Overhaul algorithm registries

Author: peterdettman

crypto/src/asn1/smime/SMIMECapabilities.cs

@@ -1,7 +1,9 @@
 using System;
 using System.Collections.Generic;
 
+using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Nist;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 
@@ -28,9 +30,9 @@ public class SmimeCapabilities
         public static readonly DerObjectIdentifier Aes256Cbc = NistObjectIdentifiers.IdAes256Cbc;
         public static readonly DerObjectIdentifier Aes192Cbc = NistObjectIdentifiers.IdAes192Cbc;
         public static readonly DerObjectIdentifier Aes128Cbc = NistObjectIdentifiers.IdAes128Cbc;
-        public static readonly DerObjectIdentifier IdeaCbc = new DerObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2");
-        public static readonly DerObjectIdentifier Cast5Cbc = new DerObjectIdentifier("1.2.840.113533.7.66.10");
-        public static readonly DerObjectIdentifier DesCbc = new DerObjectIdentifier("1.3.14.3.2.7");
+        public static readonly DerObjectIdentifier IdeaCbc = MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC;
+        public static readonly DerObjectIdentifier Cast5Cbc = MiscObjectIdentifiers.cast5CBC;
+        public static readonly DerObjectIdentifier DesCbc = OiwObjectIdentifiers.DesCbc;
         public static readonly DerObjectIdentifier DesEde3Cbc = PkcsObjectIdentifiers.DesEde3Cbc;
         public static readonly DerObjectIdentifier RC2Cbc = PkcsObjectIdentifiers.RC2Cbc;
 

crypto/src/asn1/smime/SMIMECapability.cs

@@ -1,6 +1,7 @@
 using System;
 
 using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
 
 namespace Org.BouncyCastle.Asn1.Smime
@@ -18,7 +19,7 @@ public class SmimeCapability
 		/**
          * encryption algorithms preferences
          */
-        public static readonly DerObjectIdentifier DesCbc = new DerObjectIdentifier("1.3.14.3.2.7");
+        public static readonly DerObjectIdentifier DesCbc = OiwObjectIdentifiers.DesCbc;
         public static readonly DerObjectIdentifier DesEde3Cbc = PkcsObjectIdentifiers.DesEde3Cbc;
         public static readonly DerObjectIdentifier RC2Cbc = PkcsObjectIdentifiers.RC2Cbc;
 

crypto/src/crypto/util/AlgorithmIdentifierFactory.cs

@@ -14,8 +14,8 @@ namespace Org.BouncyCastle.Crypto.Utilities
 {
     public class AlgorithmIdentifierFactory
     {
-        public static readonly DerObjectIdentifier IDEA_CBC = new DerObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2");
-        public static readonly DerObjectIdentifier CAST5_CBC = new DerObjectIdentifier("1.2.840.113533.7.66.10");
+        public static readonly DerObjectIdentifier IDEA_CBC = MiscObjectIdentifiers.as_sys_sec_alg_ideaCBC;
+        public static readonly DerObjectIdentifier CAST5_CBC = MiscObjectIdentifiers.cast5CBC;
 
         private static readonly short[] rc2Table = {
             0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,

crypto/src/security/AgreementUtilities.cs

@@ -12,107 +12,208 @@
 
 namespace Org.BouncyCastle.Security
 {
-	/// <remarks>
-	///  Utility class for creating IBasicAgreement objects from their names/Oids
-	/// </remarks>
-	public static class AgreementUtilities
+    /// <remarks>
+    ///  Utility class for creating IBasicAgreement objects from their names/Oids
+    /// </remarks>
+    public static class AgreementUtilities
 	{
-		private static readonly IDictionary<string, string> Algorithms =
-			new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        private static readonly Dictionary<DerObjectIdentifier, string> AlgorithmOidMap =
+            new Dictionary<DerObjectIdentifier, string>();
 
