1 /*
2 * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.x509;
27
28 import java.io.*;
29 import java.security.spec.AlgorithmParameterSpec;
30 import java.security.spec.InvalidParameterSpecException;
31 import java.security.spec.MGF1ParameterSpec;
32 import java.security.spec.PSSParameterSpec;
33 import java.util.*;
34 import java.security.*;
35
36 import sun.security.rsa.PSSParameters;
37 import sun.security.util.*;
38
39
40 /**
41 * This class identifies algorithms, such as cryptographic transforms, each
42 * of which may be associated with parameters. Instances of this base class
43 * are used when this runtime environment has no special knowledge of the
44 * algorithm type, and may also be used in other cases. Equivalence is
45 * defined according to OID and (where relevant) parameters.
46 *
47 * <P>Subclasses may be used, for example when the algorithm ID has
48 * associated parameters which some code (e.g. code using public keys) needs
49 * to have parsed. Two examples of such algorithms are Diffie-Hellman key
50 * exchange, and the Digital Signature Standard Algorithm (DSS/DSA).
51 *
52 * <P>The OID constants defined in this class correspond to some widely
53 * used algorithms, for which conventional string names have been defined.
54 * This class is not a general repository for OIDs, or for such string names.
55 * Note that the mappings between algorithm IDs and algorithm names is
56 * not one-to-one.
57 *
58 *
59 * @author David Brownell
60 * @author Amit Kapoor
61 * @author Hemma Prafullchandra
62 */
63 public class AlgorithmId implements Serializable, DerEncoder {
64
65 /** use serialVersionUID from JDK 1.1. for interoperability */
66 @java.io.Serial
67 private static final long serialVersionUID = 7205873507486557157L;
68
69 /**
70 * The object identitifer being used for this algorithm.
71 */
72 private ObjectIdentifier algid;
73
74 // The (parsed) parameters
75 @SuppressWarnings("serial") // Not statically typed as Serializable
76 private AlgorithmParameters algParams;
77 private boolean constructedFromDer = true;
78
79 /**
80 * Parameters for this algorithm. These are stored in unparsed
81 * DER-encoded form; subclasses can be made to automaticaly parse
82 * them so there is fast access to these parameters.
83 */
84 @SuppressWarnings("serial") // Not statically typed as Serializable
85 protected DerValue params;
86
87
88 /**
89 * Constructs an algorithm ID which will be initialized
90 * separately, for example by deserialization.
91 * @deprecated use one of the other constructors.
92 */
93 @Deprecated
94 public AlgorithmId() { }
95
96 /**
97 * Constructs a parameterless algorithm ID.
98 *
99 * @param oid the identifier for the algorithm
100 */
101 public AlgorithmId(ObjectIdentifier oid) {
102 algid = oid;
103 }
104
105 /**
106 * Constructs an algorithm ID with algorithm parameters.
107 *
108 * @param oid the identifier for the algorithm.
109 * @param algparams the associated algorithm parameters.
110 */
111 public AlgorithmId(ObjectIdentifier oid, AlgorithmParameters algparams) {
112 algid = oid;
113 algParams = algparams;
114 constructedFromDer = false;
115 }
116
117 private AlgorithmId(ObjectIdentifier oid, DerValue params)
118 throws IOException {
119 this.algid = oid;
120 this.params = params;
121 if (this.params != null) {
122 decodeParams();
123 }
124 }
125
126 protected void decodeParams() throws IOException {
127 String algidString = algid.toString();
128 try {
129 algParams = AlgorithmParameters.getInstance(algidString);
130 } catch (NoSuchAlgorithmException e) {
131 /*
132 * This algorithm parameter type is not supported, so we cannot
133 * parse the parameters.
134 */
135 algParams = null;
136 return;
137 }
138
139 // Decode (parse) the parameters
140 algParams.init(params.toByteArray());
141 }
142
143 /**
144 * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream.
145 */
146 public final void encode(DerOutputStream out) throws IOException {
147 derEncode(out);
148 }
149
150 /**
151 * DER encode this object onto an output stream.
152 * Implements the <code>DerEncoder</code> interface.
153 *
154 * @param out
155 * the output stream on which to write the DER encoding.
156 *
157 * @exception IOException on encoding error.
158 */
159 public void derEncode (OutputStream out) throws IOException {
160 DerOutputStream bytes = new DerOutputStream();
161 DerOutputStream tmp = new DerOutputStream();
162
163 bytes.putOID(algid);
164 // Setup params from algParams since no DER encoding is given
165 if (constructedFromDer == false) {
166 if (algParams != null) {
167 params = new DerValue(algParams.getEncoded());
168 } else {
169 params = null;
170 }
171 }
172 if (params == null) {
173 // Changes backed out for compatibility with Solaris
174
175 // Several AlgorithmId should omit the whole parameter part when
176 // it's NULL. They are ---
177 // RFC 3370 2.1: Implementations SHOULD generate SHA-1
178 // AlgorithmIdentifiers with absent parameters.
179 // RFC 3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
180 // id-sha512 are used in an AlgorithmIdentifier the parameters
181 // (which are optional) SHOULD be omitted.
182 // RFC 3279 2.3.2: The id-dsa algorithm syntax includes optional
183 // domain parameters... When omitted, the parameters component
184 // MUST be omitted entirely
185 // RFC 3370 3.1: When the id-dsa-with-sha1 algorithm identifier
186 // is used, the AlgorithmIdentifier parameters field MUST be absent.
