Search in sources :

Example 11 with RSAPrivateCrtKeySpec

use of java.security.spec.RSAPrivateCrtKeySpec in project jruby-openssl by jruby.

the class PKey method readRSAPrivateKey.

public static KeyPair readRSAPrivateKey(final KeyFactory rsaFactory, final byte[] input) throws IOException, InvalidKeySpecException {
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (seq.size() == 9) {
        BigInteger mod = ((ASN1Integer) seq.getObjectAt(1)).getValue();
        BigInteger pubexp = ((ASN1Integer) seq.getObjectAt(2)).getValue();
        BigInteger privexp = ((ASN1Integer) seq.getObjectAt(3)).getValue();
        BigInteger primep = ((ASN1Integer) seq.getObjectAt(4)).getValue();
        BigInteger primeq = ((ASN1Integer) seq.getObjectAt(5)).getValue();
        BigInteger primeep = ((ASN1Integer) seq.getObjectAt(6)).getValue();
        BigInteger primeeq = ((ASN1Integer) seq.getObjectAt(7)).getValue();
        BigInteger crtcoeff = ((ASN1Integer) seq.getObjectAt(8)).getValue();
        PrivateKey priv = rsaFactory.generatePrivate(new RSAPrivateCrtKeySpec(mod, pubexp, privexp, primep, primeq, primeep, primeeq, crtcoeff));
        PublicKey pub = rsaFactory.generatePublic(new RSAPublicKeySpec(mod, pubexp));
        return new KeyPair(pub, priv);
    }
    return null;
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) ECPrivateKey(java.security.interfaces.ECPrivateKey) PrivateKey(java.security.PrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)

Example 12 with RSAPrivateCrtKeySpec

use of java.security.spec.RSAPrivateCrtKeySpec in project jruby-openssl by jruby.

the class PKey method readPrivateKey.

public static KeyPair readPrivateKey(final byte[] input, final String type) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    KeySpec pubSpec;
    KeySpec privSpec;
    ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
    if (type.equals("RSA")) {
        ASN1Integer mod = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer pubExp = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer privExp = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer p1 = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer p2 = (ASN1Integer) seq.getObjectAt(5);
        ASN1Integer exp1 = (ASN1Integer) seq.getObjectAt(6);
        ASN1Integer exp2 = (ASN1Integer) seq.getObjectAt(7);
        ASN1Integer crtCoef = (ASN1Integer) seq.getObjectAt(8);
        pubSpec = new RSAPublicKeySpec(mod.getValue(), pubExp.getValue());
        privSpec = new RSAPrivateCrtKeySpec(mod.getValue(), pubExp.getValue(), privExp.getValue(), p1.getValue(), p2.getValue(), exp1.getValue(), exp2.getValue(), crtCoef.getValue());
    } else if (type.equals("DSA")) {
        ASN1Integer p = (ASN1Integer) seq.getObjectAt(1);
        ASN1Integer q = (ASN1Integer) seq.getObjectAt(2);
        ASN1Integer g = (ASN1Integer) seq.getObjectAt(3);
        ASN1Integer y = (ASN1Integer) seq.getObjectAt(4);
        ASN1Integer x = (ASN1Integer) seq.getObjectAt(5);
        privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue());
        pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
    } else if (type.equals("ECDSA")) {
        return readECPrivateKey(input);
    } else {
        throw new IllegalStateException("unsupported type: " + type);
    }
    KeyFactory fact = SecurityHelper.getKeyFactory(type);
    return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
}
Also used : DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ECPrivateKeySpec(java.security.spec.ECPrivateKeySpec) KeySpec(java.security.spec.KeySpec) DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) KeyFactory(java.security.KeyFactory) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 13 with RSAPrivateCrtKeySpec

use of java.security.spec.RSAPrivateCrtKeySpec in project fabric8 by fabric8io.

the class WebClients method createKeyStore.

