Add Support to Select native Crypto Provider

pom.xml

@@ -261,6 +261,7 @@
                       --add-opens=openjceplus/ibm.jceplus.junit.base=ALL-UNNAMED
                       --add-opens=openjceplus/ibm.jceplus.junit.tests=ALL-UNNAMED
                       --patch-module openjceplus="target${file.separator}classes${path.separator}target${file.separator}test-classes"
+                      -Djava.security.auth.debug=${java.security.debug}
                     </argLine>
                     <trimStackTrace>false</trimStackTrace>
                     <groups>${groups}</groups>

src/main/java/com/ibm/crypto/plus/provider/AESCipher.java

@@ -42,12 +42,19 @@ public final class AESCipher extends CipherSpi implements AESConstants {
     private boolean use_z_fast_command;
     private static int isHardwareSupport = 0;
     private SecureRandom cryptoRandom = null;
+    private String configAlgName = "AES";
 
     public AESCipher(OpenJCEPlusProvider provider) {
         buffer = new byte[engineGetBlockSize() * 3];
         this.provider = provider;
     }
 
+    public AESCipher(OpenJCEPlusProvider provider, String configAlgName) {
+        buffer = new byte[engineGetBlockSize() * 3];
+        this.provider = provider;
+        this.configAlgName = configAlgName;
+    }
+
     @Override
     protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
             throws IllegalBlockSizeException, BadPaddingException {
@@ -286,7 +293,7 @@ private void internalInit(int opmode, Key key, byte[] iv) throws InvalidKeyExcep
         try {
             if ((symmetricCipher == null) || (symmetricCipher.getKeyLength() != rawKey.length)) {
                 symmetricCipher = SymmetricCipher.getInstanceAES(mode,
-                        padding, rawKey.length, provider);
+                        padding, rawKey.length, provider, configAlgName);
                 // Check whether used algorithm is CBC and whether hardware supports is available
                 use_z_fast_command = symmetricCipher.getHardwareSupportStatus();
             }

src/main/java/com/ibm/crypto/plus/provider/AESKeyWrapCipher.java

@@ -40,6 +40,7 @@ abstract class AESKeyWrapCipher extends CipherSpi {
     private int bufSize = 0;
     private int opmode = 0;
     private boolean setPadding = false;
+    private String algName = null;
     static final byte[] ICV1 = {
         (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6,
         (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6
@@ -48,10 +49,12 @@ abstract class AESKeyWrapCipher extends CipherSpi {
         (byte) 0xA6, (byte) 0x59, (byte) 0x59, (byte) 0xA6
     };
 
-    public AESKeyWrapCipher(OpenJCEPlusProvider provider, boolean padding, int keySize) {
+    public AESKeyWrapCipher(OpenJCEPlusProvider provider, boolean padding, int keySize, String algNName) {
         this.provider = provider;
         this.setKeySize = keySize;
         this.setPadding = padding;
+        this.algName = algNName;
+
     }
 
     private void add2Buffer(byte[] data, int offSet, int len) {
@@ -257,7 +260,7 @@ private void internalInit(int opmode, Key key) throws InvalidKeyException {
         }
 
         try {
-            this.cipher = new AESKeyWrap(this.provider, rawKey, setPadding);
+            this.cipher = new AESKeyWrap(this.provider, rawKey, setPadding, algName);
         } catch (Exception e) {
             throw new InvalidKeyException("OCKC context null or bad key.", e);
         } 
@@ -360,56 +363,56 @@ private boolean checkKeySize(int keySize) {
     public static final class KW extends AESKeyWrapCipher {
 
         public KW(OpenJCEPlusProvider provider) {
-            super(provider, false, -1);
+            super(provider, false, -1, "AES/KW/NoPadding");
         }
     }
 
     public static final class KWP extends AESKeyWrapCipher {
 
         public KWP(OpenJCEPlusProvider provider) {
-            super(provider, true, -1);
+            super(provider, true, -1, "AES/KW/Padding");
         }
     }
 
