doPhase");
++ // }
++ //
++ // MQVPublicKey mqvPubKey = (MQVPublicKey)key;
++ // ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
++ // ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
++ // ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
++ // ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
++ //
++ // pubKey = new MQVPublicParameters(staticKey, ephemKey);
++ //
++ // // TODO Validate that all the keys are using the same parameters?
++ // }
++ // else
++ // END android-removed
+ {
+ if (!(key instanceof ECPublicKey))
+ {
+@@ -143,11 +157,13 @@
+ protected byte[] engineGenerateSecret()
+ throws IllegalStateException
+ {
+- if (kdf != null)
+- {
+- throw new UnsupportedOperationException(
+- "KDF can only be used when algorithm is known");
+- }
++ // BEGIN android-removed
++ // if (kdf != null)
++ // {
++ // throw new UnsupportedOperationException(
++ // "KDF can only be used when algorithm is known");
++ // }
++ // END android-removed
+
+ return bigIntToBytes(result);
+ }
+@@ -175,23 +191,25 @@
+ {
+ byte[] secret = bigIntToBytes(result);
+
+- if (kdf != null)
+- {
+- if (!algorithms.containsKey(algorithm))
+- {
+- throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
+- }
+-
+- int keySize = ((Integer)algorithms.get(algorithm)).intValue();
+-
+- DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
+-
+- byte[] keyBytes = new byte[keySize / 8];
+- kdf.init(params);
+- kdf.generateBytes(keyBytes, 0, keyBytes.length);
+- secret = keyBytes;
+- }
+- else
++ // BEGIN android-removed
++ // if (kdf != null)
++ // {
++ // if (!algorithms.containsKey(algorithm))
++ // {
++ // throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
++ // }
++ //
++ // int keySize = ((Integer)algorithms.get(algorithm)).intValue();
++ //
++ // DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
++ //
++ // byte[] keyBytes = new byte[keySize / 8];
++ // kdf.init(params);
++ // kdf.generateBytes(keyBytes, 0, keyBytes.length);
++ // secret = keyBytes;
++ // }
++ // else
++ // END android-removed
+ {
+ // TODO Should we be ensuring the key is the right length?
+ }
+@@ -219,35 +237,37 @@
+ private void initFromKey(Key key)
+ throws InvalidKeyException
+ {
+- if (agreement instanceof ECMQVBasicAgreement)
+- {
+- if (!(key instanceof MQVPrivateKey))
+- {
+- throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+- + getSimpleName(MQVPrivateKey.class) + " for initialisation");
+- }
+-
+- MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+- ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
+- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+- ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
+- ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+-
+- ECPublicKeyParameters ephemPubKey = null;
+- if (mqvPrivKey.getEphemeralPublicKey() != null)
+- {
+- ephemPubKey = (ECPublicKeyParameters)
+- ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+- }
+-
+- MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+- this.parameters = staticPrivKey.getParameters();
+-
+- // TODO Validate that all the keys are using the same parameters?
+-
+- agreement.init(localParams);
+- }
+- else
++ // BEGIN android-removed
++ // if (agreement instanceof ECMQVBasicAgreement)
++ // {
++ // if (!(key instanceof MQVPrivateKey))
++ // {
++ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
++ // + getSimpleName(MQVPrivateKey.class) + " for initialisation");
++ // }
++ //
++ // MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
++ // ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
++ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
++ // ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
++ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
++ //
++ // ECPublicKeyParameters ephemPubKey = null;
++ // if (mqvPrivKey.getEphemeralPublicKey() != null)
++ // {
++ // ephemPubKey = (ECPublicKeyParameters)
++ // ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
++ // }
++ //
++ // MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
++ // this.parameters = staticPrivKey.getParameters();
++ //
++ // // TODO Validate that all the keys are using the same parameters?
++ //
++ // agreement.init(localParams);
++ // }
++ // else
++ // END android-removed
+ {
+ if (!(key instanceof ECPrivateKey))
+ {
+@@ -278,39 +298,41 @@
+ }
+ }
+
+- public static class DHC
+- extends KeyAgreement
+- {
+- public DHC()
+- {
+- super("ECDHC", new ECDHCBasicAgreement(), null);
+- }
+- }
+-
+- public static class MQV
+- extends KeyAgreement
+- {
+- public MQV()
+- {
+- super("ECMQV", new ECMQVBasicAgreement(), null);
+- }
+- }
+-
+- public static class DHwithSHA1KDF
+- extends KeyAgreement
+- {
+- public DHwithSHA1KDF()
+- {
+- super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+- }
+- }
+-
+- public static class MQVwithSHA1KDF
+- extends KeyAgreement
+- {
+- public MQVwithSHA1KDF()
+- {
+- super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+- }
+- }
++ // BEGIN android-removed
++ // public static class DHC
++ // extends KeyAgreement
++ // {
++ // public DHC()
++ // {
++ // super("ECDHC", new ECDHCBasicAgreement(), null);
++ // }
++ // }
++ //
++ // public static class MQV
++ // extends KeyAgreement
++ // {
++ // public MQV()
++ // {
++ // super("ECMQV", new ECMQVBasicAgreement(), null);
++ // }
++ // }
++ //
++ // public static class DHwithSHA1KDF
++ // extends KeyAgreement
++ // {
++ // public DHwithSHA1KDF()
++ // {
++ // super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
++ // }
++ // }
++ //
++ // public static class MQVwithSHA1KDF
++ // extends KeyAgreement
++ // {
++ // public MQVwithSHA1KDF()
++ // {
++ // super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
++ // }
++ // }
++ // END android-removed
+ }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java 2011-09-08 21:28:49.000000000 +0000
+@@ -10,10 +10,14 @@
+ import java.util.Hashtable;
+
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+ import org.bouncycastle.asn1.x9.X9ECParameters;
+ import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+@@ -56,13 +60,15 @@
+ static {
+ ecParameters = new Hashtable();
+
+- ecParameters.put(new Integer(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
+- ecParameters.put(new Integer(239), new ECGenParameterSpec("prime239v1"));
+- ecParameters.put(new Integer(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
+-
+- ecParameters.put(new Integer(224), new ECGenParameterSpec("P-224"));
+- ecParameters.put(new Integer(384), new ECGenParameterSpec("P-384"));
+- ecParameters.put(new Integer(521), new ECGenParameterSpec("P-521"));
++ // BEGIN android-changed
++ ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
++ ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1"));
++ ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
++
++ ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224"));
++ ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384"));
++ ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521"));
++ // END android-changed
+ }
+
+ public EC()
+@@ -83,8 +89,16 @@
+ SecureRandom random)
+ {
+ this.strength = strength;
++ // BEGIN android-added
++ if (random != null) {
++ // END android-added
+ this.random = random;
+- this.ecParams = ecParameters.get(new Integer(strength));
++ // BEGIN android-added
++ }
++ // END android-added
++ // BEGIN android-changed
++ this.ecParams = ecParameters.get(Integer.valueOf(strength));
++ // END android-changed
+
+ if (ecParams != null)
+ {
+@@ -108,6 +122,11 @@
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
++ // BEGIN android-added
++ if (random == null) {
++ random = this.random;
++ }
++ // END android-added
+ if (params instanceof ECParameterSpec)
+ {
+ ECParameterSpec p = (ECParameterSpec)params;
+@@ -135,23 +154,25 @@
+ {
+ final String curveName = ((ECGenParameterSpec)params).getName();
+
+- if (this.algorithm.equals("ECGOST3410"))
+- {
+- ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName);
+- if (ecP == null)
+- {
+- throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+- }
+-
+- this.ecParams = new ECNamedCurveSpec(
+- curveName,
+- ecP.getCurve(),
+- ecP.getG(),
+- ecP.getN(),
+- ecP.getH(),
+- ecP.getSeed());
+- }
+- else
++ // BEGIN android-removed
++ // if (this.algorithm.equals("ECGOST3410"))
++ // {
++ // ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName);
++ // if (ecP == null)
++ // {
++ // throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
++ // }
++ //
++ // this.ecParams = new ECNamedCurveSpec(
++ // curveName,
++ // ecP.getCurve(),
++ // ecP.getG(),
++ // ecP.getN(),
++ // ecP.getH(),
++ // ecP.getSeed());
++ // }
++ // else
++ // END android-removed
+ {
+ X9ECParameters ecP = X962NamedCurves.getByName(curveName);
+ if (ecP == null)
+@@ -161,10 +182,12 @@
+ {
+ ecP = NISTNamedCurves.getByName(curveName);
+ }
+- if (ecP == null)
+- {
+- ecP = TeleTrusTNamedCurves.getByName(curveName);
+- }
++ // BEGIN android-removed
++ // if (ecP == null)
++ // {
++ // ecP = TeleTrusTNamedCurves.getByName(curveName);
++ // }
++ // END android-removed
+ if (ecP == null)
+ {
+ // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
+@@ -180,10 +203,12 @@
+ {
+ ecP = NISTNamedCurves.getByOID(oid);
+ }
+- if (ecP == null)
+- {
+- ecP = TeleTrusTNamedCurves.getByOID(oid);
+- }
++ // BEGIN android-removed
++ // if (ecP == null)
++ // {
++ // ecP = TeleTrusTNamedCurves.getByOID(oid);
++ // }
++ // END android-removed
+ if (ecP == null)
+ {
+ throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
+@@ -239,7 +264,15 @@
+ {
+ if (!initialised)
+ {
+- throw new IllegalStateException("EC Key Pair Generator not initialised");
++ // BEGIN android-removed
++ // throw new IllegalStateException("EC Key Pair Generator not initialised");
++ // END android-removed
++ // BEGIN android-added
++ /*
++ * KeyPairGenerator documentation says that a default initialization must be provided
++ */
++ initialize(192, random);
++ // END android-added
+ }
+
+ AsymmetricCipherKeyPair pair = engine.generateKeyPair();
+@@ -279,14 +312,16 @@
+ }
+ }
+
+- public static class ECGOST3410
+- extends EC
+- {
+- public ECGOST3410()
+- {
+- super("ECGOST3410");
+- }
+- }
++ // BEGIN android-removed
++ // public static class ECGOST3410
++ // extends EC
++ // {
++ // public ECGOST3410()
++ // {
++ // super("ECGOST3410");
++ // }
++ // }
++ // END android-removed
+
+ public static class ECDH
+ extends EC
+@@ -314,4 +349,4 @@
+ super("ECMQV");
+ }
+ }
+-}
+\ No newline at end of file
++}
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java 2011-09-08 21:28:49.000000000 +0000
+@@ -18,15 +18,21 @@
+ import org.bouncycastle.crypto.DSA;
+ import org.bouncycastle.crypto.Digest;
+ import org.bouncycastle.crypto.digests.NullDigest;
+-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
++// END android-removed
+ import org.bouncycastle.crypto.digests.SHA1Digest;
+-import org.bouncycastle.crypto.digests.SHA224Digest;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.digests.SHA224Digest;
++// END android-removed
+ import org.bouncycastle.crypto.digests.SHA256Digest;
+ import org.bouncycastle.crypto.digests.SHA384Digest;
+ import org.bouncycastle.crypto.digests.SHA512Digest;
+ import org.bouncycastle.crypto.params.ParametersWithRandom;
+ import org.bouncycastle.crypto.signers.ECDSASigner;
+-import org.bouncycastle.crypto.signers.ECNRSigner;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.signers.ECNRSigner;
++// END android-removed
+ import org.bouncycastle.jce.interfaces.ECKey;
+ import org.bouncycastle.jce.provider.DSABase;
+ import org.bouncycastle.jce.provider.DSAEncoder;
+@@ -122,14 +128,16 @@
+ }
+ }
+
+- static public class ecDSA224
+- extends Signature
+- {
+- public ecDSA224()
+- {
+- super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
+- }
+- }
++ // BEGIN android-removed
++ // static public class ecDSA224
++ // extends Signature
++ // {
++ // public ecDSA224()
++ // {
++ // super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
++ // }
++ // }
++ // END android-removed
+
+ static public class ecDSA256
+ extends Signature
+@@ -158,86 +166,88 @@
+ }
+ }
+
+- static public class ecDSARipeMD160
+- extends Signature
+- {
+- public ecDSARipeMD160()
+- {
+- super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+- }
+- }
+-
+- static public class ecNR
+- extends Signature
+- {
+- public ecNR()
+- {
+- super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
+- }
+- }
+-
+- static public class ecNR224
+- extends Signature
+- {
+- public ecNR224()
+- {
+- super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
+- }
+- }
+-
+- static public class ecNR256
+- extends Signature
+- {
+- public ecNR256()
+- {
+- super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
+- }
+- }
+-
+- static public class ecNR384
+- extends Signature
+- {
+- public ecNR384()
+- {
+- super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
+- }
+- }
+-
+- static public class ecNR512
+- extends Signature
+- {
+- public ecNR512()
+- {
+- super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
+- }
+- }
+-
+- static public class ecCVCDSA
+- extends Signature
+- {
+- public ecCVCDSA()
+- {
+- super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
+- }
+- }
+-
+- static public class ecCVCDSA224
+- extends Signature
+- {
+- public ecCVCDSA224()
+- {
+- super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
+- }
+- }
+-
+- static public class ecCVCDSA256
+- extends Signature
+- {
+- public ecCVCDSA256()
+- {
+- super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
+- }
+- }
++ // BEGIN android-removed
++ // static public class ecDSARipeMD160
++ // extends Signature
++ // {
++ // public ecDSARipeMD160()
++ // {
++ // super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecNR
++ // extends Signature
++ // {
++ // public ecNR()
++ // {
++ // super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecNR224
++ // extends Signature
++ // {
++ // public ecNR224()
++ // {
++ // super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecNR256
++ // extends Signature
++ // {
++ // public ecNR256()
++ // {
++ // super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecNR384
++ // extends Signature
++ // {
++ // public ecNR384()
++ // {
++ // super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecNR512
++ // extends Signature
++ // {
++ // public ecNR512()
++ // {
++ // super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecCVCDSA
++ // extends Signature
++ // {
++ // public ecCVCDSA()
++ // {
++ // super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecCVCDSA224
++ // extends Signature
++ // {
++ // public ecCVCDSA224()
++ // {
++ // super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
++ // }
++ // }
++ //
++ // static public class ecCVCDSA256
++ // extends Signature
++ // {
++ // public ecCVCDSA256()
++ // {
++ // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
++ // }
++ // }
++ // END android-removed
+
+ private static class StdDSAEncoder
+ implements DSAEncoder
+@@ -331,4 +341,4 @@
+ return sig;
+ }
+ }
+-}
+\ No newline at end of file
++}
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java 2011-09-08 21:28:49.000000000 +0000
+@@ -13,8 +13,10 @@
+ import org.bouncycastle.crypto.CipherKeyGenerator;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.engines.AESWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+-import org.bouncycastle.crypto.macs.CMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
++// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.modes.CFBBlockCipher;
import org.bouncycastle.crypto.modes.OFBBlockCipher;
-@@ -36,32 +38,34 @@
+@@ -41,41 +43,43 @@
}
}
@@ -12725,6 +10173,15 @@
- super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128);
- }
- }
+-
+- public static class AESCMAC
+- extends JCEMac
+- {
+- public AESCMAC()
+- {
+- super(new CMac(new AESFastEngine()));
+- }
+- }
+ // BEGIN android-removed
+ // public static class CBC
+ // extends JCEBlockCipher
@@ -12752,11 +10209,20 @@
+ // super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128);
+ // }
+ // }
++ //
++ // public static class AESCMAC
++ // extends JCEMac
++ // {
++ // public AESCMAC()
++ // {
++ // super(new CMac(new AESFastEngine()));
++ // }
++ // }
+ // END android-removed
static public class Wrap
extends WrapCipherSpi
-@@ -72,14 +76,16 @@
+@@ -86,14 +90,16 @@
}
}
@@ -12765,7 +10231,7 @@
- {
- public RFC3211Wrap()
- {
-- super(new RFC3211WrapEngine(new AESEngine()), 16);
+- super(new RFC3211WrapEngine(new AESFastEngine()), 16);
- }
- }
+ // BEGIN android-removed
@@ -12774,14 +10240,14 @@
+ // {
+ // public RFC3211Wrap()
+ // {
-+ // super(new RFC3211WrapEngine(new AESEngine()), 16);
++ // super(new RFC3211WrapEngine(new AESFastEngine()), 16);
+ // }
+ // }
+ // END android-removed
public static class KeyGen
extends JCEKeyGenerator
-@@ -95,70 +101,72 @@
+@@ -109,70 +115,72 @@
}
}
@@ -12838,7 +10304,7 @@
-
- try
- {
-- params = AlgorithmParameters.getInstance("AES", "BC");
+- params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
- params.init(new IvParameterSpec(iv));
- }
- catch (Exception e)
@@ -12903,7 +10369,7 @@
+ //
+ // try
+ // {
-+ // params = AlgorithmParameters.getInstance("AES", "BC");
++ // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
+ // params.init(new IvParameterSpec(iv));
+ // }
+ // catch (Exception e)
@@ -12918,116 +10384,332 @@
public static class AlgParams
extends JDKAlgorithmParameters.IVAlgorithmParameters
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2011-09-01 17:21:06.000000000 +0000
-@@ -26,55 +26,63 @@
- put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
- put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+@@ -205,58 +213,66 @@
+ put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+ put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-- put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
-- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+ // BEGIN android-removed
-+ // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
-+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+ // END android-removed
+- put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
+- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+- put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+- put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
++ // BEGIN android-removed
++ // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
++ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
++ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
++ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
++ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
++ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
++ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
++ // END android-removed
- put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
- put("Alg.Alias.Cipher." + wrongAES128, "AES");
- put("Alg.Alias.Cipher." + wrongAES192, "AES");
- put("Alg.Alias.Cipher." + wrongAES256, "AES");
-- put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
-- put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
-- put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
-- put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
-- put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
-+ // BEGIN android-changed
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "AES");
-+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "AES");
-+ // END android-changed
- put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
-- put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
-+ // BEGIN android-removed
-+ // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
-+ // END android-removed
+ put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+ put("Alg.Alias.Cipher." + wrongAES128, "AES");
+ put("Alg.Alias.Cipher." + wrongAES192, "AES");
+ put("Alg.Alias.Cipher." + wrongAES256, "AES");
+- put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+- put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+- put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+- put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+- put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++ // BEGIN android-removed
++ // put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++ // put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++ // END android-removed
+ put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
+- put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
++ // BEGIN android-removed
++ // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
++ // END android-removed
- put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-- put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-- put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-- put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-- put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+ // BEGIN android-removed
-+ // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+ // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+ // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+ // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+ // END android-removed
+ put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+- put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+- put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+- put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+- put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+- put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+-
+- put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC");
++ // BEGIN android-removed
++ // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++ // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++ // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++ // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++ //
++ // put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC");
++ // END android-removed
+ }
}
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java
---- bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java 2011-09-01 17:21:06.000000000 +0000
-@@ -43,8 +43,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java 2011-09-08 21:28:49.000000000 +0000
+@@ -27,7 +27,9 @@
+ {
+ public KeyGen()
+ {
+- super("RC4", 128, new CipherKeyGenerator());
++ // BEGIN android-changed
++ super("ARC4", 128, new CipherKeyGenerator());
++ // END android-changed
+ }
+ }
+
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java 2011-09-08 21:28:49.000000000 +0000
+@@ -57,7 +57,9 @@
+ public Mappings()
+ {
+ put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$ECB");
+- put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC");
++ // BEGIN android-removed
++ // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC");
++ // END android-removed
+ put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$KeyGen");
+ put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
+ put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams");
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java 2011-09-08 21:28:49.000000000 +0000
+@@ -14,11 +14,15 @@
+ import org.bouncycastle.crypto.KeyGenerationParameters;
+ import org.bouncycastle.crypto.engines.DESedeEngine;
+ import org.bouncycastle.crypto.engines.DESedeWrapEngine;
+-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
++// END android-removed
+ import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
+ import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
+-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+-import org.bouncycastle.crypto.macs.CMac;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
++// import org.bouncycastle.crypto.macs.CMac;
++// END android-removed
+ import org.bouncycastle.crypto.modes.CBCBlockCipher;
+ import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
+ import org.bouncycastle.jce.provider.JCEBlockCipher;
+@@ -51,17 +55,19 @@
+ }
+ }
+
+- /**
+- * DESede CFB8
+- */
+- public static class DESedeCFB8
+- extends JCEMac
+- {
+- public DESedeCFB8()
+- {
+- super(new CFBBlockCipherMac(new DESedeEngine()));
+- }
+- }
++ // BEGIN android-removed
++ // /**
++ // * DESede CFB8
++ // */
++ // public static class DESedeCFB8
++ // extends JCEMac
++ // {
++ // public DESedeCFB8()
++ // {
++ // super(new CFBBlockCipherMac(new DESedeEngine()));
++ // }
++ // }
++ // END android-removed
+
+ /**
+ * DESede64
+@@ -96,14 +102,16 @@
+ }
+ }
+
+- static public class CMAC
+- extends JCEMac
+- {
+- public CMAC()
+- {
+- super(new CMac(new DESedeEngine()));
+- }
+- }
++ // BEGIN android-removed
++ // static public class CMAC
++ // extends JCEMac
++ // {
++ // public CMAC()
++ // {
++ // super(new CMac(new DESedeEngine()));
++ // }
++ // }
++ // END android-removed
+
+ public static class Wrap
+ extends WrapCipherSpi
+@@ -114,14 +122,16 @@
+ }
+ }
+
+- public static class RFC3211
+- extends WrapCipherSpi
+- {
+- public RFC3211()
+- {
+- super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+- }
+- }
++ // BEGIN android-removed
++ // public static class RFC3211
++ // extends WrapCipherSpi
++ // {
++ // public RFC3211()
++ // {
++ // super(new RFC3211WrapEngine(new DESedeEngine()), 8);
++ // }
++ // }
++ // END android-removed
+
+ /**
+ * DESede - the default for this is to generate a key in
+@@ -262,32 +272,42 @@
+ public Mappings()
+ {
+ put("Cipher.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$ECB");
+- put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
+- put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
++ // BEGIN android-removed
++ // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
++ // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
++ // END android-removed
+ put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
+- put("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
+- put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211");
++ // BEGIN android-changed
++ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
++ // END android-changed
++ // BEGIN android-removed
++ // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211");
++ // END android-removed
+
+ put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
+- put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3");
+- put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
++ // BEGIN android-removed
++ // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3");
++ // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
++ // END android-removed
+
+ put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyFactory");
+
+- put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC");
+- put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC");
+- put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+-
+- put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8");
+- put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+-
+- put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64");
+- put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+-
+- put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4");
+- put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+- put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+- put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++ // BEGIN android-removed
++ // put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC");
++ // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC");
++ // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
++ //
++ // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8");
++ // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
++ //
++ // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64");
++ // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
++ //
++ // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4");
++ // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++ // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++ // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++ // END android-removed
+ }
+ }
+ }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java 2011-09-08 21:28:50.000000000 +0000
+@@ -45,10 +45,12 @@
+ PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC);
+ PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC);
+
+- KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), new Integer(192));
+- KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), new Integer(128));
+- KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), new Integer(192));
+- KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), new Integer(256));
++ // BEGIN android-changed
++ KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integer.valueOf(192));
++ KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), Integer.valueOf(128));
++ KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), Integer.valueOf(192));
++ KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), Integer.valueOf(256));
++ // END android-changed
+ }
+
+ static int getKeySize(String algorithm)
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java 2011-09-08 21:28:50.000000000 +0000
+@@ -44,14 +44,18 @@
static
{
@@ -13040,7 +10722,103 @@
algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-@@ -106,19 +108,29 @@
+ algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
+- algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+- algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++ // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++ // END android-removed
+ algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+ algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+ algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+@@ -59,45 +63,59 @@
+ algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+ algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+ algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+- algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++ // END android-removed
+ algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++ // BEGIN android-removed
++ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++ // END android-removed
+ algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
+ algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
+- algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++ // END android-removed
+ algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+ algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+ algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
+ algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
+ algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
+- algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // BEGIN android-removed
++ // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // END android-removed
+ algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
+ algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
+ algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
+- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+- algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // BEGIN android-removed
++ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++ // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // END android-removed
+
+ //
+ // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
+ // The parameters field SHALL be NULL for RSA based signature algorithms.
+ //
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
+- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // BEGIN android-removed
++ // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++ // END android-removed
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
+ noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
+ noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
+- noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++ // BEGIN android-removed
++ // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++ // END android-removed
+ noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
+ noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
+ noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
+@@ -105,25 +123,39 @@
+ //
+ // RFC 4491
+ //
+- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // BEGIN android-removed
++ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++ // END android-removed
+
//
// explicit params
//
@@ -13051,12 +10829,16 @@
params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-+ // BEGIN android-changed
-+ AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-+ // END android-changed
- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
+- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+-
- AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
++ // BEGIN android-removed
++ // // BEGIN android-changed
++ // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
++ // // END android-changed
++ // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
++ // END android-removed
++
+ // BEGIN android-changed
+ AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
+ // END android-changed
@@ -13075,7 +10857,7 @@
params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
}
-@@ -161,7 +173,9 @@
+@@ -166,7 +198,9 @@
}
else
{
@@ -13086,9 +10868,9 @@
}
}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2011-09-08 21:28:50.000000000 +0000
@@ -62,7 +62,9 @@
{
GeneralName genName = GeneralName.getInstance(it.nextElement());
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java b/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
index 83bc39d..f87064f 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
@@ -3,7 +3,7 @@
import java.io.IOException;
public interface ASN1ApplicationSpecificParser
- extends DEREncodable
+ extends DEREncodable, InMemoryRepresentable
{
DEREncodable readObject()
throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Collection.java b/src/main/java/org/bouncycastle/asn1/ASN1Collection.java
deleted file mode 100644
index aa17d3c..0000000
--- a/src/main/java/org/bouncycastle/asn1/ASN1Collection.java
+++ /dev/null
@@ -1,298 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.ConcurrentModificationException;
-
-// BEGIN android-note
-/*
- * This is a new class that was synthesized from ASN1Sequence and
- * ASN1Set, but with extra smarts about efficiently storing its
- * elements.
- */
-// END android-note
-
-/**
- * Base class for collection-like <code>DERObject</code>s. Instances
- * of this class will keep up to four elements directly, resorting to
- * an external collection only if more elements than that need to be
- * stored.
- */
-public abstract class ASN1Collection
- extends ASN1Object
-{
- /** >= 0; size of the collection */
- private int size;
-
- /** null-ok; element #0 */
- private DEREncodable obj0;
-
- /** null-ok; element #1 */
- private DEREncodable obj1;
-
- /** null-ok; element #2 */
- private DEREncodable obj2;
-
- /** null-ok; element #3 */
- private DEREncodable obj3;
-
- /** null-ok; elements #4 and higher */
- private DEREncodable[] rest;
-
- /**
- * Returns the object at the postion indicated by index.
- *
- * @param index the index (starting at zero) of the object
- * @return the object at the postion indicated by index
- */
- public DEREncodable getObjectAt(int index) {
- if ((index < 0) || (index >= size)) {
- throw new IndexOutOfBoundsException(Integer.toString(index));
- }
-
- switch (index) {
- case 0: return obj0;
- case 1: return obj1;
- case 2: return obj2;
- case 3: return obj3;
- default: return rest[index - 4];
- }
- }
-
- /**
- * Returns the number of objects in this instance.
- *
- * @return the number of objects in this instance
- */
- public int size() {
- return size;
- }
-
- /** {@inheritDoc} */
- public final int hashCode() {
- Enumeration e = this.getObjects();
- int hashCode = 0;
-
- while (e.hasMoreElements()) {
- Object o = e.nextElement();
-
- if (o != null) {
- hashCode ^= o.hashCode();
- }
- }
-
- return hashCode;
- }
-
- /**
- * Adds a new element to this instance.
- *
- * @param obj non-null; the instance to add
- */
- protected void addObject(DEREncodable obj) {
- if (obj == null) {
- throw new NullPointerException("obj == null");
- }
-
- int sz = size;
-
- switch (sz) {
- case 0: obj0 = obj; break;
- case 1: obj1 = obj; break;
- case 2: obj2 = obj; break;
- case 3: obj3 = obj; break;
- case 4: {
- // Initial allocation of rest.
- rest = new DEREncodable[5];
- rest[0] = obj;
- break;
- }
- default: {
- int index = sz - 4;
- if (index >= rest.length) {
- // Grow rest.
- DEREncodable[] newRest = new DEREncodable[index * 2 + 10];
- System.arraycopy(rest, 0, newRest, 0, rest.length);
- rest = newRest;
- }
- rest[index] = obj;
- break;
- }
- }
-
- size++;
- }
-
- /**
- * Sets the element at a given index (used by {@link #sort}).
- *
- * @param obj non-null; the object to set
- * @param index >= 0; the index
- */
- private void setObjectAt(DEREncodable obj, int index) {
- switch (index) {
- case 0: obj0 = obj; break;
- case 1: obj1 = obj; break;
- case 2: obj2 = obj; break;
- case 3: obj3 = obj; break;
- default: {
- rest[index - 4] = obj;
- break;
- }
- }
- }
-
- /**
- * Encodes this instance to the given stream.
- *
- * @param out non-null; stream to encode to
- */
- /*package*/ abstract void encode(DEROutputStream out) throws IOException;
-
- /**
- * Gets an enumeration of all the objects in this collection.
- *
- * @return non-null; the enumeration
- */
- public Enumeration getObjects() {
- return new ASN1CollectionEnumeration();
- }
-
- /**
- * Associated enumeration class.
- */
- private class ASN1CollectionEnumeration implements Enumeration {
- /** original size; used for modification detection */
- private final int origSize = size;
-
- /** >= 0; current cursor */
- private int at = 0;
-
- /** {@inheritDoc} */
- public boolean hasMoreElements() {
- if (size != origSize) {
- throw new ConcurrentModificationException();
- }
-
- return at < origSize;
- }
-
- /** {@inheritDoc} */
- public Object nextElement() {
- if (size != origSize) {
- throw new ConcurrentModificationException();
- }
-
- switch (at++) {
- case 0: return obj0;
- case 1: return obj1;
- case 2: return obj2;
- case 3: return obj3;
- default: return rest[at - 5];
- }
- }
- }
-
- /**
- * Sorts the elements in this instance.
- */
- protected void sort() {
- if (size <= 1) {
- return;
- }
-
- boolean swapped = true;
-
- // TODO: This is bubble sort. Probably not the best choice.
- while (swapped) {
- int index = 0;
- byte[] a = getEncoded(getObjectAt(0));
-
- swapped = false;
-
- while (index != size - 1) {
- int nextIndex = index + 1;
- byte[] b = getEncoded(getObjectAt(nextIndex));
-
- if (lessThanOrEqual(a, b)) {
- a = b;
- } else {
- DEREncodable o = getObjectAt(index);
-
- setObjectAt(getObjectAt(nextIndex), index);
- setObjectAt(o, nextIndex);
-
- swapped = true;
- }
-
- index++;
- }
- }
- }
-
- /**
- * Returns true if a <= b (arrays are assumed padded with zeros).
- */
- private static boolean lessThanOrEqual(byte[] a, byte[] b) {
- if (a.length <= b.length) {
- for (int i = 0; i != a.length; i++) {
- int l = a[i] & 0xff;
- int r = b[i] & 0xff;
-
- if (r > l) {
- return true;
- } else if (l > r) {
- return false;
- }
- }
-
- return true;
- } else {
- for (int i = 0; i != b.length; i++) {
- int l = a[i] & 0xff;
- int r = b[i] & 0xff;
-
- if (r > l) {
- return true;
- } else if (l > r) {
- return false;
- }
- }
-
- return false;
- }
- }
-
- /**
- * Gets the encoded form of an object.
- *
- * @param obj non-null; object to encode
- * @return non-null; the encoded form
- */
- private static byte[] getEncoded(DEREncodable obj) {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- ASN1OutputStream aOut = new ASN1OutputStream(bOut);
-
- try {
- aOut.writeObject(obj);
- } catch (IOException e) {
- throw new IllegalArgumentException(
- "cannot encode object added to collection");
- }
-
- return bOut.toByteArray();
- }
-
- /** {@inheritDoc} */
- public final String toString() {
- StringBuilder sb = new StringBuilder();
- sb.append('[');
- for (int i = 0; i < size; i++) {
- if (i != 0) sb.append(", ");
- sb.append(getObjectAt(i));
- }
- sb.append(']');
- return sb.toString();
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
index 1f50ddf..3f736e4 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
@@ -1,14 +1,32 @@
package org.bouncycastle.asn1;
+import java.util.Vector;
+
/**
* the parent class for this will eventually disappear. Use this one!
*/
public class ASN1EncodableVector
extends DEREncodableVector
{
- // migrating from DEREncodeableVector
+ Vector v = new Vector();
+
public ASN1EncodableVector()
{
-
+
+ }
+
+ public void add(DEREncodable obj)
+ {
+ v.addElement(obj);
+ }
+
+ public DEREncodable get(int i)
+ {
+ return (DEREncodable)v.elementAt(i);
+ }
+
+ public int size()
+ {
+ return v.size();
}
}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java b/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
new file mode 100644
index 0000000..d93fd91
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.math.BigInteger;
+
+public class ASN1Enumerated
+ extends DEREnumerated
+{
+ ASN1Enumerated(byte[] bytes)
+ {
+ super(bytes);
+ }
+
+ public ASN1Enumerated(BigInteger value)
+ {
+ super(value);
+ }
+
+ public ASN1Enumerated(int value)
+ {
+ super(value);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Exception.java b/src/main/java/org/bouncycastle/asn1/ASN1Exception.java
new file mode 100644
index 0000000..dc0ee20
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Exception.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.asn1;
+
+import java.io.IOException;
+
+public class ASN1Exception
+ extends IOException
+{
+ private Throwable cause;
+
+ ASN1Exception(String message)
+ {
+ super(message);
+ }
+
+ ASN1Exception(String message, Throwable cause)
+ {
+ super(message);
+ this.cause = cause;
+ }
+
+ public Throwable getCause()
+ {
+ return cause;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java b/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
new file mode 100644
index 0000000..0088a53
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.util.Date;
+
+public class ASN1GeneralizedTime
+ extends DERGeneralizedTime
+{
+ ASN1GeneralizedTime(byte[] bytes)
+ {
+ super(bytes);
+ }
+
+ public ASN1GeneralizedTime(Date time)
+ {
+ super(time);
+ }
+
+ public ASN1GeneralizedTime(String time)
+ {
+ super(time);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java b/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
index 05f0664..fb27edd 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
@@ -21,10 +21,24 @@
private final int limit;
private final boolean lazyEvaluate;
+ static int findLimit(InputStream in)
+ {
+ if (in instanceof LimitedInputStream)
+ {
+ return ((LimitedInputStream)in).getRemaining();
+ }
+ else if (in instanceof ByteArrayInputStream)
+ {
+ return ((ByteArrayInputStream)in).available();
+ }
+
+ return Integer.MAX_VALUE;
+ }
+
public ASN1InputStream(
InputStream is)
{
- this(is, Integer.MAX_VALUE);
+ this(is, findLimit(is));
}
/**
@@ -120,7 +134,7 @@
if ((tag & TAGGED) != 0)
{
- return new BERTaggedObjectParser(tag, tagNo, defIn).getDERObject();
+ return new ASN1StreamParser(defIn).readTaggedObject(isConstructed, tagNo);
}
if (isConstructed)
@@ -207,39 +221,44 @@
throw new IOException("indefinite length primitive encoding encountered");
}
- IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(this);
+ IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(this, limit);
+ ASN1StreamParser sp = new ASN1StreamParser(indIn, limit);
if ((tag & APPLICATION) != 0)
{
- ASN1StreamParser sp = new ASN1StreamParser(indIn, limit);
-
- return new BERApplicationSpecificParser(tagNo, sp).getDERObject();
+ return new BERApplicationSpecificParser(tagNo, sp).getLoadedObject();
}
+
if ((tag & TAGGED) != 0)
{
- return new BERTaggedObjectParser(tag, tagNo, indIn).getDERObject();
+ return new BERTaggedObjectParser(true, tagNo, sp).getLoadedObject();
}
- ASN1StreamParser sp = new ASN1StreamParser(indIn, limit);
-
// TODO There are other tags that may be constructed (e.g. BIT_STRING)
switch (tagNo)
{
case OCTET_STRING:
- return new BEROctetStringParser(sp).getDERObject();
+ return new BEROctetStringParser(sp).getLoadedObject();
case SEQUENCE:
- return new BERSequenceParser(sp).getDERObject();
+ return new BERSequenceParser(sp).getLoadedObject();
case SET:
- return new BERSetParser(sp).getDERObject();
+ return new BERSetParser(sp).getLoadedObject();
case EXTERNAL:
- return new DERExternalParser(sp).getDERObject();
+ return new DERExternalParser(sp).getLoadedObject();
default:
throw new IOException("unknown BER object encountered");
}
}
else
{
- return buildObject(tag, tagNo, length);
+ try
+ {
+ return buildObject(tag, tagNo, length);
+ }
+ catch (IllegalArgumentException e)
+ {
+ throw new ASN1Exception("corrupted stream detected", e);
+ }
}
}
@@ -300,6 +319,7 @@
{
int size = length & 0x7f;
+ // Note: The invalid long form "0xff" (see X.690 8.1.3.5c) will be caught here
if (size > 4)
{
throw new IOException("DER length more than 4 bytes: " + size);
@@ -339,12 +359,7 @@
switch (tagNo)
{
case BIT_STRING:
- {
- int padBits = bytes[0];
- byte[] data = new byte[bytes.length - 1];
- System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
- return new DERBitString(data, padBits);
- }
+ return DERBitString.fromOctetString(bytes);
case BMP_STRING:
return new DERBMPString(bytes);
case BOOLEAN:
@@ -352,21 +367,21 @@
return DERBoolean.getInstance(bytes);
// END android-changed
case ENUMERATED:
- return new DEREnumerated(bytes);
+ return new ASN1Enumerated(bytes);
case GENERALIZED_TIME:
- return new DERGeneralizedTime(bytes);
+ return new ASN1GeneralizedTime(bytes);
case GENERAL_STRING:
return new DERGeneralString(bytes);
case IA5_STRING:
return new DERIA5String(bytes);
case INTEGER:
- return new DERInteger(bytes);
+ return new ASN1Integer(bytes);
case NULL:
return DERNull.INSTANCE; // actual content is ignored (enforce 0 length?)
case NUMERIC_STRING:
return new DERNumericString(bytes);
case OBJECT_IDENTIFIER:
- return new DERObjectIdentifier(bytes);
+ return new ASN1ObjectIdentifier(bytes);
case OCTET_STRING:
return new DEROctetString(bytes);
case PRINTABLE_STRING:
@@ -376,7 +391,7 @@
case UNIVERSAL_STRING:
return new DERUniversalString(bytes);
case UTC_TIME:
- return new DERUTCTime(bytes);
+ return new ASN1UTCTime(bytes);
case UTF8_STRING:
return new DERUTF8String(bytes);
case VISIBLE_STRING:
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Integer.java b/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
new file mode 100644
index 0000000..71009a0
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.math.BigInteger;
+
+public class ASN1Integer
+ extends DERInteger
+{
+ ASN1Integer(byte[] bytes)
+ {
+ super(bytes);
+ }
+
+ public ASN1Integer(BigInteger value)
+ {
+ super(value);
+ }
+
+ public ASN1Integer(int value)
+ {
+ super(value);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Object.java b/src/main/java/org/bouncycastle/asn1/ASN1Object.java
index 7a0b113..7e9860a 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1Object.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Object.java
@@ -17,7 +17,14 @@
{
ASN1InputStream aIn = new ASN1InputStream(data);
- return (ASN1Object)aIn.readObject();
+ try
+ {
+ return (ASN1Object)aIn.readObject();
+ }
+ catch (ClassCastException e)
+ {
+ throw new IOException("cannot recognise object in stream");
+ }
}
public final boolean equals(Object o)
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
new file mode 100644
index 0000000..83b7c86
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
@@ -0,0 +1,26 @@
+package org.bouncycastle.asn1;
+
+public class ASN1ObjectIdentifier
+ extends DERObjectIdentifier
+{
+ public ASN1ObjectIdentifier(String identifier)
+ {
+ super(identifier);
+ }
+
+ ASN1ObjectIdentifier(byte[] bytes)
+ {
+ super(bytes);
+ }
+
+ /**
+ * Return an OID that creates a branch under the current one.
+ *
+ * @param branchID node numbers for the new branch.
+ * @return
+ */
+ public ASN1ObjectIdentifier branch(String branchID)
+ {
+ return new ASN1ObjectIdentifier(getId() + "." + branchID);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ObjectParser.java b/src/main/java/org/bouncycastle/asn1/ASN1ObjectParser.java
deleted file mode 100644
index ff09a45..0000000
--- a/src/main/java/org/bouncycastle/asn1/ASN1ObjectParser.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.InputStream;
-
-/**
- * @deprecated will be removed
- */
-public class ASN1ObjectParser
-{
- ASN1StreamParser _aIn;
-
- protected ASN1ObjectParser(
- int baseTag,
- int tagNumber,
- InputStream contentStream)
- {
- _aIn = new ASN1StreamParser(contentStream);
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java b/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
index b1d72a2..7d334d7 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
@@ -1,13 +1,11 @@
package org.bouncycastle.asn1;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.Arrays;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.Vector;
+
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
public abstract class ASN1OctetString
extends ASN1Object
@@ -28,7 +26,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof ASN1OctetString)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return BERConstructedOctetString.fromSequence(ASN1Sequence.getInstance(o));
+ }
}
/**
@@ -45,24 +52,12 @@
return (ASN1OctetString)obj;
}
+ // TODO: this needs to be deleted in V2
if (obj instanceof ASN1TaggedObject)
{
return getInstance(((ASN1TaggedObject)obj).getObject());
}
- if (obj instanceof ASN1Sequence)
- {
- Vector v = new Vector();
- Enumeration e = ((ASN1Sequence)obj).getObjects();
-
- while (e.hasMoreElements())
- {
- v.addElement(e.nextElement());
- }
-
- return new BERConstructedOctetString(v);
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -125,6 +120,11 @@
return Arrays.areEqual(string, other.string);
}
+ public DERObject getLoadedObject()
+ {
+ return this.getDERObject();
+ }
+
abstract void encode(DEROutputStream out)
throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java b/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
index 641020c..21a3941 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
@@ -3,7 +3,7 @@
import java.io.InputStream;
public interface ASN1OctetStringParser
- extends DEREncodable
+ extends DEREncodable, InMemoryRepresentable
{
public InputStream getOctetStream();
}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java b/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
index e31e673..b4a8072 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
@@ -2,20 +2,12 @@
import java.io.IOException;
import java.util.Enumeration;
-// BEGIN android-removed
-// import java.util.Vector;
-// END android-removed
-
-// BEGIN android-note
-// Changed inheritence of class.
-// END android-note
+import java.util.Vector;
public abstract class ASN1Sequence
- extends ASN1Collection
+ extends ASN1Object
{
- // BEGIN android-removed
- // private Vector seq = new Vector();
- // END android-removed
+ private Vector seq = new Vector();
/**
* return an ASN1Sequence from the given object.
@@ -30,6 +22,17 @@
{
return (ASN1Sequence)obj;
}
+ else if (obj instanceof byte[])
+ {
+ try
+ {
+ return ASN1Sequence.getInstance(ASN1Object.fromByteArray((byte[])obj));
+ }
+ catch (IOException e)
+ {
+ throw new IllegalArgumentException("failed to construct sequence from byte[]: " + e.getMessage());
+ }
+ }
throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
}
@@ -93,12 +96,10 @@
throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
}
- // BEGIN android-removed
- // public Enumeration getObjects()
- // {
- // return seq.elements();
- // }
- // END android-removed
+ public Enumeration getObjects()
+ {
+ return seq.elements();
+ }
public ASN1SequenceParser parser()
{
@@ -130,6 +131,11 @@
return obj;
}
+ public DERObject getLoadedObject()
+ {
+ return outer;
+ }
+
public DERObject getDERObject()
{
return outer;
@@ -137,47 +143,43 @@
};
}
- // BEGIN android-removed
- // /**
- // * return the object at the sequence position indicated by index.
- // *
- // * @param index the sequence number (starting at zero) of the object
- // * @return the object at the sequence position indicated by index.
- // */
- // public DEREncodable getObjectAt(
- // int index)
- // {
- // return (DEREncodable)seq.elementAt(index);
- // }
- //
- // /**
- // * return the number of objects in this sequence.
- // *
- // * @return the number of objects in this sequence.
- // */
- // public int size()
- // {
- // return seq.size();
- // }
- //
- // public int hashCode()
- // {
- // Enumeration e = this.getObjects();
- // int hashCode = size();
- //
- // while (e.hasMoreElements())
- // {
- // Object o = e.nextElement();
- // hashCode *= 17;
- // if (o != null)
- // {
- // hashCode ^= o.hashCode();
- // }
- // }
- //
- // return hashCode;
- // }
- // END android-removed
+ /**
+ * return the object at the sequence position indicated by index.
+ *
+ * @param index the sequence number (starting at zero) of the object
+ * @return the object at the sequence position indicated by index.
+ */
+ public DEREncodable getObjectAt(
+ int index)
+ {
+ return (DEREncodable)seq.elementAt(index);
+ }
+
+ /**
+ * return the number of objects in this sequence.
+ *
+ * @return the number of objects in this sequence.
+ */
+ public int size()
+ {
+ return seq.size();
+ }
+
+ public int hashCode()
+ {
+ Enumeration e = this.getObjects();
+ int hashCode = size();
+
+ while (e.hasMoreElements())
+ {
+ Object o = getNext(e);
+ hashCode *= 17;
+
+ hashCode ^= o.hashCode();
+ }
+
+ return hashCode;
+ }
boolean asn1Equals(
DERObject o)
@@ -199,10 +201,13 @@
while (s1.hasMoreElements())
{
- DERObject o1 = ((DEREncodable)s1.nextElement()).getDERObject();
- DERObject o2 = ((DEREncodable)s2.nextElement()).getDERObject();
+ DEREncodable obj1 = getNext(s1);
+ DEREncodable obj2 = getNext(s2);
- if (o1 == o2 || (o1 != null && o1.equals(o2)))
+ DERObject o1 = obj1.getDERObject();
+ DERObject o2 = obj2.getDERObject();
+
+ if (o1 == o2 || o1.equals(o2))
{
continue;
}
@@ -213,19 +218,30 @@
return true;
}
- // BEGIN android-removed
- //protected void addObject(
- // DEREncodable obj)
- //{
- // seq.addElement(obj);
- //}
+ private DEREncodable getNext(Enumeration e)
+ {
+ DEREncodable encObj = (DEREncodable)e.nextElement();
- //abstract void encode(DEROutputStream out)
- // throws IOException;
+ // unfortunately null was allowed as a substitute for DER null
+ if (encObj == null)
+ {
+ return DERNull.INSTANCE;
+ }
- //public String toString()
- //{
- // return seq.toString();
- //}
- // END android-removed
+ return encObj;
+ }
+
+ protected void addObject(
+ DEREncodable obj)
+ {
+ seq.addElement(obj);
+ }
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+
+ public String toString()
+ {
+ return seq.toString();
+ }
}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java b/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
index ceda6bd..49dde79 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
@@ -3,7 +3,7 @@
import java.io.IOException;
public interface ASN1SequenceParser
- extends DEREncodable
+ extends DEREncodable, InMemoryRepresentable
{
DEREncodable readObject()
throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Set.java b/src/main/java/org/bouncycastle/asn1/ASN1Set.java
index 88a20ee..c395b8b 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1Set.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Set.java
@@ -3,20 +3,12 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Enumeration;
-// BEGIN android-removed
-// import java.util.Vector;
-// END android-removed
-
-// BEGIN android-note
-// Changed inheritence of class.
-// END android-note
+import java.util.Vector;
abstract public class ASN1Set
- extends ASN1Collection
+ extends ASN1Object
{
- // BEGIN android-removed
- // protected Vector set = new Vector();
- // END android-removed
+ protected Vector set = new Vector();
/**
* return an ASN1Set from the given object.
@@ -112,34 +104,44 @@
{
}
- // BEGIN android-removed
- // public Enumeration getObjects()
- // {
- // return set.elements();
- // }
- //
- // /**
- // * return the object at the set position indicated by index.
- // *
- // * @param index the set number (starting at zero) of the object
- // * @return the object at the set position indicated by index.
- // */
- // public DEREncodable getObjectAt(
- // int index)
- // {
- // return (DEREncodable)set.elementAt(index);
- // }
- //
- // /**
- // * return the number of objects in this set.
- // *
- // * @return the number of objects in this set.
- // */
- // public int size()
- // {
- // return set.size();
- // }
- // END android-removed
+ public Enumeration getObjects()
+ {
+ return set.elements();
+ }
+
+ /**
+ * return the object at the set position indicated by index.
+ *
+ * @param index the set number (starting at zero) of the object
+ * @return the object at the set position indicated by index.
+ */
+ public DEREncodable getObjectAt(
+ int index)
+ {
+ return (DEREncodable)set.elementAt(index);
+ }
+
+ /**
+ * return the number of objects in this set.
+ *
+ * @return the number of objects in this set.
+ */
+ public int size()
+ {
+ return set.size();
+ }
+
+ public ASN1Encodable[] toArray()
+ {
+ ASN1Encodable[] values = new ASN1Encodable[this.size()];
+
+ for (int i = 0; i != this.size(); i++)
+ {
+ values[i] = (ASN1Encodable)this.getObjectAt(i);
+ }
+
+ return values;
+ }
public ASN1SetParser parser()
{
@@ -171,6 +173,11 @@
return obj;
}
+ public DERObject getLoadedObject()
+ {
+ return outer;
+ }
+
public DERObject getDERObject()
{
return outer;
@@ -178,25 +185,21 @@
};
}
- // BEGIN android-removed
- // public int hashCode()
- // {
- // Enumeration e = this.getObjects();
- // int hashCode = size();
- //
- // while (e.hasMoreElements())
- // {
- // Object o = e.nextElement();
- // hashCode *= 17;
- // if (o != null)
- // {
- // hashCode ^= o.hashCode();
- // }
- // }
- //
- // return hashCode;
- // }
- // END android-removed
+ public int hashCode()
+ {
+ Enumeration e = this.getObjects();
+ int hashCode = size();
+
+ while (e.hasMoreElements())
+ {
+ Object o = getNext(e);
+ hashCode *= 17;
+
+ hashCode ^= o.hashCode();
+ }
+
+ return hashCode;
+ }
boolean asn1Equals(
DERObject o)
@@ -218,10 +221,13 @@
while (s1.hasMoreElements())
{
- DERObject o1 = ((DEREncodable)s1.nextElement()).getDERObject();
- DERObject o2 = ((DEREncodable)s2.nextElement()).getDERObject();
+ DEREncodable obj1 = getNext(s1);
+ DEREncodable obj2 = getNext(s2);
- if (o1 == o2 || (o1 != null && o1.equals(o2)))
+ DERObject o1 = obj1.getDERObject();
+ DERObject o2 = obj2.getDERObject();
+
+ if (o1 == o2 || o1.equals(o2))
{
continue;
}
@@ -232,54 +238,36 @@
return true;
}
- // BEGIN android-removed
- // /**
- // * return true if a <= b (arrays are assumed padded with zeros).
- // */
- // private boolean lessThanOrEqual(
- // byte[] a,
- // byte[] b)
- // {
- // if (a.length <= b.length)
- // {
- // for (int i = 0; i != a.length; i++)
- // {
- // int l = a[i] & 0xff;
- // int r = b[i] & 0xff;
- //
- // if (r > l)
- // {
- // return true;
- // }
- // else if (l > r)
- // {
- // return false;
- // }
- // }
- //
- // return true;
- // }
- // else
- // {
- // for (int i = 0; i != b.length; i++)
- // {
- // int l = a[i] & 0xff;
- // int r = b[i] & 0xff;
- //
- // if (r > l)
- // {
- // return true;
- // }
- // else if (l > r)
- // {
- // return false;
- // }
- // }
- //
- // return false;
- // }
- // }
- // END android-removed
+ private DEREncodable getNext(Enumeration e)
+ {
+ DEREncodable encObj = (DEREncodable)e.nextElement();
+
+ // unfortunately null was allowed as a substitute for DER null
+ if (encObj == null)
+ {
+ return DERNull.INSTANCE;
+ }
+
+ return encObj;
+ }
+
+ /**
+ * return true if a <= b (arrays are assumed padded with zeros).
+ */
+ private boolean lessThanOrEqual(
+ byte[] a,
+ byte[] b)
+ {
+ int len = Math.min(a.length, b.length);
+ for (int i = 0; i != len; ++i)
+ {
+ if (a[i] != b[i])
+ {
+ return (a[i] & 0xff) < (b[i] & 0xff);
+ }
+ }
+ return len == a.length;
+ }
private byte[] getEncoded(
DEREncodable obj)
@@ -299,61 +287,59 @@
return bOut.toByteArray();
}
- // BEGIN android-removed
- // protected void sort()
- // {
- // if (set.size() > 1)
- // {
- // boolean swapped = true;
- // int lastSwap = set.size() - 1;
- //
- // while (swapped)
- // {
- // int index = 0;
- // int swapIndex = 0;
- // byte[] a = getEncoded((DEREncodable)set.elementAt(0));
- //
- // swapped = false;
- //
- // while (index != lastSwap)
- // {
- // byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
- //
- // if (lessThanOrEqual(a, b))
- // {
- // a = b;
- // }
- // else
- // {
- // Object o = set.elementAt(index);
- //
- // set.setElementAt(set.elementAt(index + 1), index);
- // set.setElementAt(o, index + 1);
- //
- // swapped = true;
- // swapIndex = index;
- // }
- //
- // index++;
- // }
- //
- // lastSwap = swapIndex;
- // }
- // }
- // }
- //
- // protected void addObject(
- // DEREncodable obj)
- // {
- // set.addElement(obj);
- // }
- //
- // abstract void encode(DEROutputStream out)
- // throws IOException;
- //
- // public String toString()
- // {
- // return set.toString();
- // }
- // END android-removed
+ protected void sort()
+ {
+ if (set.size() > 1)
+ {
+ boolean swapped = true;
+ int lastSwap = set.size() - 1;
+
+ while (swapped)
+ {
+ int index = 0;
+ int swapIndex = 0;
+ byte[] a = getEncoded((DEREncodable)set.elementAt(0));
+
+ swapped = false;
+
+ while (index != lastSwap)
+ {
+ byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
+
+ if (lessThanOrEqual(a, b))
+ {
+ a = b;
+ }
+ else
+ {
+ Object o = set.elementAt(index);
+
+ set.setElementAt(set.elementAt(index + 1), index);
+ set.setElementAt(o, index + 1);
+
+ swapped = true;
+ swapIndex = index;
+ }
+
+ index++;
+ }
+
+ lastSwap = swapIndex;
+ }
+ }
+ }
+
+ protected void addObject(
+ DEREncodable obj)
+ {
+ set.addElement(obj);
+ }
+
+ abstract void encode(DEROutputStream out)
+ throws IOException;
+
+ public String toString()
+ {
+ return set.toString();
+ }
}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java b/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
index b09a170..9dc99b5 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
@@ -3,7 +3,7 @@
import java.io.IOException;
public interface ASN1SetParser
- extends DEREncodable
+ extends DEREncodable, InMemoryRepresentable
{
public DEREncodable readObject()
throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java b/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
index 43fcad7..fbcb787 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
@@ -9,20 +9,10 @@
private final InputStream _in;
private final int _limit;
- private static int findLimit(InputStream in)
- {
- if (in instanceof DefiniteLengthInputStream)
- {
- return ((DefiniteLengthInputStream)in).getRemaining();
- }
-
- return Integer.MAX_VALUE;
- }
-
public ASN1StreamParser(
InputStream in)
{
- this(in, findLimit(in));
+ this(in, ASN1InputStream.findLimit(in));
}
public ASN1StreamParser(
@@ -39,6 +29,90 @@
this(new ByteArrayInputStream(encoding), encoding.length);
}
+ DEREncodable readIndef(int tagValue) throws IOException
+ {
+ // Note: INDEF => CONSTRUCTED
+
+ // TODO There are other tags that may be constructed (e.g. BIT_STRING)
+ switch (tagValue)
+ {
+ case DERTags.EXTERNAL:
+ return new DERExternalParser(this);
+ case DERTags.OCTET_STRING:
+ return new BEROctetStringParser(this);
+ case DERTags.SEQUENCE:
+ return new BERSequenceParser(this);
+ case DERTags.SET:
+ return new BERSetParser(this);
+ default:
+ throw new ASN1Exception("unknown BER object encountered: 0x" + Integer.toHexString(tagValue));
+ }
+ }
+
+ DEREncodable readImplicit(boolean constructed, int tag) throws IOException
+ {
+ if (_in instanceof IndefiniteLengthInputStream)
+ {
+ if (!constructed)
+ {
+ throw new IOException("indefinite length primitive encoding encountered");
+ }
+
+ return readIndef(tag);
+ }
+
+ if (constructed)
+ {
+ switch (tag)
+ {
+ case DERTags.SET:
+ return new DERSetParser(this);
+ case DERTags.SEQUENCE:
+ return new DERSequenceParser(this);
+ case DERTags.OCTET_STRING:
+ return new BEROctetStringParser(this);
+ }
+ }
+ else
+ {
+ switch (tag)
+ {
+ case DERTags.SET:
+ throw new ASN1Exception("sequences must use constructed encoding (see X.690 8.9.1/8.10.1)");
+ case DERTags.SEQUENCE:
+ throw new ASN1Exception("sets must use constructed encoding (see X.690 8.11.1/8.12.1)");
+ case DERTags.OCTET_STRING:
+ return new DEROctetStringParser((DefiniteLengthInputStream)_in);
+ }
+ }
+
+ // TODO ASN1Exception
+ throw new RuntimeException("implicit tagging not implemented");
+ }
+
+ DERObject readTaggedObject(boolean constructed, int tag) throws IOException
+ {
+ if (!constructed)
+ {
+ // Note: !CONSTRUCTED => IMPLICIT
+ DefiniteLengthInputStream defIn = (DefiniteLengthInputStream)_in;
+ return new DERTaggedObject(false, tag, new DEROctetString(defIn.toByteArray()));
+ }
+
+ ASN1EncodableVector v = readVector();
+
+ if (_in instanceof IndefiniteLengthInputStream)
+ {
+ return v.size() == 1
+ ? new BERTaggedObject(true, tag, v.get(0))
+ : new BERTaggedObject(false, tag, BERFactory.createSequence(v));
+ }
+
+ return v.size() == 1
+ ? new DERTaggedObject(true, tag, v.get(0))
+ : new DERTaggedObject(false, tag, DERFactory.createSequence(v));
+ }
+
public DEREncodable readObject()
throws IOException
{
@@ -72,37 +146,20 @@
throw new IOException("indefinite length primitive encoding encountered");
}
- IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in);
+ IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in, _limit);
+ ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit);
if ((tag & DERTags.APPLICATION) != 0)
{
- ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit);
-
return new BERApplicationSpecificParser(tagNo, sp);
}
if ((tag & DERTags.TAGGED) != 0)
{
- return new BERTaggedObjectParser(tag, tagNo, indIn);
+ return new BERTaggedObjectParser(true, tagNo, sp);
}
- ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit);
-
- // TODO There are other tags that may be constructed (e.g. BIT_STRING)
- switch (tagNo)
- {
- case DERTags.OCTET_STRING:
- return new BEROctetStringParser(sp);
- case DERTags.SEQUENCE:
- return new BERSequenceParser(sp);
- case DERTags.SET:
- return new BERSetParser(sp);
- case DERTags.EXTERNAL:{
- return new DERExternalParser(sp);
- }
- default:
- throw new IOException("unknown BER object encountered: 0x" + Integer.toHexString(tagNo));
- }
+ return sp.readIndef(tagNo);
}
else
{
@@ -115,7 +172,7 @@
if ((tag & DERTags.TAGGED) != 0)
{
- return new BERTaggedObjectParser(tag, tagNo, defIn);
+ return new BERTaggedObjectParser(isConstructed, tagNo, new ASN1StreamParser(defIn));
}
if (isConstructed)
@@ -147,7 +204,14 @@
return new DEROctetStringParser(defIn);
}
- return ASN1InputStream.createPrimitiveDERObject(tagNo, defIn.toByteArray());
+ try
+ {
+ return ASN1InputStream.createPrimitiveDERObject(tagNo, defIn.toByteArray());
+ }
+ catch (IllegalArgumentException e)
+ {
+ throw new ASN1Exception("corrupted stream detected", e);
+ }
}
}
@@ -166,7 +230,14 @@
DEREncodable obj;
while ((obj = readObject()) != null)
{
- v.add(obj.getDERObject());
+ if (obj instanceof InMemoryRepresentable)
+ {
+ v.add(((InMemoryRepresentable)obj).getLoadedObject());
+ }
+ else
+ {
+ v.add(obj.getDERObject());
+ }
}
return v;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1String.java b/src/main/java/org/bouncycastle/asn1/ASN1String.java
new file mode 100644
index 0000000..fde4e23
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1String.java
@@ -0,0 +1,6 @@
+package org.bouncycastle.asn1;
+
+public interface ASN1String
+{
+ public String getString();
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java
index 1e5d4e8..8ee7960 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java
@@ -200,6 +200,11 @@
throw new RuntimeException("implicit tagging not implemented for tag: " + tag);
}
+ public DERObject getLoadedObject()
+ {
+ return this.getDERObject();
+ }
+
abstract void encode(DEROutputStream out)
throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java
index 5574bf8..52f6087 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java
@@ -3,7 +3,7 @@
import java.io.IOException;
public interface ASN1TaggedObjectParser
- extends DEREncodable
+ extends DEREncodable, InMemoryRepresentable
{
public int getTagNo();
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java b/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
new file mode 100644
index 0000000..d3816f2
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.util.Date;
+
+public class ASN1UTCTime
+ extends DERUTCTime
+{
+ ASN1UTCTime(byte[] bytes)
+ {
+ super(bytes);
+ }
+
+ public ASN1UTCTime(Date time)
+ {
+ super(time);
+ }
+
+ public ASN1UTCTime(String time)
+ {
+ super(time);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java b/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java
index 0c46ba3..7b6aaaf 100644
--- a/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java
@@ -20,15 +20,22 @@
return parser.readObject();
}
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ return new BERApplicationSpecific(tag, parser.readVector());
+ }
+
public DERObject getDERObject()
{
try
{
- return new BERApplicationSpecific(tag, parser.readVector());
+ return getLoadedObject();
}
catch (IOException e)
{
throw new ASN1ParsingException(e.getMessage(), e);
}
}
+
}
diff --git a/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java b/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java
index 7e712c3..cceb241 100644
--- a/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java
+++ b/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java
@@ -141,4 +141,17 @@
super.encode(out);
}
}
+
+ public static BERConstructedOctetString fromSequence(ASN1Sequence seq)
+ {
+ Vector v = new Vector();
+ Enumeration e = seq.getObjects();
+
+ while (e.hasMoreElements())
+ {
+ v.addElement(e.nextElement());
+ }
+
+ return new BERConstructedOctetString(v);
+ }
}
diff --git a/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java b/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java
deleted file mode 100644
index 998eaeb..0000000
--- a/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-/**
- * @deprecated use BERSequence
- */
-public class BERConstructedSequence
- extends DERConstructedSequence
-{
- /*
- */
- void encode(
- DEROutputStream out)
- throws IOException
- {
- if (out instanceof ASN1OutputStream || out instanceof BEROutputStream)
- {
- out.write(SEQUENCE | CONSTRUCTED);
- out.write(0x80);
-
- Enumeration e = getObjects();
- while (e.hasMoreElements())
- {
- out.writeObject(e.nextElement());
- }
-
- out.write(0x00);
- out.write(0x00);
- }
- else
- {
- super.encode(out);
- }
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/BERInputStream.java b/src/main/java/org/bouncycastle/asn1/BERInputStream.java
deleted file mode 100644
index 397fc06..0000000
--- a/src/main/java/org/bouncycastle/asn1/BERInputStream.java
+++ /dev/null
@@ -1,209 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.EOFException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Vector;
-
-/**
- * @deprecated use ASN1InputStream
- */
-public class BERInputStream
- extends DERInputStream
-{
- private static final DERObject END_OF_STREAM = new DERObject()
- {
- void encode(
- DEROutputStream out)
- throws IOException
- {
- throw new IOException("Eeek!");
- }
- public int hashCode()
- {
- return 0;
- }
- public boolean equals(
- Object o)
- {
- return o == this;
- }
- };
- public BERInputStream(
- InputStream is)
- {
- super(is);
- }
-
- /**
- * read a string of bytes representing an indefinite length object.
- */
- private byte[] readIndefiniteLengthFully()
- throws IOException
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- int b, b1;
-
- b1 = read();
-
- while ((b = read()) >= 0)
- {
- if (b1 == 0 && b == 0)
- {
- break;
- }
-
- bOut.write(b1);
- b1 = b;
- }
-
- return bOut.toByteArray();
- }
-
- private BERConstructedOctetString buildConstructedOctetString()
- throws IOException
- {
- Vector octs = new Vector();
-
- for (;;)
- {
- DERObject o = readObject();
-
- if (o == END_OF_STREAM)
- {
- break;
- }
-
- octs.addElement(o);
- }
-
- return new BERConstructedOctetString(octs);
- }
-
- public DERObject readObject()
- throws IOException
- {
- int tag = read();
- if (tag == -1)
- {
- throw new EOFException();
- }
-
- int length = readLength();
-
- if (length < 0) // indefinite length method
- {
- switch (tag)
- {
- case NULL:
- return null;
- case SEQUENCE | CONSTRUCTED:
- BERConstructedSequence seq = new BERConstructedSequence();
-
- for (;;)
- {
- DERObject obj = readObject();
-
- if (obj == END_OF_STREAM)
- {
- break;
- }
-
- seq.addObject(obj);
- }
- return seq;
- case OCTET_STRING | CONSTRUCTED:
- return buildConstructedOctetString();
- case SET | CONSTRUCTED:
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- for (;;)
- {
- DERObject obj = readObject();
-
- if (obj == END_OF_STREAM)
- {
- break;
- }
-
- v.add(obj);
- }
- return new BERSet(v);
- default:
- //
- // with tagged object tag number is bottom 5 bits
- //
- if ((tag & TAGGED) != 0)
- {
- if ((tag & 0x1f) == 0x1f)
- {
- throw new IOException("unsupported high tag encountered");
- }
-
- //
- // simple type - implicit... return an octet string
- //
- if ((tag & CONSTRUCTED) == 0)
- {
- byte[] bytes = readIndefiniteLengthFully();
-
- return new BERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes));
- }
-
- //
- // either constructed or explicitly tagged
- //
- DERObject dObj = readObject();
-
- if (dObj == END_OF_STREAM) // empty tag!
- {
- return new DERTaggedObject(tag & 0x1f);
- }
-
- DERObject next = readObject();
-
- //
- // explicitly tagged (probably!) - if it isn't we'd have to
- // tell from the context
- //
- if (next == END_OF_STREAM)
- {
- return new BERTaggedObject(tag & 0x1f, dObj);
- }
-
- //
- // another implicit object, we'll create a sequence...
- //
- seq = new BERConstructedSequence();
-
- seq.addObject(dObj);
-
- do
- {
- seq.addObject(next);
- next = readObject();
- }
- while (next != END_OF_STREAM);
-
- return new BERTaggedObject(false, tag & 0x1f, seq);
- }
-
- throw new IOException("unknown BER object encountered");
- }
- }
- else
- {
- if (tag == 0 && length == 0) // end of contents marker.
- {
- return END_OF_STREAM;
- }
-
- byte[] bytes = new byte[length];
-
- readFully(bytes);
-
- return buildObject(tag, bytes);
- }
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java b/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java
index bc937ad..1118a56 100644
--- a/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java
@@ -1,9 +1,9 @@
package org.bouncycastle.asn1;
-import org.bouncycastle.util.io.Streams;
-
-import java.io.InputStream;
import java.io.IOException;
+import java.io.InputStream;
+
+import org.bouncycastle.util.io.Streams;
public class BEROctetStringParser
implements ASN1OctetStringParser
@@ -16,25 +16,22 @@
_parser = parser;
}
- /**
- * @deprecated will be removed
- */
- protected BEROctetStringParser(
- ASN1ObjectParser parser)
- {
- _parser = parser._aIn;
- }
-
public InputStream getOctetStream()
{
return new ConstructedOctetStream(_parser);
}
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ return new BERConstructedOctetString(Streams.readAll(getOctetStream()));
+ }
+
public DERObject getDERObject()
{
try
{
- return new BERConstructedOctetString(Streams.readAll(getOctetStream()));
+ return getLoadedObject();
}
catch (IOException e)
{
diff --git a/src/main/java/org/bouncycastle/asn1/BERSequence.java b/src/main/java/org/bouncycastle/asn1/BERSequence.java
index c389fa8..aec6fd6 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSequence.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSequence.java
@@ -26,7 +26,7 @@
* create a sequence containing a vector of objects.
*/
public BERSequence(
- DEREncodableVector v)
+ ASN1EncodableVector v)
{
super(v);
}
diff --git a/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java b/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java
index cd0ca27..4f3b7ec 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java
@@ -18,11 +18,17 @@
return _parser.readObject();
}
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ return new BERSequence(_parser.readVector());
+ }
+
public DERObject getDERObject()
{
try
{
- return new BERSequence(_parser.readVector());
+ return getLoadedObject();
}
catch (IOException e)
{
diff --git a/src/main/java/org/bouncycastle/asn1/BERSet.java b/src/main/java/org/bouncycastle/asn1/BERSet.java
index 1ccf0fd..a5a2633 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSet.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSet.java
@@ -26,7 +26,7 @@
* @param v - a vector of objects making up the set.
*/
public BERSet(
- DEREncodableVector v)
+ ASN1EncodableVector v)
{
super(v, false);
}
@@ -35,7 +35,7 @@
* @param v - a vector of objects making up the set.
*/
BERSet(
- DEREncodableVector v,
+ ASN1EncodableVector v,
boolean needsSorting)
{
super(v, needsSorting);
diff --git a/src/main/java/org/bouncycastle/asn1/BERSetParser.java b/src/main/java/org/bouncycastle/asn1/BERSetParser.java
index ac280d3..e345f3f 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSetParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSetParser.java
@@ -18,11 +18,17 @@
return _parser.readObject();
}
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ return new BERSet(_parser.readVector(), false);
+ }
+
public DERObject getDERObject()
{
try
{
- return new BERSet(_parser.readVector(), false);
+ return getLoadedObject();
}
catch (IOException e)
{
diff --git a/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java b/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java
index ce7318d..40333fb 100644
--- a/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java
@@ -6,33 +6,41 @@
public class BERTaggedObjectParser
implements ASN1TaggedObjectParser
{
- private int _baseTag;
+ private boolean _constructed;
private int _tagNumber;
- private InputStream _contentStream;
+ private ASN1StreamParser _parser;
- private boolean _indefiniteLength;
-
+ /**
+ * @deprecated
+ */
protected BERTaggedObjectParser(
int baseTag,
int tagNumber,
InputStream contentStream)
{
- _baseTag = baseTag;
+ this((baseTag & DERTags.CONSTRUCTED) != 0, tagNumber, new ASN1StreamParser(contentStream));
+ }
+
+ BERTaggedObjectParser(
+ boolean constructed,
+ int tagNumber,
+ ASN1StreamParser parser)
+ {
+ _constructed = constructed;
_tagNumber = tagNumber;
- _contentStream = contentStream;
- _indefiniteLength = contentStream instanceof IndefiniteLengthInputStream;
+ _parser = parser;
}
public boolean isConstructed()
{
- return (_baseTag & DERTags.CONSTRUCTED) != 0;
+ return _constructed;
}
public int getTagNo()
{
return _tagNumber;
}
-
+
public DEREncodable getObjectParser(
int tag,
boolean isExplicit)
@@ -40,84 +48,31 @@
{
if (isExplicit)
{
- return new ASN1StreamParser(_contentStream).readObject();
+ if (!_constructed)
+ {
+ throw new IOException("Explicit tags must be constructed (see X.690 8.14.2)");
+ }
+ return _parser.readObject();
}
- switch (tag)
- {
- case DERTags.SET:
- if (_indefiniteLength)
- {
- return new BERSetParser(new ASN1StreamParser(_contentStream));
- }
- else
- {
- return new DERSetParser(new ASN1StreamParser(_contentStream));
- }
- case DERTags.SEQUENCE:
- if (_indefiniteLength)
- {
- return new BERSequenceParser(new ASN1StreamParser(_contentStream));
- }
- else
- {
- return new DERSequenceParser(new ASN1StreamParser(_contentStream));
- }
- case DERTags.OCTET_STRING:
- // TODO Is the handling of definite length constructed encodings correct?
- if (_indefiniteLength || this.isConstructed())
- {
- return new BEROctetStringParser(new ASN1StreamParser(_contentStream));
- }
- else
- {
- return new DEROctetStringParser((DefiniteLengthInputStream)_contentStream);
- }
- }
-
- throw new RuntimeException("implicit tagging not implemented");
+ return _parser.readImplicit(_constructed, tag);
}
- private ASN1EncodableVector rLoadVector(InputStream in)
+ public DERObject getLoadedObject()
+ throws IOException
{
- try
- {
- return new ASN1StreamParser(in).readVector();
- }
- catch (IOException e)
- {
- throw new ASN1ParsingException(e.getMessage(), e);
- }
+ return _parser.readTaggedObject(_constructed, _tagNumber);
}
public DERObject getDERObject()
{
- if (_indefiniteLength)
- {
- ASN1EncodableVector v = rLoadVector(_contentStream);
-
- return v.size() == 1
- ? new BERTaggedObject(true, _tagNumber, v.get(0))
- : new BERTaggedObject(false, _tagNumber, BERFactory.createSequence(v));
- }
-
- if (this.isConstructed())
- {
- ASN1EncodableVector v = rLoadVector(_contentStream);
-
- return v.size() == 1
- ? new DERTaggedObject(true, _tagNumber, v.get(0))
- : new DERTaggedObject(false, _tagNumber, DERFactory.createSequence(v));
- }
-
try
{
- DefiniteLengthInputStream defIn = (DefiniteLengthInputStream)_contentStream;
- return new DERTaggedObject(false, _tagNumber, new DEROctetString(defIn.toByteArray()));
+ return this.getLoadedObject();
}
catch (IOException e)
{
- throw new IllegalStateException(e.getMessage());
+ throw new ASN1ParsingException(e.getMessage());
}
}
}
diff --git a/src/main/java/org/bouncycastle/asn1/DERBMPString.java b/src/main/java/org/bouncycastle/asn1/DERBMPString.java
index 1472325..1ff72de 100644
--- a/src/main/java/org/bouncycastle/asn1/DERBMPString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERBMPString.java
@@ -25,16 +25,6 @@
return (DERBMPString)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERBMPString(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -51,7 +41,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERBMPString)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERBMPString(ASN1OctetString.getInstance(o).getOctets());
+ }
}
diff --git a/src/main/java/org/bouncycastle/asn1/DERBitString.java b/src/main/java/org/bouncycastle/asn1/DERBitString.java
index efcdaca..efca7d3 100644
--- a/src/main/java/org/bouncycastle/asn1/DERBitString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERBitString.java
@@ -1,10 +1,10 @@
package org.bouncycastle.asn1;
-import org.bouncycastle.util.Arrays;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import org.bouncycastle.util.Arrays;
+
public class DERBitString
extends ASN1Object
implements DERString
@@ -100,22 +100,6 @@
return (DERBitString)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- byte[] bytes = ((ASN1OctetString)obj).getOctets();
- int padBits = bytes[0];
- byte[] data = new byte[bytes.length - 1];
-
- System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
-
- return new DERBitString(data, padBits);
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -132,7 +116,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERBitString)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return fromOctetString(((ASN1OctetString)o).getOctets());
+ }
}
protected DERBitString(
@@ -263,4 +256,22 @@
{
return getString();
}
+
+ static DERBitString fromOctetString(byte[] bytes)
+ {
+ if (bytes.length < 1)
+ {
+ throw new IllegalArgumentException("truncated BIT STRING detected");
+ }
+
+ int padBits = bytes[0];
+ byte[] data = new byte[bytes.length - 1];
+
+ if (data.length != 0)
+ {
+ System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
+ }
+
+ return new DERBitString(data, padBits);
+ }
}
diff --git a/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/src/main/java/org/bouncycastle/asn1/DERBoolean.java
index 5667715..5cba346 100644
--- a/src/main/java/org/bouncycastle/asn1/DERBoolean.java
+++ b/src/main/java/org/bouncycastle/asn1/DERBoolean.java
@@ -25,18 +25,6 @@
return (DERBoolean)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- // BEGIN android-changed
- return getInstance(((ASN1OctetString)obj).getOctets());
- // END android-changed
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -73,24 +61,40 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
- }
+ DERObject o = obj.getObject();
+ if (explicit || o instanceof DERBoolean)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ // BEGIN android-changed
+ return getInstance(((ASN1OctetString)o).getOctets());
+ // END android-changed
+ }
+ }
+
// BEGIN android-removed
- //private DERBoolean(
- // byte[] value)
- //{
- // this.value = value[0];
- //}
+ // public DERBoolean(
+ // byte[] value)
+ // {
+ // if (value.length != 1)
+ // {
+ // throw new IllegalArgumentException("byte value should have 1 byte in it");
+ // }
+ //
+ // this.value = value[0];
+ // }
// END android-removed
// BEGIN android-changed
- private DERBoolean(
+ protected DERBoolean(
boolean value)
+ // END android-changed
{
this.value = (value) ? (byte)0xff : (byte)0;
}
- // END android-changed
public boolean isTrue()
{
diff --git a/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java b/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java
deleted file mode 100644
index 99a493e..0000000
--- a/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Enumeration;
-
-/**
- * @deprecated use DERSequence.
- */
-public class DERConstructedSequence
- extends ASN1Sequence
-{
- public void addObject(
- DEREncodable obj)
- {
- super.addObject(obj);
- }
-
- public int getSize()
- {
- return size();
- }
-
- /*
- * A note on the implementation:
- * <p>
- * As DER requires the constructed, definite-length model to
- * be used for structured types, this varies slightly from the
- * ASN.1 descriptions given. Rather than just outputing SEQUENCE,
- * we also have to specify CONSTRUCTED, and the objects length.
- */
- void encode(
- DEROutputStream out)
- throws IOException
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
- Enumeration e = this.getObjects();
-
- while (e.hasMoreElements())
- {
- Object obj = e.nextElement();
-
- dOut.writeObject(obj);
- }
-
- dOut.close();
-
- byte[] bytes = bOut.toByteArray();
-
- out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes);
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java b/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java
deleted file mode 100644
index 695cef3..0000000
--- a/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Enumeration;
-
-/**
- *
- * @deprecated use DERSet
- */
-public class DERConstructedSet
- extends ASN1Set
-{
- public DERConstructedSet()
- {
- }
-
- /**
- * @param obj - a single object that makes up the set.
- */
- public DERConstructedSet(
- DEREncodable obj)
- {
- this.addObject(obj);
- }
-
- /**
- * @param v - a vector of objects making up the set.
- */
- public DERConstructedSet(
- DEREncodableVector v)
- {
- for (int i = 0; i != v.size(); i++)
- {
- this.addObject(v.get(i));
- }
- }
-
- public void addObject(
- DEREncodable obj)
- {
- super.addObject(obj);
- }
-
- public int getSize()
- {
- return size();
- }
-
- /*
- * A note on the implementation:
- * <p>
- * As DER requires the constructed, definite-length model to
- * be used for structured types, this varies slightly from the
- * ASN.1 descriptions given. Rather than just outputing SET,
- * we also have to specify CONSTRUCTED, and the objects length.
- */
- void encode(
- DEROutputStream out)
- throws IOException
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
- Enumeration e = this.getObjects();
-
- while (e.hasMoreElements())
- {
- Object obj = e.nextElement();
-
- dOut.writeObject(obj);
- }
-
- dOut.close();
-
- byte[] bytes = bOut.toByteArray();
-
- out.writeEncoded(SET | CONSTRUCTED, bytes);
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/DEREnumerated.java b/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
index 5a9da4c..440744e 100644
--- a/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
+++ b/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
@@ -1,10 +1,10 @@
package org.bouncycastle.asn1;
-import org.bouncycastle.util.Arrays;
-
import java.io.IOException;
import java.math.BigInteger;
+import org.bouncycastle.util.Arrays;
+
public class DEREnumerated
extends ASN1Object
{
@@ -23,16 +23,6 @@
return (DEREnumerated)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DEREnumerated(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -49,7 +39,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DEREnumerated)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DEREnumerated(((ASN1OctetString)o).getOctets());
+ }
}
public DEREnumerated(
diff --git a/src/main/java/org/bouncycastle/asn1/DERExternal.java b/src/main/java/org/bouncycastle/asn1/DERExternal.java
index ad062c8..769c945 100644
--- a/src/main/java/org/bouncycastle/asn1/DERExternal.java
+++ b/src/main/java/org/bouncycastle/asn1/DERExternal.java
@@ -18,25 +18,32 @@
public DERExternal(ASN1EncodableVector vector)
{
int offset = 0;
- DERObject enc = vector.get(offset).getDERObject();
+
+ DERObject enc = getObjFromVector(vector, offset);
if (enc instanceof DERObjectIdentifier)
{
directReference = (DERObjectIdentifier)enc;
offset++;
- enc = vector.get(offset).getDERObject();
+ enc = getObjFromVector(vector, offset);
}
if (enc instanceof DERInteger)
{
indirectReference = (DERInteger) enc;
offset++;
- enc = vector.get(offset).getDERObject();
+ enc = getObjFromVector(vector, offset);
}
if (!(enc instanceof DERTaggedObject))
{
dataValueDescriptor = (ASN1Object) enc;
offset++;
- enc = vector.get(offset).getDERObject();
+ enc = getObjFromVector(vector, offset);
}
+
+ if (vector.size() != offset + 1)
+ {
+ throw new IllegalArgumentException("input vector too large");
+ }
+
if (!(enc instanceof DERTaggedObject))
{
throw new IllegalArgumentException("No tagged object found in vector. Structure doesn't seem to be of type External");
@@ -46,6 +53,15 @@
externalContent = obj.getObject();
}
+ private DERObject getObjFromVector(ASN1EncodableVector v, int index)
+ {
+ if (v.size() <= index)
+ {
+ throw new IllegalArgumentException("too few objects in input vector");
+ }
+
+ return v.get(index).getDERObject();
+ }
/**
* Creates a new instance of DERExternal
* See X.690 for more informations about the meaning of these parameters
diff --git a/src/main/java/org/bouncycastle/asn1/DERExternalParser.java b/src/main/java/org/bouncycastle/asn1/DERExternalParser.java
index 0fbfb68..059908f 100644
--- a/src/main/java/org/bouncycastle/asn1/DERExternalParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DERExternalParser.java
@@ -3,7 +3,7 @@
import java.io.IOException;
public class DERExternalParser
- implements DEREncodable
+ implements DEREncodable, InMemoryRepresentable
{
private ASN1StreamParser _parser;
@@ -20,12 +20,25 @@
{
return _parser.readObject();
}
+
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ try
+ {
+ return new DERExternal(_parser.readVector());
+ }
+ catch (IllegalArgumentException e)
+ {
+ throw new ASN1Exception(e.getMessage(), e);
+ }
+ }
public DERObject getDERObject()
{
try
{
- return new DERExternal(_parser.readVector());
+ return getLoadedObject();
}
catch (IOException ioe)
{
diff --git a/src/main/java/org/bouncycastle/asn1/DERGeneralString.java b/src/main/java/org/bouncycastle/asn1/DERGeneralString.java
index 1992cf3..51d4658 100644
--- a/src/main/java/org/bouncycastle/asn1/DERGeneralString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERGeneralString.java
@@ -14,14 +14,7 @@
{
return (DERGeneralString) obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERGeneralString(((ASN1OctetString) obj).getOctets());
- }
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject) obj).getObject());
- }
+
throw new IllegalArgumentException("illegal object in getInstance: "
+ obj.getClass().getName());
}
@@ -30,7 +23,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERGeneralString)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERGeneralString(((ASN1OctetString)o).getOctets());
+ }
}
public DERGeneralString(byte[] string)
diff --git a/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java b/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
index 5366347..728cb22 100644
--- a/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
+++ b/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
@@ -28,11 +28,6 @@
return (DERGeneralizedTime)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERGeneralizedTime(((ASN1OctetString)obj).getOctets());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -49,7 +44,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERGeneralizedTime)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERGeneralizedTime(((ASN1OctetString)o).getOctets());
+ }
}
/**
@@ -223,7 +227,7 @@
{
d = this.getTime();
if (hasFractionalSeconds())
- {
+ {
dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
}
else
@@ -260,11 +264,22 @@
break;
}
}
+
if (index - 1 > 3)
{
frac = frac.substring(0, 4) + frac.substring(index);
d = d.substring(0, 14) + frac;
}
+ else if (index - 1 == 1)
+ {
+ frac = frac.substring(0, index) + "00" + frac.substring(index);
+ d = d.substring(0, 14) + frac;
+ }
+ else if (index - 1 == 2)
+ {
+ frac = frac.substring(0, index) + "0" + frac.substring(index);
+ d = d.substring(0, 14) + frac;
+ }
}
return dateF.parse(d);
diff --git a/src/main/java/org/bouncycastle/asn1/DERIA5String.java b/src/main/java/org/bouncycastle/asn1/DERIA5String.java
index a90830c..e94c62b 100644
--- a/src/main/java/org/bouncycastle/asn1/DERIA5String.java
+++ b/src/main/java/org/bouncycastle/asn1/DERIA5String.java
@@ -24,16 +24,6 @@
return (DERIA5String)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERIA5String(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -50,7 +40,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERIA5String)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERIA5String(((ASN1OctetString)o).getOctets());
+ }
}
/**
diff --git a/src/main/java/org/bouncycastle/asn1/DERInputStream.java b/src/main/java/org/bouncycastle/asn1/DERInputStream.java
deleted file mode 100644
index 6edc699..0000000
--- a/src/main/java/org/bouncycastle/asn1/DERInputStream.java
+++ /dev/null
@@ -1,276 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayInputStream;
-import java.io.EOFException;
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-/**
- * Don't use this class. It will eventually disappear, use ASN1InputStream.
- * <br>
- * This class is scheduled for removal.
- * @deprecated use ASN1InputStream
- */
-public class DERInputStream
- extends FilterInputStream implements DERTags
-{
- /**
- * @deprecated use ASN1InputStream
- */
- public DERInputStream(
- InputStream is)
- {
- super(is);
- }
-
- protected int readLength()
- throws IOException
- {
- int length = read();
- if (length < 0)
- {
- throw new IOException("EOF found when length expected");
- }
-
- if (length == 0x80)
- {
- return -1; // indefinite-length encoding
- }
-
- if (length > 127)
- {
- int size = length & 0x7f;
-
- if (size > 4)
- {
- throw new IOException("DER length more than 4 bytes");
- }
-
- length = 0;
- for (int i = 0; i < size; i++)
- {
- int next = read();
-
- if (next < 0)
- {
- throw new IOException("EOF found reading length");
- }
-
- length = (length << 8) + next;
- }
-
- if (length < 0)
- {
- throw new IOException("corrupted stream - negative length found");
- }
- }
-
- return length;
- }
-
- protected void readFully(
- byte[] bytes)
- throws IOException
- {
- int left = bytes.length;
-
- if (left == 0)
- {
- return;
- }
-
- while (left > 0)
- {
- int l = read(bytes, bytes.length - left, left);
-
- if (l < 0)
- {
- throw new EOFException("unexpected end of stream");
- }
-
- left -= l;
- }
- }
-
- /**
- * build an object given its tag and a byte stream to construct it
- * from.
- */
- protected DERObject buildObject(
- int tag,
- byte[] bytes)
- throws IOException
- {
- switch (tag)
- {
- case NULL:
- return null;
- case SEQUENCE | CONSTRUCTED:
- ByteArrayInputStream bIn = new ByteArrayInputStream(bytes);
- BERInputStream dIn = new BERInputStream(bIn);
- DERConstructedSequence seq = new DERConstructedSequence();
-
- try
- {
- for (;;)
- {
- DERObject obj = dIn.readObject();
-
- seq.addObject(obj);
- }
- }
- catch (EOFException ex)
- {
- return seq;
- }
- case SET | CONSTRUCTED:
- bIn = new ByteArrayInputStream(bytes);
- dIn = new BERInputStream(bIn);
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- try
- {
- for (;;)
- {
- DERObject obj = dIn.readObject();
-
- v.add(obj);
- }
- }
- catch (EOFException ex)
- {
- return new DERConstructedSet(v);
- }
- case BOOLEAN:
- // BEGIN android-changed
- return DERBoolean.getInstance(bytes);
- // BEGIN android-changed
- case INTEGER:
- return new DERInteger(bytes);
- case ENUMERATED:
- return new DEREnumerated(bytes);
- case OBJECT_IDENTIFIER:
- return new DERObjectIdentifier(bytes);
- case BIT_STRING:
- int padBits = bytes[0];
- byte[] data = new byte[bytes.length - 1];
-
- System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
-
- return new DERBitString(data, padBits);
- case UTF8_STRING:
- return new DERUTF8String(bytes);
- case PRINTABLE_STRING:
- return new DERPrintableString(bytes);
- case IA5_STRING:
- return new DERIA5String(bytes);
- case T61_STRING:
- return new DERT61String(bytes);
- case VISIBLE_STRING:
- return new DERVisibleString(bytes);
- case UNIVERSAL_STRING:
- return new DERUniversalString(bytes);
- case GENERAL_STRING:
- return new DERGeneralString(bytes);
- case BMP_STRING:
- return new DERBMPString(bytes);
- case OCTET_STRING:
- return new DEROctetString(bytes);
- case UTC_TIME:
- return new DERUTCTime(bytes);
- case GENERALIZED_TIME:
- return new DERGeneralizedTime(bytes);
- default:
- //
- // with tagged object tag number is bottom 5 bits
- //
- if ((tag & TAGGED) != 0)
- {
- if ((tag & 0x1f) == 0x1f)
- {
- throw new IOException("unsupported high tag encountered");
- }
-
- if (bytes.length == 0) // empty tag!
- {
- if ((tag & CONSTRUCTED) == 0)
- {
- // BEGIN android-changed
- return new DERTaggedObject(false, tag & 0x1f, DERNull.INSTANCE);
- // END android-changed
- }
- else
- {
- return new DERTaggedObject(false, tag & 0x1f, new DERConstructedSequence());
- }
- }
-
- //
- // simple type - implicit... return an octet string
- //
- if ((tag & CONSTRUCTED) == 0)
- {
- return new DERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes));
- }
-
- bIn = new ByteArrayInputStream(bytes);
- dIn = new BERInputStream(bIn);
-
- DEREncodable dObj = dIn.readObject();
-
- //
- // explicitly tagged (probably!) - if it isn't we'd have to
- // tell from the context
- //
- if (dIn.available() == 0)
- {
- return new DERTaggedObject(tag & 0x1f, dObj);
- }
-
- //
- // another implicit object, we'll create a sequence...
- //
- seq = new DERConstructedSequence();
-
- seq.addObject(dObj);
-
- try
- {
- for (;;)
- {
- dObj = dIn.readObject();
-
- seq.addObject(dObj);
- }
- }
- catch (EOFException ex)
- {
- // ignore --
- }
-
- return new DERTaggedObject(false, tag & 0x1f, seq);
- }
-
- return new DERUnknownTag(tag, bytes);
- }
- }
-
- public DERObject readObject()
- throws IOException
- {
- int tag = read();
- if (tag == -1)
- {
- throw new EOFException();
- }
-
- int length = readLength();
- byte[] bytes = new byte[length];
-
- readFully(bytes);
-
- return buildObject(tag, bytes);
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/DERInteger.java b/src/main/java/org/bouncycastle/asn1/DERInteger.java
index 8f97428..c72a6cb 100644
--- a/src/main/java/org/bouncycastle/asn1/DERInteger.java
+++ b/src/main/java/org/bouncycastle/asn1/DERInteger.java
@@ -23,16 +23,6 @@
return (DERInteger)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERInteger(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -49,7 +39,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERInteger)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new ASN1Integer(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+ }
}
public DERInteger(
diff --git a/src/main/java/org/bouncycastle/asn1/DERNumericString.java b/src/main/java/org/bouncycastle/asn1/DERNumericString.java
index 3c72193..23314a6 100644
--- a/src/main/java/org/bouncycastle/asn1/DERNumericString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERNumericString.java
@@ -24,16 +24,6 @@
return (DERNumericString)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERNumericString(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -50,7 +40,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERNumericString)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERNumericString(ASN1OctetString.getInstance(o).getOctets());
+ }
}
/**
diff --git a/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
index bad9473..8e579f7 100644
--- a/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
+++ b/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
@@ -23,16 +23,6 @@
return (DERObjectIdentifier)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERObjectIdentifier(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -49,7 +39,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERObjectIdentifier)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new ASN1ObjectIdentifier(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+ }
}
@@ -147,39 +146,15 @@
long fieldValue)
throws IOException
{
- if (fieldValue >= (1L << 7))
+ byte[] result = new byte[9];
+ int pos = 8;
+ result[pos] = (byte)((int)fieldValue & 0x7f);
+ while (fieldValue >= (1L << 7))
{
- if (fieldValue >= (1L << 14))
- {
- if (fieldValue >= (1L << 21))
- {
- if (fieldValue >= (1L << 28))
- {
- if (fieldValue >= (1L << 35))
- {
- if (fieldValue >= (1L << 42))
- {
- if (fieldValue >= (1L << 49))
- {
- if (fieldValue >= (1L << 56))
- {
- out.write((int)(fieldValue >> 56) | 0x80);
- }
- out.write((int)(fieldValue >> 49) | 0x80);
- }
- out.write((int)(fieldValue >> 42) | 0x80);
- }
- out.write((int)(fieldValue >> 35) | 0x80);
- }
- out.write((int)(fieldValue >> 28) | 0x80);
- }
- out.write((int)(fieldValue >> 21) | 0x80);
- }
- out.write((int)(fieldValue >> 14) | 0x80);
- }
- out.write((int)(fieldValue >> 7) | 0x80);
+ fieldValue >>= 7;
+ result[--pos] = (byte)((int)fieldValue & 0x7f | 0x80);
}
- out.write((int)fieldValue & 0x7f);
+ out.write(result, pos, 9 - pos);
}
private void writeField(
diff --git a/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java b/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java
index f6138d9..2318f5c 100644
--- a/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java
@@ -1,7 +1,7 @@
package org.bouncycastle.asn1;
-import java.io.InputStream;
import java.io.IOException;
+import java.io.InputStream;
public class DEROctetStringParser
implements ASN1OctetStringParser
@@ -19,11 +19,17 @@
return stream;
}
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ return new DEROctetString(stream.toByteArray());
+ }
+
public DERObject getDERObject()
{
try
{
- return new DEROctetString(stream.toByteArray());
+ return getLoadedObject();
}
catch (IOException e)
{
diff --git a/src/main/java/org/bouncycastle/asn1/DERPrintableString.java b/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
index c7a6f44..2f84c1c 100644
--- a/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
@@ -26,16 +26,6 @@
return (DERPrintableString)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERPrintableString(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -52,7 +42,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERPrintableString)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERPrintableString(ASN1OctetString.getInstance(o).getOctets());
+ }
}
/**
diff --git a/src/main/java/org/bouncycastle/asn1/DERSequence.java b/src/main/java/org/bouncycastle/asn1/DERSequence.java
index a2e6ab5..bb7f7fb 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSequence.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSequence.java
@@ -27,7 +27,7 @@
* create a sequence containing a vector of objects.
*/
public DERSequence(
- DEREncodableVector v)
+ ASN1EncodableVector v)
{
for (int i = 0; i != v.size(); i++)
{
diff --git a/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java b/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java
index 59ba7f7..b91dfa0 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java
@@ -18,11 +18,17 @@
return _parser.readObject();
}
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ return new DERSequence(_parser.readVector());
+ }
+
public DERObject getDERObject()
{
try
{
- return new DERSequence(_parser.readVector());
+ return getLoadedObject();
}
catch (IOException e)
{
diff --git a/src/main/java/org/bouncycastle/asn1/DERSet.java b/src/main/java/org/bouncycastle/asn1/DERSet.java
index b116e0c..c4acc82 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSet.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSet.java
@@ -30,7 +30,7 @@
* @param v - a vector of objects making up the set.
*/
public DERSet(
- DEREncodableVector v)
+ ASN1EncodableVector v)
{
this(v, true);
}
@@ -53,7 +53,7 @@
* @param v - a vector of objects making up the set.
*/
DERSet(
- DEREncodableVector v,
+ ASN1EncodableVector v,
boolean needsSorting)
{
for (int i = 0; i != v.size(); i++)
diff --git a/src/main/java/org/bouncycastle/asn1/DERSetParser.java b/src/main/java/org/bouncycastle/asn1/DERSetParser.java
index 2793e51..44ddb80 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSetParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSetParser.java
@@ -18,11 +18,17 @@
return _parser.readObject();
}
+ public DERObject getLoadedObject()
+ throws IOException
+ {
+ return new DERSet(_parser.readVector(), false);
+ }
+
public DERObject getDERObject()
{
try
{
- return new DERSet(_parser.readVector(), false);
+ return getLoadedObject();
}
catch (IOException e)
{
diff --git a/src/main/java/org/bouncycastle/asn1/DERString.java b/src/main/java/org/bouncycastle/asn1/DERString.java
index 3143be9..37dc905 100644
--- a/src/main/java/org/bouncycastle/asn1/DERString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERString.java
@@ -4,6 +4,7 @@
* basic interface for DER string objects.
*/
public interface DERString
+ extends ASN1String
{
- public String getString();
+
}
diff --git a/src/main/java/org/bouncycastle/asn1/DERT61String.java b/src/main/java/org/bouncycastle/asn1/DERT61String.java
index 09039fc..519a950 100644
--- a/src/main/java/org/bouncycastle/asn1/DERT61String.java
+++ b/src/main/java/org/bouncycastle/asn1/DERT61String.java
@@ -24,16 +24,6 @@
return (DERT61String)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERT61String(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -50,7 +40,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERT61String(ASN1OctetString.getInstance(o).getOctets());
+ }
}
/**
diff --git a/src/main/java/org/bouncycastle/asn1/DERUTCTime.java b/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
index 7a05664..f183d72 100644
--- a/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
+++ b/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
@@ -27,11 +27,6 @@
return (DERUTCTime)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERUTCTime(((ASN1OctetString)obj).getOctets());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -48,7 +43,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERUTCTime)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERUTCTime(((ASN1OctetString)o).getOctets());
+ }
}
/**
diff --git a/src/main/java/org/bouncycastle/asn1/DERUTF8String.java b/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
index 082aa63..06d6fe9 100644
--- a/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
+++ b/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
@@ -1,9 +1,9 @@
package org.bouncycastle.asn1;
-import org.bouncycastle.util.Strings;
-
import java.io.IOException;
+import org.bouncycastle.util.Strings;
+
/**
* DER UTF8String object.
