use of com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec in project LinLong-Java by zhenwei1108.
the class JceAsymmetricKeyWrapper method generateWrappedKey.
public byte[] generateWrappedKey(GenericKey encryptionKey) throws OperatorException {
byte[] encryptedKeyBytes = null;
if (isGOST(getAlgorithmIdentifier().getAlgorithm())) {
try {
random = CryptoServicesRegistrar.getSecureRandom(random);
KeyPairGenerator kpGen = helper.createKeyPairGenerator(getAlgorithmIdentifier().getAlgorithm());
kpGen.initialize(((ECPublicKey) publicKey).getParams(), random);
KeyPair ephKp = kpGen.generateKeyPair();
byte[] ukm = new byte[8];
random.nextBytes(ukm);
SubjectPublicKeyInfo ephKeyInfo = SubjectPublicKeyInfo.getInstance(ephKp.getPublic().getEncoded());
GostR3410TransportParameters transParams;
if (ephKeyInfo.getAlgorithm().getAlgorithm().on(RosstandartObjectIdentifiers.id_tc26)) {
transParams = new GostR3410TransportParameters(RosstandartObjectIdentifiers.id_tc26_gost_28147_param_Z, ephKeyInfo, ukm);
} else {
transParams = new GostR3410TransportParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, ephKeyInfo, ukm);
}
KeyAgreement agreement = helper.createKeyAgreement(getAlgorithmIdentifier().getAlgorithm());
agreement.init(ephKp.getPrivate(), new UserKeyingMaterialSpec(transParams.getUkm()));
agreement.doPhase(publicKey, true);
SecretKey key = agreement.generateSecret(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.getId());
byte[] encKey = OperatorUtils.getJceKey(encryptionKey).getEncoded();
Cipher keyCipher = helper.createCipher(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap);
keyCipher.init(Cipher.WRAP_MODE, key, new GOST28147WrapParameterSpec(transParams.getEncryptionParamSet(), transParams.getUkm()));
byte[] keyData = keyCipher.wrap(new SecretKeySpec(encKey, "GOST"));
GostR3410KeyTransport transport = new GostR3410KeyTransport(new Gost2814789EncryptedKey(Arrays.copyOfRange(keyData, 0, 32), Arrays.copyOfRange(keyData, 32, 36)), transParams);
return transport.getEncoded();
} catch (Exception e) {
throw new OperatorException("exception wrapping key: " + e.getMessage(), e);
}
} else {
Cipher keyEncryptionCipher = helper.createAsymmetricWrapper(getAlgorithmIdentifier().getAlgorithm(), extraMappings);
try {
AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
if (algParams != null) {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, algParams, random);
} else {
keyEncryptionCipher.init(Cipher.WRAP_MODE, publicKey, random);
}
encryptedKeyBytes = keyEncryptionCipher.wrap(OperatorUtils.getJceKey(encryptionKey));
} catch (InvalidKeyException e) {
} catch (GeneralSecurityException e) {
} catch (IllegalStateException e) {
} catch (UnsupportedOperationException e) {
} catch (ProviderException e) {
}
// some providers do not support WRAP (this appears to be only for asymmetric algorithms)
if (encryptedKeyBytes == null) {
try {
keyEncryptionCipher.init(Cipher.ENCRYPT_MODE, publicKey, random);
encryptedKeyBytes = keyEncryptionCipher.doFinal(OperatorUtils.getJceKey(encryptionKey).getEncoded());
} catch (InvalidKeyException e) {
throw new OperatorException("unable to encrypt contents key", e);
} catch (GeneralSecurityException e) {
throw new OperatorException("unable to encrypt contents key", e);
}
}
}
return encryptedKeyBytes;
}
use of com.github.zhenwei.provider.jcajce.spec.UserKeyingMaterialSpec in project LinLong-Java by zhenwei1108.
the class KeyAgreementSpi method initFromKey.
private void initFromKey(Key key, AlgorithmParameterSpec parameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
if (agreement instanceof ECMQVBasicAgreement) {
mqvParameters = null;
if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec)) {
throw new InvalidAlgorithmParameterException(kaAlgorithm + " key agreement requires " + getSimpleName(MQVParameterSpec.class) + " for initialisation");
}
ECPrivateKeyParameters staticPrivKey;
ECPrivateKeyParameters ephemPrivKey;
ECPublicKeyParameters ephemPubKey;
if (key instanceof MQVPrivateKey) {
MQVPrivateKey mqvPrivKey = (MQVPrivateKey) key;
staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
ephemPubKey = null;
if (mqvPrivKey.getEphemeralPublicKey() != null) {
ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
}
} else {
MQVParameterSpec mqvParameterSpec = (MQVParameterSpec) parameterSpec;
staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
ephemPubKey = null;
if (mqvParameterSpec.getEphemeralPublicKey() != null) {
ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
}
mqvParameters = mqvParameterSpec;
ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
}
MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
this.parameters = staticPrivKey.getParameters();
// TODO Validate that all the keys are using the same parameters?
((ECMQVBasicAgreement) agreement).init(localParams);
} else if (parameterSpec instanceof DHUParameterSpec) {
if (!(agreement instanceof ECDHCUnifiedAgreement)) {
throw new InvalidAlgorithmParameterException(kaAlgorithm + " key agreement cannot be used with " + getSimpleName(DHUParameterSpec.class));
}
DHUParameterSpec dheParameterSpec = (DHUParameterSpec) parameterSpec;
ECPrivateKeyParameters staticPrivKey;
ECPrivateKeyParameters ephemPrivKey;
ECPublicKeyParameters ephemPubKey;
staticPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
ephemPrivKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(dheParameterSpec.getEphemeralPrivateKey());
ephemPubKey = null;
if (dheParameterSpec.getEphemeralPublicKey() != null) {
ephemPubKey = (ECPublicKeyParameters) ECUtils.generatePublicKeyParameter(dheParameterSpec.getEphemeralPublicKey());
}
dheParameters = dheParameterSpec;
ukmParameters = dheParameterSpec.getUserKeyingMaterial();
ECDHUPrivateParameters localParams = new ECDHUPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
this.parameters = staticPrivKey.getParameters();
((ECDHCUnifiedAgreement) agreement).init(localParams);
} else {
if (!(key instanceof PrivateKey)) {
throw new InvalidKeyException(kaAlgorithm + " key agreement requires " + getSimpleName(ECPrivateKey.class) + " for initialisation");
}
if (kdf == null && parameterSpec instanceof UserKeyingMaterialSpec) {
throw new InvalidAlgorithmParameterException("no KDF specified for UserKeyingMaterialSpec");
}
ECPrivateKeyParameters privKey = (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter((PrivateKey) key);
this.parameters = privKey.getParameters();
ukmParameters = (parameterSpec instanceof UserKeyingMaterialSpec) ? ((UserKeyingMaterialSpec) parameterSpec).getUserKeyingMaterial() : null;
((BasicAgreement) agreement).init(privKey);
}
}
Aggregations