diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-147/org/bouncycastle/asn1/ASN1Null.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/ASN1Null.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/ASN1Null.java 2013-01-23 01:01:51.774746500 +0000 @@ -8,9 +8,11 @@ public abstract class ASN1Null extends ASN1Primitive { - public ASN1Null() + // BEGIN android-changed + /*package*/ ASN1Null() { } + // END android-changed public static ASN1Null getInstance(Object o) { diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERBoolean.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERBoolean.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERBoolean.java 2013-01-23 01:01:51.764746324 +0000 @@ -10,7 +10,9 @@ private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff }; private static final byte[] FALSE_VALUE = new byte[] { 0 }; - private byte[] value; + // BEGIN android-changed + final private byte[] value; + // END android-changed public static final ASN1Boolean FALSE = new ASN1Boolean(false); public static final ASN1Boolean TRUE = new ASN1Boolean(true); @@ -46,6 +48,17 @@ return (value ? TRUE : FALSE); } + // BEGIN android-added + /** + * return a DERBoolean from the passed in array. + */ + public static DERBoolean getInstance( + byte[] octets) + { + return (octets[0] != 0) ? TRUE : FALSE; + } + + // END android-added /** * return a Boolean from a tagged object. * @@ -71,7 +84,9 @@ } } - DERBoolean( + // BEGIN android-changed + protected DERBoolean( + // END android-changed byte[] value) { if (value.length != 1) @@ -93,8 +108,10 @@ } } - public DERBoolean( + // BEGIN android-changed + protected DERBoolean( boolean value) + // END android-changed { this.value = (value) ? TRUE_VALUE : FALSE_VALUE; } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERNull.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERNull.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERNull.java 2013-01-23 01:01:51.774746500 +0000 @@ -12,7 +12,9 @@ private static final byte[] zeroBytes = new byte[0]; - public DERNull() + // BEGIN android-changed + protected DERNull() + // END android-changed { } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERObjectIdentifier.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERObjectIdentifier.java 2013-01-23 01:01:51.784746676 +0000 @@ -117,7 +117,13 @@ } } - this.identifier = objId.toString(); + // BEGIN android-changed + /* + * Intern the identifier so there aren't hundreds of duplicates + * (in practice). + */ + this.identifier = objId.toString().intern(); + // END android-changed } public DERObjectIdentifier( @@ -128,7 +134,13 @@ throw new IllegalArgumentException("string " + identifier + " not an OID"); } - this.identifier = identifier; + // BEGIN android-changed + /* + * Intern the identifier so there aren't hundreds of duplicates + * (in practice). + */ + this.identifier = identifier.intern(); + // END android-changed } public String getId() diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERPrintableString.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERPrintableString.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERPrintableString.java 2013-01-23 01:01:51.854747908 +0000 @@ -12,7 +12,9 @@ extends ASN1Primitive implements ASN1String { - private byte[] string; + // BEGIN android-changed + private final byte[] string; + // END android-changed /** * return a printable string from the passed in object. diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-147/org/bouncycastle/asn1/cms/ContentInfo.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/cms/ContentInfo.java 2013-01-23 01:01:51.874748260 +0000 @@ -12,7 +12,9 @@ public class ContentInfo extends ASN1Object - implements CMSObjectIdentifiers + // BEGIN android-removed + // implements CMSObjectIdentifiers + // END android-removed { private ASN1ObjectIdentifier contentType; private ASN1Encodable content; diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2013-01-23 01:01:51.774746500 +0000 @@ -37,10 +37,13 @@ public static EncryptedPrivateKeyInfo getInstance( Object obj) { - if (obj instanceof EncryptedData) + // BEGIN android-changed + // fix copy and paste error in instanceof call + if (obj instanceof EncryptedPrivateKeyInfo) { return (EncryptedPrivateKeyInfo)obj; } + // END android-changed else if (obj != null) { return new EncryptedPrivateKeyInfo(ASN1Sequence.getInstance(obj)); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2013-01-23 01:01:51.774746500 +0000 @@ -10,8 +10,10 @@ // static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1"); static final ASN1ObjectIdentifier rsaEncryption = pkcs_1.branch("1"); - static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2"); - static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3"); + // BEGIN android-removed + // static final ASN1ObjectIdentifier md2WithRSAEncryption = pkcs_1.branch("2"); + // static final ASN1ObjectIdentifier md4WithRSAEncryption = pkcs_1.branch("3"); + // END android-removed static final ASN1ObjectIdentifier md5WithRSAEncryption = pkcs_1.branch("4"); static final ASN1ObjectIdentifier sha1WithRSAEncryption = pkcs_1.branch("5"); static final ASN1ObjectIdentifier srsaOAEPEncryptionSET = pkcs_1.branch("6"); @@ -22,7 +24,9 @@ static final ASN1ObjectIdentifier sha256WithRSAEncryption = pkcs_1.branch("11"); static final ASN1ObjectIdentifier sha384WithRSAEncryption = pkcs_1.branch("12"); static final ASN1ObjectIdentifier sha512WithRSAEncryption = pkcs_1.branch("13"); - static final ASN1ObjectIdentifier sha224WithRSAEncryption = pkcs_1.branch("14"); + // BEGIN android-removed + // static final ASN1ObjectIdentifier sha224WithRSAEncryption = pkcs_1.branch("14"); + // END android-removed // // pkcs-3 OBJECT IDENTIFIER ::= { @@ -65,13 +69,17 @@ // md2 OBJECT IDENTIFIER ::= // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2} // - static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2"); + // BEGIN android-removed + // static final ASN1ObjectIdentifier md2 = digestAlgorithm.branch("2"); + // END android-removed // // md4 OBJECT IDENTIFIER ::= // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4} // - static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4"); + // BEGIN android-removed + // static final ASN1ObjectIdentifier md4 = digestAlgorithm.branch("4"); + // END android-removed // // md5 OBJECT IDENTIFIER ::= @@ -80,7 +88,9 @@ static final ASN1ObjectIdentifier md5 = digestAlgorithm.branch("5"); static final ASN1ObjectIdentifier id_hmacWithSHA1 = digestAlgorithm.branch("7"); - static final ASN1ObjectIdentifier id_hmacWithSHA224 = digestAlgorithm.branch("8"); + // BEGIN android-removed + // static final ASN1ObjectIdentifier id_hmacWithSHA224 = digestAlgorithm.branch("8"); + // END android-removed static final ASN1ObjectIdentifier id_hmacWithSHA256 = digestAlgorithm.branch("9"); static final ASN1ObjectIdentifier id_hmacWithSHA384 = digestAlgorithm.branch("10"); static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11"); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2013-01-23 01:01:51.774746500 +0000 @@ -19,7 +19,9 @@ private AlgorithmIdentifier maskGenAlgorithm; private AlgorithmIdentifier pSourceAlgorithm; - public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); + // BEGIN android-changed + public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); + // END android-changed public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0])); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2013-01-23 01:01:51.774746500 +0000 @@ -22,7 +22,9 @@ private ASN1Integer saltLength; private ASN1Integer trailerField; - public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); + // BEGIN android-changed + public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); + // END android-changed public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); public final static ASN1Integer DEFAULT_SALT_LENGTH = new ASN1Integer(20); public final static ASN1Integer DEFAULT_TRAILER_FIELD = new ASN1Integer(1); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk15on-147/org/bouncycastle/asn1/util/ASN1Dump.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/util/ASN1Dump.java 2013-01-23 01:01:51.874748260 +0000 @@ -78,7 +78,9 @@ { Object o = e.nextElement(); - if (o == null || o.equals(new DERNull())) + // BEGIN android-changed + if (o == null || o.equals(DERNull.INSTANCE)) + // END android-changed { buf.append(tab); buf.append("NULL"); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AttCertIssuer.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AttCertIssuer.java 2013-01-23 01:01:51.784746676 +0000 @@ -46,7 +46,7 @@ ASN1TaggedObject obj, boolean explicit) { - return getInstance(obj.getObject()); // must be explictly tagged + return getInstance(obj.getObject()); // must be explicitly tagged } /** diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java 2013-01-23 01:01:51.804747028 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed /** * The AuthorityKeyIdentifier object. @@ -101,7 +103,9 @@ public AuthorityKeyIdentifier( SubjectPublicKeyInfo spki) { - Digest digest = new SHA1Digest(); + // BEGIN android-changed + Digest digest = AndroidDigestFactory.getSHA1(); + // END android-changed byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); @@ -119,7 +123,9 @@ GeneralNames name, BigInteger serialNumber) { - Digest digest = new SHA1Digest(); + // BEGIN android-changed + Digest digest = AndroidDigestFactory.getSHA1(); + // END android-changed byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/BasicConstraints.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/BasicConstraints.java 2013-01-23 01:01:51.804747028 +0000 @@ -14,7 +14,9 @@ public class BasicConstraints extends ASN1Object { - DERBoolean cA = new DERBoolean(false); + // BEGIN android-changed + DERBoolean cA = DERBoolean.FALSE; + // END android-changed ASN1Integer pathLenConstraint = null; public static BasicConstraints getInstance( @@ -81,7 +83,9 @@ { if (cA) { - this.cA = new DERBoolean(true); + // BEGIN android-changed + this.cA = DERBoolean.TRUE; + // END android-changed } else { @@ -98,7 +102,9 @@ public BasicConstraints( int pathLenConstraint) { - this.cA = new DERBoolean(true); + // BEGIN android-changed + this.cA = DERBoolean.TRUE; + // END android-changed this.pathLenConstraint = new ASN1Integer(pathLenConstraint); } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/CRLReason.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/CRLReason.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/CRLReason.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/CRLReason.java 2013-01-23 01:01:51.804747028 +0000 @@ -138,7 +138,9 @@ public static CRLReason lookup(int value) { - Integer idx = new Integer(value); + // BEGIN android-changed + Integer idx = Integer.valueOf(value); + // END android-changed if (!table.containsKey(idx)) { diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2013-01-23 01:01:51.804747028 +0000 @@ -96,11 +96,15 @@ } if (onlyContainsUserCerts) { - vec.add(new DERTaggedObject(false, 1, new DERBoolean(true))); + // BEGIN android-changed + vec.add(new DERTaggedObject(false, 1, DERBoolean.TRUE)); + // END android-changed } if (onlyContainsCACerts) { - vec.add(new DERTaggedObject(false, 2, new DERBoolean(true))); + // BEGIN android-changed + vec.add(new DERTaggedObject(false, 2, DERBoolean.TRUE)); + // END android-changed } if (onlySomeReasons != null) { @@ -108,11 +112,15 @@ } if (indirectCRL) { - vec.add(new DERTaggedObject(false, 4, new DERBoolean(true))); + // BEGIN android-changed + vec.add(new DERTaggedObject(false, 4, DERBoolean.TRUE)); + // END android-changed } if (onlyContainsAttributeCerts) { - vec.add(new DERTaggedObject(false, 5, new DERBoolean(true))); + // BEGIN android-changed + vec.add(new DERTaggedObject(false, 5, DERBoolean.TRUE)); + // END android-changed } seq = new DERSequence(vec); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java 2013-01-23 01:01:51.804747028 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed /** * The SubjectKeyIdentifier object. @@ -119,7 +121,9 @@ private static byte[] getDigest(SubjectPublicKeyInfo spki) { - Digest digest = new SHA1Digest(); + // BEGIN android-changed + Digest digest = AndroidDigestFactory.getSHA1(); + // END android-changed byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Extensions.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Extensions.java 2013-01-23 01:01:51.784746676 +0000 @@ -408,7 +408,9 @@ if (ext.isCritical()) { - v.add(new DERBoolean(true)); + // BEGIN android-changed + v.add(DERBoolean.TRUE); + // END android-changed } v.add(ext.getValue()); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Name.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Name.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Name.java 2013-01-23 01:01:51.794746852 +0000 @@ -255,8 +255,10 @@ */ public static final Hashtable SymbolLookUp = DefaultLookUp; - private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility - private static final Boolean FALSE = new Boolean(false); + // BEGIN android-changed + private static final Boolean TRUE = Boolean.TRUE; + private static final Boolean FALSE = Boolean.FALSE; + // END android-changed static { @@ -445,7 +447,9 @@ throw new IllegalArgumentException("cannot encode value"); } } - added.addElement((i != 0) ? TRUE : FALSE); // to allow earlier JDK compatibility + // BEGIN android-changed + added.addElement(Boolean.valueOf(i != 0)); + // END android-changed } } } @@ -702,7 +706,9 @@ if (index == -1) { - throw new IllegalArgumentException("badly formated directory string"); + // BEGIN android-changed + throw new IllegalArgumentException("badly formatted directory string"); + // END android-changed } String name = token.substring(0, index); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509NameTokenizer.java --- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2013-01-23 01:01:51.784746676 +0000 @@ -58,6 +58,17 @@ } else { + // BEGIN android-added + // copied from a newer version of BouncyCastle + if (c == '#' && buf.charAt(buf.length() - 1) == '=') + { + buf.append('\\'); + } + else if (c == '+' && seperator != '+') + { + buf.append('\\'); + } + // END android-added buf.append(c); } escaped = false; diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/PBEParametersGenerator.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/PBEParametersGenerator.java 2013-01-23 01:01:51.934749316 +0000 @@ -136,7 +136,8 @@ public static byte[] PKCS12PasswordToBytes( char[] password) { - if (password.length > 0) + // BEGIN android-changed + if (password != null && password.length > 0) { // +1 for extra 2 pad bytes. byte[] bytes = new byte[(password.length + 1) * 2]; @@ -153,5 +154,6 @@ { return new byte[0]; } + // END android-changed } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactory.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 1970-01-01 00:00:00.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactory.java 2013-01-23 01:01:51.934749316 +0000 @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bouncycastle.crypto.digests; + +import org.bouncycastle.crypto.Digest; + +/** + * Level of indirection to let us select OpenSSLDigest implementations + * for libcore but fallback to BouncyCastle ones on the RI. + */ +public final class AndroidDigestFactory { + private static final String OpenSSLFactoryClassName + = AndroidDigestFactory.class.getName() + "OpenSSL"; + private static final String BouncyCastleFactoryClassName + = AndroidDigestFactory.class.getName() + "BouncyCastle"; + + private static final AndroidDigestFactoryInterface FACTORY; + static { + Class factoryImplementationClass; + try { + factoryImplementationClass = Class.forName(OpenSSLFactoryClassName); + } catch (ClassNotFoundException e1) { + try { + factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName); + } catch (ClassNotFoundException e2) { + throw new AssertionError("Failed to find AndroidDigestFactoryInterface " + + "implementation. Looked for " + + OpenSSLFactoryClassName + " and " + + BouncyCastleFactoryClassName); + } + } + if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) { + throw new AssertionError(factoryImplementationClass + + "does not implement AndroidDigestFactoryInterface"); + } + try { + FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance(); + } catch (InstantiationException e) { + throw new AssertionError(e); + } catch (IllegalAccessException e) { + throw new AssertionError(e); + } + } + + public static Digest getMD5() { + return FACTORY.getMD5(); + } + + public static Digest getSHA1() { + return FACTORY.getSHA1(); + } + + public static Digest getSHA256() { + return FACTORY.getSHA256(); + } + + public static Digest getSHA384() { + return FACTORY.getSHA384(); + } + + public static Digest getSHA512() { + return FACTORY.getSHA512(); + } +} diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 1970-01-01 00:00:00.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java 2013-01-23 01:01:51.934749316 +0000 @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bouncycastle.crypto.digests; + +import org.bouncycastle.crypto.Digest; + +public class AndroidDigestFactoryBouncyCastle implements AndroidDigestFactoryInterface { + public Digest getMD5() { + return new MD5Digest(); + } + public Digest getSHA1() { + return new SHA1Digest(); + } + public Digest getSHA256() { + return new SHA256Digest(); + } + public Digest getSHA384() { + return new SHA384Digest(); + } + public Digest getSHA512() { + return new SHA512Digest(); + } +} diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 1970-01-01 00:00:00.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java 2013-01-23 01:01:51.934749316 +0000 @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bouncycastle.crypto.digests; + +import org.bouncycastle.crypto.Digest; + +interface AndroidDigestFactoryInterface { + public Digest getMD5(); + public Digest getSHA1(); + public Digest getSHA256(); + public Digest getSHA384(); + public Digest getSHA512(); +} diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 1970-01-01 00:00:00.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java 2013-01-23 01:01:51.934749316 +0000 @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bouncycastle.crypto.digests; + +import org.bouncycastle.crypto.Digest; + +public class AndroidDigestFactoryOpenSSL implements AndroidDigestFactoryInterface { + public Digest getMD5() { + return new OpenSSLDigest.MD5(); + } + public Digest getSHA1() { + return new OpenSSLDigest.SHA1(); + } + public Digest getSHA256() { + return new OpenSSLDigest.SHA256(); + } + public Digest getSHA384() { + return new OpenSSLDigest.SHA384(); + } + public Digest getSHA512() { + return new OpenSSLDigest.SHA512(); + } +} diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/OpenSSLDigest.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2013-01-23 01:01:51.934749316 +0000 @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bouncycastle.crypto.digests; + +import org.apache.harmony.xnet.provider.jsse.NativeCrypto; +import org.bouncycastle.crypto.ExtendedDigest; + +/** + * Implements the BouncyCastle Digest interface using OpenSSL's EVP API. + */ +public class OpenSSLDigest implements ExtendedDigest { + + /** + * Holds the standard name of the hashing algorithm, e.g. "SHA-1"; + */ + private final String algorithm; + + /** + * Holds the EVP_MD for the hashing algorithm, e.g. EVP_get_digestbyname("sha1"); + */ + private final int evp_md; + + /** + * Holds the output size of the message digest. + */ + private final int size; + + /** + * Holds the block size of the message digest. + */ + private final int blockSize; + + /** + * Holds a pointer to the native message digest context. It is + * lazily initialized to avoid having to reallocate on reset when + * its unlikely to be reused. + */ + private int ctx; + + /** + * Holds a dummy buffer for writing single bytes to the digest. + */ + private final byte[] singleByte = new byte[1]; + + /** + * Creates a new OpenSSLMessageDigest instance for the given algorithm + * name. + */ + private OpenSSLDigest(String algorithm, int evp_md, int size, int blockSize) { + this.algorithm = algorithm; + this.evp_md = evp_md; + this.size = size; + this.blockSize = blockSize; + } + + public String getAlgorithmName() { + return algorithm; + } + + public int getDigestSize() { + return size; + } + + public int getByteLength() { + return blockSize; + } + + public void reset() { + free(); + } + + public void update(byte in) { + singleByte[0] = in; + update(singleByte, 0, 1); + } + + public void update(byte[] in, int inOff, int len) { + NativeCrypto.EVP_DigestUpdate(getCtx(), in, inOff, len); + } + + public int doFinal(byte[] out, int outOff) { + int i = NativeCrypto.EVP_DigestFinal(getCtx(), out, outOff); + ctx = 0; // EVP_DigestFinal frees the context as a side effect + reset(); + return i; + } + + private int getCtx() { + if (ctx == 0) { + ctx = NativeCrypto.EVP_DigestInit(evp_md); + } + return ctx; + } + + private void free() { + if (ctx != 0) { + NativeCrypto.EVP_MD_CTX_destroy(ctx); + ctx = 0; + } + } + + @Override + protected void finalize() throws Throwable { + try { + free(); + } finally { + super.finalize(); + } + } + + public static class MD5 extends OpenSSLDigest { + private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("md5"); + private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); + private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD); + public MD5() { super("MD5", EVP_MD, SIZE, BLOCK_SIZE); } + } + + public static class SHA1 extends OpenSSLDigest { + private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1"); + private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); + private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD); + public SHA1() { super("SHA-1", EVP_MD, SIZE, BLOCK_SIZE); } + } + + public static class SHA256 extends OpenSSLDigest { + private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256"); + private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); + private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD); + public SHA256() { super("SHA-256", EVP_MD, SIZE, BLOCK_SIZE); } + } + + public static class SHA384 extends OpenSSLDigest { + private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384"); + private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); + private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD); + public SHA384() { super("SHA-384", EVP_MD, SIZE, BLOCK_SIZE); } + } + + public static class SHA512 extends OpenSSLDigest { + private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512"); + private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); + private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD); + public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); } + } +} diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/OAEPEncoding.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/OAEPEncoding.java 2013-01-23 01:01:51.934749316 +0000 @@ -4,7 +4,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed import org.bouncycastle.crypto.params.ParametersWithRandom; import java.security.SecureRandom; @@ -26,7 +28,9 @@ public OAEPEncoding( AsymmetricBlockCipher cipher) { - this(cipher, new SHA1Digest(), null); + // BEGIN android-changed + this(cipher, AndroidDigestFactory.getSHA1(), null); + // END android-changed } public OAEPEncoding( diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/PKCS1Encoding.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/PKCS1Encoding.java 2013-01-23 01:01:51.934749316 +0000 @@ -206,6 +206,12 @@ { throw new InvalidCipherTextException("unknown block type"); } + // BEGIN android-added + if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey)) + { + throw new InvalidCipherTextException("invalid block type " + type); + } + // END android-added if (useStrictLength && block.length != engine.getOutputBlockSize()) { diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-147/org/bouncycastle/crypto/engines/DESedeWrapEngine.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/engines/DESedeWrapEngine.java 2013-01-23 01:01:51.904748788 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -52,7 +54,9 @@ // // checksum digest // - Digest sha1 = new SHA1Digest(); + // BEGIN android-changed + Digest sha1 = AndroidDigestFactory.getSHA1(); + // END android-changed byte[] digest = new byte[20]; /** diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DHParametersHelper.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DHParametersHelper.java 2013-01-23 01:01:51.934749316 +0000 @@ -3,10 +3,17 @@ import java.math.BigInteger; import java.security.SecureRandom; +// BEGIN android-added +import java.util.logging.Logger; +// END android-added import org.bouncycastle.util.BigIntegers; class DHParametersHelper { + // BEGIN android-added + private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName()); + // END android-added + private static final BigInteger ONE = BigInteger.valueOf(1); private static final BigInteger TWO = BigInteger.valueOf(2); @@ -17,11 +24,19 @@ */ static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random) { + // BEGIN android-added + logger.info("Generating safe primes. This may take a long time."); + long start = System.currentTimeMillis(); + int tries = 0; + // END android-added BigInteger p, q; int qLength = size - 1; for (;;) { + // BEGIN android-added + tries++; + // END android-added q = new BigInteger(qLength, 2, random); // p <- 2q + 1 @@ -32,6 +47,11 @@ break; } } + // BEGIN android-added + long end = System.currentTimeMillis(); + long duration = end - start; + logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms"); + // END android-added return new BigInteger[] { p, q }; } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DSAParametersGenerator.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DSAParametersGenerator.java 2013-01-23 01:01:51.934749316 +0000 @@ -1,8 +1,9 @@ package org.bouncycastle.crypto.generators; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed import org.bouncycastle.crypto.params.DSAParameters; import org.bouncycastle.crypto.params.DSAValidationParameters; import org.bouncycastle.util.Arrays; @@ -75,7 +76,9 @@ byte[] part1 = new byte[20]; byte[] part2 = new byte[20]; byte[] u = new byte[20]; - SHA1Digest sha1 = new SHA1Digest(); + // BEGIN android-changed + Digest sha1 = AndroidDigestFactory.getSHA1(); + // END android-changed int n = (L - 1) / 160; byte[] w = new byte[L / 8]; @@ -166,7 +169,9 @@ { // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function // FIXME This should be configurable (digest size in bits must be >= N) - Digest d = new SHA256Digest(); + // BEGIN android-changed + Digest d = AndroidDigestFactory.getSHA256(); + // END android-changed int outlen = d.getDigestSize() * 8; // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java 2013-01-23 01:01:51.934749316 +0000 @@ -3,7 +3,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.MD5Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -17,7 +19,9 @@ public class OpenSSLPBEParametersGenerator extends PBEParametersGenerator { - private Digest digest = new MD5Digest(); + // BEGIN android-changed + private Digest digest = AndroidDigestFactory.getMD5(); + // END android-changed /** * Construct a OpenSSL Parameters generator. diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java 2013-01-23 01:01:51.934749316 +0000 @@ -4,7 +4,9 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Mac; import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-changed +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-changed import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -27,7 +29,9 @@ */ public PKCS5S2ParametersGenerator() { - this(new SHA1Digest()); + // BEGIN android-changed + this(AndroidDigestFactory.getSHA1()); + // END android-changed } public PKCS5S2ParametersGenerator(Digest digest) diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-147/org/bouncycastle/crypto/macs/HMac.