Example 1 with Gost2814789KeyWrapParameters
use of com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters in project LinLong-Java by zhenwei1108.
the class JceKeyAgreeRecipient method extractSecretKey.
protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentEncryptionKey) throws CMSException {
try {
AlgorithmIdentifier wrapAlg = AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters());
X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(senderKey.getEncoded());
KeyFactory fact = helper.createKeyFactory(senderKey.getAlgorithm().getAlgorithm());
PublicKey senderPublicKey = fact.generatePublic(pubSpec);
try {
SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, senderPublicKey, userKeyingMaterial, recipientKey, ecc_cms_Generator);
if (wrapAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap) || wrapAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap)) {
Gost2814789EncryptedKey encKey = Gost2814789EncryptedKey.getInstance(encryptedContentEncryptionKey);
Gost2814789KeyWrapParameters wrapParams = Gost2814789KeyWrapParameters.getInstance(wrapAlg.getParameters());
Cipher keyCipher = helper.createCipher(wrapAlg.getAlgorithm());
keyCipher.init(Cipher.UNWRAP_MODE, agreedWrapKey, new GOST28147WrapParameterSpec(wrapParams.getEncryptionParamSet(), userKeyingMaterial.getOctets()));
return keyCipher.unwrap(Arrays.concatenate(encKey.getEncryptedKey(), encKey.getMacKey()), helper.getBaseCipherName(contentEncryptionAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
}
return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
} catch (InvalidKeyException e) {
// might be a pre-RFC 5753 message
if (possibleOldMessages.contains(keyEncryptionAlgorithm.getAlgorithm())) {
SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, senderPublicKey, userKeyingMaterial, recipientKey, old_ecc_cms_Generator);
return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
}
// one last try - people do actually do this it turns out
if (userKeyingMaterial != null) {
try {
SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, senderPublicKey, userKeyingMaterial, recipientKey, simple_ecc_cmsGenerator);
return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
} catch (InvalidKeyException ex) {
// we'll throw the original exception
throw e;
}
}
throw e;
}
} catch (NoSuchAlgorithmException e) {
throw new CMSException("can't find algorithm.", e);
} catch (InvalidKeyException e) {
throw new CMSException("key invalid in message.", e);
} catch (InvalidKeySpecException e) {
throw new CMSException("originator key spec invalid.", e);
} catch (NoSuchPaddingException e) {
throw new CMSException("required padding not supported.", e);
} catch (Exception e) {
throw new CMSException("originator key invalid.", e);
}
}
Also used :
PublicKey(java.security.PublicKey)
GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
Gost2814789KeyWrapParameters(com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters)
CMSException(com.github.zhenwei.pkix.cms.CMSException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
GeneralSecurityException(java.security.GeneralSecurityException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)
SecretKey(javax.crypto.SecretKey)
Cipher(javax.crypto.Cipher)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
KeyFactory(java.security.KeyFactory)
CMSException(com.github.zhenwei.pkix.cms.CMSException)
Example 2 with Gost2814789KeyWrapParameters
use of com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters in project LinLong-Java by zhenwei1108.
the class KeyAgreeRecipientInfoGenerator method generate.
public RecipientInfo generate(GenericKey contentEncryptionKey) throws CMSException {
OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey(createOriginatorPublicKey(originatorKeyInfo));
AlgorithmIdentifier keyEncAlg;
if (CMSUtils.isDES(keyEncryptionOID.getId()) || keyEncryptionOID.equals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap)) {
keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, DERNull.INSTANCE);
} else if (CMSUtils.isGOST(keyAgreementOID)) {
keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, new Gost2814789KeyWrapParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet));
} else {
keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID);
}
AlgorithmIdentifier keyAgreeAlg = new AlgorithmIdentifier(keyAgreementOID, keyEncAlg);
ASN1Sequence recipients = generateRecipientEncryptedKeys(keyAgreeAlg, keyEncAlg, contentEncryptionKey);
byte[] userKeyingMaterial = getUserKeyingMaterial(keyAgreeAlg);
if (userKeyingMaterial != null) {
return new RecipientInfo(new KeyAgreeRecipientInfo(originator, new DEROctetString(userKeyingMaterial), keyAgreeAlg, recipients));
} else {
return new RecipientInfo(new KeyAgreeRecipientInfo(originator, null, keyAgreeAlg, recipients));
}
}
Also used :
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
OriginatorIdentifierOrKey(com.github.zhenwei.pkix.util.asn1.cms.OriginatorIdentifierOrKey)
Gost2814789KeyWrapParameters(com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters)
RecipientInfo(com.github.zhenwei.pkix.util.asn1.cms.RecipientInfo)
KeyAgreeRecipientInfo(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientInfo)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
KeyAgreeRecipientInfo(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientInfo)
Aggregations
Gost2814789KeyWrapParameters (com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters)2
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)1
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1
Gost2814789EncryptedKey (com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)1
CMSException (com.github.zhenwei.pkix.cms.CMSException)1
KeyAgreeRecipientInfo (com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientInfo)1
OriginatorIdentifierOrKey (com.github.zhenwei.pkix.util.asn1.cms.OriginatorIdentifierOrKey)1
RecipientInfo (com.github.zhenwei.pkix.util.asn1.cms.RecipientInfo)1
GOST28147WrapParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)1
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
InvalidKeyException (java.security.InvalidKeyException)1
KeyFactory (java.security.KeyFactory)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PublicKey (java.security.PublicKey)1
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)1
Cipher (javax.crypto.Cipher)1
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1
