Example 1 with GostR3410TransportParameters
use of com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters in project LinLong-Java by zhenwei1108.
the class JceKeyTransRecipient method extractSecretKey.
protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey) throws CMSException {
if (CMSUtils.isGOST(keyEncryptionAlgorithm.getAlgorithm())) {
try {
GostR3410KeyTransport transport = GostR3410KeyTransport.getInstance(encryptedEncryptionKey);
GostR3410TransportParameters transParams = transport.getTransportParameters();
KeyFactory keyFactory = helper.createKeyFactory(keyEncryptionAlgorithm.getAlgorithm());
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(transParams.getEphemeralPublicKey().getEncoded()));
KeyAgreement agreement = helper.createKeyAgreement(keyEncryptionAlgorithm.getAlgorithm());
agreement.init(recipientKey, new UserKeyingMaterialSpec(transParams.getUkm()));
agreement.doPhase(pubKey, true);
SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
keyCipher.init(Cipher.UNWRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
Gost2814789EncryptedKey encKey = transport.getSessionEncryptedKey();
return keyCipher.unwrap(Arrays.concatenate(encKey.getEncryptedKey(), encKey.getMacKey()), helper.getBaseCipherName(encryptedKeyAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
} catch (Exception e) {
throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
}
} else {
JceAsymmetricKeyUnwrapper unwrapper = helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, recipientKey).setMustProduceEncodableUnwrappedKey(unwrappedKeyMustBeEncodable);
if (!extraMappings.isEmpty()) {
for (Iterator it = extraMappings.keySet().iterator(); it.hasNext(); ) {
ASN1ObjectIdentifier algorithm = (ASN1ObjectIdentifier) it.next();
unwrapper.setAlgorithmMapping(algorithm, (String) extraMappings.get(algorithm));
}
}
try {
Key key = helper.getJceKey(encryptedKeyAlgorithm.getAlgorithm(), unwrapper.generateUnwrappedKey(encryptedKeyAlgorithm, encryptedEncryptionKey));
if (validateKeySize) {
helper.keySizeCheck(encryptedKeyAlgorithm, key);
}
return key;
} catch (OperatorException e) {
throw new CMSException("exception unwrapping key: " + e.getMessage(), e);
}
}
}
Also used :
JceAsymmetricKeyUnwrapper(com.github.zhenwei.pkix.operator.jcajce.JceAsymmetricKeyUnwrapper)
PublicKey(java.security.PublicKey)
GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)
CMSException(com.github.zhenwei.pkix.cms.CMSException)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
GostR3410KeyTransport(com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport)
GostR3410TransportParameters(com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters)
Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)
SecretKey(javax.crypto.SecretKey)
Iterator(java.util.Iterator)
Cipher(javax.crypto.Cipher)
KeyAgreement(javax.crypto.KeyAgreement)
KeyFactory(java.security.KeyFactory)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
PublicKey(java.security.PublicKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)
SecretKey(javax.crypto.SecretKey)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
CMSException(com.github.zhenwei.pkix.cms.CMSException)
Example 2 with GostR3410TransportParameters
use of com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters in project LinLong-Java by zhenwei1108.
the class JceAsymmetricKeyWrapper method generateWrappedKey.