*/
@@ -26,16 +26,6 @@
return (DERUTF8String)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERUTF8String(((ASN1OctetString)obj).getOctets());
- }
-
- if (obj instanceof ASN1TaggedObject)
- {
- return getInstance(((ASN1TaggedObject)obj).getObject());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: "
+ obj.getClass().getName());
}
@@ -55,15 +45,31 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERUTF8String)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERUTF8String(ASN1OctetString.getInstance(o).getOctets());
+ }
}
/**
* basic constructor - byte encoded string.
*/
- DERUTF8String(byte[] string)
+ public DERUTF8String(byte[] string)
{
- this.string = Strings.fromUTF8ByteArray(string);
+ try
+ {
+ this.string = Strings.fromUTF8ByteArray(string);
+ }
+ catch (ArrayIndexOutOfBoundsException e)
+ {
+ throw new IllegalArgumentException("UTF8 encoding invalid");
+ }
}
/**
diff --git a/src/main/java/org/bouncycastle/asn1/DERUniversalString.java b/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
index 68be9a0..6e54934 100644
--- a/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
@@ -26,11 +26,6 @@
return (DERUniversalString)obj;
}
- if (obj instanceof ASN1OctetString)
- {
- return new DERUniversalString(((ASN1OctetString)obj).getOctets());
- }
-
throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
}
@@ -47,7 +42,16 @@
ASN1TaggedObject obj,
boolean explicit)
{
- return getInstance(obj.getObject());
+ DERObject o = obj.getObject();
+
+ if (explicit || o instanceof DERUniversalString)
+ {
+ return getInstance(o);
+ }
+ else
+ {
+ return new DERUniversalString(((ASN1OctetString)o).getOctets());
+ }
}
/**
diff --git a/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java b/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
index 2a7f2e7..3785174 100644
--- a/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
@@ -18,7 +18,7 @@
InputStream in,
int length)
{
- super(in);
+ super(in, length);
if (length < 0)
{
diff --git a/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java b/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java
new file mode 100644
index 0000000..981ee1b
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.asn1;
+
+import java.io.IOException;
+
+public interface InMemoryRepresentable
+{
+ DERObject getLoadedObject()
+ throws IOException;
+}
diff --git a/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java b/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
index d9eac06..353da3b 100644
--- a/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
@@ -13,10 +13,11 @@
private boolean _eofOn00 = true;
IndefiniteLengthInputStream(
- InputStream in)
+ InputStream in,
+ int limit)
throws IOException
{
- super(in);
+ super(in, limit);
_b1 = in.read();
_b2 = in.read();
diff --git a/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java b/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java
index da9e1b8..91074a6 100644
--- a/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java
+++ b/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java
@@ -29,7 +29,7 @@
parsed = true;
}
- public DEREncodable getObjectAt(int index)
+ public synchronized DEREncodable getObjectAt(int index)
{
if (!parsed)
{
@@ -39,7 +39,7 @@
return super.getObjectAt(index);
}
- public Enumeration getObjects()
+ public synchronized Enumeration getObjects()
{
if (parsed)
{
diff --git a/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java b/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
index 5a93335..d94b0bd 100644
--- a/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
@@ -6,13 +6,22 @@
extends InputStream
{
protected final InputStream _in;
+ private int _limit;
LimitedInputStream(
- InputStream in)
+ InputStream in,
+ int limit)
{
this._in = in;
+ this._limit = limit;
}
+ int getRemaining()
+ {
+ // TODO: maybe one day this can become more accurate
+ return _limit;
+ }
+
protected void setParentEofDetect(boolean on)
{
if (_in instanceof IndefiniteLengthInputStream)
diff --git a/src/main/java/org/bouncycastle/asn1/OrderedTable.java b/src/main/java/org/bouncycastle/asn1/OrderedTable.java
deleted file mode 100644
index 8db8ab8..0000000
--- a/src/main/java/org/bouncycastle/asn1/OrderedTable.java
+++ /dev/null
@@ -1,281 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.util.Enumeration;
-import java.util.ConcurrentModificationException;
-
-// BEGIN android-note
-/*
- * This is a new class that was synthesized from the observed
- * requirement for a lookup table that preserves order. Since in
- * practice the element count is typically very low, we just use a
- * flat list rather than doing any hashing / bucketing.
- */
-// END android-note
-
-/**
- * Ordered lookup table. Instances of this class will keep up to four
- * key-value pairs directly, resorting to an external collection only
- * if more elements than that need to be stored.
- */
-public final class OrderedTable {
- /** null-ok; key #0 */
- private DERObjectIdentifier key0;
-
- /** null-ok; key #1 */
- private DERObjectIdentifier key1;
-
- /** null-ok; key #2 */
- private DERObjectIdentifier key2;
-
- /** null-ok; key #3 */
- private DERObjectIdentifier key3;
-
- /** null-ok; value #0 */
- private Object value0;
-
- /** null-ok; value #1 */
- private Object value1;
-
- /** null-ok; value #2 */
- private Object value2;
-
- /** null-ok; value #3 */
- private Object value3;
-
- /**
- * null-ok; array of additional keys and values, alternating
- * key then value, etc.
- */
- private Object[] rest;
-
- /** >= 0; number of elements in the list */
- private int size;
-
- // Note: Default public constructor.
-
- /**
- * Adds an element assuming no duplicate key.
- *
- * @see #put
- *
- * @param key non-null; the key
- * @param value non-null; the value
- */
- public void add(DERObjectIdentifier key, Object value) {
- if (key == null) {
- throw new NullPointerException("key == null");
- }
-
- if (value == null) {
- throw new NullPointerException("value == null");
- }
-
- int sz = size;
-
- switch (sz) {
- case 0: {
- key0 = key;
- value0 = value;
- break;
- }
- case 1: {
- key1 = key;
- value1 = value;
- break;
- }
- case 2: {
- key2 = key;
- value2 = value;
- break;
- }
- case 3: {
- key3 = key;
- value3 = value;
- break;
- }
- case 4: {
- // Do initial allocation of rest.
- rest = new Object[10];
- rest[0] = key;
- rest[1] = value;
- break;
- }
- default: {
- int index = (sz - 4) * 2;
- int index1 = index + 1;
- if (index1 >= rest.length) {
- // Grow rest.
- Object[] newRest = new Object[index1 * 2 + 10];
- System.arraycopy(rest, 0, newRest, 0, rest.length);
- rest = newRest;
- }
- rest[index] = key;
- rest[index1] = value;
- break;
- }
- }
-
- size = sz + 1;
- }
-
- /**
- * Gets the number of elements in this instance.
- */
- public int size() {
- return size;
- }
-
- /**
- * Look up the given key, returning the associated value if found.
- *
- * @param key non-null; the key to look up
- * @return null-ok; the associated value
- */
- public Object get(DERObjectIdentifier key) {
- int keyHash = key.hashCode();
- int sz = size;
-
- for (int i = 0; i < size; i++) {
- DERObjectIdentifier probe = getKey(i);
- if ((probe.hashCode() == keyHash) &&
- probe.equals(key)) {
- return getValue(i);
- }
- }
-
- return null;
- }
-
- /**
- * Replace a key if present, otherwise add
- *
- * @see #add
- *
- * @param key non-null; the key
- * @param value non-null; the value
- */
- public void put(DERObjectIdentifier key, Object value) {
- if (key == null) {
- throw new NullPointerException("key == null");
- }
-
- if (value == null) {
- throw new NullPointerException("value == null");
- }
-
- int keyHash = key.hashCode();
- int sz = size;
-
- for (int i = 0; i < size; i++) {
- DERObjectIdentifier probe = getKey(i);
- if ((probe.hashCode() == keyHash) &&
- probe.equals(key)) {
- setValue(i, value);
- return;
- }
- }
-
- add(key, value);
- }
-
- /**
- * Gets the nth key.
- *
- * @param n index
- * @return non-null; the nth key
- */
- public DERObjectIdentifier getKey(int n) {
- if ((n < 0) || (n >= size)) {
- throw new IndexOutOfBoundsException(Integer.toString(n));
- }
-
- switch (n) {
- case 0: return key0;
- case 1: return key1;
- case 2: return key2;
- case 3: return key3;
- default: return (DERObjectIdentifier) rest[(n - 4) * 2];
- }
- }
-
- /**
- * Gets the nth value.
- *
- * @param n index
- * @return non-null; the nth value
- */
- public Object getValue(int n) {
- if ((n < 0) || (n >= size)) {
- throw new IndexOutOfBoundsException(Integer.toString(n));
- }
-
- switch (n) {
- case 0: return value0;
- case 1: return value1;
- case 2: return value2;
- case 3: return value3;
- default: return rest[((n - 4) * 2) + 1];
- }
- }
-
- /**
- * Sets the nth value.
- *
- * @param n index
- * @param value non-null object
- */
- public void setValue(int n, Object value) {
- if ((n < 0) || (n >= size)) {
- throw new IndexOutOfBoundsException(Integer.toString(n));
- }
- if (value == null) {
- throw new NullPointerException("value == null");
- }
-
- switch (n) {
- case 0: value0 = value; return;
- case 1: value1 = value; return;
- case 2: value2 = value; return;
- case 3: value3 = value; return;
- default: rest[((n - 4) * 2) + 1] = value; return;
- }
- }
-
- /**
- * Gets an enumeration of the keys, in order.
- *
- * @return non-null; an enumeration of the keys
- */
- public Enumeration getKeys() {
- return new KeyEnumeration();
- }
-
- /**
- * Associated enumeration class.
- */
- private class KeyEnumeration implements Enumeration {
- /** original size; used for modification detection */
- private final int origSize = size;
-
- /** >= 0; current cursor */
- private int at = 0;
-
- /** {@inheritDoc} */
- public boolean hasMoreElements() {
- if (size != origSize) {
- throw new ConcurrentModificationException();
- }
-
- return at < origSize;
- }
-
- /** {@inheritDoc} */
- public Object nextElement() {
- if (size != origSize) {
- throw new ConcurrentModificationException();
- }
-
- return getKey(at++);
- }
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java
deleted file mode 100644
index 88e7c18..0000000
--- a/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.asn1.cms;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-
-public interface CMSObjectIdentifiers
-{
- static final DERObjectIdentifier data = PKCSObjectIdentifiers.data;
- static final DERObjectIdentifier signedData = PKCSObjectIdentifiers.signedData;
- static final DERObjectIdentifier envelopedData = PKCSObjectIdentifiers.envelopedData;
- static final DERObjectIdentifier signedAndEnvelopedData = PKCSObjectIdentifiers.signedAndEnvelopedData;
- static final DERObjectIdentifier digestedData = PKCSObjectIdentifiers.digestedData;
- static final DERObjectIdentifier encryptedData = PKCSObjectIdentifiers.encryptedData;
- static final DERObjectIdentifier authenticatedData = PKCSObjectIdentifiers.id_ct_authData;
- static final DERObjectIdentifier compressedData = PKCSObjectIdentifiers.id_ct_compressedData;
- static final DERObjectIdentifier authEnvelopedData = PKCSObjectIdentifiers.id_ct_authEnvelopedData;
-}
diff --git a/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
index 8ab346d..f222d9e 100644
--- a/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
@@ -1,22 +1,22 @@
package org.bouncycastle.asn1.cms;
-import java.util.Enumeration;
-
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERSequence;
import org.bouncycastle.asn1.BERTaggedObject;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
public class ContentInfo
extends ASN1Encodable
- implements CMSObjectIdentifiers
+ // BEGIN android-removed
+ // implements CMSObjectIdentifiers
+ // END android-removed
{
- private DERObjectIdentifier contentType;
+ private ASN1ObjectIdentifier contentType;
private DEREncodable content;
public static ContentInfo getInstance(
@@ -37,25 +37,34 @@
public ContentInfo(
ASN1Sequence seq)
{
- Enumeration e = seq.getObjects();
-
- contentType = (DERObjectIdentifier)e.nextElement();
-
- if (e.hasMoreElements())
+ if (seq.size() < 1 || seq.size() > 2)
{
- content = ((ASN1TaggedObject)e.nextElement()).getObject();
+ throw new IllegalArgumentException("Bad sequence size: " + seq.size());
+ }
+
+ contentType = (ASN1ObjectIdentifier)seq.getObjectAt(0);
+
+ if (seq.size() > 1)
+ {
+ ASN1TaggedObject tagged = (ASN1TaggedObject)seq.getObjectAt(1);
+ if (!tagged.isExplicit() || tagged.getTagNo() != 0)
+ {
+ throw new IllegalArgumentException("Bad tag for 'content'");
+ }
+
+ content = tagged.getObject();
}
}
public ContentInfo(
- DERObjectIdentifier contentType,
+ ASN1ObjectIdentifier contentType,
DEREncodable content)
{
this.contentType = contentType;
this.content = content;
}
- public DERObjectIdentifier getContentType()
+ public ASN1ObjectIdentifier getContentType()
{
return contentType;
}
diff --git a/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java
index 6faa597..e9ab8d6 100644
--- a/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java
@@ -1,6 +1,6 @@
package org.bouncycastle.asn1.iana;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface IANAObjectIdentifiers
{
@@ -8,13 +8,13 @@
// {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1)}
//
- static final DERObjectIdentifier isakmpOakley = new DERObjectIdentifier("1.3.6.1.5.5.8.1");
+ static final ASN1ObjectIdentifier isakmpOakley = new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1");
- static final DERObjectIdentifier hmacMD5 = new DERObjectIdentifier(isakmpOakley + ".1");
- static final DERObjectIdentifier hmacSHA1 = new DERObjectIdentifier(isakmpOakley + ".2");
+ static final ASN1ObjectIdentifier hmacMD5 = new ASN1ObjectIdentifier(isakmpOakley + ".1");
+ static final ASN1ObjectIdentifier hmacSHA1 = new ASN1ObjectIdentifier(isakmpOakley + ".2");
- static final DERObjectIdentifier hmacTIGER = new DERObjectIdentifier(isakmpOakley + ".3");
+ static final ASN1ObjectIdentifier hmacTIGER = new ASN1ObjectIdentifier(isakmpOakley + ".3");
- static final DERObjectIdentifier hmacRIPEMD160 = new DERObjectIdentifier(isakmpOakley + ".4");
+ static final ASN1ObjectIdentifier hmacRIPEMD160 = new ASN1ObjectIdentifier(isakmpOakley + ".4");
}
diff --git a/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java
index c1b2356..bc2ac8d 100644
--- a/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java
@@ -1,13 +1,13 @@
package org.bouncycastle.asn1.isismtt;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface ISISMTTObjectIdentifiers
{
- public static final DERObjectIdentifier id_isismtt = new DERObjectIdentifier("1.3.36.8");
+ static final ASN1ObjectIdentifier id_isismtt = new ASN1ObjectIdentifier("1.3.36.8");
- public static final DERObjectIdentifier id_isismtt_cp = new DERObjectIdentifier(id_isismtt + ".1");
+ static final ASN1ObjectIdentifier id_isismtt_cp = id_isismtt.branch("1");
/**
* The id-isismtt-cp-accredited OID indicates that the certificate is a
@@ -16,9 +16,9 @@
* Framework for Electronic Signatures, which additionally conforms the
* special requirements of the SigG and has been issued by an accredited CA.
*/
- public static final DERObjectIdentifier id_isismtt_cp_accredited = new DERObjectIdentifier(id_isismtt_cp + ".1");
+ static final ASN1ObjectIdentifier id_isismtt_cp_accredited = id_isismtt_cp.branch("1");
- public static final DERObjectIdentifier id_isismtt_at = new DERObjectIdentifier(id_isismtt + ".3");
+ static final ASN1ObjectIdentifier id_isismtt_at = id_isismtt.branch("3");
/**
* Certificate extensionDate of certificate generation
@@ -27,19 +27,19 @@
* DateOfCertGenSyntax ::= GeneralizedTime
* </pre>
*/
- public static final DERObjectIdentifier id_isismtt_at_dateOfCertGen = new DERObjectIdentifier(id_isismtt_at + ".1");
+ static final ASN1ObjectIdentifier id_isismtt_at_dateOfCertGen = id_isismtt_at.branch("1");
/**
* Attribute to indicate that the certificate holder may sign in the name of
* a third person. May also be used as extension in a certificate.
*/
- public static final DERObjectIdentifier id_isismtt_at_procuration = new DERObjectIdentifier(id_isismtt_at + ".2");
+ static final ASN1ObjectIdentifier id_isismtt_at_procuration = id_isismtt_at.branch("2");
/**
* Attribute to indicate admissions to certain professions. May be used as
* attribute in attribute certificate or as extension in a certificate
*/
- public static final DERObjectIdentifier id_isismtt_at_admission = new DERObjectIdentifier(id_isismtt_at + ".3");
+ static final ASN1ObjectIdentifier id_isismtt_at_admission = id_isismtt_at.branch("3");
/**
* Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST
@@ -48,13 +48,13 @@
* compatibility with certificates already in use, SigG conforming
* components MUST support MonetaryLimit (as well as QcEuLimitValue).
*/
- public static final DERObjectIdentifier id_isismtt_at_monetaryLimit = new DERObjectIdentifier(id_isismtt_at + ".4");
+ static final ASN1ObjectIdentifier id_isismtt_at_monetaryLimit = id_isismtt_at.branch("4");
/**
* A declaration of majority. May be used as attribute in attribute
* certificate or as extension in a certificate
*/
- public static final DERObjectIdentifier id_isismtt_at_declarationOfMajority = new DERObjectIdentifier(id_isismtt_at + ".5");
+ static final ASN1ObjectIdentifier id_isismtt_at_declarationOfMajority = id_isismtt_at.branch("5");
/**
*
@@ -64,7 +64,7 @@
* ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
* </pre>
*/
- public static final DERObjectIdentifier id_isismtt_at_iCCSN = new DERObjectIdentifier(id_isismtt_at + ".6");
+ static final ASN1ObjectIdentifier id_isismtt_at_iCCSN = id_isismtt_at.branch("6");
/**
*
@@ -75,7 +75,7 @@
* PKReferenceSyntax ::= OCTET STRING (SIZE(20))
* </pre>
*/
- public static final DERObjectIdentifier id_isismtt_at_PKReference = new DERObjectIdentifier(id_isismtt_at + ".7");
+ static final ASN1ObjectIdentifier id_isismtt_at_PKReference = id_isismtt_at.branch("7");
/**
* Some other restriction regarding the usage of this certificate. May be
@@ -88,7 +88,7 @@
*
* @see org.bouncycastle.asn1.isismtt.x509.Restriction
*/
- public static final DERObjectIdentifier id_isismtt_at_restriction = new DERObjectIdentifier(id_isismtt_at + ".8");
+ static final ASN1ObjectIdentifier id_isismtt_at_restriction = id_isismtt_at.branch("8");
/**
*
@@ -104,7 +104,7 @@
*
* </pre>
*/
- public static final DERObjectIdentifier id_isismtt_at_retrieveIfAllowed = new DERObjectIdentifier(id_isismtt_at + ".9");
+ static final ASN1ObjectIdentifier id_isismtt_at_retrieveIfAllowed = id_isismtt_at.branch("9");
/**
* SingleOCSPResponse extension: The certificate requested by the client by
@@ -113,12 +113,12 @@
*
* @see org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate
*/
- public static final DERObjectIdentifier id_isismtt_at_requestedCertificate = new DERObjectIdentifier(id_isismtt_at + ".10");
+ static final ASN1ObjectIdentifier id_isismtt_at_requestedCertificate = id_isismtt_at.branch("10");
/**
* Base ObjectIdentifier for naming authorities
*/
- public static final DERObjectIdentifier id_isismtt_at_namingAuthorities = new DERObjectIdentifier(id_isismtt_at + ".11");
+ static final ASN1ObjectIdentifier id_isismtt_at_namingAuthorities = id_isismtt_at.branch("11");
/**
* SingleOCSPResponse extension: Date, when certificate has been published
@@ -130,14 +130,14 @@
* CertInDirSince ::= GeneralizedTime
* </pre>
*/
- public static final DERObjectIdentifier id_isismtt_at_certInDirSince = new DERObjectIdentifier(id_isismtt_at + ".12");
+ static final ASN1ObjectIdentifier id_isismtt_at_certInDirSince = id_isismtt_at.branch("12");
/**
* Hash of a certificate in OCSP.
*
* @see org.bouncycastle.asn1.isismtt.ocsp.CertHash
*/
- public static final DERObjectIdentifier id_isismtt_at_certHash = new DERObjectIdentifier(id_isismtt_at + ".13");
+ static final ASN1ObjectIdentifier id_isismtt_at_certHash = id_isismtt_at.branch("13");
/**
* <pre>
@@ -147,7 +147,7 @@
* Used in
* {@link org.bouncycastle.asn1.x509.SubjectDirectoryAttributes SubjectDirectoryAttributes}
*/
- public static final DERObjectIdentifier id_isismtt_at_nameAtBirth = new DERObjectIdentifier(id_isismtt_at + ".14");
+ static final ASN1ObjectIdentifier id_isismtt_at_nameAtBirth = id_isismtt_at.branch("14");
/**
* Some other information of non-restrictive nature regarding the usage of
@@ -160,7 +160,7 @@
*
* @see org.bouncycastle.asn1.isismtt.x509.AdditionalInformationSyntax
*/
- public static final DERObjectIdentifier id_isismtt_at_additionalInformation = new DERObjectIdentifier(id_isismtt_at + ".15");
+ static final ASN1ObjectIdentifier id_isismtt_at_additionalInformation = id_isismtt_at.branch("15");
/**
* Indicates that an attribute certificate exists, which limits the
@@ -176,5 +176,5 @@
* LiabilityLimitationFlagSyntax ::= BOOLEAN
* </pre>
*/
- public static final DERObjectIdentifier id_isismtt_at_liabilityLimitationFlag = new DERObjectIdentifier("0.2.262.1.10.12.0");
+ static final ASN1ObjectIdentifier id_isismtt_at_liabilityLimitationFlag = new ASN1ObjectIdentifier("0.2.262.1.10.12.0");
}
diff --git a/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
index 11a03d5..debf268 100644
--- a/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
@@ -1,6 +1,6 @@
package org.bouncycastle.asn1.misc;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface MiscObjectIdentifiers
{
@@ -8,39 +8,40 @@
// Netscape
// iso/itu(2) joint-assign(16) us(840) uscompany(1) netscape(113730) cert-extensions(1) }
//
- static final String netscape = "2.16.840.1.113730.1";
- static final DERObjectIdentifier netscapeCertType = new DERObjectIdentifier(netscape + ".1");
- static final DERObjectIdentifier netscapeBaseURL = new DERObjectIdentifier(netscape + ".2");
- static final DERObjectIdentifier netscapeRevocationURL = new DERObjectIdentifier(netscape + ".3");
- static final DERObjectIdentifier netscapeCARevocationURL = new DERObjectIdentifier(netscape + ".4");
- static final DERObjectIdentifier netscapeRenewalURL = new DERObjectIdentifier(netscape + ".7");
- static final DERObjectIdentifier netscapeCApolicyURL = new DERObjectIdentifier(netscape + ".8");
- static final DERObjectIdentifier netscapeSSLServerName = new DERObjectIdentifier(netscape + ".12");
- static final DERObjectIdentifier netscapeCertComment = new DERObjectIdentifier(netscape + ".13");
+ static final ASN1ObjectIdentifier netscape = new ASN1ObjectIdentifier("2.16.840.1.113730.1");
+ static final ASN1ObjectIdentifier netscapeCertType = netscape.branch("1");
+ static final ASN1ObjectIdentifier netscapeBaseURL = netscape.branch("2");
+ static final ASN1ObjectIdentifier netscapeRevocationURL = netscape.branch("3");
+ static final ASN1ObjectIdentifier netscapeCARevocationURL = netscape.branch("4");
+ static final ASN1ObjectIdentifier netscapeRenewalURL = netscape.branch("7");
+ static final ASN1ObjectIdentifier netscapeCApolicyURL = netscape.branch("8");
+ static final ASN1ObjectIdentifier netscapeSSLServerName = netscape.branch("12");
+ static final ASN1ObjectIdentifier netscapeCertComment = netscape.branch("13");
+
//
// Verisign
// iso/itu(2) joint-assign(16) us(840) uscompany(1) verisign(113733) cert-extensions(1) }
//
- static final String verisign = "2.16.840.1.113733.1";
+ static final ASN1ObjectIdentifier verisign = new ASN1ObjectIdentifier("2.16.840.1.113733.1");
//
// CZAG - country, zip, age, and gender
//
- static final DERObjectIdentifier verisignCzagExtension = new DERObjectIdentifier(verisign + ".6.3");
+ static final ASN1ObjectIdentifier verisignCzagExtension = verisign.branch("6.3");
// D&B D-U-N-S number
- static final DERObjectIdentifier verisignDnbDunsNumber = new DERObjectIdentifier(verisign + ".6.15");
+ static final ASN1ObjectIdentifier verisignDnbDunsNumber = verisign.branch("6.15");
//
// Novell
// iso/itu(2) country(16) us(840) organization(1) novell(113719)
//
- static final String novell = "2.16.840.1.113719";
- static final DERObjectIdentifier novellSecurityAttribs = new DERObjectIdentifier(novell + ".1.9.4.1");
+ static final ASN1ObjectIdentifier novell = new ASN1ObjectIdentifier("2.16.840.1.113719");
+ static final ASN1ObjectIdentifier novellSecurityAttribs = novell.branch("1.9.4.1");
//
// Entrust
// iso(1) member-body(16) us(840) nortelnetworks(113533) entrust(7)
//
- static final String entrust = "1.2.840.113533.7";
- static final DERObjectIdentifier entrustVersionExtension = new DERObjectIdentifier(entrust + ".65.0");
+ static final ASN1ObjectIdentifier entrust = new ASN1ObjectIdentifier("1.2.840.113533.7");
+ static final ASN1ObjectIdentifier entrustVersionExtension = entrust.branch("65.0");
}
diff --git a/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java
new file mode 100644
index 0000000..821e0d1
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java
@@ -0,0 +1,96 @@
+package org.bouncycastle.asn1.nist;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.util.Strings;
+
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2
+ */
+public class NISTNamedCurves
+{
+ static final Hashtable objIds = new Hashtable();
+ static final Hashtable names = new Hashtable();
+
+ static void defineCurve(String name, DERObjectIdentifier oid)
+ {
+ objIds.put(name, oid);
+ names.put(oid, name);
+ }
+
+ static
+ {
+ // TODO Missing the "K-" curves
+
+ defineCurve("B-571", SECObjectIdentifiers.sect571r1);
+ defineCurve("B-409", SECObjectIdentifiers.sect409r1);
+ defineCurve("B-283", SECObjectIdentifiers.sect283r1);
+ defineCurve("B-233", SECObjectIdentifiers.sect233r1);
+ defineCurve("B-163", SECObjectIdentifiers.sect163r2);
+ defineCurve("P-521", SECObjectIdentifiers.secp521r1);
+ defineCurve("P-384", SECObjectIdentifiers.secp384r1);
+ defineCurve("P-256", SECObjectIdentifiers.secp256r1);
+ defineCurve("P-224", SECObjectIdentifiers.secp224r1);
+ defineCurve("P-192", SECObjectIdentifiers.secp192r1);
+ }
+
+ public static X9ECParameters getByName(
+ String name)
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name));
+
+ if (oid != null)
+ {
+ return getByOID(oid);
+ }
+
+ return null;
+ }
+
+ /**
+ * return the X9ECParameters object for the named curve represented by
+ * the passed in object identifier. Null if the curve isn't present.
+ *
+ * @param oid an object identifier representing a named curve, if present.
+ */
+ public static X9ECParameters getByOID(
+ DERObjectIdentifier oid)
+ {
+ return SECNamedCurves.getByOID(oid);
+ }
+
+ /**
+ * return the object identifier signified by the passed in name. Null
+ * if there is no object identifier associated with name.
+ *
+ * @return the object identifier associated with name, if present.
+ */
+ public static DERObjectIdentifier getOID(
+ String name)
+ {
+ return (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name));
+ }
+
+ /**
+ * return the named curve name represented by the given object identifier.
+ */
+ public static String getName(
+ DERObjectIdentifier oid)
+ {
+ return (String)names.get(oid);
+ }
+
+ /**
+ * returns an enumeration containing the name strings for curves
+ * contained in this structure.
+ */
+ public static Enumeration getNames()
+ {
+ return objIds.keys();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
index a89d96d..258f269 100644
--- a/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
@@ -1,6 +1,6 @@
package org.bouncycastle.asn1.nist;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface NISTObjectIdentifiers
{
@@ -11,46 +11,46 @@
//
// nistalgorithms(4)
//
- static final String nistAlgorithm = "2.16.840.1.101.3.4";
+ static final ASN1ObjectIdentifier nistAlgorithm = new ASN1ObjectIdentifier("2.16.840.1.101.3.4");
- static final DERObjectIdentifier id_sha256 = new DERObjectIdentifier(nistAlgorithm + ".2.1");
- static final DERObjectIdentifier id_sha384 = new DERObjectIdentifier(nistAlgorithm + ".2.2");
- static final DERObjectIdentifier id_sha512 = new DERObjectIdentifier(nistAlgorithm + ".2.3");
- static final DERObjectIdentifier id_sha224 = new DERObjectIdentifier(nistAlgorithm + ".2.4");
+ static final ASN1ObjectIdentifier id_sha256 = nistAlgorithm.branch("2.1");
+ static final ASN1ObjectIdentifier id_sha384 = nistAlgorithm.branch("2.2");
+ static final ASN1ObjectIdentifier id_sha512 = nistAlgorithm.branch("2.3");
+ static final ASN1ObjectIdentifier id_sha224 = nistAlgorithm.branch("2.4");
- static final String aes = nistAlgorithm + ".1";
+ static final ASN1ObjectIdentifier aes = nistAlgorithm.branch("1");
- static final DERObjectIdentifier id_aes128_ECB = new DERObjectIdentifier(aes + ".1");
- static final DERObjectIdentifier id_aes128_CBC = new DERObjectIdentifier(aes + ".2");
- static final DERObjectIdentifier id_aes128_OFB = new DERObjectIdentifier(aes + ".3");
- static final DERObjectIdentifier id_aes128_CFB = new DERObjectIdentifier(aes + ".4");
- static final DERObjectIdentifier id_aes128_wrap = new DERObjectIdentifier(aes + ".5");
- static final DERObjectIdentifier id_aes128_GCM = new DERObjectIdentifier(aes + ".6");
- static final DERObjectIdentifier id_aes128_CCM = new DERObjectIdentifier(aes + ".7");
+ static final ASN1ObjectIdentifier id_aes128_ECB = aes.branch("1");
+ static final ASN1ObjectIdentifier id_aes128_CBC = aes.branch("2");
+ static final ASN1ObjectIdentifier id_aes128_OFB = aes.branch("3");
+ static final ASN1ObjectIdentifier id_aes128_CFB = aes.branch("4");
+ static final ASN1ObjectIdentifier id_aes128_wrap = aes.branch("5");
+ static final ASN1ObjectIdentifier id_aes128_GCM = aes.branch("6");
+ static final ASN1ObjectIdentifier id_aes128_CCM = aes.branch("7");
- static final DERObjectIdentifier id_aes192_ECB = new DERObjectIdentifier(aes + ".21");
- static final DERObjectIdentifier id_aes192_CBC = new DERObjectIdentifier(aes + ".22");
- static final DERObjectIdentifier id_aes192_OFB = new DERObjectIdentifier(aes + ".23");
- static final DERObjectIdentifier id_aes192_CFB = new DERObjectIdentifier(aes + ".24");
- static final DERObjectIdentifier id_aes192_wrap = new DERObjectIdentifier(aes + ".25");
- static final DERObjectIdentifier id_aes192_GCM = new DERObjectIdentifier(aes + ".26");
- static final DERObjectIdentifier id_aes192_CCM = new DERObjectIdentifier(aes + ".27");
+ static final ASN1ObjectIdentifier id_aes192_ECB = aes.branch("21");
+ static final ASN1ObjectIdentifier id_aes192_CBC = aes.branch("22");
+ static final ASN1ObjectIdentifier id_aes192_OFB = aes.branch("23");
+ static final ASN1ObjectIdentifier id_aes192_CFB = aes.branch("24");
+ static final ASN1ObjectIdentifier id_aes192_wrap = aes.branch("25");
+ static final ASN1ObjectIdentifier id_aes192_GCM = aes.branch("26");
+ static final ASN1ObjectIdentifier id_aes192_CCM = aes.branch("27");
- static final DERObjectIdentifier id_aes256_ECB = new DERObjectIdentifier(aes + ".41");
- static final DERObjectIdentifier id_aes256_CBC = new DERObjectIdentifier(aes + ".42");
- static final DERObjectIdentifier id_aes256_OFB = new DERObjectIdentifier(aes + ".43");
- static final DERObjectIdentifier id_aes256_CFB = new DERObjectIdentifier(aes + ".44");
- static final DERObjectIdentifier id_aes256_wrap = new DERObjectIdentifier(aes + ".45");
- static final DERObjectIdentifier id_aes256_GCM = new DERObjectIdentifier(aes + ".46");
- static final DERObjectIdentifier id_aes256_CCM = new DERObjectIdentifier(aes + ".47");
+ static final ASN1ObjectIdentifier id_aes256_ECB = aes.branch("41");
+ static final ASN1ObjectIdentifier id_aes256_CBC = aes.branch("42");
+ static final ASN1ObjectIdentifier id_aes256_OFB = aes.branch("43");
+ static final ASN1ObjectIdentifier id_aes256_CFB = aes.branch("44");
+ static final ASN1ObjectIdentifier id_aes256_wrap = aes.branch("45");
+ static final ASN1ObjectIdentifier id_aes256_GCM = aes.branch("46");
+ static final ASN1ObjectIdentifier id_aes256_CCM = aes.branch("47");
//
// signatures
//
- static final DERObjectIdentifier id_dsa_with_sha2 = new DERObjectIdentifier(nistAlgorithm + ".3");
+ static final ASN1ObjectIdentifier id_dsa_with_sha2 = nistAlgorithm.branch("3");
- static final DERObjectIdentifier dsa_with_sha224 = new DERObjectIdentifier(id_dsa_with_sha2 + ".1");
- static final DERObjectIdentifier dsa_with_sha256 = new DERObjectIdentifier(id_dsa_with_sha2 + ".2");
- static final DERObjectIdentifier dsa_with_sha384 = new DERObjectIdentifier(id_dsa_with_sha2 + ".3");
- static final DERObjectIdentifier dsa_with_sha512 = new DERObjectIdentifier(id_dsa_with_sha2 + ".4");
+ static final ASN1ObjectIdentifier dsa_with_sha224 = id_dsa_with_sha2.branch("1");
+ static final ASN1ObjectIdentifier dsa_with_sha256 = id_dsa_with_sha2.branch("2");
+ static final ASN1ObjectIdentifier dsa_with_sha384 = id_dsa_with_sha2.branch("3");
+ static final ASN1ObjectIdentifier dsa_with_sha512 = id_dsa_with_sha2.branch("4");
}
diff --git a/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java
index d9690ec..c8ce26b 100644
--- a/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java
@@ -1,31 +1,31 @@
package org.bouncycastle.asn1.oiw;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface OIWObjectIdentifiers
{
// id-SHA1 OBJECT IDENTIFIER ::=
// {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } //
- static final DERObjectIdentifier md4WithRSA = new DERObjectIdentifier("1.3.14.3.2.2");
- static final DERObjectIdentifier md5WithRSA = new DERObjectIdentifier("1.3.14.3.2.3");
- static final DERObjectIdentifier md4WithRSAEncryption = new DERObjectIdentifier("1.3.14.3.2.4");
+ static final ASN1ObjectIdentifier md4WithRSA = new ASN1ObjectIdentifier("1.3.14.3.2.2");
+ static final ASN1ObjectIdentifier md5WithRSA = new ASN1ObjectIdentifier("1.3.14.3.2.3");
+ static final ASN1ObjectIdentifier md4WithRSAEncryption = new ASN1ObjectIdentifier("1.3.14.3.2.4");
- static final DERObjectIdentifier desECB = new DERObjectIdentifier("1.3.14.3.2.6");
- static final DERObjectIdentifier desCBC = new DERObjectIdentifier("1.3.14.3.2.7");
- static final DERObjectIdentifier desOFB = new DERObjectIdentifier("1.3.14.3.2.8");
- static final DERObjectIdentifier desCFB = new DERObjectIdentifier("1.3.14.3.2.9");
+ static final ASN1ObjectIdentifier desECB = new ASN1ObjectIdentifier("1.3.14.3.2.6");
+ static final ASN1ObjectIdentifier desCBC = new ASN1ObjectIdentifier("1.3.14.3.2.7");
+ static final ASN1ObjectIdentifier desOFB = new ASN1ObjectIdentifier("1.3.14.3.2.8");
+ static final ASN1ObjectIdentifier desCFB = new ASN1ObjectIdentifier("1.3.14.3.2.9");
- static final DERObjectIdentifier desEDE = new DERObjectIdentifier("1.3.14.3.2.17");
+ static final ASN1ObjectIdentifier desEDE = new ASN1ObjectIdentifier("1.3.14.3.2.17");
- static final DERObjectIdentifier idSHA1 = new DERObjectIdentifier("1.3.14.3.2.26");
+ static final ASN1ObjectIdentifier idSHA1 = new ASN1ObjectIdentifier("1.3.14.3.2.26");
- static final DERObjectIdentifier dsaWithSHA1 = new DERObjectIdentifier("1.3.14.3.2.27");
+ static final ASN1ObjectIdentifier dsaWithSHA1 = new ASN1ObjectIdentifier("1.3.14.3.2.27");
- static final DERObjectIdentifier sha1WithRSA = new DERObjectIdentifier("1.3.14.3.2.29");
+ static final ASN1ObjectIdentifier sha1WithRSA = new ASN1ObjectIdentifier("1.3.14.3.2.29");
// ElGamal Algorithm OBJECT IDENTIFIER ::=
// {iso(1) identified-organization(3) oiw(14) dirservsig(7) algorithm(2) encryption(1) 1 }
//
- static final DERObjectIdentifier elGamalAlgorithm = new DERObjectIdentifier("1.3.14.7.2.1.1");
+ static final ASN1ObjectIdentifier elGamalAlgorithm = new ASN1ObjectIdentifier("1.3.14.7.2.1.1");
}
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java
index 23772ce..73c2e94 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java
@@ -32,12 +32,12 @@
return (CertificationRequest)o;
}
- if (o instanceof ASN1Sequence)
+ if (o != null)
{
- return new CertificationRequest((ASN1Sequence)o);
+ return new CertificationRequest(ASN1Sequence.getInstance(o));
}
- throw new IllegalArgumentException("Invalid object: " + o.getClass().getName());
+ return null;
}
protected CertificationRequest()
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
index 4b737ea..bf3b0a8 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
@@ -8,6 +8,7 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Name;
@@ -53,6 +54,21 @@
}
public CertificationRequestInfo(
+ X500Name subject,
+ SubjectPublicKeyInfo pkInfo,
+ ASN1Set attributes)
+ {
+ this.subject = X509Name.getInstance(subject.getDERObject());
+ this.subjectPKInfo = pkInfo;
+ this.attributes = attributes;
+
+ if ((subject == null) || (version == null) || (subjectPKInfo == null))
+ {
+ throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator.");
+ }
+ }
+
+ public CertificationRequestInfo(
X509Name subject,
SubjectPublicKeyInfo pkInfo,
ASN1Set attributes)
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java
index 75b81b4..7fa8e08 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java
@@ -1,6 +1,16 @@
package org.bouncycastle.asn1.pkcs;
-import org.bouncycastle.asn1.*;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.BERSequence;
+import org.bouncycastle.asn1.BERTaggedObject;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
/**
@@ -86,7 +96,7 @@
{
DERTaggedObject o = (DERTaggedObject)data.getObjectAt(2);
- return ASN1OctetString.getInstance(o.getObject());
+ return ASN1OctetString.getInstance(o, false);
}
return null;
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
index 77c4b04..0ca629a 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
@@ -37,10 +37,13 @@
public static EncryptedPrivateKeyInfo getInstance(
Object obj)
{
- if (obj instanceof EncryptedData)
+ // BEGIN android-changed
+ // fix copy and paste error in instanceof call
+ if (obj instanceof EncryptedPrivateKeyInfo)
{
return (EncryptedPrivateKeyInfo)obj;
}
+ // END android-changed
else if (obj instanceof ASN1Sequence)
{
return new EncryptedPrivateKeyInfo((ASN1Sequence)obj);
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
index eb9b326..8f06c23 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
@@ -2,36 +2,53 @@
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
public class EncryptionScheme
extends AlgorithmIdentifier
-{
- DERObject objectId;
- DERObject obj;
+{
+ public EncryptionScheme(
+ DERObjectIdentifier objectId,
+ DEREncodable parameters)
+ {
+ super(objectId, parameters);
+ }
EncryptionScheme(
ASN1Sequence seq)
{
- super(seq);
-
- objectId = (DERObject)seq.getObjectAt(0);
- obj = (DERObject)seq.getObjectAt(1);
+ this((DERObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1));
+ }
+
+ public static final AlgorithmIdentifier getInstance(Object obj)
+ {
+ if (obj instanceof EncryptionScheme)
+ {
+ return (EncryptionScheme)obj;
+ }
+ else if (obj instanceof ASN1Sequence)
+ {
+ return new EncryptionScheme((ASN1Sequence)obj);
+ }
+
+ throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
}
public DERObject getObject()
{
- return obj;
+ return (DERObject)getParameters();
}
public DERObject getDERObject()
{
ASN1EncodableVector v = new ASN1EncodableVector();
- v.add(objectId);
- v.add(obj);
+ v.add(getObjectId());
+ v.add(getParameters());
return new DERSequence(v);
}
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
index 50c9ef2..08dd94f 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
@@ -14,7 +14,7 @@
super(seq);
}
- KeyDerivationFunc(
+ public KeyDerivationFunc(
DERObjectIdentifier id,
ASN1Encodable params)
{
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java
new file mode 100644
index 0000000..f24cd9a
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java
@@ -0,0 +1,73 @@
+package org.bouncycastle.asn1.pkcs;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+
+public class PBEParameter
+ extends ASN1Encodable
+{
+ DERInteger iterations;
+ ASN1OctetString salt;
+
+ public PBEParameter(
+ byte[] salt,
+ int iterations)
+ {
+ if (salt.length != 8)
+ {
+ throw new IllegalArgumentException("salt length must be 8");
+ }
+ this.salt = new DEROctetString(salt);
+ this.iterations = new DERInteger(iterations);
+ }
+
+ public PBEParameter(
+ ASN1Sequence seq)
+ {
+ salt = (ASN1OctetString)seq.getObjectAt(0);
+ iterations = (DERInteger)seq.getObjectAt(1);
+ }
+
+ public static PBEParameter getInstance(
+ Object obj)
+ {
+ if (obj instanceof PBEParameter)
+ {
+ return (PBEParameter)obj;
+ }
+ else if (obj instanceof ASN1Sequence)
+ {
+ return new PBEParameter((ASN1Sequence)obj);
+ }
+
+ throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ }
+
+ public BigInteger getIterationCount()
+ {
+ return iterations.getValue();
+ }
+
+ public byte[] getSalt()
+ {
+ return salt.getOctets();
+ }
+
+ public DERObject toASN1Object()
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(salt);
+ v.add(iterations);
+
+ return new DERSequence(v);
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
index 57c773c..c96d169 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
@@ -5,6 +5,7 @@
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERSequence;
@@ -15,11 +16,27 @@
private KeyDerivationFunc func;
private EncryptionScheme scheme;
+ public static PBES2Parameters getInstance(
+ Object obj)
+ {
+ if (obj== null || obj instanceof PBES2Parameters)
+ {
+ return (PBES2Parameters)obj;
+ }
+
+ if (obj instanceof ASN1Sequence)
+ {
+ return new PBES2Parameters((ASN1Sequence)obj);
+ }
+
+ throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ }
+
public PBES2Parameters(
ASN1Sequence obj)
{
Enumeration e = obj.getObjects();
- ASN1Sequence funcSeq = (ASN1Sequence)e.nextElement();
+ ASN1Sequence funcSeq = ASN1Sequence.getInstance(((DEREncodable)e.nextElement()).getDERObject());
if (funcSeq.getObjectAt(0).equals(id_PBKDF2))
{
@@ -30,7 +47,7 @@
func = new KeyDerivationFunc(funcSeq);
}
- scheme = new EncryptionScheme((ASN1Sequence)e.nextElement());
+ scheme = (EncryptionScheme)EncryptionScheme.getInstance(e.nextElement());
}
public KeyDerivationFunc getKeyDerivationFunc()
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
index a49b0b3..7bec34b 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
@@ -1,6 +1,6 @@
package org.bouncycastle.asn1.pkcs;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface PKCSObjectIdentifiers
{
@@ -8,213 +8,221 @@
// pkcs-1 OBJECT IDENTIFIER ::= {
// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
//
- static final String pkcs_1 = "1.2.840.113549.1.1";
- static final DERObjectIdentifier rsaEncryption = new DERObjectIdentifier(pkcs_1 + ".1");
+ static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
+ static final ASN1ObjectIdentifier rsaEncryption = pkcs_1.branch("1");
// BEGIN android-removed
- // Dropping MD2
- // static final DERObjectIdentifier md2WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".2");
+ // static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2");
+ // static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3");
// END android-removed
- static final DERObjectIdentifier md4WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".3");
- static final DERObjectIdentifier md5WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".4");
- static final DERObjectIdentifier sha1WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".5");
- static final DERObjectIdentifier srsaOAEPEncryptionSET = new DERObjectIdentifier(pkcs_1 + ".6");
- static final DERObjectIdentifier id_RSAES_OAEP = new DERObjectIdentifier(pkcs_1 + ".7");
- static final DERObjectIdentifier id_mgf1 = new DERObjectIdentifier(pkcs_1 + ".8");
- static final DERObjectIdentifier id_pSpecified = new DERObjectIdentifier(pkcs_1 + ".9");
- static final DERObjectIdentifier id_RSASSA_PSS = new DERObjectIdentifier(pkcs_1 + ".10");
- static final DERObjectIdentifier sha256WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".11");
- static final DERObjectIdentifier sha384WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".12");
- static final DERObjectIdentifier sha512WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".13");
- static final DERObjectIdentifier sha224WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".14");
+ static final ASN1ObjectIdentifier md5WithRSAEncryption = pkcs_1.branch("4");
+ static final ASN1ObjectIdentifier sha1WithRSAEncryption = pkcs_1.branch("5");
+ static final ASN1ObjectIdentifier srsaOAEPEncryptionSET = pkcs_1.branch("6");
+ static final ASN1ObjectIdentifier id_RSAES_OAEP = pkcs_1.branch("7");
+ static final ASN1ObjectIdentifier id_mgf1 = pkcs_1.branch("8");
+ static final ASN1ObjectIdentifier id_pSpecified = pkcs_1.branch("9");
+ static final ASN1ObjectIdentifier id_RSASSA_PSS = pkcs_1.branch("10");
+ static final ASN1ObjectIdentifier sha256WithRSAEncryption = pkcs_1.branch("11");
+ static final ASN1ObjectIdentifier sha384WithRSAEncryption = pkcs_1.branch("12");
+ static final ASN1ObjectIdentifier sha512WithRSAEncryption = pkcs_1.branch("13");
+ // BEGIN android-removed
+ // static final ASN1ObjectIdentifier sha224WithRSAEncryption = pkcs_1.branch("14");
+ // END android-removed
//
// pkcs-3 OBJECT IDENTIFIER ::= {
// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 3 }
//
- static final String pkcs_3 = "1.2.840.113549.1.3";
- static final DERObjectIdentifier dhKeyAgreement = new DERObjectIdentifier(pkcs_3 + ".1");
+ static final ASN1ObjectIdentifier pkcs_3 = new ASN1ObjectIdentifier("1.2.840.113549.1.3");
+ static final ASN1ObjectIdentifier dhKeyAgreement = pkcs_3.branch("1");
//
// pkcs-5 OBJECT IDENTIFIER ::= {
// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 }
//
- static final String pkcs_5 = "1.2.840.113549.1.5";
+ static final ASN1ObjectIdentifier pkcs_5 = new ASN1ObjectIdentifier("1.2.840.113549.1.5");
- static final DERObjectIdentifier pbeWithMD2AndDES_CBC = new DERObjectIdentifier(pkcs_5 + ".1");
- static final DERObjectIdentifier pbeWithMD2AndRC2_CBC = new DERObjectIdentifier(pkcs_5 + ".4");
- static final DERObjectIdentifier pbeWithMD5AndDES_CBC = new DERObjectIdentifier(pkcs_5 + ".3");
- static final DERObjectIdentifier pbeWithMD5AndRC2_CBC = new DERObjectIdentifier(pkcs_5 + ".6");
- static final DERObjectIdentifier pbeWithSHA1AndDES_CBC = new DERObjectIdentifier(pkcs_5 + ".10");
- static final DERObjectIdentifier pbeWithSHA1AndRC2_CBC = new DERObjectIdentifier(pkcs_5 + ".11");
+ static final ASN1ObjectIdentifier pbeWithMD2AndDES_CBC = pkcs_5.branch("1");
+ static final ASN1ObjectIdentifier pbeWithMD2AndRC2_CBC = pkcs_5.branch("4");
+ static final ASN1ObjectIdentifier pbeWithMD5AndDES_CBC = pkcs_5.branch("3");
+ static final ASN1ObjectIdentifier pbeWithMD5AndRC2_CBC = pkcs_5.branch("6");
+ static final ASN1ObjectIdentifier pbeWithSHA1AndDES_CBC = pkcs_5.branch("10");
+ static final ASN1ObjectIdentifier pbeWithSHA1AndRC2_CBC = pkcs_5.branch("11");
- static final DERObjectIdentifier id_PBES2 = new DERObjectIdentifier(pkcs_5 + ".13");
+ static final ASN1ObjectIdentifier id_PBES2 = pkcs_5.branch("13");
- static final DERObjectIdentifier id_PBKDF2 = new DERObjectIdentifier(pkcs_5 + ".12");
+ static final ASN1ObjectIdentifier id_PBKDF2 = pkcs_5.branch("12");
//
// encryptionAlgorithm OBJECT IDENTIFIER ::= {
// iso(1) member-body(2) us(840) rsadsi(113549) 3 }
//
- static final String encryptionAlgorithm = "1.2.840.113549.3";
+ static final ASN1ObjectIdentifier encryptionAlgorithm = new ASN1ObjectIdentifier("1.2.840.113549.3");
- static final DERObjectIdentifier des_EDE3_CBC = new DERObjectIdentifier(encryptionAlgorithm + ".7");
- static final DERObjectIdentifier RC2_CBC = new DERObjectIdentifier(encryptionAlgorithm + ".2");
+ static final ASN1ObjectIdentifier des_EDE3_CBC = encryptionAlgorithm.branch("7");
+ static final ASN1ObjectIdentifier RC2_CBC = encryptionAlgorithm.branch("2");
//
// object identifiers for digests
//
- static final String digestAlgorithm = "1.2.840.113549.2";
+ static final ASN1ObjectIdentifier digestAlgorithm = new ASN1ObjectIdentifier("1.2.840.113549.2");
//
// md2 OBJECT IDENTIFIER ::=
// {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}
//
// BEGIN android-removed
- // Dropping MD2
- // static final DERObjectIdentifier md2 = new DERObjectIdentifier(digestAlgorithm + ".2");
+ // static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2");
// END android-removed
//
// md4 OBJECT IDENTIFIER ::=
// {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}
//
- static final DERObjectIdentifier md4 = new DERObjectIdentifier(digestAlgorithm + ".4");
+ // BEGIN android-removed
+ // static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4");
+ // END android-removed
//
// md5 OBJECT IDENTIFIER ::=
// {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 5}
//
- static final DERObjectIdentifier md5 = new DERObjectIdentifier(digestAlgorithm + ".5");
+ static final ASN1ObjectIdentifier md5 = digestAlgorithm.branch("5");
- static final DERObjectIdentifier id_hmacWithSHA1 = new DERObjectIdentifier(digestAlgorithm + ".7");
- static final DERObjectIdentifier id_hmacWithSHA224 = new DERObjectIdentifier(digestAlgorithm + ".8");
- static final DERObjectIdentifier id_hmacWithSHA256 = new DERObjectIdentifier(digestAlgorithm + ".9");
- static final DERObjectIdentifier id_hmacWithSHA384 = new DERObjectIdentifier(digestAlgorithm + ".10");
- static final DERObjectIdentifier id_hmacWithSHA512 = new DERObjectIdentifier(digestAlgorithm + ".11");
+ static final ASN1ObjectIdentifier id_hmacWithSHA1 = digestAlgorithm.branch("7");
+ // BEGIN android-removed
+ // static final ASN1ObjectIdentifier id_hmacWithSHA224 = digestAlgorithm.branch("8");
+ // END android-removed
+ static final ASN1ObjectIdentifier id_hmacWithSHA256 = digestAlgorithm.branch("9");
+ static final ASN1ObjectIdentifier id_hmacWithSHA384 = digestAlgorithm.branch("10");
+ static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11");
//
// pkcs-7 OBJECT IDENTIFIER ::= {
// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 }
//
static final String pkcs_7 = "1.2.840.113549.1.7";
- static final DERObjectIdentifier data = new DERObjectIdentifier(pkcs_7 + ".1");
- static final DERObjectIdentifier signedData = new DERObjectIdentifier(pkcs_7 + ".2");
- static final DERObjectIdentifier envelopedData = new DERObjectIdentifier(pkcs_7 + ".3");
- static final DERObjectIdentifier signedAndEnvelopedData = new DERObjectIdentifier(pkcs_7 + ".4");
- static final DERObjectIdentifier digestedData = new DERObjectIdentifier(pkcs_7 + ".5");
- static final DERObjectIdentifier encryptedData = new DERObjectIdentifier(pkcs_7 + ".6");
+ static final ASN1ObjectIdentifier data = new ASN1ObjectIdentifier(pkcs_7 + ".1");
+ static final ASN1ObjectIdentifier signedData = new ASN1ObjectIdentifier(pkcs_7 + ".2");
+ static final ASN1ObjectIdentifier envelopedData = new ASN1ObjectIdentifier(pkcs_7 + ".3");
+ static final ASN1ObjectIdentifier signedAndEnvelopedData = new ASN1ObjectIdentifier(pkcs_7 + ".4");
+ static final ASN1ObjectIdentifier digestedData = new ASN1ObjectIdentifier(pkcs_7 + ".5");
+ static final ASN1ObjectIdentifier encryptedData = new ASN1ObjectIdentifier(pkcs_7 + ".6");
//
// pkcs-9 OBJECT IDENTIFIER ::= {
// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
//
- static final String pkcs_9 = "1.2.840.113549.1.9";
+ static final ASN1ObjectIdentifier pkcs_9 = new ASN1ObjectIdentifier("1.2.840.113549.1.9");
- static final DERObjectIdentifier pkcs_9_at_emailAddress = new DERObjectIdentifier(pkcs_9 + ".1");
- static final DERObjectIdentifier pkcs_9_at_unstructuredName = new DERObjectIdentifier(pkcs_9 + ".2");
- static final DERObjectIdentifier pkcs_9_at_contentType = new DERObjectIdentifier(pkcs_9 + ".3");
- static final DERObjectIdentifier pkcs_9_at_messageDigest = new DERObjectIdentifier(pkcs_9 + ".4");
- static final DERObjectIdentifier pkcs_9_at_signingTime = new DERObjectIdentifier(pkcs_9 + ".5");
- static final DERObjectIdentifier pkcs_9_at_counterSignature = new DERObjectIdentifier(pkcs_9 + ".6");
- static final DERObjectIdentifier pkcs_9_at_challengePassword = new DERObjectIdentifier(pkcs_9 + ".7");
- static final DERObjectIdentifier pkcs_9_at_unstructuredAddress = new DERObjectIdentifier(pkcs_9 + ".8");
- static final DERObjectIdentifier pkcs_9_at_extendedCertificateAttributes = new DERObjectIdentifier(pkcs_9 + ".9");
+ static final ASN1ObjectIdentifier pkcs_9_at_emailAddress = pkcs_9.branch("1");
+ static final ASN1ObjectIdentifier pkcs_9_at_unstructuredName = pkcs_9.branch("2");
+ static final ASN1ObjectIdentifier pkcs_9_at_contentType = pkcs_9.branch("3");
+ static final ASN1ObjectIdentifier pkcs_9_at_messageDigest = pkcs_9.branch("4");
+ static final ASN1ObjectIdentifier pkcs_9_at_signingTime = pkcs_9.branch("5");
+ static final ASN1ObjectIdentifier pkcs_9_at_counterSignature = pkcs_9.branch("6");
+ static final ASN1ObjectIdentifier pkcs_9_at_challengePassword = pkcs_9.branch("7");
+ static final ASN1ObjectIdentifier pkcs_9_at_unstructuredAddress = pkcs_9.branch("8");
+ static final ASN1ObjectIdentifier pkcs_9_at_extendedCertificateAttributes = pkcs_9.branch("9");
- static final DERObjectIdentifier pkcs_9_at_signingDescription = new DERObjectIdentifier(pkcs_9 + ".13");
- static final DERObjectIdentifier pkcs_9_at_extensionRequest = new DERObjectIdentifier(pkcs_9 + ".14");
- static final DERObjectIdentifier pkcs_9_at_smimeCapabilities = new DERObjectIdentifier(pkcs_9 + ".15");
+ static final ASN1ObjectIdentifier pkcs_9_at_signingDescription = pkcs_9.branch("13");
+ static final ASN1ObjectIdentifier pkcs_9_at_extensionRequest = pkcs_9.branch("14");
+ static final ASN1ObjectIdentifier pkcs_9_at_smimeCapabilities = pkcs_9.branch("15");
- static final DERObjectIdentifier pkcs_9_at_friendlyName = new DERObjectIdentifier(pkcs_9 + ".20");
- static final DERObjectIdentifier pkcs_9_at_localKeyId = new DERObjectIdentifier(pkcs_9 + ".21");
+ static final ASN1ObjectIdentifier pkcs_9_at_friendlyName = pkcs_9.branch("20");
+ static final ASN1ObjectIdentifier pkcs_9_at_localKeyId = pkcs_9.branch("21");
/** @deprecated use x509Certificate instead */
- static final DERObjectIdentifier x509certType = new DERObjectIdentifier(pkcs_9 + ".22.1");
+ static final ASN1ObjectIdentifier x509certType = pkcs_9.branch("22.1");
- static final String certTypes = pkcs_9 + ".22";
- static final DERObjectIdentifier x509Certificate = new DERObjectIdentifier(certTypes + ".1");
- static final DERObjectIdentifier sdsiCertificate = new DERObjectIdentifier(certTypes + ".2");
+ static final ASN1ObjectIdentifier certTypes = pkcs_9.branch("22");
+ static final ASN1ObjectIdentifier x509Certificate = certTypes.branch("1");
+ static final ASN1ObjectIdentifier sdsiCertificate = certTypes.branch("2");
- static final String crlTypes = pkcs_9 + ".23";
- static final DERObjectIdentifier x509Crl = new DERObjectIdentifier(crlTypes + ".1");
+ static final ASN1ObjectIdentifier crlTypes = pkcs_9.branch("23");
+ static final ASN1ObjectIdentifier x509Crl = crlTypes.branch("1");
- static final DERObjectIdentifier id_alg_PWRI_KEK = new DERObjectIdentifier(pkcs_9 + ".16.3.9");
+ static final ASN1ObjectIdentifier id_alg_PWRI_KEK = pkcs_9.branch("16.3.9");
//
// SMIME capability sub oids.
//
- static final DERObjectIdentifier preferSignedData = new DERObjectIdentifier(pkcs_9 + ".15.1");
- static final DERObjectIdentifier canNotDecryptAny = new DERObjectIdentifier(pkcs_9 + ".15.2");
- static final DERObjectIdentifier sMIMECapabilitiesVersions = new DERObjectIdentifier(pkcs_9 + ".15.3");
+ static final ASN1ObjectIdentifier preferSignedData = pkcs_9.branch("15.1");
+ static final ASN1ObjectIdentifier canNotDecryptAny = pkcs_9.branch("15.2");
+ static final ASN1ObjectIdentifier sMIMECapabilitiesVersions = pkcs_9.branch("15.3");
//
// id-ct OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
// rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1)}
//
- static String id_ct = "1.2.840.113549.1.9.16.1";
+ static final ASN1ObjectIdentifier id_ct = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.1");
- static final DERObjectIdentifier id_ct_authData = new DERObjectIdentifier(id_ct + ".2");
- static final DERObjectIdentifier id_ct_TSTInfo = new DERObjectIdentifier(id_ct + ".4");
- static final DERObjectIdentifier id_ct_compressedData = new DERObjectIdentifier(id_ct + ".9");
- static final DERObjectIdentifier id_ct_authEnvelopedData = new DERObjectIdentifier(id_ct + ".23");
+ static final ASN1ObjectIdentifier id_ct_authData = id_ct.branch("2");
+ static final ASN1ObjectIdentifier id_ct_TSTInfo = id_ct.branch("4");
+ static final ASN1ObjectIdentifier id_ct_compressedData = id_ct.branch("9");
+ static final ASN1ObjectIdentifier id_ct_authEnvelopedData = id_ct.branch("23");
+ static final ASN1ObjectIdentifier id_ct_timestampedData = id_ct.branch("31");
//
// id-cti OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
// rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6)}
//
- static String id_cti = "1.2.840.113549.1.9.16.6";
+ static final ASN1ObjectIdentifier id_cti = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.6");
- static final DERObjectIdentifier id_cti_ets_proofOfOrigin = new DERObjectIdentifier(id_cti + ".1");
- static final DERObjectIdentifier id_cti_ets_proofOfReceipt = new DERObjectIdentifier(id_cti + ".2");
- static final DERObjectIdentifier id_cti_ets_proofOfDelivery = new DERObjectIdentifier(id_cti + ".3");
- static final DERObjectIdentifier id_cti_ets_proofOfSender = new DERObjectIdentifier(id_cti + ".4");
- static final DERObjectIdentifier id_cti_ets_proofOfApproval = new DERObjectIdentifier(id_cti + ".5");
- static final DERObjectIdentifier id_cti_ets_proofOfCreation = new DERObjectIdentifier(id_cti + ".6");
+ static final ASN1ObjectIdentifier id_cti_ets_proofOfOrigin = id_cti.branch("1");
+ static final ASN1ObjectIdentifier id_cti_ets_proofOfReceipt = id_cti.branch("2");
+ static final ASN1ObjectIdentifier id_cti_ets_proofOfDelivery = id_cti.branch("3");
+ static final ASN1ObjectIdentifier id_cti_ets_proofOfSender = id_cti.branch("4");
+ static final ASN1ObjectIdentifier id_cti_ets_proofOfApproval = id_cti.branch("5");
+ static final ASN1ObjectIdentifier id_cti_ets_proofOfCreation = id_cti.branch("6");
//
// id-aa OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
// rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) attributes(2)}
//
- static String id_aa = "1.2.840.113549.1.9.16.2";
+ static final ASN1ObjectIdentifier id_aa = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2");
- static final DERObjectIdentifier id_aa_receiptRequest = new DERObjectIdentifier(id_aa + ".1");
+
+ static final ASN1ObjectIdentifier id_aa_receiptRequest = id_aa.branch("1");
- static final DERObjectIdentifier id_aa_contentHint = new DERObjectIdentifier(id_aa + ".4"); // See RFC 2634
+ static final ASN1ObjectIdentifier id_aa_contentHint = id_aa.branch("4"); // See RFC 2634
+ static final ASN1ObjectIdentifier id_aa_msgSigDigest = id_aa.branch("5");
+ static final ASN1ObjectIdentifier id_aa_contentReference = id_aa.branch("10");
/*
* id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}
*
*/
- static final DERObjectIdentifier id_aa_encrypKeyPref = new DERObjectIdentifier(id_aa + ".11");
- static final DERObjectIdentifier id_aa_signingCertificate = new DERObjectIdentifier(id_aa + ".12");
- static final DERObjectIdentifier id_aa_signingCertificateV2 = new DERObjectIdentifier(id_aa + ".47");
+ static final ASN1ObjectIdentifier id_aa_encrypKeyPref = id_aa.branch("11");
+ static final ASN1ObjectIdentifier id_aa_signingCertificate = id_aa.branch("12");
+ static final ASN1ObjectIdentifier id_aa_signingCertificateV2 = id_aa.branch("47");
- static final DERObjectIdentifier id_aa_contentIdentifier = new DERObjectIdentifier(id_aa + ".7"); // See RFC 2634
+ static final ASN1ObjectIdentifier id_aa_contentIdentifier = id_aa.branch("7"); // See RFC 2634
/*
* RFC 3126
*/
- static final DERObjectIdentifier id_aa_signatureTimeStampToken = new DERObjectIdentifier(id_aa + ".14");
+ static final ASN1ObjectIdentifier id_aa_signatureTimeStampToken = id_aa.branch("14");
- static final DERObjectIdentifier id_aa_ets_sigPolicyId = new DERObjectIdentifier(id_aa + ".15");
- static final DERObjectIdentifier id_aa_ets_commitmentType = new DERObjectIdentifier(id_aa + ".16");
- static final DERObjectIdentifier id_aa_ets_signerLocation = new DERObjectIdentifier(id_aa + ".17");
- static final DERObjectIdentifier id_aa_ets_signerAttr = new DERObjectIdentifier(id_aa + ".18");
- static final DERObjectIdentifier id_aa_ets_otherSigCert = new DERObjectIdentifier(id_aa + ".19");
- static final DERObjectIdentifier id_aa_ets_contentTimestamp = new DERObjectIdentifier(id_aa + ".20");
- static final DERObjectIdentifier id_aa_ets_certificateRefs = new DERObjectIdentifier(id_aa + ".21");
- static final DERObjectIdentifier id_aa_ets_revocationRefs = new DERObjectIdentifier(id_aa + ".22");
- static final DERObjectIdentifier id_aa_ets_certValues = new DERObjectIdentifier(id_aa + ".23");
- static final DERObjectIdentifier id_aa_ets_revocationValues = new DERObjectIdentifier(id_aa + ".24");
- static final DERObjectIdentifier id_aa_ets_escTimeStamp = new DERObjectIdentifier(id_aa + ".25");
- static final DERObjectIdentifier id_aa_ets_certCRLTimestamp = new DERObjectIdentifier(id_aa + ".26");
- static final DERObjectIdentifier id_aa_ets_archiveTimestamp = new DERObjectIdentifier(id_aa + ".27");
+ static final ASN1ObjectIdentifier id_aa_ets_sigPolicyId = id_aa.branch("15");
+ static final ASN1ObjectIdentifier id_aa_ets_commitmentType = id_aa.branch("16");
+ static final ASN1ObjectIdentifier id_aa_ets_signerLocation = id_aa.branch("17");
+ static final ASN1ObjectIdentifier id_aa_ets_signerAttr = id_aa.branch("18");
+ static final ASN1ObjectIdentifier id_aa_ets_otherSigCert = id_aa.branch("19");
+ static final ASN1ObjectIdentifier id_aa_ets_contentTimestamp = id_aa.branch("20");
+ static final ASN1ObjectIdentifier id_aa_ets_certificateRefs = id_aa.branch("21");
+ static final ASN1ObjectIdentifier id_aa_ets_revocationRefs = id_aa.branch("22");
+ static final ASN1ObjectIdentifier id_aa_ets_certValues = id_aa.branch("23");
+ static final ASN1ObjectIdentifier id_aa_ets_revocationValues = id_aa.branch("24");
+ static final ASN1ObjectIdentifier id_aa_ets_escTimeStamp = id_aa.branch("25");
+ static final ASN1ObjectIdentifier id_aa_ets_certCRLTimestamp = id_aa.branch("26");
+ static final ASN1ObjectIdentifier id_aa_ets_archiveTimestamp = id_aa.branch("27");
/** @deprecated use id_aa_ets_sigPolicyId instead */
- static final DERObjectIdentifier id_aa_sigPolicyId = id_aa_ets_sigPolicyId;
+ static final ASN1ObjectIdentifier id_aa_sigPolicyId = id_aa_ets_sigPolicyId;
/** @deprecated use id_aa_ets_commitmentType instead */
- static final DERObjectIdentifier id_aa_commitmentType = id_aa_ets_commitmentType;
+ static final ASN1ObjectIdentifier id_aa_commitmentType = id_aa_ets_commitmentType;
/** @deprecated use id_aa_ets_signerLocation instead */
- static final DERObjectIdentifier id_aa_signerLocation = id_aa_ets_signerLocation;
+ static final ASN1ObjectIdentifier id_aa_signerLocation = id_aa_ets_signerLocation;
/** @deprecated use id_aa_ets_otherSigCert instead */
- static final DERObjectIdentifier id_aa_otherSigCert = id_aa_ets_otherSigCert;
+ static final ASN1ObjectIdentifier id_aa_otherSigCert = id_aa_ets_otherSigCert;
//
// id-spq OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
@@ -222,33 +230,33 @@
//
final String id_spq = "1.2.840.113549.1.9.16.5";
- static final DERObjectIdentifier id_spq_ets_uri = new DERObjectIdentifier(id_spq + ".1");
- static final DERObjectIdentifier id_spq_ets_unotice = new DERObjectIdentifier(id_spq + ".2");
+ static final ASN1ObjectIdentifier id_spq_ets_uri = new ASN1ObjectIdentifier(id_spq + ".1");
+ static final ASN1ObjectIdentifier id_spq_ets_unotice = new ASN1ObjectIdentifier(id_spq + ".2");
//
// pkcs-12 OBJECT IDENTIFIER ::= {
// iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 }
//
- static final String pkcs_12 = "1.2.840.113549.1.12";
- static final String bagtypes = pkcs_12 + ".10.1";
+ static final ASN1ObjectIdentifier pkcs_12 = new ASN1ObjectIdentifier("1.2.840.113549.1.12");
+ static final ASN1ObjectIdentifier bagtypes = pkcs_12.branch("10.1");
- static final DERObjectIdentifier keyBag = new DERObjectIdentifier(bagtypes + ".1");
- static final DERObjectIdentifier pkcs8ShroudedKeyBag = new DERObjectIdentifier(bagtypes + ".2");
- static final DERObjectIdentifier certBag = new DERObjectIdentifier(bagtypes + ".3");
- static final DERObjectIdentifier crlBag = new DERObjectIdentifier(bagtypes + ".4");
- static final DERObjectIdentifier secretBag = new DERObjectIdentifier(bagtypes + ".5");
- static final DERObjectIdentifier safeContentsBag = new DERObjectIdentifier(bagtypes + ".6");
+ static final ASN1ObjectIdentifier keyBag = bagtypes.branch("1");
+ static final ASN1ObjectIdentifier pkcs8ShroudedKeyBag = bagtypes.branch("2");
+ static final ASN1ObjectIdentifier certBag = bagtypes.branch("3");
+ static final ASN1ObjectIdentifier crlBag = bagtypes.branch("4");
+ static final ASN1ObjectIdentifier secretBag = bagtypes.branch("5");
+ static final ASN1ObjectIdentifier safeContentsBag = bagtypes.branch("6");
- static final String pkcs_12PbeIds = pkcs_12 + ".1";
+ static final ASN1ObjectIdentifier pkcs_12PbeIds = pkcs_12.branch("1");
- static final DERObjectIdentifier pbeWithSHAAnd128BitRC4 = new DERObjectIdentifier(pkcs_12PbeIds + ".1");
- static final DERObjectIdentifier pbeWithSHAAnd40BitRC4 = new DERObjectIdentifier(pkcs_12PbeIds + ".2");
- static final DERObjectIdentifier pbeWithSHAAnd3_KeyTripleDES_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".3");
- static final DERObjectIdentifier pbeWithSHAAnd2_KeyTripleDES_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".4");
- static final DERObjectIdentifier pbeWithSHAAnd128BitRC2_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".5");
- static final DERObjectIdentifier pbewithSHAAnd40BitRC2_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".6");
+ static final ASN1ObjectIdentifier pbeWithSHAAnd128BitRC4 = pkcs_12PbeIds.branch("1");
+ static final ASN1ObjectIdentifier pbeWithSHAAnd40BitRC4 = pkcs_12PbeIds.branch("2");
+ static final ASN1ObjectIdentifier pbeWithSHAAnd3_KeyTripleDES_CBC = pkcs_12PbeIds.branch("3");
+ static final ASN1ObjectIdentifier pbeWithSHAAnd2_KeyTripleDES_CBC = pkcs_12PbeIds.branch("4");
+ static final ASN1ObjectIdentifier pbeWithSHAAnd128BitRC2_CBC = pkcs_12PbeIds.branch("5");
+ static final ASN1ObjectIdentifier pbewithSHAAnd40BitRC2_CBC = pkcs_12PbeIds.branch("6");
- static final DERObjectIdentifier id_alg_CMS3DESwrap = new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6");
- static final DERObjectIdentifier id_alg_CMSRC2wrap = new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7");
+ static final ASN1ObjectIdentifier id_alg_CMS3DESwrap = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6");
+ static final ASN1ObjectIdentifier id_alg_CMSRC2wrap = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.7");
}
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
index a7fff2f..9e84499 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
@@ -1,5 +1,9 @@
package org.bouncycastle.asn1.pkcs;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Enumeration;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
@@ -14,10 +18,6 @@
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-
public class PrivateKeyInfo
extends ASN1Encodable
{
@@ -39,12 +39,12 @@
{
return (PrivateKeyInfo)obj;
}
- else if (obj instanceof ASN1Sequence)
+ else if (obj != null)
{
- return new PrivateKeyInfo((ASN1Sequence)obj);
+ return new PrivateKeyInfo(ASN1Sequence.getInstance(obj));
}
- throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ return null;
}
public PrivateKeyInfo(
diff --git a/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java
new file mode 100644
index 0000000..b9a0407
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java
@@ -0,0 +1,128 @@
+package org.bouncycastle.asn1.sec;
+
+import java.math.BigInteger;
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.util.BigIntegers;
+
+/**
+ * the elliptic curve private key object from SEC 1
+ */
+public class ECPrivateKeyStructure
+ extends ASN1Encodable
+{
+ private ASN1Sequence seq;
+
+ public ECPrivateKeyStructure(
+ ASN1Sequence seq)
+ {
+ this.seq = seq;
+ }
+
+ public ECPrivateKeyStructure(
+ BigInteger key)
+ {
+ byte[] bytes = BigIntegers.asUnsignedByteArray(key);
+
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(new DERInteger(1));
+ v.add(new DEROctetString(bytes));
+
+ seq = new DERSequence(v);
+ }
+
+ public ECPrivateKeyStructure(
+ BigInteger key,
+ ASN1Encodable parameters)
+ {
+ this(key, null, parameters);
+ }
+
+ public ECPrivateKeyStructure(
+ BigInteger key,
+ DERBitString publicKey,
+ ASN1Encodable parameters)
+ {
+ byte[] bytes = BigIntegers.asUnsignedByteArray(key);
+
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(new DERInteger(1));
+ v.add(new DEROctetString(bytes));
+
+ if (parameters != null)
+ {
+ v.add(new DERTaggedObject(true, 0, parameters));
+ }
+
+ if (publicKey != null)
+ {
+ v.add(new DERTaggedObject(true, 1, publicKey));
+ }
+
+ seq = new DERSequence(v);
+ }
+
+ public BigInteger getKey()
+ {
+ ASN1OctetString octs = (ASN1OctetString)seq.getObjectAt(1);
+
+ return new BigInteger(1, octs.getOctets());
+ }
+
+ public DERBitString getPublicKey()
+ {
+ return (DERBitString)getObjectInTag(1);
+ }
+
+ public ASN1Object getParameters()
+ {
+ return getObjectInTag(0);
+ }
+
+ private ASN1Object getObjectInTag(int tagNo)
+ {
+ Enumeration e = seq.getObjects();
+
+ while (e.hasMoreElements())
+ {
+ DEREncodable obj = (DEREncodable)e.nextElement();
+
+ if (obj instanceof ASN1TaggedObject)
+ {
+ ASN1TaggedObject tag = (ASN1TaggedObject)obj;
+ if (tag.getTagNo() == tagNo)
+ {
+ return (ASN1Object)((DEREncodable)tag.getObject()).getDERObject();
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] Parameters OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL }
+ */
+ public DERObject toASN1Object()
+ {
+ return seq;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java b/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java
new file mode 100644
index 0000000..67ead06
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java
@@ -0,0 +1,1029 @@
+package org.bouncycastle.asn1.sec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECParametersHolder;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+public class SECNamedCurves
+{
+ private static BigInteger fromHex(
+ String hex)
+ {
+ return new BigInteger(1, Hex.decode(hex));
+ }
+
+ /*
+ * secp112r1
+ */
+ static X9ECParametersHolder secp112r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = (2^128 - 3) / 76439
+ BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B");
+ BigInteger a = fromHex("DB7C2ABF62E35E668076BEAD2088");
+ BigInteger b = fromHex("659EF8BA043916EEDE8911702B22");
+ byte[] S = Hex.decode("00F50B028E4D696E676875615175290472783FB1");
+ BigInteger n = fromHex("DB7C2ABF62E35E7628DFAC6561C5");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "09487239995A5EE76B55F9C2F098"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "09487239995A5EE76B55F9C2F098"
+ + "A89CE5AF8724C0A23E0E0FF77500"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp112r2
+ */
+ static X9ECParametersHolder secp112r2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = (2^128 - 3) / 76439
+ BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B");
+ BigInteger a = fromHex("6127C24C05F38A0AAAF65C0EF02C");
+ BigInteger b = fromHex("51DEF1815DB5ED74FCC34C85D709");
+ byte[] S = Hex.decode("002757A1114D696E6768756151755316C05E0BD4");
+ BigInteger n = fromHex("36DF0AAFD8B8D7597CA10520D04B");
+ BigInteger h = BigInteger.valueOf(4);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "4BA30AB5E892B4E1649DD0928643"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "4BA30AB5E892B4E1649DD0928643"
+ + "ADCD46F5882E3747DEF36E956E97"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp128r1
+ */
+ static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^128 - 2^97 - 1
+ BigInteger p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF");
+ BigInteger a = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC");
+ BigInteger b = fromHex("E87579C11079F43DD824993C2CEE5ED3");
+ byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
+ BigInteger n = fromHex("FFFFFFFE0000000075A30D1B9038A115");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "161FF7528B899B2D0C28607CA52C5B86"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "161FF7528B899B2D0C28607CA52C5B86"
+ + "CF5AC8395BAFEB13C02DA292DDED7A83"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp128r2
+ */
+ static X9ECParametersHolder secp128r2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^128 - 2^97 - 1
+ BigInteger p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF");
+ BigInteger a = fromHex("D6031998D1B3BBFEBF59CC9BBFF9AEE1");
+ BigInteger b = fromHex("5EEEFCA380D02919DC2C6558BB6D8A5D");
+ byte[] S = Hex.decode("004D696E67687561517512D8F03431FCE63B88F4");
+ BigInteger n = fromHex("3FFFFFFF7FFFFFFFBE0024720613B5A3");
+ BigInteger h = BigInteger.valueOf(4);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "7B6AA5D85E572983E6FB32A7CDEBC140"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "7B6AA5D85E572983E6FB32A7CDEBC140"
+ + "27B6916A894D3AEE7106FE805FC34B44"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp160k1
+ */
+ static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73");
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(7);
+ byte[] S = null;
+ BigInteger n = fromHex("0100000000000000000001B8FA16DFAB9ACA16B6B3");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+// ECPoint G = curve.decodePoint(Hex.decode("02"
+// + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
+ + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp160r1
+ */
+ static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^160 - 2^31 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF");
+ BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC");
+ BigInteger b = fromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45");
+ byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
+ BigInteger n = fromHex("0100000000000000000001F4C8F927AED3CA752257");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "4A96B5688EF573284664698968C38BB913CBFC82"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "4A96B5688EF573284664698968C38BB913CBFC82"
+ + "23A628553168947D59DCC912042351377AC5FB32"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp160r2
+ */
+ static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73");
+ BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70");
+ BigInteger b = fromHex("B4E134D3FB59EB8BAB57274904664D5AF50388BA");
+ byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
+ BigInteger n = fromHex("0100000000000000000000351EE786A818F3A1A16B");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
+ + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp192k1
+ */
+ static X9ECParametersHolder secp192k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37");
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(3);
+ byte[] S = null;
+ BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D"
+ + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp192r1
+ */
+ static X9ECParametersHolder secp192r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^192 - 2^64 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF");
+ BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC");
+ BigInteger b = fromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1");
+ byte[] S = Hex.decode("3045AE6FC8422F64ED579528D38120EAE12196D5");
+ BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"
+ + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp224k1
+ */
+ static X9ECParametersHolder secp224k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^224 - 2^32 - 2^12 - 2^11 - 2^9 - 2^7 - 2^4 - 2 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D");
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(5);
+ byte[] S = null;
+ BigInteger n = fromHex("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C"
+ + "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp224r1
+ */
+ static X9ECParametersHolder secp224r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^224 - 2^96 + 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001");
+ BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE");
+ BigInteger b = fromHex("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4");
+ byte[] S = Hex.decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5");
+ BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"
+ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp256k1
+ */
+ static X9ECParametersHolder secp256k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F");
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(7);
+ byte[] S = null;
+ BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"
+ + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp256r1
+ */
+ static X9ECParametersHolder secp256r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1
+ BigInteger p = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
+ BigInteger a = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC");
+ BigInteger b = fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B");
+ byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90");
+ BigInteger n = fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
+ + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp384r1
+ */
+ static X9ECParametersHolder secp384r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^384 - 2^128 - 2^96 + 2^32 - 1
+ BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF");
+ BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC");
+ BigInteger b = fromHex("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF");
+ byte[] S = Hex.decode("A335926AA319A27A1D00896A6773A4827ACDAC73");
+ BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"
+ + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * secp521r1
+ */
+ static X9ECParametersHolder secp521r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ // p = 2^521 - 1
+ BigInteger p = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+ BigInteger a = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC");
+ BigInteger b = fromHex("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00");
+ byte[] S = Hex.decode("D09E8800291CB85396CC6717393284AAA0DA64BA");
+ BigInteger n = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409");
+ BigInteger h = BigInteger.valueOf(1);
+
+ ECCurve curve = new ECCurve.Fp(p, a, b);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"
+ + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect113r1
+ */
+ static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 113;
+ int k = 9;
+
+ BigInteger a = fromHex("003088250CA6E7C7FE649CE85820F7");
+ BigInteger b = fromHex("00E8BEE4D3E2260744188BE0E9C723");
+ byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
+ BigInteger n = fromHex("0100000000000000D9CCEC8A39E56F");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "009D73616F35F4AB1407D73562C10F"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "009D73616F35F4AB1407D73562C10F"
+ + "00A52830277958EE84D1315ED31886"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect113r2
+ */
+ static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 113;
+ int k = 9;
+
+ BigInteger a = fromHex("00689918DBEC7E5A0DD6DFC0AA55C7");
+ BigInteger b = fromHex("0095E9A9EC9B297BD4BF36E059184F");
+ byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
+ BigInteger n = fromHex("010000000000000108789B2496AF93");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "01A57A6A7B26CA5EF52FCDB8164797"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "01A57A6A7B26CA5EF52FCDB8164797"
+ + "00B3ADC94ED1FE674C06E695BABA1D"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect131r1
+ */
+ static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 131;
+ int k1 = 2;
+ int k2 = 3;
+ int k3 = 8;
+
+ BigInteger a = fromHex("07A11B09A76B562144418FF3FF8C2570B8");
+ BigInteger b = fromHex("0217C05610884B63B9C6C7291678F9D341");
+ byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
+ BigInteger n = fromHex("0400000000000000023123953A9464B54D");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "0081BAF91FDF9833C40F9C181343638399"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "0081BAF91FDF9833C40F9C181343638399"
+ + "078C6E7EA38C001F73C8134B1B4EF9E150"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect131r2
+ */
+ static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 131;
+ int k1 = 2;
+ int k2 = 3;
+ int k3 = 8;
+
+ BigInteger a = fromHex("03E5A88919D7CAFCBF415F07C2176573B2");
+ BigInteger b = fromHex("04B8266A46C55657AC734CE38F018F2192");
+ byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
+ BigInteger n = fromHex("0400000000000000016954A233049BA98F");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "0356DCD8F2F95031AD652D23951BB366A8"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "0356DCD8F2F95031AD652D23951BB366A8"
+ + "0648F06D867940A5366D9E265DE9EB240F"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect163k1
+ */
+ static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 163;
+ int k1 = 3;
+ int k2 = 6;
+ int k3 = 7;
+
+ BigInteger a = BigInteger.valueOf(1);
+ BigInteger b = BigInteger.valueOf(1);
+ byte[] S = null;
+ BigInteger n = fromHex("04000000000000000000020108A2E0CC0D99F8A5EF");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
+ + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect163r1
+ */
+ static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 163;
+ int k1 = 3;
+ int k2 = 6;
+ int k3 = 7;
+
+ BigInteger a = fromHex("07B6882CAAEFA84F9554FF8428BD88E246D2782AE2");
+ BigInteger b = fromHex("0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9");
+ byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
+ BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "0369979697AB43897789566789567F787A7876A654"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "0369979697AB43897789566789567F787A7876A654"
+ + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect163r2
+ */
+ static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 163;
+ int k1 = 3;
+ int k2 = 6;
+ int k3 = 7;
+
+ BigInteger a = BigInteger.valueOf(1);
+ BigInteger b = fromHex("020A601907B8C953CA1481EB10512F78744A3205FD");
+ byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
+ BigInteger n = fromHex("040000000000000000000292FE77E70C12A4234C33");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "03F0EBA16286A2D57EA0991168D4994637E8343E36"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
+ + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect193r1
+ */
+ static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 193;
+ int k = 15;
+
+ BigInteger a = fromHex("0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01");
+ BigInteger b = fromHex("00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814");
+ byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
+ BigInteger n = fromHex("01000000000000000000000000C7F34A778F443ACC920EBA49");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
+ + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect193r2
+ */
+ static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 193;
+ int k = 15;
+
+ BigInteger a = fromHex("0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B");
+ BigInteger b = fromHex("00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE");
+ byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
+ BigInteger n = fromHex("010000000000000000000000015AAB561B005413CCD4EE99D5");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
+ + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect233k1
+ */
+ static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 233;
+ int k = 74;
+
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(1);
+ byte[] S = null;
+ BigInteger n = fromHex("8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF");
+ BigInteger h = BigInteger.valueOf(4);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
+ + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect233r1
+ */
+ static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 233;
+ int k = 74;
+
+ BigInteger a = BigInteger.valueOf(1);
+ BigInteger b = fromHex("0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD");
+ byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
+ BigInteger n = fromHex("01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
+ + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect239k1
+ */
+ static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 239;
+ int k = 158;
+
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(1);
+ byte[] S = null;
+ BigInteger n = fromHex("2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5");
+ BigInteger h = BigInteger.valueOf(4);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
+ + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect283k1
+ */
+ static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 283;
+ int k1 = 5;
+ int k2 = 7;
+ int k3 = 12;
+
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(1);
+ byte[] S = null;
+ BigInteger n = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61");
+ BigInteger h = BigInteger.valueOf(4);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
+ + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect283r1
+ */
+ static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 283;
+ int k1 = 5;
+ int k2 = 7;
+ int k3 = 12;
+
+ BigInteger a = BigInteger.valueOf(1);
+ BigInteger b = fromHex("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5");
+ byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
+ BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
+ + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect409k1
+ */
+ static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 409;
+ int k = 87;
+
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(1);
+ byte[] S = null;
+ BigInteger n = fromHex("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF");
+ BigInteger h = BigInteger.valueOf(4);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
+ + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect409r1
+ */
+ static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 409;
+ int k = 87;
+
+ BigInteger a = BigInteger.valueOf(1);
+ BigInteger b = fromHex("0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F");
+ byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
+ BigInteger n = fromHex("010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
+ + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect571k1
+ */
+ static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 571;
+ int k1 = 2;
+ int k2 = 5;
+ int k3 = 10;
+
+ BigInteger a = ECConstants.ZERO;
+ BigInteger b = BigInteger.valueOf(1);
+ byte[] S = null;
+ BigInteger n = fromHex("020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001");
+ BigInteger h = BigInteger.valueOf(4);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("02"
+ //+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
+ + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+ /*
+ * sect571r1
+ */
+ static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ int m = 571;
+ int k1 = 2;
+ int k2 = 5;
+ int k3 = 10;
+
+ BigInteger a = BigInteger.valueOf(1);
+ BigInteger b = fromHex("02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A");
+ byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
+ BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47");
+ BigInteger h = BigInteger.valueOf(2);
+
+ ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+ //ECPoint G = curve.decodePoint(Hex.decode("03"
+ //+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"));
+ ECPoint G = curve.decodePoint(Hex.decode("04"
+ + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
+ + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
+
+ return new X9ECParameters(curve, G, n, h, S);
+ }
+ };
+
+
+ static final Hashtable objIds = new Hashtable();
+ static final Hashtable curves = new Hashtable();
+ static final Hashtable names = new Hashtable();
+
+ static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder)
+ {
+ objIds.put(name, oid);
+ names.put(oid, name);
+ curves.put(oid, holder);
+ }
+
+ static
+ {
+ defineCurve("secp112r1", SECObjectIdentifiers.secp112r1, secp112r1);
+ defineCurve("secp112r2", SECObjectIdentifiers.secp112r2, secp112r2);
+ defineCurve("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
+ defineCurve("secp128r2", SECObjectIdentifiers.secp128r2, secp128r2);
+ defineCurve("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
+ defineCurve("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
+ defineCurve("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
+ defineCurve("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1);
+ defineCurve("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1);
+ defineCurve("secp224k1", SECObjectIdentifiers.secp224k1, secp224k1);
+ defineCurve("secp224r1", SECObjectIdentifiers.secp224r1, secp224r1);
+ defineCurve("secp256k1", SECObjectIdentifiers.secp256k1, secp256k1);
+ defineCurve("secp256r1", SECObjectIdentifiers.secp256r1, secp256r1);
+ defineCurve("secp384r1", SECObjectIdentifiers.secp384r1, secp384r1);
+ defineCurve("secp521r1", SECObjectIdentifiers.secp521r1, secp521r1);
+
+ defineCurve("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
+ defineCurve("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
+ defineCurve("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
+ defineCurve("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
+ defineCurve("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
+ defineCurve("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
+ defineCurve("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
+ defineCurve("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
+ defineCurve("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
+ defineCurve("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
+ defineCurve("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
+ defineCurve("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
+ defineCurve("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
+ defineCurve("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
+ defineCurve("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
+ defineCurve("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
+ defineCurve("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
+ defineCurve("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1);
+ }
+
+ public static X9ECParameters getByName(
+ String name)
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+
+ if (oid != null)
+ {
+ return getByOID(oid);
+ }
+
+ return null;
+ }
+
+ /**
+ * return the X9ECParameters object for the named curve represented by
+ * the passed in object identifier. Null if the curve isn't present.
+ *
+ * @param oid an object identifier representing a named curve, if present.
+ */
+ public static X9ECParameters getByOID(
+ DERObjectIdentifier oid)
+ {
+ X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid);
+
+ if (holder != null)
+ {
+ return holder.getParameters();
+ }
+
+ return null;
+ }
+
+ /**
+ * return the object identifier signified by the passed in name. Null
+ * if there is no object identifier associated with name.
+ *
+ * @return the object identifier associated with name, if present.
+ */
+ public static DERObjectIdentifier getOID(
+ String name)
+ {
+ return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+ }
+
+ /**
+ * return the named curve name represented by the given object identifier.
+ */
+ public static String getName(
+ DERObjectIdentifier oid)
+ {
+ return (String)names.get(oid);
+ }
+
+ /**
+ * returns an enumeration containing the name strings for curves
+ * contained in this structure.
+ */
+ public static Enumeration getNames()
+ {
+ return objIds.keys();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java
new file mode 100644
index 0000000..8b19cd6
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java
@@ -0,0 +1,50 @@
+package org.bouncycastle.asn1.sec;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+
+public interface SECObjectIdentifiers
+{
+ /**
+ * ellipticCurve OBJECT IDENTIFIER ::= {
+ * iso(1) identified-organization(3) certicom(132) curve(0)
+ * }
+ */
+ static final ASN1ObjectIdentifier ellipticCurve = new ASN1ObjectIdentifier("1.3.132.0");
+
+ static final ASN1ObjectIdentifier sect163k1 = ellipticCurve.branch("1");
+ static final ASN1ObjectIdentifier sect163r1 = ellipticCurve.branch("2");
+ static final ASN1ObjectIdentifier sect239k1 = ellipticCurve.branch("3");
+ static final ASN1ObjectIdentifier sect113r1 = ellipticCurve.branch("4");
+ static final ASN1ObjectIdentifier sect113r2 = ellipticCurve.branch("5");
+ static final ASN1ObjectIdentifier secp112r1 = ellipticCurve.branch("6");
+ static final ASN1ObjectIdentifier secp112r2 = ellipticCurve.branch("7");
+ static final ASN1ObjectIdentifier secp160r1 = ellipticCurve.branch("8");
+ static final ASN1ObjectIdentifier secp160k1 = ellipticCurve.branch("9");
+ static final ASN1ObjectIdentifier secp256k1 = ellipticCurve.branch("10");
+ static final ASN1ObjectIdentifier sect163r2 = ellipticCurve.branch("15");
+ static final ASN1ObjectIdentifier sect283k1 = ellipticCurve.branch("16");
+ static final ASN1ObjectIdentifier sect283r1 = ellipticCurve.branch("17");
+ static final ASN1ObjectIdentifier sect131r1 = ellipticCurve.branch("22");
+ static final ASN1ObjectIdentifier sect131r2 = ellipticCurve.branch("23");
+ static final ASN1ObjectIdentifier sect193r1 = ellipticCurve.branch("24");
+ static final ASN1ObjectIdentifier sect193r2 = ellipticCurve.branch("25");
+ static final ASN1ObjectIdentifier sect233k1 = ellipticCurve.branch("26");
+ static final ASN1ObjectIdentifier sect233r1 = ellipticCurve.branch("27");
+ static final ASN1ObjectIdentifier secp128r1 = ellipticCurve.branch("28");
+ static final ASN1ObjectIdentifier secp128r2 = ellipticCurve.branch("29");
+ static final ASN1ObjectIdentifier secp160r2 = ellipticCurve.branch("30");
+ static final ASN1ObjectIdentifier secp192k1 = ellipticCurve.branch("31");
+ static final ASN1ObjectIdentifier secp224k1 = ellipticCurve.branch("32");
+ static final ASN1ObjectIdentifier secp224r1 = ellipticCurve.branch("33");
+ static final ASN1ObjectIdentifier secp384r1 = ellipticCurve.branch("34");
+ static final ASN1ObjectIdentifier secp521r1 = ellipticCurve.branch("35");
+ static final ASN1ObjectIdentifier sect409k1 = ellipticCurve.branch("36");
+ static final ASN1ObjectIdentifier sect409r1 = ellipticCurve.branch("37");
+ static final ASN1ObjectIdentifier sect571k1 = ellipticCurve.branch("38");
+ static final ASN1ObjectIdentifier sect571r1 = ellipticCurve.branch("39");
+
+ static final ASN1ObjectIdentifier secp192r1 = X9ObjectIdentifiers.prime192v1;
+ static final ASN1ObjectIdentifier secp256r1 = X9ObjectIdentifiers.prime256v1;
+
+}
diff --git a/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
index 32a2ed6..df9a0ff 100644
--- a/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
@@ -1,42 +1,42 @@
package org.bouncycastle.asn1.teletrust;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface TeleTrusTObjectIdentifiers
{
- static final String teleTrusTAlgorithm = "1.3.36.3";
+ static final ASN1ObjectIdentifier teleTrusTAlgorithm = new ASN1ObjectIdentifier("1.3.36.3");
- static final DERObjectIdentifier ripemd160 = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.1");
- static final DERObjectIdentifier ripemd128 = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.2");
- static final DERObjectIdentifier ripemd256 = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.3");
+ static final ASN1ObjectIdentifier ripemd160 = teleTrusTAlgorithm.branch("2.1");
+ static final ASN1ObjectIdentifier ripemd128 = teleTrusTAlgorithm.branch("2.2");
+ static final ASN1ObjectIdentifier ripemd256 = teleTrusTAlgorithm.branch("2.3");
- static final String teleTrusTRSAsignatureAlgorithm = teleTrusTAlgorithm + ".3.1";
+ static final ASN1ObjectIdentifier teleTrusTRSAsignatureAlgorithm = teleTrusTAlgorithm.branch("3.1");
- static final DERObjectIdentifier rsaSignatureWithripemd160 = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".2");
- static final DERObjectIdentifier rsaSignatureWithripemd128 = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".3");
- static final DERObjectIdentifier rsaSignatureWithripemd256 = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".4");
+ static final ASN1ObjectIdentifier rsaSignatureWithripemd160 = teleTrusTRSAsignatureAlgorithm.branch("2");
+ static final ASN1ObjectIdentifier rsaSignatureWithripemd128 = teleTrusTRSAsignatureAlgorithm.branch("3");
+ static final ASN1ObjectIdentifier rsaSignatureWithripemd256 = teleTrusTRSAsignatureAlgorithm.branch("4");
- static final DERObjectIdentifier ecSign = new DERObjectIdentifier(teleTrusTAlgorithm + ".3.2");
+ static final ASN1ObjectIdentifier ecSign = teleTrusTAlgorithm.branch("3.2");
- static final DERObjectIdentifier ecSignWithSha1 = new DERObjectIdentifier(ecSign + ".1");
- static final DERObjectIdentifier ecSignWithRipemd160 = new DERObjectIdentifier(ecSign + ".2");
+ static final ASN1ObjectIdentifier ecSignWithSha1 = ecSign.branch("1");
+ static final ASN1ObjectIdentifier ecSignWithRipemd160 = ecSign.branch("2");
- static final DERObjectIdentifier ecc_brainpool = new DERObjectIdentifier(teleTrusTAlgorithm + ".3.2.8");
- static final DERObjectIdentifier ellipticCurve = new DERObjectIdentifier(ecc_brainpool + ".1");
- static final DERObjectIdentifier versionOne = new DERObjectIdentifier(ellipticCurve + ".1");
+ static final ASN1ObjectIdentifier ecc_brainpool = teleTrusTAlgorithm.branch("3.2.8");
+ static final ASN1ObjectIdentifier ellipticCurve = ecc_brainpool.branch("1");
+ static final ASN1ObjectIdentifier versionOne = ellipticCurve.branch("1");
- static final DERObjectIdentifier brainpoolP160r1 = new DERObjectIdentifier(versionOne + ".1");
- static final DERObjectIdentifier brainpoolP160t1 = new DERObjectIdentifier(versionOne + ".2");
- static final DERObjectIdentifier brainpoolP192r1 = new DERObjectIdentifier(versionOne + ".3");
- static final DERObjectIdentifier brainpoolP192t1 = new DERObjectIdentifier(versionOne + ".4");
- static final DERObjectIdentifier brainpoolP224r1 = new DERObjectIdentifier(versionOne + ".5");
- static final DERObjectIdentifier brainpoolP224t1 = new DERObjectIdentifier(versionOne + ".6");
- static final DERObjectIdentifier brainpoolP256r1 = new DERObjectIdentifier(versionOne + ".7");
- static final DERObjectIdentifier brainpoolP256t1 = new DERObjectIdentifier(versionOne + ".8");
- static final DERObjectIdentifier brainpoolP320r1 = new DERObjectIdentifier(versionOne + ".9");
- static final DERObjectIdentifier brainpoolP320t1 = new DERObjectIdentifier(versionOne+".10");
- static final DERObjectIdentifier brainpoolP384r1 = new DERObjectIdentifier(versionOne+".11");
- static final DERObjectIdentifier brainpoolP384t1 = new DERObjectIdentifier(versionOne+".12");
- static final DERObjectIdentifier brainpoolP512r1 = new DERObjectIdentifier(versionOne+".13");
- static final DERObjectIdentifier brainpoolP512t1 = new DERObjectIdentifier(versionOne+".14");
+ static final ASN1ObjectIdentifier brainpoolP160r1 = versionOne.branch("1");
+ static final ASN1ObjectIdentifier brainpoolP160t1 = versionOne.branch("2");
+ static final ASN1ObjectIdentifier brainpoolP192r1 = versionOne.branch("3");
+ static final ASN1ObjectIdentifier brainpoolP192t1 = versionOne.branch("4");
+ static final ASN1ObjectIdentifier brainpoolP224r1 = versionOne.branch("5");
+ static final ASN1ObjectIdentifier brainpoolP224t1 = versionOne.branch("6");
+ static final ASN1ObjectIdentifier brainpoolP256r1 = versionOne.branch("7");
+ static final ASN1ObjectIdentifier brainpoolP256t1 = versionOne.branch("8");
+ static final ASN1ObjectIdentifier brainpoolP320r1 = versionOne.branch("9");
+ static final ASN1ObjectIdentifier brainpoolP320t1 = versionOne.branch("10");
+ static final ASN1ObjectIdentifier brainpoolP384r1 = versionOne.branch("11");
+ static final ASN1ObjectIdentifier brainpoolP384t1 = versionOne.branch("12");
+ static final ASN1ObjectIdentifier brainpoolP512r1 = versionOne.branch("13");
+ static final ASN1ObjectIdentifier brainpoolP512t1 = versionOne.branch("14");
}
diff --git a/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
index 7d4f999..272f374 100644
--- a/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
+++ b/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
@@ -8,7 +8,6 @@
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERApplicationSpecific;
import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.BERConstructedSequence;
import org.bouncycastle.asn1.BERSequence;
import org.bouncycastle.asn1.BERSet;
import org.bouncycastle.asn1.BERTaggedObject;
@@ -16,8 +15,6 @@
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DERConstructedSequence;
-import org.bouncycastle.asn1.DERConstructedSet;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERExternal;
@@ -63,15 +60,7 @@
String tab = indent + TAB;
buf.append(indent);
- if (obj instanceof BERConstructedSequence)
- {
- buf.append("BER ConstructedSequence");
- }
- else if (obj instanceof DERConstructedSequence)
- {
- buf.append("DER ConstructedSequence");
- }
- else if (obj instanceof BERSequence)
+ if (obj instanceof BERSequence)
{
buf.append("BER Sequence");
}
@@ -145,35 +134,6 @@
_dumpAsString(tab, verbose, o.getObject(), buf);
}
}
- else if (obj instanceof DERConstructedSet)
- {
- Enumeration e = ((ASN1Set)obj).getObjects();
- String tab = indent + TAB;
-
- buf.append(indent);
- buf.append("ConstructedSet");
- buf.append(nl);
-
- while (e.hasMoreElements())
- {
- Object o = e.nextElement();
-
- if (o == null)
- {
- buf.append(tab);
- buf.append("NULL");
- buf.append(nl);
- }
- else if (o instanceof DERObject)
- {
- _dumpAsString(tab, verbose, (DERObject)o, buf);
- }
- else
- {
- _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf);
- }
- }
- }
else if (obj instanceof BERSet)
{
Enumeration e = ((ASN1Set)obj).getObjects();
diff --git a/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java b/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java
new file mode 100644
index 0000000..bbe2171
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java
@@ -0,0 +1,71 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+
+public class AttributeTypeAndValue
+ extends ASN1Encodable
+{
+ private ASN1ObjectIdentifier type;
+ private ASN1Encodable value;
+
+ private AttributeTypeAndValue(ASN1Sequence seq)
+ {
+ type = (ASN1ObjectIdentifier)seq.getObjectAt(0);
+ value = (ASN1Encodable)seq.getObjectAt(1);
+ }
+
+ public static AttributeTypeAndValue getInstance(Object o)
+ {
+ if (o instanceof AttributeTypeAndValue)
+ {
+ return (AttributeTypeAndValue)o;
+ }
+ else if (o != null)
+ {
+ return new AttributeTypeAndValue(ASN1Sequence.getInstance(o));
+ }
+
+ throw new IllegalArgumentException("null value in getInstance()");
+ }
+
+ public AttributeTypeAndValue(
+ ASN1ObjectIdentifier type,
+ ASN1Encodable value)
+ {
+ this.type = type;
+ this.value = value;
+ }
+
+ public ASN1ObjectIdentifier getType()
+ {
+ return type;
+ }
+
+ public ASN1Encodable getValue()
+ {
+ return value;
+ }
+
+ /**
+ * <pre>
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type OBJECT IDENTIFIER,
+ * value ANY DEFINED BY type }
+ * </pre>
+ * @return a basic ASN.1 object representation.
