Search in sources :

Example 6 with ECPublicKeySpec

use of java.security.spec.ECPublicKeySpec in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreKeyFactorySpi method engineGetKeySpec.

@Override
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpecClass) throws InvalidKeySpecException {
    if (key == null) {
        throw new InvalidKeySpecException("key == null");
    } else if ((!(key instanceof AndroidKeyStorePrivateKey)) && (!(key instanceof AndroidKeyStorePublicKey))) {
        throw new InvalidKeySpecException("Unsupported key type: " + key.getClass().getName() + ". This KeyFactory supports only Android Keystore asymmetric keys");
    }
    if (keySpecClass == null) {
        throw new InvalidKeySpecException("keySpecClass == null");
    } else if (KeyInfo.class.equals(keySpecClass)) {
        if (!(key instanceof AndroidKeyStorePrivateKey)) {
            throw new InvalidKeySpecException("Unsupported key type: " + key.getClass().getName() + ". KeyInfo can be obtained only for Android Keystore private keys");
        }
        AndroidKeyStorePrivateKey keystorePrivateKey = (AndroidKeyStorePrivateKey) key;
        String keyAliasInKeystore = keystorePrivateKey.getAlias();
        String entryAlias;
        if (keyAliasInKeystore.startsWith(Credentials.USER_PRIVATE_KEY)) {
            entryAlias = keyAliasInKeystore.substring(Credentials.USER_PRIVATE_KEY.length());
        } else {
            throw new InvalidKeySpecException("Invalid key alias: " + keyAliasInKeystore);
        }
        @SuppressWarnings("unchecked") T result = (T) AndroidKeyStoreSecretKeyFactorySpi.getKeyInfo(mKeyStore, entryAlias, keyAliasInKeystore, keystorePrivateKey.getUid());
        return result;
    } else if (X509EncodedKeySpec.class.equals(keySpecClass)) {
        if (!(key instanceof AndroidKeyStorePublicKey)) {
            throw new InvalidKeySpecException("Unsupported key type: " + key.getClass().getName() + ". X509EncodedKeySpec can be obtained only for Android Keystore public" + " keys");
        }
        @SuppressWarnings("unchecked") T result = (T) new X509EncodedKeySpec(((AndroidKeyStorePublicKey) key).getEncoded());
        return result;
    } else if (PKCS8EncodedKeySpec.class.equals(keySpecClass)) {
        if (key instanceof AndroidKeyStorePrivateKey) {
            throw new InvalidKeySpecException("Key material export of Android Keystore private keys is not supported");
        } else {
            throw new InvalidKeySpecException("Cannot export key material of public key in PKCS#8 format." + " Only X.509 format (X509EncodedKeySpec) supported for public keys.");
        }
    } else if (RSAPublicKeySpec.class.equals(keySpecClass)) {
        if (key instanceof AndroidKeyStoreRSAPublicKey) {
            AndroidKeyStoreRSAPublicKey rsaKey = (AndroidKeyStoreRSAPublicKey) key;
            @SuppressWarnings("unchecked") T result = (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
            return result;
        } else {
            throw new InvalidKeySpecException("Obtaining RSAPublicKeySpec not supported for " + key.getAlgorithm() + " " + ((key instanceof AndroidKeyStorePrivateKey) ? "private" : "public") + " key");
        }
    } else if (ECPublicKeySpec.class.equals(keySpecClass)) {
        if (key instanceof AndroidKeyStoreECPublicKey) {
            AndroidKeyStoreECPublicKey ecKey = (AndroidKeyStoreECPublicKey) key;
            @SuppressWarnings("unchecked") T result = (T) new ECPublicKeySpec(ecKey.getW(), ecKey.getParams());
            return result;
        } else {
            throw new InvalidKeySpecException("Obtaining ECPublicKeySpec not supported for " + key.getAlgorithm() + " " + ((key instanceof AndroidKeyStorePrivateKey) ? "private" : "public") + " key");
        }
    } else {
        throw new InvalidKeySpecException("Unsupported key spec: " + keySpecClass.getName());
    }
}
Also used : X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException)

Example 7 with ECPublicKeySpec

use of java.security.spec.ECPublicKeySpec in project oxAuth by GluuFederation.

the class AbstractCryptoProvider method getPublicKey.

