Search in sources :

Example 11 with X9ECParameters

use of org.spongycastle.asn1.x9.X9ECParameters in project xipki by xipki.

the class BaseX509Certprofile method checkEcSubjectPublicKeyInfo.

private static void checkEcSubjectPublicKeyInfo(ASN1ObjectIdentifier curveOid, byte[] encoded) throws BadCertTemplateException {
    ParamUtil.requireNonNull("curveOid", curveOid);
    ParamUtil.requireNonNull("encoded", encoded);
    ParamUtil.requireMin("encoded.length", encoded.length, 1);
    Integer expectedLength = ecCurveFieldSizes.get(curveOid);
    if (expectedLength == null) {
        X9ECParameters ecP = ECUtil.getNamedCurveByOid(curveOid);
        ECCurve curve = ecP.getCurve();
        expectedLength = (curve.getFieldSize() + 7) / 8;
        ecCurveFieldSizes.put(curveOid, expectedLength);
    }
    switch(encoded[0]) {
        // compressed
        case 0x02:
        case // compressed
        0x03:
            if (encoded.length != (expectedLength + 1)) {
                throw new BadCertTemplateException("incorrect length for compressed encoding");
            }
            break;
        // uncompressed
        case 0x04:
        // hybrid
        case 0x06:
        case // hybrid
        0x07:
            if (encoded.length != (2 * expectedLength + 1)) {
                throw new BadCertTemplateException("incorrect length for uncompressed/hybrid encoding");
            }
            break;
        default:
            throw new BadCertTemplateException(String.format("invalid point encoding 0x%02x", encoded[0]));
    }
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ECCurve(org.bouncycastle.math.ec.ECCurve)

Example 12 with X9ECParameters

use of org.spongycastle.asn1.x9.X9ECParameters in project xipki by xipki.

the class GMUtil method getSM2Z.

// CHECKSTYLE:SKIP
public static byte[] getSM2Z(byte[] userID, ASN1ObjectIdentifier curveOid, BigInteger pubPointX, BigInteger pubPointY) {
    SM3Digest digest = new SM3Digest();
    addUserId(digest, userID);
    X9ECParameters ecParams = GMNamedCurves.getByOID(curveOid);
    addFieldElement(digest, ecParams.getCurve().getA());
    addFieldElement(digest, ecParams.getCurve().getB());
    addFieldElement(digest, ecParams.getG().getAffineXCoord());
    addFieldElement(digest, ecParams.getG().getAffineYCoord());
    int fieldSize = (ecParams.getCurve().getFieldSize() + 7) / 8;
    byte[] bytes = BigIntegers.asUnsignedByteArray(fieldSize, pubPointX);
    digest.update(bytes, 0, fieldSize);
    bytes = BigIntegers.asUnsignedByteArray(fieldSize, pubPointY);
    digest.update(bytes, 0, fieldSize);
    byte[] result = new byte[digest.getDigestSize()];
    digest.doFinal(result, 0);
    return result;
}
Also used : SM3Digest(org.bouncycastle.crypto.digests.SM3Digest) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)

Example 13 with X9ECParameters

use of org.spongycastle.asn1.x9.X9ECParameters in project xipki by xipki.

the class PublicKeyChecker method checkECSubjectPublicKeyInfo.

// method checkPublicKey
// CHECKSTYLE:SKIP
private static void checkECSubjectPublicKeyInfo(ASN1ObjectIdentifier curveOid, byte[] encoded) throws BadCertTemplateException {
    Integer expectedLength = EC_CURVEFIELD_SIZES.get(curveOid);
    if (expectedLength == null) {
        X9ECParameters ecP = ECUtil.getNamedCurveByOid(curveOid);
        ECCurve curve = ecP.getCurve();
        expectedLength = (curve.getFieldSize() + 7) / 8;
        EC_CURVEFIELD_SIZES.put(curveOid, expectedLength);
    }
    switch(encoded[0]) {
        // compressed
        case 0x02:
        case // compressed
        0x03:
            if (encoded.length != (expectedLength + 1)) {
                throw new BadCertTemplateException("incorrect length for compressed encoding");
            }
            break;
        // uncompressed
        case 0x04:
        // hybrid
        case 0x06:
        case // hybrid
        0x07:
            if (encoded.length != (2 * expectedLength + 1)) {
                throw new BadCertTemplateException("incorrect length for uncompressed/hybrid encoding");
            }
            break;
        default:
            throw new BadCertTemplateException("invalid point encoding 0x" + Integer.toString(encoded[0], 16));
    }
// end switch
}
Also used : ASN1Integer(org.bouncycastle.asn1.ASN1Integer) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) ECCurve(org.bouncycastle.math.ec.ECCurve)

Example 14 with X9ECParameters

use of org.spongycastle.asn1.x9.X9ECParameters in project incubator-pulsar by apache.

the class MessageCrypto method loadPrivateKey.

