Example 6 with UserKeyingMaterialSpec
use of com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec in project LinLong-Java by zhenwei1108.
the class JceAsymmetricKeyWrapper method generateWrappedKey.
public byte[] generateWrappedKey(GenericKey encryptionKey) throws OperatorException {
byte[] encryptedKeyBytes = null;
if (isGOST(getAlgorithmIdentifier().getAlgorithm())) {
try {
random = CryptoServicesRegistrar.getSecureRandom(random);
KeyPairGenerator kpGen = helper.createKeyPairGenerator(getAlgorithmIdentifier().getAlgorithm());
kpGen.initialize(((ECPublicKey) publicKey).getParams(), random);
KeyPair ephKp = kpGen.generateKeyPair();
byte[] ukm = new byte[8];
random.nextBytes(ukm);
SubjectPublicKeyInfo ephKeyInfo = SubjectPublicKeyInfo.getInstance(ephKp.getPublic().getEncoded());
GostR3410TransportParameters transParams;
if (ephKeyInfo.getAlgorithm().getAlgorithm().on(RosstandartObjectIdentifiers.id_tc26)) {
transParams = new GostR3410TransportParameters(RosstandartObjectIdentifiers.id_tc26_gost_28147_param_Z, ephKeyInfo, ukm);
} else {
transParams = new GostR3410TransportParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, ephKeyInfo, ukm);
}
KeyAgreement agreement = helper.createKeyAgreement(getAlgorithmIdentifier().getAlgorithm());
agreement.init(ephKp.getPrivate(), new UserKeyingMaterialSpec(transParams.getUkm()));
agreement.doPhase(publicKey, true);
SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
byte[] encKey = OperatorUtils.getJceKey(encryptionKey).getEncoded();
Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
keyCipher.init(Cipher.WRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
byte[] keyData = keyCipher.wrap(new SecretKeySpec(encKey, "GOST"));
GostR3410KeyTransport transport = new GostR3410KeyTransport(new Gost2814789EncryptedKey(Arrays.copyOfRange(keyData, 0, 32), Arrays.copyOfRange(keyData, 32, 36)), transParams);
return transport.getEncoded();
} catch (Exception e) {
throw new OperatorException("exception wrapping key: " + e.getMessage(), e);
}
} else {
Cipher keyEncryptionCipher = helper.createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm(), extraMappings);
try {
AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
if (algParams != null) {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, algParams, random);
} else {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, random);
}
encryptedKeyBytes = keyEncryptionCipher.wrap(OperatorUtils.getJceKey(encryptionKey));
} catch (InvalidKeyException e) {
} catch (GeneralSecurityException e) {
} catch (IllegalStateException e) {
} catch (UnsupportedOperationException e) {
} catch (ProviderException e) {
}
// some providers do not support WRAP (this appears to be only for asymmetric algorithms)
if (encryptedKeyBytes == null) {
try {
keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, publicKey, random);
encryptedKeyBytes = keyEncryptionCipher.doFinal(OperatorUtils.getJceKey(encryptionKey).getEncoded());
} catch (InvalidKeyException e) {
throw new OperatorException("unable to encrypt contents key", e);
} catch (GeneralSecurityException e) {
throw new OperatorException("unable to encrypt contents key", e);
}
}
}
return encryptedKeyBytes;
}
Also used :
KeyPair(java.security.KeyPair)
ProviderException(java.security.ProviderException)
GOST28147WrapParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)
GeneralSecurityException(java.security.GeneralSecurityException)
KeyPairGenerator(java.security.KeyPairGenerator)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)
UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
ProviderException(java.security.ProviderException)
InvalidKeyException(java.security.InvalidKeyException)
GostR3410TransportParameters(com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters)
GostR3410KeyTransport(com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport)
Gost2814789EncryptedKey(com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)
SecretKey(javax.crypto.SecretKey)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Cipher(javax.crypto.Cipher)
KeyAgreement(javax.crypto.KeyAgreement)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 7 with UserKeyingMaterialSpec
use of com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec in project LinLong-Java by zhenwei1108.
the class KeyAgreementSpi method initFromKey.
private void initFromKey(Key key, AlgorithmParameterSpec parameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
if (agreement instanceof ECMQVBasicAgreement) {
mqvParameters = null;
if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec)) {
throw new InvalidAlgorithmParameterException(kaAlgorithm + " key agreement requires " + getSimpleName(MQVParameterSpec.class) + " for initialisation");
}
ECPrivateKeyParameters staticPrivKey;
ECPrivateKeyParameters ephemPrivKey;
ECPublicKeyParameters ephemPubKey;
if (key instanceof MQVPrivateKey) {
MQVPrivateKey mqvPrivKey = (MQVPrivateKey) key;
staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
ephemPubKey = null;
if (mqvPrivKey.getEphemeralPublicKey() != null) {
ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
}
} else {
MQVParameterSpec mqvParameterSpec = (MQVParameterSpec) parameterSpec;
staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
ephemPubKey = null;
if (mqvParameterSpec.getEphemeralPublicKey() != null) {
ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
}
mqvParameters = mqvParameterSpec;
ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
}
MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
this.parameters = staticPrivKey.getParameters();
// TODO Validate that all the keys are using the same parameters?
