diff --git a/PROVIDER_CONFIG_FORMAT.md b/PROVIDER_CONFIG_FORMAT.md new file mode 100644 index 000000000..d5c7a5193 --- /dev/null +++ b/PROVIDER_CONFIG_FORMAT.md @@ -0,0 +1,456 @@ +# Provider Configuration File Format Documentation + +This document describes the format and syntax for provider configuration files used in OpenJCEPlus, based on the `ProviderServiceReader.java` implementation and example configuration files [ProviderDefAttrs.config](./src/test/ProviderDefAttrs.config) and [ProviderFIPSDefAttrs.config](./src/test/ProviderFIPSDefAttrs.config). + +## Overview + +Provider configuration files define cryptographic services, their implementations, aliases, and attributes for Java Cryptography Extension (JCE) providers. These files use a Java Properties format and are parsed by the `ProviderServiceReader` class. + +## File Format + +Configuration files follow the standard Java Properties format: +- Key-value pairs separated by `=` +- Comments start with `#` +- Multi-line values not supported +- Whitespace around commas in lists is automatically trimmed + +--- + +## Statement Types + +The parser recognizes statements based on the number of dot-separated parts in the key: + +### 1. Provider Metadata (1 part) + +Define basic provider information. + +#### Format: +```properties +name = +description = +default = +``` + +#### Fields: +- **name**: Unique identifier for the provider (required) +- **description**: Human-readable description of the provider (required) +- **default**: Whether to load default provider attributes (optional, values: `true`, `false`, `1`, `0`) + +#### Examples: +```properties +name = test +description = OpenJCEPlus-test Provider + +name = test-fips +description = OpenJCEPlusFIPS-test Provider + +# Load default attributes +default = true +``` + +#### Parser Behavior: +- Keys with exactly 1 part are checked for `name`, `description`, or `default` +- Invalid single-part keys throw an `IOException` +- When `default = true` or `default = 1`, the parser loads default services from `DefaultProviderAttrs.defaultProvAttrs` + +--- + +### 2. Service Definitions (3 parts) + +Register cryptographic service implementations. + +#### Format: +```properties +Service.. = +``` + +#### Key Structure: +- **Part 0**: Must be `Service` (case-insensitive) +Service.AlgorithmParameterGenerator.CCM = com.ibm.crypto.plus.provider.CCMParameterGenerator +Service.AlgorithmParameterGenerator.CCM = com.ibm.crypto.plus.provider.CCMParameterGenerator +- **Part 1**: Service type - Cipher, Signature, MessageDigest, SecureRandom, SecretKeyFactory, + KEM, KDF, MAC, KeyPairGenerator, KeyGenerator, KeyFactory, KeyAgreement, + AlgorithmParameterGenerator, AlgorithmParameters, etc. + (see Java Cryptography Architecture API Specification and Reference) +- **Part 2**: Algorithm name or transformation + +#### Examples: + +**Simple Services:** +```properties +Service.AlgorithmParameters.AES = com.ibm.crypto.plus.provider.AESParameters +Service.MessageDigest.MD5 = com.ibm.crypto.plus.provider.MessageDigest$MD5 +Service.Cipher.RSA = com.ibm.crypto.plus.provider.RSA +``` + +**Services with Transformations:** +```properties +Service.Cipher.AES/GCM/NoPadding = com.ibm.crypto.plus.provider.AESGCMCipher +Service.Cipher.AES/CCM/NoPadding = com.ibm.crypto.plus.provider.AESCCMCipher +Service.Cipher.AES/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW +``` + +**Services with Inner Classes:** +```properties +Service.KeyFactory.RSA = com.ibm.crypto.plus.provider.RSAKeyFactory$Legacy +Service.KeyFactory.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyFactory$PSS +Service.SecretKeyFactory.PBKDF2WithHmacSHA256 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA256 +``` + +#### Parser Behavior: +- Keys with exactly 3 parts where part[0] is `Service` are recognized as service definitions +- The parser creates a `ServiceDefinition` object with: + - Type: `parts[1]` + - Algorithm: `parts[2]` + - ClassName: property value + - Aliases: processed from alias statements + - Attributes: processed from attribute statements + +#### Common Service Types: +- **AlgorithmParameters**: Parameter specifications +- **AlgorithmParameterGenerator**: Parameter generators +- **Cipher**: Encryption/decryption engines +- **KeyAgreement**: Key agreement protocols +- **KeyFactory**: Key conversion and specification +- **KeyGenerator**: Symmetric key generators +- **KeyPairGenerator**: Asymmetric key pair generators +- **MAC**: Message Authentication Code engines +- **MessageDigest**: Hash/digest algorithms +- **SecretKeyFactory**: Secret key factories +- **SecureRandom**: Random number generators +- **Signature**: Digital signature engines +- **KDF**: Key Derivation Functions +- **KEM**: Key Encapsulation Mechanisms (PQC) + +--- + +### 3. Alias Definitions (4 parts) + +Define alternative names for algorithms. + +#### Format: +```properties +..alias. = , , , ... +``` + +#### Key Structure: +- **Part 0**: Service type (matches Service definition) +- **Part 1**: Algorithm name (matches Service definition) +- **Part 2**: Must be `alias` (case-insensitive) +- **Part 3**: Operation type: `add`, `delete`, or `replace` + +#### Operations: + +**add**: Adds aliases to the list (cumulative with defaults if applicable) +```properties +AlgorithmParameters.GCM.alias.add = AESGCM +Cipher.AES/KW/NoPadding.alias.add = AESWrap +KeyGenerator.DESede.alias.add = TripleDES, 3DES +``` + +**delete**: Removes specified aliases from the current list +```properties +# Remove specific aliases +Cipher.AES.alias.delete = OldAlias, DeprecatedName +``` + +**replace**: Clears all existing aliases and sets new ones +```properties +# Replace all aliases with new set +MessageDigest.SHA-256.alias.replace = SHA256, SHA2 +``` + +#### Examples with OIDs: +```properties +AlgorithmParameters.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +KeyFactory.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1.1, 1.2.840.113549.1.1.1 +MessageDigest.SHA-1.alias.add = SHA, SHA1, OID.1.3.14.3.2.26, 1.3.14.3.2.26 +``` + +#### Parser Behavior: +- Keys with exactly 4 parts where part[2] is `alias` are recognized as alias definitions +- The value is split by commas with whitespace trimmed: `value.split("\\s*,\\s*")` +- Processing order: + 1. Default aliases are added first (if `default = true`) + 2. Config file `.add` operations are applied + 3. Config file `.delete` operations are applied + 4. Config file `.replace` operations are applied (clears list first) +- Only one operation (add/delete/replace) per service type and algorithm is expected + +--- + +### 4. Attribute Definitions (5 parts) + +Define service attributes (properties). + +#### Format: +```properties +..attr.. = +``` + +#### Key Structure: +- **Part 0**: Service type (matches Service definition) +- **Part 1**: Algorithm name (matches Service definition) +- **Part 2**: Must be `attr` (case-insensitive) +- **Part 3**: Operation type: `add` or `delete` +- **Part 4**: Attribute name + +#### Operations: + +**add**: Adds or updates an attribute +```properties +SecureRandom.SHA256DRBG.attr.add.ThreadSafe = true +SecureRandom.SHA512DRBG.attr.add.ThreadSafe = true +``` + +**delete**: Removes an attribute +```properties +# Remove an attribute +Cipher.AES.attr.delete.SomeAttribute = ignored +``` + +#### Parser Behavior: +- Keys with exactly 5 parts where part[2] is `attr` are recognized as attribute definitions +- Processing order: + 1. Default attributes are added first (if `default = true`) + 2. Config file `.add` operations are applied + 3. Config file `.delete` operations are applied +- The attribute name is `parts[4]` and the value is the property value +- For delete operations, the value is ignored (attribute is removed by name) + +#### Common Attributes: +- **ThreadSafe**: Indicates if the implementation is thread-safe (`true`/`false`) +- Custom attributes can be defined as needed + +--- + +### 5. Comments + +Provide documentation and section separators. + +#### Format: +```properties +# Single line comment +# ======================================================================= +# Section Header +# ======================================================================= +# +``` + +#### Examples: +```properties +# This is a comment +# ChaCha20 and ChaCha20-Poly1305 not supported in FIPS mode + +# ======================================================================= +# Cipher engines +# ======================================================================= +# +``` + +--- + +## Processing Order + +When `ProviderServiceReader.readServices()` is called: + +1. **Load Properties**: File is loaded using `Properties.load()` +2. **Parse Keys**: All keys are split by dots and categorized: + - 1 part: Provider metadata (`name`, `description`, `default`) + - 3 parts with `Service`: Service definitions + - 4 parts with `alias`: Alias definitions + - 5 parts with `attr`: Attribute definitions + - Invalid keys throw `IOException` +3. **Load Defaults** (if `default = true` or `default = 1`): + - Load `DefaultProviderAttrs.defaultProvAttrs` + - Process default services with their aliases and attributes +4. **Process Config Services**: + - For each service in config file: + - Process aliases (add/delete/replace operations) + - Process attributes (add/delete operations) + - Create `ServiceDefinition` object +5. **Return List**: Return list of all `ServiceDefinition` objects + +--- + +## Complete Examples + +### Example 1: Basic Algorithm with Aliases +```properties +# Define the service +Service.MessageDigest.SHA-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA256 + +# Add aliases including OIDs +MessageDigest.SHA-256.alias.add = OID.2.16.840.1.101.3.4.2.1, 2.16.840.1.101.3.4.2.1, SHA2, SHA-2, SHA256 +``` + +### Example 2: Cipher with Multiple Variants +```properties +# Base cipher +Service.Cipher.AES = com.ibm.crypto.plus.provider.AESCipher + +# Specific mode +Service.Cipher.AES/GCM/NoPadding = com.ibm.crypto.plus.provider.AESGCMCipher + +# Key wrap variant with aliases +Cipher.AES_128/KW/NoPadding.alias.add = AESWrap_128, 2.16.840.1.101.3.4.1.5, OID.2.16.840.1.101.3.4.1.5 +Service.Cipher.AES_128/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_128 +``` + +### Example 3: Service with Alias Operations +```properties +# Define service +Service.Cipher.AES = com.ibm.crypto.plus.provider.AESCipher + +# Add some aliases +Cipher.AES.alias.add = Rijndael, AES-128, AES-192, AES-256 + +# Later, remove one +Cipher.AES.alias.delete = Rijndael + +# Or replace all +Cipher.AES.alias.replace = AES-128, AES-192, AES-256 +``` + +### Example 4: SecureRandom with Attributes +```properties +# Define secure random with aliases and attributes +SecureRandom.SHA256DRBG.alias.add = HASHDRBG, SHA2DRBG +SecureRandom.SHA256DRBG.attr.add.ThreadSafe = true +Service.SecureRandom.SHA256DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA256DRBG +``` + +### Example 5: Using Default Provider Attributes +```properties +# Enable default attributes +default = true + +# This will load all services from DefaultProviderAttrs.defaultProvAttrs +# Then you can override or add specific services + +# Override a default service +Service.Cipher.AES = com.custom.provider.CustomAESCipher + +# Add new aliases to a default service +Cipher.AES.alias.add = CustomAES + +# Remove an alias from a default service +Cipher.AES.alias.delete = OldAlias +``` + +### Example 6: PQC (Post-Quantum Cryptography) Services +```properties +# Key Factory +KeyFactory.ML-KEM-768.alias.add = ML-KEM, ML_KEM_768, MLKEM768, OID.2.16.840.1.101.3.4.4.2, 2.16.840.1.101.3.4.4.2 +Service.KeyFactory.ML-KEM-768 = com.ibm.crypto.plus.provider.PQCKeyFactory$MLKEM768 + +# Key Pair Generator +KeyPairGenerator.ML-DSA-65.alias.add = ML-DSA, ML_DSA_65, MLDSA65, OID.2.16.840.1.101.3.4.3.18, 2.16.840.1.101.3.4.3.18 +Service.KeyPairGenerator.ML-DSA-65 = com.ibm.crypto.plus.provider.PQCKeyPairGenerator$MLDSA65 + +# KEM (Key Encapsulation Mechanism) +KEM.ML-KEM-768.alias.add = ML-KEM, ML_KEM_768, MLKEM768, OID.2.16.840.1.101.3.4.4.2, 2.16.840.1.101.3.4.4.2 +Service.KEM.ML-KEM-768 = com.ibm.crypto.plus.provider.MLKEMImpl$MLKEM768 + +# Signature +Signature.ML-DSA-65.alias.add = ML-DSA, ML_DSA_65, MLDSA65, OID.2.16.840.1.101.3.4.3.18, 2.16.840.1.101.3.4.3.18 +Service.Signature.ML-DSA-65 = com.ibm.crypto.plus.provider.PQCSignatureImpl$MLDSA65 +``` + +--- + +## Naming Conventions + +### Algorithm Names +- Use standard algorithm names (e.g., AES, RSA, SHA-256) +- Use hyphens for variants (e.g., SHA-256, SHA3-224) +- Use slashes for transformations (e.g., AES/GCM/NoPadding) +- Use underscores for specific key sizes (e.g., AES_128, ML-KEM-512) + +### Class Names +- Use fully qualified package names +- Inner classes use `$` separator (e.g., `RSAKeyFactory$Legacy`) +- Variant implementations often use inner classes + +### OID Formats +- Include both prefixed and non-prefixed versions +- Format: `OID.x.x.x.x` and `x.x.x.x` + +--- + + +### Standard Configuration (`ProviderDefAttrs.config`) +- **Full algorithm support**: Includes all algorithms +- **Legacy support**: Includes older algorithms for compatibility +- **Extended features**: XDH, EdDSA, PQC algorithms included +- **More key derivation options**: PBKDF2 with various hash functions + +--- + +## Error Handling + +The parser throws `IOException` for: +- **File not found**: Specified file path doesn't exist +- **Invalid key format**: Keys that don't match expected patterns (1, 3, 4, or 5 parts) +- **Missing required fields**: No `name` or `description` specified +- **Parse errors**: Issues loading properties file + +Common issues: +- **Missing Service definition**: Alias or attribute defined before Service +- **Invalid class name**: Implementation class not found (runtime error) +- **Duplicate definitions**: Same service defined multiple times (last one wins) +- **Invalid operation**: Using unsupported operations (only add/delete/replace for aliases, add/delete for attributes) + +--- + +## ServiceDefinition Class + +The parser creates `ServiceDefinition` objects with: + +```java +public class ServiceDefinition { + private final String type; // Service type (e.g., "Cipher") + private final String algorithm; // Algorithm name (e.g., "AES") + private final String className; // Implementation class + private final List aliases; // List of alias names + private final Map attributes; // Attribute key-value pairs +} +``` + +### Methods: +- `getType()`: Returns service type +- `getAlgorithm()`: Returns algorithm name +- `getClassName()`: Returns implementation class name +- `getAliases()`: Returns list of aliases +- `getAttributes()`: Returns map of attributes + +--- + +## Best Practices + +1. **Define Services First**: Always define the Service before aliases and attributes +2. **Group Related Services**: Use section comments to organize services by type +3. **Include OIDs**: Add both prefixed and non-prefixed OID formats +4. **Document Restrictions**: Use comments to explain FIPS or other restrictions +5. **Consistent Naming**: Follow naming conventions throughout the file +6. **Use Defaults Wisely**: Set `default = true` to inherit common services, then override as needed +7. **Order Matters**: For aliases, remember that add/delete/replace are processed in order +8. **Attribute Operations**: Use add for setting/updating, delete for removing + +--- + +## Summary + +The provider configuration format uses Java Properties syntax with specific key patterns: + +| Parts | Pattern | Purpose | Example | +|-------|---------|---------|---------| +| 1 | `name` / `description` / `default` | Provider metadata | `name = test` | +| 3 | `Service..` | Service definition | `Service.Cipher.AES = com.ibm...` | +| 4 | `..alias.` | Alias operations | `Cipher.AES.alias.add = Rijndael` | +| 5 | `..attr..` | Attribute operations | `SecureRandom.SHA256DRBG.attr.add.ThreadSafe = true` | + +**Alias Operations**: `add`, `delete`, `replace` +**Attribute Operations**: `add`, `delete` + +This format provides a flexible, property-based way to configure JCE providers with support for multiple algorithm names, OID mappings, service attributes, and inheritance from default configurations. \ No newline at end of file diff --git a/src/main/java/com/ibm/crypto/plus/provider/DefaultFIPSProviderAttrs.java b/src/main/java/com/ibm/crypto/plus/provider/DefaultFIPSProviderAttrs.java new file mode 100644 index 000000000..d72fe01bd --- /dev/null +++ b/src/main/java/com/ibm/crypto/plus/provider/DefaultFIPSProviderAttrs.java @@ -0,0 +1,284 @@ +/* + * Copyright IBM Corp. 2026 + * + * This code is free software; you can redistribute it and/or modify it + * under the terms provided by IBM in the LICENSE file that accompanied + * this code, including the "Classpath" Exception described therein. + */ + +package com.ibm.crypto.plus.provider; + +class DefaultFIPSProviderAttrs { + static final boolean allowLegacyHKDF = Boolean.getBoolean("openjceplus.allowLegacyHKDF"); + static final boolean allowNonOAEPFIPS = Boolean.parseBoolean(System.getProperty("com.ibm.openjceplusfips.allowNonOAEP", "false")); + static String defaultFIPSProvAttrs = "Service.AlgorithmParameters.AES = com.ibm.crypto.plus.provider.AESParameters\n" + + + "AlgorithmParameters.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.AlgorithmParameters.DiffieHellman = com.ibm.crypto.plus.provider.DHParameters\n" + + "AlgorithmParameters.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12\n" + + "Service.AlgorithmParameters.DSA = com.ibm.crypto.plus.provider.DSAParameters\n" + + "AlgorithmParameters.EC.alias.add = EllipticCurve, OID.1.2.840.10045.2.1, 1.2.840.10045.2.1\n" + + "Service.AlgorithmParameters.EC = com.ibm.crypto.plus.provider.ECParameters\n" + + "AlgorithmParameters.GCM.alias.add = AESGCM\n" + + "Service.AlgorithmParameters.GCM = com.ibm.crypto.plus.provider.GCMParameters\n" + + "AlgorithmParameters.CCM.alias.add = AESCCM\n" + + "Service.AlgorithmParameters.CCM = com.ibm.crypto.plus.provider.CCMParameters\n" + + "Service.AlgorithmParameters.OAEP = com.ibm.crypto.plus.provider.OAEPParameters\n" + + "# ChaCha20 and ChaCha20-Poly1305 not supported in FIPS mode\n" + + "# =======================================================================\n" + + " # Algorithm parameter generation engines\n" + + " # =======================================================================\n" + + " #\n" + + "AlgorithmParameterGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.AlgorithmParameterGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHParameterGenerator\n" + + "AlgorithmParameters.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS\n" + + "Service.AlgorithmParameters.RSAPSS = com.ibm.crypto.plus.provider.PSSParameters\n" + + "Service.AlgorithmParameterGenerator.EC = com.ibm.crypto.plus.provider.ECParameterGenerator\n" + + "AlgorithmParameterGenerator.GCM.alias.add = AESGCM\n" + + "Service.AlgorithmParameterGenerator.GCM = com.ibm.crypto.plus.provider.GCMParameterGenerator\n" + + "AlgorithmParameterGenerator.CCM.alias.add = AESCCM\n" + + "Service.AlgorithmParameterGenerator.CCM = com.ibm.crypto.plus.provider.CCMParameterGenerator\n" + + "# =======================================================================\n" + + " # Cipher engines\n" + + " # =======================================================================\n" + + " #\n" + + "Service.Cipher.AES/GCM/NoPadding = com.ibm.crypto.plus.provider.AESGCMCipher\n" + + "Service.Cipher.AES/CCM/NoPadding = com.ibm.crypto.plus.provider.AESCCMCipher\n" + + "Service.Cipher.AES = com.ibm.crypto.plus.provider.AESCipher\n" + + "Cipher.RSA.attr.add.SupportedModes = ECB\n" + + "Cipher.RSA.attr.add.SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey\n" + + "Service.Cipher.RSA = com.ibm.crypto.plus.provider.RSA\n" + + "Cipher.AES/KW/NoPadding.alias.add = AESWrap\n" + + "Service.Cipher.AES/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW\n" + + "Cipher.AES/KWP/NoPadding.alias.add = AESWrapPad\n" + + "Service.Cipher.AES/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP\n" + + "Cipher.AES_128/KW/NoPadding.alias.add = AESWrap_128, 2.16.840.1.101.3.4.1.5, OID.2.16.840.1.101.3.4.1.5\n" + + "Service.Cipher.AES_128/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_128\n" + + "Cipher.AES_128/KWP/NoPadding.alias.add = AESWrapPad_128, 2.16.840.1.101.3.4.1.8, OID.2.16.840.1.101.3.4.1.8\n" + + "Service.Cipher.AES_128/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_128\n" + + "Cipher.AES_192/KW/NoPadding.alias.add = AESWrap_192, 2.16.840.1.101.3.4.1.25, OID.2.16.840.1.101.3.4.1.25\n" + + "Service.Cipher.AES_192/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_192\n" + + "Cipher.AES_192/KWP/NoPadding.alias.add = AESWrapPad_192, 2.16.840.1.101.3.4.1.28, OID.2.16.840.1.101.3.4.1.28\n" + + "Service.Cipher.AES_192/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_192\n" + + "Cipher.AES_256/KW/NoPadding.alias.add = AESWrap_256, 2.16.840.1.101.3.4.1.45, OID.2.16.840.1.101.3.4.1.45\n" + + "Service.Cipher.AES_256/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_256\n" + + "Cipher.AES_256/KWP/NoPadding.alias.add = AESWrapPad_256, 2.16.840.1.101.3.4.1.48, OID.2.16.840.1.101.3.4.1.48\n" + + "Service.Cipher.AES_256/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_256\n" + + "# =======================================================================\n" + + " # Key agreement\n" + + " # =======================================================================\n" + + " #\n" + + "KeyAgreement.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.KeyAgreement.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyAgreement\n" + + "Service.KeyAgreement.ECDH = com.ibm.crypto.plus.provider.ECDHKeyAgreement\n" + + "# =======================================================================\n" + + " # Key factories\n" + + " # =======================================================================\n" + + " #\n" + + "KeyFactory.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.KeyFactory.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyFactory\n" + + "KeyFactory.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12, DSAKeyFactory\n" + + "Service.KeyFactory.DSA = com.ibm.crypto.plus.provider.DSAKeyFactory\n" + + "KeyFactory.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve\n" + + "Service.KeyFactory.EC = com.ibm.crypto.plus.provider.ECKeyFactory\n" + + "KeyFactory.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1.1, 1.2.840.113549.1.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1\n" + + "Service.KeyFactory.RSA = com.ibm.crypto.plus.provider.RSAKeyFactory$Legacy\n" + + "KeyFactory.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10\n" + + "Service.KeyFactory.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyFactory$PSS\n" + + "# =======================================================================\n" + + " # Key Generator engines\n" + + " # =======================================================================\n" + + " #\n" + + "KeyGenerator.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1\n" + + "Service.KeyGenerator.AES = com.ibm.crypto.plus.provider.AESKeyGenerator\n" + + "KeyGenerator.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224\n" + + "Service.KeyGenerator.HmacSHA224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA224\n" + + "KeyGenerator.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256\n" + + "Service.KeyGenerator.HmacSHA256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA256\n" + + "KeyGenerator.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384\n" + + "Service.KeyGenerator.HmacSHA384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA384\n" + + "KeyGenerator.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512\n" + + "Service.KeyGenerator.HmacSHA512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA512\n" + + "KeyGenerator.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224\n" + + "Service.KeyGenerator.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_224\n" + + "KeyGenerator.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256\n" + + "Service.KeyGenerator.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_256\n" + + "KeyGenerator.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384\n" + + "Service.KeyGenerator.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_384\n" + + "KeyGenerator.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512\n" + + "Service.KeyGenerator.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_512\n" + + + "KeyGenerator.SunTlsPrf.alias.add = TlsPrf\n" + + "Service.KeyGenerator.SunTlsPrf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V10\n" + + "KeyGenerator.SunTls12Prf.alias.add = Tls12Prf\n" + + "Service.KeyGenerator.SunTls12Prf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V12\n" + + "KeyGenerator.SunTlsRsaPremasterSecret.alias.add = TlsRsaPremasterSecret\n" + + "Service.KeyGenerator.SunTlsRsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator\n" + + "KeyGenerator.SunTls12RsaPremasterSecret.alias.add = Tls12RsaPremasterSecret\n" + + "Service.KeyGenerator.SunTls12RsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator\n" + + "KeyGenerator.SunTlsMasterSecret.alias.add = TlsMasterSecret, TlsExtendedMasterSecret, SunTlsExtendedMasterSecret\n" + + "Service.KeyGenerator.SunTlsMasterSecret = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator\n" + + "KeyGenerator.SunTls12MasterSecret.alias.add = Tls12MasterSecret\n" + + "Service.KeyGenerator.SunTls12MasterSecret = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator\n" + + "KeyGenerator.SunTlsKeyMaterial.alias.add = TlsKeyMaterial\n" + + "Service.KeyGenerator.SunTlsKeyMaterial = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator\n" + + "KeyGenerator.SunTls12KeyMaterial.alias.add = Tls12KeyMaterial\n" + + "Service.KeyGenerator.SunTls12KeyMaterial = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator\n" + + "# Not supported in FIPS mode yet - Used for both ChaCha20 and ChaCha20-Poly1305 ciphers\n" + + "# =======================================================================\n" + + " # Keypair Generator engines\n" + + " # =======================================================================\n" + + " #\n" + + "KeyPairGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.KeyPairGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyPairGenerator\n" + + "KeyPairGenerator.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve\n" + + "Service.KeyPairGenerator.EC = com.ibm.crypto.plus.provider.ECKeyPairGenerator\n" + + "KeyPairGenerator.