private PrivateKey loadPrivateKey(byte[] keyBytes) throws Exception {
    Reader keyReader = new StringReader(new String(keyBytes));
    PrivateKey privateKey = null;
    try (PEMParser pemReader = new PEMParser(keyReader)) {
        X9ECParameters ecParam = null;
        Object pemObj = pemReader.readObject();
        if (pemObj instanceof ASN1ObjectIdentifier) {
            // make sure this is EC Parameter we're handling. In which case
            // we'll store it and read the next object which should be our
            // EC Private Key
            ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj;
            ecParam = ECNamedCurveTable.getByOID(ecOID);
            if (ecParam == null) {
                throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ecOID.getId());
            }
            pemObj = pemReader.readObject();
        } else if (pemObj instanceof X9ECParameters) {
            ecParam = (X9ECParameters) pemObj;
            pemObj = pemReader.readObject();
        }
        if (pemObj instanceof PEMKeyPair) {
            PrivateKeyInfo pKeyInfo = ((PEMKeyPair) pemObj).getPrivateKeyInfo();
            JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
            privateKey = pemConverter.getPrivateKey(pKeyInfo);
        }
        if (ecParam != null && ECDSA.equals(privateKey.getAlgorithm())) {
            ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed());
            KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME);
            ECPrivateKeySpec keySpec = new ECPrivateKeySpec(((BCECPrivateKey) privateKey).getS(), ecSpec);
            privateKey = (PrivateKey) keyFactory.generatePrivate(keySpec);
        }
    } catch (IOException e) {
        throw new Exception(e);
    }
    return privateKey;
}
Also used : BCECPrivateKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) PrivateKey(java.security.PrivateKey) ECPrivateKeySpec(org.bouncycastle.jce.spec.ECPrivateKeySpec) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) Reader(java.io.Reader) CryptoKeyReader(org.apache.pulsar.client.api.CryptoKeyReader) StringReader(java.io.StringReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) ByteString(com.google.protobuf.ByteString) IOException(java.io.IOException) PulsarClientException(org.apache.pulsar.client.api.PulsarClientException) ShortBufferException(javax.crypto.ShortBufferException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) CryptoException(org.apache.pulsar.client.api.PulsarClientException.CryptoException) PEMException(org.bouncycastle.openssl.PEMException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) PEMParser(org.bouncycastle.openssl.PEMParser) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) PEMException(org.bouncycastle.openssl.PEMException) StringReader(java.io.StringReader) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) KeyFactory(java.security.KeyFactory)

Example 15 with X9ECParameters

use of org.spongycastle.asn1.x9.X9ECParameters in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method ecdsaSignToBytes.

/**
 * Sign data with the specified elliptic curve private key.
 *
 * @param privateKey elliptic curve private key.
 * @param data       data to sign
 * @return the signed data.
 * @throws CryptoException
 */
private byte[] ecdsaSignToBytes(ECPrivateKey privateKey, byte[] data) throws CryptoException {
    try {
        X9ECParameters params = ECNamedCurveTable.getByName(curveName);
        BigInteger curveN = params.getN();
        Signature sig = SECURITY_PROVIDER == null ? Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM, SECURITY_PROVIDER);
        sig.initSign(privateKey);
        sig.update(data);
        byte[] signature = sig.sign();
        BigInteger[] sigs = decodeECDSASignature(signature);
        sigs = preventMalleability(sigs, curveN);
        ByteArrayOutputStream s = new ByteArrayOutputStream();
        DERSequenceGenerator seq = new DERSequenceGenerator(s);
        seq.addObject(new ASN1Integer(sigs[0]));
        seq.addObject(new ASN1Integer(sigs[1]));
        seq.close();
        return s.toByteArray();
    } catch (Exception e) {
        throw new CryptoException("Could not sign the message using private key", e);
    }
}
Also used : X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) Signature(java.security.Signature) BigInteger(java.math.BigInteger) DERSequenceGenerator(org.bouncycastle.asn1.DERSequenceGenerator) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) CryptoException(org.hyperledger.fabric.sdk.exception.CryptoException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) KeyStoreException(java.security.KeyStoreException) CertPathValidatorException(java.security.cert.CertPathValidatorException) InvalidArgumentException(org.hyperledger.fabric.sdk.exception.InvalidArgumentException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CryptoException(org.hyperledger.fabric.sdk.exception.CryptoException)

Aggregations

X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)29 X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)16 IOException (java.io.IOException)14 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12 ECNamedCurveSpec (org.bouncycastle.jce.spec.ECNamedCurveSpec)12 ECCurve (org.bouncycastle.math.ec.ECCurve)11 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)10 BigInteger (java.math.BigInteger)9 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)8 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)8 X9ECPoint (org.bouncycastle.asn1.x9.X9ECPoint)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ECParameterSpec (java.security.spec.ECParameterSpec)6 ECPoint (java.security.spec.ECPoint)6 EllipticCurve (java.security.spec.EllipticCurve)6 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)6 ECDomainParameters (org.bouncycastle.crypto.params.ECDomainParameters)6 DERInteger (org.bouncycastle.asn1.DERInteger)5 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)5 ECPrivateKeyStructure (org.bouncycastle.asn1.sec.ECPrivateKeyStructure)5