added support for SHA2/SHA3/KMAC key storage and retrieval

dghgit · dghgit · commit 6971a97ac9b5 · 2025-01-10T06:54:33.000+11:00
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java
@@ -9,6 +9,7 @@
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 
 public class SHA1
@@ -78,7 +79,16 @@ public static class PBEWithMacKeyFactory
     {
         public PBEWithMacKeyFactory()
         {
-            super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0);
+            super("PBEwithHmacSHA1", null, false, PKCS12, SHA1, 160, 0);
+        }
+    }
+
+    static public class KeyFactory
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("HmacSHA1", null);
         }
     }
 
@@ -109,6 +119,8 @@ public void configure(ConfigurableProvider provider)
             provider.addAlgorithm("Alg.Alias.Mac." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA");
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA1", PREFIX + "$PBEWithMacKeyFactory");
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA1", PREFIX + "$KeyFactory");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA1, "HMACSHA1");
           }
     }
 }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java
@@ -8,6 +8,7 @@
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 
 public class SHA224
 {
@@ -44,6 +45,15 @@ public HashMac()
         }
     }
 
+    static public class KeyFactory
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("HmacSHA224", null);
+        }
+    }
+
     public static class KeyGenerator
         extends BaseKeyGenerator
     {
@@ -73,6 +83,8 @@ public void configure(ConfigurableProvider provider)
             addHMACAlgorithm(provider, "SHA224", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224);
 
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA224", PREFIX + "$KeyFactory");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA224, "HMACSHA224");
         }
     }
 }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
@@ -8,6 +8,7 @@
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 
 public class SHA256
@@ -57,6 +58,15 @@ public PBEWithMacKeyFactory()
         }
     }
 
+    static public class KeyFactory
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("HmacSHA256", null);
+        }
+    }
+
     /**
      * HMACSHA256
      */
@@ -93,6 +103,9 @@ public void configure(ConfigurableProvider provider)
             addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256);
             addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256);
+
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA256", PREFIX + "$KeyFactory");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA256, "HMACSHA256");
         }
     }
 }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA3.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA3.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.jcajce.provider.digest;
 
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.ParallelHash;
@@ -11,6 +12,7 @@
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 
 public class SHA3
 {
@@ -104,6 +106,78 @@ public HashMacSHA3(int size)
         }
     }
 
+    static public class KeyFactorySHA3
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactorySHA3(int size, ASN1ObjectIdentifier algOid)
+        {
+            super("HmacSHA3-" + size, algOid);
+        }
+    }
+
+    static public class KeyFactory224
+        extends KeyFactorySHA3
+    {
+        public KeyFactory224()
+        {
+            super(224, NISTObjectIdentifiers.id_hmacWithSHA3_224);
+        }
+    }
+
+    static public class KeyFactory256
+         extends KeyFactorySHA3
+     {
+         public KeyFactory256()
+         {
+             super(256, NISTObjectIdentifiers.id_hmacWithSHA3_256);
+         }
+     }
+
+    static public class KeyFactory384
+         extends KeyFactorySHA3
+     {
+         public KeyFactory384()
+         {
+             super(384, NISTObjectIdentifiers.id_hmacWithSHA3_384);
+         }
+     }
+
+    static public class KeyFactory512
+         extends KeyFactorySHA3
+     {
+         public KeyFactory512()
+         {
+             super(512, NISTObjectIdentifiers.id_hmacWithSHA3_512);
+         }
+     }
+
+    static public class KeyFactoryKMAC
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactoryKMAC(int size, ASN1ObjectIdentifier algOid)
+        {
+            super("KMAC" + size, algOid);
+        }
+    }
+
+    static public class KeyFactoryKMAC128
+         extends KeyFactoryKMAC
+     {
+         public KeyFactoryKMAC128()
+         {
+             super(128, NISTObjectIdentifiers.id_KmacWithSHAKE128);
+         }
+     }
+
+    static public class KeyFactoryKMAC256
+         extends KeyFactoryKMAC
+     {
+         public KeyFactoryKMAC256()
+         {
+             super(256, NISTObjectIdentifiers.id_KmacWithSHAKE256);
+         }
+     }
+
     public static class KeyGeneratorSHA3
         extends BaseKeyGenerator
     {
@@ -321,18 +395,31 @@ public void configure(ConfigurableProvider provider)
 
             addHMACAlgorithm(provider, "SHA3-224", PREFIX + "$HashMac224",  PREFIX + "$KeyGenerator224");
             addHMACAlias(provider, "SHA3-224", NISTObjectIdentifiers.id_hmacWithSHA3_224);
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA3-224", PREFIX + "$KeyFactory224");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_hmacWithSHA3_224, "HMACSHA3-224");
 
             addHMACAlgorithm(provider, "SHA3-256", PREFIX + "$HashMac256",  PREFIX + "$KeyGenerator256");
             addHMACAlias(provider, "SHA3-256", NISTObjectIdentifiers.id_hmacWithSHA3_256);
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA3-256", PREFIX + "$KeyFactory256");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_hmacWithSHA3_256, "HMACSHA3-256");
 
             addHMACAlgorithm(provider, "SHA3-384", PREFIX + "$HashMac384",  PREFIX + "$KeyGenerator384");
             addHMACAlias(provider, "SHA3-384", NISTObjectIdentifiers.id_hmacWithSHA3_384);
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA3-384", PREFIX + "$KeyFactory384");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_hmacWithSHA3_384, "HMACSHA3-384");
 
             addHMACAlgorithm(provider, "SHA3-512", PREFIX + "$HashMac512",  PREFIX + "$KeyGenerator512");
             addHMACAlias(provider, "SHA3-512", NISTObjectIdentifiers.id_hmacWithSHA3_512);
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA3-512", PREFIX + "$KeyFactory512");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_hmacWithSHA3_512, "HMACSHA3-512");
 
             addKMACAlgorithm(provider, "128", PREFIX + "$KMac128",  PREFIX + "$KeyGenerator256");
+            provider.addAlgorithm("SecretKeyFactory.KMAC128", PREFIX + "$KeyFactoryKMAC128");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_Kmac128, "KMAC128");
+
             addKMACAlgorithm(provider, "256", PREFIX + "$KMac256",  PREFIX + "$KeyGenerator512");
+            provider.addAlgorithm("SecretKeyFactory.KMAC256", PREFIX + "$KeyFactoryKMAC256");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_Kmac256, "KMAC256");
 
             provider.addAlgorithm("MessageDigest.TUPLEHASH256-512", PREFIX + "$DigestTupleHash256_512");
             provider.addAlgorithm("MessageDigest.TUPLEHASH128-256", PREFIX + "$DigestTupleHash128_256");
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
@@ -9,6 +9,7 @@
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 
 public class SHA384
 {
@@ -45,6 +46,15 @@ public HashMac()
         }
     }
 
+    static public class KeyFactory
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("HmacSHA384", null);
+        }
+    }
+
     /**
      * HMACSHA384
      */
@@ -86,6 +96,9 @@ public void configure(ConfigurableProvider provider)
 
             addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
+
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA384", PREFIX + "$KeyFactory");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA384, "HMACSHA384");
         }
     }
 }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
@@ -10,6 +10,7 @@
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 
 public class SHA512
 {
@@ -101,6 +102,33 @@ public HashMacT256()
         }
     }
 
+    static public class KeyFactory
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("HmacSHA512", null);
+        }
+    }
+
+    static public class KeyFactory224
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactory224()
+        {
+            super("HmacSHA512/224", null);
+        }
+    }
+
+    static public class KeyFactory256
+        extends BaseSecretKeyFactory
+    {
+        public KeyFactory256()
+        {
+            super("HmacSHA512/256", null);
+        }
+    }
+
     /**
      * SHA-512 HMac
      */
@@ -181,6 +209,17 @@ public void configure(ConfigurableProvider provider)
 
             addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
             addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
+
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA512", PREFIX + "$KeyFactory");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA512, "HMACSHA512");
+
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA512/224", PREFIX + "$KeyFactory224");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.HMACSHA512(224)", "HMACSHA512/224");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA512_224, "HMACSHA512/224");
+
+            provider.addAlgorithm("SecretKeyFactory.HMACSHA512/256", PREFIX + "$KeyFactory256");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.HMACSHA512(256)", "HMACSHA512/256");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA512_256, "HMACSHA512/256");
         }
     }
 