         static AgreementUtilities()
 		{
-            Algorithms[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme.Id] = "ECCDHWITHSHA1KDF";
-			Algorithms[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme.Id] = "ECDHWITHSHA1KDF";
-			Algorithms[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme.Id] = "ECMQVWITHSHA1KDF";
+            AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassCofactorDHSha1KdfScheme] = "ECCDHWITHSHA1KDF";
+            AlgorithmOidMap[X9ObjectIdentifiers.DHSinglePassStdDHSha1KdfScheme] = "ECDHWITHSHA1KDF";
+            AlgorithmOidMap[X9ObjectIdentifiers.MqvSinglePassSha1KdfScheme] = "ECMQVWITHSHA1KDF";
+
+            AlgorithmOidMap[EdECObjectIdentifiers.id_X25519] = "X25519";
+            AlgorithmOidMap[EdECObjectIdentifiers.id_X448] = "X448";
+
+#if DEBUG
+            //foreach (var key in AlgorithmMap.Keys)
+            //{
+            //    if (DerObjectIdentifier.TryFromID(key, out var ignore))
+            //        throw new Exception("OID mapping belongs in AlgorithmOidMap: " + key);
+            //}
+
+            //var mechanisms = new HashSet<string>(AlgorithmMap.Values);
+            var mechanisms = new HashSet<string>();
+            mechanisms.UnionWith(AlgorithmOidMap.Values);
+
+            foreach (var mechanism in mechanisms)
+            {
+                //if (AlgorithmMap.TryGetValue(mechanism, out var check))
+                //{
+                //    if (mechanism != check)
+                //        throw new Exception("Mechanism mapping MUST be to self: " + mechanism);
+                //}
+                //else
+                {
+                    if (!mechanism.Equals(mechanism.ToUpperInvariant()))
+                        throw new Exception("Unmapped mechanism MUST be uppercase: " + mechanism);
+                }
+            }
+#endif
+        }
 
-            Algorithms[EdECObjectIdentifiers.id_X25519.Id] = "X25519";
-            Algorithms[EdECObjectIdentifiers.id_X448.Id] = "X448";
+        public static string GetAlgorithmName(DerObjectIdentifier oid)
+        {
+            return CollectionUtilities.GetValueOrNull(AlgorithmOidMap, oid);
         }
 
-        public static IBasicAgreement GetBasicAgreement(
-			DerObjectIdentifier oid)
+        public static IBasicAgreement GetBasicAgreement(DerObjectIdentifier oid)
 		{
-			return GetBasicAgreement(oid.Id);
-		}
+            if (oid == null)
+                throw new ArgumentNullException(nameof(oid));
 
-		public static IBasicAgreement GetBasicAgreement(
-			string algorithm)
+            if (AlgorithmOidMap.TryGetValue(oid, out var mechanism))
+            {
+                var basicAgreement = GetBasicAgreementForMechanism(mechanism);
+                if (basicAgreement != null)
+                    return basicAgreement;
+            }
+
+            throw new SecurityUtilityException("Basic Agreement OID not recognised.");
+        }
+
+        public static IBasicAgreement GetBasicAgreement(string algorithm)
 		{
-            string mechanism = GetMechanism(algorithm);
+            if (algorithm == null)
+                throw new ArgumentNullException(nameof(algorithm));
+
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
 
+            var basicAgreement = GetBasicAgreementForMechanism(mechanism);
+            if (basicAgreement != null)
+                return basicAgreement;
+
+            throw new SecurityUtilityException("Basic Agreement " + algorithm + " not recognised.");
+		}
+
+		private static IBasicAgreement GetBasicAgreementForMechanism(string mechanism)
+		{
             if (mechanism == "DH" || mechanism == "DIFFIEHELLMAN")
 				return new DHBasicAgreement();
 
 			if (mechanism == "ECDH")
 				return new ECDHBasicAgreement();
 
             if (mechanism == "ECDHC" || mechanism == "ECCDH")
-                    return new ECDHCBasicAgreement();
+                return new ECDHCBasicAgreement();
 
 			if (mechanism == "ECMQV")
 				return new ECMqvBasicAgreement();
 
-			throw new SecurityUtilityException("Basic Agreement " + algorithm + " not recognised.");
+            return null;
 		}
 
         public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier agreeAlgOid,
 			DerObjectIdentifier wrapAlgOid)
         {
-            return GetBasicAgreementWithKdf(agreeAlgOid.Id, wrapAlgOid.Id);
+            return GetBasicAgreementWithKdf(agreeAlgOid, wrapAlgOid?.Id);
         }
 
+        // TODO[api] Change parameter name to 'agreeAlgOid'
         public static IBasicAgreement GetBasicAgreementWithKdf(DerObjectIdentifier oid, string wrapAlgorithm)
 		{
-			return GetBasicAgreementWithKdf(oid.Id, wrapAlgorithm);
-		}
+            if (oid == null)
+                throw new ArgumentNullException(nameof(oid));
+            if (wrapAlgorithm == null)
+                throw new ArgumentNullException(nameof(wrapAlgorithm));
+
+            if (AlgorithmOidMap.TryGetValue(oid, out var mechanism))
+            {
+                var basicAgreement = GetBasicAgreementWithKdfForMechanism(mechanism, wrapAlgorithm);
+                if (basicAgreement != null)
+                    return basicAgreement;
+            }
+
+            throw new SecurityUtilityException("Basic Agreement (with KDF) OID not recognised.");
+        }
 
-		public static IBasicAgreement GetBasicAgreementWithKdf(string agreeAlgorithm, string wrapAlgorithm)
+        public static IBasicAgreement GetBasicAgreementWithKdf(string agreeAlgorithm, string wrapAlgorithm)
 		{
-            string mechanism = GetMechanism(agreeAlgorithm);
+            if (agreeAlgorithm == null)
+                throw new ArgumentNullException(nameof(agreeAlgorithm));
+            if (wrapAlgorithm == null)
+                throw new ArgumentNullException(nameof(wrapAlgorithm));
+
+            string mechanism = GetMechanism(agreeAlgorithm) ?? agreeAlgorithm.ToUpperInvariant();
+
+            var basicAgreement = GetBasicAgreementWithKdfForMechanism(mechanism, wrapAlgorithm);
+            if (basicAgreement != null)
+                return basicAgreement;
+
+            throw new SecurityUtilityException("Basic Agreement (with KDF) " + agreeAlgorithm + " not recognised.");
+		}
 
+        private static IBasicAgreement GetBasicAgreementWithKdfForMechanism(string mechanism, string wrapAlgorithm)
+        {
             // 'DHWITHSHA1KDF' retained for backward compatibility
-			if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF")
-				return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "DHWITHSHA1KDF" || mechanism == "ECDHWITHSHA1KDF")
+                return new ECDHWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
 
-			if (mechanism == "ECCDHWITHSHA1KDF")
-				return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "ECCDHWITHSHA1KDF")
+                return new ECDHCWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
 
-			if (mechanism == "ECMQVWITHSHA1KDF")
-				return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
+            if (mechanism == "ECMQVWITHSHA1KDF")
+                return new ECMqvWithKdfBasicAgreement(wrapAlgorithm, new ECDHKekGenerator(new Sha1Digest()));
 
-			throw new SecurityUtilityException("Basic Agreement (with KDF) " + agreeAlgorithm + " not recognised.");
-		}
+            return null;
+        }
 
-        public static IRawAgreement GetRawAgreement(
-            DerObjectIdentifier oid)
+        public static IRawAgreement GetRawAgreement(DerObjectIdentifier oid)
         {
-            return GetRawAgreement(oid.Id);
+            if (oid == null)
+                throw new ArgumentNullException(nameof(oid));
+
+            if (AlgorithmOidMap.TryGetValue(oid, out var mechanism))
+            {
+                var rawAgreement = GetRawAgreementForMechanism(mechanism);
+                if (rawAgreement != null)
+                    return rawAgreement;
+            }
+
+            throw new SecurityUtilityException("Raw Agreement OID not recognised.");
         }
 
         public static IRawAgreement GetRawAgreement(string algorithm)
         {
-            string mechanism = GetMechanism(algorithm);
+            if (algorithm == null)
+                throw new ArgumentNullException(nameof(algorithm));
+
+            string mechanism = GetMechanism(algorithm) ?? algorithm.ToUpperInvariant();
+
+            var rawAgreement = GetRawAgreementForMechanism(mechanism);
+            if (rawAgreement != null)
+                return rawAgreement;
+
+            throw new SecurityUtilityException("Raw Agreement " + algorithm + " not recognised.");
+        }
 
+        private static IRawAgreement GetRawAgreementForMechanism(string mechanism)
+        {
             if (mechanism == "X25519")
                 return new X25519Agreement();
 
             if (mechanism == "X448")
                 return new X448Agreement();
 
-            throw new SecurityUtilityException("Raw Agreement " + algorithm + " not recognised.");
+            return null;
         }
 
-		public static string GetAlgorithmName(DerObjectIdentifier oid)
-		{
-			return CollectionUtilities.GetValueOrNull(Algorithms, oid.Id);
-		}
-
-		private static string GetMechanism(string algorithm)
+        private static string GetMechanism(string algorithm)
         {
-			var mechanism = CollectionUtilities.GetValueOrKey(Algorithms, algorithm);
+            //if (AlgorithmMap.TryGetValue(algorithm, out var mechanism1))
+            //    return mechanism1;
+
+            if (DerObjectIdentifier.TryFromID(algorithm, out var oid))
+            {
+                if (AlgorithmOidMap.TryGetValue(oid, out var mechanism2))
+                    return mechanism2;
+            }
 
-			return mechanism.ToUpperInvariant();
+            return null;
         }
 	}
 }