     public static final class KW_128 extends AESKeyWrapCipher {
 
         public KW_128(OpenJCEPlusProvider provider) {
-            super(provider, false, 16);
+            super(provider, false, 16, "AES_128/KW/NoPadding");
         }
     }
 
     public static final class KWP_128 extends AESKeyWrapCipher {
 
         public KWP_128(OpenJCEPlusProvider provider) {
-            super(provider, true, 16);
+            super(provider, true, 16, "AES_128/KWP/NoPadding");
         }
     }
 
     public static final class KW_192 extends AESKeyWrapCipher {
 
         public KW_192(OpenJCEPlusProvider provider) {
-            super(provider, false, 24);
+            super(provider, false, 24, "AES_192/KW/NoPadding");
         }
     }
 
     public static final class KWP_192 extends AESKeyWrapCipher {
 
         public KWP_192(OpenJCEPlusProvider provider) {
-            super(provider, true, 24);
+            super(provider, true, 24, "AES_192/KWP/NoPadding");
         }
     }
 
     public static final class KW_256 extends AESKeyWrapCipher {
 
         public KW_256(OpenJCEPlusProvider provider) {
-            super(provider, false, 32);
+            super(provider, false, 32, "AES_256/KW/NoPadding");
         }
     }
 
     public static final class KWP_256 extends AESKeyWrapCipher {
 
         public KWP_256(OpenJCEPlusProvider provider) {
-            super(provider, true, 32);
+            super(provider, true, 32, "AES_256/KWP/NoPadding");
         }
     }
 }

src/main/java/com/ibm/crypto/plus/provider/DESedeCipher.java

@@ -37,11 +37,17 @@ public final class DESedeCipher extends LegacyCipher implements DESConstants {
     private boolean encrypting = true;
     private boolean initialized = false;
     private SecureRandom cryptoRandom = null;
+    private String configAlgName = "DESede";
 
     public DESedeCipher(OpenJCEPlusProvider provider) {
         this.provider = provider;
     }
 
+    public DESedeCipher(OpenJCEPlusProvider provider, String algName) {
+        this.provider = provider;
+        this.configAlgName = algName;
+    }
+
     @Override
     protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
             throws IllegalBlockSizeException, BadPaddingException {
@@ -223,7 +229,7 @@ private void internalInit(int opmode, Key key, byte[] iv) throws InvalidKeyExcep
         try {
             if (symmetricCipher == null) {
                 symmetricCipher = SymmetricCipher.getInstanceDESede(mode,
-                        padding, provider);
+                        padding, provider, configAlgName);
             }
 
             if (isEncrypt) {

src/main/java/com/ibm/crypto/plus/provider/DHKeyAgreement.java

@@ -9,10 +9,9 @@
 package com.ibm.crypto.plus.provider;
 
 import com.ibm.crypto.plus.provider.base.DHKey;
+import com.ibm.crypto.plus.provider.base.NativeCryptoSelector;
 import com.ibm.crypto.plus.provider.base.NativeException;
 import com.ibm.crypto.plus.provider.base.NativeInterface;
-import com.ibm.crypto.plus.provider.ock.NativeOCKAdapterFIPS;
-import com.ibm.crypto.plus.provider.ock.NativeOCKAdapterNonFIPS;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.InvalidAlgorithmParameterException;
@@ -55,7 +54,7 @@ private static boolean getValue() {
 
     public DHKeyAgreement(OpenJCEPlusProvider provider) {
         this.provider = provider;
-        this.nativeInterface = provider.isFIPS() ? NativeOCKAdapterFIPS.getInstance() : NativeOCKAdapterNonFIPS.getInstance();
+        this.nativeInterface = NativeCryptoSelector.selectBackend(provider, "KeyAgreement", "DiffieHellman");
     }
 