+ */
+ public DERObject toASN1Object()
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(type);
+ v.add(value);
+
+ return new DERSequence(v);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java b/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java
new file mode 100644
index 0000000..b76155c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java
@@ -0,0 +1,125 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERBMPString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERT61String;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.DERUniversalString;
+
+public class DirectoryString
+ extends ASN1Encodable
+ implements ASN1Choice, ASN1String
+{
+ private ASN1String string;
+
+ public static DirectoryString getInstance(Object o)
+ {
+ if (o instanceof DirectoryString)
+ {
+ return (DirectoryString)o;
+ }
+
+ if (o instanceof DERT61String)
+ {
+ return new DirectoryString((DERT61String)o);
+ }
+
+ if (o instanceof DERPrintableString)
+ {
+ return new DirectoryString((DERPrintableString)o);
+ }
+
+ if (o instanceof DERUniversalString)
+ {
+ return new DirectoryString((DERUniversalString)o);
+ }
+
+ if (o instanceof DERUTF8String)
+ {
+ return new DirectoryString((DERUTF8String)o);
+ }
+
+ if (o instanceof DERBMPString)
+ {
+ return new DirectoryString((DERBMPString)o);
+ }
+
+ throw new IllegalArgumentException("illegal object in getInstance: " + o.getClass().getName());
+ }
+
+ public static DirectoryString getInstance(ASN1TaggedObject o, boolean explicit)
+ {
+ if (!explicit)
+ {
+ throw new IllegalArgumentException("choice item must be explicitly tagged");
+ }
+
+ return getInstance(o.getObject());
+ }
+
+ private DirectoryString(
+ DERT61String string)
+ {
+ this.string = string;
+ }
+
+ private DirectoryString(
+ DERPrintableString string)
+ {
+ this.string = string;
+ }
+
+ private DirectoryString(
+ DERUniversalString string)
+ {
+ this.string = string;
+ }
+
+ private DirectoryString(
+ DERUTF8String string)
+ {
+ this.string = string;
+ }
+
+ private DirectoryString(
+ DERBMPString string)
+ {
+ this.string = string;
+ }
+
+ public DirectoryString(String string)
+ {
+ this.string = new DERUTF8String(string);
+ }
+
+ public String getString()
+ {
+ return string.getString();
+ }
+
+ public String toString()
+ {
+ return string.getString();
+ }
+
+ /**
+ * <pre>
+ * DirectoryString ::= CHOICE {
+ * teletexString TeletexString (SIZE (1..MAX)),
+ * printableString PrintableString (SIZE (1..MAX)),
+ * universalString UniversalString (SIZE (1..MAX)),
+ * utf8String UTF8String (SIZE (1..MAX)),
+ * bmpString BMPString (SIZE (1..MAX)) }
+ * </pre>
+ */
+ public DERObject toASN1Object()
+ {
+ return ((DEREncodable)string).getDERObject();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/RDN.java b/src/main/java/org/bouncycastle/asn1/x500/RDN.java
new file mode 100644
index 0000000..700a918
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/RDN.java
@@ -0,0 +1,106 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERSet;
+
+public class RDN
+ extends ASN1Encodable
+{
+ private ASN1Set values;
+
+ private RDN(ASN1Set values)
+ {
+ this.values = values;
+ }
+
+ public static RDN getInstance(Object obj)
+ {
+ if (obj instanceof RDN)
+ {
+ return (RDN)obj;
+ }
+ else if (obj != null)
+ {
+ return new RDN(ASN1Set.getInstance(obj));
+ }
+
+ return null;
+ }
+
+ /**
+ * Create a single valued RDN.
+ *
+ * @param oid
+ * @param value
+ */
+ public RDN(ASN1ObjectIdentifier oid, ASN1Encodable value)
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(oid);
+ v.add(value);
+
+ this.values = new DERSet(new DERSequence(v));
+ }
+
+ public RDN(AttributeTypeAndValue attrTAndV)
+ {
+ this.values = new DERSet(attrTAndV);
+ }
+
+ /**
+ * Create a multi-valued RDN.
+ */
+ public RDN(AttributeTypeAndValue[] aAndVs)
+ {
+ this.values = new DERSet(aAndVs);
+ }
+
+ public boolean isMultiValued()
+ {
+ return this.values.size() > 1;
+ }
+
+ public AttributeTypeAndValue getFirst()
+ {
+ if (this.values.size() == 0)
+ {
+ return null;
+ }
+
+ return AttributeTypeAndValue.getInstance(this.values.getObjectAt(0));
+ }
+
+ public AttributeTypeAndValue[] getTypesAndValues()
+ {
+ AttributeTypeAndValue[] tmp = new AttributeTypeAndValue[values.size()];
+
+ for (int i = 0; i != tmp.length; i++)
+ {
+ tmp[i] = AttributeTypeAndValue.getInstance(values.getObjectAt(i));
+ }
+
+ return tmp;
+ }
+
+ /**
+ * <pre>
+ * RelativeDistinguishedName ::=
+ * SET OF AttributeTypeAndValue
+
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type AttributeType,
+ * value AttributeValue }
+ * </pre>
+ * @return
+ */
+ public DERObject toASN1Object()
+ {
+ return values;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/X500Name.java b/src/main/java/org/bouncycastle/asn1/x500/X500Name.java
new file mode 100644
index 0000000..3166463
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/X500Name.java
@@ -0,0 +1,274 @@
+package org.bouncycastle.asn1.x500;
+
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x509.X509Name;
+
+/**
+ * <pre>
+ * Name ::= CHOICE {
+ * RDNSequence }
+ *
+ * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ *
+ * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+ *
+ * AttributeTypeAndValue ::= SEQUENCE {
+ * type OBJECT IDENTIFIER,
+ * value ANY }
+ * </pre>
+ */
+public class X500Name
+ extends ASN1Encodable
+ implements ASN1Choice
+{
+ private static X500NameStyle defaultStyle = BCStyle.INSTANCE;
+
+ private boolean isHashCodeCalculated;
+ private int hashCodeValue;
+
+ private X500NameStyle style;
+ private RDN[] rdns;
+
+ public X500Name(X500NameStyle style, X500Name name)
+ {
+ this.rdns = name.rdns;
+ this.style = style;
+ }
+
+ /**
+ * Return a X509Name based on the passed in tagged object.
+ *
+ * @param obj tag object holding name.
+ * @param explicit true if explicitly tagged false otherwise.
+ * @return the X509Name
+ */
+ public static X500Name getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit)
+ {
+ // must be true as choice item
+ return getInstance(ASN1Sequence.getInstance(obj, true));
+ }
+
+ public static X500Name getInstance(
+ Object obj)
+ {
+ if (obj instanceof X500Name)
+ {
+ return (X500Name)obj;
+ }
+ else if (obj instanceof X509Name)
+ {
+ return new X500Name(ASN1Sequence.getInstance(((X509Name)obj).getDERObject()));
+ }
+ else if (obj != null)
+ {
+ return new X500Name(ASN1Sequence.getInstance(obj));
+ }
+
+ return null;
+ }
+
+ /**
+ * Constructor from ASN1Sequence
+ *
+ * the principal will be a list of constructed sets, each containing an (OID, String) pair.
+ */
+ private X500Name(
+ ASN1Sequence seq)
+ {
+ this(defaultStyle, seq);
+ }
+
+ private X500Name(
+ X500NameStyle style,
+ ASN1Sequence seq)
+ {
+ this.style = style;
+ this.rdns = new RDN[seq.size()];
+
+ int index = 0;
+
+ for (Enumeration e = seq.getObjects(); e.hasMoreElements();)
+ {
+ rdns[index++] = RDN.getInstance(e.nextElement());
+ }
+ }
+
+ public X500Name(
+ RDN[] rDNs)
+ {
+ this(defaultStyle, rDNs);
+ }
+
+ public X500Name(
+ X500NameStyle style,
+ RDN[] rDNs)
+ {
+ this.rdns = rDNs;
+ this.style = style;
+ }
+
+ public X500Name(
+ String dirName)
+ {
+ this(defaultStyle, dirName);
+ }
+
+ public X500Name(
+ X500NameStyle style,
+ String dirName)
+ {
+ this(style.fromString(dirName));
+
+ this.style = style;
+ }
+
+ /**
+ * return an array of RDNs in structure order.
+ *
+ * @return an array of RDN objects.
+ */
+ public RDN[] getRDNs()
+ {
+ RDN[] tmp = new RDN[this.rdns.length];
+
+ System.arraycopy(rdns, 0, tmp, 0, tmp.length);
+
+ return tmp;
+ }
+
+ /**
+ * return an array of RDNs containing the attribute type given by OID in structure order.
+ *
+ * @param oid the type OID we are looking for.
+ * @return an array, possibly zero length, of RDN objects.
+ */
+ public RDN[] getRDNs(ASN1ObjectIdentifier oid)
+ {
+ RDN[] res = new RDN[rdns.length];
+ int count = 0;
+
+ for (int i = 0; i != rdns.length; i++)
+ {
+ RDN rdn = rdns[i];
+
+ if (rdn.isMultiValued())
+ {
+ AttributeTypeAndValue[] attr = rdn.getTypesAndValues();
+ for (int j = 0; j != attr.length; j++)
+ {
+ if (attr[j].getType().equals(oid))
+ {
+ res[count++] = rdn;
+ break;
+ }
+ }
+ }
+ else
+ {
+ if (rdn.getFirst().getType().equals(oid))
+ {
+ res[count++] = rdn;
+ }
+ }
+ }
+
+ RDN[] tmp = new RDN[count];
+
+ System.arraycopy(res, 0, tmp, 0, tmp.length);
+
+ return tmp;
+ }
+
+ public DERObject toASN1Object()
+ {
+ return new DERSequence(rdns);
+ }
+
+ public int hashCode()
+ {
+ if (isHashCodeCalculated)
+ {
+ return hashCodeValue;
+ }
+
+ isHashCodeCalculated = true;
+
+ hashCodeValue = style.calculateHashCode(this);
+
+ return hashCodeValue;
+ }
+
+ /**
+ * test for equality - note: case is ignored.
+ */
+ public boolean equals(Object obj)
+ {
+ if (obj == this)
+ {
+ return true;
+ }
+
+ if (!(obj instanceof X500Name || obj instanceof ASN1Sequence))
+ {
+ return false;
+ }
+
+ DERObject derO = ((DEREncodable)obj).getDERObject();
+
+ if (this.getDERObject().equals(derO))
+ {
+ return true;
+ }
+
+ try
+ {
+ return style.areEqual(this, new X500Name(ASN1Sequence.getInstance(((DEREncodable)obj).getDERObject())));
+ }
+ catch (Exception e)
+ {
+ return false;
+ }
+ }
+
+ public String toString()
+ {
+ return style.toString(this);
+ }
+
+ /**
+ * Set the default style for X500Name construction.
+ *
+ * @param style an X500NameStyle
+ */
+ public static void setDefaultStyle(X500NameStyle style)
+ {
+ if (style == null)
+ {
+ throw new NullPointerException("cannot set style to null");
+ }
+
+ defaultStyle = style;
+ }
+
+ /**
+ * Return the current default style.
+ *
+ * @return default style for X500Name construction.
+ */
+ public static X500NameStyle getDefaultStyle()
+ {
+ return defaultStyle;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java b/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java
new file mode 100644
index 0000000..30e871c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java
@@ -0,0 +1,81 @@
+package org.bouncycastle.asn1.x500;
+
+import java.util.Vector;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+public class X500NameBuilder
+{
+ private X500NameStyle template;
+ private Vector rdns = new Vector();
+
+ public X500NameBuilder(X500NameStyle template)
+ {
+ this.template = template;
+ }
+
+ public X500NameBuilder addRDN(ASN1ObjectIdentifier oid, String value)
+ {
+ this.addRDN(oid, template.stringToValue(oid, value));
+
+ return this;
+ }
+
+ public X500NameBuilder addRDN(ASN1ObjectIdentifier oid, ASN1Encodable value)
+ {
+ rdns.addElement(new RDN(oid, value));
+
+ return this;
+ }
+
+ public X500NameBuilder addRDN(AttributeTypeAndValue attrTAndV)
+ {
+ rdns.addElement(new RDN(attrTAndV));
+
+ return this;
+ }
+
+ public X500NameBuilder addMultiValuedRDN(ASN1ObjectIdentifier[] oids, String[] values)
+ {
+ ASN1Encodable[] vals = new ASN1Encodable[values.length];
+
+ for (int i = 0; i != vals.length; i++)
+ {
+ vals[i] = template.stringToValue(oids[i], values[i]);
+ }
+
+ return addMultiValuedRDN(oids, vals);
+ }
+
+ public X500NameBuilder addMultiValuedRDN(ASN1ObjectIdentifier[] oids, ASN1Encodable[] values)
+ {
+ AttributeTypeAndValue[] avs = new AttributeTypeAndValue[oids.length];
+
+ for (int i = 0; i != oids.length; i++)
+ {
+ avs[i] = new AttributeTypeAndValue(oids[i], values[i]);
+ }
+
+ return addMultiValuedRDN(avs);
+ }
+
+ public X500NameBuilder addMultiValuedRDN(AttributeTypeAndValue[] attrTAndVs)
+ {
+ rdns.addElement(new RDN(attrTAndVs));
+
+ return this;
+ }
+
+ public X500Name build()
+ {
+ RDN[] vals = new RDN[rdns.size()];
+
+ for (int i = 0; i != vals.length; i++)
+ {
+ vals[i] = (RDN)rdns.elementAt(i);
+ }
+
+ return new X500Name(template, vals);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java b/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java
new file mode 100644
index 0000000..7a7c837
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java
@@ -0,0 +1,34 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+/**
+ * It turns out that the number of standard ways the fields in a DN should be
+ * encoded into their ASN.1 counterparts is rapidly approaching the
+ * number of machines on the internet. By default the X500Name class
+ * will produce UTF8Strings in line with the current recommendations (RFC 3280).
+ * <p>
+ */
+public interface X500NameStyle
+{
+ /**
+ * Convert the passed in String value into the appropriate ASN.1
+ * encoded object.
+ *
+ * @param oid the oid associated with the value in the DN.
+ * @param value the value of the particular DN component.
+ * @return the ASN.1 equivalent for the value.
+ */
+ ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value);
+
+ ASN1ObjectIdentifier attrNameToOID(String attrName);
+
+ boolean areEqual(X500Name name1, X500Name name2);
+
+ RDN[] fromString(String dirName);
+
+ int calculateHashCode(X500Name name);
+
+ String toString(X500Name name);
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java b/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java
new file mode 100644
index 0000000..af10fef
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java
@@ -0,0 +1,33 @@
+package org.bouncycastle.asn1.x500.style;
+
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+
+/**
+ * Variation of BCStyle that insists on strict ordering for equality
+ * and hashCode comparisons
+ */
+public class BCStrictStyle
+ extends BCStyle
+{
+ public boolean areEqual(X500Name name1, X500Name name2)
+ {
+ RDN[] rdns1 = name1.getRDNs();
+ RDN[] rdns2 = name2.getRDNs();
+
+ if (rdns1.length != rdns2.length)
+ {
+ return false;
+ }
+
+ for (int i = 0; i != rdns1.length; i++)
+ {
+ if (rdnAreEqual(rdns1[i], rdns2[i]))
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
new file mode 100644
index 0000000..32f93ff
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
@@ -0,0 +1,544 @@
+package org.bouncycastle.asn1.x500.style;
+
+import java.io.IOException;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
+
+public class BCStyle
+ implements X500NameStyle
+{
+ public static final X500NameStyle INSTANCE = new BCStyle();
+
+ /**
+ * country code - StringType(SIZE(2))
+ */
+ public static final ASN1ObjectIdentifier C = new ASN1ObjectIdentifier("2.5.4.6");
+
+ /**
+ * organization - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier O = new ASN1ObjectIdentifier("2.5.4.10");
+
+ /**
+ * organizational unit name - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier OU = new ASN1ObjectIdentifier("2.5.4.11");
+
+ /**
+ * Title
+ */
+ public static final ASN1ObjectIdentifier T = new ASN1ObjectIdentifier("2.5.4.12");
+
+ /**
+ * common name - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier CN = new ASN1ObjectIdentifier("2.5.4.3");
+
+ /**
+ * device serial number name - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier SN = new ASN1ObjectIdentifier("2.5.4.5");
+
+ /**
+ * street - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier STREET = new ASN1ObjectIdentifier("2.5.4.9");
+
+ /**
+ * device serial number name - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier SERIALNUMBER = SN;
+
+ /**
+ * locality name - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier L = new ASN1ObjectIdentifier("2.5.4.7");
+
+ /**
+ * state, or province name - StringType(SIZE(1..64))
+ */
+ public static final ASN1ObjectIdentifier ST = new ASN1ObjectIdentifier("2.5.4.8");
+
+ /**
+ * Naming attributes of type X520name
+ */
+ public static final ASN1ObjectIdentifier SURNAME = new ASN1ObjectIdentifier("2.5.4.4");
+ public static final ASN1ObjectIdentifier GIVENNAME = new ASN1ObjectIdentifier("2.5.4.42");
+ public static final ASN1ObjectIdentifier INITIALS = new ASN1ObjectIdentifier("2.5.4.43");
+ public static final ASN1ObjectIdentifier GENERATION = new ASN1ObjectIdentifier("2.5.4.44");
+ public static final ASN1ObjectIdentifier UNIQUE_IDENTIFIER = new ASN1ObjectIdentifier("2.5.4.45");
+
+ /**
+ * businessCategory - DirectoryString(SIZE(1..128)
+ */
+ public static final ASN1ObjectIdentifier BUSINESS_CATEGORY = new ASN1ObjectIdentifier(
+ "2.5.4.15");
+
+ /**
+ * postalCode - DirectoryString(SIZE(1..40)
+ */
+ public static final ASN1ObjectIdentifier POSTAL_CODE = new ASN1ObjectIdentifier(
+ "2.5.4.17");
+
+ /**
+ * dnQualifier - DirectoryString(SIZE(1..64)
+ */
+ public static final ASN1ObjectIdentifier DN_QUALIFIER = new ASN1ObjectIdentifier(
+ "2.5.4.46");
+
+ /**
+ * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64)
+ */
+ public static final ASN1ObjectIdentifier PSEUDONYM = new ASN1ObjectIdentifier(
+ "2.5.4.65");
+
+
+ /**
+ * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z
+ */
+ public static final ASN1ObjectIdentifier DATE_OF_BIRTH = new ASN1ObjectIdentifier(
+ "1.3.6.1.5.5.7.9.1");
+
+ /**
+ * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128)
+ */
+ public static final ASN1ObjectIdentifier PLACE_OF_BIRTH = new ASN1ObjectIdentifier(
+ "1.3.6.1.5.5.7.9.2");
+
+ /**
+ * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f"
+ */
+ public static final ASN1ObjectIdentifier GENDER = new ASN1ObjectIdentifier(
+ "1.3.6.1.5.5.7.9.3");
+
+ /**
+ * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166
+ * codes only
+ */
+ public static final ASN1ObjectIdentifier COUNTRY_OF_CITIZENSHIP = new ASN1ObjectIdentifier(
+ "1.3.6.1.5.5.7.9.4");
+
+ /**
+ * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166
+ * codes only
+ */
+ public static final ASN1ObjectIdentifier COUNTRY_OF_RESIDENCE = new ASN1ObjectIdentifier(
+ "1.3.6.1.5.5.7.9.5");
+
+
+ /**
+ * ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64)
+ */
+ public static final ASN1ObjectIdentifier NAME_AT_BIRTH = new ASN1ObjectIdentifier("1.3.36.8.3.14");
+
+ /**
+ * RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF
+ * DirectoryString(SIZE(1..30))
+ */
+ public static final ASN1ObjectIdentifier POSTAL_ADDRESS = new ASN1ObjectIdentifier("2.5.4.16");
+
+ /**
+ * RFC 2256 dmdName
+ */
+ public static final ASN1ObjectIdentifier DMD_NAME = new ASN1ObjectIdentifier("2.5.4.54");
+
+ /**
+ * id-at-telephoneNumber
+ */
+ public static final ASN1ObjectIdentifier TELEPHONE_NUMBER = X509ObjectIdentifiers.id_at_telephoneNumber;
+
+ /**
+ * id-at-name
+ */
+ public static final ASN1ObjectIdentifier NAME = X509ObjectIdentifiers.id_at_name;
+
+ /**
+ * Email address (RSA PKCS#9 extension) - IA5String.
+ * <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.
+ */
+ public static final ASN1ObjectIdentifier EmailAddress = PKCSObjectIdentifiers.pkcs_9_at_emailAddress;
+
+ /**
+ * more from PKCS#9
+ */
+ public static final ASN1ObjectIdentifier UnstructuredName = PKCSObjectIdentifiers.pkcs_9_at_unstructuredName;
+ public static final ASN1ObjectIdentifier UnstructuredAddress = PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress;
+
+ /**
+ * email address in Verisign certificates
+ */
+ public static final ASN1ObjectIdentifier E = EmailAddress;
+
+ /*
+ * others...
+ */
+ public static final ASN1ObjectIdentifier DC = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25");
+
+ /**
+ * LDAP User id.
+ */
+ public static final ASN1ObjectIdentifier UID = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1");
+
+ /**
+ * default look up table translating OID values into their common symbols following
+ * the convention in RFC 2253 with a few extras
+ */
+ private static final Hashtable DefaultSymbols = new Hashtable();
+
+ /**
+ * look up table translating common symbols into their OIDS.
+ */
+ private static final Hashtable DefaultLookUp = new Hashtable();
+
+ static
+ {
+ DefaultSymbols.put(C, "C");
+ DefaultSymbols.put(O, "O");
+ DefaultSymbols.put(T, "T");
+ DefaultSymbols.put(OU, "OU");
+ DefaultSymbols.put(CN, "CN");
+ DefaultSymbols.put(L, "L");
+ DefaultSymbols.put(ST, "ST");
+ DefaultSymbols.put(SN, "SERIALNUMBER");
+ DefaultSymbols.put(EmailAddress, "E");
+ DefaultSymbols.put(DC, "DC");
+ DefaultSymbols.put(UID, "UID");
+ DefaultSymbols.put(STREET, "STREET");
+ DefaultSymbols.put(SURNAME, "SURNAME");
+ DefaultSymbols.put(GIVENNAME, "GIVENNAME");
+ DefaultSymbols.put(INITIALS, "INITIALS");
+ DefaultSymbols.put(GENERATION, "GENERATION");
+ DefaultSymbols.put(UnstructuredAddress, "unstructuredAddress");
+ DefaultSymbols.put(UnstructuredName, "unstructuredName");
+ DefaultSymbols.put(UNIQUE_IDENTIFIER, "UniqueIdentifier");
+ DefaultSymbols.put(DN_QUALIFIER, "DN");
+ DefaultSymbols.put(PSEUDONYM, "Pseudonym");
+ DefaultSymbols.put(POSTAL_ADDRESS, "PostalAddress");
+ DefaultSymbols.put(NAME_AT_BIRTH, "NameAtBirth");
+ DefaultSymbols.put(COUNTRY_OF_CITIZENSHIP, "CountryOfCitizenship");
+ DefaultSymbols.put(COUNTRY_OF_RESIDENCE, "CountryOfResidence");
+ DefaultSymbols.put(GENDER, "Gender");
+ DefaultSymbols.put(PLACE_OF_BIRTH, "PlaceOfBirth");
+ DefaultSymbols.put(DATE_OF_BIRTH, "DateOfBirth");
+ DefaultSymbols.put(POSTAL_CODE, "PostalCode");
+ DefaultSymbols.put(BUSINESS_CATEGORY, "BusinessCategory");
+ DefaultSymbols.put(TELEPHONE_NUMBER, "TelephoneNumber");
+ DefaultSymbols.put(NAME, "Name");
+
+ DefaultLookUp.put("c", C);
+ DefaultLookUp.put("o", O);
+ DefaultLookUp.put("t", T);
+ DefaultLookUp.put("ou", OU);
+ DefaultLookUp.put("cn", CN);
+ DefaultLookUp.put("l", L);
+ DefaultLookUp.put("st", ST);
+ DefaultLookUp.put("sn", SN);
+ DefaultLookUp.put("serialnumber", SN);
+ DefaultLookUp.put("street", STREET);
+ DefaultLookUp.put("emailaddress", E);
+ DefaultLookUp.put("dc", DC);
+ DefaultLookUp.put("e", E);
+ DefaultLookUp.put("uid", UID);
+ DefaultLookUp.put("surname", SURNAME);
+ DefaultLookUp.put("givenname", GIVENNAME);
+ DefaultLookUp.put("initials", INITIALS);
+ DefaultLookUp.put("generation", GENERATION);
+ DefaultLookUp.put("unstructuredaddress", UnstructuredAddress);
+ DefaultLookUp.put("unstructuredname", UnstructuredName);
+ DefaultLookUp.put("uniqueidentifier", UNIQUE_IDENTIFIER);
+ DefaultLookUp.put("dn", DN_QUALIFIER);
+ DefaultLookUp.put("pseudonym", PSEUDONYM);
+ DefaultLookUp.put("postaladdress", POSTAL_ADDRESS);
+ DefaultLookUp.put("nameofbirth", NAME_AT_BIRTH);
+ DefaultLookUp.put("countryofcitizenship", COUNTRY_OF_CITIZENSHIP);
+ DefaultLookUp.put("countryofresidence", COUNTRY_OF_RESIDENCE);
+ DefaultLookUp.put("gender", GENDER);
+ DefaultLookUp.put("placeofbirth", PLACE_OF_BIRTH);
+ DefaultLookUp.put("dateofbirth", DATE_OF_BIRTH);
+ DefaultLookUp.put("postalcode", POSTAL_CODE);
+ DefaultLookUp.put("businesscategory", BUSINESS_CATEGORY);
+ DefaultLookUp.put("telephonenumber", TELEPHONE_NUMBER);
+ DefaultLookUp.put("name", NAME);
+ }
+
+ protected BCStyle()
+ {
+
+ }
+
+ public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value)
+ {
+ if (value.length() != 0 && value.charAt(0) == '#')
+ {
+ try
+ {
+ return IETFUtils.valueFromHexString(value, 1);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException("can't recode value for oid " + oid.getId());
+ }
+ }
+ else
+ {
+ if (value.length() != 0 && value.charAt(0) == '\\')
+ {
+ value = value.substring(1);
+ }
+ if (oid.equals(EmailAddress) || oid.equals(DC))
+ {
+ return new DERIA5String(value);
+ }
+ else if (oid.equals(DATE_OF_BIRTH)) // accept time string as well as # (for compatibility)
+ {
+ return new DERGeneralizedTime(value);
+ }
+ else if (oid.equals(C) || oid.equals(SN) || oid.equals(DN_QUALIFIER)
+ || oid.equals(TELEPHONE_NUMBER))
+ {
+ return new DERPrintableString(value);
+ }
+ }
+
+ return new DERUTF8String(value);
+ }
+
+ public ASN1ObjectIdentifier attrNameToOID(String attrName)
+ {
+ return IETFUtils.decodeAttrName(attrName, DefaultLookUp);
+ }
+
+ public boolean areEqual(X500Name name1, X500Name name2)
+ {
+ RDN[] rdns1 = name1.getRDNs();
+ RDN[] rdns2 = name2.getRDNs();
+
+ if (rdns1.length != rdns2.length)
+ {
+ return false;
+ }
+
+ boolean reverse = false;
+
+ if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null)
+ {
+ reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType()); // guess forward
+ }
+
+ for (int i = 0; i != rdns1.length; i++)
+ {
+ if (!foundMatch(reverse, rdns1[i], rdns2))
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs)
+ {
+ if (reverse)
+ {
+ for (int i = possRDNs.length - 1; i >= 0; i--)
+ {
+ if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+ {
+ possRDNs[i] = null;
+ return true;
+ }
+ }
+ }
+ else
+ {
+ for (int i = 0; i != possRDNs.length; i++)
+ {
+ if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+ {
+ possRDNs[i] = null;
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ protected boolean rdnAreEqual(RDN rdn1, RDN rdn2)
+ {
+ if (rdn1.isMultiValued())
+ {
+ if (rdn2.isMultiValued())
+ {
+ AttributeTypeAndValue[] atvs1 = rdn1.getTypesAndValues();
+ AttributeTypeAndValue[] atvs2 = rdn2.getTypesAndValues();
+
+ if (atvs1.length != atvs2.length)
+ {
+ return false;
+ }
+
+ for (int i = 0; i != atvs1.length; i++)
+ {
+ if (!atvAreEqual(atvs1[i], atvs2[i]))
+ {
+ return false;
+ }
+ }
+ }
+ else
+ {
+ return false;
+ }
+ }
+ else
+ {
+ if (!rdn2.isMultiValued())
+ {
+ return atvAreEqual(rdn1.getFirst(), rdn2.getFirst());
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2)
+ {
+ if (atv1 == atv2)
+ {
+ return true;
+ }
+
+ if (atv1 == null)
+ {
+ return false;
+ }
+
+ if (atv2 == null)
+ {
+ return false;
+ }
+
+ ASN1ObjectIdentifier o1 = atv1.getType();
+ ASN1ObjectIdentifier o2 = atv2.getType();
+
+ if (!o1.equals(o2))
+ {
+ return false;
+ }
+
+ String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue()));
+ String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue()));
+
+ if (!v1.equals(v2))
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+ public RDN[] fromString(String dirName)
+ {
+ return IETFUtils.rDNsFromString(dirName, this);
+ }
+
+ public int calculateHashCode(X500Name name)
+ {
+ int hashCodeValue = 0;
+ RDN[] rdns = name.getRDNs();
+
+ // this needs to be order independent, like equals
+ for (int i = 0; i != rdns.length; i++)
+ {
+ if (rdns[i].isMultiValued())
+ {
+ AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+
+ for (int j = 0; j != atv.length; j++)
+ {
+ hashCodeValue ^= atv[j].getType().hashCode();
+ hashCodeValue ^= calcHashCode(atv[j].getValue());
+ }
+ }
+ else
+ {
+ hashCodeValue ^= rdns[i].getFirst().getType().hashCode();
+ hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue());
+ }
+ }
+
+ return hashCodeValue;
+ }
+
+ private int calcHashCode(ASN1Encodable enc)
+ {
+ String value = IETFUtils.valueToString(enc);
+
+ value = IETFUtils.canonicalize(value);
+
+ return value.hashCode();
+ }
+
+ public String toString(X500Name name)
+ {
+ StringBuffer buf = new StringBuffer();
+ boolean first = true;
+
+ RDN[] rdns = name.getRDNs();
+
+ for (int i = 0; i < rdns.length; i++)
+ {
+ if (first)
+ {
+ first = false;
+ }
+ else
+ {
+ buf.append(',');
+ }
+
+ if (rdns[i].isMultiValued())
+ {
+ AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+ boolean firstAtv = true;
+
+ for (int j = 0; j != atv.length; j++)
+ {
+ if (firstAtv)
+ {
+ firstAtv = false;
+ }
+ else
+ {
+ buf.append('+');
+ }
+
+ IETFUtils.appendTypeAndValue(buf, atv[j], DefaultSymbols);
+ }
+ }
+ else
+ {
+ IETFUtils.appendTypeAndValue(buf, rdns[i].getFirst(), DefaultSymbols);
+ }
+ }
+
+ return buf.toString();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
new file mode 100644
index 0000000..5803042
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
@@ -0,0 +1,294 @@
+package org.bouncycastle.asn1.x500.style;
+
+import java.io.IOException;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERUniversalString;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+
+public class IETFUtils
+{
+ public static RDN[] rDNsFromString(String name, X500NameStyle x500Style)
+ {
+ X500NameTokenizer nTok = new X500NameTokenizer(name);
+ X500NameBuilder builder = new X500NameBuilder(x500Style);
+
+ while (nTok.hasMoreTokens())
+ {
+ String token = nTok.nextToken();
+ int index = token.indexOf('=');
+
+ if (index == -1)
+ {
+ throw new IllegalArgumentException("badly formated directory string");
+ }
+
+ String attr = token.substring(0, index);
+ String value = token.substring(index + 1);
+ ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr);
+
+ if (value.indexOf('+') > 0)
+ {
+ X500NameTokenizer vTok = new X500NameTokenizer(value, '+');
+ String v = vTok.nextToken();
+
+ Vector oids = new Vector();
+ Vector values = new Vector();
+
+ oids.addElement(oid);
+ values.addElement(v);
+
+ while (vTok.hasMoreTokens())
+ {
+ String sv = vTok.nextToken();
+ int ndx = sv.indexOf('=');
+
+ String nm = sv.substring(0, ndx);
+ String vl = sv.substring(ndx + 1);
+
+ oids.addElement(x500Style.attrNameToOID(nm));
+ values.addElement(vl);
+ }
+
+ builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values));
+ }
+ else
+ {
+ builder.addRDN(oid, value);
+ }
+ }
+
+ return builder.build().getRDNs();
+ }
+
+ private static String[] toValueArray(Vector values)
+ {
+ String[] tmp = new String[values.size()];
+
+ for (int i = 0; i != tmp.length; i++)
+ {
+ tmp[i] = (String)values.elementAt(i);
+ }
+
+ return tmp;
+ }
+
+ private static ASN1ObjectIdentifier[] toOIDArray(Vector oids)
+ {
+ ASN1ObjectIdentifier[] tmp = new ASN1ObjectIdentifier[oids.size()];
+
+ for (int i = 0; i != tmp.length; i++)
+ {
+ tmp[i] = (ASN1ObjectIdentifier)oids.elementAt(i);
+ }
+
+ return tmp;
+ }
+
+ public static ASN1ObjectIdentifier decodeAttrName(
+ String name,
+ Hashtable lookUp)
+ {
+ if (Strings.toUpperCase(name).startsWith("OID."))
+ {
+ return new ASN1ObjectIdentifier(name.substring(4));
+ }
+ else if (name.charAt(0) >= '0' && name.charAt(0) <= '9')
+ {
+ return new ASN1ObjectIdentifier(name);
+ }
+
+ ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)lookUp.get(Strings.toLowerCase(name));
+ if (oid == null)
+ {
+ throw new IllegalArgumentException("Unknown object id - " + name + " - passed to distinguished name");
+ }
+
+ return oid;
+ }
+
+ public static ASN1Encodable valueFromHexString(
+ String str,
+ int off)
+ throws IOException
+ {
+ str = Strings.toLowerCase(str);
+ byte[] data = new byte[(str.length() - off) / 2];
+ for (int index = 0; index != data.length; index++)
+ {
+ char left = str.charAt((index * 2) + off);
+ char right = str.charAt((index * 2) + off + 1);
+
+ if (left < 'a')
+ {
+ data[index] = (byte)((left - '0') << 4);
+ }
+ else
+ {
+ data[index] = (byte)((left - 'a' + 10) << 4);
+ }
+ if (right < 'a')
+ {
+ data[index] |= (byte)(right - '0');
+ }
+ else
+ {
+ data[index] |= (byte)(right - 'a' + 10);
+ }
+ }
+
+ return ASN1Object.fromByteArray(data);
+ }
+
+ public static void appendTypeAndValue(
+ StringBuffer buf,
+ AttributeTypeAndValue typeAndValue,
+ Hashtable oidSymbols)
+ {
+ String sym = (String)oidSymbols.get(typeAndValue.getType());
+
+ if (sym != null)
+ {
+ buf.append(sym);
+ }
+ else
+ {
+ buf.append(typeAndValue.getType().getId());
+ }
+
+ buf.append('=');
+
+ buf.append(valueToString(typeAndValue.getValue()));
+ }
+
+ public static String valueToString(ASN1Encodable value)
+ {
+ StringBuffer vBuf = new StringBuffer();
+
+ if (value instanceof ASN1String && !(value instanceof DERUniversalString))
+ {
+ String v = ((ASN1String)value).getString();
+ if (v.length() > 0 && v.charAt(0) == '#')
+ {
+ vBuf.append("\\" + v);
+ }
+ else
+ {
+ vBuf.append(v);
+ }
+ }
+ else
+ {
+ vBuf.append("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
+ }
+
+ int end = vBuf.length();
+ int index = 0;
+
+ if (vBuf.length() >= 2 && vBuf.charAt(0) == '\\' && vBuf.charAt(1) == '#')
+ {
+ index += 2;
+ }
+
+ while (index != end)
+ {
+ if ((vBuf.charAt(index) == ',')
+ || (vBuf.charAt(index) == '"')
+ || (vBuf.charAt(index) == '\\')
+ || (vBuf.charAt(index) == '+')
+ || (vBuf.charAt(index) == '=')
+ || (vBuf.charAt(index) == '<')
+ || (vBuf.charAt(index) == '>')
+ || (vBuf.charAt(index) == ';'))
+ {
+ vBuf.insert(index, "\\");
+ index++;
+ end++;
+ }
+
+ index++;
+ }
+
+ return vBuf.toString();
+ }
+
+ private static String bytesToString(
+ byte[] data)
+ {
+ char[] cs = new char[data.length];
+
+ for (int i = 0; i != cs.length; i++)
+ {
+ cs[i] = (char)(data[i] & 0xff);
+ }
+
+ return new String(cs);
+ }
+
+ public static String canonicalize(String s)
+ {
+ String value = Strings.toLowerCase(s.trim());
+
+ if (value.length() > 0 && value.charAt(0) == '#')
+ {
+ DERObject obj = decodeObject(value);
+
+ if (obj instanceof ASN1String)
+ {
+ value = Strings.toLowerCase(((ASN1String)obj).getString().trim());
+ }
+ }
+
+ value = stripInternalSpaces(value);
+
+ return value;
+ }
+
+ private static ASN1Object decodeObject(String oValue)
+ {
+ try
+ {
+ return ASN1Object.fromByteArray(Hex.decode(oValue.substring(1)));
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException("unknown encoding in name: " + e);
+ }
+ }
+
+ public static String stripInternalSpaces(
+ String str)
+ {
+ StringBuffer res = new StringBuffer();
+
+ if (str.length() != 0)
+ {
+ char c1 = str.charAt(0);
+
+ res.append(c1);
+
+ for (int k = 1; k < str.length(); k++)
+ {
+ char c2 = str.charAt(k);
+ if (!(c1 == ' ' && c2 == ' '))
+ {
+ res.append(c2);
+ }
+ c1 = c2;
+ }
+ }
+
+ return res.toString();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java b/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
new file mode 100644
index 0000000..63f1a25
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
@@ -0,0 +1,443 @@
+package org.bouncycastle.asn1.x500.style;
+
+import java.io.IOException;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+
+public class RFC4519Style
+ implements X500NameStyle
+{
+ public static final X500NameStyle INSTANCE = new RFC4519Style();
+
+ public static final ASN1ObjectIdentifier businessCategory = new ASN1ObjectIdentifier("2.5.4.15");
+ public static final ASN1ObjectIdentifier c = new ASN1ObjectIdentifier("2.5.4.6");
+ public static final ASN1ObjectIdentifier cn = new ASN1ObjectIdentifier("2.5.4.3");
+ public static final ASN1ObjectIdentifier dc = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25");
+ public static final ASN1ObjectIdentifier description = new ASN1ObjectIdentifier("2.5.4.13");
+ public static final ASN1ObjectIdentifier destinationIndicator = new ASN1ObjectIdentifier("2.5.4.27");
+ public static final ASN1ObjectIdentifier distinguishedName = new ASN1ObjectIdentifier("2.5.4.49");
+ public static final ASN1ObjectIdentifier dnQualifier = new ASN1ObjectIdentifier("2.5.4.46");
+ public static final ASN1ObjectIdentifier enhancedSearchGuide = new ASN1ObjectIdentifier("2.5.4.47");
+ public static final ASN1ObjectIdentifier facsimileTelephoneNumber = new ASN1ObjectIdentifier("2.5.4.23");
+ public static final ASN1ObjectIdentifier generationQualifier = new ASN1ObjectIdentifier("2.5.4.44");
+ public static final ASN1ObjectIdentifier givenName = new ASN1ObjectIdentifier("2.5.4.42");
+ public static final ASN1ObjectIdentifier houseIdentifier = new ASN1ObjectIdentifier("2.5.4.51");
+ public static final ASN1ObjectIdentifier initials = new ASN1ObjectIdentifier("2.5.4.43");
+ public static final ASN1ObjectIdentifier internationalISDNNumber = new ASN1ObjectIdentifier("2.5.4.25");
+ public static final ASN1ObjectIdentifier l = new ASN1ObjectIdentifier("2.5.4.7");
+ public static final ASN1ObjectIdentifier member = new ASN1ObjectIdentifier("2.5.4.31");
+ public static final ASN1ObjectIdentifier name = new ASN1ObjectIdentifier("2.5.4.41");
+ public static final ASN1ObjectIdentifier o = new ASN1ObjectIdentifier("2.5.4.10");
+ public static final ASN1ObjectIdentifier ou = new ASN1ObjectIdentifier("2.5.4.11");
+ public static final ASN1ObjectIdentifier owner = new ASN1ObjectIdentifier("2.5.4.32");
+ public static final ASN1ObjectIdentifier physicalDeliveryOfficeName = new ASN1ObjectIdentifier("2.5.4.19");
+ public static final ASN1ObjectIdentifier postalAddress = new ASN1ObjectIdentifier("2.5.4.16");
+ public static final ASN1ObjectIdentifier postalCode = new ASN1ObjectIdentifier("2.5.4.17");
+ public static final ASN1ObjectIdentifier postOfficeBox = new ASN1ObjectIdentifier("2.5.4.18");
+ public static final ASN1ObjectIdentifier preferredDeliveryMethod = new ASN1ObjectIdentifier("2.5.4.28");
+ public static final ASN1ObjectIdentifier registeredAddress = new ASN1ObjectIdentifier("2.5.4.26");
+ public static final ASN1ObjectIdentifier roleOccupant = new ASN1ObjectIdentifier("2.5.4.33");
+ public static final ASN1ObjectIdentifier searchGuide = new ASN1ObjectIdentifier("2.5.4.14");
+ public static final ASN1ObjectIdentifier seeAlso = new ASN1ObjectIdentifier("2.5.4.34");
+ public static final ASN1ObjectIdentifier serialNumber = new ASN1ObjectIdentifier("2.5.4.5");
+ public static final ASN1ObjectIdentifier sn = new ASN1ObjectIdentifier("2.5.4.4");
+ public static final ASN1ObjectIdentifier st = new ASN1ObjectIdentifier("2.5.4.8");
+ public static final ASN1ObjectIdentifier street = new ASN1ObjectIdentifier("2.5.4.9");
+ public static final ASN1ObjectIdentifier telephoneNumber = new ASN1ObjectIdentifier("2.5.4.20");
+ public static final ASN1ObjectIdentifier teletexTerminalIdentifier = new ASN1ObjectIdentifier("2.5.4.22");
+ public static final ASN1ObjectIdentifier telexNumber = new ASN1ObjectIdentifier("2.5.4.21");
+ public static final ASN1ObjectIdentifier title = new ASN1ObjectIdentifier("2.5.4.12");
+ public static final ASN1ObjectIdentifier uid = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1");
+ public static final ASN1ObjectIdentifier uniqueMember = new ASN1ObjectIdentifier("2.5.4.50");
+ public static final ASN1ObjectIdentifier userPassword = new ASN1ObjectIdentifier("2.5.4.35");
+ public static final ASN1ObjectIdentifier x121Address = new ASN1ObjectIdentifier("2.5.4.24");
+ public static final ASN1ObjectIdentifier x500UniqueIdentifier = new ASN1ObjectIdentifier("2.5.4.45");
+
+ /**
+ * default look up table translating OID values into their common symbols following
+ * the convention in RFC 2253 with a few extras
+ */
+ private static final Hashtable DefaultSymbols = new Hashtable();
+
+ /**
+ * look up table translating common symbols into their OIDS.
+ */
+ private static final Hashtable DefaultLookUp = new Hashtable();
+
+ static
+ {
+ DefaultSymbols.put(businessCategory, "businessCategory");
+ DefaultSymbols.put(c, "c");
+ DefaultSymbols.put(cn, "cn");
+ DefaultSymbols.put(dc, "dc");
+ DefaultSymbols.put(description, "description");
+ DefaultSymbols.put(destinationIndicator, "destinationIndicator");
+ DefaultSymbols.put(distinguishedName, "distinguishedName");
+ DefaultSymbols.put(dnQualifier, "dnQualifier");
+ DefaultSymbols.put(enhancedSearchGuide, "enhancedSearchGuide");
+ DefaultSymbols.put(facsimileTelephoneNumber, "facsimileTelephoneNumber");
+ DefaultSymbols.put(generationQualifier, "generationQualifier");
+ DefaultSymbols.put(givenName, "givenName");
+ DefaultSymbols.put(houseIdentifier, "houseIdentifier");
+ DefaultSymbols.put(initials, "initials");
+ DefaultSymbols.put(internationalISDNNumber, "internationalISDNNumber");
+ DefaultSymbols.put(l, "l");
+ DefaultSymbols.put(member, "member");
+ DefaultSymbols.put(name, "name");
+ DefaultSymbols.put(o, "o");
+ DefaultSymbols.put(ou, "ou");
+ DefaultSymbols.put(owner, "owner");
+ DefaultSymbols.put(physicalDeliveryOfficeName, "physicalDeliveryOfficeName");
+ DefaultSymbols.put(postalAddress, "postalAddress");
+ DefaultSymbols.put(postalCode, "postalCode");
+ DefaultSymbols.put(postOfficeBox, "postOfficeBox");
+ DefaultSymbols.put(preferredDeliveryMethod, "preferredDeliveryMethod");
+ DefaultSymbols.put(registeredAddress, "registeredAddress");
+ DefaultSymbols.put(roleOccupant, "roleOccupant");
+ DefaultSymbols.put(searchGuide, "searchGuide");
+ DefaultSymbols.put(seeAlso, "seeAlso");
+ DefaultSymbols.put(serialNumber, "serialNumber");
+ DefaultSymbols.put(sn, "sn");
+ DefaultSymbols.put(st, "st");
+ DefaultSymbols.put(street, "street");
+ DefaultSymbols.put(telephoneNumber, "telephoneNumber");
+ DefaultSymbols.put(teletexTerminalIdentifier, "teletexTerminalIdentifier");
+ DefaultSymbols.put(telexNumber, "telexNumber");
+ DefaultSymbols.put(title, "title");
+ DefaultSymbols.put(uid, "uid");
+ DefaultSymbols.put(uniqueMember, "uniqueMember");
+ DefaultSymbols.put(userPassword, "userPassword");
+ DefaultSymbols.put(x121Address, "x121Address");
+ DefaultSymbols.put(x500UniqueIdentifier, "x500UniqueIdentifier");
+
+ DefaultLookUp.put("businesscategory", businessCategory);
+ DefaultLookUp.put("c", c);
+ DefaultLookUp.put("cn", cn);
+ DefaultLookUp.put("dc", dc);
+ DefaultLookUp.put("description", description);
+ DefaultLookUp.put("destinationindicator", destinationIndicator);
+ DefaultLookUp.put("distinguishedname", distinguishedName);
+ DefaultLookUp.put("dnqualifier", dnQualifier);
+ DefaultLookUp.put("enhancedsearchguide", enhancedSearchGuide);
+ DefaultLookUp.put("facsimiletelephonenumber", facsimileTelephoneNumber);
+ DefaultLookUp.put("generationqualifier", generationQualifier);
+ DefaultLookUp.put("givenname", givenName);
+ DefaultLookUp.put("houseidentifier", houseIdentifier);
+ DefaultLookUp.put("initials", initials);
+ DefaultLookUp.put("internationalisdnnumber", internationalISDNNumber);
+ DefaultLookUp.put("l", l);
+ DefaultLookUp.put("member", member);
+ DefaultLookUp.put("name", name);
+ DefaultLookUp.put("o", o);
+ DefaultLookUp.put("ou", ou);
+ DefaultLookUp.put("owner", owner);
+ DefaultLookUp.put("physicaldeliveryofficename", physicalDeliveryOfficeName);
+ DefaultLookUp.put("postaladdress", postalAddress);
+ DefaultLookUp.put("postalcode", postalCode);
+ DefaultLookUp.put("postofficebox", postOfficeBox);
+ DefaultLookUp.put("preferreddeliverymethod", preferredDeliveryMethod);
+ DefaultLookUp.put("registeredaddress", registeredAddress);
+ DefaultLookUp.put("roleoccupant", roleOccupant);
+ DefaultLookUp.put("searchguide", searchGuide);
+ DefaultLookUp.put("seealso", seeAlso);
+ DefaultLookUp.put("serialnumber", serialNumber);
+ DefaultLookUp.put("sn", sn);
+ DefaultLookUp.put("st", st);
+ DefaultLookUp.put("street", street);
+ DefaultLookUp.put("telephonenumber", telephoneNumber);
+ DefaultLookUp.put("teletexterminalidentifier", teletexTerminalIdentifier);
+ DefaultLookUp.put("telexnumber", telexNumber);
+ DefaultLookUp.put("title", title);
+ DefaultLookUp.put("uid", uid);
+ DefaultLookUp.put("uniquemember", uniqueMember);
+ DefaultLookUp.put("userpassword", userPassword);
+ DefaultLookUp.put("x121address", x121Address);
+ DefaultLookUp.put("x500uniqueidentifier", x500UniqueIdentifier);
+
+ // TODO: need to add correct matching for equality comparisons.
+ }
+
+ protected RFC4519Style()
+ {
+
+ }
+
+ public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value)
+ {
+ if (value.length() != 0 && value.charAt(0) == '#')
+ {
+ try
+ {
+ return IETFUtils.valueFromHexString(value, 1);
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException("can't recode value for oid " + oid.getId());
+ }
+ }
+ else
+ {
+ if (value.length() != 0 && value.charAt(0) == '\\')
+ {
+ value = value.substring(1);
+ }
+ if (oid.equals(dc))
+ {
+ return new DERIA5String(value);
+ }
+ else if (oid.equals(c) || oid.equals(serialNumber) || oid.equals(dnQualifier)
+ || oid.equals(telephoneNumber))
+ {
+ return new DERPrintableString(value);
+ }
+ }
+
+ return new DERUTF8String(value);
+ }
+
+ public ASN1ObjectIdentifier attrNameToOID(String attrName)
+ {
+ return IETFUtils.decodeAttrName(attrName, DefaultLookUp);
+ }
+
+ public boolean areEqual(X500Name name1, X500Name name2)
+ {
+ RDN[] rdns1 = name1.getRDNs();
+ RDN[] rdns2 = name2.getRDNs();
+
+ if (rdns1.length != rdns2.length)
+ {
+ return false;
+ }
+
+ boolean reverse = false;
+
+ if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null)
+ {
+ reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType()); // guess forward
+ }
+
+ for (int i = 0; i != rdns1.length; i++)
+ {
+ if (!foundMatch(reverse, rdns1[i], rdns2))
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs)
+ {
+ if (reverse)
+ {
+ for (int i = possRDNs.length - 1; i >= 0; i--)
+ {
+ if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+ {
+ possRDNs[i] = null;
+ return true;
+ }
+ }
+ }
+ else
+ {
+ for (int i = 0; i != possRDNs.length; i++)
+ {
+ if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+ {
+ possRDNs[i] = null;
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ protected boolean rdnAreEqual(RDN rdn1, RDN rdn2)
+ {
+ if (rdn1.isMultiValued())
+ {
+ if (rdn2.isMultiValued())
+ {
+ AttributeTypeAndValue[] atvs1 = rdn1.getTypesAndValues();
+ AttributeTypeAndValue[] atvs2 = rdn2.getTypesAndValues();
+
+ if (atvs1.length != atvs2.length)
+ {
+ return false;
+ }
+
+ for (int i = 0; i != atvs1.length; i++)
+ {
+ if (!atvAreEqual(atvs1[i], atvs2[i]))
+ {
+ return false;
+ }
+ }
+ }
+ else
+ {
+ return false;
+ }
+ }
+ else
+ {
+ if (!rdn2.isMultiValued())
+ {
+ return atvAreEqual(rdn1.getFirst(), rdn2.getFirst());
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2)
+ {
+ if (atv1 == atv2)
+ {
+ return true;
+ }
+
+ if (atv1 == null)
+ {
+ return false;
+ }
+
+ if (atv2 == null)
+ {
+ return false;
+ }
+
+ ASN1ObjectIdentifier o1 = atv1.getType();
+ ASN1ObjectIdentifier o2 = atv2.getType();
+
+ if (!o1.equals(o2))
+ {
+ return false;
+ }
+
+ String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue()));
+ String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue()));
+
+ if (!v1.equals(v2))
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+ // parse backwards
+ public RDN[] fromString(String dirName)
+ {
+ RDN[] tmp = IETFUtils.rDNsFromString(dirName, this);
+ RDN[] res = new RDN[tmp.length];
+
+ for (int i = 0; i != tmp.length; i++)
+ {
+ res[res.length - i - 1] = tmp[i];
+ }
+
+ return res;
+ }
+
+ public int calculateHashCode(X500Name name)
+ {
+ int hashCodeValue = 0;
+ RDN[] rdns = name.getRDNs();
+
+ // this needs to be order independent, like equals
+ for (int i = 0; i != rdns.length; i++)
+ {
+ if (rdns[i].isMultiValued())
+ {
+ AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+
+ for (int j = 0; j != atv.length; j++)
+ {
+ hashCodeValue ^= atv[j].getType().hashCode();
+ hashCodeValue ^= calcHashCode(atv[j].getValue());
+ }
+ }
+ else
+ {
+ hashCodeValue ^= rdns[i].getFirst().getType().hashCode();
+ hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue());
+ }
+ }
+
+ return hashCodeValue;
+ }
+
+ private int calcHashCode(ASN1Encodable enc)
+ {
+ String value = IETFUtils.valueToString(enc);
+
+ value = IETFUtils.canonicalize(value);
+
+ return value.hashCode();
+ }
+
+ // convert in reverse
+ public String toString(X500Name name)
+ {
+ StringBuffer buf = new StringBuffer();
+ boolean first = true;
+
+ RDN[] rdns = name.getRDNs();
+
+ for (int i = rdns.length - 1; i >= 0; i--)
+ {
+ if (first)
+ {
+ first = false;
+ }
+ else
+ {
+ buf.append(',');
+ }
+
+ if (rdns[i].isMultiValued())
+ {
+ AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+ boolean firstAtv = true;
+
+ for (int j = 0; j != atv.length; j++)
+ {
+ if (firstAtv)
+ {
+ firstAtv = false;
+ }
+ else
+ {
+ buf.append('+');
+ }
+
+ IETFUtils.appendTypeAndValue(buf, atv[j], DefaultSymbols);
+ }
+ }
+ else
+ {
+ IETFUtils.appendTypeAndValue(buf, rdns[i].getFirst(), DefaultSymbols);
+ }
+ }
+
+ return buf.toString();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java b/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
new file mode 100644
index 0000000..7549a72
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
@@ -0,0 +1,99 @@
+package org.bouncycastle.asn1.x500.style;
+
+/**
+ * class for breaking up an X500 Name into it's component tokens, ala
+ * java.util.StringTokenizer. We need this class as some of the
+ * lightweight Java environment don't support classes like
+ * StringTokenizer.
+ */
+class X500NameTokenizer
+{
+ private String value;
+ private int index;
+ private char seperator;
+ private StringBuffer buf = new StringBuffer();
+
+ public X500NameTokenizer(
+ String oid)
+ {
+ this(oid, ',');
+ }
+
+ public X500NameTokenizer(
+ String oid,
+ char seperator)
+ {
+ this.value = oid;
+ this.index = -1;
+ this.seperator = seperator;
+ }
+
+ public boolean hasMoreTokens()
+ {
+ return (index != value.length());
+ }
+
+ public String nextToken()
+ {
+ if (index == value.length())
+ {
+ return null;
+ }
+
+ int end = index + 1;
+ boolean quoted = false;
+ boolean escaped = false;
+
+ buf.setLength(0);
+
+ while (end != value.length())
+ {
+ char c = value.charAt(end);
+
+ if (c == '"')
+ {
+ if (!escaped)
+ {
+ quoted = !quoted;
+ }
+ else
+ {
+ buf.append(c);
+ }
+ escaped = false;
+ }
+ else
+ {
+ if (escaped || quoted)
+ {
+ if (c == '#' && buf.charAt(buf.length() - 1) == '=')
+ {
+ buf.append('\\');
+ }
+ else if (c == '+' && seperator != '+')
+ {
+ buf.append('\\');
+ }
+ buf.append(c);
+ escaped = false;
+ }
+ else if (c == '\\')
+ {
+ escaped = true;
+ }
+ else if (c == seperator)
+ {
+ break;
+ }
+ else
+ {
+ buf.append(c);
+ }
+ }
+ end++;
+ }
+
+ index = end;
+ return buf.toString().trim();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
index d581967..7288d38 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
@@ -2,9 +2,11 @@
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
@@ -92,6 +94,15 @@
}
}
+ public ASN1ObjectIdentifier getAlgorithm()
+ {
+ return new ASN1ObjectIdentifier(objectId.getId());
+ }
+
+ /**
+ * @deprecated use getAlgorithm
+ * @return
+ */
public DERObjectIdentifier getObjectId()
{
return objectId;
@@ -118,7 +129,14 @@
if (parametersDefined)
{
- v.add(parameters);
+ if (parameters != null)
+ {
+ v.add(parameters);
+ }
+ else
+ {
+ v.add(DERNull.INSTANCE);
+ }
}
return new DERSequence(v);
diff --git a/src/main/java/org/bouncycastle/asn1/x509/Attribute.java b/src/main/java/org/bouncycastle/asn1/x509/Attribute.java
index c102e15..56df178 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/Attribute.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/Attribute.java
@@ -2,6 +2,7 @@
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObject;
@@ -56,11 +57,16 @@
this.attrValues = attrValues;
}
- public DERObjectIdentifier getAttrType()
+ public ASN1ObjectIdentifier getAttrType()
{
- return attrType;
+ return new ASN1ObjectIdentifier(attrType.getId());
}
-
+
+ public ASN1Encodable[] getAttributeValues()
+ {
+ return attrValues.toArray();
+ }
+
public ASN1Set getAttrValues()
{
return attrValues;
diff --git a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java
index cf00230..9e79e89 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java
@@ -24,12 +24,12 @@
{
return (AttributeCertificate)obj;
}
- else if (obj instanceof ASN1Sequence)
+ else if (obj != null)
{
- return new AttributeCertificate((ASN1Sequence)obj);
+ return new AttributeCertificate(ASN1Sequence.getInstance(obj));
}
- throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ return null;
}
public AttributeCertificate(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java b/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java
index 66c9630..40c49c6 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java
@@ -1,6 +1,8 @@
package org.bouncycastle.asn1.x509;
+import java.util.Enumeration;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
@@ -9,8 +11,6 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERSequence;
-import java.util.Enumeration;
-
/**
* PKIX RFC-2459
*
@@ -45,12 +45,12 @@
{
return (CertificateList)obj;
}
- else if (obj instanceof ASN1Sequence)
+ else if (obj != null)
{
- return new CertificateList((ASN1Sequence)obj);
+ return new CertificateList(ASN1Sequence.getInstance(obj));
}
- throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ return null;
}
public CertificateList(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java b/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java
index a59f105..b6a294e 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java
@@ -13,7 +13,7 @@
* <pre>
* DistributionPointName ::= CHOICE {
* fullName [0] GeneralNames,
- * nameRelativeToCRLIssuer [1] RelativeDistinguishedName
+ * nameRelativeToCRLIssuer [1] RDN
* }
* </pre>
*/
diff --git a/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java b/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java
index c657c7b..29fdd72 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java
@@ -1,9 +1,11 @@
package org.bouncycastle.asn1.x509;
+import java.io.IOException;
import java.util.StringTokenizer;
import org.bouncycastle.asn1.ASN1Choice;
import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
@@ -13,6 +15,7 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.util.IPAddress;
/**
@@ -64,6 +67,13 @@
this.tag = 4;
}
+ public GeneralName(
+ X500Name dirName)
+ {
+ this.obj = dirName;
+ this.tag = 4;
+ }
+
/**
* @deprecated this constructor seems the wrong way round! Use GeneralName(tag, name).
*/
@@ -204,6 +214,18 @@
}
}
+ if (obj instanceof byte[])
+ {
+ try
+ {
+ return getInstance(ASN1Object.fromByteArray((byte[])obj));
+ }
+ catch (IOException e)
+ {
+ throw new IllegalArgumentException("unable to parse encoded general name");
+ }
+ }
+
throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java b/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java
index 326ee20..2a4b1f1 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java
@@ -1,5 +1,7 @@
package org.bouncycastle.asn1.x509;
+import java.math.BigInteger;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
@@ -9,8 +11,6 @@
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
-import java.math.BigInteger;
-
/**
* Class for containing a restriction object subtrees in NameConstraints. See
* RFC 3280.
@@ -64,9 +64,27 @@
}
break;
case 3:
- minimum = DERInteger.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(1)));
- maximum = DERInteger.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(2)));
+ {
+ {
+ ASN1TaggedObject oMin = ASN1TaggedObject.getInstance(seq.getObjectAt(1));
+ if (oMin.getTagNo() != 0)
+ {
+ throw new IllegalArgumentException("Bad tag number for 'minimum': " + oMin.getTagNo());
+ }
+ minimum = DERInteger.getInstance(oMin, false);
+ }
+
+ {
+ ASN1TaggedObject oMax = ASN1TaggedObject.getInstance(seq.getObjectAt(2));
+ if (oMax.getTagNo() != 1)
+ {
+ throw new IllegalArgumentException("Bad tag number for 'maximum': " + oMax.getTagNo());
+ }
+ maximum = DERInteger.getInstance(oMax, false);
+ }
+
break;
+ }
default:
throw new IllegalArgumentException("Bad sequence size: "
+ seq.size());
diff --git a/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java b/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java
index d122327..9af439d 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java
@@ -39,12 +39,12 @@
{
return (SubjectPublicKeyInfo)obj;
}
- else if (obj instanceof ASN1Sequence)
+ else if (obj != null)
{
- return new SubjectPublicKeyInfo((ASN1Sequence)obj);
+ return new SubjectPublicKeyInfo(ASN1Sequence.getInstance(obj));
}
- throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ return null;
}
public SubjectPublicKeyInfo(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java b/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
index f14e9bb..128a1a1 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
@@ -1,5 +1,7 @@
package org.bouncycastle.asn1.x509;
+import java.util.Enumeration;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
@@ -9,8 +11,6 @@
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
-import java.util.Enumeration;
-
/**
* PKIX RFC-2459 - TBSCertList object.
* <pre>
@@ -35,7 +35,7 @@
public class TBSCertList
extends ASN1Encodable
{
- public class CRLEntry
+ public static class CRLEntry
extends ASN1Encodable
{
ASN1Sequence seq;
diff --git a/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java
index f1a6cfd..36425d7 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java
@@ -60,12 +60,12 @@
{
return (TBSCertificateStructure)obj;
}
- else if (obj instanceof ASN1Sequence)
+ else if (obj != null)
{
- return new TBSCertificateStructure((ASN1Sequence)obj);
+ return new TBSCertificateStructure(ASN1Sequence.getInstance(obj));
}
- throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ return null;
}
public TBSCertificateStructure(
@@ -80,7 +80,7 @@
//
if (seq.getObjectAt(0) instanceof DERTaggedObject)
{
- version = DERInteger.getInstance(seq.getObjectAt(0));
+ version = DERInteger.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true);
}
else
{
diff --git a/src/main/java/org/bouncycastle/asn1/x509/Time.java b/src/main/java/org/bouncycastle/asn1/x509/Time.java
index c05c65d..d51209d 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/Time.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/Time.java
@@ -66,7 +66,7 @@
public static Time getInstance(
Object obj)
{
- if (obj instanceof Time)
+ if (obj == null || obj instanceof Time)
{
return (Time)obj;
}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java
index 53505d1..1c3016d 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java
@@ -5,6 +5,7 @@
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
+import org.bouncycastle.asn1.x500.X500Name;
/**
* Generator for Version 1 TBSCertificateStructures.
@@ -54,6 +55,12 @@
this.issuer = issuer;
}
+ public void setIssuer(
+ X500Name issuer)
+ {
+ this.issuer = X509Name.getInstance(issuer.getDERObject());
+ }
+
public void setStartDate(
Time startDate)
{
@@ -84,6 +91,12 @@
this.subject = subject;
}
+ public void setSubject(
+ X500Name subject)
+ {
+ this.subject = X509Name.getInstance(subject.getDERObject());
+ }
+
public void setSubjectPublicKeyInfo(
SubjectPublicKeyInfo pubKeyInfo)
{
diff --git a/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
index 9d8ba05..6fccbd0 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
@@ -6,6 +6,7 @@
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
+import org.bouncycastle.asn1.x500.X500Name;
/**
* Generator for Version 3 TBSCertificateStructures.
@@ -63,6 +64,12 @@
this.issuer = issuer;
}
+ public void setIssuer(
+ X500Name issuer)
+ {
+ this.issuer = X509Name.getInstance(issuer.getDERObject());
+ }
+
public void setStartDate(
DERUTCTime startDate)
{
@@ -93,6 +100,12 @@
this.subject = subject;
}
+ public void setSubject(
+ X500Name subject)
+ {
+ this.subject = X509Name.getInstance(subject.getDERObject());
+ }
+
public void setIssuerUniqueID(
DERBitString uniqueID)
{
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java b/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java
index 347b661..8559b69 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java
@@ -41,17 +41,12 @@
{
return (X509CertificateStructure)obj;
}
- else if (obj instanceof ASN1Sequence)
+ else if (obj != null)
{
- return new X509CertificateStructure((ASN1Sequence)obj);
+ return new X509CertificateStructure(ASN1Sequence.getInstance(obj));
}
- if (obj != null)
- {
- throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
- }
-
- throw new IllegalArgumentException("null object in factory");
+ return null;
}
public X509CertificateStructure(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java b/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
index 02ac76b..8c2cab4 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
@@ -1,16 +1,173 @@
package org.bouncycastle.asn1.x509;
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DERBoolean;
-import java.io.IOException;
-
/**
* an object for the elements in the X.509 V3 extension block.
*/
public class X509Extension
{
+ /**
+ * Subject Directory Attributes
+ */
+ public static final ASN1ObjectIdentifier subjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9");
+
+ /**
+ * Subject Key Identifier
+ */
+ public static final ASN1ObjectIdentifier subjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14");
+
+ /**
+ * Key Usage
+ */
+ public static final ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier("2.5.29.15");
+
+ /**
+ * Private Key Usage Period
+ */
+ public static final ASN1ObjectIdentifier privateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16");
+
+ /**
+ * Subject Alternative Name
+ */
+ public static final ASN1ObjectIdentifier subjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17");
+
+ /**
+ * Issuer Alternative Name
+ */
+ public static final ASN1ObjectIdentifier issuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18");
+
+ /**
+ * Basic Constraints
+ */
+ public static final ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
+
+ /**
+ * CRL Number
+ */
+ public static final ASN1ObjectIdentifier cRLNumber = new ASN1ObjectIdentifier("2.5.29.20");
+
+ /**
+ * Reason code
+ */
+ public static final ASN1ObjectIdentifier reasonCode = new ASN1ObjectIdentifier("2.5.29.21");
+
+ /**
+ * Hold Instruction Code
+ */
+ public static final ASN1ObjectIdentifier instructionCode = new ASN1ObjectIdentifier("2.5.29.23");
+
+ /**
+ * Invalidity Date
+ */
+ public static final ASN1ObjectIdentifier invalidityDate = new ASN1ObjectIdentifier("2.5.29.24");
+
+ /**
+ * Delta CRL indicator
+ */
+ public static final ASN1ObjectIdentifier deltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27");
+
+ /**
+ * Issuing Distribution Point
+ */
+ public static final ASN1ObjectIdentifier issuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28");
+
+ /**
+ * Certificate Issuer
+ */
+ public static final ASN1ObjectIdentifier certificateIssuer = new ASN1ObjectIdentifier("2.5.29.29");
+
+ /**
+ * Name Constraints
+ */
+ public static final ASN1ObjectIdentifier nameConstraints = new ASN1ObjectIdentifier("2.5.29.30");
+
+ /**
+ * CRL Distribution Points
+ */
+ public static final ASN1ObjectIdentifier cRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31");
+
+ /**
+ * Certificate Policies
+ */
+ public static final ASN1ObjectIdentifier certificatePolicies = new ASN1ObjectIdentifier("2.5.29.32");
+
+ /**
+ * Policy Mappings
+ */
+ public static final ASN1ObjectIdentifier policyMappings = new ASN1ObjectIdentifier("2.5.29.33");
+
+ /**
+ * Authority Key Identifier
+ */
+ public static final ASN1ObjectIdentifier authorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35");
+
+ /**
+ * Policy Constraints
+ */
+ public static final ASN1ObjectIdentifier policyConstraints = new ASN1ObjectIdentifier("2.5.29.36");
+
+ /**
+ * Extended Key Usage
+ */
+ public static final ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37");
+
+ /**
+ * Freshest CRL
+ */
+ public static final ASN1ObjectIdentifier freshestCRL = new ASN1ObjectIdentifier("2.5.29.46");
+
+ /**
+ * Inhibit Any Policy
+ */
+ public static final ASN1ObjectIdentifier inhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54");
+
+ /**
+ * Authority Info Access
+ */
+ public static final ASN1ObjectIdentifier authorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1");
+
+ /**
+ * Subject Info Access
+ */
+ public static final ASN1ObjectIdentifier subjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11");
+
+ /**
+ * Logo Type
+ */
+ public static final ASN1ObjectIdentifier logoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12");
+
+ /**
+ * BiometricInfo
+ */
+ public static final ASN1ObjectIdentifier biometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2");
+
+ /**
+ * QCStatements
+ */
+ public static final ASN1ObjectIdentifier qCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3");
+
+ /**
+ * Audit identity extension in attribute certificates.
+ */
+ public static final ASN1ObjectIdentifier auditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4");
+
+ /**
+ * NoRevAvail extension in attribute certificates.
+ */
+ public static final ASN1ObjectIdentifier noRevAvail = new ASN1ObjectIdentifier("2.5.29.56");
+
+ /**
+ * TargetInformation extension in attribute certificates.
+ */
+ public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55");
+
boolean critical;
ASN1OctetString value;
@@ -40,6 +197,11 @@
return value;
}
+ public ASN1Encodable getParsedValue()
+ {
+ return convertValueToObject(this);
+ }
+
public int hashCode()
{
if (this.isCritical())
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java b/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
index 58d9504..a9819f4 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
@@ -1,7 +1,12 @@
package org.bouncycastle.asn1.x509;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Vector;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
@@ -9,175 +14,198 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
-// BEGIN android-added
-import org.bouncycastle.asn1.OrderedTable;
-// END android-added
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Vector;
public class X509Extensions
extends ASN1Encodable
{
/**
* Subject Directory Attributes
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier SubjectDirectoryAttributes = new DERObjectIdentifier("2.5.29.9");
+ public static final ASN1ObjectIdentifier SubjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9");
/**
- * Subject Key Identifier
+ * Subject Key Identifier
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier SubjectKeyIdentifier = new DERObjectIdentifier("2.5.29.14");
+ public static final ASN1ObjectIdentifier SubjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14");
/**
- * Key Usage
+ * Key Usage
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier KeyUsage = new DERObjectIdentifier("2.5.29.15");
+ public static final ASN1ObjectIdentifier KeyUsage = new ASN1ObjectIdentifier("2.5.29.15");
/**
- * Private Key Usage Period
+ * Private Key Usage Period
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier PrivateKeyUsagePeriod = new DERObjectIdentifier("2.5.29.16");
+ public static final ASN1ObjectIdentifier PrivateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16");
/**
- * Subject Alternative Name
+ * Subject Alternative Name
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier SubjectAlternativeName = new DERObjectIdentifier("2.5.29.17");
+ public static final ASN1ObjectIdentifier SubjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17");
/**
- * Issuer Alternative Name
+ * Issuer Alternative Name
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier IssuerAlternativeName = new DERObjectIdentifier("2.5.29.18");
+ public static final ASN1ObjectIdentifier IssuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18");
/**
- * Basic Constraints
+ * Basic Constraints
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier BasicConstraints = new DERObjectIdentifier("2.5.29.19");
+ public static final ASN1ObjectIdentifier BasicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
/**
- * CRL Number
+ * CRL Number
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier CRLNumber = new DERObjectIdentifier("2.5.29.20");
+ public static final ASN1ObjectIdentifier CRLNumber = new ASN1ObjectIdentifier("2.5.29.20");
/**
- * Reason code
+ * Reason code
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier ReasonCode = new DERObjectIdentifier("2.5.29.21");
+ public static final ASN1ObjectIdentifier ReasonCode = new ASN1ObjectIdentifier("2.5.29.21");
/**
- * Hold Instruction Code
+ * Hold Instruction Code
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier InstructionCode = new DERObjectIdentifier("2.5.29.23");
+ public static final ASN1ObjectIdentifier InstructionCode = new ASN1ObjectIdentifier("2.5.29.23");
/**
- * Invalidity Date
+ * Invalidity Date
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier InvalidityDate = new DERObjectIdentifier("2.5.29.24");
+ public static final ASN1ObjectIdentifier InvalidityDate = new ASN1ObjectIdentifier("2.5.29.24");
/**
- * Delta CRL indicator
+ * Delta CRL indicator
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier DeltaCRLIndicator = new DERObjectIdentifier("2.5.29.27");
+ public static final ASN1ObjectIdentifier DeltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27");
/**
- * Issuing Distribution Point
+ * Issuing Distribution Point
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier IssuingDistributionPoint = new DERObjectIdentifier("2.5.29.28");
+ public static final ASN1ObjectIdentifier IssuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28");
/**
- * Certificate Issuer
+ * Certificate Issuer
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier CertificateIssuer = new DERObjectIdentifier("2.5.29.29");
+ public static final ASN1ObjectIdentifier CertificateIssuer = new ASN1ObjectIdentifier("2.5.29.29");
/**
- * Name Constraints
+ * Name Constraints
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier NameConstraints = new DERObjectIdentifier("2.5.29.30");
+ public static final ASN1ObjectIdentifier NameConstraints = new ASN1ObjectIdentifier("2.5.29.30");
/**
- * CRL Distribution Points
+ * CRL Distribution Points
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier CRLDistributionPoints = new DERObjectIdentifier("2.5.29.31");
+ public static final ASN1ObjectIdentifier CRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31");
/**
- * Certificate Policies
+ * Certificate Policies
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier CertificatePolicies = new DERObjectIdentifier("2.5.29.32");
+ public static final ASN1ObjectIdentifier CertificatePolicies = new ASN1ObjectIdentifier("2.5.29.32");
/**
- * Policy Mappings
+ * Policy Mappings
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier PolicyMappings = new DERObjectIdentifier("2.5.29.33");
+ public static final ASN1ObjectIdentifier PolicyMappings = new ASN1ObjectIdentifier("2.5.29.33");
/**
- * Authority Key Identifier
+ * Authority Key Identifier
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier AuthorityKeyIdentifier = new DERObjectIdentifier("2.5.29.35");
+ public static final ASN1ObjectIdentifier AuthorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35");
/**
- * Policy Constraints
+ * Policy Constraints
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier PolicyConstraints = new DERObjectIdentifier("2.5.29.36");
+ public static final ASN1ObjectIdentifier PolicyConstraints = new ASN1ObjectIdentifier("2.5.29.36");
/**
- * Extended Key Usage
+ * Extended Key Usage
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier ExtendedKeyUsage = new DERObjectIdentifier("2.5.29.37");
+ public static final ASN1ObjectIdentifier ExtendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37");
/**
* Freshest CRL
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier FreshestCRL = new DERObjectIdentifier("2.5.29.46");
+ public static final ASN1ObjectIdentifier FreshestCRL = new ASN1ObjectIdentifier("2.5.29.46");
/**
* Inhibit Any Policy
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier InhibitAnyPolicy = new DERObjectIdentifier("2.5.29.54");
+ public static final ASN1ObjectIdentifier InhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54");
/**
* Authority Info Access
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier AuthorityInfoAccess = new DERObjectIdentifier("1.3.6.1.5.5.7.1.1");
+ public static final ASN1ObjectIdentifier AuthorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1");
/**
* Subject Info Access
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier SubjectInfoAccess = new DERObjectIdentifier("1.3.6.1.5.5.7.1.11");
+ public static final ASN1ObjectIdentifier SubjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11");
/**
* Logo Type
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier LogoType = new DERObjectIdentifier("1.3.6.1.5.5.7.1.12");
+ public static final ASN1ObjectIdentifier LogoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12");
/**
* BiometricInfo
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier BiometricInfo = new DERObjectIdentifier("1.3.6.1.5.5.7.1.2");
+ public static final ASN1ObjectIdentifier BiometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2");
/**
* QCStatements
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier QCStatements = new DERObjectIdentifier("1.3.6.1.5.5.7.1.3");
+ public static final ASN1ObjectIdentifier QCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3");
/**
* Audit identity extension in attribute certificates.
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier AuditIdentity = new DERObjectIdentifier("1.3.6.1.5.5.7.1.4");
+ public static final ASN1ObjectIdentifier AuditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4");
/**
* NoRevAvail extension in attribute certificates.
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier NoRevAvail = new DERObjectIdentifier("2.5.29.56");
+ public static final ASN1ObjectIdentifier NoRevAvail = new ASN1ObjectIdentifier("2.5.29.56");
/**
* TargetInformation extension in attribute certificates.
+ * @deprecated use X509Extension value.
*/
- public static final DERObjectIdentifier TargetInformation = new DERObjectIdentifier("2.5.29.55");
+ public static final ASN1ObjectIdentifier TargetInformation = new ASN1ObjectIdentifier("2.5.29.55");
- // BEGIN android-changed
- private OrderedTable table = new OrderedTable();
- // END android-changed
+ private Hashtable extensions = new Hashtable();
+ private Vector ordering = new Vector();
public static X509Extensions getInstance(
ASN1TaggedObject obj,
@@ -221,26 +249,20 @@
{
ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement());
- // BEGIN android-changed
- int sSize = s.size();
- DERObjectIdentifier key = (DERObjectIdentifier) s.getObjectAt(0);
- Object value;
-
- if (sSize == 3)
+ if (s.size() == 3)
{
- value = new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)));
+ extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
}
- else if (sSize == 2)
+ else if (s.size() == 2)
{
- value = new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1)));
+ extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1))));
}
else
{
- throw new IllegalArgumentException("Bad sequence size: " + sSize);
+ throw new IllegalArgumentException("Bad sequence size: " + s.size());
}
- table.add(key, value);
- // END android-changed
+ ordering.addElement(s.getObjectAt(0));
}
}
@@ -275,14 +297,20 @@
e = ordering.elements();
}
- // BEGIN android-changed
while (e.hasMoreElements())
{
- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
- X509Extension ext = (X509Extension)extensions.get(oid);
- table.add(oid, ext);
+ this.ordering.addElement(new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId()));
}
- // END android-changed
+
+ e = this.ordering.elements();
+
+ while (e.hasMoreElements())
+ {
+ ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId());
+ X509Extension ext = (X509Extension)extensions.get(oid);
+
+ this.extensions.put(oid, ext);
+ }
}
/**
@@ -297,18 +325,23 @@
{
Enumeration e = objectIDs.elements();
- // BEGIN android-changed
- int count = 0;
-
while (e.hasMoreElements())
{
- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+ this.ordering.addElement(e.nextElement());
+ }
+
+ int count = 0;
+
+ e = this.ordering.elements();
+
+ while (e.hasMoreElements())
+ {
+ ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
X509Extension ext = (X509Extension)values.elementAt(count);
- table.add(oid, ext);
+ this.extensions.put(oid, ext);
count++;
}
- // END android-changed
}
/**
@@ -316,9 +349,7 @@
*/
public Enumeration oids()
{
- // BEGIN android-changed
- return table.getKeys();
- // END android-changed
+ return ordering.elements();
}
/**
@@ -328,11 +359,20 @@
* @return the extension if it's present, null otherwise.
*/
public X509Extension getExtension(
+ ASN1ObjectIdentifier oid)
+ {
+ return (X509Extension)extensions.get(oid);
+ }
+
+ /**
+ * @deprecated
+ * @param oid
+ * @return
+ */
+ public X509Extension getExtension(
DERObjectIdentifier oid)
{
- // BEGIN android-changed
- return (X509Extension)table.get(oid);
- // END android-changed
+ return (X509Extension)extensions.get(oid);
}
/**
@@ -348,14 +388,12 @@
public DERObject toASN1Object()
{
ASN1EncodableVector vec = new ASN1EncodableVector();
- // BEGIN android-changed
- int size = table.size();
+ Enumeration e = ordering.elements();
- for (int i = 0; i < size; i++)
+ while (e.hasMoreElements())
{
- DERObjectIdentifier oid = table.getKey(i);
- X509Extension ext = (X509Extension)table.getValue(i);
- // END android-changed
+ ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
+ X509Extension ext = (X509Extension)extensions.get(oid);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(oid);
@@ -378,24 +416,18 @@
public boolean equivalent(
X509Extensions other)
{
- // BEGIN android-changed
- if (table.size() != other.table.size())
- // END android-changed
+ if (extensions.size() != other.extensions.size())
{
return false;
}
- // BEGIN android-changed
- Enumeration e1 = table.getKeys();
- // END android-changed
+ Enumeration e1 = extensions.keys();
while (e1.hasMoreElements())
{
- // BEGIN android-changed
- DERObjectIdentifier key = (DERObjectIdentifier)e1.nextElement();
+ Object key = e1.nextElement();
- if (!table.get(key).equals(other.table.get(key)))
- // END android-changed
+ if (!extensions.get(key).equals(other.extensions.get(key)))
{
return false;
}
@@ -403,4 +435,47 @@
return true;
}
+
+ public ASN1ObjectIdentifier[] getExtensionOIDs()
+ {
+ return toOidArray(ordering);
+ }
+
+ public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs()
+ {
+ return getExtensionOIDs(false);
+ }
+
+ public ASN1ObjectIdentifier[] getCriticalExtensionOIDs()
+ {
+ return getExtensionOIDs(true);
+ }
+
+ private ASN1ObjectIdentifier[] getExtensionOIDs(boolean isCritical)
+ {
+ Vector oidVec = new Vector();
+
+ for (int i = 0; i != ordering.size(); i++)
+ {
+ Object oid = ordering.elementAt(i);
+
+ if (((X509Extension)extensions.get(oid)).isCritical() == isCritical)
+ {
+ oidVec.addElement(oid);
+ }
+ }
+
+ return toOidArray(oidVec);
+ }
+
+ private ASN1ObjectIdentifier[] toOidArray(Vector oidVec)
+ {
+ ASN1ObjectIdentifier[] oids = new ASN1ObjectIdentifier[oidVec.size()];
+
+ for (int i = 0; i != oids.length; i++)
+ {
+ oids[i] = (ASN1ObjectIdentifier)oidVec.elementAt(i);
+ }
+ return oids;
+ }
}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
index ea221b6..89638dd 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
@@ -19,6 +19,7 @@
import org.bouncycastle.asn1.DERString;
import org.bouncycastle.asn1.DERUniversalString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
@@ -32,6 +33,7 @@
* type OBJECT IDENTIFIER,
* value ANY }
* </pre>
+ * @deprecated use org.bouncycastle.asn1.x500.X500Name.
*/
public class X509Name
extends ASN1Encodable
@@ -247,10 +249,10 @@
*/
public static final Hashtable SymbolLookUp = DefaultLookUp;
- // BEGIN android-removed
- //private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
- //private static final Boolean FALSE = new Boolean(false);
- // END android-removed
+ // BEGIN android-changed
+ private static final Boolean TRUE = Boolean.TRUE;
+ private static final Boolean FALSE = Boolean.FALSE;
+ // END android-changed
static
{
@@ -342,9 +344,9 @@
}
private X509NameEntryConverter converter = null;
- // BEGIN android-changed
- private X509NameElementList elems = new X509NameElementList();
- // END android-changed
+ private Vector ordering = new Vector();
+ private Vector values = new Vector();
+ private Vector added = new Vector();
private ASN1Sequence seq;
@@ -372,14 +374,22 @@
{
return (X509Name)obj;
}
- else if (obj instanceof ASN1Sequence)
+ else if (obj instanceof X500Name)
{
- return new X509Name((ASN1Sequence)obj);
+ return new X509Name(ASN1Sequence.getInstance(((X500Name)obj).getDERObject()));
+ }
+ else if (obj != null)
+ {
+ return new X509Name(ASN1Sequence.getInstance(obj));
}
- throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+ return null;
}
+ protected X509Name()
+ {
+ // constructure use by new X500 Name class
+ }
/**
* Constructor from ASN1Sequence
*
@@ -394,7 +404,7 @@
while (e.hasMoreElements())
{
- ASN1Set set = ASN1Set.getInstance(e.nextElement());
+ ASN1Set set = ASN1Set.getInstance(((DEREncodable)e.nextElement()).getDERObject());
for (int i = 0; i < set.size(); i++)
{
@@ -405,29 +415,27 @@
throw new IllegalArgumentException("badly sized pair");
}
- // BEGIN android-changed
- DERObjectIdentifier key = DERObjectIdentifier.getInstance(s.getObjectAt(0));
+ ordering.addElement(DERObjectIdentifier.getInstance(s.getObjectAt(0)));
DEREncodable value = s.getObjectAt(1);
- String valueStr;
if (value instanceof DERString && !(value instanceof DERUniversalString))
{
String v = ((DERString)value).getString();
if (v.length() > 0 && v.charAt(0) == '#')
{
- valueStr = "\\" + v;
+ values.addElement("\\" + v);
}
else
{
- valueStr = v;
+ values.addElement(v);
}
}
else
{
- valueStr = "#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()));
+ values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
}
- boolean added = (i != 0); // to allow earlier JDK compatibility
- elems.add(key, valueStr, added);
+ // BEGIN android-changed
+ added.addElement(Boolean.valueOf(i != 0));
// END android-changed
}
}
@@ -482,23 +490,14 @@
Hashtable attributes,
X509NameEntryConverter converter)
{
- // BEGIN android-changed
- DERObjectIdentifier problem = null;
this.converter = converter;
if (ordering != null)
{
for (int i = 0; i != ordering.size(); i++)
{
- DERObjectIdentifier key =
- (DERObjectIdentifier) ordering.elementAt(i);
- String value = (String) attributes.get(key);
- if (value == null)
- {
- problem = key;
- break;
- }
- elems.add(key, value);
+ this.ordering.addElement(ordering.elementAt(i));
+ this.added.addElement(FALSE);
}
}
else
@@ -507,23 +506,22 @@
while (e.hasMoreElements())
{
- DERObjectIdentifier key =
- (DERObjectIdentifier) e.nextElement();
- String value = (String) attributes.get(key);
- if (value == null)
- {
- problem = key;
- break;
- }
- elems.add(key, value);
+ this.ordering.addElement(e.nextElement());
+ this.added.addElement(FALSE);
}
}
- if (problem != null)
+ for (int i = 0; i != this.ordering.size(); i++)
{
- throw new IllegalArgumentException("No attribute for object id - " + problem.getId() + " - passed to distinguished name");
+ DERObjectIdentifier oid = (DERObjectIdentifier)this.ordering.elementAt(i);
+
+ if (attributes.get(oid) == null)
+ {
+ throw new IllegalArgumentException("No attribute for object id - " + oid.getId() + " - passed to distinguished name");
+ }
+
+ this.values.addElement(attributes.get(oid)); // copy the hash table
}
- // END android-changed
}
/**
@@ -556,10 +554,9 @@
for (int i = 0; i < oids.size(); i++)
{
- // BEGIN android-changed
- elems.add((DERObjectIdentifier) oids.elementAt(i),
- (String) values.elementAt(i));
- // END android-changed
+ this.ordering.addElement(oids.elementAt(i));
+ this.values.addElement(values.elementAt(i));
+ this.added.addElement(FALSE);
}
}
@@ -696,7 +693,9 @@
if (index == -1)
{
+ // BEGIN android-changed
throw new IllegalArgumentException("badly formatted directory string");
+ // END android-changed
}
String name = token.substring(0, index);
@@ -708,9 +707,9 @@
X509NameTokenizer vTok = new X509NameTokenizer(value, '+');
String v = vTok.nextToken();
- // BEGIN android-changed
- this.elems.add(oid, v);
- // END android-changed
+ this.ordering.addElement(oid);
+ this.values.addElement(v);
+ this.added.addElement(FALSE);
while (vTok.hasMoreTokens())
{
@@ -719,24 +718,48 @@
String nm = sv.substring(0, ndx);
String vl = sv.substring(ndx + 1);
- // BEGIN android-changed
- this.elems.add(decodeOID(nm, lookUp), vl, true);
- // END android-changed
+ this.ordering.addElement(decodeOID(nm, lookUp));
+ this.values.addElement(vl);
+ this.added.addElement(TRUE);
}
}
else
{
- // BEGIN android-changed
- this.elems.add(oid, value);
- // END android-changed
+ this.ordering.addElement(oid);
+ this.values.addElement(value);
+ this.added.addElement(FALSE);
}
}
if (reverse)
{
- // BEGIN android-changed
- this.elems = this.elems.reverse();
- // END android-changed
+ Vector o = new Vector();
+ Vector v = new Vector();
+ Vector a = new Vector();
+
+ int count = 1;
+
+ for (int i = 0; i < this.ordering.size(); i++)
+ {
+ if (((Boolean)this.added.elementAt(i)).booleanValue())
+ {
+ o.insertElementAt(this.ordering.elementAt(i), count);
+ v.insertElementAt(this.values.elementAt(i), count);
+ a.insertElementAt(this.added.elementAt(i), count);
+ count++;
+ }
+ else
+ {
+ o.insertElementAt(this.ordering.elementAt(i), 0);
+ v.insertElementAt(this.values.elementAt(i), 0);
+ a.insertElementAt(this.added.elementAt(i), 0);
+ count = 1;
+ }
+ }
+
+ this.ordering = o;
+ this.values = v;
+ this.added = a;
}
}
@@ -745,17 +768,14 @@
*/
public Vector getOIDs()
{
- // BEGIN android-changed
Vector v = new Vector();
- int size = elems.size();
- for (int i = 0; i < size; i++)
+ for (int i = 0; i != ordering.size(); i++)
{
- v.addElement(elems.getKey(i));
+ v.addElement(ordering.elementAt(i));
}
return v;
- // END android-changed
}
/**
@@ -765,14 +785,11 @@
public Vector getValues()
{
Vector v = new Vector();
- // BEGIN android-changed
- int size = elems.size();
- for (int i = 0; i != size; i++)
+ for (int i = 0; i != values.size(); i++)
{
- v.addElement(elems.getValue(i));
+ v.addElement(values.elementAt(i));
}
- // END android-changed
return v;
}
@@ -785,14 +802,12 @@
DERObjectIdentifier oid)
{
Vector v = new Vector();
- int size = elems.size();
- // BEGIN android-changed
- for (int i = 0; i != size; i++)
+ for (int i = 0; i != values.size(); i++)
{
- if (elems.getKey(i).equals(oid))
+ if (ordering.elementAt(i).equals(oid))
{
- String val = elems.getValue(i);
+ String val = (String)values.elementAt(i);
if (val.length() > 2 && val.charAt(0) == '\\' && val.charAt(1) == '#')
{
@@ -804,7 +819,6 @@
}
}
}
- // END android-changed
return v;
}
@@ -816,23 +830,20 @@
ASN1EncodableVector vec = new ASN1EncodableVector();
ASN1EncodableVector sVec = new ASN1EncodableVector();
DERObjectIdentifier lstOid = null;
- // BEGIN android-changed
- int size = elems.size();
- for (int i = 0; i != size; i++)
+ for (int i = 0; i != ordering.size(); i++)
{
ASN1EncodableVector v = new ASN1EncodableVector();
- DERObjectIdentifier oid = elems.getKey(i);
+ DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i);
v.add(oid);
- String str = elems.getValue(i);
+ String str = (String)values.elementAt(i);
v.add(converter.getConvertedValue(oid, str));
if (lstOid == null
- || this.elems.getAdded(i))
- // END android-changed
+ || ((Boolean)this.added.elementAt(i)).booleanValue())
{
sVec.add(new DERSequence(v));
}
@@ -850,7 +861,6 @@
vec.add(new DERSet(sVec));
seq = new DERSequence(vec);
- // END android-changed
}
return seq;
@@ -895,28 +905,22 @@
return false;
}
- // BEGIN android-changed
- int orderingSize = elems.size();
+ int orderingSize = ordering.size();
- if (orderingSize != other.elems.size())
- // END android-changed
+ if (orderingSize != other.ordering.size())
{
return false;
}
for (int i = 0; i < orderingSize; i++)
{
- // BEGIN android-changed
- DERObjectIdentifier oid = elems.getKey(i);
- DERObjectIdentifier oOid = other.elems.getKey(i);
- // END android-changed
+ DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i);
+ DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(i);
if (oid.equals(oOid))
{
- // BEGIN android-changed
- String value = elems.getValue(i);
- String oValue = other.elems.getValue(i);
- // END android-changed
+ String value = (String)values.elementAt(i);
+ String oValue = (String)other.values.elementAt(i);
if (!equivalentStrings(value, oValue))
{
@@ -942,13 +946,14 @@
isHashCodeCalculated = true;
// this needs to be order independent, like equals
- for (int i = 0; i != elems.size(); i += 1)
+ for (int i = 0; i != ordering.size(); i += 1)
{
- String value = (String)elems.getValue(i);
+ String value = (String)values.elementAt(i);
value = canonicalize(value);
value = stripInternalSpaces(value);
+ hashCodeValue ^= ordering.elementAt(i).hashCode();
hashCodeValue ^= value.hashCode();
}
@@ -988,11 +993,9 @@
return false;
}
- // BEGIN android-changed
- int orderingSize = elems.size();
+ int orderingSize = ordering.size();
- if (orderingSize != other.elems.size())
- // END android-changed
+ if (orderingSize != other.ordering.size())
{
return false;
}
@@ -1000,9 +1003,7 @@
boolean[] indexes = new boolean[orderingSize];
int start, end, delta;
- // BEGIN android-changed
- if (elems.getKey(0).equals(other.elems.getKey(0))) // guess forward
- // END android-changed
+ if (ordering.elementAt(0).equals(other.ordering.elementAt(0))) // guess forward
{
start = 0;
end = orderingSize;
@@ -1018,10 +1019,8 @@
for (int i = start; i != end; i += delta)
{
boolean found = false;
- // BEGIN android-changed
- DERObjectIdentifier oid = elems.getKey(i);
- String value = elems.getValue(i);
- // END android-changed
+ DERObjectIdentifier oid = (DERObjectIdentifier)ordering.elementAt(i);
+ String value = (String)values.elementAt(i);
for (int j = 0; j < orderingSize; j++)
{
@@ -1030,15 +1029,11 @@
continue;
}
- // BEGIN android-changed
- DERObjectIdentifier oOid = other.elems.getKey(j);
- // END android-changed
+ DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(j);
if (oid.equals(oOid))
{
- // BEGIN android-changed
- String oValue = other.elems.getValue(j);
- // END android-changed
+ String oValue = (String)other.values.elementAt(j);
if (equivalentStrings(value, oValue))
{
@@ -1203,36 +1198,28 @@
StringBuffer ava = null;
- // BEGIN android-changed
- for (int i = 0; i < elems.size(); i++)
- // END android-changed
+ for (int i = 0; i < ordering.size(); i++)
{
- if (elems.getAdded(i))
+ if (((Boolean)added.elementAt(i)).booleanValue())
{
ava.append('+');
appendValue(ava, oidSymbols,
- // BEGIN android-changed
- elems.getKey(i),
- elems.getValue(i));
- // END android-changed
+ (DERObjectIdentifier)ordering.elementAt(i),
+ (String)values.elementAt(i));
}
else
{
ava = new StringBuffer();
appendValue(ava, oidSymbols,
- // BEGIN android-changed
- elems.getKey(i),
- elems.getValue(i));
- // END android-changed
+ (DERObjectIdentifier)ordering.elementAt(i),
+ (String)values.elementAt(i));
components.addElement(ava);
}
}
if (reverse)
{
- // BEGIN android-changed
- for (int i = elems.size() - 1; i >= 0; i--)
- // END android-changed
+ for (int i = components.size() - 1; i >= 0; i--)
{
if (first)
{
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java b/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java
deleted file mode 100644
index 377fb8c..0000000
--- a/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java
+++ /dev/null
@@ -1,206 +0,0 @@
-package org.bouncycastle.asn1.x509;
-
-import java.util.ArrayList;
-import java.util.BitSet;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-
-// BEGIN android-note
-// This class was extracted from X509Name as a way to keep the element
-// list in a more controlled fashion.