187 /*if (
188 algid.equals((Object)SHA_oid) ||
189 algid.equals((Object)SHA224_oid) ||
190 algid.equals((Object)SHA256_oid) ||
191 algid.equals((Object)SHA384_oid) ||
192 algid.equals((Object)SHA512_oid) ||
193 algid.equals((Object)SHA512_224_oid) ||
194 algid.equals((Object)SHA512_256_oid) ||
195 algid.equals((Object)DSA_oid) ||
196 algid.equals((Object)sha1WithDSA_oid)) {
197 ; // no parameter part encoded
198 } else {
199 bytes.putNull();
200 }*/
201 if (algid.equals(RSASSA_PSS_oid)) {
202 // RFC 4055 3.3: when an RSASSA-PSS key does not require
203 // parameter validation, field is absent.
204 } else {
205 bytes.putNull();
206 }
207 } else {
208 bytes.putDerValue(params);
209 }
210 tmp.write(DerValue.tag_Sequence, bytes);
211 out.write(tmp.toByteArray());
212 }
213
214
215 /**
216 * Returns the DER-encoded X.509 AlgorithmId as a byte array.
217 */
218 public final byte[] encode() throws IOException {
219 DerOutputStream out = new DerOutputStream();
220 derEncode(out);
221 return out.toByteArray();
222 }
223
224 /**
225 * Returns the ISO OID for this algorithm. This is usually converted
226 * to a string and used as part of an algorithm name, for example
227 * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code>
228 * call when you do not need to ensure cross-system portability
229 * of algorithm names, or need a user friendly name.
230 */
231 public final ObjectIdentifier getOID () {
232 return algid;
233 }
234
235 /**
236 * Returns a name for the algorithm which may be more intelligible
237 * to humans than the algorithm's OID, but which won't necessarily
238 * be comprehensible on other systems. For example, this might
239 * return a name such as "MD5withRSA" for a signature algorithm on
240 * some systems. It also returns names like "OID.1.2.3.4", when
241 * no particular name for the algorithm is known.
242 */
243 public String getName() {
244 String algName = nameTable.get(algid);
245 if (algName != null) {
246 return algName;
247 }
248 return (algName == null) ? algid.toString() : algName;
249 }
250
251 public AlgorithmParameters getParameters() {
252 return algParams;
253 }
254
255 /**
256 * Returns the DER encoded parameter, which can then be
257 * used to initialize java.security.AlgorithmParamters.
258 *
259 * @return DER encoded parameters, or null not present.
260 */
261 public byte[] getEncodedParams() throws IOException {
262 return (params == null) ? null : params.toByteArray();
263 }
264
265 /**
266 * Returns true iff the argument indicates the same algorithm
267 * with the same parameters.
268 */
269 public boolean equals(AlgorithmId other) {
270 boolean paramsEqual = Objects.equals(other.params, params);
271 return (algid.equals((Object)other.algid) && paramsEqual);
272 }
273
274 /**
275 * Compares this AlgorithmID to another. If algorithm parameters are
276 * available, they are compared. Otherwise, just the object IDs
277 * for the algorithm are compared.
278 *
279 * @param other preferably an AlgorithmId, else an ObjectIdentifier
280 */
281 public boolean equals(Object other) {
282 if (this == other) {
283 return true;
284 }
285 if (other instanceof AlgorithmId) {
286 return equals((AlgorithmId) other);
287 } else if (other instanceof ObjectIdentifier) {
288 return equals((ObjectIdentifier) other);
289 } else {
290 return false;
291 }
292 }
293
294 /**
295 * Compares two algorithm IDs for equality. Returns true iff
296 * they are the same algorithm, ignoring algorithm parameters.
297 */
298 public final boolean equals(ObjectIdentifier id) {
299 return algid.equals((Object)id);
300 }
301
302 /**
303 * Returns a hashcode for this AlgorithmId.
304 *
305 * @return a hashcode for this AlgorithmId.
306 */
307 public int hashCode() {
308 StringBuilder sbuf = new StringBuilder();
309 sbuf.append(algid.toString());
310 sbuf.append(paramsToString());
311 return sbuf.toString().hashCode();
312 }
313
314 /**
315 * Provides a human-readable description of the algorithm parameters.
316 * This may be redefined by subclasses which parse those parameters.
317 */
318 protected String paramsToString() {
319 if (params == null) {
320 return "";
321 } else if (algParams != null) {
322 return algParams.toString();
323 } else {
324 return ", params unparsed";
325 }
326 }
327
328 /**
329 * Returns a string describing the algorithm and its parameters.
330 */
331 public String toString() {
332 return getName() + paramsToString();
333 }
334
335 /**
336 * Parse (unmarshal) an ID from a DER sequence input value. This form
337 * parsing might be used when expanding a value which has already been
338 * partially unmarshaled as a set or sequence member.
339 *
340 * @exception IOException on error.
341 * @param val the input value, which contains the algid and, if
342 * there are any parameters, those parameters.
343 * @return an ID for the algorithm. If the system is configured
344 * appropriately, this may be an instance of a class
345 * with some kind of special support for this algorithm.
346 * In that case, you may "narrow" the type of the ID.
347 */
348 public static AlgorithmId parse(DerValue val) throws IOException {
349 if (val.tag != DerValue.tag_Sequence) {
350 throw new IOException("algid parse error, not a sequence");
351 }
352
353 /*
354 * Get the algorithm ID and any parameters.
355 */
356 ObjectIdentifier algid;
357 DerValue params;
358 DerInputStream in = val.toDerInputStream();
359
360 algid = in.getOID();
361 if (in.available() == 0) {
362 params = null;
363 } else {
364 params = in.getDerValue();
365 if (params.tag == DerValue.tag_Null) {
366 if (params.length() != 0) {
367 throw new IOException("invalid NULL");
368 }
369 params = null;
370 }
371 if (in.available() != 0) {
372 throw new IOException("Invalid AlgorithmIdentifier: extra data");
373 }
374 // Some implementation uses ecdsa-with-SHA2 as the algorithm and
375 // specifies the hash algorithm in parameters. Here we convert it
376 // directly to a signature algorithm including the hash algorithm.
