use of java.security.spec.ECPoint in project karaf by apache.
the class PublicKeyLoginModuleTest method testECLogin.
@Test
public void testECLogin() throws Exception {
Properties options = getLoginModuleOptions();
PublickeyLoginModule module = new PublickeyLoginModule();
Subject subject = new Subject();
String x = "-29742501866672735446035294501787338870744851402037490785638836399245997090445";
String y = "-47637824304079393691947094099226900728731860400898598466261954347951527449659";
KeyFactory keyFactory = KeyFactory.getInstance("EC");
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
parameters.init(new ECGenParameterSpec("secp256r1"));
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
PublicKey publicKey = keyFactory.generatePublic(keySpec);
module.initialize(subject, new NamePubkeyCallbackHandler("ec", publicKey), null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertFalse(subject.getPrincipals().isEmpty());
assertThat("ec", isIn(names(subject.getPrincipals(UserPrincipal.class))));
assertThat("ssh", isIn(names(subject.getPrincipals(RolePrincipal.class))));
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
use of java.security.spec.ECPoint in project tink by google.
the class WebPushHybridDecrypt method decrypt.
@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws /* unused */
GeneralSecurityException {
if (contextInfo != null) {
throw new GeneralSecurityException("contextInfo must be null because it is unused");
}
if (ciphertext.length < WebPushConstants.CIPHERTEXT_OVERHEAD) {
throw new GeneralSecurityException("ciphertext too short");
}
// payload body. See https://tools.ietf.org/html/rfc8291#section-4.0.
if (ciphertext.length > WebPushConstants.MAX_CIPHERTEXT_SIZE) {
throw new GeneralSecurityException("ciphertext too long");
}
// Unpacking.
ByteBuffer record = ByteBuffer.wrap(ciphertext);
byte[] salt = new byte[WebPushConstants.SALT_SIZE];
record.get(salt);
int recordSize = record.getInt();
if (recordSize != this.recordSize || recordSize < ciphertext.length || recordSize > WebPushConstants.MAX_CIPHERTEXT_SIZE) {
throw new GeneralSecurityException("invalid record size: " + recordSize);
}
int publicKeySize = (int) record.get();
if (publicKeySize != WebPushConstants.PUBLIC_KEY_SIZE) {
throw new GeneralSecurityException("invalid ephemeral public key size: " + publicKeySize);
}
byte[] asPublicKey = new byte[WebPushConstants.PUBLIC_KEY_SIZE];
record.get(asPublicKey);
ECPoint asPublicPoint = EllipticCurves.pointDecode(WebPushConstants.NIST_P256_CURVE_TYPE, WebPushConstants.UNCOMPRESSED_POINT_FORMAT, asPublicKey);
byte[] payload = new byte[ciphertext.length - WebPushConstants.CONTENT_CODING_HEADER_SIZE];
record.get(payload);
// See https://tools.ietf.org/html/rfc8291#section-3.4.
byte[] ecdhSecret = EllipticCurves.computeSharedSecret(recipientPrivateKey, asPublicPoint);
byte[] ikm = WebPushUtil.computeIkm(ecdhSecret, authSecret, recipientPublicKey, asPublicKey);
byte[] cek = WebPushUtil.computeCek(ikm, salt);
byte[] nonce = WebPushUtil.computeNonce(ikm, salt);
return decrypt(cek, nonce, payload);
}
use of java.security.spec.ECPoint in project tink by google.
the class TestUtil method generateEcdsaPrivKey.
/**
* @return a {@code EcdsaPrivateKey} constructed from {@code EllipticCurveType} and {@code
* HashType}.
*/
public static EcdsaPrivateKey generateEcdsaPrivKey(EllipticCurveType curve, HashType hashType, EcdsaSignatureEncoding encoding) throws Exception {
ECParameterSpec ecParams;
switch(curve) {
case NIST_P256:
ecParams = EllipticCurves.getNistP256Params();
break;
case NIST_P384:
ecParams = EllipticCurves.getNistP384Params();
break;
case NIST_P521:
ecParams = EllipticCurves.getNistP521Params();
break;
default:
throw new NoSuchAlgorithmException("Curve not implemented:" + curve);
}
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
keyGen.initialize(ecParams);
KeyPair keyPair = keyGen.generateKeyPair();
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
ECPoint w = pubKey.getW();
EcdsaPublicKey ecdsaPubKey = createEcdsaPubKey(hashType, curve, encoding, w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
return createEcdsaPrivKey(ecdsaPubKey, privKey.getS().toByteArray());
}
use of java.security.spec.ECPoint in project tink by google.
the class EllipticCurves method getNistCurveSpec.
private static ECParameterSpec getNistCurveSpec(String decimalP, String decimalN, String hexB, String hexGX, String hexGY) {
final BigInteger p = new BigInteger(decimalP);
final BigInteger n = new BigInteger(decimalN);
final BigInteger three = new BigInteger("3");
final BigInteger a = p.subtract(three);
final BigInteger b = new BigInteger(hexB, 16);
final BigInteger gx = new BigInteger(hexGX, 16);
final BigInteger gy = new BigInteger(hexGY, 16);
final int h = 1;
ECFieldFp fp = new ECFieldFp(p);
java.security.spec.EllipticCurve curveSpec = new java.security.spec.EllipticCurve(fp, a, b);
ECPoint g = new ECPoint(gx, gy);
ECParameterSpec ecSpec = new ECParameterSpec(curveSpec, g, n, h);
return ecSpec;
}
use of java.security.spec.ECPoint in project tink by google.
the class EllipticCurvesTest method testPointEncode.
@Test
public void testPointEncode() throws Exception {
for (TestVector2 test : testVectors2) {
EllipticCurve curve = EllipticCurves.getCurveSpec(test.curve).getCurve();
ECPoint p = new ECPoint(test.x, test.y);
byte[] encoded = EllipticCurves.pointEncode(curve, test.format, p);
assertEquals(TestUtil.hexEncode(encoded), TestUtil.hexEncode(test.encoded));
}
}
Aggregations