1 package org.bouncycastle.jcajce.provider.asymmetric; 2 3 import java.util.HashMap; 4 import java.util.Map; 5 6 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 7 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; 8 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; 9 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 10 // Android-removed: Unsupported algorithms 11 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; 12 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; 13 import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi; 14 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 15 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; 16 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; 17 18 public class RSA 19 { 20 private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".rsa."; 21 22 private static final Map<String, String> generalRsaAttributes = new HashMap<String, String>(); 23 24 static 25 { 26 generalRsaAttributes.put("SupportedKeyClasses", "javax.crypto.interfaces.RSAPublicKey|javax.crypto.interfaces.RSAPrivateKey"); 27 generalRsaAttributes.put("SupportedKeyFormats", "PKCS#8|X.509"); 28 } 29 30 public static class Mappings 31 extends AsymmetricAlgorithmProvider 32 { 33 public Mappings() 34 { 35 } 36 37 public void configure(ConfigurableProvider provider) 38 { 39 provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP"); 40 provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); 41 42 // BEGIN Android-removed: Unsupported algorithms 43 /* 44 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); 45 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); 46 47 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); 48 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); 49 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); 50 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); 51 52 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); 53 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); 54 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); 55 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); 56 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-224WITHRSAANDMGF1", "PSS"); 57 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-256WITHRSAANDMGF1", "PSS"); 58 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-384WITHRSAANDMGF1", "PSS"); 59 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-512WITHRSAANDMGF1", "PSS"); 60 61 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); 62 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); 63 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); 64 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); 65 */ 66 // END Android-removed: Unsupported algorithms 67 68 provider.addAttributes("Cipher.RSA", generalRsaAttributes); 69 provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding"); 70 // Android-changed: Use an alias for RSA/RAW instead of a concrete implementation 71 provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA"); 72 // BEGIN Android-removed: Unsupported algorithms 73 /* 74 provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); 75 provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.rsaEncryption, PREFIX + "CipherSpi$PKCS1v1_5Padding"); 76 provider.addAlgorithm("Cipher", X509ObjectIdentifiers.id_ea_rsa, PREFIX + "CipherSpi$PKCS1v1_5Padding"); 77 provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); 78 provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); 79 provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); 80 provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); 81 provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); 82 */ 83 // END Android-removed: Unsupported algorithms 84 85 provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA"); 86 provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); 87 // BEGIN Android-removed: Unsupported algorithms 88 /* 89 provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); 90 provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); 91 provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); 92 */ 93 // END Android-removed: Unsupported algorithms 94 95 provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi"); 96 provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi"); 97 98 AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); 99 100 registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact); 101 registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact); 102 registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact); 103 // BEGIN Android-removed: Unsupported algorithms 104 /* 105 registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); 106 107 registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); 108 registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); 109 registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); 110 registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); 111 112 provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); 113 provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); 114 provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); 115 116 provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); 117 provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); 118 119 provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); 120 provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); 121 provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); 122 provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); 123 provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); 124 provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); 125 provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); 126 127 addPSSSignature(provider, "SHA224", PREFIX + "PSSSignatureSpi$SHA224withRSA"); 128 addPSSSignature(provider, "SHA256", PREFIX + "PSSSignatureSpi$SHA256withRSA"); 129 addPSSSignature(provider, "SHA384", PREFIX + "PSSSignatureSpi$SHA384withRSA"); 130 addPSSSignature(provider, "SHA512", PREFIX + "PSSSignatureSpi$SHA512withRSA"); 131 addPSSSignature(provider, "SHA512(224)", PREFIX + "PSSSignatureSpi$SHA512_224withRSA"); 132 addPSSSignature(provider, "SHA512(256)", PREFIX + "PSSSignatureSpi$SHA512_256withRSA"); 133 134 addPSSSignature(provider, "SHA3-224", PREFIX + "PSSSignatureSpi$SHA3_224withRSA"); 135 addPSSSignature(provider, "SHA3-256", PREFIX + "PSSSignatureSpi$SHA3_256withRSA"); 136 addPSSSignature(provider, "SHA3-384", PREFIX + "PSSSignatureSpi$SHA3_384withRSA"); 137 addPSSSignature(provider, "SHA3-512", PREFIX + "PSSSignatureSpi$SHA3_512withRSA"); 138 139 if (provider.hasAlgorithm("MessageDigest", "MD2")) 140 { 141 addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); 142 } 143 144 if (provider.hasAlgorithm("MessageDigest", "MD4")) 145 { 146 addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); 147 } 148 */ 149 // END Android-removed: Unsupported algorithms 150 151 if (provider.hasAlgorithm("MessageDigest", "MD5")) 152 { 153 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption); 154 // Android-removed: Unsupported algorithms 155 // addISO9796Signature(provider, "MD5", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); 156 } 157 158 if (provider.hasAlgorithm("MessageDigest", "SHA1")) 159 { 160 // BEGIN Android-removed: Unsupported algorithms 161 /* 162 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); 163 provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); 164 165 addPSSSignature(provider, "SHA1", PREFIX + "PSSSignatureSpi$SHA1withRSA"); 166 */ 167 // END Android-removed: Unsupported algorithms 168 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption); 169 // Android-removed: Unsupported algorithms 170 // addISO9796Signature(provider, "SHA1", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); 171 172 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); 173 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); 174 175 // BEGIN Android-removed: Unsupported algorithms 176 // addX931Signature(provider, "SHA1", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption"); 177 } 178 179 addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); 180 addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption); 181 addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption); 182 addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption); 183 // BEGIN Android-removed: Unsupported algorithms 184 /* 185 addDigestSignature(provider, "SHA512(224)", PREFIX + "DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption); 186 addDigestSignature(provider, "SHA512(256)", PREFIX + "DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption); 187 188 addDigestSignature(provider, "SHA3-224", PREFIX + "DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224); 189 addDigestSignature(provider, "SHA3-256", PREFIX + "DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256); 190 addDigestSignature(provider, "SHA3-384", PREFIX + "DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384); 191 addDigestSignature(provider, "SHA3-512", PREFIX + "DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512); 192 193 addISO9796Signature(provider, "SHA224", PREFIX + "ISOSignatureSpi$SHA224WithRSAEncryption"); 194 addISO9796Signature(provider, "SHA256", PREFIX + "ISOSignatureSpi$SHA256WithRSAEncryption"); 195 addISO9796Signature(provider, "SHA384", PREFIX + "ISOSignatureSpi$SHA384WithRSAEncryption"); 196 addISO9796Signature(provider, "SHA512", PREFIX + "ISOSignatureSpi$SHA512WithRSAEncryption"); 197 addISO9796Signature(provider, "SHA512(224)", PREFIX + "ISOSignatureSpi$SHA512_224WithRSAEncryption"); 198 addISO9796Signature(provider, "SHA512(256)", PREFIX + "ISOSignatureSpi$SHA512_256WithRSAEncryption"); 199 200 addX931Signature(provider, "SHA224", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption"); 