use of java.security.spec.RSAPrivateCrtKeySpec in project jruby-openssl by jruby.
the class PKey method readRSAPrivateKey.
public static KeyPair readRSAPrivateKey(final KeyFactory rsaFactory, final byte[] input) throws IOException, InvalidKeySpecException {
ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
if (seq.size() == 9) {
BigInteger mod = ((ASN1Integer) seq.getObjectAt(1)).getValue();
BigInteger pubexp = ((ASN1Integer) seq.getObjectAt(2)).getValue();
BigInteger privexp = ((ASN1Integer) seq.getObjectAt(3)).getValue();
BigInteger primep = ((ASN1Integer) seq.getObjectAt(4)).getValue();
BigInteger primeq = ((ASN1Integer) seq.getObjectAt(5)).getValue();
BigInteger primeep = ((ASN1Integer) seq.getObjectAt(6)).getValue();
BigInteger primeeq = ((ASN1Integer) seq.getObjectAt(7)).getValue();
BigInteger crtcoeff = ((ASN1Integer) seq.getObjectAt(8)).getValue();
PrivateKey priv = rsaFactory.generatePrivate(new RSAPrivateCrtKeySpec(mod, pubexp, privexp, primep, primeq, primeep, primeeq, crtcoeff));
PublicKey pub = rsaFactory.generatePublic(new RSAPublicKeySpec(mod, pubexp));
return new KeyPair(pub, priv);
}
return null;
}
use of java.security.spec.RSAPrivateCrtKeySpec in project jruby-openssl by jruby.
the class PKey method readPrivateKey.
public static KeyPair readPrivateKey(final byte[] input, final String type) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec pubSpec;
KeySpec privSpec;
ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
if (type.equals("RSA")) {
ASN1Integer mod = (ASN1Integer) seq.getObjectAt(1);
ASN1Integer pubExp = (ASN1Integer) seq.getObjectAt(2);
ASN1Integer privExp = (ASN1Integer) seq.getObjectAt(3);
ASN1Integer p1 = (ASN1Integer) seq.getObjectAt(4);
ASN1Integer p2 = (ASN1Integer) seq.getObjectAt(5);
ASN1Integer exp1 = (ASN1Integer) seq.getObjectAt(6);
ASN1Integer exp2 = (ASN1Integer) seq.getObjectAt(7);
ASN1Integer crtCoef = (ASN1Integer) seq.getObjectAt(8);
pubSpec = new RSAPublicKeySpec(mod.getValue(), pubExp.getValue());
privSpec = new RSAPrivateCrtKeySpec(mod.getValue(), pubExp.getValue(), privExp.getValue(), p1.getValue(), p2.getValue(), exp1.getValue(), exp2.getValue(), crtCoef.getValue());
} else if (type.equals("DSA")) {
ASN1Integer p = (ASN1Integer) seq.getObjectAt(1);
ASN1Integer q = (ASN1Integer) seq.getObjectAt(2);
ASN1Integer g = (ASN1Integer) seq.getObjectAt(3);
ASN1Integer y = (ASN1Integer) seq.getObjectAt(4);
ASN1Integer x = (ASN1Integer) seq.getObjectAt(5);
privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue());
pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
} else if (type.equals("ECDSA")) {
return readECPrivateKey(input);
} else {
throw new IllegalStateException("unsupported type: " + type);
}
KeyFactory fact = SecurityHelper.getKeyFactory(type);
return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
}
use of java.security.spec.RSAPrivateCrtKeySpec in project fabric8 by fabric8io.
the class WebClients method createKeyStore.
public static KeyStore createKeyStore(String clientCertData, File clientCertFile, String clientKeyData, File clientKeyFile, String clientKeyAlgo, char[] clientKeyPassword) throws Exception {
try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile)) {
CertificateFactory certFactory = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream);
InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile);
PEMReader reader = new PEMReader(keyInputStream);
RSAPrivateCrtKeySpec keySpec = new PKCS1EncodedKeySpec(reader.getDerBytes()).getKeySpec();
KeyFactory kf = KeyFactory.getInstance(clientKeyAlgo);
RSAPrivateKey privKey = (RSAPrivateKey) kf.generatePrivate(keySpec);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, clientKeyPassword);
String alias = cert.getSubjectX500Principal().getName();
keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new Certificate[] { cert });
return keyStore;
}
}
use of java.security.spec.RSAPrivateCrtKeySpec in project wycheproof by google.
the class RsaSignatureTest method testFaultySigner.
/**
* Faults during the generation of a signature can leak the information about the private key.
* A. K. Lenstra showed in "Memo on RSA signature generation in the presence of faults",
* (https://infoscience.epfl.ch/record/164524/files/nscan20.PDF) that PKCS #1 signatures are
* especially susceptible to faults when the Chinese Remainder Theorem is used to compute the
* signature: one single faulty signature is sufficient to leak the private key.
