Fix #642: Add exact list of used cryptographic standards (#643)

* Fix #640: Add documentation for temporary keys

* Fix #642: Add exact list of used cryptographic standards

docs/List-of-Used-Algorithms.md

@@ -0,0 +1,28 @@
+# List of Used Algorithms
+
+The following algorithms are used in the PowerAuth cryptography scheme.
+
+## PowerAuth 3 Protocol
+
+- Current protocol version: `3.3`
+
+### Cryptographic Primitives
+
+| Algorithm     | Impacts        | Note                                                                                                                                                                                                                                                      |
+|---------------|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `AES-128`     | mobile, server | Symmetric encryption with 128 bit keys. Used in `AES/CBC/PKCS7Padding` or `AES/CBC/NoPadding`, depending on use-case.                                                                                                                                     |
+| `Argon2`      | server         | Iterative hash used for storing recovery PUK values associated with recovery codes (`argon2i`).                                                                                                                                                           |
+| `CRC-16`      | mobile, server | Checksum algorithm, used to add a validation to the activation code (2 bytes out of 12 are allocated for checksum).                                                                                                                                       |
+| `ECDH`        | mobile, server | Key agreement algorithm for ECC-based Diffie-Hellman, uses `secp256r1` curve.                                                                                                                                                                             |
+| `ECDSA`       | mobile, server | Asymmetric signatures based on ECC, with `secp256r1` curve and `SHA256` hash function (`SHA256withECDSA`).                                                                                                                                                |
+| `ECIES`       | mobile, server | Asymmetric encryption scheme based on ECC, with `secp256r1` and `X9.63` (`SHA256`) KDF function.                                                                                                                                                          |
+| `HMAC-SHA256` | mobile, server | MAC algorithm with `SHA256` as underlying has function. Used in various situations across the protocol.                                                                                                                                                   |
+| `HMAC-SHA512` | server         | MAC algorithm with `SHA256` as underlying has function. Currently only used when validating TOTP in proximity OTP feature.                                                                                                                                |
+| `PBKDF2`      | mobile         | Derivation function, used with `HMAC-SHA1` algorithm (`PBKDF2WithHmacSHA1`) and 10 000 iterations. _Note: Used exclusively for deriving a symmetric encryption key from PIN code on a mobile device, and hence strength of the algorithm is unimportant._ |
+| `SHA256`      | mobile, server | Hash function. Used in various situations across the protocol.                                                                                                                                                                                            |
+| `X9.63`       | mobile, server | Key derivation function with `SHA256`. Used for deriving keys with random index.                                                                                                                                                                          |
+
+### Algorithm Providers
+
+- Server-Side: [Bouncy Castle](https://www.bouncycastle.org/)
+- Client-Side: [OpenSSL](https://openssl-library.org/) (libCrypto)

docs/_Sidebar.md

@@ -27,6 +27,7 @@
 - [Activation Code Format](./Activation-Code.md)
 - [Additional Activation OTP](./Additional-Activation-OTP.md)
 - [Implementation Details](./Implementation-notes.md)
+- [List of Used Algorithms](./List-of-Used-Algorithms.md)
 - [List of Used Keys](./List-of-used-keys.md)
 
 **Tutorials**

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/ByteUtils.java

@@ -43,9 +43,7 @@ public static byte[] concat(byte[]... arrays) {
 
     /**
      * Concatenate multiple byte arrays, including each component size.
-     *
      * Sample output byte array structure: [size1][array1][size2][array2]
-     *
      * In case byte array is empty, each empty component is encoded as: [0]
      *
      * @param arrays Byte arrays to join.

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/server/util/DataDigest.java

@@ -108,7 +108,7 @@ public DataDigest(int length) throws GenericCryptoException {
      * @return Digest fo provided data, including seed used to compute that digest.
      */
     public Result generateDigest(List<String> items) {
-        if (items.size() == 0) {
+        if (items.isEmpty()) {
             return null;
         }
         try {

powerauth-java-http/src/main/java/io/getlime/security/powerauth/http/PowerAuthRequestCanonizationUtils.java

@@ -95,7 +95,7 @@ public static String canonizeGetParameters(String queryString) {
             signatureBaseString.append(URLEncoder.encode(val, StandardCharsets.UTF_8));
         }
 
-        return signatureBaseString.length() > 0 ? signatureBaseString.toString() : null;
+        return !signatureBaseString.isEmpty() ? signatureBaseString.toString() : null;
     }
 
 }