public byte[] generateWrappedKey(GenericKey encryptionKey) throws OperatorException {
byte[] encryptedKeyBytes = null;
if (isGOST(getAlgorithmIdentifier().getAlgorithm())) {
try {
random = CryptoServicesRegistrar.getSecureRandom(random);
KeyPairGenerator kpGen = helper.createKeyPairGenerator(getAlgorithmIdentifier().getAlgorithm());
kpGen.initialize(((ECPublicKey) publicKey).getParams(), random);
KeyPair ephKp = kpGen.generateKeyPair();
byte[] ukm = new byte[8];
random.nextBytes(ukm);
SubjectPublicKeyInfo ephKeyInfo = SubjectPublicKeyInfo.getInstance(ephKp.getPublic().getEncoded());
GostR3410TransportParameters transParams;
if (ephKeyInfo.getAlgorithm().getAlgorithm().on(RosstandartObjectIdentifiers.id_tc26)) {
transParams = new GostR3410TransportParameters(RosstandartObjectIdentifiers.id_tc26_gost_28147_param_Z, ephKeyInfo, ukm);
} else {
transParams = new GostR3410TransportParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, ephKeyInfo, ukm);
}
KeyAgreement agreement = helper.createKeyAgreement(getAlgorithmIdentifier().getAlgorithm());
agreement.init(ephKp.getPrivate(), new UserKeyingMaterialSpec(transParams.getUkm()));
agreement.doPhase(publicKey, true);
SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
byte[] encKey = OperatorUtils.getJceKey(encryptionKey).getEncoded();
Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
keyCipher.init(Cipher.WRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
byte[] keyData = keyCipher.wrap(new SecretKeySpec(encKey, "GOST"));
GostR3410KeyTransport transport = new GostR3410KeyTransport(new Gost2814789EncryptedKey(Arrays.copyOfRange(keyData, 0, 32), Arrays.copyOfRange(keyData, 32, 36)), transParams);
return transport.getEncoded();
} catch (Exception e) {
throw new OperatorException("exception wrapping key: " + e.getMessage(), e);
}
} else {
Cipher keyEncryptionCipher = helper.createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm(), extraMappings);
try {
AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
if (algParams != null) {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, algParams, random);
} else {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, random);
}
encryptedKeyBytes = keyEncryptionCipher.wrap(OperatorUtils.getJceKey(encryptionKey));
} catch (InvalidKeyException e) {
} catch (GeneralSecurityException e) {
} catch (IllegalStateException e) {
} catch (UnsupportedOperationException e) {
} catch (ProviderException e) {
}
// some providers do not support WRAP (this appears to be only for asymmetric algorithms)
if (encryptedKeyBytes == null) {
try {
keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, publicKey, random);
encryptedKeyBytes = keyEncryptionCipher.doFinal(OperatorUtils.getJceKey(encryptionKey).getEncoded());
} catch (InvalidKeyException e) {
throw new OperatorException("unable to encrypt contents key", e);
} catch (GeneralSecurityException e) {
throw new OperatorException("unable to encrypt contents key", e);
}
}
}
return encryptedKeyBytes;
}
Also used :
KeyPair(java.security.KeyPair)
ProviderException(java.security.ProviderException)
GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)
GeneralSecurityException(java.security.GeneralSecurityException)
KeyPairGenerator(java.security.KeyPairGenerator)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)
UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
ProviderException(java.security.ProviderException)
InvalidKeyException(java.security.InvalidKeyException)
GostR3410TransportParameters(com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters)
GostR3410KeyTransport(com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport)
Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)
SecretKey(javax.crypto.SecretKey)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Cipher(javax.crypto.Cipher)
KeyAgreement(javax.crypto.KeyAgreement)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
Gost2814789EncryptedKey (com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)2
GostR3410KeyTransport (com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport)2
GostR3410TransportParameters (com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters)2
OperatorException (com.github.zhenwei.pkix.operator.OperatorException)2
GOST28147WrapParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)2
UserKeyingMaterialSpec (com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)2
Cipher (javax.crypto.Cipher)2
KeyAgreement (javax.crypto.KeyAgreement)2
SecretKey (javax.crypto.SecretKey)2
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1
SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)1
CMSException (com.github.zhenwei.pkix.cms.CMSException)1
JceAsymmetricKeyUnwrapper (com.github.zhenwei.pkix.operator.jcajce.JceAsymmetricKeyUnwrapper)1
AlgorithmParameters (java.security.AlgorithmParameters)1
GeneralSecurityException (java.security.GeneralSecurityException)1
InvalidKeyException (java.security.InvalidKeyException)1
Key (java.security.Key)1
KeyFactory (java.security.KeyFactory)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
