Search in sources :

Example 26 with ECParameterSpec

use of java.security.spec.ECParameterSpec in project robovm by robovm.

the class ECParameterSpecTest method setUp.

protected void setUp() throws Exception {
    super.setUp();
    curve = new EllipticCurve(new ECFieldF2m(2), BigInteger.valueOf(1), BigInteger.valueOf(1));
    ecpoint = new ECPoint(BigInteger.valueOf(1), BigInteger.valueOf(1));
    ecps = new ECParameterSpec(curve, ecpoint, BigInteger.valueOf(1), 1);
}
Also used : EllipticCurve(java.security.spec.EllipticCurve) ECParameterSpec(java.security.spec.ECParameterSpec) ECFieldF2m(java.security.spec.ECFieldF2m) ECPoint(java.security.spec.ECPoint)

Example 27 with ECParameterSpec

use of java.security.spec.ECParameterSpec in project XobotOS by xamarin.

the class JCEECPrivateKey method populateFromPrivKeyInfo.

private void populateFromPrivKeyInfo(PrivateKeyInfo info) {
    X962Parameters params = new X962Parameters((DERObject) info.getAlgorithmId().getParameters());
    if (params.isNamedCurve()) {
        DERObjectIdentifier oid = (DERObjectIdentifier) params.getParameters();
        X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
        // BEGIN android-removed
        // if (ecP == null) // GOST Curve
        // {
        //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
        //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
        //
        //     ecSpec = new ECNamedCurveSpec(
        //             ECGOST3410NamedCurves.getName(oid),
        //             ellipticCurve,
        //             new ECPoint(
        //                     gParam.getG().getX().toBigInteger(),
        //                     gParam.getG().getY().toBigInteger()),
        //             gParam.getN(),
        //             gParam.getH());
        // }
        // else
        // END android-removed
        {
            EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
            ecSpec = new ECNamedCurveSpec(ECUtil.getCurveName(oid), ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH());
        }
    } else if (params.isImplicitlyCA()) {
        ecSpec = null;
    } else {
        X9ECParameters ecP = new X9ECParameters((ASN1Sequence) params.getParameters());
        EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
        this.ecSpec = new ECParameterSpec(ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH().intValue());
    }
    if (info.getPrivateKey() instanceof DERInteger) {
        DERInteger derD = (DERInteger) info.getPrivateKey();
        this.d = derD.getValue();
    } else {
        ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence) info.getPrivateKey());
        this.d = ec.getKey();
        this.publicKey = ec.getPublicKey();
    }
}
Also used : X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) EllipticCurve(java.security.spec.EllipticCurve) ECParameterSpec(java.security.spec.ECParameterSpec) ECPrivateKeyStructure(org.bouncycastle.asn1.sec.ECPrivateKeyStructure) ECPoint(java.security.spec.ECPoint) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec) DERInteger(org.bouncycastle.asn1.DERInteger)

Example 28 with ECParameterSpec

use of java.security.spec.ECParameterSpec in project jdk8u_jdk by JetBrains.

the class ClientHandshaker method serverHelloDone.

/*
     * The server's "Hello Done" message is the client's sign that
     * it's time to do all the hard work.
     */
private void serverHelloDone(ServerHelloDone mesg) throws IOException {
    if (debug != null && Debug.isOn("handshake")) {
        mesg.print(System.out);
    }
    /*
         * Always make sure the input has been digested before we
         * start emitting data, to ensure the hashes are correctly
         * computed for the Finished and CertificateVerify messages
         * which we send (here).
         */
    input.digestNow();
    /*
         * FIRST ... if requested, send an appropriate Certificate chain
         * to authenticate the client, and remember the associated private
         * key to sign the CertificateVerify message.
         */
    PrivateKey signingKey = null;
    if (certRequest != null) {
        X509ExtendedKeyManager km = sslContext.getX509KeyManager();
        ArrayList<String> keytypesTmp = new ArrayList<>(4);
        for (int i = 0; i < certRequest.types.length; i++) {
            String typeName;
            switch(certRequest.types[i]) {
                case CertificateRequest.cct_rsa_sign:
                    typeName = "RSA";
                    break;
                case CertificateRequest.cct_dss_sign:
                    typeName = "DSA";
                    break;
                case CertificateRequest.cct_ecdsa_sign:
                    // ignore if we do not have EC crypto available
                    typeName = JsseJce.isEcAvailable() ? "EC" : null;
                    break;
                // case CertificateRequest.cct_dss_ephemeral_dh:
                default:
                    typeName = null;
                    break;
            }
            if ((typeName != null) && (!keytypesTmp.contains(typeName))) {
                keytypesTmp.add(typeName);
            }
        }
        String alias = null;
        int keytypesTmpSize = keytypesTmp.size();
        if (keytypesTmpSize != 0) {
            String[] keytypes = keytypesTmp.toArray(new String[keytypesTmpSize]);
            if (conn != null) {
                alias = km.chooseClientAlias(keytypes, certRequest.getAuthorities(), conn);
            } else {
                alias = km.chooseEngineClientAlias(keytypes, certRequest.getAuthorities(), engine);
            }
        }
        CertificateMsg m1 = null;
        if (alias != null) {
            X509Certificate[] certs = km.getCertificateChain(alias);
            if ((certs != null) && (certs.length != 0)) {
                PublicKey publicKey = certs[0].getPublicKey();
                if (publicKey != null) {
                    m1 = new CertificateMsg(certs);
                    signingKey = km.getPrivateKey(alias);
                    session.setLocalPrivateKey(signingKey);
                    session.setLocalCertificates(certs);
                }
            }
        }
        if (m1 == null) {
            //
            if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
                m1 = new CertificateMsg(new X509Certificate[0]);
            } else {
                warningSE(Alerts.alert_no_certificate);
            }
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("Warning: no suitable certificate found - " + "continuing without client authentication");
            }
        }
        //
        if (m1 != null) {
            if (debug != null && Debug.isOn("handshake")) {
                m1.print(System.out);
            }
            m1.write(output);
        }
    }
    /*
         * SECOND ... send the client key exchange message.  The
         * procedure used is a function of the cipher suite selected;
         * one is always needed.
         */
    HandshakeMessage m2;
    switch(keyExchange) {
        case K_RSA:
        case K_RSA_EXPORT:
            if (serverKey == null) {
                throw new SSLProtocolException("Server did not send certificate message");
            }
            if (!(serverKey instanceof RSAPublicKey)) {
                throw new SSLProtocolException("Server certificate does not include an RSA key");
            }
            /*
             * For RSA key exchange, we randomly generate a new
             * pre-master secret and encrypt it with the server's
             * public key.  Then we save that pre-master secret
             * so that we can calculate the keying data later;
             * it's a performance speedup not to do that until
             * the client's waiting for the server response, but
             * more of a speedup for the D-H case.
             *
             * If the RSA_EXPORT scheme is active, when the public
             * key in the server certificate is less than or equal
             * to 512 bits in length, use the cert's public key,
             * otherwise, the ephemeral one.
             */
            PublicKey key;
            if (keyExchange == K_RSA) {
                key = serverKey;
            } else {
                // K_RSA_EXPORT
                if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
                    // extraneous ephemeralServerKey check done
                    // above in processMessage()
                    key = serverKey;
                } else {
                    if (ephemeralServerKey == null) {
                        throw new SSLProtocolException("Server did not send" + " a RSA_EXPORT Server Key Exchange message");
                    }
                    key = ephemeralServerKey;
                }
            }
            m2 = new RSAClientKeyExchange(protocolVersion, maxProtocolVersion, sslContext.getSecureRandom(), key);
            break;
        case K_DH_RSA:
        case K_DH_DSS:
            /*
             * For DH Key exchange, we only need to make sure the server
             * knows our public key, so we calculate the same pre-master
             * secret.
             *
             * For certs that had DH keys in them, we send an empty
             * handshake message (no key) ... we flag this case by
             * passing a null "dhPublic" value.
             *
             * Otherwise we send ephemeral DH keys, unsigned.
             */
            // if (useDH_RSA || useDH_DSS)
            m2 = new DHClientKeyExchange();
            break;
        case K_DHE_RSA:
        case K_DHE_DSS:
        case K_DH_ANON:
            if (dh == null) {
                throw new SSLProtocolException("Server did not send a DH Server Key Exchange message");
            }
            m2 = new DHClientKeyExchange(dh.getPublicKey());
            break;
        case K_ECDHE_RSA:
        case K_ECDHE_ECDSA:
        case K_ECDH_ANON:
            if (ecdh == null) {
                throw new SSLProtocolException("Server did not send a ECDH Server Key Exchange message");
            }
            m2 = new ECDHClientKeyExchange(ecdh.getPublicKey());
            break;
        case K_ECDH_RSA:
        case K_ECDH_ECDSA:
            if (serverKey == null) {
                throw new SSLProtocolException("Server did not send certificate message");
            }
            if (serverKey instanceof ECPublicKey == false) {
                throw new SSLProtocolException("Server certificate does not include an EC key");
            }
            ECParameterSpec params = ((ECPublicKey) serverKey).getParams();
            ecdh = new ECDHCrypt(params, sslContext.getSecureRandom());
            m2 = new ECDHClientKeyExchange(ecdh.getPublicKey());
            break;
        case K_KRB5:
        case K_KRB5_EXPORT:
            String sniHostname = null;
            for (SNIServerName serverName : requestedServerNames) {
                if (serverName instanceof SNIHostName) {
                    sniHostname = ((SNIHostName) serverName).getAsciiName();
                    break;
                }
            }
            KerberosClientKeyExchange kerberosMsg = null;
            if (sniHostname != null) {
                // use first requested SNI hostname
                try {
                    kerberosMsg = new KerberosClientKeyExchange(sniHostname, getAccSE(), protocolVersion, sslContext.getSecureRandom());
                } catch (IOException e) {
                    if (serverNamesAccepted) {
                        // so it must be used
                        throw e;
                    }
                    // fallback to using hostname
                    if (debug != null && Debug.isOn("handshake")) {
                        System.out.println("Warning, cannot use Server Name Indication: " + e.getMessage());
                    }
                }
            }
            if (kerberosMsg == null) {
                String hostname = getHostSE();
                if (hostname == null) {
                    throw new IOException("Hostname is required" + " to use Kerberos cipher suites");
                }
                kerberosMsg = new KerberosClientKeyExchange(hostname, getAccSE(), protocolVersion, sslContext.getSecureRandom());
            }
            // Record the principals involved in exchange
            session.setPeerPrincipal(kerberosMsg.getPeerPrincipal());
            session.setLocalPrincipal(kerberosMsg.getLocalPrincipal());
            m2 = kerberosMsg;
            break;
        default:
            // somethings very wrong
            throw new RuntimeException("Unsupported key exchange: " + keyExchange);
    }
    if (debug != null && Debug.isOn("handshake")) {
        m2.print(System.out);
    }
    m2.write(output);
    /*
         * THIRD, send a "change_cipher_spec" record followed by the
         * "Finished" message.  We flush the messages we've queued up, to
         * get concurrency between client and server.  The concurrency is
         * useful as we calculate the master secret, which is needed both
         * to compute the "Finished" message, and to compute the keys used
         * to protect all records following the change_cipher_spec.
         */
    output.doHashes();
    output.flush();
    /*
         * We deferred calculating the master secret and this connection's
         * keying data; we do it now.  Deferring this calculation is good
         * from a performance point of view, since it lets us do it during
         * some time that network delays and the server's own calculations
         * would otherwise cause to be "dead" in the critical path.
         */
    SecretKey preMasterSecret;
    switch(keyExchange) {
        case K_RSA:
        case K_RSA_EXPORT:
            preMasterSecret = ((RSAClientKeyExchange) m2).preMaster;
            break;
        case K_KRB5:
        case K_KRB5_EXPORT:
            byte[] secretBytes = ((KerberosClientKeyExchange) m2).getUnencryptedPreMasterSecret();
            preMasterSecret = new SecretKeySpec(secretBytes, "TlsPremasterSecret");
            break;
        case K_DHE_RSA:
        case K_DHE_DSS:
        case K_DH_ANON:
            preMasterSecret = dh.getAgreedSecret(serverDH, true);
            break;
        case K_ECDHE_RSA:
        case K_ECDHE_ECDSA:
        case K_ECDH_ANON:
            preMasterSecret = ecdh.getAgreedSecret(ephemeralServerKey);
            break;
        case K_ECDH_RSA:
        case K_ECDH_ECDSA:
            preMasterSecret = ecdh.getAgreedSecret(serverKey);
            break;
        default:
            throw new IOException("Internal error: unknown key exchange " + keyExchange);
    }
    calculateKeys(preMasterSecret, null);
    /*
         * FOURTH, if we sent a Certificate, we need to send a signed
         * CertificateVerify (unless the key in the client's certificate
         * was a Diffie-Hellman key).).
         *
         * This uses a hash of the previous handshake messages ... either
         * a nonfinal one (if the particular implementation supports it)
         * or else using the third element in the arrays of hashes being
         * computed.
         */
    if (signingKey != null) {
        CertificateVerify m3;
        try {
            SignatureAndHashAlgorithm preferableSignatureAlgorithm = null;
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                preferableSignatureAlgorithm = SignatureAndHashAlgorithm.getPreferableAlgorithm(getPeerSupportedSignAlgs(), signingKey.getAlgorithm(), signingKey);
                if (preferableSignatureAlgorithm == null) {
                    throw new SSLHandshakeException("No supported signature algorithm");
                }
                String hashAlg = SignatureAndHashAlgorithm.getHashAlgorithmName(preferableSignatureAlgorithm);
                if (hashAlg == null || hashAlg.length() == 0) {
                    throw new SSLHandshakeException("No supported hash algorithm");
                }
            }
            m3 = new CertificateVerify(protocolVersion, handshakeHash, signingKey, session.getMasterSecret(), sslContext.getSecureRandom(), preferableSignatureAlgorithm);
        } catch (GeneralSecurityException e) {
            fatalSE(Alerts.alert_handshake_failure, "Error signing certificate verify", e);
            // NOTREACHED, make compiler happy
            m3 = null;
        }
        if (debug != null && Debug.isOn("handshake")) {
            m3.print(System.out);
        }
        m3.write(output);
        output.doHashes();
    }
    /*
         * OK, that's that!
         */
    sendChangeCipherAndFinish(false);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) HandshakeMessage(sun.security.ssl.HandshakeMessage) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec)

Example 29 with ECParameterSpec

use of java.security.spec.ECParameterSpec in project jdk8u_jdk by JetBrains.

the class ServerHandshaker method setupPrivateKeyAndChain.

/**
     * Retrieve the server key and certificate for the specified algorithm
     * from the KeyManager and set the instance variables.
     *
     * @return true if successful, false if not available or invalid
     */
private boolean setupPrivateKeyAndChain(String algorithm) {
    X509ExtendedKeyManager km = sslContext.getX509KeyManager();
    String alias;
    if (conn != null) {
        alias = km.chooseServerAlias(algorithm, null, conn);
    } else {
        alias = km.chooseEngineServerAlias(algorithm, null, engine);
    }
    if (alias == null) {
        return false;
    }
    PrivateKey tempPrivateKey = km.getPrivateKey(alias);
    if (tempPrivateKey == null) {
        return false;
    }
    X509Certificate[] tempCerts = km.getCertificateChain(alias);
    if ((tempCerts == null) || (tempCerts.length == 0)) {
        return false;
    }
    String keyAlgorithm = algorithm.split("_")[0];
    PublicKey publicKey = tempCerts[0].getPublicKey();
    if ((tempPrivateKey.getAlgorithm().equals(keyAlgorithm) == false) || (publicKey.getAlgorithm().equals(keyAlgorithm) == false)) {
        return false;
    }
    // check against that too.
    if (keyAlgorithm.equals("EC")) {
        if (publicKey instanceof ECPublicKey == false) {
            return false;
        }
        ECParameterSpec params = ((ECPublicKey) publicKey).getParams();
        int id = SupportedEllipticCurvesExtension.getCurveIndex(params);
        if ((id <= 0) || !SupportedEllipticCurvesExtension.isSupported(id) || ((requestedCurves != null) && !requestedCurves.contains(id))) {
            return false;
        }
    }
    this.privateKey = tempPrivateKey;
    this.certs = tempCerts;
    return true;
}
Also used : ECParameterSpec(java.security.spec.ECParameterSpec)

Aggregations

ECParameterSpec (java.security.spec.ECParameterSpec)29 ECPoint (java.security.spec.ECPoint)20 EllipticCurve (java.security.spec.EllipticCurve)16 ECPublicKeySpec (java.security.spec.ECPublicKeySpec)8 ECPublicKey (java.security.interfaces.ECPublicKey)7 ECFieldF2m (java.security.spec.ECFieldF2m)7 BigInteger (java.math.BigInteger)6 X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)6 X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)6 ECNamedCurveSpec (org.bouncycastle.jce.spec.ECNamedCurveSpec)6 ECPrivateKey (java.security.interfaces.ECPrivateKey)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 IOException (java.io.IOException)3 KeyPairGenerator (java.security.KeyPairGenerator)3 ECFieldFp (java.security.spec.ECFieldFp)3 ECGenParameterSpec (java.security.spec.ECGenParameterSpec)3 ECPrivateKeySpec (java.security.spec.ECPrivateKeySpec)3 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3 DERBitString (org.bouncycastle.asn1.DERBitString)3 DERInteger (org.bouncycastle.asn1.DERInteger)3