Search in sources :

Example 1 with Gost2814789KeyWrapParameters

use of com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters in project LinLong-Java by zhenwei1108.

the class JceKeyAgreeRecipient method extractSecretKey.

protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentEncryptionKey) throws CMSException {
    try {
        AlgorithmIdentifier wrapAlg = AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters());
        X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(senderKey.getEncoded());
        KeyFactory fact = helper.createKeyFactory(senderKey.getAlgorithm().getAlgorithm());
        PublicKey senderPublicKey = fact.generatePublic(pubSpec);
        try {
            SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, senderPublicKey, userKeyingMaterial, recipientKey, ecc_cms_Generator);
            if (wrapAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap) || wrapAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap)) {
                Gost2814789EncryptedKey encKey = Gost2814789EncryptedKey.getInstance(encryptedContentEncryptionKey);
                Gost2814789KeyWrapParameters wrapParams = Gost2814789KeyWrapParameters.getInstance(wrapAlg.getParameters());
                Cipher keyCipher = helper.createCipher(wrapAlg.getAlgorithm());
                keyCipher.init(Cipher.UNWRAP_MODE, agreedWrapKey, new GOST28147WrapParameterSpec(wrapParams.getEncryptionParamSet(), userKeyingMaterial.getOctets()));
                return keyCipher.unwrap(Arrays.concatenate(encKey.getEncryptedKey(), encKey.getMacKey()), helper.getBaseCipherName(contentEncryptionAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
            }
            return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
        } catch (InvalidKeyException e) {
            // might be a pre-RFC 5753 message
            if (possibleOldMessages.contains(keyEncryptionAlgorithm.getAlgorithm())) {
                SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, senderPublicKey, userKeyingMaterial, recipientKey, old_ecc_cms_Generator);
                return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
            }
            // one last try - people do actually do this it turns out
            if (userKeyingMaterial != null) {
                try {
                    SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, senderPublicKey, userKeyingMaterial, recipientKey, simple_ecc_cmsGenerator);
                    return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
                } catch (InvalidKeyException ex) {
                    // we'll throw the original exception
                    throw e;
                }
            }
            throw e;
        }
    } catch (NoSuchAlgorithmException e) {
        throw new CMSException("can't find algorithm.", e);
    } catch (InvalidKeyException e) {
        throw new CMSException("key invalid in message.", e);
    } catch (InvalidKeySpecException e) {
        throw new CMSException("originator key spec invalid.", e);
    } catch (NoSuchPaddingException e) {
        throw new CMSException("required padding not supported.", e);
    } catch (Exception e) {
        throw new CMSException("originator key invalid.", e);
    }
}
Also used : PublicKey(java.security.PublicKey) GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) Gost2814789KeyWrapParameters(com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters) CMSException(com.github.zhenwei.pkix.cms.CMSException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey) SecretKey(javax.crypto.SecretKey) Cipher(javax.crypto.Cipher) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) KeyFactory(java.security.KeyFactory) CMSException(com.github.zhenwei.pkix.cms.CMSException)

Example 2 with Gost2814789KeyWrapParameters

use of com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters in project LinLong-Java by zhenwei1108.

the class KeyAgreeRecipientInfoGenerator method generate.

public RecipientInfo generate(GenericKey contentEncryptionKey) throws CMSException {
    OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey(createOriginatorPublicKey(originatorKeyInfo));
    AlgorithmIdentifier keyEncAlg;
    if (CMSUtils.isDES(keyEncryptionOID.getId()) || keyEncryptionOID.equals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap)) {
        keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, DERNull.INSTANCE);
    } else if (CMSUtils.isGOST(keyAgreementOID)) {
        keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, new Gost2814789KeyWrapParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet));
    } else {
        keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID);
    }
    AlgorithmIdentifier keyAgreeAlg = new AlgorithmIdentifier(keyAgreementOID, keyEncAlg);
    ASN1Sequence recipients = generateRecipientEncryptedKeys(keyAgreeAlg, keyEncAlg, contentEncryptionKey);
    byte[] userKeyingMaterial = getUserKeyingMaterial(keyAgreeAlg);
    if (userKeyingMaterial != null) {
        return new RecipientInfo(new KeyAgreeRecipientInfo(originator, new DEROctetString(userKeyingMaterial), keyAgreeAlg, recipients));
    } else {
        return new RecipientInfo(new KeyAgreeRecipientInfo(originator, null, keyAgreeAlg, recipients));
    }
}
Also used : ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) OriginatorIdentifierOrKey(com.github.zhenwei.pkix.util.asn1.cms.OriginatorIdentifierOrKey) Gost2814789KeyWrapParameters(com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters) RecipientInfo(com.github.zhenwei.pkix.util.asn1.cms.RecipientInfo) KeyAgreeRecipientInfo(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientInfo) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) KeyAgreeRecipientInfo(com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientInfo)

Aggregations

Gost2814789KeyWrapParameters (com.github.zhenwei.core.asn1.cryptopro.Gost2814789KeyWrapParameters)2 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)1 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1 Gost2814789EncryptedKey (com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)1 CMSException (com.github.zhenwei.pkix.cms.CMSException)1 KeyAgreeRecipientInfo (com.github.zhenwei.pkix.util.asn1.cms.KeyAgreeRecipientInfo)1 OriginatorIdentifierOrKey (com.github.zhenwei.pkix.util.asn1.cms.OriginatorIdentifierOrKey)1 RecipientInfo (com.github.zhenwei.pkix.util.asn1.cms.RecipientInfo)1 GOST28147WrapParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)1 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyFactory (java.security.KeyFactory)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PublicKey (java.security.PublicKey)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)1 Cipher (javax.crypto.Cipher)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1