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/macs/HMac.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/macs/HMac.java 2013-01-23 01:01:51.934749316 +0000 @@ -32,23 +32,31 @@ { blockLengths = new Hashtable(); - blockLengths.put("GOST3411", new Integer(32)); + // BEGIN android-removed + // blockLengths.put("GOST3411", Integer.valueOf(32)); + // + // blockLengths.put("MD2", Integer.valueOf(16)); + // blockLengths.put("MD4", Integer.valueOf(64)); + // END android-removed + blockLengths.put("MD5", Integer.valueOf(64)); - blockLengths.put("MD2", new Integer(16)); - blockLengths.put("MD4", new Integer(64)); - blockLengths.put("MD5", new Integer(64)); + // BEGIN android-removed + // blockLengths.put("RIPEMD128", Integer.valueOf(64)); + // blockLengths.put("RIPEMD160", Integer.valueOf(64)); + // END android-removed - blockLengths.put("RIPEMD128", new Integer(64)); - blockLengths.put("RIPEMD160", new Integer(64)); + blockLengths.put("SHA-1", Integer.valueOf(64)); + // BEGIN android-removed + // blockLengths.put("SHA-224", Integer.valueOf(64)); + // END android-removed + blockLengths.put("SHA-256", Integer.valueOf(64)); + blockLengths.put("SHA-384", Integer.valueOf(128)); + blockLengths.put("SHA-512", Integer.valueOf(128)); - blockLengths.put("SHA-1", new Integer(64)); - blockLengths.put("SHA-224", new Integer(64)); - blockLengths.put("SHA-256", new Integer(64)); - blockLengths.put("SHA-384", new Integer(128)); - blockLengths.put("SHA-512", new Integer(128)); - - blockLengths.put("Tiger", new Integer(64)); - blockLengths.put("Whirlpool", new Integer(64)); + // BEGIN android-removed + // blockLengths.put("Tiger", Integer.valueOf(64)); + // blockLengths.put("Whirlpool", Integer.valueOf(64)); + // END android-removed } private static int getByteLength( diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-147/org/bouncycastle/crypto/signers/RSADigestSigner.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/signers/RSADigestSigner.java 2013-01-23 01:01:51.934749316 +0000 @@ -39,18 +39,24 @@ */ static { - oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); - oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); - oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); + // BEGIN android-removed + // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128); + // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160); + // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256); + // END android-removed oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1); - oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); + // BEGIN android-removed + // oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224); + // END android-removed oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256); oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384); oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512); - oidMap.put("MD2", PKCSObjectIdentifiers.md2); - oidMap.put("MD4", PKCSObjectIdentifiers.md4); + // BEGIN android-removed + // oidMap.put("MD2", PKCSObjectIdentifiers.md2); + // oidMap.put("MD4", PKCSObjectIdentifiers.md4); + // END android-removed oidMap.put("MD5", PKCSObjectIdentifiers.md5); } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/util/PrivateKeyFactory.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2013-01-23 01:01:51.944749492 +0000 @@ -11,7 +11,9 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.oiw.ElGamalParameter; +// BEGIN android-removed +// import org.bouncycastle.asn1.oiw.ElGamalParameter; +// END android-removed import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.DHParameter; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -19,7 +21,9 @@ import org.bouncycastle.asn1.pkcs.RSAPrivateKey; import org.bouncycastle.asn1.sec.ECPrivateKey; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DSAParameter; import org.bouncycastle.asn1.x9.X962NamedCurves; @@ -33,8 +37,10 @@ import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.crypto.params.ElGamalParameters; -import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.ElGamalParameters; +// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; +// END android-removed import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; /** @@ -100,14 +106,16 @@ return new DHPrivateKeyParameters(derX.getValue(), dhParams); } - else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) - { - ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); - DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); - - return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters( - params.getP(), params.getG())); - } + // BEGIN android-removed + // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) + // { + // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); + // DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); + // + // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters( + // params.getP(), params.getG())); + // } + // END android-removed else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)) { DERInteger derX = (DERInteger)keyInfo.parsePrivateKey(); @@ -140,10 +148,12 @@ { x9 = NISTNamedCurves.getByOID(oid); - if (x9 == null) - { - x9 = TeleTrusTNamedCurves.getByOID(oid); - } + // BEGIN android-removed + // if (x9 == null) + // { + // x9 = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed } } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/util/PublicKeyFactory.java --- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/crypto/util/PublicKeyFactory.java 2013-01-23 01:01:51.944749492 +0000 @@ -13,13 +13,17 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.oiw.ElGamalParameter; +// BEGIN android-removed +// import org.bouncycastle.asn1.oiw.ElGamalParameter; +// END android-removed import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.DHParameter; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSAPublicKey; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DSAParameter; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -40,8 +44,10 @@ import org.bouncycastle.crypto.params.DSAPublicKeyParameters; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.crypto.params.ElGamalParameters; -import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.ElGamalParameters; +// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; +// END android-removed import org.bouncycastle.crypto.params.RSAKeyParameters; /** @@ -135,14 +141,16 @@ return new DHPublicKeyParameters(derY.getValue(), dhParams); } - else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) - { - ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); - DERInteger derY = (DERInteger)keyInfo.parsePublicKey(); - - return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters( - params.getP(), params.getG())); - } + // BEGIN android-removed + // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm)) + // { + // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters()); + // DERInteger derY = (DERInteger)keyInfo.parsePublicKey(); + // + // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters( + // params.getP(), params.getG())); + // } + // END android-removed else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa) || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1)) { @@ -177,10 +185,12 @@ { x9 = NISTNamedCurves.getByOID(oid); - if (x9 == null) - { - x9 = TeleTrusTNamedCurves.getByOID(oid); - } + // BEGIN android-removed + // if (x9 == null) + // { + // x9 = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed } } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/DSA.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/DSA.java 2013-01-23 01:01:51.724745620 +0000 @@ -27,26 +27,34 @@ provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); - provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA"); + // BEGIN android-changed + provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA"); + // END android-changed provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA"); provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); - addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); - addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); - addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); - addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); - - provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); + // BEGIN android-removed + // addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); + // addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); + // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); + // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); + // END android-removed + + // BEGIN android-added + provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA"); + // END android-added + // BEGIN android-changed + provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); + provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); + // END android-changed AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/EC.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/EC.java 2013-01-23 01:01:51.674744740 +0000 @@ -1,7 +1,9 @@ package org.bouncycastle.jcajce.provider.asymmetric; -import org.bouncycastle.asn1.eac.EACObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.eac.EACObjectIdentifiers; +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; @@ -21,33 +23,43 @@ public void configure(ConfigurableProvider provider) { provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH"); - provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); - provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); - provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); - provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); + // BEGIN android-removed + // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); + // provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); + // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); + // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); + // END android-removed registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC()); // TODO Should this be an alias for ECDH? registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC()); - registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); - - registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); - // TODO Should this be an alias for ECDH? - registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); - registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); + // BEGIN android-removed + // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); + // END android-removed + + // BEGIN android-removed + // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); + // // TODO Should this be an alias for ECDH? + // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); + // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); + // END android-removed provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC"); - provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); - provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); - provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); - provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); + // BEGIN android-removed + // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); + // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); + // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); + // provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); + // END android-removed provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC"); - provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); - provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); - provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); - provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); - provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); + // BEGIN android-removed + // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); + // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); + // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); + // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); + // provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); + // END android-removed provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA"); provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone"); @@ -59,23 +71,29 @@ provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); - - addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); + // END android-removed + + // BEGIN android-removed + // addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); + // END android-removed addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); - addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); - - provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); - provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); - provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); - provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); - provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); - - addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); - addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); - addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + // BEGIN android-removed + // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); + // + // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); + // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); + // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); + // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); + // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); + // + // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); + // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); + // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); + // END android-removed } } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/RSA.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 2013-01-23 01:01:51.674744740 +0000 @@ -3,7 +3,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; @@ -24,41 +26,49 @@ public void configure(ConfigurableProvider provider) { provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP"); - provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); + // + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); + // + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); + // + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); + // END android-removed provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding"); - provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding"); - provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); - provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); - provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); - provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); - provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); - provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); - provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); - provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); + // BEGIN android-changed + provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA"); + // END android-changed + // BEGIN android-removed + // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); + // provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); + // provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); + // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); + // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); + // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); + // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); + // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); + // END android-removed provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA"); provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); - provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); - provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); - provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); + // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); + // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); + // END android-removed provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi"); provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi"); @@ -68,101 +78,117 @@ registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact); registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact); registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact); - registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); - - registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); - registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); - registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); - registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); - - - provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); - provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); - provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); - - provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); - provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); - provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); - provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); - - provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); - provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); - - provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); - provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); - - - provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS"); - - if (provider.hasAlgorithm("MessageDigest", "MD2")) - { - addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); - } - - if (provider.hasAlgorithm("MessageDigest", "MD2")) - { - addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); - } - - if (provider.hasAlgorithm("MessageDigest", "MD2")) + // BEGIN android-removed + // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); + // + // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); + // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); + // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); + // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); + // + // + // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); + // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); + // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); + // + // provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); + // provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); + // provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); + // provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); + // + // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); + // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); + // + // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); + // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); + // + // + // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS"); + // + // if (provider.hasAlgorithm("MessageDigest", "MD2")) + // { + // addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); + // } + // + // // BEGIN android-changed + // if (provider.hasAlgorithm("MessageDigest", "MD4")) + // // END android-changed + // { + // addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); + // } + // END android-removed + + // BEGIN android-changed + if (provider.hasAlgorithm("MessageDigest", "MD5")) + // END android-changed { addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption); - provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); - provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); + // BEGIN android-removed + // provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); + // provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); + // END android-removed } if (provider.hasAlgorithm("MessageDigest", "SHA1")) { - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); + // provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); + // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); + // END android-removed addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); - provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); + // BEGIN android-removed + // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); + // provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); + // END android-removed provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); } - addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // BEGIN android-removed + // addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // END android-removed addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption); addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption); addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption); - if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) - { - addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); - } - - if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) - { - addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); - provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); - provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); - } - - if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) - { - addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); - } + // BEGIN android-removed + // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) + // { + // addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); + // addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); + // } + // + // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) + // { + // addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); + // addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); + // provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); + // provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); + // } + // + // if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) + // { + // addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); + // } + // END android-removed } private void addDigestSignature( diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/X509.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/X509.java 2013-01-23 01:01:51.724745620 +0000 @@ -18,8 +18,10 @@ public void configure(ConfigurableProvider provider) { - provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); - provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); + // BEGIN android-removed + // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); + // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); + // END android-removed // // certificate factories. diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java 2013-01-23 01:01:51.714745444 +0000 @@ -35,10 +35,12 @@ static { - Integer i64 = new Integer(64); - Integer i192 = new Integer(192); - Integer i128 = new Integer(128); - Integer i256 = new Integer(256); + // BEGIN android-changed + Integer i64 = Integer.valueOf(64); + Integer i192 = Integer.valueOf(192); + Integer i128 = Integer.valueOf(128); + Integer i256 = Integer.valueOf(256); + // END android-changed algorithms.put("DES", i64); algorithms.put("DESEDE", i192); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java 2013-01-23 01:01:51.704745268 +0000 @@ -63,7 +63,9 @@ { if (!initialised) { - Integer paramStrength = new Integer(strength); + // BEGIN android-changed + Integer paramStrength = Integer.valueOf(strength); + // END android-changed if (params.containsKey(paramStrength)) { diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java 2013-01-23 01:01:51.724745620 +0000 @@ -23,11 +23,16 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; +// END android-removed import org.bouncycastle.crypto.params.ParametersWithRandom; public class DSASigner @@ -228,45 +233,49 @@ { public stdDSA() { - super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner()); + // BEGIN android-changed + super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner()); + // END android-changed } } - static public class dsa224 - extends DSASigner - { - public dsa224() - { - super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class dsa256 - extends DSASigner - { - public dsa256() - { - super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class dsa384 - extends DSASigner - { - public dsa384() - { - super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class dsa512 - extends DSASigner - { - public dsa512() - { - super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } + // BEGIN android-removed + // static public class dsa224 + // extends DSASigner + // { + // public dsa224() + // { + // super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); + // } + // } + // + // static public class dsa256 + // extends DSASigner + // { + // public dsa256() + // { + // super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); + // } + // } + // + // static public class dsa384 + // extends DSASigner + // { + // public dsa384() + // { + // super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); + // } + // } + // + // static public class dsa512 + // extends DSASigner + // { + // public dsa512() + // { + // super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); + // } + // } + // END android-removed static public class noneDSA extends DSASigner diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java 2013-01-23 01:01:51.704745268 +0000 @@ -19,8 +19,10 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// END android-removed import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -222,21 +224,23 @@ ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - if (ecP == null) // GOST Curve - { - ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(oid), - ellipticCurve, - new ECPoint( - gParam.getG().getX().toBigInteger(), - gParam.getG().getY().toBigInteger()), - gParam.getN(), - gParam.getH()); - } - else + // BEGIN android-removed + // if (ecP == null) // GOST Curve + // { + // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); + // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); + // + // ecSpec = new ECNamedCurveSpec( + // ECGOST3410NamedCurves.getName(oid), + // ellipticCurve, + // new ECPoint( + // gParam.getG().getX().toBigInteger(), + // gParam.getG().getY().toBigInteger()), + // gParam.getN(), + // gParam.getH()); + // } + // else + // END android-removed { EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); @@ -350,11 +354,13 @@ try { - if (algorithm.equals("ECGOST3410")) - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } - else + // BEGIN android-removed + // if (algorithm.equals("ECGOST3410")) + // { + // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + // } + // else + // END android-removed { info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java 2013-01-23 01:01:51.704745268 +0000 @@ -5,10 +5,14 @@ import java.security.PublicKey; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// END android-removed import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// END android-removed import org.bouncycastle.asn1.x9.X962NamedCurves; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; @@ -166,14 +170,16 @@ { oid = NISTNamedCurves.getOID(name); } - if (oid == null) - { - oid = TeleTrusTNamedCurves.getOID(name); - } - if (oid == null) - { - oid = ECGOST3410NamedCurves.getOID(name); - } + // BEGIN android-removed + // if (oid == null) + // { + // oid = TeleTrusTNamedCurves.getOID(name); + // } + // if (oid == null) + // { + // oid = ECGOST3410NamedCurves.getOID(name); + // } + // END android-removed } return oid; @@ -191,10 +197,12 @@ { params = NISTNamedCurves.getByOID(oid); } - if (params == null) - { - params = TeleTrusTNamedCurves.getByOID(oid); - } + // BEGIN android-removed + // if (params == null) + // { + // params = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed } return params; @@ -212,14 +220,16 @@ { name = NISTNamedCurves.getName(oid); } - if (name == null) - { - name = TeleTrusTNamedCurves.getName(oid); - } - if (name == null) - { - name = ECGOST3410NamedCurves.getName(oid); - } + // BEGIN android-removed + // if (name == null) + // { + // name = TeleTrusTNamedCurves.getName(oid); + // } + // if (name == null) + // { + // name = ECGOST3410NamedCurves.getName(oid); + // } + // END android-removed } return name; diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java 2013-01-23 01:01:51.704745268 +0000 @@ -23,20 +23,26 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DerivationFunction; import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; -import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; -import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; -import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; -import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; +// BEGIN android-removed +// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; +// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; +// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; +// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; +// END android-removed import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.crypto.params.MQVPrivateParameters; -import org.bouncycastle.crypto.params.MQVPublicParameters; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.MQVPrivateParameters; +// import org.bouncycastle.crypto.params.MQVPublicParameters; +// END android-removed import org.bouncycastle.jce.interfaces.ECPrivateKey; import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.MQVPrivateKey; -import org.bouncycastle.jce.interfaces.MQVPublicKey; +// BEGIN android-removed +// import org.bouncycastle.jce.interfaces.MQVPrivateKey; +// import org.bouncycastle.jce.interfaces.MQVPublicKey; +// END android-removed /** * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363 @@ -52,9 +58,11 @@ static { - Integer i128 = new Integer(128); - Integer i192 = new Integer(192); - Integer i256 = new Integer(256); + // BEGIN android-changed + Integer i128 = Integer.valueOf(128); + Integer i192 = Integer.valueOf(192); + Integer i256 = Integer.valueOf(256); + // END android-changed algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128); algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192); @@ -69,7 +77,9 @@ private BigInteger result; private ECDomainParameters parameters; private BasicAgreement agreement; - private DerivationFunction kdf; + // BEGIN android-removed + // private DerivationFunction kdf; + // END android-removed private byte[] bigIntToBytes( BigInteger r) @@ -84,7 +94,9 @@ { this.kaAlgorithm = kaAlgorithm; this.agreement = agreement; - this.kdf = kdf; + // BEGIN android-removed + // this.kdf = kdf; + // END android-removed } protected Key engineDoPhase( @@ -103,25 +115,27 @@ } CipherParameters pubKey; - if (agreement instanceof ECMQVBasicAgreement) - { - if (!