1 /*
2 * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.x509;
27
28 import java.io.*;
29 import java.security.spec.AlgorithmParameterSpec;
30 import java.security.spec.InvalidParameterSpecException;
31 import java.security.spec.MGF1ParameterSpec;
32 import java.security.spec.PSSParameterSpec;
33 import java.util.*;
34 import java.security.*;
35
36 import sun.security.rsa.PSSParameters;
37 import sun.security.util.*;
38
39
40 /**
41 * This class identifies algorithms, such as cryptographic transforms, each
42 * of which may be associated with parameters. Instances of this base class
43 * are used when this runtime environment has no special knowledge of the
44 * algorithm type, and may also be used in other cases. Equivalence is
45 * defined according to OID and (where relevant) parameters.
46 *
47 * <P>Subclasses may be used, for example when the algorithm ID has
48 * associated parameters which some code (e.g. code using public keys) needs
49 * to have parsed. Two examples of such algorithms are Diffie-Hellman key
50 * exchange, and the Digital Signature Standard Algorithm (DSS/DSA).
51 *
52 * <P>The OID constants defined in this class correspond to some widely
53 * used algorithms, for which conventional string names have been defined.
54 * This class is not a general repository for OIDs, or for such string names.
55 * Note that the mappings between algorithm IDs and algorithm names is
56 * not one-to-one.
57 *
58 *
59 * @author David Brownell
60 * @author Amit Kapoor
61 * @author Hemma Prafullchandra
62 */
63 public class AlgorithmId implements Serializable, DerEncoder {
64
65 /** use serialVersionUID from JDK 1.1. for interoperability */
66 @java.io.Serial
67 private static final long serialVersionUID = 7205873507486557157L;
68
69 /**
70 * The object identitifer being used for this algorithm.
71 */
72 private ObjectIdentifier algid;
73
74 // The (parsed) parameters
75 @SuppressWarnings("serial") // Not statically typed as Serializable
76 private AlgorithmParameters algParams;
77 private boolean constructedFromDer = true;
78
79 /**
80 * Parameters for this algorithm. These are stored in unparsed
81 * DER-encoded form; subclasses can be made to automaticaly parse
82 * them so there is fast access to these parameters.
83 */
84 @SuppressWarnings("serial") // Not statically typed as Serializable
85 protected DerValue params;
86
87
88 /**
89 * Constructs an algorithm ID which will be initialized
90 * separately, for example by deserialization.
91 * @deprecated use one of the other constructors.
92 */
93 @Deprecated
94 public AlgorithmId() { }
95
96 /**
97 * Constructs a parameterless algorithm ID.
98 *
99 * @param oid the identifier for the algorithm
100 */
101 public AlgorithmId(ObjectIdentifier oid) {
102 algid = oid;
103 }
104
105 /**
106 * Constructs an algorithm ID with algorithm parameters.
107 *
108 * @param oid the identifier for the algorithm.
109 * @param algparams the associated algorithm parameters.
110 */
111 public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) {
112 algid = oid;
113 algParams = algparams;
114 constructedFromDer = false;
115 }
116
117 private AlgorithmId(ObjectIdentifier oid, DerValue params)
118 throws IOException {
119 this.algid = oid;
120 this.params = params;
121 if (this.params != null) {
122 decodeParams();
123 }
124 }
125
126 protected void decodeParams() throws IOException {
127 String algidString = algid.toString();
128 try {
129 algParams = AlgorithmParameters.getInstance(algidString);
130 } catch (NoSuchAlgorithmException e) {
131 /*
132 * This algorithm parameter type is not supported, so we cannot
133 * parse the parameters.
134 */
135 algParams = null;
136 return;
137 }
138
139 // Decode (parse) the parameters
140 algParams.init(params.toByteArray());
141 }
142
143 /**
144 * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream.
145 */
146 public final void encode(DerOutputStream out) throws IOException {
147 derEncode(out);
148 }
149
150 /**
151 * DER encode this object onto an output stream.
152 * Implements the <code>DerEncoder</code> interface.
153 *
154 * @param out
155 * the output stream on which to write the DER encoding.
156 *
157 * @exception IOException on encoding error.
158 */
159 public void derEncode (OutputStream out) throws IOException {
160 DerOutputStream bytes = new DerOutputStream();
161 DerOutputStream tmp = new DerOutputStream();
162
163 bytes.putOID(algid);
164 // Setup params from algParams since no DER encoding is given
165 if (constructedFromDer == false) {
166 if (algParams != null) {
167 params = new DerValue(algParams.getEncoded());
168 } else {
169 params = null;
170 }
171 }
172 if (params == null) {
173 // Changes backed out for compatibility with Solaris
174
175 // Several AlgorithmId should omit the whole parameter part when
176 // it's NULL. They are ---
177 // RFC 3370 2.1: Implementations SHOULD generate SHA-1
178 // AlgorithmIdentifiers with absent parameters.
179 // RFC 3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
180 // id-sha512 are used in an AlgorithmIdentifier the parameters
181 // (which are optional) SHOULD be omitted.
182 // RFC 3279 2.3.2: The id-dsa algorithm syntax includes optional
183 // domain parameters... When omitted, the parameters component
184 // MUST be omitted entirely
185 // RFC 3370 3.1: When the id-dsa-with-sha1 algorithm identifier
186 // is used, the AlgorithmIdentifier parameters field MUST be absent.
