Fix #642: Add exact list of used cryptographic standards (#643)

* Fix #640: Add documentation for temporary keys

* Fix #642: Add exact list of used cryptographic standards

docs/List-of-Used-Algorithms.md

@@ -0,0 +1,28 @@
+# List of Used Algorithms
+
+The following algorithms are used in the PowerAuth cryptography scheme.
+
+## PowerAuth 3 Protocol
+
+- Current protocol version: `3.3`
+
+### Cryptographic Primitives
+
+| Algorithm | Impacts | Note |
+|---------------|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `AES-128` | mobile, server | Symmetric encryption with 128 bit keys. Used in `AES/CBC/PKCS7Padding` or `AES/CBC/NoPadding`, depending on use-case. |
+| `Argon2` | server | Iterative hash used for storing recovery PUK values associated with recovery codes (`argon2i`). |
+| `CRC-16` | mobile, server | Checksum algorithm, used to add a validation to the activation code (2 bytes out of 12 are allocated for checksum). |
+| `ECDH` | mobile, server | Key agreement algorithm for ECC-based Diffie-Hellman, uses `secp256r1` curve. |
+| `ECDSA` | mobile, server | Asymmetric signatures based on ECC, with `secp256r1` curve and `SHA256` hash function (`SHA256withECDSA`). |
+| `ECIES` | mobile, server | Asymmetric encryption scheme based on ECC, with `secp256r1` and `X9.63` (`SHA256`) KDF function. |
+| `HMAC-SHA256` | mobile, server | MAC algorithm with `SHA256` as underlying has function. Used in various situations across the protocol. |
+| `HMAC-SHA512` | server | MAC algorithm with `SHA256` as underlying has function. Currently only used when validating TOTP in proximity OTP feature. |
+| `PBKDF2` | mobile | Derivation function, used with `HMAC-SHA1` algorithm (`PBKDF2WithHmacSHA1`) and 10 000 iterations. _Note: Used exclusively for deriving a symmetric encryption key from PIN code on a mobile device, and hence strength of the algorithm is unimportant._ |
+| `SHA256` | mobile, server | Hash function. Used in various situations across the protocol. |
+| `X9.63` | mobile, server | Key derivation function with `SHA256`. Used for deriving keys with random index. |
+
+### Algorithm Providers
+
+- Server-Side: [Bouncy Castle](https://www.bouncycastle.org/)
+- Client-Side: [OpenSSL](https://openssl-library.org/) (libCrypto)

docs/_Sidebar.md

@@ -27,6 +27,7 @@
 - [Activation Code Format](./Activation-Code.md)
 - [Additional Activation OTP](./Additional-Activation-OTP.md)
 - [Implementation Details](./Implementation-notes.md)
+- [List of Used Algorithms](./List-of-Used-Algorithms.md)
 - [List of Used Keys](./List-of-used-keys.md)
 
 **Tutorials**

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/ByteUtils.java

@@ -43,9 +43,7 @@ public static byte[] concat(byte[]... arrays) {
 
  /**
  * Concatenate multiple byte arrays, including each component size.
- *
  * Sample output byte array structure: [size1][array1][size2][array2]
- *
  * In case byte array is empty, each empty component is encoded as: [0]
  *
  * @param arrays Byte arrays to join.

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/server/util/DataDigest.java

@@ -108,7 +108,7 @@ public DataDigest(int length) throws GenericCryptoException {
  * @return Digest fo provided data, including seed used to compute that digest.
  */
  public Result generateDigest(List<String> items) {
- if (items.size() == 0) {
+ if (items.isEmpty()) {
  return null;
  }
  try {

powerauth-java-http/src/main/java/io/getlime/security/powerauth/http/PowerAuthRequestCanonizationUtils.java

@@ -95,7 +95,7 @@ public static String canonizeGetParameters(String queryString) {
  signatureBaseString.append(URLEncoder.encode(val, StandardCharsets.UTF_8));
  }
 
- return signatureBaseString.length() > 0 ? signatureBaseString.toString() : null;
+ return !signatureBaseString.isEmpty() ? signatureBaseString.toString() : null;
  }
 
 }