377 if (algid.equals(specifiedWithECDSA_oid)) {
378 try {
379 AlgorithmId paramsId = AlgorithmId.parse(params);
380 String paramsName = paramsId.getName();
381 String algName = makeSigAlg(paramsName, "EC");
382 algid = AlgorithmId.get(algName).getOID();
383 params = null;
384 } catch (Exception e) {
385 // ignore
386 }
387 }
388 }
389
390 return new AlgorithmId(algid, params);
391 }
392
393 /**
394 * Returns one of the algorithm IDs most commonly associated
395 * with this algorithm name.
396 *
397 * @param algname the name being used
398 * @deprecated use the short get form of this method.
399 * @exception NoSuchAlgorithmException on error.
400 */
401 @Deprecated
402 public static AlgorithmId getAlgorithmId(String algname)
403 throws NoSuchAlgorithmException {
404 return get(algname);
405 }
406
407 /**
408 * Returns one of the algorithm IDs most commonly associated
409 * with this algorithm name.
410 *
411 * @param algname the name being used
412 * @exception NoSuchAlgorithmException on error.
413 */
414 public static AlgorithmId get(String algname)
415 throws NoSuchAlgorithmException {
416 ObjectIdentifier oid;
417 try {
418 oid = algOID(algname);
419 } catch (IOException ioe) {
420 throw new NoSuchAlgorithmException
421 ("Invalid ObjectIdentifier " + algname);
422 }
423
424 if (oid == null) {
425 throw new NoSuchAlgorithmException
426 ("unrecognized algorithm name: " + algname);
427 }
428 return new AlgorithmId(oid);
429 }
430
431 /**
432 * Returns one of the algorithm IDs most commonly associated
433 * with this algorithm parameters.
434 *
435 * @param algparams the associated algorithm parameters.
436 * @exception NoSuchAlgorithmException on error.
437 */
438 public static AlgorithmId get(AlgorithmParameters algparams)
439 throws NoSuchAlgorithmException {
440 ObjectIdentifier oid;
441 String algname = algparams.getAlgorithm();
442 try {
443 oid = algOID(algname);
444 } catch (IOException ioe) {
445 throw new NoSuchAlgorithmException
446 ("Invalid ObjectIdentifier " + algname);
447 }
448 if (oid == null) {
449 throw new NoSuchAlgorithmException
450 ("unrecognized algorithm name: " + algname);
451 }
452 return new AlgorithmId(oid, algparams);
453 }
454
455 /*
456 * Translates from some common algorithm names to the
457 * OID with which they're usually associated ... this mapping
458 * is the reverse of the one below, except in those cases
459 * where synonyms are supported or where a given algorithm
460 * is commonly associated with multiple OIDs.
461 *
462 * XXX This method needs to be enhanced so that we can also pass the
463 * scope of the algorithm name to it, e.g., the algorithm name "DSA"
464 * may have a different OID when used as a "Signature" algorithm than when
465 * used as a "KeyPairGenerator" algorithm.
466 */
467 private static ObjectIdentifier algOID(String name) throws IOException {
468 // See if algname is in printable OID ("dot-dot") notation
469 if (name.indexOf('.') != -1) {
470 if (name.startsWith("OID.")) {
471 return new ObjectIdentifier(name.substring("OID.".length()));
472 } else {
473 return new ObjectIdentifier(name);
474 }
475 }
476
477 // Digesting algorithms
478 if (name.equalsIgnoreCase("MD5")) {
479 return AlgorithmId.MD5_oid;
480 }
481 if (name.equalsIgnoreCase("MD2")) {
482 return AlgorithmId.MD2_oid;
483 }
484 if (name.equalsIgnoreCase("SHA") || name.equalsIgnoreCase("SHA1")
485 || name.equalsIgnoreCase("SHA-1")) {
486 return AlgorithmId.SHA_oid;
487 }
488 if (name.equalsIgnoreCase("SHA-256") ||
489 name.equalsIgnoreCase("SHA256")) {
490 return AlgorithmId.SHA256_oid;
491 }
492 if (name.equalsIgnoreCase("SHA-384") ||
493 name.equalsIgnoreCase("SHA384")) {
494 return AlgorithmId.SHA384_oid;
495 }
496 if (name.equalsIgnoreCase("SHA-512") ||
497 name.equalsIgnoreCase("SHA512")) {
498 return AlgorithmId.SHA512_oid;
499 }
500 if (name.equalsIgnoreCase("SHA-224") ||
501 name.equalsIgnoreCase("SHA224")) {
502 return AlgorithmId.SHA224_oid;
503 }
504 if (name.equalsIgnoreCase("SHA-512/224") ||
505 name.equalsIgnoreCase("SHA512/224")) {
506 return AlgorithmId.SHA512_224_oid;
507 }
508 if (name.equalsIgnoreCase("SHA-512/256") ||
509 name.equalsIgnoreCase("SHA512/256")) {
510 return AlgorithmId.SHA512_256_oid;
511 }
512 // Various public key algorithms
513 if (name.equalsIgnoreCase("RSA")) {
514 return AlgorithmId.RSAEncryption_oid;
515 }
516 if (name.equalsIgnoreCase("RSASSA-PSS")) {
517 return AlgorithmId.RSASSA_PSS_oid;
518 }
519 if (name.equalsIgnoreCase("RSAES-OAEP")) {
520 return AlgorithmId.RSAES_OAEP_oid;
521 }
522 if (name.equalsIgnoreCase("Diffie-Hellman")
