Search in sources :

Example 26 with RSAKeyGenParameterSpec

use of java.security.spec.RSAKeyGenParameterSpec in project jdk8u_jdk by JetBrains.

the class RSAKeyPairGenerator method initialize.

// second initialize method. See JCA doc.
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
    if (params instanceof RSAKeyGenParameterSpec == false) {
        throw new InvalidAlgorithmParameterException("Params must be instance of RSAKeyGenParameterSpec");
    }
    RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) params;
    int tmpKeySize = rsaSpec.getKeysize();
    BigInteger tmpPublicExponent = rsaSpec.getPublicExponent();
    if (tmpPublicExponent == null) {
        tmpPublicExponent = RSAKeyGenParameterSpec.F4;
    } else {
        if (tmpPublicExponent.compareTo(RSAKeyGenParameterSpec.F0) < 0) {
            throw new InvalidAlgorithmParameterException("Public exponent must be 3 or larger");
        }
        if (tmpPublicExponent.bitLength() > tmpKeySize) {
            throw new InvalidAlgorithmParameterException("Public exponent must be smaller than key size");
        }
    }
    // do not allow unreasonably large key sizes, probably user error
    try {
        RSAKeyFactory.checkKeyLengths(tmpKeySize, tmpPublicExponent, 512, 64 * 1024);
    } catch (InvalidKeyException e) {
        throw new InvalidAlgorithmParameterException("Invalid key sizes", e);
    }
    this.keySize = tmpKeySize;
    this.publicExponent = tmpPublicExponent;
    this.random = random;
}
Also used : RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec) BigInteger(java.math.BigInteger)

Example 27 with RSAKeyGenParameterSpec

use of java.security.spec.RSAKeyGenParameterSpec in project jdk8u_jdk by JetBrains.

the class GenerateRSAKeyPair method main.

public static void main(String[] args) throws Exception {
    RSAKeyGenParameterSpec rsaSpec = new RSAKeyGenParameterSpec(1024, RSAKeyGenParameterSpec.F4);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
    kpg.initialize(rsaSpec);
    // test generateKeyPair
    KeyPair kpair = kpg.generateKeyPair();
    if (kpair == null) {
        throw new Exception("no keypair generated");
    }
}
Also used : KeyPair(java.security.KeyPair) RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator)

Example 28 with RSAKeyGenParameterSpec

use of java.security.spec.RSAKeyGenParameterSpec in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyPairGeneratorTest method assertKeyPairCorrect.

