Skip to content

Commit 899a1ac

Browse files
author
Greg Meyer
authored
Merge pull request #8 from DirectProjectJavaRI/develop
Fixing HSM OAEP error.
2 parents 992ce66 + 781041d commit 899a1ac

3 files changed

Lines changed: 31 additions & 3 deletions

File tree

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<modelVersion>4.0.0</modelVersion>
55
<artifactId>agent</artifactId>
66
<name>Direct Project Security And Trust Agent</name>
7-
<version>6.1-SNAPSHOT</version>
7+
<version>6.0.2</version>
88
<description>Direct Project Security And Trust Agent</description>
99
<inceptionYear>2010</inceptionYear>
1010
<url>https://github.com/DirectProjectJavaRI/agent</url>

src/main/java/org/nhindirect/stagent/cryptography/bc/DirectNamedJcaJceExtHelper.java

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44

55
import javax.crypto.SecretKey;
66

7+
import org.apache.commons.lang3.StringUtils;
8+
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
79
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
810
import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
911
import org.bouncycastle.operator.SymmetricKeyUnwrapper;
@@ -20,7 +22,19 @@ public DirectNamedJcaJceExtHelper(String providerName)
2022

2123
public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey)
2224
{
23-
return new DirectJceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(providerName);
25+
final JceAsymmetricKeyUnwrapper retVal = new DirectJceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey);
26+
retVal.setProvider(providerName);
27+
28+
/*
29+
* For a non-BC provider, we need to map the OAEP algorithm OID to a name. Many HSMs do not recognized the algorithm OID and explicitly
30+
* need the name. May need to get sophisticated in later versions to map names for specific HSMs.
31+
*/
32+
if (!StringUtils.isEmpty(providerName) && !providerName.equalsIgnoreCase("BC"))
33+
{
34+
retVal.setAlgorithmMapping(PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA/None/OAEPWithSHA1AndMGF1Padding");
35+
}
36+
37+
return retVal;
2438
}
2539

2640
public JceKTSKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey, byte[] partyUInfo, byte[] partyVInfo)

src/main/java/org/nhindirect/stagent/cryptography/bc/DirectProviderJcaJceExtHelper.java

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55

66
import javax.crypto.SecretKey;
77

8+
import org.apache.commons.lang3.StringUtils;
9+
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
810
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
911
import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
1012
import org.bouncycastle.operator.SymmetricKeyUnwrapper;
@@ -22,7 +24,19 @@ public DirectProviderJcaJceExtHelper(Provider provider)
2224

2325
public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey)
2426
{
25-
return new DirectJceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey).setProvider(provider);
27+
final JceAsymmetricKeyUnwrapper retVal = new DirectJceAsymmetricKeyUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey);
28+
retVal.setProvider(provider);
29+
30+
/*
31+
* For a non-BC provider, we need to map the OAEP algorithm OID to a name. Many HSMs do not recognized the algorithm OID and explicitly
32+
* need the name. May need to get sophisticated in later versions to map names for specific HSMs.
33+
*/
34+
if (provider != null && !StringUtils.isEmpty(provider.getName()) && !provider.getName().equalsIgnoreCase("BC"))
35+
{
36+
retVal.setAlgorithmMapping(PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA/None/OAEPWithSHA1AndMGF1Padding");
37+
}
38+
39+
return retVal;
2640
}
2741

2842
public JceKTSKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey, byte[] partyUInfo, byte[] partyVInfo)

0 commit comments

Comments
 (0)