Search in sources :

Example 1 with GostR3410TransportParameters

use of com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters in project LinLong-Java by zhenwei1108.

the class JceKeyTransRecipient method extractSecretKey.

protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey) throws CMSException {
    if (CMSUtils.isGOST(keyEncryptionAlgorithm.getAlgorithm())) {
        try {
            GostR3410KeyTransport transport = GostR3410KeyTransport.getInstance(encryptedEncryptionKey);
            GostR3410TransportParameters transParams = transport.getTransportParameters();
            KeyFactory keyFactory = helper.createKeyFactory(keyEncryptionAlgorithm.getAlgorithm());
            PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(transParams.getEphemeralPublicKey().getEncoded()));
            KeyAgreement agreement = helper.createKeyAgreement(keyEncryptionAlgorithm.getAlgorithm());
            agreement.init(recipientKey, new UserKeyingMaterialSpec(transParams.getUkm()));
            agreement.doPhase(pubKey, true);
            SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
            Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
            keyCipher.init(Cipher.UNWRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
            Gost2814789EncryptedKey encKey = transport.getSessionEncryptedKey();
            return keyCipher.unwrap(Arrays.concatenate(encKey.getEncryptedKey(), encKey.getMacKey()), helper.getBaseCipherName(encryptedKeyAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
        } catch (Exception e) {
            throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
        }
    } else {
        JceAsymmetricKeyUnwrapper unwrapper = helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey).setMustProduceEncodableUnwrappedKey(unwrappedKeyMustBeEncodable);
        if (!extraMappings.isEmpty()) {
            for (Iterator it = extraMappings.keySet().iterator(); it.hasNext(); ) {
                ASN1ObjectIdentifier algorithm = (ASN1ObjectIdentifier) it.next();
                unwrapper.setAlgorithmMapping(algorithm, (String) extraMappings.get(algorithm));
            }
        }
        try {
            Key key = helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey));
            if (validateKeySize) {
                helper.keySizeCheck(encryptedKeyAlgorithm, key);
            }
            return key;
        } catch (OperatorException e) {
            throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
        }
    }
}
Also used : JceAsymmetricKeyUnwrapper(com.github.zhenwei.pkix.operator.jcajce.JceAsymmetricKeyUnwrapper) PublicKey(java.security.PublicKey) GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec) CMSException(com.github.zhenwei.pkix.cms.CMSException) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) GostR3410KeyTransport(com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport) GostR3410TransportParameters(com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters) Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey) SecretKey(javax.crypto.SecretKey) Iterator(java.util.Iterator) Cipher(javax.crypto.Cipher) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey) SecretKey(javax.crypto.SecretKey) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) CMSException(com.github.zhenwei.pkix.cms.CMSException)

Example 2 with GostR3410TransportParameters

use of com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters in project LinLong-Java by zhenwei1108.

the class JceAsymmetricKeyWrapper method generateWrappedKey.

public byte[] generateWrappedKey(GenericKey encryptionKey) throws OperatorException {
    byte[] encryptedKeyBytes = null;
    if (isGOST(getAlgorithmIdentifier().getAlgorithm())) {
        try {
            random = CryptoServicesRegistrar.getSecureRandom(random);
            KeyPairGenerator kpGen = helper.createKeyPairGenerator(getAlgorithmIdentifier().getAlgorithm());
            kpGen.initialize(((ECPublicKey) publicKey).getParams(), random);
            KeyPair ephKp = kpGen.generateKeyPair();
            byte[] ukm = new byte[8];
            random.nextBytes(ukm);
            SubjectPublicKeyInfo ephKeyInfo = SubjectPublicKeyInfo.getInstance(ephKp.getPublic().getEncoded());
            GostR3410TransportParameters transParams;
            if (ephKeyInfo.getAlgorithm().getAlgorithm().on(RosstandartObjectIdentifiers.id_tc26)) {
                transParams = new GostR3410TransportParameters(RosstandartObjectIdentifiers.id_tc26_gost_28147_param_Z, ephKeyInfo, ukm);
            } else {
                transParams = new GostR3410TransportParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, ephKeyInfo, ukm);
            }
            KeyAgreement agreement = helper.createKeyAgreement(getAlgorithmIdentifier().getAlgorithm());
            agreement.init(ephKp.getPrivate(), new UserKeyingMaterialSpec(transParams.getUkm()));
            agreement.doPhase(publicKey, true);
            SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
            byte[] encKey = OperatorUtils.getJceKey(encryptionKey).getEncoded();
            Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
            keyCipher.init(Cipher.WRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
            byte[] keyData = keyCipher.wrap(new SecretKeySpec(encKey, "GOST"));
            GostR3410KeyTransport transport = new GostR3410KeyTransport(new Gost2814789EncryptedKey(Arrays.copyOfRange(keyData, 0, 32), Arrays.copyOfRange(keyData, 32, 36)), transParams);
            return transport.getEncoded();
        } catch (Exception e) {
            throw new OperatorException("exception wrapping key: " + e.getMessage(), e);
        }
    } else {
        Cipher keyEncryptionCipher = helper.createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm(), extraMappings);
        try {
            AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
            if (algParams != null) {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, algParams, random);
            } else {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, random);
            }
            encryptedKeyBytes = keyEncryptionCipher.wrap(OperatorUtils.getJceKey(encryptionKey));
        } catch (InvalidKeyException e) {
        } catch (GeneralSecurityException e) {
        } catch (IllegalStateException e) {
        } catch (UnsupportedOperationException e) {
        } catch (ProviderException e) {
        }
        // some providers do not support WRAP (this appears to be only for asymmetric algorithms)
        if (encryptedKeyBytes == null) {
            try {
                keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, publicKey, random);
                encryptedKeyBytes = keyEncryptionCipher.doFinal(OperatorUtils.getJceKey(encryptionKey).getEncoded());
            } catch (InvalidKeyException e) {
                throw new OperatorException("unable to encrypt contents key", e);
            } catch (GeneralSecurityException e) {
                throw new OperatorException("unable to encrypt contents key", e);
            }
        }
    }
    return encryptedKeyBytes;
}
Also used : KeyPair(java.security.KeyPair) ProviderException(java.security.ProviderException) GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec) GeneralSecurityException(java.security.GeneralSecurityException) KeyPairGenerator(java.security.KeyPairGenerator) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo) UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec) GeneralSecurityException(java.security.GeneralSecurityException) InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) ProviderException(java.security.ProviderException) InvalidKeyException(java.security.InvalidKeyException) GostR3410TransportParameters(com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters) GostR3410KeyTransport(com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport) Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey) SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) KeyAgreement(javax.crypto.KeyAgreement) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

Gost2814789EncryptedKey (com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)2 GostR3410KeyTransport (com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport)2 GostR3410TransportParameters (com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters)2 OperatorException (com.github.zhenwei.pkix.operator.OperatorException)2 GOST28147WrapParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)2 UserKeyingMaterialSpec (com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)2 Cipher (javax.crypto.Cipher)2 KeyAgreement (javax.crypto.KeyAgreement)2 SecretKey (javax.crypto.SecretKey)2 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1 SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)1 CMSException (com.github.zhenwei.pkix.cms.CMSException)1 JceAsymmetricKeyUnwrapper (com.github.zhenwei.pkix.operator.jcajce.JceAsymmetricKeyUnwrapper)1 AlgorithmParameters (java.security.AlgorithmParameters)1 GeneralSecurityException (java.security.GeneralSecurityException)1 InvalidKeyException (java.security.InvalidKeyException)1 Key (java.security.Key)1 KeyFactory (java.security.KeyFactory)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1