private void assertKeyPairCorrect(KeyPair pair, String alias, String keyType, int keySize, AlgorithmParameterSpec spec, X500Principal dn, BigInteger serial, Date start, Date end) throws Exception {
    final PublicKey pubKey = pair.getPublic();
    assertNotNull("The PublicKey for the KeyPair should be not null", pubKey);
    assertEquals(keyType, pubKey.getAlgorithm());
    if ("EC".equalsIgnoreCase(keyType)) {
        assertEquals("Curve should be what was specified during initialization", keySize, ((ECPublicKey) pubKey).getParams().getCurve().getField().getFieldSize());
    } else if ("RSA".equalsIgnoreCase(keyType)) {
        RSAPublicKey rsaPubKey = (RSAPublicKey) pubKey;
        assertEquals("Modulus size should be what is specified during initialization", (keySize + 7) & ~7, (rsaPubKey.getModulus().bitLength() + 7) & ~7);
        if (spec != null) {
            RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) spec;
            assertEquals((keySize + 7) & ~7, (params.getKeysize() + 7) & ~7);
            assertEquals(params.getPublicExponent(), rsaPubKey.getPublicExponent());
        }
    }
    final PrivateKey privKey = pair.getPrivate();
    assertNotNull("The PrivateKey for the KeyPair should be not null", privKey);
    assertEquals(keyType, privKey.getAlgorithm());
    if ("EC".equalsIgnoreCase(keyType)) {
        assertTrue("EC private key must be instanceof ECKey: " + privKey.getClass().getName(), privKey instanceof ECKey);
        assertEquals("Private and public key must have the same EC parameters", ((ECKey) pubKey).getParams(), ((ECKey) privKey).getParams());
    } else if ("RSA".equalsIgnoreCase(keyType)) {
        assertTrue("RSA private key must be instance of RSAKey: " + privKey.getClass().getName(), privKey instanceof RSAKey);
        assertEquals("Private and public key must have the same RSA modulus", ((RSAKey) pubKey).getModulus(), ((RSAKey) privKey).getModulus());
    }
    final byte[] userCertBytes = mAndroidKeyStore.get(Credentials.USER_CERTIFICATE + alias);
    assertNotNull("The user certificate should exist for the generated entry", userCertBytes);
    final CertificateFactory cf = CertificateFactory.getInstance("X.509");
    final Certificate userCert = cf.generateCertificate(new ByteArrayInputStream(userCertBytes));
    assertTrue("Certificate should be in X.509 format", userCert instanceof X509Certificate);
    final X509Certificate x509userCert = (X509Certificate) userCert;
    assertEquals("Public key used to sign certificate should have the same algorithm as in KeyPair", pubKey.getAlgorithm(), x509userCert.getPublicKey().getAlgorithm());
    assertEquals("PublicKey used to sign certificate should match one returned in KeyPair", pubKey, AndroidKeyStoreProvider.getAndroidKeyStorePublicKey(Credentials.USER_PRIVATE_KEY + alias, KeyStore.UID_SELF, x509userCert.getPublicKey().getAlgorithm(), x509userCert.getPublicKey().getEncoded()));
    assertEquals("The Subject DN should be the one passed into the params", dn, x509userCert.getSubjectDN());
    assertEquals("The Issuer DN should be the same as the Subject DN", dn, x509userCert.getIssuerDN());
    assertEquals("The Serial should be the one passed into the params", serial, x509userCert.getSerialNumber());
    assertDateEquals("The notBefore date should be the one passed into the params", start, x509userCert.getNotBefore());
    assertDateEquals("The notAfter date should be the one passed into the params", end, x509userCert.getNotAfter());
    // Assert that the cert's signature verifies using the public key from generated KeyPair
    x509userCert.verify(pubKey);
    // Assert that the cert's signature verifies using the public key from the cert itself.
    x509userCert.verify(x509userCert.getPublicKey());
    final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias);
    assertNull("A list of CA certificates should not exist for the generated entry", caCerts);
    ExportResult exportResult = mAndroidKeyStore.exportKey(Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
    assertEquals(KeyStore.NO_ERROR, exportResult.resultCode);
    final byte[] pubKeyBytes = exportResult.exportData;
    assertNotNull("The keystore should return the public key for the generated key", pubKeyBytes);
    assertTrue("Public key X.509 format should be as expected", Arrays.equals(pubKey.getEncoded(), pubKeyBytes));
}
Also used : RSAKey(java.security.interfaces.RSAKey) PrivateKey(java.security.PrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec) ECKey(java.security.interfaces.ECKey) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) ECPublicKey(java.security.interfaces.ECPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) ByteArrayInputStream(java.io.ByteArrayInputStream) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) ExportResult(android.security.keymaster.ExportResult)

Example 29 with RSAKeyGenParameterSpec

use of java.security.spec.RSAKeyGenParameterSpec in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyPairGeneratorTest method testKeyPairGenerator_GenerateKeyPair_RSA_WithParams_Unencrypted_Success.

public void testKeyPairGenerator_GenerateKeyPair_RSA_WithParams_Unencrypted_Success() throws Exception {
    AlgorithmParameterSpec spec = new RSAKeyGenParameterSpec(1024, BigInteger.valueOf(3L));
    mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()).setAlias(TEST_ALIAS_1).setKeySize(1024).setAlgorithmParameterSpec(spec).setSubject(TEST_DN_1).setSerialNumber(TEST_SERIAL_1).setStartDate(NOW).setEndDate(NOW_PLUS_10_YEARS).build());
    final KeyPair pair = mGenerator.generateKeyPair();
    assertNotNull("The KeyPair returned should not be null", pair);
    assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 1024, spec, TEST_DN_1, TEST_SERIAL_1, NOW, NOW_PLUS_10_YEARS);
}
Also used : KeyPairGeneratorSpec(android.security.KeyPairGeneratorSpec) KeyPair(java.security.KeyPair) RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)

Example 30 with RSAKeyGenParameterSpec

use of java.security.spec.RSAKeyGenParameterSpec in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreKeyPairGeneratorSpi method initAlgorithmSpecificParameters.