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1\n" + + "Service.KeyPairGenerator.RSA = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$Legacy\n" + + "KeyPairGenerator.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS\n" + + "Service.KeyPairGenerator.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$PSS\n" + + "# =======================================================================\n" + + " # Message authentication engines\n" + + " # =======================================================================\n" + + " #\n" + + "MAC.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224\n" + + "Service.MAC.HmacSHA224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA224\n" + + "MAC.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256\n" + + "Service.MAC.HmacSHA256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA256\n" + + "MAC.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384\n" + + "Service.MAC.HmacSHA384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA384\n" + + "MAC.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512\n" + + "Service.MAC.HmacSHA512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA512\n" + + "MAC.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224\n" + + "Service.MAC.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_224\n" + + "MAC.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256\n" + + "Service.MAC.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_256\n" + + "MAC.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384\n" + + "Service.MAC.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_384\n" + + "MAC.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512\n" + + "Service.MAC.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_512\n" + + "# =======================================================================\n" + + "# HKDF Algorithms use key generator spis - OIDs are not finalized\n" + + "# Oracle does not go through provider. Directly calls HKDF. Not supported till\n" + + "# Next GSkit Crypto FIPS certification.\n" + + " # =======================================================================\n" + + " #\n" + + "KeyGenerator.kda-hkdf-with-sha224.alias.add = kda-hkdf-with-sha-224\n" + + "Service.KeyGenerator.kda-hkdf-with-sha224 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA224\n" + + "KeyGenerator.kda-hkdf-with-sha256.alias.add = kda-hkdf-with-sha-256\n" + + "Service.KeyGenerator.kda-hkdf-with-sha256 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA256\n" + + "KeyGenerator.kda-hkdf-with-sha384.alias.add = kda-hkdf-with-sha-384\n" + + "Service.KeyGenerator.kda-hkdf-with-sha384 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA384\n" + + "KeyGenerator.kda-hkdf-with-sha512.alias.add = kda-hkdf-with-sha-512\n" + + "Service.KeyGenerator.kda-hkdf-with-sha512 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA512\n" + + "# =======================================================================\n" + + " # MessageDigest engines\n" + + " # =======================================================================\n" + + " #\n" + + "Service.MessageDigest.MD5 = com.ibm.crypto.plus.provider.MessageDigest$MD5\n" + + "MessageDigest.SHA-1.alias.add = SHA, SHA1, OID.1.3.14.3.2.26, 1.3.14.3.2.26\n" + + "Service.MessageDigest.SHA-1 = com.ibm.crypto.plus.provider.MessageDigest$SHA1\n" + + "MessageDigest.SHA-224.alias.add = OID.2.16.840.1.101.3.4.2.4, 2.16.840.1.101.3.4.2.4, SHA224\n" + + "Service.MessageDigest.SHA-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA224\n" + + "MessageDigest.SHA-256.alias.add = OID.2.16.840.1.101.3.4.2.1, 2.16.840.1.101.3.4.2.1, SHA2, SHA-2, SHA256\n" + + "Service.MessageDigest.SHA-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA256\n" + + "MessageDigest.SHA-384.alias.add = OID.2.16.840.1.101.3.4.2.2, 2.16.840.1.101.3.4.2.2, SHA3, SHA-3, SHA384\n" + + "Service.MessageDigest.SHA-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA384\n" + + "MessageDigest.SHA-512.alias.add = OID.2.16.840.1.101.3.4.2.3, 2.16.840.1.101.3.4.2.3, SHA5, SHA-5, SHA512\n" + + "Service.MessageDigest.SHA-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA512\n" + + "# SHA512-224\n" + + "MessageDigest.SHA-512/224.alias.add = SHA512/224, OID.2.16.840.1.101.3.4.2.5, 2.16.840.1.101.3.4.2.5\n" + + "Service.MessageDigest.SHA-512/224 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_224\n" + + "# SHA512-256\n" + + "MessageDigest.SHA-512/256.alias.add = SHA512/256, OID.2.16.840.1.101.3.4.2.6, 2.16.840.1.101.3.4.2.6\n" + + "Service.MessageDigest.SHA-512/256 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_256\n" + + "#SHA3 Hashes\n" + + "MessageDigest.SHA3-224.alias.add = SHA3-224, OID.2.16.840.1.101.3.4.2.7, 2.16.840.1.101.3.4.2.7\n" + + "Service.MessageDigest.SHA3-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_224\n" + + "MessageDigest.SHA3-256.alias.add = SHA3-256, OID.2.16.840.1.101.3.4.2.8, 2.16.840.1.101.3.4.2.8\n" + + "Service.MessageDigest.SHA3-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_256\n" + + "MessageDigest.SHA3-384.alias.add = SHA3-384, OID.2.16.840.1.101.3.4.2.9, 2.16.840.1.101.3.4.2.9\n" + + "Service.MessageDigest.SHA3-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_384\n" + + "MessageDigest.SHA3-512.alias.add = SHA3-512, OID.2.16.840.1.101.3.4.2.10, 2.16.840.1.101.3.4.2.10\n" + + "Service.MessageDigest.SHA3-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_512\n" + + "# =======================================================================\n" + + " # Secret key factories\n" + + " # =======================================================================\n" + + " #\n" + + "SecretKeyFactory.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1\n" + + "Service.SecretKeyFactory.AES = com.ibm.crypto.plus.provider.AESKeyFactory\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA224 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA224\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA256 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA256\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA384 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA384\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA512 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512\n" + + "# Not yet supported in FIPS mode - ChaCha20\n" + + "# =======================================================================\n" + + " # SecureRandom\n" + + " # =======================================================================\n" + + " #\n" + + "SecureRandom.SHA256DRBG.alias.add = HASHDRBG, SHA2DRBG\n" + + "SecureRandom.SHA256DRBG.attr.add.ThreadSafe = true\n" + + "Service.SecureRandom.SHA256DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA256DRBG\n" + + "SecureRandom.SHA512DRBG.alias.add = SHA5DRBG\n" + + "SecureRandom.SHA512DRBG.attr.add.ThreadSafe = true\n" + + "Service.SecureRandom.SHA512DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA512DRBG\n" + + "# =======================================================================\n" + + " # Signature engines\n" + + " # =======================================================================\n" + + " #\n" + + "Signature.NONEwithDSA.alias.add = DSAforSSL\n" + + "Service.Signature.NONEwithDSA = com.ibm.crypto.plus.provider.DSASignatureNONE\n" + + "Service.Signature.NONEwithRSA = com.ibm.crypto.plus.provider.RSASignatureNONE\n" + + "Service.Signature.RSAforSSL = com.ibm.crypto.plus.provider.RSASignatureSSL\n" + + "Signature.NONEwithECDSA.alias.add = ECDSAforSSL\n" + + "Service.Signature.NONEwithECDSA = com.ibm.crypto.plus.provider.DatawithECDSA\n" + + "Signature.SHA224withDSA.alias.add = OID.2.16.840.1.101.3.4.3.1, 2.16.840.1.101.3.4.3.1, SHA-224withDSA, SHA224/DSA, SHA-224/DSA\n" + + "Service.Signature.SHA224withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA224withDSA\n" + + "Signature.SHA256withDSA.alias.add = OID.2.16.840.1.101.3.4.3.2, 2.16.840.1.101.3.4.3.2, SHA2withDSA, SHA-2withDSA, SHA-256withDSA, SHA2/DSA, SHA-2/DSA, SHA-256/DSA\n" + + "Service.Signature.SHA256withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA256withDSA\n" + + "Signature.SHA224withECDSA.alias.add = OID.1.2.840.10045.4.3.1, 1.2.840.10045.4.3.1, SHA224/ECDSA, SHA-224/ECDSA\n" + + "Service.Signature.SHA224withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA224withECDSA\n" + + "Signature.SHA256withECDSA.alias.add = OID.1.2.840.10045.4.3.2, 1.2.840.10045.4.3.2, SHA2withECDSA, SHA2/ECDSA, SHA-256/ECDSA\n" + + "Service.Signature.SHA256withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA256withECDSA\n" + + "Signature.SHA384withECDSA.alias.add = OID.1.2.840.10045.4.3.3, 1.2.840.10045.4.3.3, SHA3withECDSA, SHA3/ECDSA, SHA-384/ECDSA\n" + + "Service.Signature.SHA384withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA384withECDSA\n" + + "Signature.SHA512withECDSA.alias.add = OID.1.2.840.10045.4.3.4, 1.2.840.10045.4.3.4, SHA5withECDSA, SHA5/ECDSA, SHA-512/ECDSA\n" + + "Service.Signature.SHA512withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA512withECDSA\n" + + "Signature.SHA1withRSA.alias.add = OID.1.2.840.113549.1.1.5, 1.2.840.113549.1.1.5, OID.1.3.14.3.2.29, 1.3.14.3.2.29, OID.1.3.14.3.2.26, 1.3.14.3.2.26, SHA-1withRSA, SHAwithRSA, SHA-1/RSA, SHA1/RSA, SHA/RSA, RSA\n" + + "Service.Signature.SHA1withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA1withRSA\n" + + "Signature.SHA224withRSA.alias.add = OID.1.2.840.113549.1.1.14, 1.2.840.113549.1.1.14, SHA-224/RSA, SHA224/RSA\n" + + "Service.Signature.SHA224withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA224withRSA\n" + + "Signature.SHA256withRSA.alias.add = OID.1.2.840.113549.1.1.11, 1.2.840.113549.1.1.11, SHA-256/RSA, SHA2withRSA, SHA2/RSA\n" + + "Service.Signature.SHA256withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA256withRSA\n" + + "Signature.SHA384withRSA.alias.add = OID.1.2.840.113549.1.1.12, 1.2.840.113549.1.1.12, SHA-384/RSA, SHA3withRSA, SHA3/RSA\n" + + "Service.Signature.SHA384withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA384withRSA\n" + + "Signature.SHA512withRSA.alias.add = OID.1.2.840.113549.1.1.13, 1.2.840.113549.1.1.13, SHA-512/RSA, SHA5withRSA, SHA5/RSA\n" + + "Service.Signature.SHA512withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA512withRSA\n" + + "Signature.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10\n" + + "Service.Signature.RSAPSS = com.ibm.crypto.plus.provider.RSAPSSSignature\n"; + + public DefaultFIPSProviderAttrs() { + } + + public static String getConfigString() { + String result = defaultFIPSProvAttrs; + String supportedPaddings = "OAEPPADDING" + + "|OAEPWITHSHA224ANDMGF1PADDING" + + "|OAEPWITHSHA-224ANDMGF1PADDING" + + "|OAEPWITHSHA256ANDMGF1PADDING" + + "|OAEPWITHSHA-256ANDMGF1PADDING" + + "|OAEPWITHSHA384ANDMGF1PADDING" + + "|OAEPWITHSHA-384ANDMGF1PADDING" + + "|OAEPWITHSHA512ANDMGF1PADDING" + + "|OAEPWITHSHA-512ANDMGF1PADDING" + + "|OAEPWITHSHA-512/224ANDMGF1PADDING" + + "|OAEPWITHSHA-512/256ANDMGF1PADDING"; + if (allowNonOAEPFIPS) { + supportedPaddings += "|OAEPWITHSHA1ANDMGF1PADDING" + + "|OAEPWITHSHA-1ANDMGF1PADDING" + + "|NOPADDING|PKCS1PADDING"; + } + result = result + "Cipher.RSA.attr.add.SupportedPaddings = " + supportedPaddings + "\n"; + return result; + } +} diff --git a/src/main/java/com/ibm/crypto/plus/provider/DefaultProviderAttrs.java b/src/main/java/com/ibm/crypto/plus/provider/DefaultProviderAttrs.java new file mode 100644 index 000000000..7fd925193 --- /dev/null +++ b/src/main/java/com/ibm/crypto/plus/provider/DefaultProviderAttrs.java @@ -0,0 +1,381 @@ +/* + * Copyright IBM Corp. 2026 + * + * This code is free software; you can redistribute it and/or modify it + * under the terms provided by IBM in the LICENSE file that accompanied + * this code, including the "Classpath" Exception described therein. + */ + +package com.ibm.crypto.plus.provider; + +class DefaultProviderAttrs { + static final boolean allowLegacyHKDF = Boolean.getBoolean("openjceplus.allowLegacyHKDF"); + static String defaultProvAttrs = "Service.AlgorithmParameters.AES = com.ibm.crypto.plus.provider.AESParameters\n" + + + "AlgorithmParameters.DESede.alias.add = TripleDES, 3DES\n" + + "Service.AlgorithmParameters.DESede = com.ibm.crypto.plus.provider.DESedeParameters\n" + + "AlgorithmParameters.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.AlgorithmParameters.DiffieHellman = com.ibm.crypto.plus.provider.DHParameters\n" + + "AlgorithmParameters.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12\n" + + "Service.AlgorithmParameters.DSA = com.ibm.crypto.plus.provider.DSAParameters\n" + + "AlgorithmParameters.EC.alias.add = EllipticCurve, OID.1.2.840.10045.2.1, 1.2.840.10045.2.1\n" + + "Service.AlgorithmParameters.EC = com.ibm.crypto.plus.provider.ECParameters\n" + + "AlgorithmParameters.GCM.alias.add = AESGCM\n" + + "Service.AlgorithmParameters.GCM = com.ibm.crypto.plus.provider.GCMParameters\n" + + "AlgorithmParameters.CCM.alias.add = AESCCM\n" + + "Service.AlgorithmParameters.CCM = com.ibm.crypto.plus.provider.CCMParameters\n" + + "Service.AlgorithmParameters.OAEP = com.ibm.crypto.plus.provider.OAEPParameters\n" + + + "Service.AlgorithmParameters.PBEWithHmacSHA1AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA1AndAES_128\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA1AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA1AndAES_256\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA224AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA224AndAES_128\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA224AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA224AndAES_256\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA256AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA256AndAES_128\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA256AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA256AndAES_256\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA384AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA384AndAES_128\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA384AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA384AndAES_256\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA512AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA512AndAES_128\n" + + "Service.AlgorithmParameters.PBEWithHmacSHA512AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA512AndAES_256\n" + + "Service.AlgorithmParameters.ChaCha20-Poly1305 = com.ibm.crypto.plus.provider.ChaCha20Poly1305Parameters\n" + + "Service.AlgorithmParameters.PBEWithSHA1AndDESede = com.ibm.crypto.plus.provider.PBEParameters\n" + + "Service.AlgorithmParameters.PBEWithSHA1AndRC2_40 = com.ibm.crypto.plus.provider.PBEParameters\n" + + "Service.AlgorithmParameters.PBEWithSHA1AndRC2_128 = com.ibm.crypto.plus.provider.PBEParameters\n" + + "Service.AlgorithmParameters.PBEWithSHA1AndRC4_40 = com.ibm.crypto.plus.provider.PBEParameters\n" + + "Service.AlgorithmParameters.PBEWithSHA1AndRC4_128 = com.ibm.crypto.plus.provider.PBEParameters\n" + + "# =======================================================================\n" + + " # Algorithm parameter generation engines\n" + + " # =======================================================================\n" + + " #\n" + + "AlgorithmParameterGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.AlgorithmParameterGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHParameterGenerator\n" + + "AlgorithmParameters.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS\n" + + "Service.AlgorithmParameters.RSAPSS = com.ibm.crypto.plus.provider.PSSParameters\n" + + "Service.AlgorithmParameterGenerator.DSA = com.ibm.crypto.plus.provider.DSAParameterGenerator\n" + + "Service.AlgorithmParameterGenerator.EC = com.ibm.crypto.plus.provider.ECParameterGenerator\n" + + "AlgorithmParameterGenerator.GCM.alias.add = AESGCM\n" + + "Service.AlgorithmParameterGenerator.GCM = com.ibm.crypto.plus.provider.GCMParameterGenerator\n" + + "AlgorithmParameterGenerator.CCM.alias.add = AESCCM\n" + + "Service.AlgorithmParameterGenerator.CCM = com.ibm.crypto.plus.provider.CCMParameterGenerator\n" + + "# =======================================================================\n" + + " # Cipher engines\n" + + " # =======================================================================\n" + + " #\n" + + "Service.Cipher.AES/GCM/NoPadding = com.ibm.crypto.plus.provider.AESGCMCipher\n" + + "Service.Cipher.AES/CCM/NoPadding = com.ibm.crypto.plus.provider.AESCCMCipher\n" + + "Service.Cipher.AES = com.ibm.crypto.plus.provider.AESCipher\n" + + "Cipher.AES/KW/NoPadding.alias.add = AESWrap\n" + + "Service.Cipher.AES/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW\n" + + "Cipher.AES/KWP/NoPadding.alias.add = AESWrapPad\n" + + "Service.Cipher.AES/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP\n" + + "Cipher.AES_128/KW/NoPadding.alias.add = AESWrap_128, 2.16.840.1.101.3.4.1.5, OID.2.16.840.1.101.3.4.1.5\n" + + "Service.Cipher.AES_128/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_128\n" + + "Cipher.AES_128/KWP/NoPadding.alias.add = AESWrapPad_128, 2.16.840.1.101.3.4.1.8, OID.2.16.840.1.101.3.4.1.8\n" + + "Service.Cipher.AES_128/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_128\n" + + "Cipher.AES_192/KW/NoPadding.alias.add = AESWrap_192, 2.16.840.1.101.3.4.1.25, OID.2.16.840.1.101.3.4.1.25\n" + + "Service.Cipher.AES_192/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_192\n" + + "Cipher.AES_192/KWP/NoPadding.alias.add = AESWrapPad_192, 2.16.840.1.101.3.4.1.28, OID.2.16.840.1.101.3.4.1.28\n" + + "Service.Cipher.AES_192/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_192\n" + + "Cipher.AES_256/KW/NoPadding.alias.add = AESWrap_256, 2.16.840.1.101.3.4.1.45, OID.2.16.840.1.101.3.4.1.45\n" + + "Service.Cipher.AES_256/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_256\n" + + "Cipher.AES_256/KWP/NoPadding.alias.add = AESWrapPad_256, 2.16.840.1.101.3.4.1.48, OID.2.16.840.1.101.3.4.1.48\n" + + "Service.Cipher.AES_256/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_256\n" + + "Cipher.DESede.alias.add = TripleDES, 3DES\n" + + "Service.Cipher.DESede = com.ibm.crypto.plus.provider.DESedeCipher\n" + + "Service.Cipher.RSA = com.ibm.crypto.plus.provider.RSA\n" + + "Service.Cipher.ChaCha20 = com.ibm.crypto.plus.provider.ChaCha20Cipher\n" + + "Service.Cipher.ChaCha20-Poly1305 = com.ibm.crypto.plus.provider.ChaCha20Poly1305Cipher\n" + + "Service.Cipher.PBEWithHmacSHA1AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA1AndAES_128\n" + + "Service.Cipher.PBEWithHmacSHA1AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA1AndAES_256\n" + + "Service.Cipher.PBEWithHmacSHA224AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA224AndAES_128\n" + + "Service.Cipher.PBEWithHmacSHA224AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA224AndAES_256\n" + + "Service.Cipher.PBEWithHmacSHA256AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA256AndAES_128\n" + + "Service.Cipher.PBEWithHmacSHA256AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA256AndAES_256\n" + + "Service.Cipher.PBEWithHmacSHA384AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA384AndAES_128\n" + + "Service.Cipher.PBEWithHmacSHA384AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA384AndAES_256\n" + + "Service.Cipher.PBEWithHmacSHA512AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA512AndAES_128\n" + + "Service.Cipher.PBEWithHmacSHA512AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA512AndAES_256\n" + + "Service.Cipher.PBEWithSHA1AndDESede = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndDESede\n" + + "Service.Cipher.PBEWithSHA1AndRC2_40 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC2_40\n" + + "Service.Cipher.PBEWithSHA1AndRC2_128 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC2_128\n" + + "Service.Cipher.PBEWithSHA1AndRC4_40 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC4_40\n" + + "Service.Cipher.PBEWithSHA1AndRC4_128 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC4_128\n" + + "# =======================================================================\n" + + " # Key agreement\n" + + " # =======================================================================\n" + + " #\n" + + "KeyAgreement.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.KeyAgreement.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyAgreement\n" + + "Service.KeyAgreement.ECDH = com.ibm.crypto.plus.provider.ECDHKeyAgreement\n" + + "Service.KeyAgreement.XDH = com.ibm.crypto.plus.provider.XDHKeyAgreement$XDH\n" + + "KeyAgreement.X25519.alias.add = OID.1.3.101.110, 1.3.101.110\n" + + "Service.KeyAgreement.X25519 = com.ibm.crypto.plus.provider.XDHKeyAgreement$X25519\n" + + "KeyAgreement.X448.alias.add = OID.1.3.101.111, 1.3.101.111\n" + + "Service.KeyAgreement.X448 = com.ibm.crypto.plus.provider.XDHKeyAgreement$X448\n" + + "# =======================================================================\n" + + " # Key factories\n" + + " # =======================================================================\n" + + " #\n" + + "KeyFactory.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.KeyFactory.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyFactory\n" + + "KeyFactory.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12, DSAKeyFactory\n" + + "Service.KeyFactory.DSA = com.ibm.crypto.plus.provider.DSAKeyFactory\n" + + "KeyFactory.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve\n" + + "Service.KeyFactory.EC = com.ibm.crypto.plus.provider.ECKeyFactory\n" + + "Service.KeyFactory.XDH = com.ibm.crypto.plus.provider.XDHKeyFactory$XDH\n" + + "KeyFactory.X25519.alias.add = OID.1.3.101.110, 1.3.101.110\n" + + "Service.KeyFactory.X25519 = com.ibm.crypto.plus.provider.XDHKeyFactory$X25519\n" + + "KeyFactory.X448.alias.add = OID.1.3.101.111, 1.3.101.111\n" + + "Service.KeyFactory.X448 = com.ibm.crypto.plus.provider.XDHKeyFactory$X448\n" + + "KeyFactory.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1.1, 1.2.840.113549.1.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1\n" + + "Service.KeyFactory.RSA = com.ibm.crypto.plus.provider.RSAKeyFactory$Legacy\n" + + "KeyFactory.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10\n" + + "Service.KeyFactory.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyFactory$PSS\n" + + "# =======================================================================\n" + + " # Key Generator engines\n" + + " # =======================================================================\n" + + " #\n" + + "KeyGenerator.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1\n" + + "Service.KeyGenerator.AES = com.ibm.crypto.plus.provider.AESKeyGenerator\n" + + "KeyGenerator.DESede.alias.add = TripleDES, 3DES\n" + + "Service.KeyGenerator.DESede = com.ibm.crypto.plus.provider.DESedeKeyGenerator\n" + + "KeyGenerator.HmacMD5.alias.add = HMACwithMD5\n" + + "Service.KeyGenerator.HmacMD5 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacMD5\n" + + "KeyGenerator.HmacSHA1.alias.add = OID.1.2.840.113549.2.7, 1.2.840.113549.2.7, HMACwithSHA1, HMACwithSHA-1, HmacSHA-1\n" + + "Service.KeyGenerator.HmacSHA1 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA1\n" + + "KeyGenerator.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224\n" + + "Service.KeyGenerator.HmacSHA224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA224\n" + + "KeyGenerator.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256\n" + + "Service.KeyGenerator.HmacSHA256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA256\n" + + "KeyGenerator.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384\n" + + "Service.KeyGenerator.HmacSHA384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA384\n" + + "KeyGenerator.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512\n" + + "Service.KeyGenerator.HmacSHA512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA512\n" + + "KeyGenerator.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224\n" + + "Service.KeyGenerator.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_224\n" + + "KeyGenerator.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256\n" + + "Service.KeyGenerator.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_256\n" + + "KeyGenerator.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384\n" + + "Service.KeyGenerator.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_384\n" + + "KeyGenerator.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512\n" + + "Service.KeyGenerator.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_512\n" + + + "KeyGenerator.SunTlsPrf.alias.add = TlsPrf\n" + + "Service.KeyGenerator.SunTlsPrf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V10\n" + + "KeyGenerator.SunTls12Prf.alias.add = Tls12Prf\n" + + "Service.KeyGenerator.SunTls12Prf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V12\n" + + "KeyGenerator.SunTlsRsaPremasterSecret.alias.add = TlsRsaPremasterSecret\n" + + "Service.KeyGenerator.SunTlsRsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator\n" + + "KeyGenerator.SunTls12RsaPremasterSecret.alias.add = Tls12RsaPremasterSecret\n" + + "Service.KeyGenerator.SunTls12RsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator\n" + + "KeyGenerator.SunTlsMasterSecret.alias.add = TlsMasterSecret, TlsExtendedMasterSecret, SunTlsExtendedMasterSecret\n" + + "Service.KeyGenerator.SunTlsMasterSecret = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator\n" + + "KeyGenerator.SunTls12MasterSecret.alias.add = Tls12MasterSecret\n" + + "Service.KeyGenerator.SunTls12MasterSecret = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator\n" + + "KeyGenerator.SunTlsKeyMaterial.alias.add = TlsKeyMaterial\n" + + "Service.KeyGenerator.SunTlsKeyMaterial = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator\n" + + "KeyGenerator.SunTls12KeyMaterial.alias.add = Tls12KeyMaterial\n" + + "Service.KeyGenerator.SunTls12KeyMaterial = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator\n" + + + "# Used for both ChaCha20 and ChaCha20-Poly1305 ciphers\n" + + "Service.KeyGenerator.ChaCha20 = com.ibm.crypto.plus.provider.ChaCha20KeyGenerator\n" + + "# =======================================================================\n" + + " # Keypair Generator engines\n" + + " # =======================================================================\n" + + " #\n" + + "KeyPairGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1\n" + + "Service.KeyPairGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyPairGenerator\n" + + "KeyPairGenerator.