Search in sources :

Example 41 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project jdk8u_jdk by JetBrains.

the class P11KeyPairGenerator method generateKeyPair.

// see JCA spec
public KeyPair generateKeyPair() {
    token.ensureValid();
    CK_ATTRIBUTE[] publicKeyTemplate;
    CK_ATTRIBUTE[] privateKeyTemplate;
    long keyType;
    if (algorithm.equals("RSA")) {
        keyType = CKK_RSA;
        publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_MODULUS_BITS, keySize), new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT, rsaPublicExponent) };
        privateKeyTemplate = new CK_ATTRIBUTE[] {};
    } else if (algorithm.equals("DSA")) {
        keyType = CKK_DSA;
        DSAParameterSpec dsaParams;
        if (params == null) {
            try {
                dsaParams = ParameterCache.getDSAParameterSpec(keySize, random);
            } catch (GeneralSecurityException e) {
                throw new ProviderException("Could not generate DSA parameters", e);
            }
        } else {
            dsaParams = (DSAParameterSpec) params;
        }
        publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_PRIME, dsaParams.getP()), new CK_ATTRIBUTE(CKA_SUBPRIME, dsaParams.getQ()), new CK_ATTRIBUTE(CKA_BASE, dsaParams.getG()) };
        privateKeyTemplate = new CK_ATTRIBUTE[] {};
    } else if (algorithm.equals("DH")) {
        keyType = CKK_DH;
        DHParameterSpec dhParams;
        int privateBits;
        if (params == null) {
            try {
                dhParams = ParameterCache.getDHParameterSpec(keySize, random);
            } catch (GeneralSecurityException e) {
                throw new ProviderException("Could not generate DH parameters", e);
            }
            privateBits = 0;
        } else {
            dhParams = (DHParameterSpec) params;
            privateBits = dhParams.getL();
        }
        if (privateBits <= 0) {
            // XXX find better defaults
            privateBits = (keySize >= 1024) ? 768 : 512;
        }
        publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_PRIME, dhParams.getP()), new CK_ATTRIBUTE(CKA_BASE, dhParams.getG()) };
        privateKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_VALUE_BITS, privateBits) };
    } else if (algorithm.equals("EC")) {
        keyType = CKK_EC;
        byte[] encodedParams = P11ECKeyFactory.encodeParameters((ECParameterSpec) params);
        publicKeyTemplate = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_EC_PARAMS, encodedParams) };
        privateKeyTemplate = new CK_ATTRIBUTE[] {};
    } else {
        throw new ProviderException("Unknown algorithm: " + algorithm);
    }
    Session session = null;
    try {
        session = token.getObjSession();
        publicKeyTemplate = token.getAttributes(O_GENERATE, CKO_PUBLIC_KEY, keyType, publicKeyTemplate);
        privateKeyTemplate = token.getAttributes(O_GENERATE, CKO_PRIVATE_KEY, keyType, privateKeyTemplate);
        long[] keyIDs = token.p11.C_GenerateKeyPair(session.id(), new CK_MECHANISM(mechanism), publicKeyTemplate, privateKeyTemplate);
        PublicKey publicKey = P11Key.publicKey(session, keyIDs[0], algorithm, keySize, publicKeyTemplate);
        PrivateKey privateKey = P11Key.privateKey(session, keyIDs[1], algorithm, keySize, privateKeyTemplate);
        return new KeyPair(publicKey, privateKey);
    } catch (PKCS11Exception e) {
        throw new ProviderException(e);
    } finally {
        token.releaseSession(session);
    }
}
Also used : DHParameterSpec(javax.crypto.spec.DHParameterSpec)

Example 42 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project jdk8u_jdk by JetBrains.

the class P11KeyPairGenerator method initialize.