-// END android-note
-
-/**
- * List of elements of an X509 name. Each element has a key, a value, and
- * an "added" flag.
- */
-public class X509NameElementList {
- /** null-ok; key #0 */
- private DERObjectIdentifier key0;
-
- /** null-ok; key #1 */
- private DERObjectIdentifier key1;
-
- /** null-ok; key #2 */
- private DERObjectIdentifier key2;
-
- /** null-ok; key #3 */
- private DERObjectIdentifier key3;
-
- /** null-ok; value #0 */
- private String value0;
-
- /** null-ok; value #1 */
- private String value1;
-
- /** null-ok; value #2 */
- private String value2;
-
- /** null-ok; value #3 */
- private String value3;
-
- /**
- * null-ok; array of additional keys and values, alternating
- * key then value, etc.
- */
- private ArrayList<Object> rest;
-
- /** bit vector for all the "added" bits */
- private BitSet added = new BitSet();
-
- /** >= 0; number of elements in the list */
- private int size;
-
- // Note: Default public constructor.
-
- /**
- * Adds an element. The "added" flag is set to false for the element.
- *
- * @param key non-null; the key
- * @param value non-null; the value
- */
- public void add(DERObjectIdentifier key, String value) {
- add(key, value, false);
- }
-
- /**
- * Adds an element.
- *
- * @param key non-null; the key
- * @param value non-null; the value
- * @param added the added bit
- */
- public void add(DERObjectIdentifier key, String value, boolean added) {
- if (key == null) {
- throw new NullPointerException("key == null");
- }
-
- if (value == null) {
- throw new NullPointerException("value == null");
- }
-
- int sz = size;
-
- switch (sz) {
- case 0: {
- key0 = key;
- value0 = value;
- break;
- }
- case 1: {
- key1 = key;
- value1 = value;
- break;
- }
- case 2: {
- key2 = key;
- value2 = value;
- break;
- }
- case 3: {
- key3 = key;
- value3 = value;
- break;
- }
- case 4: {
- // Do initial allocation of rest.
- rest = new ArrayList<Object>();
- // Fall through...
- }
- default: {
- rest.add(key);
- rest.add(value);
- break;
- }
- }
-
- if (added) {
- this.added.set(sz);
- }
-
- size = sz + 1;
- }
-
- /**
- * Sets the "added" flag on the most recently added element.
- */
- public void setLastAddedFlag() {
- added.set(size - 1);
- }
-
- /**
- * Gets the number of elements in this instance.
- */
- public int size() {
- return size;
- }
-
- /**
- * Gets the nth key.
- *
- * @param n index
- * @return non-null; the nth key
- */
- public DERObjectIdentifier getKey(int n) {
- if ((n < 0) || (n >= size)) {
- throw new IndexOutOfBoundsException(Integer.toString(n));
- }
-
- switch (n) {
- case 0: return key0;
- case 1: return key1;
- case 2: return key2;
- case 3: return key3;
- default: return (DERObjectIdentifier) rest.get((n - 4) * 2);
- }
- }
-
- /**
- * Gets the nth value.
- *
- * @param n index
- * @return non-null; the nth value
- */
- public String getValue(int n) {
- if ((n < 0) || (n >= size)) {
- throw new IndexOutOfBoundsException(Integer.toString(n));
- }
-
- switch (n) {
- case 0: return value0;
- case 1: return value1;
- case 2: return value2;
- case 3: return value3;
- default: return (String) rest.get(((n - 4) * 2) + 1);
- }
- }
-
- /**
- * Gets the nth added flag bit.
- *
- * @param n index
- * @return the nth added flag bit
- */
- public boolean getAdded(int n) {
- if ((n < 0) || (n >= size)) {
- throw new IndexOutOfBoundsException(Integer.toString(n));
- }
-
- return added.get(n);
- }
-
- /**
- * Constructs and returns a new instance which consists of the
- * elements of this one in reverse order
- *
- * @return non-null; the reversed instance
- */
- public X509NameElementList reverse() {
- X509NameElementList result = new X509NameElementList();
-
- for (int i = size - 1; i >= 0; i--) {
- result.add(getKey(i), getValue(i), getAdded(i));
- }
-
- return result;
- }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
index cbf7b76..b1e0ed1 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
@@ -1,6 +1,6 @@
package org.bouncycastle.asn1.x509;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface X509ObjectIdentifiers
{
@@ -9,54 +9,54 @@
//
static final String id = "2.5.4";
- static final DERObjectIdentifier commonName = new DERObjectIdentifier(id + ".3");
- static final DERObjectIdentifier countryName = new DERObjectIdentifier(id + ".6");
- static final DERObjectIdentifier localityName = new DERObjectIdentifier(id + ".7");
- static final DERObjectIdentifier stateOrProvinceName = new DERObjectIdentifier(id + ".8");
- static final DERObjectIdentifier organization = new DERObjectIdentifier(id + ".10");
- static final DERObjectIdentifier organizationalUnitName = new DERObjectIdentifier(id + ".11");
+ static final ASN1ObjectIdentifier commonName = new ASN1ObjectIdentifier(id + ".3");
+ static final ASN1ObjectIdentifier countryName = new ASN1ObjectIdentifier(id + ".6");
+ static final ASN1ObjectIdentifier localityName = new ASN1ObjectIdentifier(id + ".7");
+ static final ASN1ObjectIdentifier stateOrProvinceName = new ASN1ObjectIdentifier(id + ".8");
+ static final ASN1ObjectIdentifier organization = new ASN1ObjectIdentifier(id + ".10");
+ static final ASN1ObjectIdentifier organizationalUnitName = new ASN1ObjectIdentifier(id + ".11");
- static final DERObjectIdentifier id_at_telephoneNumber = new DERObjectIdentifier("2.5.4.20");
- static final DERObjectIdentifier id_at_name = new DERObjectIdentifier(id + ".41");
+ static final ASN1ObjectIdentifier id_at_telephoneNumber = new ASN1ObjectIdentifier("2.5.4.20");
+ static final ASN1ObjectIdentifier id_at_name = new ASN1ObjectIdentifier(id + ".41");
// id-SHA1 OBJECT IDENTIFIER ::=
// {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } //
- static final DERObjectIdentifier id_SHA1 = new DERObjectIdentifier("1.3.14.3.2.26");
+ static final ASN1ObjectIdentifier id_SHA1 = new ASN1ObjectIdentifier("1.3.14.3.2.26");
//
// ripemd160 OBJECT IDENTIFIER ::=
// {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) hashAlgorithm(2) RIPEMD-160(1)}
//
- static final DERObjectIdentifier ripemd160 = new DERObjectIdentifier("1.3.36.3.2.1");
+ static final ASN1ObjectIdentifier ripemd160 = new ASN1ObjectIdentifier("1.3.36.3.2.1");
//
// ripemd160WithRSAEncryption OBJECT IDENTIFIER ::=
// {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) rsaSignatureWithripemd160(2) }
//
- static final DERObjectIdentifier ripemd160WithRSAEncryption = new DERObjectIdentifier("1.3.36.3.3.1.2");
+ static final ASN1ObjectIdentifier ripemd160WithRSAEncryption = new ASN1ObjectIdentifier("1.3.36.3.3.1.2");
- static final DERObjectIdentifier id_ea_rsa = new DERObjectIdentifier("2.5.8.1.1");
+ static final ASN1ObjectIdentifier id_ea_rsa = new ASN1ObjectIdentifier("2.5.8.1.1");
// id-pkix
- static final DERObjectIdentifier id_pkix = new DERObjectIdentifier("1.3.6.1.5.5.7");
+ static final ASN1ObjectIdentifier id_pkix = new ASN1ObjectIdentifier("1.3.6.1.5.5.7");
//
// private internet extensions
//
- static final DERObjectIdentifier id_pe = new DERObjectIdentifier(id_pkix + ".1");
+ static final ASN1ObjectIdentifier id_pe = new ASN1ObjectIdentifier(id_pkix + ".1");
//
// authority information access
//
- static final DERObjectIdentifier id_ad = new DERObjectIdentifier(id_pkix + ".48");
- static final DERObjectIdentifier id_ad_caIssuers = new DERObjectIdentifier(id_ad + ".2");
- static final DERObjectIdentifier id_ad_ocsp = new DERObjectIdentifier(id_ad + ".1");
+ static final ASN1ObjectIdentifier id_ad = new ASN1ObjectIdentifier(id_pkix + ".48");
+ static final ASN1ObjectIdentifier id_ad_caIssuers = new ASN1ObjectIdentifier(id_ad + ".2");
+ static final ASN1ObjectIdentifier id_ad_ocsp = new ASN1ObjectIdentifier(id_ad + ".1");
//
// OID for ocsp and crl uri in AuthorityInformationAccess extension
//
- static final DERObjectIdentifier ocspAccessMethod = id_ad_ocsp;
- static final DERObjectIdentifier crlAccessMethod = id_ad_caIssuers;
+ static final ASN1ObjectIdentifier ocspAccessMethod = id_ad_ocsp;
+ static final ASN1ObjectIdentifier crlAccessMethod = id_ad_caIssuers;
}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java b/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
new file mode 100644
index 0000000..7867090
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
@@ -0,0 +1,139 @@
+package org.bouncycastle.asn1.x9;
+
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+
+public class DHDomainParameters
+ extends ASN1Encodable
+{
+ private DERInteger p, g, q, j;
+ private DHValidationParms validationParms;
+
+ public static DHDomainParameters getInstance(ASN1TaggedObject obj, boolean explicit)
+ {
+ return getInstance(ASN1Sequence.getInstance(obj, explicit));
+ }
+
+ public static DHDomainParameters getInstance(Object obj)
+ {
+ if (obj == null || obj instanceof DHDomainParameters)
+ {
+ return (DHDomainParameters)obj;
+ }
+
+ if (obj instanceof ASN1Sequence)
+ {
+ return new DHDomainParameters((ASN1Sequence)obj);
+ }
+
+ throw new IllegalArgumentException("Invalid DHDomainParameters: "
+ + obj.getClass().getName());
+ }
+
+ public DHDomainParameters(DERInteger p, DERInteger g, DERInteger q, DERInteger j,
+ DHValidationParms validationParms)
+ {
+ if (p == null)
+ {
+ throw new IllegalArgumentException("'p' cannot be null");
+ }
+ if (g == null)
+ {
+ throw new IllegalArgumentException("'g' cannot be null");
+ }
+ if (q == null)
+ {
+ throw new IllegalArgumentException("'q' cannot be null");
+ }
+
+ this.p = p;
+ this.g = g;
+ this.q = q;
+ this.j = j;
+ this.validationParms = validationParms;
+ }
+
+ private DHDomainParameters(ASN1Sequence seq)
+ {
+ if (seq.size() < 3 || seq.size() > 5)
+ {
+ throw new IllegalArgumentException("Bad sequence size: " + seq.size());
+ }
+
+ Enumeration e = seq.getObjects();
+ this.p = DERInteger.getInstance(e.nextElement());
+ this.g = DERInteger.getInstance(e.nextElement());
+ this.q = DERInteger.getInstance(e.nextElement());
+
+ DEREncodable next = getNext(e);
+
+ if (next != null && next instanceof DERInteger)
+ {
+ this.j = DERInteger.getInstance(next);
+ next = getNext(e);
+ }
+
+ if (next != null)
+ {
+ this.validationParms = DHValidationParms.getInstance(next.getDERObject());
+ }
+ }
+
+ private static DEREncodable getNext(Enumeration e)
+ {
+ return e.hasMoreElements() ? (DEREncodable)e.nextElement() : null;
+ }
+
+ public DERInteger getP()
+ {
+ return this.p;
+ }
+
+ public DERInteger getG()
+ {
+ return this.g;
+ }
+
+ public DERInteger getQ()
+ {
+ return this.q;
+ }
+
+ public DERInteger getJ()
+ {
+ return this.j;
+ }
+
+ public DHValidationParms getValidationParms()
+ {
+ return this.validationParms;
+ }
+
+ public DERObject toASN1Object()
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+ v.add(this.p);
+ v.add(this.g);
+ v.add(this.q);
+
+ if (this.j != null)
+ {
+ v.add(this.j);
+ }
+
+ if (this.validationParms != null)
+ {
+ v.add(this.validationParms);
+ }
+
+ return new DERSequence(v);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java b/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java
new file mode 100644
index 0000000..daafbeb
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java
@@ -0,0 +1,52 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+
+public class DHPublicKey
+ extends ASN1Encodable
+{
+ private DERInteger y;
+
+ public static DHPublicKey getInstance(ASN1TaggedObject obj, boolean explicit)
+ {
+ return getInstance(DERInteger.getInstance(obj, explicit));
+ }
+
+ public static DHPublicKey getInstance(Object obj)
+ {
+ if (obj == null || obj instanceof DHPublicKey)
+ {
+ return (DHPublicKey)obj;
+ }
+
+ if (obj instanceof DERInteger)
+ {
+ return new DHPublicKey((DERInteger)obj);
+ }
+
+ throw new IllegalArgumentException("Invalid DHPublicKey: " + obj.getClass().getName());
+ }
+
+ public DHPublicKey(DERInteger y)
+ {
+ if (y == null)
+ {
+ throw new IllegalArgumentException("'y' cannot be null");
+ }
+
+ this.y = y;
+ }
+
+ public DERInteger getY()
+ {
+ return this.y;
+ }
+
+ public DERObject toASN1Object()
+ {
+ return this.y;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java b/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
new file mode 100644
index 0000000..e801e1c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+
+public class DHValidationParms extends ASN1Encodable
+{
+ private DERBitString seed;
+ private DERInteger pgenCounter;
+
+ public static DHValidationParms getInstance(ASN1TaggedObject obj, boolean explicit)
+ {
+ return getInstance(ASN1Sequence.getInstance(obj, explicit));
+ }
+
+ public static DHValidationParms getInstance(Object obj)
+ {
+ if (obj == null || obj instanceof DHDomainParameters)
+ {
+ return (DHValidationParms)obj;
+ }
+
+ if (obj instanceof ASN1Sequence)
+ {
+ return new DHValidationParms((ASN1Sequence)obj);
+ }
+
+ throw new IllegalArgumentException("Invalid DHValidationParms: " + obj.getClass().getName());
+ }
+
+ public DHValidationParms(DERBitString seed, DERInteger pgenCounter)
+ {
+ if (seed == null)
+ {
+ throw new IllegalArgumentException("'seed' cannot be null");
+ }
+ if (pgenCounter == null)
+ {
+ throw new IllegalArgumentException("'pgenCounter' cannot be null");
+ }
+
+ this.seed = seed;
+ this.pgenCounter = pgenCounter;
+ }
+
+ private DHValidationParms(ASN1Sequence seq)
+ {
+ if (seq.size() != 2)
+ {
+ throw new IllegalArgumentException("Bad sequence size: " + seq.size());
+ }
+
+ this.seed = DERBitString.getInstance(seq.getObjectAt(0));
+ this.pgenCounter = DERInteger.getInstance(seq.getObjectAt(1));
+ }
+
+ public DERBitString getSeed()
+ {
+ return this.seed;
+ }
+
+ public DERInteger getPgenCounter()
+ {
+ return this.pgenCounter;
+ }
+
+ public DERObject toASN1Object()
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+ v.add(this.seed);
+ v.add(this.pgenCounter);
+ return new DERSequence(v);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java b/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
new file mode 100644
index 0000000..bda8dad
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
@@ -0,0 +1,621 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+
+/**
+ * table of the current named curves defined in X.962 EC-DSA.
+ */
+public class X962NamedCurves
+{
+ static X9ECParametersHolder prime192v1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ ECCurve cFp192v1 = new ECCurve.Fp(
+ new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
+ new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
+ new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16));
+
+ return new X9ECParameters(
+ cFp192v1,
+ cFp192v1.decodePoint(
+ Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")),
+ new BigInteger("ffffffffffffffffffffffff99def836146bc9b1b4d22831", 16),
+ BigInteger.valueOf(1),
+ Hex.decode("3045AE6FC8422f64ED579528D38120EAE12196D5"));
+ }
+ };
+
+ static X9ECParametersHolder prime192v2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ ECCurve cFp192v2 = new ECCurve.Fp(
+ new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
+ new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
+ new BigInteger("cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953", 16));
+
+ return new X9ECParameters(
+ cFp192v2,
+ cFp192v2.decodePoint(
+ Hex.decode("03eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a")),
+ new BigInteger("fffffffffffffffffffffffe5fb1a724dc80418648d8dd31", 16),
+ BigInteger.valueOf(1),
+ Hex.decode("31a92ee2029fd10d901b113e990710f0d21ac6b6"));
+ }
+ };
+
+ static X9ECParametersHolder prime192v3 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ ECCurve cFp192v3 = new ECCurve.Fp(
+ new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
+ new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
+ new BigInteger("22123dc2395a05caa7423daeccc94760a7d462256bd56916", 16));
+
+ return new X9ECParameters(
+ cFp192v3,
+ cFp192v3.decodePoint(
+ Hex.decode("027d29778100c65a1da1783716588dce2b8b4aee8e228f1896")),
+ new BigInteger("ffffffffffffffffffffffff7a62d031c83f4294f640ec13", 16),
+ BigInteger.valueOf(1),
+ Hex.decode("c469684435deb378c4b65ca9591e2a5763059a2e"));
+ }
+ };
+
+ static X9ECParametersHolder prime239v1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ ECCurve cFp239v1 = new ECCurve.Fp(
+ new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
+ new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
+ new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16));
+
+ return new X9ECParameters(
+ cFp239v1,
+ cFp239v1.decodePoint(
+ Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")),
+ new BigInteger("7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b", 16),
+ BigInteger.valueOf(1),
+ Hex.decode("e43bb460f0b80cc0c0b075798e948060f8321b7d"));
+ }
+ };
+
+ static X9ECParametersHolder prime239v2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ ECCurve cFp239v2 = new ECCurve.Fp(
+ new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
+ new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
+ new BigInteger("617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c", 16));
+
+ return new X9ECParameters(
+ cFp239v2,
+ cFp239v2.decodePoint(
+ Hex.decode("0238af09d98727705120c921bb5e9e26296a3cdcf2f35757a0eafd87b830e7")),
+ new BigInteger("7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063", 16),
+ BigInteger.valueOf(1),
+ Hex.decode("e8b4011604095303ca3b8099982be09fcb9ae616"));
+ }
+ };
+
+ static X9ECParametersHolder prime239v3 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ ECCurve cFp239v3 = new ECCurve.Fp(
+ new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
+ new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
+ new BigInteger("255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e", 16));
+
+ return new X9ECParameters(
+ cFp239v3,
+ cFp239v3.decodePoint(
+ Hex.decode("036768ae8e18bb92cfcf005c949aa2c6d94853d0e660bbf854b1c9505fe95a")),
+ new BigInteger("7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551", 16),
+ BigInteger.valueOf(1),
+ Hex.decode("7d7374168ffe3471b60a857686a19475d3bfa2ff"));
+ }
+ };
+
+ static X9ECParametersHolder prime256v1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ ECCurve cFp256v1 = new ECCurve.Fp(
+ new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951"),
+ new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+ new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16));
+
+ return new X9ECParameters(
+ cFp256v1,
+ cFp256v1.decodePoint(
+ Hex.decode("036b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296")),
+ new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+ BigInteger.valueOf(1),
+ Hex.decode("c49d360886e704936a6678e1139d26b7819f7e90"));
+ }
+ };
+
+ /*
+ * F2m Curves
+ */
+ static X9ECParametersHolder c2pnb163v1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m163v1n = new BigInteger("0400000000000000000001E60FC8821CC74DAEAFC1", 16);
+ BigInteger c2m163v1h = BigInteger.valueOf(2);
+
+ ECCurve c2m163v1 = new ECCurve.F2m(
+ 163,
+ 1, 2, 8,
+ new BigInteger("072546B5435234A422E0789675F432C89435DE5242", 16),
+ new BigInteger("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", 16),
+ c2m163v1n, c2m163v1h);
+
+ return new X9ECParameters(
+ c2m163v1,
+ c2m163v1.decodePoint(
+ Hex.decode("0307AF69989546103D79329FCC3D74880F33BBE803CB")),
+ c2m163v1n, c2m163v1h,
+ Hex.decode("D2COFB15760860DEF1EEF4D696E6768756151754"));
+ }
+ };
+
+ static X9ECParametersHolder c2pnb163v2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m163v2n = new BigInteger("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 16);
+ BigInteger c2m163v2h = BigInteger.valueOf(2);
+
+ ECCurve c2m163v2 = new ECCurve.F2m(
+ 163,
+ 1, 2, 8,
+ new BigInteger("0108B39E77C4B108BED981ED0E890E117C511CF072", 16),
+ new BigInteger("0667ACEB38AF4E488C407433FFAE4F1C811638DF20", 16),
+ c2m163v2n, c2m163v2h);
+
+ return new X9ECParameters(
+ c2m163v2,
+ c2m163v2.decodePoint(
+ Hex.decode("030024266E4EB5106D0A964D92C4860E2671DB9B6CC5")),
+ c2m163v2n, c2m163v2h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2pnb163v3 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m163v3n = new BigInteger("03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 16);
+ BigInteger c2m163v3h = BigInteger.valueOf(2);
+
+ ECCurve c2m163v3 = new ECCurve.F2m(
+ 163,
+ 1, 2, 8,
+ new BigInteger("07A526C63D3E25A256A007699F5447E32AE456B50E", 16),
+ new BigInteger("03F7061798EB99E238FD6F1BF95B48FEEB4854252B", 16),
+ c2m163v3n, c2m163v3h);
+
+ return new X9ECParameters(
+ c2m163v3,
+ c2m163v3.decodePoint(
+ Hex.decode("0202F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB")),
+ c2m163v3n, c2m163v3h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2pnb176w1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m176w1n = new BigInteger("010092537397ECA4F6145799D62B0A19CE06FE26AD", 16);
+ BigInteger c2m176w1h = BigInteger.valueOf(0xFF6E);
+
+ ECCurve c2m176w1 = new ECCurve.F2m(
+ 176,
+ 1, 2, 43,
+ new BigInteger("00E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", 16),
+ new BigInteger("005DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", 16),
+ c2m176w1n, c2m176w1h);
+
+ return new X9ECParameters(
+ c2m176w1,
+ c2m176w1.decodePoint(
+ Hex.decode("038D16C2866798B600F9F08BB4A8E860F3298CE04A5798")),
+ c2m176w1n, c2m176w1h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2tnb191v1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m191v1n = new BigInteger("40000000000000000000000004A20E90C39067C893BBB9A5", 16);
+ BigInteger c2m191v1h = BigInteger.valueOf(2);
+
+ ECCurve c2m191v1 = new ECCurve.F2m(
+ 191,
+ 9,
+ new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16),
+ new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16),
+ c2m191v1n, c2m191v1h);
+
+ return new X9ECParameters(
+ c2m191v1,
+ c2m191v1.decodePoint(
+ Hex.decode("0236B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D")),
+ c2m191v1n, c2m191v1h,
+ Hex.decode("4E13CA542744D696E67687561517552F279A8C84"));
+ }
+ };
+
+ static X9ECParametersHolder c2tnb191v2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m191v2n = new BigInteger("20000000000000000000000050508CB89F652824E06B8173", 16);
+ BigInteger c2m191v2h = BigInteger.valueOf(4);
+
+ ECCurve c2m191v2 = new ECCurve.F2m(
+ 191,
+ 9,
+ new BigInteger("401028774D7777C7B7666D1366EA432071274F89FF01E718", 16),
+ new BigInteger("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", 16),
+ c2m191v2n, c2m191v2h);
+
+ return new X9ECParameters(
+ c2m191v2,
+ c2m191v2.decodePoint(
+ Hex.decode("023809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10")),
+ c2m191v2n, c2m191v2h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2tnb191v3 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m191v3n = new BigInteger("155555555555555555555555610C0B196812BFB6288A3EA3", 16);
+ BigInteger c2m191v3h = BigInteger.valueOf(6);
+
+ ECCurve c2m191v3 = new ECCurve.F2m(
+ 191,
+ 9,
+ new BigInteger("6C01074756099122221056911C77D77E77A777E7E7E77FCB", 16),
+ new BigInteger("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", 16),
+ c2m191v3n, c2m191v3h);
+
+ return new X9ECParameters(
+ c2m191v3,
+ c2m191v3.decodePoint(
+ Hex.decode("03375D4CE24FDE434489DE8746E71786015009E66E38A926DD")),
+ c2m191v3n, c2m191v3h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2pnb208w1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m208w1n = new BigInteger("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 16);
+ BigInteger c2m208w1h = BigInteger.valueOf(0xFE48);
+
+ ECCurve c2m208w1 = new ECCurve.F2m(
+ 208,
+ 1, 2, 83,
+ new BigInteger("0", 16),
+ new BigInteger("00C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", 16),
+ c2m208w1n, c2m208w1h);
+
+ return new X9ECParameters(
+ c2m208w1,
+ c2m208w1.decodePoint(
+ Hex.decode("0289FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A")),
+ c2m208w1n, c2m208w1h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2tnb239v1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m239v1n = new BigInteger("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 16);
+ BigInteger c2m239v1h = BigInteger.valueOf(4);
+
+ ECCurve c2m239v1 = new ECCurve.F2m(
+ 239,
+ 36,
+ new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16),
+ new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16),
+ c2m239v1n, c2m239v1h);
+
+ return new X9ECParameters(
+ c2m239v1,
+ c2m239v1.decodePoint(
+ Hex.decode("0257927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D")),
+ c2m239v1n, c2m239v1h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2tnb239v2 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m239v2n = new BigInteger("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 16);
+ BigInteger c2m239v2h = BigInteger.valueOf(6);
+
+ ECCurve c2m239v2 = new ECCurve.F2m(
+ 239,
+ 36,
+ new BigInteger("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", 16),
+ new BigInteger("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", 16),
+ c2m239v2n, c2m239v2h);
+
+ return new X9ECParameters(
+ c2m239v2,
+ c2m239v2.decodePoint(
+ Hex.decode("0228F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205")),
+ c2m239v2n, c2m239v2h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2tnb239v3 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m239v3n = new BigInteger("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 16);
+ BigInteger c2m239v3h = BigInteger.valueOf(10);
+
+ ECCurve c2m239v3 = new ECCurve.F2m(
+ 239,
+ 36,
+ new BigInteger("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", 16),
+ new BigInteger("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", 16),
+ c2m239v3n, c2m239v3h);
+
+ return new X9ECParameters(
+ c2m239v3,
+ c2m239v3.decodePoint(
+ Hex.decode("0370F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92")),
+ c2m239v3n, c2m239v3h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2pnb272w1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m272w1n = new BigInteger("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 16);
+ BigInteger c2m272w1h = BigInteger.valueOf(0xFF06);
+
+ ECCurve c2m272w1 = new ECCurve.F2m(
+ 272,
+ 1, 3, 56,
+ new BigInteger("0091A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", 16),
+ new BigInteger("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", 16),
+ c2m272w1n, c2m272w1h);
+
+ return new X9ECParameters(
+ c2m272w1,
+ c2m272w1.decodePoint(
+ Hex.decode("026108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D")),
+ c2m272w1n, c2m272w1h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2pnb304w1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m304w1n = new BigInteger("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", 16);
+ BigInteger c2m304w1h = BigInteger.valueOf(0xFE2E);
+
+ ECCurve c2m304w1 = new ECCurve.F2m(
+ 304,
+ 1, 2, 11,
+ new BigInteger("00FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", 16),
+ new BigInteger("00BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", 16),
+ c2m304w1n, c2m304w1h);
+
+ return new X9ECParameters(
+ c2m304w1,
+ c2m304w1.decodePoint(
+ Hex.decode("02197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614")),
+ c2m304w1n, c2m304w1h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2tnb359v1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m359v1n = new BigInteger("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", 16);
+ BigInteger c2m359v1h = BigInteger.valueOf(0x4C);
+
+ ECCurve c2m359v1 = new ECCurve.F2m(
+ 359,
+ 68,
+ new BigInteger("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", 16),
+ new BigInteger("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", 16),
+ c2m359v1n, c2m359v1h);
+
+ return new X9ECParameters(
+ c2m359v1,
+ c2m359v1.decodePoint(
+ Hex.decode("033C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097")),
+ c2m359v1n, c2m359v1h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2pnb368w1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m368w1n = new BigInteger("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", 16);
+ BigInteger c2m368w1h = BigInteger.valueOf(0xFF70);
+
+ ECCurve c2m368w1 = new ECCurve.F2m(
+ 368,
+ 1, 2, 85,
+ new BigInteger("00E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", 16),
+ new BigInteger("00FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", 16),
+ c2m368w1n, c2m368w1h);
+
+ return new X9ECParameters(
+ c2m368w1,
+ c2m368w1.decodePoint(
+ Hex.decode("021085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F")),
+ c2m368w1n, c2m368w1h,
+ null);
+ }
+ };
+
+ static X9ECParametersHolder c2tnb431r1 = new X9ECParametersHolder()
+ {
+ protected X9ECParameters createParameters()
+ {
+ BigInteger c2m431r1n = new BigInteger("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", 16);
+ BigInteger c2m431r1h = BigInteger.valueOf(0x2760);
+
+ ECCurve c2m431r1 = new ECCurve.F2m(
+ 431,
+ 120,
+ new BigInteger("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", 16),
+ new BigInteger("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", 16),
+ c2m431r1n, c2m431r1h);
+
+ return new X9ECParameters(
+ c2m431r1,
+ c2m431r1.decodePoint(
+ Hex.decode("02120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7")),
+ c2m431r1n, c2m431r1h,
+ null);
+ }
+ };
+
+ static final Hashtable objIds = new Hashtable();
+ static final Hashtable curves = new Hashtable();
+ static final Hashtable names = new Hashtable();
+
+ static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder)
+ {
+ objIds.put(name, oid);
+ names.put(oid, name);
+ curves.put(oid, holder);
+ }
+
+ static
+ {
+ defineCurve("prime192v1", X9ObjectIdentifiers.prime192v1, prime192v1);
+ defineCurve("prime192v2", X9ObjectIdentifiers.prime192v2, prime192v2);
+ defineCurve("prime192v3", X9ObjectIdentifiers.prime192v3, prime192v3);
+ defineCurve("prime239v1", X9ObjectIdentifiers.prime239v1, prime239v1);
+ defineCurve("prime239v2", X9ObjectIdentifiers.prime239v2, prime239v2);
+ defineCurve("prime239v3", X9ObjectIdentifiers.prime239v3, prime239v3);
+ defineCurve("prime256v1", X9ObjectIdentifiers.prime256v1, prime256v1);
+ defineCurve("c2pnb163v1", X9ObjectIdentifiers.c2pnb163v1, c2pnb163v1);
+ defineCurve("c2pnb163v2", X9ObjectIdentifiers.c2pnb163v2, c2pnb163v2);
+ defineCurve("c2pnb163v3", X9ObjectIdentifiers.c2pnb163v3, c2pnb163v3);
+ defineCurve("c2pnb176w1", X9ObjectIdentifiers.c2pnb176w1, c2pnb176w1);
+ defineCurve("c2tnb191v1", X9ObjectIdentifiers.c2tnb191v1, c2tnb191v1);
+ defineCurve("c2tnb191v2", X9ObjectIdentifiers.c2tnb191v2, c2tnb191v2);
+ defineCurve("c2tnb191v3", X9ObjectIdentifiers.c2tnb191v3, c2tnb191v3);
+ defineCurve("c2pnb208w1", X9ObjectIdentifiers.c2pnb208w1, c2pnb208w1);
+ defineCurve("c2tnb239v1", X9ObjectIdentifiers.c2tnb239v1, c2tnb239v1);
+ defineCurve("c2tnb239v2", X9ObjectIdentifiers.c2tnb239v2, c2tnb239v2);
+ defineCurve("c2tnb239v3", X9ObjectIdentifiers.c2tnb239v3, c2tnb239v3);
+ defineCurve("c2pnb272w1", X9ObjectIdentifiers.c2pnb272w1, c2pnb272w1);
+ defineCurve("c2pnb304w1", X9ObjectIdentifiers.c2pnb304w1, c2pnb304w1);
+ defineCurve("c2tnb359v1", X9ObjectIdentifiers.c2tnb359v1, c2tnb359v1);
+ defineCurve("c2pnb368w1", X9ObjectIdentifiers.c2pnb368w1, c2pnb368w1);
+ defineCurve("c2tnb431r1", X9ObjectIdentifiers.c2tnb431r1, c2tnb431r1);
+ }
+
+ public static X9ECParameters getByName(
+ String name)
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+
+ if (oid != null)
+ {
+ return getByOID(oid);
+ }
+
+ return null;
+ }
+
+ /**
+ * return the X9ECParameters object for the named curve represented by
+ * the passed in object identifier. Null if the curve isn't present.
+ *
+ * @param oid an object identifier representing a named curve, if present.
+ */
+ public static X9ECParameters getByOID(
+ DERObjectIdentifier oid)
+ {
+ X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid);
+
+ if (holder != null)
+ {
+ return holder.getParameters();
+ }
+
+ return null;
+ }
+
+ /**
+ * return the object identifier signified by the passed in name. Null
+ * if there is no object identifier associated with name.
+ *
+ * @return the object identifier associated with name, if present.
+ */
+ public static DERObjectIdentifier getOID(
+ String name)
+ {
+ return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+ }
+
+ /**
+ * return the named curve name represented by the given object identifier.
+ */
+ public static String getName(
+ DERObjectIdentifier oid)
+ {
+ return (String)names.get(oid);
+ }
+
+ /**
+ * returns an enumeration containing the name strings for curves
+ * contained in this structure.
+ */
+ public static Enumeration getNames()
+ {
+ return objIds.keys();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java b/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
new file mode 100644
index 0000000..de35186
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
@@ -0,0 +1,86 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Null;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+
+public class X962Parameters
+ extends ASN1Encodable
+ implements ASN1Choice
+{
+ private DERObject params = null;
+
+ public static X962Parameters getInstance(
+ Object obj)
+ {
+ if (obj == null || obj instanceof X962Parameters)
+ {
+ return (X962Parameters)obj;
+ }
+
+ if (obj instanceof DERObject)
+ {
+ return new X962Parameters((DERObject)obj);
+ }
+
+ throw new IllegalArgumentException("unknown object in getInstance()");
+ }
+
+ public static X962Parameters getInstance(
+ ASN1TaggedObject obj,
+ boolean explicit)
+ {
+ return getInstance(obj.getObject()); // must be explicitly tagged
+ }
+
+ public X962Parameters(
+ X9ECParameters ecParameters)
+ {
+ this.params = ecParameters.getDERObject();
+ }
+
+ public X962Parameters(
+ DERObjectIdentifier namedCurve)
+ {
+ this.params = namedCurve;
+ }
+
+ public X962Parameters(
+ DERObject obj)
+ {
+ this.params = obj;
+ }
+
+ public boolean isNamedCurve()
+ {
+ return (params instanceof DERObjectIdentifier);
+ }
+
+ public boolean isImplicitlyCA()
+ {
+ return (params instanceof ASN1Null);
+ }
+
+ public DERObject getParameters()
+ {
+ return params;
+ }
+
+ /**
+ * Produce an object suitable for an ASN1OutputStream.
+ * <pre>
+ * Parameters ::= CHOICE {
+ * ecParameters ECParameters,
+ * namedCurve CURVES.&id({CurveNames}),
+ * implicitlyCA NULL
+ * }
+ * </pre>
+ */
+ public DERObject toASN1Object()
+ {
+ return params;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
new file mode 100644
index 0000000..8f46c07
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
@@ -0,0 +1,161 @@
+package org.bouncycastle.asn1.x9;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.math.ec.ECCurve;
+
+/**
+ * ASN.1 def for Elliptic-Curve Curve structure. See
+ * X9.62, for further details.
+ */
+public class X9Curve
+ extends ASN1Encodable
+ implements X9ObjectIdentifiers
+{
+ private ECCurve curve;
+ private byte[] seed;
+ private DERObjectIdentifier fieldIdentifier = null;
+
+ public X9Curve(
+ ECCurve curve)
+ {
+ this.curve = curve;
+ this.seed = null;
+ setFieldIdentifier();
+ }
+
+ public X9Curve(
+ ECCurve curve,
+ byte[] seed)
+ {
+ this.curve = curve;
+ this.seed = seed;
+ setFieldIdentifier();
+ }
+
+ public X9Curve(
+ X9FieldID fieldID,
+ ASN1Sequence seq)
+ {
+ fieldIdentifier = fieldID.getIdentifier();
+ if (fieldIdentifier.equals(prime_field))
+ {
+ BigInteger p = ((DERInteger)fieldID.getParameters()).getValue();
+ X9FieldElement x9A = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(0));
+ X9FieldElement x9B = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(1));
+ curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
+ }
+ else
+ {
+ if (fieldIdentifier.equals(characteristic_two_field))
+ {
+ // Characteristic two field
+ DERSequence parameters = (DERSequence)fieldID.getParameters();
+ int m = ((DERInteger)parameters.getObjectAt(0)).getValue().
+ intValue();
+ DERObjectIdentifier representation
+ = (DERObjectIdentifier)parameters.getObjectAt(1);
+
+ int k1 = 0;
+ int k2 = 0;
+ int k3 = 0;
+ if (representation.equals(tpBasis))
+ {
+ // Trinomial basis representation
+ k1 = ((DERInteger)parameters.getObjectAt(2)).getValue().
+ intValue();
+ }
+ else
+ {
+ // Pentanomial basis representation
+ DERSequence pentanomial
+ = (DERSequence)parameters.getObjectAt(2);
+ k1 = ((DERInteger)pentanomial.getObjectAt(0)).getValue().
+ intValue();
+ k2 = ((DERInteger)pentanomial.getObjectAt(1)).getValue().
+ intValue();
+ k3 = ((DERInteger)pentanomial.getObjectAt(2)).getValue().
+ intValue();
+ }
+ X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0));
+ X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1));
+ // TODO Is it possible to get the order (n) and cofactor(h) too?
+ curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
+ }
+ }
+
+ if (seq.size() == 3)
+ {
+ seed = ((DERBitString)seq.getObjectAt(2)).getBytes();
+ }
+ }
+
+ private void setFieldIdentifier()
+ {
+ if (curve instanceof ECCurve.Fp)
+ {
+ fieldIdentifier = prime_field;
+ }
+ else if (curve instanceof ECCurve.F2m)
+ {
+ fieldIdentifier = characteristic_two_field;
+ }
+ else
+ {
+ throw new IllegalArgumentException("This type of ECCurve is not "
+ + "implemented");
+ }
+ }
+
+ public ECCurve getCurve()
+ {
+ return curve;
+ }
+
+ public byte[] getSeed()
+ {
+ return seed;
+ }
+
+ /**
+ * Produce an object suitable for an ASN1OutputStream.
+ * <pre>
+ * Curve ::= SEQUENCE {
+ * a FieldElement,
+ * b FieldElement,
+ * seed BIT STRING OPTIONAL
+ * }
+ * </pre>
+ */
+ public DERObject toASN1Object()
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ if (fieldIdentifier.equals(prime_field))
+ {
+ v.add(new X9FieldElement(curve.getA()).getDERObject());
+ v.add(new X9FieldElement(curve.getB()).getDERObject());
+ }
+ else if (fieldIdentifier.equals(characteristic_two_field))
+ {
+ v.add(new X9FieldElement(curve.getA()).getDERObject());
+ v.add(new X9FieldElement(curve.getB()).getDERObject());
+ }
+
+ if (seed != null)
+ {
+ v.add(new DERBitString(seed));
+ }
+
+ return new DERSequence(v);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
new file mode 100644
index 0000000..c3b0d66
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
@@ -0,0 +1,161 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+import java.math.BigInteger;
+
+/**
+ * ASN.1 def for Elliptic-Curve ECParameters structure. See
+ * X9.62, for further details.
+ */
+public class X9ECParameters
+ extends ASN1Encodable
+ implements X9ObjectIdentifiers
+{
+ private static final BigInteger ONE = BigInteger.valueOf(1);
+
+ private X9FieldID fieldID;
+ private ECCurve curve;
+ private ECPoint g;
+ private BigInteger n;
+ private BigInteger h;
+ private byte[] seed;
+
+ public X9ECParameters(
+ ASN1Sequence seq)
+ {
+ if (!(seq.getObjectAt(0) instanceof DERInteger)
+ || !((DERInteger)seq.getObjectAt(0)).getValue().equals(ONE))
+ {
+ throw new IllegalArgumentException("bad version in X9ECParameters");
+ }
+
+ X9Curve x9c = new X9Curve(
+ new X9FieldID((ASN1Sequence)seq.getObjectAt(1)),
+ (ASN1Sequence)seq.getObjectAt(2));
+
+ this.curve = x9c.getCurve();
+ this.g = new X9ECPoint(curve, (ASN1OctetString)seq.getObjectAt(3)).getPoint();
+ this.n = ((DERInteger)seq.getObjectAt(4)).getValue();
+ this.seed = x9c.getSeed();
+
+ if (seq.size() == 6)
+ {
+ this.h = ((DERInteger)seq.getObjectAt(5)).getValue();
+ }
+ }
+
+ public X9ECParameters(
+ ECCurve curve,
+ ECPoint g,
+ BigInteger n)
+ {
+ this(curve, g, n, ONE, null);
+ }
+
+ public X9ECParameters(
+ ECCurve curve,
+ ECPoint g,
+ BigInteger n,
+ BigInteger h)
+ {
+ this(curve, g, n, h, null);
+ }
+
+ public X9ECParameters(
+ ECCurve curve,
+ ECPoint g,
+ BigInteger n,
+ BigInteger h,
+ byte[] seed)
+ {
+ this.curve = curve;
+ this.g = g;
+ this.n = n;
+ this.h = h;
+ this.seed = seed;
+
+ if (curve instanceof ECCurve.Fp)
+ {
+ this.fieldID = new X9FieldID(((ECCurve.Fp)curve).getQ());
+ }
+ else
+ {
+ if (curve instanceof ECCurve.F2m)
+ {
+ ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
+ this.fieldID = new X9FieldID(curveF2m.getM(), curveF2m.getK1(),
+ curveF2m.getK2(), curveF2m.getK3());
+ }
+ }
+ }
+
+ public ECCurve getCurve()
+ {
+ return curve;
+ }
+
+ public ECPoint getG()
+ {
+ return g;
+ }
+
+ public BigInteger getN()
+ {
+ return n;
+ }
+
+ public BigInteger getH()
+ {
+ if (h == null)
+ {
+ return ONE; // TODO - this should be calculated, it will cause issues with custom curves.
+ }
+
+ return h;
+ }
+
+ public byte[] getSeed()
+ {
+ return seed;
+ }
+
+ /**
+ * Produce an object suitable for an ASN1OutputStream.
+ * <pre>
+ * ECParameters ::= SEQUENCE {
+ * version INTEGER { ecpVer1(1) } (ecpVer1),
+ * fieldID FieldID {{FieldTypes}},
+ * curve X9Curve,
+ * base X9ECPoint,
+ * order INTEGER,
+ * cofactor INTEGER OPTIONAL
+ * }
+ * </pre>
+ */
+ public DERObject toASN1Object()
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(new DERInteger(1));
+ v.add(fieldID);
+ v.add(new X9Curve(curve, seed));
+ v.add(new X9ECPoint(g));
+ v.add(new DERInteger(n));
+
+ if (h != null)
+ {
+ v.add(new DERInteger(h));
+ }
+
+ return new DERSequence(v);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java
new file mode 100644
index 0000000..47361f8
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java
@@ -0,0 +1,18 @@
+package org.bouncycastle.asn1.x9;
+
+public abstract class X9ECParametersHolder
+{
+ private X9ECParameters params;
+
+ public X9ECParameters getParameters()
+ {
+ if (params == null)
+ {
+ params = createParameters();
+ }
+
+ return params;
+ }
+
+ protected abstract X9ECParameters createParameters();
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java
new file mode 100644
index 0000000..470b3d6
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * class for describing an ECPoint as a DER object.
+ */
+public class X9ECPoint
+ extends ASN1Encodable
+{
+ ECPoint p;
+
+ public X9ECPoint(
+ ECPoint p)
+ {
+ this.p = p;
+ }
+
+ public X9ECPoint(
+ ECCurve c,
+ ASN1OctetString s)
+ {
+ this.p = c.decodePoint(s.getOctets());
+ }
+
+ public ECPoint getPoint()
+ {
+ return p;
+ }
+
+ /**
+ * Produce an object suitable for an ASN1OutputStream.
+ * <pre>
+ * ECPoint ::= OCTET STRING
+ * </pre>
+ * <p>
+ * Octet string produced using ECPoint.getEncoded().
+ */
+ public DERObject toASN1Object()
+ {
+ return new DEROctetString(p.getEncoded());
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java b/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java
new file mode 100644
index 0000000..2173d2a
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java
@@ -0,0 +1,64 @@
+package org.bouncycastle.asn1.x9;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.math.ec.ECFieldElement;
+
+/**
+ * class for processing an FieldElement as a DER object.
+ */
+public class X9FieldElement
+ extends ASN1Encodable
+{
+ protected ECFieldElement f;
+
+ private static X9IntegerConverter converter = new X9IntegerConverter();
+
+ public X9FieldElement(ECFieldElement f)
+ {
+ this.f = f;
+ }
+
+ public X9FieldElement(BigInteger p, ASN1OctetString s)
+ {
+ this(new ECFieldElement.Fp(p, new BigInteger(1, s.getOctets())));
+ }
+
+ public X9FieldElement(int m, int k1, int k2, int k3, ASN1OctetString s)
+ {
+ this(new ECFieldElement.F2m(m, k1, k2, k3, new BigInteger(1, s.getOctets())));
+ }
+
+ public ECFieldElement getValue()
+ {
+ return f;
+ }
+
+ /**
+ * Produce an object suitable for an ASN1OutputStream.
+ * <pre>
+ * FieldElement ::= OCTET STRING
+ * </pre>
+ * <p>
+ * <ol>
+ * <li> if <i>q</i> is an odd prime then the field element is
+ * processed as an Integer and converted to an octet string
+ * according to x 9.62 4.3.1.</li>
+ * <li> if <i>q</i> is 2<sup>m</sup> then the bit string
+ * contained in the field element is converted into an octet
+ * string with the same ordering padded at the front if necessary.
+ * </li>
+ * </ol>
+ */
+ public DERObject toASN1Object()
+ {
+ int byteCount = converter.getByteLength(f);
+ byte[] paddedBigInteger = converter.integerToBytes(f.toBigInteger(), byteCount);
+
+ return new DEROctetString(paddedBigInteger);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java b/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
new file mode 100644
index 0000000..c2c2ef9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
@@ -0,0 +1,109 @@
+package org.bouncycastle.asn1.x9;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+
+/**
+ * ASN.1 def for Elliptic-Curve Field ID structure. See
+ * X9.62, for further details.
+ */
+public class X9FieldID
+ extends ASN1Encodable
+ implements X9ObjectIdentifiers
+{
+ private DERObjectIdentifier id;
+ private DERObject parameters;
+
+ /**
+ * Constructor for elliptic curves over prime fields
+ * <code>F<sub>2</sub></code>.
+ * @param primeP The prime <code>p</code> defining the prime field.
+ */
+ public X9FieldID(BigInteger primeP)
+ {
+ this.id = prime_field;
+ this.parameters = new DERInteger(primeP);
+ }
+
+ /**
+ * Constructor for elliptic curves over binary fields
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param m The exponent <code>m</code> of
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>..
+ */
+ public X9FieldID(int m, int k1, int k2, int k3)
+ {
+ this.id = characteristic_two_field;
+ ASN1EncodableVector fieldIdParams = new ASN1EncodableVector();
+ fieldIdParams.add(new DERInteger(m));
+
+ if (k2 == 0)
+ {
+ fieldIdParams.add(tpBasis);
+ fieldIdParams.add(new DERInteger(k1));
+ }
+ else
+ {
+ fieldIdParams.add(ppBasis);
+ ASN1EncodableVector pentanomialParams = new ASN1EncodableVector();
+ pentanomialParams.add(new DERInteger(k1));
+ pentanomialParams.add(new DERInteger(k2));
+ pentanomialParams.add(new DERInteger(k3));
+ fieldIdParams.add(new DERSequence(pentanomialParams));
+ }
+
+ this.parameters = new DERSequence(fieldIdParams);
+ }
+
+ public X9FieldID(
+ ASN1Sequence seq)
+ {
+ this.id = (DERObjectIdentifier)seq.getObjectAt(0);
+ this.parameters = (DERObject)seq.getObjectAt(1);
+ }
+
+ public DERObjectIdentifier getIdentifier()
+ {
+ return id;
+ }
+
+ public DERObject getParameters()
+ {
+ return parameters;
+ }
+
+ /**
+ * Produce a DER encoding of the following structure.
+ * <pre>
+ * FieldID ::= SEQUENCE {
+ * fieldType FIELD-ID.&id({IOSet}),
+ * parameters FIELD-ID.&Type({IOSet}{@fieldType})
+ * }
+ * </pre>
+ */
+ public DERObject toASN1Object()
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(this.id);
+ v.add(this.parameters);
+
+ return new DERSequence(v);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java b/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java
new file mode 100644
index 0000000..ae820ab
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java
@@ -0,0 +1,47 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+
+import java.math.BigInteger;
+
+public class X9IntegerConverter
+{
+ public int getByteLength(
+ ECCurve c)
+ {
+ return (c.getFieldSize() + 7) / 8;
+ }
+
+ public int getByteLength(
+ ECFieldElement fe)
+ {
+ return (fe.getFieldSize() + 7) / 8;
+ }
+
+ public byte[] integerToBytes(
+ BigInteger s,
+ int qLength)
+ {
+ byte[] bytes = s.toByteArray();
+
+ if (qLength < bytes.length)
+ {
+ byte[] tmp = new byte[qLength];
+
+ System.arraycopy(bytes, bytes.length - tmp.length, tmp, 0, tmp.length);
+
+ return tmp;
+ }
+ else if (qLength > bytes.length)
+ {
+ byte[] tmp = new byte[qLength];
+
+ System.arraycopy(bytes, 0, tmp, tmp.length - bytes.length, bytes.length);
+
+ return tmp;
+ }
+
+ return bytes;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
index 5473d48..6c1fcd7 100644
--- a/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
@@ -1,6 +1,6 @@
package org.bouncycastle.asn1.x9;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
public interface X9ObjectIdentifiers
{
@@ -10,92 +10,107 @@
// ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
// us(840) ansi-x962(10045) }
//
- static final String ansi_X9_62 = "1.2.840.10045";
- static final String id_fieldType = ansi_X9_62 + ".1";
+ static final ASN1ObjectIdentifier ansi_X9_62 = new ASN1ObjectIdentifier("1.2.840.10045");
+ static final ASN1ObjectIdentifier id_fieldType = ansi_X9_62.branch("1");
- static final DERObjectIdentifier prime_field
- = new DERObjectIdentifier(id_fieldType + ".1");
+ static final ASN1ObjectIdentifier prime_field = id_fieldType.branch("1");
- static final DERObjectIdentifier characteristic_two_field
- = new DERObjectIdentifier(id_fieldType + ".2");
+ static final ASN1ObjectIdentifier characteristic_two_field = id_fieldType.branch("2");
- static final DERObjectIdentifier gnBasis
- = new DERObjectIdentifier(id_fieldType + ".2.3.1");
+ static final ASN1ObjectIdentifier gnBasis = id_fieldType.branch("2.3.1");
- static final DERObjectIdentifier tpBasis
- = new DERObjectIdentifier(id_fieldType + ".2.3.2");
+ static final ASN1ObjectIdentifier tpBasis = id_fieldType.branch("2.3.2");
- static final DERObjectIdentifier ppBasis
- = new DERObjectIdentifier(id_fieldType + ".2.3.3");
+ static final ASN1ObjectIdentifier ppBasis = id_fieldType.branch("2.3.3");
- static final String id_ecSigType = ansi_X9_62 + ".4";
+ static final ASN1ObjectIdentifier id_ecSigType = ansi_X9_62.branch("4");
- static final DERObjectIdentifier ecdsa_with_SHA1
- = new DERObjectIdentifier(id_ecSigType + ".1");
+ static final ASN1ObjectIdentifier ecdsa_with_SHA1 = new ASN1ObjectIdentifier(id_ecSigType + ".1");
- static final String id_publicKeyType = ansi_X9_62 + ".2";
+ static final ASN1ObjectIdentifier id_publicKeyType = ansi_X9_62.branch("2");
- static final DERObjectIdentifier id_ecPublicKey
- = new DERObjectIdentifier(id_publicKeyType + ".1");
+ static final ASN1ObjectIdentifier id_ecPublicKey = id_publicKeyType.branch("1");
- static final DERObjectIdentifier ecdsa_with_SHA2
- = new DERObjectIdentifier(id_ecSigType + ".3");
+ static final ASN1ObjectIdentifier ecdsa_with_SHA2 = id_ecSigType.branch("3");
- static final DERObjectIdentifier ecdsa_with_SHA224
- = new DERObjectIdentifier(ecdsa_with_SHA2 + ".1");
+ static final ASN1ObjectIdentifier ecdsa_with_SHA224 = ecdsa_with_SHA2.branch("1");
- static final DERObjectIdentifier ecdsa_with_SHA256
- = new DERObjectIdentifier(ecdsa_with_SHA2 + ".2");
+ static final ASN1ObjectIdentifier ecdsa_with_SHA256 = ecdsa_with_SHA2.branch("2");
- static final DERObjectIdentifier ecdsa_with_SHA384
- = new DERObjectIdentifier(ecdsa_with_SHA2 + ".3");
+ static final ASN1ObjectIdentifier ecdsa_with_SHA384 = ecdsa_with_SHA2.branch("3");
- static final DERObjectIdentifier ecdsa_with_SHA512
- = new DERObjectIdentifier(ecdsa_with_SHA2 + ".4");
+ static final ASN1ObjectIdentifier ecdsa_with_SHA512 = ecdsa_with_SHA2.branch("4");
//
// named curves
//
- static final String ellipticCurve = ansi_X9_62 + ".3";
+ static final ASN1ObjectIdentifier ellipticCurve = ansi_X9_62.branch("3");
//
// Two Curves
//
- static final String cTwoCurve = ellipticCurve + ".0";
-
- static final DERObjectIdentifier c2pnb163v1 = new DERObjectIdentifier(cTwoCurve + ".1");
- static final DERObjectIdentifier c2pnb163v2 = new DERObjectIdentifier(cTwoCurve + ".2");
- static final DERObjectIdentifier c2pnb163v3 = new DERObjectIdentifier(cTwoCurve + ".3");
- static final DERObjectIdentifier c2pnb176w1 = new DERObjectIdentifier(cTwoCurve + ".4");
- static final DERObjectIdentifier c2tnb191v1 = new DERObjectIdentifier(cTwoCurve + ".5");
- static final DERObjectIdentifier c2tnb191v2 = new DERObjectIdentifier(cTwoCurve + ".6");
- static final DERObjectIdentifier c2tnb191v3 = new DERObjectIdentifier(cTwoCurve + ".7");
- static final DERObjectIdentifier c2onb191v4 = new DERObjectIdentifier(cTwoCurve + ".8");
- static final DERObjectIdentifier c2onb191v5 = new DERObjectIdentifier(cTwoCurve + ".9");
- static final DERObjectIdentifier c2pnb208w1 = new DERObjectIdentifier(cTwoCurve + ".10");
- static final DERObjectIdentifier c2tnb239v1 = new DERObjectIdentifier(cTwoCurve + ".11");
- static final DERObjectIdentifier c2tnb239v2 = new DERObjectIdentifier(cTwoCurve + ".12");
- static final DERObjectIdentifier c2tnb239v3 = new DERObjectIdentifier(cTwoCurve + ".13");
- static final DERObjectIdentifier c2onb239v4 = new DERObjectIdentifier(cTwoCurve + ".14");
- static final DERObjectIdentifier c2onb239v5 = new DERObjectIdentifier(cTwoCurve + ".15");
- static final DERObjectIdentifier c2pnb272w1 = new DERObjectIdentifier(cTwoCurve + ".16");
- static final DERObjectIdentifier c2pnb304w1 = new DERObjectIdentifier(cTwoCurve + ".17");
- static final DERObjectIdentifier c2tnb359v1 = new DERObjectIdentifier(cTwoCurve + ".18");
- static final DERObjectIdentifier c2pnb368w1 = new DERObjectIdentifier(cTwoCurve + ".19");
- static final DERObjectIdentifier c2tnb431r1 = new DERObjectIdentifier(cTwoCurve + ".20");
-
+ static final ASN1ObjectIdentifier cTwoCurve = ellipticCurve.branch("0");
+
+ static final ASN1ObjectIdentifier c2pnb163v1 = cTwoCurve.branch("1");
+ static final ASN1ObjectIdentifier c2pnb163v2 = cTwoCurve.branch("2");
+ static final ASN1ObjectIdentifier c2pnb163v3 = cTwoCurve.branch("3");
+ static final ASN1ObjectIdentifier c2pnb176w1 = cTwoCurve.branch("4");
+ static final ASN1ObjectIdentifier c2tnb191v1 = cTwoCurve.branch("5");
+ static final ASN1ObjectIdentifier c2tnb191v2 = cTwoCurve.branch("6");
+ static final ASN1ObjectIdentifier c2tnb191v3 = cTwoCurve.branch("7");
+ static final ASN1ObjectIdentifier c2onb191v4 = cTwoCurve.branch("8");
+ static final ASN1ObjectIdentifier c2onb191v5 = cTwoCurve.branch("9");
+ static final ASN1ObjectIdentifier c2pnb208w1 = cTwoCurve.branch("10");
+ static final ASN1ObjectIdentifier c2tnb239v1 = cTwoCurve.branch("11");
+ static final ASN1ObjectIdentifier c2tnb239v2 = cTwoCurve.branch("12");
+ static final ASN1ObjectIdentifier c2tnb239v3 = cTwoCurve.branch("13");
+ static final ASN1ObjectIdentifier c2onb239v4 = cTwoCurve.branch("14");
+ static final ASN1ObjectIdentifier c2onb239v5 = cTwoCurve.branch("15");
+ static final ASN1ObjectIdentifier c2pnb272w1 = cTwoCurve.branch("16");
+ static final ASN1ObjectIdentifier c2pnb304w1 = cTwoCurve.branch("17");
+ static final ASN1ObjectIdentifier c2tnb359v1 = cTwoCurve.branch("18");
+ static final ASN1ObjectIdentifier c2pnb368w1 = cTwoCurve.branch("19");
+ static final ASN1ObjectIdentifier c2tnb431r1 = cTwoCurve.branch("20");
+
//
// Prime
//
- static final String primeCurve = ellipticCurve + ".1";
+ static final ASN1ObjectIdentifier primeCurve = ellipticCurve.branch("1");
- static final DERObjectIdentifier prime192v1 = new DERObjectIdentifier(primeCurve + ".1");
- static final DERObjectIdentifier prime192v2 = new DERObjectIdentifier(primeCurve + ".2");
- static final DERObjectIdentifier prime192v3 = new DERObjectIdentifier(primeCurve + ".3");
- static final DERObjectIdentifier prime239v1 = new DERObjectIdentifier(primeCurve + ".4");
- static final DERObjectIdentifier prime239v2 = new DERObjectIdentifier(primeCurve + ".5");
- static final DERObjectIdentifier prime239v3 = new DERObjectIdentifier(primeCurve + ".6");
- static final DERObjectIdentifier prime256v1 = new DERObjectIdentifier(primeCurve + ".7");
+ static final ASN1ObjectIdentifier prime192v1 = primeCurve.branch("1");
+ static final ASN1ObjectIdentifier prime192v2 = primeCurve.branch("2");
+ static final ASN1ObjectIdentifier prime192v3 = primeCurve.branch("3");
+ static final ASN1ObjectIdentifier prime239v1 = primeCurve.branch("4");
+ static final ASN1ObjectIdentifier prime239v2 = primeCurve.branch("5");
+ static final ASN1ObjectIdentifier prime239v3 = primeCurve.branch("6");
+ static final ASN1ObjectIdentifier prime256v1 = primeCurve.branch("7");
+
+ //
+ // DSA
+ //
+ // dsapublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ // us(840) ansi-x957(10040) number-type(4) 1 }
+ static final ASN1ObjectIdentifier id_dsa = new ASN1ObjectIdentifier("1.2.840.10040.4.1");
+
+ /**
+ * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57
+ * (10040) x9cm(4) 3 }
+ */
+ public static final ASN1ObjectIdentifier id_dsa_with_sha1 = new ASN1ObjectIdentifier("1.2.840.10040.4.3");
+
+ /**
+ * X9.63
+ */
+ public static final ASN1ObjectIdentifier x9_63_scheme = new ASN1ObjectIdentifier("1.3.133.16.840.63.0");
+ public static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha1kdf_scheme = x9_63_scheme.branch("2");
+ public static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha1kdf_scheme = x9_63_scheme.branch("3");
+ public static final ASN1ObjectIdentifier mqvSinglePass_sha1kdf_scheme = x9_63_scheme.branch("16");
+
+ /**
+ * X9.42
+ */
+
+ static final ASN1ObjectIdentifier ansi_X9_42 = new ASN1ObjectIdentifier("1.2.840.10046");
//
// Diffie-Hellman
@@ -103,40 +118,15 @@
// dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
// us(840) ansi-x942(10046) number-type(2) 1 }
//
- static final DERObjectIdentifier dhpublicnumber = new DERObjectIdentifier("1.2.840.10046.2.1");
+ public static final ASN1ObjectIdentifier dhpublicnumber = ansi_X9_42.branch("2.1");
- //
- // DSA
- //
- // dsapublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- // us(840) ansi-x957(10040) number-type(4) 1 }
- static final DERObjectIdentifier id_dsa = new DERObjectIdentifier("1.2.840.10040.4.1");
-
- /**
- * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- * us(840) x9-57 (10040) x9cm(4) 3 }
- */
- public static final DERObjectIdentifier id_dsa_with_sha1 = new DERObjectIdentifier("1.2.840.10040.4.3");
-
- /**
- * X9.63
- */
- public static final DERObjectIdentifier x9_63_scheme = new DERObjectIdentifier("1.3.133.16.840.63.0");
- public static final DERObjectIdentifier dhSinglePass_stdDH_sha1kdf_scheme = new DERObjectIdentifier(x9_63_scheme + ".2");
- public static final DERObjectIdentifier dhSinglePass_cofactorDH_sha1kdf_scheme = new DERObjectIdentifier(x9_63_scheme + ".3");
- public static final DERObjectIdentifier mqvSinglePass_sha1kdf_scheme = new DERObjectIdentifier(x9_63_scheme + ".16");
-
- /**
- * X9.42
- */
- public static final DERObjectIdentifier x9_42_schemes = new DERObjectIdentifier("1.2.840.10046.3");
- public static final DERObjectIdentifier dhStatic = new DERObjectIdentifier(x9_42_schemes + ".1");
- public static final DERObjectIdentifier dhEphem = new DERObjectIdentifier(x9_42_schemes + ".2");
- public static final DERObjectIdentifier dhOneFlow = new DERObjectIdentifier(x9_42_schemes + ".3");
- public static final DERObjectIdentifier dhHybrid1 = new DERObjectIdentifier(x9_42_schemes + ".4");
- public static final DERObjectIdentifier dhHybrid2 = new DERObjectIdentifier(x9_42_schemes + ".5");
- public static final DERObjectIdentifier dhHybridOneFlow = new DERObjectIdentifier(x9_42_schemes + ".6");
- public static final DERObjectIdentifier mqv2 = new DERObjectIdentifier(x9_42_schemes + ".7");
- public static final DERObjectIdentifier mqv1 = new DERObjectIdentifier(x9_42_schemes + ".8");
+ public static final ASN1ObjectIdentifier x9_42_schemes = ansi_X9_42.branch("3");
+ public static final ASN1ObjectIdentifier dhStatic = x9_42_schemes.branch("1");
+ public static final ASN1ObjectIdentifier dhEphem = x9_42_schemes.branch("2");
+ public static final ASN1ObjectIdentifier dhOneFlow = x9_42_schemes.branch("3");
+ public static final ASN1ObjectIdentifier dhHybrid1 = x9_42_schemes.branch("4");
+ public static final ASN1ObjectIdentifier dhHybrid2 = x9_42_schemes.branch("5");
+ public static final ASN1ObjectIdentifier dhHybridOneFlow = x9_42_schemes.branch("6");
+ public static final ASN1ObjectIdentifier mqv2 = x9_42_schemes.branch("7");
+ public static final ASN1ObjectIdentifier mqv1 = x9_42_schemes.branch("8");
}
-
diff --git a/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java b/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
index 7f8adec..4878786 100644
--- a/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
+++ b/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
@@ -259,28 +259,34 @@
int outOff)
throws DataLengthException, IllegalStateException, InvalidCipherTextException
{
- int resultLen = 0;
-
- if (outOff + bufOff > out.length)
+ try
{
- throw new DataLengthException("output buffer too short for doFinal()");
- }
+ int resultLen = 0;
- if (bufOff != 0 && partialBlockOkay)
+ if (outOff + bufOff > out.length)
+ {
+ throw new DataLengthException("output buffer too short for doFinal()");
+ }
+
+ if (bufOff != 0)
+ {
+ if (!partialBlockOkay)
+ {
+ throw new DataLengthException("data not block size aligned");
+ }
+
+ cipher.processBlock(buf, 0, buf, 0);
+ resultLen = bufOff;
+ bufOff = 0;
+ System.arraycopy(buf, 0, out, outOff, resultLen);
+ }
+
+ return resultLen;
+ }
+ finally
{
- cipher.processBlock(buf, 0, buf, 0);
- resultLen = bufOff;
- bufOff = 0;
- System.arraycopy(buf, 0, out, outOff, resultLen);
+ reset();
}
- else if (bufOff != 0)
- {
- throw new DataLengthException("data not block size aligned");
- }
-
- reset();
-
- return resultLen;
}
/**
diff --git a/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java b/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
index 5a1e204..452b367 100644
--- a/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
+++ b/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
@@ -20,4 +20,15 @@
* @return full/partial message, null if nothing.
*/
public byte[] getRecoveredMessage();
+
+ /**
+ * Perform an update with the recovered message before adding any other data. This must
+ * be the first update method called, and calling it will result in the signer assuming
+ * that further calls to update will include message content past what is recoverable.
+ *
+ * @param signature the signature that we are in the process of verifying.
+ * @throws IllegalStateException
+ */
+ public void updateWithRecoveredMessage(byte[] signature)
+ throws InvalidCipherTextException;
}
diff --git a/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java b/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java
new file mode 100644
index 0000000..3ad3e1c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java
@@ -0,0 +1,47 @@
+package org.bouncycastle.crypto.agreement;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+import org.bouncycastle.crypto.BasicAgreement;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+
+/**
+ * P1363 7.2.1 ECSVDP-DH
+ *
+ * ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive,
+ * Diffie-Hellman version. It is based on the work of [DH76], [Mil86],
+ * and [Kob87]. This primitive derives a shared secret value from one
+ * party's private key and another party's public key, where both have
+ * the same set of EC domain parameters. If two parties correctly
+ * execute this primitive, they will produce the same output. This
+ * primitive can be invoked by a scheme to derive a shared secret key;
+ * specifically, it may be used with the schemes ECKAS-DH1 and
+ * DL/ECKAS-DH2. It assumes that the input keys are valid (see also
+ * Section 7.2.2).
+ */
+public class ECDHBasicAgreement
+ implements BasicAgreement
+{
+ private ECPrivateKeyParameters key;
+
+ public void init(
+ CipherParameters key)
+ {
+ this.key = (ECPrivateKeyParameters)key;
+ }
+
+ public BigInteger calculateAgreement(
+ CipherParameters pubKey)
+ {
+ ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey;
+ ECPoint P = pub.getQ().multiply(key.getD());
+
+ // if (p.isInfinity()) throw new RuntimeException("d*Q == infinity");
+
+ return P.getX().toBigInteger();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/util/NullDigest.java b/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
similarity index 94%
rename from src/main/java/org/bouncycastle/jce/provider/util/NullDigest.java
rename to src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
index 820ad1b..6cb0d4a 100644
--- a/src/main/java/org/bouncycastle/jce/provider/util/NullDigest.java
+++ b/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
@@ -1,4 +1,4 @@
-package org.bouncycastle.jce.provider.util;
+package org.bouncycastle.crypto.digests;
import java.io.ByteArrayOutputStream;
diff --git a/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java b/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java
index ba76577..d2f9f25 100644
--- a/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java
+++ b/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java
@@ -30,12 +30,24 @@
private final String algorithm;
/**
- * Holds the OpenSSL name of the hashing algorithm, e.g. "sha1";
+ * Holds the EVP_MD for the hashing algorithm, e.g. EVP_get_digestbyname("sha1");
*/
- private final String openssl;
+ private final int evp_md;
/**
- * Holds a pointer to the native message digest context.
+ * Holds the output size of the message digest.
+ */
+ private final int size;
+
+ /**
+ * Holds the block size of the message digest.
+ */
+ private final int blockSize;
+
+ /**
+ * Holds a pointer to the native message digest context. It is
+ * lazily initialized to avoid having to reallocate on reset when
+ * its unlikely to be reused.
*/
private int ctx;
@@ -47,25 +59,12 @@
/**
* Creates a new OpenSSLMessageDigest instance for the given algorithm
* name.
- *
- * @param algorithm The standard name of the algorithm, e.g. "SHA-1".
- * @param algorithm The name of the openssl algorithm, e.g. "sha1".
*/
- private OpenSSLDigest(String algorithm, String openssl) {
+ private OpenSSLDigest(String algorithm, int evp_md, int size, int blockSize) {
this.algorithm = algorithm;
- this.openssl = openssl;
- ctx = NativeCrypto.EVP_MD_CTX_create();
- try {
- NativeCrypto.EVP_DigestInit(ctx, openssl);
- } catch (Exception ex) {
- throw new RuntimeException(ex.getMessage() + " (" + algorithm + ")");
- }
- }
-
- public int doFinal(byte[] out, int outOff) {
- int i = NativeCrypto.EVP_DigestFinal(ctx, out, outOff);
- reset();
- return i;
+ this.evp_md = evp_md;
+ this.size = size;
+ this.blockSize = blockSize;
}
public String getAlgorithmName() {
@@ -73,50 +72,88 @@
}
public int getDigestSize() {
- return NativeCrypto.EVP_MD_CTX_size(ctx);
+ return size;
}
public int getByteLength() {
- return NativeCrypto.EVP_MD_CTX_block_size(ctx);
+ return blockSize;
}
public void reset() {
- NativeCrypto.EVP_DigestInit(ctx, openssl);
+ free();
}
public void update(byte in) {
singleByte[0] = in;
- NativeCrypto.EVP_DigestUpdate(ctx, singleByte, 0, 1);
+ update(singleByte, 0, 1);
}
public void update(byte[] in, int inOff, int len) {
- NativeCrypto.EVP_DigestUpdate(ctx, in, inOff, len);
+ NativeCrypto.EVP_DigestUpdate(getCtx(), in, inOff, len);
+ }
+
+ public int doFinal(byte[] out, int outOff) {
+ int i = NativeCrypto.EVP_DigestFinal(getCtx(), out, outOff);
+ ctx = 0; // EVP_DigestFinal frees the context as a side effect
+ reset();
+ return i;
+ }
+
+ private int getCtx() {
+ if (ctx == 0) {
+ ctx = NativeCrypto.EVP_DigestInit(evp_md);
+ }
+ return ctx;
+ }
+
+ private void free() {
+ if (ctx != 0) {
+ NativeCrypto.EVP_MD_CTX_destroy(ctx);
+ ctx = 0;
+ }
}
@Override
protected void finalize() throws Throwable {
- super.finalize();
- NativeCrypto.EVP_MD_CTX_destroy(ctx);
- ctx = 0;
+ try {
+ free();
+ } finally {
+ super.finalize();
+ }
}
public static class MD5 extends OpenSSLDigest {
- public MD5() { super("MD5", "md5"); }
+ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("md5");
+ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+ public MD5() { super("MD5", EVP_MD, SIZE, BLOCK_SIZE); }
}
public static class SHA1 extends OpenSSLDigest {
- public SHA1() { super("SHA-1", "sha1"); }
+ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1");
+ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+ public SHA1() { super("SHA-1", EVP_MD, SIZE, BLOCK_SIZE); }
}
public static class SHA256 extends OpenSSLDigest {
- public SHA256() { super("SHA-256", "sha256"); }
+ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256");
+ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+ public SHA256() { super("SHA-256", EVP_MD, SIZE, BLOCK_SIZE); }
}
public static class SHA384 extends OpenSSLDigest {
- public SHA384() { super("SHA-384", "sha384"); }
+ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384");
+ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+ public SHA384() { super("SHA-384", EVP_MD, SIZE, BLOCK_SIZE); }
}
public static class SHA512 extends OpenSSLDigest {
- public SHA512() { super("SHA-512", "sha512"); }
+ private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512");
+ private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+ private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+ public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); }
}
}
diff --git a/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java b/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
index b4d84c6..ec91e1a 100644
--- a/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
+++ b/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
@@ -1,5 +1,7 @@
package org.bouncycastle.crypto.encodings;
+import java.math.BigInteger;
+
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
@@ -9,13 +11,16 @@
/**
* ISO 9796-1 padding. Note in the light of recent results you should
* only use this with RSA (rather than the "simpler" Rabin keys) and you
- * should never use it with anything other than a hash (ie. even if the
+ * should never use it with anything other than a hash (ie. even if the
* message is small don't sign the message, sign it's hash) or some "random"
* value. See your favorite search engine for details.
*/
public class ISO9796d1Encoding
implements AsymmetricBlockCipher
{
+ private static final BigInteger SIXTEEN = BigInteger.valueOf(16L);
+ private static final BigInteger SIX = BigInteger.valueOf(6L);
+
private static byte[] shadows = { 0xe, 0x3, 0x5, 0x8, 0x9, 0x4, 0x2, 0xf,
0x0, 0xd, 0xb, 0x6, 0x7, 0xa, 0xc, 0x1 };
private static byte[] inverse = { 0x8, 0xf, 0x6, 0x1, 0x5, 0x2, 0xb, 0xc,
@@ -25,12 +30,13 @@
private boolean forEncryption;
private int bitSize;
private int padBits = 0;
+ private BigInteger modulus;
public ISO9796d1Encoding(
AsymmetricBlockCipher cipher)
{
this.engine = cipher;
- }
+ }
public AsymmetricBlockCipher getUnderlyingCipher()
{
@@ -56,14 +62,15 @@
engine.init(forEncryption, param);
- bitSize = kParam.getModulus().bitLength();
+ modulus = kParam.getModulus();
+ bitSize = modulus.bitLength();
this.forEncryption = forEncryption;
}
/**
* return the input block size. The largest message we can process
- * is (key_size_in_bits + 3)/16, which in our world comes to
+ * is (key_size_in_bits + 3)/16, which in our world comes to
* key_size_in_bytes / 2.
*/
public int getInputBlockSize()
@@ -98,7 +105,7 @@
}
/**
- * set the number of bits in the next message to be treated as
+ * set the number of bits in the next message to be treated as
* pad bits.
*/
public void setPadBits(
@@ -163,7 +170,7 @@
for (int i = block.length - 2 * t; i != block.length; i += 2)
{
byte val = block[block.length - t + i / 2];
-
+
block[i] = (byte)((shadows[(val & 0xff) >>> 4] << 4)
| shadows[val & 0x0f]);
block[i + 1] = val;
@@ -203,7 +210,24 @@
int r = 1;
int t = (bitSize + 13) / 16;
- if ((block[block.length - 1] & 0x0f) != 0x6)
+ BigInteger iS = new BigInteger(1, block);
+ BigInteger iR;
+ if (iS.mod(SIXTEEN).equals(SIX))
+ {
+ iR = iS;
+ }
+ else if ((modulus.subtract(iS)).mod(SIXTEEN).equals(SIX))
+ {
+ iR = modulus.subtract(iS);
+ }
+ else
+ {
+ throw new InvalidCipherTextException("resulting integer iS or (modulus - iS) is not congruent to 6 mod 16");
+ }
+
+ block = convertOutputDecryptOnly(iR);
+
+ if ((block[block.length - 1] & 0x0f) != 0x6 )
{
throw new InvalidCipherTextException("invalid forcing byte in block");
}
@@ -214,12 +238,12 @@
boolean boundaryFound = false;
int boundary = 0;
-
+
for (int i = block.length - 1; i >= block.length - 2 * t; i -= 2)
{
int val = ((shadows[(block[i] & 0xff) >>> 4] << 4)
| shadows[block[i] & 0x0f]);
-
+
if (((block[i - 1] ^ val) & 0xff) != 0)
{
if (!boundaryFound)
@@ -248,4 +272,16 @@
return nblock;
}
+
+ private static byte[] convertOutputDecryptOnly(BigInteger result)
+ {
+ byte[] output = result.toByteArray();
+ if (output[0] == 0) // have ended up with an extra zero byte, copy down.
+ {
+ byte[] tmp = new byte[output.length - 1];
+ System.arraycopy(output, 1, tmp, 0, tmp.length);
+ return tmp;
+ }
+ return output;
+ }
}
diff --git a/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java b/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
index 2554c30..05c7839 100644
--- a/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
+++ b/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
@@ -3,67 +3,90 @@
import java.math.BigInteger;
import java.security.SecureRandom;
+// BEGIN android-added
+import java.util.logging.Logger;
+// END android-added
import org.bouncycastle.util.BigIntegers;
class DHParametersHelper
{
+ // BEGIN android-added
+ private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
+ // END android-added
+
private static final BigInteger ONE = BigInteger.valueOf(1);
private static final BigInteger TWO = BigInteger.valueOf(2);
- // Finds a pair of prime BigInteger's {p, q: p = 2q + 1}
- static BigInteger[] generateSafePrimes(
- int size,
- int certainty,
- SecureRandom random)
+ /*
+ * Finds a pair of prime BigInteger's {p, q: p = 2q + 1}
+ *
+ * (see: Handbook of Applied Cryptography 4.86)
+ */
+ static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
{
+ // BEGIN android-added
+ logger.info("Generating safe primes. This may take a long time.");
+ long start = System.currentTimeMillis();
+ int tries = 0;
+ // END android-added
BigInteger p, q;
int qLength = size - 1;
for (;;)
{
+ // BEGIN android-added
+ tries++;
+ // END android-added
q = new BigInteger(qLength, 2, random);
// p <- 2q + 1
p = q.shiftLeft(1).add(ONE);
- if (p.isProbablePrime(certainty)
- && (certainty <= 2 || q.isProbablePrime(certainty)))
+ if (p.isProbablePrime(certainty) && (certainty <= 2 || q.isProbablePrime(certainty)))
{
- break;
+ break;
}
}
+ // BEGIN android-added
+ long end = System.currentTimeMillis();
+ long duration = end - start;
+ logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
+ // END android-added
return new BigInteger[] { p, q };
}
- // Select a high order element of the multiplicative group Zp*
- // p and q must be s.t. p = 2*q + 1, where p and q are prime
- static BigInteger selectGenerator(
- BigInteger p,
- BigInteger q,
- SecureRandom random)
+ /*
+ * Select a high order element of the multiplicative group Zp*
+ *
+ * p and q must be s.t. p = 2*q + 1, where p and q are prime (see generateSafePrimes)
+ */
+ static BigInteger selectGenerator(BigInteger p, BigInteger q, SecureRandom random)
{
BigInteger pMinusTwo = p.subtract(TWO);
BigInteger g;
- // Handbook of Applied Cryptography 4.86
- do
- {
- g = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
- }
- while (g.modPow(TWO, p).equals(ONE)
- || g.modPow(q, p).equals(ONE));
+ /*
+ * (see: Handbook of Applied Cryptography 4.80)
+ */
+// do
+// {
+// g = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
+// }
+// while (g.modPow(TWO, p).equals(ONE) || g.modPow(q, p).equals(ONE));
-/*
- // RFC 2631 2.1.1 (and see Handbook of Applied Cryptography 4.81)
+
+ /*
+ * RFC 2631 2.2.1.2 (and see: Handbook of Applied Cryptography 4.81)
+ */
do
{
- BigInteger h = createInRange(TWO, pMinusTwo, random);
+ BigInteger h = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
g = h.modPow(TWO, p);
}
while (g.equals(ONE));
-*/
+
return g;
}
diff --git a/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
index aa8a4cc..be977d7 100644
--- a/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
+++ b/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
@@ -178,7 +178,7 @@
int seedlen = N;
byte[] seed = new byte[seedlen / 8];
-// 3. n = ⎡L ⁄ outlen⎤ – 1.
+// 3. n = ceiling(L ⁄ outlen) – 1.
int n = (L - 1) / outlen;
// 4. b = L – 1 – (n ∗ outlen).
@@ -288,7 +288,7 @@
// BigInteger e = p.subtract(ONE).divide(q);
// byte[] ggen = Hex.decode("6767656E");
//
-// // 7. U = domain_parameter_seed || “ggen” || index || count.
+// // 7. U = domain_parameter_seed || "ggen" || index || count.
// byte[] U = new byte[seed.length + ggen.length + 1 + 2];
// System.arraycopy(seed, 0, U, 0, seed.length);
// System.arraycopy(ggen, 0, U, seed.length, ggen.length);
diff --git a/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
new file mode 100644
index 0000000..d77bd74
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
@@ -0,0 +1,53 @@
+package org.bouncycastle.crypto.generators;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECKeyPairGenerator
+ implements AsymmetricCipherKeyPairGenerator, ECConstants
+{
+ ECDomainParameters params;
+ SecureRandom random;
+
+ public void init(
+ KeyGenerationParameters param)
+ {
+ ECKeyGenerationParameters ecP = (ECKeyGenerationParameters)param;
+
+ this.random = ecP.getRandom();
+ this.params = ecP.getDomainParameters();
+ }
+
+ /**
+ * Given the domain parameters this routine generates an EC key
+ * pair in accordance with X9.62 section 5.2.1 pages 26, 27.
+ */
+ public AsymmetricCipherKeyPair generateKeyPair()
+ {
+ BigInteger n = params.getN();
+ int nBitLength = n.bitLength();
+ BigInteger d;
+
+ do
+ {
+ d = new BigInteger(nBitLength, random);
+ }
+ while (d.equals(ZERO) || (d.compareTo(n) >= 0));
+
+ ECPoint Q = params.getG().multiply(d);
+
+ return new AsymmetricCipherKeyPair(
+ new ECPublicKeyParameters(Q, params),
+ new ECPrivateKeyParameters(d, params));
+ }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/macs/CMac.java b/src/main/java/org/bouncycastle/crypto/macs/CMac.java
deleted file mode 100644
index c5bc504..0000000
--- a/src/main/java/org/bouncycastle/crypto/macs/CMac.java
+++ /dev/null
@@ -1,237 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
-
-/**
- * CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
- * <p>
- * CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
- * </p><p>
- * CMAC is a NIST recomendation - see
- * csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
- * </p><p>
- * CMAC/OMAC1 is a blockcipher-based message authentication code designed and
- * analyzed by Tetsu Iwata and Kaoru Kurosawa.
- * </p><p>
- * CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message
- * Authentication Code). OMAC stands for One-Key CBC MAC.
- * </p><p>
- * It supports 128- or 64-bits block ciphers, with any key size, and returns
- * a MAC with dimension less or equal to the block size of the underlying
- * cipher.
- * </p>
- */
-public class CMac implements Mac
-{
- private static final byte CONSTANT_128 = (byte)0x87;
- private static final byte CONSTANT_64 = (byte)0x1b;
-
- private byte[] ZEROES;
-
- private byte[] mac;
-
- private byte[] buf;
- private int bufOff;
- private BlockCipher cipher;
-
- private int macSize;
-
- private byte[] L, Lu, Lu2;
-
- /**
- * create a standard MAC based on a CBC block cipher (64 or 128 bit block).
- * This will produce an authentication code the length of the block size
- * of the cipher.
- *
- * @param cipher the cipher to be used as the basis of the MAC generation.
- */
- public CMac(BlockCipher cipher)
- {
- this(cipher, cipher.getBlockSize() * 8);
- }
-
- /**
- * create a standard MAC based on a block cipher with the size of the
- * MAC been given in bits.
- * <p/>
- * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
- * or 16 bits if being used as a data authenticator (FIPS Publication 113),
- * and in general should be less than the size of the block cipher as it reduces
- * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
- *
- * @param cipher the cipher to be used as the basis of the MAC generation.
- * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and <= 128.
- */
- public CMac(BlockCipher cipher, int macSizeInBits)
- {
- if ((macSizeInBits % 8) != 0)
- {
- throw new IllegalArgumentException("MAC size must be multiple of 8");
- }
-
- if (macSizeInBits > (cipher.getBlockSize() * 8))
- {
- throw new IllegalArgumentException(
- "MAC size must be less or equal to "
- + (cipher.getBlockSize() * 8));
- }
-
- if (cipher.getBlockSize() != 8 && cipher.getBlockSize() != 16)
- {
- throw new IllegalArgumentException(
- "Block size must be either 64 or 128 bits");
- }
-
- this.cipher = new CBCBlockCipher(cipher);
- this.macSize = macSizeInBits / 8;
-
- mac = new byte[cipher.getBlockSize()];
-
- buf = new byte[cipher.getBlockSize()];
-
- ZEROES = new byte[cipher.getBlockSize()];
-
- bufOff = 0;
- }
-
- public String getAlgorithmName()
- {
- return cipher.getAlgorithmName();
- }
-
- private byte[] doubleLu(byte[] in)
- {
- int FirstBit = (in[0] & 0xFF) >> 7;
- byte[] ret = new byte[in.length];
- for (int i = 0; i < in.length - 1; i++)
- {
- ret[i] = (byte)((in[i] << 1) + ((in[i + 1] & 0xFF) >> 7));
- }
- ret[in.length - 1] = (byte)(in[in.length - 1] << 1);
- if (FirstBit == 1)
- {
- ret[in.length - 1] ^= in.length == 16 ? CONSTANT_128 : CONSTANT_64;
- }
- return ret;
- }
-
- public void init(CipherParameters params)
- {
- reset();
-
- cipher.init(true, params);
-
- //initializes the L, Lu, Lu2 numbers
- L = new byte[ZEROES.length];
- cipher.processBlock(ZEROES, 0, L, 0);
- Lu = doubleLu(L);
- Lu2 = doubleLu(Lu);
-
- cipher.init(true, params);
- }
-
- public int getMacSize()
- {
- return macSize;
- }
-
- public void update(byte in)
- {
- if (bufOff == buf.length)
- {
- cipher.processBlock(buf, 0, mac, 0);
- bufOff = 0;
- }
-
- buf[bufOff++] = in;
- }
-
- public void update(byte[] in, int inOff, int len)
- {
- if (len < 0)
- {
- throw new IllegalArgumentException(
- "Can't have a negative input length!");
- }
-
- int blockSize = cipher.getBlockSize();
- int gapLen = blockSize - bufOff;
-
- if (len > gapLen)
- {
- System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
- cipher.processBlock(buf, 0, mac, 0);
-
- bufOff = 0;
- len -= gapLen;
- inOff += gapLen;
-
- while (len > blockSize)
- {
- cipher.processBlock(in, inOff, mac, 0);
-
- len -= blockSize;
- inOff += blockSize;
- }
- }
-
- System.arraycopy(in, inOff, buf, bufOff, len);
-
- bufOff += len;
- }
-
- public int doFinal(byte[] out, int outOff)
- {
- int blockSize = cipher.getBlockSize();
-
- byte[] lu;
- if (bufOff == blockSize)
- {
- lu = Lu;
- }
- else
- {
- new ISO7816d4Padding().addPadding(buf, bufOff);
- lu = Lu2;
- }
-
- for (int i = 0; i < mac.length; i++)
- {
- buf[i] ^= lu[i];
- }
-
- cipher.processBlock(buf, 0, mac, 0);
-
- System.arraycopy(mac, 0, out, outOff, macSize);
-
- reset();
-
- return macSize;
- }
-
- /**
- * Reset the mac generator.
- */
- public void reset()
- {
- /*
- * clean the buffer.
- */
- for (int i = 0; i < buf.length; i++)
- {
- buf[i] = 0;
- }
-
- bufOff = 0;
-
- /*
- * reset the underlying cipher.
- */
- cipher.reset();
- }
-}
diff --git a/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
deleted file mode 100644
index 327026e..0000000
--- a/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
+++ /dev/null
@@ -1,304 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.macs.CMac;
-import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.util.Arrays;
-
-/**
- * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and
- * Efficiency - by M. Bellare, P. Rogaway, D. Wagner.
- *
- * http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
- *
- * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block
- * cipher to encrypt and authenticate data. It's on-line (the length of a
- * message isn't needed to begin processing it), has good performances, it's
- * simple and provably secure (provided the underlying block cipher is secure).
- *
- * Of course, this implementations is NOT thread-safe.
- */
-public class EAXBlockCipher
- implements AEADBlockCipher
-{
- private static final byte nTAG = 0x0;
-
- private static final byte hTAG = 0x1;
-
- private static final byte cTAG = 0x2;
-
- private SICBlockCipher cipher;
-
- private boolean forEncryption;
-
- private int blockSize;
-
- private Mac mac;
-
- private byte[] nonceMac;
- private byte[] associatedTextMac;
- private byte[] macBlock;
-
- private int macSize;
- private byte[] bufBlock;
- private int bufOff;
-
- /**
- * Constructor that accepts an instance of a block cipher engine.
- *
- * @param cipher the engine to use
- */
- public EAXBlockCipher(BlockCipher cipher)
- {
- blockSize = cipher.getBlockSize();
- mac = new CMac(cipher);
- macBlock = new byte[blockSize];
- bufBlock = new byte[blockSize * 2];
- associatedTextMac = new byte[mac.getMacSize()];
- nonceMac = new byte[mac.getMacSize()];
- this.cipher = new SICBlockCipher(cipher);
- }
-
- public String getAlgorithmName()
- {
- return cipher.getUnderlyingCipher().getAlgorithmName() + "/EAX";
- }
-
- public BlockCipher getUnderlyingCipher()
- {
- return cipher.getUnderlyingCipher();
- }
-
- public int getBlockSize()
- {
- return cipher.getBlockSize();
- }
-
- public void init(boolean forEncryption, CipherParameters params)
- throws IllegalArgumentException
- {
- this.forEncryption = forEncryption;
-
- byte[] nonce, associatedText;
- CipherParameters keyParam;
-
- if (params instanceof AEADParameters)
- {
- AEADParameters param = (AEADParameters)params;
-
- nonce = param.getNonce();
- associatedText = param.getAssociatedText();
- macSize = param.getMacSize() / 8;
- keyParam = param.getKey();
- }
- else if (params instanceof ParametersWithIV)
- {
- ParametersWithIV param = (ParametersWithIV)params;
-
- nonce = param.getIV();
- associatedText = new byte[0];
- macSize = mac.getMacSize() / 2;
- keyParam = param.getParameters();
- }
- else
- {
- throw new IllegalArgumentException("invalid parameters passed to EAX");
- }
-
- byte[] tag = new byte[blockSize];
-
- mac.init(keyParam);
- tag[blockSize - 1] = hTAG;
- mac.update(tag, 0, blockSize);
- mac.update(associatedText, 0, associatedText.length);
- mac.doFinal(associatedTextMac, 0);
-
- tag[blockSize - 1] = nTAG;
- mac.update(tag, 0, blockSize);
- mac.update(nonce, 0, nonce.length);
- mac.doFinal(nonceMac, 0);
-
- tag[blockSize - 1] = cTAG;
- mac.update(tag, 0, blockSize);
-
- cipher.init(true, new ParametersWithIV(keyParam, nonceMac));
- }
-
- private void calculateMac()
- {
- byte[] outC = new byte[blockSize];
- mac.doFinal(outC, 0);
-
- for (int i = 0; i < macBlock.length; i++)
- {
- macBlock[i] = (byte)(nonceMac[i] ^ associatedTextMac[i] ^ outC[i]);
- }
- }
-
- public void reset()
- {
- reset(true);
- }
-
- private void reset(
- boolean clearMac)
- {
- cipher.reset();
- mac.reset();
-
- bufOff = 0;
- Arrays.fill(bufBlock, (byte)0);
-
- if (clearMac)
- {
- Arrays.fill(macBlock, (byte)0);
- }
-
- byte[] tag = new byte[blockSize];
- tag[blockSize - 1] = cTAG;
- mac.update(tag, 0, blockSize);
- }
-
- public int processByte(byte in, byte[] out, int outOff)
- throws DataLengthException
- {
- return process(in, out, outOff);
- }
-
- public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
- throws DataLengthException
- {
- int resultLen = 0;
-
- for (int i = 0; i != len; i++)
- {
- resultLen += process(in[inOff + i], out, outOff + resultLen);
- }
-
- return resultLen;
- }
-
- public int doFinal(byte[] out, int outOff)
- throws IllegalStateException, InvalidCipherTextException
- {
- int extra = bufOff;
- byte[] tmp = new byte[bufBlock.length];
-
- bufOff = 0;
-
- if (forEncryption)
- {
- cipher.processBlock(bufBlock, 0, tmp, 0);
- cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
-
- System.arraycopy(tmp, 0, out, outOff, extra);
-
- mac.update(tmp, 0, extra);
-
- calculateMac();
-
- System.arraycopy(macBlock, 0, out, outOff + extra, macSize);
-
- reset(false);
-
- return extra + macSize;
- }
- else
- {
- if (extra > macSize)
- {
- mac.update(bufBlock, 0, extra - macSize);
-
- cipher.processBlock(bufBlock, 0, tmp, 0);
- cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
-
- System.arraycopy(tmp, 0, out, outOff, extra - macSize);
- }
-
- calculateMac();
-
- if (!verifyMac(bufBlock, extra - macSize))
- {
- throw new InvalidCipherTextException("mac check in EAX failed");
- }
-
- reset(false);
-
- return extra - macSize;
- }
- }
-
- public byte[] getMac()
- {
- byte[] mac = new byte[macSize];
-
- System.arraycopy(macBlock, 0, mac, 0, macSize);
-
- return mac;
- }
-
- public int getUpdateOutputSize(int len)
- {
- return ((len + bufOff) / blockSize) * blockSize;
- }
-
- public int getOutputSize(int len)
- {
- if (forEncryption)
- {
- return len + bufOff + macSize;
- }
- else
- {
- return len + bufOff - macSize;
- }
- }
-
- private int process(byte b, byte[] out, int outOff)
- {
- bufBlock[bufOff++] = b;
-
- if (bufOff == bufBlock.length)
- {
- int size;
-
- if (forEncryption)
- {
- size = cipher.processBlock(bufBlock, 0, out, outOff);
-
- mac.update(out, outOff, blockSize);
- }
- else
- {
- mac.update(bufBlock, 0, blockSize);
-
- size = cipher.processBlock(bufBlock, 0, out, outOff);
- }
-
- bufOff = blockSize;
- System.arraycopy(bufBlock, blockSize, bufBlock, 0, blockSize);
-
- return size;
- }
-
- return 0;
- }
-
- private boolean verifyMac(byte[] mac, int off)
- {
- for (int i = 0; i < macSize; i++)
- {
- if (macBlock[i] != mac[off + i])
- {
- return false;
- }
- }
-
- return true;
- }
-}
diff --git a/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java b/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
index e866b34..e1949dc 100644
--- a/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
+++ b/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
@@ -1,9 +1,24 @@
package org.bouncycastle.crypto.modes.gcm;
import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Arrays;
abstract class GCMUtil
{
+ static byte[] oneAsBytes()
+ {
+ byte[] tmp = new byte[16];
+ tmp[0] = (byte)0x80;
+ return tmp;
+ }
+
+ static int[] oneAsInts()
+ {
+ int[] tmp = new int[4];
+ tmp[0] = 0x80000000;
+ return tmp;
+ }
+
static int[] asInts(byte[] bs)
{
int[] us = new int[4];
@@ -14,6 +29,35 @@
return us;
}
+ static void multiply(byte[] block, byte[] val)
+ {
+ byte[] tmp = Arrays.clone(block);
+ byte[] c = new byte[16];
+
+ for (int i = 0; i < 16; ++i)
+ {
+ byte bits = val[i];
+ for (int j = 7; j >= 0; --j)
+ {
+ if ((bits & (1 << j)) != 0)
+ {
+ xor(c, tmp);
+ }
+
+ boolean lsb = (tmp[15] & 1) != 0;
+ shiftRight(tmp);
+ if (lsb)
+ {
+ // R = new byte[]{ 0xe1, ... };
+// GCMUtil.xor(v, R);
+ tmp[0] ^= (byte)0xe1;
+ }
+ }
+ }
+
+ System.arraycopy(c, 0, block, 0, 16);
+ }
+
// P is the value with only bit i=1 set
static void multiplyP(int[] x)
{
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java
new file mode 100644
index 0000000..95a3ec9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java
@@ -0,0 +1,81 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECDomainParameters
+ implements ECConstants
+{
+ ECCurve curve;
+ byte[] seed;
+ ECPoint G;
+ BigInteger n;
+ BigInteger h;
+
+ public ECDomainParameters(
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n)
+ {
+ this.curve = curve;
+ this.G = G;
+ this.n = n;
+ this.h = ONE;
+ this.seed = null;
+ }
+
+ public ECDomainParameters(
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n,
+ BigInteger h)
+ {
+ this.curve = curve;
+ this.G = G;
+ this.n = n;
+ this.h = h;
+ this.seed = null;
+ }
+
+ public ECDomainParameters(
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n,
+ BigInteger h,
+ byte[] seed)
+ {
+ this.curve = curve;
+ this.G = G;
+ this.n = n;
+ this.h = h;
+ this.seed = seed;
+ }
+
+ public ECCurve getCurve()
+ {
+ return curve;
+ }
+
+ public ECPoint getG()
+ {
+ return G;
+ }
+
+ public BigInteger getN()
+ {
+ return n;
+ }
+
+ public BigInteger getH()
+ {
+ return h;
+ }
+
+ public byte[] getSeed()
+ {
+ return seed;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java
new file mode 100644
index 0000000..be3f20f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.crypto.params;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.KeyGenerationParameters;
+
+public class ECKeyGenerationParameters
+ extends KeyGenerationParameters
+{
+ private ECDomainParameters domainParams;
+
+ public ECKeyGenerationParameters(
+ ECDomainParameters domainParams,
+ SecureRandom random)
+ {
+ super(random, domainParams.getN().bitLength());
+
+ this.domainParams = domainParams;
+ }
+
+ public ECDomainParameters getDomainParameters()
+ {
+ return domainParams;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java
new file mode 100644
index 0000000..19825c5
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java
@@ -0,0 +1,21 @@
+package org.bouncycastle.crypto.params;
+
+public class ECKeyParameters
+ extends AsymmetricKeyParameter
+{
+ ECDomainParameters params;
+
+ protected ECKeyParameters(
+ boolean isPrivate,
+ ECDomainParameters params)
+ {
+ super(isPrivate);
+
+ this.params = params;
+ }
+
+ public ECDomainParameters getParameters()
+ {
+ return params;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java
new file mode 100644
index 0000000..3e49983
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+public class ECPrivateKeyParameters
+ extends ECKeyParameters
+{
+ BigInteger d;
+
+ public ECPrivateKeyParameters(
+ BigInteger d,
+ ECDomainParameters params)
+ {
+ super(true, params);
+ this.d = d;
+ }
+
+ public BigInteger getD()
+ {
+ return d;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java
new file mode 100644
index 0000000..5fbea19
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.crypto.params;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECPublicKeyParameters
+ extends ECKeyParameters
+{
+ ECPoint Q;
+
+ public ECPublicKeyParameters(
+ ECPoint Q,
+ ECDomainParameters params)
+ {
+ super(false, params);
+ this.Q = Q;
+ }
+
+ public ECPoint getQ()
+ {
+ return Q;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
new file mode 100644
index 0000000..99217b0
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
@@ -0,0 +1,164 @@
+package org.bouncycastle.crypto.signers;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.params.ECKeyParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECAlgorithms;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * EC-DSA as described in X9.62
+ */
+public class ECDSASigner
+ implements ECConstants, DSA
+{
+ ECKeyParameters key;
+
+ SecureRandom random;
+
+ public void init(
+ boolean forSigning,
+ CipherParameters param)
+ {
+ if (forSigning)
+ {
+ if (param instanceof ParametersWithRandom)
+ {
+ ParametersWithRandom rParam = (ParametersWithRandom)param;
+
+ this.random = rParam.getRandom();
+ this.key = (ECPrivateKeyParameters)rParam.getParameters();
+ }
+ else
+ {
+ this.random = new SecureRandom();
+ this.key = (ECPrivateKeyParameters)param;
+ }
+ }
+ else
+ {
+ this.key = (ECPublicKeyParameters)param;
+ }
+ }
+
+ // 5.3 pg 28
+ /**
+ * generate a signature for the given message using the key we were
+ * initialised with. For conventional DSA the message should be a SHA-1
+ * hash of the message of interest.