     @Override

src/main/java/com/ibm/crypto/plus/provider/DSASignature.java

@@ -28,7 +28,7 @@ abstract class DSASignature extends SignatureSpi {
     DSASignature(OpenJCEPlusProvider provider, String ockDigestAlgo) {
         try {
             this.provider = provider;
-            this.signature = Signature.getInstance(ockDigestAlgo, provider);
+            this.signature = Signature.getInstance(ockDigestAlgo, provider, ockDigestAlgo + "withDSA");
         } catch (Exception e) {
             throw provider.providerException("Failed to initialize DSA signature", e);
         }

src/main/java/com/ibm/crypto/plus/provider/ECDSASignature.java

@@ -33,7 +33,7 @@ abstract class ECDSASignature extends SignatureSpi {
     ECDSASignature(OpenJCEPlusProvider provider, String ockDigestAlgo) {
         try {
             this.provider = provider;
-            this.signature = Signature.getInstance(ockDigestAlgo, provider);
+            this.signature = Signature.getInstance(ockDigestAlgo, provider, ockDigestAlgo + "withECDSA");
         } catch (Exception e) {
             throw provider.providerException("Failed to initialize ECDSA signature", e);
         }

src/main/java/com/ibm/crypto/plus/provider/EdDSAKeyFactory.java

@@ -29,11 +29,13 @@ public class EdDSAKeyFactory extends KeyFactorySpi {
 
     private NamedParameterSpec params = null;
     private OpenJCEPlusProvider provider = null;
+    private String configAlgName = "EdDSA";
 
-    private EdDSAKeyFactory(OpenJCEPlusProvider provider, NamedParameterSpec paramSpec) {
+    private EdDSAKeyFactory(OpenJCEPlusProvider provider, NamedParameterSpec paramSpec, String algName) {
         super();
         this.params = paramSpec;
         this.provider = provider;
+        this.configAlgName = algName;
     }
 
     EdDSAKeyFactory(OpenJCEPlusProvider provider) {
@@ -56,7 +58,7 @@ protected Key engineTranslateKey(Key key) throws InvalidKeyException {
                 return key;
             } else {
                 try {
-                    return new EdDSAPublicKeyImpl(provider, params, publicKey.getPoint());
+                    return new EdDSAPublicKeyImpl(provider, params, publicKey.getPoint(), configAlgName);
                 } catch (InvalidAlgorithmParameterException iape) {
                     throw new InvalidKeyException(iape);
                 }
@@ -74,20 +76,20 @@ protected Key engineTranslateKey(Key key) throws InvalidKeyException {
                 privKey = (com.ibm.crypto.plus.provider.EdDSAPrivateKeyImpl) key;
             } else {
                 try {
-                    privKey = new EdDSAPrivateKeyImpl(provider, params, privateKeyBytes);
+                    privKey = new EdDSAPrivateKeyImpl(provider, params, privateKeyBytes, this.configAlgName);
                 } catch (InvalidAlgorithmParameterException iape) {
                     throw new InvalidKeyException(iape);
                 }
             }
             return privKey;
         } else if (key instanceof PublicKey && key.getFormat().equals("X.509")) {
-            EdDSAPublicKeyImpl result = new EdDSAPublicKeyImpl(provider, key.getEncoded());
+            EdDSAPublicKeyImpl result = new EdDSAPublicKeyImpl(provider, key.getEncoded(), configAlgName);
             checkLockedParams(result.getParams());
             return result;
         } else if (key instanceof PrivateKey && key.getFormat().equals("PKCS#8")) {
             byte[] encoded = key.getEncoded();
             try {
-                EdDSAPrivateKeyImpl result = new EdDSAPrivateKeyImpl(provider, encoded);
+                EdDSAPrivateKeyImpl result = new EdDSAPrivateKeyImpl(provider, encoded, this.configAlgName);
                 checkLockedParams(result.getParams());
                 return result;
             } catch (Exception e) {
@@ -132,15 +134,15 @@ private PublicKey generatePublicImpl(KeySpec keySpec)
 