187 /*if (
188 algid.equals((Object)SHA_oid) ||
189 algid.equals((Object)SHA224_oid) ||
190 algid.equals((Object)SHA256_oid) ||
191 algid.equals((Object)SHA384_oid) ||
192 algid.equals((Object)SHA512_oid) ||
193 algid.equals((Object)SHA512_224_oid) ||
194 algid.equals((Object)SHA512_256_oid) ||
195 algid.equals((Object)DSA_oid) ||
196 algid.equals((Object)sha1WithDSA_oid)) {
197 ; // no parameter part encoded
198 } else {
199 bytes.putNull();
200 }*/
201 if (algid.equals(RSASSA_PSS_oid)) {
202 // RFC 4055 3.3: when an RSASSA-PSS key does not require
203 // parameter validation, field is absent.
204 } else {
205 bytes.putNull();
206 }
207 } else {
208 bytes.putDerValue(params);
209 }
210 tmp.write(DerValue.tag_Sequence, bytes);
211 out.write(tmp.toByteArray());
212 }
213
214
215 /**
216 * Returns the DER-encoded X.509 AlgorithmId as a byte array.
217 */
218 public final byte[] encode() throws IOException {
219 DerOutputStream out = new DerOutputStream();
220 derEncode(out);
221 return out.toByteArray();
222 }
223
224 /**
225 * Returns the ISO OID for this algorithm. This is usually converted
226 * to a string and used as part of an algorithm name, for example
227 * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code>
228 * call when you do not need to ensure cross-system portability
229 * of algorithm names, or need a user friendly name.
230 */
231 public final ObjectIdentifier getOID () {
232 return algid;
233 }
234
235 /**
236 * Returns a name for the algorithm which may be more intelligible
237 * to humans than the algorithm's OID, but which won't necessarily
238 * be comprehensible on other systems. For example, this might
239 * return a name such as "MD5withRSA" for a signature algorithm on
240 * some systems. It also returns names like "OID.1.2.3.4", when
241 * no particular name for the algorithm is known.
242 */
243 public String getName() {
244 String algName = nameTable.get(algid);
245 if (algName != null) {
246 return algName;
247 }
248 if ((params != null) && algid.equals((Object)specifiedWithECDSA_oid)) {
249 try {
250 AlgorithmId paramsId =
251 AlgorithmId.parse(new DerValue(getEncodedParams()));
252 String paramsName = paramsId.getName();
253 algName = makeSigAlg(paramsName, "EC");
254 } catch (IOException e) {
255 // ignore
256 }
257 }
258 return (algName == null) ? algid.toString() : algName;
259 }
260
261 public AlgorithmParameters getParameters() {
262 return algParams;
263 }
264
265 /**
266 * Returns the DER encoded parameter, which can then be
267 * used to initialize java.security.AlgorithmParamters.
268 *
269 * @return DER encoded parameters, or null not present.
270 */
271 public byte[] getEncodedParams() throws IOException {
272 return (params == null) ? null : params.toByteArray();
273 }
274
275 /**
276 * Returns true iff the argument indicates the same algorithm
277 * with the same parameters.
278 */
279 public boolean equals(AlgorithmId other) {
280 boolean paramsEqual = Objects.equals(other.params, params);
281 return (algid.equals((Object)other.algid) && paramsEqual);
282 }
283
284 /**
285 * Compares this AlgorithmID to another. If algorithm parameters are
286 * available, they are compared. Otherwise, just the object IDs
287 * for the algorithm are compared.
288 *
289 * @param other preferably an AlgorithmId, else an ObjectIdentifier
290 */
291 public boolean equals(Object other) {
292 if (this == other) {
293 return true;
294 }
295 if (other instanceof AlgorithmId) {
296 return equals((AlgorithmId) other);
297 } else if (other instanceof ObjectIdentifier) {
298 return equals((ObjectIdentifier) other);
299 } else {
300 return false;
301 }
302 }
303
304 /**
305 * Compares two algorithm IDs for equality. Returns true iff
306 * they are the same algorithm, ignoring algorithm parameters.
307 */
308 public final boolean equals(ObjectIdentifier id) {
309 return algid.equals((Object)id);
310 }
311
312 /**
313 * Returns a hashcode for this AlgorithmId.
314 *
315 * @return a hashcode for this AlgorithmId.
316 */
317 public int hashCode() {
318 StringBuilder sbuf = new StringBuilder();
319 sbuf.append(algid.toString());
320 sbuf.append(paramsToString());
321 return sbuf.toString().hashCode();
322 }
323
324 /**
325 * Provides a human-readable description of the algorithm parameters.
326 * This may be redefined by subclasses which parse those parameters.
327 */
328 protected String paramsToString() {
329 if (params == null) {
330 return "";
331 } else if (algParams != null) {
332 return algParams.toString();
333 } else {
334 return ", params unparsed";
335 }
336 }
337
338 /**
339 * Returns a string describing the algorithm and its parameters.
340 */
341 public String toString() {
342 return getName() + paramsToString();
343 }
344
345 /**
346 * Parse (unmarshal) an ID from a DER sequence input value. This form
347 * parsing might be used when expanding a value which has already been
348 * partially unmarshaled as a set or sequence member.