523 || name.equalsIgnoreCase("DH")) {
524 return AlgorithmId.DH_oid;
525 }
526 if (name.equalsIgnoreCase("DSA")) {
527 return AlgorithmId.DSA_oid;
528 }
529 if (name.equalsIgnoreCase("EC")) {
530 return EC_oid;
531 }
532 if (name.equalsIgnoreCase("ECDH")) {
533 return AlgorithmId.ECDH_oid;
534 }
535
536 // Secret key algorithms
537 if (name.equalsIgnoreCase("AES")) {
538 return AlgorithmId.AES_oid;
539 }
540
541 // Common signature types
542 if (name.equalsIgnoreCase("MD5withRSA")
543 || name.equalsIgnoreCase("MD5/RSA")) {
544 return AlgorithmId.md5WithRSAEncryption_oid;
545 }
546 if (name.equalsIgnoreCase("MD2withRSA")
547 || name.equalsIgnoreCase("MD2/RSA")) {
548 return AlgorithmId.md2WithRSAEncryption_oid;
549 }
550 if (name.equalsIgnoreCase("SHAwithDSA")
551 || name.equalsIgnoreCase("SHA1withDSA")
552 || name.equalsIgnoreCase("SHA/DSA")
553 || name.equalsIgnoreCase("SHA1/DSA")
554 || name.equalsIgnoreCase("DSAWithSHA1")
555 || name.equalsIgnoreCase("DSS")
556 || name.equalsIgnoreCase("SHA-1/DSA")) {
557 return AlgorithmId.sha1WithDSA_oid;
558 }
559 if (name.equalsIgnoreCase("SHA224WithDSA")) {
560 return AlgorithmId.sha224WithDSA_oid;
561 }
562 if (name.equalsIgnoreCase("SHA256WithDSA")) {
563 return AlgorithmId.sha256WithDSA_oid;
564 }
565 if (name.equalsIgnoreCase("SHA1WithRSA")
566 || name.equalsIgnoreCase("SHA1/RSA")) {
567 return AlgorithmId.sha1WithRSAEncryption_oid;
568 }
569 if (name.equalsIgnoreCase("SHA1withECDSA")
570 || name.equalsIgnoreCase("ECDSA")) {
571 return AlgorithmId.sha1WithECDSA_oid;
572 }
573 if (name.equalsIgnoreCase("SHA224withECDSA")) {
574 return AlgorithmId.sha224WithECDSA_oid;
575 }
576 if (name.equalsIgnoreCase("SHA256withECDSA")) {
577 return AlgorithmId.sha256WithECDSA_oid;
578 }
579 if (name.equalsIgnoreCase("SHA384withECDSA")) {
580 return AlgorithmId.sha384WithECDSA_oid;
581 }
582 if (name.equalsIgnoreCase("SHA512withECDSA")) {
583 return AlgorithmId.sha512WithECDSA_oid;
584 }
585
586 return oidTable().get(name.toUpperCase(Locale.ENGLISH));
587 }
588
589 private static ObjectIdentifier oid(int ... values) {
590 return ObjectIdentifier.newInternal(values);
591 }
592
593 private static volatile Map<String,ObjectIdentifier> oidTable;
594 private static final Map<ObjectIdentifier,String> nameTable;
595
596 /** Returns the oidTable, lazily initializing it on first access. */
597 private static Map<String,ObjectIdentifier> oidTable()
598 throws IOException {
599 // Double checked locking; safe because oidTable is volatile
600 Map<String,ObjectIdentifier> tab;
601 if ((tab = oidTable) == null) {
602 synchronized (AlgorithmId.class) {
603 if ((tab = oidTable) == null)
604 oidTable = tab = computeOidTable();
605 }
606 }
607 return tab;
608 }
609
610 /** Collects the algorithm names from the installed providers. */
611 private static HashMap<String,ObjectIdentifier> computeOidTable()
612 throws IOException {
613 HashMap<String,ObjectIdentifier> tab = new HashMap<>();
614 for (Provider provider : Security.getProviders()) {
615 for (Object key : provider.keySet()) {
616 String alias = (String)key;
617 String upperCaseAlias = alias.toUpperCase(Locale.ENGLISH);
618 int index;
619 if (upperCaseAlias.startsWith("ALG.ALIAS") &&
620 (index=upperCaseAlias.indexOf("OID.", 0)) != -1) {
621 index += "OID.".length();
622 if (index == alias.length()) {
623 // invalid alias entry
624 break;
625 }
626 String oidString = alias.substring(index);
627 String stdAlgName = provider.getProperty(alias);
628 if (stdAlgName != null) {
629 stdAlgName = stdAlgName.toUpperCase(Locale.ENGLISH);
630 }
631 if (stdAlgName != null &&
632 tab.get(stdAlgName) == null) {
633 tab.put(stdAlgName, new ObjectIdentifier(oidString));
634 }
635 }
636 }
637 }
638 return tab;
639 }
640
641 /*****************************************************************/
642
643 /*
644 * HASHING ALGORITHMS
645 */
646
647 /**
648 * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319.
649 * OID = 1.2.840.113549.2.2
650 */
651 public static final ObjectIdentifier MD2_oid =
652 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 2});
653
654 /**
655 * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321.
656 * OID = 1.2.840.113549.2.5
657 */
658 public static final ObjectIdentifier MD5_oid =
659 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 2, 5});
660
661 /**
662 * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1.
663 * This is sometimes called "SHA", though that is often confusing since
664 * many people refer to FIPS 180 (which has an error) as defining SHA.
665 * OID = 1.3.14.3.2.26. Old SHA-0 OID: 1.3.14.3.2.18.