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12\n" + + "Service.KeyPairGenerator.DSA = com.ibm.crypto.plus.provider.DSAKeyPairGenerator\n" + + "KeyPairGenerator.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve\n" + + "Service.KeyPairGenerator.EC = com.ibm.crypto.plus.provider.ECKeyPairGenerator\n" + + "Service.KeyPairGenerator.XDH = com.ibm.crypto.plus.provider.XDHKeyPairGenerator$XDH\n" + + "KeyPairGenerator.X25519.alias.add = OID.1.3.101.110, 1.3.101.110\n" + + "Service.KeyPairGenerator.X25519 = com.ibm.crypto.plus.provider.XDHKeyPairGenerator$X25519\n" + + "KeyPairGenerator.X448.alias.add = OID.1.3.101.111, 1.3.101.111\n" + + "Service.KeyPairGenerator.X448 = com.ibm.crypto.plus.provider.XDHKeyPairGenerator$X448\n" + + "KeyPairGenerator.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1\n" + + "Service.KeyPairGenerator.RSA = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$Legacy\n" + + "KeyPairGenerator.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS\n" + + "Service.KeyPairGenerator.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$PSS\n" + + "# =======================================================================\n" + + " # Message authentication engines\n" + + " # =======================================================================\n" + + " #\n" + + "MAC.HmacMD5.alias.add = HMACwithMD5\n" + + "Service.MAC.HmacMD5 = com.ibm.crypto.plus.provider.HmacCore$HmacMD5\n" + + "MAC.HmacSHA1.alias.add = OID.1.2.840.113549.2.7, 1.2.840.113549.2.7, HMACwithSHA1, HMACwithSHA-1, HmacSHA-1\n" + + "Service.MAC.HmacSHA1 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA1\n" + + "MAC.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224\n" + + "Service.MAC.HmacSHA224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA224\n" + + "MAC.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256\n" + + "Service.MAC.HmacSHA256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA256\n" + + "MAC.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384\n" + + "Service.MAC.HmacSHA384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA384\n" + + "MAC.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512\n" + + "Service.MAC.HmacSHA512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA512\n" + + "MAC.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224\n" + + "Service.MAC.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_224\n" + + "MAC.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256\n" + + "Service.MAC.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_256\n" + + "MAC.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384\n" + + "Service.MAC.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_384\n" + + "MAC.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512\n" + + "Service.MAC.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_512\n" + + "# =======================================================================\n" + + "# HKDF Algorithms use key generator spis - OIDs are not finalized\n" + + "# Oracle does not go through provider. Directly calls HKDF. Not supported till\n" + + "# Next GSkit Crypto FIPS certification.\n" + + " # =======================================================================\n" + + " #\n" + + "KeyGenerator.kda-hkdf-with-sha1.alias.add = kda-hkdf-with-sha-1\n" + + "Service.KeyGenerator.kda-hkdf-with-sha1 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA1\n" + + "KeyGenerator.kda-hkdf-with-sha224.alias.add = kda-hkdf-with-sha-224\n" + + "Service.KeyGenerator.kda-hkdf-with-sha224 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA224\n" + + "KeyGenerator.kda-hkdf-with-sha256.alias.add = kda-hkdf-with-sha-256\n" + + "Service.KeyGenerator.kda-hkdf-with-sha256 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA256\n" + + "KeyGenerator.kda-hkdf-with-sha384.alias.add = kda-hkdf-with-sha-384\n" + + "Service.KeyGenerator.kda-hkdf-with-sha384 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA384\n" + + "KeyGenerator.kda-hkdf-with-sha512.alias.add = kda-hkdf-with-sha-512\n" + + "Service.KeyGenerator.kda-hkdf-with-sha512 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA512\n" + + "# =======================================================================\n" + + " # MessageDigest engines\n" + + " # =======================================================================\n" + + " #\n" + + "Service.MessageDigest.MD5 = com.ibm.crypto.plus.provider.MessageDigest$MD5\n" + + "MessageDigest.SHA-1.alias.add = SHA, SHA1, OID.1.3.14.3.2.26, 1.3.14.3.2.26\n" + + "Service.MessageDigest.SHA-1 = com.ibm.crypto.plus.provider.MessageDigest$SHA1\n" + + "MessageDigest.SHA-224.alias.add = OID.2.16.840.1.101.3.4.2.4, 2.16.840.1.101.3.4.2.4, SHA224\n" + + "Service.MessageDigest.SHA-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA224\n" + + "MessageDigest.SHA-256.alias.add = OID.2.16.840.1.101.3.4.2.1, 2.16.840.1.101.3.4.2.1, SHA2, SHA-2, SHA256\n" + + "Service.MessageDigest.SHA-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA256\n" + + "MessageDigest.SHA-384.alias.add = OID.2.16.840.1.101.3.4.2.2, 2.16.840.1.101.3.4.2.2, SHA3, SHA-3, SHA384\n" + + "Service.MessageDigest.SHA-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA384\n" + + "MessageDigest.SHA-512.alias.add = OID.2.16.840.1.101.3.4.2.3, 2.16.840.1.101.3.4.2.3, SHA5, SHA-5, SHA512\n" + + "Service.MessageDigest.SHA-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA512\n" + + "# SHA512-224\n" + + "MessageDigest.SHA-512/224.alias.add = SHA512/224, OID.2.16.840.1.101.3.4.2.5, 2.16.840.1.101.3.4.2.5\n" + + "Service.MessageDigest.SHA-512/224 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_224\n" + + "# SHA512-256\n" + + "MessageDigest.SHA-512/256.alias.add = SHA512/256, OID.2.16.840.1.101.3.4.2.6, 2.16.840.1.101.3.4.2.6\n" + + "Service.MessageDigest.SHA-512/256 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_256\n" + + "#SHA3 Hashes\n" + + "MessageDigest.SHA3-224.alias.add = SHA3-224, OID.2.16.840.1.101.3.4.2.7, 2.16.840.1.101.3.4.2.7\n" + + "Service.MessageDigest.SHA3-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_224\n" + + "MessageDigest.SHA3-256.alias.add = SHA3-256, OID.2.16.840.1.101.3.4.2.8, 2.16.840.1.101.3.4.2.8\n" + + "Service.MessageDigest.SHA3-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_256\n" + + "MessageDigest.SHA3-384.alias.add = SHA3-384, OID.2.16.840.1.101.3.4.2.9, 2.16.840.1.101.3.4.2.9\n" + + "Service.MessageDigest.SHA3-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_384\n" + + "MessageDigest.SHA3-512.alias.add = SHA3-512, OID.2.16.840.1.101.3.4.2.10, 2.16.840.1.101.3.4.2.10\n" + + "Service.MessageDigest.SHA3-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_512\n" + + "# =======================================================================\n" + + " # Secret key factories\n" + + " # =======================================================================\n" + + " #\n" + + "SecretKeyFactory.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1\n" + + "Service.SecretKeyFactory.AES = com.ibm.crypto.plus.provider.AESKeyFactory\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA1 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA1\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA224 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA224\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA256 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA256\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA384 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA384\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA512 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA512/224 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512_224\n" + + "Service.SecretKeyFactory.PBKDF2WithHmacSHA512/256 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512_256\n" + + "SecretKeyFactory.DESede.alias.add = TripleDES, 3DES\n" + + "Service.SecretKeyFactory.DESede = com.ibm.crypto.plus.provider.DESedeKeyFactory\n" + + "Service.SecretKeyFactory.ChaCha20 = com.ibm.crypto.plus.provider.ChaCha20KeyFactory\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA1AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA1AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA224AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA224AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA256AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA256AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA384AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA384AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA512AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128\n" + + "Service.SecretKeyFactory.PBEWithHmacSHA512AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256\n" + + "Service.SecretKeyFactory.PBEWithSHA1AndDESede = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndDESede\n" + + "Service.SecretKeyFactory.PBEWithSHA1AndRC2_40 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40\n" + + "Service.SecretKeyFactory.PBEWithSHA1AndRC2_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128\n" + + "Service.SecretKeyFactory.PBEWithSHA1AndRC4_40 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40\n" + + "Service.SecretKeyFactory.PBEWithSHA1AndRC4_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128\n" + + "# =======================================================================\n" + + " # SecureRandom\n" + + " # =======================================================================\n" + + " #\n" + + "SecureRandom.SHA256DRBG.alias.add = HASHDRBG, SHA2DRBG\n" + + "SecureRandom.SHA256DRBG.attr.add.ThreadSafe = true\n" + + "Service.SecureRandom.SHA256DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA256DRBG\n" + + "SecureRandom.SHA512DRBG.alias.add = SHA5DRBG\n" + + "SecureRandom.SHA512DRBG.attr.add.ThreadSafe = true\n" + + "Service.SecureRandom.SHA512DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA512DRBG\n" + + "# =======================================================================\n" + + " # Signature engines\n" + + " # =======================================================================\n" + + " #\n" + + "Signature.NONEwithDSA.alias.add = DSAforSSL\n" + + "Service.Signature.NONEwithDSA = com.ibm.crypto.plus.provider.DSASignatureNONE\n" + + "Service.Signature.NONEwithRSA = com.ibm.crypto.plus.provider.RSASignatureNONE\n" + + "Service.Signature.RSAforSSL = com.ibm.crypto.plus.provider.RSASignatureSSL\n" + + "Signature.NONEwithECDSA.alias.add = ECDSAforSSL\n" + + "Service.Signature.NONEwithECDSA = com.ibm.crypto.plus.provider.DatawithECDSA\n" + + "Signature.SHA1withDSA.alias.add = DSA, OID.1.2.840.10040.4.3, 1.2.840.10040.4.3, OID.1.3.14.3.2.13, 1.3.14.3.2.13, OID.1.3.14.3.2.27, 1.3.14.3.2.27, SHA-1withDSA, SHA-1/DSA, SHA1/DSA, SHA/DSA, DSS, SHAwithDSA, DSAWithSHA1\n" + + "Service.Signature.SHA1withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA1withDSA\n" + + "Signature.SHA224withDSA.alias.add = OID.2.16.840.1.101.3.4.3.1, 2.16.840.1.101.3.4.3.1, SHA-224withDSA, SHA224/DSA, SHA-224/DSA\n" + + "Service.Signature.SHA224withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA224withDSA\n" + + "Signature.SHA256withDSA.alias.add = OID.2.16.840.1.101.3.4.3.2, 2.16.840.1.101.3.4.3.2, SHA2withDSA, SHA-2withDSA, SHA-256withDSA, SHA2/DSA, SHA-2/DSA, SHA-256/DSA\n" + + "Service.Signature.SHA256withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA256withDSA\n" + + "Signature.SHA3-224withDSA.alias.add = OID.2.16.840.1.101.3.4.3.5, 2.16.840.1.101.3.4.3.5, SHA3-224withDSA, SHA3-224/DSA\n" + + "Service.Signature.SHA3-224withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_224withDSA\n" + + "Signature.SHA3-256withDSA.alias.add = OID.2.16.840.1.101.3.4.3.6, 2.16.840.1.101.3.4.3.6, SHA3-256withDSA, SHA3-256/DSA\n" + + "Service.Signature.SHA3-256withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_256withDSA\n" + + "Signature.SHA3-384withDSA.alias.add = OID.2.16.840.1.101.3.4.3.7, 2.16.840.1.101.3.4.3.7, SHA3-384withDSA, SHA3-384/DSA\n" + + "Service.Signature.SHA3-384withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_384withDSA\n" + + "Signature.SHA3-512withDSA.alias.add = OID.2.16.840.1.101.3.4.3.8, 2.16.840.1.101.3.4.3.8, SHA3-512withDSA, SHA3-512/DSA\n" + + "Service.Signature.SHA3-512withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_512withDSA\n" + + "Signature.SHA1withECDSA.alias.add = OID.1.2.840.10045.4.1, 1.2.840.10045.4.1, SHAwithECDSA, SHA-1withECDSA, SHA/ECDSA, SHA-1/ECDSA\n" + + "Service.Signature.SHA1withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA1withECDSA\n" + + "Signature.SHA224withECDSA.alias.add = OID.1.2.840.10045.4.3.1, 1.2.840.10045.4.3.1, SHA224/ECDSA, SHA-224/ECDSA\n" + + "Service.Signature.SHA224withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA224withECDSA\n" + + "Signature.SHA256withECDSA.alias.add = OID.1.2.840.10045.4.3.2, 1.2.840.10045.4.3.2, SHA2withECDSA, SHA2/ECDSA, SHA-256/ECDSA\n" + + "Service.Signature.SHA256withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA256withECDSA\n" + + "Signature.SHA384withECDSA.alias.add = OID.1.2.840.10045.4.3.3, 1.2.840.10045.4.3.3, SHA3withECDSA, SHA3/ECDSA, SHA-384/ECDSA\n" + + "Service.Signature.SHA384withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA384withECDSA\n" + + "Signature.SHA512withECDSA.alias.add = OID.1.2.840.10045.4.3.4, 1.2.840.10045.4.3.4, SHA5withECDSA, SHA5/ECDSA, SHA-512/ECDSA\n" + + "Service.Signature.SHA512withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA512withECDSA\n" + + "Signature.SHA3-224withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.9, 2.16.840.1.101.3.4.3.9, SHA3-224withECDSA, SHA3-224/ECDSA\n" + + "Service.Signature.SHA3-224withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_224withECDSA\n" + + "Signature.SHA3-256withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.10, 2.16.840.1.101.3.4.3.10, SHA3-256withECDSA, SHA3-256/ECDSA\n" + + "Service.Signature.SHA3-256withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_256withECDSA\n" + + "Signature.SHA3-384withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.11, 2.16.840.1.101.3.4.3.11, SHA3-384withECDSA, SHA3-384/ECDSA\n" + + "Service.Signature.SHA3-384withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_384withECDSA\n" + + "Signature.SHA3-512withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.12, 2.16.840.1.101.3.4.3.12, SHA3-512withECDSA, SHA3-512/ECDSA\n" + + "Service.Signature.SHA3-512withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_512withECDSA\n" + + "Signature.SHA1withRSA.alias.add = OID.1.2.840.113549.1.1.5, 1.2.840.113549.1.1.5, OID.1.3.14.3.2.29, 1.3.14.3.2.29, OID.1.3.14.3.2.26, 1.3.14.3.2.26, SHA-1withRSA, SHAwithRSA, SHA-1/RSA, SHA1/RSA, SHA/RSA, RSA\n" + + "Service.Signature.SHA1withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA1withRSA\n" + + "Signature.SHA224withRSA.alias.add = OID.1.2.840.113549.1.1.14, 1.2.840.113549.1.1.14, SHA-224/RSA, SHA224/RSA\n" + + "Service.Signature.SHA224withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA224withRSA\n" + + "Signature.SHA256withRSA.alias.add = OID.1.2.840.113549.1.1.11, 1.2.840.113549.1.1.11, SHA-256/RSA, SHA2withRSA, SHA2/RSA\n" + + "Service.Signature.SHA256withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA256withRSA\n" + + "Signature.SHA384withRSA.alias.add = OID.1.2.840.113549.1.1.12, 1.2.840.113549.1.1.12, SHA-384/RSA, SHA3withRSA, SHA3/RSA\n" + + "Service.Signature.SHA384withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA384withRSA\n" + + "Signature.SHA512withRSA.alias.add = OID.1.2.840.113549.1.1.13, 1.2.840.113549.1.1.13, SHA-512/RSA, SHA5withRSA, SHA5/RSA\n" + + "Service.Signature.SHA512withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA512withRSA\n" + + "Signature.SHA3-224withRSA.alias.add = OID.2.16.840.1.101.3.4.3.13, 2.16.840.1.101.3.4.3.13, SHA3-224/RSA, SHA3-224withRSA\n" + + "Service.Signature.SHA3-224withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_224withRSA\n" + + "Signature.SHA3-256withRSA.alias.add = OID.2.16.840.1.101.3.4.3.14, 2.16.840.1.101.3.4.3.14, SHA3-256/RSA, SHA3-256withRSA\n" + + "Service.Signature.SHA3-256withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_256withRSA\n" + + "Signature.SHA3-384withRSA.alias.add = OID.2.16.840.1.101.3.4.3.15, 2.16.840.1.101.3.4.3.15, SHA3-384/RSA, SHA3-384withRSA\n" + + "Service.Signature.SHA3-384withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_384withRSA\n" + + "Signature.SHA3-512withRSA.alias.add = OID.2.16.840.1.101.3.4.3.16, 2.16.840.1.101.3.4.3.16, SHA3-512/RSA, SHA3-512withRSA\n" + + "Service.Signature.SHA3-512withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_512withRSA\n" + + "Signature.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10\n" + + "Service.Signature.RSAPSS = com.ibm.crypto.plus.provider.RSAPSSSignature\n"; + + public DefaultProviderAttrs() { + } + + public static String getConfigString() { + String result = defaultProvAttrs; + return result; + } +} diff --git a/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlus.java b/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlus.java index 864abe60a..09ea70554 100644 --- a/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlus.java +++ b/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlus.java @@ -9,11 +9,13 @@ package com.ibm.crypto.plus.provider; import com.ibm.crypto.plus.provider.ock.NativeOCKAdapterNonFIPS; +import java.io.BufferedReader; +import java.io.IOException; +import java.security.InvalidParameterException; import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.ProviderException; -import java.util.HashMap; -import java.util.Map; +import java.util.List; @SuppressWarnings({"removal", "deprecation"}) public final class OpenJCEPlus extends OpenJCEPlusProvider { @@ -67,7 +69,6 @@ public final class OpenJCEPlus extends OpenJCEPlusProvider { private static volatile OpenJCEPlus instance; private static boolean ockInitialized = false; - private static Map attrs; @SuppressWarnings({"unchecked", "rawtypes"}) public OpenJCEPlus() { @@ -77,10 +78,8 @@ public OpenJCEPlus() { debug.println("New OpenJCEPlus instance"); } - final OpenJCEPlusProvider jce = this; - - registerAlgorithms(jce); - + LoadStringConfig(this, DefaultProviderAttrs.getConfigString()); + if (instance == null) { instance = this; } @@ -95,915 +94,86 @@ public OpenJCEPlus() { t.printStackTrace(System.out); } } - } - - private void registerAlgorithms(Provider jce) { - - String[] aliases = null; - /* ======================================================================= - * Algorithm Parameter engines - * ======================================================================= - */ - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "AES", - "com.ibm.crypto.plus.provider.AESParameters", aliases)); - - aliases = new String[] {"TripleDES", "3DES"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "DESede", - "com.ibm.crypto.plus.provider.DESedeParameters", aliases)); - - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHParameters", aliases)); - - aliases = new String[] {"OID.1.2.840.10040.4.1", "1.2.840.10040.4.1", "OID.1.3.14.3.2.12", - "1.3.14.3.2.12"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "DSA", - "com.ibm.crypto.plus.provider.DSAParameters", aliases)); - - aliases = new String[] {"EllipticCurve", "OID.1.2.840.10045.2.1", "1.2.840.10045.2.1"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "EC", - "com.ibm.crypto.plus.provider.ECParameters", aliases)); - - aliases = new String[] {"AESGCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "GCM", - "com.ibm.crypto.plus.provider.GCMParameters", aliases)); - - aliases = new String[] {"AESCCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "CCM", - "com.ibm.crypto.plus.provider.CCMParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "OAEP", - "com.ibm.crypto.plus.provider.OAEPParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA1AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA1AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA1AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA1AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA224AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA224AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA224AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA224AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA256AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA256AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA256AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA256AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA384AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA384AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA384AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA384AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA512AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA512AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithHmacSHA512AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA512AndAES_256", aliases)); - - /*aliases = null; - putService(new OpenJCEPlusService(jce, - "AlgorithmParameters", - "ChaCha20", - "com.ibm.crypto.plus.provider.ChaCha20Parameters", - aliases)); */ - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "ChaCha20-Poly1305", - "com.ibm.crypto.plus.provider.ChaCha20Poly1305Parameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithSHA1AndDESede", - "com.ibm.crypto.plus.provider.PBEParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithSHA1AndRC2_40", - "com.ibm.crypto.plus.provider.PBEParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithSHA1AndRC2_128", - "com.ibm.crypto.plus.provider.PBEParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithSHA1AndRC4_40", - "com.ibm.crypto.plus.provider.PBEParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "PBEWithSHA1AndRC4_128", - "com.ibm.crypto.plus.provider.PBEParameters", aliases)); - - /* ======================================================================= - * Algorithm parameter generation engines - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHParameterGenerator", aliases)); - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "RSAPSS", - "com.ibm.crypto.plus.provider.PSSParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "DSA", - "com.ibm.crypto.plus.provider.DSAParameterGenerator", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "EC", - "com.ibm.crypto.plus.provider.ECParameterGenerator", aliases)); - - aliases = new String[] {"AESGCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "GCM", - "com.ibm.crypto.plus.provider.GCMParameterGenerator", aliases)); - - aliases = new String[] {"AESCCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "CCM", - "com.ibm.crypto.plus.provider.CCMParameterGenerator", aliases)); - - /* ======================================================================= - * Cipher engines - * ======================================================================= - */ - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/GCM/NoPadding", - "com.ibm.crypto.plus.provider.AESGCMCipher", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/CCM/NoPadding", - "com.ibm.crypto.plus.provider.AESCCMCipher", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "AES", - "com.ibm.crypto.plus.provider.AESCipher", aliases)); - - aliases = new String[] {"AESWrap"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW", aliases)); - - aliases = new String[] {"AESWrapPad"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP", aliases)); - - aliases = new String[] {"AESWrap_128", - "2.16.840.1.101.3.4.1.5", - "OID.2.16.840.1.101.3.4.1.5"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_128/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_128", aliases)); - - aliases = new String[] {"AESWrapPad_128", - "2.16.840.1.101.3.4.1.8", - "OID.2.16.840.1.101.3.4.1.8"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_128/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_128", aliases)); - - aliases = new String[] {"AESWrap_192", - "2.16.840.1.101.3.4.1.25", - "OID.2.16.840.1.101.3.4.1.25"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_192/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_192", aliases)); - - aliases = new String[] {"AESWrapPad_192", - "2.16.840.1.101.3.4.1.28", - "OID.2.16.840.1.101.3.4.1.28"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_192/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_192", aliases)); - - aliases = new String[] {"AESWrap_256", - "2.16.840.1.101.3.4.1.45", - "OID.2.16.840.1.101.3.4.1.45"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_256/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_256", aliases)); - - aliases = new String[] {"AESWrapPad_256", - "2.16.840.1.101.3.4.1.48", - "OID.2.16.840.1.101.3.4.1.48"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_256/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_256", aliases)); - - aliases = new String[] {"TripleDES", "3DES"}; - putService(new OpenJCEPlusService(jce, "Cipher", "DESede", - "com.ibm.crypto.plus.provider.DESedeCipher", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "RSA", "com.ibm.crypto.plus.provider.RSA", - aliases)); - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "ChaCha20", - "com.ibm.crypto.plus.provider.ChaCha20Cipher", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "ChaCha20-Poly1305", - "com.ibm.crypto.plus.provider.ChaCha20Poly1305Cipher", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA1AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA1AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA1AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA1AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA224AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA224AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA224AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA224AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA256AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA256AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA256AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA256AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA384AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA384AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA384AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA384AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA512AndAES_128", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA512AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithHmacSHA512AndAES_256", - "com.ibm.crypto.plus.provider.PBES2Core$HmacSHA512AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithSHA1AndDESede", - "com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndDESede", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithSHA1AndRC2_40", - "com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC2_40", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithSHA1AndRC2_128", - "com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC2_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithSHA1AndRC4_40", - "com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC4_40", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "PBEWithSHA1AndRC4_128", - "com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC4_128", aliases)); - - /* ======================================================================= - * Key