use of com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters in project LinLong-Java by zhenwei1108.
the class JceKeyTransRecipient method extractSecretKey.
protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey) throws CMSException {
if (CMSUtils.isGOST(keyEncryptionAlgorithm.getAlgorithm())) {
try {
GostR3410KeyTransport transport = GostR3410KeyTransport.getInstance(encryptedEncryptionKey);
GostR3410TransportParameters transParams = transport.getTransportParameters();
KeyFactory keyFactory = helper.createKeyFactory(keyEncryptionAlgorithm.getAlgorithm());
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(transParams.getEphemeralPublicKey().getEncoded()));
KeyAgreement agreement = helper.createKeyAgreement(keyEncryptionAlgorithm.getAlgorithm());
agreement.init(recipientKey, new UserKeyingMaterialSpec(transParams.getUkm()));
agreement.doPhase(pubKey, true);
SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
keyCipher.init(Cipher.UNWRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
Gost2814789EncryptedKey encKey = transport.getSessionEncryptedKey();
return keyCipher.unwrap(Arrays.concatenate(encKey.getEncryptedKey(), encKey.getMacKey()), helper.getBaseCipherName(encryptedKeyAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
} catch (Exception e) {
throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
}
} else {
JceAsymmetricKeyUnwrapper unwrapper = helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey).setMustProduceEncodableUnwrappedKey(unwrappedKeyMustBeEncodable);
if (!extraMappings.isEmpty()) {
for (Iterator it = extraMappings.keySet().iterator(); it.hasNext(); ) {
ASN1ObjectIdentifier algorithm = (ASN1ObjectIdentifier) it.next();
unwrapper.setAlgorithmMapping(algorithm, (String) extraMappings.get(algorithm));
}
}
try {
Key key = helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey));
if (validateKeySize) {
helper.keySizeCheck(encryptedKeyAlgorithm, key);
}
return key;
} catch (OperatorException e) {
throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
}
}
}
use of com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters in project LinLong-Java by zhenwei1108.
the class JceAsymmetricKeyWrapper method generateWrappedKey.
public byte[] generateWrappedKey(GenericKey encryptionKey) throws OperatorException {
byte[] encryptedKeyBytes = null;
if (isGOST(getAlgorithmIdentifier().getAlgorithm())) {
try {
random = CryptoServicesRegistrar.getSecureRandom(random);
KeyPairGenerator kpGen = helper.createKeyPairGenerator(getAlgorithmIdentifier().getAlgorithm());
kpGen.initialize(((ECPublicKey) publicKey).getParams(), random);
KeyPair ephKp = kpGen.generateKeyPair();
byte[] ukm = new byte[8];
random.nextBytes(ukm);
SubjectPublicKeyInfo ephKeyInfo = SubjectPublicKeyInfo.getInstance(ephKp.getPublic().getEncoded());
GostR3410TransportParameters transParams;
if (ephKeyInfo.getAlgorithm().getAlgorithm().on(RosstandartObjectIdentifiers.id_tc26)) {
transParams = new GostR3410TransportParameters(RosstandartObjectIdentifiers.id_tc26_gost_28147_param_Z, ephKeyInfo, ukm);
} else {
transParams = new GostR3410TransportParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, ephKeyInfo, ukm);
}
KeyAgreement agreement = helper.createKeyAgreement(getAlgorithmIdentifier().getAlgorithm());
agreement.init(ephKp.getPrivate(), new UserKeyingMaterialSpec(transParams.getUkm()));
agreement.doPhase(publicKey, true);
SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
byte[] encKey = OperatorUtils.getJceKey(encryptionKey).getEncoded();
Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
keyCipher.init(Cipher.WRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
byte[] keyData = keyCipher.wrap(new SecretKeySpec(encKey, "GOST"));
GostR3410KeyTransport transport = new GostR3410KeyTransport(new Gost2814789EncryptedKey(Arrays.copyOfRange(keyData, 0, 32), Arrays.copyOfRange(keyData, 32, 36)), transParams);
return transport.getEncoded();
} catch (Exception e) {
throw new OperatorException("exception wrapping key: " + e.getMessage(), e);
}
} else {
Cipher keyEncryptionCipher = helper.createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm(), extraMappings);
try {
AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
if (algParams != null) {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, algParams, random);
} else {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, random);
}
encryptedKeyBytes = keyEncryptionCipher.wrap(OperatorUtils.getJceKey(encryptionKey));
} catch (InvalidKeyException e) {
} catch (GeneralSecurityException e) {
} catch (IllegalStateException e) {
} catch (UnsupportedOperationException e) {
} catch (ProviderException e) {
}
// some providers do not support WRAP (this appears to be only for asymmetric algorithms)
if (encryptedKeyBytes == null) {
try {
keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, publicKey, random);
encryptedKeyBytes = keyEncryptionCipher.doFinal(OperatorUtils.getJceKey(encryptionKey).getEncoded());
} catch (InvalidKeyException e) {
throw new OperatorException("unable to encrypt contents key", e);
} catch (GeneralSecurityException e) {
throw new OperatorException("unable to encrypt contents key", e);
}
}
}
return encryptedKeyBytes;
}
Aggregations