(key instanceof MQVPublicKey)) - { - throw new InvalidKeyException(kaAlgorithm + " key agreement requires " - + getSimpleName(MQVPublicKey.class) + " for doPhase"); - } - - MQVPublicKey mqvPubKey = (MQVPublicKey)key; - ECPublicKeyParameters staticKey = (ECPublicKeyParameters) - ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); - ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) - ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); - - pubKey = new MQVPublicParameters(staticKey, ephemKey); - - // TODO Validate that all the keys are using the same parameters? - } - else + // BEGIN android-removed + // if (agreement instanceof ECMQVBasicAgreement) + // { + // if (!(key instanceof MQVPublicKey)) + // { + // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " + // + getSimpleName(MQVPublicKey.class) + " for doPhase"); + // } + // + // MQVPublicKey mqvPubKey = (MQVPublicKey)key; + // ECPublicKeyParameters staticKey = (ECPublicKeyParameters) + // ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); + // ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) + // ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); + // + // pubKey = new MQVPublicParameters(staticKey, ephemKey); + // + // // TODO Validate that all the keys are using the same parameters? + // } + // else + // END android-removed { if (!(key instanceof ECPublicKey)) { @@ -142,11 +156,13 @@ protected byte[] engineGenerateSecret() throws IllegalStateException { - if (kdf != null) - { - throw new UnsupportedOperationException( - "KDF can only be used when algorithm is known"); - } + // BEGIN android-removed + // if (kdf != null) + // { + // throw new UnsupportedOperationException( + // "KDF can only be used when algorithm is known"); + // } + // END android-removed return bigIntToBytes(result); } @@ -174,23 +190,25 @@ { byte[] secret = bigIntToBytes(result); - if (kdf != null) - { - if (!algorithms.containsKey(algorithm)) - { - throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); - } - - int keySize = ((Integer)algorithms.get(algorithm)).intValue(); - - DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret); - - byte[] keyBytes = new byte[keySize / 8]; - kdf.init(params); - kdf.generateBytes(keyBytes, 0, keyBytes.length); - secret = keyBytes; - } - else + // BEGIN android-removed + // if (kdf != null) + // { + // if (!algorithms.containsKey(algorithm)) + // { + // throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); + // } + // + // int keySize = ((Integer)algorithms.get(algorithm)).intValue(); + // + // DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret); + // + // byte[] keyBytes = new byte[keySize / 8]; + // kdf.init(params); + // kdf.generateBytes(keyBytes, 0, keyBytes.length); + // secret = keyBytes; + // } + // else + // END android-removed { // TODO Should we be ensuring the key is the right length? } @@ -218,35 +236,37 @@ private void initFromKey(Key key) throws InvalidKeyException { - if (agreement instanceof ECMQVBasicAgreement) - { - if (!(key instanceof MQVPrivateKey)) - { - throw new InvalidKeyException(kaAlgorithm + " key agreement requires " - + getSimpleName(MQVPrivateKey.class) + " for initialisation"); - } - - MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; - ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) - ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); - ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) - ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); - - ECPublicKeyParameters ephemPubKey = null; - if (mqvPrivKey.getEphemeralPublicKey() != null) - { - ephemPubKey = (ECPublicKeyParameters) - ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); - } - - MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); - this.parameters = staticPrivKey.getParameters(); - - // TODO Validate that all the keys are using the same parameters? - - agreement.init(localParams); - } - else + // BEGIN android-removed + // if (agreement instanceof ECMQVBasicAgreement) + // { + // if (!(key instanceof MQVPrivateKey)) + // { + // throw new InvalidKeyException(kaAlgorithm + " key agreement requires " + // + getSimpleName(MQVPrivateKey.class) + " for initialisation"); + // } + // + // MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; + // ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) + // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); + // ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) + // ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); + // + // ECPublicKeyParameters ephemPubKey = null; + // if (mqvPrivKey.getEphemeralPublicKey() != null) + // { + // ephemPubKey = (ECPublicKeyParameters) + // ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); + // } + // + // MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); + // this.parameters = staticPrivKey.getParameters(); + // + // // TODO Validate that all the keys are using the same parameters? + // + // agreement.init(localParams); + // } + // else + // END android-removed { if (!(key instanceof ECPrivateKey)) { @@ -277,39 +297,41 @@ } } - public static class DHC - extends KeyAgreementSpi - { - public DHC() - { - super("ECDHC", new ECDHCBasicAgreement(), null); - } - } - - public static class MQV - extends KeyAgreementSpi - { - public MQV() - { - super("ECMQV", new ECMQVBasicAgreement(), null); - } - } - - public static class DHwithSHA1KDF - extends KeyAgreementSpi - { - public DHwithSHA1KDF() - { - super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); - } - } - - public static class MQVwithSHA1KDF - extends KeyAgreementSpi - { - public MQVwithSHA1KDF() - { - super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); - } - } + // BEGIN android-removed + // public static class DHC + // extends KeyAgreementSpi + // { + // public DHC() + // { + // super("ECDHC", new ECDHCBasicAgreement(), null); + // } + // } + // + // public static class MQV + // extends KeyAgreementSpi + // { + // public MQV() + // { + // super("ECMQV", new ECMQVBasicAgreement(), null); + // } + // } + // + // public static class DHwithSHA1KDF + // extends KeyAgreementSpi + // { + // public DHwithSHA1KDF() + // { + // super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); + // } + // } + // + // public static class MQVwithSHA1KDF + // extends KeyAgreementSpi + // { + // public MQVwithSHA1KDF() + // { + // super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); + // } + // } + // END android-removed } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java 2013-01-23 01:01:51.704745268 +0000 @@ -200,14 +200,16 @@ } } - public static class ECGOST3410 - extends KeyFactorySpi - { - public ECGOST3410() - { - super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); - } - } + // BEGIN android-removed + // public static class ECGOST3410 + // extends KeyFactorySpi + // { + // public ECGOST3410() + // { + // super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); + // } + // } + // END android-removed public static class ECDH extends KeyFactorySpi diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java 2013-01-23 01:01:51.704745268 +0000 @@ -12,7 +12,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// END android-removed import org.bouncycastle.asn1.x9.X962NamedCurves; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.crypto.AsymmetricCipherKeyPair; @@ -55,13 +57,15 @@ static { ecParameters = new Hashtable(); - ecParameters.put(new Integer(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192 - ecParameters.put(new Integer(239), new ECGenParameterSpec("prime239v1")); - ecParameters.put(new Integer(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256 - - ecParameters.put(new Integer(224), new ECGenParameterSpec("P-224")); - ecParameters.put(new Integer(384), new ECGenParameterSpec("P-384")); - ecParameters.put(new Integer(521), new ECGenParameterSpec("P-521")); + // BEGIN android-changed + ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192 + ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1")); + ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256 + + ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224")); + ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384")); + ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521")); + // END android-changed } public EC() @@ -85,8 +89,16 @@ SecureRandom random) { this.strength = strength; + // BEGIN android-added + if (random != null) { + // END android-added this.random = random; - ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(new Integer(strength)); + // BEGIN android-added + } + // END android-added + // BEGIN android-changed + ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integer.valueOf(strength)); + // END android-changed if (ecParams != null) { @@ -110,6 +122,11 @@ SecureRandom random) throws InvalidAlgorithmParameterException { + // BEGIN android-added + if (random == null) { + random = this.random; + } + // END android-added if (params instanceof ECParameterSpec) { ECParameterSpec p = (ECParameterSpec)params; @@ -154,10 +171,12 @@ { ecP = NISTNamedCurves.getByName(curveName); } - if (ecP == null) - { - ecP = TeleTrusTNamedCurves.getByName(curveName); - } + // BEGIN android-removed + // if (ecP == null) + // { + // ecP = TeleTrusTNamedCurves.getByName(curveName); + // } + // END android-removed if (ecP == null) { // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) @@ -173,10 +192,12 @@ { ecP = NISTNamedCurves.getByOID(oid); } - if (ecP == null) - { - ecP = TeleTrusTNamedCurves.getByOID(oid); - } + // BEGIN android-removed + // if (ecP == null) + // { + // ecP = TeleTrusTNamedCurves.getByOID(oid); + // } + // END android-removed if (ecP == null) { throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); @@ -231,7 +252,15 @@ { if (!initialised) { - throw new IllegalStateException("EC Key Pair Generator not initialised"); + // BEGIN android-removed + // throw new IllegalStateException("EC Key Pair Generator not initialised"); + // END android-removed + // BEGIN android-added + /* + * KeyPairGenerator documentation says that a default initialization must be provided + */ + initialize(192, random); + // END android-added } AsymmetricCipherKeyPair pair = engine.generateKeyPair(); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java 2013-01-23 01:01:51.704745268 +0000 @@ -18,15 +18,22 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; +// END android-removed import org.bouncycastle.crypto.params.ParametersWithRandom; import org.bouncycastle.crypto.signers.ECDSASigner; -import org.bouncycastle.crypto.signers.ECNRSigner; +// BEGIN android-removed +// import org.bouncycastle.crypto.signers.ECNRSigner; +// END android-removed import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; import org.bouncycastle.jce.interfaces.ECKey; @@ -108,7 +115,9 @@ { public ecDSA() { - super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder()); + // BEGIN android-changed + super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed } } @@ -121,21 +130,25 @@ } } - static public class ecDSA224 - extends SignatureSpi - { - public ecDSA224() - { - super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } + // BEGIN android-removed + // static public class ecDSA224 + // extends SignatureSpi + // { + // public ecDSA224() + // { + // super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); + // } + // } + // END android-removed static public class ecDSA256 extends SignatureSpi { public ecDSA256() { - super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder()); + // BEGIN android-changed + super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed } } @@ -144,7 +157,9 @@ { public ecDSA384() { - super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder()); + // BEGIN android-changed + super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed } } @@ -153,90 +168,94 @@ { public ecDSA512() { - super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecDSARipeMD160 - extends SignatureSpi - { - public ecDSARipeMD160() - { - super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecNR - extends SignatureSpi - { - public ecNR() - { - super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR224 - extends SignatureSpi - { - public ecNR224() - { - super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR256 - extends SignatureSpi - { - public ecNR256() - { - super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR384 - extends SignatureSpi - { - public ecNR384() - { - super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR512 - extends SignatureSpi - { - public ecNR512() - { - super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecCVCDSA - extends SignatureSpi - { - public ecCVCDSA() - { - super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder()); - } - } - - static public class ecCVCDSA224 - extends SignatureSpi - { - public ecCVCDSA224() - { - super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder()); - } - } - - static public class ecCVCDSA256 - extends SignatureSpi - { - public ecCVCDSA256() - { - super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); - } - } + // BEGIN android-changed + super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder()); + // END android-changed + } + } + + // BEGIN android-removed + // static public class ecDSARipeMD160 + // extends SignatureSpi + // { + // public ecDSARipeMD160() + // { + // super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); + // } + // } + // + // static public class ecNR + // extends SignatureSpi + // { + // public ecNR() + // { + // super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); + // } + // } + // + // static public class ecNR224 + // extends SignatureSpi + // { + // public ecNR224() + // { + // super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); + // } + // } + // + // static public class ecNR256 + // extends SignatureSpi + // { + // public ecNR256() + // { + // super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); + // } + // } + // + // static public class ecNR384 + // extends SignatureSpi + // { + // public ecNR384() + // { + // super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); + // } + // } + // + // static public class ecNR512 + // extends SignatureSpi + // { + // public ecNR512() + // { + // super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); + // } + // } + // + // static public class ecCVCDSA + // extends SignatureSpi + // { + // public ecCVCDSA() + // { + // super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } + // + // static public class ecCVCDSA224 + // extends SignatureSpi + // { + // public ecCVCDSA224() + // { + // super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } + // + // static public class ecCVCDSA256 + // extends SignatureSpi + // { + // public ecCVCDSA256() + // { + // super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder()); + // } + // } + // END android-removed private static class StdDSAEncoder implements DSAEncoder @@ -330,4 +349,4 @@ return sig; } } -} \ No newline at end of file +} diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java 2013-01-23 01:01:51.694745092 +0000 @@ -55,11 +55,15 @@ { AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( DigestFactory.getOID(currentSpec.getDigestAlgorithm()), - new DERNull()); + // BEGIN android-changed + DERNull.INSTANCE); + // END android-changed MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( PKCSObjectIdentifiers.id_mgf1, - new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); + // BEGIN android-changed + new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); + // END android-changed PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); @@ -170,11 +174,15 @@ PSSParameterSpec pssSpec = currentSpec; AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( DigestFactory.getOID(pssSpec.getDigestAlgorithm()), - new DERNull()); + // BEGIN android-changed + DERNull.INSTANCE); + // END android-changed MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( PKCSObjectIdentifiers.id_mgf1, - new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), new DERNull())); + // BEGIN android-changed + new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); + // END android-changed RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new ASN1Integer(pssSpec.getSaltLength()), new ASN1Integer(pssSpec.getTrailerField())); return pssP.getEncoded("DER"); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java 2013-01-23 01:01:51.694745092 +0000 @@ -127,7 +127,9 @@ */ public byte[] getEncoded() { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); + // BEGIN android-changed + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); + // END android-changed } /** diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java 2013-01-23 01:01:51.694745092 +0000 @@ -78,7 +78,9 @@ public byte[] getEncoded() { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); + // BEGIN android-changed + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); + // END android-changed } public boolean equals(Object o) diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java 2013-01-23 01:01:51.694745092 +0000 @@ -89,7 +89,9 @@ public byte[] getEncoded() { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); + // BEGIN android-changed + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); + // END android-changed } public int hashCode() diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java 2013-01-23 01:01:51.684744916 +0000 @@ -26,7 +26,9 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; +// BEGIN android-removed +// import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; +// END android-removed import org.bouncycastle.crypto.encodings.OAEPEncoding; import org.bouncycastle.crypto.encodings.PKCS1Encoding; import org.bouncycastle.crypto.engines.RSABlindedEngine; @@ -197,10 +199,12 @@ { cipher = new PKCS1Encoding(new RSABlindedEngine()); } - else if (pad.equals("ISO9796-1PADDING")) - { - cipher = new ISO9796d1Encoding(new RSABlindedEngine()); - } + // BEGIN android-removed + // else if (pad.equals("ISO9796-1PADDING")) + // { + // cipher = new ISO9796d1Encoding(new RSABlindedEngine()); + // } + // END android-removed else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING")) { initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT)); @@ -213,10 +217,12 @@ { initFromSpec(OAEPParameterSpec.DEFAULT); } - else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); - } + // BEGIN android-removed + // else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING")) + // { + // initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); + // } + // END android-removed else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-256ANDMGF1PADDING")) { initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); @@ -534,48 +540,50 @@ } } - static public class PKCS1v1_5Padding - extends CipherSpi - { - public PKCS1v1_5Padding() - { - super(new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class PKCS1v1_5Padding_PrivateOnly - extends CipherSpi - { - public PKCS1v1_5Padding_PrivateOnly() - { - super(false, true, new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class PKCS1v1_5Padding_PublicOnly - extends CipherSpi - { - public PKCS1v1_5Padding_PublicOnly() - { - super(true, false, new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class OAEPPadding - extends CipherSpi - { - public OAEPPadding() - { - super(OAEPParameterSpec.DEFAULT); - } - } - - static public class ISO9796d1Padding - extends CipherSpi - { - public ISO9796d1Padding() - { - super(new ISO9796d1Encoding(new RSABlindedEngine())); - } - } + // BEGIN android-removed + // static public class PKCS1v1_5Padding + // extends CipherSpi + // { + // public PKCS1v1_5Padding() + // { + // super(new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // + // static public class PKCS1v1_5Padding_PrivateOnly + // extends CipherSpi + // { + // public PKCS1v1_5Padding_PrivateOnly() + // { + // super(false, true, new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // + // static public class PKCS1v1_5Padding_PublicOnly + // extends CipherSpi + // { + // public PKCS1v1_5Padding_PublicOnly() + // { + // super(true, false, new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // + // static public class OAEPPadding + // extends CipherSpi + // { + // public OAEPPadding() + // { + // super(OAEPParameterSpec.DEFAULT); + // } + // } + // + // static public class ISO9796d1Padding + // extends CipherSpi + // { + // public ISO9796d1Padding() + // { + // super(new ISO9796d1Encoding(new RSABlindedEngine())); + // } + // } + // END android-removed } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java 2013-01-23 01:01:51.684744916 +0000 @@ -17,24 +17,31 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.DigestInfo; import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD4Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.RIPEMD128Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.RIPEMD256Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD2Digest; +// import org.bouncycastle.crypto.digests.MD4Digest; +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.NullDigest; +// import org.bouncycastle.crypto.digests.RIPEMD128Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.RIPEMD256Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; +// END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added import org.bouncycastle.crypto.encodings.PKCS1Encoding; import org.bouncycastle.crypto.engines.RSABlindedEngine; @@ -261,25 +268,31 @@ { public SHA1() { - super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } - static public class SHA224 - extends DigestSignatureSpi - { - public SHA224() - { - super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } + // BEGIN android-removed + // static public class SHA224 + // extends DigestSignatureSpi + // { + // public SHA224() + // { + // super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // END android-removed static public class SHA256 extends DigestSignatureSpi { public SHA256() { - super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } @@ -288,7 +301,9 @@ { public SHA384() { - super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } @@ -297,70 +312,78 @@ { public SHA512() { - super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class MD2 - extends DigestSignatureSpi - { - public MD2() - { - super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } - static public class MD4 - extends DigestSignatureSpi - { - public MD4() - { - super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } + // BEGIN android-removed + // static public class MD2 + // extends DigestSignatureSpi + // { + // public MD2() + // { + // super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // + // static public class MD4 + // extends DigestSignatureSpi + // { + // public MD4() + // { + // super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // END android-removed static public class MD5 extends DigestSignatureSpi { public MD5() { - super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // BEGIN android-changed + super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine())); + // END android-changed } } - static public class RIPEMD160 - extends DigestSignatureSpi - { - public RIPEMD160() - { - super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class RIPEMD128 - extends DigestSignatureSpi - { - public RIPEMD128() - { - super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class RIPEMD256 - extends DigestSignatureSpi - { - public RIPEMD256() - { - super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class noneRSA - extends DigestSignatureSpi - { - public noneRSA() - { - super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } + // BEGIN android-removed + // static public class RIPEMD160 + // extends DigestSignatureSpi + // { + // public RIPEMD160() + // { + // super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // + // static public class RIPEMD128 + // extends DigestSignatureSpi + // { + // public RIPEMD128() + // { + // super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // + // static public class RIPEMD256 + // extends DigestSignatureSpi + // { + // public RIPEMD256() + // { + // super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // + // static public class noneRSA + // extends DigestSignatureSpi + // { + // public noneRSA() + // { + // super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); + // } + // } + // END android-removed } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java 2013-01-23 01:01:51.724745620 +0000 @@ -18,8 +18,10 @@ import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; @@ -37,8 +39,10 @@ { IvParameterSpec.class, PBEParameterSpec.class, - RC2ParameterSpec.class, - RC5ParameterSpec.class + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class + // END android-removed }; diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java 2013-01-23 01:01:51.724745620 +0000 @@ -27,7 +27,9 @@ { return generatePrivate(PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded())); } - catch (IOException e) + // BEGIN android-changed + catch (Exception e) + // END android-changed { throw new InvalidKeySpecException("encoded key spec not recognised"); } @@ -48,7 +50,9 @@ { return generatePublic(SubjectPublicKeyInfo.getInstance(((X509EncodedKeySpec)keySpec).getEncoded())); } - catch (IOException e) + // BEGIN android-changed + catch (Exception e) + // END android-changed { throw new InvalidKeySpecException("encoded key spec not recognised"); } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java 2013-01-23 01:01:51.674744740 +0000 @@ -36,7 +36,9 @@ import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemWriter; +// BEGIN android-removed +// import org.bouncycastle.util.io.pem.PemWriter; +// END android-removed /** * CertPath implementation for X.509 certificates. @@ -298,27 +300,29 @@ return toDEREncoded(new ContentInfo( PKCSObjectIdentifiers.signedData, sd)); } - else if (encoding.equalsIgnoreCase("PEM")) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); - - try - { - for (int i = 0; i != certificates.size(); i++) - { - pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); - } - - pWrt.close(); - } - catch (Exception e) - { - throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); - } - - return bOut.toByteArray(); - } + // BEGIN android-removed + // else if (encoding.equalsIgnoreCase("PEM")) + // { + // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + // PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); + // + // try + // { + // for (int i = 0; i != certificates.size(); i++) + // { + // pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); + // } + // + // pWrt.close(); + // } + // catch (Exception e) + // { + // throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); + // } + // + // return bOut.toByteArray(); + // } + // END android-removed else { throw new CertificateEncodingException("unsupported encoding: " + encoding); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/AES.