+ *
+ * @param message the message that will be verified later.
+ */
+ public BigInteger[] generateSignature(
+ byte[] message)
+ {
+ BigInteger n = key.getParameters().getN();
+ BigInteger e = calculateE(n, message);
+ BigInteger r = null;
+ BigInteger s = null;
+
+ // 5.3.2
+ do // generate s
+ {
+ BigInteger k = null;
+ int nBitLength = n.bitLength();
+
+ do // generate r
+ {
+ do
+ {
+ k = new BigInteger(nBitLength, random);
+ }
+ while (k.equals(ZERO) || k.compareTo(n) >= 0);
+
+ ECPoint p = key.getParameters().getG().multiply(k);
+
+ // 5.3.3
+ BigInteger x = p.getX().toBigInteger();
+
+ r = x.mod(n);
+ }
+ while (r.equals(ZERO));
+
+ BigInteger d = ((ECPrivateKeyParameters)key).getD();
+
+ s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n);
+ }
+ while (s.equals(ZERO));
+
+ BigInteger[] res = new BigInteger[2];
+
+ res[0] = r;
+ res[1] = s;
+
+ return res;
+ }
+
+ // 5.4 pg 29
+ /**
+ * return true if the value r and s represent a DSA signature for
+ * the passed in message (for standard DSA the message should be
+ * a SHA-1 hash of the real message to be verified).
+ */
+ public boolean verifySignature(
+ byte[] message,
+ BigInteger r,
+ BigInteger s)
+ {
+ BigInteger n = key.getParameters().getN();
+ BigInteger e = calculateE(n, message);
+
+ // r in the range [1,n-1]
+ if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0)
+ {
+ return false;
+ }
+
+ // s in the range [1,n-1]
+ if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0)
+ {
+ return false;
+ }
+
+ BigInteger c = s.modInverse(n);
+
+ BigInteger u1 = e.multiply(c).mod(n);
+ BigInteger u2 = r.multiply(c).mod(n);
+
+ ECPoint G = key.getParameters().getG();
+ ECPoint Q = ((ECPublicKeyParameters)key).getQ();
+
+ ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2);
+
+ BigInteger v = point.getX().toBigInteger().mod(n);
+
+ return v.equals(r);
+ }
+
+ private BigInteger calculateE(BigInteger n, byte[] message)
+ {
+ if (n.bitLength() > message.length * 8)
+ {
+ return new BigInteger(1, message);
+ }
+ else
+ {
+ int messageBitLength = message.length * 8;
+ BigInteger trunc = new BigInteger(1, message);
+
+ if (messageBitLength - n.bitLength() > 0)
+ {
+ trunc = trunc.shiftRight(messageBitLength - n.bitLength());
+ }
+
+ return trunc;
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/util/Pack.java b/src/main/java/org/bouncycastle/crypto/util/Pack.java
index 12b5999..cdea3af 100644
--- a/src/main/java/org/bouncycastle/crypto/util/Pack.java
+++ b/src/main/java/org/bouncycastle/crypto/util/Pack.java
@@ -31,4 +31,34 @@
intToBigEndian((int)(n >>> 32), bs, off);
intToBigEndian((int)(n & 0xffffffffL), bs, off + 4);
}
+
+ public static int littleEndianToInt(byte[] bs, int off)
+ {
+ int n = bs[ off];
+ n |= (bs[++off] & 0xff) << 8;
+ n |= (bs[++off] & 0xff) << 16;
+ n |= (bs[++off] & 0xff) << 24;
+ return n;
+ }
+
+ public static void intToLittleEndian(int n, byte[] bs, int off)
+ {
+ bs[ off] = (byte)(n );
+ bs[++off] = (byte)(n >>> 8);
+ bs[++off] = (byte)(n >>> 16);
+ bs[++off] = (byte)(n >>> 24);
+ }
+
+ public static long littleEndianToLong(byte[] bs, int off)
+ {
+ int lo = littleEndianToInt(bs, off);
+ int hi = littleEndianToInt(bs, off + 4);
+ return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL);
+ }
+
+ public static void longToLittleEndian(long n, byte[] bs, int off)
+ {
+ intToLittleEndian((int)(n & 0xffffffffL), bs, off);
+ intToLittleEndian((int)(n >>> 32), bs, off + 4);
+ }
}
diff --git a/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
index 8f78e08..a352884 100644
--- a/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+++ b/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
@@ -1,5 +1,9 @@
package org.bouncycastle.crypto.util;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Sequence;
@@ -7,8 +11,8 @@
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
// BEGIN android-removed
-// import org.bouncycastle.asn1.nist.NISTNamedCurves;
// import org.bouncycastle.asn1.oiw.ElGamalParameter;
// END android-removed
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -16,36 +20,30 @@
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
+import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
// BEGIN android-removed
-// import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
-// import org.bouncycastle.asn1.sec.SECNamedCurves;
// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
// END android-removed
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DSAParameter;
-// BEGIN android-removed
-// import org.bouncycastle.asn1.x9.X962NamedCurves;
-// import org.bouncycastle.asn1.x9.X962Parameters;
-// import org.bouncycastle.asn1.x9.X9ECParameters;
-// import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
// BEGIN android-removed
-// import org.bouncycastle.crypto.params.ECDomainParameters;
-// import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
// import org.bouncycastle.crypto.params.ElGamalParameters;
// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
// END android-removed
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-
/**
* Factory for creating private key objects from PKCS8 PrivateKeyInfo objects.
*/
@@ -58,29 +56,22 @@
* @return a suitable private key parameter
* @throws IOException on an error decoding the key
*/
- public static AsymmetricKeyParameter createKey(
- byte[] privateKeyInfoData)
- throws IOException
+ public static AsymmetricKeyParameter createKey(byte[] privateKeyInfoData) throws IOException
{
- return createKey(
- PrivateKeyInfo.getInstance(
- ASN1Object.fromByteArray(privateKeyInfoData)));
+ return createKey(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(privateKeyInfoData)));
}
/**
- * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding read from a stream.
+ * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding read from a
+ * stream.
*
* @param inStr the stream to read the PrivateKeyInfo encoding from
* @return a suitable private key parameter
* @throws IOException on an error decoding the key
*/
- public static AsymmetricKeyParameter createKey(
- InputStream inStr)
- throws IOException
+ public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException
{
- return createKey(
- PrivateKeyInfo.getInstance(
- new ASN1InputStream(inStr).readObject()));
+ return createKey(PrivateKeyInfo.getInstance(new ASN1InputStream(inStr).readObject()));
}
/**
@@ -90,30 +81,27 @@
* @return a suitable private key parameter
* @throws IOException on an error decoding the key
*/
- public static AsymmetricKeyParameter createKey(
- PrivateKeyInfo keyInfo)
- throws IOException
+ public static AsymmetricKeyParameter createKey(PrivateKeyInfo keyInfo) throws IOException
{
- AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
-
- if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption))
- {
- RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
+ AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
- return new RSAPrivateCrtKeyParameters(
- keyStructure.getModulus(),
- keyStructure.getPublicExponent(),
- keyStructure.getPrivateExponent(),
- keyStructure.getPrime1(),
- keyStructure.getPrime2(),
- keyStructure.getExponent1(),
- keyStructure.getExponent2(),
- keyStructure.getCoefficient());
+ if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption))
+ {
+ RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure(
+ (ASN1Sequence)keyInfo.getPrivateKey());
+
+ return new RSAPrivateCrtKeyParameters(keyStructure.getModulus(),
+ keyStructure.getPublicExponent(), keyStructure.getPrivateExponent(),
+ keyStructure.getPrime1(), keyStructure.getPrime2(), keyStructure.getExponent1(),
+ keyStructure.getExponent2(), keyStructure.getCoefficient());
}
+ // TODO?
+// else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
{
- DHParameter params = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
- DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
+ DHParameter params = new DHParameter(
+ (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+ DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
BigInteger lVal = params.getL();
int l = lVal == null ? 0 : lVal.intValue();
@@ -124,74 +112,71 @@
// BEGIN android-removed
// else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
// {
- // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
- // DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
- //
- // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG()));
- // }
- // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
- // {
+ // ElGamalParameter params = new ElGamalParameter(
+ // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
// DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
- // DEREncodable de = keyInfo.getAlgorithmId().getParameters();
//
- // DSAParameters parameters = null;
- // if (de != null)
- // {
- // DSAParameter params = DSAParameter.getInstance(de.getDERObject());
- // parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
- // }
- //
- // return new DSAPrivateKeyParameters(derX.getValue(), parameters);
- // }
- // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
- // {
- // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
- // ECDomainParameters dParams = null;
- //
- // if (params.isNamedCurve())
- // {
- // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
- // X9ECParameters ecP = X962NamedCurves.getByOID(oid);
- //
- // if (ecP == null)
- // {
- // ecP = SECNamedCurves.getByOID(oid);
- //
- // if (ecP == null)
- // {
- // ecP = NISTNamedCurves.getByOID(oid);
- //
- // if (ecP == null)
- // {
- // ecP = TeleTrusTNamedCurves.getByOID(oid);
- // }
- // }
- // }
- //
- // dParams = new ECDomainParameters(
- // ecP.getCurve(),
- // ecP.getG(),
- // ecP.getN(),
- // ecP.getH(),
- // ecP.getSeed());
- // }
- // else
- // {
- // X9ECParameters ecP = new X9ECParameters(
- // (ASN1Sequence)params.getParameters());
- // dParams = new ECDomainParameters(
- // ecP.getCurve(),
- // ecP.getG(),
- // ecP.getN(),
- // ecP.getH(),
- // ecP.getSeed());
- // }
- //
- // ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
- //
- // return new ECPrivateKeyParameters(ec.getKey(), dParams);
+ // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+ // params.getP(), params.getG()));
// }
// END android-removed
+ else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
+ {
+ DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
+ DEREncodable de = keyInfo.getAlgorithmId().getParameters();
+
+ DSAParameters parameters = null;
+ if (de != null)
+ {
+ DSAParameter params = DSAParameter.getInstance(de.getDERObject());
+ parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
+ }
+
+ return new DSAPrivateKeyParameters(derX.getValue(), parameters);
+ }
+ else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
+ {
+ X962Parameters params = new X962Parameters(
+ (DERObject)keyInfo.getAlgorithmId().getParameters());
+ ECDomainParameters dParams = null;
+
+ if (params.isNamedCurve())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+ X9ECParameters ecP = X962NamedCurves.getByOID(oid);
+
+ if (ecP == null)
+ {
+ ecP = SECNamedCurves.getByOID(oid);
+
+ if (ecP == null)
+ {
+ ecP = NISTNamedCurves.getByOID(oid);
+
+ // BEGIN android-removed
+ // if (ecP == null)
+ // {
+ // ecP = TeleTrusTNamedCurves.getByOID(oid);
+ // }
+ // END android-removed
+ }
+ }
+
+ dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+ ecP.getH(), ecP.getSeed());
+ }
+ else
+ {
+ X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+ dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+ ecP.getH(), ecP.getSeed());
+ }
+
+ ECPrivateKeyStructure ec = new ECPrivateKeyStructure(
+ (ASN1Sequence)keyInfo.getPrivateKey());
+
+ return new ECPrivateKeyParameters(ec.getKey(), dParams);
+ }
else
{
throw new RuntimeException("algorithm identifier in key not recognised");
diff --git a/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
index c0672b5..5e93a36 100644
--- a/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
+++ b/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
@@ -1,5 +1,9 @@
package org.bouncycastle.crypto.util;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
@@ -10,15 +14,15 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
// BEGIN android-removed
-// import org.bouncycastle.asn1.nist.NISTNamedCurves;
// import org.bouncycastle.asn1.oiw.ElGamalParameter;
// END android-removed
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.DHParameter;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
// BEGIN android-removed
-// import org.bouncycastle.asn1.sec.SECNamedCurves;
// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
// END android-removed
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -26,33 +30,31 @@
import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-// BEGIN android-removed
-// import org.bouncycastle.asn1.x9.X962NamedCurves;
-// import org.bouncycastle.asn1.x9.X962Parameters;
-// import org.bouncycastle.asn1.x9.X9ECParameters;
-// import org.bouncycastle.asn1.x9.X9ECPoint;
-// END android-removed
+import org.bouncycastle.asn1.x9.DHDomainParameters;
+import org.bouncycastle.asn1.x9.DHPublicKey;
+import org.bouncycastle.asn1.x9.DHValidationParms;
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECPoint;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+import org.bouncycastle.crypto.params.DHValidationParameters;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
// BEGIN android-removed
-// import org.bouncycastle.crypto.params.ECDomainParameters;
-// import org.bouncycastle.crypto.params.ECPublicKeyParameters;
// import org.bouncycastle.crypto.params.ElGamalParameters;
// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
// END android-removed
import org.bouncycastle.crypto.params.RSAKeyParameters;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-
/**
- * Factory to create asymmetric public key parameters for asymmetric ciphers
- * from range of ASN.1 encoded SubjectPublicKeyInfo objects.
+ * Factory to create asymmetric public key parameters for asymmetric ciphers from range of
+ * ASN.1 encoded SubjectPublicKeyInfo objects.
*/
public class PublicKeyFactory
{
@@ -63,13 +65,9 @@
* @return the appropriate key parameter
* @throws IOException on an error decoding the key
*/
- public static AsymmetricKeyParameter createKey(
- byte[] keyInfoData)
- throws IOException
+ public static AsymmetricKeyParameter createKey(byte[] keyInfoData) throws IOException
{
- return createKey(
- SubjectPublicKeyInfo.getInstance(
- ASN1Object.fromByteArray(keyInfoData)));
+ return createKey(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(keyInfoData)));
}
/**
@@ -79,13 +77,9 @@
* @return the appropriate key parameter
* @throws IOException on an error decoding the key
*/
- public static AsymmetricKeyParameter createKey(
- InputStream inStr)
- throws IOException
+ public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException
{
- return createKey(
- SubjectPublicKeyInfo.getInstance(
- new ASN1InputStream(inStr).readObject()));
+ return createKey(SubjectPublicKeyInfo.getInstance(new ASN1InputStream(inStr).readObject()));
}
/**
@@ -95,25 +89,56 @@
* @return the appropriate key parameter
* @throws IOException on an error decoding the key
*/
- public static AsymmetricKeyParameter createKey(
- SubjectPublicKeyInfo keyInfo)
- throws IOException
+ public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo) throws IOException
{
- AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
-
+ AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
+
if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)
|| algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa))
{
- RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)keyInfo.getPublicKey());
+ RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure(
+ (ASN1Sequence)keyInfo.getPublicKey());
return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent());
}
- else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)
- || algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
+ else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
{
- DHParameter params = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
- DERInteger derY = (DERInteger)keyInfo.getPublicKey();
-
+ DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.getPublicKey());
+
+ BigInteger y = dhPublicKey.getY().getValue();
+
+ DHDomainParameters dhParams = DHDomainParameters.getInstance(keyInfo.getAlgorithmId().getParameters());
+
+ BigInteger p = dhParams.getP().getValue();
+ BigInteger g = dhParams.getG().getValue();
+ BigInteger q = dhParams.getQ().getValue();
+
+ BigInteger j = null;
+ if (dhParams.getJ() != null)
+ {
+ j = dhParams.getJ().getValue();
+ }
+
+ DHValidationParameters validation = null;
+ DHValidationParms dhValidationParms = dhParams.getValidationParms();
+ if (dhValidationParms != null)
+ {
+ byte[] seed = dhValidationParms.getSeed().getBytes();
+ BigInteger pgenCounter = dhValidationParms.getPgenCounter().getValue();
+
+ // TODO Check pgenCounter size?
+
+ validation = new DHValidationParameters(seed, pgenCounter.intValue());
+ }
+
+ return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
+ }
+ else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
+ {
+ DHParameter params = new DHParameter(
+ (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+ DERInteger derY = (DERInteger)keyInfo.getPublicKey();
+
BigInteger lVal = params.getL();
int l = lVal == null ? 0 : lVal.intValue();
DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
@@ -123,14 +148,16 @@
// BEGIN android-removed
// else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
// {
- // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
- // DERInteger derY = (DERInteger)keyInfo.getPublicKey();
+ // ElGamalParameter params = new ElGamalParameter(
+ // (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+ // DERInteger derY = (DERInteger)keyInfo.getPublicKey();
//
- // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG()));
+ // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+ // params.getP(), params.getG()));
// }
// END android-removed
else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)
- || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
+ || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
{
DERInteger derY = (DERInteger)keyInfo.getPublicKey();
DEREncodable de = keyInfo.getAlgorithmId().getParameters();
@@ -144,60 +171,52 @@
return new DSAPublicKeyParameters(derY.getValue(), parameters);
}
- // BEGIN android-removed
- // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
- // {
- // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
- // ECDomainParameters dParams = null;
- //
- // if (params.isNamedCurve())
- // {
- // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
- // X9ECParameters ecP = X962NamedCurves.getByOID(oid);
- //
- // if (ecP == null)
- // {
- // ecP = SECNamedCurves.getByOID(oid);
- //
- // if (ecP == null)
- // {
- // ecP = NISTNamedCurves.getByOID(oid);
- //
- // if (ecP == null)
- // {
- // ecP = TeleTrusTNamedCurves.getByOID(oid);
- // }
- // }
- // }
- //
- // dParams = new ECDomainParameters(
- // ecP.getCurve(),
- // ecP.getG(),
- // ecP.getN(),
- // ecP.getH(),
- // ecP.getSeed());
- // }
- // else
- // {
- // X9ECParameters ecP = new X9ECParameters(
- // (ASN1Sequence)params.getParameters());
- // dParams = new ECDomainParameters(
- // ecP.getCurve(),
- // ecP.getG(),
- // ecP.getN(),
- // ecP.getH(),
- // ecP.getSeed());
- // }
- //
- // DERBitString bits = keyInfo.getPublicKeyData();
- // byte[] data = bits.getBytes();
- // ASN1OctetString key = new DEROctetString(data);
- //
- // X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
- //
- // return new ECPublicKeyParameters(derQ.getPoint(), dParams);
- // }
- // END android-removed
+ else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
+ {
+ X962Parameters params = new X962Parameters(
+ (DERObject)keyInfo.getAlgorithmId().getParameters());
+ ECDomainParameters dParams = null;
+
+ if (params.isNamedCurve())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+ X9ECParameters ecP = X962NamedCurves.getByOID(oid);
+
+ if (ecP == null)
+ {
+ ecP = SECNamedCurves.getByOID(oid);
+
+ if (ecP == null)
+ {
+ ecP = NISTNamedCurves.getByOID(oid);
+
+ // BEGIN android-removed
+ // if (ecP == null)
+ // {
+ // ecP = TeleTrusTNamedCurves.getByOID(oid);
+ // }
+ // END android-removed
+ }
+ }
+
+ dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+ ecP.getH(), ecP.getSeed());
+ }
+ else
+ {
+ X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+ dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+ ecP.getH(), ecP.getSeed());
+ }
+
+ DERBitString bits = keyInfo.getPublicKeyData();
+ byte[] data = bits.getBytes();
+ ASN1OctetString key = new DEROctetString(data);
+
+ X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
+
+ return new ECPublicKeyParameters(derQ.getPoint(), dParams);
+ }
else
{
throw new RuntimeException("algorithm identifier in key not recognised");
diff --git a/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
new file mode 100644
index 0000000..5c0fe7d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
@@ -0,0 +1,125 @@
+package org.bouncycastle.jce;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+
+import java.util.Enumeration;
+import java.util.Vector;
+
+/**
+ * a table of locally supported named curves.
+ */
+public class ECNamedCurveTable
+{
+ /**
+ * return a parameter spec representing the passed in named
+ * curve. The routine returns null if the curve is not present.
+ *
+ * @param name the name of the curve requested
+ * @return a parameter spec for the curve, null if it is not available.
+ */
+ public static ECNamedCurveParameterSpec getParameterSpec(
+ String name)
+ {
+ X9ECParameters ecP = X962NamedCurves.getByName(name);
+ if (ecP == null)
+ {
+ try
+ {
+ ecP = X962NamedCurves.getByOID(new DERObjectIdentifier(name));
+ }
+ catch (IllegalArgumentException e)
+ {
+ // ignore - not an oid
+ }
+ }
+
+ if (ecP == null)
+ {
+ ecP = SECNamedCurves.getByName(name);
+ if (ecP == null)
+ {
+ try
+ {
+ ecP = SECNamedCurves.getByOID(new DERObjectIdentifier(name));
+ }
+ catch (IllegalArgumentException e)
+ {
+ // ignore - not an oid
+ }
+ }
+ }
+
+ // BEGIN android-removed
+ // if (ecP == null)
+ // {
+ // ecP = TeleTrusTNamedCurves.getByName(name);
+ // if (ecP == null)
+ // {
+ // try
+ // {
+ // ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name));
+ // }
+ // catch (IllegalArgumentException e)
+ // {
+ // // ignore - not an oid
+ // }
+ // }
+ // }
+ // END android-removed
+
+ if (ecP == null)
+ {
+ ecP = NISTNamedCurves.getByName(name);
+ }
+
+ if (ecP == null)
+ {
+ return null;
+ }
+
+ return new ECNamedCurveParameterSpec(
+ name,
+ ecP.getCurve(),
+ ecP.getG(),
+ ecP.getN(),
+ ecP.getH(),
+ ecP.getSeed());
+ }
+
+ /**
+ * return an enumeration of the names of the available curves.
+ *
+ * @return an enumeration of the names of the available curves.
+ */
+ public static Enumeration getNames()
+ {
+ Vector v = new Vector();
+
+ addEnumeration(v, X962NamedCurves.getNames());
+ addEnumeration(v, SECNamedCurves.getNames());
+ addEnumeration(v, NISTNamedCurves.getNames());
+ // BEGIN android-removed
+ // addEnumeration(v, TeleTrusTNamedCurves.getNames());
+ // END android-removed
+
+ return v.elements();
+ }
+
+ private static void addEnumeration(
+ Vector v,
+ Enumeration e)
+ {
+ while (e.hasMoreElements())
+ {
+ v.addElement(e.nextElement());
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
index cdca7a9..ad1cfb2 100644
--- a/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
+++ b/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
@@ -1,5 +1,25 @@
package org.bouncycastle.jce;
+import java.io.IOException;
+import java.security.AlgorithmParameters;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PSSParameterSpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
@@ -22,27 +42,9 @@
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PSSParameterSpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Set;
-
/**
* A class for verifying and creating PKCS10 Certification requests.
* <pre>
@@ -88,8 +90,10 @@
algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
- algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
- algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+ // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+ // END android-removed
algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -97,39 +101,59 @@
algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ // END android-removed
algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
- algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
- algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+ // BEGIN android-removed
+ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+ // END android-removed
algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
- algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+ // END android-removed
algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+ algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+ algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
- algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // END android-removed
algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // BEGIN android-removed
+ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+ // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // END android-removed
//
// reverse mappings
//
oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
- oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+ // BEGIN android-removed
+ // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+ // END android-removed
oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
- oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+ // BEGIN android-removed
+ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
+ // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+ // END android-removed
oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
// BEGIN android-removed
@@ -138,13 +162,17 @@
// END android-removed
oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
- oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+ // BEGIN android-removed
+ // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+ // END android-removed
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
- oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+ // BEGIN android-removed
+ // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+ // END android-removed
oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
//
@@ -158,19 +186,25 @@
// The parameters field SHALL be NULL for RSA based signature algorithms.
//
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // BEGIN android-removed
+ // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // END android-removed
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
- noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+ // BEGIN android-removed
+ // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+ // END android-removed
noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
//
// RFC 4491
//
- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // BEGIN android-removed
+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // END android-removed
//
// explicit params
//
@@ -179,10 +213,12 @@
// END android-changed
params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
- // BEGIN android-changed
- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
- // END android-changed
- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+ // BEGIN android-removed
+ // // BEGIN android-changed
+ // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+ // // END android-changed
+ // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+ // END android-removed
// BEGIN android-changed
AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
@@ -252,7 +288,7 @@
throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, SignatureException
{
- this(signatureAlgorithm, subject, key, attributes, signingKey, "BC");
+ this(signatureAlgorithm, subject, key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
}
private static X509Name convertName(
@@ -280,7 +316,7 @@
throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, SignatureException
{
- this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, "BC");
+ this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
}
/**
@@ -317,7 +353,14 @@
if (sigOID == null)
{
- throw new IllegalArgumentException("Unknown signature type requested");
+ try
+ {
+ sigOID = new DERObjectIdentifier(algorithmName);
+ }
+ catch (Exception e)
+ {
+ throw new IllegalArgumentException("Unknown signature type requested");
+ }
}
if (subject == null)
@@ -340,7 +383,7 @@
}
else
{
- this.sigAlgId = new AlgorithmIdentifier(sigOID, null);
+ this.sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE);
}
try
@@ -384,7 +427,7 @@
public PublicKey getPublicKey()
throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
{
- return getPublicKey("BC");
+ return getPublicKey(BouncyCastleProvider.PROVIDER_NAME);
}
public PublicKey getPublicKey(
@@ -444,7 +487,7 @@
throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, SignatureException
{
- return verify("BC");
+ return verify(BouncyCastleProvider.PROVIDER_NAME);
}
/**
@@ -595,10 +638,12 @@
{
return "SHA1";
}
- else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
- {
- return "SHA224";
- }
+ // BEGIN android-removed
+ // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+ // {
+ // return "SHA224";
+ // }
+ // END android-removed
else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
{
return "SHA256";
@@ -611,22 +656,24 @@
{
return "SHA512";
}
- else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
- {
- return "RIPEMD128";
- }
- else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
- {
- return "RIPEMD160";
- }
- else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
- {
- return "RIPEMD256";
- }
- else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
- {
- return "GOST3411";
- }
+ // BEGIN android-removed
+ // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+ // {
+ // return "RIPEMD128";
+ // }
+ // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+ // {
+ // return "RIPEMD160";
+ // }
+ // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+ // {
+ // return "RIPEMD256";
+ // }
+ // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+ // {
+ // return "GOST3411";
+ // }
+ // END android-removed
else
{
return digestAlgOID.getId();
diff --git a/src/main/java/org/bouncycastle/jce/X509Principal.java b/src/main/java/org/bouncycastle/jce/X509Principal.java
index 1d867e7..9cc5538 100644
--- a/src/main/java/org/bouncycastle/jce/X509Principal.java
+++ b/src/main/java/org/bouncycastle/jce/X509Principal.java
@@ -1,15 +1,15 @@
package org.bouncycastle.jce;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.X509Name;
-
import java.io.IOException;
import java.security.Principal;
import java.util.Hashtable;
import java.util.Vector;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x509.X509Name;
+
/**
* a general extension of X509Name with a couple of extra methods and
* constructors.
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java b/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java
new file mode 100644
index 0000000..0812c12
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java
@@ -0,0 +1,15 @@
+package org.bouncycastle.jce.interfaces;
+
+import org.bouncycastle.jce.spec.ECParameterSpec;
+
+/**
+ * generic interface for an Elliptic Curve Key.
+ */
+public interface ECKey
+{
+ /**
+ * return a parameter specification representing the EC domain parameters
+ * for the key.
+ */
+ public ECParameterSpec getParameters();
+}
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java b/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java
new file mode 100644
index 0000000..001dab3
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java
@@ -0,0 +1,20 @@
+package org.bouncycastle.jce.interfaces;
+
+/**
+ * All BC elliptic curve keys implement this interface. You need to
+ * cast the key to get access to it.
+ * <p>
+ * By default BC keys produce encodings without point compression,
+ * to turn this on call setPointFormat() with "COMPRESSED".
+ */
+public interface ECPointEncoder
+{
+ /**
+ * Set the formatting for encoding of points. If the String "UNCOMPRESSED" is passed
+ * in point compression will not be used. If the String "COMPRESSED" is passed point
+ * compression will be used. The default is "UNCOMPRESSED".
+ *
+ * @param style the style to use.
+ */
+ public void setPointFormat(String style);
+}
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java b/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java
new file mode 100644
index 0000000..39d80c3
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java
@@ -0,0 +1,16 @@
+package org.bouncycastle.jce.interfaces;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+/**
+ * interface for Elliptic Curve Private keys.
+ */
+public interface ECPrivateKey
+ extends ECKey, PrivateKey
+{
+ /**
+ * return the private value D.
+ */
+ public BigInteger getD();
+}
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java b/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java
new file mode 100644
index 0000000..db2ecdc
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java
@@ -0,0 +1,17 @@
+package org.bouncycastle.jce.interfaces;
+
+import java.security.PublicKey;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * interface for elliptic curve public keys.
+ */
+public interface ECPublicKey
+ extends ECKey, PublicKey
+{
+ /**
+ * return the public point Q
+ */
+ public ECPoint getQ();
+}
diff --git a/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
index e34d7ed..5179298 100644
--- a/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
+++ b/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
@@ -22,7 +22,6 @@
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
diff --git a/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index f839a59..f712938 100644
--- a/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -43,9 +43,12 @@
public final class BouncyCastleProvider extends Provider
implements ConfigurableProvider
{
- private static String info = "BouncyCastle Security Provider v1.45";
+ private static String info = "BouncyCastle Security Provider v1.46";
- public static String PROVIDER_NAME = "BC";
+ // BEGIN android-changed
+ // this constant should be final
+ public static final String PROVIDER_NAME = "BC";
+ // END android-changed
/*
* Configurable symmetric ciphers
@@ -54,11 +57,13 @@
private static final String[] SYMMETRIC_CIPHERS =
{
// BEGIN android-removed
- // "AES", "Camellia", "CAST5", "Grainv1", "Grain128", "IDEA", "Noekeon", "SEED"
+ // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
+ // "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
// END android-removed
// BEGIN android-added
- "AES",
+ "AES", "ARC4", "Blowfish", "DESede",
// END android-added
+
};
/*
@@ -67,9 +72,7 @@
private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.asymmetric.";
private static final String[] ASYMMETRIC_CIPHERS =
{
- // BEGIN android-removed
- // "EC"
- // END android-removed
+ "EC"
};
/**
@@ -79,7 +82,7 @@
*/
public BouncyCastleProvider()
{
- super(PROVIDER_NAME, 1.45, info);
+ super(PROVIDER_NAME, 1.46, info);
AccessController.doPrivileged(new PrivilegedAction()
{
@@ -293,50 +296,16 @@
// cipher engines
//
put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES");
- put("Cipher.DESEDE", "org.bouncycastle.jce.provider.JCEBlockCipher$DESede");
// BEGIN android-removed
- // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESedeCBC");
// put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
- // END android-removed
- put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap");
- // BEGIN android-changed
- put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
- // END android-changed
- // BEGIN android-removed
- // put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack");
- // END android-removed
- put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Blowfish");
- // BEGIN android-removed
- // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$BlowfishCBC");
- // put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish");
+ //
// put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2");
// put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
// put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
- // END android-removed
- put("Cipher.ARC4", "org.bouncycastle.jce.provider.JCEStreamCipher$RC4");
- put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4");
- put("Alg.Alias.Cipher.ARCFOUR", "ARC4");
- put("Alg.Alias.Cipher.RC4", "ARC4");
- // BEGIN android-removed
- // put("Cipher.SALSA20", "org.bouncycastle.jce.provider.JCEStreamCipher$Salsa20");
- // put("Cipher.HC128", "org.bouncycastle.jce.provider.JCEStreamCipher$HC128");
- // put("Cipher.HC256", "org.bouncycastle.jce.provider.JCEStreamCipher$HC256");
- // put("Cipher.VMPC", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPC");
- // put("Cipher.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPCKSA3");
- // put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5");
+ //
// put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
- // put("Alg.Alias.Cipher.RC5-32", "RC5");
- // put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564");
- // put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6");
- // put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael");
- // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RFC3211DESedeWrap");
- // put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent");
// END android-removed
-
-
- // BEGIN android-removed
- // put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6");
- // END android-removed
+
put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
// BEGIN android-removed
@@ -344,9 +313,6 @@
// put("Alg.Alias.Cipher.GOST", "GOST28147");
// put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
// put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc");
- //
- // put("Cipher.TEA", "org.bouncycastle.jce.provider.JCEBlockCipher$TEA");
- // put("Cipher.XTEA", "org.bouncycastle.jce.provider.JCEBlockCipher$XTEA");
// END android-removed
put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding");
@@ -362,9 +328,7 @@
// put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
// put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
// put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding");
- // END android-removed
-
- // BEGIN android-removed
+ //
// put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES");
// put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES");
// put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
@@ -379,9 +343,7 @@
// put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
// put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
// put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
- // END android-removed
-
- // BEGIN android-removed
+ //
// put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1");
// put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1");
// put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL");
@@ -411,12 +373,14 @@
put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4");
put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4");
+ // BEGIN android-changed
put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC");
put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC");
put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4");
put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4");
+ // END android-changed
put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
@@ -448,7 +412,14 @@
put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish");
// BEGIN android-removed
// put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+ //
+ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+ // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
// END android-removed
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4");
put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4");
@@ -462,44 +433,10 @@
//
put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES");
put("Alg.Alias.KeyGenerator." + OIWObjectIdentifiers.desCBC, "DES");
- put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
- // BEGIN android-removed
- // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3");
- // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
- // put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack");
- // END android-removed
- put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Blowfish");
- put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
- // BEGIN android-removed
- // put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish");
- // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
- // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
- // END android-removed
- put("KeyGenerator.RC4", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC4");
- put("Alg.Alias.KeyGenerator.ARC4", "RC4");
- // BEGIN android-added
- put("Alg.Alias.KeyGenerator.ARCFOUR", "RC4");
- // END android-added
- // BEGIN android-removed
- // put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4");
- // put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5");
- // put("Alg.Alias.KeyGenerator.RC5-32", "RC5");
- // put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564");
- // put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6");
- // put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael");
- //
- // put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent");
- // put("KeyGenerator.SALSA20", "org.bouncycastle.jce.provider.JCEKeyGenerator$Salsa20");
- // put("KeyGenerator.HC128", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC128");
- // put("KeyGenerator.HC256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC256");
- // put("KeyGenerator.VMPC", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPC");
- // put("KeyGenerator.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPCKSA3");
- // END android-removed
// BEGIN android-removed
- // put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6");
- // put("KeyGenerator.TEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$TEA");
- // put("KeyGenerator.XTEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$XTEA");
+ // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
+ // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
//
// put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147");
// put("Alg.Alias.KeyGenerator.GOST", "GOST28147");
@@ -563,25 +500,26 @@
// BEGIN android-removed
// put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
// put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
- // put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- // put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
// END android-removed
- put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
- // BEGIN android-removed
- // put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- // put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- // put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
- // END android-removed
-
//
// secret key factories.
//
put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES");
- put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DESede");
// BEGIN android-removed
// put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
+ // END android-removed
+
+ // BEGIN android-removed
+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+ // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+ // END android-removed
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+ put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
+
+ // BEGIN android-removed
// put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
// END android-removed
put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES");
@@ -708,11 +646,11 @@
if (loader != null)
{
- clazz = loader.loadClass(packageName + names[i] + "Mappings");
+ clazz = loader.loadClass(packageName + names[i] + "$Mappings");
}
else
{
- clazz = Class.forName(packageName + names[i] + "Mappings");
+ clazz = Class.forName(packageName + names[i] + "$Mappings");
}
}
catch (ClassNotFoundException e)
@@ -729,7 +667,7 @@
catch (Exception e)
{ // this should never ever happen!!
throw new InternalError("cannot create instance of "
- + packageName + names[i] + "Mappings : " + e);
+ + packageName + names[i] + "$Mappings : " + e);
}
}
}
@@ -761,49 +699,23 @@
// put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8");
// put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
//
- // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.JCEMac$DESede");
- // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
- // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESedeCFB8");
- // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
- //
// put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
// put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
//
- // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.JCEMac$DESede64");
- // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
- //
- // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DESede64with7816d4");
- // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
- // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
- // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
- //
// put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
// put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
// put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
// put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
//
- // put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack");
- // put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC");
- // put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8");
- // put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8");
- //
// put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2");
// put("Alg.Alias.Mac.RC2", "RC2MAC");
// put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8");
// put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
//
- // put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5");
- // put("Alg.Alias.Mac.RC5", "RC5MAC");
- // put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8");
- // put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8");
//
// put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147");
// put("Alg.Alias.Mac.GOST28147", "GOST28147MAC");
//
- // put("Mac.VMPCMAC", "org.bouncycastle.jce.provider.JCEMac$VMPC");
- // put("Alg.Alias.Mac.VMPC", "VMPCMAC");
- // put("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC");
- //
// put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
//
// put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
diff --git a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
index d675024..f9dbe89 100644
--- a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
@@ -36,10 +36,6 @@
import javax.security.auth.x500.X500Principal;
-// BEGIN android-added
-import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-
-// END android-added
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
@@ -82,6 +78,8 @@
public class CertPathValidatorUtilities
{
+ protected static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
+
protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId();
protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId();
protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId();
@@ -119,40 +117,13 @@
"privilegeWithdrawn",
"aACompromise" };
- // BEGIN android-removed
- // /**
- // * Search the given Set of TrustAnchor's for one that is the
- // * issuer of the given X509 certificate. Uses the default provider
- // * for signature verification.
- // *
- // * @param cert the X509 certificate
- // * @param trustAnchors a Set of TrustAnchor's
- // *
- // * @return the <code>TrustAnchor</code> object if found or
- // * <code>null</code> if not.
- // *
- // * @exception AnnotatedException
- // * if a TrustAnchor was found but the signature verification
- // * on the given certificate has thrown an exception.
- // */
- // protected static TrustAnchor findTrustAnchor(
- // X509Certificate cert,
- // Set trustAnchors)
- // throws AnnotatedException
- // {
- // return findTrustAnchor(cert, trustAnchors, null);
- // }
- // END android-removed
-
- // BEGIN android-changed
/**
* Search the given Set of TrustAnchor's for one that is the
- * issuer of the given X509 certificate. Uses the specified
- * provider for signature verification, or the default provider
- * if null.
+ * issuer of the given X509 certificate. Uses the default provider
+ * for signature verification.
*
* @param cert the X509 certificate
- * @param params used to find the trust anchors and signature provider
+ * @param trustAnchors a Set of TrustAnchor's
*
* @return the <code>TrustAnchor</code> object if found or
* <code>null</code> if not.
@@ -163,21 +134,35 @@
*/
protected static TrustAnchor findTrustAnchor(
X509Certificate cert,
- PKIXParameters params)
+ Set trustAnchors)
throws AnnotatedException
- // END android-changed
{
- // BEGIN android-changed
- // If we have a trust anchor index, use it.
- if (params instanceof IndexedPKIXParameters) {
- try {
- IndexedPKIXParameters indexed = (IndexedPKIXParameters) params;
- return indexed.findTrustAnchor(cert);
- } catch (CertPathValidatorException e) {
- throw new AnnotatedException(e.getMessage(), e);
- }
- }
- // END android-changed
+ return findTrustAnchor(cert, trustAnchors, null);
+ }
+
+ /**
+ * Search the given Set of TrustAnchor's for one that is the
+ * issuer of the given X509 certificate. Uses the specified
+ * provider for signature verification, or the default provider
+ * if null.
+ *
+ * @param cert the X509 certificate
+ * @param trustAnchors a Set of TrustAnchor's
+ * @param sigProvider the provider to use for signature verification
+ *
+ * @return the <code>TrustAnchor</code> object if found or
+ * <code>null</code> if not.
+ *
+ * @exception AnnotatedException
+ * if a TrustAnchor was found but the signature verification
+ * on the given certificate has thrown an exception.
+ */
+ protected static TrustAnchor findTrustAnchor(
+ X509Certificate cert,
+ Set trustAnchors,
+ String sigProvider)
+ throws AnnotatedException
+ {
TrustAnchor trust = null;
PublicKey trustPublicKey = null;
Exception invalidKeyEx = null;
@@ -194,49 +179,21 @@
throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
}
- // BEGIN android-changed
- Iterator iter = params.getTrustAnchors().iterator();
- // END android-changed
- // BEGIN android-added
- byte[] certBytes = null;
- try {
- certBytes = cert.getEncoded();
- } catch (Exception e) {
- // ignore, just continue
- }
- // END android-added
+ Iterator iter = trustAnchors.iterator();
while (iter.hasNext() && trust == null)
{
trust = (TrustAnchor) iter.next();
- // BEGIN android-changed
- X509Certificate trustCert = trust.getTrustedCert();
- // END android-changed
- // BEGIN android-added
- // If the trust anchor is identical to the certificate we're
- // done. Just return the anchor.
- // There is similar code in PKIXCertPathValidatorSpi.
- try {
- byte[] trustBytes = trustCert.getEncoded();
- if (certBytes != null && Arrays.equals(trustBytes, certBytes)) {
- return trust;
- }
- } catch (Exception e) {
- // ignore, continue and verify the certificate
- }
- // END android-added
- // BEGIN android-changed
- if (trustCert != null)
+ if (trust.getTrustedCert() != null)
{
- if (certSelectX509.match(trustCert))
+ if (certSelectX509.match(trust.getTrustedCert()))
{
- trustPublicKey = trustCert.getPublicKey();
+ trustPublicKey = trust.getTrustedCert().getPublicKey();
}
else
{
trust = null;
}
}
- // END android-changed
else if (trust.getCAName() != null
&& trust.getCAPublicKey() != null)
{
@@ -266,9 +223,7 @@
{
try
{
- // BEGIN android-changed
- verifyX509Certificate(cert, trustPublicKey, params.getSigProvider());
- // END android-changed
+ verifyX509Certificate(cert, trustPublicKey, sigProvider);
}
catch (Exception ex)
{
@@ -420,69 +375,6 @@
// crl checking
- /**
- * Return a Collection of all CRLs found in the X509Store's that are
- * matching the crlSelect criteriums.
- *
- * @param crlSelect a {@link X509CRLStoreSelector} object that will be used
- * to select the CRLs
- * @param crlStores a List containing only
- * {@link org.bouncycastle.x509.X509Store X509Store} objects.
- * These are used to search for CRLs
- *
- * @return a Collection of all found {@link X509CRL X509CRL} objects. May be
- * empty but never <code>null</code>.
- */
- protected static final Collection findCRLs(X509CRLStoreSelector crlSelect,
- List crlStores) throws AnnotatedException
- {
- Set crls = new HashSet();
- Iterator iter = crlStores.iterator();
-
- AnnotatedException lastException = null;
- boolean foundValidStore = false;
-
- while (iter.hasNext())
- {
- Object obj = iter.next();
-
- if (obj instanceof X509Store)
- {
- X509Store store = (X509Store)obj;
-
- try
- {
- crls.addAll(store.getMatches(crlSelect));
- foundValidStore = true;
- }
- catch (StoreException e)
- {
- lastException = new AnnotatedException(
- "Exception searching in X.509 CRL store.", e);
- }
- }
- else
- {
- CertStore store = (CertStore)obj;
-
- try
- {
- crls.addAll(store.getCRLs(crlSelect));
- foundValidStore = true;
- }
- catch (CertStoreException e)
- {
- lastException = new AnnotatedException(
- "Exception searching in X.509 CRL store.", e);
- }
- }
- }
- if (!foundValidStore && lastException != null)
- {
- throw lastException;
- }
- return crls;
- }
//
// policy checking
@@ -800,13 +692,13 @@
// X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
// url, base).build();
// pkixParams.addAdditionalStore(X509Store.getInstance(
- // "CERTIFICATE/LDAP", params, "BC"));
+ // "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
// pkixParams.addAdditionalStore(X509Store.getInstance(
- // "CRL/LDAP", params, "BC"));
+ // "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
// pkixParams.addAdditionalStore(X509Store.getInstance(
- // "ATTRIBUTECERTIFICATE/LDAP", params, "BC"));
+ // "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
// pkixParams.addAdditionalStore(X509Store.getInstance(
- // "CERTIFICATEPAIR/LDAP", params, "BC"));
+ // "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
// }
// END android-removed
}
@@ -1174,15 +1066,6 @@
X509CRLStoreSelector deltaSelect = new X509CRLStoreSelector();
- if (paramsPKIX.getDate() != null)
- {
- deltaSelect.setDateAndTime(paramsPKIX.getDate());
- }
- else
- {
- deltaSelect.setDateAndTime(currentDate);
- }
-
// 5.2.4 (a)
try
{
@@ -1234,18 +1117,8 @@
// 5.2.4 (c)
deltaSelect.setMaxBaseCRLNumber(completeCRLNumber);
- Set temp = new HashSet();
// find delta CRLs
- try
- {
- temp.addAll(CertPathValidatorUtilities.findCRLs(deltaSelect, paramsPKIX.getAdditionalStores()));
- temp.addAll(CertPathValidatorUtilities.findCRLs(deltaSelect, paramsPKIX.getStores()));
- temp.addAll(CertPathValidatorUtilities.findCRLs(deltaSelect, paramsPKIX.getCertStores()));
- }
- catch (AnnotatedException e)
- {
- throw new AnnotatedException("Could not search for delta CRLs.", e);
- }
+ Set temp = CRL_UTIL.findCRLs(deltaSelect, paramsPKIX, currentDate);
Set result = new HashSet();
@@ -1316,28 +1189,12 @@
crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert);
}
- if (paramsPKIX.getDate() != null)
- {
- crlselect.setDateAndTime(paramsPKIX.getDate());
- }
- else
- {
- crlselect.setDateAndTime(currentDate);
- }
+
crlselect.setCompleteCRLEnabled(true);
- Set crls = new HashSet();
- try
- {
- crls.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getStores()));
- crls.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
- crls.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getCertStores()));
- }
- catch (AnnotatedException e)
- {
- throw new AnnotatedException("Could not search for CRLs.", e);
- }
+ Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
+
if (crls.isEmpty())
{
if (cert instanceof X509AttributeCertificate)
@@ -1474,7 +1331,7 @@
dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
try
{
- KeyFactory keyFactory = KeyFactory.getInstance("DSA", "BC");
+ KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
return keyFactory.generatePublic(dsaPubKeySpec);
}
catch (Exception exception)
diff --git a/src/main/java/org/bouncycastle/jce/provider/DSABase.java b/src/main/java/org/bouncycastle/jce/provider/DSABase.java
new file mode 100644
index 0000000..b30c11e
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/DSABase.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.jce.provider;
+
+import java.math.BigInteger;
+import java.security.SignatureException;
+import java.security.SignatureSpi;
+import java.security.PrivateKey;
+import java.security.InvalidKeyException;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.Digest;
+
+public abstract class DSABase
+ extends SignatureSpi
+ implements PKCSObjectIdentifiers, X509ObjectIdentifiers
+{
+ protected Digest digest;
+ protected DSA signer;
+ protected DSAEncoder encoder;
+
+ protected DSABase(
+ Digest digest,
+ DSA signer,
+ DSAEncoder encoder)
+ {
+ this.digest = digest;
+ this.signer = signer;
+ this.encoder = encoder;
+ }
+
+ protected void engineInitSign(
+ PrivateKey privateKey)
+ throws InvalidKeyException
+ {
+ engineInitSign(privateKey, null);
+ }
+
+ protected void engineUpdate(
+ byte b)
+ throws SignatureException
+ {
+ digest.update(b);
+ }
+
+ protected void engineUpdate(
+ byte[] b,
+ int off,
+ int len)
+ throws SignatureException
+ {
+ digest.update(b, off, len);
+ }
+
+ protected byte[] engineSign()
+ throws SignatureException
+ {
+ byte[] hash = new byte[digest.getDigestSize()];
+
+ digest.doFinal(hash, 0);
+
+ try
+ {
+ BigInteger[] sig = signer.generateSignature(hash);
+
+ return encoder.encode(sig[0], sig[1]);
+ }
+ catch (Exception e)
+ {
+ throw new SignatureException(e.toString());
+ }
+ }
+
+ protected boolean engineVerify(
+ byte[] sigBytes)
+ throws SignatureException
+ {
+ byte[] hash = new byte[digest.getDigestSize()];
+
+ digest.doFinal(hash, 0);
+
+ BigInteger[] sig;
+
+ try
+ {
+ sig = encoder.decode(sigBytes);
+ }
+ catch (Exception e)
+ {
+ throw new SignatureException("error decoding signature bytes.");
+ }
+
+ return signer.verifySignature(hash, sig[0], sig[1]);
+ }
+
+ protected void engineSetParameter(
+ AlgorithmParameterSpec params)
+ {
+ throw new UnsupportedOperationException("engineSetParameter unsupported");
+ }
+
+ /**
+ * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)">
+ */
+ protected void engineSetParameter(
+ String param,
+ Object value)
+ {
+ throw new UnsupportedOperationException("engineSetParameter unsupported");
+ }
+
+ /**
+ * @deprecated
+ */
+ protected Object engineGetParameter(
+ String param)
+ {
+ throw new UnsupportedOperationException("engineSetParameter unsupported");
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java b/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java
new file mode 100644
index 0000000..e0dc92b
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java
@@ -0,0 +1,13 @@
+package org.bouncycastle.jce.provider;
+
+import java.math.BigInteger;
+import java.io.IOException;
+
+public interface DSAEncoder
+{
+ byte[] encode(BigInteger r, BigInteger s)
+ throws IOException;
+
+ BigInteger[] decode(byte[] sig)
+ throws IOException;
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
index 5ba4cc2..1b48aec 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
@@ -1,43 +1,48 @@
package org.bouncycastle.jce.provider;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
+
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.engines.BlowfishEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.CAST5Engine;
-// import org.bouncycastle.crypto.engines.CAST6Engine;
-// END android-removed
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
// BEGIN android-removed
// import org.bouncycastle.crypto.engines.GOST28147Engine;
// END android-removed
import org.bouncycastle.crypto.engines.RC2Engine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.RC532Engine;
-// import org.bouncycastle.crypto.engines.RC564Engine;
-// END android-removed
-// import org.bouncycastle.crypto.engines.RC6Engine;
-// import org.bouncycastle.crypto.engines.RijndaelEngine;
-// import org.bouncycastle.crypto.engines.SEEDEngine;
-// import org.bouncycastle.crypto.engines.SerpentEngine;
-// import org.bouncycastle.crypto.engines.SkipjackEngine;
-// import org.bouncycastle.crypto.engines.TEAEngine;
-// END android-removed
import org.bouncycastle.crypto.engines.TwofishEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.XTEAEngine;
-// END android-removed
import org.bouncycastle.crypto.modes.AEADBlockCipher;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.modes.CCMBlockCipher;
import org.bouncycastle.crypto.modes.CFBBlockCipher;
import org.bouncycastle.crypto.modes.CTSBlockCipher;
-import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// END android-removed
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.modes.GOFBBlockCipher;
import org.bouncycastle.crypto.modes.OFBBlockCipher;
@@ -64,27 +69,6 @@
// END android-removed
import org.bouncycastle.util.Strings;
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.ShortBufferException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
-// import javax.crypto.spec.RC2ParameterSpec;
-// import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
public class JCEBlockCipher extends WrapCipherSpi
implements PBE
{
@@ -175,7 +159,7 @@
{
try
{
- engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, "BC");
+ engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
engineParams.init(pbeSpec);
}
catch (Exception e)
@@ -194,7 +178,7 @@
try
{
- engineParams = AlgorithmParameters.getInstance(name, "BC");
+ engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME);
engineParams.init(ivParam.getIV());
}
catch (Exception e)
@@ -304,11 +288,13 @@
ivLength = baseEngine.getBlockSize();
cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
}
- else if (modeName.startsWith("EAX"))
- {
- ivLength = baseEngine.getBlockSize();
- cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
- }
+ // BEGIN android-removed
+ // else if (modeName.startsWith("EAX"))
+ // {
+ // ivLength = baseEngine.getBlockSize();
+ // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+ // }
+ // END android-removed
else if (modeName.startsWith("GCM"))
{
ivLength = baseEngine.getBlockSize();
@@ -801,32 +787,6 @@
// super(new CBCBlockCipher(new DESEngine()), 64);
// }
// }
- // END android-removed
-
- /**
- * DESede
- */
- static public class DESede
- extends JCEBlockCipher
- {
- public DESede()
- {
- super(new DESedeEngine());
- }
- }
-
- // BEGIN android-removed
- // /**
- // * DESedeCBC
- // */
- // static public class DESedeCBC
- // extends JCEBlockCipher
- // {
- // public DESedeCBC()
- // {
- // super(new CBCBlockCipher(new DESedeEngine()), 64);
- // }
- // }
//
// /**
// * GOST28147
@@ -839,7 +799,7 @@
// super(new GOST28147Engine());
// }
// }
- //
+ //
// static public class GOST28147cbc
// extends JCEBlockCipher
// {
@@ -850,56 +810,6 @@
// }
//
// /**
- // * SKIPJACK
- // */
- // static public class Skipjack
- // extends JCEBlockCipher
- // {
- // public Skipjack()
- // {
- // super(new SkipjackEngine());
- // }
- // }
- // END android-removed
-
- /**
- * Blowfish
- */
- static public class Blowfish
- extends JCEBlockCipher
- {
- public Blowfish()
- {
- super(new BlowfishEngine());
- }
- }
-
- // BEGIN android-removed
- // /**
- // * Blowfish CBC
- // */
- // static public class BlowfishCBC
- // extends JCEBlockCipher
- // {
- // public BlowfishCBC()
- // {
- // super(new CBCBlockCipher(new BlowfishEngine()), 64);
- // }
- // }
- //
- // /**
- // * Twofish
- // */
- // static public class Twofish
- // extends JCEBlockCipher
- // {
- // public Twofish()
- // {
- // super(new TwofishEngine());
- // }
- // }
- //
- // /**
// * RC2
// */
// static public class RC2
@@ -922,188 +832,6 @@
// super(new CBCBlockCipher(new RC2Engine()), 64);
// }
// }
- //
- // /**
- // * RC5
- // */
- // static public class RC5
- // extends JCEBlockCipher
- // {
- // public RC5()
- // {
- // super(new RC532Engine());
- // }
- // }
- //
- // /**
- // * RC564
- // */
- // static public class RC564
- // extends JCEBlockCipher
- // {
- // public RC564()
- // {
- // super(new RC564Engine());
- // }
- // }
- //
- // /**
- // * RC6
- // */
- // static public class RC6
- // extends JCEBlockCipher
- // {
- // public RC6()
- // {
- // super(new RC6Engine());
- // }
- // }
- //
- // /**
- // * AES
- // */
- // static public class AES
- // extends JCEBlockCipher
- // {
- // public AES()
- // {
- // super(new AESFastEngine());
- // }
- // }
- //
- // /**
- // * AESCBC
- // */
- // static public class AESCBC
- // extends JCEBlockCipher
- // {
- // public AESCBC()
- // {
- // super(new CBCBlockCipher(new AESFastEngine()), 128);
- // }
- // }
- //
- // /**
- // * AESCFB
- // */
- // static public class AESCFB
- // extends JCEBlockCipher
- // {
- // public AESCFB()
- // {
- // super(new CFBBlockCipher(new AESFastEngine(), 128), 128);
- // }
- // }
- //
- // /**
- // * AESOFB
- // */
- // static public class AESOFB
- // extends JCEBlockCipher
- // {
- // public AESOFB()
- // {
- // super(new OFBBlockCipher(new AESFastEngine(), 128), 128);
- // }
- // }
- //
- // /**
- // * Rijndael
- // */
- // static public class Rijndael
- // extends JCEBlockCipher
- // {
- // public Rijndael()
- // {
- // super(new RijndaelEngine());
- // }
- // }
- //
- // /**
- // * Serpent
- // */
- // static public class Serpent
- // extends JCEBlockCipher
- // {
- // public Serpent()
- // {
- // super(new SerpentEngine());
- // }
- // }
- //
- //
- //
- // /**
- // * CAST5
- // */
- // static public class CAST5
- // extends JCEBlockCipher
- // {
- // public CAST5()
- // {
- // super(new CAST5Engine());
- // }
- // }
- //
- // /**
- // * CAST5 CBC
- // */
- // static public class CAST5CBC
- // extends JCEBlockCipher
- // {
- // public CAST5CBC()
- // {
- // super(new CBCBlockCipher(new CAST5Engine()), 64);
- // }
- // }
- //
- // /**
- // * CAST6
- // */
- // static public class CAST6
- // extends JCEBlockCipher
- // {
- // public CAST6()
- // {
- // super(new CAST6Engine());
- // }
- // }
- //
- // /**
- // * TEA
- // */
- // static public class TEA
- // extends JCEBlockCipher
- // {
- // public TEA()
- // {
- // super(new TEAEngine());
- // }
- // }
- //
- // /**
- // * XTEA
- // */
- // static public class XTEA
- // extends JCEBlockCipher
- // {
- // public XTEA()
- // {
- // super(new XTEAEngine());
- // }
- // }
- //
- // /**
- // * SEED
- // */
- // static public class SEED
- // extends JCEBlockCipher
- // {
- // public SEED()
- // {
- // super(new SEEDEngine());
- // }
- // }
// END android-removed
/**
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
index 75fbdf7..ef8f76a 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
@@ -1,7 +1,12 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.crypto.params.DESParameters;
-import org.bouncycastle.util.Strings;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Hashtable;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
@@ -10,13 +15,9 @@
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.SecretKeySpec;
-import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Hashtable;
+
+import org.bouncycastle.crypto.params.DESParameters;
+import org.bouncycastle.util.Strings;
/**
* Diffie-Hellman key agreement. There's actually a better way of doing this
@@ -31,8 +32,6 @@
private BigInteger g;
private BigInteger result;
- private SecureRandom random;
-
private static final Hashtable algorithms = new Hashtable();
static
@@ -41,11 +40,13 @@
Integer i64 = Integer.valueOf(64);
Integer i192 = Integer.valueOf(192);
Integer i128 = Integer.valueOf(128);
+ Integer i256 = Integer.valueOf(256);
// END android-changed
algorithms.put("DES", i64);
algorithms.put("DESEDE", i192);
algorithms.put("BLOWFISH", i128);
+ algorithms.put("AES", i256);
}
private byte[] bigIntToBytes(
@@ -172,8 +173,6 @@
}
DHPrivateKey privKey = (DHPrivateKey)key;
- this.random = random;
-
if (params != null)
{
if (!(params instanceof DHParameterSpec))
@@ -206,7 +205,6 @@
DHPrivateKey privKey = (DHPrivateKey)key;
- this.random = random;
this.p = privKey.getParams().getP();
this.g = privKey.getParams().getG();
this.x = this.result = privKey.getX();
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
index 3da31fb..fc38481 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
@@ -1,5 +1,15 @@
package org.bouncycastle.jce.provider;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.math.BigInteger;
+import java.util.Enumeration;
+
+import javax.crypto.interfaces.DHPrivateKey;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPrivateKeySpec;
+
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERInteger;
@@ -8,18 +18,11 @@
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x9.DHDomainParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPrivateKeySpec;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-import java.util.Enumeration;
-
public class JCEDHPrivateKey
implements DHPrivateKey, PKCS12BagAttributeCarrier
{
@@ -27,7 +30,8 @@
BigInteger x;
- DHParameterSpec dhSpec;
+ private DHParameterSpec dhSpec;
+ private PrivateKeyInfo info;
private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl();
@@ -52,17 +56,35 @@
JCEDHPrivateKey(
PrivateKeyInfo info)
{
- DHParameter params = new DHParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
+ ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
DERInteger derX = (DERInteger)info.getPrivateKey();
+ DERObjectIdentifier id = info.getAlgorithmId().getObjectId();
+ this.info = info;
this.x = derX.getValue();
- if (params.getL() != null)
+
+ if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement))
{
- this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+ DHParameter params = new DHParameter(seq);
+
+ if (params.getL() != null)
+ {
+ this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+ }
+ else
+ {
+ this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+ }
+ }
+ else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
+ {
+ DHDomainParameters params = DHDomainParameters.getInstance(seq);
+
+ this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
}
else
{
- this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+ throw new IllegalArgumentException("unknown algorithm type: " + id);
}
}
@@ -96,6 +118,11 @@
*/
public byte[] getEncoded()
{
+ if (info != null)
+ {
+ return info.getDEREncoded();
+ }
+
PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(getX()));
return info.getDEREncoded();
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
index e343af3..942e3bf 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
@@ -1,21 +1,25 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.pkcs.DHParameter;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPublicKeySpec;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.math.BigInteger;
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPublicKeySpec;
+
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.pkcs.DHParameter;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.DHDomainParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+
public class JCEDHPublicKey
implements DHPublicKey
{
@@ -23,7 +27,8 @@
private BigInteger y;
private DHParameterSpec dhSpec;
-
+ private SubjectPublicKeyInfo info;
+
JCEDHPublicKey(
DHPublicKeySpec spec)
{
@@ -56,9 +61,9 @@
JCEDHPublicKey(
SubjectPublicKeyInfo info)
{
- DHParameter params = new DHParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
- DERInteger derY = null;
+ this.info = info;
+ DERInteger derY;
try
{
derY = (DERInteger)info.getPublicKey();
@@ -69,13 +74,33 @@
}
this.y = derY.getValue();
- if (params.getL() != null)
+
+ ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
+ DERObjectIdentifier id = info.getAlgorithmId().getObjectId();
+
+ // we need the PKCS check to handle older keys marked with the X9 oid.
+ if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq))
{
- this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+ DHParameter params = new DHParameter(seq);
+
+ if (params.getL() != null)
+ {
+ this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+ }
+ else
+ {
+ this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+ }
+ }
+ else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
+ {
+ DHDomainParameters params = DHDomainParameters.getInstance(seq);
+
+ this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
}
else
{
- this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+ throw new IllegalArgumentException("unknown algorithm type: " + id);
}
}
@@ -91,7 +116,12 @@
public byte[] getEncoded()
{
- SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.dhpublicnumber, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(y));
+ if (info != null)
+ {
+ return info.getDEREncoded();
+ }
+
+ SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(y));
return info.getDEREncoded();
}
@@ -106,6 +136,29 @@
return y;
}
+ private boolean isPKCSParam(ASN1Sequence seq)
+ {
+ if (seq.size() == 2)
+ {
+ return true;
+ }
+
+ if (seq.size() > 3)
+ {
+ return false;
+ }
+
+ DERInteger l = DERInteger.getInstance(seq.getObjectAt(2));
+ DERInteger p = DERInteger.getInstance(seq.getObjectAt(0));
+
+ if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0)
+ {
+ return false;
+ }
+
+ return true;
+ }
+
private void readObject(
ObjectInputStream in)
throws IOException, ClassNotFoundException
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
new file mode 100644
index 0000000..3b3f318
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
@@ -0,0 +1,472 @@
+package org.bouncycastle.jce.provider;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.math.BigInteger;
+import java.security.interfaces.ECPrivateKey;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.EllipticCurve;
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.jce.interfaces.ECPointEncoder;
+import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.math.ec.ECCurve;
+
+public class JCEECPrivateKey
+ implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder
+{
+ private String algorithm = "EC";
+ private BigInteger d;
+ private ECParameterSpec ecSpec;
+ private boolean withCompression;
+
+ private DERBitString publicKey;
+
+ private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl();
+
+ protected JCEECPrivateKey()
+ {
+ }
+
+ public JCEECPrivateKey(
+ ECPrivateKey key)
+ {
+ this.d = key.getS();
+ this.algorithm = key.getAlgorithm();
+ this.ecSpec = key.getParams();
+ }
+
+ public JCEECPrivateKey(
+ String algorithm,
+ org.bouncycastle.jce.spec.ECPrivateKeySpec spec)
+ {
+ this.algorithm = algorithm;
+ this.d = spec.getD();
+
+ if (spec.getParams() != null) // can be null if implicitlyCA
+ {
+ ECCurve curve = spec.getParams().getCurve();
+ EllipticCurve ellipticCurve;
+
+ ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());
+
+ this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
+ }
+ else
+ {
+ this.ecSpec = null;
+ }
+ }
+
+
+ public JCEECPrivateKey(
+ String algorithm,
+ ECPrivateKeySpec spec)
+ {
+ this.algorithm = algorithm;
+ this.d = spec.getS();
+ this.ecSpec = spec.getParams();
+ }
+
+ public JCEECPrivateKey(
+ String algorithm,
+ JCEECPrivateKey key)
+ {
+ this.algorithm = algorithm;
+ this.d = key.d;
+ this.ecSpec = key.ecSpec;
+ this.withCompression = key.withCompression;
+ this.attrCarrier = key.attrCarrier;
+ this.publicKey = key.publicKey;
+ }
+
+ public JCEECPrivateKey(
+ String algorithm,
+ ECPrivateKeyParameters params,
+ JCEECPublicKey pubKey,
+ ECParameterSpec spec)
+ {
+ ECDomainParameters dp = params.getParameters();
+
+ this.algorithm = algorithm;
+ this.d = params.getD();
+
+ if (spec == null)
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+ this.ecSpec = new ECParameterSpec(
+ ellipticCurve,
+ new ECPoint(
+ dp.getG().getX().toBigInteger(),
+ dp.getG().getY().toBigInteger()),
+ dp.getN(),
+ dp.getH().intValue());
+ }
+ else
+ {
+ this.ecSpec = spec;
+ }
+
+ publicKey = getPublicKeyDetails(pubKey);
+ }
+
+ public JCEECPrivateKey(
+ String algorithm,
+ ECPrivateKeyParameters params,
+ JCEECPublicKey pubKey,
+ org.bouncycastle.jce.spec.ECParameterSpec spec)
+ {
+ ECDomainParameters dp = params.getParameters();
+
+ this.algorithm = algorithm;
+ this.d = params.getD();
+
+ if (spec == null)
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+ this.ecSpec = new ECParameterSpec(
+ ellipticCurve,
+ new ECPoint(
+ dp.getG().getX().toBigInteger(),
+ dp.getG().getY().toBigInteger()),
+ dp.getN(),
+ dp.getH().intValue());
+ }
+ else
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed());
+
+ this.ecSpec = new ECParameterSpec(
+ ellipticCurve,
+ new ECPoint(
+ spec.getG().getX().toBigInteger(),
+ spec.getG().getY().toBigInteger()),
+ spec.getN(),
+ spec.getH().intValue());
+ }
+
+ publicKey = getPublicKeyDetails(pubKey);
+ }
+
+ public JCEECPrivateKey(
+ String algorithm,
+ ECPrivateKeyParameters params)
+ {
+ this.algorithm = algorithm;
+ this.d = params.getD();
+ this.ecSpec = null;
+ }
+
+ JCEECPrivateKey(
+ PrivateKeyInfo info)
+ {
+ populateFromPrivKeyInfo(info);
+ }
+
+ private void populateFromPrivKeyInfo(PrivateKeyInfo info)
+ {
+ X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
+
+ if (params.isNamedCurve())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+ X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
+
+ // BEGIN android-removed
+ // if (ecP == null) // GOST Curve
+ // {
+ // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+ // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+ //
+ // ecSpec = new ECNamedCurveSpec(
+ // ECGOST3410NamedCurves.getName(oid),
+ // ellipticCurve,
+ // new ECPoint(
+ // gParam.getG().getX().toBigInteger(),
+ // gParam.getG().getY().toBigInteger()),
+ // gParam.getN(),
+ // gParam.getH());
+ // }
+ // else
+ // END android-removed
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
+
+ ecSpec = new ECNamedCurveSpec(
+ ECUtil.getCurveName(oid),
+ ellipticCurve,
+ new ECPoint(
+ ecP.getG().getX().toBigInteger(),
+ ecP.getG().getY().toBigInteger()),
+ ecP.getN(),
+ ecP.getH());
+ }
+ }
+ else if (params.isImplicitlyCA())
+ {
+ ecSpec = null;
+ }
+ else
+ {
+ X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
+
+ this.ecSpec = new ECParameterSpec(
+ ellipticCurve,
+ new ECPoint(
+ ecP.getG().getX().toBigInteger(),
+ ecP.getG().getY().toBigInteger()),
+ ecP.getN(),
+ ecP.getH().intValue());
+ }
+
+ if (info.getPrivateKey() instanceof DERInteger)
+ {
+ DERInteger derD = (DERInteger)info.getPrivateKey();
+
+ this.d = derD.getValue();
+ }
+ else
+ {
+ ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)info.getPrivateKey());
+
+ this.d = ec.getKey();
+ this.publicKey = ec.getPublicKey();
+ }
+ }
+
+ public String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * return the encoding format we produce in getEncoded().
+ *
+ * @return the string "PKCS#8"
+ */
+ public String getFormat()
+ {
+ return "PKCS#8";
+ }
+
+ /**
+ * Return a PKCS8 representation of the key. The sequence returned
+ * represents a full PrivateKeyInfo object.
+ *
+ * @return a PKCS8 representation of the key.
+ */
+ public byte[] getEncoded()
+ {
+ X962Parameters params;
+
+ if (ecSpec instanceof ECNamedCurveSpec)
+ {
+ DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
+ if (curveOid == null) // guess it's the OID
+ {
+ curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
+ }
+ params = new X962Parameters(curveOid);
+ }
+ else if (ecSpec == null)
+ {
+ params = new X962Parameters(DERNull.INSTANCE);
+ }
+ else
+ {
+ ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+
+ X9ECParameters ecP = new X9ECParameters(
+ curve,
+ EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+ ecSpec.getOrder(),
+ BigInteger.valueOf(ecSpec.getCofactor()),
+ ecSpec.getCurve().getSeed());
+
+ params = new X962Parameters(ecP);
+ }
+
+ PrivateKeyInfo info;
+ ECPrivateKeyStructure keyStructure;
+
+ if (publicKey != null)
+ {
+ keyStructure = new ECPrivateKeyStructure(this.getS(), publicKey, params);
+ }
+ else
+ {
+ keyStructure = new ECPrivateKeyStructure(this.getS(), params);
+ }
+
+ // BEGIN android-removed
+ // if (algorithm.equals("ECGOST3410"))
+ // {
+ // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject());
+ // }
+ // else
+ // END android-removed
+ {
+
+ info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject());
+ }
+
+ return info.getDEREncoded();
+ }
+
+ public ECParameterSpec getParams()
+ {
+ return ecSpec;
+ }
+
+ public org.bouncycastle.jce.spec.ECParameterSpec getParameters()
+ {
+ if (ecSpec == null)
+ {
+ return null;
+ }
+
+ return EC5Util.convertSpec(ecSpec, withCompression);
+ }
+
+ org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec()
+ {
+ if (ecSpec != null)
+ {
+ return EC5Util.convertSpec(ecSpec, withCompression);
+ }
+
+ return ProviderUtil.getEcImplicitlyCa();
+ }
+
+ public BigInteger getS()
+ {
+ return d;
+ }
+
+ public BigInteger getD()
+ {
+ return d;
+ }
+
+ public void setBagAttribute(
+ DERObjectIdentifier oid,
+ DEREncodable attribute)
+ {
+ attrCarrier.setBagAttribute(oid, attribute);
+ }
+
+ public DEREncodable getBagAttribute(
+ DERObjectIdentifier oid)
+ {
+ return attrCarrier.getBagAttribute(oid);
+ }
+
+ public Enumeration getBagAttributeKeys()
+ {
+ return attrCarrier.getBagAttributeKeys();
+ }
+
+ public void setPointFormat(String style)
+ {
+ withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style));
+ }
+
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof JCEECPrivateKey))
+ {
+ return false;
+ }
+
+ JCEECPrivateKey other = (JCEECPrivateKey)o;
+
+ return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec()));
+ }
+
+ public int hashCode()
+ {
+ return getD().hashCode() ^ engineGetSpec().hashCode();
+ }
+
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer();
+ String nl = System.getProperty("line.separator");
+
+ buf.append("EC Private Key").append(nl);
+ buf.append(" S: ").append(this.d.toString(16)).append(nl);
+
+ return buf.toString();
+
+ }
+
+ private DERBitString getPublicKeyDetails(JCEECPublicKey pub)
+ {
+ try
+ {
+ SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(pub.getEncoded()));
+
+ return info.getPublicKeyData();
+ }
+ catch (IOException e)
+ { // should never happen
+ return null;
+ }
+ }
+
+ private void readObject(
+ ObjectInputStream in)
+ throws IOException, ClassNotFoundException
+ {
+ byte[] enc = (byte[])in.readObject();
+
+ populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(enc)));
+
+ this.algorithm = (String)in.readObject();
+ this.withCompression = in.readBoolean();
+ this.attrCarrier = new PKCS12BagAttributeCarrierImpl();
+
+ attrCarrier.readObject(in);
+ }
+
+ private void writeObject(
+ ObjectOutputStream out)
+ throws IOException
+ {
+ out.writeObject(this.getEncoded());
+ out.writeObject(algorithm);
+ out.writeBoolean(withCompression);
+
+ attrCarrier.writeObject(out);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
new file mode 100644
index 0000000..00277ac
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
@@ -0,0 +1,532 @@
+package org.bouncycastle.jce.provider;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.math.BigInteger;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.EllipticCurve;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
+// END android-removed
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECPoint;
+import org.bouncycastle.asn1.x9.X9IntegerConverter;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
+// END android-removed
+import org.bouncycastle.jce.interfaces.ECPointEncoder;
+import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+// END android-removed
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.math.ec.ECCurve;
+
+public class JCEECPublicKey
+ implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder
+{
+ private String algorithm = "EC";
+ private org.bouncycastle.math.ec.ECPoint q;
+ private ECParameterSpec ecSpec;
+ private boolean withCompression;
+ // BEGIN android-removed
+ // private GOST3410PublicKeyAlgParameters gostParams;
+ // END android-removed
+
+ public JCEECPublicKey(
+ String algorithm,
+ JCEECPublicKey key)
+ {
+ this.algorithm = algorithm;
+ this.q = key.q;
+ this.ecSpec = key.ecSpec;
+ this.withCompression = key.withCompression;
+ // BEGIN android-removed
+ // this.gostParams = key.gostParams;
+ // END android-removed
+ }
+
+ public JCEECPublicKey(
+ String algorithm,
+ ECPublicKeySpec spec)
+ {
+ this.algorithm = algorithm;
+ this.ecSpec = spec.getParams();
+ this.q = EC5Util.convertPoint(ecSpec, spec.getW(), false);
+ }
+
+ public JCEECPublicKey(
+ String algorithm,
+ org.bouncycastle.jce.spec.ECPublicKeySpec spec)
+ {
+ this.algorithm = algorithm;
+ this.q = spec.getQ();
+
+ if (spec.getParams() != null) // can be null if implictlyCa
+ {
+ ECCurve curve = spec.getParams().getCurve();
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());
+
+ this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
+ }
+ else
+ {
+ if (q.getCurve() == null)
+ {
+ org.bouncycastle.jce.spec.ECParameterSpec s = ProviderUtil.getEcImplicitlyCa();
+
+ q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false);
+ }
+ this.ecSpec = null;
+ }
+ }
+
+ public JCEECPublicKey(
+ String algorithm,
+ ECPublicKeyParameters params,
+ ECParameterSpec spec)
+ {
+ ECDomainParameters dp = params.getParameters();
+
+ this.algorithm = algorithm;
+ this.q = params.getQ();
+
+ if (spec == null)
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+ this.ecSpec = createSpec(ellipticCurve, dp);
+ }
+ else
+ {
+ this.ecSpec = spec;
+ }
+ }
+
+ public JCEECPublicKey(
+ String algorithm,
+ ECPublicKeyParameters params,
+ org.bouncycastle.jce.spec.ECParameterSpec spec)
+ {
+ ECDomainParameters dp = params.getParameters();
+
+ this.algorithm = algorithm;
+ this.q = params.getQ();
+
+ if (spec == null)
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+ this.ecSpec = createSpec(ellipticCurve, dp);
+ }
+ else
+ {
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed());
+
+ this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec);
+ }
+ }
+
+ /*
+ * called for implicitCA
+ */
+ public JCEECPublicKey(
+ String algorithm,
+ ECPublicKeyParameters params)
+ {
+ this.algorithm = algorithm;
+ this.q = params.getQ();
+ this.ecSpec = null;
+ }
+
+ private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp)
+ {
+ return new ECParameterSpec(
+ ellipticCurve,
+ new ECPoint(
+ dp.getG().getX().toBigInteger(),
+ dp.getG().getY().toBigInteger()),
+ dp.getN(),
+ dp.getH().intValue());
+ }
+
+ public JCEECPublicKey(
+ ECPublicKey key)
+ {
+ this.algorithm = key.getAlgorithm();
+ this.ecSpec = key.getParams();
+ this.q = EC5Util.convertPoint(this.ecSpec, key.getW(), false);
+ }
+
+ JCEECPublicKey(
+ SubjectPublicKeyInfo info)
+ {
+ populateFromPubKeyInfo(info);
+ }
+
+ private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
+ {
+ // BEGIN android-removed
+ // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
+ // {
+ // DERBitString bits = info.getPublicKeyData();
+ // ASN1OctetString key;
+ // this.algorithm = "ECGOST3410";
+ //
+ // try
+ // {
+ // key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes());
+ // }
+ // catch (IOException ex)
+ // {
+ // throw new IllegalArgumentException("error recovering public key");
+ // }
+ //
+ // byte[] keyEnc = key.getOctets();
+ // byte[] x = new byte[32];
+ // byte[] y = new byte[32];
+ //
+ // for (int i = 0; i != x.length; i++)
+ // {
+ // x[i] = keyEnc[32 - 1 - i];
+ // }
+ //
+ // for (int i = 0; i != y.length; i++)
+ // {
+ // y[i] = keyEnc[64 - 1 - i];
+ // }
+ //
+ // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+ //
+ // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+ //
+ // ECCurve curve = spec.getCurve();
+ // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+ //
+ // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+ //
+ // ecSpec = new ECNamedCurveSpec(
+ // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+ // ellipticCurve,
+ // new ECPoint(
+ // spec.getG().getX().toBigInteger(),
+ // spec.getG().getY().toBigInteger()),
+ // spec.getN(), spec.getH());
+ //
+ // }
+ // else
+ // END android-removed
+ {
+ X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
+ ECCurve curve;
+ EllipticCurve ellipticCurve;
+
+ if (params.isNamedCurve())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+ X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
+
+ curve = ecP.getCurve();
+ ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
+
+ ecSpec = new ECNamedCurveSpec(
+ ECUtil.getCurveName(oid),
+ ellipticCurve,
+ new ECPoint(
+ ecP.getG().getX().toBigInteger(),
+ ecP.getG().getY().toBigInteger()),
+ ecP.getN(),
+ ecP.getH());
+ }
+ else if (params.isImplicitlyCA())
+ {
+ ecSpec = null;
+ curve = ProviderUtil.getEcImplicitlyCa().getCurve();
+ }
+ else
+ {
+ X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+
+ curve = ecP.getCurve();
+ ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
+
+ this.ecSpec = new ECParameterSpec(
+ ellipticCurve,
+ new ECPoint(
+ ecP.getG().getX().toBigInteger(),
+ ecP.getG().getY().toBigInteger()),
+ ecP.getN(),
+ ecP.getH().intValue());
+ }
+
+ DERBitString bits = info.getPublicKeyData();
+ byte[] data = bits.getBytes();
+ ASN1OctetString key = new DEROctetString(data);
+
+ //
+ // extra octet string - one of our old certs...
+ //
+ if (data[0] == 0x04 && data[1] == data.length - 2
+ && (data[2] == 0x02 || data[2] == 0x03))
+ {
+ int qLength = new X9IntegerConverter().getByteLength(curve);
+
+ if (qLength >= data.length - 3)
+ {
+ try
+ {
+ key = (ASN1OctetString) ASN1Object.fromByteArray(data);
+ }
+ catch (IOException ex)
+ {
+ throw new IllegalArgumentException("error recovering public key");
+ }
+ }
+ }
+ X9ECPoint derQ = new X9ECPoint(curve, key);
+
+ this.q = derQ.getPoint();
+ }
+ }
+
+ public String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ public String getFormat()
+ {
+ return "X.509";
+ }
+
+ public byte[] getEncoded()
+ {
+ ASN1Encodable params;
+ SubjectPublicKeyInfo info;
+
+ // BEGIN android-removed
+ // if (algorithm.equals("ECGOST3410"))
+ // {
+ // if (gostParams != null)
+ // {
+ // params = gostParams;
+ // }
+ // else
+ // {
+ // if (ecSpec instanceof ECNamedCurveSpec)
+ // {
+ // params = new GOST3410PublicKeyAlgParameters(
+ // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+ // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+ // }
+ // else
+ // { // strictly speaking this may not be applicable...
+ // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+ //
+ // X9ECParameters ecP = new X9ECParameters(
+ // curve,
+ // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+ // ecSpec.getOrder(),
+ // BigInteger.valueOf(ecSpec.getCofactor()),
+ // ecSpec.getCurve().getSeed());
+ //
+ // params = new X962Parameters(ecP);
+ // }
+ // }
+ //
+ // BigInteger bX = this.q.getX().toBigInteger();
+ // BigInteger bY = this.q.getY().toBigInteger();
+ // byte[] encKey = new byte[64];
+ //
+ // extractBytes(encKey, 0, bX);
+ // extractBytes(encKey, 32, bY);
+ //
+ // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
+ // }
+ // else
+ // END android-removed
+ {
+ if (ecSpec instanceof ECNamedCurveSpec)
+ {
+ DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
+ if (curveOid == null)
+ {
+ curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
+ }
+ params = new X962Parameters(curveOid);
+ }
+ else if (ecSpec == null)
+ {
+ params = new X962Parameters(DERNull.INSTANCE);
+ }
+ else
+ {
+ ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+
+ X9ECParameters ecP = new X9ECParameters(
+ curve,
+ EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+ ecSpec.getOrder(),
+ BigInteger.valueOf(ecSpec.getCofactor()),
+ ecSpec.getCurve().getSeed());
+
+ params = new X962Parameters(ecP);
+ }
+
+ ECCurve curve = this.engineGetQ().getCurve();
+ ASN1OctetString p = (ASN1OctetString)
+ new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).getDERObject();
+
+ info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());
+ }
+
+ return info.getDEREncoded();
+ }
+
+ private void extractBytes(byte[] encKey, int offSet, BigInteger bI)
+ {
+ byte[] val = bI.toByteArray();
+ if (val.length < 32)
+ {
+ byte[] tmp = new byte[32];
+ System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length);
+ val = tmp;
+ }
+
+ for (int i = 0; i != 32; i++)
+ {
+ encKey[offSet + i] = val[val.length - 1 - i];
+ }
+ }
+
+ public ECParameterSpec getParams()
+ {
+ return ecSpec;
+ }
+
+ public org.bouncycastle.jce.spec.ECParameterSpec getParameters()
+ {
+ if (ecSpec == null) // implictlyCA
+ {
+ return null;
+ }
+
+ return EC5Util.convertSpec(ecSpec, withCompression);
+ }
+
+ public ECPoint getW()
+ {
+ return new ECPoint(q.getX().toBigInteger(), q.getY().toBigInteger());
+ }
+
+ public org.bouncycastle.math.ec.ECPoint getQ()
+ {
+ if (ecSpec == null)
+ {
+ if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp)
+ {
+ return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getX(), q.getY());
+ }
+ else
+ {
+ return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getX(), q.getY());
+ }
+ }
+
+ return q;
+ }
+
+ public org.bouncycastle.math.ec.ECPoint engineGetQ()
+ {
+ return q;
+ }
+
+ org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec()
+ {
+ if (ecSpec != null)
+ {
+ return EC5Util.convertSpec(ecSpec, withCompression);
+ }
+
+ return ProviderUtil.getEcImplicitlyCa();
+ }
+
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer();
+ String nl = System.getProperty("line.separator");
+
+ buf.append("EC Public Key").append(nl);
+ buf.append(" X: ").append(this.q.getX().toBigInteger().toString(16)).append(nl);
+ buf.append(" Y: ").append(this.q.getY().toBigInteger().toString(16)).append(nl);
+
+ return buf.toString();
+
+ }
+
+ public void setPointFormat(String style)
+ {
+ withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style));
+ }
+
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof JCEECPublicKey))
+ {
+ return false;
+ }
+
+ JCEECPublicKey other = (JCEECPublicKey)o;
+
+ return engineGetQ().equals(other.engineGetQ()) && (engineGetSpec().equals(other.engineGetSpec()));
+ }
+
+ public int hashCode()
+ {
+ return engineGetQ().hashCode() ^ engineGetSpec().hashCode();
+ }
+
+ private void readObject(
+ ObjectInputStream in)
+ throws IOException, ClassNotFoundException
+ {
+ byte[] enc = (byte[])in.readObject();
+
+ populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(enc)));
+
+ this.algorithm = (String)in.readObject();
+ this.withCompression = in.readBoolean();
+ }
+
+ private void writeObject(
+ ObjectOutputStream out)
+ throws IOException
+ {
+ out.writeObject(this.getEncoded());
+ out.writeObject(algorithm);
+ out.writeBoolean(withCompression);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java b/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
index 8108f4e..6373557 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
@@ -1,18 +1,18 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.generators.DESKeyGenerator;
-import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
-
-import javax.crypto.KeyGeneratorSpi;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
+import javax.crypto.KeyGeneratorSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.generators.DESKeyGenerator;
+
public class JCEKeyGenerator
extends KeyGeneratorSpi
{
@@ -57,6 +57,11 @@
{
try
{
+ // BEGIN android-added
+ if (random == null) {
+ random = new SecureRandom();
+ }
+ // END android-added
engine.init(new KeyGenerationParameters(random, keySize));
uninitialised = false;
}
@@ -93,110 +98,8 @@
}
}
- /**
- * DESede - the default for this is to generate a key in
- * a-b-a format that's 24 bytes long but has 16 bytes of
- * key material (the first 8 bytes is repeated as the last
- * 8 bytes). If you give it a size, you'll get just what you
- * asked for.
- */
- public static class DESede
- extends JCEKeyGenerator
- {
- private boolean keySizeSet = false;
-
- public DESede()
- {
- super("DESede", 192, new DESedeKeyGenerator());
- }
-
- protected void engineInit(
- int keySize,
- SecureRandom random)
- {
- super.engineInit(keySize, random);
- keySizeSet = true;
- }
-
- protected SecretKey engineGenerateKey()
- {
- if (uninitialised)
- {
- engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize));
- uninitialised = false;
- }
-
- //
- // if no key size has been defined generate a 24 byte key in
- // the a-b-a format
- //
- if (!keySizeSet)
- {
- byte[] k = engine.generateKey();
-
- System.arraycopy(k, 0, k, 16, 8);
-
- return (SecretKey)(new SecretKeySpec(k, algName));
- }
- else
- {
- return (SecretKey)(new SecretKeySpec(engine.generateKey(), algName));
- }
- }
- }
-
// BEGIN android-removed
// /**
- // * generate a desEDE key in the a-b-c format.
- // */
- // public static class DESede3
- // extends JCEKeyGenerator
- // {
- // public DESede3()
- // {
- // super("DESede3", 192, new DESedeKeyGenerator());
- // }
- // }
- //
- // /**
- // * SKIPJACK
- // */
- // public static class Skipjack
- // extends JCEKeyGenerator
- // {
- // public Skipjack()
- // {
- // super("SKIPJACK", 80, new CipherKeyGenerator());
- // }
- // }
- // END android-removed
-
- /**
- * Blowfish
- */
- public static class Blowfish
- extends JCEKeyGenerator
- {
- public Blowfish()
- {
- super("Blowfish", 128, new CipherKeyGenerator());
- }
- }
-
- // BEGIN android-removed
- // /**
- // * Twofish
- // */
- // public static class Twofish
- // extends JCEKeyGenerator
- // {
- // public Twofish()
- // {
- // super("Twofish", 256, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
// * RC2
// */
// public static class RC2
@@ -207,56 +110,6 @@
// super("RC2", 128, new CipherKeyGenerator());
// }
// }
- // END android-removed
-
- /**
- * RC4
- */
- public static class RC4
- extends JCEKeyGenerator
- {
- public RC4()
- {
- super("RC4", 128, new CipherKeyGenerator());
- }
- }
-
- // BEGIN android-removed
- // /**
- // * RC5
- // */
- // public static class RC5
- // extends JCEKeyGenerator
- // {
- // public RC5()
- // {
- // super("RC5", 128, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * RC5
- // */
- // public static class RC564
- // extends JCEKeyGenerator
- // {
- // public RC564()
- // {
- // super("RC5-64", 256, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * RC6
- // */
- // public static class RC6
- // extends JCEKeyGenerator
- // {
- // public RC6()
- // {
- // super("RC6", 256, new CipherKeyGenerator());
- // }
- // }
//
// /**
// * GOST28147
@@ -269,128 +122,6 @@
// super("GOST28147", 256, new CipherKeyGenerator());
// }
// }
-
- // /**
- // * Rijndael
- // */
- // public static class Rijndael
- // extends JCEKeyGenerator
- // {
- // public Rijndael()
- // {
- // super("Rijndael", 192, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * Serpent
- // */
- // public static class Serpent
- // extends JCEKeyGenerator
- // {
- // public Serpent()
- // {
- // super("Serpent", 192, new CipherKeyGenerator());
- // }
- // }
- //
- //
- //
- // /**
- // * CAST6
- // */
- // public static class CAST6
- // extends JCEKeyGenerator
- // {
- // public CAST6()
- // {
- // super("CAST6", 256, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * TEA
- // */
- // public static class TEA
- // extends JCEKeyGenerator
- // {
- // public TEA()
- // {
- // super("TEA", 128, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * XTEA
- // */
- // public static class XTEA
- // extends JCEKeyGenerator
- // {
- // public XTEA()
- // {
- // super("XTEA", 128, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * Salsa20
- // */
- // public static class Salsa20
- // extends JCEKeyGenerator
- // {
- // public Salsa20()
- // {
- // super("Salsa20", 128, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * HC128
- // */
- // public static class HC128
- // extends JCEKeyGenerator
- // {
- // public HC128()
- // {
- // super("HC128", 128, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * HC256
- // */
- // public static class HC256
- // extends JCEKeyGenerator
- // {
- // public HC256()
- // {
- // super("HC256", 256, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * VMPC
- // */
- // public static class VMPC
- // extends JCEKeyGenerator
- // {
- // public VMPC()
- // {
- // super("VMPC", 128, new CipherKeyGenerator());
- // }
- // }
- //
- // /**
- // * VMPC-KSA3
- // */
- // public static class VMPCKSA3
- // extends JCEKeyGenerator
- // {
- // public VMPCKSA3()
- // {
- // super("VMPC-KSA3", 128, new CipherKeyGenerator());
- // }
- // }
// END android-removed
// HMAC Related secret keys..