666 */
667 public static final ObjectIdentifier SHA_oid =
668 ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});
669
670 public static final ObjectIdentifier SHA224_oid =
671 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});
672
673 public static final ObjectIdentifier SHA256_oid =
674 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});
675
676 public static final ObjectIdentifier SHA384_oid =
677 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 2});
678
679 public static final ObjectIdentifier SHA512_oid =
680 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 3});
681
682 public static final ObjectIdentifier SHA512_224_oid =
683 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 5});
684
685 public static final ObjectIdentifier SHA512_256_oid =
686 ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 6});
687
688 /*
689 * COMMON PUBLIC KEY TYPES
690 */
691 private static final int[] DH_data = { 1, 2, 840, 113549, 1, 3, 1 };
692 private static final int[] DH_PKIX_data = { 1, 2, 840, 10046, 2, 1 };
693 private static final int[] DSA_OIW_data = { 1, 3, 14, 3, 2, 12 };
694 private static final int[] DSA_PKIX_data = { 1, 2, 840, 10040, 4, 1 };
695 private static final int[] RSA_data = { 2, 5, 8, 1, 1 };
696
697 public static final ObjectIdentifier DH_oid;
698 public static final ObjectIdentifier DH_PKIX_oid;
699 public static final ObjectIdentifier DSA_oid;
700 public static final ObjectIdentifier DSA_OIW_oid;
701 public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);
702 public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);
703 public static final ObjectIdentifier RSA_oid;
704 public static final ObjectIdentifier RSAEncryption_oid =
705 oid(1, 2, 840, 113549, 1, 1, 1);
706 public static final ObjectIdentifier RSAES_OAEP_oid =
707 oid(1, 2, 840, 113549, 1, 1, 7);
708 public static final ObjectIdentifier mgf1_oid =
709 oid(1, 2, 840, 113549, 1, 1, 8);
710 public static final ObjectIdentifier RSASSA_PSS_oid =
711 oid(1, 2, 840, 113549, 1, 1, 10);
712
713 /*
714 * COMMON SECRET KEY TYPES
715 */
716 public static final ObjectIdentifier AES_oid =
717 oid(2, 16, 840, 1, 101, 3, 4, 1);
718
719 /*
720 * COMMON SIGNATURE ALGORITHMS
721 */
722 private static final int[] md2WithRSAEncryption_data =
723 { 1, 2, 840, 113549, 1, 1, 2 };
724 private static final int[] md5WithRSAEncryption_data =
725 { 1, 2, 840, 113549, 1, 1, 4 };
726 private static final int[] sha1WithRSAEncryption_data =
727 { 1, 2, 840, 113549, 1, 1, 5 };
728 private static final int[] sha1WithRSAEncryption_OIW_data =
729 { 1, 3, 14, 3, 2, 29 };
730 private static final int[] sha224WithRSAEncryption_data =
731 { 1, 2, 840, 113549, 1, 1, 14 };
732 private static final int[] sha256WithRSAEncryption_data =
733 { 1, 2, 840, 113549, 1, 1, 11 };
734 private static final int[] sha384WithRSAEncryption_data =
735 { 1, 2, 840, 113549, 1, 1, 12 };
736 private static final int[] sha512WithRSAEncryption_data =
737 { 1, 2, 840, 113549, 1, 1, 13 };
738
739 private static final int[] shaWithDSA_OIW_data =
740 { 1, 3, 14, 3, 2, 13 };
741 private static final int[] sha1WithDSA_OIW_data =
742 { 1, 3, 14, 3, 2, 27 };
743 private static final int[] dsaWithSHA1_PKIX_data =
744 { 1, 2, 840, 10040, 4, 3 };
745
746 public static final ObjectIdentifier md2WithRSAEncryption_oid;
747 public static final ObjectIdentifier md5WithRSAEncryption_oid;
748 public static final ObjectIdentifier sha1WithRSAEncryption_oid;
749 public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
750 public static final ObjectIdentifier sha224WithRSAEncryption_oid;
751 public static final ObjectIdentifier sha256WithRSAEncryption_oid;
752 public static final ObjectIdentifier sha384WithRSAEncryption_oid;
753 public static final ObjectIdentifier sha512WithRSAEncryption_oid;
754 public static final ObjectIdentifier sha512_224WithRSAEncryption_oid =
755 oid(1, 2, 840, 113549, 1, 1, 15);
756 public static final ObjectIdentifier sha512_256WithRSAEncryption_oid =
757 oid(1, 2, 840, 113549, 1, 1, 16);;
758
759 public static final ObjectIdentifier shaWithDSA_OIW_oid;
760 public static final ObjectIdentifier sha1WithDSA_OIW_oid;
761 public static final ObjectIdentifier sha1WithDSA_oid;
762 public static final ObjectIdentifier sha224WithDSA_oid =
763 oid(2, 16, 840, 1, 101, 3, 4, 3, 1);
764 public static final ObjectIdentifier sha256WithDSA_oid =
765 oid(2, 16, 840, 1, 101, 3, 4, 3, 2);
766
767 public static final ObjectIdentifier sha1WithECDSA_oid =
768 oid(1, 2, 840, 10045, 4, 1);
769 public static final ObjectIdentifier sha224WithECDSA_oid =
770 oid(1, 2, 840, 10045, 4, 3, 1);
771 public static final ObjectIdentifier sha256WithECDSA_oid =
772 oid(1, 2, 840, 10045, 4, 3, 2);
773 public static final ObjectIdentifier sha384WithECDSA_oid =
774 oid(1, 2, 840, 10045, 4, 3, 3);
775 public static final ObjectIdentifier sha512WithECDSA_oid =
776 oid(1, 2, 840, 10045, 4, 3, 4);
777 public static final ObjectIdentifier specifiedWithECDSA_oid =
778 oid(1, 2, 840, 10045, 4, 3);
779
780 /**
781 * Algorithm ID for the PBE encryption algorithms from PKCS#5 and
782 * PKCS#12.
