Improve OAEP parameters matching

- add SHA-224 support and SHA-224, SHA-512 test coverage

Author: peterdettman

core/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java

@@ -100,7 +100,17 @@ public AlgorithmIdentifier getPSourceAlgorithm()
     {
         return pSourceAlgorithm;
     }
-    
+
+    public RSAESOAEPparams withDefaultPSource()
+    {
+        if (DEFAULT_P_SOURCE_ALGORITHM == pSourceAlgorithm)
+        {
+            return this;
+        }
+
+        return new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, DEFAULT_P_SOURCE_ALGORITHM);
+    }
+
     /**
      * <pre>
      *  RSAES-OAEP-params ::= SEQUENCE {
@@ -145,7 +155,7 @@ public ASN1Primitive toASN1Primitive()
         {
             v.add(new DERTaggedObject(true, 2, pSourceAlgorithm));
         }
-        
+
         return new DERSequence(v);
     }
 }

pkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java

@@ -23,13 +23,11 @@
 import javax.crypto.Cipher;
 import javax.crypto.KeyAgreement;
 
-import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -48,6 +46,7 @@
 import org.bouncycastle.jcajce.util.MessageDigestUtils;
 import org.bouncycastle.operator.DefaultSignatureNameFinder;
 import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Integers;
 
 class OperatorHelper
@@ -57,13 +56,11 @@ class OperatorHelper
     private static final Map symmetricWrapperAlgNames = new HashMap();
     private static final Map symmetricKeyAlgNames = new HashMap();
     private static final Map symmetricWrapperKeySizes = new HashMap();
+    // ASN1ObjectIdentifier -> OAEPParamsValue
+    private static final Map oaepParamsMap = new HashMap();
 
     private static DefaultSignatureNameFinder sigFinder = new DefaultSignatureNameFinder();
 
-    private static final RSAESOAEPparams oaepParams_sha256 = calculateDefForDigest(NISTObjectIdentifiers.id_sha256);
-    private static final RSAESOAEPparams oaepParams_sha384 = calculateDefForDigest(NISTObjectIdentifiers.id_sha384);
-    private static final RSAESOAEPparams oaepParams_sha512 = calculateDefForDigest(NISTObjectIdentifiers.id_sha512);
-
     static
     {
         oids.put(OIWObjectIdentifiers.idSHA1, "SHA1");
@@ -108,17 +105,12 @@ class OperatorHelper
         symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes256_CBC, "AES");
         symmetricKeyAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESede");
         symmetricKeyAlgNames.put(PKCSObjectIdentifiers.RC2_CBC, "RC2");
-    }
 
-    private static RSAESOAEPparams calculateDefForDigest(ASN1ObjectIdentifier digest)
-    {
-        AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(
-            digest,
-            DERNull.INSTANCE);
-        AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier(
-            PKCSObjectIdentifiers.id_mgf1,
-            new AlgorithmIdentifier(digest, DERNull.INSTANCE));
-        return new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, RSAESOAEPparams.DEFAULT_P_SOURCE_ALGORITHM);
+        OAEPParamsValue.add(oaepParamsMap, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", OIWObjectIdentifiers.idSHA1);
+        OAEPParamsValue.add(oaepParamsMap, "RSA/ECB/OAEPWithSHA-224AndMGF1Padding", NISTObjectIdentifiers.id_sha224);
+        OAEPParamsValue.add(oaepParamsMap, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", NISTObjectIdentifiers.id_sha256);
+        OAEPParamsValue.add(oaepParamsMap, "RSA/ECB/OAEPWithSHA-384AndMGF1Padding", NISTObjectIdentifiers.id_sha384);
+        OAEPParamsValue.add(oaepParamsMap, "RSA/ECB/OAEPWithSHA-512AndMGF1Padding", NISTObjectIdentifiers.id_sha512);
     }
 