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
index cbb2547..cf876f5 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
@@ -1,5 +1,14 @@
package org.bouncycastle.jce.provider;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.MacSpi;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEParameterSpec;
+
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Mac;
// BEGIN android-removed
@@ -22,11 +31,8 @@
// import org.bouncycastle.crypto.digests.TigerDigest;
// END android-removed
import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
// BEGIN android-removed
// import org.bouncycastle.crypto.engines.RC2Engine;
-// import org.bouncycastle.crypto.engines.RC532Engine;
-// import org.bouncycastle.crypto.engines.SkipjackEngine;
// END android-removed
import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
// BEGIN android-removed
@@ -37,20 +43,11 @@
// BEGIN android-removed
// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
// import org.bouncycastle.crypto.macs.OldHMac;
-// import org.bouncycastle.crypto.macs.VMPCMac;
// END android-removed
import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
-import javax.crypto.MacSpi;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-
public class JCEMac
extends MacSpi implements PBE
{
@@ -174,30 +171,6 @@
// }
//
// /**
- // * DESede
- // */
- // public static class DESede
- // extends JCEMac
- // {
- // public DESede()
- // {
- // super(new CBCBlockCipherMac(new DESedeEngine()));
- // }
- // }
- //
- // /**
- // * SKIPJACK
- // */
- // public static class Skipjack
- // extends JCEMac
- // {
- // public Skipjack()
- // {
- // super(new CBCBlockCipherMac(new SkipjackEngine()));
- // }
- // }
- //
- // /**
// * RC2
// */
// public static class RC2
@@ -210,18 +183,6 @@
// }
//
// /**
- // * RC5
- // */
- // public static class RC5
- // extends JCEMac
- // {
- // public RC5()
- // {
- // super(new CBCBlockCipherMac(new RC532Engine()));
- // }
- // }
- //
- // /**
// * GOST28147
// */
// public static class GOST28147
@@ -233,17 +194,7 @@
// }
// }
//
- // /**
- // * VMPC
- // */
- // public static class VMPC
- // extends JCEMac
- // {
- // public VMPC()
- // {
- // super(new VMPCMac());
- // }
- // }
+ //
//
// /**
// * DES
@@ -258,30 +209,6 @@
// }
//
// /**
- // * DESede
- // */
- // public static class DESedeCFB8
- // extends JCEMac
- // {
- // public DESedeCFB8()
- // {
- // super(new CFBBlockCipherMac(new DESedeEngine()));
- // }
- // }
- //
- // /**
- // * SKIPJACK
- // */
- // public static class SkipjackCFB8
- // extends JCEMac
- // {
- // public SkipjackCFB8()
- // {
- // super(new CFBBlockCipherMac(new SkipjackEngine()));
- // }
- // }
- //
- // /**
// * RC2CFB8
// */
// public static class RC2CFB8
@@ -294,43 +221,6 @@
// }
//
// /**
- // * RC5CFB8
- // */
- // public static class RC5CFB8
- // extends JCEMac
- // {
- // public RC5CFB8()
- // {
- // super(new CFBBlockCipherMac(new RC532Engine()));
- // }
- // }
- //
- //
- // /**
- // * DESede64
- // */
- // public static class DESede64
- // extends JCEMac
- // {
- // public DESede64()
- // {
- // super(new CBCBlockCipherMac(new DESedeEngine(), 64));
- // }
- // }
- //
- // /**
- // * DESede64with7816-4Padding
- // */
- // public static class DESede64with7816d4
- // extends JCEMac
- // {
- // public DESede64with7816d4()
- // {
- // super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
- // }
- // }
- //
- // /**
// * DES9797Alg3with7816-4Padding
// */
// public static class DES9797Alg3with7816d4
@@ -378,7 +268,7 @@
// }
// }
// END android-removed
-
+
/**
* MD5 HMac
*/
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java b/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
index 877dc6b..50a0e41 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
@@ -1,23 +1,5 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-import org.bouncycastle.crypto.encodings.OAEPEncoding;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.Strings;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.OAEPParameterSpec;
-import javax.crypto.spec.PSource;
import java.io.ByteArrayOutputStream;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
@@ -32,6 +14,25 @@
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
+import org.bouncycastle.crypto.encodings.OAEPEncoding;
+import org.bouncycastle.crypto.encodings.PKCS1Encoding;
+import org.bouncycastle.crypto.engines.RSABlindedEngine;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.Strings;
+
public class JCERSACipher extends WrapCipherSpi
{
private AsymmetricBlockCipher cipher;
@@ -143,7 +144,7 @@
{
try
{
- engineParams = AlgorithmParameters.getInstance("OAEP", "BC");
+ engineParams = AlgorithmParameters.getInstance("OAEP", BouncyCastleProvider.PROVIDER_NAME);
engineParams.init(paramSpec);
}
catch (Exception e)
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
index 2d384d3..51f8e38 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
@@ -8,7 +8,6 @@
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.DESKeySpec;
-import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
@@ -209,20 +208,19 @@
{
param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);
}
-
+
+ KeyParameter kParam;
if (param instanceof ParametersWithIV)
{
- KeyParameter kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
-
- DESParameters.setOddParity(kParam.getKey());
+ kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
}
else
{
- KeyParameter kParam = (KeyParameter)param;
-
- DESParameters.setOddParity(kParam.getKey());
+ kParam = (KeyParameter)param;
}
-
+
+ DESParameters.setOddParity(kParam.getKey());
+
return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
}
@@ -252,75 +250,6 @@
}
}
- static public class DESede
- extends JCESecretKeyFactory
- {
- public DESede()
- {
- super("DESede", null);
- }
-
- protected KeySpec engineGetKeySpec(
- SecretKey key,
- Class keySpec)
- throws InvalidKeySpecException
- {
- if (keySpec == null)
- {
- throw new InvalidKeySpecException("keySpec parameter is null");
- }
- if (key == null)
- {
- throw new InvalidKeySpecException("key parameter is null");
- }
-
- if (SecretKeySpec.class.isAssignableFrom(keySpec))
- {
- return new SecretKeySpec(key.getEncoded(), algName);
- }
- else if (DESedeKeySpec.class.isAssignableFrom(keySpec))
- {
- byte[] bytes = key.getEncoded();
-
- try
- {
- if (bytes.length == 16)
- {
- byte[] longKey = new byte[24];
-
- System.arraycopy(bytes, 0, longKey, 0, 16);
- System.arraycopy(bytes, 0, longKey, 16, 8);
-
- return new DESedeKeySpec(longKey);
- }
- else
- {
- return new DESedeKeySpec(bytes);
- }
- }
- catch (Exception e)
- {
- throw new InvalidKeySpecException(e.toString());
- }
- }
-
- throw new InvalidKeySpecException("Invalid KeySpec");
- }
-
- protected SecretKey engineGenerateSecret(
- KeySpec keySpec)
- throws InvalidKeySpecException
- {
- if (keySpec instanceof DESedeKeySpec)
- {
- DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec;
- return new SecretKeySpec(desKeySpec.getKey(), "DESede");
- }
-
- return super.engineGenerateSecret(keySpec);
- }
- }
-
// BEGIN android-removed
// /**
// * PBEWithMD2AndDES
@@ -375,7 +304,7 @@
* PBEWithSHA1AndDES
*/
static public class PBEWithSHA1AndDES
- extends PBEKeyFactory
+ extends DESPBEKeyFactory
{
public PBEWithSHA1AndDES()
{
@@ -399,7 +328,7 @@
* PBEWithSHAAnd3-KeyTripleDES-CBC
*/
static public class PBEWithSHAAndDES3Key
- extends PBEKeyFactory
+ extends DESPBEKeyFactory
{
public PBEWithSHAAndDES3Key()
{
@@ -411,7 +340,7 @@
* PBEWithSHAAnd2-KeyTripleDES-CBC
*/
static public class PBEWithSHAAndDES2Key
- extends PBEKeyFactory
+ extends DESPBEKeyFactory
{
public PBEWithSHAAndDES2Key()
{
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
index 6226581..b88ccae 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
@@ -1,29 +1,11 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamBlockCipher;
-import org.bouncycastle.crypto.StreamCipher;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.BlowfishEngine;
-// import org.bouncycastle.crypto.engines.DESEngine;
-// import org.bouncycastle.crypto.engines.DESedeEngine;
-// import org.bouncycastle.crypto.engines.HC128Engine;
-// import org.bouncycastle.crypto.engines.HC256Engine;
-// END android-removed
-import org.bouncycastle.crypto.engines.RC4Engine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.Salsa20Engine;
-// import org.bouncycastle.crypto.engines.SkipjackEngine;
-// import org.bouncycastle.crypto.engines.TwofishEngine;
-// import org.bouncycastle.crypto.engines.VMPCEngine;
-// import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
-// END android-removed
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
@@ -35,12 +17,26 @@
// import javax.crypto.spec.RC2ParameterSpec;
// import javax.crypto.spec.RC5ParameterSpec;
// END android-removed
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.StreamBlockCipher;
+import org.bouncycastle.crypto.StreamCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.BlowfishEngine;
+// import org.bouncycastle.crypto.engines.DESEngine;
+// import org.bouncycastle.crypto.engines.DESedeEngine;
+// END android-removed
+import org.bouncycastle.crypto.engines.RC4Engine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.SkipjackEngine;
+// import org.bouncycastle.crypto.engines.TwofishEngine;
+// END android-removed
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
public class JCEStreamCipher
extends WrapCipherSpi implements PBE
@@ -113,7 +109,7 @@
{
try
{
- AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, "BC");
+ AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
engineParams.init(pbeSpec);
return engineParams;
@@ -505,18 +501,6 @@
// END android-removed
/**
- * RC4
- */
- static public class RC4
- extends JCEStreamCipher
- {
- public RC4()
- {
- super(new RC4Engine(), 0);
- }
- }
-
- /**
* PBEWithSHAAnd128BitRC4
*/
static public class PBEWithSHAAnd128BitRC4
@@ -539,66 +523,4 @@
super(new RC4Engine(), 0);
}
}
-
- // BEGIN android-removed
- // /**
- // * Salsa20
- // */
- // static public class Salsa20
- // extends JCEStreamCipher
- // {
- // public Salsa20()
- // {
- // super(new Salsa20Engine(), 8);
- // }
- // }
- //
- // /**
- // * HC-128
- // */
- // static public class HC128
- // extends JCEStreamCipher
- // {
- // public HC128()
- // {
- // super(new HC128Engine(), 16);
- // }
- // }
- //
- // /**
- // * HC-256
- // */
- // static public class HC256
- // extends JCEStreamCipher
- // {
- // public HC256()
- // {
- // super(new HC256Engine(), 32);
- // }
- // }
- //
- // /**
- // * VMPC
- // */
- // static public class VMPC
- // extends JCEStreamCipher
- // {
- // public VMPC()
- // {
- // super(new VMPCEngine(), 16);
- // }
- // }
- //
- // /**
- // * VMPC-KSA3
- // */
- // static public class VMPCKSA3
- // extends JCEStreamCipher
- // {
- // public VMPCKSA3()
- // {
- // super(new VMPCKSA3Engine(), 16);
- // }
- // }
- // END android-removed
}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java b/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
index f367434..b61acfa 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
@@ -1,5 +1,20 @@
package org.bouncycastle.jce.provider;
+import java.security.AlgorithmParameterGeneratorSpi;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.DSAParameterSpec;
+
+import javax.crypto.spec.DHGenParameterSpec;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// END android-removed
+
import org.bouncycastle.crypto.generators.DHParametersGenerator;
import org.bouncycastle.crypto.generators.DSAParametersGenerator;
// BEGIN android-removed
@@ -15,20 +30,6 @@
// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
// END android-removed
-import javax.crypto.spec.DHGenParameterSpec;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
-// BEGIN android-removed
-// import javax.crypto.spec.RC2ParameterSpec;
-// END android-removed
-import java.security.AlgorithmParameterGeneratorSpi;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.DSAParameterSpec;
-
public abstract class JDKAlgorithmParameterGenerator
extends AlgorithmParameterGeneratorSpi
{
@@ -83,7 +84,7 @@
try
{
- params = AlgorithmParameters.getInstance("DH", "BC");
+ params = AlgorithmParameters.getInstance("DH", BouncyCastleProvider.PROVIDER_NAME);
params.init(new DHParameterSpec(p.getP(), p.getG(), l));
}
catch (Exception e)
@@ -138,7 +139,7 @@
try
{
- params = AlgorithmParameters.getInstance("DSA", "BC");
+ params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG()));
}
catch (Exception e)
@@ -150,198 +151,198 @@
}
}
- // BEGIN android-removed
- // public static class GOST3410
- // extends JDKAlgorithmParameterGenerator
- // {
- // protected void engineInit(
- // AlgorithmParameterSpec genParamSpec,
- // SecureRandom random)
- // throws InvalidAlgorithmParameterException
- // {
- // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
- // }
- //
- // protected AlgorithmParameters engineGenerateParameters()
- // {
- // GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
- //
- // if (random != null)
- // {
- // pGen.init(strength, 2, random);
- // }
- // else
- // {
- // pGen.init(strength, 2, new SecureRandom());
- // }
- //
- // GOST3410Parameters p = pGen.generateParameters();
- //
- // AlgorithmParameters params;
- //
- // try
- // {
- // params = AlgorithmParameters.getInstance("GOST3410", "BC");
- // params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
- // }
- // catch (Exception e)
- // {
- // throw new RuntimeException(e.getMessage());
- // }
- //
- // return params;
- // }
- // }
- //
- // public static class ElGamal
- // extends JDKAlgorithmParameterGenerator
- // {
- // private int l = 0;
- //
- // protected void engineInit(
- // AlgorithmParameterSpec genParamSpec,
- // SecureRandom random)
- // throws InvalidAlgorithmParameterException
- // {
- // if (!(genParamSpec instanceof DHGenParameterSpec))
- // {
- // throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
- // }
- // DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec;
- //
- // this.strength = spec.getPrimeSize();
- // this.l = spec.getExponentSize();
- // this.random = random;
- // }
- //
- // protected AlgorithmParameters engineGenerateParameters()
- // {
- // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
- //
- // if (random != null)
- // {
- // pGen.init(strength, 20, random);
- // }
- // else
- // {
- // pGen.init(strength, 20, new SecureRandom());
- // }
- //
- // ElGamalParameters p = pGen.generateParameters();
- //
- // AlgorithmParameters params;
- //
- // try
- // {
- // params = AlgorithmParameters.getInstance("ElGamal", "BC");
- // params.init(new DHParameterSpec(p.getP(), p.getG(), l));
- // }
- // catch (Exception e)
- // {
- // throw new RuntimeException(e.getMessage());
- // }
- //
- // return params;
- // }
- // }
- //
- // public static class DES
- // extends JDKAlgorithmParameterGenerator
- // {
- // protected void engineInit(
- // AlgorithmParameterSpec genParamSpec,
- // SecureRandom random)
- // throws InvalidAlgorithmParameterException
- // {
- // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
- // }
- //
- // protected AlgorithmParameters engineGenerateParameters()
- // {
- // byte[] iv = new byte[8];
- //
- // if (random == null)
- // {
- // random = new SecureRandom();
- // }
- //
- // random.nextBytes(iv);
- //
- // AlgorithmParameters params;
- //
- // try
- // {
- // params = AlgorithmParameters.getInstance("DES", "BC");
- // params.init(new IvParameterSpec(iv));
- // }
- // catch (Exception e)
- // {
- // throw new RuntimeException(e.getMessage());
- // }
- //
- // return params;
- // }
- // }
- //
- // public static class RC2
- // extends JDKAlgorithmParameterGenerator
- // {
- // RC2ParameterSpec spec = null;
- //
- // protected void engineInit(
- // AlgorithmParameterSpec genParamSpec,
- // SecureRandom random)
- // throws InvalidAlgorithmParameterException
- // {
- // if (genParamSpec instanceof RC2ParameterSpec)
- // {
- // spec = (RC2ParameterSpec)genParamSpec;
- // return;
- // }
- //
- // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
- // }
- //
- // protected AlgorithmParameters engineGenerateParameters()
- // {
- // AlgorithmParameters params;
- //
- // if (spec == null)
- // {
- // byte[] iv = new byte[8];
- //
- // if (random == null)
- // {
- // random = new SecureRandom();
- // }
- //
- // random.nextBytes(iv);
- //
- // try
- // {
- // params = AlgorithmParameters.getInstance("RC2", "BC");
- // params.init(new IvParameterSpec(iv));
- // }
- // catch (Exception e)
- // {
- // throw new RuntimeException(e.getMessage());
- // }
- // }
- // else
- // {
- // try
- // {
- // params = AlgorithmParameters.getInstance("RC2", "BC");
- // params.init(spec);
- // }
- // catch (Exception e)
- // {
- // throw new RuntimeException(e.getMessage());
- // }
- // }
- //
- // return params;
- // }
- // }
- // END android-removed
+ // BEGIN android-removed
+ // public static class GOST3410
+ // extends JDKAlgorithmParameterGenerator
+ // {
+ // protected void engineInit(
+ // AlgorithmParameterSpec genParamSpec,
+ // SecureRandom random)
+ // throws InvalidAlgorithmParameterException
+ // {
+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
+ // }
+ //
+ // protected AlgorithmParameters engineGenerateParameters()
+ // {
+ // GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
+ //
+ // if (random != null)
+ // {
+ // pGen.init(strength, 2, random);
+ // }
+ // else
+ // {
+ // pGen.init(strength, 2, new SecureRandom());
+ // }
+ //
+ // GOST3410Parameters p = pGen.generateParameters();
+ //
+ // AlgorithmParameters params;
+ //
+ // try
+ // {
+ // params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
+ // params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
+ // }
+ // catch (Exception e)
+ // {
+ // throw new RuntimeException(e.getMessage());
+ // }
+ //
+ // return params;
+ // }
+ // }
+ //
+ // public static class ElGamal
+ // extends JDKAlgorithmParameterGenerator
+ // {
+ // private int l = 0;
+ //
+ // protected void engineInit(
+ // AlgorithmParameterSpec genParamSpec,
+ // SecureRandom random)
+ // throws InvalidAlgorithmParameterException
+ // {
+ // if (!(genParamSpec instanceof DHGenParameterSpec))
+ // {
+ // throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
+ // }
+ // DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec;
+ //
+ // this.strength = spec.getPrimeSize();
+ // this.l = spec.getExponentSize();
+ // this.random = random;
+ // }
+ //
+ // protected AlgorithmParameters engineGenerateParameters()
+ // {
+ // ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
+ //
+ // if (random != null)
+ // {
+ // pGen.init(strength, 20, random);
+ // }
+ // else
+ // {
+ // pGen.init(strength, 20, new SecureRandom());
+ // }
+ //
+ // ElGamalParameters p = pGen.generateParameters();
+ //
+ // AlgorithmParameters params;
+ //
+ // try
+ // {
+ // params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
+ // params.init(new DHParameterSpec(p.getP(), p.getG(), l));
+ // }
+ // catch (Exception e)
+ // {
+ // throw new RuntimeException(e.getMessage());
+ // }
+ //
+ // return params;
+ // }
+ // }
+ //
+ // public static class DES
+ // extends JDKAlgorithmParameterGenerator
+ // {
+ // protected void engineInit(
+ // AlgorithmParameterSpec genParamSpec,
+ // SecureRandom random)
+ // throws InvalidAlgorithmParameterException
+ // {
+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+ // }
+ //
+ // protected AlgorithmParameters engineGenerateParameters()
+ // {
+ // byte[] iv = new byte[8];
+ //
+ // if (random == null)
+ // {
+ // random = new SecureRandom();
+ // }
+ //
+ // random.nextBytes(iv);
+ //
+ // AlgorithmParameters params;
+ //
+ // try
+ // {
+ // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
+ // params.init(new IvParameterSpec(iv));
+ // }
+ // catch (Exception e)
+ // {
+ // throw new RuntimeException(e.getMessage());
+ // }
+ //
+ // return params;
+ // }
+ // }
+ //
+ // public static class RC2
+ // extends JDKAlgorithmParameterGenerator
+ // {
+ // RC2ParameterSpec spec = null;
+ //
+ // protected void engineInit(
+ // AlgorithmParameterSpec genParamSpec,
+ // SecureRandom random)
+ // throws InvalidAlgorithmParameterException
+ // {
+ // if (genParamSpec instanceof RC2ParameterSpec)
+ // {
+ // spec = (RC2ParameterSpec)genParamSpec;
+ // return;
+ // }
+ //
+ // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
+ // }
+ //
+ // protected AlgorithmParameters engineGenerateParameters()
+ // {
+ // AlgorithmParameters params;
+ //
+ // if (spec == null)
+ // {
+ // byte[] iv = new byte[8];
+ //
+ // if (random == null)
+ // {
+ // random = new SecureRandom();
+ // }
+ //
+ // random.nextBytes(iv);
+ //
+ // try
+ // {
+ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+ // params.init(new IvParameterSpec(iv));
+ // }
+ // catch (Exception e)
+ // {
+ // throw new RuntimeException(e.getMessage());
+ // }
+ // }
+ // else
+ // {
+ // try
+ // {
+ // params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+ // params.init(spec);
+ // }
+ // catch (Exception e)
+ // {
+ // throw new RuntimeException(e.getMessage());
+ // }
+ // }
+ //
+ // return params;
+ // }
+ // }
+ // END android-removed
}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java b/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
index 9402743..1c22952 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
@@ -21,6 +21,7 @@
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DSA;
import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.NullDigest;
import org.bouncycastle.crypto.digests.SHA1Digest;
// BEGIN android-removed
// import org.bouncycastle.crypto.digests.SHA224Digest;
@@ -33,7 +34,6 @@
// BEGIN android-removed
// import org.bouncycastle.jce.interfaces.GOST3410Key;
// END android-removed
-import org.bouncycastle.jce.provider.util.NullDigest;
public class JDKDSASigner
extends SignatureSpi
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java b/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
index 380dcd1..badeac1 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
@@ -28,6 +28,7 @@
// import org.bouncycastle.crypto.digests.MD4Digest;
// END android-removed
import org.bouncycastle.crypto.digests.MD5Digest;
+import org.bouncycastle.crypto.digests.NullDigest;
// BEGIN android-removed
// import org.bouncycastle.crypto.digests.RIPEMD128Digest;
// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
@@ -42,7 +43,6 @@
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.jce.provider.util.NullDigest;
public class JDKDigestSignature
extends SignatureSpi
@@ -185,13 +185,13 @@
}
}
}
- else if (expected.length == sig.length - 2) // NULL left out
+ else if (sig.length == expected.length - 2) // NULL left out
{
int sigOffset = sig.length - hash.length - 2;
int expectedOffset = expected.length - hash.length - 2;
- sig[1] -= 2; // adjust lengths
- sig[3] -= 2;
+ expected[1] -= 2; // adjust lengths
+ expected[3] -= 2;
for (int i = 0; i < hash.length; i++)
{
@@ -201,7 +201,7 @@
}
}
- for (int i = 0; i < expectedOffset; i++)
+ for (int i = 0; i < sigOffset; i++)
{
if (sig[i] != expected[i]) // check header less NULL
{
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
index 8ee9a64..3ed5821 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
@@ -144,6 +144,20 @@
return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG());
}
+ // BEGIN android-added
+ else if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey)
+ {
+ DSAPublicKey k = (DSAPublicKey)key;
+
+ return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
+ }
+ else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof DSAPrivateKey)
+ {
+ DSAPrivateKey k = (DSAPrivateKey)key;
+
+ return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
+ }
+ // END android-added
throw new RuntimeException("not implemented yet " + key + " " + spec);
}
@@ -261,11 +275,11 @@
{
return new JDKDSAPublicKey(info);
}
+ else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
+ {
+ return new JCEECPublicKey(info);
+ }
// BEGIN android-removed
- // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
- // {
- // return new JCEECPublicKey(info);
- // }
// else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
// {
// return new JDKGOST3410PublicKey(info);
@@ -307,6 +321,10 @@
{
return new JCEDHPrivateKey(info);
}
+ else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber))
+ {
+ return new JCEDHPrivateKey(info);
+ }
// BEGIN android-removed
// else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm))
// {
@@ -317,11 +335,11 @@
{
return new JDKDSAPrivateKey(info);
}
+ else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
+ {
+ return new JCEECPrivateKey(info);
+ }
// BEGIN android-removed
- // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
- // {
- // return new JCEECPrivateKey(info);
- // }
// else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
// {
// return new JDKGOST3410PrivateKey(info);
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
index e6f74c6..1c68095 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
@@ -361,7 +361,7 @@
try
{
- CertificateFactory cFact = CertificateFactory.getInstance(type, "BC");
+ CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME);
ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc);
return cFact.generateCertificate(bIn);
@@ -436,11 +436,11 @@
switch (keyType)
{
case KEY_PRIVATE:
- return KeyFactory.getInstance(algorithm, "BC").generatePrivate(spec);
+ return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(spec);
case KEY_PUBLIC:
- return KeyFactory.getInstance(algorithm, "BC").generatePublic(spec);
+ return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePublic(spec);
case KEY_SECRET:
- return SecretKeyFactory.getInstance(algorithm, "BC").generateSecret(spec);
+ return SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generateSecret(spec);
default:
throw new IOException("Key type " + keyType + " not recognised!");
}
@@ -463,10 +463,10 @@
try
{
PBEKeySpec pbeSpec = new PBEKeySpec(password);
- SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, "BC");
+ SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
- Cipher cipher = Cipher.getInstance(algorithm, "BC");
+ Cipher cipher = Cipher.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams);
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
index 205c2bb..9707b05 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
@@ -7,6 +7,7 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
+import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
@@ -16,8 +17,11 @@
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
+import java.security.KeyStore.LoadStoreParameter;
+import java.security.KeyStore.ProtectionParameter;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
@@ -46,6 +50,7 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
@@ -1102,9 +1107,50 @@
}
}
+ public void engineStore(LoadStoreParameter param) throws IOException,
+ NoSuchAlgorithmException, CertificateException
+ {
+ if (param == null)
+ {
+ throw new IllegalArgumentException("'param' arg cannot be null");
+ }
+
+ if (!(param instanceof JDKPKCS12StoreParameter))
+ {
+ throw new IllegalArgumentException(
+ "No support for 'param' of type " + param.getClass().getName());
+ }
+
+ JDKPKCS12StoreParameter bcParam = (JDKPKCS12StoreParameter)param;
+
+ char[] password;
+ ProtectionParameter protParam = param.getProtectionParameter();
+ if (protParam == null)
+ {
+ password = null;
+ }
+ else if (protParam instanceof KeyStore.PasswordProtection)
+ {
+ password = ((KeyStore.PasswordProtection)protParam).getPassword();
+ }
+ else
+ {
+ throw new IllegalArgumentException(
+ "No support for protection parameter of type " + protParam.getClass().getName());
+ }
+
+ doStore(bcParam.getOutputStream(), password, bcParam.isUseDEREncoding());
+ }
+
public void engineStore(OutputStream stream, char[] password)
throws IOException
{
+ doStore(stream, password, false);
+ }
+
+ private void doStore(OutputStream stream, char[] password, boolean useDEREncoding)
+ throws IOException
+ {
if (password == null)
{
throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
@@ -1432,9 +1478,17 @@
AuthenticatedSafe auth = new AuthenticatedSafe(info);
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- BEROutputStream berOut = new BEROutputStream(bOut);
+ DEROutputStream asn1Out;
+ if (useDEREncoding)
+ {
+ asn1Out = new DEROutputStream(bOut);
+ }
+ else
+ {
+ asn1Out = new BEROutputStream(bOut);
+ }
- berOut.writeObject(auth);
+ asn1Out.writeObject(auth);
byte[] pkg = bOut.toByteArray();
@@ -1473,9 +1527,16 @@
//
Pfx pfx = new Pfx(mainInfo, mData);
- berOut = new BEROutputStream(stream);
+ if (useDEREncoding)
+ {
+ asn1Out = new DEROutputStream(stream);
+ }
+ else
+ {
+ asn1Out = new BEROutputStream(stream);
+ }
- berOut.writeObject(pfx);
+ asn1Out.writeObject(pfx);
}
private static byte[] calculatePbeMac(
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java
new file mode 100644
index 0000000..865481f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.jce.provider;
+
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.security.KeyStore.LoadStoreParameter;
+import java.security.KeyStore.ProtectionParameter;
+
+public class JDKPKCS12StoreParameter implements LoadStoreParameter
+{
+ private OutputStream outputStream;
+ private ProtectionParameter protectionParameter;
+ private boolean useDEREncoding;
+
+ public OutputStream getOutputStream()
+ {
+ return outputStream;
+ }
+
+ public ProtectionParameter getProtectionParameter()
+ {
+ return protectionParameter;
+ }
+
+ public boolean isUseDEREncoding()
+ {
+ return useDEREncoding;
+ }
+
+ public void setOutputStream(OutputStream outputStream)
+ {
+ this.outputStream = outputStream;
+ }
+
+ public void setPassword(char[] password)
+ {
+ this.protectionParameter = new KeyStore.PasswordProtection(password);
+ }
+
+ public void setProtectionParameter(ProtectionParameter protectionParameter)
+ {
+ this.protectionParameter = protectionParameter;
+ }
+
+ public void setUseDEREncoding(boolean useDEREncoding)
+ {
+ this.useDEREncoding = useDEREncoding;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java b/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
index 4e77119..984283f 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
@@ -1,9 +1,6 @@
package org.bouncycastle.jce.provider;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-// BEGIN android-added
-import org.bouncycastle.asn1.OrderedTable;
-// END android-added
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.ASN1OutputStream;
@@ -20,73 +17,65 @@
class PKCS12BagAttributeCarrierImpl
implements PKCS12BagAttributeCarrier
{
- // BEGIN android-changed
- private OrderedTable pkcs12 = new OrderedTable();
- // END android-changed
+ private Hashtable pkcs12Attributes;
+ private Vector pkcs12Ordering;
- // BEGIN android-removed
- // PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
- // {
- // this.pkcs12Attributes = attributes;
- // this.pkcs12Ordering = ordering;
- // }
- // END android-removed
+ PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
+ {
+ this.pkcs12Attributes = attributes;
+ this.pkcs12Ordering = ordering;
+ }
public PKCS12BagAttributeCarrierImpl()
{
- // BEGIN android-removed
- // this(new Hashtable(), new Vector());
- // END android-removed
+ this(new Hashtable(), new Vector());
}
public void setBagAttribute(
DERObjectIdentifier oid,
DEREncodable attribute)
{
- // BEGIN android-changed
- // preserve original ordering
- pkcs12.put(oid, attribute);
- // END android-changed
+ if (pkcs12Attributes.containsKey(oid))
+ { // preserve original ordering
+ pkcs12Attributes.put(oid, attribute);
+ }
+ else
+ {
+ pkcs12Attributes.put(oid, attribute);
+ pkcs12Ordering.addElement(oid);
+ }
}
public DEREncodable getBagAttribute(
DERObjectIdentifier oid)
{
- // BEGIN android-changed
- return (DEREncodable)pkcs12.get(oid);
- // END android-changed
+ return (DEREncodable)pkcs12Attributes.get(oid);
}
public Enumeration getBagAttributeKeys()
{
- // BEGIN android-changed
- return pkcs12.getKeys();
- // END android-changed
+ return pkcs12Ordering.elements();
}
int size()
{
- // BEGIN android-changed
- return pkcs12.size();
- // END android-changed
+ return pkcs12Ordering.size();
}
- // BEGIN android-removed
- // Hashtable getAttributes()
- // {
- // return pkcs12Attributes;
- // }
- //
- // Vector getOrdering()
- // {
- // return pkcs12Ordering;
- // }
- // END android-removed
+ Hashtable getAttributes()
+ {
+ return pkcs12Attributes;
+ }
+
+ Vector getOrdering()
+ {
+ return pkcs12Ordering;
+ }
public void writeObject(ObjectOutputStream out)
throws IOException
{
- if (pkcs12.size() == 0)
+ if (pkcs12Ordering.size() == 0)
{
out.writeObject(new Hashtable());
out.writeObject(new Vector());
@@ -103,7 +92,7 @@
DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
aOut.writeObject(oid);
- aOut.writeObject(pkcs12.get(oid));
+ aOut.writeObject(pkcs12Attributes.get(oid));
}
out.writeObject(bOut.toByteArray());
@@ -117,11 +106,8 @@
if (obj instanceof Hashtable)
{
- // BEGIN android-changed
- // we only write out Hashtable/Vector in empty case
- in.readObject(); // consume empty Vector
- this.pkcs12 = new OrderedTable();
- // END android-changed
+ this.pkcs12Attributes = (Hashtable)obj;
+ this.pkcs12Ordering = (Vector)in.readObject();
}
else
{
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
new file mode 100644
index 0000000..c94016d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
@@ -0,0 +1,155 @@
+package org.bouncycastle.jce.provider;
+
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.bouncycastle.util.StoreException;
+import org.bouncycastle.x509.ExtendedPKIXParameters;
+import org.bouncycastle.x509.X509CRLStoreSelector;
+import org.bouncycastle.x509.X509Store;
+
+public class PKIXCRLUtil
+{
+ public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
+ throws AnnotatedException
+ {
+ Set initialSet = new HashSet();
+
+ // get complete CRL(s)
+ try
+ {
+ initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
+ initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
+ initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
+ }
+ catch (AnnotatedException e)
+ {
+ throw new AnnotatedException("Exception obtaining complete CRLs.", e);
+ }
+
+ Set finalSet = new HashSet();
+ Date validityDate = currentDate;
+
+ if (paramsPKIX.getDate() != null)
+ {
+ validityDate = paramsPKIX.getDate();
+ }
+
+ // based on RFC 5280 6.3.3
+ for (Iterator it = initialSet.iterator(); it.hasNext();)
+ {
+ X509CRL crl = (X509CRL)it.next();
+
+ if (crl.getNextUpdate().after(validityDate))
+ {
+ X509Certificate cert = crlselect.getCertificateChecking();
+
+ if (cert != null)
+ {
+ if (crl.getThisUpdate().before(cert.getNotAfter()))
+ {
+ finalSet.add(crl);
+ }
+ }
+ else
+ {
+ finalSet.add(crl);
+ }
+ }
+ }
+
+ return finalSet;
+ }
+
+ public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX)
+ throws AnnotatedException
+ {
+ Set completeSet = new HashSet();
+
+ // get complete CRL(s)
+ try
+ {
+ completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
+ }
+ catch (AnnotatedException e)
+ {
+ throw new AnnotatedException("Exception obtaining complete CRLs.", e);
+ }
+
+ return completeSet;
+ }
+
+/**
+ * Return a Collection of all CRLs found in the X509Store's that are
+ * matching the crlSelect criteriums.
+ *
+ * @param crlSelect a {@link X509CRLStoreSelector} object that will be used
+ * to select the CRLs
+ * @param crlStores a List containing only
+ * {@link org.bouncycastle.x509.X509Store X509Store} objects.
+ * These are used to search for CRLs
+ *
+ * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
+ * empty but never <code>null</code>.
+ */
+ private final Collection findCRLs(X509CRLStoreSelector crlSelect,
+ List crlStores) throws AnnotatedException
+ {
+ Set crls = new HashSet();
+ Iterator iter = crlStores.iterator();
+
+ AnnotatedException lastException = null;
+ boolean foundValidStore = false;
+
+ while (iter.hasNext())
+ {
+ Object obj = iter.next();
+
+ if (obj instanceof X509Store)
+ {
+ X509Store store = (X509Store)obj;
+
+ try
+ {
+ crls.addAll(store.getMatches(crlSelect));
+ foundValidStore = true;
+ }
+ catch (StoreException e)
+ {
+ lastException = new AnnotatedException(
+ "Exception searching in X.509 CRL store.", e);
+ }
+ }
+ else
+ {
+ CertStore store = (CertStore)obj;
+
+ try
+ {
+ crls.addAll(store.getCRLs(crlSelect));
+ foundValidStore = true;
+ }
+ catch (CertStoreException e)
+ {
+ lastException = new AnnotatedException(
+ "Exception searching in X.509 CRL store.", e);
+ }
+ }
+ }
+ if (!foundValidStore && lastException != null)
+ {
+ throw lastException;
+ }
+ return crls;
+ }
+
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
index 8c8969a..af4b8ab 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
@@ -179,7 +179,7 @@
}
Enumeration e = ((ASN1Sequence)derObject).getObjects();
certificates = new ArrayList();
- CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BC");
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
while (e.hasMoreElements())
{
ASN1Encodable element = (ASN1Encodable)e.nextElement();
@@ -192,7 +192,7 @@
{
inStream = new BufferedInputStream(inStream);
certificates = new ArrayList();
- CertificateFactory certFactory= CertificateFactory.getInstance("X.509", "BC");
+ CertificateFactory certFactory= CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
Certificate cert;
while ((cert = certFactory.generateCertificate(inStream)) != null)
{
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
index 05bba8e..384eb86 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
@@ -1,10 +1,5 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.X509CertStoreSelector;
-
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
@@ -24,6 +19,11 @@
import java.util.Iterator;
import java.util.List;
+import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
+import org.bouncycastle.util.Selector;
+import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
+import org.bouncycastle.x509.X509CertStoreSelector;
+
/**
* Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
*
@@ -160,8 +160,8 @@
try
{
- cFact = CertificateFactory.getInstance("X.509", "BC");
- validator = CertPathValidator.getInstance("PKIX", "BC");
+ cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
+ validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
}
catch (Exception e)
{
@@ -172,9 +172,8 @@
try
{
// check whether the issuer of <tbvCert> is a TrustAnchor
- // BEGIN android-changed
- if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams) != null)
- // END android-changed
+ if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
+ pkixParams.getSigProvider()) != null)
{
// exception message from possibly later tried certification
// chains
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index 20ce6a4..fb698f9 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -24,10 +24,6 @@
import javax.security.auth.x500.X500Principal;
-// BEGIN android-added
-import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-
-// END android-added
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -76,6 +72,14 @@
// Issuer: CN=Entrust.net
{(byte)0xe2, (byte)0x3b, (byte)0x8d, (byte)0x10, (byte)0x5f, (byte)0x87, (byte)0x71, (byte)0x0a, (byte)0x68, (byte)0xd9,
(byte)0x24, (byte)0x80, (byte)0x50, (byte)0xeb, (byte)0xef, (byte)0xc6, (byte)0x27, (byte)0xbe, (byte)0x4c, (byte)0xa6},
+ // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
+ // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
+ {(byte)0x7b, (byte)0x2e, (byte)0x16, (byte)0xbc, (byte)0x39, (byte)0xbc, (byte)0xd7, (byte)0x2b, (byte)0x45, (byte)0x6e,
+ (byte)0x9f, (byte)0x05, (byte)0x5d, (byte)0x1d, (byte)0xe6, (byte)0x15, (byte)0xb7, (byte)0x49, (byte)0x45, (byte)0xdb},
+ // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
+ // Issuer: CN=Staat der Nederlanden Overheid CA
+ {(byte)0xe8, (byte)0xf9, (byte)0x12, (byte)0x00, (byte)0xc6, (byte)0x5c, (byte)0xee, (byte)0x16, (byte)0xe0, (byte)0x39,
+ (byte)0xb9, (byte)0xf8, (byte)0x83, (byte)0x84, (byte)0x16, (byte)0x61, (byte)0x63, (byte)0x5f, (byte)0x81, (byte)0xc5},
};
private static boolean isPublicKeyBlackListed(PublicKey publicKey) {
@@ -107,18 +111,6 @@
+ " instance.");
}
- // BEGIN android-added
- IndexedPKIXParameters indexedParams;
- if (params instanceof IndexedPKIXParameters)
- {
- indexedParams = (IndexedPKIXParameters)params;
- }
- else
- {
- indexedParams = null;
- }
-
- // END android-added
ExtendedPKIXParameters paramsPKIX;
if (params instanceof ExtendedPKIXParameters)
{
@@ -179,15 +171,10 @@
// (d)
//
TrustAnchor trust;
- // BEGIN android-added
- X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1);
- // END android-added
try
{
- // BEGIN android-changed
- trust = CertPathValidatorUtilities.findTrustAnchor(lastCert,
- indexedParams != null ? indexedParams : paramsPKIX);
- // END android-changed
+ trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
+ paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
}
catch (AnnotatedException e)
{
@@ -283,25 +270,12 @@
X500Principal workingIssuerName;
X509Certificate sign = trust.getTrustedCert();
- // BEGIN android-added
- boolean trustAnchorInChain = false;
- // END android-added
try
{
if (sign != null)
{
workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
workingPublicKey = sign.getPublicKey();
- // BEGIN android-added
- // There is similar code in CertPathValidatorUtilities.
- try {
- byte[] trustBytes = sign.getEncoded();
- byte[] certBytes = lastCert.getEncoded();
- trustAnchorInChain = Arrays.equals(trustBytes, certBytes);
- } catch(Exception e) {
- // ignore, continue with trustAnchorInChain being false
- }
- // END android-added
}
else
{
@@ -387,10 +361,8 @@
// 6.1.3
//
- // BEGIN android-changed
RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
- verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain);
- // END android-changed
+ verificationAlreadyPerformed, workingIssuerName, sign);
RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
@@ -407,18 +379,11 @@
if (i != n)
{
- // BEGIN android-added
- if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
- {
- // END android-added
if (cert != null && cert.getVersion() == 1)
{
throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null,
certPath, index);
}
- // BEGIN android-added
- }
- // END android-added
RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
@@ -442,9 +407,7 @@
inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
// (k)
- // BEGIN android-changed
- RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain);
- // END android-changed
+ RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
// (l)
maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
diff --git a/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java b/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
index b4f700d..6060ad4 100644
--- a/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
+++ b/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
@@ -1,97 +1,87 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.jce.ProviderConfigurationPermission;
-// BEGIN android-removed
-// import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
-// END android-removed
-import org.bouncycastle.jce.interfaces.ConfigurableProvider;
-// BEGIN android-removed
-// import org.bouncycastle.jce.spec.ECParameterSpec;
-// END android-removed
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Permission;
+import org.bouncycastle.jce.ProviderConfigurationPermission;
+import org.bouncycastle.jce.interfaces.ConfigurableProvider;
+import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+
public class ProviderUtil
{
private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory();
private static Permission BC_EC_LOCAL_PERMISSION = new ProviderConfigurationPermission(
- "BC", ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA);
+ BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA);
private static Permission BC_EC_PERMISSION = new ProviderConfigurationPermission(
- "BC", ConfigurableProvider.EC_IMPLICITLY_CA);
+ BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.EC_IMPLICITLY_CA);
private static ThreadLocal threadSpec = new ThreadLocal();
- // BEGIN android-removed
- // private static volatile ECParameterSpec ecImplicitCaParams;
- // END android-removed
+ private static volatile ECParameterSpec ecImplicitCaParams;
static void setParameter(String parameterName, Object parameter)
{
SecurityManager securityManager = System.getSecurityManager();
- // BEGIN android-removed
- // if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
- // {
- // ECParameterSpec curveSpec;
- //
- // if (securityManager != null)
- // {
- // securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
- // }
- //
- // if (parameter instanceof ECParameterSpec || parameter == null)
- // {
- // curveSpec = (ECParameterSpec)parameter;
- // }
- // else // assume java.security.spec
- // {
- // curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
- // }
- //
- // if (curveSpec == null)
- // {
- // threadSpec.remove();
- // }
- // else
- // {
- // threadSpec.set(curveSpec);
- // }
- // }
- // else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
- // {
- // if (securityManager != null)
- // {
- // securityManager.checkPermission(BC_EC_PERMISSION);
- // }
- //
- // if (parameter instanceof ECParameterSpec || parameter == null)
- // {
- // ecImplicitCaParams = (ECParameterSpec)parameter;
- // }
- // else // assume java.security.spec
- // {
- // ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
- // }
- // }
- // END android-removed
+ if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
+ {
+ ECParameterSpec curveSpec;
+
+ if (securityManager != null)
+ {
+ securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
+ }
+
+ if (parameter instanceof ECParameterSpec || parameter == null)
+ {
+ curveSpec = (ECParameterSpec)parameter;
+ }
+ else // assume java.security.spec
+ {
+ curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
+ }
+
+ if (curveSpec == null)
+ {
+ threadSpec.remove();
+ }
+ else
+ {
+ threadSpec.set(curveSpec);
+ }
+ }
+ else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
+ {
+ if (securityManager != null)
+ {
+ securityManager.checkPermission(BC_EC_PERMISSION);
+ }
+
+ if (parameter instanceof ECParameterSpec || parameter == null)
+ {
+ ecImplicitCaParams = (ECParameterSpec)parameter;
+ }
+ else // assume java.security.spec
+ {
+ ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
+ }
+ }
}
- // BEGIN android-removed
- // public static ECParameterSpec getEcImplicitlyCa()
- // {
- // ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
- //
- // if (spec != null)
- // {
- // return spec;
- // }
- //
- // return ecImplicitCaParams;
- // }
- // END android-removed
+ public static ECParameterSpec getEcImplicitlyCa()
+ {
+ ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
+
+ if (spec != null)
+ {
+ return spec;
+ }
+
+ return ecImplicitCaParams;
+ }
static int getReadLimit(InputStream in)
throws IOException
diff --git a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
index 921ed3b..ef3baaa 100644
--- a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
+++ b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
@@ -59,6 +59,7 @@
public class RFC3280CertPathUtilities
{
+ private static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
/**
* If the complete CRL includes an issuing distribution point (IDP) CRL
@@ -491,7 +492,7 @@
}
try
{
- CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
+ CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
selector = new X509CertStoreSelector();
selector.setCertificate(signingCert);
ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
@@ -678,20 +679,10 @@
X509CRL crl)
throws AnnotatedException
{
- Set completeSet = new HashSet();
Set deltaSet = new HashSet();
X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
crlselect.setCertificateChecking(cert);
- if (paramsPKIX.getDate() != null)
- {
- crlselect.setDateAndTime(paramsPKIX.getDate());
- }
- else
- {
- crlselect.setDateAndTime(currentDate);
- }
-
try
{
crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded());
@@ -702,18 +693,8 @@
}
crlselect.setCompleteCRLEnabled(true);
+ Set completeSet = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
- // get complete CRL(s)
- try
- {
- completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
- completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getStores()));
- completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getCertStores()));
- }
- catch (AnnotatedException e)
- {
- throw new AnnotatedException("Exception obtaining complete CRLs.", e);
- }
if (paramsPKIX.isUseDeltasEnabled())
{
// get delta CRL(s)
@@ -732,6 +713,8 @@
deltaSet};
}
+
+
/**
* If use-deltas is set, verify the issuer and scope of the delta CRL.
*
@@ -1471,11 +1454,7 @@
PublicKey workingPublicKey,
boolean verificationAlreadyPerformed,
X500Principal workingIssuerName,
- X509Certificate sign,
- // BEGIN android-added
- int i,
- boolean trustAnchorInChain)
- // END android-added
+ X509Certificate sign)
throws ExtCertPathValidatorException
{
List certs = certPath.getCertificates();
@@ -1489,15 +1468,8 @@
{
// (a) (1)
//
- // BEGIN android-added
- if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
- {
- // END android-added
CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
paramsPKIX.getSigProvider());
- // BEGIN android-added
- }
- // END android-added
}
catch (GeneralSecurityException e)
{
@@ -1594,7 +1566,7 @@
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0)
{
- tmpInt = DERInteger.getInstance(constraint).getValue().intValue();
+ tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy)
{
return tmpInt;
@@ -1648,7 +1620,7 @@
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 1)
{
- tmpInt = DERInteger.getInstance(constraint).getValue().intValue();
+ tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < policyMapping)
{
return tmpInt;
@@ -2088,11 +2060,7 @@
protected static void prepareNextCertK(
CertPath certPath,
- int index,
- // BEGIN android-added
- int i,
- boolean trustAnchorInChain)
- // END android-added
+ int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
@@ -2120,14 +2088,7 @@
}
else
{
- // BEGIN android-added
- if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
- {
- // END android-added
throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
- // BEGIN android-added
- }
- // END android-added
}
}
@@ -2365,7 +2326,7 @@
}
catch (AnnotatedException e)
{
- throw new ExtCertPathValidatorException("Policy constraints could no be decoded.", e, certPath, index);
+ throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
}
if (pc != null)
{
@@ -2379,12 +2340,12 @@
case 0:
try
{
- tmpInt = DERInteger.getInstance(constraint).getValue().intValue();
+ tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
}
catch (Exception e)
{
throw new ExtCertPathValidatorException(
- "Policy constraints requireExplicitPolicy field could no be decoded.", e, certPath,
+ "Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath,
index);
}
if (tmpInt == 0)
diff --git a/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java b/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
index aa50406..1a5808b 100644
--- a/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
@@ -1,23 +1,18 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.RC2WrapEngine;
-// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
@@ -32,19 +27,22 @@
// import javax.crypto.spec.RC5ParameterSpec;
// END android-removed
import javax.crypto.spec.SecretKeySpec;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.Wrapper;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RC2WrapEngine;
+// END android-removed
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
public abstract class WrapCipherSpi extends CipherSpi
implements PBE
@@ -368,20 +366,17 @@
DERObjectIdentifier oid = in.getAlgorithmId().getObjectId();
+ if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
+ {
+ privKey = new JCEECPrivateKey(in);
+ }
// BEGIN android-removed
- // if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
- // {
- // privKey = new JCEECPrivateKey(in);
- // }
// else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94))
// {
// privKey = new JDKGOST3410PrivateKey(in);
// }
- // else if (oid.equals(X9ObjectIdentifiers.id_dsa))
// END android-removed
- // BEGIN android-added
- if (oid.equals(X9ObjectIdentifiers.id_dsa))
- // END android-added
+ else if (oid.equals(X9ObjectIdentifiers.id_dsa))
{
privKey = new JDKDSAPrivateKey(in);
}
@@ -409,7 +404,7 @@
{
try
{
- KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, "BC");
+ KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
if (wrappedKeyType == Cipher.PUBLIC_KEY)
{
@@ -443,17 +438,6 @@
// classes that inherit directly from us
//
-
-
- public static class DESEDEWrap
- extends WrapCipherSpi
- {
- public DESEDEWrap()
- {
- super(new DESedeWrapEngine());
- }
- }
-
// BEGIN android-removed
// public static class RC2Wrap
// extends WrapCipherSpi
@@ -463,14 +447,5 @@
// super(new RC2WrapEngine());
// }
// }
- //
- // public static class RFC3211DESedeWrap
- // extends WrapCipherSpi
- // {
- // public RFC3211DESedeWrap()
- // {
- // super(new RFC3211WrapEngine(new DESedeEngine()), 8);
- // }
- // }
// END android-removed
}
diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
index b86833a..1a073e0 100644
--- a/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
+++ b/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
@@ -1,22 +1,5 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREnumerated;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-import javax.security.auth.x500.X500Principal;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
@@ -26,6 +9,22 @@
import java.util.HashSet;
import java.util.Set;
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEREnumerated;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.CRLReason;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
+
/**
* The following extensions are listed in RFC 2459 as relevant to CRL Entries
*
diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
index b196f3d..956c58b 100644
--- a/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
+++ b/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
@@ -1,25 +1,5 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.CRLNumber;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-import javax.security.auth.x500.X500Principal;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -35,12 +15,32 @@
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
+import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
-import java.util.Collections;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.CRLDistPoint;
+import org.bouncycastle.asn1.x509.CRLNumber;
+import org.bouncycastle.asn1.x509.CertificateList;
+import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
/**
* The following extensions are listed in RFC 2459 as relevant to CRLs
@@ -185,7 +185,7 @@
throws CRLException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException, SignatureException
{
- verify(key, "BC");
+ verify(key, BouncyCastleProvider.PROVIDER_NAME);
}
public void verify(PublicKey key, String sigProvider)
diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
index e81211e..d52386a 100644
--- a/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
+++ b/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
@@ -1,31 +1,5 @@
package org.bouncycastle.jce.provider;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
-import org.bouncycastle.asn1.misc.NetscapeCertType;
-import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
-import org.bouncycastle.asn1.misc.VerisignCzagExtension;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.encoders.Hex;
-
-import javax.security.auth.x500.X500Principal;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -53,6 +27,34 @@
import java.util.List;
import java.util.Set;
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
+import org.bouncycastle.asn1.misc.NetscapeCertType;
+import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
+import org.bouncycastle.asn1.misc.VerisignCzagExtension;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
public class X509CertificateObject
extends X509Certificate
implements PKCS12BagAttributeCarrier
@@ -222,7 +224,7 @@
*/
public String getSigAlgName()
{
- Provider prov = Security.getProvider("BC");
+ Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
if (prov != null)
{
@@ -546,19 +548,19 @@
{
return true;
}
-
+
if (!(o instanceof Certificate))
{
return false;
}
Certificate other = (Certificate)o;
-
+
try
{
byte[] b1 = this.getEncoded();
byte[] b2 = other.getEncoded();
-
+
return Arrays.areEqual(b1, b2);
}
catch (CertificateEncodingException e)
@@ -582,7 +584,13 @@
{
try
{
- return Arrays.hashCode(this.getEncoded());
+ int hashCode = 0;
+ byte[] certData = this.getEncoded();
+ for (int i = 1; i < certData.length; i++)
+ {
+ hashCode += certData[i] * i;
+ }
+ return hashCode;
}
catch (CertificateEncodingException e)
{
@@ -714,7 +722,7 @@
try
{
- signature = Signature.getInstance(sigName, "BC");
+ signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
}
catch (Exception e)
{
@@ -742,7 +750,7 @@
throws CertificateException, NoSuchAlgorithmException,
SignatureException, InvalidKeyException
{
- if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+ if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature()))
{
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
}
@@ -761,4 +769,34 @@
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
+
+ private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
+ {
+ if (!id1.getObjectId().equals(id2.getObjectId()))
+ {
+ return false;
+ }
+
+ if (id1.getParameters() == null)
+ {
+ if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE))
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+ if (id2.getParameters() == null)
+ {
+ if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE))
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+ return id1.getParameters().equals(id2.getParameters());
+ }
}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java
new file mode 100644
index 0000000..5d873f9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java
@@ -0,0 +1,117 @@
+package org.bouncycastle.jce.provider.asymmetric;
+
+import java.util.HashMap;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+
+public class EC
+{
+ public static class Mappings
+ extends HashMap
+ {
+ public Mappings()
+ {
+ put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DH");
+ // BEGIN android-removed
+ // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC");
+ // put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV");
+ // put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF");
+ // put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF");
+ // END android-removed
+
+ put("KeyFactory.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$EC");
+ // BEGIN android-removed
+ // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA");
+ // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH");
+ // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC");
+ // put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV");
+ // END android-removed
+ put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC");
+ // TODO Should this be an alias for ECDH?
+ put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+ // BEGIN android-removed
+ // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+ //
+ // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410");
+ // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410");
+ // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410");
+ // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
+ // END android-removed
+
+ put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC");
+ // BEGIN android-removed
+ // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA");
+ // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+ // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC");
+ // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+ // put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV");
+ // END android-removed
+ // TODO Should this be an alias for ECDH?
+ put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+ // BEGIN android-removed
+ // put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+ //
+ // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410");
+ // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410");
+ // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410");
+ // END android-removed
+
+ put("Signature.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA");
+ put("Signature.NONEwithECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSAnone");
+
+ put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA");
+ put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA");
+ put("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA");
+ put("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA");
+ put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
+ put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
+ put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
+ // BEGIN android-removed
+ // put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
+ //
+ // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // END android-removed
+ addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
+ addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
+ addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
+ // BEGIN android-removed
+ // addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+ //
+ // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR");
+ // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224");
+ // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256");
+ // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384");
+ // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512");
+ //
+ // addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+ // addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+ // addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+ // END android-removed
+ }
+
+ private void addSignatureAlgorithm(
+ String digest,
+ String algorithm,
+ String className,
+ DERObjectIdentifier oid)
+ {
+ String mainName = digest + "WITH" + algorithm;
+ String jdk11Variation1 = digest + "with" + algorithm;
+ String jdk11Variation2 = digest + "With" + algorithm;
+ String alias = digest + "/" + algorithm;
+
+ put("Signature." + mainName, className);
+ put("Alg.Alias.Signature." + jdk11Variation1, mainName);
+ put("Alg.Alias.Signature." + jdk11Variation2, mainName);
+ put("Alg.Alias.Signature." + alias, mainName);
+ put("Alg.Alias.Signature." + oid, mainName);
+ put("Alg.Alias.Signature.OID." + oid, mainName);
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java
new file mode 100644
index 0000000..b693613
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java
@@ -0,0 +1,123 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.math.BigInteger;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.EllipticCurve;
+
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.math.ec.ECCurve;
+
+public class EC5Util
+{
+ public static EllipticCurve convertCurve(
+ ECCurve curve,
+ byte[] seed)
+ {
+ // TODO: the Sun EC implementation doesn't currently handle the seed properly
+ // so at the moment it's set to null. Should probably look at making this configurable
+ if (curve instanceof ECCurve.Fp)
+ {
+ return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
+ }
+ else
+ {
+ ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
+ int ks[];
+
+ if (curveF2m.isTrinomial())
+ {
+ ks = new int[] { curveF2m.getK1() };
+
+ return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
+ }
+ else
+ {
+ ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() };
+
+ return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
+ }
+ }
+ }
+
+ public static ECCurve convertCurve(
+ EllipticCurve ec)
+ {
+ ECField field = ec.getField();
+ BigInteger a = ec.getA();
+ BigInteger b = ec.getB();
+
+ if (field instanceof ECFieldFp)
+ {
+ return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
+ }
+ else
+ {
+ ECFieldF2m fieldF2m = (ECFieldF2m)field;
+ int m = fieldF2m.getM();
+ int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial());
+ return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b);
+ }
+ }
+
+ public static ECParameterSpec convertSpec(
+ EllipticCurve ellipticCurve,
+ org.bouncycastle.jce.spec.ECParameterSpec spec)
+ {
+ if (spec instanceof ECNamedCurveParameterSpec)
+ {
+ return new ECNamedCurveSpec(
+ ((ECNamedCurveParameterSpec)spec).getName(),
+ ellipticCurve,
+ new ECPoint(
+ spec.getG().getX().toBigInteger(),
+ spec.getG().getY().toBigInteger()),
+ spec.getN(),
+ spec.getH());
+ }
+ else
+ {
+ return new ECParameterSpec(
+ ellipticCurve,
+ new ECPoint(
+ spec.getG().getX().toBigInteger(),
+ spec.getG().getY().toBigInteger()),
+ spec.getN(),
+ spec.getH().intValue());
+ }
+ }
+
+ public static org.bouncycastle.jce.spec.ECParameterSpec convertSpec(
+ ECParameterSpec ecSpec,
+ boolean withCompression)
+ {
+ ECCurve curve = convertCurve(ecSpec.getCurve());
+
+ return new org.bouncycastle.jce.spec.ECParameterSpec(
+ curve,
+ convertPoint(curve, ecSpec.getGenerator(), withCompression),
+ ecSpec.getOrder(),
+ BigInteger.valueOf(ecSpec.getCofactor()),
+ ecSpec.getCurve().getSeed());
+ }
+
+ public static org.bouncycastle.math.ec.ECPoint convertPoint(
+ ECParameterSpec ecSpec,
+ ECPoint point,
+ boolean withCompression)
+ {
+ return convertPoint(convertCurve(ecSpec.getCurve()), point, withCompression);
+ }
+
+ public static org.bouncycastle.math.ec.ECPoint convertPoint(
+ ECCurve curve,
+ ECPoint point,
+ boolean withCompression)
+ {
+ return curve.createPoint(point.getAffineX(), point.getAffineY(), withCompression);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
new file mode 100644
index 0000000..088dfad
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
@@ -0,0 +1,238 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.jce.interfaces.ECPrivateKey;
+import org.bouncycastle.jce.interfaces.ECPublicKey;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+import org.bouncycastle.jce.provider.ProviderUtil;
+import org.bouncycastle.jce.provider.JCEECPublicKey;
+
+import java.security.InvalidKeyException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/**
+ * utility class for converting jce/jca ECDSA, ECDH, and ECDHC
+ * objects into their org.bouncycastle.crypto counterparts.
+ */
+public class ECUtil
+{
+ /**
+ * Returns a sorted array of middle terms of the reduction polynomial.
+ * @param k The unsorted array of middle terms of the reduction polynomial
+ * of length 1 or 3.
+ * @return the sorted array of middle terms of the reduction polynomial.
+ * This array always has length 3.
+ */
+ static int[] convertMidTerms(
+ int[] k)
+ {
+ int[] res = new int[3];
+
+ if (k.length == 1)
+ {
+ res[0] = k[0];
+ }
+ else
+ {
+ if (k.length != 3)
+ {
+ throw new IllegalArgumentException("Only Trinomials and pentanomials supported");
+ }
+
+ if (k[0] < k[1] && k[0] < k[2])
+ {
+ res[0] = k[0];
+ if (k[1] < k[2])
+ {
+ res[1] = k[1];
+ res[2] = k[2];
+ }
+ else
+ {
+ res[1] = k[2];
+ res[2] = k[1];
+ }
+ }
+ else if (k[1] < k[2])
+ {
+ res[0] = k[1];
+ if (k[0] < k[2])
+ {
+ res[1] = k[0];
+ res[2] = k[2];
+ }
+ else
+ {
+ res[1] = k[2];
+ res[2] = k[0];
+ }
+ }
+ else
+ {
+ res[0] = k[2];
+ if (k[0] < k[1])
+ {
+ res[1] = k[0];
+ res[2] = k[1];
+ }
+ else
+ {
+ res[1] = k[1];
+ res[2] = k[0];
+ }
+ }
+ }
+
+ return res;
+ }
+
+ public static AsymmetricKeyParameter generatePublicKeyParameter(
+ PublicKey key)
+ throws InvalidKeyException
+ {
+ if (key instanceof ECPublicKey)
+ {
+ ECPublicKey k = (ECPublicKey)key;
+ ECParameterSpec s = k.getParameters();
+
+ if (s == null)
+ {
+ s = ProviderUtil.getEcImplicitlyCa();
+
+ return new ECPublicKeyParameters(
+ ((JCEECPublicKey)k).engineGetQ(),
+ new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+ }
+ else
+ {
+ return new ECPublicKeyParameters(
+ k.getQ(),
+ new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+ }
+ }
+ else if (key instanceof java.security.interfaces.ECPublicKey)
+ {
+ java.security.interfaces.ECPublicKey pubKey = (java.security.interfaces.ECPublicKey)key;
+ ECParameterSpec s = EC5Util.convertSpec(pubKey.getParams(), false);
+ return new ECPublicKeyParameters(
+ EC5Util.convertPoint(pubKey.getParams(), pubKey.getW(), false),
+ new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+ }
+
+ throw new InvalidKeyException("cannot identify EC public key.");
+ }
+
+ public static AsymmetricKeyParameter generatePrivateKeyParameter(
+ PrivateKey key)
+ throws InvalidKeyException
+ {
+ if (key instanceof ECPrivateKey)
+ {
+ ECPrivateKey k = (ECPrivateKey)key;
+ ECParameterSpec s = k.getParameters();
+
+ if (s == null)
+ {
+ s = ProviderUtil.getEcImplicitlyCa();
+ }
+
+ return new ECPrivateKeyParameters(
+ k.getD(),
+ new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+ }
+
+ throw new InvalidKeyException("can't identify EC private key.");
+ }
+
+ public static DERObjectIdentifier getNamedCurveOid(
+ String name)
+ {
+ DERObjectIdentifier oid = X962NamedCurves.getOID(name);
+
+ if (oid == null)
+ {
+ oid = SECNamedCurves.getOID(name);
+ if (oid == null)
+ {
+ oid = NISTNamedCurves.getOID(name);
+ }
+ // BEGIN android-removed
+ // if (oid == null)
+ // {
+ // oid = TeleTrusTNamedCurves.getOID(name);
+ // }
+ // if (oid == null)
+ // {
+ // oid = ECGOST3410NamedCurves.getOID(name);
+ // }
+ // END android-removed
+ }
+
+ return oid;
+ }
+
+ public static X9ECParameters getNamedCurveByOid(
+ DERObjectIdentifier oid)
+ {
+ X9ECParameters params = X962NamedCurves.getByOID(oid);
+
+ if (params == null)
+ {
+ params = SECNamedCurves.getByOID(oid);
+ if (params == null)
+ {
+ params = NISTNamedCurves.getByOID(oid);
+ }
+ // BEGIN android-removed
+ // if (params == null)
+ // {
+ // params = TeleTrusTNamedCurves.getByOID(oid);
+ // }
+ // END android-removed
+ }
+
+ return params;
+ }
+
+ public static String getCurveName(
+ DERObjectIdentifier oid)
+ {
+ String name = X962NamedCurves.getName(oid);
+
+ if (name == null)
+ {
+ name = SECNamedCurves.getName(oid);
+ if (name == null)
+ {
+ name = NISTNamedCurves.getName(oid);
+ }
+ // BEGIN android-removed
+ // if (name == null)
+ // {
+ // name = TeleTrusTNamedCurves.getName(oid);
+ // }
+ // if (name == null)
+ // {
+ // name = ECGOST3410NamedCurves.getName(oid);
+ // }
+ // END android-removed
+ }
+
+ return name;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
new file mode 100644
index 0000000..438928f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
@@ -0,0 +1,338 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Hashtable;
+
+import javax.crypto.KeyAgreementSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x9.X9IntegerConverter;
+import org.bouncycastle.crypto.BasicAgreement;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DerivationFunction;
+import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
+// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
+// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
+// END android-removed
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.MQVPrivateParameters;
+// import org.bouncycastle.crypto.params.MQVPublicParameters;
+// END android-removed
+import org.bouncycastle.jce.interfaces.ECPrivateKey;
+import org.bouncycastle.jce.interfaces.ECPublicKey;
+// BEGIN android-removed
+// import org.bouncycastle.jce.interfaces.MQVPrivateKey;
+// import org.bouncycastle.jce.interfaces.MQVPublicKey;
+// END android-removed
+
+/**
+ * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
+ * both the simple one, and the simple one with cofactors are supported.
+ *
+ * Also, MQV key agreement per SEC-1
+ */
+public class KeyAgreement
+ extends KeyAgreementSpi
+{
+ private static final X9IntegerConverter converter = new X9IntegerConverter();
+ private static final Hashtable algorithms = new Hashtable();
+
+ static
+ {
+ // BEGIN android-changed
+ Integer i128 = Integer.valueOf(128);
+ Integer i192 = Integer.valueOf(192);
+ Integer i256 = Integer.valueOf(256);
+ // END android-changed
+
+ algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128);
+ algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192);
+ algorithms.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), i256);
+ algorithms.put(NISTObjectIdentifiers.id_aes128_wrap.getId(), i128);
+ algorithms.put(NISTObjectIdentifiers.id_aes192_wrap.getId(), i192);
+ algorithms.put(NISTObjectIdentifiers.id_aes256_wrap.getId(), i256);
+ algorithms.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(), i192);
+ }
+
+ private String kaAlgorithm;
+ private BigInteger result;
+ private ECDomainParameters parameters;
+ private BasicAgreement agreement;
+ // BEGIN android-removed
+ // private DerivationFunction kdf;
+ // END android-removed
+
+ private byte[] bigIntToBytes(
+ BigInteger r)
+ {
+ return converter.integerToBytes(r, converter.getByteLength(parameters.getG().getX()));
+ }
+
+ protected KeyAgreement(
+ String kaAlgorithm,
+ BasicAgreement agreement,
+ DerivationFunction kdf)
+ {
+ this.kaAlgorithm = kaAlgorithm;
+ this.agreement = agreement;
+ // BEGIN android-removed
+ // this.kdf = kdf;
+ // END android-removed
+ }
+
+ protected Key engineDoPhase(
+ Key key,
+ boolean lastPhase)
+ throws InvalidKeyException, IllegalStateException
+ {
+ if (parameters == null)
+ {
+ throw new IllegalStateException(kaAlgorithm + " not initialised.");
+ }
+
+ if (!lastPhase)
+ {
+ throw new IllegalStateException(kaAlgorithm + " can only be between two parties.");
+ }
+
+ CipherParameters pubKey;
+ // BEGIN android-removed
+ // if (agreement instanceof ECMQVBasicAgreement)
+ // {
+ // if (!(key instanceof MQVPublicKey))
+ // {
+ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+ // + getSimpleName(MQVPublicKey.class) + " for doPhase");
+ // }
+ //
+ // MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+ // ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+ // ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+ // ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+ // ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+ //
+ // pubKey = new MQVPublicParameters(staticKey, ephemKey);
+ //
+ // // TODO Validate that all the keys are using the same parameters?
+ // }
+ // else
+ // END android-removed
+ {
+ if (!(key instanceof ECPublicKey))
+ {
+ throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+ + getSimpleName(ECPublicKey.class) + " for doPhase");
+ }
+
+ pubKey = ECUtil.generatePublicKeyParameter((PublicKey)key);
+
+ // TODO Validate that all the keys are using the same parameters?
+ }
+
+ result = agreement.calculateAgreement(pubKey);
+
+ return null;
+ }
+
+ protected byte[] engineGenerateSecret()
+ throws IllegalStateException
+ {
+ // BEGIN android-removed
+ // if (kdf != null)
+ // {
+ // throw new UnsupportedOperationException(
+ // "KDF can only be used when algorithm is known");
+ // }
+ // END android-removed
+
+ return bigIntToBytes(result);
+ }
+
+ protected int engineGenerateSecret(
+ byte[] sharedSecret,
+ int offset)
+ throws IllegalStateException, ShortBufferException
+ {
+ byte[] secret = engineGenerateSecret();
+
+ if (sharedSecret.length - offset < secret.length)
+ {
+ throw new ShortBufferException(kaAlgorithm + " key agreement: need " + secret.length + " bytes");
+ }
+
+ System.arraycopy(secret, 0, sharedSecret, offset, secret.length);
+
+ return secret.length;
+ }
+
+ protected SecretKey engineGenerateSecret(
+ String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ byte[] secret = bigIntToBytes(result);
+
+ // BEGIN android-removed
+ // if (kdf != null)
+ // {
+ // if (!algorithms.containsKey(algorithm))
+ // {
+ // throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
+ // }
+ //
+ // int keySize = ((Integer)algorithms.get(algorithm)).intValue();
+ //
+ // DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
+ //
+ // byte[] keyBytes = new byte[keySize / 8];
+ // kdf.init(params);
+ // kdf.generateBytes(keyBytes, 0, keyBytes.length);
+ // secret = keyBytes;
+ // }
+ // else
+ // END android-removed
+ {
+ // TODO Should we be ensuring the key is the right length?
+ }
+
+ return new SecretKeySpec(secret, algorithm);
+ }
+
+ protected void engineInit(
+ Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ initFromKey(key);
+ }
+
+ protected void engineInit(
+ Key key,
+ SecureRandom random)
+ throws InvalidKeyException
+ {
+ initFromKey(key);
+ }
+
+ private void initFromKey(Key key)
+ throws InvalidKeyException
+ {
+ // BEGIN android-removed
+ // if (agreement instanceof ECMQVBasicAgreement)
+ // {
+ // if (!(key instanceof MQVPrivateKey))
+ // {
+ // throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+ // + getSimpleName(MQVPrivateKey.class) + " for initialisation");
+ // }
+ //
+ // MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+ // ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
+ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+ // ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
+ // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+ //
+ // ECPublicKeyParameters ephemPubKey = null;
+ // if (mqvPrivKey.getEphemeralPublicKey() != null)
+ // {
+ // ephemPubKey = (ECPublicKeyParameters)
+ // ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+ // }
+ //
+ // MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+ // this.parameters = staticPrivKey.getParameters();
+ //
+ // // TODO Validate that all the keys are using the same parameters?
+ //
+ // agreement.init(localParams);
+ // }
+ // else
+ // END android-removed
+ {
+ if (!(key instanceof ECPrivateKey))
+ {
+ throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+ + getSimpleName(ECPrivateKey.class) + " for initialisation");
+ }
+
+ ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)ECUtil.generatePrivateKeyParameter((PrivateKey)key);
+ this.parameters = privKey.getParameters();
+
+ agreement.init(privKey);
+ }
+ }
+
+ private static String getSimpleName(Class clazz)
+ {
+ String fullName = clazz.getName();
+
+ return fullName.substring(fullName.lastIndexOf('.') + 1);
+ }
+
+ public static class DH
+ extends KeyAgreement
+ {
+ public DH()
+ {
+ super("ECDH", new ECDHBasicAgreement(), null);
+ }
+ }
+
+ // BEGIN android-removed
+ // public static class DHC
+ // extends KeyAgreement
+ // {
+ // public DHC()
+ // {
+ // super("ECDHC", new ECDHCBasicAgreement(), null);
+ // }
+ // }
+ //
+ // public static class MQV
+ // extends KeyAgreement
+ // {
+ // public MQV()
+ // {
+ // super("ECMQV", new ECMQVBasicAgreement(), null);
+ // }
+ // }
+ //
+ // public static class DHwithSHA1KDF
+ // extends KeyAgreement
+ // {
+ // public DHwithSHA1KDF()
+ // {
+ // super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+ // }
+ // }
+ //
+ // public static class MQVwithSHA1KDF
+ // extends KeyAgreement
+ // {
+ // public MQVwithSHA1KDF()
+ // {
+ // super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+ // }
+ // }
+ // END android-removed
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java
new file mode 100644
index 0000000..630d2c7
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java
@@ -0,0 +1,208 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import org.bouncycastle.jce.provider.JCEECPrivateKey;
+import org.bouncycastle.jce.provider.JCEECPublicKey;
+import org.bouncycastle.jce.provider.JDKKeyFactory;
+import org.bouncycastle.jce.provider.ProviderUtil;
+import org.bouncycastle.jce.spec.ECPrivateKeySpec;
+import org.bouncycastle.jce.spec.ECPublicKeySpec;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+
+public class KeyFactory
+ extends JDKKeyFactory
+{
+ String algorithm;
+
+ KeyFactory(
+ String algorithm)
+ {
+ this.algorithm = algorithm;
+ }
+
+ protected Key engineTranslateKey(
+ Key key)
+ throws InvalidKeyException
+ {
+ if (key instanceof ECPublicKey)
+ {
+ return new JCEECPublicKey((ECPublicKey)key);
+ }
+ else if (key instanceof ECPrivateKey)
+ {
+ return new JCEECPrivateKey((ECPrivateKey)key);
+ }
+
+ throw new InvalidKeyException("key type unknown");
+ }
+
+ protected KeySpec engineGetKeySpec(
+ Key key,
+ Class spec)
+ throws InvalidKeySpecException
+ {
+ if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8"))
+ {
+ return new PKCS8EncodedKeySpec(key.getEncoded());
+ }
+ else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509"))
+ {
+ return new X509EncodedKeySpec(key.getEncoded());
+ }
+ else if (spec.isAssignableFrom(java.security.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey)
+ {
+ ECPublicKey k = (ECPublicKey)key;
+ if (k.getParams() != null)
+ {
+ return new java.security.spec.ECPublicKeySpec(k.getW(), k.getParams());
+ }
+ else
+ {
+ ECParameterSpec implicitSpec = ProviderUtil.getEcImplicitlyCa();
+
+ return new java.security.spec.ECPublicKeySpec(k.getW(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec));
+ }
+ }
+ else if (spec.isAssignableFrom(java.security.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey)
+ {
+ ECPrivateKey k = (ECPrivateKey)key;
+
+ if (k.getParams() != null)
+ {
+ return new java.security.spec.ECPrivateKeySpec(k.getS(), k.getParams());
+ }
+ else
+ {
+ ECParameterSpec implicitSpec = ProviderUtil.getEcImplicitlyCa();
+
+ return new java.security.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec));
+ }
+ }
+
+ throw new RuntimeException("not implemented yet " + key + " " + spec);
+ }
+
+ protected PrivateKey engineGeneratePrivate(
+ KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ if (keySpec instanceof PKCS8EncodedKeySpec)
+ {
+ try
+ {
+ JCEECPrivateKey key = (JCEECPrivateKey)JDKKeyFactory.createPrivateKeyFromDERStream(
+ ((PKCS8EncodedKeySpec)keySpec).getEncoded());
+
+ return new JCEECPrivateKey(algorithm, key);
+ }
+ catch (Exception e)
+ {
+ throw new InvalidKeySpecException(e.toString());
+ }
+ }
+ else if (keySpec instanceof ECPrivateKeySpec)
+ {
+ return new JCEECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec);
+ }
+ else if (keySpec instanceof java.security.spec.ECPrivateKeySpec)
+ {
+ return new JCEECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec);
+ }
+
+ throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
+ }
+
+ protected PublicKey engineGeneratePublic(
+ KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ if (keySpec instanceof X509EncodedKeySpec)
+ {
+ try
+ {
+ JCEECPublicKey key = (JCEECPublicKey)JDKKeyFactory.createPublicKeyFromDERStream(
+ ((X509EncodedKeySpec)keySpec).getEncoded());
+
+ return new JCEECPublicKey(algorithm, key);
+ }
+ catch (Exception e)
+ {
+ throw new InvalidKeySpecException(e.toString());
+ }
+ }
+ else if (keySpec instanceof ECPublicKeySpec)
+ {
+ return new JCEECPublicKey(algorithm, (ECPublicKeySpec)keySpec);
+ }
+ else if (keySpec instanceof java.security.spec.ECPublicKeySpec)
+ {
+ return new JCEECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec);
+ }
+
+ throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
+ }
+
+ public static class EC
+ extends KeyFactory
+ {
+ public EC()
+ {
+ super("EC");
+ }
+ }
+
+ public static class ECDSA
+ extends KeyFactory
+ {
+ public ECDSA()
+ {
+ super("ECDSA");
+ }
+ }
+
+ public static class ECGOST3410
+ extends KeyFactory
+ {
+ public ECGOST3410()
+ {
+ super("ECGOST3410");
+ }
+ }
+
+ public static class ECDH
+ extends KeyFactory
+ {
+ public ECDH()
+ {
+ super("ECDH");
+ }
+ }
+
+ public static class ECDHC
+ extends KeyFactory
+ {
+ public ECDHC()
+ {
+ super("ECDHC");
+ }
+ }
+
+ public static class ECMQV
+ extends KeyFactory
+ {
+ public ECMQV()
+ {
+ super("ECMQV");
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
new file mode 100644
index 0000000..ab104ed
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
@@ -0,0 +1,352 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.jce.provider.JCEECPrivateKey;
+import org.bouncycastle.jce.provider.JCEECPublicKey;
+import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
+import org.bouncycastle.jce.provider.ProviderUtil;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+public abstract class KeyPairGenerator
+ extends JDKKeyPairGenerator
+{
+ public KeyPairGenerator(String algorithmName)
+ {
+ super(algorithmName);
+ }
+
+ public static class EC
+ extends KeyPairGenerator
+ {
+ ECKeyGenerationParameters param;
+ ECKeyPairGenerator engine = new ECKeyPairGenerator();
+ Object ecParams = null;
+ int strength = 239;
+ int certainty = 50;
+ SecureRandom random = new SecureRandom();
+ boolean initialised = false;
+ String algorithm;
+
+ static private Hashtable ecParameters;
+
+ static {
+ ecParameters = new Hashtable();
+
+ // BEGIN android-changed
+ ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
+ ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1"));
+ ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
+
+ ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224"));
+ ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384"));
+ ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521"));
+ // END android-changed
+ }
+
+ public EC()
+ {
+ super("EC");
+ this.algorithm = "EC";
+ }
+
+ public EC(
+ String algorithm)
+ {
+ super(algorithm);
+ this.algorithm = algorithm;
+ }
+
+ public void initialize(
+ int strength,
+ SecureRandom random)
+ {
+ this.strength = strength;
+ // BEGIN android-added
+ if (random != null) {
+ // END android-added
+ this.random = random;
+ // BEGIN android-added
+ }
+ // END android-added
+ // BEGIN android-changed
+ this.ecParams = ecParameters.get(Integer.valueOf(strength));
+ // END android-changed
+
+ if (ecParams != null)
+ {
+ try
+ {
+ initialize((ECGenParameterSpec)ecParams, random);
+ }
+ catch (InvalidAlgorithmParameterException e)
+ {
+ throw new InvalidParameterException("key size not configurable.");
+ }
+ }
+ else
+ {
+ throw new InvalidParameterException("unknown key size.");
+ }
+ }
+
+ public void initialize(
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ // BEGIN android-added
+ if (random == null) {
+ random = this.random;
+ }
+ // END android-added
+ if (params instanceof ECParameterSpec)
+ {
+ ECParameterSpec p = (ECParameterSpec)params;
+ this.ecParams = params;
+
+ param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
+
+ engine.init(param);
+ initialised = true;
+ }
+ else if (params instanceof java.security.spec.ECParameterSpec)
+ {
+ java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params;
+ this.ecParams = params;
+
+ ECCurve curve = EC5Util.convertCurve(p.getCurve());
+ ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false);
+
+ param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
+
+ engine.init(param);
+ initialised = true;
+ }
+ else if (params instanceof ECGenParameterSpec)
+ {
+ final String curveName = ((ECGenParameterSpec)params).getName();
+
+ // BEGIN android-removed
+ // if (this.algorithm.equals("ECGOST3410"))
+ // {
+ // ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName);
+ // if (ecP == null)
+ // {
+ // throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+ // }
+ //
+ // this.ecParams = new ECNamedCurveSpec(
+ // curveName,
+ // ecP.getCurve(),
+ // ecP.getG(),
+ // ecP.getN(),
+ // ecP.getH(),
+ // ecP.getSeed());
+ // }
+ // else
+ // END android-removed
+ {
+ X9ECParameters ecP = X962NamedCurves.getByName(curveName);
+ if (ecP == null)
+ {
+ ecP = SECNamedCurves.getByName(curveName);
+ if (ecP == null)
+ {
+ ecP = NISTNamedCurves.getByName(curveName);
+ }
+ // BEGIN android-removed
+ // if (ecP == null)
+ // {
+ // ecP = TeleTrusTNamedCurves.getByName(curveName);
+ // }
+ // END android-removed
+ if (ecP == null)
+ {
+ // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
+ try
+ {
+ DERObjectIdentifier oid = new DERObjectIdentifier(curveName);
+ ecP = X962NamedCurves.getByOID(oid);
+ if (ecP == null)
+ {
+ ecP = SECNamedCurves.getByOID(oid);
+ }
+ if (ecP == null)
+ {
+ ecP = NISTNamedCurves.getByOID(oid);
+ }
+ // BEGIN android-removed
+ // if (ecP == null)
+ // {
+ // ecP = TeleTrusTNamedCurves.getByOID(oid);
+ // }
+ // END android-removed
+ if (ecP == null)
+ {
+ throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
+ }
+ }
+ catch (IllegalArgumentException ex)
+ {
+ throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+ }
+ }
+ }
+
+ this.ecParams = new ECNamedCurveSpec(
+ curveName,
+ ecP.getCurve(),
+ ecP.getG(),
+ ecP.getN(),
+ ecP.getH(),
+ null); // ecP.getSeed()); Work-around JDK bug -- it won't look up named curves properly if seed is present
+ }
+
+ java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams;
+
+ ECCurve curve = EC5Util.convertCurve(p.getCurve());
+ ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false);
+
+ param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
+
+ engine.init(param);
+ initialised = true;
+ }
+ else if (params == null && ProviderUtil.getEcImplicitlyCa() != null)
+ {
+ ECParameterSpec p = ProviderUtil.getEcImplicitlyCa();
+ this.ecParams = params;
+
+ param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
+
+ engine.init(param);
+ initialised = true;
+ }
+ else if (params == null && ProviderUtil.getEcImplicitlyCa() == null)
+ {
+ throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set");
+ }
+ else
+ {
+ throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec");
+ }
+ }
+
+ public KeyPair generateKeyPair()
+ {
+ if (!initialised)
+ {
+ // BEGIN android-removed
+ // throw new IllegalStateException("EC Key Pair Generator not initialised");
+ // END android-removed
+ // BEGIN android-added
+ /*
+ * KeyPairGenerator documentation says that a default initialization must be provided
+ */
+ initialize(192, random);
+ // END android-added
+ }
+
+ AsymmetricCipherKeyPair pair = engine.generateKeyPair();
+ ECPublicKeyParameters pub = (ECPublicKeyParameters)pair.getPublic();
+ ECPrivateKeyParameters priv = (ECPrivateKeyParameters)pair.getPrivate();
+
+ if (ecParams instanceof ECParameterSpec)
+ {
+ ECParameterSpec p = (ECParameterSpec)ecParams;
+
+ JCEECPublicKey pubKey = new JCEECPublicKey(algorithm, pub, p);
+ return new KeyPair(pubKey,
+ new JCEECPrivateKey(algorithm, priv, pubKey, p));
+ }
+ else if (ecParams == null)
+ {
+ return new KeyPair(new JCEECPublicKey(algorithm, pub),
+ new JCEECPrivateKey(algorithm, priv));
+ }
+ else
+ {
+ java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams;
+
+ JCEECPublicKey pubKey = new JCEECPublicKey(algorithm, pub, p);
+
+ return new KeyPair(pubKey, new JCEECPrivateKey(algorithm, priv, pubKey, p));
+ }
+ }
+ }
+
+ public static class ECDSA
+ extends EC
+ {
+ public ECDSA()
+ {
+ super("ECDSA");
+ }
+ }
+
+ // BEGIN android-removed
+ // public static class ECGOST3410
+ // extends EC
+ // {
+ // public ECGOST3410()
+ // {
+ // super("ECGOST3410");
+ // }
+ // }
+ // END android-removed
+
+ public static class ECDH
+ extends EC
+ {
+ public ECDH()
+ {
+ super("ECDH");
+ }
+ }
+
+ public static class ECDHC
+ extends EC
+ {
+ public ECDHC()
+ {
+ super("ECDHC");
+ }
+ }
+
+ public static class ECMQV
+ extends EC
+ {
+ public ECMQV()
+ {
+ super("ECMQV");
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
new file mode 100644
index 0000000..0bb21f8
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
@@ -0,0 +1,344 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.interfaces.ECPublicKey;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.NullDigest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// END android-removed
+import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// END android-removed
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.ECDSASigner;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.signers.ECNRSigner;
+// END android-removed
+import org.bouncycastle.jce.interfaces.ECKey;
+import org.bouncycastle.jce.provider.DSABase;
+import org.bouncycastle.jce.provider.DSAEncoder;
+import org.bouncycastle.jce.provider.JDKKeyFactory;
+
+public class Signature
+ extends DSABase
+{
+ Signature(Digest digest, DSA signer, DSAEncoder encoder)
+ {
+ super(digest, signer, encoder);
+ }
+
+ protected void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException
+ {
+ CipherParameters param;
+
+ if (publicKey instanceof ECPublicKey)
+ {
+ param = ECUtil.generatePublicKeyParameter(publicKey);
+ }
+ else
+ {
+ try
+ {
+ byte[] bytes = publicKey.getEncoded();
+
+ publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes);
+
+ if (publicKey instanceof ECPublicKey)
+ {
+ param = ECUtil.generatePublicKeyParameter(publicKey);
+ }
+ else
+ {
+ throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
+ }
+ }
+ catch (Exception e)
+ {
+ throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
+ }
+ }
+
+ digest.reset();
+ signer.init(false, param);
+ }
+
+ protected void engineInitSign(
+ PrivateKey privateKey,
+ SecureRandom random)
+ throws InvalidKeyException
+ {
+ CipherParameters param;
+
+ if (privateKey instanceof ECKey)
+ {
+ param = ECUtil.generatePrivateKeyParameter(privateKey);
+ }
+ else
+ {
+ throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
+ }
+
+ digest.reset();
+
+ if (random != null)
+ {
+ signer.init(true, new ParametersWithRandom(param, random));
+ }
+ else
+ {
+ signer.init(true, param);
+ }
+ }
+
+ static public class ecDSA
+ extends Signature
+ {
+ public ecDSA()
+ {
+ super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder());
+ }
+ }
+
+ static public class ecDSAnone
+ extends Signature
+ {
+ public ecDSAnone()
+ {
+ super(new NullDigest(), new ECDSASigner(), new StdDSAEncoder());
+ }
+ }
+
+ // BEGIN android-removed
+ // static public class ecDSA224
+ // extends Signature
+ // {
+ // public ecDSA224()
+ // {
+ // super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
+ // }
+ // }
+ // END android-removed
+
+ static public class ecDSA256
+ extends Signature
+ {
+ public ecDSA256()
+ {
+ super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder());
+ }
+ }
+
+ static public class ecDSA384
+ extends Signature
+ {
+ public ecDSA384()
+ {
+ super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder());
+ }
+ }
+
+ static public class ecDSA512
+ extends Signature
+ {
+ public ecDSA512()
+ {
+ super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder());
+ }
+ }
+
+ // BEGIN android-removed
+ // static public class ecDSARipeMD160
+ // extends Signature
+ // {
+ // public ecDSARipeMD160()
+ // {
+ // super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecNR
+ // extends Signature
+ // {
+ // public ecNR()
+ // {
+ // super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecNR224
+ // extends Signature
+ // {
+ // public ecNR224()
+ // {
+ // super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecNR256
+ // extends Signature
+ // {
+ // public ecNR256()
+ // {
+ // super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecNR384
+ // extends Signature
+ // {
+ // public ecNR384()
+ // {
+ // super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecNR512
+ // extends Signature
+ // {
+ // public ecNR512()
+ // {
+ // super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecCVCDSA
+ // extends Signature
+ // {
+ // public ecCVCDSA()
+ // {
+ // super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecCVCDSA224
+ // extends Signature
+ // {
+ // public ecCVCDSA224()
+ // {
+ // super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
+ // }
+ // }
+ //
+ // static public class ecCVCDSA256
+ // extends Signature
+ // {
+ // public ecCVCDSA256()
+ // {
+ // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
+ // }
+ // }
+ // END android-removed
+
+ private static class StdDSAEncoder
+ implements DSAEncoder
+ {
+ public byte[] encode(
+ BigInteger r,
+ BigInteger s)
+ throws IOException
+ {
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(new DERInteger(r));
+ v.add(new DERInteger(s));
+
+ return new DERSequence(v).getEncoded(ASN1Encodable.DER);
+ }
+
+ public BigInteger[] decode(
+ byte[] encoding)
+ throws IOException
+ {
+ ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(encoding);
+ BigInteger[] sig = new BigInteger[2];
+
+ sig[0] = ((DERInteger)s.getObjectAt(0)).getValue();
+ sig[1] = ((DERInteger)s.getObjectAt(1)).getValue();
+
+ return sig;
+ }
+ }
+
+ private static class CVCDSAEncoder
+ implements DSAEncoder
+ {
+ public byte[] encode(
+ BigInteger r,
+ BigInteger s)
+ throws IOException
+ {
+ byte[] first = makeUnsigned(r);
+ byte[] second = makeUnsigned(s);
+ byte[] res;
+
+ if (first.length > second.length)
+ {
+ res = new byte[first.length * 2];
+ }
+ else
+ {
+ res = new byte[second.length * 2];
+ }
+
+ System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
+ System.arraycopy(second, 0, res, res.length - second.length, second.length);
+
+ return res;
+ }
+
+
+ private byte[] makeUnsigned(BigInteger val)
+ {
+ byte[] res = val.toByteArray();
+
+ if (res[0] == 0)
+ {
+ byte[] tmp = new byte[res.length - 1];
+
+ System.arraycopy(res, 1, tmp, 0, tmp.length);
+
+ return tmp;
+ }
+
+ return res;
+ }
+
+ public BigInteger[] decode(
+ byte[] encoding)
+ throws IOException
+ {
+ BigInteger[] sig = new BigInteger[2];
+
+ byte[] first = new byte[encoding.length / 2];
+ byte[] second = new byte[encoding.length / 2];
+
+ System.arraycopy(encoding, 0, first, 0, first.length);
+ System.arraycopy(encoding, first.length, second, 0, second.length);
+
+ sig[0] = new BigInteger(1, first);
+ sig[1] = new BigInteger(1, second);
+
+ return sig;
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
index f2e84e4..6076ee5 100644
--- a/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
@@ -1,27 +1,32 @@
package org.bouncycastle.jce.provider.symmetric;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.AESEngine;
-import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.engines.AESWrapEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-import org.bouncycastle.jce.provider.WrapCipherSpi;
-
-import javax.crypto.spec.IvParameterSpec;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
+import java.util.HashMap;
+
+import javax.crypto.spec.IvParameterSpec;
+
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.AESWrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.JCEBlockCipher;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JCEMac;
+import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
+import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
+import org.bouncycastle.jce.provider.WrapCipherSpi;
public final class AES
{
@@ -65,6 +70,15 @@
// super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128);
// }
// }
+ //
+ // public static class AESCMAC
+ // extends JCEMac
+ // {
+ // public AESCMAC()
+ // {
+ // super(new CMac(new AESFastEngine()));
+ // }
+ // }
// END android-removed
static public class Wrap
@@ -82,7 +96,7 @@
// {
// public RFC3211Wrap()
// {
- // super(new RFC3211WrapEngine(new AESEngine()), 16);
+ // super(new RFC3211WrapEngine(new AESFastEngine()), 16);
// }
// }
// END android-removed
@@ -155,7 +169,7 @@
//
// try
// {
- // params = AlgorithmParameters.getInstance("AES", "BC");
+ // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
// params.init(new IvParameterSpec(iv));
// }
// catch (Exception e)
@@ -176,4 +190,89 @@
return "AES IV";
}
}
+
+ public static class Mappings
+ extends HashMap
+ {
+ /**
+ * These three got introduced in some messages as a result of a typo in an
+ * early document. We don't produce anything using these OID values, but we'll
+ * read them.
+ */
+ private static final String wrongAES128 = "2.16.840.1.101.3.4.2";
+ private static final String wrongAES192 = "2.16.840.1.101.3.4.22";
+ private static final String wrongAES256 = "2.16.840.1.101.3.4.42";
+
+ public Mappings()
+ {
+ put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParams");
+ put("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES");
+ put("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES");
+ put("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES");
+ put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+ put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+ put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+
+ // BEGIN android-removed
+ // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+ // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+ // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+ // END android-removed
+
+ put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+ put("Alg.Alias.Cipher." + wrongAES128, "AES");
+ put("Alg.Alias.Cipher." + wrongAES192, "AES");
+ put("Alg.Alias.Cipher." + wrongAES256, "AES");
+ // BEGIN android-removed
+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+ // put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+ // END android-removed
+ put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
+ put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
+ // BEGIN android-removed
+ // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
+ // END android-removed
+
+ put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+ // BEGIN android-removed
+ // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+ // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+ // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+ // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+ // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+ //
+ // put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC");
+ // END android-removed
+ }
+ }
}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/AESMappings.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/AESMappings.java
deleted file mode 100644
index b3294c3..0000000
--- a/src/main/java/org/bouncycastle/jce/provider/symmetric/AESMappings.java
+++ /dev/null
@@ -1,88 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-
-import java.util.HashMap;
-
-public class AESMappings
- extends HashMap
-{
- /**
- * These three got introduced in some messages as a result of a typo in an
- * early document. We don't produce anything using these OID values, but we'll
- * read them.
- */
- private static final String wrongAES128 = "2.16.840.1.101.3.4.2";
- private static final String wrongAES192 = "2.16.840.1.101.3.4.22";
- private static final String wrongAES256 = "2.16.840.1.101.3.4.42";
-
- public AESMappings()
- {
- put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParams");
- put("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES");
- put("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES");
- put("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES");
- put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
- put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
- put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-
- // BEGIN android-removed
- // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
- // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
- // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
- // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
- // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
- // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
- // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
- // END android-removed
-
- put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
- put("Alg.Alias.Cipher." + wrongAES128, "AES");
- put("Alg.Alias.Cipher." + wrongAES192, "AES");
- put("Alg.Alias.Cipher." + wrongAES256, "AES");
- // BEGIN android-changed
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "AES");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "AES");
- // END android-changed
- put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
- put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
- // BEGIN android-removed
- // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
- // END android-removed
-
- put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
- // BEGIN android-removed
- // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
- // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
- // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
- // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
- // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
- // END android-removed
- }
-}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java
new file mode 100644
index 0000000..1206f6c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java
@@ -0,0 +1,50 @@
+package org.bouncycastle.jce.provider.symmetric;
+
+import java.util.HashMap;
+
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.engines.RC4Engine;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JCEStreamCipher;
+
+public final class ARC4
+{
+ private ARC4()
+ {
+ }
+
+ public static class Base
+ extends JCEStreamCipher
+ {
+ public Base()
+ {
+ super(new RC4Engine(), 0);
+ }
+ }
+
+ public static class KeyGen
+ extends JCEKeyGenerator
+ {
+ public KeyGen()
+ {
+ // BEGIN android-changed
+ super("ARC4", 128, new CipherKeyGenerator());
+ // END android-changed
+ }
+ }
+
+ public static class Mappings
+ extends HashMap
+ {
+ public Mappings()
+ {
+ put("Cipher.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$Base");
+ put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4");
+ put("Alg.Alias.Cipher.ARCFOUR", "ARC4");
+ put("Alg.Alias.Cipher.RC4", "ARC4");
+ put("KeyGenerator.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$KeyGen");
+ put("Alg.Alias.KeyGenerator.RC4", "ARC4");
+ put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4");
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java
new file mode 100644
index 0000000..b1a8b72
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java
@@ -0,0 +1,69 @@
+package org.bouncycastle.jce.provider.symmetric;
+
+import java.util.HashMap;
+
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.engines.BlowfishEngine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.jce.provider.JCEBlockCipher;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
+
+public final class Blowfish
+{
+ private Blowfish()
+ {
+ }
+
+ public static class ECB
+ extends JCEBlockCipher
+ {
+ public ECB()
+ {
+ super(new BlowfishEngine());
+ }
+ }
+
+ public static class CBC
+ extends JCEBlockCipher
+ {
+ public CBC()
+ {
+ super(new CBCBlockCipher(new BlowfishEngine()), 64);
+ }
+ }
+
+ public static class KeyGen
+ extends JCEKeyGenerator
+ {
+ public KeyGen()
+ {
+ super("Blowfish", 128, new CipherKeyGenerator());
+ }
+ }
+
+ public static class AlgParams
+ extends JDKAlgorithmParameters.IVAlgorithmParameters
+ {
+ protected String engineToString()
+ {
+ return "Blowfish IV";
+ }
+ }
+
+ public static class Mappings
+ extends HashMap
+ {
+ public Mappings()
+ {
+ put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$ECB");
+ // BEGIN android-removed
+ // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC");
+ // END android-removed
+ put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$KeyGen");
+ put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
+ put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams");
+ put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java
new file mode 100644
index 0000000..ec35f61
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java
@@ -0,0 +1,313 @@
+package org.bouncycastle.jce.provider.symmetric;
+
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.util.HashMap;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.DESedeKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.engines.DESedeWrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// END android-removed
+import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
+import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
+import org.bouncycastle.jce.provider.JCEBlockCipher;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JCEMac;
+import org.bouncycastle.jce.provider.JCESecretKeyFactory;
+import org.bouncycastle.jce.provider.WrapCipherSpi;
+
+public final class DESede
+{
+ private DESede()
+ {
+ }
+
+ static public class ECB
+ extends JCEBlockCipher
+ {
+ public ECB()
+ {
+ super(new DESedeEngine());
+ }
+ }
+
+ static public class CBC
+ extends JCEBlockCipher
+ {
+ public CBC()
+ {
+ super(new CBCBlockCipher(new DESedeEngine()), 64);
+ }
+ }
+
+ // BEGIN android-removed
+ // /**
+ // * DESede CFB8
+ // */
+ // public static class DESedeCFB8
+ // extends JCEMac
+ // {
+ // public DESedeCFB8()
+ // {
+ // super(new CFBBlockCipherMac(new DESedeEngine()));
+ // }
+ // }
+ // END android-removed
+
+ /**
+ * DESede64
+ */
+ public static class DESede64
+ extends JCEMac
+ {
+ public DESede64()
+ {
+ super(new CBCBlockCipherMac(new DESedeEngine(), 64));
+ }
+ }
+
+ /**
+ * DESede64with7816-4Padding
+ */
+ public static class DESede64with7816d4
+ extends JCEMac
+ {
+ public DESede64with7816d4()
+ {
+ super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
+ }
+ }
+
+ public static class CBCMAC
+ extends JCEMac
+ {
+ public CBCMAC()
+ {
+ super(new CBCBlockCipherMac(new DESedeEngine()));
+ }
+ }
+
+ // BEGIN android-removed
+ // static public class CMAC
+ // extends JCEMac
+ // {
+ // public CMAC()
+ // {
+ // super(new CMac(new DESedeEngine()));
+ // }
+ // }
+ // END android-removed
+
+ public static class Wrap
+ extends WrapCipherSpi
+ {
+ public Wrap()
+ {
+ super(new DESedeWrapEngine());
+ }
+ }
+
+ // BEGIN android-removed
+ // public static class RFC3211
+ // extends WrapCipherSpi
+ // {
+ // public RFC3211()
+ // {
+ // super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+ // }
+ // }
+ // END android-removed
+
+ /**
+ * DESede - the default for this is to generate a key in
+ * a-b-a format that's 24 bytes long but has 16 bytes of
+ * key material (the first 8 bytes is repeated as the last
+ * 8 bytes). If you give it a size, you'll get just what you
+ * asked for.
+ */
+ public static class KeyGenerator
+ extends JCEKeyGenerator
+ {
+ private boolean keySizeSet = false;
+
+ public KeyGenerator()
+ {
+ super("DESede", 192, new DESedeKeyGenerator());
+ }
+
+ protected void engineInit(
+ int keySize,
+ SecureRandom random)
+ {
+ super.engineInit(keySize, random);
+ keySizeSet = true;
+ }
+
+ protected SecretKey engineGenerateKey()
+ {
+ if (uninitialised)
+ {
+ engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize));
+ uninitialised = false;
+ }
+
+ //
+ // if no key size has been defined generate a 24 byte key in
+ // the a-b-a format
+ //
+ if (!keySizeSet)
+ {
+ byte[] k = engine.generateKey();
+
+ System.arraycopy(k, 0, k, 16, 8);
+
+ return new SecretKeySpec(k, algName);
+ }
+ else
+ {
+ return new SecretKeySpec(engine.generateKey(), algName);
+ }
+ }
+ }
+
+ /**
+ * generate a desEDE key in the a-b-c format.
