Search in sources :

Example 6 with UserKeyingMaterialSpec

use of com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec in project LinLong-Java by zhenwei1108.

the class JceAsymmetricKeyWrapper method generateWrappedKey.

public byte[] generateWrappedKey(GenericKey encryptionKey) throws OperatorException {
    byte[] encryptedKeyBytes = null;
    if (isGOST(getAlgorithmIdentifier().getAlgorithm())) {
        try {
            random = CryptoServicesRegistrar.getSecureRandom(random);
            KeyPairGenerator kpGen = helper.createKeyPairGenerator(getAlgorithmIdentifier().getAlgorithm());
            kpGen.initialize(((ECPublicKey) publicKey).getParams(), random);
            KeyPair ephKp = kpGen.generateKeyPair();
            byte[] ukm = new byte[8];
            random.nextBytes(ukm);
            SubjectPublicKeyInfo ephKeyInfo = SubjectPublicKeyInfo.getInstance(ephKp.getPublic().getEncoded());
            GostR3410TransportParameters transParams;
            if (ephKeyInfo.getAlgorithm().getAlgorithm().on(RosstandartObjectIdentifiers.id_tc26)) {
                transParams = new GostR3410TransportParameters(RosstandartObjectIdentifiers.id_tc26_gost_28147_param_Z, ephKeyInfo, ukm);
            } else {
                transParams = new GostR3410TransportParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, ephKeyInfo, ukm);
            }
            KeyAgreement agreement = helper.createKeyAgreement(getAlgorithmIdentifier().getAlgorithm());
            agreement.init(ephKp.getPrivate(), new UserKeyingMaterialSpec(transParams.getUkm()));
            agreement.doPhase(publicKey, true);
            SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
            byte[] encKey = OperatorUtils.getJceKey(encryptionKey).getEncoded();
            Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
            keyCipher.init(Cipher.WRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
            byte[] keyData = keyCipher.wrap(new SecretKeySpec(encKey, "GOST"));
            GostR3410KeyTransport transport = new GostR3410KeyTransport(new Gost2814789EncryptedKey(Arrays.copyOfRange(keyData, 0, 32), Arrays.copyOfRange(keyData, 32, 36)), transParams);
            return transport.getEncoded();
        } catch (Exception e) {
            throw new OperatorException("exception wrapping key: " + e.getMessage(), e);
        }
    } else {
        Cipher keyEncryptionCipher = helper.createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm(), extraMappings);
        try {
            AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
            if (algParams != null) {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, algParams, random);
            } else {
                keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, random);
            }
            encryptedKeyBytes = keyEncryptionCipher.wrap(OperatorUtils.getJceKey(encryptionKey));
        } catch (InvalidKeyException e) {
        } catch (GeneralSecurityException e) {
        } catch (IllegalStateException e) {
        } catch (UnsupportedOperationException e) {
        } catch (ProviderException e) {
        }
        // some providers do not support WRAP (this appears to be only for asymmetric algorithms)
        if (encryptedKeyBytes == null) {
            try {
                keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, publicKey, random);
                encryptedKeyBytes = keyEncryptionCipher.doFinal(OperatorUtils.getJceKey(encryptionKey).getEncoded());
            } catch (InvalidKeyException e) {
                throw new OperatorException("unable to encrypt contents key", e);
            } catch (GeneralSecurityException e) {
                throw new OperatorException("unable to encrypt contents key", e);
            }
        }
    }
    return encryptedKeyBytes;
}
Also used : KeyPair(java.security.KeyPair) ProviderException(java.security.ProviderException) GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec) GeneralSecurityException(java.security.GeneralSecurityException) KeyPairGenerator(java.security.KeyPairGenerator) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo) UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec) GeneralSecurityException(java.security.GeneralSecurityException) InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) ProviderException(java.security.ProviderException) InvalidKeyException(java.security.InvalidKeyException) GostR3410TransportParameters(com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters) GostR3410KeyTransport(com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport) Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey) SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) KeyAgreement(javax.crypto.KeyAgreement) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) AlgorithmParameters(java.security.AlgorithmParameters)

Example 7 with UserKeyingMaterialSpec

use of com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec in project LinLong-Java by zhenwei1108.

the class KeyAgreementSpi method initFromKey.

