Example 41 with DHParameterSpec
use of javax.crypto.spec.DHParameterSpec in project jdk8u_jdk by JetBrains.
the class P11KeyPairGenerator method generateKeyPair.
// see JCA spec
public KeyPair generateKeyPair() {
token.ensureValid();
CK_ATTRIBUTE[] publicKeyTemplate;
CK_ATTRIBUTE[] privateKeyTemplate;
long keyType;
if (algorithm.equals("RSA")) {
keyType = CKK_RSA;
publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_MODULUS_BITS, keySize), new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT, rsaPublicExponent) };
privateKeyTemplate = new CK_ATTRIBUTE[] {};
} else if (algorithm.equals("DSA")) {
keyType = CKK_DSA;
DSAParameterSpec dsaParams;
if (params == null) {
try {
dsaParams = ParameterCache.getDSAParameterSpec(keySize, random);
} catch (GeneralSecurityException e) {
throw new ProviderException("Could not generate DSA parameters", e);
}
} else {
dsaParams = (DSAParameterSpec) params;
}
publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_PRIME, dsaParams.getP()), new CK_ATTRIBUTE(CKA_SUBPRIME, dsaParams.getQ()), new CK_ATTRIBUTE(CKA_BASE, dsaParams.getG()) };
privateKeyTemplate = new CK_ATTRIBUTE[] {};
} else if (algorithm.equals("DH")) {
keyType = CKK_DH;
DHParameterSpec dhParams;
int privateBits;
if (params == null) {
try {
dhParams = ParameterCache.getDHParameterSpec(keySize, random);
} catch (GeneralSecurityException e) {
throw new ProviderException("Could not generate DH parameters", e);
}
privateBits = 0;
} else {
dhParams = (DHParameterSpec) params;
privateBits = dhParams.getL();
}
if (privateBits <= 0) {
// XXX find better defaults
privateBits = (keySize >= 1024) ? 768 : 512;
}
publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_PRIME, dhParams.getP()), new CK_ATTRIBUTE(CKA_BASE, dhParams.getG()) };
privateKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_VALUE_BITS, privateBits) };
} else if (algorithm.equals("EC")) {
keyType = CKK_EC;
byte[] encodedParams = P11ECKeyFactory.encodeParameters((ECParameterSpec) params);
publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_EC_PARAMS, encodedParams) };
privateKeyTemplate = new CK_ATTRIBUTE[] {};
} else {
throw new ProviderException("Unknown algorithm: " + algorithm);
}
Session session = null;
try {
session = token.getObjSession();
publicKeyTemplate = token.getAttributes(O_GENERATE, CKO_PUBLIC_KEY, keyType, publicKeyTemplate);
privateKeyTemplate = token.getAttributes(O_GENERATE, CKO_PRIVATE_KEY, keyType, privateKeyTemplate);
long[] keyIDs = token.p11.C_GenerateKeyPair(session.id(), new CK_MECHANISM(mechanism), publicKeyTemplate, privateKeyTemplate);
PublicKey publicKey = P11Key.publicKey(session, keyIDs[0], algorithm, keySize, publicKeyTemplate);
PrivateKey privateKey = P11Key.privateKey(session, keyIDs[1], algorithm, keySize, privateKeyTemplate);
return new KeyPair(publicKey, privateKey);
} catch (PKCS11Exception e) {
throw new ProviderException(e);
} finally {
token.releaseSession(session);
}
}
Also used :
DHParameterSpec(javax.crypto.spec.DHParameterSpec)
Example 42 with DHParameterSpec
use of javax.crypto.spec.DHParameterSpec in project jdk8u_jdk by JetBrains.
the class P11KeyPairGenerator method initialize.