783 */
784 public static final ObjectIdentifier pbeWithMD5AndDES_oid =
785 ObjectIdentifier.newInternal(new int[]{1, 2, 840, 113549, 1, 5, 3});
786 public static final ObjectIdentifier pbeWithMD5AndRC2_oid =
787 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 6});
788 public static final ObjectIdentifier pbeWithSHA1AndDES_oid =
789 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 10});
790 public static final ObjectIdentifier pbeWithSHA1AndRC2_oid =
791 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 5, 11});
792 public static ObjectIdentifier pbeWithSHA1AndRC4_128_oid =
793 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 1});
794 public static ObjectIdentifier pbeWithSHA1AndRC4_40_oid =
795 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 2});
796 public static ObjectIdentifier pbeWithSHA1AndDESede_oid =
797 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 3});
798 public static ObjectIdentifier pbeWithSHA1AndRC2_128_oid =
799 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 5});
800 public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
801 ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});
802
803 static {
804 /*
805 * Note the preferred OIDs are named simply with no "OIW" or
806 * "PKIX" in them, even though they may point to data from these
807 * specs; e.g. SHA_oid, DH_oid, DSA_oid, SHA1WithDSA_oid...
808 */
809 /**
810 * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3.
811 * Parameters include public values P and G, and may optionally specify
812 * the length of the private key X. Alternatively, algorithm parameters
813 * may be derived from another source such as a Certificate Authority's
814 * certificate.
815 * OID = 1.2.840.113549.1.3.1
816 */
817 DH_oid = ObjectIdentifier.newInternal(DH_data);
818
819 /**
820 * Algorithm ID for the Diffie Hellman Key Agreement (DH), from RFC 3279.
821 * Parameters may include public values P and G.
822 * OID = 1.2.840.10046.2.1
823 */
824 DH_PKIX_oid = ObjectIdentifier.newInternal(DH_PKIX_data);
825
826 /**
827 * Algorithm ID for the Digital Signing Algorithm (DSA), from the
828 * NIST OIW Stable Agreements part 12.
829 * Parameters may include public values P, Q, and G; or these may be
830 * derived from
831 * another source such as a Certificate Authority's certificate.
832 * OID = 1.3.14.3.2.12
833 */
834 DSA_OIW_oid = ObjectIdentifier.newInternal(DSA_OIW_data);
835
836 /**
837 * Algorithm ID for the Digital Signing Algorithm (DSA), from RFC 3279.
838 * Parameters may include public values P, Q, and G; or these may be
839 * derived from another source such as a Certificate Authority's
840 * certificate.
841 * OID = 1.2.840.10040.4.1
842 */
843 DSA_oid = ObjectIdentifier.newInternal(DSA_PKIX_data);
844
845 /**
846 * Algorithm ID for RSA keys used for any purpose, as defined in X.509.
847 * The algorithm parameter is a single value, the number of bits in the
848 * public modulus.
849 * OID = 2.5.8.1.1
850 */
851 RSA_oid = ObjectIdentifier.newInternal(RSA_data);
852
853 /**
854 * Identifies a signing algorithm where an MD2 digest is encrypted
855 * using an RSA private key; defined in PKCS #1. Use of this
856 * signing algorithm is discouraged due to MD2 vulnerabilities.
857 * OID = 1.2.840.113549.1.1.2
858 */
859 md2WithRSAEncryption_oid =
860 ObjectIdentifier.newInternal(md2WithRSAEncryption_data);
861
862 /**
863 * Identifies a signing algorithm where an MD5 digest is
864 * encrypted using an RSA private key; defined in PKCS #1.
865 * OID = 1.2.840.113549.1.1.4
866 */
867 md5WithRSAEncryption_oid =
868 ObjectIdentifier.newInternal(md5WithRSAEncryption_data);
869
870 /**
871 * Identifies a signing algorithm where a SHA1 digest is
872 * encrypted using an RSA private key; defined by RSA DSI.
873 * OID = 1.2.840.113549.1.1.5
874 */
875 sha1WithRSAEncryption_oid =
876 ObjectIdentifier.newInternal(sha1WithRSAEncryption_data);
877
878 /**
879 * Identifies a signing algorithm where a SHA1 digest is
880 * encrypted using an RSA private key; defined in NIST OIW.
881 * OID = 1.3.14.3.2.29
882 */
883 sha1WithRSAEncryption_OIW_oid =
884 ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);
885
886 /**
887 * Identifies a signing algorithm where a SHA224 digest is
888 * encrypted using an RSA private key; defined by PKCS #1.
889 * OID = 1.2.840.113549.1.1.14
890 */
891 sha224WithRSAEncryption_oid =
892 ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);
893
894 /**
895 * Identifies a signing algorithm where a SHA256 digest is
896 * encrypted using an RSA private key; defined by PKCS #1.
897 * OID = 1.2.840.113549.1.1.11
898 */
899 sha256WithRSAEncryption_oid =
900 ObjectIdentifier.newInternal(sha256WithRSAEncryption_data);
901
902 /**
903 * Identifies a signing algorithm where a SHA384 digest is
904 * encrypted using an RSA private key; defined by PKCS #1.
905 * OID = 1.2.840.113549.1.1.12
906 */
907 sha384WithRSAEncryption_oid =
908 ObjectIdentifier.newInternal(sha384WithRSAEncryption_data);
909
910 /**
911 * Identifies a signing algorithm where a SHA512 digest is
912 * encrypted using an RSA private key; defined by PKCS #1.
913 * OID = 1.2.840.113549.1.1.13
914 */
915 sha512WithRSAEncryption_oid =
916 ObjectIdentifier.newInternal(sha512WithRSAEncryption_data);
917
918 /**
919 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
920 * SHA digest is signed using the Digital Signing Algorithm (DSA).
921 * This should not be used.