((ECMQVBasicAgreement) agreement).init(localParams);
} else if (parameterSpec instanceof DHUParameterSpec) {
if (!(agreement instanceof ECDHCUnifiedAgreement)) {
throw new InvalidAlgorithmParameterException(kaAlgorithm + " key agreement cannot be used with " + getSimpleName(DHUParameterSpec.class));
}
DHUParameterSpec dheParameterSpec = (DHUParameterSpec) parameterSpec;
ECPrivateKeyParameters staticPrivKey;
ECPrivateKeyParameters ephemPrivKey;
ECPublicKeyParameters ephemPubKey;
staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(dheParameterSpec.getEphemeralPrivateKey());
ephemPubKey = null;
if (dheParameterSpec.getEphemeralPublicKey() != null) {
ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(dheParameterSpec.getEphemeralPublicKey());
}
dheParameters = dheParameterSpec;
ukmParameters = dheParameterSpec.getUserKeyingMaterial();
ECDHUPrivateParameters localParams = new ECDHUPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
this.parameters = staticPrivKey.getParameters();
((ECDHCUnifiedAgreement) agreement).init(localParams);
} else {
if (!(key instanceof PrivateKey)) {
throw new InvalidKeyException(kaAlgorithm + " key agreement requires " + getSimpleName(ECPrivateKey.class) + " for initialisation");
}
if (kdf == null && parameterSpec instanceof UserKeyingMaterialSpec) {
throw new InvalidAlgorithmParameterException("no KDF specified for UserKeyingMaterialSpec");
}
ECPrivateKeyParameters privKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
this.parameters = privKey.getParameters();
ukmParameters = (parameterSpec instanceof UserKeyingMaterialSpec) ? ((UserKeyingMaterialSpec) parameterSpec).getUserKeyingMaterial() : null;
((BasicAgreement) agreement).init(privKey);
}
}
Also used :
ECDHCUnifiedAgreement(com.github.zhenwei.core.crypto.agreement.ECDHCUnifiedAgreement)
ECDHUPrivateParameters(com.github.zhenwei.core.crypto.params.ECDHUPrivateParameters)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ECPrivateKey(com.github.zhenwei.provider.jce.interfaces.ECPrivateKey)
MQVPrivateKey(com.github.zhenwei.provider.jce.interfaces.MQVPrivateKey)
PrivateKey(java.security.PrivateKey)
DHUParameterSpec(com.github.zhenwei.provider.jcajce.spec.DHUParameterSpec)
InvalidKeyException(java.security.InvalidKeyException)
ECPublicKeyParameters(com.github.zhenwei.core.crypto.params.ECPublicKeyParameters)
UserKeyingMaterialSpec(com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)
ECMQVBasicAgreement(com.github.zhenwei.core.crypto.agreement.ECMQVBasicAgreement)
ECPrivateKeyParameters(com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)
MQVParameterSpec(com.github.zhenwei.provider.jcajce.spec.MQVParameterSpec)
MQVPrivateKey(com.github.zhenwei.provider.jce.interfaces.MQVPrivateKey)
MQVPrivateParameters(com.github.zhenwei.core.crypto.params.MQVPrivateParameters)
Aggregations
UserKeyingMaterialSpec (com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec)7
MQVParameterSpec (com.github.zhenwei.provider.jcajce.spec.MQVParameterSpec)4
KeyAgreement (javax.crypto.KeyAgreement)4
Gost2814789EncryptedKey (com.github.zhenwei.core.asn1.cryptopro.Gost2814789EncryptedKey)3
CMSException (com.github.zhenwei.pkix.cms.CMSException)3
DHUParameterSpec (com.github.zhenwei.provider.jcajce.spec.DHUParameterSpec)3
GOST28147WrapParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147WrapParameterSpec)3
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
InvalidKeyException (java.security.InvalidKeyException)3
PrivateKey (java.security.PrivateKey)3
PublicKey (java.security.PublicKey)3
Cipher (javax.crypto.Cipher)3
SecretKey (javax.crypto.SecretKey)3
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2
GostR3410KeyTransport (com.github.zhenwei.core.asn1.cryptopro.GostR3410KeyTransport)2
GostR3410TransportParameters (com.github.zhenwei.core.asn1.cryptopro.GostR3410TransportParameters)2
SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)2
OperatorException (com.github.zhenwei.pkix.operator.OperatorException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
KeyFactory (java.security.KeyFactory)2
