BJA-591 Added SHA3 support to OAEP.

aaxx · Mar 5, 2016 · 4369827 · 4369827
1 parent 6e139d9
commit 4369827
Show file tree

Hide file tree

Showing 3 changed files with 106 additions and 1 deletion.
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
@@ -232,6 +232,22 @@ else if (pad.equals("OAEPWITHSHA512ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-5
         {
             initFromSpec(new OAEPParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT));
         }
+        else if (pad.equals("OAEPWITHSHA3-224ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-224", "MGF1", new MGF1ParameterSpec("SHA3-224"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-256ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-384ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-384", "MGF1", new MGF1ParameterSpec("SHA3-384"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-512ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-512", "MGF1", new MGF1ParameterSpec("SHA3-512"), PSource.PSpecified.DEFAULT));
+        }
         else
         {
             throw new NoSuchPaddingException(padding + " unavailable with RSA.");
@@ -304,7 +320,7 @@ else if (key instanceof RSAPrivateKey)
                 {
                     throw new InvalidAlgorithmParameterException("no match on MGF digest algorithm: "+ mgfParams.getDigestAlgorithm());
                 }
-                
+
                 cipher = new OAEPEncoding(new RSABlindedEngine(), digest, mgfDigest, ((PSource.PSpecified)spec.getPSource()).getValue());
             }
         }

diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java
@@ -15,6 +15,7 @@
 import org.bouncycastle.crypto.digests.SHA224Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA3Digest;
 import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.crypto.digests.SHA512tDigest;
 import org.bouncycastle.util.Strings;
@@ -29,6 +30,10 @@ public class DigestFactory
     private static Set sha512 = new HashSet();
     private static Set sha512_224 = new HashSet();
     private static Set sha512_256 = new HashSet();
+    private static Set sha3_224 = new HashSet();
+    private static Set sha3_256 = new HashSet();
+    private static Set sha3_384 = new HashSet();
+    private static Set sha3_512 = new HashSet();
 
     private static Map oids = new HashMap();
 
@@ -65,6 +70,18 @@ public class DigestFactory
         sha512_256.add("SHA-512(256)");
         sha512_256.add(NISTObjectIdentifiers.id_sha512_256.getId());
 
+        sha3_224.add("SHA3-224");
+        sha3_224.add(NISTObjectIdentifiers.id_sha3_224.getId());
+
+        sha3_256.add("SHA3-256");
+        sha3_256.add(NISTObjectIdentifiers.id_sha3_256.getId());
+
+        sha3_384.add("SHA3-384");
+        sha3_384.add(NISTObjectIdentifiers.id_sha3_384.getId());
+
+        sha3_512.add("SHA3-512");
+        sha3_512.add(NISTObjectIdentifiers.id_sha3_512.getId());
+
         oids.put("MD5", PKCSObjectIdentifiers.md5);
         oids.put(PKCSObjectIdentifiers.md5.getId(), PKCSObjectIdentifiers.md5);
 
@@ -95,6 +112,18 @@ public class DigestFactory
         oids.put("SHA512(256)", NISTObjectIdentifiers.id_sha512_256);
         oids.put("SHA-512(256)", NISTObjectIdentifiers.id_sha512_256);
         oids.put(NISTObjectIdentifiers.id_sha512_256.getId(), NISTObjectIdentifiers.id_sha512_256);
+
+        oids.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
+        oids.put(NISTObjectIdentifiers.id_sha3_224.getId(), NISTObjectIdentifiers.id_sha3_224);
+
+        oids.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
+        oids.put(NISTObjectIdentifiers.id_sha3_256.getId(), NISTObjectIdentifiers.id_sha3_256);
+
+        oids.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
+        oids.put(NISTObjectIdentifiers.id_sha3_384.getId(), NISTObjectIdentifiers.id_sha3_384);
+
+        oids.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
+        oids.put(NISTObjectIdentifiers.id_sha3_512.getId(), NISTObjectIdentifiers.id_sha3_512);
     }
 
     public static Digest getDigest(
@@ -135,6 +164,23 @@ public static Digest getDigest(
             return new SHA512tDigest(256);
         }
 
+        if (sha3_224.contains(digestName))
+        {
+            return new SHA3Digest(224);
+        }
+        if (sha3_256.contains(digestName))
+        {
+            return new SHA3Digest(256);
+        }
+        if (sha3_384.contains(digestName))
+        {
+            return new SHA3Digest(384);
+        }
+        if (sha3_512.contains(digestName))
+        {
+            return new SHA3Digest(512);
+        }
+
         return null;
     }
 
@@ -149,6 +195,10 @@ public static boolean isSameDigest(
             || (sha512.contains(digest1) && sha512.contains(digest2))
             || (sha512_224.contains(digest1) && sha512_224.contains(digest2))
             || (sha512_256.contains(digest1) && sha512_256.contains(digest2))
+            || (sha3_224.contains(digest1) && sha3_224.contains(digest2))
+            || (sha3_256.contains(digest1) && sha3_256.contains(digest2))
+            || (sha3_384.contains(digest1) && sha3_384.contains(digest2))
+            || (sha3_512.contains(digest1) && sha3_512.contains(digest2))
             || (md5.contains(digest1) && md5.contains(digest2));
     }
 

diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/RSATest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/RSATest.java
@@ -706,6 +706,45 @@ public void performTest()
         out = c.update(new byte[40]);
 