+ */
+ public static class KeyGenerator3
+ extends JCEKeyGenerator
+ {
+ public KeyGenerator3()
+ {
+ super("DESede3", 192, new DESedeKeyGenerator());
+ }
+ }
+
+ static public class KeyFactory
+ extends JCESecretKeyFactory
+ {
+ public KeyFactory()
+ {
+ super("DESede", null);
+ }
+
+ protected KeySpec engineGetKeySpec(
+ SecretKey key,
+ Class keySpec)
+ throws InvalidKeySpecException
+ {
+ if (keySpec == null)
+ {
+ throw new InvalidKeySpecException("keySpec parameter is null");
+ }
+ if (key == null)
+ {
+ throw new InvalidKeySpecException("key parameter is null");
+ }
+
+ if (SecretKeySpec.class.isAssignableFrom(keySpec))
+ {
+ return new SecretKeySpec(key.getEncoded(), algName);
+ }
+ else if (DESedeKeySpec.class.isAssignableFrom(keySpec))
+ {
+ byte[] bytes = key.getEncoded();
+
+ try
+ {
+ if (bytes.length == 16)
+ {
+ byte[] longKey = new byte[24];
+
+ System.arraycopy(bytes, 0, longKey, 0, 16);
+ System.arraycopy(bytes, 0, longKey, 16, 8);
+
+ return new DESedeKeySpec(longKey);
+ }
+ else
+ {
+ return new DESedeKeySpec(bytes);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new InvalidKeySpecException(e.toString());
+ }
+ }
+
+ throw new InvalidKeySpecException("Invalid KeySpec");
+ }
+
+ protected SecretKey engineGenerateSecret(
+ KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ if (keySpec instanceof DESedeKeySpec)
+ {
+ DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec;
+ return new SecretKeySpec(desKeySpec.getKey(), "DESede");
+ }
+
+ return super.engineGenerateSecret(keySpec);
+ }
+ }
+
+ public static class Mappings
+ extends HashMap
+ {
+ public Mappings()
+ {
+ put("Cipher.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$ECB");
+ // BEGIN android-removed
+ // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
+ // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
+ // END android-removed
+ put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
+ // BEGIN android-changed
+ put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
+ // END android-changed
+ // BEGIN android-removed
+ // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211");
+ // END android-removed
+
+ put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
+ // BEGIN android-removed
+ // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3");
+ // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
+ // END android-removed
+
+ put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyFactory");
+
+ // BEGIN android-removed
+ // put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC");
+ // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC");
+ // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+ //
+ // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8");
+ // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+ //
+ // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64");
+ // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+ //
+ // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4");
+ // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+ // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+ // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+ // END android-removed
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java b/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java
new file mode 100644
index 0000000..1215784
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java
@@ -0,0 +1,26 @@
+package org.bouncycastle.jce.spec;
+
+import java.security.spec.KeySpec;
+
+/**
+ * base class for an Elliptic Curve Key Spec
+ */
+public class ECKeySpec
+ implements KeySpec
+{
+ private ECParameterSpec spec;
+
+ protected ECKeySpec(
+ ECParameterSpec spec)
+ {
+ this.spec = spec;
+ }
+
+ /**
+ * return the domain parameters for the curve
+ */
+ public ECParameterSpec getParams()
+ {
+ return spec;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
new file mode 100644
index 0000000..47416a2
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
@@ -0,0 +1,62 @@
+package org.bouncycastle.jce.spec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * specification signifying that the curve parameters can also be
+ * refered to by name.
+ * <p>
+ * If you are using JDK 1.5 you should be looking at ECNamedCurveSpec.
+ */
+public class ECNamedCurveParameterSpec
+ extends ECParameterSpec
+{
+ private String name;
+
+ public ECNamedCurveParameterSpec(
+ String name,
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n)
+ {
+ super(curve, G, n);
+
+ this.name = name;
+ }
+
+ public ECNamedCurveParameterSpec(
+ String name,
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n,
+ BigInteger h)
+ {
+ super(curve, G, n, h);
+
+ this.name = name;
+ }
+
+ public ECNamedCurveParameterSpec(
+ String name,
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n,
+ BigInteger h,
+ byte[] seed)
+ {
+ super(curve, G, n, h, seed);
+
+ this.name = name;
+ }
+
+ /**
+ * return the name of the curve the EC domain parameters belong to.
+ */
+ public String getName()
+ {
+ return name;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java
new file mode 100644
index 0000000..84ebf70
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.jce.spec;
+
+import java.math.BigInteger;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECPoint;
+import java.security.spec.EllipticCurve;
+
+import org.bouncycastle.math.ec.ECCurve;
+
+/**
+ * specification signifying that the curve parameters can also be
+ * referred to by name.
+ */
+public class ECNamedCurveSpec
+ extends java.security.spec.ECParameterSpec
+{
+ private String name;
+
+ private static EllipticCurve convertCurve(
+ ECCurve curve,
+ byte[] seed)
+ {
+ if (curve instanceof ECCurve.Fp)
+ {
+ return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
+ }
+ else
+ {
+ ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
+ int ks[];
+
+ if (curveF2m.isTrinomial())
+ {
+ ks = new int[] { curveF2m.getK1() };
+
+ return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
+ }
+ else
+ {
+ ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() };
+
+ return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
+ }
+ }
+
+ }
+
+ private static ECPoint convertPoint(
+ org.bouncycastle.math.ec.ECPoint g)
+ {
+ return new ECPoint(g.getX().toBigInteger(), g.getY().toBigInteger());
+ }
+
+ public ECNamedCurveSpec(
+ String name,
+ ECCurve curve,
+ org.bouncycastle.math.ec.ECPoint g,
+ BigInteger n)
+ {
+ super(convertCurve(curve, null), convertPoint(g), n, 1);
+
+ this.name = name;
+ }
+
+ public ECNamedCurveSpec(
+ String name,
+ EllipticCurve curve,
+ ECPoint g,
+ BigInteger n)
+ {
+ super(curve, g, n, 1);
+
+ this.name = name;
+ }
+
+ public ECNamedCurveSpec(
+ String name,
+ ECCurve curve,
+ org.bouncycastle.math.ec.ECPoint g,
+ BigInteger n,
+ BigInteger h)
+ {
+ super(convertCurve(curve, null), convertPoint(g), n, h.intValue());
+
+ this.name = name;
+ }
+
+ public ECNamedCurveSpec(
+ String name,
+ EllipticCurve curve,
+ ECPoint g,
+ BigInteger n,
+ BigInteger h)
+ {
+ super(curve, g, n, h.intValue());
+
+ this.name = name;
+ }
+
+ public ECNamedCurveSpec(
+ String name,
+ ECCurve curve,
+ org.bouncycastle.math.ec.ECPoint g,
+ BigInteger n,
+ BigInteger h,
+ byte[] seed)
+ {
+ super(convertCurve(curve, seed), convertPoint(g), n, h.intValue());
+
+ this.name = name;
+ }
+
+ /**
+ * return the name of the curve the EC domain parameters belong to.
+ */
+ public String getName()
+ {
+ return name;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java b/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java
new file mode 100644
index 0000000..e774a11
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.jce.spec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+import java.math.BigInteger;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * basic domain parameters for an Elliptic Curve public or private key.
+ */
+public class ECParameterSpec
+ implements AlgorithmParameterSpec
+{
+ private ECCurve curve;
+ private byte[] seed;
+ private ECPoint G;
+ private BigInteger n;
+ private BigInteger h;
+
+ public ECParameterSpec(
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n)
+ {
+ this.curve = curve;
+ this.G = G;
+ this.n = n;
+ this.h = BigInteger.valueOf(1);
+ this.seed = null;
+ }
+
+ public ECParameterSpec(
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n,
+ BigInteger h)
+ {
+ this.curve = curve;
+ this.G = G;
+ this.n = n;
+ this.h = h;
+ this.seed = null;
+ }
+
+ public ECParameterSpec(
+ ECCurve curve,
+ ECPoint G,
+ BigInteger n,
+ BigInteger h,
+ byte[] seed)
+ {
+ this.curve = curve;
+ this.G = G;
+ this.n = n;
+ this.h = h;
+ this.seed = seed;
+ }
+
+ /**
+ * return the curve along which the base point lies.
+ * @return the curve
+ */
+ public ECCurve getCurve()
+ {
+ return curve;
+ }
+
+ /**
+ * return the base point we are using for these domain parameters.
+ * @return the base point.
+ */
+ public ECPoint getG()
+ {
+ return G;
+ }
+
+ /**
+ * return the order N of G
+ * @return the order
+ */
+ public BigInteger getN()
+ {
+ return n;
+ }
+
+ /**
+ * return the cofactor H to the order of G.
+ * @return the cofactor
+ */
+ public BigInteger getH()
+ {
+ return h;
+ }
+
+ /**
+ * return the seed used to generate this curve (if available).
+ * @return the random seed
+ */
+ public byte[] getSeed()
+ {
+ return seed;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof ECParameterSpec))
+ {
+ return false;
+ }
+
+ ECParameterSpec other = (ECParameterSpec)o;
+
+ return this.getCurve().equals(other.getCurve()) && this.getG().equals(other.getG());
+ }
+
+ public int hashCode()
+ {
+ return this.getCurve().hashCode() ^ this.getG().hashCode();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java b/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java
new file mode 100644
index 0000000..27885c4
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.jce.spec;
+
+import java.math.BigInteger;
+
+/**
+ * Elliptic Curve private key specification.
+ */
+public class ECPrivateKeySpec
+ extends ECKeySpec
+{
+ private BigInteger d;
+
+ /**
+ * base constructor
+ *
+ * @param d the private number for the key.
+ * @param spec the domain parameters for the curve being used.
+ */
+ public ECPrivateKeySpec(
+ BigInteger d,
+ ECParameterSpec spec)
+ {
+ super(spec);
+
+ this.d = d;
+ }
+
+ /**
+ * return the private number D
+ */
+ public BigInteger getD()
+ {
+ return d;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java b/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java
new file mode 100644
index 0000000..debab00
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.jce.spec;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * Elliptic Curve public key specification
+ */
+public class ECPublicKeySpec
+ extends ECKeySpec
+{
+ private ECPoint q;
+
+ /**
+ * base constructor
+ *
+ * @param q the public point on the curve.
+ * @param spec the domain parameters for the curve.
+ */
+ public ECPublicKeySpec(
+ ECPoint q,
+ ECParameterSpec spec)
+ {
+ super(spec);
+
+ this.q = q;
+ }
+
+ /**
+ * return the public point q
+ */
+ public ECPoint getQ()
+ {
+ return q;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java b/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
new file mode 100644
index 0000000..78a7a8f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
@@ -0,0 +1,92 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+public class ECAlgorithms
+{
+ public static ECPoint sumOfTwoMultiplies(ECPoint P, BigInteger a,
+ ECPoint Q, BigInteger b)
+ {
+ ECCurve c = P.getCurve();
+ if (!c.equals(Q.getCurve()))
+ {
+ throw new IllegalArgumentException("P and Q must be on same curve");
+ }
+
+ // Point multiplication for Koblitz curves (using WTNAF) beats Shamir's trick
+ if (c instanceof ECCurve.F2m)
+ {
+ ECCurve.F2m f2mCurve = (ECCurve.F2m)c;
+ if (f2mCurve.isKoblitz())
+ {
+ return P.multiply(a).add(Q.multiply(b));
+ }
+ }
+
+ return implShamirsTrick(P, a, Q, b);
+ }
+
+ /*
+ * "Shamir's Trick", originally due to E. G. Straus
+ * (Addition chains of vectors. American Mathematical Monthly,
+ * 71(7):806-808, Aug./Sept. 1964)
+ * <pre>
+ * Input: The points P, Q, scalar k = (km?, ... , k1, k0)
+ * and scalar l = (lm?, ... , l1, l0).
+ * Output: R = k * P + l * Q.
+ * 1: Z <- P + Q
+ * 2: R <- O
+ * 3: for i from m-1 down to 0 do
+ * 4: R <- R + R {point doubling}
+ * 5: if (ki = 1) and (li = 0) then R <- R + P end if
+ * 6: if (ki = 0) and (li = 1) then R <- R + Q end if
+ * 7: if (ki = 1) and (li = 1) then R <- R + Z end if
+ * 8: end for
+ * 9: return R
+ * </pre>
+ */
+ public static ECPoint shamirsTrick(ECPoint P, BigInteger k,
+ ECPoint Q, BigInteger l)
+ {
+ if (!P.getCurve().equals(Q.getCurve()))
+ {
+ throw new IllegalArgumentException("P and Q must be on same curve");
+ }
+
+ return implShamirsTrick(P, k, Q, l);
+ }
+
+ private static ECPoint implShamirsTrick(ECPoint P, BigInteger k,
+ ECPoint Q, BigInteger l)
+ {
+ int m = Math.max(k.bitLength(), l.bitLength());
+ ECPoint Z = P.add(Q);
+ ECPoint R = P.getCurve().getInfinity();
+
+ for (int i = m - 1; i >= 0; --i)
+ {
+ R = R.twice();
+
+ if (k.testBit(i))
+ {
+ if (l.testBit(i))
+ {
+ R = R.add(Z);
+ }
+ else
+ {
+ R = R.add(P);
+ }
+ }
+ else
+ {
+ if (l.testBit(i))
+ {
+ R = R.add(Q);
+ }
+ }
+ }
+
+ return R;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECConstants.java b/src/main/java/org/bouncycastle/math/ec/ECConstants.java
new file mode 100644
index 0000000..864f746
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECConstants.java
@@ -0,0 +1,12 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+public interface ECConstants
+{
+ public static final BigInteger ZERO = BigInteger.valueOf(0);
+ public static final BigInteger ONE = BigInteger.valueOf(1);
+ public static final BigInteger TWO = BigInteger.valueOf(2);
+ public static final BigInteger THREE = BigInteger.valueOf(3);
+ public static final BigInteger FOUR = BigInteger.valueOf(4);
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/src/main/java/org/bouncycastle/math/ec/ECCurve.java
new file mode 100644
index 0000000..c984104
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECCurve.java
@@ -0,0 +1,668 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+import java.util.Random;
+
+/**
+ * base class for an elliptic curve
+ */
+public abstract class ECCurve
+{
+ ECFieldElement a, b;
+
+ public abstract int getFieldSize();
+
+ public abstract ECFieldElement fromBigInteger(BigInteger x);
+
+ public abstract ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression);
+
+ public abstract ECPoint decodePoint(byte[] encoded);
+
+ public abstract ECPoint getInfinity();
+
+ public ECFieldElement getA()
+ {
+ return a;
+ }
+
+ public ECFieldElement getB()
+ {
+ return b;
+ }
+
+ /**
+ * Elliptic curve over Fp
+ */
+ public static class Fp extends ECCurve
+ {
+ BigInteger q;
+ ECPoint.Fp infinity;
+
+ public Fp(BigInteger q, BigInteger a, BigInteger b)
+ {
+ this.q = q;
+ this.a = fromBigInteger(a);
+ this.b = fromBigInteger(b);
+ this.infinity = new ECPoint.Fp(this, null, null);
+ }
+
+ public BigInteger getQ()
+ {
+ return q;
+ }
+
+ public int getFieldSize()
+ {
+ return q.bitLength();
+ }
+
+ public ECFieldElement fromBigInteger(BigInteger x)
+ {
+ return new ECFieldElement.Fp(this.q, x);
+ }
+
+ public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
+ {
+ return new ECPoint.Fp(this, fromBigInteger(x), fromBigInteger(y), withCompression);
+ }
+
+ /**
+ * Decode a point on this curve from its ASN.1 encoding. The different
+ * encodings are taken account of, including point compression for
+ * <code>F<sub>p</sub></code> (X9.62 s 4.2.1 pg 17).
+ * @return The decoded point.
+ */
+ public ECPoint decodePoint(byte[] encoded)
+ {
+ ECPoint p = null;
+
+ switch (encoded[0])
+ {
+ // infinity
+ case 0x00:
+ if (encoded.length > 1)
+ {
+ throw new RuntimeException("Invalid point encoding");
+ }
+ p = getInfinity();
+ break;
+ // compressed
+ case 0x02:
+ case 0x03:
+ int ytilde = encoded[0] & 1;
+ byte[] i = new byte[encoded.length - 1];
+
+ System.arraycopy(encoded, 1, i, 0, i.length);
+
+ ECFieldElement x = new ECFieldElement.Fp(this.q, new BigInteger(1, i));
+ ECFieldElement alpha = x.multiply(x.square().add(a)).add(b);
+ ECFieldElement beta = alpha.sqrt();
+
+ //
+ // if we can't find a sqrt we haven't got a point on the
+ // curve - run!
+ //
+ if (beta == null)
+ {
+ throw new RuntimeException("Invalid point compression");
+ }
+
+ int bit0 = (beta.toBigInteger().testBit(0) ? 1 : 0);
+
+ if (bit0 == ytilde)
+ {
+ p = new ECPoint.Fp(this, x, beta, true);
+ }
+ else
+ {
+ p = new ECPoint.Fp(this, x,
+ new ECFieldElement.Fp(this.q, q.subtract(beta.toBigInteger())), true);
+ }
+ break;
+ // uncompressed
+ case 0x04:
+ // hybrid
+ case 0x06:
+ case 0x07:
+ byte[] xEnc = new byte[(encoded.length - 1) / 2];
+ byte[] yEnc = new byte[(encoded.length - 1) / 2];
+
+ System.arraycopy(encoded, 1, xEnc, 0, xEnc.length);
+ System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length);
+
+ p = new ECPoint.Fp(this,
+ new ECFieldElement.Fp(this.q, new BigInteger(1, xEnc)),
+ new ECFieldElement.Fp(this.q, new BigInteger(1, yEnc)));
+ break;
+ default:
+ throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16));
+ }
+
+ return p;
+ }
+
+ public ECPoint getInfinity()
+ {
+ return infinity;
+ }
+
+ public boolean equals(
+ Object anObject)
+ {
+ if (anObject == this)
+ {
+ return true;
+ }
+
+ if (!(anObject instanceof ECCurve.Fp))
+ {
+ return false;
+ }
+
+ ECCurve.Fp other = (ECCurve.Fp) anObject;
+
+ return this.q.equals(other.q)
+ && a.equals(other.a) && b.equals(other.b);
+ }
+
+ public int hashCode()
+ {
+ return a.hashCode() ^ b.hashCode() ^ q.hashCode();
+ }
+ }
+
+ /**
+ * Elliptic curves over F2m. The Weierstrass equation is given by
+ * <code>y<sup>2</sup> + xy = x<sup>3</sup> + ax<sup>2</sup> + b</code>.
+ */
+ public static class F2m extends ECCurve
+ {
+ /**
+ * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
+ */
+ private int m; // can't be final - JDK 1.1
+
+ /**
+ * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+ * x<sup>k</sup> + 1</code> represents the reduction polynomial
+ * <code>f(z)</code>.<br>
+ * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ private int k1; // can't be final - JDK 1.1
+
+ /**
+ * TPB: Always set to <code>0</code><br>
+ * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ private int k2; // can't be final - JDK 1.1
+
+ /**
+ * TPB: Always set to <code>0</code><br>
+ * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ private int k3; // can't be final - JDK 1.1
+
+ /**
+ * The order of the base point of the curve.
+ */
+ private BigInteger n; // can't be final - JDK 1.1
+
+ /**
+ * The cofactor of the curve.
+ */
+ private BigInteger h; // can't be final - JDK 1.1
+
+ /**
+ * The point at infinity on this curve.
+ */
+ private ECPoint.F2m infinity; // can't be final - JDK 1.1
+
+ /**
+ * The parameter <code>μ</code> of the elliptic curve if this is
+ * a Koblitz curve.
+ */
+ private byte mu = 0;
+
+ /**
+ * The auxiliary values <code>s<sub>0</sub></code> and
+ * <code>s<sub>1</sub></code> used for partial modular reduction for
+ * Koblitz curves.
+ */
+ private BigInteger[] si = null;
+
+ /**
+ * Constructor for Trinomial Polynomial Basis (TPB).
+ * @param m The exponent <code>m</code> of
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+ * x<sup>k</sup> + 1</code> represents the reduction
+ * polynomial <code>f(z)</code>.
+ * @param a The coefficient <code>a</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param b The coefficient <code>b</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ */
+ public F2m(
+ int m,
+ int k,
+ BigInteger a,
+ BigInteger b)
+ {
+ this(m, k, 0, 0, a, b, null, null);
+ }
+
+ /**
+ * Constructor for Trinomial Polynomial Basis (TPB).
+ * @param m The exponent <code>m</code> of
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+ * x<sup>k</sup> + 1</code> represents the reduction
+ * polynomial <code>f(z)</code>.
+ * @param a The coefficient <code>a</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param b The coefficient <code>b</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param n The order of the main subgroup of the elliptic curve.
+ * @param h The cofactor of the elliptic curve, i.e.
+ * <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
+ */
+ public F2m(
+ int m,
+ int k,
+ BigInteger a,
+ BigInteger b,
+ BigInteger n,
+ BigInteger h)
+ {
+ this(m, k, 0, 0, a, b, n, h);
+ }
+
+ /**
+ * Constructor for Pentanomial Polynomial Basis (PPB).
+ * @param m The exponent <code>m</code> of
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param a The coefficient <code>a</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param b The coefficient <code>b</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ */
+ public F2m(
+ int m,
+ int k1,
+ int k2,
+ int k3,
+ BigInteger a,
+ BigInteger b)
+ {
+ this(m, k1, k2, k3, a, b, null, null);
+ }
+
+ /**
+ * Constructor for Pentanomial Polynomial Basis (PPB).
+ * @param m The exponent <code>m</code> of
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param a The coefficient <code>a</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param b The coefficient <code>b</code> in the Weierstrass equation
+ * for non-supersingular elliptic curves over
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param n The order of the main subgroup of the elliptic curve.
+ * @param h The cofactor of the elliptic curve, i.e.
+ * <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
+ */
+ public F2m(
+ int m,
+ int k1,
+ int k2,
+ int k3,
+ BigInteger a,
+ BigInteger b,
+ BigInteger n,
+ BigInteger h)
+ {
+ this.m = m;
+ this.k1 = k1;
+ this.k2 = k2;
+ this.k3 = k3;
+ this.n = n;
+ this.h = h;
+
+ if (k1 == 0)
+ {
+ throw new IllegalArgumentException("k1 must be > 0");
+ }
+
+ if (k2 == 0)
+ {
+ if (k3 != 0)
+ {
+ throw new IllegalArgumentException("k3 must be 0 if k2 == 0");
+ }
+ }
+ else
+ {
+ if (k2 <= k1)
+ {
+ throw new IllegalArgumentException("k2 must be > k1");
+ }
+
+ if (k3 <= k2)
+ {
+ throw new IllegalArgumentException("k3 must be > k2");
+ }
+ }
+
+ this.a = fromBigInteger(a);
+ this.b = fromBigInteger(b);
+ this.infinity = new ECPoint.F2m(this, null, null);
+ }
+
+ public int getFieldSize()
+ {
+ return m;
+ }
+
+ public ECFieldElement fromBigInteger(BigInteger x)
+ {
+ return new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, x);
+ }
+
+ public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
+ {
+ return new ECPoint.F2m(this, fromBigInteger(x), fromBigInteger(y), withCompression);
+ }
+
+ /* (non-Javadoc)
+ * @see org.bouncycastle.math.ec.ECCurve#decodePoint(byte[])
+ */
+ public ECPoint decodePoint(byte[] encoded)
+ {
+ ECPoint p = null;
+
+ switch (encoded[0])
+ {
+ // infinity
+ case 0x00:
+ if (encoded.length > 1)
+ {
+ throw new RuntimeException("Invalid point encoding");
+ }
+ p = getInfinity();
+ break;
+ // compressed
+ case 0x02:
+ case 0x03:
+ byte[] enc = new byte[encoded.length - 1];
+ System.arraycopy(encoded, 1, enc, 0, enc.length);
+ if (encoded[0] == 0x02)
+ {
+ p = decompressPoint(enc, 0);
+ }
+ else
+ {
+ p = decompressPoint(enc, 1);
+ }
+ break;
+ // uncompressed
+ case 0x04:
+ // hybrid
+ case 0x06:
+ case 0x07:
+ byte[] xEnc = new byte[(encoded.length - 1) / 2];
+ byte[] yEnc = new byte[(encoded.length - 1) / 2];
+
+ System.arraycopy(encoded, 1, xEnc, 0, xEnc.length);
+ System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length);
+
+ p = new ECPoint.F2m(this,
+ new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3,
+ new BigInteger(1, xEnc)),
+ new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3,
+ new BigInteger(1, yEnc)), false);
+ break;
+
+ default:
+ throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16));
+ }
+
+ return p;
+ }
+
+ public ECPoint getInfinity()
+ {
+ return infinity;
+ }
+
+ /**
+ * Returns true if this is a Koblitz curve (ABC curve).
+ * @return true if this is a Koblitz curve (ABC curve), false otherwise
+ */
+ public boolean isKoblitz()
+ {
+ return ((n != null) && (h != null) &&
+ ((a.toBigInteger().equals(ECConstants.ZERO)) ||
+ (a.toBigInteger().equals(ECConstants.ONE))) &&
+ (b.toBigInteger().equals(ECConstants.ONE)));
+ }
+
+ /**
+ * Returns the parameter <code>μ</code> of the elliptic curve.
+ * @return <code>μ</code> of the elliptic curve.
+ * @throws IllegalArgumentException if the given ECCurve is not a
+ * Koblitz curve.
+ */
+ synchronized byte getMu()
+ {
+ if (mu == 0)
+ {
+ mu = Tnaf.getMu(this);
+ }
+ return mu;
+ }
+
+ /**
+ * @return the auxiliary values <code>s<sub>0</sub></code> and
+ * <code>s<sub>1</sub></code> used for partial modular reduction for
+ * Koblitz curves.
+ */
+ synchronized BigInteger[] getSi()
+ {
+ if (si == null)
+ {
+ si = Tnaf.getSi(this);
+ }
+ return si;
+ }
+
+ /**
+ * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2).
+ *
+ * @param xEnc
+ * The encoding of field element xp.
+ * @param ypBit
+ * ~yp, an indication bit for the decompression of yp.
+ * @return the decompressed point.
+ */
+ private ECPoint decompressPoint(
+ byte[] xEnc,
+ int ypBit)
+ {
+ ECFieldElement xp = new ECFieldElement.F2m(
+ this.m, this.k1, this.k2, this.k3, new BigInteger(1, xEnc));
+ ECFieldElement yp = null;
+ if (xp.toBigInteger().equals(ECConstants.ZERO))
+ {
+ yp = (ECFieldElement.F2m)b;
+ for (int i = 0; i < m - 1; i++)
+ {
+ yp = yp.square();
+ }
+ }
+ else
+ {
+ ECFieldElement beta = xp.add(a).add(
+ b.multiply(xp.square().invert()));
+ ECFieldElement z = solveQuadradicEquation(beta);
+ if (z == null)
+ {
+ throw new RuntimeException("Invalid point compression");
+ }
+ int zBit = 0;
+ if (z.toBigInteger().testBit(0))
+ {
+ zBit = 1;
+ }
+ if (zBit != ypBit)
+ {
+ z = z.add(new ECFieldElement.F2m(this.m, this.k1, this.k2,
+ this.k3, ECConstants.ONE));
+ }
+ yp = xp.multiply(z);
+ }
+
+ return new ECPoint.F2m(this, xp, yp);
+ }
+
+ /**
+ * Solves a quadratic equation <code>z<sup>2</sup> + z = beta</code>(X9.62
+ * D.1.6) The other solution is <code>z + 1</code>.
+ *
+ * @param beta
+ * The value to solve the qradratic equation for.
+ * @return the solution for <code>z<sup>2</sup> + z = beta</code> or
+ * <code>null</code> if no solution exists.
+ */
+ private ECFieldElement solveQuadradicEquation(ECFieldElement beta)
+ {
+ ECFieldElement zeroElement = new ECFieldElement.F2m(
+ this.m, this.k1, this.k2, this.k3, ECConstants.ZERO);
+
+ if (beta.toBigInteger().equals(ECConstants.ZERO))
+ {
+ return zeroElement;
+ }
+
+ ECFieldElement z = null;
+ ECFieldElement gamma = zeroElement;
+
+ Random rand = new Random();
+ do
+ {
+ ECFieldElement t = new ECFieldElement.F2m(this.m, this.k1,
+ this.k2, this.k3, new BigInteger(m, rand));
+ z = zeroElement;
+ ECFieldElement w = beta;
+ for (int i = 1; i <= m - 1; i++)
+ {
+ ECFieldElement w2 = w.square();
+ z = z.square().add(w2.multiply(t));
+ w = w2.add(beta);
+ }
+ if (!w.toBigInteger().equals(ECConstants.ZERO))
+ {
+ return null;
+ }
+ gamma = z.square().add(z);
+ }
+ while (gamma.toBigInteger().equals(ECConstants.ZERO));
+
+ return z;
+ }
+
+ public boolean equals(
+ Object anObject)
+ {
+ if (anObject == this)
+ {
+ return true;
+ }
+
+ if (!(anObject instanceof ECCurve.F2m))
+ {
+ return false;
+ }
+
+ ECCurve.F2m other = (ECCurve.F2m)anObject;
+
+ return (this.m == other.m) && (this.k1 == other.k1)
+ && (this.k2 == other.k2) && (this.k3 == other.k3)
+ && a.equals(other.a) && b.equals(other.b);
+ }
+
+ public int hashCode()
+ {
+ return this.a.hashCode() ^ this.b.hashCode() ^ m ^ k1 ^ k2 ^ k3;
+ }
+
+ public int getM()
+ {
+ return m;
+ }
+
+ /**
+ * Return true if curve uses a Trinomial basis.
+ *
+ * @return true if curve Trinomial, false otherwise.
+ */
+ public boolean isTrinomial()
+ {
+ return k2 == 0 && k3 == 0;
+ }
+
+ public int getK1()
+ {
+ return k1;
+ }
+
+ public int getK2()
+ {
+ return k2;
+ }
+
+ public int getK3()
+ {
+ return k3;
+ }
+
+ public BigInteger getN()
+ {
+ return n;
+ }
+
+ public BigInteger getH()
+ {
+ return h;
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java b/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
new file mode 100644
index 0000000..b5e9aa5
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
@@ -0,0 +1,1196 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+import java.util.Random;
+
+public abstract class ECFieldElement
+ implements ECConstants
+{
+
+ public abstract BigInteger toBigInteger();
+ public abstract String getFieldName();
+ public abstract int getFieldSize();
+ public abstract ECFieldElement add(ECFieldElement b);
+ public abstract ECFieldElement subtract(ECFieldElement b);
+ public abstract ECFieldElement multiply(ECFieldElement b);
+ public abstract ECFieldElement divide(ECFieldElement b);
+ public abstract ECFieldElement negate();
+ public abstract ECFieldElement square();
+ public abstract ECFieldElement invert();
+ public abstract ECFieldElement sqrt();
+
+ public String toString()
+ {
+ return this.toBigInteger().toString(2);
+ }
+
+ public static class Fp extends ECFieldElement
+ {
+ BigInteger x;
+
+ BigInteger q;
+
+ public Fp(BigInteger q, BigInteger x)
+ {
+ this.x = x;
+
+ if (x.compareTo(q) >= 0)
+ {
+ throw new IllegalArgumentException("x value too large in field element");
+ }
+
+ this.q = q;
+ }
+
+ public BigInteger toBigInteger()
+ {
+ return x;
+ }
+
+ /**
+ * return the field name for this field.
+ *
+ * @return the string "Fp".
+ */
+ public String getFieldName()
+ {
+ return "Fp";
+ }
+
+ public int getFieldSize()
+ {
+ return q.bitLength();
+ }
+
+ public BigInteger getQ()
+ {
+ return q;
+ }
+
+ public ECFieldElement add(ECFieldElement b)
+ {
+ return new Fp(q, x.add(b.toBigInteger()).mod(q));
+ }
+
+ public ECFieldElement subtract(ECFieldElement b)
+ {
+ return new Fp(q, x.subtract(b.toBigInteger()).mod(q));
+ }
+
+ public ECFieldElement multiply(ECFieldElement b)
+ {
+ return new Fp(q, x.multiply(b.toBigInteger()).mod(q));
+ }
+
+ public ECFieldElement divide(ECFieldElement b)
+ {
+ return new Fp(q, x.multiply(b.toBigInteger().modInverse(q)).mod(q));
+ }
+
+ public ECFieldElement negate()
+ {
+ return new Fp(q, x.negate().mod(q));
+ }
+
+ public ECFieldElement square()
+ {
+ return new Fp(q, x.multiply(x).mod(q));
+ }
+
+ public ECFieldElement invert()
+ {
+ return new Fp(q, x.modInverse(q));
+ }
+
+ // D.1.4 91
+ /**
+ * return a sqrt root - the routine verifies that the calculation
+ * returns the right value - if none exists it returns null.
+ */
+ public ECFieldElement sqrt()
+ {
+ if (!q.testBit(0))
+ {
+ throw new RuntimeException("not done yet");
+ }
+
+ // note: even though this class implements ECConstants don't be tempted to
+ // remove the explicit declaration, some J2ME environments don't cope.
+ // p mod 4 == 3
+ if (q.testBit(1))
+ {
+ // z = g^(u+1) + p, p = 4u + 3
+ ECFieldElement z = new Fp(q, x.modPow(q.shiftRight(2).add(ECConstants.ONE), q));
+
+ return z.square().equals(this) ? z : null;
+ }
+
+ // p mod 4 == 1
+ BigInteger qMinusOne = q.subtract(ECConstants.ONE);
+
+ BigInteger legendreExponent = qMinusOne.shiftRight(1);
+ if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
+ {
+ return null;
+ }
+
+ BigInteger u = qMinusOne.shiftRight(2);
+ BigInteger k = u.shiftLeft(1).add(ECConstants.ONE);
+
+ BigInteger Q = this.x;
+ BigInteger fourQ = Q.shiftLeft(2).mod(q);
+
+ BigInteger U, V;
+ Random rand = new Random();
+ do
+ {
+ BigInteger P;
+ do
+ {
+ P = new BigInteger(q.bitLength(), rand);
+ }
+ while (P.compareTo(q) >= 0
+ || !(P.multiply(P).subtract(fourQ).modPow(legendreExponent, q).equals(qMinusOne)));
+
+ BigInteger[] result = lucasSequence(q, P, Q, k);
+ U = result[0];
+ V = result[1];
+
+ if (V.multiply(V).mod(q).equals(fourQ))
+ {
+ // Integer division by 2, mod q
+ if (V.testBit(0))
+ {
+ V = V.add(q);
+ }
+
+ V = V.shiftRight(1);
+
+ //assert V.multiply(V).mod(q).equals(x);
+
+ return new ECFieldElement.Fp(q, V);
+ }
+ }
+ while (U.equals(ECConstants.ONE) || U.equals(qMinusOne));
+
+ return null;
+
+// BigInteger qMinusOne = q.subtract(ECConstants.ONE);
+// BigInteger legendreExponent = qMinusOne.shiftRight(1); //divide(ECConstants.TWO);
+// if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
+// {
+// return null;
+// }
+//
+// Random rand = new Random();
+// BigInteger fourX = x.shiftLeft(2);
+//
+// BigInteger r;
+// do
+// {
+// r = new BigInteger(q.bitLength(), rand);
+// }
+// while (r.compareTo(q) >= 0
+// || !(r.multiply(r).subtract(fourX).modPow(legendreExponent, q).equals(qMinusOne)));
+//
+// BigInteger n1 = qMinusOne.shiftRight(2); //.divide(ECConstants.FOUR);
+// BigInteger n2 = n1.add(ECConstants.ONE); //q.add(ECConstants.THREE).divide(ECConstants.FOUR);
+//
+// BigInteger wOne = WOne(r, x, q);
+// BigInteger wSum = W(n1, wOne, q).add(W(n2, wOne, q)).mod(q);
+// BigInteger twoR = r.shiftLeft(1); //ECConstants.TWO.multiply(r);
+//
+// BigInteger root = twoR.modPow(q.subtract(ECConstants.TWO), q)
+// .multiply(x).mod(q)
+// .multiply(wSum).mod(q);
+//
+// return new Fp(q, root);
+ }
+
+// private static BigInteger W(BigInteger n, BigInteger wOne, BigInteger p)
+// {
+// if (n.equals(ECConstants.ONE))
+// {
+// return wOne;
+// }
+// boolean isEven = !n.testBit(0);
+// n = n.shiftRight(1);//divide(ECConstants.TWO);
+// if (isEven)
+// {
+// BigInteger w = W(n, wOne, p);
+// return w.multiply(w).subtract(ECConstants.TWO).mod(p);
+// }
+// BigInteger w1 = W(n.add(ECConstants.ONE), wOne, p);
+// BigInteger w2 = W(n, wOne, p);
+// return w1.multiply(w2).subtract(wOne).mod(p);
+// }
+//
+// private BigInteger WOne(BigInteger r, BigInteger x, BigInteger p)
+// {
+// return r.multiply(r).multiply(x.modPow(q.subtract(ECConstants.TWO), q)).subtract(ECConstants.TWO).mod(p);
+// }
+
+ private static BigInteger[] lucasSequence(
+ BigInteger p,
+ BigInteger P,
+ BigInteger Q,
+ BigInteger k)
+ {
+ int n = k.bitLength();
+ int s = k.getLowestSetBit();
+
+ BigInteger Uh = ECConstants.ONE;
+ BigInteger Vl = ECConstants.TWO;
+ BigInteger Vh = P;
+ BigInteger Ql = ECConstants.ONE;
+ BigInteger Qh = ECConstants.ONE;
+
+ for (int j = n - 1; j >= s + 1; --j)
+ {
+ Ql = Ql.multiply(Qh).mod(p);
+
+ if (k.testBit(j))
+ {
+ Qh = Ql.multiply(Q).mod(p);
+ Uh = Uh.multiply(Vh).mod(p);
+ Vl = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
+ Vh = Vh.multiply(Vh).subtract(Qh.shiftLeft(1)).mod(p);
+ }
+ else
+ {
+ Qh = Ql;
+ Uh = Uh.multiply(Vl).subtract(Ql).mod(p);
+ Vh = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
+ Vl = Vl.multiply(Vl).subtract(Ql.shiftLeft(1)).mod(p);
+ }
+ }
+
+ Ql = Ql.multiply(Qh).mod(p);
+ Qh = Ql.multiply(Q).mod(p);
+ Uh = Uh.multiply(Vl).subtract(Ql).mod(p);
+ Vl = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
+ Ql = Ql.multiply(Qh).mod(p);
+
+ for (int j = 1; j <= s; ++j)
+ {
+ Uh = Uh.multiply(Vl).mod(p);
+ Vl = Vl.multiply(Vl).subtract(Ql.shiftLeft(1)).mod(p);
+ Ql = Ql.multiply(Ql).mod(p);
+ }
+
+ return new BigInteger[]{ Uh, Vl };
+ }
+
+ public boolean equals(Object other)
+ {
+ if (other == this)
+ {
+ return true;
+ }
+
+ if (!(other instanceof ECFieldElement.Fp))
+ {
+ return false;
+ }
+
+ ECFieldElement.Fp o = (ECFieldElement.Fp)other;
+ return q.equals(o.q) && x.equals(o.x);
+ }
+
+ public int hashCode()
+ {
+ return q.hashCode() ^ x.hashCode();
+ }
+ }
+
+// /**
+// * Class representing the Elements of the finite field
+// * <code>F<sub>2<sup>m</sup></sub></code> in polynomial basis (PB)
+// * representation. Both trinomial (TPB) and pentanomial (PPB) polynomial
+// * basis representations are supported. Gaussian normal basis (GNB)
+// * representation is not supported.
+// */
+// public static class F2m extends ECFieldElement
+// {
+// BigInteger x;
+//
+// /**
+// * Indicates gaussian normal basis representation (GNB). Number chosen
+// * according to X9.62. GNB is not implemented at present.
+// */
+// public static final int GNB = 1;
+//
+// /**
+// * Indicates trinomial basis representation (TPB). Number chosen
+// * according to X9.62.
+// */
+// public static final int TPB = 2;
+//
+// /**
+// * Indicates pentanomial basis representation (PPB). Number chosen
+// * according to X9.62.
+// */
+// public static final int PPB = 3;
+//
+// /**
+// * TPB or PPB.
+// */
+// private int representation;
+//
+// /**
+// * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
+// */
+// private int m;
+//
+// /**
+// * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+// * x<sup>k</sup> + 1</code> represents the reduction polynomial
+// * <code>f(z)</code>.<br>
+// * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.<br>
+// */
+// private int k1;
+//
+// /**
+// * TPB: Always set to <code>0</code><br>
+// * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.<br>
+// */
+// private int k2;
+//
+// /**
+// * TPB: Always set to <code>0</code><br>
+// * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.<br>
+// */
+// private int k3;
+//
+// /**
+// * Constructor for PPB.
+// * @param m The exponent <code>m</code> of
+// * <code>F<sub>2<sup>m</sup></sub></code>.
+// * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.
+// * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.
+// * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.
+// * @param x The BigInteger representing the value of the field element.
+// */
+// public F2m(
+// int m,
+// int k1,
+// int k2,
+// int k3,
+// BigInteger x)
+// {
+//// super(x);
+// this.x = x;
+//
+// if ((k2 == 0) && (k3 == 0))
+// {
+// this.representation = TPB;
+// }
+// else
+// {
+// if (k2 >= k3)
+// {
+// throw new IllegalArgumentException(
+// "k2 must be smaller than k3");
+// }
+// if (k2 <= 0)
+// {
+// throw new IllegalArgumentException(
+// "k2 must be larger than 0");
+// }
+// this.representation = PPB;
+// }
+//
+// if (x.signum() < 0)
+// {
+// throw new IllegalArgumentException("x value cannot be negative");
+// }
+//
+// this.m = m;
+// this.k1 = k1;
+// this.k2 = k2;
+// this.k3 = k3;
+// }
+//
+// /**
+// * Constructor for TPB.
+// * @param m The exponent <code>m</code> of
+// * <code>F<sub>2<sup>m</sup></sub></code>.
+// * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+// * x<sup>k</sup> + 1</code> represents the reduction
+// * polynomial <code>f(z)</code>.
+// * @param x The BigInteger representing the value of the field element.
+// */
+// public F2m(int m, int k, BigInteger x)
+// {
+// // Set k1 to k, and set k2 and k3 to 0
+// this(m, k, 0, 0, x);
+// }
+//
+// public BigInteger toBigInteger()
+// {
+// return x;
+// }
+//
+// public String getFieldName()
+// {
+// return "F2m";
+// }
+//
+// public int getFieldSize()
+// {
+// return m;
+// }
+//
+// /**
+// * Checks, if the ECFieldElements <code>a</code> and <code>b</code>
+// * are elements of the same field <code>F<sub>2<sup>m</sup></sub></code>
+// * (having the same representation).
+// * @param a field element.
+// * @param b field element to be compared.
+// * @throws IllegalArgumentException if <code>a</code> and <code>b</code>
+// * are not elements of the same field
+// * <code>F<sub>2<sup>m</sup></sub></code> (having the same
+// * representation).
+// */
+// public static void checkFieldElements(
+// ECFieldElement a,
+// ECFieldElement b)
+// {
+// if ((!(a instanceof F2m)) || (!(b instanceof F2m)))
+// {
+// throw new IllegalArgumentException("Field elements are not "
+// + "both instances of ECFieldElement.F2m");
+// }
+//
+// if ((a.toBigInteger().signum() < 0) || (b.toBigInteger().signum() < 0))
+// {
+// throw new IllegalArgumentException(
+// "x value may not be negative");
+// }
+//
+// ECFieldElement.F2m aF2m = (ECFieldElement.F2m)a;
+// ECFieldElement.F2m bF2m = (ECFieldElement.F2m)b;
+//
+// if ((aF2m.m != bF2m.m) || (aF2m.k1 != bF2m.k1)
+// || (aF2m.k2 != bF2m.k2) || (aF2m.k3 != bF2m.k3))
+// {
+// throw new IllegalArgumentException("Field elements are not "
+// + "elements of the same field F2m");
+// }
+//
+// if (aF2m.representation != bF2m.representation)
+// {
+// // Should never occur
+// throw new IllegalArgumentException(
+// "One of the field "
+// + "elements are not elements has incorrect representation");
+// }
+// }
+//
+// /**
+// * Computes <code>z * a(z) mod f(z)</code>, where <code>f(z)</code> is
+// * the reduction polynomial of <code>this</code>.
+// * @param a The polynomial <code>a(z)</code> to be multiplied by
+// * <code>z mod f(z)</code>.
+// * @return <code>z * a(z) mod f(z)</code>
+// */
+// private BigInteger multZModF(final BigInteger a)
+// {
+// // Left-shift of a(z)
+// BigInteger az = a.shiftLeft(1);
+// if (az.testBit(this.m))
+// {
+// // If the coefficient of z^m in a(z) equals 1, reduction
+// // modulo f(z) is performed: Add f(z) to to a(z):
+// // Step 1: Unset mth coeffient of a(z)
+// az = az.clearBit(this.m);
+//
+// // Step 2: Add r(z) to a(z), where r(z) is defined as
+// // f(z) = z^m + r(z), and k1, k2, k3 are the positions of
+// // the non-zero coefficients in r(z)
+// az = az.flipBit(0);
+// az = az.flipBit(this.k1);
+// if (this.representation == PPB)
+// {
+// az = az.flipBit(this.k2);
+// az = az.flipBit(this.k3);
+// }
+// }
+// return az;
+// }
+//
+// public ECFieldElement add(final ECFieldElement b)
+// {
+// // No check performed here for performance reasons. Instead the
+// // elements involved are checked in ECPoint.F2m
+// // checkFieldElements(this, b);
+// if (b.toBigInteger().signum() == 0)
+// {
+// return this;
+// }
+//
+// return new F2m(this.m, this.k1, this.k2, this.k3, this.x.xor(b.toBigInteger()));
+// }
+//
+// public ECFieldElement subtract(final ECFieldElement b)
+// {
+// // Addition and subtraction are the same in F2m
+// return add(b);
+// }
+//
+//
+// public ECFieldElement multiply(final ECFieldElement b)
+// {
+// // Left-to-right shift-and-add field multiplication in F2m
+// // Input: Binary polynomials a(z) and b(z) of degree at most m-1
+// // Output: c(z) = a(z) * b(z) mod f(z)
+//
+// // No check performed here for performance reasons. Instead the
+// // elements involved are checked in ECPoint.F2m
+// // checkFieldElements(this, b);
+// final BigInteger az = this.x;
+// BigInteger bz = b.toBigInteger();
+// BigInteger cz;
+//
+// // Compute c(z) = a(z) * b(z) mod f(z)
+// if (az.testBit(0))
+// {
+// cz = bz;
+// }
+// else
+// {
+// cz = ECConstants.ZERO;
+// }
+//
+// for (int i = 1; i < this.m; i++)
+// {
+// // b(z) := z * b(z) mod f(z)
+// bz = multZModF(bz);
+//
+// if (az.testBit(i))
+// {
+// // If the coefficient of x^i in a(z) equals 1, b(z) is added
+// // to c(z)
+// cz = cz.xor(bz);
+// }
+// }
+// return new ECFieldElement.F2m(m, this.k1, this.k2, this.k3, cz);
+// }
+//
+//
+// public ECFieldElement divide(final ECFieldElement b)
+// {
+// // There may be more efficient implementations
+// ECFieldElement bInv = b.invert();
+// return multiply(bInv);
+// }
+//
+// public ECFieldElement negate()
+// {
+// // -x == x holds for all x in F2m
+// return this;
+// }
+//
+// public ECFieldElement square()
+// {
+// // Naive implementation, can probably be speeded up using modular
+// // reduction
+// return multiply(this);
+// }
+//
+// public ECFieldElement invert()
+// {
+// // Inversion in F2m using the extended Euclidean algorithm
+// // Input: A nonzero polynomial a(z) of degree at most m-1
+// // Output: a(z)^(-1) mod f(z)
+//
+// // u(z) := a(z)
+// BigInteger uz = this.x;
+// if (uz.signum() <= 0)
+// {
+// throw new ArithmeticException("x is zero or negative, " +
+// "inversion is impossible");
+// }
+//
+// // v(z) := f(z)
+// BigInteger vz = ECConstants.ZERO.setBit(m);
+// vz = vz.setBit(0);
+// vz = vz.setBit(this.k1);
+// if (this.representation == PPB)
+// {
+// vz = vz.setBit(this.k2);
+// vz = vz.setBit(this.k3);
+// }
+//
+// // g1(z) := 1, g2(z) := 0
+// BigInteger g1z = ECConstants.ONE;
+// BigInteger g2z = ECConstants.ZERO;
+//
+// // while u != 1
+// while (!(uz.equals(ECConstants.ZERO)))
+// {
+// // j := deg(u(z)) - deg(v(z))
+// int j = uz.bitLength() - vz.bitLength();
+//
+// // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
+// if (j < 0)
+// {
+// final BigInteger uzCopy = uz;
+// uz = vz;
+// vz = uzCopy;
+//
+// final BigInteger g1zCopy = g1z;
+// g1z = g2z;
+// g2z = g1zCopy;
+//
+// j = -j;
+// }
+//
+// // u(z) := u(z) + z^j * v(z)
+// // Note, that no reduction modulo f(z) is required, because
+// // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
+// // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
+// // = deg(u(z))
+// uz = uz.xor(vz.shiftLeft(j));
+//
+// // g1(z) := g1(z) + z^j * g2(z)
+// g1z = g1z.xor(g2z.shiftLeft(j));
+//// if (g1z.bitLength() > this.m) {
+//// throw new ArithmeticException(
+//// "deg(g1z) >= m, g1z = " + g1z.toString(2));
+//// }
+// }
+// return new ECFieldElement.F2m(
+// this.m, this.k1, this.k2, this.k3, g2z);
+// }
+//
+// public ECFieldElement sqrt()
+// {
+// throw new RuntimeException("Not implemented");
+// }
+//
+// /**
+// * @return the representation of the field
+// * <code>F<sub>2<sup>m</sup></sub></code>, either of
+// * TPB (trinomial
+// * basis representation) or
+// * PPB (pentanomial
+// * basis representation).
+// */
+// public int getRepresentation()
+// {
+// return this.representation;
+// }
+//
+// /**
+// * @return the degree <code>m</code> of the reduction polynomial
+// * <code>f(z)</code>.
+// */
+// public int getM()
+// {
+// return this.m;
+// }
+//
+// /**
+// * @return TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+// * x<sup>k</sup> + 1</code> represents the reduction polynomial
+// * <code>f(z)</code>.<br>
+// * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.<br>
+// */
+// public int getK1()
+// {
+// return this.k1;
+// }
+//
+// /**
+// * @return TPB: Always returns <code>0</code><br>
+// * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.<br>
+// */
+// public int getK2()
+// {
+// return this.k2;
+// }
+//
+// /**
+// * @return TPB: Always set to <code>0</code><br>
+// * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+// * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+// * represents the reduction polynomial <code>f(z)</code>.<br>
+// */
+// public int getK3()
+// {
+// return this.k3;
+// }
+//
+// public boolean equals(Object anObject)
+// {
+// if (anObject == this)
+// {
+// return true;
+// }
+//
+// if (!(anObject instanceof ECFieldElement.F2m))
+// {
+// return false;
+// }
+//
+// ECFieldElement.F2m b = (ECFieldElement.F2m)anObject;
+//
+// return ((this.m == b.m) && (this.k1 == b.k1) && (this.k2 == b.k2)
+// && (this.k3 == b.k3)
+// && (this.representation == b.representation)
+// && (this.x.equals(b.x)));
+// }
+//
+// public int hashCode()
+// {
+// return x.hashCode() ^ m ^ k1 ^ k2 ^ k3;
+// }
+// }
+
+ /**
+ * Class representing the Elements of the finite field
+ * <code>F<sub>2<sup>m</sup></sub></code> in polynomial basis (PB)
+ * representation. Both trinomial (TPB) and pentanomial (PPB) polynomial
+ * basis representations are supported. Gaussian normal basis (GNB)
+ * representation is not supported.
+ */
+ public static class F2m extends ECFieldElement
+ {
+ /**
+ * Indicates gaussian normal basis representation (GNB). Number chosen
+ * according to X9.62. GNB is not implemented at present.
+ */
+ public static final int GNB = 1;
+
+ /**
+ * Indicates trinomial basis representation (TPB). Number chosen
+ * according to X9.62.
+ */
+ public static final int TPB = 2;
+
+ /**
+ * Indicates pentanomial basis representation (PPB). Number chosen
+ * according to X9.62.
+ */
+ public static final int PPB = 3;
+
+ /**
+ * TPB or PPB.
+ */
+ private int representation;
+
+ /**
+ * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
+ */
+ private int m;
+
+ /**
+ * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+ * x<sup>k</sup> + 1</code> represents the reduction polynomial
+ * <code>f(z)</code>.<br>
+ * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ private int k1;
+
+ /**
+ * TPB: Always set to <code>0</code><br>
+ * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ private int k2;
+
+ /**
+ * TPB: Always set to <code>0</code><br>
+ * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ private int k3;
+
+ /**
+ * The <code>IntArray</code> holding the bits.
+ */
+ private IntArray x;
+
+ /**
+ * The number of <code>int</code>s required to hold <code>m</code> bits.
+ */
+ private int t;
+
+ /**
+ * Constructor for PPB.
+ * @param m The exponent <code>m</code> of
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.
+ * @param x The BigInteger representing the value of the field element.
+ */
+ public F2m(
+ int m,
+ int k1,
+ int k2,
+ int k3,
+ BigInteger x)
+ {
+ // t = m / 32 rounded up to the next integer
+ t = (m + 31) >> 5;
+ this.x = new IntArray(x, t);
+
+ if ((k2 == 0) && (k3 == 0))
+ {
+ this.representation = TPB;
+ }
+ else
+ {
+ if (k2 >= k3)
+ {
+ throw new IllegalArgumentException(
+ "k2 must be smaller than k3");
+ }
+ if (k2 <= 0)
+ {
+ throw new IllegalArgumentException(
+ "k2 must be larger than 0");
+ }
+ this.representation = PPB;
+ }
+
+ if (x.signum() < 0)
+ {
+ throw new IllegalArgumentException("x value cannot be negative");
+ }
+
+ this.m = m;
+ this.k1 = k1;
+ this.k2 = k2;
+ this.k3 = k3;
+ }
+
+ /**
+ * Constructor for TPB.
+ * @param m The exponent <code>m</code> of
+ * <code>F<sub>2<sup>m</sup></sub></code>.
+ * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+ * x<sup>k</sup> + 1</code> represents the reduction
+ * polynomial <code>f(z)</code>.
+ * @param x The BigInteger representing the value of the field element.
+ */
+ public F2m(int m, int k, BigInteger x)
+ {
+ // Set k1 to k, and set k2 and k3 to 0
+ this(m, k, 0, 0, x);
+ }
+
+ private F2m(int m, int k1, int k2, int k3, IntArray x)
+ {
+ t = (m + 31) >> 5;
+ this.x = x;
+ this.m = m;
+ this.k1 = k1;
+ this.k2 = k2;
+ this.k3 = k3;
+
+ if ((k2 == 0) && (k3 == 0))
+ {
+ this.representation = TPB;
+ }
+ else
+ {
+ this.representation = PPB;
+ }
+
+ }
+
+ public BigInteger toBigInteger()
+ {
+ return x.toBigInteger();
+ }
+
+ public String getFieldName()
+ {
+ return "F2m";
+ }
+
+ public int getFieldSize()
+ {
+ return m;
+ }
+
+ /**
+ * Checks, if the ECFieldElements <code>a</code> and <code>b</code>
+ * are elements of the same field <code>F<sub>2<sup>m</sup></sub></code>
+ * (having the same representation).
+ * @param a field element.
+ * @param b field element to be compared.
+ * @throws IllegalArgumentException if <code>a</code> and <code>b</code>
+ * are not elements of the same field
+ * <code>F<sub>2<sup>m</sup></sub></code> (having the same
+ * representation).
+ */
+ public static void checkFieldElements(
+ ECFieldElement a,
+ ECFieldElement b)
+ {
+ if ((!(a instanceof F2m)) || (!(b instanceof F2m)))
+ {
+ throw new IllegalArgumentException("Field elements are not "
+ + "both instances of ECFieldElement.F2m");
+ }
+
+ ECFieldElement.F2m aF2m = (ECFieldElement.F2m)a;
+ ECFieldElement.F2m bF2m = (ECFieldElement.F2m)b;
+
+ if ((aF2m.m != bF2m.m) || (aF2m.k1 != bF2m.k1)
+ || (aF2m.k2 != bF2m.k2) || (aF2m.k3 != bF2m.k3))
+ {
+ throw new IllegalArgumentException("Field elements are not "
+ + "elements of the same field F2m");
+ }
+
+ if (aF2m.representation != bF2m.representation)
+ {
+ // Should never occur
+ throw new IllegalArgumentException(
+ "One of the field "
+ + "elements are not elements has incorrect representation");
+ }
+ }
+
+ public ECFieldElement add(final ECFieldElement b)
+ {
+ // No check performed here for performance reasons. Instead the
+ // elements involved are checked in ECPoint.F2m
+ // checkFieldElements(this, b);
+ IntArray iarrClone = (IntArray)this.x.clone();
+ F2m bF2m = (F2m)b;
+ iarrClone.addShifted(bF2m.x, 0);
+ return new F2m(m, k1, k2, k3, iarrClone);
+ }
+
+ public ECFieldElement subtract(final ECFieldElement b)
+ {
+ // Addition and subtraction are the same in F2m
+ return add(b);
+ }
+
+ public ECFieldElement multiply(final ECFieldElement b)
+ {
+ // Right-to-left comb multiplication in the IntArray
+ // Input: Binary polynomials a(z) and b(z) of degree at most m-1
+ // Output: c(z) = a(z) * b(z) mod f(z)
+
+ // No check performed here for performance reasons. Instead the
+ // elements involved are checked in ECPoint.F2m
+ // checkFieldElements(this, b);
+ F2m bF2m = (F2m)b;
+ IntArray mult = x.multiply(bF2m.x, m);
+ mult.reduce(m, new int[]{k1, k2, k3});
+ return new F2m(m, k1, k2, k3, mult);
+ }
+
+ public ECFieldElement divide(final ECFieldElement b)
+ {
+ // There may be more efficient implementations
+ ECFieldElement bInv = b.invert();
+ return multiply(bInv);
+ }
+
+ public ECFieldElement negate()
+ {
+ // -x == x holds for all x in F2m
+ return this;
+ }
+
+ public ECFieldElement square()
+ {
+ IntArray squared = x.square(m);
+ squared.reduce(m, new int[]{k1, k2, k3});
+ return new F2m(m, k1, k2, k3, squared);
+ }
+
+
+ public ECFieldElement invert()
+ {
+ // Inversion in F2m using the extended Euclidean algorithm
+ // Input: A nonzero polynomial a(z) of degree at most m-1
+ // Output: a(z)^(-1) mod f(z)
+
+ // u(z) := a(z)
+ IntArray uz = (IntArray)this.x.clone();
+
+ // v(z) := f(z)
+ IntArray vz = new IntArray(t);
+ vz.setBit(m);
+ vz.setBit(0);
+ vz.setBit(this.k1);
+ if (this.representation == PPB)
+ {
+ vz.setBit(this.k2);
+ vz.setBit(this.k3);
+ }
+
+ // g1(z) := 1, g2(z) := 0
+ IntArray g1z = new IntArray(t);
+ g1z.setBit(0);
+ IntArray g2z = new IntArray(t);
+
+ // while u != 0
+ while (!uz.isZero())
+// while (uz.getUsedLength() > 0)
+// while (uz.bitLength() > 1)
+ {
+ // j := deg(u(z)) - deg(v(z))
+ int j = uz.bitLength() - vz.bitLength();
+
+ // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
+ if (j < 0)
+ {
+ final IntArray uzCopy = uz;
+ uz = vz;
+ vz = uzCopy;
+
+ final IntArray g1zCopy = g1z;
+ g1z = g2z;
+ g2z = g1zCopy;
+
+ j = -j;
+ }
+
+ // u(z) := u(z) + z^j * v(z)
+ // Note, that no reduction modulo f(z) is required, because
+ // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
+ // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
+ // = deg(u(z))
+ // uz = uz.xor(vz.shiftLeft(j));
+ // jInt = n / 32
+ int jInt = j >> 5;
+ // jInt = n % 32
+ int jBit = j & 0x1F;
+ IntArray vzShift = vz.shiftLeft(jBit);
+ uz.addShifted(vzShift, jInt);
+
+ // g1(z) := g1(z) + z^j * g2(z)
+// g1z = g1z.xor(g2z.shiftLeft(j));
+ IntArray g2zShift = g2z.shiftLeft(jBit);
+ g1z.addShifted(g2zShift, jInt);
+
+ }
+ return new ECFieldElement.F2m(
+ this.m, this.k1, this.k2, this.k3, g2z);
+ }
+
+ public ECFieldElement sqrt()
+ {
+ throw new RuntimeException("Not implemented");
+ }
+
+ /**
+ * @return the representation of the field
+ * <code>F<sub>2<sup>m</sup></sub></code>, either of
+ * TPB (trinomial
+ * basis representation) or
+ * PPB (pentanomial
+ * basis representation).
+ */
+ public int getRepresentation()
+ {
+ return this.representation;
+ }
+
+ /**
+ * @return the degree <code>m</code> of the reduction polynomial
+ * <code>f(z)</code>.
+ */
+ public int getM()
+ {
+ return this.m;
+ }
+
+ /**
+ * @return TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+ * x<sup>k</sup> + 1</code> represents the reduction polynomial
+ * <code>f(z)</code>.<br>
+ * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ public int getK1()
+ {
+ return this.k1;
+ }
+
+ /**
+ * @return TPB: Always returns <code>0</code><br>
+ * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ public int getK2()
+ {
+ return this.k2;
+ }
+
+ /**
+ * @return TPB: Always set to <code>0</code><br>
+ * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+ * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+ * represents the reduction polynomial <code>f(z)</code>.<br>
+ */
+ public int getK3()
+ {
+ return this.k3;
+ }
+
+ public boolean equals(Object anObject)
+ {
+ if (anObject == this)
+ {
+ return true;
+ }
+
+ if (!(anObject instanceof ECFieldElement.F2m))
+ {
+ return false;
+ }
+
+ ECFieldElement.F2m b = (ECFieldElement.F2m)anObject;
+
+ return ((this.m == b.m) && (this.k1 == b.k1) && (this.k2 == b.k2)
+ && (this.k3 == b.k3)
+ && (this.representation == b.representation)
+ && (this.x.equals(b.x)));
+ }
+
+ public int hashCode()
+ {
+ return x.hashCode() ^ m ^ k1 ^ k2 ^ k3;
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java b/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java
new file mode 100644
index 0000000..4d72e33
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java
@@ -0,0 +1,19 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Interface for classes encapsulating a point multiplication algorithm
+ * for <code>ECPoint</code>s.
+ */
+interface ECMultiplier
+{
+ /**
+ * Multiplies the <code>ECPoint p</code> by <code>k</code>, i.e.
+ * <code>p</code> is added <code>k</code> times to itself.
+ * @param p The <code>ECPoint</code> to be multiplied.
+ * @param k The factor by which <code>p</code> i multiplied.
+ * @return <code>p</code> multiplied by <code>k</code>.
+ */
+ ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo);
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/src/main/java/org/bouncycastle/math/ec/ECPoint.java
new file mode 100644
index 0000000..b14e4c1
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECPoint.java
@@ -0,0 +1,588 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.x9.X9IntegerConverter;
+
+/**
+ * base class for points on elliptic curves.
+ */
+public abstract class ECPoint
+{
+ ECCurve curve;
+ ECFieldElement x;
+ ECFieldElement y;
+
+ protected boolean withCompression;
+
+ protected ECMultiplier multiplier = null;
+
+ protected PreCompInfo preCompInfo = null;
+
+ private static X9IntegerConverter converter = new X9IntegerConverter();
+
+ protected ECPoint(ECCurve curve, ECFieldElement x, ECFieldElement y)
+ {
+ this.curve = curve;
+ this.x = x;
+ this.y = y;
+ }
+
+ public ECCurve getCurve()
+ {
+ return curve;
+ }
+
+ public ECFieldElement getX()
+ {
+ return x;
+ }
+
+ public ECFieldElement getY()
+ {
+ return y;
+ }
+
+ public boolean isInfinity()
+ {
+ return x == null && y == null;
+ }
+
+ public boolean isCompressed()
+ {
+ return withCompression;
+ }
+
+ public boolean equals(
+ Object other)
+ {
+ if (other == this)
+ {
+ return true;
+ }
+
+ if (!(other instanceof ECPoint))
+ {
+ return false;
+ }
+
+ ECPoint o = (ECPoint)other;
+
+ if (this.isInfinity())
+ {
+ return o.isInfinity();
+ }
+
+ return x.equals(o.x) && y.equals(o.y);
+ }
+
+ public int hashCode()
+ {
+ if (this.isInfinity())
+ {
+ return 0;
+ }
+
+ return x.hashCode() ^ y.hashCode();
+ }
+
+// /**
+// * Mainly for testing. Explicitly set the <code>ECMultiplier</code>.
+// * @param multiplier The <code>ECMultiplier</code> to be used to multiply
+// * this <code>ECPoint</code>.
+// */
+// public void setECMultiplier(ECMultiplier multiplier)
+// {
+// this.multiplier = multiplier;
+// }
+
+ /**
+ * Sets the <code>PreCompInfo</code>. Used by <code>ECMultiplier</code>s
+ * to save the precomputation for this <code>ECPoint</code> to store the
+ * precomputation result for use by subsequent multiplication.
+ * @param preCompInfo The values precomputed by the
+ * <code>ECMultiplier</code>.
+ */
+ void setPreCompInfo(PreCompInfo preCompInfo)
+ {
+ this.preCompInfo = preCompInfo;
+ }
+
+ public abstract byte[] getEncoded();
+
+ public abstract ECPoint add(ECPoint b);
+ public abstract ECPoint subtract(ECPoint b);
+ public abstract ECPoint negate();
+ public abstract ECPoint twice();
+
+ /**
+ * Sets the default <code>ECMultiplier</code>, unless already set.
+ */
+ synchronized void assertECMultiplier()
+ {
+ if (this.multiplier == null)
+ {
+ this.multiplier = new FpNafMultiplier();
+ }
+ }
+
+ /**
+ * Multiplies this <code>ECPoint</code> by the given number.
+ * @param k The multiplicator.
+ * @return <code>k * this</code>.
+ */
+ public ECPoint multiply(BigInteger k)
+ {
+ if (k.signum() < 0)
+ {
+ throw new IllegalArgumentException("The multiplicator cannot be negative");
+ }
+
+ if (this.isInfinity())
+ {
+ return this;
+ }
+
+ if (k.signum() == 0)
+ {
+ return this.curve.getInfinity();
+ }
+
+ assertECMultiplier();
+ return this.multiplier.multiply(this, k, preCompInfo);
+ }
+
+ /**
+ * Elliptic curve points over Fp
+ */
+ public static class Fp extends ECPoint
+ {
+
+ /**
+ * Create a point which encodes with point compression.
+ *
+ * @param curve the curve to use
+ * @param x affine x co-ordinate
+ * @param y affine y co-ordinate
+ */
+ public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y)
+ {
+ this(curve, x, y, false);
+ }
+
+ /**
+ * Create a point that encodes with or without point compresion.
+ *
+ * @param curve the curve to use
+ * @param x affine x co-ordinate
+ * @param y affine y co-ordinate
+ * @param withCompression if true encode with point compression
+ */
+ public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+ {
+ super(curve, x, y);
+
+ if ((x != null && y == null) || (x == null && y != null))
+ {
+ throw new IllegalArgumentException("Exactly one of the field elements is null");
+ }
+
+ this.withCompression = withCompression;
+ }
+
+ /**
+ * return the field element encoded with point compression. (S 4.3.6)
+ */
+ public byte[] getEncoded()
+ {
+ if (this.isInfinity())
+ {
+ return new byte[1];
+ }
+
+ int qLength = converter.getByteLength(x);
+
+ if (withCompression)
+ {
+ byte PC;
+
+ if (this.getY().toBigInteger().testBit(0))
+ {
+ PC = 0x03;
+ }
+ else
+ {
+ PC = 0x02;
+ }
+
+ byte[] X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
+ byte[] PO = new byte[X.length + 1];
+
+ PO[0] = PC;
+ System.arraycopy(X, 0, PO, 1, X.length);
+
+ return PO;
+ }
+ else
+ {
+ byte[] X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
+ byte[] Y = converter.integerToBytes(this.getY().toBigInteger(), qLength);
+ byte[] PO = new byte[X.length + Y.length + 1];
+
+ PO[0] = 0x04;
+ System.arraycopy(X, 0, PO, 1, X.length);
+ System.arraycopy(Y, 0, PO, X.length + 1, Y.length);
+
+ return PO;
+ }
+ }
+
+ // B.3 pg 62
+ public ECPoint add(ECPoint b)
+ {
+ if (this.isInfinity())
+ {
+ return b;
+ }
+
+ if (b.isInfinity())
+ {
+ return this;
+ }
+
+ // Check if b = this or b = -this
+ if (this.x.equals(b.x))
+ {
+ if (this.y.equals(b.y))
+ {
+ // this = b, i.e. this must be doubled
+ return this.twice();
+ }
+
+ // this = -b, i.e. the result is the point at infinity
+ return this.curve.getInfinity();
+ }
+
+ ECFieldElement gamma = b.y.subtract(this.y).divide(b.x.subtract(this.x));
+
+ ECFieldElement x3 = gamma.square().subtract(this.x).subtract(b.x);
+ ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
+
+ return new ECPoint.Fp(curve, x3, y3);
+ }
+
+ // B.3 pg 62
+ public ECPoint twice()
+ {
+ if (this.isInfinity())
+ {
+ // Twice identity element (point at infinity) is identity
+ return this;
+ }
+
+ if (this.y.toBigInteger().signum() == 0)
+ {
+ // if y1 == 0, then (x1, y1) == (x1, -y1)
+ // and hence this = -this and thus 2(x1, y1) == infinity
+ return this.curve.getInfinity();
+ }
+
+ ECFieldElement TWO = this.curve.fromBigInteger(BigInteger.valueOf(2));
+ ECFieldElement THREE = this.curve.fromBigInteger(BigInteger.valueOf(3));
+ ECFieldElement gamma = this.x.square().multiply(THREE).add(curve.a).divide(y.multiply(TWO));
+
+ ECFieldElement x3 = gamma.square().subtract(this.x.multiply(TWO));
+ ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
+
+ return new ECPoint.Fp(curve, x3, y3, this.withCompression);
+ }
+
+ // D.3.2 pg 102 (see Note:)
+ public ECPoint subtract(ECPoint b)
+ {
+ if (b.isInfinity())
+ {
+ return this;
+ }
+
+ // Add -b
+ return add(b.negate());
+ }
+
+ public ECPoint negate()
+ {
+ return new ECPoint.Fp(curve, this.x, this.y.negate(), this.withCompression);
+ }
+
+ /**
+ * Sets the default <code>ECMultiplier</code>, unless already set.
+ */
+ synchronized void assertECMultiplier()
+ {
+ if (this.multiplier == null)
+ {
+ this.multiplier = new WNafMultiplier();
+ }
+ }
+ }
+
+ /**
+ * Elliptic curve points over F2m
+ */
+ public static class F2m extends ECPoint
+ {
+ /**
+ * @param curve base curve
+ * @param x x point
+ * @param y y point
+ */
+ public F2m(ECCurve curve, ECFieldElement x, ECFieldElement y)
+ {
+ this(curve, x, y, false);
+ }
+
+ /**
+ * @param curve base curve
+ * @param x x point
+ * @param y y point
+ * @param withCompression true if encode with point compression.
+ */
+ public F2m(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+ {
+ super(curve, x, y);
+
+ if ((x != null && y == null) || (x == null && y != null))
+ {
+ throw new IllegalArgumentException("Exactly one of the field elements is null");
+ }
+
+ if (x != null)
+ {
+ // Check if x and y are elements of the same field
+ ECFieldElement.F2m.checkFieldElements(this.x, this.y);
+
+ // Check if x and a are elements of the same field
+ if (curve != null)
+ {
+ ECFieldElement.F2m.checkFieldElements(this.x, this.curve.getA());
+ }
+ }
+
+ this.withCompression = withCompression;
+ }
+
+ /* (non-Javadoc)
+ * @see org.bouncycastle.math.ec.ECPoint#getEncoded()
+ */
+ public byte[] getEncoded()
+ {
+ if (this.isInfinity())
+ {
+ return new byte[1];
+ }
+
+ int byteCount = converter.getByteLength(this.x);
+ byte[] X = converter.integerToBytes(this.getX().toBigInteger(), byteCount);
+ byte[] PO;
+
+ if (withCompression)
+ {
+ // See X9.62 4.3.6 and 4.2.2
+ PO = new byte[byteCount + 1];
+
+ PO[0] = 0x02;
+ // X9.62 4.2.2 and 4.3.6:
+ // if x = 0 then ypTilde := 0, else ypTilde is the rightmost
+ // bit of y * x^(-1)
+ // if ypTilde = 0, then PC := 02, else PC := 03
+ // Note: PC === PO[0]
+ if (!(this.getX().toBigInteger().equals(ECConstants.ZERO)))
+ {
+ if (this.getY().multiply(this.getX().invert())
+ .toBigInteger().testBit(0))
+ {
+ // ypTilde = 1, hence PC = 03
+ PO[0] = 0x03;
+ }
+ }
+
+ System.arraycopy(X, 0, PO, 1, byteCount);
+ }
+ else
+ {
+ byte[] Y = converter.integerToBytes(this.getY().toBigInteger(), byteCount);
+
+ PO = new byte[byteCount + byteCount + 1];
+
+ PO[0] = 0x04;
+ System.arraycopy(X, 0, PO, 1, byteCount);
+ System.arraycopy(Y, 0, PO, byteCount + 1, byteCount);
+ }
+
+ return PO;
+ }
+
+ /**
+ * Check, if two <code>ECPoint</code>s can be added or subtracted.
+ * @param a The first <code>ECPoint</code> to check.
+ * @param b The second <code>ECPoint</code> to check.
+ * @throws IllegalArgumentException if <code>a</code> and <code>b</code>
+ * cannot be added.
+ */
+ private static void checkPoints(ECPoint a, ECPoint b)
+ {
+ // Check, if points are on the same curve
+ if (!(a.curve.equals(b.curve)))
+ {
+ throw new IllegalArgumentException("Only points on the same "
+ + "curve can be added or subtracted");
+ }
+
+// ECFieldElement.F2m.checkFieldElements(a.x, b.x);
+ }
+
+ /* (non-Javadoc)
+ * @see org.bouncycastle.math.ec.ECPoint#add(org.bouncycastle.math.ec.ECPoint)
+ */
+ public ECPoint add(ECPoint b)
+ {
+ checkPoints(this, b);
+ return addSimple((ECPoint.F2m)b);
+ }
+
+ /**
+ * Adds another <code>ECPoints.F2m</code> to <code>this</code> without
+ * checking if both points are on the same curve. Used by multiplication
+ * algorithms, because there all points are a multiple of the same point
+ * and hence the checks can be omitted.
+ * @param b The other <code>ECPoints.F2m</code> to add to
+ * <code>this</code>.
+ * @return <code>this + b</code>
+ */
+ public ECPoint.F2m addSimple(ECPoint.F2m b)
+ {
+ ECPoint.F2m other = b;
+ if (this.isInfinity())
+ {
+ return other;
+ }
+
+ if (other.isInfinity())
+ {
+ return this;
+ }
+
+ ECFieldElement.F2m x2 = (ECFieldElement.F2m)other.getX();
+ ECFieldElement.F2m y2 = (ECFieldElement.F2m)other.getY();
+
+ // Check if other = this or other = -this
+ if (this.x.equals(x2))
+ {
+ if (this.y.equals(y2))
+ {
+ // this = other, i.e. this must be doubled
+ return (ECPoint.F2m)this.twice();
+ }
+
+ // this = -other, i.e. the result is the point at infinity
+ return (ECPoint.F2m)this.curve.getInfinity();
+ }
+
+ ECFieldElement.F2m lambda
+ = (ECFieldElement.F2m)(this.y.add(y2)).divide(this.x.add(x2));
+
+ ECFieldElement.F2m x3
+ = (ECFieldElement.F2m)lambda.square().add(lambda).add(this.x).add(x2).add(this.curve.getA());
+
+ ECFieldElement.F2m y3
+ = (ECFieldElement.F2m)lambda.multiply(this.x.add(x3)).add(x3).add(this.y);
+
+ return new ECPoint.F2m(curve, x3, y3, withCompression);
+ }
+
+ /* (non-Javadoc)
+ * @see org.bouncycastle.math.ec.ECPoint#subtract(org.bouncycastle.math.ec.ECPoint)
+ */
+ public ECPoint subtract(ECPoint b)
+ {
+ checkPoints(this, b);
+ return subtractSimple((ECPoint.F2m)b);
+ }
+
+ /**
+ * Subtracts another <code>ECPoints.F2m</code> from <code>this</code>
+ * without checking if both points are on the same curve. Used by
+ * multiplication algorithms, because there all points are a multiple
+ * of the same point and hence the checks can be omitted.
+ * @param b The other <code>ECPoints.F2m</code> to subtract from
+ * <code>this</code>.
+ * @return <code>this - b</code>
+ */
+ public ECPoint.F2m subtractSimple(ECPoint.F2m b)
+ {
+ if (b.isInfinity())
+ {
+ return this;
+ }
+
+ // Add -b
+ return addSimple((ECPoint.F2m)b.negate());
+ }
+
+ /* (non-Javadoc)
+ * @see org.bouncycastle.math.ec.ECPoint#twice()
+ */
+ public ECPoint twice()
+ {
+ if (this.isInfinity())
+ {
+ // Twice identity element (point at infinity) is identity
+ return this;
+ }
+
+ if (this.x.toBigInteger().signum() == 0)
+ {
+ // if x1 == 0, then (x1, y1) == (x1, x1 + y1)
+ // and hence this = -this and thus 2(x1, y1) == infinity
+ return this.curve.getInfinity();
+ }
+
+ ECFieldElement.F2m lambda
+ = (ECFieldElement.F2m)this.x.add(this.y.divide(this.x));
+
+ ECFieldElement.F2m x3
+ = (ECFieldElement.F2m)lambda.square().add(lambda).
+ add(this.curve.getA());
+
+ ECFieldElement ONE = this.curve.fromBigInteger(ECConstants.ONE);
+ ECFieldElement.F2m y3
+ = (ECFieldElement.F2m)this.x.square().add(
+ x3.multiply(lambda.add(ONE)));
+
+ return new ECPoint.F2m(this.curve, x3, y3, withCompression);
+ }
+
+ public ECPoint negate()
+ {
+ return new ECPoint.F2m(curve, this.getX(), this.getY().add(this.getX()), withCompression);
+ }
+
+ /**
+ * Sets the appropriate <code>ECMultiplier</code>, unless already set.
+ */
+ synchronized void assertECMultiplier()
+ {
+ if (this.multiplier == null)
+ {
+ if (((ECCurve.F2m)this.curve).isKoblitz())
+ {
+ this.multiplier = new WTauNafMultiplier();
+ }
+ else
+ {
+ this.multiplier = new WNafMultiplier();
+ }
+ }
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java b/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java
new file mode 100644
index 0000000..35e601d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java
@@ -0,0 +1,39 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class implementing the NAF (Non-Adjacent Form) multiplication algorithm.
+ */
+class FpNafMultiplier implements ECMultiplier
+{
+ /**
+ * D.3.2 pg 101
+ * @see org.bouncycastle.math.ec.ECMultiplier#multiply(org.bouncycastle.math.ec.ECPoint, java.math.BigInteger)
+ */
+ public ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo)
+ {
+ // TODO Probably should try to add this
+ // BigInteger e = k.mod(n); // n == order of p
+ BigInteger e = k;
+ BigInteger h = e.multiply(BigInteger.valueOf(3));
+
+ ECPoint neg = p.negate();
+ ECPoint R = p;
+
+ for (int i = h.bitLength() - 2; i > 0; --i)
+ {
+ R = R.twice();
+
+ boolean hBit = h.testBit(i);
+ boolean eBit = e.testBit(i);
+
+ if (hBit != eBit)
+ {
+ R = R.add(hBit ? p : neg);
+ }
+ }
+
+ return R;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/IntArray.java b/src/main/java/org/bouncycastle/math/ec/IntArray.java
new file mode 100644
index 0000000..ead38c4
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/IntArray.java
@@ -0,0 +1,518 @@
+package org.bouncycastle.math.ec;
+
+import org.bouncycastle.util.Arrays;
+
+import java.math.BigInteger;
+
+class IntArray
+{
+ // TODO make m fixed for the IntArray, and hence compute T once and for all
+
+ private int[] m_ints;
+
+ public IntArray(int intLen)
+ {
+ m_ints = new int[intLen];
+ }
+
+ public IntArray(int[] ints)
+ {
+ m_ints = ints;
+ }
+
+ public IntArray(BigInteger bigInt)
+ {
+ this(bigInt, 0);
+ }
+
+ public IntArray(BigInteger bigInt, int minIntLen)
+ {
+ if (bigInt.signum() == -1)
+ {
+ throw new IllegalArgumentException("Only positive Integers allowed");
+ }
+ if (bigInt.equals(ECConstants.ZERO))
+ {
+ m_ints = new int[] { 0 };
+ return;
+ }
+
+ byte[] barr = bigInt.toByteArray();
+ int barrLen = barr.length;
+ int barrStart = 0;
+ if (barr[0] == 0)
+ {
+ // First byte is 0 to enforce highest (=sign) bit is zero.
+ // In this case ignore barr[0].
+ barrLen--;
+ barrStart = 1;
+ }
+ int intLen = (barrLen + 3) / 4;
+ if (intLen < minIntLen)
+ {
+ m_ints = new int[minIntLen];
+ }
+ else
+ {
+ m_ints = new int[intLen];
+ }
+
+ int iarrJ = intLen - 1;
+ int rem = barrLen % 4 + barrStart;
+ int temp = 0;
+ int barrI = barrStart;
+ if (barrStart < rem)
+ {
+ for (; barrI < rem; barrI++)
+ {
+ temp <<= 8;
+ int barrBarrI = barr[barrI];
+ if (barrBarrI < 0)
+ {
+ barrBarrI += 256;
+ }
+ temp |= barrBarrI;
+ }
+ m_ints[iarrJ--] = temp;
+ }
+
+ for (; iarrJ >= 0; iarrJ--)
+ {
+ temp = 0;
+ for (int i = 0; i < 4; i++)
+ {
+ temp <<= 8;
+ int barrBarrI = barr[barrI++];
+ if (barrBarrI < 0)
+ {
+ barrBarrI += 256;
+ }
+ temp |= barrBarrI;
+ }
+ m_ints[iarrJ] = temp;
+ }
+ }
+
+ public boolean isZero()
+ {
+ return m_ints.length == 0
+ || (m_ints[0] == 0 && getUsedLength() == 0);
+ }
+
+ public int getUsedLength()
+ {
+ int highestIntPos = m_ints.length;
+
+ if (highestIntPos < 1)
+ {
+ return 0;
+ }
+
+ // Check if first element will act as sentinel
+ if (m_ints[0] != 0)
+ {
+ while (m_ints[--highestIntPos] == 0)
+ {
+ }
+ return highestIntPos + 1;
+ }
+
+ do
+ {
+ if (m_ints[--highestIntPos] != 0)
+ {
+ return highestIntPos + 1;
+ }
+ }
+ while (highestIntPos > 0);
+
+ return 0;
+ }
+
+ public int bitLength()
+ {
+ // JDK 1.5: see Integer.numberOfLeadingZeros()
+ int intLen = getUsedLength();
+ if (intLen == 0)
+ {
+ return 0;
+ }
+
+ int last = intLen - 1;
+ int highest = m_ints[last];
+ int bits = (last << 5) + 1;
+
+ // A couple of binary search steps
+ if ((highest & 0xffff0000) != 0)
+ {
+ if ((highest & 0xff000000) != 0)
+ {
+ bits += 24;
+ highest >>>= 24;
+ }
+ else
+ {
+ bits += 16;
+ highest >>>= 16;
+ }
+ }
+ else if (highest > 0x000000ff)
+ {
+ bits += 8;
+ highest >>>= 8;
+ }
+
+ while (highest != 1)
+ {
+ ++bits;
+ highest >>>= 1;
+ }
+
+ return bits;
+ }
+
+ private int[] resizedInts(int newLen)
+ {
+ int[] newInts = new int[newLen];
+ int oldLen = m_ints.length;
+ int copyLen = oldLen < newLen ? oldLen : newLen;
+ System.arraycopy(m_ints, 0, newInts, 0, copyLen);
+ return newInts;
+ }
+
+ public BigInteger toBigInteger()
+ {
+ int usedLen = getUsedLength();
+ if (usedLen == 0)
+ {
+ return ECConstants.ZERO;
+ }
+
+ int highestInt = m_ints[usedLen - 1];
+ byte[] temp = new byte[4];
+ int barrI = 0;
+ boolean trailingZeroBytesDone = false;
+ for (int j = 3; j >= 0; j--)
+ {
+ byte thisByte = (byte) (highestInt >>> (8 * j));
+ if (trailingZeroBytesDone || (thisByte != 0))
+ {
+ trailingZeroBytesDone = true;
+ temp[barrI++] = thisByte;
+ }
+ }
+
+ int barrLen = 4 * (usedLen - 1) + barrI;
+ byte[] barr = new byte[barrLen];
+ for (int j = 0; j < barrI; j++)
+ {
+ barr[j] = temp[j];
+ }
+ // Highest value int is done now
+
+ for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--)
+ {
+ for (int j = 3; j >= 0; j--)
+ {
+ barr[barrI++] = (byte) (m_ints[iarrJ] >>> (8 * j));
+ }
+ }
+ return new BigInteger(1, barr);
+ }
+
+ public void shiftLeft()
+ {
+ int usedLen = getUsedLength();
+ if (usedLen == 0)
+ {
+ return;
+ }
+ if (m_ints[usedLen - 1] < 0)
+ {
+ // highest bit of highest used byte is set, so shifting left will
+ // make the IntArray one byte longer
+ usedLen++;
+ if (usedLen > m_ints.length)
+ {
+ // make the m_ints one byte longer, because we need one more
+ // byte which is not available in m_ints
+ m_ints = resizedInts(m_ints.length + 1);
+ }
+ }
+
+ boolean carry = false;
+ for (int i = 0; i < usedLen; i++)
+ {
+ // nextCarry is true if highest bit is set
+ boolean nextCarry = m_ints[i] < 0;
+ m_ints[i] <<= 1;
+ if (carry)
+ {
+ // set lowest bit
+ m_ints[i] |= 1;
+ }
+ carry = nextCarry;
+ }
+ }
+
+ public IntArray shiftLeft(int n)
+ {
+ int usedLen = getUsedLength();
+ if (usedLen == 0)
+ {
+ return this;
+ }
+
+ if (n == 0)
+ {
+ return this;
+ }
+
+ if (n > 31)
+ {
+ throw new IllegalArgumentException("shiftLeft() for max 31 bits "
+ + ", " + n + "bit shift is not possible");
+ }
+
+ int[] newInts = new int[usedLen + 1];
+
+ int nm32 = 32 - n;
+ newInts[0] = m_ints[0] << n;
+ for (int i = 1; i < usedLen; i++)
+ {
+ newInts[i] = (m_ints[i] << n) | (m_ints[i - 1] >>> nm32);
+ }
+ newInts[usedLen] = m_ints[usedLen - 1] >>> nm32;
+
+ return new IntArray(newInts);
+ }
+
+ public void addShifted(IntArray other, int shift)
+ {
+ int usedLenOther = other.getUsedLength();
+ int newMinUsedLen = usedLenOther + shift;
+ if (newMinUsedLen > m_ints.length)
+ {
+ m_ints = resizedInts(newMinUsedLen);
+ //System.out.println("Resize required");
+ }
+
+ for (int i = 0; i < usedLenOther; i++)
+ {
+ m_ints[i + shift] ^= other.m_ints[i];
+ }
+ }
+
+ public int getLength()
+ {
+ return m_ints.length;
+ }
+
+ public boolean testBit(int n)
+ {
+ // theInt = n / 32
+ int theInt = n >> 5;
+ // theBit = n % 32
+ int theBit = n & 0x1F;
+ int tester = 1 << theBit;
+ return ((m_ints[theInt] & tester) != 0);
+ }
+
+ public void flipBit(int n)
+ {
+ // theInt = n / 32
+ int theInt = n >> 5;
+ // theBit = n % 32
+ int theBit = n & 0x1F;
+ int flipper = 1 << theBit;
+ m_ints[theInt] ^= flipper;
+ }
+
+ public void setBit(int n)
+ {
+ // theInt = n / 32
+ int theInt = n >> 5;
+ // theBit = n % 32
+ int theBit = n & 0x1F;
+ int setter = 1 << theBit;
+ m_ints[theInt] |= setter;
+ }
+
+ public IntArray multiply(IntArray other, int m)
+ {
+ // Lenght of c is 2m bits rounded up to the next int (32 bit)
+ int t = (m + 31) >> 5;
+ if (m_ints.length < t)
+ {
+ m_ints = resizedInts(t);
+ }
+
+ IntArray b = new IntArray(other.resizedInts(other.getLength() + 1));
+ IntArray c = new IntArray((m + m + 31) >> 5);
+ // IntArray c = new IntArray(t + t);
+ int testBit = 1;
+ for (int k = 0; k < 32; k++)
+ {
+ for (int j = 0; j < t; j++)
+ {
+ if ((m_ints[j] & testBit) != 0)
+ {
+ // The kth bit of m_ints[j] is set
+ c.addShifted(b, j);
+ }
+ }
+ testBit <<= 1;
+ b.shiftLeft();
+ }
+ return c;
+ }
+
+ // public IntArray multiplyLeftToRight(IntArray other, int m) {
+ // // Lenght of c is 2m bits rounded up to the next int (32 bit)
+ // int t = (m + 31) / 32;
+ // if (m_ints.length < t) {
+ // m_ints = resizedInts(t);
+ // }
+ //
+ // IntArray b = new IntArray(other.resizedInts(other.getLength() + 1));
+ // IntArray c = new IntArray((m + m + 31) / 32);
+ // // IntArray c = new IntArray(t + t);
+ // int testBit = 1 << 31;
+ // for (int k = 31; k >= 0; k--) {
+ // for (int j = 0; j < t; j++) {
+ // if ((m_ints[j] & testBit) != 0) {
+ // // The kth bit of m_ints[j] is set
+ // c.addShifted(b, j);
+ // }
+ // }
+ // testBit >>>= 1;
+ // if (k > 0) {
+ // c.shiftLeft();
+ // }
+ // }
+ // return c;
+ // }
+
+ // TODO note, redPol.length must be 3 for TPB and 5 for PPB
+ public void reduce(int m, int[] redPol)
+ {
+ for (int i = m + m - 2; i >= m; i--)
+ {
+ if (testBit(i))
+ {
+ int bit = i - m;
+ flipBit(bit);
+ flipBit(i);
+ int l = redPol.length;
+ while (--l >= 0)
+ {
+ flipBit(redPol[l] + bit);
+ }
+ }
+ }
+ m_ints = resizedInts((m + 31) >> 5);
+ }
+
+ public IntArray square(int m)
+ {
+ // TODO make the table static final
+ final int[] table = { 0x0, 0x1, 0x4, 0x5, 0x10, 0x11, 0x14, 0x15, 0x40,
+ 0x41, 0x44, 0x45, 0x50, 0x51, 0x54, 0x55 };
+
+ int t = (m + 31) >> 5;
+ if (m_ints.length < t)
+ {
+ m_ints = resizedInts(t);
+ }
+
+ IntArray c = new IntArray(t + t);
+
+ // TODO twice the same code, put in separate private method
+ for (int i = 0; i < t; i++)
+ {
+ int v0 = 0;
+ for (int j = 0; j < 4; j++)
+ {
+ v0 = v0 >>> 8;
+ int u = (m_ints[i] >>> (j * 4)) & 0xF;
+ int w = table[u] << 24;
+ v0 |= w;
+ }
+ c.m_ints[i + i] = v0;
+
+ v0 = 0;
+ int upper = m_ints[i] >>> 16;
+ for (int j = 0; j < 4; j++)
+ {
+ v0 = v0 >>> 8;
+ int u = (upper >>> (j * 4)) & 0xF;
+ int w = table[u] << 24;
+ v0 |= w;
+ }
+ c.m_ints[i + i + 1] = v0;
+ }
+ return c;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof IntArray))
+ {
+ return false;
+ }
+ IntArray other = (IntArray) o;
+ int usedLen = getUsedLength();
+ if (other.getUsedLength() != usedLen)
+ {
+ return false;
+ }
+ for (int i = 0; i < usedLen; i++)
+ {
+ if (m_ints[i] != other.m_ints[i])
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ public int hashCode()
+ {
+ int usedLen = getUsedLength();
+ int hash = 1;
+ for (int i = 0; i < usedLen; i++)
+ {
+ hash = hash * 31 + m_ints[i];
+ }
+ return hash;
+ }
+
+ public Object clone()
+ {
+ return new IntArray(Arrays.clone(m_ints));
+ }
+
+ public String toString()
+ {
+ int usedLen = getUsedLength();
+ if (usedLen == 0)
+ {
+ return "0";
+ }
+
+ StringBuffer sb = new StringBuffer(Integer
+ .toBinaryString(m_ints[usedLen - 1]));
+ for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--)
+ {
+ String hexString = Integer.toBinaryString(m_ints[iarrJ]);
+
+ // Add leading zeroes, except for highest significant int
+ for (int i = hexString.length(); i < 8; i++)
+ {
+ hexString = "0" + hexString;
+ }
+ sb.append(hexString);
+ }
+ return sb.toString();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java b/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java
new file mode 100644
index 0000000..804dcf7
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java
@@ -0,0 +1,10 @@
+package org.bouncycastle.math.ec;
+
+/**
+ * Interface for classes storing precomputation data for multiplication
+ * algorithms. Used as a Memento (see GOF patterns) for
+ * <code>WNafMultiplier</code>.
+ */
+interface PreCompInfo
+{
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java b/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
new file mode 100644
index 0000000..96e666d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
@@ -0,0 +1,253 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class representing a simple version of a big decimal. A
+ * <code>SimpleBigDecimal</code> is basically a
+ * {@link java.math.BigInteger BigInteger} with a few digits on the right of
+ * the decimal point. The number of (binary) digits on the right of the decimal
+ * point is called the <code>scale</code> of the <code>SimpleBigDecimal</code>.
+ * Unlike in {@link java.math.BigDecimal BigDecimal}, the scale is not adjusted
+ * automatically, but must be set manually. All <code>SimpleBigDecimal</code>s
+ * taking part in the same arithmetic operation must have equal scale. The
+ * result of a multiplication of two <code>SimpleBigDecimal</code>s returns a
+ * <code>SimpleBigDecimal</code> with double scale.
+ */
+class SimpleBigDecimal
+ //extends Number // not in J2ME - add compatibility class?
+{
+ private static final long serialVersionUID = 1L;
+
+ private final BigInteger bigInt;
+ private final int scale;
+
+ /**
+ * Returns a <code>SimpleBigDecimal</code> representing the same numerical
+ * value as <code>value</code>.
+ * @param value The value of the <code>SimpleBigDecimal</code> to be
+ * created.
+ * @param scale The scale of the <code>SimpleBigDecimal</code> to be
+ * created.
+ * @return The such created <code>SimpleBigDecimal</code>.
+ */
+ public static SimpleBigDecimal getInstance(BigInteger value, int scale)
+ {
+ return new SimpleBigDecimal(value.shiftLeft(scale), scale);
+ }
+
+ /**
+ * Constructor for <code>SimpleBigDecimal</code>. The value of the
+ * constructed <code>SimpleBigDecimal</code> equals <code>bigInt /
+ * 2<sup>scale</sup></code>.
+ * @param bigInt The <code>bigInt</code> value parameter.
+ * @param scale The scale of the constructed <code>SimpleBigDecimal</code>.
+ */
+ public SimpleBigDecimal(BigInteger bigInt, int scale)
+ {
+ if (scale < 0)
+ {
+ throw new IllegalArgumentException("scale may not be negative");
+ }
+
+ this.bigInt = bigInt;
+ this.scale = scale;
+ }
+
+ private SimpleBigDecimal(SimpleBigDecimal limBigDec)
+ {
+ bigInt = limBigDec.bigInt;
+ scale = limBigDec.scale;
+ }
+
+ private void checkScale(SimpleBigDecimal b)
+ {
+ if (scale != b.scale)
+ {
+ throw new IllegalArgumentException("Only SimpleBigDecimal of " +
+ "same scale allowed in arithmetic operations");
+ }
+ }
+
+ public SimpleBigDecimal adjustScale(int newScale)
+ {
+ if (newScale < 0)
+ {
+ throw new IllegalArgumentException("scale may not be negative");
+ }
+
+ if (newScale == scale)
+ {
+ return new SimpleBigDecimal(this);
+ }
+
+ return new SimpleBigDecimal(bigInt.shiftLeft(newScale - scale),
+ newScale);
+ }
+
+ public SimpleBigDecimal add(SimpleBigDecimal b)
+ {
+ checkScale(b);
+ return new SimpleBigDecimal(bigInt.add(b.bigInt), scale);
+ }
+
+ public SimpleBigDecimal add(BigInteger b)
+ {
+ return new SimpleBigDecimal(bigInt.add(b.shiftLeft(scale)), scale);
+ }
+
+ public SimpleBigDecimal negate()
+ {
+ return new SimpleBigDecimal(bigInt.negate(), scale);
+ }
+
+ public SimpleBigDecimal subtract(SimpleBigDecimal b)
+ {
+ return add(b.negate());
+ }
+
+ public SimpleBigDecimal subtract(BigInteger b)
+ {
+ return new SimpleBigDecimal(bigInt.subtract(b.shiftLeft(scale)),
+ scale);
+ }
+
+ public SimpleBigDecimal multiply(SimpleBigDecimal b)
+ {
+ checkScale(b);
+ return new SimpleBigDecimal(bigInt.multiply(b.bigInt), scale + scale);
+ }
+
+ public SimpleBigDecimal multiply(BigInteger b)
+ {
+ return new SimpleBigDecimal(bigInt.multiply(b), scale);
+ }
+
+ public SimpleBigDecimal divide(SimpleBigDecimal b)
+ {
+ checkScale(b);
+ BigInteger dividend = bigInt.shiftLeft(scale);
+ return new SimpleBigDecimal(dividend.divide(b.bigInt), scale);
+ }
+
+ public SimpleBigDecimal divide(BigInteger b)
+ {
+ return new SimpleBigDecimal(bigInt.divide(b), scale);
+ }
+
+ public SimpleBigDecimal shiftLeft(int n)
+ {
+ return new SimpleBigDecimal(bigInt.shiftLeft(n), scale);
+ }
+
+ public int compareTo(SimpleBigDecimal val)
+ {
+ checkScale(val);
+ return bigInt.compareTo(val.bigInt);
+ }
+
+ public int compareTo(BigInteger val)
+ {
+ return bigInt.compareTo(val.shiftLeft(scale));
+ }
+
+ public BigInteger floor()
+ {
+ return bigInt.shiftRight(scale);
+ }
+
+ public BigInteger round()
+ {
+ SimpleBigDecimal oneHalf = new SimpleBigDecimal(ECConstants.ONE, 1);
+ return add(oneHalf.adjustScale(scale)).floor();
+ }
+
+ public int intValue()
+ {
+ return floor().intValue();
+ }
+
+ public long longValue()
+ {
+ return floor().longValue();
+ }
+ /* NON-J2ME compliant.
