Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Contributor
Posts: 9
Registered: ‎06-25-2010
My Device: BB 8900
My Carrier: Beeline

Two examples of imperfection I found in RIM Crypto API (S/MIME, X509)

[ Edited ]

The first imperfection is in CMSSignedDataInputStream.verify(CMSEntityIdentifier) method. If I want to check S/MIME message signature with russian algorithm named "Gost 34.10-2001", it always gives me an error "CryptoUnsupportedOperation" exception, even I have wrote and installed all russian cryptosystem in BB (private/public key encoders, decoders, OIDs and other stuff). It doesn't allow me to verify signature, because RIM code searches an appropriate digest algorithm just enumerating all hash algorithms it knows: SHA1, SHA256, SHA384, SHA512. During the CMSSignedDataInputStream.verify() debugging I can see next calls:

+CMSSignedDataInputStream.verify(CMSEntityIdentifier)

++CMSSignedDataInputStream.verify(CMSEntityIdentifier, Certificate)

+++CMSUtilities.getSignatureDigest(byte[] bytes)

++++OIDs.getOID(0x2E2E0369) - which obtains SHA1 OID (2B:0E:03:02:1A)

++++OIDs.getOID(0x2038E774) - which obtains SHA256 OID (60:86:48:01:65:03:04:02:01)

++++OIDs.getOID(0x203CE774) - which obtains SHA384 OID (60:86:48:01:65:03:04:02:02)

++++OIDs.getOID(0x2040E774) - which obtains SHA512 OID (60:86:48:01:65:03:04:02:03)

all of these OIDs BB code compares with my OID (2A:85:03:02:1E:01, id-GostR3411-94-CryptoProParamSet) and then throws the CryptoUnsupportedOperation.

 

I don't understand, why did RIM hardcode all these digest algorithm OIDs? The more flexible decision is to obtain digest via DigestFactory:

 

String digestAlgorithmName = OIDs.getAssociatedString(OIDs.HASH_ALGORITHM_NAME, oid);

Digest digest = DigestFactory.getInstance(digestAlgorithmName);

 

which allows developers to add their own digest algorithms.

 

The second imperfection is in X509Certificate.create() method - it doesn't allow programmers to create X509Certificates using specific KeyPair and digest implementation even BB has all algorithms, encoders/decoders and OIDs installed.

 

BlackBerry Development Advisor
Posts: 15,070
Registered: ‎07-09-2008
My Device: BlackBerry Passport
My Carrier: Bell

Re: Two examples of imperfection I found in RIM Crypto API (S/MIME, X509)

Please log these issues in the BlackBerry Issue Tracker:  https://www.blackberry.com/jira/secure/Dashboard.jspa

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
New Contributor
Posts: 9
Registered: ‎06-25-2010
My Device: BB 8900
My Carrier: Beeline

Re: Two examples of imperfection I found in RIM Crypto API (S/MIME, X509)

Thank you for your reply, MSohm. I'll do it in a day or two.