// see JCA spec
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
token.ensureValid();
int tmpKeySize;
if (algorithm.equals("DH")) {
if (params instanceof DHParameterSpec == false) {
throw new InvalidAlgorithmParameterException("DHParameterSpec required for Diffie-Hellman");
}
DHParameterSpec dhParams = (DHParameterSpec) params;
tmpKeySize = dhParams.getP().bitLength();
checkKeySize(tmpKeySize, null);
// XXX sanity check params
} else if (algorithm.equals("RSA")) {
if (params instanceof RSAKeyGenParameterSpec == false) {
throw new InvalidAlgorithmParameterException("RSAKeyGenParameterSpec required for RSA");
}
RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec) params;
tmpKeySize = rsaParams.getKeysize();
checkKeySize(tmpKeySize, rsaParams);
// override the supplied params to null
params = null;
this.rsaPublicExponent = rsaParams.getPublicExponent();
// XXX sanity check params
} else if (algorithm.equals("DSA")) {
if (params instanceof DSAParameterSpec == false) {
throw new InvalidAlgorithmParameterException("DSAParameterSpec required for DSA");
}
DSAParameterSpec dsaParams = (DSAParameterSpec) params;
tmpKeySize = dsaParams.getP().bitLength();
checkKeySize(tmpKeySize, null);
// XXX sanity check params
} else if (algorithm.equals("EC")) {
ECParameterSpec ecParams;
if (params instanceof ECParameterSpec) {
ecParams = P11ECKeyFactory.getECParameterSpec((ECParameterSpec) params);
if (ecParams == null) {
throw new InvalidAlgorithmParameterException("Unsupported curve: " + params);
}
} else if (params instanceof ECGenParameterSpec) {
String name = ((ECGenParameterSpec) params).getName();
ecParams = P11ECKeyFactory.getECParameterSpec(name);
if (ecParams == null) {
throw new InvalidAlgorithmParameterException("Unknown curve name: " + name);
}
// override the supplied params with the derived one
params = ecParams;
} else {
throw new InvalidAlgorithmParameterException("ECParameterSpec or ECGenParameterSpec required for EC");
}
tmpKeySize = ecParams.getCurve().getField().getFieldSize();
checkKeySize(tmpKeySize, null);
} else {
throw new ProviderException("Unknown algorithm: " + algorithm);
}
this.keySize = tmpKeySize;
this.params = params;
this.random = random;
}
Also used :
DHParameterSpec(javax.crypto.spec.DHParameterSpec)
Example 43 with DHParameterSpec
use of javax.crypto.spec.DHParameterSpec in project jdk8u_jdk by JetBrains.
the class KeyUtil method validateDHPublicKey.
/**
* Returns whether the Diffie-Hellman public key is valid or not.
*
* Per RFC 2631 and NIST SP800-56A, the following algorithm is used to
* validate Diffie-Hellman public keys:
* 1. Verify that y lies within the interval [2,p-1]. If it does not,
* the key is invalid.
* 2. Compute y^q mod p. If the result == 1, the key is valid.
* Otherwise the key is invalid.
*/
private static void validateDHPublicKey(DHPublicKey publicKey) throws InvalidKeyException {
DHParameterSpec paramSpec = publicKey.getParams();
BigInteger p = paramSpec.getP();
BigInteger g = paramSpec.getG();
BigInteger y = publicKey.getY();
validateDHPublicKey(p, g, y);
}
Also used :
BigInteger(java.math.BigInteger)
DHParameterSpec(javax.crypto.spec.DHParameterSpec)
Example 44 with DHParameterSpec
use of javax.crypto.spec.DHParameterSpec in project geode by apache.
the class GMSEncrypt method initDHKeys.
/**
* Initialize the Diffie-Hellman keys. This method is not thread safe
*/
private void initDHKeys(DistributionConfig config) throws Exception {
dhSKAlgo = config.getSecurityUDPDHAlgo();
// that has authenticator defined.
if ((dhSKAlgo != null && dhSKAlgo.length() > 0)) {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
keyGen.initialize(dhSpec);
KeyPair keypair = keyGen.generateKeyPair();
// Get the generated public and private keys
dhPrivateKey = keypair.getPrivate();
dhPublicKey = keypair.getPublic();
}
}
Also used :
DHParameterSpec(javax.crypto.spec.DHParameterSpec)
Aggregations
DHParameterSpec (javax.crypto.spec.DHParameterSpec)44
BigInteger (java.math.BigInteger)18
KeyPair (java.security.KeyPair)13
KeyPairGenerator (java.security.KeyPairGenerator)13
KeyAgreement (javax.crypto.KeyAgreement)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
SecureRandom (java.security.SecureRandom)7
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6
InvalidKeyException (java.security.InvalidKeyException)6
KeyFactory (java.security.KeyFactory)6
PublicKey (java.security.PublicKey)6
DHPrivateKey (javax.crypto.interfaces.DHPrivateKey)6
DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)6
DHPublicKey (javax.crypto.interfaces.DHPublicKey)5
IOException (java.io.IOException)4
PrivateKey (java.security.PrivateKey)4
CertificateException (java.security.cert.CertificateException)4
X509Certificate (java.security.cert.X509Certificate)4
X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)4
X509KeyManager (javax.net.ssl.X509KeyManager)4