agreement - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "KeyAgreement", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHKeyAgreement", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "KeyAgreement", "ECDH", - "com.ibm.crypto.plus.provider.ECDHKeyAgreement", aliases)); - - putService(new OpenJCEPlusService(jce, "KeyAgreement", "XDH", - "com.ibm.crypto.plus.provider.XDHKeyAgreement$XDH", null)); - - aliases = new String[] {"OID.1.3.101.110", "1.3.101.110"}; - putService(new OpenJCEPlusService(jce, "KeyAgreement", "X25519", - "com.ibm.crypto.plus.provider.XDHKeyAgreement$X25519", aliases)); - - aliases = new String[] {"OID.1.3.101.111", "1.3.101.111"}; - putService(new OpenJCEPlusService(jce, "KeyAgreement", "X448", - "com.ibm.crypto.plus.provider.XDHKeyAgreement$X448", aliases)); - - /* ======================================================================= - * Key factories - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHKeyFactory", aliases)); - - aliases = new String[] {"OID.1.2.840.10040.4.1", "1.2.840.10040.4.1", "OID.1.3.14.3.2.12", - "1.3.14.3.2.12", "DSAKeyFactory"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "DSA", - "com.ibm.crypto.plus.provider.DSAKeyFactory", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.2.1", "1.2.840.10045.2.1", "EllipticCurve"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "EC", - "com.ibm.crypto.plus.provider.ECKeyFactory", aliases)); - - putService(new OpenJCEPlusService(jce, "KeyFactory", "XDH", - "com.ibm.crypto.plus.provider.XDHKeyFactory$XDH", null)); - - aliases = new String[] {"OID.1.3.101.110", "1.3.101.110"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "X25519", - "com.ibm.crypto.plus.provider.XDHKeyFactory$X25519", aliases)); - - aliases = new String[] {"OID.1.3.101.111", "1.3.101.111"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "X448", - "com.ibm.crypto.plus.provider.XDHKeyFactory$X448", aliases)); - - aliases = new String[] {"OID.1.2.5.8.1.1", "1.2.5.8.1.1", "OID.1.2.840.113549.1.1.1", - "1.2.840.113549.1.1.1", "OID.1.2.840.113549.1.1", "1.2.840.113549.1.1"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "RSA", - "com.ibm.crypto.plus.provider.RSAKeyFactory$Legacy", aliases)); - - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS", "OID.1.2.840.113549.1.1.10", - "1.2.840.113549.1.1.10"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "RSAPSS", - "com.ibm.crypto.plus.provider.RSAKeyFactory$PSS", aliases)); - - /* ======================================================================= - * Key Generator engines - * ======================================================================= - */ - aliases = new String[] {"2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "AES", - "com.ibm.crypto.plus.provider.AESKeyGenerator", aliases)); - - aliases = new String[] {"TripleDES", "3DES"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "DESede", - "com.ibm.crypto.plus.provider.DESedeKeyGenerator", aliases)); - - aliases = new String[] {"HMACwithMD5"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacMD5", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacMD5", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.7", "1.2.840.113549.2.7", "HMACwithSHA1", - "HMACwithSHA-1", "HmacSHA-1"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA1", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA1", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.8", "1.2.840.113549.2.8", "HMACwithSHA224", - "HMACwithSHA-224", "HmacSHA-224"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA224", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA224", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.9", "1.2.840.113549.2.9", "HMACwithSHA256", - "HMACwithSHA-256", "HmacSHA-256"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA256", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA256", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.10", "1.2.840.113549.2.10", "HMACwithSHA384", - "HMACwithSHA-384", "HmacSHA-384"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA384", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA384", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.11", "1.2.840.113549.2.11", "HMACwithSHA512", - "HMACwithSHA-512", "HmacSHA-512"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA512", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA512", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.13", "2.16.840.1.101.3.4.2.13", - "HMACwithSHA3-224", "HmacSHA3-224"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-224", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_224", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.14", "2.16.840.1.101.3.4.2.14", - "HMACwithSHA3-256", "HmacSHA3-256"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-256", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_256", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.15", "2.16.840.1.101.3.4.2.15", - "HMACwithSHA3-384", "HmacSHA3-384"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-384", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_384", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.16", "2.16.840.1.101.3.4.2.16", - "HMACwithSHA3-512", "HmacSHA3-512"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-512", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_512", aliases)); - - aliases = new String[] {"TlsPrf"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsPrf", - "com.ibm.crypto.plus.provider.TlsPrfGenerator$V10", aliases)); - - aliases = new String[] {"Tls12Prf"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12Prf", - "com.ibm.crypto.plus.provider.TlsPrfGenerator$V12", aliases)); - - aliases = new String[] {"TlsRsaPremasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsRsaPremasterSecret", - "com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator", aliases)); - - aliases = new String[] {"Tls12RsaPremasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12RsaPremasterSecret", - "com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator", aliases)); - - aliases = new String[] {"TlsMasterSecret", "TlsExtendedMasterSecret", - "SunTlsExtendedMasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsMasterSecret", - "com.ibm.crypto.plus.provider.TlsMasterSecretGenerator", aliases)); - - aliases = new String[] {"Tls12MasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12MasterSecret", - "com.ibm.crypto.plus.provider.TlsMasterSecretGenerator", aliases)); - - aliases = new String[] {"TlsKeyMaterial"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsKeyMaterial", - "com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator", aliases)); - - aliases = new String[] {"Tls12KeyMaterial"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12KeyMaterial", - "com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator", aliases)); - - // Used for both ChaCha20 and ChaCha20-Poly1305 ciphers - aliases = null; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "ChaCha20", - "com.ibm.crypto.plus.provider.ChaCha20KeyGenerator", aliases)); - - /* ======================================================================= - * Keypair Generator engines - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHKeyPairGenerator", aliases)); - - aliases = new String[] {"OID.1.2.840.10040.4.1", "1.2.840.10040.4.1", "OID.1.3.14.3.2.12", - "1.3.14.3.2.12"}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "DSA", - "com.ibm.crypto.plus.provider.DSAKeyPairGenerator", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.2.1", "1.2.840.10045.2.1", "EllipticCurve"}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "EC", - "com.ibm.crypto.plus.provider.ECKeyPairGenerator", aliases)); - - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "XDH", - "com.ibm.crypto.plus.provider.XDHKeyPairGenerator$XDH", null)); - - aliases = new String[] {"OID.1.3.101.110", "1.3.101.110"}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "X25519", - "com.ibm.crypto.plus.provider.XDHKeyPairGenerator$X25519", aliases)); - - aliases = new String[] {"OID.1.3.101.111", "1.3.101.111"}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "X448", - "com.ibm.crypto.plus.provider.XDHKeyPairGenerator$X448", aliases)); - - aliases = new String[] {"OID.1.2.5.8.1.1", "1.2.5.8.1.1", "OID.1.2.840.113549.1.1", - "1.2.840.113549.1.1"}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "RSA", - "com.ibm.crypto.plus.provider.RSAKeyPairGenerator$Legacy", aliases)); - - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS"}; - - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "RSAPSS", - "com.ibm.crypto.plus.provider.RSAKeyPairGenerator$PSS", aliases)); - - /* ======================================================================= - * Message authentication engines - * ======================================================================= - */ - - aliases = new String[] {"HMACwithMD5"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacMD5", - "com.ibm.crypto.plus.provider.HmacCore$HmacMD5", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.7", "1.2.840.113549.2.7", "HMACwithSHA1", - "HMACwithSHA-1", "HmacSHA-1"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA1", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA1", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.8", "1.2.840.113549.2.8", "HMACwithSHA224", - "HMACwithSHA-224", "HmacSHA-224"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA224", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA224", aliases)); - - aliases = new String[] { - - "OID.1.2.840.113549.2.9", "1.2.840.113549.2.9", "HMACwithSHA256", // Added per tag [IBM-ALIASES]/ in DesignNotes.txt - "HMACwithSHA-256", "HmacSHA-256"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA256", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA256", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.10", "1.2.840.113549.2.10", "HMACwithSHA384", // Added per tag [IBM-ALIASES] in DesignNotes.txt - "HMACwithSHA-384", "HmacSHA-384"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA384", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA384", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.11", "1.2.840.113549.2.11", "HMACwithSHA512", - "HMACwithSHA-512", "HmacSHA-512"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA512", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA512", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.13", "2.16.840.1.101.3.4.2.13", - "HMACwithSHA3-224", "HmacSHA3-224"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-224", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_224", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.14", "2.16.840.1.101.3.4.2.14", - "HMACwithSHA3-256", "HmacSHA3-256"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-256", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_256", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.15", "2.16.840.1.101.3.4.2.15", - "HMACwithSHA3-384", "HmacSHA3-384"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-384", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_384", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.16", "2.16.840.1.101.3.4.2.16", - "HMACwithSHA3-512", "HmacSHA3-512"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-512", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_512", aliases)); - - /* ======================================================================= - * HKDF Algorithms - OIDs are not finalized - - * Oracle does not go through provider. Directly calls HKDF. - * ======================================================================= - */ - aliases = new String[] {"kda-hkdf-with-sha-1"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha1", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA1", aliases)); - - aliases = new String[] {"kda-hkdf-with-sha-224"};; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha224", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA224", aliases)); - - aliases = new String[] {"kda-hkdf-with-sha-256"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha256", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA256", aliases)); - aliases = new String[] {"kda-hkdf-with-sha-384"};; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha384", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA384", aliases)); - aliases = new String[] {"kda-hkdf-with-sha-512"};; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha512", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA512", aliases)); - - /* ======================================================================= - * MessageDigest engines - * ======================================================================= - */ - aliases = null; - putService(new OpenJCEPlusService(jce, "MessageDigest", "MD5", - "com.ibm.crypto.plus.provider.MessageDigest$MD5", aliases)); - - aliases = new String[] {"SHA", "SHA1", "OID.1.3.14.3.2.26", "1.3.14.3.2.26"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-1", - "com.ibm.crypto.plus.provider.MessageDigest$SHA1", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.4", "2.16.840.1.101.3.4.2.4", "SHA224"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-224", - "com.ibm.crypto.plus.provider.MessageDigest$SHA224", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.1", "2.16.840.1.101.3.4.2.1", "SHA2", - "SHA-2", "SHA256"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-256", - "com.ibm.crypto.plus.provider.MessageDigest$SHA256", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.2", "2.16.840.1.101.3.4.2.2", "SHA3", - "SHA-3", "SHA384"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-384", - "com.ibm.crypto.plus.provider.MessageDigest$SHA384", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.3", "2.16.840.1.101.3.4.2.3", "SHA5", - "SHA-5", "SHA512"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-512", - "com.ibm.crypto.plus.provider.MessageDigest$SHA512", aliases)); - - // SHA512-224 - aliases = new String[] {"SHA512/224", "OID.2.16.840.1.101.3.4.2.5", - "2.16.840.1.101.3.4.2.5", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-512/224", - "com.ibm.crypto.plus.provider.MessageDigest$SHA512_224", aliases)); - - // SHA512-256 - aliases = new String[] {"SHA512/256", "OID.2.16.840.1.101.3.4.2.6", - "2.16.840.1.101.3.4.2.6", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-512/256", - "com.ibm.crypto.plus.provider.MessageDigest$SHA512_256", aliases)); - - //SHA3 Hashes - - aliases = new String[] {"SHA3-224", "OID.2.16.840.1.101.3.4.2.7", - "2.16.840.1.101.3.4.2.7", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-224", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_224", aliases)); - aliases = new String[] {"SHA3-256", "OID.2.16.840.1.101.3.4.2.8", - "2.16.840.1.101.3.4.2.8", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-256", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_256", aliases)); - aliases = new String[] {"SHA3-384", "OID.2.16.840.1.101.3.4.2.9", - "2.16.840.1.101.3.4.2.9", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-384", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_384", aliases)); - aliases = new String[] {"SHA3-512", "OID.2.16.840.1.101.3.4.2.10", - "2.16.840.1.101.3.4.2.10", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-512", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_512", aliases)); - - /* ======================================================================= - * Secret key factories - * ======================================================================= - */ - aliases = new String[] {"2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"}; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "AES", - "com.ibm.crypto.plus.provider.AESKeyFactory", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA1", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA1", - aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA224", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA224", - aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA256", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA256", - aliases)); - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA384", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA384", - aliases)); - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA512", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512", - aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA512/224", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512_224", - aliases)); - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA512/256", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512_256", - aliases)); - - aliases = new String[] {"TripleDES", "3DES"}; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "DESede", - "com.ibm.crypto.plus.provider.DESedeKeyFactory", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "ChaCha20", - "com.ibm.crypto.plus.provider.ChaCha20KeyFactory", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256", aliases)); + } - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128", aliases)); + @Override + public Provider configure(String configFile) throws InvalidParameterException { + try { + ProviderServiceReader newConfig = new ProviderServiceReader(configFile); + List services = newConfig.readServices(); + String name = newConfig.getName(); - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256", aliases)); + if (debug != null) { + debug.println("Provider Name - " + newConfig.getName()); + debug.println("Provider Description - " + newConfig.getDesc()); + } - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128", aliases)); + if (null == name || name.equals("null") || name.length() == 0) { + new InvalidParameterException("Name in configuation file is null or empty"); + } - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256", aliases)); + return new OpenJCEPlus(newConfig, services); + } catch (IOException e) { + throw new InvalidParameterException("Error configuring OpenJCEPlus provider - " + e.getMessage()); + } + } - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128", aliases)); + public Provider configure(BufferedReader br) throws InvalidParameterException { + try { + ProviderServiceReader newConfig = new ProviderServiceReader(br); + List services = newConfig.readServices(); + String name = newConfig.getName(); - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256", aliases)); + if (debug != null) { + debug.println("Provider Name - " + newConfig.getName()); + debug.println("Provider Description - " + newConfig.getDesc()); + } - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithSHA1AndDESede", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndDESede", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithSHA1AndRC2_40", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", aliases)); + if (null == name || name.equals("null") || name.length() == 0) { + throw new InvalidParameterException("Name in configuation file is null or empty"); + } - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithSHA1AndRC2_128", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", aliases)); + return new OpenJCEPlus(newConfig, services); + } catch (IOException e) { + throw new InvalidParameterException("Error configuring OpenJCEPlus provider - " + e.getMessage()); + } + } - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithSHA1AndRC4_40", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", aliases)); + public OpenJCEPlus(ProviderServiceReader config, List services) { + super("OpenJCEPlus-" + config.getName(), config.getDesc()); - aliases = null; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "PBEWithSHA1AndRC4_128", - "com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", aliases)); + if (instance == null) { + instance = this; + } - /* ======================================================================= - * SecureRandom - * ======================================================================= - */ - Map attrsSecureRandom = new HashMap<>(); - attrsSecureRandom.put("ThreadSafe", "true"); - aliases = new String[] {"HASHDRBG", "SHA2DRBG"}; - putService(new OpenJCEPlusService(jce, "SecureRandom", "SHA256DRBG", - "com.ibm.crypto.plus.provider.HASHDRBG$SHA256DRBG", aliases, attrsSecureRandom)); - - aliases = new String[] {"SHA5DRBG"}; - putService(new OpenJCEPlusService(jce, "SecureRandom", "SHA512DRBG", - "com.ibm.crypto.plus.provider.HASHDRBG$SHA512DRBG", aliases, attrsSecureRandom)); - - /* ======================================================================= - * Signature engines - * ======================================================================= - */ - aliases = new String[] {"DSAforSSL"}; - putService(new OpenJCEPlusService(jce, "Signature", "NONEwithDSA", - "com.ibm.crypto.plus.provider.DSASignatureNONE", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Signature", "NONEwithRSA", - "com.ibm.crypto.plus.provider.RSASignatureNONE", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Signature", "RSAforSSL", - "com.ibm.crypto.plus.provider.RSASignatureSSL", aliases)); - - aliases = new String[] {"ECDSAforSSL"}; - - putService(new OpenJCEPlusService(jce, "Signature", "NONEwithECDSA", - "com.ibm.crypto.plus.provider.DatawithECDSA", aliases)); - - aliases = new String[] {"DSA", "OID.1.2.840.10040.4.3", "1.2.840.10040.4.3", - "OID.1.3.14.3.2.13", "1.3.14.3.2.13", "OID.1.3.14.3.2.27", "1.3.14.3.2.27", - "SHA-1withDSA", "SHA-1/DSA", "SHA1/DSA", "SHA/DSA", "DSS", "SHAwithDSA", - "DSAWithSHA1"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA1withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA1withDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.1", "2.16.840.1.101.3.4.3.1", - "SHA-224withDSA", "SHA224/DSA", "SHA-224/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA224withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA224withDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.2", "2.16.840.1.101.3.4.3.2", - "SHA2withDSA", // Added per tag IBM-ALIASES] in DesignNotes.txt - "SHA-2withDSA", "SHA-256withDSA", "SHA2/DSA", "SHA-2/DSA", "SHA-256/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA256withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA256withDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.5", "2.16.840.1.101.3.4.3.5", - "SHA3-224withDSA", "SHA3-224/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-224withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA3_224withDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.6", "2.16.840.1.101.3.4.3.6", - "SHA3-256withDSA", // Added per tag IBM-ALIASES] in DesignNotes.txt - "SHA3-256/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-256withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA3_256withDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.7", "2.16.840.1.101.3.4.3.7", - "SHA3-384withDSA", "SHA3-384/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-384withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA3_384withDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.8", "2.16.840.1.101.3.4.3.8", - "SHA3-512withDSA", // Added per tag IBM-ALIASES] in DesignNotes.txt - "SHA3-512/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-512withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA3_512withDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.1", "1.2.840.10045.4.1", "SHAwithECDSA", - "SHA-1withECDSA", "SHA/ECDSA", "SHA-1/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA1withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA1withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.1", "1.2.840.10045.4.3.1", "SHA224/ECDSA", - "SHA-224/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA224withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA224withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.2", "1.2.840.10045.4.3.2", "SHA2withECDSA", - "SHA2/ECDSA", "SHA-256/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA256withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA256withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.3", "1.2.840.10045.4.3.3", "SHA3withECDSA", - "SHA3/ECDSA", "SHA-384/ECDSA"// Added per tag [IBM-ALIASES] in DesignNotes.txt - }; - putService(new