private void initAlgorithmSpecificParameters() throws InvalidAlgorithmParameterException {
    AlgorithmParameterSpec algSpecificSpec = mSpec.getAlgorithmParameterSpec();
    switch(mKeymasterAlgorithm) {
        case KeymasterDefs.KM_ALGORITHM_RSA:
            {
                BigInteger publicExponent = null;
                if (algSpecificSpec instanceof RSAKeyGenParameterSpec) {
                    RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) algSpecificSpec;
                    if (mKeySizeBits == -1) {
                        mKeySizeBits = rsaSpec.getKeysize();
                    } else if (mKeySizeBits != rsaSpec.getKeysize()) {
                        throw new InvalidAlgorithmParameterException("RSA key size must match " + " between " + mSpec + " and " + algSpecificSpec + ": " + mKeySizeBits + " vs " + rsaSpec.getKeysize());
                    }
                    publicExponent = rsaSpec.getPublicExponent();
                } else if (algSpecificSpec != null) {
                    throw new InvalidAlgorithmParameterException("RSA may only use RSAKeyGenParameterSpec");
                }
                if (publicExponent == null) {
                    publicExponent = RSAKeyGenParameterSpec.F4;
                }
                if (publicExponent.compareTo(BigInteger.ZERO) < 1) {
                    throw new InvalidAlgorithmParameterException("RSA public exponent must be positive: " + publicExponent);
                }
                if (publicExponent.compareTo(KeymasterArguments.UINT64_MAX_VALUE) > 0) {
                    throw new InvalidAlgorithmParameterException("Unsupported RSA public exponent: " + publicExponent + ". Maximum supported value: " + KeymasterArguments.UINT64_MAX_VALUE);
                }
                mRSAPublicExponent = publicExponent;
                break;
            }
        case KeymasterDefs.KM_ALGORITHM_EC:
            if (algSpecificSpec instanceof ECGenParameterSpec) {
                ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
                String curveName = ecSpec.getName();
                Integer ecSpecKeySizeBits = SUPPORTED_EC_NIST_CURVE_NAME_TO_SIZE.get(curveName.toLowerCase(Locale.US));
                if (ecSpecKeySizeBits == null) {
                    throw new InvalidAlgorithmParameterException("Unsupported EC curve name: " + curveName + ". Supported: " + SUPPORTED_EC_NIST_CURVE_NAMES);
                }
                if (mKeySizeBits == -1) {
                    mKeySizeBits = ecSpecKeySizeBits;
                } else if (mKeySizeBits != ecSpecKeySizeBits) {
                    throw new InvalidAlgorithmParameterException("EC key size must match " + " between " + mSpec + " and " + algSpecificSpec + ": " + mKeySizeBits + " vs " + ecSpecKeySizeBits);
                }
            } else if (algSpecificSpec != null) {
                throw new InvalidAlgorithmParameterException("EC may only use ECGenParameterSpec");
            }
            break;
        default:
            throw new ProviderException("Unsupported algorithm: " + mKeymasterAlgorithm);
    }
}
Also used : BigInteger(java.math.BigInteger) ASN1Integer(com.android.org.bouncycastle.asn1.ASN1Integer) DERInteger(com.android.org.bouncycastle.asn1.DERInteger) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) ProviderException(java.security.ProviderException) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) BigInteger(java.math.BigInteger) RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)

Aggregations

RSAKeyGenParameterSpec (java.security.spec.RSAKeyGenParameterSpec)32 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)16 BigInteger (java.math.BigInteger)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)12 KeyPair (java.security.KeyPair)7 KeyPairGeneratorSpec (android.security.KeyPairGeneratorSpec)5 ExportResult (android.security.keymaster.ExportResult)5 ASN1Integer (com.android.org.bouncycastle.asn1.ASN1Integer)5 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5 DERInteger (com.android.org.bouncycastle.asn1.DERInteger)5 ByteArrayInputStream (java.io.ByteArrayInputStream)5 InvalidKeyException (java.security.InvalidKeyException)5 PrivateKey (java.security.PrivateKey)5 ProviderException (java.security.ProviderException)5 PublicKey (java.security.PublicKey)5 Certificate (java.security.cert.Certificate)5 CertificateFactory (java.security.cert.CertificateFactory)5 X509Certificate (java.security.cert.X509Certificate)5 ECKey (java.security.interfaces.ECKey)5 ECPublicKey (java.security.interfaces.ECPublicKey)5