public static KeyStore createKeyStore(String clientCertData, File clientCertFile, String clientKeyData, File clientKeyFile, String clientKeyAlgo, char[] clientKeyPassword) throws Exception {
    try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile)) {
        CertificateFactory certFactory = CertificateFactory.getInstance("X509");
        X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream);
        InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile);
        PEMReader reader = new PEMReader(keyInputStream);
        RSAPrivateCrtKeySpec keySpec = new PKCS1EncodedKeySpec(reader.getDerBytes()).getKeySpec();
        KeyFactory kf = KeyFactory.getInstance(clientKeyAlgo);
        RSAPrivateKey privKey = (RSAPrivateKey) kf.generatePrivate(keySpec);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, clientKeyPassword);
        String alias = cert.getSubjectX500Principal().getName();
        keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new Certificate[] { cert });
        return keyStore;
    }
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) PEMReader(net.oauth.signature.pem.PEMReader) PKCS1EncodedKeySpec(net.oauth.signature.pem.PKCS1EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) KeyFactory(java.security.KeyFactory)

Example 14 with RSAPrivateCrtKeySpec

use of java.security.spec.RSAPrivateCrtKeySpec in project wycheproof by google.

the class RsaSignatureTest method testFaultySigner.

/**
 * Faults during the generation of a signature can leak the information about the private key.
 * A. K. Lenstra showed in "Memo on RSA signature generation in the presence of faults",
 * (https://infoscience.epfl.ch/record/164524/files/nscan20.PDF) that PKCS #1 signatures are
 * especially susceptible to faults when the Chinese Remainder Theorem is used to compute the
 * signature: one single faulty signature is sufficient to leak the private key.
 *
 * One countermeasure that is often used in libraries is to blind the RSA computation and
 * verify the signature before returning it. Nowadays, libraries are expected to have at least
 * some countermeasures against faulty computations. In some cases (e.g. OpenSSL) the library
 * tries to fix a faulty computation by generating a correct signature without using Chinese
 * remaindering.
 *
 * The test here does not induce a fault. Instead it tries to sign with a faulty private key.
 * The expected outcome of the test is that underlying provider either detects that the fault
 * or generates a valid signature by ignoring the faulty CRT parameter.
 *
 * Since the test only simulates a fault, but does not actually induce a fault it is somewhat
 * incomplete. It does not detect all vulnerable implementations. The test should nonetheless
 * detect implementations that include no verification at all.
 */
@Test
public void testFaultySigner() throws Exception {
    BigInteger e = new BigInteger("65537");
    BigInteger d = new BigInteger("1491581187972832788084570222215155297353839087630599492610691218" + "6098027383804966741416365668088258821394558334495197493887270311" + "7558637148793177374456685063919969705672268324029058661801838398" + "1099187046803818325657704350675941092582695993374867459573741707" + "2513551423973482044545986645893321692393572214394692273248819124" + "5866638922766330300631727125395012955305761836925591665625409882" + "5987442083465656021724458811783361811914866856391248003733867121" + "5531501554906114868306919889638573670925006068497222709802245970" + "0014474779292382225845722344584808716054088377124806520166137504" + "58797849822813881641713404303944154638273");
    BigInteger q = new BigInteger("1327930250247153291239240833779228146841620599139480980326615632" + "6868823273498280322301518048955331731683358443542450740927959439" + "3056349447047388914345605165927201322192706870545643991584573901" + "9099563807204264522234257863225478717589651408831271029849307682" + "13198832542217762257092135384802889866043941823057701");
    BigInteger p = new BigInteger("1546732137638443281784728718025150988901748595222448633054370906" + "7724307988669542799529278238746541544956234718616481585427107180" + "6134464028933334724614223213582911567222033332353858049787180486" + "8311341830570208335451999930773903649599388066890163502238099141" + "76306676019969635213034585825883528127235874684082417");
    BigInteger n = p.multiply(q);
    BigInteger dp = d.mod(p.subtract(BigInteger.ONE));
    BigInteger dq = d.mod(q.subtract(BigInteger.ONE));
    BigInteger crt = q.modInverse(p);
    RSAPrivateCrtKeySpec validKey = new RSAPrivateCrtKeySpec(n, e, d, p, q, dp, dq, crt);
    RSAPrivateCrtKeySpec invalidKey = new RSAPrivateCrtKeySpec(n, e, d, p, q, dp.add(BigInteger.valueOf(2)), dq, crt);
    byte[] message = "Test".getBytes("UTF-8");
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PrivateKey validPrivKey = kf.generatePrivate(validKey);
    Signature signer = Signature.getInstance("SHA256WithRSA");
    signer.initSign(validPrivKey);
    signer.update(message);
    byte[] signature = signer.sign();
    PrivateKey invalidPrivKey = null;
    try {
        invalidPrivKey = kf.generatePrivate(invalidKey);
    } catch (InvalidKeySpecException ex) {
        // The provider checks the private key and notices a mismatch.
        // This is a good sign, though of course in this case it means that we can't
        // check for faults.
        System.out.println("Provider catches invalid RSA key:" + ex);
        return;
    }
    byte[] invalidSignature = null;
    try {
        signer.initSign(invalidPrivKey);
        signer.update(message);
        invalidSignature = signer.sign();
    } catch (Exception ex) {
        // We do not necessarily expect a checked exception here, since generating
        // an invalid signature typically indicates a programming error.
        // Though RuntimeExceptions are fine here.
        System.out.println("Generating PKCS#1 signature with faulty key throws:" + ex);
        return;
    }
    String signatureHex = TestUtil.bytesToHex(signature);
    String invalidSignatureHex = TestUtil.bytesToHex(invalidSignature);
    if (signatureHex.equals(invalidSignatureHex)) {
        // The provider generated a correct signature. This can for example happen if the provider
        // does not use the CRT parameters.
        System.out.println("Signature generation did not use faulty parameter");
        return;
    }
    fail("Generated faulty PKCS #1 signature with faulty parameters" + " valid signature:" + signatureHex + " invalid signature:" + invalidSignatureHex);
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) Signature(java.security.Signature) BigInteger(java.math.BigInteger) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) KeyFactory(java.security.KeyFactory) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SignatureException(java.security.SignatureException) Test(org.junit.Test)