OpenJCEPlusService(jce, "Signature", "SHA384withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA384withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.4", "1.2.840.10045.4.3.4", "SHA5withECDSA", - "SHA5/ECDSA", "SHA-512/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA512withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA512withECDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.9", "2.16.840.1.101.3.4.3.9", - "SHA3-224withECDSA", "SHA3-224/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-224withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA3_224withECDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.10", "2.16.840.1.101.3.4.3.10", - "SHA3-256withECDSA", "SHA3-256/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-256withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA3_256withECDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.11", "2.16.840.1.101.3.4.3.11", - "SHA3-384withECDSA", "SHA3-384/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-384withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA3_384withECDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.12", "2.16.840.1.101.3.4.3.12", - "SHA3-512withECDSA", "SHA3-512/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-512withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA3_512withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.5", "1.2.840.113549.1.1.5", - "OID.1.3.14.3.2.29", "1.3.14.3.2.29", "OID.1.3.14.3.2.26", "1.3.14.3.2.26", - "SHA-1withRSA", "SHAwithRSA", "SHA-1/RSA", "SHA1/RSA", "SHA/RSA", "RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA1withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA1withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.14", "1.2.840.113549.1.1.14", "SHA-224/RSA", - "SHA224/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA224withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA224withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.11", "1.2.840.113549.1.1.11", "SHA-256/RSA", - "SHA2withRSA", "SHA2/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA256withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA256withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.12", "1.2.840.113549.1.1.12", "SHA-384/RSA", - "SHA3withRSA", "SHA3/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA384withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA384withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.13", "1.2.840.113549.1.1.13", "SHA-512/RSA", - "SHA5withRSA", "SHA5/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA512withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA512withRSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.13", "2.16.840.1.101.3.4.3.13", - "SHA3-224/RSA", "SHA3-224withRSA", }; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-224withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA3_224withRSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.14", "2.16.840.1.101.3.4.3.14", - "SHA3-256/RSA", "SHA3-256withRSA", }; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-256withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA3_256withRSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.15", "2.16.840.1.101.3.4.3.15", - "SHA3-384/RSA", "SHA3-384withRSA", }; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-384withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA3_384withRSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.16", "2.16.840.1.101.3.4.3.16", - "SHA3-512/RSA", "SHA3-512withRSA", }; - putService(new OpenJCEPlusService(jce, "Signature", "SHA3-512withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA3_512withRSA", aliases)); - - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS", "OID.1.2.840.113549.1.1.10", - "1.2.840.113549.1.1.10"}; - putService(new OpenJCEPlusService(jce, "Signature", "RSAPSS", - "com.ibm.crypto.plus.provider.RSAPSSSignature", aliases)); + for (ProviderServiceReader.ServiceDefinition service : services) { + putService(new OpenJCEPlusService(this, service.getType(), service.getAlgorithm(), + service.getClassName(), service.getAliases().toArray(new String[service.getAliases().size()]), service.getAttributes())); + if (debug != null) { + debug.println(service.toString()); + } + } + if (debug != null) { + debug.println("\n\nOpenJCEPlus instance created the following Services were created:"); + for (Provider.Service service1 : this.getServices()) { + debug.println("Service: " + service1.getType() + " " + service1.getAlgorithm() + " " + service1.getClassName()); + + //Display aliases + for (String key : this.stringPropertyNames()) { + // Check for alias properties specific to the type and algorithm + if (key.startsWith("Alg.Alias." + service1.getType() + ".")) { + String aliasAlgorithm = this.getProperty(key); + if (service1.getAlgorithm().equals(aliasAlgorithm)) { + // Extract the alias name from the key + String aliasName = key.substring(("Alg.Alias." + service1.getType() + ".").length()); + debug.println("Service Alias: " + aliasName); + } + } + } + } + } } // Return the instance of this class or create one if needed. diff --git a/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusFIPS.java b/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusFIPS.java index c95041b8f..39e2be683 100644 --- a/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusFIPS.java +++ b/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusFIPS.java @@ -10,7 +10,6 @@ import com.ibm.crypto.plus.provider.ock.NativeOCKAdapterFIPS; import java.security.NoSuchAlgorithmException; -import java.security.Provider; import java.security.ProviderException; import java.util.HashMap; import java.util.List; @@ -113,10 +112,8 @@ public OpenJCEPlusFIPS() { } } - final OpenJCEPlusProvider jce = this; - - registerAlgorithms(jce); - + LoadStringConfig(this, DefaultFIPSProviderAttrs.getConfigString()); + if (instance == null) { instance = this; } @@ -133,570 +130,6 @@ public OpenJCEPlusFIPS() { } } - private void registerAlgorithms(Provider jce) { - - String[] aliases = null; - - /* ======================================================================= - * Algorithm Parameter engines - * ======================================================================= - */ - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "AES", - "com.ibm.crypto.plus.provider.AESParameters", aliases)); - - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHParameters", aliases)); - aliases = new String[] {"OID.1.2.840.10040.4.1", "1.2.840.10040.4.1", "OID.1.3.14.3.2.12", - "1.3.14.3.2.12"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "DSA", - "com.ibm.crypto.plus.provider.DSAParameters", aliases)); - - aliases = new String[] {"EllipticCurve", "OID.1.2.840.10045.2.1", "1.2.840.10045.2.1"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "EC", - "com.ibm.crypto.plus.provider.ECParameters", aliases)); - - aliases = new String[] {"AESGCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "GCM", - "com.ibm.crypto.plus.provider.GCMParameters", aliases)); - - aliases = new String[] {"AESCCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "CCM", - "com.ibm.crypto.plus.provider.CCMParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "OAEP", - "com.ibm.crypto.plus.provider.OAEPParameters", aliases)); - //ChaCha20 and ChaCha20-Poly1305 not supported in FIPS mode - - /* ======================================================================= - * Algorithm parameter generation engines - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHParameterGenerator", aliases)); - - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameters", "RSAPSS", - "com.ibm.crypto.plus.provider.PSSParameters", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "EC", - "com.ibm.crypto.plus.provider.ECParameterGenerator", aliases)); - - aliases = new String[] {"AESGCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "GCM", - "com.ibm.crypto.plus.provider.GCMParameterGenerator", aliases)); - - aliases = new String[] {"AESCCM"}; - putService(new OpenJCEPlusService(jce, "AlgorithmParameterGenerator", "CCM", - "com.ibm.crypto.plus.provider.CCMParameterGenerator", aliases)); - - /* ======================================================================= - * Cipher engines - * ======================================================================= - */ - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/GCM/NoPadding", - "com.ibm.crypto.plus.provider.AESGCMCipher", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/CCM/NoPadding", - "com.ibm.crypto.plus.provider.AESCCMCipher", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Cipher", "AES", - "com.ibm.crypto.plus.provider.AESCipher", aliases)); - - aliases = null; - Map rsaAttr = new HashMap<>(); - - String supportedPaddings = "OAEPPADDING" - + "|OAEPWITHSHA224ANDMGF1PADDING" - + "|OAEPWITHSHA-224ANDMGF1PADDING" - + "|OAEPWITHSHA256ANDMGF1PADDING" - + "|OAEPWITHSHA-256ANDMGF1PADDING" - + "|OAEPWITHSHA384ANDMGF1PADDING" - + "|OAEPWITHSHA-384ANDMGF1PADDING" - + "|OAEPWITHSHA512ANDMGF1PADDING" - + "|OAEPWITHSHA-512ANDMGF1PADDING" - + "|OAEPWITHSHA-512/224ANDMGF1PADDING" - + "|OAEPWITHSHA-512/256ANDMGF1PADDING"; - if (allowNonOAEPFIPS) { - supportedPaddings += "|OAEPWITHSHA1ANDMGF1PADDING" - + "|OAEPWITHSHA-1ANDMGF1PADDING" - + "|NOPADDING|PKCS1PADDING"; - } - rsaAttr.put("SupportedModes", "ECB"); - rsaAttr.put("SupportedPaddings", supportedPaddings); - rsaAttr.put("SupportedKeyClasses", - "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"); - putService(new OpenJCEPlusService(jce, "Cipher", "RSA", "com.ibm.crypto.plus.provider.RSA", - aliases, rsaAttr)); - - aliases = new String[] {"AESWrap"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW", aliases)); - - aliases = new String[] {"AESWrapPad"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP", aliases)); - - aliases = new String[] {"AESWrap_128", - "2.16.840.1.101.3.4.1.5", - "OID.2.16.840.1.101.3.4.1.5"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_128/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_128", aliases)); - - aliases = new String[] {"AESWrapPad_128", - "2.16.840.1.101.3.4.1.8", - "OID.2.16.840.1.101.3.4.1.8"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_128/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_128", aliases)); - - aliases = new String[] {"AESWrap_192", - "2.16.840.1.101.3.4.1.25", - "OID.2.16.840.1.101.3.4.1.25"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_192/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_192", aliases)); - - aliases = new String[] {"AESWrapPad_192", - "2.16.840.1.101.3.4.1.28", - "OID.2.16.840.1.101.3.4.1.28"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_192/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_192", aliases)); - - aliases = new String[] {"AESWrap_256", - "2.16.840.1.101.3.4.1.45", - "OID.2.16.840.1.101.3.4.1.45"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_256/KW/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_256", aliases)); - - aliases = new String[] {"AESWrapPad_256", - "2.16.840.1.101.3.4.1.48", - "OID.2.16.840.1.101.3.4.1.48"}; - putService(new OpenJCEPlusService(jce, "Cipher", "AES_256/KWP/NoPadding", - "com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_256", aliases)); - - /* ======================================================================= - * Key agreement - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "KeyAgreement", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHKeyAgreement", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "KeyAgreement", "ECDH", - "com.ibm.crypto.plus.provider.ECDHKeyAgreement", aliases)); - - /* ======================================================================= - * Key factories - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHKeyFactory", aliases)); - - aliases = new String[] {"OID.1.2.840.10040.4.1", "1.2.840.10040.4.1", "OID.1.3.14.3.2.12", - "1.3.14.3.2.12", "DSAKeyFactory"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "DSA", - "com.ibm.crypto.plus.provider.DSAKeyFactory", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.2.1", "1.2.840.10045.2.1", "EllipticCurve"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "EC", - "com.ibm.crypto.plus.provider.ECKeyFactory", aliases)); - - aliases = new String[] {"OID.1.2.5.8.1.1", "1.2.5.8.1.1", "OID.1.2.840.113549.1.1.1", - "1.2.840.113549.1.1.1", "OID.1.2.840.113549.1.1", "1.2.840.113549.1.1"}; - putService(new OpenJCEPlusService(jce, "KeyFactory", "RSA", - "com.ibm.crypto.plus.provider.RSAKeyFactory$Legacy", aliases)); - - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS", "OID.1.2.840.113549.1.1.10", - "1.2.840.113549.1.1.10"}; - - putService(new OpenJCEPlusService(jce, "KeyFactory", "RSAPSS", - "com.ibm.crypto.plus.provider.RSAKeyFactory$PSS", aliases)); - - /* ======================================================================= - * Key Generator engines - * ======================================================================= - */ - aliases = new String[] {"2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "AES", - "com.ibm.crypto.plus.provider.AESKeyGenerator", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.8", "1.2.840.113549.2.8", "HMACwithSHA224", - "HMACwithSHA-224", "HmacSHA-224"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA224", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA224", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.9", "1.2.840.113549.2.9", "HMACwithSHA256", - "HMACwithSHA-256", "HmacSHA-256"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA256", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA256", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.10", "1.2.840.113549.2.10", "HMACwithSHA384", - "HMACwithSHA-384", "HmacSHA-384"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA384", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA384", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.11", "1.2.840.113549.2.11", "HMACwithSHA512", - "HMACwithSHA-512", "HmacSHA-512"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA512", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA512", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.13", "2.16.840.1.101.3.4.2.13", - "HMACwithSHA3-224", "HmacSHA3-224"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-224", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_224", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.14", "2.16.840.1.101.3.4.2.14", - "HMACwithSHA3-256", "HmacSHA3-256"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-256", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_256", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.15", "2.16.840.1.101.3.4.2.15", - "HMACwithSHA3-384", "HmacSHA3-384"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-384", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_384", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.16", "2.16.840.1.101.3.4.2.16", - "HMACwithSHA3-512", "HmacSHA3-512"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "HmacSHA3-512", - "com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_512", aliases)); - - aliases = new String[] {"TlsPrf"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsPrf", - "com.ibm.crypto.plus.provider.TlsPrfGenerator$V10", aliases)); - - aliases = new String[] {"Tls12Prf"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12Prf", - "com.ibm.crypto.plus.provider.TlsPrfGenerator$V12", aliases)); - - aliases = new String[] {"TlsRsaPremasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsRsaPremasterSecret", - "com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator", aliases)); - - aliases = new String[] {"Tls12RsaPremasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12RsaPremasterSecret", - "com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator", aliases)); - - aliases = new String[] {"TlsMasterSecret", "TlsExtendedMasterSecret", - "SunTlsExtendedMasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsMasterSecret", - "com.ibm.crypto.plus.provider.TlsMasterSecretGenerator", aliases)); - - aliases = new String[] {"Tls12MasterSecret"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12MasterSecret", - "com.ibm.crypto.plus.provider.TlsMasterSecretGenerator", aliases)); - - aliases = new String[] {"TlsKeyMaterial"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTlsKeyMaterial", - "com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator", aliases)); - - aliases = new String[] {"Tls12KeyMaterial"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "SunTls12KeyMaterial", - "com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator", aliases)); - // Not supported in FIPS mode yet - Used for both ChaCha20 and ChaCha20-Poly1305 ciphers - - /* ======================================================================= - * Keypair Generator engines - * ======================================================================= - */ - aliases = new String[] {"DH", "OID." + OID_PKCS3, OID_PKCS3}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "DiffieHellman", - "com.ibm.crypto.plus.provider.DHKeyPairGenerator", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.2.1", "1.2.840.10045.2.1", "EllipticCurve"}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "EC", - "com.ibm.crypto.plus.provider.ECKeyPairGenerator", aliases)); - - aliases = new String[] {"OID.1.2.5.8.1.1", "1.2.5.8.1.1", "OID.1.2.840.113549.1.1", - "1.2.840.113549.1.1"}; - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "RSA", - "com.ibm.crypto.plus.provider.RSAKeyPairGenerator$Legacy", aliases)); - - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS"}; - - putService(new OpenJCEPlusService(jce, "KeyPairGenerator", "RSAPSS", - "com.ibm.crypto.plus.provider.RSAKeyPairGenerator$PSS", aliases)); - - /* ======================================================================= - * Message authentication engines - * ======================================================================= - */ - - aliases = new String[] {"OID.1.2.840.113549.2.8", "1.2.840.113549.2.8", "HMACwithSHA224", - "HMACwithSHA-224", "HmacSHA-224"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA224", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA224", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.9", "1.2.840.113549.2.9", "HMACwithSHA256", - "HMACwithSHA-256", "HmacSHA-256"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA256", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA256", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.10", "1.2.840.113549.2.10", "HMACwithSHA384", - "HMACwithSHA-384", "HmacSHA-384"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA384", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA384", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.2.11", "1.2.840.113549.2.11", "HMACwithSHA512", - "HMACwithSHA-512", "HmacSHA-512"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA512", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA512", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.13", "2.16.840.1.101.3.4.2.13", - "HMACwithSHA3-224", "HmacSHA3-224"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-224", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_224", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.14", "2.16.840.1.101.3.4.2.14", - "HMACwithSHA3-256", "HmacSHA3-256"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-256", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_256", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.15", "2.16.840.1.101.3.4.2.15", - "HMACwithSHA3-384", "HmacSHA3-384"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-384", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_384", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.16", "2.16.840.1.101.3.4.2.16", - "HMACwithSHA3-512", "HmacSHA3-512"}; - putService(new OpenJCEPlusService(jce, "MAC", "HmacSHA3-512", - "com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_512", aliases)); - - /* ======================================================================= - * HKDF Algorithms use key generator spis - OIDs are not finalized - * Oracle does not go through provider. Directly calls HKDF. Not supported till - * Next GSkit Crypto FIPS certification. - * ======================================================================= - */ - - aliases = new String[] {"kda-hkdf-with-sha-224"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha224", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA224", aliases)); - - aliases = new String[] {"kda-hkdf-with-sha-256"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha256", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA256", aliases)); - aliases = new String[] {"kda-hkdf-with-sha-384"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha384", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA384", aliases)); - aliases = new String[] {"kda-hkdf-with-sha-512"}; - putService(new OpenJCEPlusService(jce, "KeyGenerator", "kda-hkdf-with-sha512", - "com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA512", aliases)); - - /* ======================================================================= - * MessageDigest engines - * ======================================================================= - */ - aliases = null; - putService(new OpenJCEPlusService(jce, "MessageDigest", "MD5", - "com.ibm.crypto.plus.provider.MessageDigest$MD5", aliases)); - - aliases = new String[] {"SHA", "SHA1", "OID.1.3.14.3.2.26", "1.3.14.3.2.26"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-1", - "com.ibm.crypto.plus.provider.MessageDigest$SHA1", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.4", "2.16.840.1.101.3.4.2.4", "SHA224"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-224", - "com.ibm.crypto.plus.provider.MessageDigest$SHA224", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.1", "2.16.840.1.101.3.4.2.1", "SHA2", - "SHA-2", "SHA256"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-256", - "com.ibm.crypto.plus.provider.MessageDigest$SHA256", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.2", "2.16.840.1.101.3.4.2.2", "SHA3", - "SHA-3", "SHA384"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-384", - "com.ibm.crypto.plus.provider.MessageDigest$SHA384", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.2.3", "2.16.840.1.101.3.4.2.3", "SHA5", - "SHA-5", "SHA512"}; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-512", - "com.ibm.crypto.plus.provider.MessageDigest$SHA512", aliases)); - - // SHA512-224 - aliases = new String[] {"SHA512/224", "OID.2.16.840.1.101.3.4.2.5", - "2.16.840.1.101.3.4.2.5", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-512/224", - "com.ibm.crypto.plus.provider.MessageDigest$SHA512_224", aliases)); - - // SHA512-256 - - aliases = new String[] {"SHA512/256", "OID.2.16.840.1.101.3.4.2.6", - "2.16.840.1.101.3.4.2.6", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA-512/256", - "com.ibm.crypto.plus.provider.MessageDigest$SHA512_256", aliases)); - - //SHA3 Hashes - aliases = new String[] {"SHA3-224", "OID.2.16.840.1.101.3.4.2.7", - "2.16.840.1.101.3.4.2.7", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-224", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_224", aliases)); - aliases = new String[] {"SHA3-256", "OID.2.16.840.1.101.3.4.2.8", - "2.16.840.1.101.3.4.2.8", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-256", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_256", aliases)); - aliases = new String[] {"SHA3-384", "OID.2.16.840.1.101.3.4.2.9", - "2.16.840.1.101.3.4.2.9", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-384", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_384", aliases)); - aliases = new String[] {"SHA3-512", "OID.2.16.840.1.101.3.4.2.10", - "2.16.840.1.101.3.4.2.10", }; - putService(new OpenJCEPlusService(jce, "MessageDigest", "SHA3-512", - "com.ibm.crypto.plus.provider.MessageDigest$SHA3_512", aliases)); - /* ======================================================================= - * Secret key factories - * ======================================================================= - */ - aliases = new String[] {"2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"}; - putService(new OpenJCEPlusService(jce, "SecretKeyFactory", "AES", - "com.ibm.crypto.plus.provider.AESKeyFactory", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA224", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA224", - aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA256", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA256", - aliases)); - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA384", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA384", - aliases)); - aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "PBKDF2WithHmacSHA512", - "com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512", - aliases)); - - /* Not yet supported in FIPS mode - * aliases = null; - putService(new OpenJCEPlusService(jce, - "SecretKeyFactory", - "ChaCha20", - "com.ibm.crypto.plus.provider.ChaCha20KeyFactory", - aliases));*/ - - /* ======================================================================= - * SecureRandom - * ======================================================================= - */ - Map attrsSecureRandom = new HashMap<>(); - attrsSecureRandom.put("ThreadSafe", "true"); - aliases = new String[] {"HASHDRBG", "SHA2DRBG"}; - putService(new OpenJCEPlusService(jce, "SecureRandom", "SHA256DRBG", - "com.ibm.crypto.plus.provider.HASHDRBG$SHA256DRBG", aliases, attrsSecureRandom)); - - aliases = new String[] {"SHA5DRBG"}; - putService(new OpenJCEPlusService(jce, "SecureRandom", "SHA512DRBG", - "com.ibm.crypto.plus.provider.HASHDRBG$SHA512DRBG", aliases, attrsSecureRandom)); - - /* ======================================================================= - * Signature engines - * ======================================================================= - */ - aliases = new String[] {"DSAforSSL"}; - putService(new OpenJCEPlusService(jce, "Signature", "NONEwithDSA", - "com.ibm.crypto.plus.provider.DSASignatureNONE", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Signature", "NONEwithRSA", - "com.ibm.crypto.plus.provider.RSASignatureNONE", aliases)); - - aliases = null; - putService(new OpenJCEPlusService(jce, "Signature", "RSAforSSL", - "com.ibm.crypto.plus.provider.RSASignatureSSL", aliases)); - - aliases = new String[] {"ECDSAforSSL"}; - - putService(new OpenJCEPlusService(jce, "Signature", "NONEwithECDSA", - "com.ibm.crypto.plus.provider.DatawithECDSA", aliases)); - - aliases = new String[] {"ECDSAforSSL"}; - putService(new OpenJCEPlusService(jce, "Signature", "NONEwithECDSA", - "com.ibm.crypto.plus.provider.DatawithECDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.1", "2.16.840.1.101.3.4.3.1", - "SHA-224withDSA", "SHA224/DSA", "SHA-224/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA224withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA224withDSA", aliases)); - - aliases = new