         zeroMessageTest();
+
+        oaepDigestCheck("SHA3-224", NISTObjectIdentifiers.id_sha3_224, pub2048Key, priv2048Key, rand, Hex.decode("2aa7812d4f7b7766f8625feb58481ef5b5fa6dfafbea543e4bbba89d6708f4900fc9fd55d5c2b83fefefc67e2ba7a4222217efaa9b9d31920bdcd78733319aca910dfd118aae5e901a6d27a56e37b1a6f86e7404f82da248e77845e58b789f10a1af8a1208f77dda384692609339346c4ea57928b890042e7d70b1d5817f8978dcbc9cd2fcdde37a0a41a52dbef701ddc859a5d58efd10aa5bd8d205c10154db906540bf20dedcff721df11a456df201cb9cbbd092a89a1eb3f11e7e34003d7070e02c8db54e5498e7ee262fb9178f5eb85d1db66baafe0a66e8283df9c41bded218e5d906d28f08803deb3cbd1a92777d55fe56ff022a47f673cac2ca145973"));
+        oaepDigestCheck("SHA3-256", NISTObjectIdentifiers.id_sha3_256, pub2048Key, priv2048Key, rand, Hex.decode("4460e68586ac0ca1832274919c6b9159d40ea1d383a32ca28f0e1a81962289c8c904fa117d90afd7bfefa51b6889d2d999efb72bafd4beb5594bb08f62532ecb077e4968f43e70673341e60649ed64ac49cf1a2396a64577767d8958217a251938a7ac1bbc1aec9c9197a2eb9a375c74a01097fe3717c8bde04f8a20df85ef10a59070970a4a6470131654cecb641d46e464f17ddfe7e0595025bf25f025edbd56b19487cfc87de1642ca5190f289cf78e2c4b1cf90e73ffae331581c23febcf490c32299f2e5bd5a354a0cc996cc692b5a318777d17e734b3c487ad615df7af0fc361af564e6970ee0aa9b140634cdcf1eda91d1a1156326caaa608c4d43ee4"));
+        oaepDigestCheck("SHA3-384", NISTObjectIdentifiers.id_sha3_384, pub2048Key, priv2048Key, rand, Hex.decode("1b9f490569bddac8ea77e3bec8d6d38b159cb88545de86065dbc8757b35fdeb0cce90eaf93ec6d69d691c590fc3feec9974b80e0c0068929c77533be2066b4002ad6d195e473f72e8581255b8d2dfff016ff27ed50e6d3e63cfaf50851b2d43833eea8dab3b4506f517875659099815a96be6e8fd2dc1417c6e3ffadcfd3f494a5544267688d114d3eeaf43ea954686656afb7a3dc2f8a4cdc5d7b90a97acbbe32ff17b3d26d7eb2a4fbc847d49cc8cb8f837646613d1b5a78096cf3f48acf4be95205e0c4cb283447029eae1442fe3813a017604dfd59a9e841473f4d8914860f785fb2194b21cba47cd401bc32720f3df373e59336c3d64c61babd474b4bbe"));
+        oaepDigestCheck("SHA3-512", NISTObjectIdentifiers.id_sha3_512, pub2048Key, priv2048Key, rand, Hex.decode("7b7870bb5ae52276a8b06b59f7321043afb1fa4e5dbca9f14bcce9efaacded531f090646ab0f8701b012cc93c51e0a8591043e6457cde1950f4ffc8ad87d946622ea48a70f95f40c22d88679eb92c10c19db487fd64857d723daf4ccfe749fdd05e6c0be28de57e09d3b5a0981322b6cc7a9743a50eec355a7af5bdcdcddc5e279ad90f599b68c47fdb39916c7a597cf989169e8667fd8602e88c9c128085d0e158ea75eeb37919a91cdf3f2cd5394adaadc4a2f25a6222d2637cb464841dc5820e54843495cb97af6b19edc72f137123813f5d78503232f79e4f617be3a9f09b0206634a2ecfe457dbd71d2d3d8e3dbca486e75e543f559dcea3112ad50a21d"));
+    }
+
+    public void oaepDigestCheck(String digest, ASN1ObjectIdentifier oid, PublicKey pubKey, PrivateKey privKey, SecureRandom rand, byte[] expected)
+        throws Exception
+    {
+        byte[] input = new byte[]
+            {(byte)0x54, (byte)0x85, (byte)0x9b, (byte)0x34, (byte)0x2c, (byte)0x49, (byte)0xea, (byte)0x2a};
+
+        Cipher c = Cipher.getInstance("RSA/NONE/OAEPPadding", "BC");
+
+        c.init(Cipher.ENCRYPT_MODE, pubKey, new OAEPParameterSpec(digest, "MGF1", new MGF1ParameterSpec(digest), PSource.PSpecified.DEFAULT), rand);
+
+        byte[] out = c.doFinal(input);
+
+        isTrue("OAEP decrypt failed", Arrays.areEqual(expected, out));
+
+        AlgorithmParameters oaepP = c.getParameters();
+
+        if (!areEqual(oaepP.getEncoded(),
+            new RSAESOAEPparams(
+                new AlgorithmIdentifier(oid, DERNull.INSTANCE),
+                new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, new AlgorithmIdentifier(oid, DERNull.INSTANCE)),
+                new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0]))).getEncoded()))
+        {
+            fail("OAEP test failed changed parameters for " + digest);
+        }
+
+        c = Cipher.getInstance("RSA/NONE/OAEPWith" + digest + "AndMGF1Padding", "BC");
+
+        c.init(Cipher.DECRYPT_MODE, privKey);
+
+        byte[] dec = c.doFinal(out);
+
+        isTrue("OAEP decrypt failed", Arrays.areEqual(input, dec));
     }
 
     public void zeroMessageTest()