349 *
350 * @exception IOException on error.
351 * @param val the input value, which contains the algid and, if
352 * there are any parameters, those parameters.
353 * @return an ID for the algorithm. If the system is configured
354 * appropriately, this may be an instance of a class
355 * with some kind of special support for this algorithm.
356 * In that case, you may "narrow" the type of the ID.
357 */
358 public static AlgorithmId parse(DerValue val) throws IOException {
359 if (val.tag != DerValue.tag_Sequence) {
360 throw new IOException("algid parse error, not a sequence");
361 }
362
363 /*
364 * Get the algorithm ID and any parameters.
365 */
366 ObjectIdentifier algid;
367 DerValue params;
368 DerInputStream in = val.toDerInputStream();
369
370 algid = in.getOID();
371 if (in.available() == 0) {
372 params = null;
373 } else {
374 params = in.getDerValue();
375 if (params.tag == DerValue.tag_Null) {
376 if (params.length() != 0) {
377 throw new IOException("invalid NULL");
378 }
379 params = null;
380 }
381 if (in.available() != 0) {
382 throw new IOException("Invalid AlgorithmIdentifier: extra data");
383 }
384 }
385
386 return new AlgorithmId(algid, params);
387 }
388
389 /**
390 * Returns one of the algorithm IDs most commonly associated
391 * with this algorithm name.
392 *
393 * @param algname the name being used
394 * @deprecated use the short get form of this method.
395 * @exception NoSuchAlgorithmException on error.
396 */
397 @Deprecated
398 public static AlgorithmId getAlgorithmId(String algname)
399 throws NoSuchAlgorithmException {
400 return get(algname);
401 }
402
403 /**
404 * Returns one of the algorithm IDs most commonly associated
405 * with this algorithm name.
406 *
407 * @param algname the name being used
408 * @exception NoSuchAlgorithmException on error.
409 */
410 public static AlgorithmId get(String algname)
411 throws NoSuchAlgorithmException {
412 ObjectIdentifier oid;
413 try {
414 oid = algOID(algname);
415 } catch (IOException ioe) {
416 throw new NoSuchAlgorithmException
417 ("Invalid ObjectIdentifier " + algname);
418 }
419
420 if (oid == null) {
421 throw new NoSuchAlgorithmException
422 ("unrecognized algorithm name: " + algname);
423 }
424 return new AlgorithmId(oid);
425 }
426
427 /**
428 * Returns one of the algorithm IDs most commonly associated
429 * with this algorithm parameters.
430 *
431 * @param algparams the associated algorithm parameters.
432 * @exception NoSuchAlgorithmException on error.
433 */
434 public static AlgorithmId get(AlgorithmParameters algparams)
435 throws NoSuchAlgorithmException {
436 ObjectIdentifier oid;
437 String algname = algparams.getAlgorithm();
438 try {
439 oid = algOID(algname);
440 } catch (IOException ioe) {
441 throw new NoSuchAlgorithmException
442 ("Invalid ObjectIdentifier " + algname);
443 }
444 if (oid == null) {
445 throw new NoSuchAlgorithmException
446 ("unrecognized algorithm name: " + algname);
447 }
448 return new AlgorithmId(oid, algparams);
449 }
450
451 /*
452 * Translates from some common algorithm names to the
453 * OID with which they're usually associated ... this mapping
454 * is the reverse of the one below, except in those cases
455 * where synonyms are supported or where a given algorithm
456 * is commonly associated with multiple OIDs.
457 *
458 * XXX This method needs to be enhanced so that we can also pass the
459 * scope of the algorithm name to it, e.g., the algorithm name "DSA"
460 * may have a different OID when used as a "Signature" algorithm than when
461 * used as a "KeyPairGenerator" algorithm.
462 */
463 private static ObjectIdentifier algOID(String name) throws IOException {
464 // See if algname is in printable OID ("dot-dot") notation
465 if (name.indexOf('.') != -1) {
466 if (name.startsWith("OID.")) {
467 return new ObjectIdentifier(name.substring("OID.".length()));
468 } else {
469 return new ObjectIdentifier(name);
470 }
471 }
472
473 // Digesting algorithms
474 if (name.equalsIgnoreCase("MD5")) {
475 return AlgorithmId.MD5_oid;
476 }
477 if (name.equalsIgnoreCase("MD2")) {
478 return AlgorithmId.MD2_oid;
479 }
480 if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
481 || name.equalsIgnoreCase("SHA-1")) {
482 return AlgorithmId.SHA_oid;
483 }
484 if (name.equalsIgnoreCase("SHA-256") ||
485 name.equalsIgnoreCase("SHA256")) {
486 return AlgorithmId.SHA256_oid;
487 }
488 if (name.equalsIgnoreCase("SHA-384") ||
489 name.equalsIgnoreCase("SHA384")) {
490 return AlgorithmId.SHA384_oid;
491 }
492 if (name.equalsIgnoreCase("SHA-512") ||
493 name.equalsIgnoreCase("SHA512")) {
494 return AlgorithmId.SHA512_oid;
495 }
496 if (name.equalsIgnoreCase("SHA-224") ||
497 name.equalsIgnoreCase("SHA224")) {
498 return AlgorithmId.SHA224_oid;
499 }
500 if (name.equalsIgnoreCase("SHA-512/224") ||
501 name.equalsIgnoreCase("SHA512/224")) {
502 return AlgorithmId.SHA512_224_oid;
503 }
504 if (name.equalsIgnoreCase("SHA-512/256") ||