         if (keySpec instanceof X509EncodedKeySpec) {
             X509EncodedKeySpec x509Spec = (X509EncodedKeySpec) keySpec;
-            EdDSAPublicKeyImpl result = new EdDSAPublicKeyImpl(provider, x509Spec.getEncoded());
+            EdDSAPublicKeyImpl result = new EdDSAPublicKeyImpl(provider, x509Spec.getEncoded(), this.configAlgName);
             checkLockedParams(result.getParams());
             return result;
         } else if (keySpec instanceof EdECPublicKeySpec) {
             EdECPublicKeySpec publicKeySpec = (EdECPublicKeySpec) keySpec;
             NamedParameterSpec params = publicKeySpec.getParams();
             checkLockedParams(params);
             try {
-                return new EdDSAPublicKeyImpl(provider, params, publicKeySpec.getPoint());
+                return new EdDSAPublicKeyImpl(provider, params, publicKeySpec.getPoint(), this.configAlgName);
             } catch (InvalidAlgorithmParameterException iape) {
                 throw new InvalidKeySpecException(iape);
             }
@@ -157,7 +159,7 @@ private PrivateKey generatePrivateImpl(KeySpec keySpec)
             PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec) keySpec;
             byte[] encoded = pkcsSpec.getEncoded();
             try {
-                EdDSAPrivateKeyImpl result = new EdDSAPrivateKeyImpl(provider, encoded);
+                EdDSAPrivateKeyImpl result = new EdDSAPrivateKeyImpl(provider, encoded, this.configAlgName);
                 checkLockedParams(result.getParams());
                 return result;
             } catch (Exception e) {
@@ -171,7 +173,7 @@ private PrivateKey generatePrivateImpl(KeySpec keySpec)
             checkLockedParams(params);
             byte[] bytes = privateKeySpec.getBytes();
             try {
-                return new EdDSAPrivateKeyImpl(provider, params, bytes);
+                return new EdDSAPrivateKeyImpl(provider, params, bytes, this.configAlgName);
             } catch (InvalidAlgorithmParameterException iape) {
                 throw new InvalidKeySpecException(iape);
             } finally {
@@ -243,14 +245,16 @@ protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
     public static final class Ed25519 extends EdDSAKeyFactory {
 
         public Ed25519(OpenJCEPlusProvider provider) {
-            super(provider, new NamedParameterSpec("Ed25519"));
+            super(provider, new NamedParameterSpec("Ed25519"), "Ed25519");
+
         }
     }
 
     public static final class Ed448 extends EdDSAKeyFactory {
 
         public Ed448(OpenJCEPlusProvider provider) {
-            super(provider, new NamedParameterSpec("Ed448"));
+            super(provider, new NamedParameterSpec("Ed448"), "Ed448");
+
         }
     }
 

src/main/java/com/ibm/crypto/plus/provider/EdDSAKeyPairGenerator.java

@@ -101,8 +101,15 @@ public void initialize(AlgorithmParameterSpec params)
     public KeyPair generateKeyPair() {
         try {
             int keySize = CurveUtil.getCurveSize(curve);
+
+            String configAlgName = this.alg;
+
+            if (configAlgName == null) {
+                configAlgName = "EdDSA";
+            }
+
             XECKey xecKey = XECKey.generateKeyPair(
-                    this.curve.ordinal(), keySize, provider);
+                    this.curve.ordinal(), keySize, provider, configAlgName);
             EdDSAPublicKeyImpl pubKey = new EdDSAPublicKeyImpl(provider, xecKey,
                     this.curve);
             EdDSAPrivateKeyImpl privKey = new EdDSAPrivateKeyImpl(provider, xecKey);

src/main/java/com/ibm/crypto/plus/provider/EdDSAPrivateKeyImpl.java

@@ -71,7 +71,7 @@ private void setFieldsFromXeckey() throws Exception {
     }
 
     EdDSAPrivateKeyImpl(OpenJCEPlusProvider provider,
-            NamedParameterSpec params, byte[] h)
+            NamedParameterSpec params, byte[] h, String configAlgName)
             throws InvalidAlgorithmParameterException, InvalidParameterException, InvalidKeyException {
 