922 * OID = 1.3.14.3.2.13
923 */
924 shaWithDSA_OIW_oid = ObjectIdentifier.newInternal(shaWithDSA_OIW_data);
925
926 /**
927 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
928 * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
929 * OID = 1.3.14.3.2.27
930 */
931 sha1WithDSA_OIW_oid = ObjectIdentifier.newInternal(sha1WithDSA_OIW_data);
932
933 /**
934 * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a
935 * SHA1 digest is signed using the Digital Signing Algorithm (DSA).
936 * OID = 1.2.840.10040.4.3
937 */
938 sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data);
939
940 nameTable = new HashMap<>();
941 nameTable.put(MD5_oid, "MD5");
942 nameTable.put(MD2_oid, "MD2");
943 nameTable.put(SHA_oid, "SHA-1");
944 nameTable.put(SHA224_oid, "SHA-224");
945 nameTable.put(SHA256_oid, "SHA-256");
946 nameTable.put(SHA384_oid, "SHA-384");
947 nameTable.put(SHA512_oid, "SHA-512");
948 nameTable.put(SHA512_224_oid, "SHA-512/224");
949 nameTable.put(SHA512_256_oid, "SHA-512/256");
950 nameTable.put(RSAEncryption_oid, "RSA");
951 nameTable.put(RSA_oid, "RSA");
952 nameTable.put(DH_oid, "Diffie-Hellman");
953 nameTable.put(DH_PKIX_oid, "Diffie-Hellman");
954 nameTable.put(DSA_oid, "DSA");
955 nameTable.put(DSA_OIW_oid, "DSA");
956 nameTable.put(EC_oid, "EC");
957 nameTable.put(ECDH_oid, "ECDH");
958
959 nameTable.put(AES_oid, "AES");
960
961 nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
962 nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
963 nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
964 nameTable.put(sha384WithECDSA_oid, "SHA384withECDSA");
965 nameTable.put(sha512WithECDSA_oid, "SHA512withECDSA");
966 nameTable.put(md5WithRSAEncryption_oid, "MD5withRSA");
967 nameTable.put(md2WithRSAEncryption_oid, "MD2withRSA");
968 nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
969 nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
970 nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
971 nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
972 nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
973 nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
974 nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
975 nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
976 nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
977 nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
978 nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
979 nameTable.put(sha512_224WithRSAEncryption_oid, "SHA512/224withRSA");
980 nameTable.put(sha512_256WithRSAEncryption_oid, "SHA512/256withRSA");
981 nameTable.put(RSASSA_PSS_oid, "RSASSA-PSS");
982 nameTable.put(RSAES_OAEP_oid, "RSAES-OAEP");
983
984 nameTable.put(pbeWithMD5AndDES_oid, "PBEWithMD5AndDES");
985 nameTable.put(pbeWithMD5AndRC2_oid, "PBEWithMD5AndRC2");
986 nameTable.put(pbeWithSHA1AndDES_oid, "PBEWithSHA1AndDES");
987 nameTable.put(pbeWithSHA1AndRC2_oid, "PBEWithSHA1AndRC2");
988 nameTable.put(pbeWithSHA1AndRC4_128_oid, "PBEWithSHA1AndRC4_128");
989 nameTable.put(pbeWithSHA1AndRC4_40_oid, "PBEWithSHA1AndRC4_40");
990 nameTable.put(pbeWithSHA1AndDESede_oid, "PBEWithSHA1AndDESede");
991 nameTable.put(pbeWithSHA1AndRC2_128_oid, "PBEWithSHA1AndRC2_128");
992 nameTable.put(pbeWithSHA1AndRC2_40_oid, "PBEWithSHA1AndRC2_40");
993 }
994
995 /**
996 * Creates a signature algorithm name from a digest algorithm
997 * name and a encryption algorithm name.
998 */
999 public static String makeSigAlg(String digAlg, String encAlg) {
1000 digAlg = digAlg.replace("-", "");
1001 if (encAlg.equalsIgnoreCase("EC")) encAlg = "ECDSA";
1002
1003 return digAlg + "with" + encAlg;
1004 }
1005
1006 /**
1007 * Extracts the encryption algorithm name from a signature
1008 * algorithm name.
1009 */
1010 public static String getEncAlgFromSigAlg(String signatureAlgorithm) {
1011 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
1012 int with = signatureAlgorithm.indexOf("WITH");
1013 String keyAlgorithm = null;
1014 if (with > 0) {
1015 int and = signatureAlgorithm.indexOf("AND", with + 4);
1016 if (and > 0) {
1017 keyAlgorithm = signatureAlgorithm.substring(with + 4, and);
1018 } else {
1019 keyAlgorithm = signatureAlgorithm.substring(with + 4);
1020 }
1021 if (keyAlgorithm.equalsIgnoreCase("ECDSA")) {
1022 keyAlgorithm = "EC";
1023 }
1024 }
1025 return keyAlgorithm;
1026 }
1027
1028 /**
1029 * Extracts the digest algorithm name from a signature
1030 * algorithm name.
1031 */
1032 public static String getDigAlgFromSigAlg(String signatureAlgorithm) {
1033 signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
1034 int with = signatureAlgorithm.indexOf("WITH");
1035 if (with > 0) {
1036 return signatureAlgorithm.substring(0, with);
1037 }
1038 return null;
1039 }
1040
1041 /**
1042 * Checks if a signature algorithm matches a key algorithm, i.e. a
1043 * signature can be initialized with a key.