public PublicKey getPublicKey(String alias, JSONObject jwks) throws Exception {
    java.security.PublicKey publicKey = null;
    JSONArray webKeys = jwks.getJSONArray(JSON_WEB_KEY_SET);
    for (int i = 0; i < webKeys.length(); i++) {
        JSONObject key = webKeys.getJSONObject(i);
        if (alias.equals(key.getString(KEY_ID))) {
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(key.getString(ALGORITHM));
            if (signatureAlgorithm != null) {
                if (signatureAlgorithm.getFamily().equals(SignatureAlgorithmFamily.RSA)) {
                    publicKey = new RSAPublicKeyImpl(new BigInteger(1, Base64Util.base64urldecode(key.getString(MODULUS))), new BigInteger(1, Base64Util.base64urldecode(key.getString(EXPONENT))));
                } else if (signatureAlgorithm.getFamily().equals(SignatureAlgorithmFamily.EC)) {
                    AlgorithmParameters parameters = AlgorithmParameters.getInstance(SignatureAlgorithmFamily.EC);
                    parameters.init(new ECGenParameterSpec(signatureAlgorithm.getCurve().getAlias()));
                    ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
                    publicKey = KeyFactory.getInstance(SignatureAlgorithmFamily.EC).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(key.getString(X))), new BigInteger(1, Base64Util.base64urldecode(key.getString(Y)))), ecParameters));
                }
            }
        }
    }
    return publicKey;
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONArray(org.codehaus.jettison.json.JSONArray) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) PublicKey(java.security.PublicKey) SignatureAlgorithm(org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm) ECPoint(java.security.spec.ECPoint) ECPoint(java.security.spec.ECPoint) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) JSONObject(org.codehaus.jettison.json.JSONObject) ECParameterSpec(java.security.spec.ECParameterSpec) BigInteger(java.math.BigInteger) AlgorithmParameters(java.security.AlgorithmParameters)

Example 8 with ECPublicKeySpec

use of java.security.spec.ECPublicKeySpec in project android_frameworks_base by crdroidandroid.

the class AndroidKeyStoreKeyFactorySpi method engineGetKeySpec.

@Override
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpecClass) throws InvalidKeySpecException {
    if (key == null) {
        throw new InvalidKeySpecException("key == null");
    } else if ((!(key instanceof AndroidKeyStorePrivateKey)) && (!(key instanceof AndroidKeyStorePublicKey))) {
        throw new InvalidKeySpecException("Unsupported key type: " + key.getClass().getName() + ". This KeyFactory supports only Android Keystore asymmetric keys");
    }
    if (keySpecClass == null) {
        throw new InvalidKeySpecException("keySpecClass == null");
    } else if (KeyInfo.class.equals(keySpecClass)) {
        if (!(key instanceof AndroidKeyStorePrivateKey)) {
            throw new InvalidKeySpecException("Unsupported key type: " + key.getClass().getName() + ". KeyInfo can be obtained only for Android Keystore private keys");
        }
        AndroidKeyStorePrivateKey keystorePrivateKey = (AndroidKeyStorePrivateKey) key;
        String keyAliasInKeystore = keystorePrivateKey.getAlias();
        String entryAlias;
        if (keyAliasInKeystore.startsWith(Credentials.USER_PRIVATE_KEY)) {
            entryAlias = keyAliasInKeystore.substring(Credentials.USER_PRIVATE_KEY.length());
        } else {
            throw new InvalidKeySpecException("Invalid key alias: " + keyAliasInKeystore);
        }
        @SuppressWarnings("unchecked") T result = (T) AndroidKeyStoreSecretKeyFactorySpi.getKeyInfo(mKeyStore, entryAlias, keyAliasInKeystore, keystorePrivateKey.getUid());
        return result;
    } else if (X509EncodedKeySpec.class.equals(keySpecClass)) {
        if (!(key instanceof AndroidKeyStorePublicKey)) {
            throw new InvalidKeySpecException("Unsupported key type: " + key.getClass().getName() + ". X509EncodedKeySpec can be obtained only for Android Keystore public" + " keys");
        }
        @SuppressWarnings("unchecked") T result = (T) new X509EncodedKeySpec(((AndroidKeyStorePublicKey) key).getEncoded());
        return result;
    } else if (PKCS8EncodedKeySpec.class.equals(keySpecClass)) {
        if (key instanceof AndroidKeyStorePrivateKey) {
            throw new InvalidKeySpecException("Key material export of Android Keystore private keys is not supported");
        } else {
            throw new InvalidKeySpecException("Cannot export key material of public key in PKCS#8 format." + " Only X.509 format (X509EncodedKeySpec) supported for public keys.");
        }
    } else if (RSAPublicKeySpec.class.equals(keySpecClass)) {
        if (key instanceof AndroidKeyStoreRSAPublicKey) {
            AndroidKeyStoreRSAPublicKey rsaKey = (AndroidKeyStoreRSAPublicKey) key;
            @SuppressWarnings("unchecked") T result = (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
            return result;
        } else {
            throw new InvalidKeySpecException("Obtaining RSAPublicKeySpec not supported for " + key.getAlgorithm() + " " + ((key instanceof AndroidKeyStorePrivateKey) ? "private" : "public") + " key");
        }
    } else if (ECPublicKeySpec.class.equals(keySpecClass)) {
        if (key instanceof AndroidKeyStoreECPublicKey) {
            AndroidKeyStoreECPublicKey ecKey = (AndroidKeyStoreECPublicKey) key;
            @SuppressWarnings("unchecked") T result = (T) new ECPublicKeySpec(ecKey.getW(), ecKey.getParams());
            return result;
        } else {
            throw new InvalidKeySpecException("Obtaining ECPublicKeySpec not supported for " + key.getAlgorithm() + " " + ((key instanceof AndroidKeyStorePrivateKey) ? "private" : "public") + " key");
        }
    } else {
        throw new InvalidKeySpecException("Unsupported key spec: " + keySpecClass.getName());
    }
}
Also used : X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException)

