1 package org.bouncycastle.operator; 2 3 import java.util.HashMap; 4 import java.util.HashSet; 5 import java.util.Map; 6 import java.util.Set; 7 8 import org.bouncycastle.asn1.ASN1Encodable; 9 import org.bouncycastle.asn1.ASN1Integer; 10 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 11 import org.bouncycastle.asn1.DERNull; 12 // Android-removed: Unsupported algorithms 13 // import org.bouncycastle.asn1.bc.BCObjectIdentifiers; 14 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; 15 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; 16 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers; 17 // import org.bouncycastle.asn1.gm.GMObjectIdentifiers; 18 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 19 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 20 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 21 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; 22 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 23 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 24 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 25 import org.bouncycastle.util.Strings; 26 27 public class DefaultSignatureAlgorithmIdentifierFinder 28 implements SignatureAlgorithmIdentifierFinder 29 { 30 private static Map algorithms = new HashMap(); 31 private static Set noParams = new HashSet(); 32 private static Map params = new HashMap(); 33 private static Set pkcs15RsaEncryption = new HashSet(); 34 private static Map digestOids = new HashMap(); 35 36 private static final ASN1ObjectIdentifier ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption; 37 private static final ASN1ObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1; 38 private static final ASN1ObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1; 39 private static final ASN1ObjectIdentifier ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS; 40 // BEGIN Android-removed: Unsupported algorithms 41 // private static final ASN1ObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94; 42 // private static final ASN1ObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001; 43 // END Android-removed: Unsupported algorithms 44 45 static 46 { 47 // BEGIN Android-removed: Unsupported algorithms 48 // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); 49 // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); 50 // END Android-removed: Unsupported algorithms 51 algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption); 52 algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption); 53 algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption); 54 algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption); 55 algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); 56 algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); 57 algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); 58 algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); 59 algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); 60 algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); 61 algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); 62 algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); 63 algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 64 algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 65 algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 66 algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 67 algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); 68 // BEGIN Android-removed: Unsupported algorithms 69 // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 70 // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 71 // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 72 // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 73 // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 74 // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 75 // END Android-removed: Unsupported algorithms 76 algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); 77 algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); 78 algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); 79 algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); 80 algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); 81 algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); 82 algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); 83 algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); 84 algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); 85 algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); 86 algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); 87 algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); 88 89 // BEGIN Android-removed: Unsupported algorithms 90 /* 91 algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 92 algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 93 algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 94 algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 95 algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 96 algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1); 97 algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224); 98 algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256); 99 algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384); 100 algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512); 101 algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160); 102 algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); 103 algorithms.put("SHA224WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); 104 algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); 105 algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); 106 algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); 107 algorithms.put("SHA3-512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA3_512); 108 algorithms.put("SHA512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA512); 109 algorithms.put("SM3WITHSM2", GMObjectIdentifiers.sm2sign_with_sm3); 110 */ 111 // END Android-removed: Unsupported algorithms 112 113 // 114 // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 115 // The parameters field SHALL be NULL for RSA based signature algorithms. 116 // 117 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); 118 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); 119 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); 120 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); 121 noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); 122 noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); 123 noParams.add(NISTObjectIdentifiers.dsa_with_sha224); 124 noParams.add(NISTObjectIdentifiers.dsa_with_sha256); 125 noParams.add(NISTObjectIdentifiers.dsa_with_sha384); 126 noParams.add(NISTObjectIdentifiers.dsa_with_sha512); 127 128 // BEGIN Android-removed: Unsupported algorithms 129 /* 130 // 131 // RFC 4491 132 // 133 noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); 134 noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); 135 136 // 137 // SPHINCS-256 138 // 139 noParams.add(BCObjectIdentifiers.sphincs256_with_SHA512); 140 noParams.add(BCObjectIdentifiers.sphincs256_with_SHA3_512); 141 142 // 143 // SM2 144 // 145 noParams.add(GMObjectIdentifiers.sm2sign_with_sm3); 146 */ 147 // END Android-removed: Unsupported algorithms 148 149 // 150 // PKCS 1.5 encrypted algorithms 151 // 152 pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha1WithRSAEncryption); 153 pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha224WithRSAEncryption); 154 pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha256WithRSAEncryption); 155 pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha384WithRSAEncryption); 156 pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha512WithRSAEncryption); 157 // BEGIN Android-removed: Unsupported algorithms 158 // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 159 // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 160 // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 161 // END Android-removed: Unsupported algorithms 162 163 // 164 // explicit params 165 // 166 AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); 167 params.put("SHA1WITHRSAANDMGF1", createPSSParams(sha1AlgId, 20)); 168 169 AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); 170 params.put("SHA224WITHRSAANDMGF1", createPSSParams(sha224AlgId, 28)); 171 172 AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); 173 params.put("SHA256WITHRSAANDMGF1", createPSSParams(sha256AlgId, 32)); 174 175 AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); 176 params.put("SHA384WITHRSAANDMGF1", createPSSParams(sha384AlgId, 48)); 177 178 AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); 179 params.put("SHA512WITHRSAANDMGF1", createPSSParams(sha512AlgId, 64)); 180 181 // 182 // digests 183 // 184 digestOids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, NISTObjectIdentifiers.id_sha224); 185 digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256); 186 digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384); 187 digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512); 188 // BEGIN Android-removed: Unsupported algorithms 189 // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2); 190 // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4); 191 // END Android-removed: Unsupported algorithms 192 digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5); 193 digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1); 194 // BEGIN Android-removed: Unsupported algorithms 195 // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128); 196 // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160); 197 // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256); 198 // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411); 199 // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411); 200 // END Android-removed: Unsupported algorithms 201 } 202 203 private static AlgorithmIdentifier generate(String signatureAlgorithm) 204 { 205 AlgorithmIdentifier sigAlgId; 206 AlgorithmIdentifier encAlgId; 207 AlgorithmIdentifier digAlgId; 208 209 String algorithmName = Strings.toUpperCase(signatureAlgorithm); 210 ASN1ObjectIdentifier sigOID = (ASN1ObjectIdentifier)algorithms.get(algorithmName); 211 if (sigOID == null) 212 { 213 throw new IllegalArgumentException("Unknown signature type requested: " + algorithmName); 214 } 215 216 if (noParams.contains(sigOID)) 217 { 218 sigAlgId = new AlgorithmIdentifier(sigOID); 219 } 220 else if (params.containsKey(algorithmName)) 221 { 222 sigAlgId = new AlgorithmIdentifier(sigOID, (ASN1Encodable)params.get(algorithmName)); 223 } 224 else 225 { 226 sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE); 227 } 228 229 if (pkcs15RsaEncryption.contains(sigOID)) 230 { 231 encAlgId = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE); 232 } 233 else 234 { 235 encAlgId = sigAlgId; 236 } 237 238 if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) 239 { 240 digAlgId = ((RSASSAPSSparams)sigAlgId.getParameters()).getHashAlgorithm(); 241 } 242 else 243 { 244 digAlgId = new AlgorithmIdentifier((ASN1ObjectIdentifier)digestOids.get(sigOID), DERNull.INSTANCE); 245 } 246 247 return sigAlgId; 248 } 249 250 private static RSASSAPSSparams createPSSParams(AlgorithmIdentifier hashAlgId, int saltSize) 251 { 252 return new RSASSAPSSparams( 253 hashAlgId, 254 new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), 255 new ASN1Integer(saltSize), 256 new ASN1Integer(1)); 257 } 258 259 public AlgorithmIdentifier find(String sigAlgName) 260 { 261 return generate(sigAlgName); 262 } 263 }