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/AES.java 2013-01-23 01:01:51.744745972 +0000 @@ -1,31 +1,43 @@ package org.bouncycastle.jcajce.provider.symmetric; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; +// BEGIN android-removed +// import java.security.AlgorithmParameters; +// import java.security.InvalidAlgorithmParameterException; +// END android-removed import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; +// BEGIN android-removed +// import java.security.spec.AlgorithmParameterSpec; +// +// import javax.crypto.spec.IvParameterSpec; +// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherKeyGenerator; import org.bouncycastle.crypto.engines.AESFastEngine; import org.bouncycastle.crypto.engines.AESWrapEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -import org.bouncycastle.crypto.macs.CMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// import org.bouncycastle.crypto.macs.CMac; +// END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; +// END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; +// BEGIN android-removed +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// END android-removed public final class AES { @@ -69,15 +81,17 @@ } } - public static class AESCMAC - extends BaseMac - { - public AESCMAC() - { - super(new CMac(new AESFastEngine())); - } - } - + // BEGIN android-removed + // public static class AESCMAC + // extends BaseMac + // { + // public AESCMAC() + // { + // super(new CMac(new AESFastEngine())); + // } + // } + // END android-removed + static public class Wrap extends BaseWrapCipher { @@ -86,15 +100,17 @@ super(new AESWrapEngine()); } } - - public static class RFC3211Wrap - extends BaseWrapCipher - { - public RFC3211Wrap() - { - super(new RFC3211WrapEngine(new AESFastEngine()), 16); - } - } + + // BEGIN android-removed + // public static class RFC3211Wrap + // extends BaseWrapCipher + // { + // public RFC3211Wrap() + // { + // super(new RFC3211WrapEngine(new AESFastEngine()), 16); + // } + // } + // END android-removed public static class KeyGen extends BaseKeyGenerator @@ -110,70 +126,72 @@ } } - public static class KeyGen128 - extends KeyGen - { - public KeyGen128() - { - super(128); - } - } - - public static class KeyGen192 - extends KeyGen - { - public KeyGen192() - { - super(192); - } - } - - public static class KeyGen256 - extends KeyGen - { - public KeyGen256() - { - super(256); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } + // BEGIN android-removed + // public static class KeyGen128 + // extends KeyGen + // { + // public KeyGen128() + // { + // super(128); + // } + // } + // + // public static class KeyGen192 + // extends KeyGen + // { + // public KeyGen192() + // { + // super(192); + // } + // } + // + // public static class KeyGen256 + // extends KeyGen + // { + // public KeyGen256() + // { + // super(256); + // } + // } + // + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // byte[] iv = new byte[16]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // AlgorithmParameters params; + // + // try + // { + // params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // + // return params; + // } + // } + // END android-removed public static class AlgParams extends IvAlgorithmParameters @@ -212,58 +230,66 @@ provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); - provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); + // END android-removed provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); + // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); + // END android-removed provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); - provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); + // END android-removed provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); - - provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); + // BEGIN android-removed + // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); + // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); + // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); + // + // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); + // END android-removed } } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/ARC4.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/ARC4.java 2013-01-23 01:01:51.744745972 +0000 @@ -27,7 +27,9 @@ { public KeyGen() { - super("RC4", 128, new CipherKeyGenerator()); + // BEGIN android-changed + super("ARC4", 128, new CipherKeyGenerator()); + // END android-changed } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java 2013-01-23 01:01:51.744745972 +0000 @@ -64,7 +64,9 @@ { provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); + // END android-removed provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DES.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DES.java 2013-01-23 01:01:51.744745972 +0000 @@ -16,11 +16,15 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.crypto.KeyGenerationParameters; import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// END android-removed import org.bouncycastle.crypto.generators.DESKeyGenerator; import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.macs.CMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.CMac; +// END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; @@ -48,115 +52,117 @@ } } - static public class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new DESEngine()), 64); - } - } - - /** - * DES CFB8 - */ - public static class DESCFB8 - extends BaseMac - { - public DESCFB8() - { - super(new CFBBlockCipherMac(new DESEngine())); - } - } - - /** - * DES64 - */ - public static class DES64 - extends BaseMac - { - public DES64() - { - super(new CBCBlockCipherMac(new DESEngine(), 64)); - } - } - - /** - * DES64with7816-4Padding - */ - public static class DES64with7816d4 - extends BaseMac - { - public DES64with7816d4() - { - super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); - } - } - - public static class CBCMAC - extends BaseMac - { - public CBCMAC() - { - super(new CBCBlockCipherMac(new DESEngine())); - } - } - - static public class CMAC - extends BaseMac - { - public CMAC() - { - super(new CMac(new DESEngine())); - } - } - - public static class RFC3211 - extends BaseWrapCipher - { - public RFC3211() - { - super(new RFC3211WrapEngine(new DESEngine()), 8); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } + // BEGIN android-removed + // static public class CBC + // extends BaseBlockCipher + // { + // public CBC() + // { + // super(new CBCBlockCipher(new DESEngine()), 64); + // } + // } + // + // /** + // * DES CFB8 + // */ + // public static class DESCFB8 + // extends BaseMac + // { + // public DESCFB8() + // { + // super(new CFBBlockCipherMac(new DESEngine())); + // } + // } + // + // /** + // * DES64 + // */ + // public static class DES64 + // extends BaseMac + // { + // public DES64() + // { + // super(new CBCBlockCipherMac(new DESEngine(), 64)); + // } + // } + // + // /** + // * DES64with7816-4Padding + // */ + // public static class DES64with7816d4 + // extends BaseMac + // { + // public DES64with7816d4() + // { + // super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); + // } + // } + // + // public static class CBCMAC + // extends BaseMac + // { + // public CBCMAC() + // { + // super(new CBCBlockCipherMac(new DESEngine())); + // } + // } + // + // static public class CMAC + // extends BaseMac + // { + // public CMAC() + // { + // super(new CMac(new DESEngine())); + // } + // } + // + // public static class RFC3211 + // extends BaseWrapCipher + // { + // public RFC3211() + // { + // super(new RFC3211WrapEngine(new DESEngine()), 8); + // } + // } + // + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // byte[] iv = new byte[8]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // AlgorithmParameters params; + // + // try + // { + // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // + // return params; + // } + // } + // END android-removed /** * DES - the default for this is to generate a key in @@ -263,36 +269,42 @@ { provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); - - addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); - - provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); + // + // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); + // + // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); + // END android-removed provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator"); provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory"); - provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); - provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); - provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); - - provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); - provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); - - provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); - provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); - - provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); - provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // BEGIN android-removed + // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); + // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); + // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); + // + // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); + // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); + // + // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); + // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); + // + // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); + // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); + // END android-removed provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); - provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); + // END android-removed } private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DESede.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DESede.java 2013-01-23 01:01:51.744745972 +0000 @@ -1,30 +1,42 @@ package org.bouncycastle.jcajce.provider.symmetric; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; +// BEGIN android-removed +// import java.security.AlgorithmParameters; +// import java.security.InvalidAlgorithmParameterException; +// END android-removed import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; +// BEGIN android-removed +// import java.security.spec.AlgorithmParameterSpec; +// END android-removed import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.spec.DESedeKeySpec; -import javax.crypto.spec.IvParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.IvParameterSpec; +// END android-removed import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.KeyGenerationParameters; import org.bouncycastle.crypto.engines.DESedeEngine; import org.bouncycastle.crypto.engines.DESedeWrapEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine; +// END android-removed import org.bouncycastle.crypto.generators.DESedeKeyGenerator; import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.macs.CMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.CMac; +// END android-removed import org.bouncycastle.crypto.modes.CBCBlockCipher; import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// BEGIN android-removed +// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; +// END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; @@ -57,17 +69,19 @@ } } - /** - * DESede CFB8 - */ - public static class DESedeCFB8 - extends BaseMac - { - public DESedeCFB8() - { - super(new CFBBlockCipherMac(new DESedeEngine())); - } - } + // BEGIN android-removed + // /** + // * DESede CFB8 + // */ + // public static class DESedeCFB8 + // extends BaseMac + // { + // public DESedeCFB8() + // { + // super(new CFBBlockCipherMac(new DESedeEngine())); + // } + // } + // END android-removed /** * DESede64 @@ -102,15 +116,17 @@ } } - static public class CMAC - extends BaseMac - { - public CMAC() - { - super(new CMac(new DESedeEngine())); - } - } - + // BEGIN android-removed + // static public class CMAC + // extends BaseMac + // { + // public CMAC() + // { + // super(new CMac(new DESedeEngine())); + // } + // } + // END android-removed + public static class Wrap extends BaseWrapCipher { @@ -119,15 +135,17 @@ super(new DESedeWrapEngine()); } } - - public static class RFC3211 - extends BaseWrapCipher - { - public RFC3211() - { - super(new RFC3211WrapEngine(new DESedeEngine()), 8); - } - } + + // BEGIN android-removed + // public static class RFC3211 + // extends BaseWrapCipher + // { + // public RFC3211() + // { + // super(new RFC3211WrapEngine(new DESedeEngine()), 8); + // } + // } + // END android-removed /** * DESede - the default for this is to generate a key in @@ -217,43 +235,45 @@ } } - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } + // BEGIN android-removed + // public static class AlgParamGen + // extends BaseAlgorithmParameterGenerator + // { + // protected void engineInit( + // AlgorithmParameterSpec genParamSpec, + // SecureRandom random) + // throws InvalidAlgorithmParameterException + // { + // throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); + // } + // + // protected AlgorithmParameters engineGenerateParameters() + // { + // byte[] iv = new byte[8]; + // + // if (random == null) + // { + // random = new SecureRandom(); + // } + // + // random.nextBytes(iv); + // + // AlgorithmParameters params; + // + // try + // { + // params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); + // params.init(new IvParameterSpec(iv)); + // } + // catch (Exception e) + // { + // throw new RuntimeException(e.getMessage()); + // } + // + // return params; + // } + // } + // END android-removed static public class KeyFactory extends BaseSecretKeyFactory @@ -337,18 +357,28 @@ public void configure(ConfigurableProvider provider) { provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); + // END android-removed provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap"); - provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap"); - provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); + // BEGIN android-changed + provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP"); + // END android-changed + // BEGIN android-removed + // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); + // END android-removed if (provider.hasAlgorithm("MessageDigest", "SHA-1")) { provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); - provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); - provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); + // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); + // END android-removed provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key"); - provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); + // BEGIN android-removed + // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); + // END android-removed provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); @@ -357,31 +387,37 @@ } provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); - provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); - provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); + // BEGIN android-removed + // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); + // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); + // END android-removed provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory"); - provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); - provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); - - provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); - - provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); - - provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); + // BEGIN android-removed + // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); + // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); + // + // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); + // + // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); + // + // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); + // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); + // END android-removed provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters"); provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); - provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + // BEGIN android-removed + // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); + // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); + // END android-removed } } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java 2013-01-23 01:01:51.744745972 +0000 @@ -7,13 +7,17 @@ import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// END android-removed import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +// BEGIN android-removed +// import org.bouncycastle.asn1.pkcs.RC2CBCParameter; +// END android-removed import org.bouncycastle.util.Arrays; public abstract class BaseAlgorithmParameters @@ -39,177 +43,179 @@ protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException; - public static class RC2AlgorithmParameters - extends BaseAlgorithmParameters - { - private static final short[] table = { - 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - }; - - private static final short[] ekb = { - 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - }; - - private byte[] iv; - private int parameterVersion = 58; - - protected byte[] engineGetEncoded() - { - return Arrays.clone(iv); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - if (parameterVersion == -1) - { - return new RC2CBCParameter(engineGetEncoded()).getEncoded(); - } - else - { - return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); - } - } - - if (format.equals("RAW")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == RC2ParameterSpec.class) - { - if (parameterVersion != -1) - { - if (parameterVersion < 256) - { - return new RC2ParameterSpec(ekb[parameterVersion], iv); - } - else - { - return new RC2ParameterSpec(parameterVersion, iv); - } - } - } - - if (paramSpec == IvParameterSpec.class) - { - return new IvParameterSpec(iv); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec instanceof IvParameterSpec) - { - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } - else if (paramSpec instanceof RC2ParameterSpec) - { - int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - if (effKeyBits != -1) - { - if (effKeyBits < 256) - { - parameterVersion = table[effKeyBits]; - } - else - { - parameterVersion = effKeyBits; - } - } - - this.iv = ((RC2ParameterSpec)paramSpec).getIV(); - } - else - { - throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); - } - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.iv = Arrays.clone(params); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); - - if (p.getRC2ParameterVersion() != null) - { - parameterVersion = p.getRC2ParameterVersion().intValue(); - } - - iv = p.getIV(); - - return; - } - - if (format.equals("RAW")) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "RC2 Parameters"; - } - } + // BEGIN android-removed + // public static class RC2AlgorithmParameters + // extends BaseAlgorithmParameters + // { + // private static final short[] table = { + // 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + // 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + // 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + // 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + // 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + // 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + // 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + // 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + // 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + // 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + // 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + // 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + // 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + // 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + // 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + // 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab + // }; + // + // private static final short[] ekb = { + // 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, + // 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, + // 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, + // 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, + // 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, + // 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, + // 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, + // 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, + // 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, + // 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, + // 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, + // 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, + // 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, + // 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, + // 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, + // 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd + // }; + // + // private byte[] iv; + // private int parameterVersion = 58; + // + // protected byte[] engineGetEncoded() + // { + // return Arrays.clone(iv); + // } + // + // protected byte[] engineGetEncoded( + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // if (parameterVersion == -1) + // { + // return new RC2CBCParameter(engineGetEncoded()).getEncoded(); + // } + // else + // { + // return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); + // } + // } + // + // if (format.equals("RAW")) + // { + // return engineGetEncoded(); + // } + // + // return null; + // } + // + // protected AlgorithmParameterSpec localEngineGetParameterSpec( + // Class paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec == RC2ParameterSpec.class) + // { + // if (parameterVersion != -1) + // { + // if (parameterVersion < 256) + // { + // return new RC2ParameterSpec(ekb[parameterVersion], iv); + // } + // else + // { + // return new RC2ParameterSpec(parameterVersion, iv); + // } + // } + // } + // + // if (paramSpec == IvParameterSpec.class) + // { + // return new IvParameterSpec(iv); + // } + // + // throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); + // } + // + // protected void engineInit( + // AlgorithmParameterSpec paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec instanceof IvParameterSpec) + // { + // this.iv = ((IvParameterSpec)paramSpec).getIV(); + // } + // else if (paramSpec instanceof RC2ParameterSpec) + // { + // int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); + // if (effKeyBits != -1) + // { + // if (effKeyBits < 256) + // { + // parameterVersion = table[effKeyBits]; + // } + // else + // { + // parameterVersion = effKeyBits; + // } + // } + // + // this.iv = ((RC2ParameterSpec)paramSpec).getIV(); + // } + // else + // { + // throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); + // } + // } + // + // protected void engineInit( + // byte[] params) + // throws IOException + // { + // this.iv = Arrays.clone(params); + // } + // + // protected void engineInit( + // byte[] params, + // String format) + // throws IOException + // { + // if (this.isASN1FormatString(format)) + // { + // RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); + // + // if (p.getRC2ParameterVersion() != null) + // { + // parameterVersion = p.getRC2ParameterVersion().intValue(); + // } + // + // iv = p.getIV(); + // + // return; + // } + // + // if (format.equals("RAW")) + // { + // engineInit(params); + // return; + // } + // + // throw new IOException("Unknown parameters format in IV parameters object"); + // } + // + // protected String engineToString() + // { + // return "RC2 Parameters"; + // } + // } + // END android-removed public static class PBKDF2 extends BaseAlgorithmParameters diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java 2013-01-23 01:01:51.754746148 +0000 @@ -17,8 +17,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed import org.bouncycastle.crypto.BufferedBlockCipher; import org.bouncycastle.crypto.CipherParameters; @@ -29,12 +31,18 @@ import org.bouncycastle.crypto.modes.CCMBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.CTSBlockCipher; -import org.bouncycastle.crypto.modes.EAXBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.EAXBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; +// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.SICBlockCipher; import org.bouncycastle.crypto.paddings.BlockCipherPadding; import org.bouncycastle.crypto.paddings.ISO10126d2Padding; @@ -46,11 +54,17 @@ import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.ParametersWithSBox; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.ParametersWithSBox; +// END android-removed import org.bouncycastle.crypto.params.RC2Parameters; -import org.bouncycastle.crypto.params.RC5Parameters; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.RC5Parameters; +// END android-removed import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +// BEGIN android-removed +// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +// END android-removed import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; import org.bouncycastle.util.Strings; @@ -63,11 +77,15 @@ // private Class[] availableSpecs = { - RC2ParameterSpec.class, - RC5ParameterSpec.class, + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class, + // END android-removed IvParameterSpec.class, PBEParameterSpec.class, - GOST28147ParameterSpec.class + // BEGIN android-removed + // GOST28147ParameterSpec.class + // END android-removed }; private org.bouncycastle.crypto.BlockCipher baseEngine; @@ -222,20 +240,22 @@ new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); } } - else if (modeName.startsWith("PGP")) - { - boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); - - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher( - new PGPCFBBlockCipher(baseEngine, inlineIV)); - } - else if (modeName.equalsIgnoreCase("OpenPGPCFB")) - { - ivLength = 0; - cipher = new BufferedGenericBlockCipher( - new OpenPGPCFBBlockCipher(baseEngine)); - } + // BEGIN android-removed + // else if (modeName.startsWith("PGP")) + // { + // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); + + // ivLength = baseEngine.getBlockSize(); + // cipher = new BufferedGenericBlockCipher( + // new PGPCFBBlockCipher(baseEngine, inlineIV)); + // } + // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) + // { + // ivLength = 0; + // cipher = new BufferedGenericBlockCipher( + // new OpenPGPCFBBlockCipher(baseEngine)); + // } + // END android-removed else if (modeName.startsWith("SIC")) { ivLength = baseEngine.getBlockSize(); @@ -252,12 +272,14 @@ cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( new SICBlockCipher(baseEngine))); } - else if (modeName.startsWith("GOFB")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new GOFBBlockCipher(baseEngine))); - } + // BEGIN android-removed + // else if (modeName.startsWith("GOFB")) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + // new GOFBBlockCipher(baseEngine))); + // } + // END android-removed else if (modeName.startsWith("CTS")) { ivLength = baseEngine.getBlockSize(); @@ -268,11 +290,13 @@ ivLength = baseEngine.getBlockSize(); cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); } - else if (modeName.startsWith("EAX")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); - } + // BEGIN android-removed + // else if (modeName.startsWith("EAX")) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); + // } + // END android-removed else if (modeName.startsWith("GCM")) { ivLength = baseEngine.getBlockSize(); @@ -441,63 +465,65 @@ param = new KeyParameter(key.getEncoded()); } } - else if (params instanceof GOST28147ParameterSpec) - { - GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - - param = new ParametersWithSBox( - new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); - - if (gost28147Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, gost28147Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - - param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - - if (rc2Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, rc2Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC5ParameterSpec) - { - RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - - param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - if (baseEngine.getAlgorithmName().startsWith("RC5")) - { - if (baseEngine.getAlgorithmName().equals("RC5-32")) - { - if (rc5Param.getWordSize() != 32) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); - } - } - else if (baseEngine.getAlgorithmName().equals("RC5-64")) - { - if (rc5Param.getWordSize() != 64) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); - } - } - } - else - { - throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); - } - if ((rc5Param.getIV() != null) && (ivLength != 0)) - { - param = new ParametersWithIV(param, rc5Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } + // BEGIN android-removed + // else if (params instanceof GOST28147ParameterSpec) + // { + // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; + // + // param = new ParametersWithSBox( + // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); + // + // if (gost28147Param.getIV() != null && ivLength != 0) + // { + // param = new ParametersWithIV(param, gost28147Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // else if (params instanceof RC2ParameterSpec) + // { + // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; + // + // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); + // + // if (rc2Param.getIV() != null && ivLength != 0) + // { + // param = new ParametersWithIV(param, rc2Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // else if (params instanceof RC5ParameterSpec) + // { + // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; + // + // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); + // if (baseEngine.getAlgorithmName().startsWith("RC5")) + // { + // if (baseEngine.getAlgorithmName().equals("RC5-32")) + // { + // if (rc5Param.getWordSize() != 32) + // { + // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); + // } + // } + // else if (baseEngine.getAlgorithmName().equals("RC5-64")) + // { + // if (rc5Param.getWordSize() != 64) + // { + // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); + // } + // } + // } + // else + // { + // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); + // } + // if ((rc5Param.getIV() != null) && (ivLength != 0)) + // { + // param = new ParametersWithIV(param, rc5Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // END android-removed else { throw new InvalidAlgorithmParameterException("unknown parameter type."); @@ -701,10 +727,20 @@ int inputLen, byte[] output, int outputOffset) - throws IllegalBlockSizeException, BadPaddingException + throws IllegalBlockSizeException, BadPaddingException, ShortBufferException { + // BEGIN android-note + // added ShortBufferException to the throws statement + // END android-note int len = 0; + // BEGIN android-added + int outputLen = cipher.getOutputSize(inputLen); + + if (outputLen + outputOffset > output.length) { + throw new ShortBufferException("need at least " + outputLen + " bytes"); + } + // BEGIN android-added if (inputLen != 0) { len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java 2013-01-23 01:01:51.744745972 +0000 @@ -56,6 +56,11 @@ { try { + // BEGIN android-added + if (random == null) { + random = new SecureRandom(); + } + // END android-added engine.init(new KeyGenerationParameters(random, keySize)); uninitialised = false; } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java 2013-01-23 01:01:51.744745972 +0000 @@ -11,25 +11,34 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD4Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.RIPEMD128Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.digests.TigerDigest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD2Digest; +// import org.bouncycastle.crypto.digests.MD4Digest; +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.RIPEMD128Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; +// import org.bouncycastle.crypto.digests.TigerDigest; +// END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added import org.bouncycastle.crypto.engines.DESEngine; import org.bouncycastle.crypto.engines.RC2Engine; import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.macs.GOST28147Mac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// import org.bouncycastle.crypto.macs.GOST28147Mac; +// END android-removed import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -import org.bouncycastle.crypto.macs.OldHMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -179,91 +188,93 @@ } } - /** - * GOST28147 - */ - public static class GOST28147 - extends BaseMac - { - public GOST28147() - { - super(new GOST28147Mac()); - } - } - - - - /** - * DES - */ - public static class DESCFB8 - extends BaseMac - { - public DESCFB8() - { - super(new CFBBlockCipherMac(new DESEngine())); - } - } - - /** - * RC2CFB8 - */ - public static class RC2CFB8 - extends BaseMac - { - public RC2CFB8() - { - super(new CFBBlockCipherMac(new RC2Engine())); - } - } - - /** - * DES9797Alg3with7816-4Padding - */ - public static class DES9797Alg3with7816d4 - extends BaseMac - { - public DES9797Alg3with7816d4() - { - super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - } - } - - /** - * DES9797Alg3 - */ - public static class DES9797Alg3 - extends BaseMac - { - public DES9797Alg3() - { - super(new ISO9797Alg3Mac(new DESEngine())); - } - } - - /** - * MD2 HMac - */ - public static class MD2 - extends BaseMac - { - public MD2() - { - super(new HMac(new MD2Digest())); - } - } - - /** - * MD4 HMac - */ - public static class MD4 - extends BaseMac - { - public MD4() - { - super(new HMac(new MD4Digest())); - } - } + // BEGIN android-removed + // /** + // * GOST28147 + // */ + // public static class GOST28147 + // extends BaseMac + // { + // public GOST28147() + // { + // super(new GOST28147Mac()); + // } + // } + // + // + // + // /** + // * DES + // */ + // public static class DESCFB8 + // extends BaseMac + // { + // public DESCFB8() + // { + // super(new CFBBlockCipherMac(new DESEngine())); + // } + // } + // + // /** + // * RC2CFB8 + // */ + // public static class RC2CFB8 + // extends BaseMac + // { + // public RC2CFB8() + // { + // super(new CFBBlockCipherMac(new RC2Engine())); + // } + // } + // + // /** + // * DES9797Alg3with7816-4Padding + // */ + // public static class DES9797Alg3with7816d4 + // extends BaseMac + // { + // public DES9797Alg3with7816d4() + // { + // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); + // } + // } + // + // /** + // * DES9797Alg3 + // */ + // public static class DES9797Alg3 + // extends BaseMac + // { + // public DES9797Alg3() + // { + // super(new ISO9797Alg3Mac(new DESEngine())); + // } + // } + // + // /** + // * MD2 HMac + // */ + // public static class MD2 + // extends BaseMac + // { + // public MD2() + // { + // super(new HMac(new MD2Digest())); + // } + // } + // + // /** + // * MD4 HMac + // */ + // public static class MD4 + // extends BaseMac + // { + // public MD4() + // { + // super(new HMac(new MD4Digest())); + // } + // } + // END android-removed /** * MD5 HMac @@ -273,7 +284,9 @@ { public MD5() { - super(new HMac(new MD5Digest())); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getMD5())); + // END android-changed } } @@ -285,21 +298,25 @@ { public SHA1() { - super(new HMac(new SHA1Digest())); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getSHA1())); + // END android-changed } } - /** - * SHA-224 HMac - */ - public static class SHA224 - extends BaseMac - { - public SHA224() - { - super(new HMac(new SHA224Digest())); - } - } + // BEGIN android-removed + // /** + // * SHA-224 HMac + // */ + // public static class SHA224 + // extends BaseMac + // { + // public SHA224() + // { + // super(new HMac(new SHA224Digest())); + // } + // } + // END android-removed /** * SHA-256 HMac @@ -309,7 +326,7 @@ { public SHA256() { - super(new HMac(new SHA256Digest())); + super(new HMac(AndroidDigestFactory.getSHA256())); } } @@ -321,18 +338,20 @@ { public SHA384() { - super(new HMac(new SHA384Digest())); + super(new HMac(AndroidDigestFactory.getSHA384())); } } - public static class OldSHA384 - extends BaseMac - { - public OldSHA384() - { - super(new OldHMac(new SHA384Digest())); - } - } + // BEGIN android-removed + // public static class OldSHA384 + // extends BaseMac + // { + // public OldSHA384() + // { + // super(new OldHMac(new SHA384Digest())); + // } + // } + // END android-removed /** * SHA-512 HMac @@ -342,75 +361,77 @@ { public SHA512() { - super(new HMac(new SHA512Digest())); - } - } - - /** - * SHA-512 HMac - */ - public static class OldSHA512 - extends BaseMac - { - public OldSHA512() - { - super(new OldHMac(new SHA512Digest())); - } - } - - /** - * RIPEMD128 HMac - */ - public static class RIPEMD128 - extends BaseMac - { - public RIPEMD128() - { - super(new HMac(new RIPEMD128Digest())); - } - } - - /** - * RIPEMD160 HMac - */ - public static class RIPEMD160 - extends BaseMac - { - public RIPEMD160() - { - super(new HMac(new RIPEMD160Digest())); - } - } - - /** - * Tiger HMac - */ - public static class Tiger - extends BaseMac - { - public Tiger() - { - super(new HMac(new TigerDigest())); + super(new HMac(AndroidDigestFactory.getSHA512())); } } + // BEGIN android-removed + // /** + // * SHA-512 HMac + // */ + // public static class OldSHA512 + // extends BaseMac + // { + // public OldSHA512() + // { + // super(new OldHMac(new SHA512Digest())); + // } + // } + // + // /** + // * RIPEMD128 HMac + // */ + // public static class RIPEMD128 + // extends BaseMac + // { + // public RIPEMD128() + // { + // super(new HMac(new RIPEMD128Digest())); + // } + // } // - // PKCS12 states that the same algorithm should be used - // for the key generation as is used in the HMAC, so that - // is what we do here. + // /** + // * RIPEMD160 HMac + // */ + // public static class RIPEMD160 + // extends BaseMac + // { + // public RIPEMD160() + // { + // super(new HMac(new RIPEMD160Digest())); + // } + // } // - - /** - * PBEWithHmacRIPEMD160 - */ - public static class PBEWithRIPEMD160 - extends BaseMac - { - public PBEWithRIPEMD160() - { - super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - } - } + // /** + // * Tiger HMac + // */ + // public static class Tiger + // extends BaseMac + // { + // public Tiger() + // { + // super(new HMac(new TigerDigest())); + // } + // } + // + // // + // // PKCS12 states that the same algorithm should be used + // // for the key generation as is used in the HMAC, so that + // // is what we do here. + // // + // + // /** + // * PBEWithHmacRIPEMD160 + // */ + // public static class PBEWithRIPEMD160 + // extends BaseMac + // { + // public PBEWithRIPEMD160() + // { + // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); + // } + // } + // END android-removed /** * PBEWithHmacSHA @@ -420,19 +441,23 @@ { public PBEWithSHA() { - super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); + // END android-changed } } - /** - * PBEWithHmacTiger - */ - public static class PBEWithTiger - extends BaseMac - { - public PBEWithTiger() - { - super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - } - } + // BEGIN android-removed + // /** + // * PBEWithHmacTiger + // */ + // public static class PBEWithTiger + // extends BaseMac + // { + // public PBEWithTiger() + // { + // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); + // } + // } + // END android-removed } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java 2013-01-23 01:01:51.744745972 +0000 @@ -13,8 +13,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; @@ -34,8 +36,10 @@ // private Class[] availableSpecs = { - RC2ParameterSpec.class, - RC5ParameterSpec.class, + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class, + // END android-removed IvParameterSpec.class, PBEParameterSpec.class }; diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java 2013-01-23 01:01:51.744745972 +0000 @@ -22,8 +22,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; @@ -45,8 +47,10 @@ { IvParameterSpec.class, PBEParameterSpec.class, - RC2ParameterSpec.class, - RC5ParameterSpec.class + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class + // END android-removed }; protected int pbeType = PKCS12; @@ -258,16 +262,19 @@ return null; } + // BEGIN android-changed + // added ShortBufferException to throws statement protected int engineDoFinal( byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) - throws IllegalBlockSizeException, BadPaddingException + throws IllegalBlockSizeException, BadPaddingException, ShortBufferException { return 0; } + // END android-changed protected byte[] engineWrap( Key key) @@ -300,7 +307,12 @@ byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) - throws InvalidKeyException + // BEGIN android-removed + // throws InvalidKeyException + // END android-removed + // BEGIN android-added + throws InvalidKeyException, NoSuchAlgorithmException + // END android-added { byte[] encoded; try @@ -376,10 +388,12 @@ { throw new InvalidKeyException("Unknown key type " + e.getMessage()); } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } + // BEGIN android-removed + // catch (NoSuchAlgorithmException e) + // { + // throw new InvalidKeyException("Unknown key type " + e.getMessage()); + // } + // END android-removed catch (InvalidKeySpecException e2) { throw new InvalidKeyException("Unknown key type " + e2.getMessage()); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java 2013-01-23 01:01:51.744745972 +0000 @@ -7,12 +7,17 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.TigerDigest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD2Digest; +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.TigerDigest; +// END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; @@ -28,10 +33,14 @@ // static final int MD5 = 0; static final int SHA1 = 1; - static final int RIPEMD160 = 2; - static final int TIGER = 3; + // BEGIN android-removed + // static final int RIPEMD160 = 2; + // static final int TIGER = 3; + // END android-removed static final int SHA256 = 4; - static final int MD2 = 5; + // BEGIN android-removed + // static final int MD2 = 5; + // END android-removed static final int PKCS5S1 = 0; static final int PKCS5S2 = 1; @@ -53,14 +62,20 @@ { switch (hash) { - case MD2: - generator = new PKCS5S1ParametersGenerator(new MD2Digest()); - break; + // BEGIN android-removed + // case MD2: + // generator = new PKCS5S1ParametersGenerator(new MD2Digest()); + // break; + // END android-removed case MD5: - generator = new PKCS5S1ParametersGenerator(new MD5Digest()); + // BEGIN android-changed + generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5()); + // END android-changed break; case SHA1: - generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); + // BEGIN android-changed + generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1()); + // END android-changed break; default: throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); @@ -74,23 +89,33 @@ { switch (hash) { - case MD2: - generator = new PKCS12ParametersGenerator(new MD2Digest()); - break; + // BEGIN android-removed + // case MD2: + // generator = new PKCS12ParametersGenerator(new MD2Digest()); + // break; + // END android-removed case MD5: - generator = new PKCS12ParametersGenerator(new MD5Digest()); + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5()); + // END android-changed break; case SHA1: - generator = new PKCS12ParametersGenerator(new SHA1Digest()); - break; - case RIPEMD160: - generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); - break; - case TIGER: - generator = new PKCS12ParametersGenerator(new TigerDigest()); - break; + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); + // END android-changed + break; + // BEGIN android-removed + // case RIPEMD160: + // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); + // break; + // case TIGER: + // generator = new PKCS12ParametersGenerator(new TigerDigest()); + // break; + // END android-removed case SHA256: - generator = new PKCS12ParametersGenerator(new SHA256Digest()); + // BEGIN android-changed + generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256()); + // END android-changed break; default: throw new IllegalStateException("unknown digest scheme for PBE encryption."); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/util/DigestFactory.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/util/DigestFactory.java 2013-01-23 01:01:51.754746148 +0000 @@ -10,19 +10,26 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; +// END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added import org.bouncycastle.util.Strings; public class DigestFactory { private static Set md5 = new HashSet(); private static Set sha1 = new HashSet(); - private static Set sha224 = new HashSet(); + // BEGIN android-removed + // private static Set sha224 = new HashSet(); + // END android-removed private static Set sha256 = new HashSet(); private static Set sha384 = new HashSet(); private static Set sha512 = new HashSet(); @@ -38,9 +45,11 @@ sha1.add("SHA-1"); sha1.add(OIWObjectIdentifiers.idSHA1.getId()); - sha224.add("SHA224"); - sha224.add("SHA-224"); - sha224.add(NISTObjectIdentifiers.id_sha224.getId()); + // BEGIN android-removed + // sha224.add("SHA224"); + // sha224.add("SHA-224"); + // sha224.add(NISTObjectIdentifiers.id_sha224.getId()); + // END android-removed sha256.add("SHA256"); sha256.add("SHA-256"); @@ -61,9 +70,11 @@ oids.put("SHA-1", OIWObjectIdentifiers.idSHA1); oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1); - oids.put("SHA224", NISTObjectIdentifiers.id_sha224); - oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); - oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); + // BEGIN android-removed + // oids.put("SHA224", NISTObjectIdentifiers.id_sha224); + // oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); + // oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); + // END android-removed oids.put("SHA256", NISTObjectIdentifiers.id_sha256); oids.put("SHA-256", NISTObjectIdentifiers.id_sha256); @@ -85,27 +96,39 @@ if (sha1.contains(digestName)) { - return new SHA1Digest(); + // BEGIN android-changed + return AndroidDigestFactory.getSHA1(); + // END android-changed } if (md5.contains(digestName)) { - return new MD5Digest(); - } - if (sha224.contains(digestName)) - { - return new SHA224Digest(); - } + // BEGIN android-changed + return AndroidDigestFactory.getMD5(); + // END android-changed + } + // BEGIN android-removed + // if (sha224.contains(digestName)) + // { + // return new SHA224Digest(); + // } + // END android-removed if (sha256.contains(digestName)) { - return new SHA256Digest(); + // BEGIN android-changed + return AndroidDigestFactory.getSHA256(); + // END android-changed } if (sha384.contains(digestName)) { - return new SHA384Digest(); + // BEGIN android-changed + return AndroidDigestFactory.getSHA384(); + // END android-changed } if (sha512.contains(digestName)) { - return new SHA512Digest(); + // BEGIN android-changed + return AndroidDigestFactory.getSHA512(); + // END android-changed } return null; @@ -116,7 +139,9 @@ String digest2) { return (sha1.contains(digest1) && sha1.contains(digest2)) - || (sha224.contains(digest1) && sha224.contains(digest2)) + // BEGIN android-removed + // || (sha224.contains(digest1) && sha224.contains(digest2)) + // END android-removed || (sha256.contains(digest1) && sha256.contains(digest2)) || (sha384.contains(digest1) && sha384.contains(digest2)) || (sha512.contains(digest1) && sha512.contains(digest2)) diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk15on-147/org/bouncycastle/jce/ECNamedCurveTable.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/ECNamedCurveTable.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/ECNamedCurveTable.java 2013-01-23 01:01:51.944749492 +0000 @@ -6,7 +6,9 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; +// END android-removed import org.bouncycastle.asn1.x9.X962NamedCurves; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; @@ -55,21 +57,23 @@ } } - if (ecP == null) - { - ecP = TeleTrusTNamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - } + // BEGIN android-removed + // if (ecP == null) + // { + // ecP = TeleTrusTNamedCurves.getByName(name); + // if (ecP == null) + // { + // try + // { + // ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); + // } + // catch (IllegalArgumentException e) + // { + // // ignore - not an oid + // } + // } + // } + // END android-removed if (ecP == null) { @@ -102,7 +106,9 @@ addEnumeration(v, X962NamedCurves.getNames()); addEnumeration(v, SECNamedCurves.getNames()); addEnumeration(v, NISTNamedCurves.getNames()); - addEnumeration(v, TeleTrusTNamedCurves.getNames()); + // BEGIN android-removed + // addEnumeration(v, TeleTrusTNamedCurves.getNames()); + // END android-removed return v.elements(); } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-147/org/bouncycastle/jce/PKCS10CertificationRequest.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/PKCS10CertificationRequest.java 2013-01-23 01:01:51.984750196 +0000 @@ -30,14 +30,18 @@ import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.CertificationRequest; import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Name; @@ -81,15 +85,20 @@ static { - algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); + // BEGIN android-removed + // Dropping MD2 + // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); + // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); + // END android-removed algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4")); algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // BEGIN android-removed + // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // END android-removed algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); @@ -97,57 +106,78 @@ algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); + // BEGIN android-removed + // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); + // END android-removed algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // BEGIN android-removed + // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); + // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); + // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); + // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); + // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // END android-removed algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); + // BEGIN android-removed + // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); + // END android-removed algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); + // BEGIN android-removed + // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); + // END android-removed algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // BEGIN android-removed + // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); + // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); + // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // END android-removed // // reverse mappings // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); + // BEGIN android-removed + // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); + // END android-removed oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); + // BEGIN android-removed + // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); + // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); + // END android-removed oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); - oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); + // BEGIN android-removed + // Dropping MD2 + // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); + // END android-removed oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); + // BEGIN android-removed + // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); + // END android-removed oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); + // BEGIN android-removed + // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); + // END android-removed oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); // @@ -161,35 +191,53 @@ // The parameters field SHALL be NULL for RSA based signature algorithms. // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); + // BEGIN android-removed + // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); + // END android-removed noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); + // BEGIN android-removed + // noParams.add(NISTObjectIdentifiers.dsa_with_sha224); + // END android-removed noParams.add(NISTObjectIdentifiers.dsa_with_sha256); // // RFC 4491 // - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // BEGIN android-removed + // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); + // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // END android-removed // // explicit params // - AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); + // BEGIN android-changed + AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); + // END android-changed params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); - AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull()); - params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); - - AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull()); + // BEGIN android-removed + // // BEGIN android-changed + // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); + // // END android-changed + // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); + // END android-removed + + // BEGIN android-changed + AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); + // END android-changed params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); - AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull()); + // BEGIN android-changed + AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); + // END android-changed params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); - AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull()); + // BEGIN android-changed + AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); + // END android-changed params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); } @@ -595,10 +643,12 @@ { return "SHA1"; } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } + // BEGIN android-removed + // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) + // { + // return "SHA224"; + // } + // END android-removed else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) { return "SHA256"; @@ -611,22 +661,24 @@ { return "SHA512"; } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } + // BEGIN android-removed + // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) + // { + // return "RIPEMD128"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) + // { + // return "RIPEMD160"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) + // { + // return "RIPEMD256"; + // } + // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) + // { + // return "GOST3411"; + // } + // END android-removed else { return digestAlgOID.getId(); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/BouncyCastleProvider.