private void initFromKey(Key key, AlgorithmParameterSpec parameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
    if (agreement instanceof ECMQVBasicAgreement) {
        mqvParameters = null;
        if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec)) {
            throw new InvalidAlgorithmParameterException(kaAlgorithm + " key agreement requires " + getSimpleName(MQVParameterSpec.class) + " for initialisation");
        }
        ECPrivateKeyParameters staticPrivKey;
        ECPrivateKeyParameters ephemPrivKey;
        ECPublicKeyParameters ephemPubKey;
        if (key instanceof MQVPrivateKey) {
            MQVPrivateKey mqvPrivKey = (MQVPrivateKey) key;
            staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
            ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
            ephemPubKey = null;
            if (mqvPrivKey.getEphemeralPublicKey() != null) {
                ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
            }
        } else {
            MQVParameterSpec mqvParameterSpec = (MQVParameterSpec) parameterSpec;
            staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
            ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
            ephemPubKey = null;
            if (mqvParameterSpec.getEphemeralPublicKey() != null) {
                ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
            }
            mqvParameters = mqvParameterSpec;
            ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
        }
        MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
        this.parameters = staticPrivKey.getParameters();
        // TODO Validate that all the keys are using the same parameters?
        ((ECMQVBasicAgreement) agreement).init(localParams);
    } else if (parameterSpec instanceof DHUParameterSpec) {
        if (!(agreement instanceof ECDHCUnifiedAgreement)) {
            throw new InvalidAlgorithmParameterException(kaAlgorithm + " key agreement cannot be used with " + getSimpleName(DHUParameterSpec.class));
        }
        DHUParameterSpec dheParameterSpec = (DHUParameterSpec) parameterSpec;
        ECPrivateKeyParameters staticPrivKey;
        ECPrivateKeyParameters ephemPrivKey;
        ECPublicKeyParameters ephemPubKey;
        staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
        ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(dheParameterSpec.getEphemeralPrivateKey());
        ephemPubKey = null;
        if (dheParameterSpec.getEphemeralPublicKey() != null) {
            ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(dheParameterSpec.getEphemeralPublicKey());
        }
        dheParameters = dheParameterSpec;
        ukmParameters = dheParameterSpec.getUserKeyingMaterial();
        ECDHUPrivateParameters localParams = new ECDHUPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
        this.parameters = staticPrivKey.getParameters();
        ((ECDHCUnifiedAgreement) agreement).init(localParams);
    } else {
        if (!(key instanceof PrivateKey)) {
            throw new InvalidKeyException(kaAlgorithm + " key agreement requires " + getSimpleName(ECPrivateKey.class) + " for initialisation");
        }
        if (kdf == null && parameterSpec instanceof UserKeyingMaterialSpec) {
            throw new InvalidAlgorithmParameterException("no KDF specified for UserKeyingMaterialSpec");
        }
        ECPrivateKeyParameters privKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
        this.parameters = privKey.getParameters();
        ukmParameters = (parameterSpec instanceof UserKeyingMaterialSpec) ? ((UserKeyingMaterialSpec) parameterSpec).getUserKeyingMaterial() : null;
        ((BasicAgreement) agreement).init(privKey);
    }
}
Also used : ECDHCUnifiedAgreement(com.github.zhenwei.core.crypto.agreement.ECDHCUnifiedAgreement) ECDHUPrivateParameters(com.github.zhenwei.core.crypto.params.ECDHUPrivateParameters) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) ECPrivateKey(com.github.zhenwei.provider.jce.interfaces.ECPrivateKey) MQVPrivateKey(com.github.zhenwei.provider.jce.interfaces.MQVPrivateKey) PrivateKey(java.security.PrivateKey) DHUParameterSpec(com.github.zhenwei.provider.jcajce.spec.DHUParameterSpec) InvalidKeyException(java.security.InvalidKeyException) ECPublicKeyParameters(com.github.zhenwei.core.crypto.params.ECPublicKeyParameters) UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec) ECMQVBasicAgreement(com.github.zhenwei.core.crypto.agreement.ECMQVBasicAgreement) ECPrivateKeyParameters(com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters) MQVParameterSpec(com.github.zhenwei.provider.jcajce.spec.MQVParameterSpec) MQVPrivateKey(com.github.zhenwei.provider.jce.interfaces.MQVPrivateKey) MQVPrivateParameters(com.github.zhenwei.core.crypto.params.MQVPrivateParameters)

Aggregations

UserKeyingMaterialSpec (com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)7 MQVParameterSpec (com.github.zhenwei.provider.jcajce.spec.MQVParameterSpec)4 KeyAgreement (javax.crypto.KeyAgreement)4 Gost2814789EncryptedKey (com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)3 CMSException (com.github.zhenwei.pkix.cms.CMSException)3 DHUParameterSpec (com.github.zhenwei.provider.jcajce.spec.DHUParameterSpec)3 GOST28147WrapParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 InvalidKeyException (java.security.InvalidKeyException)3 PrivateKey (java.security.PrivateKey)3 PublicKey (java.security.PublicKey)3 Cipher (javax.crypto.Cipher)3 SecretKey (javax.crypto.SecretKey)3 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2 GostR3410KeyTransport (com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport)2 GostR3410TransportParameters (com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters)2 SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)2 OperatorException (com.github.zhenwei.pkix.operator.OperatorException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 KeyFactory (java.security.KeyFactory)2