Example 9 with ECPublicKeySpec

use of java.security.spec.ECPublicKeySpec in project wycheproof by google.

the class EcKeyTest method testPublicKeyAtInfinity.

/**
   * Tries to generate a public key with a point at infinity. Public keys with a point at infinity
   * should be rejected to prevent subgroup confinement attacks.
   */
public void testPublicKeyAtInfinity() throws Exception {
    ECParameterSpec ecSpec = EcUtil.getNistP256Params();
    try {
        ECPublicKeySpec pubSpec = new ECPublicKeySpec(ECPoint.POINT_INFINITY, ecSpec);
        fail("Point at infinity is not a valid public key. " + pubSpec.getW().equals(ECPoint.POINT_INFINITY));
    } catch (java.lang.IllegalArgumentException ex) {
    // This is expected
    }
}
Also used : ECParameterSpec(java.security.spec.ECParameterSpec) ECPublicKeySpec(java.security.spec.ECPublicKeySpec)

Example 10 with ECPublicKeySpec

use of java.security.spec.ECPublicKeySpec in project wycheproof by google.

the class EcdhTest method testModifiedPublicSpec.

/**
   * This is a similar test as testModifiedPublic. However, this test uses test vectors
   * ECPublicKeySpec
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testModifiedPublicSpec(String algorithm) throws Exception {
    KeyAgreement ka;
    try {
        ka = KeyAgreement.getInstance(algorithm);
    } catch (NoSuchAlgorithmException ex) {
        System.out.println("testWrongOrder: " + algorithm + " not supported");
        return;
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(EcUtil.getNistP256Params());
    ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPublicKey validKey = (ECPublicKey) kf.generatePublic(EC_VALID_PUBLIC_KEY.getSpec());
    ka.init(priv);
    ka.doPhase(validKey, true);
    String expected = TestUtil.bytesToHex(ka.generateSecret());
    for (EcPublicKeyTestVector test : EC_MODIFIED_PUBLIC_KEYS) {
        ECPublicKeySpec spec = test.getSpec();
        if (spec == null) {
            // spec == null if one of these validity checks fails. Of course such a failure is OK.
            continue;
        }
        try {
            ECPublicKey modifiedKey = (ECPublicKey) kf.generatePublic(spec);
            ka.init(priv);
            ka.doPhase(modifiedKey, true);
            String shared = TestUtil.bytesToHex(ka.generateSecret());
            // The implementation did not notice that the public key was modified.
            // This is not nice, but at the moment we only fail the test if the
            // modification was essential for computing the shared secret.
            //
            // BouncyCastle v.1.53 fails this test, for ECDHC with modified order.
            // This implementation reduces the product s*h modulo the order given
            // in the public key. An attacker who can modify the order of the public key
            // and who can learn whether such a modification changes the shared secret is
            // able to learn the private key with a simple binary search.
            assertEquals("algorithm:" + algorithm + " test:" + test.comment, expected, shared);
        } catch (GeneralSecurityException ex) {
            // OK, since the public keys have been modified.
            System.out.println("testModifiedPublic:" + test.comment + " throws " + ex.toString());
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) ECPublicKey(java.security.interfaces.ECPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyPairGenerator(java.security.KeyPairGenerator) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory) ECPublicKeySpec(java.security.spec.ECPublicKeySpec)

Aggregations

ECPublicKeySpec (java.security.spec.ECPublicKeySpec)15 ECParameterSpec (java.security.spec.ECParameterSpec)9 ECPoint (java.security.spec.ECPoint)7 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)6 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)6 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)6 ECPublicKey (java.security.interfaces.ECPublicKey)5 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)5 BigInteger (java.math.BigInteger)3 GeneralSecurityException (java.security.GeneralSecurityException)3 KeyFactory (java.security.KeyFactory)3 KeyPairGenerator (java.security.KeyPairGenerator)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 EllipticCurve (java.security.spec.EllipticCurve)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 PublicKey (java.security.PublicKey)2 ECFieldF2m (java.security.spec.ECFieldF2m)2 KeyAgreement (javax.crypto.KeyAgreement)2 AlgorithmParameters (java.security.AlgorithmParameters)1 InvalidKeyException (java.security.InvalidKeyException)1