505 name.equalsIgnoreCase("SHA512/256")) {
506 return AlgorithmId.SHA512_256_oid;
507 }
508 // Various public key algorithms
509 if (name.equalsIgnoreCase("RSA")) {
510 return AlgorithmId.RSAEncryption_oid;
511 }
512 if (name.equalsIgnoreCase("RSASSA-PSS")) {
513 return AlgorithmId.RSASSA_PSS_oid;
514 }
515 if (name.equalsIgnoreCase("RSAES-OAEP")) {
516 return AlgorithmId.RSAES_OAEP_oid;
517 }
518 if (name.equalsIgnoreCase("Diffie-Hellman")
519 || name.equalsIgnoreCase("DH")) {
520 return AlgorithmId.DH_oid;
521 }
522 if (name.equalsIgnoreCase("DSA")) {
523 return AlgorithmId.DSA_oid;
524 }
525 if (name.equalsIgnoreCase("EC")) {
526 return EC_oid;
527 }
528 if (name.equalsIgnoreCase("ECDH")) {
529 return AlgorithmId.ECDH_oid;
530 }
531
532 // Secret key algorithms
533 if (name.equalsIgnoreCase("AES")) {
534 return AlgorithmId.AES_oid;
535 }
536
537 // Common signature types
538 if (name.equalsIgnoreCase("MD5withRSA")
539 || name.equalsIgnoreCase("MD5/RSA")) {
540 return AlgorithmId.md5WithRSAEncryption_oid;
541 }
542 if (name.equalsIgnoreCase("MD2withRSA")
543 || name.equalsIgnoreCase("MD2/RSA")) {
544 return AlgorithmId.md2WithRSAEncryption_oid;
545 }
546 if (name.equalsIgnoreCase("SHAwithDSA")
547 || name.equalsIgnoreCase("SHA1withDSA")
548 || name.equalsIgnoreCase("SHA/DSA")
549 || name.equalsIgnoreCase("SHA1/DSA")
550 || name.equalsIgnoreCase("DSAWithSHA1")
551 || name.equalsIgnoreCase("DSS")
552 || name.equalsIgnoreCase("SHA-1/DSA")) {
553 return AlgorithmId.sha1WithDSA_oid;
554 }
555 if (name.equalsIgnoreCase("SHA224WithDSA")) {
556 return AlgorithmId.sha224WithDSA_oid;
557 }
558 if (name.equalsIgnoreCase("SHA256WithDSA")) {
559 return AlgorithmId.sha256WithDSA_oid;
560 }
561 if (name.equalsIgnoreCase("SHA1WithRSA")
562 || name.equalsIgnoreCase("SHA1/RSA")) {
563 return AlgorithmId.sha1WithRSAEncryption_oid;
564 }
565 if (name.equalsIgnoreCase("SHA1withECDSA")
566 || name.equalsIgnoreCase("ECDSA")) {
567 return AlgorithmId.sha1WithECDSA_oid;
568 }
569 if (name.equalsIgnoreCase("SHA224withECDSA")) {
570 return AlgorithmId.sha224WithECDSA_oid;
571 }
572 if (name.equalsIgnoreCase("SHA256withECDSA")) {
573 return AlgorithmId.sha256WithECDSA_oid;
574 }
575 if (name.equalsIgnoreCase("SHA384withECDSA")) {
576 return AlgorithmId.sha384WithECDSA_oid;
577 }
578 if (name.equalsIgnoreCase("SHA512withECDSA")) {
579 return AlgorithmId.sha512WithECDSA_oid;
580 }
581
582 return oidTable().get(name.toUpperCase(Locale.ENGLISH));
583 }
584
585 private static ObjectIdentifier oid(int ... values) {
586 return ObjectIdentifier.newInternal(values);
587 }
588
589 private static volatile Map<String,ObjectIdentifier> oidTable;
590 private static final Map<ObjectIdentifier,String> nameTable;
591
592 /** Returns the oidTable, lazily initializing it on first access. */
593 private static Map<String,ObjectIdentifier> oidTable()
594 throws IOException {
595 // Double checked locking; safe because oidTable is volatile
596 Map<String,ObjectIdentifier> tab;
597 if ((tab = oidTable) == null) {
598 synchronized (AlgorithmId.class) {
599 if ((tab = oidTable) == null)
600 oidTable = tab = computeOidTable();
601 }
602 }
603 return tab;
604 }
605
606 /** Collects the algorithm names from the installed providers. */
607 private static HashMap<String,ObjectIdentifier> computeOidTable()
608 throws IOException {
609 HashMap<String,ObjectIdentifier> tab = new HashMap<>();
610 for (Provider provider : Security.getProviders()) {
611 for (Object key : provider.keySet()) {
612 String alias = (String)key;
613 String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
614 int index;
615 if (upperCaseAlias.startsWith("ALG.ALIAS") &&
616 (index=upperCaseAlias.indexOf("OID.", 0)) != -1) {
617 index += "OID.".length();
618 if (index == alias.length()) {
619 // invalid alias entry
620 break;
621 }
622 String oidString = alias.substring(index);
623 String stdAlgName = provider.getProperty(alias);
624 if (stdAlgName != null) {
625 stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
626 }
627 if (stdAlgName != null &&
628 tab.get(stdAlgName) == null) {
629 tab.put(stdAlgName, new ObjectIdentifier(oidString));
630 }
631 }
632 }
633 }
634 return tab;
635 }
636
637 /*****************************************************************/
638
639 /*
640 * HASHING ALGORITHMS
641 */
642
643 /**
644 * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
645 * OID = 1.2.840.113549.2.2
646 */
647 public static final ObjectIdentifier MD2_oid =
648 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2});
649
650 /**
651 * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
652 * OID = 1.2.840.113549.2.5
653 */
654 public static final ObjectIdentifier MD5_oid =
655 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5});
656
657 /**
658 * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
659 * This is sometimes called "SHA", though that is often confusing since
660 * many people refer to FIPS 180 (which has an error) as defining SHA.