*
* One countermeasure that is often used in libraries is to blind the RSA computation and
* verify the signature before returning it. Nowadays, libraries are expected to have at least
* some countermeasures against faulty computations. In some cases (e.g. OpenSSL) the library
* tries to fix a faulty computation by generating a correct signature without using Chinese
* remaindering.
*
* The test here does not induce a fault. Instead it tries to sign with a faulty private key.
* The expected outcome of the test is that underlying provider either detects that the fault
* or generates a valid signature by ignoring the faulty CRT parameter.
*
* Since the test only simulates a fault, but does not actually induce a fault it is somewhat
* incomplete. It does not detect all vulnerable implementations. The test should nonetheless
* detect implementations that include no verification at all.
*/
@Test
public void testFaultySigner() throws Exception {
BigInteger e = new BigInteger("65537");
BigInteger d = new BigInteger("1491581187972832788084570222215155297353839087630599492610691218" + "6098027383804966741416365668088258821394558334495197493887270311" + "7558637148793177374456685063919969705672268324029058661801838398" + "1099187046803818325657704350675941092582695993374867459573741707" + "2513551423973482044545986645893321692393572214394692273248819124" + "5866638922766330300631727125395012955305761836925591665625409882" + "5987442083465656021724458811783361811914866856391248003733867121" + "5531501554906114868306919889638573670925006068497222709802245970" + "0014474779292382225845722344584808716054088377124806520166137504" + "58797849822813881641713404303944154638273");
BigInteger q = new BigInteger("1327930250247153291239240833779228146841620599139480980326615632" + "6868823273498280322301518048955331731683358443542450740927959439" + "3056349447047388914345605165927201322192706870545643991584573901" + "9099563807204264522234257863225478717589651408831271029849307682" + "13198832542217762257092135384802889866043941823057701");
BigInteger p = new BigInteger("1546732137638443281784728718025150988901748595222448633054370906" + "7724307988669542799529278238746541544956234718616481585427107180" + "6134464028933334724614223213582911567222033332353858049787180486" + "8311341830570208335451999930773903649599388066890163502238099141" + "76306676019969635213034585825883528127235874684082417");
BigInteger n = p.multiply(q);
BigInteger dp = d.mod(p.subtract(BigInteger.ONE));
BigInteger dq = d.mod(q.subtract(BigInteger.ONE));
BigInteger crt = q.modInverse(p);
RSAPrivateCrtKeySpec validKey = new RSAPrivateCrtKeySpec(n, e, d, p, q, dp, dq, crt);
RSAPrivateCrtKeySpec invalidKey = new RSAPrivateCrtKeySpec(n, e, d, p, q, dp.add(BigInteger.valueOf(2)), dq, crt);
byte[] message = "Test".getBytes("UTF-8");
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey validPrivKey = kf.generatePrivate(validKey);
Signature signer = Signature.getInstance("SHA256WithRSA");
signer.initSign(validPrivKey);
signer.update(message);
byte[] signature = signer.sign();
PrivateKey invalidPrivKey = null;
try {
invalidPrivKey = kf.generatePrivate(invalidKey);
} catch (InvalidKeySpecException ex) {
// The provider checks the private key and notices a mismatch.
// This is a good sign, though of course in this case it means that we can't
// check for faults.
System.out.println("Provider catches invalid RSA key:" + ex);
return;
}
byte[] invalidSignature = null;
try {
signer.initSign(invalidPrivKey);
signer.update(message);
invalidSignature = signer.sign();
} catch (Exception ex) {
// We do not necessarily expect a checked exception here, since generating
// an invalid signature typically indicates a programming error.
// Though RuntimeExceptions are fine here.
System.out.println("Generating PKCS#1 signature with faulty key throws:" + ex);
return;
}
String signatureHex = TestUtil.bytesToHex(signature);
String invalidSignatureHex = TestUtil.bytesToHex(invalidSignature);
if (signatureHex.equals(invalidSignatureHex)) {
// The provider generated a correct signature. This can for example happen if the provider
// does not use the CRT parameters.
System.out.println("Signature generation did not use faulty parameter");
return;
}
fail("Generated faulty PKCS #1 signature with faulty parameters" + " valid signature:" + signatureHex + " invalid signature:" + invalidSignatureHex);
}
use of java.security.spec.RSAPrivateCrtKeySpec in project j2objc by google.
the class RSAPrivateCrtKeySpecTest method testGetModulus.
//
// Tests for inherited methods
//
/**
* Test for <code>getModulus()</code> method<br>
* Assertion: returns modulus
*/
public final void testGetModulus() {
RSAPrivateCrtKeySpec ks = new RSAPrivateCrtKeySpec(BigInteger.valueOf(5L), BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE);
assertTrue(BigInteger.valueOf(5L).equals(ks.getModulus()));
}
Aggregations