+ public double doubleValue()
+ {
+ return Double.valueOf(toString()).doubleValue();
+ }
+
+ public float floatValue()
+ {
+ return Float.valueOf(toString()).floatValue();
+ }
+ */
+ public int getScale()
+ {
+ return scale;
+ }
+
+ public String toString()
+ {
+ if (scale == 0)
+ {
+ return bigInt.toString();
+ }
+
+ BigInteger floorBigInt = floor();
+
+ BigInteger fract = bigInt.subtract(floorBigInt.shiftLeft(scale));
+ if (bigInt.signum() == -1)
+ {
+ fract = ECConstants.ONE.shiftLeft(scale).subtract(fract);
+ }
+
+ if ((floorBigInt.signum() == -1) && (!(fract.equals(ECConstants.ZERO))))
+ {
+ floorBigInt = floorBigInt.add(ECConstants.ONE);
+ }
+ String leftOfPoint = floorBigInt.toString();
+
+ char[] fractCharArr = new char[scale];
+ String fractStr = fract.toString(2);
+ int fractLen = fractStr.length();
+ int zeroes = scale - fractLen;
+ for (int i = 0; i < zeroes; i++)
+ {
+ fractCharArr[i] = '0';
+ }
+ for (int j = 0; j < fractLen; j++)
+ {
+ fractCharArr[zeroes + j] = fractStr.charAt(j);
+ }
+ String rightOfPoint = new String(fractCharArr);
+
+ StringBuffer sb = new StringBuffer(leftOfPoint);
+ sb.append(".");
+ sb.append(rightOfPoint);
+
+ return sb.toString();
+ }
+
+ public boolean equals(Object o)
+ {
+ if (this == o)
+ {
+ return true;
+ }
+
+ if (!(o instanceof SimpleBigDecimal))
+ {
+ return false;
+ }
+
+ SimpleBigDecimal other = (SimpleBigDecimal)o;
+ return ((bigInt.equals(other.bigInt)) && (scale == other.scale));
+ }
+
+ public int hashCode()
+ {
+ return bigInt.hashCode() ^ scale;
+ }
+
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/Tnaf.java b/src/main/java/org/bouncycastle/math/ec/Tnaf.java
new file mode 100644
index 0000000..af4355f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/Tnaf.java
@@ -0,0 +1,844 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class holding methods for point multiplication based on the window
+ * τ-adic nonadjacent form (WTNAF). The algorithms are based on the
+ * paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves"
+ * by Jerome A. Solinas. The paper first appeared in the Proceedings of
+ * Crypto 1997.
+ */
+class Tnaf
+{
+ private static final BigInteger MINUS_ONE = ECConstants.ONE.negate();
+ private static final BigInteger MINUS_TWO = ECConstants.TWO.negate();
+ private static final BigInteger MINUS_THREE = ECConstants.THREE.negate();
+
+ /**
+ * The window width of WTNAF. The standard value of 4 is slightly less
+ * than optimal for running time, but keeps space requirements for
+ * precomputation low. For typical curves, a value of 5 or 6 results in
+ * a better running time. When changing this value, the
+ * <code>α<sub>u</sub></code>'s must be computed differently, see
+ * e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson,
+ * Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004,
+ * p. 121-122
+ */
+ public static final byte WIDTH = 4;
+
+ /**
+ * 2<sup>4</sup>
+ */
+ public static final byte POW_2_WIDTH = 16;
+
+ /**
+ * The <code>α<sub>u</sub></code>'s for <code>a=0</code> as an array
+ * of <code>ZTauElement</code>s.
+ */
+ public static final ZTauElement[] alpha0 = {
+ null,
+ new ZTauElement(ECConstants.ONE, ECConstants.ZERO), null,
+ new ZTauElement(MINUS_THREE, MINUS_ONE), null,
+ new ZTauElement(MINUS_ONE, MINUS_ONE), null,
+ new ZTauElement(ECConstants.ONE, MINUS_ONE), null
+ };
+
+ /**
+ * The <code>α<sub>u</sub></code>'s for <code>a=0</code> as an array
+ * of TNAFs.
+ */
+ public static final byte[][] alpha0Tnaf = {
+ null, {1}, null, {-1, 0, 1}, null, {1, 0, 1}, null, {-1, 0, 0, 1}
+ };
+
+ /**
+ * The <code>α<sub>u</sub></code>'s for <code>a=1</code> as an array
+ * of <code>ZTauElement</code>s.
+ */
+ public static final ZTauElement[] alpha1 = {null,
+ new ZTauElement(ECConstants.ONE, ECConstants.ZERO), null,
+ new ZTauElement(MINUS_THREE, ECConstants.ONE), null,
+ new ZTauElement(MINUS_ONE, ECConstants.ONE), null,
+ new ZTauElement(ECConstants.ONE, ECConstants.ONE), null
+ };
+
+ /**
+ * The <code>α<sub>u</sub></code>'s for <code>a=1</code> as an array
+ * of TNAFs.
+ */
+ public static final byte[][] alpha1Tnaf = {
+ null, {1}, null, {-1, 0, 1}, null, {1, 0, 1}, null, {-1, 0, 0, -1}
+ };
+
+ /**
+ * Computes the norm of an element <code>λ</code> of
+ * <code><b>Z</b>[τ]</code>.
+ * @param mu The parameter <code>μ</code> of the elliptic curve.
+ * @param lambda The element <code>λ</code> of
+ * <code><b>Z</b>[τ]</code>.
+ * @return The norm of <code>λ</code>.
+ */
+ public static BigInteger norm(final byte mu, ZTauElement lambda)
+ {
+ BigInteger norm;
+
+ // s1 = u^2
+ BigInteger s1 = lambda.u.multiply(lambda.u);
+
+ // s2 = u * v
+ BigInteger s2 = lambda.u.multiply(lambda.v);
+
+ // s3 = 2 * v^2
+ BigInteger s3 = lambda.v.multiply(lambda.v).shiftLeft(1);
+
+ if (mu == 1)
+ {
+ norm = s1.add(s2).add(s3);
+ }
+ else if (mu == -1)
+ {
+ norm = s1.subtract(s2).add(s3);
+ }
+ else
+ {
+ throw new IllegalArgumentException("mu must be 1 or -1");
+ }
+
+ return norm;
+ }
+
+ /**
+ * Computes the norm of an element <code>λ</code> of
+ * <code><b>R</b>[τ]</code>, where <code>λ = u + vτ</code>
+ * and <code>u</code> and <code>u</code> are real numbers (elements of
+ * <code><b>R</b></code>).
+ * @param mu The parameter <code>μ</code> of the elliptic curve.
+ * @param u The real part of the element <code>λ</code> of
+ * <code><b>R</b>[τ]</code>.
+ * @param v The <code>τ</code>-adic part of the element
+ * <code>λ</code> of <code><b>R</b>[τ]</code>.
+ * @return The norm of <code>λ</code>.
+ */
+ public static SimpleBigDecimal norm(final byte mu, SimpleBigDecimal u,
+ SimpleBigDecimal v)
+ {
+ SimpleBigDecimal norm;
+
+ // s1 = u^2
+ SimpleBigDecimal s1 = u.multiply(u);
+
+ // s2 = u * v
+ SimpleBigDecimal s2 = u.multiply(v);
+
+ // s3 = 2 * v^2
+ SimpleBigDecimal s3 = v.multiply(v).shiftLeft(1);
+
+ if (mu == 1)
+ {
+ norm = s1.add(s2).add(s3);
+ }
+ else if (mu == -1)
+ {
+ norm = s1.subtract(s2).add(s3);
+ }
+ else
+ {
+ throw new IllegalArgumentException("mu must be 1 or -1");
+ }
+
+ return norm;
+ }
+
+ /**
+ * Rounds an element <code>λ</code> of <code><b>R</b>[τ]</code>
+ * to an element of <code><b>Z</b>[τ]</code>, such that their difference
+ * has minimal norm. <code>λ</code> is given as
+ * <code>λ = λ<sub>0</sub> + λ<sub>1</sub>τ</code>.
+ * @param lambda0 The component <code>λ<sub>0</sub></code>.
+ * @param lambda1 The component <code>λ<sub>1</sub></code>.
+ * @param mu The parameter <code>μ</code> of the elliptic curve. Must
+ * equal 1 or -1.
+ * @return The rounded element of <code><b>Z</b>[τ]</code>.
+ * @throws IllegalArgumentException if <code>lambda0</code> and
+ * <code>lambda1</code> do not have same scale.
+ */
+ public static ZTauElement round(SimpleBigDecimal lambda0,
+ SimpleBigDecimal lambda1, byte mu)
+ {
+ int scale = lambda0.getScale();
+ if (lambda1.getScale() != scale)
+ {
+ throw new IllegalArgumentException("lambda0 and lambda1 do not " +
+ "have same scale");
+ }
+
+ if (!((mu == 1) || (mu == -1)))
+ {
+ throw new IllegalArgumentException("mu must be 1 or -1");
+ }
+
+ BigInteger f0 = lambda0.round();
+ BigInteger f1 = lambda1.round();
+
+ SimpleBigDecimal eta0 = lambda0.subtract(f0);
+ SimpleBigDecimal eta1 = lambda1.subtract(f1);
+
+ // eta = 2*eta0 + mu*eta1
+ SimpleBigDecimal eta = eta0.add(eta0);
+ if (mu == 1)
+ {
+ eta = eta.add(eta1);
+ }
+ else
+ {
+ // mu == -1
+ eta = eta.subtract(eta1);
+ }
+
+ // check1 = eta0 - 3*mu*eta1
+ // check2 = eta0 + 4*mu*eta1
+ SimpleBigDecimal threeEta1 = eta1.add(eta1).add(eta1);
+ SimpleBigDecimal fourEta1 = threeEta1.add(eta1);
+ SimpleBigDecimal check1;
+ SimpleBigDecimal check2;
+ if (mu == 1)
+ {
+ check1 = eta0.subtract(threeEta1);
+ check2 = eta0.add(fourEta1);
+ }
+ else
+ {
+ // mu == -1
+ check1 = eta0.add(threeEta1);
+ check2 = eta0.subtract(fourEta1);
+ }
+
+ byte h0 = 0;
+ byte h1 = 0;
+
+ // if eta >= 1
+ if (eta.compareTo(ECConstants.ONE) >= 0)
+ {
+ if (check1.compareTo(MINUS_ONE) < 0)
+ {
+ h1 = mu;
+ }
+ else
+ {
+ h0 = 1;
+ }
+ }
+ else
+ {
+ // eta < 1
+ if (check2.compareTo(ECConstants.TWO) >= 0)
+ {
+ h1 = mu;
+ }
+ }
+
+ // if eta < -1
+ if (eta.compareTo(MINUS_ONE) < 0)
+ {
+ if (check1.compareTo(ECConstants.ONE) >= 0)
+ {
+ h1 = (byte)-mu;
+ }
+ else
+ {
+ h0 = -1;
+ }
+ }
+ else
+ {
+ // eta >= -1
+ if (check2.compareTo(MINUS_TWO) < 0)
+ {
+ h1 = (byte)-mu;
+ }
+ }
+
+ BigInteger q0 = f0.add(BigInteger.valueOf(h0));
+ BigInteger q1 = f1.add(BigInteger.valueOf(h1));
+ return new ZTauElement(q0, q1);
+ }
+
+ /**
+ * Approximate division by <code>n</code>. For an integer
+ * <code>k</code>, the value <code>λ = s k / n</code> is
+ * computed to <code>c</code> bits of accuracy.
+ * @param k The parameter <code>k</code>.
+ * @param s The curve parameter <code>s<sub>0</sub></code> or
+ * <code>s<sub>1</sub></code>.
+ * @param vm The Lucas Sequence element <code>V<sub>m</sub></code>.
+ * @param a The parameter <code>a</code> of the elliptic curve.
+ * @param m The bit length of the finite field
+ * <code><b>F</b><sub>m</sub></code>.
+ * @param c The number of bits of accuracy, i.e. the scale of the returned
+ * <code>SimpleBigDecimal</code>.
+ * @return The value <code>λ = s k / n</code> computed to
+ * <code>c</code> bits of accuracy.
+ */
+ public static SimpleBigDecimal approximateDivisionByN(BigInteger k,
+ BigInteger s, BigInteger vm, byte a, int m, int c)
+ {
+ int _k = (m + 5)/2 + c;
+ BigInteger ns = k.shiftRight(m - _k - 2 + a);
+
+ BigInteger gs = s.multiply(ns);
+
+ BigInteger hs = gs.shiftRight(m);
+
+ BigInteger js = vm.multiply(hs);
+
+ BigInteger gsPlusJs = gs.add(js);
+ BigInteger ls = gsPlusJs.shiftRight(_k-c);
+ if (gsPlusJs.testBit(_k-c-1))
+ {
+ // round up
+ ls = ls.add(ECConstants.ONE);
+ }
+
+ return new SimpleBigDecimal(ls, c);
+ }
+
+ /**
+ * Computes the <code>τ</code>-adic NAF (non-adjacent form) of an
+ * element <code>λ</code> of <code><b>Z</b>[τ]</code>.
+ * @param mu The parameter <code>μ</code> of the elliptic curve.
+ * @param lambda The element <code>λ</code> of
+ * <code><b>Z</b>[τ]</code>.
+ * @return The <code>τ</code>-adic NAF of <code>λ</code>.
+ */
+ public static byte[] tauAdicNaf(byte mu, ZTauElement lambda)
+ {
+ if (!((mu == 1) || (mu == -1)))
+ {
+ throw new IllegalArgumentException("mu must be 1 or -1");
+ }
+
+ BigInteger norm = norm(mu, lambda);
+
+ // Ceiling of log2 of the norm
+ int log2Norm = norm.bitLength();
+
+ // If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52
+ int maxLength = log2Norm > 30 ? log2Norm + 4 : 34;
+
+ // The array holding the TNAF
+ byte[] u = new byte[maxLength];
+ int i = 0;
+
+ // The actual length of the TNAF
+ int length = 0;
+
+ BigInteger r0 = lambda.u;
+ BigInteger r1 = lambda.v;
+
+ while(!((r0.equals(ECConstants.ZERO)) && (r1.equals(ECConstants.ZERO))))
+ {
+ // If r0 is odd
+ if (r0.testBit(0))
+ {
+ u[i] = (byte) ECConstants.TWO.subtract((r0.subtract(r1.shiftLeft(1))).mod(ECConstants.FOUR)).intValue();
+
+ // r0 = r0 - u[i]
+ if (u[i] == 1)
+ {
+ r0 = r0.clearBit(0);
+ }
+ else
+ {
+ // u[i] == -1
+ r0 = r0.add(ECConstants.ONE);
+ }
+ length = i;
+ }
+ else
+ {
+ u[i] = 0;
+ }
+
+ BigInteger t = r0;
+ BigInteger s = r0.shiftRight(1);
+ if (mu == 1)
+ {
+ r0 = r1.add(s);
+ }
+ else
+ {
+ // mu == -1
+ r0 = r1.subtract(s);
+ }
+
+ r1 = t.shiftRight(1).negate();
+ i++;
+ }
+
+ length++;
+
+ // Reduce the TNAF array to its actual length
+ byte[] tnaf = new byte[length];
+ System.arraycopy(u, 0, tnaf, 0, length);
+ return tnaf;
+ }
+
+ /**
+ * Applies the operation <code>τ()</code> to an
+ * <code>ECPoint.F2m</code>.
+ * @param p The ECPoint.F2m to which <code>τ()</code> is applied.
+ * @return <code>τ(p)</code>
+ */
+ public static ECPoint.F2m tau(ECPoint.F2m p)
+ {
+ if (p.isInfinity())
+ {
+ return p;
+ }
+
+ ECFieldElement x = p.getX();
+ ECFieldElement y = p.getY();
+
+ return new ECPoint.F2m(p.getCurve(), x.square(), y.square(), p.isCompressed());
+ }
+
+ /**
+ * Returns the parameter <code>μ</code> of the elliptic curve.
+ * @param curve The elliptic curve from which to obtain <code>μ</code>.
+ * The curve must be a Koblitz curve, i.e. <code>a</code> equals
+ * <code>0</code> or <code>1</code> and <code>b</code> equals
+ * <code>1</code>.
+ * @return <code>μ</code> of the elliptic curve.
+ * @throws IllegalArgumentException if the given ECCurve is not a Koblitz
+ * curve.
+ */
+ public static byte getMu(ECCurve.F2m curve)
+ {
+ BigInteger a = curve.getA().toBigInteger();
+ byte mu;
+
+ if (a.equals(ECConstants.ZERO))
+ {
+ mu = -1;
+ }
+ else if (a.equals(ECConstants.ONE))
+ {
+ mu = 1;
+ }
+ else
+ {
+ throw new IllegalArgumentException("No Koblitz curve (ABC), " +
+ "TNAF multiplication not possible");
+ }
+ return mu;
+ }
+
+ /**
+ * Calculates the Lucas Sequence elements <code>U<sub>k-1</sub></code> and
+ * <code>U<sub>k</sub></code> or <code>V<sub>k-1</sub></code> and
+ * <code>V<sub>k</sub></code>.
+ * @param mu The parameter <code>μ</code> of the elliptic curve.
+ * @param k The index of the second element of the Lucas Sequence to be
+ * returned.
+ * @param doV If set to true, computes <code>V<sub>k-1</sub></code> and
+ * <code>V<sub>k</sub></code>, otherwise <code>U<sub>k-1</sub></code> and
+ * <code>U<sub>k</sub></code>.
+ * @return An array with 2 elements, containing <code>U<sub>k-1</sub></code>
+ * and <code>U<sub>k</sub></code> or <code>V<sub>k-1</sub></code>
+ * and <code>V<sub>k</sub></code>.
+ */
+ public static BigInteger[] getLucas(byte mu, int k, boolean doV)
+ {
+ if (!((mu == 1) || (mu == -1)))
+ {
+ throw new IllegalArgumentException("mu must be 1 or -1");
+ }
+
+ BigInteger u0;
+ BigInteger u1;
+ BigInteger u2;
+
+ if (doV)
+ {
+ u0 = ECConstants.TWO;
+ u1 = BigInteger.valueOf(mu);
+ }
+ else
+ {
+ u0 = ECConstants.ZERO;
+ u1 = ECConstants.ONE;
+ }
+
+ for (int i = 1; i < k; i++)
+ {
+ // u2 = mu*u1 - 2*u0;
+ BigInteger s = null;
+ if (mu == 1)
+ {
+ s = u1;
+ }
+ else
+ {
+ // mu == -1
+ s = u1.negate();
+ }
+
+ u2 = s.subtract(u0.shiftLeft(1));
+ u0 = u1;
+ u1 = u2;
+// System.out.println(i + ": " + u2);
+// System.out.println();
+ }
+
+ BigInteger[] retVal = {u0, u1};
+ return retVal;
+ }
+
+ /**
+ * Computes the auxiliary value <code>t<sub>w</sub></code>. If the width is
+ * 4, then for <code>mu = 1</code>, <code>t<sub>w</sub> = 6</code> and for
+ * <code>mu = -1</code>, <code>t<sub>w</sub> = 10</code>
+ * @param mu The parameter <code>μ</code> of the elliptic curve.
+ * @param w The window width of the WTNAF.
+ * @return the auxiliary value <code>t<sub>w</sub></code>
+ */
+ public static BigInteger getTw(byte mu, int w)
+ {
+ if (w == 4)
+ {
+ if (mu == 1)
+ {
+ return BigInteger.valueOf(6);
+ }
+ else
+ {
+ // mu == -1
+ return BigInteger.valueOf(10);
+ }
+ }
+ else
+ {
+ // For w <> 4, the values must be computed
+ BigInteger[] us = getLucas(mu, w, false);
+ BigInteger twoToW = ECConstants.ZERO.setBit(w);
+ BigInteger u1invert = us[1].modInverse(twoToW);
+ BigInteger tw;
+ tw = ECConstants.TWO.multiply(us[0]).multiply(u1invert).mod(twoToW);
+// System.out.println("mu = " + mu);
+// System.out.println("tw = " + tw);
+ return tw;
+ }
+ }
+
+ /**
+ * Computes the auxiliary values <code>s<sub>0</sub></code> and
+ * <code>s<sub>1</sub></code> used for partial modular reduction.
+ * @param curve The elliptic curve for which to compute
+ * <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>.
+ * @throws IllegalArgumentException if <code>curve</code> is not a
+ * Koblitz curve (Anomalous Binary Curve, ABC).
+ */
+ public static BigInteger[] getSi(ECCurve.F2m curve)
+ {
+ if (!curve.isKoblitz())
+ {
+ throw new IllegalArgumentException("si is defined for Koblitz curves only");
+ }
+
+ int m = curve.getM();
+ int a = curve.getA().toBigInteger().intValue();
+ byte mu = curve.getMu();
+ int h = curve.getH().intValue();
+ int index = m + 3 - a;
+ BigInteger[] ui = getLucas(mu, index, false);
+
+ BigInteger dividend0;
+ BigInteger dividend1;
+ if (mu == 1)
+ {
+ dividend0 = ECConstants.ONE.subtract(ui[1]);
+ dividend1 = ECConstants.ONE.subtract(ui[0]);
+ }
+ else if (mu == -1)
+ {
+ dividend0 = ECConstants.ONE.add(ui[1]);
+ dividend1 = ECConstants.ONE.add(ui[0]);
+ }
+ else
+ {
+ throw new IllegalArgumentException("mu must be 1 or -1");
+ }
+
+ BigInteger[] si = new BigInteger[2];
+
+ if (h == 2)
+ {
+ si[0] = dividend0.shiftRight(1);
+ si[1] = dividend1.shiftRight(1).negate();
+ }
+ else if (h == 4)
+ {
+ si[0] = dividend0.shiftRight(2);
+ si[1] = dividend1.shiftRight(2).negate();
+ }
+ else
+ {
+ throw new IllegalArgumentException("h (Cofactor) must be 2 or 4");
+ }
+
+ return si;
+ }
+
+ /**
+ * Partial modular reduction modulo
+ * <code>(τ<sup>m</sup> - 1)/(τ - 1)</code>.
+ * @param k The integer to be reduced.
+ * @param m The bitlength of the underlying finite field.
+ * @param a The parameter <code>a</code> of the elliptic curve.
+ * @param s The auxiliary values <code>s<sub>0</sub></code> and
+ * <code>s<sub>1</sub></code>.
+ * @param mu The parameter μ of the elliptic curve.
+ * @param c The precision (number of bits of accuracy) of the partial
+ * modular reduction.
+ * @return <code>ρ := k partmod (τ<sup>m</sup> - 1)/(τ - 1)</code>
+ */
+ public static ZTauElement partModReduction(BigInteger k, int m, byte a,
+ BigInteger[] s, byte mu, byte c)
+ {
+ // d0 = s[0] + mu*s[1]; mu is either 1 or -1
+ BigInteger d0;
+ if (mu == 1)
+ {
+ d0 = s[0].add(s[1]);
+ }
+ else
+ {
+ d0 = s[0].subtract(s[1]);
+ }
+
+ BigInteger[] v = getLucas(mu, m, true);
+ BigInteger vm = v[1];
+
+ SimpleBigDecimal lambda0 = approximateDivisionByN(
+ k, s[0], vm, a, m, c);
+
+ SimpleBigDecimal lambda1 = approximateDivisionByN(
+ k, s[1], vm, a, m, c);
+
+ ZTauElement q = round(lambda0, lambda1, mu);
+
+ // r0 = n - d0*q0 - 2*s1*q1
+ BigInteger r0 = k.subtract(d0.multiply(q.u)).subtract(
+ BigInteger.valueOf(2).multiply(s[1]).multiply(q.v));
+
+ // r1 = s1*q0 - s0*q1
+ BigInteger r1 = s[1].multiply(q.u).subtract(s[0].multiply(q.v));
+
+ return new ZTauElement(r0, r1);
+ }
+
+ /**
+ * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+ * by a <code>BigInteger</code> using the reduced <code>τ</code>-adic
+ * NAF (RTNAF) method.
+ * @param p The ECPoint.F2m to multiply.
+ * @param k The <code>BigInteger</code> by which to multiply <code>p</code>.
+ * @return <code>k * p</code>
+ */
+ public static ECPoint.F2m multiplyRTnaf(ECPoint.F2m p, BigInteger k)
+ {
+ ECCurve.F2m curve = (ECCurve.F2m) p.getCurve();
+ int m = curve.getM();
+ byte a = (byte) curve.getA().toBigInteger().intValue();
+ byte mu = curve.getMu();
+ BigInteger[] s = curve.getSi();
+ ZTauElement rho = partModReduction(k, m, a, s, mu, (byte)10);
+
+ return multiplyTnaf(p, rho);
+ }
+
+ /**
+ * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+ * by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
+ * using the <code>τ</code>-adic NAF (TNAF) method.
+ * @param p The ECPoint.F2m to multiply.
+ * @param lambda The element <code>λ</code> of
+ * <code><b>Z</b>[τ]</code>.
+ * @return <code>λ * p</code>
+ */
+ public static ECPoint.F2m multiplyTnaf(ECPoint.F2m p, ZTauElement lambda)
+ {
+ ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
+ byte mu = curve.getMu();
+ byte[] u = tauAdicNaf(mu, lambda);
+
+ ECPoint.F2m q = multiplyFromTnaf(p, u);
+
+ return q;
+ }
+
+ /**
+ * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+ * by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
+ * using the <code>τ</code>-adic NAF (TNAF) method, given the TNAF
+ * of <code>λ</code>.
+ * @param p The ECPoint.F2m to multiply.
+ * @param u The the TNAF of <code>λ</code>..
+ * @return <code>λ * p</code>
+ */
+ public static ECPoint.F2m multiplyFromTnaf(ECPoint.F2m p, byte[] u)
+ {
+ ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
+ ECPoint.F2m q = (ECPoint.F2m) curve.getInfinity();
+ for (int i = u.length - 1; i >= 0; i--)
+ {
+ q = tau(q);
+ if (u[i] == 1)
+ {
+ q = (ECPoint.F2m)q.addSimple(p);
+ }
+ else if (u[i] == -1)
+ {
+ q = (ECPoint.F2m)q.subtractSimple(p);
+ }
+ }
+ return q;
+ }
+
+ /**
+ * Computes the <code>[τ]</code>-adic window NAF of an element
+ * <code>λ</code> of <code><b>Z</b>[τ]</code>.
+ * @param mu The parameter μ of the elliptic curve.
+ * @param lambda The element <code>λ</code> of
+ * <code><b>Z</b>[τ]</code> of which to compute the
+ * <code>[τ]</code>-adic NAF.
+ * @param width The window width of the resulting WNAF.
+ * @param pow2w 2<sup>width</sup>.
+ * @param tw The auxiliary value <code>t<sub>w</sub></code>.
+ * @param alpha The <code>α<sub>u</sub></code>'s for the window width.
+ * @return The <code>[τ]</code>-adic window NAF of
+ * <code>λ</code>.
+ */
+ public static byte[] tauAdicWNaf(byte mu, ZTauElement lambda,
+ byte width, BigInteger pow2w, BigInteger tw, ZTauElement[] alpha)
+ {
+ if (!((mu == 1) || (mu == -1)))
+ {
+ throw new IllegalArgumentException("mu must be 1 or -1");
+ }
+
+ BigInteger norm = norm(mu, lambda);
+
+ // Ceiling of log2 of the norm
+ int log2Norm = norm.bitLength();
+
+ // If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52
+ int maxLength = log2Norm > 30 ? log2Norm + 4 + width : 34 + width;
+
+ // The array holding the TNAF
+ byte[] u = new byte[maxLength];
+
+ // 2^(width - 1)
+ BigInteger pow2wMin1 = pow2w.shiftRight(1);
+
+ // Split lambda into two BigIntegers to simplify calculations
+ BigInteger r0 = lambda.u;
+ BigInteger r1 = lambda.v;
+ int i = 0;
+
+ // while lambda <> (0, 0)
+ while (!((r0.equals(ECConstants.ZERO))&&(r1.equals(ECConstants.ZERO))))
+ {
+ // if r0 is odd
+ if (r0.testBit(0))
+ {
+ // uUnMod = r0 + r1*tw mod 2^width
+ BigInteger uUnMod
+ = r0.add(r1.multiply(tw)).mod(pow2w);
+
+ byte uLocal;
+ // if uUnMod >= 2^(width - 1)
+ if (uUnMod.compareTo(pow2wMin1) >= 0)
+ {
+ uLocal = (byte) uUnMod.subtract(pow2w).intValue();
+ }
+ else
+ {
+ uLocal = (byte) uUnMod.intValue();
+ }
+ // uLocal is now in [-2^(width-1), 2^(width-1)-1]
+
+ u[i] = uLocal;
+ boolean s = true;
+ if (uLocal < 0)
+ {
+ s = false;
+ uLocal = (byte)-uLocal;
+ }
+ // uLocal is now >= 0
+
+ if (s)
+ {
+ r0 = r0.subtract(alpha[uLocal].u);
+ r1 = r1.subtract(alpha[uLocal].v);
+ }
+ else
+ {
+ r0 = r0.add(alpha[uLocal].u);
+ r1 = r1.add(alpha[uLocal].v);
+ }
+ }
+ else
+ {
+ u[i] = 0;
+ }
+
+ BigInteger t = r0;
+
+ if (mu == 1)
+ {
+ r0 = r1.add(r0.shiftRight(1));
+ }
+ else
+ {
+ // mu == -1
+ r0 = r1.subtract(r0.shiftRight(1));
+ }
+ r1 = t.shiftRight(1).negate();
+ i++;
+ }
+ return u;
+ }
+
+ /**
+ * Does the precomputation for WTNAF multiplication.
+ * @param p The <code>ECPoint</code> for which to do the precomputation.
+ * @param a The parameter <code>a</code> of the elliptic curve.
+ * @return The precomputation array for <code>p</code>.
+ */
+ public static ECPoint.F2m[] getPreComp(ECPoint.F2m p, byte a)
+ {
+ ECPoint.F2m[] pu;
+ pu = new ECPoint.F2m[16];
+ pu[1] = p;
+ byte[][] alphaTnaf;
+ if (a == 0)
+ {
+ alphaTnaf = Tnaf.alpha0Tnaf;
+ }
+ else
+ {
+ // a == 1
+ alphaTnaf = Tnaf.alpha1Tnaf;
+ }
+
+ int precompLen = alphaTnaf.length;
+ for (int i = 3; i < precompLen; i = i + 2)
+ {
+ pu[i] = Tnaf.multiplyFromTnaf(p, alphaTnaf[i]);
+ }
+
+ return pu;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java b/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java
new file mode 100644
index 0000000..10c8ed2
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java
@@ -0,0 +1,240 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class implementing the WNAF (Window Non-Adjacent Form) multiplication
+ * algorithm.
+ */
+class WNafMultiplier implements ECMultiplier
+{
+ /**
+ * Computes the Window NAF (non-adjacent Form) of an integer.
+ * @param width The width <code>w</code> of the Window NAF. The width is
+ * defined as the minimal number <code>w</code>, such that for any
+ * <code>w</code> consecutive digits in the resulting representation, at
+ * most one is non-zero.
+ * @param k The integer of which the Window NAF is computed.
+ * @return The Window NAF of the given width, such that the following holds:
+ * <code>k = ∑<sub>i=0</sub><sup>l-1</sup> k<sub>i</sub>2<sup>i</sup>
+ * </code>, where the <code>k<sub>i</sub></code> denote the elements of the
+ * returned <code>byte[]</code>.
+ */
+ public byte[] windowNaf(byte width, BigInteger k)
+ {
+ // The window NAF is at most 1 element longer than the binary
+ // representation of the integer k. byte can be used instead of short or
+ // int unless the window width is larger than 8. For larger width use
+ // short or int. However, a width of more than 8 is not efficient for
+ // m = log2(q) smaller than 2305 Bits. Note: Values for m larger than
+ // 1000 Bits are currently not used in practice.
+ byte[] wnaf = new byte[k.bitLength() + 1];
+
+ // 2^width as short and BigInteger
+ short pow2wB = (short)(1 << width);
+ BigInteger pow2wBI = BigInteger.valueOf(pow2wB);
+
+ int i = 0;
+
+ // The actual length of the WNAF
+ int length = 0;
+
+ // while k >= 1
+ while (k.signum() > 0)
+ {
+ // if k is odd
+ if (k.testBit(0))
+ {
+ // k mod 2^width
+ BigInteger remainder = k.mod(pow2wBI);
+
+ // if remainder > 2^(width - 1) - 1
+ if (remainder.testBit(width - 1))
+ {
+ wnaf[i] = (byte)(remainder.intValue() - pow2wB);
+ }
+ else
+ {
+ wnaf[i] = (byte)remainder.intValue();
+ }
+ // wnaf[i] is now in [-2^(width-1), 2^(width-1)-1]
+
+ k = k.subtract(BigInteger.valueOf(wnaf[i]));
+ length = i;
+ }
+ else
+ {
+ wnaf[i] = 0;
+ }
+
+ // k = k/2
+ k = k.shiftRight(1);
+ i++;
+ }
+
+ length++;
+
+ // Reduce the WNAF array to its actual length
+ byte[] wnafShort = new byte[length];
+ System.arraycopy(wnaf, 0, wnafShort, 0, length);
+ return wnafShort;
+ }
+
+ /**
+ * Multiplies <code>this</code> by an integer <code>k</code> using the
+ * Window NAF method.
+ * @param k The integer by which <code>this</code> is multiplied.
+ * @return A new <code>ECPoint</code> which equals <code>this</code>
+ * multiplied by <code>k</code>.
+ */
+ public ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo)
+ {
+ WNafPreCompInfo wnafPreCompInfo;
+
+ if ((preCompInfo != null) && (preCompInfo instanceof WNafPreCompInfo))
+ {
+ wnafPreCompInfo = (WNafPreCompInfo)preCompInfo;
+ }
+ else
+ {
+ // Ignore empty PreCompInfo or PreCompInfo of incorrect type
+ wnafPreCompInfo = new WNafPreCompInfo();
+ }
+
+ // floor(log2(k))
+ int m = k.bitLength();
+
+ // width of the Window NAF
+ byte width;
+
+ // Required length of precomputation array
+ int reqPreCompLen;
+
+ // Determine optimal width and corresponding length of precomputation
+ // array based on literature values
+ if (m < 13)
+ {
+ width = 2;
+ reqPreCompLen = 1;
+ }
+ else
+ {
+ if (m < 41)
+ {
+ width = 3;
+ reqPreCompLen = 2;
+ }
+ else
+ {
+ if (m < 121)
+ {
+ width = 4;
+ reqPreCompLen = 4;
+ }
+ else
+ {
+ if (m < 337)
+ {
+ width = 5;
+ reqPreCompLen = 8;
+ }
+ else
+ {
+ if (m < 897)
+ {
+ width = 6;
+ reqPreCompLen = 16;
+ }
+ else
+ {
+ if (m < 2305)
+ {
+ width = 7;
+ reqPreCompLen = 32;
+ }
+ else
+ {
+ width = 8;
+ reqPreCompLen = 127;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ // The length of the precomputation array
+ int preCompLen = 1;
+
+ ECPoint[] preComp = wnafPreCompInfo.getPreComp();
+ ECPoint twiceP = wnafPreCompInfo.getTwiceP();
+
+ // Check if the precomputed ECPoints already exist
+ if (preComp == null)
+ {
+ // Precomputation must be performed from scratch, create an empty
+ // precomputation array of desired length
+ preComp = new ECPoint[]{ p };
+ }
+ else
+ {
+ // Take the already precomputed ECPoints to start with
+ preCompLen = preComp.length;
+ }
+
+ if (twiceP == null)
+ {
+ // Compute twice(p)
+ twiceP = p.twice();
+ }
+
+ if (preCompLen < reqPreCompLen)
+ {
+ // Precomputation array must be made bigger, copy existing preComp
+ // array into the larger new preComp array
+ ECPoint[] oldPreComp = preComp;
+ preComp = new ECPoint[reqPreCompLen];
+ System.arraycopy(oldPreComp, 0, preComp, 0, preCompLen);
+
+ for (int i = preCompLen; i < reqPreCompLen; i++)
+ {
+ // Compute the new ECPoints for the precomputation array.
+ // The values 1, 3, 5, ..., 2^(width-1)-1 times p are
+ // computed
+ preComp[i] = twiceP.add(preComp[i - 1]);
+ }
+ }
+
+ // Compute the Window NAF of the desired width
+ byte[] wnaf = windowNaf(width, k);
+ int l = wnaf.length;
+
+ // Apply the Window NAF to p using the precomputed ECPoint values.
+ ECPoint q = p.getCurve().getInfinity();
+ for (int i = l - 1; i >= 0; i--)
+ {
+ q = q.twice();
+
+ if (wnaf[i] != 0)
+ {
+ if (wnaf[i] > 0)
+ {
+ q = q.add(preComp[(wnaf[i] - 1)/2]);
+ }
+ else
+ {
+ // wnaf[i] < 0
+ q = q.subtract(preComp[(-wnaf[i] - 1)/2]);
+ }
+ }
+ }
+
+ // Set PreCompInfo in ECPoint, such that it is available for next
+ // multiplication.
+ wnafPreCompInfo.setPreComp(preComp);
+ wnafPreCompInfo.setTwiceP(twiceP);
+ p.setPreCompInfo(wnafPreCompInfo);
+ return q;
+ }
+
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java b/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
new file mode 100644
index 0000000..fc0d5fe
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
@@ -0,0 +1,44 @@
+package org.bouncycastle.math.ec;
+
+/**
+ * Class holding precomputation data for the WNAF (Window Non-Adjacent Form)
+ * algorithm.
+ */
+class WNafPreCompInfo implements PreCompInfo
+{
+ /**
+ * Array holding the precomputed <code>ECPoint</code>s used for the Window
+ * NAF multiplication in <code>
+ * {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
+ * WNafMultiplier.multiply()}</code>.
+ */
+ private ECPoint[] preComp = null;
+
+ /**
+ * Holds an <code>ECPoint</code> representing twice(this). Used for the
+ * Window NAF multiplication in <code>
+ * {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
+ * WNafMultiplier.multiply()}</code>.
+ */
+ private ECPoint twiceP = null;
+
+ protected ECPoint[] getPreComp()
+ {
+ return preComp;
+ }
+
+ protected void setPreComp(ECPoint[] preComp)
+ {
+ this.preComp = preComp;
+ }
+
+ protected ECPoint getTwiceP()
+ {
+ return twiceP;
+ }
+
+ protected void setTwiceP(ECPoint twiceThis)
+ {
+ this.twiceP = twiceThis;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java b/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
new file mode 100644
index 0000000..2353979
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
@@ -0,0 +1,119 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class implementing the WTNAF (Window
+ * <code>τ</code>-adic Non-Adjacent Form) algorithm.
+ */
+class WTauNafMultiplier implements ECMultiplier
+{
+ /**
+ * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+ * by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF)
+ * method.
+ * @param p The ECPoint.F2m to multiply.
+ * @param k The integer by which to multiply <code>k</code>.
+ * @return <code>p</code> multiplied by <code>k</code>.
+ */
+ public ECPoint multiply(ECPoint point, BigInteger k, PreCompInfo preCompInfo)
+ {
+ if (!(point instanceof ECPoint.F2m))
+ {
+ throw new IllegalArgumentException("Only ECPoint.F2m can be " +
+ "used in WTauNafMultiplier");
+ }
+
+ ECPoint.F2m p = (ECPoint.F2m)point;
+
+ ECCurve.F2m curve = (ECCurve.F2m) p.getCurve();
+ int m = curve.getM();
+ byte a = curve.getA().toBigInteger().byteValue();
+ byte mu = curve.getMu();
+ BigInteger[] s = curve.getSi();
+
+ ZTauElement rho = Tnaf.partModReduction(k, m, a, s, mu, (byte)10);
+
+ return multiplyWTnaf(p, rho, preCompInfo, a, mu);
+ }
+
+ /**
+ * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+ * by an element <code>λ</code> of <code><b>Z</b>[τ]</code> using
+ * the <code>τ</code>-adic NAF (TNAF) method.
+ * @param p The ECPoint.F2m to multiply.
+ * @param lambda The element <code>λ</code> of
+ * <code><b>Z</b>[τ]</code> of which to compute the
+ * <code>[τ]</code>-adic NAF.
+ * @return <code>p</code> multiplied by <code>λ</code>.
+ */
+ private ECPoint.F2m multiplyWTnaf(ECPoint.F2m p, ZTauElement lambda,
+ PreCompInfo preCompInfo, byte a, byte mu)
+ {
+ ZTauElement[] alpha;
+ if (a == 0)
+ {
+ alpha = Tnaf.alpha0;
+ }
+ else
+ {
+ // a == 1
+ alpha = Tnaf.alpha1;
+ }
+
+ BigInteger tw = Tnaf.getTw(mu, Tnaf.WIDTH);
+
+ byte[]u = Tnaf.tauAdicWNaf(mu, lambda, Tnaf.WIDTH,
+ BigInteger.valueOf(Tnaf.POW_2_WIDTH), tw, alpha);
+
+ return multiplyFromWTnaf(p, u, preCompInfo);
+ }
+
+ /**
+ * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+ * by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
+ * using the window <code>τ</code>-adic NAF (TNAF) method, given the
+ * WTNAF of <code>λ</code>.
+ * @param p The ECPoint.F2m to multiply.
+ * @param u The the WTNAF of <code>λ</code>..
+ * @return <code>λ * p</code>
+ */
+ private static ECPoint.F2m multiplyFromWTnaf(ECPoint.F2m p, byte[] u,
+ PreCompInfo preCompInfo)
+ {
+ ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
+ byte a = curve.getA().toBigInteger().byteValue();
+
+ ECPoint.F2m[] pu;
+ if ((preCompInfo == null) || !(preCompInfo instanceof WTauNafPreCompInfo))
+ {
+ pu = Tnaf.getPreComp(p, a);
+ p.setPreCompInfo(new WTauNafPreCompInfo(pu));
+ }
+ else
+ {
+ pu = ((WTauNafPreCompInfo)preCompInfo).getPreComp();
+ }
+
+ // q = infinity
+ ECPoint.F2m q = (ECPoint.F2m) p.getCurve().getInfinity();
+ for (int i = u.length - 1; i >= 0; i--)
+ {
+ q = Tnaf.tau(q);
+ if (u[i] != 0)
+ {
+ if (u[i] > 0)
+ {
+ q = q.addSimple(pu[u[i]]);
+ }
+ else
+ {
+ // u[i] < 0
+ q = q.subtractSimple(pu[-u[i]]);
+ }
+ }
+ }
+
+ return q;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java b/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
new file mode 100644
index 0000000..d7c583f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
@@ -0,0 +1,39 @@
+package org.bouncycastle.math.ec;
+
+/**
+ * Class holding precomputation data for the WTNAF (Window
+ * <code>τ</code>-adic Non-Adjacent Form) algorithm.
+ */
+class WTauNafPreCompInfo implements PreCompInfo
+{
+ /**
+ * Array holding the precomputed <code>ECPoint.F2m</code>s used for the
+ * WTNAF multiplication in <code>
+ * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
+ * WTauNafMultiplier.multiply()}</code>.
+ */
+ private ECPoint.F2m[] preComp = null;
+
+ /**
+ * Constructor for <code>WTauNafPreCompInfo</code>
+ * @param preComp Array holding the precomputed <code>ECPoint.F2m</code>s
+ * used for the WTNAF multiplication in <code>
+ * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
+ * WTauNafMultiplier.multiply()}</code>.
+ */
+ WTauNafPreCompInfo(ECPoint.F2m[] preComp)
+ {
+ this.preComp = preComp;
+ }
+
+ /**
+ * @return the array holding the precomputed <code>ECPoint.F2m</code>s
+ * used for the WTNAF multiplication in <code>
+ * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
+ * WTauNafMultiplier.multiply()}</code>.
+ */
+ protected ECPoint.F2m[] getPreComp()
+ {
+ return preComp;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ZTauElement.java b/src/main/java/org/bouncycastle/math/ec/ZTauElement.java
new file mode 100644
index 0000000..7402f22
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ZTauElement.java
@@ -0,0 +1,37 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class representing an element of <code><b>Z</b>[τ]</code>. Let
+ * <code>λ</code> be an element of <code><b>Z</b>[τ]</code>. Then
+ * <code>λ</code> is given as <code>λ = u + vτ</code>. The
+ * components <code>u</code> and <code>v</code> may be used directly, there
+ * are no accessor methods.
+ * Immutable class.
+ */
+class ZTauElement
+{
+ /**
+ * The "real" part of <code>λ</code>.
+ */
+ public final BigInteger u;
+
+ /**
+ * The "<code>τ</code>-adic" part of <code>λ</code>.
+ */
+ public final BigInteger v;
+
+ /**
+ * Constructor for an element <code>λ</code> of
+ * <code><b>Z</b>[τ]</code>.
+ * @param u The "real" part of <code>λ</code>.
+ * @param v The "<code>τ</code>-adic" part of
+ * <code>λ</code>.
+ */
+ public ZTauElement(BigInteger u, BigInteger v)
+ {
+ this.u = u;
+ this.v = v;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java b/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java
new file mode 100644
index 0000000..5793007
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java
@@ -0,0 +1,335 @@
+package org.bouncycastle.openssl;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.CRLException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
+import org.bouncycastle.asn1.x509.DSAParameter;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.io.pem.PemGenerationException;
+import org.bouncycastle.util.io.pem.PemHeader;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemObjectGenerator;
+import org.bouncycastle.x509.X509AttributeCertificate;
+import org.bouncycastle.x509.X509V2AttributeCertificate;
+
+/**
+ * PEM generator for the original set of PEM objects used in Open SSL.
+ */
+public class MiscPEMGenerator
+ implements PemObjectGenerator
+{
+ private Object obj;
+ private String algorithm;
+ private char[] password;
+ private SecureRandom random;
+ private Provider provider;
+
+ public MiscPEMGenerator(Object o)
+ {
+ this.obj = o;
+ }
+
+ public MiscPEMGenerator(
+ Object obj,
+ String algorithm,
+ char[] password,
+ SecureRandom random,
+ Provider provider)
+ {
+ this.obj = obj;
+ this.algorithm = algorithm;
+ this.password = password;
+ this.random = random;
+ this.provider = provider;
+ }
+
+ public MiscPEMGenerator(
+ Object obj,
+ String algorithm,
+ char[] password,
+ SecureRandom random,
+ String provider)
+ throws NoSuchProviderException
+ {
+ this.obj = obj;
+ this.algorithm = algorithm;
+ this.password = password;
+ this.random = random;
+
+ if (provider != null)
+ {
+ this.provider = Security.getProvider(provider);
+ if (this.provider == null)
+ {
+ throw new NoSuchProviderException("cannot find provider: " + provider);
+ }
+ }
+ }
+
+ private PemObject createPemObject(Object o)
+ throws IOException
+ {
+ String type;
+ byte[] encoding;
+
+ if (o instanceof PemObject)
+ {
+ return (PemObject)o;
+ }
+ if (o instanceof PemObjectGenerator)
+ {
+ return ((PemObjectGenerator)o).generate();
+ }
+ if (o instanceof X509Certificate)
+ {
+ type = "CERTIFICATE";
+ try
+ {
+ encoding = ((X509Certificate)o).getEncoded();
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw new PemGenerationException("Cannot encode object: " + e.toString());
+ }
+ }
+ else if (o instanceof X509CRL)
+ {
+ type = "X509 CRL";
+ try
+ {
+ encoding = ((X509CRL)o).getEncoded();
+ }
+ catch (CRLException e)
+ {
+ throw new PemGenerationException("Cannot encode object: " + e.toString());
+ }
+ }
+ else if (o instanceof KeyPair)
+ {
+ return createPemObject(((KeyPair)o).getPrivate());
+ }
+ else if (o instanceof PrivateKey)
+ {
+ PrivateKeyInfo info = new PrivateKeyInfo(
+ (ASN1Sequence) ASN1Object.fromByteArray(((Key)o).getEncoded()));
+
+ if (o instanceof RSAPrivateKey)
+ {
+ type = "RSA PRIVATE KEY";
+
+ encoding = info.getPrivateKey().getEncoded();
+ }
+ else if (o instanceof DSAPrivateKey)
+ {
+ type = "DSA PRIVATE KEY";
+
+ DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(new DERInteger(0));
+ v.add(new DERInteger(p.getP()));
+ v.add(new DERInteger(p.getQ()));
+ v.add(new DERInteger(p.getG()));
+
+ BigInteger x = ((DSAPrivateKey)o).getX();
+ BigInteger y = p.getG().modPow(x, p.getP());
+
+ v.add(new DERInteger(y));
+ v.add(new DERInteger(x));
+
+ encoding = new DERSequence(v).getEncoded();
+ }
+ else if (((PrivateKey)o).getAlgorithm().equals("ECDSA"))
+ {
+ type = "EC PRIVATE KEY";
+
+ encoding = info.getPrivateKey().getEncoded();
+ }
+ else
+ {
+ throw new IOException("Cannot identify private key");
+ }
+ }
+ else if (o instanceof PublicKey)
+ {
+ type = "PUBLIC KEY";
+
+ encoding = ((PublicKey)o).getEncoded();
+ }
+ else if (o instanceof X509AttributeCertificate)
+ {
+ type = "ATTRIBUTE CERTIFICATE";
+ encoding = ((X509V2AttributeCertificate)o).getEncoded();
+ }
+ else if (o instanceof PKCS10CertificationRequest)
+ {
+ type = "CERTIFICATE REQUEST";
+ encoding = ((PKCS10CertificationRequest)o).getEncoded();
+ }
+ else if (o instanceof ContentInfo)
+ {
+ type = "PKCS7";
+ encoding = ((ContentInfo)o).getEncoded();
+ }
+ else
+ {
+ throw new PemGenerationException("unknown object passed - can't encode.");
+ }
+
+ return new PemObject(type, encoding);
+ }
+
+ private String getHexEncoded(byte[] bytes)
+ throws IOException
+ {
+ bytes = Hex.encode(bytes);
+
+ char[] chars = new char[bytes.length];
+
+ for (int i = 0; i != bytes.length; i++)
+ {
+ chars[i] = (char)bytes[i];
+ }
+
+ return new String(chars);
+ }
+
+ private PemObject createPemObject(
+ Object obj,
+ String algorithm,
+ char[] password,
+ SecureRandom random)
+ throws IOException
+ {
+ if (obj instanceof KeyPair)
+ {
+ return createPemObject(((KeyPair)obj).getPrivate(), algorithm, password, random);
+ }
+
+ String type = null;
+ byte[] keyData = null;
+
+ if (obj instanceof RSAPrivateCrtKey)
+ {
+ type = "RSA PRIVATE KEY";
+
+ RSAPrivateCrtKey k = (RSAPrivateCrtKey)obj;
+
+ RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(
+ k.getModulus(),
+ k.getPublicExponent(),
+ k.getPrivateExponent(),
+ k.getPrimeP(),
+ k.getPrimeQ(),
+ k.getPrimeExponentP(),
+ k.getPrimeExponentQ(),
+ k.getCrtCoefficient());
+
+ // convert to bytearray
+ keyData = keyStruct.getEncoded();
+ }
+ else if (obj instanceof DSAPrivateKey)
+ {
+ type = "DSA PRIVATE KEY";
+
+ DSAPrivateKey k = (DSAPrivateKey)obj;
+ DSAParams p = k.getParams();
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(new DERInteger(0));
+ v.add(new DERInteger(p.getP()));
+ v.add(new DERInteger(p.getQ()));
+ v.add(new DERInteger(p.getG()));
+
+ BigInteger x = k.getX();
+ BigInteger y = p.getG().modPow(x, p.getP());
+
+ v.add(new DERInteger(y));
+ v.add(new DERInteger(x));
+
+ keyData = new DERSequence(v).getEncoded();
+ }
+ else if (obj instanceof PrivateKey && "ECDSA".equals(((PrivateKey)obj).getAlgorithm()))
+ {
+ type = "EC PRIVATE KEY";
+
+ PrivateKeyInfo privInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(((PrivateKey)obj).getEncoded()));
+
+ keyData = privInfo.getPrivateKey().getEncoded();
+ }
+
+ if (type == null || keyData == null)
+ {
+ // TODO Support other types?
+ throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName());
+ }
+
+ String dekAlgName = Strings.toUpperCase(algorithm);
+
+ // Note: For backward compatibility
+ if (dekAlgName.equals("DESEDE"))
+ {
+ dekAlgName = "DES-EDE3-CBC";
+ }
+
+ int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8;
+
+ byte[] iv = new byte[ivLength];
+ random.nextBytes(iv);
+
+ byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv);
+
+ List headers = new ArrayList(2);
+
+ headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
+ headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
+
+ return new PemObject(type, headers, encData);
+ }
+
+ public PemObject generate()
+ throws PemGenerationException
+ {
+ try
+ {
+ if (algorithm != null)
+ {
+ return createPemObject(obj, algorithm, password, random);
+ }
+
+ return createPemObject(obj);
+ }
+ catch (IOException e)
+ {
+ throw new PemGenerationException("encoding exception: " + e.getMessage(), e);
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PEMException.java b/src/main/java/org/bouncycastle/openssl/PEMException.java
new file mode 100644
index 0000000..3753aec
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PEMException.java
@@ -0,0 +1,34 @@
+package org.bouncycastle.openssl;
+
+import java.io.IOException;
+
+public class PEMException
+ extends IOException
+{
+ Exception underlying;
+
+ public PEMException(
+ String message)
+ {
+ super(message);
+ }
+
+ public PEMException(
+ String message,
+ Exception underlying)
+ {
+ super(message);
+ this.underlying = underlying;
+ }
+
+ public Exception getUnderlyingException()
+ {
+ return underlying;
+ }
+
+
+ public Throwable getCause()
+ {
+ return underlying;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PEMReader.java b/src/main/java/org/bouncycastle/openssl/PEMReader.java
new file mode 100644
index 0000000..92bf8f9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PEMReader.java
@@ -0,0 +1,804 @@
+package org.bouncycastle.openssl;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.Reader;
+import java.security.AlgorithmParameters;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.cert.CertificateFactory;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.EncryptionScheme;
+import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
+import org.bouncycastle.asn1.pkcs.PBEParameter;
+import org.bouncycastle.asn1.pkcs.PBES2Parameters;
+import org.bouncycastle.asn1.pkcs.PBKDF2Params;
+import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.io.pem.PemHeader;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemObjectParser;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.bouncycastle.x509.X509V2AttributeCertificate;
+
+/**
+ * Class for reading OpenSSL PEM encoded streams containing
+ * X509 certificates, PKCS8 encoded keys and PKCS7 objects.
+ * <p>
+ * In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and
+ * Certificates will be returned using the appropriate java.security type (KeyPair, PublicKey, X509Certificate,
+ * or X509CRL). In the case of a Certificate Request a PKCS10CertificationRequest will be returned.
+ * </p>
+ */
+public class PEMReader
+ extends PemReader
+{
+ private final Map parsers = new HashMap();
+
+ private PasswordFinder pFinder;
+
+
+ /**
+ * Create a new PEMReader
+ *
+ * @param reader the Reader
+ */
+ public PEMReader(
+ Reader reader)
+ {
+ this(reader, null, "BC");
+ }
+
+ /**
+ * Create a new PEMReader with a password finder
+ *
+ * @param reader the Reader
+ * @param pFinder the password finder
+ */
+ public PEMReader(
+ Reader reader,
+ PasswordFinder pFinder)
+ {
+ this(reader, pFinder, "BC");
+ }
+
+ /**
+ * Create a new PEMReader with a password finder
+ *
+ * @param reader the Reader
+ * @param pFinder the password finder
+ * @param provider the cryptography provider to use
+ */
+ public PEMReader(
+ Reader reader,
+ PasswordFinder pFinder,
+ String provider)
+ {
+ this(reader, pFinder, provider, provider);
+ }
+
+ /**
+ * Create a new PEMReader with a password finder and differing providers for secret and public key
+ * operations.
+ *
+ * @param reader the Reader
+ * @param pFinder the password finder
+ * @param symProvider provider to use for symmetric operations
+ * @param asymProvider provider to use for asymmetric (public/private key) operations
+ */
+ public PEMReader(
+ Reader reader,
+ PasswordFinder pFinder,
+ String symProvider,
+ String asymProvider)
+ {
+ super(reader);
+
+ this.pFinder = pFinder;
+
+ parsers.put("CERTIFICATE REQUEST", new PKCS10CertificationRequestParser());
+ parsers.put("NEW CERTIFICATE REQUEST", new PKCS10CertificationRequestParser());
+ parsers.put("CERTIFICATE", new X509CertificateParser(asymProvider));
+ parsers.put("X509 CERTIFICATE", new X509CertificateParser(asymProvider));
+ parsers.put("X509 CRL", new X509CRLParser(asymProvider));
+ parsers.put("PKCS7", new PKCS7Parser());
+ parsers.put("ATTRIBUTE CERTIFICATE", new X509AttributeCertificateParser());
+ parsers.put("EC PARAMETERS", new ECNamedCurveSpecParser());
+ parsers.put("PUBLIC KEY", new PublicKeyParser(asymProvider));
+ parsers.put("RSA PUBLIC KEY", new RSAPublicKeyParser(asymProvider));
+ parsers.put("RSA PRIVATE KEY", new RSAKeyPairParser(asymProvider));
+ parsers.put("DSA PRIVATE KEY", new DSAKeyPairParser(asymProvider));
+ parsers.put("EC PRIVATE KEY", new ECDSAKeyPairParser(asymProvider));
+ parsers.put("ENCRYPTED PRIVATE KEY", new EncryptedPrivateKeyParser(symProvider, asymProvider));
+ parsers.put("PRIVATE KEY", new PrivateKeyParser(asymProvider));
+ }
+
+ public Object readObject()
+ throws IOException
+ {
+ PemObject obj = readPemObject();
+
+ if (obj != null)
+ {
+ String type = obj.getType();
+ if (parsers.containsKey(type))
+ {
+ return ((PemObjectParser)parsers.get(type)).parseObject(obj);
+ }
+ else
+ {
+ throw new IOException("unrecognised object: " + type);
+ }
+ }
+
+ return null;
+ }
+
+ private abstract class KeyPairParser
+ implements PemObjectParser
+ {
+ protected String provider;
+
+ public KeyPairParser(String provider)
+ {
+ this.provider = provider;
+ }
+
+ /**
+ * Read a Key Pair
+ */
+ protected ASN1Sequence readKeyPair(
+ PemObject obj)
+ throws IOException
+ {
+ boolean isEncrypted = false;
+ String dekInfo = null;
+ List headers = obj.getHeaders();
+
+ for (Iterator it = headers.iterator(); it.hasNext();)
+ {
+ PemHeader hdr = (PemHeader)it.next();
+
+ if (hdr.getName().equals("Proc-Type") && hdr.getValue().equals("4,ENCRYPTED"))
+ {
+ isEncrypted = true;
+ }
+ else if (hdr.getName().equals("DEK-Info"))
+ {
+ dekInfo = hdr.getValue();
+ }
+ }
+
+ //
+ // extract the key
+ //
+ byte[] keyBytes = obj.getContent();
+
+ if (isEncrypted)
+ {
+ if (pFinder == null)
+ {
+ throw new PasswordException("No password finder specified, but a password is required");
+ }
+
+ char[] password = pFinder.getPassword();
+
+ if (password == null)
+ {
+ throw new PasswordException("Password is null, but a password is required");
+ }
+
+ StringTokenizer tknz = new StringTokenizer(dekInfo, ",");
+ String dekAlgName = tknz.nextToken();
+ byte[] iv = Hex.decode(tknz.nextToken());
+
+ keyBytes = PEMUtilities.crypt(false, provider, keyBytes, password, dekAlgName, iv);
+ }
+
+ try
+ {
+ return (ASN1Sequence)ASN1Object.fromByteArray(keyBytes);
+ }
+ catch (IOException e)
+ {
+ if (isEncrypted)
+ {
+ throw new PEMException("exception decoding - please check password and data.", e);
+ }
+ else
+ {
+ throw new PEMException(e.getMessage(), e);
+ }
+ }
+ catch (ClassCastException e)
+ {
+ if (isEncrypted)
+ {
+ throw new PEMException("exception decoding - please check password and data.", e);
+ }
+ else
+ {
+ throw new PEMException(e.getMessage(), e);
+ }
+ }
+ }
+ }
+
+ private class DSAKeyPairParser
+ extends KeyPairParser
+ {
+ public DSAKeyPairParser(String provider)
+ {
+ super(provider);
+ }
+
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ ASN1Sequence seq = readKeyPair(obj);
+
+ if (seq.size() != 6)
+ {
+ throw new PEMException("malformed sequence in DSA private key");
+ }
+
+ // DERInteger v = (DERInteger)seq.getObjectAt(0);
+ DERInteger p = (DERInteger)seq.getObjectAt(1);
+ DERInteger q = (DERInteger)seq.getObjectAt(2);
+ DERInteger g = (DERInteger)seq.getObjectAt(3);
+ DERInteger y = (DERInteger)seq.getObjectAt(4);
+ DERInteger x = (DERInteger)seq.getObjectAt(5);
+
+ DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(
+ x.getValue(), p.getValue(),
+ q.getValue(), g.getValue());
+ DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(
+ y.getValue(), p.getValue(),
+ q.getValue(), g.getValue());
+
+ KeyFactory fact = KeyFactory.getInstance("DSA", provider);
+
+ return new KeyPair(
+ fact.generatePublic(pubSpec),
+ fact.generatePrivate(privSpec));
+ }
+ catch (IOException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new PEMException(
+ "problem creating DSA private key: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class ECDSAKeyPairParser
+ extends KeyPairParser
+ {
+ public ECDSAKeyPairParser(String provider)
+ {
+ super(provider);
+ }
+
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ ASN1Sequence seq = readKeyPair(obj);
+
+ ECPrivateKeyStructure pKey = new ECPrivateKeyStructure(seq);
+ AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
+ PrivateKeyInfo privInfo = new PrivateKeyInfo(algId, pKey.getDERObject());
+ SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(algId, pKey.getPublicKey().getBytes());
+
+ PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privInfo.getEncoded());
+ X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
+
+
+ KeyFactory fact = KeyFactory.getInstance("ECDSA", provider);
+
+
+ return new KeyPair(
+ fact.generatePublic(pubSpec),
+ fact.generatePrivate(privSpec));
+ }
+ catch (IOException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new PEMException(
+ "problem creating EC private key: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class RSAKeyPairParser
+ extends KeyPairParser
+ {
+ public RSAKeyPairParser(String provider)
+ {
+ super(provider);
+ }
+
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ ASN1Sequence seq = readKeyPair(obj);
+
+ if (seq.size() != 9)
+ {
+ throw new PEMException("malformed sequence in RSA private key");
+ }
+
+ // DERInteger v = (DERInteger)seq.getObjectAt(0);
+ DERInteger mod = (DERInteger)seq.getObjectAt(1);
+ DERInteger pubExp = (DERInteger)seq.getObjectAt(2);
+ DERInteger privExp = (DERInteger)seq.getObjectAt(3);
+ DERInteger p1 = (DERInteger)seq.getObjectAt(4);
+ DERInteger p2 = (DERInteger)seq.getObjectAt(5);
+ DERInteger exp1 = (DERInteger)seq.getObjectAt(6);
+ DERInteger exp2 = (DERInteger)seq.getObjectAt(7);
+ DERInteger crtCoef = (DERInteger)seq.getObjectAt(8);
+
+ RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(
+ mod.getValue(), pubExp.getValue());
+ RSAPrivateCrtKeySpec privSpec = new RSAPrivateCrtKeySpec(
+ mod.getValue(), pubExp.getValue(), privExp.getValue(),
+ p1.getValue(), p2.getValue(),
+ exp1.getValue(), exp2.getValue(),
+ crtCoef.getValue());
+
+
+ KeyFactory fact = KeyFactory.getInstance("RSA", provider);
+
+
+ return new KeyPair(
+ fact.generatePublic(pubSpec),
+ fact.generatePrivate(privSpec));
+ }
+ catch (IOException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new PEMException(
+ "problem creating RSA private key: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class PublicKeyParser
+ implements PemObjectParser
+ {
+ private String provider;
+
+ public PublicKeyParser(String provider)
+ {
+ this.provider = provider;
+ }
+
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ KeySpec keySpec = new X509EncodedKeySpec(obj.getContent());
+ String[] algorithms = {"DSA", "RSA"};
+ for (int i = 0; i < algorithms.length; i++)
+ {
+ try
+ {
+ KeyFactory keyFact = KeyFactory.getInstance(algorithms[i], provider);
+ PublicKey pubKey = keyFact.generatePublic(keySpec);
+
+ return pubKey;
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ // ignore
+ }
+ catch (InvalidKeySpecException e)
+ {
+ // ignore
+ }
+ catch (NoSuchProviderException e)
+ {
+ throw new RuntimeException("can't find provider " + provider);
+ }
+ }
+
+ return null;
+ }
+ }
+
+ private class RSAPublicKeyParser
+ implements PemObjectParser
+ {
+ private String provider;
+
+ public RSAPublicKeyParser(String provider)
+ {
+ this.provider = provider;
+ }
+
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ ASN1InputStream ais = new ASN1InputStream(obj.getContent());
+ Object asnObject = ais.readObject();
+ ASN1Sequence sequence = (ASN1Sequence)asnObject;
+ RSAPublicKeyStructure rsaPubStructure = new RSAPublicKeyStructure(sequence);
+ RSAPublicKeySpec keySpec = new RSAPublicKeySpec(
+ rsaPubStructure.getModulus(),
+ rsaPubStructure.getPublicExponent());
+
+
+ KeyFactory keyFact = KeyFactory.getInstance("RSA", provider);
+
+ return keyFact.generatePublic(keySpec);
+ }
+ catch (IOException e)
+ {
+ throw e;
+ }
+ catch (NoSuchProviderException e)
+ {
+ throw new IOException("can't find provider " + provider);
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("problem extracting key: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class X509CertificateParser
+ implements PemObjectParser
+ {
+ private String provider;
+
+ public X509CertificateParser(String provider)
+ {
+ this.provider = provider;
+ }
+
+ /**
+ * Reads in a X509Certificate.
+ *
+ * @return the X509Certificate
+ * @throws IOException if an I/O error occured
+ */
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent());
+
+ try
+ {
+ CertificateFactory certFact
+ = CertificateFactory.getInstance("X.509", provider);
+
+ return certFact.generateCertificate(bIn);
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("problem parsing cert: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class X509CRLParser
+ implements PemObjectParser
+ {
+ private String provider;
+
+ public X509CRLParser(String provider)
+ {
+ this.provider = provider;
+ }
+
+ /**
+ * Reads in a X509CRL.
+ *
+ * @return the X509Certificate
+ * @throws IOException if an I/O error occured
+ */
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent());
+
+ try
+ {
+ CertificateFactory certFact
+ = CertificateFactory.getInstance("X.509", provider);
+
+ return certFact.generateCRL(bIn);
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("problem parsing cert: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class PKCS10CertificationRequestParser
+ implements PemObjectParser
+ {
+ /**
+ * Reads in a PKCS10 certification request.
+ *
+ * @return the certificate request.
+ * @throws IOException if an I/O error occured
+ */
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ return new PKCS10CertificationRequest(obj.getContent());
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("problem parsing certrequest: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class PKCS7Parser
+ implements PemObjectParser
+ {
+ /**
+ * Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
+ * API.
+ *
+ * @return the X509Certificate
+ * @throws IOException if an I/O error occured
+ */
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ ASN1InputStream aIn = new ASN1InputStream(obj.getContent());
+
+ return ContentInfo.getInstance(aIn.readObject());
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("problem parsing PKCS7 object: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class X509AttributeCertificateParser
+ implements PemObjectParser
+ {
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ return new X509V2AttributeCertificate(obj.getContent());
+ }
+ }
+
+ private class ECNamedCurveSpecParser
+ implements PemObjectParser
+ {
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)ASN1Object.fromByteArray(obj.getContent());
+
+ Object params = ECNamedCurveTable.getParameterSpec(oid.getId());
+
+ if (params == null)
+ {
+ throw new IOException("object ID not found in EC curve table");
+ }
+
+ return params;
+ }
+ catch (IOException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("exception extracting EC named curve: " + e.toString());
+ }
+ }
+ }
+
+ private class EncryptedPrivateKeyParser
+ implements PemObjectParser
+ {
+ private String symProvider;
+ private String asymProvider;
+
+ public EncryptedPrivateKeyParser(String symProvider, String asymProvider)
+ {
+ this.symProvider = symProvider;
+ this.asymProvider = asymProvider;
+ }
+
+ /**
+ * Reads in a X509CRL.
+ *
+ * @return the X509Certificate
+ * @throws IOException if an I/O error occured
+ */
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ EncryptedPrivateKeyInfo info = EncryptedPrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent()));
+ AlgorithmIdentifier algId = info.getEncryptionAlgorithm();
+
+ if (pFinder == null)
+ {
+ throw new PEMException("no PasswordFinder specified");
+ }
+
+ if (PEMUtilities.isPKCS5Scheme2(algId.getAlgorithm()))
+ {
+ PBES2Parameters params = PBES2Parameters.getInstance(algId.getParameters());
+ KeyDerivationFunc func = params.getKeyDerivationFunc();
+ EncryptionScheme scheme = params.getEncryptionScheme();
+ PBKDF2Params defParams = (PBKDF2Params)func.getParameters();
+
+ int iterationCount = defParams.getIterationCount().intValue();
+ byte[] salt = defParams.getSalt();
+
+ String algorithm = scheme.getAlgorithm().getId();
+
+ SecretKey key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(algorithm, pFinder.getPassword(), salt, iterationCount);
+
+ Cipher cipher = Cipher.getInstance(algorithm, symProvider);
+ AlgorithmParameters algParams = AlgorithmParameters.getInstance(algorithm, symProvider);
+
+ algParams.init(scheme.getParameters().getDERObject().getEncoded());
+
+ cipher.init(Cipher.DECRYPT_MODE, key, algParams);
+
+ PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
+
+ KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
+
+ return keyFact.generatePrivate(keySpec);
+ }
+ else if (PEMUtilities.isPKCS12(algId.getAlgorithm()))
+ {
+ PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters());
+ String algorithm = algId.getAlgorithm().getId();
+ PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword());
+
+ SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider);
+ PBEParameterSpec defParams = new PBEParameterSpec(params.getIV(), params.getIterations().intValue());
+
+ Cipher cipher = Cipher.getInstance(algorithm, symProvider);
+
+ cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams);
+
+ PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
+
+ KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
+
+ return keyFact.generatePrivate(keySpec);
+ }
+ else if (PEMUtilities.isPKCS5Scheme1(algId.getAlgorithm()))
+ {
+ PBEParameter params = PBEParameter.getInstance(algId.getParameters());
+ String algorithm = algId.getAlgorithm().getId();
+ PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword());
+
+ SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider);
+ PBEParameterSpec defParams = new PBEParameterSpec(params.getSalt(), params.getIterationCount().intValue());
+
+ Cipher cipher = Cipher.getInstance(algorithm, symProvider);
+
+ cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams);
+
+ PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
+
+ KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
+
+ return keyFact.generatePrivate(keySpec);
+ }
+ else
+ {
+ throw new PEMException("Unknown algorithm: " + algId.getAlgorithm());
+ }
+ }
+ catch (IOException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("problem parsing ENCRYPTED PRIVATE KEY: " + e.toString(), e);
+ }
+ }
+ }
+
+ private class PrivateKeyParser
+ implements PemObjectParser
+ {
+ private String provider;
+
+ public PrivateKeyParser(String provider)
+ {
+ this.provider = provider;
+ }
+
+ public Object parseObject(PemObject obj)
+ throws IOException
+ {
+ try
+ {
+ PrivateKeyInfo info = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent()));
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(obj.getContent());
+
+ KeyFactory keyFact = KeyFactory.getInstance(info.getAlgorithmId().getAlgorithm().getId(), provider);
+
+ return keyFact.generatePrivate(keySpec);
+ }
+ catch (Exception e)
+ {
+ throw new PEMException("problem parsing PRIVATE KEY: " + e.toString(), e);
+ }
+ }
+ }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PEMUtilities.java b/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
index eaed72e..c955e4d 100644
--- a/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
+++ b/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
@@ -1,22 +1,120 @@
package org.bouncycastle.openssl;
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
+import java.io.IOException;
+import java.security.Key;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
-import java.io.IOException;
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.PBEParametersGenerator;
+import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
+import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
+import org.bouncycastle.crypto.params.KeyParameter;
final class PEMUtilities
{
+ private static final Map KEYSIZES = new HashMap();
+ private static final Set PKCS5_SCHEME_1 = new HashSet();
+ private static final Set PKCS5_SCHEME_2 = new HashSet();
+
+ static
+ {
+ PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC);
+ PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC);
+ PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC);
+ PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC);
+ PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC);
+ PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC);
+
+ PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.id_PBES2);
+ PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.des_EDE3_CBC);
+ PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes128_CBC);
+ PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC);
+ PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC);
+
+ // BEGIN android-changed
+ KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integer.valueOf(192));
+ KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), Integer.valueOf(128));
+ KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), Integer.valueOf(192));
+ KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), Integer.valueOf(256));
+ // END android-changed
+ }
+
+ static int getKeySize(String algorithm)
+ {
+ if (!KEYSIZES.containsKey(algorithm))
+ {
+ throw new IllegalStateException("no key size for algorithm: " + algorithm);
+ }
+
+ return ((Integer)KEYSIZES.get(algorithm)).intValue();
+ }
+
+ static boolean isPKCS5Scheme1(DERObjectIdentifier algOid)
+ {
+ return PKCS5_SCHEME_1.contains(algOid);
+ }
+
+ static boolean isPKCS5Scheme2(DERObjectIdentifier algOid)
+ {
+ return PKCS5_SCHEME_2.contains(algOid);
+ }
+
+ static boolean isPKCS12(DERObjectIdentifier algOid)
+ {
+ return algOid.getId().startsWith(PKCSObjectIdentifiers.pkcs_12PbeIds.getId());
+ }
+
+ static SecretKey generateSecretKeyForPKCS5Scheme2(String algorithm, char[] password, byte[] salt, int iterationCount)
+ {
+ PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
+
+ generator.init(
+ PBEParametersGenerator.PKCS5PasswordToBytes(password),
+ salt,
+ iterationCount);
+
+ return new SecretKeySpec(((KeyParameter)generator.generateDerivedParameters(PEMUtilities.getKeySize(algorithm))).getKey(), algorithm);
+ }
+
static byte[] crypt(
boolean encrypt,
- String provider,
+ String provider,
+ byte[] bytes,
+ char[] password,
+ String dekAlgName,
+ byte[] iv)
+ throws IOException
+ {
+ Provider prov = null;
+ if (provider != null)
+ {
+ prov = Security.getProvider(provider);
+ if (prov == null)
+ {
+ throw new EncryptionException("cannot find provider: " + provider);
+ }
+ }
+
+ return crypt(encrypt, prov, bytes, password, dekAlgName, iv);
+ }
+
+ static byte[] crypt(
+ boolean encrypt,
+ Provider provider,
byte[] bytes,
char[] password,
String dekAlgName,
@@ -29,7 +127,6 @@
String padding = "PKCS5Padding";
Key sKey;
-
// Figure out block mode and padding.
if (dekAlgName.endsWith("-CFB"))
{
diff --git a/src/main/java/org/bouncycastle/openssl/PEMWriter.java b/src/main/java/org/bouncycastle/openssl/PEMWriter.java
index 5c057c6..834252f 100644
--- a/src/main/java/org/bouncycastle/openssl/PEMWriter.java
+++ b/src/main/java/org/bouncycastle/openssl/PEMWriter.java
@@ -1,44 +1,19 @@
package org.bouncycastle.openssl;
-import java.io.BufferedWriter;
import java.io.IOException;
import java.io.Writer;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.security.NoSuchProviderException;
import java.security.SecureRandom;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
-import org.bouncycastle.util.Strings;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
+import org.bouncycastle.util.io.pem.PemGenerationException;
+import org.bouncycastle.util.io.pem.PemObjectGenerator;
+import org.bouncycastle.util.io.pem.PemWriter;
/**
* General purpose writer for OpenSSL PEM objects.
*/
public class PEMWriter
- extends BufferedWriter
+ extends PemWriter
{
private String provider;
@@ -61,149 +36,30 @@
this.provider = provider;
}
- private void writeHexEncoded(byte[] bytes)
- throws IOException
- {
- bytes = Hex.encode(bytes);
-
- for (int i = 0; i != bytes.length; i++)
- {
- this.write((char)bytes[i]);
- }
- }
-
- private void writeEncoded(byte[] bytes)
- throws IOException
- {
- char[] buf = new char[64];
-
- bytes = Base64.encode(bytes);
-
- for (int i = 0; i < bytes.length; i += buf.length)
- {
- int index = 0;
-
- while (index != buf.length)
- {
- if ((i + index) >= bytes.length)
- {
- break;
- }
- buf[index] = (char)bytes[i + index];
- index++;
- }
- this.write(buf, 0, index);
- this.newLine();
- }
- }
-
public void writeObject(
- Object o)
+ Object obj)
throws IOException
{
- String type;
- byte[] encoding;
-
- if (o instanceof X509Certificate)
+ try
{
- type = "CERTIFICATE";
- try
- {
- encoding = ((X509Certificate)o).getEncoded();
- }
- catch (CertificateEncodingException e)
- {
- throw new IOException("Cannot encode object: " + e.toString());
- }
+ super.writeObject(new MiscPEMGenerator(obj));
}
- else if (o instanceof X509CRL)
+ catch (PemGenerationException e)
{
- type = "X509 CRL";
- try
+ if (e.getCause() instanceof IOException)
{
- encoding = ((X509CRL)o).getEncoded();
+ throw (IOException)e.getCause();
}
- catch (CRLException e)
- {
- throw new IOException("Cannot encode object: " + e.toString());
- }
- }
- else if (o instanceof KeyPair)
- {
- writeObject(((KeyPair)o).getPrivate());
- return;
- }
- else if (o instanceof PrivateKey)
- {
- PrivateKeyInfo info = new PrivateKeyInfo(
- (ASN1Sequence) ASN1Object.fromByteArray(((Key)o).getEncoded()));
- if (o instanceof RSAPrivateKey)
- {
- type = "RSA PRIVATE KEY";
+ throw e;
+ }
+ }
- encoding = info.getPrivateKey().getEncoded();
- }
- else if (o instanceof DSAPrivateKey)
- {
- type = "DSA PRIVATE KEY";
-
- DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(new DERInteger(0));
- v.add(new DERInteger(p.getP()));
- v.add(new DERInteger(p.getQ()));
- v.add(new DERInteger(p.getG()));
-
- BigInteger x = ((DSAPrivateKey)o).getX();
- BigInteger y = p.getG().modPow(x, p.getP());
-
- v.add(new DERInteger(y));
- v.add(new DERInteger(x));
-
- encoding = new DERSequence(v).getEncoded();
- }
- else if (((PrivateKey)o).getAlgorithm().equals("ECDSA"))
- {
- type = "EC PRIVATE KEY";
-
- encoding = info.getPrivateKey().getEncoded();
- }
- else
- {
- throw new IOException("Cannot identify private key");
- }
- }
- else if (o instanceof PublicKey)
- {
- type = "PUBLIC KEY";
-
- encoding = ((PublicKey)o).getEncoded();
- }
- else if (o instanceof X509AttributeCertificate)
- {
- type = "ATTRIBUTE CERTIFICATE";
- encoding = ((X509V2AttributeCertificate)o).getEncoded();
- }
- else if (o instanceof PKCS10CertificationRequest)
- {
- type = "CERTIFICATE REQUEST";
- encoding = ((PKCS10CertificationRequest)o).getEncoded();
- }
- else if (o instanceof ContentInfo)
- {
- type = "PKCS7";
- encoding = ((ContentInfo)o).getEncoded();
- }
- else
- {
- throw new IOException("unknown object passed - can't encode.");
- }
-
- writeHeader(type);
- writeEncoded(encoding);
- writeFooter(type);
+ public void writeObject(
+ PemObjectGenerator obj)
+ throws IOException
+ {
+ super.writeObject(obj);
}
public void writeObject(
@@ -213,112 +69,13 @@
SecureRandom random)
throws IOException
{
- if (obj instanceof KeyPair)
+ try
{
- writeObject(((KeyPair)obj).getPrivate());
- return;
+ super.writeObject(new MiscPEMGenerator(obj, algorithm, password, random, provider));
}
-
- String type = null;
- byte[] keyData = null;
-
- if (obj instanceof RSAPrivateCrtKey)
+ catch (NoSuchProviderException e)
{
- type = "RSA PRIVATE KEY";
-
- RSAPrivateCrtKey k = (RSAPrivateCrtKey)obj;
-
- RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(
- k.getModulus(),
- k.getPublicExponent(),
- k.getPrivateExponent(),
- k.getPrimeP(),
- k.getPrimeQ(),
- k.getPrimeExponentP(),
- k.getPrimeExponentQ(),
- k.getCrtCoefficient());
-
- // convert to bytearray
- keyData = keyStruct.getEncoded();
+ throw new EncryptionException(e.getMessage(), e);
}
- else if (obj instanceof DSAPrivateKey)
- {
- type = "DSA PRIVATE KEY";
-
- DSAPrivateKey k = (DSAPrivateKey)obj;
- DSAParams p = k.getParams();
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(new DERInteger(0));
- v.add(new DERInteger(p.getP()));
- v.add(new DERInteger(p.getQ()));
- v.add(new DERInteger(p.getG()));
-
- BigInteger x = k.getX();
- BigInteger y = p.getG().modPow(x, p.getP());
-
- v.add(new DERInteger(y));
- v.add(new DERInteger(x));
-
- keyData = new DERSequence(v).getEncoded();
- }
- else if (obj instanceof PrivateKey && "ECDSA".equals(((PrivateKey)obj).getAlgorithm()))
- {
- type = "EC PRIVATE KEY";
-
- PrivateKeyInfo privInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(((PrivateKey)obj).getEncoded()));
-
- keyData = privInfo.getPrivateKey().getEncoded();
- }
-
- if (type == null || keyData == null)
- {
- // TODO Support other types?
- throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName());
- }
-
-
- String dekAlgName = Strings.toUpperCase(algorithm);
-
- // Note: For backward compatibility
- if (dekAlgName.equals("DESEDE"))
- {
- dekAlgName = "DES-EDE3-CBC";
- }
-
- int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8;
-
- byte[] iv = new byte[ivLength];
- random.nextBytes(iv);
-
- byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv);
-
-
- // write the data
- writeHeader(type);
- this.write("Proc-Type: 4,ENCRYPTED");
- this.newLine();
- this.write("DEK-Info: " + dekAlgName + ",");
- this.writeHexEncoded(iv);
- this.newLine();
- this.newLine();
- this.writeEncoded(encData);
- writeFooter(type);
- }
-
- private void writeHeader(
- String type)
- throws IOException
- {
- this.write("-----BEGIN " + type + "-----");
- this.newLine();
- }
-
- private void writeFooter(
- String type)
- throws IOException
- {
- this.write("-----END " + type + "-----");
- this.newLine();
}
}
diff --git a/src/main/java/org/bouncycastle/openssl/PasswordException.java b/src/main/java/org/bouncycastle/openssl/PasswordException.java
new file mode 100644
index 0000000..c2b8ccd
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PasswordException.java
@@ -0,0 +1,12 @@
+package org.bouncycastle.openssl;
+
+import java.io.IOException;
+
+public class PasswordException
+ extends IOException
+{
+ public PasswordException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PasswordFinder.java b/src/main/java/org/bouncycastle/openssl/PasswordFinder.java
new file mode 100644
index 0000000..fb89cf0
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PasswordFinder.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.openssl;
+
+/**
+ * call back to allow a password to be fetched when one is requested.
+ */
+public interface PasswordFinder
+{
+ public char[] getPassword();
+}
diff --git a/src/main/java/org/bouncycastle/util/Arrays.java b/src/main/java/org/bouncycastle/util/Arrays.java
index 9600fd5..9d6a43b 100644
--- a/src/main/java/org/bouncycastle/util/Arrays.java
+++ b/src/main/java/org/bouncycastle/util/Arrays.java
@@ -41,6 +41,36 @@
}
public static boolean areEqual(
+ char[] a,
+ char[] b)
+ {
+ if (a == b)
+ {
+ return true;
+ }
+
+ if (a == null || b == null)
+ {
+ return false;
+ }
+
+ if (a.length != b.length)
+ {
+ return false;
+ }
+
+ for (int i = 0; i != a.length; i++)
+ {
+ if (a[i] != b[i])
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ public static boolean areEqual(
byte[] a,
byte[] b)
{
diff --git a/src/main/java/org/bouncycastle/util/Strings.java b/src/main/java/org/bouncycastle/util/Strings.java
index e69eade..0c081f7 100644
--- a/src/main/java/org/bouncycastle/util/Strings.java
+++ b/src/main/java/org/bouncycastle/util/Strings.java
@@ -199,6 +199,18 @@
return string;
}
+ public static byte[] toByteArray(char[] chars)
+ {
+ byte[] bytes = new byte[chars.length];
+
+ for (int i = 0; i != bytes.length; i++)
+ {
+ bytes[i] = (byte)chars[i];
+ }
+
+ return bytes;
+ }
+
public static byte[] toByteArray(String string)
{
byte[] bytes = new byte[string.length()];
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java b/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
new file mode 100644
index 0000000..69a773e
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.IOException;
+
+public class PemGenerationException
+ extends IOException
+{
+ private Throwable cause;
+
+ public PemGenerationException(String message, Throwable cause)
+ {
+ super(message);
+ this.cause = cause;
+ }
+
+ public PemGenerationException(String message)
+ {
+ super(message);
+ }
+
+ public Throwable getCause()
+ {
+ return cause;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java b/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
new file mode 100644
index 0000000..b201c13
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
@@ -0,0 +1,66 @@
+package org.bouncycastle.util.io.pem;
+
+public class PemHeader
+{
+ private String name;
+ private String value;
+
+ public PemHeader(String name, String value)
+ {
+ this.name = name;
+ this.value = value;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+
+ public String getValue()
+ {
+ return value;
+ }
+
+ public int hashCode()
+ {
+ return getHashCode(this.name) + 31 * getHashCode(this.value);
+ }
+
+ public boolean equals(Object o)
+ {
+ if (!(o instanceof PemHeader))
+ {
+ return false;
+ }
+
+ PemHeader other = (PemHeader)o;
+
+ return other == this || (isEqual(this.name, other.name) && isEqual(this.value, other.value));
+ }
+
+ private int getHashCode(String s)
+ {
+ if (s == null)
+ {
+ return 1;
+ }
+
+ return s.hashCode();
+ }
+
+ private boolean isEqual(String s1, String s2)
+ {
+ if (s1 == s2)
+ {
+ return true;
+ }
+
+ if (s1 == null || s2 == null)
+ {
+ return false;
+ }
+
+ return s1.equals(s2);
+ }
+
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemObject.java b/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
new file mode 100644
index 0000000..2199520
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
@@ -0,0 +1,61 @@
+package org.bouncycastle.util.io.pem;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class PemObject
+ implements PemObjectGenerator
+{
+ private static final List EMPTY_LIST = Collections.unmodifiableList(new ArrayList());
+
+ private String type;
+ private List headers;
+ private byte[] content;
+
+ /**
+ * Generic constructor for object without headers.
+ *
+ * @param type pem object type.
+ * @param content the binary content of the object.
+ */
+ public PemObject(String type, byte[] content)
+ {
+ this(type, EMPTY_LIST, content);
+ }
+
+ /**
+ * Generic constructor for object with headers.
+ *
+ * @param type pem object type.
+ * @param headers a list of PemHeader objects.
+ * @param content the binary content of the object.
+ */
+ public PemObject(String type, List headers, byte[] content)
+ {
+ this.type = type;
+ this.headers = Collections.unmodifiableList(headers);
+ this.content = content;
+ }
+
+ public String getType()
+ {
+ return type;
+ }
+
+ public List getHeaders()
+ {
+ return headers;
+ }
+
+ public byte[] getContent()
+ {
+ return content;
+ }
+
+ public PemObject generate()
+ throws PemGenerationException
+ {
+ return this;
+ }
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java b/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
new file mode 100644
index 0000000..6fffdc5
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
@@ -0,0 +1,7 @@
+package org.bouncycastle.util.io.pem;
+
+public interface PemObjectGenerator
+{
+ PemObject generate()
+ throws PemGenerationException;
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java b/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
new file mode 100644
index 0000000..b18b550
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.IOException;
+
+public interface PemObjectParser
+{
+ Object parseObject(PemObject obj)
+ throws IOException;
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemReader.java b/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
new file mode 100644
index 0000000..28f777d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
@@ -0,0 +1,79 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.Reader;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.util.encoders.Base64;
+
+public class PemReader
+ extends BufferedReader
+{
+ private static final String BEGIN = "-----BEGIN ";
+ private static final String END = "-----END ";
+
+ public PemReader(Reader reader)
+ {
+ super(reader);
+ }
+
+ public PemObject readPemObject()
+ throws IOException
+ {
+ String line = readLine();
+
+ if (line != null && line.startsWith(BEGIN))
+ {
+ line = line.substring(BEGIN.length());
+ int index = line.indexOf('-');
+ String type = line.substring(0, index);
+
+ if (index > 0)
+ {
+ return loadObject(type);
+ }
+ }
+
+ return null;
+ }
+
+ private PemObject loadObject(String type)
+ throws IOException
+ {
+ String line;
+ String endMarker = END + type;
+ StringBuffer buf = new StringBuffer();
+ List headers = new ArrayList();
+
+ while ((line = readLine()) != null)
+ {
+ if (line.indexOf(":") >= 0)
+ {
+ int index = line.indexOf(':');
+ String hdr = line.substring(0, index);
+ String value = line.substring(index + 1).trim();
+
+ headers.add(new PemHeader(hdr, value));
+
+ continue;
+ }
+
+ if (line.indexOf(endMarker) != -1)
+ {
+ break;
+ }
+
+ buf.append(line.trim());
+ }
+
+ if (line == null)
+ {
+ throw new IOException(endMarker + " not found");
+ }
+
+ return new PemObject(type, headers, Base64.decode(buf.toString()));
+ }
+
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java b/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java
new file mode 100644
index 0000000..ccefa36
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java
@@ -0,0 +1,137 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.Writer;
+import java.util.Iterator;
+
+import org.bouncycastle.util.encoders.Base64;
+
+/**
+ * A generic PEM writer, based on RFC 1421
+ */
+public class PemWriter
+ extends BufferedWriter
+{
+ private static final int LINE_LENGTH = 64;
+
+ private final int nlLength;
+ private char[] buf = new char[LINE_LENGTH];
+
+ /**
+ * Base constructor.
+ *
+ * @param out output stream to use.
+ */
+ public PemWriter(Writer out)
+ {
+ super(out);
+
+ String nl = System.getProperty("line.separator");
+ if (nl != null)
+ {
+ nlLength = nl.length();
+ }
+ else
+ {
+ nlLength = 2;
+ }
+ }
+
+ /**
+ * Return the number of bytes or characters required to contain the
+ * passed in object if it is PEM encoded.
+ *
+ * @param obj pem object to be output
+ * @return an estimate of the number of bytes
+ */
+ public int getOutputSize(PemObject obj)
+ {
+ // BEGIN and END boundaries.
+ int size = (2 * (obj.getType().length() + 10 + nlLength)) + 6 + 4;
+
+ if (!obj.getHeaders().isEmpty())
+ {
+ for (Iterator it = obj.getHeaders().iterator(); it.hasNext();)
+ {
+ PemHeader hdr = (PemHeader)it.next();
+
+ size += hdr.getName().length() + ": ".length() + hdr.getValue().length() + nlLength;
+ }
+
+ size += nlLength;
+ }
+
+ // base64 encoding
+ int dataLen = ((obj.getContent().length + 2) / 3) * 4;
+
+ size += dataLen + (((dataLen + LINE_LENGTH - 1) / LINE_LENGTH) * nlLength);
+
+ return size;
+ }
+
+ public void writeObject(PemObjectGenerator objGen)
+ throws IOException
+ {
+ PemObject obj = objGen.generate();
+
+ writePreEncapsulationBoundary(obj.getType());
+
+ if (!obj.getHeaders().isEmpty())
+ {
+ for (Iterator it = obj.getHeaders().iterator(); it.hasNext();)
+ {
+ PemHeader hdr = (PemHeader)it.next();
+
+ this.write(hdr.getName());
+ this.write(": ");
+ this.write(hdr.getValue());
+ this.newLine();
+ }
+
+ this.newLine();
+ }
+
+ writeEncoded(obj.getContent());
+ writePostEncapsulationBoundary(obj.getType());
+ }
+
+ private void writeEncoded(byte[] bytes)
+ throws IOException
+ {
+ bytes = Base64.encode(bytes);
+
+ for (int i = 0; i < bytes.length; i += buf.length)
+ {
+ int index = 0;
+
+ while (index != buf.length)
+ {
+ if ((i + index) >= bytes.length)
+ {
+ break;
+ }
+ buf[index] = (char)bytes[i + index];
+ index++;
+ }
+ this.write(buf, 0, index);
+ this.newLine();
+ }
+ }
+
+ private void writePreEncapsulationBoundary(
+ String type)
+ throws IOException
+ {
+ this.write("-----BEGIN " + type + "-----");
+ this.newLine();
+ }
+
+ private void writePostEncapsulationBoundary(
+ String type)
+ throws IOException
+ {
+ this.write("-----END " + type + "-----");
+ this.newLine();
+ }
+}
diff --git a/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java b/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
index 48ef720..2290484 100644
--- a/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
+++ b/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
@@ -1,5 +1,19 @@
package org.bouncycastle.x509;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+import java.security.Principal;
+import java.security.cert.CertSelector;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERInteger;
@@ -15,19 +29,6 @@
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Selector;
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.Principal;
-import java.security.cert.CertSelector;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
/**
* The Holder object.
*
@@ -43,7 +44,7 @@
* -- for example, an executable
* }
* </pre>
- *
+ * @deprecated use org.bouncycastle.cert.AttributeCertificateHolder
*/
public class AttributeCertificateHolder
implements CertSelector, Selector
@@ -162,7 +163,7 @@
{
if (holder.getObjectDigestInfo() != null)
{
- holder.getObjectDigestInfo().getDigestAlgorithm().getObjectId()
+ return holder.getObjectDigestInfo().getDigestAlgorithm().getObjectId()
.getId();
}
return null;
@@ -177,7 +178,7 @@
{
if (holder.getObjectDigestInfo() != null)
{
- holder.getObjectDigestInfo().getObjectDigest().getBytes();
+ return holder.getObjectDigestInfo().getObjectDigest().getBytes();
}
return null;
}
diff --git a/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java b/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
index 9960c74..0c88b3f 100644
--- a/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
+++ b/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
@@ -1,5 +1,15 @@
package org.bouncycastle.x509;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.CertSelector;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AttCertIssuer;
@@ -9,17 +19,9 @@
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Selector;
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.security.Principal;
-import java.security.cert.CertSelector;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
/**
* Carrying class for an attribute certificate issuer.
+ * @deprecated use org.bouncycastle.cert.AttributeCertificateIssuer
*/
public class AttributeCertificateIssuer
implements CertSelector, Selector
diff --git a/src/main/java/org/bouncycastle/x509/X509Util.java b/src/main/java/org/bouncycastle/x509/X509Util.java
index 43b2d90..9ea50b4 100644
--- a/src/main/java/org/bouncycastle/x509/X509Util.java
+++ b/src/main/java/org/bouncycastle/x509/X509Util.java
@@ -1,22 +1,5 @@
package org.bouncycastle.x509;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.Strings;
-
-import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
@@ -35,6 +18,24 @@
import java.util.List;
import java.util.Set;
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
+import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.util.Strings;
+
class X509Util
{
private static Hashtable algorithms = new Hashtable();
@@ -51,8 +52,10 @@
algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
- algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
- algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+ // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+ // END android-removed
algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -60,50 +63,70 @@
algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+ // END android-removed
algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+ // BEGIN android-removed
+ // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+ // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+ // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+ // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+ // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+ // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+ // END android-removed
algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
- algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+ // END android-removed
algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+ algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+ algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
- algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // BEGIN android-removed
+ // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // END android-removed
algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // BEGIN android-removed
+ // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+ // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+ // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // END android-removed
//
// According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
// The parameters field SHALL be NULL for RSA based signature algorithms.
//
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // BEGIN android-removed
+ // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+ // END android-removed
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
- noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+ // BEGIN android-removed
+ // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+ // END android-removed
noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
-
+ noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
+ noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
+
//
// RFC 4491
//
- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // BEGIN android-removed
+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+ // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+ // END android-removed
//
// explicit params
@@ -113,10 +136,12 @@
// END android-changed
params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
- // BEGIN android-changed
- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
- // END android-changed
- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+ // BEGIN android-removed
+ // // BEGIN android-changed
+ // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+ // // END android-changed
+ // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+ // END android-removed
// BEGIN android-changed
AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
diff --git a/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java b/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
index e25f359..5e99e76 100644
--- a/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
@@ -1,23 +1,5 @@
package org.bouncycastle.x509;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-
-import javax.security.auth.x500.X500Principal;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -35,8 +17,28 @@
import java.util.Date;
import java.util.Iterator;
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.X509CertificateObject;
+
/**
* class to produce an X.509 Version 1 certificate.
+ * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder.
*/
public class X509V1CertificateGenerator
{
diff --git a/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java b/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
index e91e8ff..4d40dd9 100644
--- a/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
+++ b/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
@@ -1,15 +1,5 @@
package org.bouncycastle.x509;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Arrays;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -31,8 +21,19 @@
import java.util.List;
import java.util.Set;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.x509.AttributeCertificate;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.util.Arrays;
+
/**
* An implementation of a version 2 X.509 Attribute Certificate.
+ * @deprecated use org.bouncycastle.cert.X509AttributeCertificateHolder
*/
public class X509V2AttributeCertificate
implements X509AttributeCertificate
@@ -40,12 +41,29 @@
private AttributeCertificate cert;
private Date notBefore;
private Date notAfter;
-
+
+ private static AttributeCertificate getObject(InputStream in)
+ throws IOException
+ {
+ try
+ {
+ return AttributeCertificate.getInstance(new ASN1InputStream(in).readObject());
+ }
+ catch (IOException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new IOException("exception decoding certificate structure: " + e.toString());
+ }
+ }
+
public X509V2AttributeCertificate(
InputStream encIn)
throws IOException
{
- this(AttributeCertificate.getInstance(new ASN1InputStream(encIn).readObject()));
+ this(getObject(encIn));
}
public X509V2AttributeCertificate(
diff --git a/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
index efe024d..1ac395c 100644
--- a/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
@@ -1,5 +1,23 @@
package org.bouncycastle.x509;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Iterator;
+
+import javax.security.auth.x500.X500Principal;
+
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
@@ -20,25 +38,9 @@
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Iterator;
-
/**
* class to produce an X.509 Version 3 certificate.
+ * @deprecated use org.bouncycastle.cert.X509v3CertificateBuilder.
*/
public class X509V3CertificateGenerator
{
diff --git a/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java b/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
index b0d6e36..0acb666 100644
--- a/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
+++ b/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
@@ -1,15 +1,5 @@
package org.bouncycastle.x509.extension;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERString;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
-
import java.io.IOException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
@@ -19,6 +9,16 @@
import java.util.Enumeration;
import java.util.List;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Name;
+
public class X509ExtensionUtil
{
@@ -78,7 +78,7 @@
case GeneralName.dNSName:
case GeneralName.rfc822Name:
case GeneralName.uniformResourceIdentifier:
- list.add(((DERString)genName.getName()).getString());
+ list.add(((ASN1String)genName.getName()).getString());
break;
case GeneralName.registeredID:
list.add(DERObjectIdentifier.getInstance(genName.getName()).getId());