661 * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
662 */
663 public static final ObjectIdentifier SHA_oid =
664 ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});
665
666 public static final ObjectIdentifier SHA224_oid =
667 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});
668
669 public static final ObjectIdentifier SHA256_oid =
670 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});
671
672 public static final ObjectIdentifier SHA384_oid =
673 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2});
674
675 public static final ObjectIdentifier SHA512_oid =
676 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3});
677
678 public static final ObjectIdentifier SHA512_224_oid =
679 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5});
680
681 public static final ObjectIdentifier SHA512_256_oid =
682 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6});
683
684 /*
685 * COMMON PUBLIC KEY TYPES
686 */
687 private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 };
688 private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 };
689 private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 };
690 private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 };
691 private static final int[] RSA_data = { 2, 5, 8, 1, 1 };
692
693 public static final ObjectIdentifier DH_oid;
694 public static final ObjectIdentifier DH_PKIX_oid;
695 public static final ObjectIdentifier DSA_oid;
696 public static final ObjectIdentifier DSA_OIW_oid;
697 public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);
698 public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);
699 public static final ObjectIdentifier RSA_oid;
700 public static final ObjectIdentifier RSAEncryption_oid =
701 oid(1, 2, 840, 113549, 1, 1, 1);
702 public static final ObjectIdentifier RSAES_OAEP_oid =
703 oid(1, 2, 840, 113549, 1, 1, 7);
704 public static final ObjectIdentifier mgf1_oid =
705 oid(1, 2, 840, 113549, 1, 1, 8);
706 public static final ObjectIdentifier RSASSA_PSS_oid =
707 oid(1, 2, 840, 113549, 1, 1, 10);
708
709 /*
710 * COMMON SECRET KEY TYPES
711 */
712 public static final ObjectIdentifier AES_oid =
713 oid(2, 16, 840, 1, 101, 3, 4, 1);
714
715 /*
716 * COMMON SIGNATURE ALGORITHMS
717 */
718 private static final int[] md2WithRSAEncryption_data =
719 { 1, 2, 840, 113549, 1, 1, 2 };
720 private static final int[] md5WithRSAEncryption_data =
721 { 1, 2, 840, 113549, 1, 1, 4 };
722 private static final int[] sha1WithRSAEncryption_data =
723 { 1, 2, 840, 113549, 1, 1, 5 };
724 private static final int[] sha1WithRSAEncryption_OIW_data =
725 { 1, 3, 14, 3, 2, 29 };
726 private static final int[] sha224WithRSAEncryption_data =
727 { 1, 2, 840, 113549, 1, 1, 14 };
728 private static final int[] sha256WithRSAEncryption_data =
729 { 1, 2, 840, 113549, 1, 1, 11 };
730 private static final int[] sha384WithRSAEncryption_data =
731 { 1, 2, 840, 113549, 1, 1, 12 };
732 private static final int[] sha512WithRSAEncryption_data =
733 { 1, 2, 840, 113549, 1, 1, 13 };
734
735 private static final int[] shaWithDSA_OIW_data =
736 { 1, 3, 14, 3, 2, 13 };
737 private static final int[] sha1WithDSA_OIW_data =
738 { 1, 3, 14, 3, 2, 27 };
739 private static final int[] dsaWithSHA1_PKIX_data =
740 { 1, 2, 840, 10040, 4, 3 };
741
742 public static final ObjectIdentifier md2WithRSAEncryption_oid;
743 public static final ObjectIdentifier md5WithRSAEncryption_oid;
744 public static final ObjectIdentifier sha1WithRSAEncryption_oid;
745 public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
746 public static final ObjectIdentifier sha224WithRSAEncryption_oid;
747 public static final ObjectIdentifier sha256WithRSAEncryption_oid;
748 public static final ObjectIdentifier sha384WithRSAEncryption_oid;
749 public static final ObjectIdentifier sha512WithRSAEncryption_oid;
750 public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
751 oid(1, 2, 840, 113549, 1, 1, 15);
752 public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
753 oid(1, 2, 840, 113549, 1, 1, 16);;
754
755 public static final ObjectIdentifier shaWithDSA_OIW_oid;
756 public static final ObjectIdentifier sha1WithDSA_OIW_oid;
757 public static final ObjectIdentifier sha1WithDSA_oid;
758 public static final ObjectIdentifier sha224WithDSA_oid =
759 oid(2, 16, 840, 1, 101, 3, 4, 3, 1);
760 public static final ObjectIdentifier sha256WithDSA_oid =
761 oid(2, 16, 840, 1, 101, 3, 4, 3, 2);
762
763 public static final ObjectIdentifier sha1WithECDSA_oid =
764 oid(1, 2, 840, 10045, 4, 1);
765 public static final ObjectIdentifier sha224WithECDSA_oid =
766 oid(1, 2, 840, 10045, 4, 3, 1);
767 public static final ObjectIdentifier sha256WithECDSA_oid =
768 oid(1, 2, 840, 10045, 4, 3, 2);
769 public static final ObjectIdentifier sha384WithECDSA_oid =
770 oid(1, 2, 840, 10045, 4, 3, 3);
771 public static final ObjectIdentifier sha512WithECDSA_oid =
772 oid(1, 2, 840, 10045, 4, 3, 4);
773 public static final ObjectIdentifier specifiedWithECDSA_oid =
774 oid(1, 2, 840, 10045, 4, 3);
775
776 /**
777 * Algorithm ID for the PBE encryption algorithms from PKCS#5 and
778 * PKCS#12.