String[] {"OID.2.16.840.1.101.3.4.3.2", "2.16.840.1.101.3.4.3.2", - "SHA2withDSA", "SHA-2withDSA", "SHA-256withDSA", "SHA2/DSA", "SHA-2/DSA", - "SHA-256/DSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA256withDSA", - "com.ibm.crypto.plus.provider.DSASignature$SHA256withDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.1", "1.2.840.10045.4.3.1", "SHA224/ECDSA", - "SHA-224/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA224withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA224withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.2", "1.2.840.10045.4.3.2", "SHA2withECDSA", - "SHA2/ECDSA", "SHA-256/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA256withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA256withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.3", "1.2.840.10045.4.3.3", "SHA3withECDSA", - "SHA3/ECDSA", "SHA-384/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA384withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA384withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.10045.4.3.4", "1.2.840.10045.4.3.4", "SHA5withECDSA", - "SHA5/ECDSA", "SHA-512/ECDSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA512withECDSA", - "com.ibm.crypto.plus.provider.ECDSASignature$SHA512withECDSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.5", "1.2.840.113549.1.1.5", - "OID.1.3.14.3.2.29", "1.3.14.3.2.29", "OID.1.3.14.3.2.26", "1.3.14.3.2.26", - "SHA-1withRSA", "SHAwithRSA", "SHA-1/RSA", "SHA1/RSA", "SHA/RSA", "RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA1withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA1withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.14", "1.2.840.113549.1.1.14", "SHA-224/RSA", - "SHA224/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA224withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA224withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.11", "1.2.840.113549.1.1.11", "SHA-256/RSA", - "SHA2withRSA", "SHA2/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA256withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA256withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.12", "1.2.840.113549.1.1.12", "SHA-384/RSA", - "SHA3withRSA", "SHA3/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA384withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA384withRSA", aliases)); - - aliases = new String[] {"OID.1.2.840.113549.1.1.13", "1.2.840.113549.1.1.13", "SHA-512/RSA", - "SHA5withRSA", "SHA5/RSA"}; - putService(new OpenJCEPlusService(jce, "Signature", "SHA512withRSA", - "com.ibm.crypto.plus.provider.RSASignature$SHA512withRSA", aliases)); - - aliases = new String[] {"RSA-PSS", "RSASSA-PSS", "RSASA-PSS", "OID.1.2.840.113549.1.1.10", - "1.2.840.113549.1.1.10"}; - putService(new OpenJCEPlusService(jce, "Signature", "RSAPSS", - "com.ibm.crypto.plus.provider.RSAPSSSignature", aliases)); - - } - // Return the instance of this class or create one if needed. // static OpenJCEPlusFIPS getInstance() { diff --git a/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusProvider.java b/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusProvider.java index 2872ff445..b7118c52c 100644 --- a/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusProvider.java +++ b/src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusProvider.java @@ -8,6 +8,9 @@ package com.ibm.crypto.plus.provider; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.StringReader; import java.lang.ref.Cleaner; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; @@ -115,6 +118,40 @@ void setExceptionCause(Exception exception, Throwable throwable) { } } + protected void LoadStringConfig(Provider prov, String configName) throws InvalidParameterException { + if (configName == null) { + throw new InvalidParameterException("configName is null"); + } + if (configName.length() == 0) { + throw new InvalidParameterException("configName is empty"); + } + if (configName.indexOf('\\') != -1) { + throw new InvalidParameterException("configName contains '\\'"); + } + + try { + ProviderServiceReader config = new ProviderServiceReader(new BufferedReader(new StringReader(configName))); + List services = config.readServices(); + if (debug != null) { + debug.println("Provider Name - " + config.getName()); + debug.println("Provider Description - " + config.getDesc()); + debug.println("Numnber of Services - " + services.size()); + debug.println("Services:"); + } + + for (ProviderServiceReader.ServiceDefinition service : services) { + putService(new OpenJCEPlusService(prov, service.getType(), service.getAlgorithm(), + service.getClassName(), service.getAliases().toArray(new String[service.getAliases().size()]), service.getAttributes())); + if (debug != null) { + debug.println(service.toString()); + } + } + } catch (IOException e) { + throw new InvalidParameterException("Error configuring OpenJCEPlus provider - " + e.getMessage()); + } + + } + protected static class OpenJCEPlusService extends Service { private static Class openjceplusClass; diff --git a/src/main/java/com/ibm/crypto/plus/provider/ProviderServiceReader.java b/src/main/java/com/ibm/crypto/plus/provider/ProviderServiceReader.java new file mode 100644 index 000000000..2fa754ff4 --- /dev/null +++ b/src/main/java/com/ibm/crypto/plus/provider/ProviderServiceReader.java @@ -0,0 +1,439 @@ +/* + * Copyright IBM Corp. 2026 + * + * This code is free software; you can redistribute it and/or modify it + * under the terms provided by IBM in the LICENSE file that accompanied + * this code, including the "Classpath" Exception described therein. + */ + +package com.ibm.crypto.plus.provider; + +import java.io.BufferedReader; +import java.io.FileReader; +import java.io.IOException; +import java.io.StringReader; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Set; +import sun.security.util.Debug; + +/** + * A class to read and parse Provider.Service definitions from a file. + * + * The format of these files is discussed in detail in PROVIDER_CONFIG_FORMAT.md + * + */ +public class ProviderServiceReader { + + private String filePath = null; + private String name; + private String description; + private BufferedReader reader = null; + private String defaults = null; + private Set setDefAttributes = null; + private Properties defPr = null; + private boolean def = false; + private static Debug debug = Debug.getInstance("jceplus"); + + /** + * Represents a single service definition parsed from the file. + */ + public static class ServiceDefinition { + private final String type; + private final String algorithm; + private final String className; + private final List aliases; + private final Map attributes; + + public ServiceDefinition(String type, String algorithm, String className, + List aliases, Map attributes) { + this.type = type; + this.algorithm = algorithm; + this.className = className; + this.aliases = aliases != null ? new ArrayList<>(aliases) : new ArrayList<>(); + this.attributes = attributes != null ? new HashMap<>(attributes) : new HashMap<>(); + } + + public String getType() { + return type; + } + + public String getAlgorithm() { + return algorithm; + } + + public String getClassName() { + return className; + } + + public List getAliases() { + return new ArrayList<>(aliases); + } + + public Map getAttributes() { + return new HashMap<>(attributes); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("ServiceDefinition[") + .append(", type=").append(type) + .append(", algorithm=").append(algorithm) + .append(", className=").append(className); + if (!aliases.isEmpty()) { + sb.append(", aliases=").append(aliases); + } + if (!attributes.isEmpty()) { + sb.append(" Attributes: "); + for (Map.Entry en : attributes.entrySet()) { + sb.append(" key - " + en.getKey()); + sb.append(" value - " + en.getValue()); + } + } + sb.append("]"); + return sb.toString(); + } + } + + /** + * Creates a new ProviderServiceReader for the specified file. + * + * @param filePath the path to the file containing service definitions + */ + public ProviderServiceReader(String filePath) { + this.filePath = filePath; + } + + /** + * Creates a new ProviderServiceReader for the specified file. + * + * @param filePath the path to the file containing service definitions + */ + public ProviderServiceReader(BufferedReader br) { + this.reader = br; + } + + /** + * Reads and parses all service definitions from the file. + * + * @return a list of ServiceDefinition objects + * @throws IOException if an I/O error occurs reading the file + */ + public List readServices() throws IOException { + List services = new ArrayList<>(); + Set setAliases = new HashSet<>(); + Set setAttributes = new HashSet<>(); + Set setServices = new HashSet<>(); + BufferedReader rd = null; + Properties pr = new Properties(); + + try { + if (filePath == null && this.reader == null) { + throw new IOException("No file or BufferedReader specified"); + } else if (null == filePath && this.reader != null) { + rd = this.reader; + } else if (filePath != null && !Files.exists(Paths.get(filePath))) { + throw new IOException("File not found: " + filePath); + } else { + // this filePath != null && Files.exists(Paths.get(filePath)) + rd = new BufferedReader(new FileReader(filePath)); + } + + pr.load(rd); + rd.close(); + + Set keys = pr.stringPropertyNames(); + + //Split keys in groups: Aliases, Attributes and Services + for (String key : keys) { + String[] parts = key.split("\\."); + + if (parts.length == 3 && parts[0].equalsIgnoreCase("Service")) { + setServices.add(key); + } else if (parts.length == 4 && parts[2].equalsIgnoreCase("alias")) { + setAliases.add(key); + } else if (parts.length == 5 && parts[2].equalsIgnoreCase("attr")) { + setAttributes.add(key); + } else if (parts.length == 1 && parts[0].equalsIgnoreCase("name")) { + name = pr.getProperty(key); + } else if (parts.length == 1 && parts[0].equalsIgnoreCase("description")) { + description = pr.getProperty(key); + } else if (parts.length == 1 && parts[0].equalsIgnoreCase("default")) { + defaults = pr.getProperty(key); + } else { + throw new IOException("Invalid key: " + key); + } + } + + //Get default values, if needed. + if (defaults != null && + (defaults.equalsIgnoreCase("true" ) || + defaults.equals("1"))) { + BufferedReader defRd = new BufferedReader(new StringReader(DefaultProviderAttrs.defaultProvAttrs)); + defPr = new Properties(); + defPr.load(defRd); + + //Add default Services + Set defKeys = defPr.stringPropertyNames(); + + for (String key : defKeys) { + String[] parts = key.split("\\."); + + if (parts.length == 3 && parts[0].equalsIgnoreCase("Service")) { + List aliases = processAliases(parts, defPr, pr, setAliases); + Map attributes = processAttributes(parts, setAttributes, defPr, pr); + ServiceDefinition service = new ServiceDefinition(parts[1], parts[2], defPr.getProperty(key), aliases, attributes); + if (service != null) { + services.add(service); + aliases = null; + attributes.clear(); + } + } + } + + def = true; + } + + for (String key : setServices) { + String[] parts = key.split("\\."); + List aliases = processAliases(parts, pr, null, null); + Map attributes = processAttributes(parts, setAttributes, pr, null); + ServiceDefinition service = new ServiceDefinition(parts[1], parts[2], pr.getProperty(key), aliases, attributes); + if (service != null) { + services.add(service); + aliases = null; + attributes.clear(); + } + } + } catch (Exception e) { + if (debug != null) { + debug.println("File issue Stack trace: "); + e.printStackTrace(); + } + throw new IOException("File issue: " + e.getMessage()); + } + + return services; + } + + /** + * Process the aliases array from a putService statement. + * Assume that there is only ever one .add, .replace or .delete property. + * per Type and Algorithm. + * + * @param parts the service key parts (Service, Type, Algorithm) + * @param defaultPr the default properties (can be null) + * @param configPr the config file properties (can be null) + * @param configAliases the set of alias keys from config file (can be null) + * @return a list of alias strings + */ + private List processAliases(String[] parts, Properties defaultPr, Properties configPr, Set configAliases) { + List ali = new ArrayList<>(); + String keyBase = parts[1] + "." + parts[2] + ".alias"; + + //There is only ever one .add, .replace or .delete per Type and Algorithm. + //The defaults if applicable need to be added in first and then the + //properties from the config are applied. + //.add will add those alaises to the list with the default ones(if applicable) + //.delete will remove the aliasses from the current list of aliases + //.replace will remove the current list of aliases and then add the new ones. + + //add the default aliases if applicable. + if (defaultPr != null) { + String value = defaultPr.getProperty(keyBase + ".add"); + if (value != null) { + String[] aliases = value.split("\\s*,\\s*"); + for (String alias : aliases) { + ali.add(alias); + } + } + } + + //Process the aliases from the config file. + if (configPr != null) { + String value = configPr.getProperty(keyBase + ".add"); + + if (value != null) { + String[] aliases = value.split("\\s*,\\s*"); + for (String alias : aliases) { + alias.trim(); + if (alias.length() > 0) { + ali.add(alias); + } + } + } + + value = configPr.getProperty(keyBase + ".delete"); + if (value != null) { + String[] aliases = value.split("\\s*,\\s*"); + for (String alias : aliases) { + ali.remove(alias); + } + } + + value = configPr.getProperty(keyBase + ".replace"); + if (value != null) { + String[] aliases = value.split("\\s*,\\s*"); + ali.clear(); + for (String alias : aliases) { + alias.trim(); + if (alias.length() > 0) { + ali.add(alias); + } + } + } + } + + return ali; + } + + /** + * Parses attributes from a putService statement. + * + * @param parts the service key parts (Service, Type, Algorithm) + * @param configAttrs the set of attribute keys from config file + * @param defaultPr the default properties (can be null) + * @param configPr the config file properties (can be null) + * @return a map of attribute key-value pairs + */ + private Map processAttributes(String[] parts, Set configAttrs, Properties defaultPr, Properties configPr) { + Map attributes = new HashMap<>(); + String search = parts[1] + "." + parts[2] + ".attr"; + + //Only .add, and .delete are supported for Attributes + //The defaults if applicable need to be added those in first and then the + //properties from the config are applied. + //.add will add the Attributes to the list with the default ones(if applicable) + //.delete will remove the Attribute from the current list of Attributes + + //add the default Attributes if applicable. + if (defaultPr != null) { + //Create the list of default Attributes + if (setDefAttributes == null) { + setDefAttributes = new HashSet<>(); + + Set keys = defaultPr.stringPropertyNames(); + + //Split keys in groups: Aliases, Attributes and Services + for (String key : keys) { + String[] defParts = key.split("\\."); + + if (defParts.length == 5 && defParts[2].equalsIgnoreCase("attr")) { + setDefAttributes.add(key); + } + } + } + + // Add Default Attributes + if (setDefAttributes != null && setDefAttributes.size() > 0) { + for (String attribute : setDefAttributes) { + if (attribute.startsWith(search)) { + String[] pieces = attribute.split("\\."); + if (pieces[3].equalsIgnoreCase("add")) { + attributes.put(pieces[4], defaultPr.getProperty(attribute)); + } + } + } + } + } + + //Add or remove Attributes based on config file. + //Process adds first, then deletes to ensure correct order + if (configPr != null && configAttrs != null) { + // First pass: process all "add" operations + for (String attribute : configAttrs) { + if (attribute.startsWith(search)) { + String[] pieces = attribute.split("\\."); + if (pieces[3].equalsIgnoreCase("add")) { + attributes.put(pieces[4], configPr.getProperty(attribute)); + } + } + } + // Second pass: process all "delete" operations + for (String attribute : configAttrs) { + if (attribute.startsWith(search)) { + String[] pieces = attribute.split("\\."); + if (pieces[3].equalsIgnoreCase("delete")) { + attributes.remove(pieces[4]); + } + } + } + } + return attributes; + } + + /** + * Filters services by type. + * + * @param services the list of services to filter + * @param type the service type to filter by + * @return a list of services matching the specified type + */ + public List filterByType(List services, String type) { + List filtered = new ArrayList<>(); + for (ServiceDefinition service : services) { + if (service.getType().equalsIgnoreCase(type)) { + filtered.add(service); + } + } + return filtered; + } + + /** + * Filters services by algorithm. + * + * @param services the list of services to filter + * @param algorithm the algorithm to filter by + * @return a list of services matching the specified algorithm + */ + public List filterByAlgorithm(List services, String algorithm) { + List filtered = new ArrayList<>(); + for (ServiceDefinition service : services) { + if (service.getAlgorithm().equalsIgnoreCase(algorithm)) { + filtered.add(service); + } + } + return filtered; + } + + /** + * Gets all unique service types from the list. + * + * @param services the list of services + * @return a list of unique service types + */ + public List getUniqueTypes(List services) { + List types = new ArrayList<>(); + for (ServiceDefinition service : services) { + if (!types.contains(service.getType())) { + types.add(service.getType()); + } + } + return types; + } + + /** + * Gets the name of the provider that was read in from the config file. + * + * @return a String that contains the provider name + */ + public String getName() { + return name; + } + + /** + * Gets the descripton that was read in from the config file. + * + * @return a String that contains the description + */ + public String getDesc() { + return description; + } +} diff --git a/src/test/ProviderDefAttrs.config b/src/test/ProviderDefAttrs.config new file mode 100644 index 000000000..2db4c1a9d --- /dev/null +++ b/src/test/ProviderDefAttrs.config @@ -0,0 +1,550 @@ +# +# Copyright IBM Corp. 2026 +# +# This code is free software; you can redistribute it and/or modify it +# under the terms provided by IBM in the LICENSE file that accompanied +# this code, including the "Classpath" Exception described therein. + + +name = test + +description = OpenJCEPlus-test Provider + + +Service.AlgorithmParameters.AES = com.ibm.crypto.plus.provider.AESParameters + + + +AlgorithmParameters.DESede.alias.add = TripleDES, 3DES +Service.AlgorithmParameters.DESede = com.ibm.crypto.plus.provider.DESedeParameters + +AlgorithmParameters.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.AlgorithmParameters.DiffieHellman = com.ibm.crypto.plus.provider.DHParameters + +AlgorithmParameters.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12 +Service.AlgorithmParameters.DSA = com.ibm.crypto.plus.provider.DSAParameters + +AlgorithmParameters.EC.alias.add = EllipticCurve, OID.1.2.840.10045.2.1, 1.2.840.10045.2.1 +Service.AlgorithmParameters.EC = com.ibm.crypto.plus.provider.ECParameters + +AlgorithmParameters.GCM.alias.add = AESGCM +Service.AlgorithmParameters.GCM = com.ibm.crypto.plus.provider.GCMParameters + +AlgorithmParameters.CCM.alias.add = AESCCM +Service.AlgorithmParameters.CCM = com.ibm.crypto.plus.provider.CCMParameters + +Service.AlgorithmParameters.OAEP = com.ibm.crypto.plus.provider.OAEPParameters + +Service.AlgorithmParameters.PBEWithHmacSHA1AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA1AndAES_128 + +Service.AlgorithmParameters.PBEWithHmacSHA1AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA1AndAES_256 + +Service.AlgorithmParameters.PBEWithHmacSHA224AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA224AndAES_128 + +Service.AlgorithmParameters.PBEWithHmacSHA224AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA224AndAES_256 + +Service.AlgorithmParameters.PBEWithHmacSHA256AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA256AndAES_128 + +Service.AlgorithmParameters.PBEWithHmacSHA256AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA256AndAES_256 + +Service.AlgorithmParameters.PBEWithHmacSHA384AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA384AndAES_128 + +Service.AlgorithmParameters.PBEWithHmacSHA384AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA384AndAES_256 + +Service.AlgorithmParameters.PBEWithHmacSHA512AndAES_128 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA512AndAES_128 + +Service.AlgorithmParameters.PBEWithHmacSHA512AndAES_256 = com.ibm.crypto.plus.provider.PBES2Parameters$HmacSHA512AndAES_256 + +Service.AlgorithmParameters.ChaCha20-Poly1305 = com.ibm.crypto.plus.provider.ChaCha20Poly1305Parameters + +Service.AlgorithmParameters.PBEWithSHA1AndDESede = com.ibm.crypto.plus.provider.PBEParameters +Service.AlgorithmParameters.PBEWithSHA1AndRC2_40 = com.ibm.crypto.plus.provider.PBEParameters +Service.AlgorithmParameters.PBEWithSHA1AndRC2_128 = com.ibm.crypto.plus.provider.PBEParameters +Service.AlgorithmParameters.PBEWithSHA1AndRC4_40 = com.ibm.crypto.plus.provider.PBEParameters +Service.AlgorithmParameters.PBEWithSHA1AndRC4_128 = com.ibm.crypto.plus.provider.PBEParameters + +# ======================================================================= + # Algorithm parameter generation engines + # ======================================================================= + # +AlgorithmParameterGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.AlgorithmParameterGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHParameterGenerator + +AlgorithmParameters.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS +Service.AlgorithmParameters.RSAPSS = com.ibm.crypto.plus.provider.PSSParameters + +Service.AlgorithmParameterGenerator.DSA = com.ibm.crypto.plus.provider.DSAParameterGenerator + +Service.AlgorithmParameterGenerator.EC = com.ibm.crypto.plus.provider.ECParameterGenerator + +AlgorithmParameterGenerator.GCM.alias.add = AESGCM +Service.AlgorithmParameterGenerator.GCM = com.ibm.crypto.plus.provider.GCMParameterGenerator + +AlgorithmParameterGenerator.CCM.alias.add = AESCCM +Service.AlgorithmParameterGenerator.CCM = com.ibm.crypto.plus.provider.CCMParameterGenerator + +# ======================================================================= + # Cipher engines + # ======================================================================= + # +Service.Cipher.AES/GCM/NoPadding = com.ibm.crypto.plus.provider.AESGCMCipher + +Service.Cipher.AES/CCM/NoPadding = com.ibm.crypto.plus.provider.AESCCMCipher + +Service.Cipher.AES = com.ibm.crypto.plus.provider.AESCipher + +Cipher.AES/KW/NoPadding.alias.add = AESWrap +Service.Cipher.AES/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW + +Cipher.AES/KWP/NoPadding.alias.add = AESWrapPad +Service.Cipher.AES/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP + +Cipher.AES_128/KW/NoPadding.alias.add = AESWrap_128, 2.16.840.1.101.3.4.1.5, OID.2.16.840.1.101.3.4.1.5 +Service.Cipher.AES_128/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_128 + +Cipher.AES_128/KWP/NoPadding.alias.add = AESWrapPad_128, 2.16.840.1.101.3.4.1.8, OID.2.16.840.1.101.3.4.1.8 +Service.Cipher.AES_128/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_128 + +Cipher.AES_192/KW/NoPadding.alias.add = AESWrap_192, 2.16.840.1.101.3.4.1.25, OID.2.16.840.1.101.3.4.1.25 +Service.Cipher.AES_192/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_192 + +Cipher.AES_192/KWP/NoPadding.alias.add = AESWrapPad_192, 2.16.840.1.101.3.4.1.28, OID.2.16.840.1.101.3.4.1.28 +Service.Cipher.AES_192/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_192 + +Cipher.AES_256/KW/NoPadding.alias.add = AESWrap_256, 2.16.840.1.101.3.4.1.45, OID.2.16.840.1.101.3.4.1.45 +Service.Cipher.AES_256/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_256 + +Cipher.AES_256/KWP/NoPadding.alias.add = AESWrapPad_256, 2.16.840.1.101.3.4.1.48, OID.2.16.840.1.101.3.4.1.48 +Service.Cipher.AES_256/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_256 + +Cipher.DESede.alias.add = TripleDES, 3DES +Service.Cipher.DESede = com.ibm.crypto.plus.provider.DESedeCipher + +Service.Cipher.RSA = com.ibm.crypto.plus.provider.RSA + +Service.Cipher.ChaCha20 = com.ibm.crypto.plus.provider.ChaCha20Cipher + +Service.Cipher.ChaCha20-Poly1305 = com.ibm.crypto.plus.provider.ChaCha20Poly1305Cipher + +Service.Cipher.PBEWithHmacSHA1AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA1AndAES_128 + +Service.Cipher.PBEWithHmacSHA1AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA1AndAES_256 + +Service.Cipher.PBEWithHmacSHA224AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA224AndAES_128 + +Service.Cipher.PBEWithHmacSHA224AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA224AndAES_256 + +Service.Cipher.PBEWithHmacSHA256AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA256AndAES_128 + +Service.Cipher.PBEWithHmacSHA256AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA256AndAES_256 + +Service.Cipher.PBEWithHmacSHA384AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA384AndAES_128 + +Service.Cipher.PBEWithHmacSHA384AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA384AndAES_256 + +Service.Cipher.PBEWithHmacSHA512AndAES_128 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA512AndAES_128 + +Service.Cipher.PBEWithHmacSHA512AndAES_256 = com.ibm.crypto.plus.provider.PBES2Core$HmacSHA512AndAES_256 + +Service.Cipher.PBEWithSHA1AndDESede = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndDESede + +Service.Cipher.PBEWithSHA1AndRC2_40 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC2_40 + +Service.Cipher.PBEWithSHA1AndRC2_128 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC2_128 + +Service.Cipher.PBEWithSHA1AndRC4_40 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC4_40 + +Service.Cipher.PBEWithSHA1AndRC4_128 = com.ibm.crypto.plus.provider.PBES1Core$PBEWithSHA1AndRC4_128 + +# ======================================================================= + # Key agreement + # ======================================================================= + # +KeyAgreement.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.KeyAgreement.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyAgreement + +Service.KeyAgreement.ECDH = com.ibm.crypto.plus.provider.ECDHKeyAgreement + +Service.KeyAgreement.XDH = com.ibm.crypto.plus.provider.XDHKeyAgreement$XDH + +KeyAgreement.X25519.alias.add = OID.1.3.101.110, 1.3.101.110 +Service.KeyAgreement.X25519 = com.ibm.crypto.plus.provider.XDHKeyAgreement$X25519 + +KeyAgreement.X448.alias.add = OID.1.3.101.111, 1.3.101.111 +Service.KeyAgreement.X448 = com.ibm.crypto.plus.provider.XDHKeyAgreement$X448 + +# ======================================================================= + # Key factories + # ======================================================================= + # +KeyFactory.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.KeyFactory.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyFactory + +KeyFactory.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12, DSAKeyFactory +Service.KeyFactory.DSA = com.ibm.crypto.plus.provider.DSAKeyFactory + +KeyFactory.