src/cz/crcs/ectester/standalone/consts/KeyAgreementIdent.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

package cz.crcs.ectester.standalone.consts;

import javax.crypto.KeyAgreement;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.LinkedList;
import java.util.List;

/**
 * @author Jan Jancar johny@neuromancer.sk
 */
public class KeyAgreementIdent extends Ident {
    private boolean requiresKeyAlgo;

    private static final List<KeyAgreementIdent> ALL = new LinkedList<>();

    static {
        //https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html
        // Basic ECDH and ECDHC (plain/raw)
        ALL.add(new KeyAgreementIdent("ECDH"));
        ALL.add(new KeyAgreementIdent("ECDHC", "ECCDH"));
        // ECDH and ECDHC with SHA as KDF, OIDs from RFC 3278
        ALL.add(new KeyAgreementIdent("ECDHwithSHA1KDF", true, "1.3.133.16.840.63.0.2"));
        ALL.add(new KeyAgreementIdent("ECCDHwithSHA1KDF", true, "1.3.133.16.840.63.0.3"));
        ALL.add(new KeyAgreementIdent("ECDHwithSHA224KDF",true,  "1.3.132.1.11.0"));
        ALL.add(new KeyAgreementIdent("ECCDHwithSHA224KDF", true, "1.3.132.1.14.0"));
        ALL.add(new KeyAgreementIdent("ECDHwithSHA256KDF", true, "1.3.132.1.11.1"));
        ALL.add(new KeyAgreementIdent("ECCDHwithSHA256KDF", true, "1.3.132.1.14.1"));
        ALL.add(new KeyAgreementIdent("ECDHwithSHA384KDF", true, "1.3.132.1.11.2"));
        ALL.add(new KeyAgreementIdent("ECCDHwithSHA384KDF", true, "1.3.132.1.14.2"));
        ALL.add(new KeyAgreementIdent("ECDHwithSHA512KDF", true, "1.3.132.1.11.3"));
        ALL.add(new KeyAgreementIdent("ECCDHwithSHA512KDF", true, "1.3.132.1.14.3"));
        // Microsoft specific KDF
        ALL.add(new KeyAgreementIdent("ECDHwithSHA1KDF(CNG)"));
        ALL.add(new KeyAgreementIdent("ECDHwithSHA256KDF(CNG)"));
        ALL.add(new KeyAgreementIdent("ECDHwithSHA384KDF(CNG)"));
        ALL.add(new KeyAgreementIdent("ECDHwithSHA512KDF(CNG)"));
        // CKDF requires custom AlgorithmParameterSpec (only BouncyCastle)
        //ALL.add(new KeyAgreementIdent("ECDHwithSHA1CKDF", true));
        //ALL.add(new KeyAgreementIdent("ECCDHwithSHA1CKDF", true));
        //ALL.add(new KeyAgreementIdent("ECDHwithSHA256CKDF", true));
        //ALL.add(new KeyAgreementIdent("ECCDHwithSHA256CKDF", true));
        //ALL.add(new KeyAgreementIdent("ECDHwithSHA384CKDF", true));
        //ALL.add(new KeyAgreementIdent("ECCDHwithSHA384CKDF", true));
        //ALL.add(new KeyAgreementIdent("ECDHwithSHA512CKDF", true));
        //ALL.add(new KeyAgreementIdent("ECCDHwithSHA512CKDF", true));
        // ECMQV - Disable for now as it needs diferent params(too different from DH)
        //ALL.add(new KeyAgreementIdent("ECMQV"));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA1KDF", true));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA224KDF", true));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA256KDF", true));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA354KDF", true));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA512KDF", true));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA1CKDF", true, "1.3.133.16.840.63.0.16"));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA224CKDF", true, "1.3.132.1.15.0"));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA256CKDF", true, "1.3.132.1.15.1"));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA384CKDF", true, "1.3.132.1.15.2"));
        //ALL.add(new KeyAgreementIdent("ECMQVwithSHA512CKDF", true, "1.3.132.1.15.3"));
        // ECVKO - Disable for now as it needs diferent params(too different from DH)
        //ALL.add(new KeyAgreementIdent("ECVKO", "ECGOST3410", "1.2.643.2.2.19", "GOST-3410-2001", "1.2.643.2.2.96"));
        //ALL.add(new KeyAgreementIdent("ECVKO256", "ECGOST3410-2012-256", "1.2.643.7.1.1.6.1", "1.2.643.7.1.1.1.1"));
        //ALL.add(new KeyAgreementIdent("ECVKO512", "ECGOST3410-2012-512", "1.2.643.7.1.1.6.2", "1.2.643.7.1.1.1.2"));
    }

    public static KeyAgreementIdent get(String ident) {
        for (KeyAgreementIdent ka : ALL) {
            if (ka.getIdents().contains(ident)) {
                return ka;
            }
        }
        return null;
    }

    private KeyAgreementIdent(String name, String... aliases) {
        super(name, aliases);
    }

    private KeyAgreementIdent(String name, boolean requiresKeyAlgo, String... aliases) {
        this(name, aliases);
        this.requiresKeyAlgo = requiresKeyAlgo;
    }

    public boolean requiresKeyAlgo() {
        return requiresKeyAlgo;
    }

    public KeyAgreement getInstance(Provider provider) throws NoSuchAlgorithmException {
        KeyAgreement instance = getInstance((algorithm, provider1) -> {
            try {
                return KeyAgreement.getInstance(algorithm, provider1);
            } catch (NoSuchAlgorithmException e) {
                return null;
            }
        }, provider);
        instance.getProvider();
        return instance;
    }
}