         this.provider = provider;
@@ -95,13 +95,13 @@ private void setFieldsFromXeckey() throws Exception {
             if (this.privKeyMaterial == null) {
                 int keySize = CurveUtil.getCurveSize(curve);
                 this.xecKey = XECKey.generateKeyPair(
-                        this.curve.ordinal(), keySize, provider);
+                        this.curve.ordinal(), keySize, provider, configAlgName);
             } else {
                 this.algid = CurveUtil.getAlgId(this.curve);
                 byte[] der = buildOCKPrivateKeyBytes();
                 int encodingSize = CurveUtil.getDEREncodingSize(curve);
                 this.xecKey = XECKey.createPrivateKey(der,
-                        encodingSize, provider);
+                        encodingSize, provider, configAlgName);
             }
         } catch (Exception exception) {
             InvalidParameterException ike = new InvalidParameterException(
@@ -112,7 +112,7 @@ private void setFieldsFromXeckey() throws Exception {
         checkLength(this.curve);
     }
 
-    EdDSAPrivateKeyImpl(OpenJCEPlusProvider provider, byte[] encoded)
+    EdDSAPrivateKeyImpl(OpenJCEPlusProvider provider, byte[] encoded, String configAlgName)
             throws InvalidKeyException, IOException {
         super(encoded);
         this.provider = provider;
@@ -123,7 +123,7 @@ private void setFieldsFromXeckey() throws Exception {
             checkLength(this.curve);
             int encodingSize = CurveUtil.getDEREncodingSize(curve);
             this.xecKey = XECKey.createPrivateKey(alteredEncoded,
-                    encodingSize, provider);
+                    encodingSize, provider, configAlgName);
 
         } catch (Exception exception) {
             throw new InvalidKeyException("Failed to create XEC private key", exception);

src/main/java/com/ibm/crypto/plus/provider/EdDSAPublicKeyImpl.java

@@ -82,7 +82,7 @@ private void setFieldsFromXeckey() throws Exception {
 
 
     EdDSAPublicKeyImpl(OpenJCEPlusProvider provider,
-            NamedParameterSpec params, EdECPoint point)
+            NamedParameterSpec params, EdECPoint point, String configAlgName)
             throws InvalidAlgorithmParameterException, InvalidParameterException, InvalidKeyException {
 
         if (provider == null)
@@ -111,7 +111,7 @@ private void setFieldsFromXeckey() throws Exception {
             byte[] der = buildOCKPublicKeyBytes();
             byte[] alteredEncoded = alterEncodedPublicKey(der); // Alters encoded to fit GSKit, and sets params
 
-            this.xecKey = XECKey.createPublicKey(alteredEncoded, provider);
+            this.xecKey = XECKey.createPublicKey(alteredEncoded, provider, configAlgName);
 
         } catch (Exception exception) {
             throw new InvalidKeyException("Failed to create EdDSA public key", exception);
@@ -120,7 +120,7 @@ private void setFieldsFromXeckey() throws Exception {
         checkLength(this.curve);
     }
 
-    EdDSAPublicKeyImpl(OpenJCEPlusProvider provider, byte[] encoded)
+    EdDSAPublicKeyImpl(OpenJCEPlusProvider provider, byte[] encoded, String configAlgName)
             throws InvalidKeyException {
 
         if (provider == null)
@@ -141,7 +141,7 @@ private void setFieldsFromXeckey() throws Exception {
             this.point = new EdECPoint(xOdd, y);
 
             byte[] der = buildOCKPublicKeyBytes();
-            this.xecKey = XECKey.createPublicKey(der, provider);
+            this.xecKey = XECKey.createPublicKey(der, provider, configAlgName);
 
         } catch (Exception exception) {
             throw new InvalidKeyException("Failed to create EdDSA public key", exception);