201 addX931Signature(provider, "SHA256", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption"); 202 addX931Signature(provider, "SHA384", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption"); 203 addX931Signature(provider, "SHA512", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption"); 204 addX931Signature(provider, "SHA512(224)", PREFIX + "X931SignatureSpi$SHA512_224WithRSAEncryption"); 205 addX931Signature(provider, "SHA512(256)", PREFIX + "X931SignatureSpi$SHA512_256WithRSAEncryption"); 206 207 if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) 208 { 209 addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); 210 addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); 211 212 addX931Signature(provider, "RMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption"); 213 addX931Signature(provider, "RIPEMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption"); 214 } 215 216 if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) 217 { 218 addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); 219 addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); 220 provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); 221 provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); 222 223 addX931Signature(provider, "RMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption"); 224 addX931Signature(provider, "RIPEMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption"); 225 } 226 227 if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) 228 { 229 addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); 230 addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); 231 } 232 233 if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL")) 234 { 235 addISO9796Signature(provider, "Whirlpool", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption"); 236 addISO9796Signature(provider, "WHIRLPOOL", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption"); 237 addX931Signature(provider, "Whirlpool", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption"); 238 addX931Signature(provider, "WHIRLPOOL", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption"); 239 } 240 */ 241 // END Android-removed: Unsupported algorithms 242 } 243 244 private void addDigestSignature( 245 ConfigurableProvider provider, 246 String digest, 247 String className, 248 ASN1ObjectIdentifier oid) 249 { 250 String mainName = digest + "WITHRSA"; 251 String jdk11Variation1 = digest + "withRSA"; 252 String jdk11Variation2 = digest + "WithRSA"; 253 String alias = digest + "/" + "RSA"; 254 String longName = digest + "WITHRSAENCRYPTION"; 255 String longJdk11Variation1 = digest + "withRSAEncryption"; 256 String longJdk11Variation2 = digest + "WithRSAEncryption"; 257 258 provider.addAlgorithm("Signature." + mainName, className); 259 provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation1, mainName); 260 provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation2, mainName); 261 provider.addAlgorithm("Alg.Alias.Signature." + longName, mainName); 262 provider.addAlgorithm("Alg.Alias.Signature." + longJdk11Variation1, mainName); 263 provider.addAlgorithm("Alg.Alias.Signature." + longJdk11Variation2, mainName); 264 provider.addAlgorithm("Alg.Alias.Signature." + alias, mainName); 265 266 if (oid != null) 267 { 268 provider.addAlgorithm("Alg.Alias.Signature." + oid, mainName); 269 provider.addAlgorithm("Alg.Alias.Signature.OID." + oid, mainName); 270 } 271 } 272 273 private void addISO9796Signature( 274 ConfigurableProvider provider, 275 String digest, 276 String className) 277 { 278 provider.addAlgorithm("Alg.Alias.Signature." + digest + "withRSA/ISO9796-2", digest + "WITHRSA/ISO9796-2"); 279 provider.addAlgorithm("Alg.Alias.Signature." + digest + "WithRSA/ISO9796-2", digest + "WITHRSA/ISO9796-2"); 280 provider.addAlgorithm("Signature." + digest + "WITHRSA/ISO9796-2", className); 281 } 282 283 private void addPSSSignature( 284 ConfigurableProvider provider, 285 String digest, 286 String className) 287 { 288 provider.addAlgorithm("Alg.Alias.Signature." + digest + "withRSA/PSS", digest + "WITHRSAANDMGF1"); 289 provider.addAlgorithm("Alg.Alias.Signature." + digest + "WithRSA/PSS", digest + "WITHRSAANDMGF1"); 290 provider.addAlgorithm("Alg.Alias.Signature." + digest + "withRSAandMGF1", digest + "WITHRSAANDMGF1"); 291 provider.addAlgorithm("Alg.Alias.Signature." + digest + "WithRSAAndMGF1", digest + "WITHRSAANDMGF1"); 292 provider.addAlgorithm("Signature." + digest + "WITHRSAANDMGF1", className); 293 } 294 295 private void addX931Signature( 296 ConfigurableProvider provider, 297 String digest, 298 String className) 299 { 300 provider.addAlgorithm("Alg.Alias.Signature." + digest + "withRSA/X9.31", digest + "WITHRSA/X9.31"); 301 provider.addAlgorithm("Alg.Alias.Signature." + digest + "WithRSA/X9.31", digest + "WITHRSA/X9.31"); 302 provider.addAlgorithm("Signature." + digest + "WITHRSA/X9.31", className); 303 } 304 } 305 } 306