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve +Service.KeyFactory.EC = com.ibm.crypto.plus.provider.ECKeyFactory + +Service.KeyFactory.XDH = com.ibm.crypto.plus.provider.XDHKeyFactory$XDH + +KeyFactory.X25519.alias.add = OID.1.3.101.110, 1.3.101.110 +Service.KeyFactory.X25519 = com.ibm.crypto.plus.provider.XDHKeyFactory$X25519 + +KeyFactory.X448.alias.add = OID.1.3.101.111, 1.3.101.111 +Service.KeyFactory.X448 = com.ibm.crypto.plus.provider.XDHKeyFactory$X448 + +KeyFactory.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1.1, 1.2.840.113549.1.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1 +Service.KeyFactory.RSA = com.ibm.crypto.plus.provider.RSAKeyFactory$Legacy + +KeyFactory.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10 +Service.KeyFactory.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyFactory$PSS + +# ======================================================================= + # Key Generator engines + # ======================================================================= + # +KeyGenerator.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1 +Service.KeyGenerator.AES = com.ibm.crypto.plus.provider.AESKeyGenerator + +KeyGenerator.DESede.alias.add = TripleDES, 3DES +Service.KeyGenerator.DESede = com.ibm.crypto.plus.provider.DESedeKeyGenerator + +KeyGenerator.HmacMD5.alias.add = HMACwithMD5 +Service.KeyGenerator.HmacMD5 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacMD5 + +KeyGenerator.HmacSHA1.alias.add = OID.1.2.840.113549.2.7, 1.2.840.113549.2.7, HMACwithSHA1, HMACwithSHA-1, HmacSHA-1 +Service.KeyGenerator.HmacSHA1 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA1 + +KeyGenerator.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224 +Service.KeyGenerator.HmacSHA224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA224 + +KeyGenerator.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256 +Service.KeyGenerator.HmacSHA256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA256 + +KeyGenerator.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384 +Service.KeyGenerator.HmacSHA384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA384 + +KeyGenerator.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512 +Service.KeyGenerator.HmacSHA512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA512 + +KeyGenerator.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224 +Service.KeyGenerator.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_224 + +KeyGenerator.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256 +Service.KeyGenerator.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_256 + +KeyGenerator.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384 +Service.KeyGenerator.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_384 + +KeyGenerator.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512 +Service.KeyGenerator.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_512 + +KeyGenerator.SunTlsPrf.alias.add = TlsPrf +Service.KeyGenerator.SunTlsPrf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V10 + +KeyGenerator.SunTls12Prf.alias.add = Tls12Prf +Service.KeyGenerator.SunTls12Prf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V12 + +KeyGenerator.SunTlsRsaPremasterSecret.alias.add = TlsRsaPremasterSecret +Service.KeyGenerator.SunTlsRsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator + +KeyGenerator.SunTls12RsaPremasterSecret.alias.add = Tls12RsaPremasterSecret +Service.KeyGenerator.SunTls12RsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator + +KeyGenerator.SunTlsMasterSecret.alias.add = TlsMasterSecret, TlsExtendedMasterSecret, SunTlsExtendedMasterSecret +Service.KeyGenerator.SunTlsMasterSecret = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator + +KeyGenerator.SunTlsKeyMaterial.alias.add = Tls12MasterSecret +Service.KeyGenerator.SunTlsKeyMaterial = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator + +KeyGenerator.SunTls12MasterSecret.alias.add = TlsKeyMaterial +Service.KeyGenerator.SunTls12MasterSecret = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator + +KeyGenerator.SunTls12KeyMaterial.alias.add = Tls12KeyMaterial +Service.KeyGenerator.SunTls12KeyMaterial = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator + +# Used for both ChaCha20 and ChaCha20-Poly1305 ciphers +Service.KeyGenerator.ChaCha20 = com.ibm.crypto.plus.provider.ChaCha20KeyGenerator + +# ======================================================================= + # Keypair Generator engines + # ======================================================================= + # +KeyPairGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.KeyPairGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyPairGenerator + +KeyPairGenerator.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12 +Service.KeyPairGenerator.DSA = com.ibm.crypto.plus.provider.DSAKeyPairGenerator + +KeyPairGenerator.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve +Service.KeyPairGenerator.EC = com.ibm.crypto.plus.provider.ECKeyPairGenerator + +Service.KeyPairGenerator.XDH = com.ibm.crypto.plus.provider.XDHKeyPairGenerator$XDH + +KeyPairGenerator.X25519.alias.add = OID.1.3.101.110, 1.3.101.110 +Service.KeyPairGenerator.X25519 = com.ibm.crypto.plus.provider.XDHKeyPairGenerator$X25519 + +KeyPairGenerator.X448.alias.add = OID.1.3.101.111, 1.3.101.111 +Service.KeyPairGenerator.X448 = com.ibm.crypto.plus.provider.XDHKeyPairGenerator$X448 + +KeyPairGenerator.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1 +Service.KeyPairGenerator.RSA = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$Legacy + +KeyPairGenerator.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS +Service.KeyPairGenerator.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$PSS + +# ======================================================================= + # Message authentication engines + # ======================================================================= + # +MAC.HmacMD5.alias.add = HMACwithMD5 +Service.MAC.HmacMD5 = com.ibm.crypto.plus.provider.HmacCore$HmacMD5 + +MAC.HmacSHA1.alias.add = OID.1.2.840.113549.2.7, 1.2.840.113549.2.7, HMACwithSHA1, HMACwithSHA-1, HmacSHA-1 +Service.MAC.HmacSHA1 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA1 + +MAC.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224 +Service.MAC.HmacSHA224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA224 + +MAC.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256 +Service.MAC.HmacSHA256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA256 + +MAC.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384 +Service.MAC.HmacSHA384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA384 + +MAC.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512 +Service.MAC.HmacSHA512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA512 + +MAC.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224 +Service.MAC.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_224 + +MAC.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256 +Service.MAC.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_256 + +MAC.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384 +Service.MAC.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_384 + +MAC.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512 +Service.MAC.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_512 + +# ======================================================================= + # Key Derivation engines + # ======================================================================= + # +KeyGenerator.kda-hkdf-with-sha1.alias.add = kda-hkdf-with-sha-1 +Service.KeyGenerator.kda-hkdf-with-sha1 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA1 + +KeyGenerator.kda-hkdf-with-sha224.alias.add = kda-hkdf-with-sha-224 +Service.KeyGenerator.kda-hkdf-with-sha224 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA224 + +KeyGenerator.kda-hkdf-with-sha256.alias.add = kda-hkdf-with-sha-256 +Service.KeyGenerator.kda-hkdf-with-sha256 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA256 + +KeyGenerator.kda-hkdf-with-sha384.alias.add = kda-hkdf-with-sha-384 +Service.KeyGenerator.kda-hkdf-with-sha384 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA384 + +KeyGenerator.kda-hkdf-with-sha512.alias.add = kda-hkdf-with-sha-512 +Service.KeyGenerator.kda-hkdf-with-sha512 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA512 + +# ======================================================================= + # MessageDigest engines + # ======================================================================= + # +Service.MessageDigest.MD5 = com.ibm.crypto.plus.provider.MessageDigest$MD5 + +MessageDigest.SHA-1.alias.add = SHA, SHA1, OID.1.3.14.3.2.26, 1.3.14.3.2.26 +Service.MessageDigest.SHA-1 = com.ibm.crypto.plus.provider.MessageDigest$SHA1 + +MessageDigest.SHA-224.alias.add = OID.2.16.840.1.101.3.4.2.4, 2.16.840.1.101.3.4.2.4, SHA224 +Service.MessageDigest.SHA-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA224 + +MessageDigest.SHA-256.alias.add = OID.2.16.840.1.101.3.4.2.1, 2.16.840.1.101.3.4.2.1, SHA2, SHA-2, SHA256 +Service.MessageDigest.SHA-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA256 + +MessageDigest.SHA-384.alias.add = OID.2.16.840.1.101.3.4.2.2, 2.16.840.1.101.3.4.2.2, SHA3, SHA-3, SHA384 +Service.MessageDigest.SHA-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA384 + +MessageDigest.SHA-512.alias.add = OID.2.16.840.1.101.3.4.2.3, 2.16.840.1.101.3.4.2.3, SHA5, SHA-5, SHA512 +Service.MessageDigest.SHA-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA512 + +# SHA512-224 +MessageDigest.SHA-512/224.alias.add = SHA512/224, OID.2.16.840.1.101.3.4.2.5, 2.16.840.1.101.3.4.2.5 +Service.MessageDigest.SHA-512/224 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_224 + +# SHA512-256 +MessageDigest.SHA-512/256.alias.add = SHA512/256, OID.2.16.840.1.101.3.4.2.6, 2.16.840.1.101.3.4.2.6 +Service.MessageDigest.SHA-512/256 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_256 + +#SHA3 Hashes +MessageDigest.SHA3-224.alias.add = SHA3-224, OID.2.16.840.1.101.3.4.2.7, 2.16.840.1.101.3.4.2.7 +Service.MessageDigest.SHA3-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_224 + +MessageDigest.SHA3-256.alias.add = SHA3-256, OID.2.16.840.1.101.3.4.2.8, 2.16.840.1.101.3.4.2.8 +Service.MessageDigest.SHA3-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_256 + +MessageDigest.SHA3-384.alias.add = SHA3-384, OID.2.16.840.1.101.3.4.2.9, 2.16.840.1.101.3.4.2.9 +Service.MessageDigest.SHA3-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_384 + +MessageDigest.SHA3-512.alias.add = SHA3-512, OID.2.16.840.1.101.3.4.2.10, 2.16.840.1.101.3.4.2.10 +Service.MessageDigest.SHA3-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_512 + +# ======================================================================= + # Secret key factories + # ======================================================================= + # +SecretKeyFactory.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1 +Service.SecretKeyFactory.AES = com.ibm.crypto.plus.provider.AESKeyFactory + +Service.SecretKeyFactory.PBKDF2WithHmacSHA1 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA1 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA224 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA224 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA256 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA256 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA384 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA384 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA512 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA512/224 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512_224 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA512/256 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512_256 + +SecretKeyFactory.DESede.alias.add = TripleDES, 3DES +Service.SecretKeyFactory.DESede = com.ibm.crypto.plus.provider.DESedeKeyFactory + +Service.SecretKeyFactory.ChaCha20 = com.ibm.crypto.plus.provider.ChaCha20KeyFactory + +Service.SecretKeyFactory.PBEWithHmacSHA1AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128 + +Service.SecretKeyFactory.PBEWithHmacSHA1AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256 + +Service.SecretKeyFactory.PBEWithHmacSHA224AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128 + +Service.SecretKeyFactory.PBEWithHmacSHA224AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256 + +Service.SecretKeyFactory.PBEWithHmacSHA256AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128 + +Service.SecretKeyFactory.PBEWithHmacSHA256AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256 + +Service.SecretKeyFactory.PBEWithHmacSHA384AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128 + +Service.SecretKeyFactory.PBEWithHmacSHA384AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256 + +Service.SecretKeyFactory.PBEWithHmacSHA512AndAES_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128 + +Service.SecretKeyFactory.PBEWithHmacSHA512AndAES_256 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256 + +Service.SecretKeyFactory.PBEWithSHA1AndDESede = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndDESede + +Service.SecretKeyFactory.PBEWithSHA1AndRC2_40 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40 + +Service.SecretKeyFactory.PBEWithSHA1AndRC2_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128 + +Service.SecretKeyFactory.PBEWithSHA1AndRC4_40 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40 + +Service.SecretKeyFactory.PBEWithSHA1AndRC4_128 = com.ibm.crypto.plus.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128 + +# ======================================================================= + # SecureRandom + # ======================================================================= + # +SecureRandom.SHA256DRBG.alias.add = HASHDRBG, SHA2DRBG +SecureRandom.SHA256DRBG.attr.add.ThreadSafe = true +Service.SecureRandom.SHA256DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA256DRBG + +SecureRandom.SHA512DRBG.alias.add = SHA5DRBG +SecureRandom.SHA512DRBG.attr.add.ThreadSafe = true +Service.SecureRandom.SHA512DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA512DRBG + +# ======================================================================= + # Signature engines + # ======================================================================= + # +Signature.NONEwithDSA.alias.add = DSAforSSL +Service.Signature.NONEwithDSA = com.ibm.crypto.plus.provider.DSASignatureNONE + +Service.Signature.NONEwithRSA = com.ibm.crypto.plus.provider.RSASignatureNONE + +Service.Signature.RSAforSSL = com.ibm.crypto.plus.provider.RSASignatureSSL + +Signature.NONEwithECDSA.alias.add = ECDSAforSSL +Service.Signature.NONEwithECDSA = com.ibm.crypto.plus.provider.DatawithECDSA + +Signature.SHA1withDSA.alias.add = DSA, OID.1.2.840.10040.4.3, 1.2.840.10040.4.3, OID.1.3.14.3.2.13, 1.3.14.3.2.13, OID.1.3.14.3.2.27, 1.3.14.3.2.27, SHA-1withDSA, SHA-1/DSA, SHA1/DSA, SHA/DSA, DSS, SHAwithDSA, DSAWithSHA1 +Service.Signature.SHA1withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA1withDSA + +Signature.SHA224withDSA.alias.add = OID.2.16.840.1.101.3.4.3.1, 2.16.840.1.101.3.4.3.1, SHA-224withDSA, SHA224/DSA, SHA-224/DSA +Service.Signature.SHA224withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA224withDSA + +Signature.SHA256withDSA.alias.add = OID.2.16.840.1.101.3.4.3.2, 2.16.840.1.101.3.4.3.2, SHA2withDSA, SHA-2withDSA, SHA-256withDSA, SHA2/DSA, SHA-2/DSA, SHA-256/DSA +Service.Signature.SHA256withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA256withDSA + +Signature.SHA3-224withDSA.alias.add = OID.2.16.840.1.101.3.4.3.5, 2.16.840.1.101.3.4.3.5, SHA3-224withDSA, SHA3-224/DSA +Service.Signature.SHA3-224withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_224withDSA + +Signature.SHA3-256withDSA.alias.add = OID.2.16.840.1.101.3.4.3.6, 2.16.840.1.101.3.4.3.6, SHA3-256withDSA, SHA3-256/DSA +Service.Signature.SHA3-256withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_256withDSA + +Signature.SHA3-384withDSA.alias.add = OID.2.16.840.1.101.3.4.3.7, 2.16.840.1.101.3.4.3.7, SHA3-384withDSA, SHA3-384/DSA +Service.Signature.SHA3-384withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_384withDSA + +Signature.SHA3-512withDSA.alias.add = OID.2.16.840.1.101.3.4.3.8, 2.16.840.1.101.3.4.3.8, SHA3-512withDSA, SHA3-512/DSA +Service.Signature.SHA3-512withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA3_512withDSA + +Signature.SHA1withECDSA.alias.add = OID.1.2.840.10045.4.1, 1.2.840.10045.4.1, SHAwithECDSA, SHA-1withECDSA, SHA/ECDSA, SHA-1/ECDSA +Service.Signature.SHA1withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA1withECDSA + +Signature.SHA224withECDSA.alias.add = OID.1.2.840.10045.4.3.1, 1.2.840.10045.4.3.1, SHA224/ECDSA, SHA-224/ECDSA +Service.Signature.SHA224withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA224withECDSA + +Signature.SHA256withECDSA.alias.add = OID.1.2.840.10045.4.3.2, 1.2.840.10045.4.3.2, SHA2withECDSA, SHA2/ECDSA, SHA-256/ECDSA +Service.Signature.SHA256withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA256withECDSA + +Signature.SHA384withECDSA.alias.add = OID.1.2.840.10045.4.3.3, 1.2.840.10045.4.3.3, SHA3withECDSA, SHA3/ECDSA, SHA-384/ECDSA +Service.Signature.SHA384withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA384withECDSA + +Signature.SHA512withECDSA.alias.add = OID.1.2.840.10045.4.3.4, 1.2.840.10045.4.3.4, SHA5withECDSA, SHA5/ECDSA, SHA-512/ECDSA +Service.Signature.SHA512withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA512withECDSA + +Signature.SHA3-224withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.9, 2.16.840.1.101.3.4.3.9, SHA3-224withECDSA, SHA3-224/ECDSA +Service.Signature.SHA3-224withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_224withECDSA + +Signature.SHA3-256withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.10, 2.16.840.1.101.3.4.3.10, SHA3-256withECDSA, SHA3-256/ECDSA +Service.Signature.SHA3-256withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_256withECDSA + +Signature.SHA3-384withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.11, 2.16.840.1.101.3.4.3.11, SHA3-384withECDSA, SHA3-384/ECDSA +Service.Signature.SHA3-384withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_384withECDSA + +Signature.SHA3-512withECDSA.alias.add = OID.2.16.840.1.101.3.4.3.12, 2.16.840.1.101.3.4.3.12, SHA3-512withECDSA, SHA3-512/ECDSA +Service.Signature.SHA3-512withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA3_512withECDSA + +Signature.SHA1withRSA.alias.add = OID.1.2.840.113549.1.1.5, 1.2.840.113549.1.1.5, OID.1.3.14.3.2.29, 1.3.14.3.2.29, OID.1.3.14.3.2.26, 1.3.14.3.2.26, SHA-1withRSA, SHAwithRSA, SHA-1/RSA, SHA1/RSA, SHA/RSA, RSA +Service.Signature.SHA1withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA1withRSA + +Signature.SHA224withRSA.alias.add = OID.1.2.840.113549.1.1.14, 1.2.840.113549.1.1.14, SHA-224/RSA, SHA224/RSA +Service.Signature.SHA224withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA224withRSA + +Signature.SHA256withRSA.alias.add = OID.1.2.840.113549.1.1.11, 1.2.840.113549.1.1.11, SHA-256/RSA, SHA2withRSA, SHA2/RSA +Service.Signature.SHA256withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA256withRSA + +Signature.SHA384withRSA.alias.add = OID.1.2.840.113549.1.1.12, 1.2.840.113549.1.1.12, SHA-384/RSA, SHA3withRSA, SHA3/RSA +Service.Signature.SHA384withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA384withRSA + +Signature.SHA512withRSA.alias.add = OID.1.2.840.113549.1.1.13, 1.2.840.113549.1.1.13, SHA-512/RSA, SHA5withRSA, SHA5/RSA +Service.Signature.SHA512withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA512withRSA + +Signature.SHA3-224withRSA.alias.add = OID.2.16.840.1.101.3.4.3.13, 2.16.840.1.101.3.4.3.13, SHA3-224/RSA, SHA3-224withRSA +Service.Signature.SHA3-224withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_224withRSA + +Signature.SHA3-256withRSA.alias.add = OID.2.16.840.1.101.3.4.3.14, 2.16.840.1.101.3.4.3.14, SHA3-256/RSA, SHA3-256withRSA +Service.Signature.SHA3-256withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_256withRSA + +Signature.SHA3-384withRSA.alias.add = OID.2.16.840.1.101.3.4.3.15, 2.16.840.1.101.3.4.3.15, SHA3-384/RSA, SHA3-384withRSA +Service.Signature.SHA3-384withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_384withRSA + +Signature.SHA3-512withRSA.alias.add = OID.2.16.840.1.101.3.4.3.16, 2.16.840.1.101.3.4.3.16, SHA3-512/RSA, SHA3-512withRSA +Service.Signature.SHA3-512withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA3_512withRSA + +Signature.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10 +Service.Signature.RSAPSS = com.ibm.crypto.plus.provider.RSAPSSSignature diff --git a/src/test/ProviderFIPSDefAttrs.config b/src/test/ProviderFIPSDefAttrs.config new file mode 100644 index 000000000..4c2043d62 --- /dev/null +++ b/src/test/ProviderFIPSDefAttrs.config @@ -0,0 +1,356 @@ +# +# Copyright IBM Corp. 2026 +# +# This code is free software; you can redistribute it and/or modify it +# under the terms provided by IBM in the LICENSE file that accompanied +# this code, including the "Classpath" Exception described therein. + + +name = test-fips + +description = OpenJCEPlusFIPS-test Provider + + +Service.AlgorithmParameters.AES = com.ibm.crypto.plus.provider.AESParameters + +AlgorithmParameters.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.AlgorithmParameters.DiffieHellman = com.ibm.crypto.plus.provider.DHParameters + +AlgorithmParameters.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12 +Service.AlgorithmParameters.DSA = com.ibm.crypto.plus.provider.DSAParameters + +AlgorithmParameters.EC.alias.add = EllipticCurve, OID.1.2.840.10045.2.1, 1.2.840.10045.2.1 +Service.AlgorithmParameters.EC = com.ibm.crypto.plus.provider.ECParameters + +AlgorithmParameters.GCM.alias.add = AESGCM +Service.AlgorithmParameters.GCM = com.ibm.crypto.plus.provider.GCMParameters + +AlgorithmParameters.CCM.alias.add = AESCCM +Service.AlgorithmParameters.CCM = com.ibm.crypto.plus.provider.CCMParameters + +Service.AlgorithmParameters.OAEP = com.ibm.crypto.plus.provider.OAEPParameters + +# ChaCha20 and ChaCha20-Poly1305 not supported in FIPS mode + +# ======================================================================= + # Algorithm parameter generation engines + # ======================================================================= + # +AlgorithmParameterGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.AlgorithmParameterGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHParameterGenerator + +AlgorithmParameters.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS +Service.AlgorithmParameters.RSAPSS = com.ibm.crypto.plus.provider.PSSParameters + +Service.AlgorithmParameterGenerator.EC = com.ibm.crypto.plus.provider.ECParameterGenerator + +AlgorithmParameterGenerator.GCM.alias.add = AESGCM +Service.AlgorithmParameterGenerator.GCM = com.ibm.crypto.plus.provider.GCMParameterGenerator + +AlgorithmParameterGenerator.CCM.alias.add = AESCCM +Service.AlgorithmParameterGenerator.CCM = com.ibm.crypto.plus.provider.CCMParameterGenerator + +# ======================================================================= + # Cipher engines + # ======================================================================= + # +Service.Cipher.AES/GCM/NoPadding = com.ibm.crypto.plus.provider.AESGCMCipher + +Service.Cipher.AES/CCM/NoPadding = com.ibm.crypto.plus.provider.AESCCMCipher + +Service.Cipher.AES = com.ibm.crypto.plus.provider.AESCipher + +Cipher.RSA.attr.add.SupportedPaddings = OAEPPADDING|OAEPWITHSHA224ANDMGF1PADDING|OAEPWITHSHA-224ANDMGF1PADDING|OAEPWITHSHA256ANDMGF1PADDING|OAEPWITHSHA-256ANDMGF1PADDING|OAEPWITHSHA384ANDMGF1PADDING|OAEPWITHSHA-384ANDMGF1PADDING|OAEPWITHSHA512ANDMGF1PADDING|OAEPWITHSHA-512ANDMGF1PADDING|OAEPWITHSHA-512/224ANDMGF1PADDING|OAEPWITHSHA-512/256ANDMGF1PADDING +Cipher.RSA.attr.add.SupportedModes = ECB +Cipher.RSA.attr.add.SupportedKeyClasses = java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey +Service.Cipher.RSA = com.ibm.crypto.plus.provider.RSA + +Cipher.AES/KW/NoPadding.alias.add = AESWrap +Service.Cipher.AES/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW + +Cipher.AES/KWP/NoPadding.alias.add = AESWrapPad +Service.Cipher.AES/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP + +Cipher.AES_128/KW/NoPadding.alias.add = AESWrap_128, 2.16.840.1.101.3.4.1.5, OID.2.16.840.1.101.3.4.1.5 +Service.Cipher.AES_128/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_128 + +Cipher.AES_128/KWP/NoPadding.alias.add = AESWrapPad_128, 2.16.840.1.101.3.4.1.8, OID.2.16.840.1.101.3.4.1.8 +Service.Cipher.AES_128/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_128 + +Cipher.AES_192/KW/NoPadding.alias.add = AESWrap_192, 2.16.840.1.101.3.4.1.25, OID.2.16.840.1.101.3.4.1.25 +Service.Cipher.AES_192/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_192 + +Cipher.AES_192/KWP/NoPadding.alias.add = AESWrapPad_192, 2.16.840.1.101.3.4.1.28, OID.2.16.840.1.101.3.4.1.28 +Service.Cipher.AES_192/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_192 + +Cipher.AES_256/KW/NoPadding.alias.add = AESWrap_256, 2.16.840.1.101.3.4.1.45, OID.2.16.840.1.101.3.4.1.45 +Service.Cipher.AES_256/KW/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KW_256 + +Cipher.AES_256/KWP/NoPadding.alias.add = AESWrapPad_256, 2.16.840.1.101.3.4.1.48, OID.2.16.840.1.101.3.4.1.48 +Service.Cipher.AES_256/KWP/NoPadding = com.ibm.crypto.plus.provider.AESKeyWrapCipher$KWP_256 + +# ======================================================================= + # Key agreement + # ======================================================================= + # +KeyAgreement.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.KeyAgreement.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyAgreement + +Service.KeyAgreement.ECDH = com.ibm.crypto.plus.provider.ECDHKeyAgreement + +# ======================================================================= + # Key factories + # ======================================================================= + # +KeyFactory.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.KeyFactory.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyFactory + +KeyFactory.DSA.alias.add = OID.1.2.840.10040.4.1, 1.2.840.10040.4.1, OID.1.3.14.3.2.12, 1.3.14.3.2.12, DSAKeyFactory +Service.KeyFactory.DSA = com.ibm.crypto.plus.provider.DSAKeyFactory + +KeyFactory.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve +Service.KeyFactory.EC = com.ibm.crypto.plus.provider.ECKeyFactory + +KeyFactory.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1.1, 1.2.840.113549.1.