// see JCA spec
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
    token.ensureValid();
    int tmpKeySize;
    if (algorithm.equals("DH")) {
        if (params instanceof DHParameterSpec == false) {
            throw new InvalidAlgorithmParameterException("DHParameterSpec required for Diffie-Hellman");
        }
        DHParameterSpec dhParams = (DHParameterSpec) params;
        tmpKeySize = dhParams.getP().bitLength();
        checkKeySize(tmpKeySize, null);
    // XXX sanity check params
    } else if (algorithm.equals("RSA")) {
        if (params instanceof RSAKeyGenParameterSpec == false) {
            throw new InvalidAlgorithmParameterException("RSAKeyGenParameterSpec required for RSA");
        }
        RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec) params;
        tmpKeySize = rsaParams.getKeysize();
        checkKeySize(tmpKeySize, rsaParams);
        // override the supplied params to null
        params = null;
        this.rsaPublicExponent = rsaParams.getPublicExponent();
    // XXX sanity check params
    } else if (algorithm.equals("DSA")) {
        if (params instanceof DSAParameterSpec == false) {
            throw new InvalidAlgorithmParameterException("DSAParameterSpec required for DSA");
        }
        DSAParameterSpec dsaParams = (DSAParameterSpec) params;
        tmpKeySize = dsaParams.getP().bitLength();
        checkKeySize(tmpKeySize, null);
    // XXX sanity check params
    } else if (algorithm.equals("EC")) {
        ECParameterSpec ecParams;
        if (params instanceof ECParameterSpec) {
            ecParams = P11ECKeyFactory.getECParameterSpec((ECParameterSpec) params);
            if (ecParams == null) {
                throw new InvalidAlgorithmParameterException("Unsupported curve: " + params);
            }
        } else if (params instanceof ECGenParameterSpec) {
            String name = ((ECGenParameterSpec) params).getName();
            ecParams = P11ECKeyFactory.getECParameterSpec(name);
            if (ecParams == null) {
                throw new InvalidAlgorithmParameterException("Unknown curve name: " + name);
            }
            // override the supplied params with the derived one
            params = ecParams;
        } else {
            throw new InvalidAlgorithmParameterException("ECParameterSpec or ECGenParameterSpec required for EC");
        }
        tmpKeySize = ecParams.getCurve().getField().getFieldSize();
        checkKeySize(tmpKeySize, null);
    } else {
        throw new ProviderException("Unknown algorithm: " + algorithm);
    }
    this.keySize = tmpKeySize;
    this.params = params;
    this.random = random;
}
Also used : DHParameterSpec(javax.crypto.spec.DHParameterSpec)

Example 43 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project jdk8u_jdk by JetBrains.

the class KeyUtil method validateDHPublicKey.

/**
     * Returns whether the Diffie-Hellman public key is valid or not.
     *
     * Per RFC 2631 and NIST SP800-56A, the following algorithm is used to
     * validate Diffie-Hellman public keys:
     * 1. Verify that y lies within the interval [2,p-1]. If it does not,
     *    the key is invalid.
     * 2. Compute y^q mod p. If the result == 1, the key is valid.
     *    Otherwise the key is invalid.
     */
private static void validateDHPublicKey(DHPublicKey publicKey) throws InvalidKeyException {
    DHParameterSpec paramSpec = publicKey.getParams();
    BigInteger p = paramSpec.getP();
    BigInteger g = paramSpec.getG();
    BigInteger y = publicKey.getY();
    validateDHPublicKey(p, g, y);
}
Also used : BigInteger(java.math.BigInteger) DHParameterSpec(javax.crypto.spec.DHParameterSpec)

Example 44 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project geode by apache.

the class GMSEncrypt method initDHKeys.

/**
   * Initialize the Diffie-Hellman keys. This method is not thread safe
   */
private void initDHKeys(DistributionConfig config) throws Exception {
    dhSKAlgo = config.getSecurityUDPDHAlgo();
    // that has authenticator defined.
    if ((dhSKAlgo != null && dhSKAlgo.length() > 0)) {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
        DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
        keyGen.initialize(dhSpec);
        KeyPair keypair = keyGen.generateKeyPair();
        // Get the generated public and private keys
        dhPrivateKey = keypair.getPrivate();
        dhPublicKey = keypair.getPublic();
    }
}
Also used : DHParameterSpec(javax.crypto.spec.DHParameterSpec)

Aggregations

DHParameterSpec (javax.crypto.spec.DHParameterSpec)44 BigInteger (java.math.BigInteger)18 KeyPair (java.security.KeyPair)13 KeyPairGenerator (java.security.KeyPairGenerator)13 KeyAgreement (javax.crypto.KeyAgreement)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 SecureRandom (java.security.SecureRandom)7 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6 InvalidKeyException (java.security.InvalidKeyException)6 KeyFactory (java.security.KeyFactory)6 PublicKey (java.security.PublicKey)6 DHPrivateKey (javax.crypto.interfaces.DHPrivateKey)6 DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)6 DHPublicKey (javax.crypto.interfaces.DHPublicKey)5 IOException (java.io.IOException)4 PrivateKey (java.security.PrivateKey)4 CertificateException (java.security.cert.CertificateException)4 X509Certificate (java.security.cert.X509Certificate)4 X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)4 X509KeyManager (javax.net.ssl.X509KeyManager)4