Example 15 with RSAPrivateCrtKeySpec

use of java.security.spec.RSAPrivateCrtKeySpec in project j2objc by google.

the class RSAPrivateCrtKeySpecTest method testGetModulus.

// 
// Tests for inherited methods
// 
/**
 * Test for <code>getModulus()</code> method<br>
 * Assertion: returns modulus
 */
public final void testGetModulus() {
    RSAPrivateCrtKeySpec ks = new RSAPrivateCrtKeySpec(BigInteger.valueOf(5L), BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE);
    assertTrue(BigInteger.valueOf(5L).equals(ks.getModulus()));
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec)

Aggregations

RSAPrivateCrtKeySpec (java.security.spec.RSAPrivateCrtKeySpec)48 KeyFactory (java.security.KeyFactory)16 BigInteger (java.math.BigInteger)14 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)12 PrivateKey (java.security.PrivateKey)11 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)10 RSAPrivateKeySpec (java.security.spec.RSAPrivateKeySpec)9 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)9 RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)8 PublicKey (java.security.PublicKey)7 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)7 KeySpec (java.security.spec.KeySpec)6 IOException (java.io.IOException)5 KeyPair (java.security.KeyPair)5 RSAPublicKey (java.security.interfaces.RSAPublicKey)5 GeneralSecurityException (java.security.GeneralSecurityException)4 InvalidKeyException (java.security.InvalidKeyException)4 Signature (java.security.Signature)4 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)4 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)4