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1 +Service.KeyFactory.RSA = com.ibm.crypto.plus.provider.RSAKeyFactory$Legacy + +KeyFactory.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10 +Service.KeyFactory.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyFactory$PSS + +# ======================================================================= + # Key Generator engines + # ======================================================================= + # +KeyGenerator.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1 +Service.KeyGenerator.AES = com.ibm.crypto.plus.provider.AESKeyGenerator + +KeyGenerator.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224 +Service.KeyGenerator.HmacSHA224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA224 + +KeyGenerator.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256 +Service.KeyGenerator.HmacSHA256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA256 + +KeyGenerator.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384 +Service.KeyGenerator.HmacSHA384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA384 + +KeyGenerator.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512 +Service.KeyGenerator.HmacSHA512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA512 + +KeyGenerator.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224 +Service.KeyGenerator.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_224 + +KeyGenerator.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256 +Service.KeyGenerator.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_256 + +KeyGenerator.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384 +Service.KeyGenerator.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_384 + +KeyGenerator.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512 +Service.KeyGenerator.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacKeyGenerator$HmacSHA3_512 + +KeyGenerator.SunTlsPrf.alias.add = TlsPrf +Service.KeyGenerator.SunTlsPrf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V10 + +KeyGenerator.SunTls12Prf.alias.add = Tls12Prf +Service.KeyGenerator.SunTls12Prf = com.ibm.crypto.plus.provider.TlsPrfGenerator$V12 + +KeyGenerator.SunTlsRsaPremasterSecret.alias.add = TlsRsaPremasterSecret +Service.KeyGenerator.SunTlsRsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator + +KeyGenerator.SunTls12RsaPremasterSecret.alias.add = Tls12RsaPremasterSecret +Service.KeyGenerator.SunTls12RsaPremasterSecret = com.ibm.crypto.plus.provider.TlsRsaPremasterSecretGenerator + +KeyGenerator.SunTlsMasterSecret.alias.add = TlsMasterSecret, TlsExtendedMasterSecret, SunTlsExtendedMasterSecret +Service.KeyGenerator.SunTlsMasterSecret = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator + +KeyGenerator.SunTls12MasterSecret.alias.add = Tls12MasterSecret +Service.KeyGenerator.SunTls12MasterSecret = com.ibm.crypto.plus.provider.TlsMasterSecretGenerator + +KeyGenerator.SunTlsKeyMaterial.alias.add = TlsKeyMaterial +Service.KeyGenerator.SunTlsKeyMaterial = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator + +KeyGenerator.SunTls12KeyMaterial.alias.add = Tls12KeyMaterial +Service.KeyGenerator.SunTls12KeyMaterial = com.ibm.crypto.plus.provider.TlsKeyMaterialGenerator + +# Not supported in FIPS mode yet - Used for both ChaCha20 and ChaCha20-Poly1305 ciphers + +# ======================================================================= + # Keypair Generator engines + # ======================================================================= + # +KeyPairGenerator.DiffieHellman.alias.add = DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1 +Service.KeyPairGenerator.DiffieHellman = com.ibm.crypto.plus.provider.DHKeyPairGenerator + +KeyPairGenerator.EC.alias.add = OID.1.2.840.10045.2.1, 1.2.840.10045.2.1, EllipticCurve +Service.KeyPairGenerator.EC = com.ibm.crypto.plus.provider.ECKeyPairGenerator + +KeyPairGenerator.RSA.alias.add = OID.1.2.5.8.1.1, 1.2.5.8.1.1, OID.1.2.840.113549.1.1, 1.2.840.113549.1.1 +Service.KeyPairGenerator.RSA = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$Legacy + +KeyPairGenerator.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS +Service.KeyPairGenerator.RSAPSS = com.ibm.crypto.plus.provider.RSAKeyPairGenerator$PSS + +# ======================================================================= + # Message authentication engines + # ======================================================================= + # +MAC.HmacSHA224.alias.add = OID.1.2.840.113549.2.8, 1.2.840.113549.2.8, HMACwithSHA224, HMACwithSHA-224, HmacSHA-224 +Service.MAC.HmacSHA224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA224 + +MAC.HmacSHA256.alias.add = OID.1.2.840.113549.2.9, 1.2.840.113549.2.9, HMACwithSHA256, HMACwithSHA-256, HmacSHA-256 +Service.MAC.HmacSHA256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA256 + +MAC.HmacSHA384.alias.add = OID.1.2.840.113549.2.10, 1.2.840.113549.2.10, HMACwithSHA384, HMACwithSHA-384, HmacSHA-384 +Service.MAC.HmacSHA384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA384 + +MAC.HmacSHA512.alias.add = OID.1.2.840.113549.2.11, 1.2.840.113549.2.11, HMACwithSHA512, HMACwithSHA-512, HmacSHA-512 +Service.MAC.HmacSHA512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA512 + +MAC.HmacSHA3-224.alias.add = OID.2.16.840.1.101.3.4.2.13, 2.16.840.1.101.3.4.2.13, HMACwithSHA3-224, HmacSHA3-224 +Service.MAC.HmacSHA3-224 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_224 + +MAC.HmacSHA3-256.alias.add = OID.2.16.840.1.101.3.4.2.14, 2.16.840.1.101.3.4.2.14, HMACwithSHA3-256, HmacSHA3-256 +Service.MAC.HmacSHA3-256 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_256 + +MAC.HmacSHA3-384.alias.add = OID.2.16.840.1.101.3.4.2.15, 2.16.840.1.101.3.4.2.15, HMACwithSHA3-384, HmacSHA3-384 +Service.MAC.HmacSHA3-384 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_384 + +MAC.HmacSHA3-512.alias.add = OID.2.16.840.1.101.3.4.2.16, 2.16.840.1.101.3.4.2.16, HMACwithSHA3-512, HmacSHA3-512 +Service.MAC.HmacSHA3-512 = com.ibm.crypto.plus.provider.HmacCore$HmacSHA3_512 + +# ======================================================================= + # Key Derivation engines + # ======================================================================= + # +KeyGenerator.kda-hkdf-with-sha224.alias.add = kda-hkdf-with-sha-224\n" +Service.KeyGenerator.kda-hkdf-with-sha224 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA224 + +KeyGenerator.kda-hkdf-with-sha256.alias.add = kda-hkdf-with-sha-256\n" +Service.KeyGenerator.kda-hkdf-with-sha256 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA256 + +KeyGenerator.kda-hkdf-with-sha384.alias.add = kda-hkdf-with-sha-384 +Service.KeyGenerator.kda-hkdf-with-sha384 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA384 + +KeyGenerator.kda-hkdf-with-sha512.alias.add = kda-hkdf-with-sha-512 +Service.KeyGenerator.kda-hkdf-with-sha512 = com.ibm.crypto.plus.provider.HKDFGenerator$HKDFwithSHA512 + +# ======================================================================= + # MessageDigest engines + # ======================================================================= + # +Service.MessageDigest.MD5 = com.ibm.crypto.plus.provider.MessageDigest$MD5 + +MessageDigest.SHA-1.alias.add = SHA, SHA1, OID.1.3.14.3.2.26, 1.3.14.3.2.26 +Service.MessageDigest.SHA-1 = com.ibm.crypto.plus.provider.MessageDigest$SHA1 + +MessageDigest.SHA-224.alias.add = OID.2.16.840.1.101.3.4.2.4, 2.16.840.1.101.3.4.2.4, SHA224 +Service.MessageDigest.SHA-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA224 + +MessageDigest.SHA-256.alias.add = OID.2.16.840.1.101.3.4.2.1, 2.16.840.1.101.3.4.2.1, SHA2, SHA-2, SHA256 +Service.MessageDigest.SHA-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA256 + +MessageDigest.SHA-384.alias.add = OID.2.16.840.1.101.3.4.2.2, 2.16.840.1.101.3.4.2.2, SHA3, SHA-3, SHA384 +Service.MessageDigest.SHA-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA384 + +MessageDigest.SHA-512.alias.add = OID.2.16.840.1.101.3.4.2.3, 2.16.840.1.101.3.4.2.3, SHA5, SHA-5, SHA512 +Service.MessageDigest.SHA-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA512 + +# SHA512-224 +MessageDigest.SHA-512/224.alias.add = SHA512/224, OID.2.16.840.1.101.3.4.2.5, 2.16.840.1.101.3.4.2.5 +Service.MessageDigest.SHA-512/224 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_224 + +# SHA512-256 +MessageDigest.SHA-512/256.alias.add = SHA512/256, OID.2.16.840.1.101.3.4.2.6, 2.16.840.1.101.3.4.2.6 +Service.MessageDigest.SHA-512/256 = com.ibm.crypto.plus.provider.MessageDigest$SHA512_256 + +#SHA3 Hashes +MessageDigest.SHA3-224.alias.add = SHA3-224, OID.2.16.840.1.101.3.4.2.7, 2.16.840.1.101.3.4.2.7 +Service.MessageDigest.SHA3-224 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_224 + +MessageDigest.SHA3-256.alias.add = SHA3-256, OID.2.16.840.1.101.3.4.2.8, 2.16.840.1.101.3.4.2.8 +Service.MessageDigest.SHA3-256 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_256 + +MessageDigest.SHA3-384.alias.add = SHA3-384, OID.2.16.840.1.101.3.4.2.9, 2.16.840.1.101.3.4.2.9 +Service.MessageDigest.SHA3-384 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_384 + +MessageDigest.SHA3-512.alias.add = SHA3-512, OID.2.16.840.1.101.3.4.2.10, 2.16.840.1.101.3.4.2.10 +Service.MessageDigest.SHA3-512 = com.ibm.crypto.plus.provider.MessageDigest$SHA3_512 + +# ======================================================================= + # Secret key factories + # ======================================================================= + # +SecretKeyFactory.AES.alias.add = 2.16.840.1.101.3.4.1, OID.2.16.840.1.101.3.4.1 +Service.SecretKeyFactory.AES = com.ibm.crypto.plus.provider.AESKeyFactory + +Service.SecretKeyFactory.PBKDF2WithHmacSHA224 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA224 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA256 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA256 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA384 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA384 + +Service.SecretKeyFactory.PBKDF2WithHmacSHA512 = com.ibm.crypto.plus.provider.PBKDF2Core$HmacSHA512 + +# Not yet supported in FIPS mode - ChaCha20 + +# ======================================================================= + # SecureRandom + # ======================================================================= + # +SecureRandom.SHA256DRBG.alias.add = HASHDRBG, SHA2DRBG +SecureRandom.SHA256DRBG.attr.add.ThreadSafe = true +Service.SecureRandom.SHA256DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA256DRBG + +SecureRandom.SHA512DRBG.alias.add = SHA5DRBG +SecureRandom.SHA512DRBG.attr.add.ThreadSafe = true +Service.SecureRandom.SHA512DRBG = com.ibm.crypto.plus.provider.HASHDRBG$SHA512DRBG + +# ======================================================================= + # Signature engines + # ======================================================================= + # +Signature.NONEwithDSA.alias.add = DSAforSSL +Service.Signature.NONEwithDSA = com.ibm.crypto.plus.provider.DSASignatureNONE + +Service.Signature.NONEwithRSA = com.ibm.crypto.plus.provider.RSASignatureNONE + +Service.Signature.RSAforSSL = com.ibm.crypto.plus.provider.RSASignatureSSL + +Signature.NONEwithECDSA.alias.add = ECDSAforSSL +Service.Signature.NONEwithECDSA = com.ibm.crypto.plus.provider.DatawithECDSA + +Signature.SHA224withDSA.alias.add = OID.2.16.840.1.101.3.4.3.1, 2.16.840.1.101.3.4.3.1, SHA-224withDSA, SHA224/DSA, SHA-224/DSA +Service.Signature.SHA224withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA224withDSA + +Signature.SHA256withDSA.alias.add = OID.2.16.840.1.101.3.4.3.2, 2.16.840.1.101.3.4.3.2, SHA2withDSA, SHA-2withDSA, SHA-256withDSA, SHA2/DSA, SHA-2/DSA, SHA-256/DSA +Service.Signature.SHA256withDSA = com.ibm.crypto.plus.provider.DSASignature$SHA256withDSA + +Signature.SHA224withECDSA.alias.add = OID.1.2.840.10045.4.3.1, 1.2.840.10045.4.3.1, SHA224/ECDSA, SHA-224/ECDSA +Service.Signature.SHA224withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA224withECDSA + +Signature.SHA256withECDSA.alias.add = OID.1.2.840.10045.4.3.2, 1.2.840.10045.4.3.2, SHA2withECDSA, SHA2/ECDSA, SHA-256/ECDSA +Service.Signature.SHA256withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA256withECDSA + +Signature.SHA384withECDSA.alias.add = OID.1.2.840.10045.4.3.3, 1.2.840.10045.4.3.3, SHA3withECDSA, SHA3/ECDSA, SHA-384/ECDSA +Service.Signature.SHA384withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA384withECDSA + +Signature.SHA512withECDSA.alias.add = OID.1.2.840.10045.4.3.4, 1.2.840.10045.4.3.4, SHA5withECDSA, SHA5/ECDSA, SHA-512/ECDSA +Service.Signature.SHA512withECDSA = com.ibm.crypto.plus.provider.ECDSASignature$SHA512withECDSA + +Signature.SHA1withRSA.alias.add = OID.1.2.840.113549.1.1.5, 1.2.840.113549.1.1.5, OID.1.3.14.3.2.29, 1.3.14.3.2.29, OID.1.3.14.3.2.26, 1.3.14.3.2.26, SHA-1withRSA, SHAwithRSA, SHA-1/RSA, SHA1/RSA, SHA/RSA, RSA +Service.Signature.SHA1withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA1withRSA + +Signature.SHA224withRSA.alias.add = OID.1.2.840.113549.1.1.14, 1.2.840.113549.1.1.14, SHA-224/RSA, SHA224/RSA +Service.Signature.SHA224withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA224withRSA + +Signature.SHA256withRSA.alias.add = OID.1.2.840.113549.1.1.11, 1.2.840.113549.1.1.11, SHA-256/RSA, SHA2withRSA, SHA2/RSA +Service.Signature.SHA256withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA256withRSA + +Signature.SHA384withRSA.alias.add = OID.1.2.840.113549.1.1.12, 1.2.840.113549.1.1.12, SHA-384/RSA, SHA3withRSA, SHA3/RSA +Service.Signature.SHA384withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA384withRSA + +Signature.SHA512withRSA.alias.add = OID.1.2.840.113549.1.1.13, 1.2.840.113549.1.1.13, SHA-512/RSA, SHA5withRSA, SHA5/RSA +Service.Signature.SHA512withRSA = com.ibm.crypto.plus.provider.RSASignature$SHA512withRSA + +Signature.RSAPSS.alias.add = RSA-PSS, RSASSA-PSS, RSASA-PSS, OID.1.2.840.113549.1.1.10, 1.2.840.113549.1.1.10 +Service.Signature.RSAPSS = com.ibm.crypto.plus.provider.RSAPSSSignature \ No newline at end of file diff --git a/src/test/java/ibm/jceplus/junit/tests/TestProviderServices.java b/src/test/java/ibm/jceplus/junit/tests/TestProviderServices.java new file mode 100644 index 000000000..f96c52fae --- /dev/null +++ b/src/test/java/ibm/jceplus/junit/tests/TestProviderServices.java @@ -0,0 +1,406 @@ +/* + * Copyright IBM Corp. 2025, 2025 + * + * This code is free software; you can redistribute it and/or modify it + * under the terms provided by IBM in the LICENSE file that accompanied + * this code, including the "Classpath" Exception described therein. + */ + +package ibm.jceplus.junit.tests; + +import com.ibm.crypto.plus.provider.OpenJCEPlus; +import com.ibm.crypto.plus.provider.ProviderServiceReader; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.StringReader; +import java.security.InvalidParameterException; +import java.security.Provider; +import java.security.Security; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.junit.jupiter.api.Tag; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.params.Parameter; +import org.junit.jupiter.params.ParameterizedClass; +import org.junit.jupiter.params.provider.MethodSource; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; + +@Tag(Tags.OPENJCEPLUS_NAME) +@Tag(Tags.OPENJCEPLUS_FIPS_NAME) +@Tag(Tags.OPENJCEPLUS_MULTITHREAD_NAME) +@Tag(Tags.OPENJCEPLUS_FIPS_MULTITHREAD_NAME) +@TestInstance(TestInstance.Lifecycle.PER_CLASS) +@ParameterizedClass +@MethodSource("ibm.jceplus.junit.tests.TestArguments#getEnabledProviders") +public class TestProviderServices extends BaseTest { + + @Parameter(0) + TestProvider provider; + + @Test + public void testDefaultsServices() throws Exception { + try { + System.out.println("Testing services for provider: "); + ProviderServiceReader reader = new ProviderServiceReader("./src/test/ProviderDefAttrs.config"); + reader.readServices(); + List services = reader.readServices(); + + System.out.println("Found " + services.size() + " service definitions: for " + reader.getName()); + System.out.println("Description: " + reader.getDesc()); + System.out.println(); + + // Group by type + List types = reader.getUniqueTypes(services); + for (String type : types) { + List typeServices = reader.filterByType(services, type); + System.out.println(type + " (" + typeServices.size() + " services):"); + for (ProviderServiceReader.ServiceDefinition service : typeServices) { + System.out.println(" - " + service.getAlgorithm() + + " -> " + service.getClassName()); + if (!service.getAliases().isEmpty()) { + System.out.println(" Aliases: " + service.getAliases()); + } else { + System.out.println(" Aliases: Empty"); + } + if (!service.getAttributes().isEmpty()) { + Map attributes = service.getAttributes(); + System.out.println(" Attributes: "); + for (Map.Entry en : attributes.entrySet()) { + System.out.println(" key - " + en.getKey()); + System.out.println(" value - " + en.getValue()); + } + } + } + System.out.println(); + } + + } catch (Exception e) { + System.err.println("Error reading file: " + e.getMessage()); + e.printStackTrace(); + } + + assertTrue(true); + } + + @Test + public void testDefServicesAddAlias() throws Exception { + + String config = "name = test\n" + + "description = OpenJCEPlus-test Provider\n" + + "default = true\n" + + "AlgorithmParameters.CCM.alias.add = TEST, JOHN"; + + Provider provider1 = new OpenJCEPlus(); + BufferedReader br = new BufferedReader(new StringReader(config)); + Provider provider2 = ((OpenJCEPlus) provider1).configure(br); + + List Alaises = getAliases(provider2, "AlgorithmParameters", "CCM"); + for (String alias : Alaises) { + System.out.println(alias); + } + List expected = Arrays.asList("AESCCM", "TEST", "JOHN"); + assertEquals(expected, Alaises); + + for (String alias : Alaises) { + System.out.println(alias); + } + } + + @Test + public void testDefServicesAddAliasNoAlias() throws Exception { + + String config = "name = test\n" + + "description = OpenJCEPlus-test Provider\n" + + "default = true\n" + + "AlgorithmParameters.CCM.alias.add ="; + + Provider provider1 = new OpenJCEPlus(); + BufferedReader br = new BufferedReader(new StringReader(config)); + Provider provider2 = ((OpenJCEPlus) provider1).configure(br); + + List Alaises = getAliases(provider2, "AlgorithmParameters", "CCM"); + List expected = Arrays.asList("AESCCM"); + assertEquals(expected, Alaises); + + for (String alias : Alaises) { + System.out.println(alias); + } + } + + @Test + public void testDefServicesDelAlias() throws Exception { + + String config = "name = test\n" + + "description = OpenJCEPlus-test Provider\n" + + "default = true\n" + + "AlgorithmParameters.CCM.alias.add = TEST, JOHN\n" + + "AlgorithmParameters.CCM.alias.delete = TEST"; + + Provider provider1 = new OpenJCEPlus(); + BufferedReader br = new BufferedReader(new StringReader(config)); + Provider provider2 = ((OpenJCEPlus) provider1).configure(br); + + List Alaises = getAliases(provider2, "AlgorithmParameters", "CCM"); + List expected = Arrays.asList("AESCCM", "JOHN"); + assertEquals(expected, Alaises); + + for (String alias : Alaises) { + System.out.println(alias); + } + } + + @Test + public void testDefServicesReplaceAlias() throws Exception { + + String config = "name = test\n" + + "description = OpenJCEPlus-test Provider\n" + + "default = true\n" + + "AlgorithmParameters.CCM.alias.replace = TEST, JOHN"; + + Provider provider1 = new OpenJCEPlus(); + BufferedReader br = new BufferedReader(new StringReader(config)); + Provider provider2 = ((OpenJCEPlus) provider1).configure(br); + + List Alaises = getAliases(provider2, "AlgorithmParameters", "CCM"); + List expected = Arrays.asList("TEST", "JOHN"); + assertEquals(expected, Alaises); + + for (String alias : Alaises) { + System.out.println(alias); + } + } + + @Test + public void testDefServicesAddAttribute() throws Exception { + + String config = "name = test\n" + + "description = OpenJCEPlus-test Provider\n" + + "default = true\n" + + "AlgorithmParameters.CCM.attr.add.TestAttr1 = TestValue1\n" + + "AlgorithmParameters.CCM.attr.add.TestAttr2 = TestValue2"; + + Provider provider1 = new OpenJCEPlus(); + BufferedReader br = new BufferedReader(new StringReader(config)); + Provider provider2 = ((OpenJCEPlus) provider1).configure(br); + + // Get the service + Provider.Service service = provider2.getService("AlgorithmParameters", "CCM"); + + // Verify the added attributes exist + String attr1 = service.getAttribute("TestAttr1"); + String attr2 = service.getAttribute("TestAttr2"); + + assertEquals("TestValue1", attr1, "TestAttr1 should have value TestValue1"); + assertEquals("TestValue2", attr2, "TestAttr2 should have value TestValue2"); + + System.out.println("TestAttr1: " + attr1); + System.out.println("TestAttr2: " + attr2); + } + + @Test + public void testDefServicesDelAttribute() throws Exception { + + String config = "name = test\n" + + "description = OpenJCEPlus-test Provider\n" + + "default = true\n" + + "AlgorithmParameters.CCM.attr.add.TestAttr1 = TestValue1\n" + + "AlgorithmParameters.CCM.attr.add.TestAttr2 = TestValue2\n" + + "AlgorithmParameters.CCM.attr.delete.TestAttr1 = "; + + Provider provider1 = new OpenJCEPlus(); + BufferedReader br = new BufferedReader(new StringReader(config)); + Provider provider2 = ((OpenJCEPlus) provider1).configure(br); + + // Get the service + Provider.Service service = provider2.getService("AlgorithmParameters", "CCM"); + + // Verify TestAttr1 was deleted and TestAttr2 still exists + String attr1 = service.getAttribute("TestAttr1"); + String attr2 = service.getAttribute("TestAttr2"); + + assertEquals(null, attr1, "TestAttr1 should be deleted (null)"); + assertEquals("TestValue2", attr2, "TestAttr2 should still have value TestValue2"); + + System.out.println("TestAttr1 (should be null): " + attr1); + System.out.println("TestAttr2: " + attr2); + } + + @Test + public void testCompareProviders() throws Exception { + String configNonFIPS = "./src/test/ProviderDefAttrs.config"; + String configFIPS = "./src/test/ProviderFIPSDefAttrs.config"; + String config = null; + Provider provider1 = null; + Provider provider2 = null; + + setAndInsertProvider(provider); + + Provider[] providers = Security.getProviders(); + for (Provider provider : providers) { + if (provider.getName().equals(getProviderName())) { + provider1 = provider; + } + } + + if (getProviderName().equalsIgnoreCase("OpenJCEPlus")) { + config = configNonFIPS; + provider2 = provider1.configure(config); + } else if (getProviderName().equalsIgnoreCase("OpenJCEPlusFIPS")) { + config = configFIPS; + provider2 = (new OpenJCEPlus()).configure(config); + } + + Set services1 = provider1.getServices(); + Set services2 = provider2.getServices(); + + //Check the number of entries in each provider they need to match + assertEquals(services1.size(), services2.size(), "Providers have different number of entries"); + + assertTrue(compareServices(services1, provider1, provider2), "Providers have different services"); + } + + @Test + public void testProviderServicesNameErrorTest() throws Exception { + String config = null; + BufferedReader rd = null; + boolean result = false; + + try { + //No Name in config + config = "description = OpenJCEPlus-test Provider\n" + + "default = true\n" + + "AlgorithmParameters.CCM.attr.add.TestAttr1 = TestValue1\n" + + "AlgorithmParameters.CCM.attr.add.TestAttr2 = TestValue2\n" + + "AlgorithmParameters.CCM.attr.delete.TestAttr1 = "; + rd = new BufferedReader(new StringReader(config)); + Provider provider1 = new OpenJCEPlus(); + ((OpenJCEPlus) provider1).configure(rd); + + } catch (InvalidParameterException ipe) { + System.out.println(ipe.getMessage()); + result = true; + } + + if (!result) { + fail("No Name was excepted"); + } + } + + @Test + public void testProviderServicesFIleErrorTest() throws Exception { + boolean result = false; + + try { + //File not found + ProviderServiceReader reader = new ProviderServiceReader("./src/test/ProviderDefAttrs.confg"); + reader.readServices(); + } catch (IOException ioe) { + System.out.println(ioe.getMessage()); + result = true; + } + + if (!result) { + fail("File was expected to not be found"); + } + } + + @Test + public void testProviderServicesFileNullErrorTest() throws Exception { + String config = null; + boolean result = false; + + try { + //File null + ProviderServiceReader reader = new ProviderServiceReader(config); + reader.readServices(); + } catch (IOException ioe) { + System.out.println(ioe.getMessage()); + result = true; + } + + if (!result) { + fail("File was expected to be null"); + } + } + + @Test + public void testProviderServicesBufferReaderNullErrorTest() throws Exception { + BufferedReader rd = null; + boolean result = false; + + try { + //bufferedreader null + ProviderServiceReader reader = new ProviderServiceReader(rd); + reader.readServices(); + } catch (IOException ioe) { + System.out.println(ioe.getMessage()); + result = true; + } + + if (!result) { + fail("BufferedReader was expected to be null"); + } + } + + /** + * Compares two service definitions and identifies differences. + */ + private boolean compareServices(Set s1, Provider pr1, Provider pr2) { + boolean result = true; + + for (Provider.Service service1 : s1) { + + Provider.Service service2 = pr2.getService(service1.getType(), service1.getAlgorithm()); + + if (service2 == null) { + result = false; + break; + } + + if (service1.getClassName().equals(service2.getClassName()) == false) { + result = false; + break; + } + + //compare aliases + List sortedList1 = new ArrayList<>(getAliases(pr1, service1.getType(), service1.getAlgorithm())); + List sortedList2 = new ArrayList<>(getAliases(pr2, service2.getType(), service2.getAlgorithm())); + + Collections.sort(sortedList1); + Collections.sort(sortedList2); + if (sortedList1.equals(sortedList2) == false) { + result = false; + break; + } + + //There is no way to compare Attributes. Since you can not get a list from the Provider object. + return result; + } + + return result; + } + + private List getAliases(Provider provider, String type, String algorithm) { + List aliases = new ArrayList<>(); + // Iterate through all provider properties + for (String key : provider.stringPropertyNames()) { + // Check for alias properties specific to the type and algorithm + if (key.startsWith("Alg.Alias." + type + ".")) { + String aliasAlgorithm = provider.getProperty(key); + if (algorithm.equals(aliasAlgorithm)) { + // Extract the alias name from the key + String aliasName = key.substring(("Alg.Alias." + type + ".").length()); + aliases.add(aliasName); + } + } + } + return aliases; + } +}