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bcfks/BcFKSKeyStoreSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bcfks/BcFKSKeyStoreSpi.java
@@ -118,6 +118,16 @@ class BcFKSKeyStoreSpi
         oidMap.put("HMACSHA256", PKCSObjectIdentifiers.id_hmacWithSHA256);
         oidMap.put("HMACSHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
         oidMap.put("HMACSHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
+        oidMap.put("HMACSHA512/224", PKCSObjectIdentifiers.id_hmacWithSHA512_224);
+        oidMap.put("HMACSHA512/256", PKCSObjectIdentifiers.id_hmacWithSHA512_256);
+        oidMap.put("HMACSHA512(224)", PKCSObjectIdentifiers.id_hmacWithSHA512_224);
+        oidMap.put("HMACSHA512(256)", PKCSObjectIdentifiers.id_hmacWithSHA512_256);
+        oidMap.put("HMACSHA3-224", NISTObjectIdentifiers.id_hmacWithSHA3_224);
+        oidMap.put("HMACSHA3-256", NISTObjectIdentifiers.id_hmacWithSHA3_256);
+        oidMap.put("HMACSHA3-384", NISTObjectIdentifiers.id_hmacWithSHA3_384);
+        oidMap.put("HMACSHA3-512", NISTObjectIdentifiers.id_hmacWithSHA3_512);
+        oidMap.put("KMAC128", NISTObjectIdentifiers.id_Kmac128);
+        oidMap.put("KMAC256", NISTObjectIdentifiers.id_Kmac256);
         oidMap.put("SEED", KISAObjectIdentifiers.id_seedCBC);
 
         oidMap.put("CAMELLIA.128", NTTObjectIdentifiers.id_camellia128_cbc);
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/BCFKSStoreTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/BCFKSStoreTest.java

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@`
`9`	`9`	`import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;`
`10`	`10`	`import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;`
`11`	`11`	`import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;`
	`12`	`+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;`
`12`	`13`	`import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;`
`13`	`14`
`14`	`15`	`public class SHA1`
`@@ -78,7 +79,16 @@ public static class PBEWithMacKeyFactory`
`78`	`79`	`{`
`79`	`80`	`public PBEWithMacKeyFactory()`
`80`	`81`	`{`
`81`		`- super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0);`
	`82`	`+ super("PBEwithHmacSHA1", null, false, PKCS12, SHA1, 160, 0);`
	`83`	`+ }`
	`84`	`+ }`
	`85`	`+`
	`86`	`+ static public class KeyFactory`
	`87`	`+ extends BaseSecretKeyFactory`
	`88`	`+ {`
	`89`	`+ public KeyFactory()`
	`90`	`+ {`
	`91`	`+ super("HmacSHA1", null);`
`82`	`92`	`}`
`83`	`93`	`}`
`84`	`94`
`@@ -109,6 +119,8 @@ public void configure(ConfigurableProvider provider)`
`109`	`119`	`provider.addAlgorithm("Alg.Alias.Mac." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA");`
`110`	`120`
`111`	`121`	`provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA1", PREFIX + "$PBEWithMacKeyFactory");`
	`122`	`+ provider.addAlgorithm("SecretKeyFactory.HMACSHA1", PREFIX + "$KeyFactory");`
	`123`	`+ provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA1, "HMACSHA1");`
`112`	`124`	`}`
`113`	`125`	`}`
`114`	`126`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;`
`9`	`9`	`import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;`
`10`	`10`	`import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;`
	`11`	`+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;`
`11`	`12`
`12`	`13`	`public class SHA224`
`13`	`14`	`{`
`@@ -44,6 +45,15 @@ public HashMac()`
`44`	`45`	`}`
`45`	`46`	`}`
`46`	`47`
	`48`	`+ static public class KeyFactory`
	`49`	`+ extends BaseSecretKeyFactory`
	`50`	`+ {`
	`51`	`+ public KeyFactory()`
	`52`	`+ {`
	`53`	`+ super("HmacSHA224", null);`
	`54`	`+ }`
	`55`	`+ }`
	`56`	`+`
`47`	`57`	`public static class KeyGenerator`
`48`	`58`	`extends BaseKeyGenerator`
`49`	`59`	`{`
`@@ -73,6 +83,8 @@ public void configure(ConfigurableProvider provider)`
`73`	`83`	`addHMACAlgorithm(provider, "SHA224", PREFIX + "$HashMac", PREFIX + "$KeyGenerator");`
`74`	`84`	`addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224);`
`75`	`85`
	`86`	`+ provider.addAlgorithm("SecretKeyFactory.HMACSHA224", PREFIX + "$KeyFactory");`
	`87`	`+ provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_hmacWithSHA224, "HMACSHA224");`
`76`	`88`	`}`
`77`	`89`	`}`
`78`	`90`	`}`