1044 *
1045 * @param kAlg must not be null
1046 * @param sAlg must not be null
1047 * @throws IllegalArgumentException if they do not match
1048 */
1049 public static void checkKeyAndSigAlgMatch(String kAlg, String sAlg) {
1050 String sAlgUp = sAlg.toUpperCase(Locale.US);
1051 if ((sAlgUp.endsWith("WITHRSA") && !kAlg.equalsIgnoreCase("RSA")) ||
1052 (sAlgUp.endsWith("WITHECDSA") && !kAlg.equalsIgnoreCase("EC")) ||
1053 (sAlgUp.endsWith("WITHDSA") && !kAlg.equalsIgnoreCase("DSA"))) {
1054 throw new IllegalArgumentException(
1055 "key algorithm not compatible with signature algorithm");
1056 }
1057 }
1058
1059 /**
1060 * Returns the default signature algorithm for a private key. The digest
1061 * part might evolve with time. Remember to update the spec of
1062 * {@link jdk.security.jarsigner.JarSigner.Builder#getDefaultSignatureAlgorithm(PrivateKey)}
1063 * if updated.
1064 *
1065 * @param k cannot be null
1066 * @return the default alg, might be null if unsupported
1067 */
1068 public static String getDefaultSigAlgForKey(PrivateKey k) {
1069 switch (k.getAlgorithm().toUpperCase(Locale.ENGLISH)) {
1070 case "EC":
1071 return ecStrength(KeyUtil.getKeySize(k))
1072 + "withECDSA";
1073 case "DSA":
1074 return ifcFfcStrength(KeyUtil.getKeySize(k))
1075 + "withDSA";
1076 case "RSA":
1077 return ifcFfcStrength(KeyUtil.getKeySize(k))
1078 + "withRSA";
1079 default:
1080 return null;
1081 }
1082 }
1083
1084 // Most commonly used PSSParameterSpec and AlgorithmId
1085 private static class PSSParamsHolder {
1086
1087 final static PSSParameterSpec PSS_256_SPEC = new PSSParameterSpec(
1088 "SHA-256", "MGF1",
1089 new MGF1ParameterSpec("SHA-256"),
1090 32, PSSParameterSpec.TRAILER_FIELD_BC);
1091 final static PSSParameterSpec PSS_384_SPEC = new PSSParameterSpec(
1092 "SHA-384", "MGF1",
1093 new MGF1ParameterSpec("SHA-384"),
1094 48, PSSParameterSpec.TRAILER_FIELD_BC);
1095 final static PSSParameterSpec PSS_512_SPEC = new PSSParameterSpec(
1096 "SHA-512", "MGF1",
1097 new MGF1ParameterSpec("SHA-512"),
1098 64, PSSParameterSpec.TRAILER_FIELD_BC);
1099
1100 final static AlgorithmId PSS_256_ID;
1101 final static AlgorithmId PSS_384_ID;
1102 final static AlgorithmId PSS_512_ID;
1103
1104 static {
1105 try {
1106 PSS_256_ID = new AlgorithmId(RSASSA_PSS_oid,
1107 new DerValue(PSSParameters.getEncoded(PSS_256_SPEC)));
1108 PSS_384_ID = new AlgorithmId(RSASSA_PSS_oid,
1109 new DerValue(PSSParameters.getEncoded(PSS_384_SPEC)));
1110 PSS_512_ID = new AlgorithmId(RSASSA_PSS_oid,
1111 new DerValue(PSSParameters.getEncoded(PSS_512_SPEC)));
1112 } catch (IOException e) {
1113 throw new AssertionError("Should not happen", e);
1114 }
1115 }
1116 }
1117
1118 public static AlgorithmId getWithParameterSpec(String algName,
1119 AlgorithmParameterSpec spec) throws NoSuchAlgorithmException {
1120
1121 if (spec == null) {
1122 return AlgorithmId.get(algName);
1123 } else if (spec == PSSParamsHolder.PSS_256_SPEC) {
1124 return PSSParamsHolder.PSS_256_ID;
1125 } else if (spec == PSSParamsHolder.PSS_384_SPEC) {
1126 return PSSParamsHolder.PSS_384_ID;
1127 } else if (spec == PSSParamsHolder.PSS_512_SPEC) {
1128 return PSSParamsHolder.PSS_512_ID;
1129 } else {
1130 try {
1131 AlgorithmParameters result =
1132 AlgorithmParameters.getInstance(algName);
1133 result.init(spec);
1134 return get(result);
1135 } catch (InvalidParameterSpecException | NoSuchAlgorithmException e) {
1136 throw new ProviderException(e);
1137 }
1138 }
1139 }
1140
1141 public static PSSParameterSpec getDefaultAlgorithmParameterSpec(
1142 String sigAlg, PrivateKey k) {
1143 if (sigAlg.equalsIgnoreCase("RSASSA-PSS")) {
1144 switch (ifcFfcStrength(KeyUtil.getKeySize(k))) {
1145 case "SHA256":
1146 return PSSParamsHolder.PSS_256_SPEC;
1147 case "SHA384":
1148 return PSSParamsHolder.PSS_384_SPEC;
1149 case "SHA512":
1150 return PSSParamsHolder.PSS_512_SPEC;
1151 default:
1152 throw new AssertionError("Should not happen");
1153 }
1154 } else {
1155 return null;
1156 }
1157 }
1158
1159 // Values from SP800-57 part 1 rev 4 tables 2 and 3
1160 private static String ecStrength (int bitLength) {
1161 if (bitLength >= 512) { // 256 bits of strength
1162 return "SHA512";
1163 } else if (bitLength >= 384) { // 192 bits of strength
1164 return "SHA384";
1165 } else { // 128 bits of strength and less
1166 return "SHA256";
1167 }
1168 }
1169
1170 // Same values for RSA and DSA
1171 private static String ifcFfcStrength (int bitLength) {
1172 if (bitLength > 7680) { // 256 bits
1173 return "SHA512";
1174 } else if (bitLength > 3072) { // 192 bits
1175 return "SHA384";
1176 } else { // 128 bits and less
1177 return "SHA256";
1178 }
1179 }
1180 }