779 */
780 public static final ObjectIdentifier pbeWithMD5AndDES_oid =
781 ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3});
782 public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
783 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6});
784 public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
785 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10});
786 public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
787 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11});
788 public static ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
789 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 1});
790 public static ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
791 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 2});
792 public static ObjectIdentifier pbeWithSHA1AndDESede_oid =
793 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3});
794 public static ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
795 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 5});
796 public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
797 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});
798
799 static {
800 /*
801 * Note the preferred OIDs are named simply with no "OIW" or
802 * "PKIX" in them, even though they may point to data from these
803 * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
804 */
805 /**
806 * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
807 * Parameters include public values P and G, and may optionally specify
808 * the length of the private key X. Alternatively, algorithm parameters
809 * may be derived from another source such as a Certificate Authority's
810 * certificate.
811 * OID = 1.2.840.113549.1.3.1
812 */
813 DH_oid = ObjectIdentifier.newInternal(DH_data);
814
815 /**
816 * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
817 * Parameters may include public values P and G.
818 * OID = 1.2.840.10046.2.1
819 */
820 DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data);
821
822 /**
823 * Algorithm ID for the Digital Signing Algorithm (DSA), from the
824 * NIST OIW Stable Agreements part 12.
825 * Parameters may include public values P, Q, and G; or these may be
826 * derived from
827 * another source such as a Certificate Authority's certificate.
828 * OID = 1.3.14.3.2.12
829 */
830 DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data);
831
832 /**
833 * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
834 * Parameters may include public values P, Q, and G; or these may be
835 * derived from another source such as a Certificate Authority's
836 * certificate.
837 * OID = 1.2.840.10040.4.1
838 */
839 DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data);
840
841 /**
842 * Algorithm ID for RSA keys used for any purpose, as defined in X.509.
843 * The algorithm parameter is a single value, the number of bits in the
844 * public modulus.
845 * OID = 2.5.8.1.1
846 */
847 RSA_oid = ObjectIdentifier.newInternal(RSA_data);
848
849 /**
850 * Identifies a signing algorithm where an MD2 digest is encrypted
851 * using an RSA private key; defined in PKCS #1. Use of this
852 * signing algorithm is discouraged due to MD2 vulnerabilities.
853 * OID = 1.2.840.113549.1.1.2
854 */
855 md2WithRSAEncryption_oid =
856 ObjectIdentifier.newInternal(md2WithRSAEncryption_data);
857
858 /**
859 * Identifies a signing algorithm where an MD5 digest is
860 * encrypted using an RSA private key; defined in PKCS #1.
861 * OID = 1.2.840.113549.1.1.4
862 */
863 md5WithRSAEncryption_oid =
864 ObjectIdentifier.newInternal(md5WithRSAEncryption_data);
865
866 /**
867 * Identifies a signing algorithm where a SHA1 digest is
868 * encrypted using an RSA private key; defined by RSA DSI.
869 * OID = 1.2.840.113549.1.1.5
870 */
871 sha1WithRSAEncryption_oid =
872 ObjectIdentifier.newInternal(sha1WithRSAEncryption_data);
873
874 /**
875 * Identifies a signing algorithm where a SHA1 digest is
876 * encrypted using an RSA private key; defined in NIST OIW.
877 * OID = 1.3.14.3.2.29
878 */
879 sha1WithRSAEncryption_OIW_oid =
880 ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);
881
882 /**
883 * Identifies a signing algorithm where a SHA224 digest is
884 * encrypted using an RSA private key; defined by PKCS #1.
885 * OID = 1.2.840.113549.1.1.14
886 */
887 sha224WithRSAEncryption_oid =
888 ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);
889
890 /**
891 * Identifies a signing algorithm where a SHA256 digest is
892 * encrypted using an RSA private key; defined by PKCS #1.
893 * OID = 1.2.840.113549.1.1.11
894 */
895 sha256WithRSAEncryption_oid =
896 ObjectIdentifier.newInternal(sha256WithRSAEncryption_data);
897
898 /**
899 * Identifies a signing algorithm where a SHA384 digest is
900 * encrypted using an RSA private key; defined by PKCS #1.
901 * OID = 1.2.840.113549.1.1.12
902 */
903 sha384WithRSAEncryption_oid =
904 ObjectIdentifier.newInternal(sha384WithRSAEncryption_data);
905
906 /**
907 * Identifies a signing algorithm where a SHA512 digest is
908 * encrypted using an RSA private key; defined by PKCS #1.
909 * OID = 1.2.840.113549.1.1.13
910 */
911 sha512WithRSAEncryption_oid =
912 ObjectIdentifier.newInternal(sha512WithRSAEncryption_data);
913
914 /**
915 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
916 * SHA digest is signed using the Digital Signing Algorithm (DSA).
917 * This should not be used.
918 * OID = 1.3.14.3.2.13
919 */
920 shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data);
921
922 /**
923 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
924 * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
925 * OID = 1.3.14.3.2.27
926 */
927 sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data);
928
929 /**
930 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
931 * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
932 * OID = 1.2.840.10040.4.3
933 */
934 sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data);
935
936 nameTable = new HashMap<>();
937 nameTable.put(MD5_oid, "MD5");
938 nameTable.put(MD2_oid, "MD2");
939 nameTable.put(SHA_oid, "SHA-1");
940 nameTable.put(SHA224_oid, "SHA-224");
941 nameTable.put(SHA256_oid, "SHA-256");
942 nameTable.put(SHA384_oid, "SHA-384");
943 nameTable.put(SHA512_oid, "SHA-512");
944 nameTable.put(SHA512_224_oid, "SHA-512/224");
945 nameTable.put(SHA512_256_oid, "SHA-512/256");
946 nameTable.put(RSAEncryption_oid, "RSA");
947 nameTable.put(RSA_oid, "RSA");
948 nameTable.put(DH_oid, "Diffie-Hellman");
949 nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
950 nameTable.put(DSA_oid, "DSA");
951 nameTable.put(DSA_OIW_oid, "DSA");
952 nameTable.put(EC_oid, "EC");
953 nameTable.put(ECDH_oid, "ECDH");
954
955 nameTable.put(AES_oid, "AES");
956
957 nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
958 nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
959 nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
960 nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
961 nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
962 nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
963 nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
964 nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
965 nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
966 nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
967 nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
968 nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
969 nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
970 nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
971 nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
972 nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
973 nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
974 nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
975 nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
976 nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
977 nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
978 nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
979
980 nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
981 nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
982 nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
983 nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
984 nameTable.put(pbeWithSHA1AndRC4_128_oid, "PBEWithSHA1AndRC4_128");
985 nameTable.put(pbeWithSHA1AndRC4_40_oid, "PBEWithSHA1AndRC4_40");
986 nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
987 nameTable.put(pbeWithSHA1AndRC2_128_oid, "PBEWithSHA1AndRC2_128");
988 nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
989 }
990
991 /**
992 * Creates a signature algorithm name from a digest algorithm
993 * name and a encryption algorithm name.
994 */
995 public static String makeSigAlg(String digAlg, String encAlg) {
996 digAlg = digAlg.replace("-", "");
997 if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA";
998
999 return digAlg + "with" + encAlg;
1000 }
1001
1002 /**
1003 * Extracts the encryption algorithm name from a signature
1004 * algorithm name.
1005 */
1006 public static String getEncAlgFromSigAlg(String signatureAlgorithm) {
1007 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
1008 int with = signatureAlgorithm.indexOf("WITH");
1009 String keyAlgorithm = null;
1010 if (with > 0) {
1011 int and = signatureAlgorithm.indexOf("AND", with + 4);
1012 if (and > 0) {
1013 keyAlgorithm = signatureAlgorithm.substring(with + 4, and);
1014 } else {
1015 keyAlgorithm = signatureAlgorithm.substring(with + 4);
1016 }
1017 if (keyAlgorithm.equalsIgnoreCase("ECDSA")) {
1018 keyAlgorithm = "EC";
1019 }
1020 }
1021 return keyAlgorithm;
1022 }
1023
1024 /**
1025 * Extracts the digest algorithm name from a signature
1026 * algorithm name.
1027 */
1028 public static String getDigAlgFromSigAlg(String signatureAlgorithm) {
1029 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
1030 int with = signatureAlgorithm.indexOf("WITH");
1031 if (with > 0) {
1032 return signatureAlgorithm.substring(0, with);
1033 }
1034 return null;
1035 }
1036
1037 /**
1038 * Checks if a signature algorithm matches a key algorithm, i.e. a
1039 * signature can be initialized with a key.
1040 *
1041 * @param kAlg must not be null
1042 * @param sAlg must not be null
1043 * @throws IllegalArgumentException if they do not match
1044 */
1045 public static void checkKeyAndSigAlgMatch(String kAlg, String sAlg) {
1046 String sAlgUp = sAlg.toUpperCase(Locale.US);
1047 if ((sAlgUp.endsWith("WITHRSA") && !kAlg.equalsIgnoreCase("RSA")) ||
1048 (sAlgUp.endsWith("WITHECDSA") && !kAlg.equalsIgnoreCase("EC")) ||
1049 (sAlgUp.endsWith("WITHDSA") && !kAlg.equalsIgnoreCase("DSA"))) {
1050 throw new IllegalArgumentException(
1051 "key algorithm not compatible with signature algorithm");
1052 }
1053 }
1054
1055 /**
1056 * Returns the default signature algorithm for a private key. The digest
1057 * part might evolve with time. Remember to update the spec of
1058 * {@link jdk.security.jarsigner.JarSigner.Builder#getDefaultSignatureAlgorithm(PrivateKey)}
1059 * if updated.
1060 *
1061 * @param k cannot be null
1062 * @return the default alg, might be null if unsupported
1063 */
1064 public static String getDefaultSigAlgForKey(PrivateKey k) {
1065 switch (k.getAlgorithm().toUpperCase(Locale.ENGLISH)) {
1066 case "EC":
1067 return ecStrength(KeyUtil.getKeySize(k))
1068 + "withECDSA";
1069 case "DSA":
1070 return ifcFfcStrength(KeyUtil.getKeySize(k))
1071 + "withDSA";
1072 case "RSA":
1073 return ifcFfcStrength(KeyUtil.getKeySize(k))
1074 + "withRSA";
1075 default:
1076 return null;
1077 }
1078 }
1079
1080 // Most commonly used PSSParameterSpec and AlgorithmId
1081 private static class PSSParamsHolder {
1082
1083 final static PSSParameterSpec PSS_256_SPEC = new PSSParameterSpec(
1084 "SHA-256", "MGF1",
1085 new MGF1ParameterSpec("SHA-256"),
1086 32, PSSParameterSpec.TRAILER_FIELD_BC);
1087 final static PSSParameterSpec PSS_384_SPEC = new PSSParameterSpec(
1088 "SHA-384", "MGF1",
1089 new MGF1ParameterSpec("SHA-384"),
1090 48, PSSParameterSpec.TRAILER_FIELD_BC);
1091 final static PSSParameterSpec PSS_512_SPEC = new PSSParameterSpec(
1092 "SHA-512", "MGF1",
1093 new MGF1ParameterSpec("SHA-512"),
1094 64, PSSParameterSpec.TRAILER_FIELD_BC);
1095
1096 final static AlgorithmId PSS_256_ID;
1097 final static AlgorithmId PSS_384_ID;
1098 final static AlgorithmId PSS_512_ID;
1099
1100 static {
1101 try {
1102 PSS_256_ID = new AlgorithmId(RSASSA_PSS_oid,
1103 new DerValue(PSSParameters.getEncoded(PSS_256_SPEC)));
1104 PSS_384_ID = new AlgorithmId(RSASSA_PSS_oid,
1105 new DerValue(PSSParameters.getEncoded(PSS_384_SPEC)));
1106 PSS_512_ID = new AlgorithmId(RSASSA_PSS_oid,
1107 new DerValue(PSSParameters.getEncoded(PSS_512_SPEC)));
1108 } catch (IOException e) {
1109 throw new AssertionError("Should not happen", e);
1110 }
1111 }
1112 }
1113
1114 public static AlgorithmId getWithParameterSpec(String algName,
1115 AlgorithmParameterSpec spec) throws NoSuchAlgorithmException {
1116
1117 if (spec == null) {
1118 return AlgorithmId.get(algName);
1119 } else if (spec == PSSParamsHolder.PSS_256_SPEC) {
1120 return PSSParamsHolder.PSS_256_ID;
1121 } else if (spec == PSSParamsHolder.PSS_384_SPEC) {
1122 return PSSParamsHolder.PSS_384_ID;
1123 } else if (spec == PSSParamsHolder.PSS_512_SPEC) {
1124 return PSSParamsHolder.PSS_512_ID;
1125 } else {
1126 try {
1127 AlgorithmParameters result =
1128 AlgorithmParameters.getInstance(algName);
1129 result.init(spec);
1130 return get(result);
1131 } catch (InvalidParameterSpecException | NoSuchAlgorithmException e) {
1132 throw new ProviderException(e);
1133 }
1134 }
1135 }
1136
1137 public static PSSParameterSpec getDefaultAlgorithmParameterSpec(
1138 String sigAlg, PrivateKey k) {
1139 if (sigAlg.equalsIgnoreCase("RSASSA-PSS")) {
1140 switch (ifcFfcStrength(KeyUtil.getKeySize(k))) {
1141 case "SHA256":
1142 return PSSParamsHolder.PSS_256_SPEC;
1143 case "SHA384":
1144 return PSSParamsHolder.PSS_384_SPEC;
1145 case "SHA512":
1146 return PSSParamsHolder.PSS_512_SPEC;
1147 default:
1148 throw new AssertionError("Should not happen");
1149 }
1150 } else {
1151 return null;
1152 }
1153 }
1154
1155 // Values from SP800-57 part 1 rev 4 tables 2 and 3
1156 private static String ecStrength (int bitLength) {
1157 if (bitLength >= 512) { // 256 bits of strength
1158 return "SHA512";
1159 } else if (bitLength >= 384) { // 192 bits of strength
1160 return "SHA384";
1161 } else { // 128 bits of strength and less
1162 return "SHA256";
1163 }
1164 }
1165
1166 // Same values for RSA and DSA
1167 private static String ifcFfcStrength (int bitLength) {
1168 if (bitLength > 7680) { // 256 bits
1169 return "SHA512";
1170 } else if (bitLength > 3072) { // 192 bits
1171 return "SHA384";
1172 } else { // 128 bits and less
1173 return "SHA256";
1174 }
1175 }
1176 }