     private JcaJceHelper helper;
@@ -232,36 +224,25 @@ Cipher createAsymmetricWrapper(AlgorithmIdentifier algorithmID, Map extraAlgName
             {
                 if (cipherName.indexOf("OAEPPadding") > 0)
                 {
-                    ASN1Encodable algParams = algorithmID.getParameters();
-                    if (algParams != null)
+                    try
                     {
-                        ASN1Primitive primitive = algParams.toASN1Primitive();
-                        if ((primitive instanceof ASN1Sequence))
+                        RSAESOAEPparams oaepParams = RSAESOAEPparams.getInstance(algorithmID.getParameters());
+                        if (oaepParams != null)
                         {
-                            ASN1Sequence oaepParams = (ASN1Sequence)primitive;
-                            if (oaepParams.size() == 0)
-                            {
-                                cipherName = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
-                            }
-                            else if (oaepParams.size() >= 2)
+                            ASN1ObjectIdentifier digestOID = oaepParams.getHashAlgorithm().getAlgorithm();
+                            OAEPParamsValue oaepParamsValue = (OAEPParamsValue)oaepParamsMap.get(digestOID);
+
+                            // Note that the original pSourceAlgorithm is ignored for this comparison 
+                            if (oaepParamsValue != null && oaepParamsValue.matches(oaepParams.withDefaultPSource()))
                             {
-                                // we only check the first 2 as pSource may be different
-                                oaepParams = new DERSequence(new ASN1Encodable[]{ oaepParams.getObjectAt(0), oaepParams.getObjectAt(1) });
-                                if (oaepParams_sha256.equals(oaepParams))
-                                {
-                                    cipherName = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
-                                }
-                                else if (oaepParams_sha512.equals(oaepParams))
-                                {
-                                    cipherName = "RSA/ECB/OAEPWithSHA-512AndMGF1Padding";
-                                }
-                                else if (oaepParams_sha384.equals(oaepParams))
-                                {
-                                    cipherName = "RSA/ECB/OAEPWithSHA-384AndMGF1Padding";
-                                }
+                                cipherName = oaepParamsValue.getCipherName();
                             }
                         }
                     }
+                    catch (Exception e)
+                    {
+                        // Ignore
+                    }
                 }
 
                 try
@@ -637,4 +618,52 @@ private boolean notDefaultPSSParams(ASN1Sequence seq)
 
         return pssParams.getSaltLength().intValue() != digest.getDigestLength();
     }
+
+    private static class OAEPParamsValue
+    {
+        static void add(Map oaepParamsMap, String cipherName, ASN1ObjectIdentifier digestOID)
+        {
+            try
+            {
+                RSAESOAEPparams oaepParams = createOAEPParams(digestOID);
+                byte[] derEncoding = getDEREncoding(oaepParams);
+                oaepParamsMap.put(digestOID, new OAEPParamsValue(cipherName, derEncoding));
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e);
+            }
+        }
+
+        private String cipherName;
+        private byte[] derEncoding;
+
+        private OAEPParamsValue(String cipherName, byte[] derEncoding)
+        {
+            this.cipherName = cipherName;
+            this.derEncoding = derEncoding;
+        }
+
+        String getCipherName()
+        {
+            return cipherName;
+        }
+
+        boolean matches(RSAESOAEPparams oaepParams) throws IOException
+        {
+            return Arrays.areEqual(derEncoding, getDEREncoding(oaepParams));
+        }
+
+        private static RSAESOAEPparams createOAEPParams(ASN1ObjectIdentifier digestOID)
+        {
+            AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(digestOID, DERNull.INSTANCE);
+            AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgorithm);
+            return new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, RSAESOAEPparams.DEFAULT_P_SOURCE_ALGORITHM);
+        }
+
+        private static byte[] getDEREncoding(RSAESOAEPparams oaepParams) throws IOException
+        {
+            return oaepParams.getEncoded(ASN1Encoding.DER);
+        }
+    }
 }

pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java

@@ -53,6 +53,7 @@ public class CMSTestUtil
 {
     public static SecureRandom     rand;
     public static KeyPairGenerator kpg;
+    public static KeyPairGenerator kpg_2048;
 
     public static KeyPairGenerator gostKpg;
     public static KeyPairGenerator dsaKpg;
@@ -156,8 +157,8 @@ public class CMSTestUtil
             kpg  = KeyPairGenerator.getInstance("RSA", "BC");
             kpg.initialize(1024, rand);
 
-            kpg  = KeyPairGenerator.getInstance("RSA", "BC");
-            kpg.initialize(1024, rand);
+            kpg_2048  = KeyPairGenerator.getInstance("RSA", "BC");
+            kpg_2048.initialize(2048, rand);
 
             gostKpg  = KeyPairGenerator.getInstance("GOST3410", "BC");
             GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId());
@@ -278,6 +279,11 @@ public static KeyPair makeKeyPair()
         return kpg.generateKeyPair();
     }
 
+    public static KeyPair makeKeyPair_2048()
+    {
+        return kpg_2048.generateKeyPair();
+    }
+
     public static KeyPair makeGostKeyPair()
     {
         return gostKpg.generateKeyPair();

pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java

@@ -130,8 +130,10 @@ public class NewEnvelopedDataTest
     private static String _reciDN;
     private static String _reciDN2;
     private static KeyPair _reciKP;
+    private static KeyPair _reciKP_2048;
     private static KeyPair _reciOaepKP;
     private static X509Certificate _reciCert;
+    private static X509Certificate _reciCert_2048;
     private static X509Certificate _reciCertOaep;
 
     private static KeyPair _origEcKP;
@@ -594,7 +596,9 @@ private static void init()
             _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
             _reciDN2 = "CN=Fred, OU=Sales, O=Bouncy Castle, C=AU";
             _reciKP = CMSTestUtil.makeKeyPair();
+            _reciKP_2048 = CMSTestUtil.makeKeyPair_2048();
             _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
+            _reciCert_2048 = CMSTestUtil.makeCertificate(_reciKP_2048, _reciDN, _signKP, _signDN);
             _reciCertOaep = CMSTestUtil.makeOaepCertificate(_reciKP, _reciDN, _signKP, _signDN);
 
             _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
@@ -1119,19 +1123,19 @@ public void testKeyTransOAEPSHA384()
         doTestKeyTransOAEPDefaultNamed("SHA-384");
     }
 
-    public void testKeyTransOAEPSHA1AndSHA256()
+    public void testKeyTransOAEPSHA512()
         throws Exception
     {
-        doTestKeyTransOAEPDefaultNamed("SHA-1", "SHA-256");
+        doTestKeyTransOAEPDefaultNamed_2048("SHA-512");
     }
 
-    private void doTestKeyTransOAEPDefaultNamed(String digest)
+    public void testKeyTransOAEPSHA1AndSHA256()
         throws Exception
     {
-        doTestKeyTransOAEPDefaultNamed(digest, digest);
+        doTestKeyTransOAEPDefaultNamed("SHA-1", "SHA-256");
     }
 
-    private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest)
+    private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest, X509Certificate reciCert, KeyPair reciKP)
         throws Exception
     {
         byte[] data = "WallaWallaWashington".getBytes();
@@ -1142,8 +1146,8 @@ private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest)
         OAEPParameterSpec oaepSpec = new OAEPParameterSpec(digest, "MGF1", new MGF1ParameterSpec(mgfDigest), new PSource.PSpecified(new byte[]{1, 2, 3, 4, 5}));
         AlgorithmIdentifier oaepAlgId = paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, oaepSpec);
 
-        edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert, oaepAlgId).setProvider(BC));
-        edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), oaepAlgId, _reciCert.getPublicKey()).setProvider(BC));
+        edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(reciCert, oaepAlgId).setProvider(BC));
+        edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), oaepAlgId, reciCert.getPublicKey()).setProvider(BC));
 
         CMSEnvelopedData ed = edGen.generate(
             new CMSProcessableByteArray(data),
@@ -1166,12 +1170,12 @@ private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest)
 
             assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm());
 
-            byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
+            byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(reciKP.getPrivate()).setProvider(BC));
 
             assertEquals(true, Arrays.equals(data, recData));
         }
 
-        RecipientId id = new JceKeyTransRecipientId(_reciCert);
+        RecipientId id = new JceKeyTransRecipientId(reciCert);
 
         Collection collection = recipients.getRecipients(id);
         if (collection.size() != 2)
@@ -1181,6 +1185,30 @@ private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest)
         assertTrue(collection.iterator().next() instanceof RecipientInformation);
     }
 
+    private void doTestKeyTransOAEPDefaultNamed(String digest)
+        throws Exception
+    {
+        doTestKeyTransOAEPDefaultNamed(digest, digest);
+    }
+
+    private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest)
+        throws Exception
+    {
+        doTestKeyTransOAEPDefaultNamed(digest, digest, _reciCert, _reciKP);
+    }
+
+    private void doTestKeyTransOAEPDefaultNamed_2048(String digest)
+        throws Exception
+    {
+        doTestKeyTransOAEPDefaultNamed_2048(digest, digest);
+    }
+
+    private void doTestKeyTransOAEPDefaultNamed_2048(String digest, String mgfDigest)
+        throws Exception
+    {
+        doTestKeyTransOAEPDefaultNamed(digest, digest, _reciCert_2048, _reciKP_2048);
+    }
+
     public void testKeyTransOAEPInCert()
         throws Exception
     {