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2013-01-23 01:01:51.964749844 +0000 @@ -48,7 +48,10 @@ { private static String info = "BouncyCastle Security Provider v1.47"; - public static String PROVIDER_NAME = "BC"; + // BEGIN android-changed + // this constant should be final + public static final String PROVIDER_NAME = "BC"; + // END android-changed public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); @@ -61,8 +64,13 @@ private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; private static final String[] SYMMETRIC_CIPHERS = { - "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", - "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // BEGIN android-removed + // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", + // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA" + // END android-removed + // BEGIN android-added + "AES", "ARC4", "Blowfish", "DES", "DESede", + // END android-added }; /* @@ -79,7 +87,12 @@ private static final String[] ASYMMETRIC_CIPHERS = { - "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal" + // BEGIN android-removed + // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal" + // END android-removed + // BEGIN android-added + "DSA", "DH", "EC", "RSA", + // END android-added }; /* @@ -88,7 +101,12 @@ private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; private static final String[] DIGESTS = { - "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "Tiger", "Whirlpool" + // BEGIN android-removed + // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "Tiger", "Whirlpool" + // END android-removed + // BEGIN android-added + "MD5", "SHA1", "SHA256", "SHA384", "SHA512", + // END android-added }; /** @@ -120,26 +138,28 @@ loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS); - // - // X509Store - // - put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); - put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); - put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); - put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); - - put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); - put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); - put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); - put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); - - // - // X509StreamParser - // - put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); - put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); - put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); - put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); + // BEGIN android-removed + // // + // // X509Store + // // + // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); + // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); + // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); + // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); + // + // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); + // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); + // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); + // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); + // + // // + // // X509StreamParser + // // + // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); + // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); + // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); + // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); + // END android-removed // @@ -148,14 +168,24 @@ put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - put("KeyStore.BCPKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - - put("KeyStore.PKCS12-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); - - put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); + // BEGIN android-changed + put("Alg.Alias.KeyStore.BCPKCS12", "PKCS12"); + // END android-changed + // BEGIN android-removed + // put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); + // END android-removed + + // BEGIN android-changed + put("Alg.Alias.KeyStore.PKCS12-3DES-40RC2", "PKCS12"); + // END android-changed + // BEGIN android-removed + // put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES"); + // END android-removed + + // BEGIN android-removed + // put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); + // put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES"); + // END android-removed put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); @@ -164,29 +194,41 @@ // // algorithm parameters // - put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); + // BEGIN android-removed + // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); + // END android-removed put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); + // BEGIN android-removed + // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2"); + // END android-removed put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); + // BEGIN android-removed + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); + // END android-removed put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); + // BEGIN android-removed + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); + // END android-removed put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); + // BEGIN android-removed + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); + // END android-removed put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + // BEGIN android-removed + // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); + // END android-removed put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); @@ -217,12 +259,14 @@ put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); - - put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); + + // BEGIN android-removed + // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); + // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); + // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); + // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); + // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); + // END android-removed // // key agreement @@ -235,16 +279,22 @@ put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); - put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); - put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); - put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); + // BEGIN android-removed + // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); + // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); + // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); + // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); + // END android-removed put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); - put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); + // BEGIN android-removed + // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); + // END android-removed put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); - put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); + // BEGIN android-removed + // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); + // END android-removed put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); @@ -286,10 +336,12 @@ put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); - put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); - - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // BEGIN android-removed + // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); + // + // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); @@ -326,16 +378,20 @@ // // secret key factories. // - put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); - - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // BEGIN android-removed + // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES"); + // + // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); + // BEGIN android-removed + // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2"); + // END android-removed put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); @@ -347,31 +403,39 @@ put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); - put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); + // BEGIN android-removed + // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); + // END android-removed put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); - put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); + // BEGIN android-removed + // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); + // END android-removed put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL"); - put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); - - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); - put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); - - put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); - put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); + // BEGIN android-removed + // put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); + // + // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); + // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); + // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); + // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); + // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); + // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); + // + // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); + // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); + // END android-removed put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // BEGIN android-removed + // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); + // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); + // END android-removed put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); @@ -408,20 +472,31 @@ put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); + // BEGIN android-added + + put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); + // END android-added addMacAlgorithms(); // Certification Path API - put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); - put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); - put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); - put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); + // BEGIN android-removed + // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); + // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); + // END android-removed + // BEGIN android-changed + // Use Alg.Alias so RFC3280 doesn't show up when iterating provider services, only PKIX + put("Alg.Alias.CertPathValidator.RFC3280", "PKIX"); + put("Alg.Alias.CertPathBuilder.RFC3280", "PKIX"); + // END android-changed put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); - put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); - put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); - put("Alg.Alias.CertStore.X509LDAP", "LDAP"); + // BEGIN android-removed + // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); + // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); + // put("Alg.Alias.CertStore.X509LDAP", "LDAP"); + // END android-removed } private void loadAlgorithms(String packageName, String[] names) @@ -469,21 +544,25 @@ private void addMacAlgorithms() { - put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); - - put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); - put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); - put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); - - put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); - - put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); + // BEGIN android-removed + // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); + // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); + // + // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); + // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); + // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4"); + // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); + // + // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); + // + // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); + // END android-removed put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); + // BEGIN android-removed + // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); + // END android-removed put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertBlacklist.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertBlacklist.java 2013-01-23 01:01:51.974750020 +0000 @@ -0,0 +1,224 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.bouncycastle.jce.provider; + +import java.io.Closeable; +import java.io.ByteArrayOutputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.RandomAccessFile; +import java.math.BigInteger; +import java.security.PublicKey; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +import java.util.logging.Level; +import java.util.logging.Logger; +import org.bouncycastle.crypto.Digest; +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +import org.bouncycastle.util.encoders.Hex; + +public class CertBlacklist { + + private static final String ANDROID_DATA = System.getenv("ANDROID_DATA"); + private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/"; + public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt"; + public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt"; + + private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); + + // public for testing + public final Set<BigInteger> serialBlacklist; + public final Set<byte[]> pubkeyBlacklist; + + public CertBlacklist() { + this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH); + } + + /** Test only interface, not for public use */ + public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { + serialBlacklist = readSerialBlackList(serialBlacklistPath); + pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); + } + + private static boolean isHex(String value) { + try { + new BigInteger(value, 16); + return true; + } catch (NumberFormatException e) { + logger.log(Level.WARNING, "Could not parse hex value " + value, e); + return false; + } + } + + private static boolean isPubkeyHash(String value) { + if (value.length() != 40) { + logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length()); + return false; + } + return isHex(value); + } + + private static String readBlacklist(String path) { + try { + return readFileAsString(path); + } catch (FileNotFoundException ignored) { + } catch (IOException e) { + logger.log(Level.WARNING, "Could not read blacklist", e); + } + return ""; + } + + // From IoUtils.readFileAsString + private static String readFileAsString(String path) throws IOException { + return readFileAsBytes(path).toString("UTF-8"); + } + + // Based on IoUtils.readFileAsBytes + private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException { + RandomAccessFile f = null; + try { + f = new RandomAccessFile(path, "r"); + ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length()); + byte[] buffer = new byte[8192]; + while (true) { + int byteCount = f.read(buffer); + if (byteCount == -1) { + return bytes; + } + bytes.write(buffer, 0, byteCount); + } + } finally { + closeQuietly(f); + } + } + + // Base on IoUtils.closeQuietly + private static void closeQuietly(Closeable closeable) { + if (closeable != null) { + try { + closeable.close(); + } catch (RuntimeException rethrown) { + throw rethrown; + } catch (Exception ignored) { + } + } + } + + private static final Set<BigInteger> readSerialBlackList(String path) { + + // start out with a base set of known bad values + Set<BigInteger> bl = new HashSet<BigInteger>(Arrays.asList( + // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup + // Not a real certificate. For testing only. + new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16), + new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16), + new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16), + new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16), + new BigInteger("9239d5348f40d1695a745470e1f23f43", 16), + new BigInteger("e9028b9578e415dc1a710a2b88154447", 16), + new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16), + new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16), + new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16), + new BigInteger("3e75ced46b693021218830ae86a82a71", 16), + new BigInteger("864", 16), + new BigInteger("827", 16) + )); + + // attempt to augment it with values taken from gservices + String serialBlacklist = readBlacklist(path); + if (!serialBlacklist.equals("")) { + for(String value : serialBlacklist.split(",")) { + try { + bl.add(new BigInteger(value, 16)); + } catch (NumberFormatException e) { + logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e); + } + } + } + + // whether that succeeds or fails, send it on its merry way + return Collections.unmodifiableSet(bl); + } + + private static final Set<byte[]> readPublicKeyBlackList(String path) { + + // start out with a base set of known bad values + Set<byte[]> bl = new HashSet<byte[]>(Arrays.asList( + // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750 + // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl + "410f36363258f30b347d12ce4863e433437806a8".getBytes(), + // Subject: CN=DigiNotar Cyber CA + // Issuer: CN=GTE CyberTrust Global Root + "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(), + // Subject: CN=DigiNotar Services 1024 CA + // Issuer: CN=Entrust.net + "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(), + // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 + // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 + "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(), + // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven + // Issuer: CN=Staat der Nederlanden Overheid CA + "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(), + // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479 + // Subject: O=Digicert Sdn. Bhd. + // Issuer: CN=GTE CyberTrust Global Root + "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(), + // Subject: CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org + // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri + "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(), + // Subject: CN=*.EGO.GOV.TR 93 + // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri + "783333c9687df63377efceddd82efa9101913e8e".getBytes() + )); + + // attempt to augment it with values taken from gservices + String pubkeyBlacklist = readBlacklist(path); + if (!pubkeyBlacklist.equals("")) { + for (String value : pubkeyBlacklist.split(",")) { + value = value.trim(); + if (isPubkeyHash(value)) { + bl.add(value.getBytes()); + } else { + logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value); + } + } + } + + return bl; + } + + public boolean isPublicKeyBlackListed(PublicKey publicKey) { + byte[] encoded = publicKey.getEncoded(); + Digest digest = AndroidDigestFactory.getSHA1(); + digest.update(encoded, 0, encoded.length); + byte[] out = new byte[digest.getDigestSize()]; + digest.doFinal(out, 0); + for (byte[] blacklisted : pubkeyBlacklist) { + if (Arrays.equals(blacklisted, Hex.encode(out))) { + return true; + } + } + return false; + } + + public boolean isSerialNumberBlackListed(BigInteger serial) { + return serialBlacklist.contains(serial); + } + +} diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2013-01-23 01:01:51.954749668 +0000 @@ -61,13 +61,17 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.X509LDAPCertStoreParameters; +// BEGIN android-removed +// import org.bouncycastle.jce.X509LDAPCertStoreParameters; +// END android-removed import org.bouncycastle.jce.exception.ExtCertPathValidatorException; import org.bouncycastle.util.Selector; import org.bouncycastle.util.StoreException; import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; import org.bouncycastle.x509.ExtendedPKIXParameters; -import org.bouncycastle.x509.X509AttributeCertStoreSelector; +// BEGIN android-removed +// import org.bouncycastle.x509.X509AttributeCertStoreSelector; +// END android-removed import org.bouncycastle.x509.X509AttributeCertificate; import org.bouncycastle.x509.X509CRLStoreSelector; import org.bouncycastle.x509.X509CertStoreSelector; @@ -247,7 +251,9 @@ { // look for URI List list = (List)it.next(); - if (list.get(0).equals(new Integer(GeneralName.uniformResourceIdentifier))) + // BEGIN android-changed + if (list.get(0).equals(Integer.valueOf(GeneralName.uniformResourceIdentifier))) + // END android-changed { // found String temp = (String)list.get(1); @@ -655,38 +661,40 @@ { try { - if (location.startsWith("ldap://")) - { - // ldap://directory.d-trust.net/CN=D-TRUST - // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE - // skip "ldap://" - location = location.substring(7); - // after first / baseDN starts - String base = null; - String url = null; - if (location.indexOf("/") != -1) - { - base = location.substring(location.indexOf("/")); - // URL - url = "ldap://" - + location.substring(0, location.indexOf("/")); - } - else - { - url = "ldap://" + location; - } - // use all purpose parameters - X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder( - url, base).build(); - pkixParams.addAdditionalStore(X509Store.getInstance( - "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - pkixParams.addAdditionalStore(X509Store.getInstance( - "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - pkixParams.addAdditionalStore(X509Store.getInstance( - "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - pkixParams.addAdditionalStore(X509Store.getInstance( - "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - } + // BEGIN android-removed + // if (location.startsWith("ldap://")) + // { + // // ldap://directory.d-trust.net/CN=D-TRUST + // // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE + // // skip "ldap://" + // location = location.substring(7); + // // after first / baseDN starts + // String base = null; + // String url = null; + // if (location.indexOf("/") != -1) + // { + // base = location.substring(location.indexOf("/")); + // // URL + // url = "ldap://" + // + location.substring(0, location.indexOf("/")); + // } + // else + // { + // url = "ldap://" + location; + // } + // // use all purpose parameters + // X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder( + // url, base).build(); + // pkixParams.addAdditionalStore(X509Store.getInstance( + // "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); + // pkixParams.addAdditionalStore(X509Store.getInstance( + // "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); + // pkixParams.addAdditionalStore(X509Store.getInstance( + // "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); + // pkixParams.addAdditionalStore(X509Store.getInstance( + // "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); + // } + // END android-removed } catch (Exception e) { @@ -751,33 +759,35 @@ return certs; } - protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, - List certStores) - throws AnnotatedException - { - Set certs = new HashSet(); - Iterator iter = certStores.iterator(); - - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof X509Store) - { - X509Store certStore = (X509Store)obj; - try - { - certs.addAll(certStore.getMatches(certSelect)); - } - catch (StoreException e) - { - throw new AnnotatedException( - "Problem while picking certificates from X.509 store.", e); - } - } - } - return certs; - } + // BEGIN android-removed + // protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, + // List certStores) + // throws AnnotatedException + // { + // Set certs = new HashSet(); + // Iterator iter = certStores.iterator(); + // + // while (iter.hasNext()) + // { + // Object obj = iter.next(); + // + // if (obj instanceof X509Store) + // { + // X509Store certStore = (X509Store)obj; + // try + // { + // certs.addAll(certStore.getMatches(certSelect)); + // } + // catch (StoreException e) + // { + // throw new AnnotatedException( + // "Problem while picking certificates from X.509 store.", e); + // } + // } + // } + // return certs; + // } + // END android-removed protected static void addAdditionalStoresFromCRLDistributionPoint( CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEBlockCipher.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEBlockCipher.java 2013-01-23 01:01:51.954749668 +0000 @@ -18,8 +18,10 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.BufferedBlockCipher; @@ -28,7 +30,9 @@ import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.engines.AESFastEngine; import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.GOST28147Engine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.GOST28147Engine; +// END android-removed import org.bouncycastle.crypto.engines.RC2Engine; import org.bouncycastle.crypto.engines.TwofishEngine; import org.bouncycastle.crypto.modes.AEADBlockCipher; @@ -36,12 +40,18 @@ import org.bouncycastle.crypto.modes.CCMBlockCipher; import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.CTSBlockCipher; -import org.bouncycastle.crypto.modes.EAXBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.EAXBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.GOFBBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; +// BEGIN android-removed +// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; +// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; +// END android-removed import org.bouncycastle.crypto.modes.SICBlockCipher; import org.bouncycastle.crypto.paddings.BlockCipherPadding; import org.bouncycastle.crypto.paddings.ISO10126d2Padding; @@ -53,12 +63,16 @@ import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.ParametersWithSBox; -import org.bouncycastle.crypto.params.RC2Parameters; -import org.bouncycastle.crypto.params.RC5Parameters; +// BEGIN android-removed +// import org.bouncycastle.crypto.params.ParametersWithSBox; +// import org.bouncycastle.crypto.params.RC2Parameters; +// import org.bouncycastle.crypto.params.RC5Parameters; +// END android-removed import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; import org.bouncycastle.jcajce.provider.symmetric.util.PBE; -import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +// BEGIN android-removed +// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; +// END android-removed import org.bouncycastle.jce.spec.RepeatedSecretKeySpec; import org.bouncycastle.util.Strings; @@ -71,11 +85,15 @@ // private Class[] availableSpecs = { - RC2ParameterSpec.class, - RC5ParameterSpec.class, + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class, + // END android-removed IvParameterSpec.class, PBEParameterSpec.class, - GOST28147ParameterSpec.class + // BEGIN android-removed + // GOST28147ParameterSpec.class + // END android-removed }; private BlockCipher baseEngine; @@ -232,20 +250,22 @@ new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); } } - else if (modeName.startsWith("PGP")) - { - boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); - - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher( - new PGPCFBBlockCipher(baseEngine, inlineIV)); - } - else if (modeName.equalsIgnoreCase("OpenPGPCFB")) - { - ivLength = 0; - cipher = new BufferedGenericBlockCipher( - new OpenPGPCFBBlockCipher(baseEngine)); - } + // BEGIN android-removed + // else if (modeName.startsWith("PGP")) + // { + // boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); + // + // ivLength = baseEngine.getBlockSize(); + // cipher = new BufferedGenericBlockCipher( + // new PGPCFBBlockCipher(baseEngine, inlineIV)); + // } + // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) + // { + // ivLength = 0; + // cipher = new BufferedGenericBlockCipher( + // new OpenPGPCFBBlockCipher(baseEngine)); + // } + // END android-removed else if (modeName.startsWith("SIC")) { ivLength = baseEngine.getBlockSize(); @@ -262,12 +282,14 @@ cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( new SICBlockCipher(baseEngine))); } - else if (modeName.startsWith("GOFB")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new GOFBBlockCipher(baseEngine))); - } + // BEGIN android-removed + // else if (modeName.startsWith("GOFB")) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( + // new GOFBBlockCipher(baseEngine))); + // } + // END android-removed else if (modeName.startsWith("CTS")) { ivLength = baseEngine.getBlockSize(); @@ -278,11 +300,13 @@ ivLength = baseEngine.getBlockSize(); cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); } - else if (modeName.startsWith("EAX")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); - } + // BEGIN android-removed + // else if (modeName.startsWith("EAX")) + // { + // ivLength = baseEngine.getBlockSize(); + // cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); + // } + // END android-removed else if (modeName.startsWith("GCM")) { ivLength = baseEngine.getBlockSize(); @@ -371,13 +395,15 @@ throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); } - // - // for RC5-64 we must have some default parameters - // - if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) - { - throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); - } + // BEGIN android-removed + // // + // // for RC5-64 we must have some default parameters + // // + // if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) + // { + // throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); + // } + // END android-removed // // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). @@ -451,63 +477,65 @@ param = new KeyParameter(key.getEncoded()); } } - else if (params instanceof GOST28147ParameterSpec) - { - GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - - param = new ParametersWithSBox( - new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); - - if (gost28147Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, gost28147Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - - param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - - if (rc2Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, rc2Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC5ParameterSpec) - { - RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - - param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - if (baseEngine.getAlgorithmName().startsWith("RC5")) - { - if (baseEngine.getAlgorithmName().equals("RC5-32")) - { - if (rc5Param.getWordSize() != 32) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); - } - } - else if (baseEngine.getAlgorithmName().equals("RC5-64")) - { - if (rc5Param.getWordSize() != 64) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); - } - } - } - else - { - throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); - } - if ((rc5Param.getIV() != null) && (ivLength != 0)) - { - param = new ParametersWithIV(param, rc5Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } + // BEGIN android-removed + // else if (params instanceof GOST28147ParameterSpec) + // { + // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; + // + // param = new ParametersWithSBox( + // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); + // + // if (gost28147Param.getIV() != null && ivLength != 0) + // { + // param = new ParametersWithIV(param, gost28147Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // else if (params instanceof RC2ParameterSpec) + // { + // RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; + // + // param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); + // + // if (rc2Param.getIV() != null && ivLength != 0) + // { + // param = new ParametersWithIV(param, rc2Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // else if (params instanceof RC5ParameterSpec) + // { + // RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; + // + // param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); + // if (baseEngine.getAlgorithmName().startsWith("RC5")) + // { + // if (baseEngine.getAlgorithmName().equals("RC5-32")) + // { + // if (rc5Param.getWordSize() != 32) + // { + // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); + // } + // } + // else if (baseEngine.getAlgorithmName().equals("RC5-64")) + // { + // if (rc5Param.getWordSize() != 64) + // { + // throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); + // } + // } + // } + // else + // { + // throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); + // } + // if ((rc5Param.getIV() != null) && (ivLength != 0)) + // { + // param = new ParametersWithIV(param, rc5Param.getIV()); + // ivParam = (ParametersWithIV)param; + // } + // } + // END android-removed else { throw new InvalidAlgorithmParameterException("unknown parameter type."); @@ -711,10 +739,21 @@ int inputLen, byte[] output, int outputOffset) - throws IllegalBlockSizeException, BadPaddingException + throws IllegalBlockSizeException, BadPaddingException, ShortBufferException { + // BEGIN android-note + // added ShortBufferException to the throws statement + // END android-note int len = 0; + // BEGIN android-added + int outputLen = cipher.getOutputSize(inputLen); + + if (outputLen + outputOffset > output.length) { + throw new ShortBufferException("need at least " + outputLen + " bytes"); + } + // BEGIN android-added + if (inputLen != 0) { len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); @@ -756,62 +795,64 @@ } } - /** - * DESCBC - */ - static public class DESCBC - extends JCEBlockCipher - { - public DESCBC() - { - super(new CBCBlockCipher(new DESEngine()), 64); - } - } - - /** - * GOST28147 - */ - static public class GOST28147 - extends JCEBlockCipher - { - public GOST28147() - { - super(new GOST28147Engine()); - } - } - - static public class GOST28147cbc - extends JCEBlockCipher - { - public GOST28147cbc() - { - super(new CBCBlockCipher(new GOST28147Engine()), 64); - } - } - - /** - * RC2 - */ - static public class RC2 - extends JCEBlockCipher - { - public RC2() - { - super(new RC2Engine()); - } - } - - /** - * RC2CBC - */ - static public class RC2CBC - extends JCEBlockCipher - { - public RC2CBC() - { - super(new CBCBlockCipher(new RC2Engine()), 64); - } - } + // BEGIN android-removed + // /** + // * DESCBC + // */ + // static public class DESCBC + // extends JCEBlockCipher + // { + // public DESCBC() + // { + // super(new CBCBlockCipher(new DESEngine()), 64); + // } + // } + // + // /** + // * GOST28147 + // */ + // static public class GOST28147 + // extends JCEBlockCipher + // { + // public GOST28147() + // { + // super(new GOST28147Engine()); + // } + // } + // + // static public class GOST28147cbc + // extends JCEBlockCipher + // { + // public GOST28147cbc() + // { + // super(new CBCBlockCipher(new GOST28147Engine()), 64); + // } + // } + // + // /** + // * RC2 + // */ + // static public class RC2 + // extends JCEBlockCipher + // { + // public RC2() + // { + // super(new RC2Engine()); + // } + // } + // + // /** + // * RC2CBC + // */ + // static public class RC2CBC + // extends JCEBlockCipher + // { + // public RC2CBC() + // { + // super(new CBCBlockCipher(new RC2Engine()), 64); + // } + // } + // END android-removed /** * PBEWithMD5AndDES diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPrivateKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2013-01-23 01:01:51.964749844 +0000 @@ -20,8 +20,10 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// END android-removed import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -203,21 +205,23 @@ ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - if (ecP == null) // GOST Curve - { - ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(oid), - ellipticCurve, - new ECPoint( - gParam.getG().getX().toBigInteger(), - gParam.getG().getY().toBigInteger()), - gParam.getN(), - gParam.getH()); - } - else + // BEGIN android-removed + // if (ecP == null) // GOST Curve + // { + // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); + // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); + // + // ecSpec = new ECNamedCurveSpec( + // ECGOST3410NamedCurves.getName(oid), + // ellipticCurve, + // new ECPoint( + // gParam.getG().getX().toBigInteger(), + // gParam.getG().getY().toBigInteger()), + // gParam.getN(), + // gParam.getH()); + // } + // else + // END android-removed { EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); @@ -331,11 +335,13 @@ try { - if (algorithm.equals("ECGOST3410")) - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } - else + // BEGIN android-removed + // if (algorithm.equals("ECGOST3410")) + // { + // info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + // } + // else + // END android-removed { info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPublicKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPublicKey.java 2013-01-23 01:01:51.954749668 +0000 @@ -18,9 +18,11 @@ import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; @@ -33,9 +35,13 @@ import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util; import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.ECGOST3410NamedCurveTable; +// BEGIN android-removed +// import org.bouncycastle.jce.ECGOST3410NamedCurveTable; +// END android-removed import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; +// BEGIN android-removed +// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; +// END android-removed import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.math.ec.ECCurve; @@ -46,7 +52,9 @@ private org.bouncycastle.math.ec.ECPoint q; private ECParameterSpec ecSpec; private boolean withCompression; - private GOST3410PublicKeyAlgParameters gostParams; + // BEGIN android-removed + // private GOST3410PublicKeyAlgParameters gostParams; + // END android-removed public JCEECPublicKey( String algorithm, @@ -56,7 +64,9 @@ this.q = key.q; this.ecSpec = key.ecSpec; this.withCompression = key.withCompression; - this.gostParams = key.gostParams; + // BEGIN android-removed + // this.gostParams = key.gostParams; + // END android-removed } public JCEECPublicKey( @@ -179,54 +189,56 @@ private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) { - if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { - DERBitString bits = info.getPublicKeyData(); - ASN1OctetString key; - this.algorithm = "ECGOST3410"; - - try - { - key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - - byte[] keyEnc = key.getOctets(); - byte[] x = new byte[32]; - byte[] y = new byte[32]; - - for (int i = 0; i != x.length; i++) - { - x[i] = keyEnc[32 - 1 - i]; - } - - for (int i = 0; i != y.length; i++) - { - y[i] = keyEnc[64 - 1 - i]; - } - - gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); - - ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - - ECCurve curve = spec.getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - - this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), spec.getH()); - - } - else + // BEGIN android-removed + // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) + // { + // DERBitString bits = info.getPublicKeyData(); + // ASN1OctetString key; + // this.algorithm = "ECGOST3410"; + // + // try + // { + // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); + // } + // catch (IOException ex) + // { + // throw new IllegalArgumentException("error recovering public key"); + // } + // + // byte[] keyEnc = key.getOctets(); + // byte[] x = new byte[32]; + // byte[] y = new byte[32]; + // + // for (int i = 0; i != x.length; i++) + // { + // x[i] = keyEnc[32 - 1 - i]; + // } + // + // for (int i = 0; i != y.length; i++) + // { + // y[i] = keyEnc[64 - 1 - i]; + // } + // + // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); + // + // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); + // + // ECCurve curve = spec.getCurve(); + // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); + // + // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); + // + // ecSpec = new ECNamedCurveSpec( + // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), + // ellipticCurve, + // new ECPoint( + // spec.getG().getX().toBigInteger(), + // spec.getG().getY().toBigInteger()), + // spec.getN(), spec.getH()); + // + // } + // else + // END android-removed { X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); ECCurve curve; @@ -315,45 +327,47 @@ ASN1Encodable params; SubjectPublicKeyInfo info; - if (algorithm.equals("ECGOST3410")) - { - if (gostParams != null) - { - params = gostParams; - } - else - { - if (ecSpec instanceof ECNamedCurveSpec) - { - params = new GOST3410PublicKeyAlgParameters( - ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), - CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); - } - else - { // strictly speaking this may not be applicable... - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - } - - BigInteger bX = this.q.getX().toBigInteger(); - BigInteger bY = this.q.getY().toBigInteger(); - byte[] encKey = new byte[64]; - - extractBytes(encKey, 0, bX); - extractBytes(encKey, 32, bY); - - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); - } - else + // BEGIN android-removed + // if (algorithm.equals("ECGOST3410")) + // { + // if (gostParams != null) + // { + // params = gostParams; + // } + // else + // { + // if (ecSpec instanceof ECNamedCurveSpec) + // { + // params = new GOST3410PublicKeyAlgParameters( + // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), + // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); + // } + // else + // { // strictly speaking this may not be applicable... + // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); + // + // X9ECParameters ecP = new X9ECParameters( + // curve, + // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), + // ecSpec.getOrder(), + // BigInteger.valueOf(ecSpec.getCofactor()), + // ecSpec.getCurve().getSeed()); + // + // params = new X962Parameters(ecP); + // } + // } + // + // BigInteger bX = this.q.getX().toBigInteger(); + // BigInteger bY = this.q.getY().toBigInteger(); + // byte[] encKey = new byte[64]; + // + // extractBytes(encKey, 0, bX); + // extractBytes(encKey, 32, bY); + // + // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); + // } + // else + // END android-removed { if (ecSpec instanceof ECNamedCurveSpec) { diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEMac.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEMac.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEMac.java 2013-01-23 01:01:51.964749844 +0000 @@ -11,24 +11,35 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD4Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.RIPEMD128Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.digests.TigerDigest; +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.MD2Digest; +// import org.bouncycastle.crypto.digests.MD4Digest; +// import org.bouncycastle.crypto.digests.MD5Digest; +// import org.bouncycastle.crypto.digests.RIPEMD128Digest; +// import org.bouncycastle.crypto.digests.RIPEMD160Digest; +// import org.bouncycastle.crypto.digests.SHA1Digest; +// import org.bouncycastle.crypto.digests.SHA224Digest; +// import org.bouncycastle.crypto.digests.SHA256Digest; +// import org.bouncycastle.crypto.digests.SHA384Digest; +// import org.bouncycastle.crypto.digests.SHA512Digest; +// import org.bouncycastle.crypto.digests.TigerDigest; +// END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RC2Engine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.RC2Engine; +// END android-removed import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.CFBBlockCipherMac; +// END android-removed import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -import org.bouncycastle.crypto.macs.OldHMac; +// BEGIN android-removed +// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; +// import org.bouncycastle.crypto.macs.OldHMac; +// END android-removed import org.bouncycastle.crypto.paddings.ISO7816d4Padding; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -144,109 +155,111 @@ * the classes that extend directly off us. */ - /** - * DES - */ - public static class DES - extends JCEMac - { - public DES() - { - super(new CBCBlockCipherMac(new DESEngine())); - } - } - - /** - * DES 64 bit MAC - */ - public static class DES64 - extends JCEMac - { - public DES64() - { - super(new CBCBlockCipherMac(new DESEngine(), 64)); - } - } - - /** - * RC2 - */ - public static class RC2 - extends JCEMac - { - public RC2() - { - super(new CBCBlockCipherMac(new RC2Engine())); - } - } - - - - - /** - * DES - */ - public static class DESCFB8 - extends JCEMac - { - public DESCFB8() - { - super(new CFBBlockCipherMac(new DESEngine())); - } - } - - /** - * RC2CFB8 - */ - - - /** - * DES9797Alg3with7816-4Padding - */ - public static class DES9797Alg3with7816d4 - extends JCEMac - { - public DES9797Alg3with7816d4() - { - super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - } - } - - /** - * DES9797Alg3 - */ - public static class DES9797Alg3 - extends JCEMac - { - public DES9797Alg3() - { - super(new ISO9797Alg3Mac(new DESEngine())); - } - } - - /** - * MD2 HMac - */ - public static class MD2 - extends JCEMac - { - public MD2() - { - super(new HMac(new MD2Digest())); - } - } - - /** - * MD4 HMac - */ - public static class MD4 - extends JCEMac - { - public MD4() - { - super(new HMac(new MD4Digest())); - } - } + // BEGIN android-removed + // /** + // * DES + // */ + // public static class DES + // extends JCEMac + // { + // public DES() + // { + // super(new CBCBlockCipherMac(new DESEngine())); + // } + // } + // + // /** + // * DES 64 bit MAC + // */ + // public static class DES64 + // extends JCEMac + // { + // public DES64() + // { + // super(new CBCBlockCipherMac(new DESEngine(), 64)); + // } + // } + // + // /** + // * RC2 + // */ + // public static class RC2 + // extends JCEMac + // { + // public RC2() + // { + // super(new CBCBlockCipherMac(new RC2Engine())); + // } + // } + // + // + // + // + // /** + // * DES + // */ + // public static class DESCFB8 + // extends JCEMac + // { + // public DESCFB8() + // { + // super(new CFBBlockCipherMac(new DESEngine())); + // } + // } + // + // /** + // * RC2CFB8 + // */ + // + // + // /** + // * DES9797Alg3with7816-4Padding + // */ + // public static class DES9797Alg3with7816d4 + // extends JCEMac + // { + // public DES9797Alg3with7816d4() + // { + // super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); + // } + // } + // + // /** + // * DES9797Alg3 + // */ + // public static class DES9797Alg3 + // extends JCEMac + // { + // public DES9797Alg3() + // { + // super(new ISO9797Alg3Mac(new DESEngine())); + // } + // } + // + // /** + // * MD2 HMac + // */ + // public static class MD2 + // extends JCEMac + // { + // public MD2() + // { + // super(new HMac(new MD2Digest())); + // } + // } + // + // /** + // * MD4 HMac + // */ + // public static class MD4 + // extends JCEMac + // { + // public MD4() + // { + // super(new HMac(new MD4Digest())); + // } + // } + // END android-removed /** * MD5 HMac @@ -256,7 +269,9 @@ { public MD5() { - super(new HMac(new MD5Digest())); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getMD5())); + // END android-changed } } @@ -268,21 +283,25 @@ { public SHA1() { - super(new HMac(new SHA1Digest())); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getSHA1())); + // END android-changed } } - /** - * SHA-224 HMac - */ - public static class SHA224 - extends JCEMac - { - public SHA224() - { - super(new HMac(new SHA224Digest())); - } - } + // BEGIN android-removed + // /** + // * SHA-224 HMac + // */ + // public static class SHA224 + // extends JCEMac + // { + // public SHA224() + // { + // super(new HMac(new SHA224Digest())); + // } + // } + // END android-removed /** * SHA-256 HMac @@ -292,7 +311,9 @@ { public SHA256() { - super(new HMac(new SHA256Digest())); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getSHA256())); + // END android-changed } } @@ -304,18 +325,22 @@ { public SHA384() { - super(new HMac(new SHA384Digest())); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getSHA384())); + // END android-changed } } - public static class OldSHA384 - extends JCEMac - { - public OldSHA384() - { - super(new OldHMac(new SHA384Digest())); - } - } + // BEGIN android-removed + // public static class OldSHA384 + // extends JCEMac + // { + // public OldSHA384() + // { + // super(new OldHMac(new SHA384Digest())); + // } + // } + // END android-removed /** * SHA-512 HMac @@ -325,75 +350,80 @@ { public SHA512() { - super(new HMac(new SHA512Digest())); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getSHA512())); + // END android-changed } } - /** - * SHA-512 HMac - */ - public static class OldSHA512 - extends JCEMac - { - public OldSHA512() - { - super(new OldHMac(new SHA512Digest())); - } - } - /** - * RIPEMD128 HMac - */ - public static class RIPEMD128 - extends JCEMac - { - public RIPEMD128() - { - super(new HMac(new RIPEMD128Digest())); - } - } - - /** - * RIPEMD160 HMac - */ - public static class RIPEMD160 - extends JCEMac - { - public RIPEMD160() - { - super(new HMac(new RIPEMD160Digest())); - } - } - - /** - * Tiger HMac - */ - public static class Tiger - extends JCEMac - { - public Tiger() - { - super(new HMac(new TigerDigest())); - } - } - + // BEGIN android-removed + // /** + // * SHA-512 HMac + // */ + // public static class OldSHA512 + // extends JCEMac + // { + // public OldSHA512() + // { + // super(new OldHMac(new SHA512Digest())); + // } + // } // - // PKCS12 states that the same algorithm should be used - // for the key generation as is used in the HMAC, so that - // is what we do here. + // /** + // * RIPEMD128 HMac + // */ + // public static class RIPEMD128 + // extends JCEMac + // { + // public RIPEMD128() + // { + // super(new HMac(new RIPEMD128Digest())); + // } + // } // - - /** - * PBEWithHmacRIPEMD160 - */ - public static class PBEWithRIPEMD160 - extends JCEMac - { - public PBEWithRIPEMD160() - { - super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - } - } + // /** + // * RIPEMD160 HMac + // */ + // public static class RIPEMD160 + // extends JCEMac + // { + // public RIPEMD160() + // { + // super(new HMac(new RIPEMD160Digest())); + // } + // } + // + // /** + // * Tiger HMac + // */ + // public static class Tiger + // extends JCEMac + // { + // public Tiger() + // { + // super(new HMac(new TigerDigest())); + // } + // } + // + // // + // // PKCS12 states that the same algorithm should be used + // // for the key generation as is used in the HMAC, so that + // // is what we do here. + // // + // + // /** + // * PBEWithHmacRIPEMD160 + // */ + // public static class PBEWithRIPEMD160 + // extends JCEMac + // { + // public PBEWithRIPEMD160() + // { + // super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); + // } + // } + // END android-removed /** * PBEWithHmacSHA @@ -403,19 +433,23 @@ { public PBEWithSHA() { - super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); + // BEGIN android-changed + super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160); + // END android-changed } } - /** - * PBEWithHmacTiger - */ - public static class PBEWithTiger - extends JCEMac - { - public PBEWithTiger() - { - super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - } - } + // BEGIN android-removed + // /** + // * PBEWithHmacTiger + // */ + // public static class PBEWithTiger + // extends JCEMac + // { + // public PBEWithTiger() + // { + // super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); + // } + // } + // END android-removed } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2013-01-23 01:01:51.974750020 +0000 @@ -127,7 +127,9 @@ */ public byte[] getEncoded() { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); + // BEGIN android-changed + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); + // END android-changed } /** diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2013-01-23 01:01:51.974750020 +0000 @@ -78,7 +78,9 @@ public byte[] getEncoded() { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); + // BEGIN android-changed + return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); + // END android-changed } public boolean equals(Object o) diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPublicKey.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2013-01-23 01:01:51.974750020 +0000 @@ -91,7 +91,9 @@ public byte[] getEncoded() { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent())); + // BEGIN android-changed + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent())); + // END android-changed } public int hashCode() diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCESecretKeyFactory.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2013-01-23 01:01:51.974750020 +0000 @@ -252,29 +252,31 @@ } } - /** - * PBEWithMD2AndDES - */ - static public class PBEWithMD2AndDES - extends DESPBEKeyFactory - { - public PBEWithMD2AndDES() - { - super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); - } - } - - /** - * PBEWithMD2AndRC2 - */ - static public class PBEWithMD2AndRC2 - extends PBEKeyFactory - { - public PBEWithMD2AndRC2() - { - super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); - } - } + // BEGIN android-removed + // /** + // * PBEWithMD2AndDES + // */ + // static public class PBEWithMD2AndDES + // extends DESPBEKeyFactory + // { + // public PBEWithMD2AndDES() + // { + // super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // + // /** + // * PBEWithMD2AndRC2 + // */ + // static public class PBEWithMD2AndRC2 + // extends PBEKeyFactory + // { + // public PBEWithMD2AndRC2() + // { + // super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); + // } + // } + // END android-removed /** * PBEWithMD5AndDES @@ -408,17 +410,19 @@ } } - /** - * PBEWithHmacRIPEMD160 - */ - public static class PBEWithRIPEMD160 - extends PBEKeyFactory - { - public PBEWithRIPEMD160() - { - super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); - } - } + // BEGIN android-removed + // /** + // * PBEWithHmacRIPEMD160 + // */ + // public static class PBEWithRIPEMD160 + // extends PBEKeyFactory + // { + // public PBEWithRIPEMD160() + // { + // super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); + // } + // } + // END android-removed /** * PBEWithHmacSHA @@ -432,17 +436,19 @@ } } - /** - * PBEWithHmacTiger - */ - public static class PBEWithTiger - extends PBEKeyFactory - { - public PBEWithTiger() - { - super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); - } - } + // BEGIN android-removed + // /** + // * PBEWithHmacTiger + // */ + // public static class PBEWithTiger + // extends PBEKeyFactory + // { + // public PBEWithTiger() + // { + // super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); + // } + // } + // END android-removed /** * PBEWithSHA1And128BitAES-BC @@ -551,4 +557,56 @@ super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); } } + // BEGIN android-added + static public class PBKDF2WithHmacSHA1 + extends JCESecretKeyFactory + { + public PBKDF2WithHmacSHA1() + { + super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); + } + + protected SecretKey engineGenerateSecret( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PBEKeySpec) + { + PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; + + if (pbeSpec.getSalt() == null) + { + throw new InvalidKeySpecException("missing required salt"); + } + + if (pbeSpec.getIterationCount() <= 0) + { + throw new InvalidKeySpecException("positive iteration count required: " + + pbeSpec.getIterationCount()); + } + + if (pbeSpec.getKeyLength() <= 0) + { + throw new InvalidKeySpecException("positive key length required: " + + pbeSpec.getKeyLength()); + } + + if (pbeSpec.getPassword().length == 0) + { + throw new IllegalArgumentException("password empty"); + } + + int scheme = PKCS5S2; + int digest = SHA1; + int keySize = pbeSpec.getKeyLength(); + int ivSize = -1; + CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); + + return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + } + + throw new InvalidKeySpecException("Invalid KeySpec"); + } + } + // END android-added } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEStreamCipher.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEStreamCipher.java 2013-01-23 01:01:51.984750196 +0000 @@ -14,20 +14,26 @@ import javax.crypto.ShortBufferException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; +// BEGIN android-removed +// import javax.crypto.spec.RC2ParameterSpec; +// import javax.crypto.spec.RC5ParameterSpec; +// END android-removed import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; import org.bouncycastle.crypto.StreamBlockCipher; import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.engines.BlowfishEngine; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.BlowfishEngine; +// import org.bouncycastle.crypto.engines.DESEngine; +// import org.bouncycastle.crypto.engines.DESedeEngine; +// END android-removed import org.bouncycastle.crypto.engines.RC4Engine; -import org.bouncycastle.crypto.engines.SkipjackEngine; -import org.bouncycastle.crypto.engines.TwofishEngine; +// BEGIN android-removed +// import org.bouncycastle.crypto.engines.SkipjackEngine; +// import org.bouncycastle.crypto.engines.TwofishEngine; +// END android-removed import org.bouncycastle.crypto.modes.CFBBlockCipher; import org.bouncycastle.crypto.modes.OFBBlockCipher; import org.bouncycastle.crypto.params.KeyParameter; @@ -44,8 +50,10 @@ // private Class[] availableSpecs = { - RC2ParameterSpec.class, - RC5ParameterSpec.class, + // BEGIN android-removed + // RC2ParameterSpec.class, + // RC5ParameterSpec.class, + // END android-removed IvParameterSpec.class, PBEParameterSpec.class }; @@ -376,125 +384,127 @@ * The ciphers that inherit from us. */ - /** - * DES - */ - static public class DES_CFB8 - extends JCEStreamCipher - { - public DES_CFB8() - { - super(new CFBBlockCipher(new DESEngine(), 8), 64); - } - } - - /** - * DESede - */ - static public class DESede_CFB8 - extends JCEStreamCipher - { - public DESede_CFB8() - { - super(new CFBBlockCipher(new DESedeEngine(), 8), 64); - } - } - - /** - * SKIPJACK - */ - static public class Skipjack_CFB8 - extends JCEStreamCipher - { - public Skipjack_CFB8() - { - super(new CFBBlockCipher(new SkipjackEngine(), 8), 64); - } - } - - /** - * Blowfish - */ - static public class Blowfish_CFB8 - extends JCEStreamCipher - { - public Blowfish_CFB8() - { - super(new CFBBlockCipher(new BlowfishEngine(), 8), 64); - } - } - - /** - * Twofish - */ - static public class Twofish_CFB8 - extends JCEStreamCipher - { - public Twofish_CFB8() - { - super(new CFBBlockCipher(new TwofishEngine(), 8), 128); - } - } - - /** - * DES - */ - static public class DES_OFB8 - extends JCEStreamCipher - { - public DES_OFB8() - { - super(new OFBBlockCipher(new DESEngine(), 8), 64); - } - } - - /** - * DESede - */ - static public class DESede_OFB8 - extends JCEStreamCipher - { - public DESede_OFB8() - { - super(new OFBBlockCipher(new DESedeEngine(), 8), 64); - } - } - - /** - * SKIPJACK - */ - static public class Skipjack_OFB8 - extends JCEStreamCipher - { - public Skipjack_OFB8() - { - super(new OFBBlockCipher(new SkipjackEngine(), 8), 64); - } - } - - /** - * Blowfish - */ - static public class Blowfish_OFB8 - extends JCEStreamCipher - { - public Blowfish_OFB8() - { - super(new OFBBlockCipher(new BlowfishEngine(), 8), 64); - } - } - - /** - * Twofish - */ - static public class Twofish_OFB8 - extends JCEStreamCipher - { - public Twofish_OFB8() - { - super(new OFBBlockCipher(new TwofishEngine(), 8), 128); - } - } + // BEGIN android-removed + // /** + // * DES + // */ + // static public class DES_CFB8 + // extends JCEStreamCipher + // { + // public DES_CFB8() + // { + // super(new CFBBlockCipher(new DESEngine(), 8), 64); + // } + // } + // + // /** + // * DESede + // */ + // static public class DESede_CFB8 + // extends JCEStreamCipher + // { + // public DESede_CFB8() + // { + // super(new CFBBlockCipher(new DESedeEngine(), 8), 64); + // } + // } + // + // /** + // * SKIPJACK + // */ + // static public class Skipjack_CFB8 + // extends JCEStreamCipher + // { + // public Skipjack_CFB8() + // { + // super(new CFBBlockCipher(new SkipjackEngine(), 8), 64); + // } + // } + // + // /** + // * Blowfish + // */ + // static public class Blowfish_CFB8 + // extends JCEStreamCipher + // { + // public Blowfish_CFB8() + // { + // super(new CFBBlockCipher(new BlowfishEngine(), 8), 64); + // } + // } + // + // /** + // * Twofish + // */ + // static public class Twofish_CFB8 + // extends JCEStreamCipher + // { + // public Twofish_CFB8() + // { + // super(new CFBBlockCipher(new TwofishEngine(), 8), 128); + // } + // } + // + // /** + // * DES + // */ + // static public class DES_OFB8 + // extends JCEStreamCipher + // { + // public DES_OFB8() + // { + // super(new OFBBlockCipher(new DESEngine(), 8), 64); + // } + // } + // + // /** + // * DESede + // */ + // static public class DESede_OFB8 + // extends JCEStreamCipher + // { + // public DESede_OFB8() + // { + // super(new OFBBlockCipher(new DESedeEngine(), 8), 64); + // } + // } + // + // /** + // * SKIPJACK + // */ + // static public class Skipjack_OFB8 + // extends JCEStreamCipher + // { + // public Skipjack_OFB8() + // { + // super(new OFBBlockCipher(new SkipjackEngine(), 8), 64); + // } + // } + // + // /** + // * Blowfish + // */ + // static public class Blowfish_OFB8 + // extends JCEStreamCipher + // { + // public Blowfish_OFB8() + // { + // super(new OFBBlockCipher(new BlowfishEngine(), 8), 64); + // } + // } + // + // /** + // * Twofish + // */ + // static public class Twofish_OFB8 + // extends JCEStreamCipher + // { + // public Twofish_OFB8() + // { + // super(new OFBBlockCipher(new TwofishEngine(), 8), 128); + // } + // } + // END android-removed /** * PBEWithSHAAnd128BitRC4 diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2013-01-23 01:01:51.964749844 +0000 @@ -17,7 +17,9 @@ import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.jce.spec.IESParameterSpec; +// BEGIN android-removed +// import org.bouncycastle.jce.spec.IESParameterSpec; +// END android-removed public abstract class JDKAlgorithmParameters extends AlgorithmParametersSpi @@ -208,109 +210,111 @@ } } - public static class IES - extends JDKAlgorithmParameters - { - IESParameterSpec currentSpec; - - /** - * in the absence of a standard way of doing it this will do for - * now... - */ - protected byte[] engineGetEncoded() - { - try - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DEROctetString(currentSpec.getDerivationV())); - v.add(new DEROctetString(currentSpec.getEncodingV())); - v.add(new DERInteger(currentSpec.getMacKeySize())); - - return new DERSequence(v).getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding IESParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IESParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof IESParameterSpec)) - { - throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); - } - - this.currentSpec = (IESParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); - - this.currentSpec = new IESParameterSpec( - ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - ((DERInteger)s.getObjectAt(0)).getValue().intValue()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid IES Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid IES Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "IES Parameters"; - } - } + // BEGIN android-removed + // public static class IES + // extends JDKAlgorithmParameters + // { + // IESParameterSpec currentSpec; + // + // /** + // * in the absence of a standard way of doing it this will do for + // * now... + // */ + // protected byte[] engineGetEncoded() + // { + // try + // { + // ASN1EncodableVector v = new ASN1EncodableVector(); + // + // v.add(new DEROctetString(currentSpec.getDerivationV())); + // v.add(new DEROctetString(currentSpec.getEncodingV())); + // v.add(new DERInteger(currentSpec.getMacKeySize())); + // + // return new DERSequence(v).getEncoded(ASN1Encoding.DER); + // } + // catch (IOException e) + // { + // throw new RuntimeException("Error encoding IESParameters"); + // } + // } + // + // protected byte[] engineGetEncoded( + // String format) + // { + // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) + // { + // return engineGetEncoded(); + // } + // + // return null; + // } + // + // protected AlgorithmParameterSpec localEngineGetParameterSpec( + // Class paramSpec) + // throws InvalidParameterSpecException + // { + // if (paramSpec == IESParameterSpec.class) + // { + // return currentSpec; + // } + // + // throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); + // } + // + // protected void engineInit( + // AlgorithmParameterSpec paramSpec) + // throws InvalidParameterSpecException + // { + // if (!(paramSpec instanceof IESParameterSpec)) + // { + // throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); + // } + // + // this.currentSpec = (IESParameterSpec)paramSpec; + // } + // + // protected void engineInit( + // byte[] params) + // throws IOException + // { + // try + // { + // ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); + // + // this.currentSpec = new IESParameterSpec( + // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), + // ((ASN1OctetString)s.getObjectAt(0)).getOctets(), + // ((DERInteger)s.getObjectAt(0)).getValue().intValue()); + // } + // catch (ClassCastException e) + // { + // throw new IOException("Not a valid IES Parameter encoding."); + // } + // catch (ArrayIndexOutOfBoundsException e) + // { + // throw new IOException("Not a valid IES Parameter encoding."); + // } + // } + // + // protected void engineInit( + // byte[] params, + // String format) + // throws IOException + // { + // if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) + // { + // engineInit(params); + // } + // else + // { + // throw new IOException("Unknown parameter format " + format); + // } + // } + // + // protected String engineToString() + // { + // return "IES Parameters"; + // } + // } + // END android-removed } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKKeyStore.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKKeyStore.java 2013-01-23 01:01:51.974750020 +0000 @@ -39,7 +39,12 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.SHA1Digest; +// BEGIN android-added +import org.bouncycastle.crypto.digests.AndroidDigestFactory; +// END android-added +// BEGIN android-removed +// import org.bouncycastle.crypto.digests.SHA1Digest; +// END android-removed import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; import org.bouncycastle.crypto.io.DigestInputStream; import org.bouncycastle.crypto.io.DigestOutputStream; @@ -498,7 +503,13 @@ if (entry == null) { - throw new KeyStoreException("no such entry as " + alias); + // BEGIN android-removed + // Only throw if there is a problem removing, not if missing + // throw new KeyStoreException("no such entry as " + alias); + // END android-removed + // BEGIN android-added + return; + // END android-added } table.remove(alias); @@ -817,12 +828,16 @@ // // we only do an integrity check if the password is provided. // - HMac hMac = new HMac(new SHA1Digest()); + // BEGIN android-changed + HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); + // END android-changed if (password != null && password.length != 0) { byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); + // BEGIN android-changed + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); + // END android-changed pbeGen.init(passKey, salt, iterationCount); CipherParameters macParams; @@ -884,9 +899,11 @@ dOut.write(salt); dOut.writeInt(iterationCount); - HMac hMac = new HMac(new SHA1Digest()); + // BEGIN android-changed + HMac hMac = new HMac(AndroidDigestFactory.getSHA1()); MacOutputStream mOut = new MacOutputStream(hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); + PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1()); + // END android-changed byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); @@ -974,7 +991,9 @@ Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); CipherInputStream cIn = new CipherInputStream(dIn, cipher); - Digest dig = new SHA1Digest(); + // BEGIN android-changed + Digest dig = AndroidDigestFactory.getSHA1(); + // END android-changed DigestInputStream dgIn = new DigestInputStream(cIn, dig); this.loadStore(dgIn); @@ -1013,7 +1032,9 @@ cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); + // BEGIN android-changed + DigestOutputStream dgOut = new DigestOutputStream(AndroidDigestFactory.getSHA1()); + // END android-changed this.saveStore(new TeeOutputStream(cOut, dgOut)); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2013-01-23 01:01:51.974750020 +0000 @@ -261,10 +261,13 @@ } } - if (c == null && k == null) - { - throw new KeyStoreException("no such entry as " + alias); - } + // BEGIN android-removed + // Only throw if there is a problem removing, not if missing + // if (c == null && k == null) + // { + // throw new KeyStoreException("no such entry as " + alias); + // } + // END android-removed } /** @@ -439,6 +442,14 @@ public Date engineGetCreationDate(String alias) { + // BEGIN android-added + if (alias == null) { + throw new NullPointerException("alias == null"); + } + if (keys.get(alias) == null && certs.get(alias) == null) { + return null; + } + // END android-added return new Date(); } @@ -497,6 +508,11 @@ Certificate[] chain) throws KeyStoreException { + // BEGIN android-added + if (!(key instanceof PrivateKey)) { + throw new KeyStoreException("PKCS12 does not support non-PrivateKeys"); + } + // END android-added if ((key instanceof PrivateKey) && (chain == null)) { throw new KeyStoreException("no certificate chain for private key"); @@ -508,12 +524,18 @@ } keys.put(alias, key); + // BEGIN android-added + if (chain != null) { + // END android-added certs.put(alias, chain[0]); for (int i = 0; i != chain.length; i++) { chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]); } + // BEGIN android-added + } + // END android-added } public int engineSize() @@ -1489,7 +1511,9 @@ { byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); - AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, new DERNull()); + // BEGIN android-changed + AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); + // END android-changed DigestInfo dInfo = new DigestInfo(algId, res); mData = new MacData(dInfo, mSalt, itCount); @@ -1546,32 +1570,34 @@ } } - public static class BCPKCS12KeyStore3DES - extends JDKPKCS12KeyStore - { - public BCPKCS12KeyStore3DES() - { - super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - } - } - - public static class DefPKCS12KeyStore - extends JDKPKCS12KeyStore - { - public DefPKCS12KeyStore() - { - super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); - } - } - - public static class DefPKCS12KeyStore3DES - extends JDKPKCS12KeyStore - { - public DefPKCS12KeyStore3DES() - { - super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - } - } + // BEGIN android-removed + // public static class BCPKCS12KeyStore3DES + // extends JDKPKCS12KeyStore + // { + // public BCPKCS12KeyStore3DES() + // { + // super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); + // } + // } + // + // public static class DefPKCS12KeyStore + // extends JDKPKCS12KeyStore + // { + // public DefPKCS12KeyStore() + // { + // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); + // } + // } + // + // public static class DefPKCS12KeyStore3DES + // extends JDKPKCS12KeyStore + // { + // public DefPKCS12KeyStore3DES() + // { + // super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); + // } + // } + // END android-removed private static class IgnoresCaseHashtable { @@ -1580,7 +1606,9 @@ public void put(String key, Object value) { - String lower = Strings.toLowerCase(key); + // BEGIN android-changed + String lower = (key == null) ? null : Strings.toLowerCase(key); + // END android-changed String k = (String)keys.get(lower); if (k != null) { @@ -1598,7 +1626,9 @@ public Object remove(String alias) { - String k = (String)keys.remove(Strings.toLowerCase(alias)); + // BEGIN android-changed + String k = (String)keys.remove(alias == null ? null : Strings.toLowerCase(alias)); + // END android-changed if (k == null) { return null; @@ -1609,7 +1639,9 @@ public Object get(String alias) { - String k = (String)keys.get(Strings.toLowerCase(alias)); + // BEGIN android-changed + String k = (String)keys.get(alias == null ? null : Strings.toLowerCase(alias)); + // END android-changed if (k == null) { return null; diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2013-01-23 01:01:51.984750196 +0000 @@ -1,5 +1,8 @@ package org.bouncycastle.jce.provider; +// BEGIN android-added +import java.math.BigInteger; +// END android-added import java.security.InvalidAlgorithmParameterException; import java.security.PublicKey; import java.security.cert.CertPath; @@ -33,6 +36,9 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi { + // BEGIN android-added + private final static CertBlacklist blacklist = new CertBlacklist(); + // END android-added public CertPathValidatorResult engineValidate( CertPath certPath, @@ -75,6 +81,22 @@ { throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0); } + // BEGIN android-added + { + X509Certificate cert = (X509Certificate) certs.get(0); + + if (cert != null) { + BigInteger serial = cert.getSerialNumber(); + if (blacklist.isSerialNumberBlackListed(serial)) { + // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs + String message = "Certificate revocation of serial 0x" + serial.toString(16); + System.out.println(message); + AnnotatedException e = new AnnotatedException(message); + throw new CertPathValidatorException(e.getMessage(), e, certPath, 0); + } + } + } + // END android-added // // (b) @@ -251,6 +273,15 @@ for (index = certs.size() - 1; index >= 0; index--) { + // BEGIN android-added + if (blacklist.isPublicKeyBlackListed(workingPublicKey)) { + // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs + String message = "Certificate revocation of public key " + workingPublicKey; + System.out.println(message); + AnnotatedException e = new AnnotatedException(message); + throw new CertPathValidatorException(e.getMessage(), e, certPath, index); + } + // END android-added // try // { // diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2013-01-23 01:01:51.984750196 +0000 @@ -1533,7 +1533,9 @@ for (Enumeration e = permitted.getObjects(); e.hasMoreElements();) { GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); - Integer tagNo = new Integer(subtree.getBase().getTagNo()); + // BEGIN android-changed + Integer tagNo = Integer.valueOf(subtree.getBase().getTagNo()); + // END android-changed if (subtreesMap.get(tagNo) == null) { subtreesMap.put(tagNo, new HashSet()); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509CertificateObject.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509CertificateObject.java 2013-01-23 01:01:51.954749668 +0000 @@ -544,12 +544,20 @@ } } + // BEGIN android-changed + private byte[] encoded; + // END android-changed public byte[] getEncoded() throws CertificateEncodingException { try { - return c.getEncoded(ASN1Encoding.DER); + // BEGIN android-changed + if (encoded == null) { + encoded = c.getEncoded(ASN1Encoding.DER); + } + return encoded; + // END android-changed } catch (IOException e) { diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509SignatureUtil.java --- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509SignatureUtil.java 2013-01-23 01:01:51.984750196 +0000 @@ -14,7 +14,9 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -25,7 +27,9 @@ class X509SignatureUtil { - private static final ASN1Null derNull = new DERNull(); + // BEGIN android-changed + private static final ASN1Null derNull = DERNull.INSTANCE; + // END android-changed static void setSignatureParameters( Signature signature, @@ -66,12 +70,14 @@ if (params != null && !derNull.equals(params)) { - if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - { - RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - - return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; - } + // BEGIN android-removed + // if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) + // { + // RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); + // + // return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; + // } + // END android-removed if (sigAlgId.getObjectId().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) { ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); @@ -98,10 +104,12 @@ { return "SHA1"; } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } + // BEGIN android-removed + // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) + // { + // return "SHA224"; + // } + // END android-removed else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) { return "SHA256"; @@ -114,22 +122,24 @@ { return "SHA512"; } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } + // BEGIN android-removed + // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) + // { + // return "RIPEMD128"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) + // { + // return "RIPEMD160"; + // } + // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) + // { + // return "RIPEMD256"; + // } + // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) + // { + // return "GOST3411"; + // } + // END android-removed else { return digestAlgOID.getId(); diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-147/org/bouncycastle/x509/X509Util.java --- bcprov-jdk15on-147.orig/org/bouncycastle/x509/X509Util.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/x509/X509Util.java 2013-01-23 01:01:51.894748612 +0000 @@ -25,12 +25,16 @@ import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// BEGIN android-removed +// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; +// END android-removed import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jce.X509Principal; @@ -44,14 +48,18 @@ static { - algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); - algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); + // BEGIN android-removed + // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); + // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); + // END android-removed algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption); algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption); algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption); algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // BEGIN android-removed + // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); + // END android-removed algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); @@ -59,45 +67,59 @@ algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); + // BEGIN android-removed + // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); + // END android-removed algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // BEGIN android-removed + // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); + // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); + // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); + // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); + // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); + // END android-removed algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); + // BEGIN android-removed + // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); + // END android-removed algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); + // BEGIN android-removed + // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); + // END android-removed algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // BEGIN android-removed + // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); + // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); + // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // END android-removed // // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. // The parameters field SHALL be NULL for RSA based signature algorithms. // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); + // BEGIN android-removed + // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); + // END android-removed noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); + // BEGIN android-removed + // noParams.add(NISTObjectIdentifiers.dsa_with_sha224); + // END android-removed noParams.add(NISTObjectIdentifiers.dsa_with_sha256); noParams.add(NISTObjectIdentifiers.dsa_with_sha384); noParams.add(NISTObjectIdentifiers.dsa_with_sha512); @@ -105,25 +127,39 @@ // // RFC 4491 // - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // BEGIN android-removed + // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); + // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); + // END android-removed // // explicit params // - AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull()); + // BEGIN android-changed + AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); + // END android-changed params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); - AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull()); - params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); - - AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull()); + // BEGIN android-removed + // // BEGIN android-changed + // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); + // // END android-changed + // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); + // END android-removed + + // BEGIN android-changed + AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); + // END android-changed params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); - AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull()); + // BEGIN android-changed + AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); + // END android-changed params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); - AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull()); + // BEGIN android-changed + AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); + // END android-changed params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); } @@ -166,7 +202,9 @@ } else { - return new AlgorithmIdentifier(sigOid, new DERNull()); + // BEGIN android-changed + return new AlgorithmIdentifier(sigOid, DERNull.INSTANCE); + // END android-changed } } diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk15on-147/org/bouncycastle/x509/extension/X509ExtensionUtil.java --- bcprov-jdk15on-147.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2012-03-22 15:11:48.000000000 +0000 +++ bcprov-jdk15on-147/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2013-01-23 01:01:51.884748436 +0000 @@ -62,7 +62,9 @@ { GeneralName genName = GeneralName.getInstance(it.nextElement()); List list = new ArrayList(); - list.add(new Integer(genName.getTagNo())); + // BEGIN android-changed + list.add(Integer.valueOf(genName.getTagNo())); + // END android-changed switch (genName.getTagNo()) { case GeneralName.ediPartyName: