Search in sources :

Example 46 with ECPoint

use of java.security.spec.ECPoint in project karaf by apache.

the class PublicKeyLoginModuleTest method testECLogin.

@Test
public void testECLogin() throws Exception {
    Properties options = getLoginModuleOptions();
    PublickeyLoginModule module = new PublickeyLoginModule();
    Subject subject = new Subject();
    String x = "-29742501866672735446035294501787338870744851402037490785638836399245997090445";
    String y = "-47637824304079393691947094099226900728731860400898598466261954347951527449659";
    KeyFactory keyFactory = KeyFactory.getInstance("EC");
    AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
    parameters.init(new ECGenParameterSpec("secp256r1"));
    ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
    ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
    KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
    PublicKey publicKey = keyFactory.generatePublic(keySpec);
    module.initialize(subject, new NamePubkeyCallbackHandler("ec", publicKey), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertFalse(subject.getPrincipals().isEmpty());
    assertThat("ec", isIn(names(subject.getPrincipals(UserPrincipal.class))));
    assertThat("ssh", isIn(names(subject.getPrincipals(RolePrincipal.class))));
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used : PublicKey(java.security.PublicKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) Properties(org.apache.felix.utils.properties.Properties) ECPoint(java.security.spec.ECPoint) Subject(javax.security.auth.Subject) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ECParameterSpec(java.security.spec.ECParameterSpec) BigInteger(java.math.BigInteger) NamePubkeyCallbackHandler(org.apache.karaf.jaas.modules.NamePubkeyCallbackHandler) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) KeyFactory(java.security.KeyFactory) AlgorithmParameters(java.security.AlgorithmParameters) Test(org.junit.Test)

Example 47 with ECPoint

use of java.security.spec.ECPoint in project tink by google.

the class WebPushHybridDecrypt method decrypt.

@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws /* unused */
GeneralSecurityException {
    if (contextInfo != null) {
        throw new GeneralSecurityException("contextInfo must be null because it is unused");
    }
    if (ciphertext.length < WebPushConstants.CIPHERTEXT_OVERHEAD) {
        throw new GeneralSecurityException("ciphertext too short");
    }
    // payload body. See https://tools.ietf.org/html/rfc8291#section-4.0.
    if (ciphertext.length > WebPushConstants.MAX_CIPHERTEXT_SIZE) {
        throw new GeneralSecurityException("ciphertext too long");
    }
    // Unpacking.
    ByteBuffer record = ByteBuffer.wrap(ciphertext);
    byte[] salt = new byte[WebPushConstants.SALT_SIZE];
    record.get(salt);
    int recordSize = record.getInt();
    if (recordSize != this.recordSize || recordSize < ciphertext.length || recordSize > WebPushConstants.MAX_CIPHERTEXT_SIZE) {
        throw new GeneralSecurityException("invalid record size: " + recordSize);
    }
    int publicKeySize = (int) record.get();
    if (publicKeySize != WebPushConstants.PUBLIC_KEY_SIZE) {
        throw new GeneralSecurityException("invalid ephemeral public key size: " + publicKeySize);
    }
    byte[] asPublicKey = new byte[WebPushConstants.PUBLIC_KEY_SIZE];
    record.get(asPublicKey);
    ECPoint asPublicPoint = EllipticCurves.pointDecode(WebPushConstants.NIST_P256_CURVE_TYPE, WebPushConstants.UNCOMPRESSED_POINT_FORMAT, asPublicKey);
    byte[] payload = new byte[ciphertext.length - WebPushConstants.CONTENT_CODING_HEADER_SIZE];
    record.get(payload);
    // See https://tools.ietf.org/html/rfc8291#section-3.4.
    byte[] ecdhSecret = EllipticCurves.computeSharedSecret(recipientPrivateKey, asPublicPoint);
    byte[] ikm = WebPushUtil.computeIkm(ecdhSecret, authSecret, recipientPublicKey, asPublicKey);
    byte[] cek = WebPushUtil.computeCek(ikm, salt);
    byte[] nonce = WebPushUtil.computeNonce(ikm, salt);
    return decrypt(cek, nonce, payload);
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) ECPoint(java.security.spec.ECPoint) ByteBuffer(java.nio.ByteBuffer) ECPoint(java.security.spec.ECPoint)

Example 48 with ECPoint

use of java.security.spec.ECPoint in project tink by google.

the class TestUtil method generateEcdsaPrivKey.

/**
 * @return a {@code EcdsaPrivateKey} constructed from {@code EllipticCurveType} and {@code
 *     HashType}.
 */
public static EcdsaPrivateKey generateEcdsaPrivKey(EllipticCurveType curve, HashType hashType, EcdsaSignatureEncoding encoding) throws Exception {
    ECParameterSpec ecParams;
    switch(curve) {
        case NIST_P256:
            ecParams = EllipticCurves.getNistP256Params();
            break;
        case NIST_P384:
            ecParams = EllipticCurves.getNistP384Params();
            break;
        case NIST_P521:
            ecParams = EllipticCurves.getNistP521Params();
            break;
        default:
            throw new NoSuchAlgorithmException("Curve not implemented:" + curve);
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(ecParams);
    KeyPair keyPair = keyGen.generateKeyPair();
    ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
    ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
    ECPoint w = pubKey.getW();
    EcdsaPublicKey ecdsaPubKey = createEcdsaPubKey(hashType, curve, encoding, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
    return createEcdsaPrivKey(ecdsaPubKey, privKey.getS().toByteArray());
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyPairGenerator(java.security.KeyPairGenerator) ECPoint(java.security.spec.ECPoint)

Example 49 with ECPoint

use of java.security.spec.ECPoint in project tink by google.

the class EllipticCurves method getNistCurveSpec.

private static ECParameterSpec getNistCurveSpec(String decimalP, String decimalN, String hexB, String hexGX, String hexGY) {
    final BigInteger p = new BigInteger(decimalP);
    final BigInteger n = new BigInteger(decimalN);
    final BigInteger three = new BigInteger("3");
    final BigInteger a = p.subtract(three);
    final BigInteger b = new BigInteger(hexB, 16);
    final BigInteger gx = new BigInteger(hexGX, 16);
    final BigInteger gy = new BigInteger(hexGY, 16);
    final int h = 1;
    ECFieldFp fp = new ECFieldFp(p);
    java.security.spec.EllipticCurve curveSpec = new java.security.spec.EllipticCurve(fp, a, b);
    ECPoint g = new ECPoint(gx, gy);
    ECParameterSpec ecSpec = new ECParameterSpec(curveSpec, g, n, h);
    return ecSpec;
}
Also used : ECFieldFp(java.security.spec.ECFieldFp) EllipticCurve(java.security.spec.EllipticCurve) ECParameterSpec(java.security.spec.ECParameterSpec) BigInteger(java.math.BigInteger) EllipticCurve(java.security.spec.EllipticCurve) ECPoint(java.security.spec.ECPoint) ECPoint(java.security.spec.ECPoint)

Example 50 with ECPoint

use of java.security.spec.ECPoint in project tink by google.

the class EllipticCurvesTest method testPointEncode.

@Test
public void testPointEncode() throws Exception {
    for (TestVector2 test : testVectors2) {
        EllipticCurve curve = EllipticCurves.getCurveSpec(test.curve).getCurve();
        ECPoint p = new ECPoint(test.x, test.y);
        byte[] encoded = EllipticCurves.pointEncode(curve, test.format, p);
        assertEquals(TestUtil.hexEncode(encoded), TestUtil.hexEncode(test.encoded));
    }
}
Also used : EllipticCurve(java.security.spec.EllipticCurve) ECPoint(java.security.spec.ECPoint) Test(org.junit.Test)

Aggregations

ECPoint (java.security.spec.ECPoint)111 ECParameterSpec (java.security.spec.ECParameterSpec)56 BigInteger (java.math.BigInteger)54 ECPublicKeySpec (java.security.spec.ECPublicKeySpec)36 ECPublicKey (java.security.interfaces.ECPublicKey)31 EllipticCurve (java.security.spec.EllipticCurve)31 KeyPair (java.security.KeyPair)20 ECPrivateKey (java.security.interfaces.ECPrivateKey)20 PublicKey (java.security.PublicKey)17 ECFieldFp (java.security.spec.ECFieldFp)17 ECGenParameterSpec (java.security.spec.ECGenParameterSpec)16 Test (org.junit.Test)16 KeyFactory (java.security.KeyFactory)15 KeyPairGenerator (java.security.KeyPairGenerator)14 AlgorithmParameters (java.security.AlgorithmParameters)13 GeneralSecurityException (java.security.GeneralSecurityException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 KeySpec (java.security.spec.KeySpec)11 IOException (java.io.IOException)10 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)9