jdk-sandbox: src/jdk.crypto.ec/share/classes/sun/security/ec/ECDHKeyAgreement.java@752e57845ad2 (annotated)

3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	1	/*
52330 df10a0cacf3e 8205476: KeyAgreement#generateSecret is not reset for ECDH based algorithm apetcher parents: 47216 diff changeset	2	* Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	4	*
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3863 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3863 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	10	*
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	15	* accompanied this code).
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	16	*
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3863 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3863 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3863 diff changeset	23	* questions.
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	24	*/
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	25
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	26	package sun.security.ec;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	27
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	28	import java.math.*;
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	29	import java.security.*;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	30	import java.security.interfaces.*;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	31	import java.security.spec.*;
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	32	import java.util.Optional;
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	33
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	34	import javax.crypto.*;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	35	import javax.crypto.spec.*;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	36
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	37	import sun.security.util.ArrayUtil;
17491 7a33824ec8c5 7194075: Various classes of sunec.jar are duplicated in rt.jar vinnie parents: 5506 diff changeset	38	import sun.security.util.ECUtil;
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	39	import sun.security.util.math.*;
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	40	import sun.security.ec.point.*;
17491 7a33824ec8c5 7194075: Various classes of sunec.jar are duplicated in rt.jar vinnie parents: 5506 diff changeset	41
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	42	/**
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	43	* KeyAgreement implementation for ECDH.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	44	*
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	45	* @since 1.7
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	46	*/
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	47	public final class ECDHKeyAgreement extends KeyAgreementSpi {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	48
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	49	// private key, if initialized
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	50	private ECPrivateKey privateKey;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	51
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	52	// public key, non-null between doPhase() & generateSecret() only
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	53	private ECPublicKey publicKey;
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	54
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	55	// length of the secret to be derived
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	56	private int secretLen;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	57
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	58	/**
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	59	* Constructs a new ECDHKeyAgreement.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	60	*/
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	61	public ECDHKeyAgreement() {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	62	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	63
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	64	// see JCE spec
3863 8e0f58b1c072 6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: 3492 diff changeset	65	@Override
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	66	protected void engineInit(Key key, SecureRandom random)
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	67	throws InvalidKeyException {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	68	if (!(key instanceof PrivateKey)) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	69	throw new InvalidKeyException
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	70	("Key must be instance of PrivateKey");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	71	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	72	privateKey = (ECPrivateKey) ECKeyFactory.toECKey(key);
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	73	publicKey = null;
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	74	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	75
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	76	// see JCE spec
3863 8e0f58b1c072 6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: 3492 diff changeset	77	@Override
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	78	protected void engineInit(Key key, AlgorithmParameterSpec params,
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	79	SecureRandom random) throws InvalidKeyException,
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	80	InvalidAlgorithmParameterException {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	81	if (params != null) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	82	throw new InvalidAlgorithmParameterException
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	83	("Parameters not supported");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	84	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	85	engineInit(key, random);
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	86	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	87
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	88	// see JCE spec
3863 8e0f58b1c072 6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: 3492 diff changeset	89	@Override
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	90	protected Key engineDoPhase(Key key, boolean lastPhase)
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	91	throws InvalidKeyException, IllegalStateException {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	92	if (privateKey == null) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	93	throw new IllegalStateException("Not initialized");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	94	}
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	95	if (publicKey != null) {
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	96	throw new IllegalStateException("Phase already executed");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	97	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	98	if (!lastPhase) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	99	throw new IllegalStateException
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	100	("Only two party agreement supported, lastPhase must be true");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	101	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	102	if (!(key instanceof ECPublicKey)) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	103	throw new InvalidKeyException
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	104	("Key must be a PublicKey with algorithm EC");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	105	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	106
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	107	this.publicKey = (ECPublicKey) key;
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	108
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	109	ECParameterSpec params = publicKey.getParams();
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	110	int keyLenBits = params.getCurve().getField().getFieldSize();
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	111	secretLen = (keyLenBits + 7) >> 3;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	112
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	113	return null;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	114	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	115
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	116	private static void validateCoordinate(BigInteger c, BigInteger mod) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	117	if (c.compareTo(BigInteger.ZERO) < 0) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	118	throw new ProviderException("invalid coordinate");
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	119	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	120
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	121	if (c.compareTo(mod) >= 0) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	122	throw new ProviderException("invalid coordinate");
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	123	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	124	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	125
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	126	/*
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	127	* Check whether a public key is valid. Throw ProviderException
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	128	* if it is not valid or could not be validated.
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	129	*/
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	130	private static void validate(ECOperations ops, ECPublicKey key) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	131
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	132	// ensure that integers are in proper range
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	133	BigInteger x = key.getW().getAffineX();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	134	BigInteger y = key.getW().getAffineY();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	135
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	136	BigInteger p = ops.getField().getSize();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	137	validateCoordinate(x, p);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	138	validateCoordinate(y, p);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	139
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	140	// ensure the point is on the curve
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	141	EllipticCurve curve = key.getParams().getCurve();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	142	BigInteger rhs = x.modPow(BigInteger.valueOf(3), p).add(curve.getA()
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	143	.multiply(x)).add(curve.getB()).mod(p);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	144	BigInteger lhs = y.modPow(BigInteger.valueOf(2), p).mod(p);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	145	if (!rhs.equals(lhs)) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	146	throw new ProviderException("point is not on curve");
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	147	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	148
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	149	// check the order of the point
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	150	ImmutableIntegerModuloP xElem = ops.getField().getElement(x);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	151	ImmutableIntegerModuloP yElem = ops.getField().getElement(y);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	152	AffinePoint affP = new AffinePoint(xElem, yElem);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	153	byte[] order = key.getParams().getOrder().toByteArray();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	154	ArrayUtil.reverse(order);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	155	Point product = ops.multiply(affP, order);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	156	if (!ops.isNeutral(product)) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	157	throw new ProviderException("point has incorrect order");
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	158	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	159
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	160	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	161
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	162	// see JCE spec
3863 8e0f58b1c072 6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: 3492 diff changeset	163	@Override
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	164	protected byte[] engineGenerateSecret() throws IllegalStateException {
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	165	if ((privateKey == null) \|\| (publicKey == null)) {
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	166	throw new IllegalStateException("Not initialized correctly");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	167	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	168
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	169	Optional<byte[]> resultOpt = deriveKeyImpl(privateKey, publicKey);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	170	byte[] result = resultOpt.orElseGet(
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	171	() -> deriveKeyNative(privateKey, publicKey)
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	172	);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	173	publicKey = null;
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	174	return result;
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	175	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	176
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	177	// see JCE spec
3863 8e0f58b1c072 6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: 3492 diff changeset	178	@Override
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	179	protected int engineGenerateSecret(byte[] sharedSecret, int
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	180	offset) throws IllegalStateException, ShortBufferException {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	181	if (offset + secretLen > sharedSecret.length) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	182	throw new ShortBufferException("Need " + secretLen
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	183	+ " bytes, only " + (sharedSecret.length - offset)
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	184	+ " available");
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	185	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	186	byte[] secret = engineGenerateSecret();
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	187	System.arraycopy(secret, 0, sharedSecret, offset, secret.length);
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	188	return secret.length;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	189	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	190
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	191	// see JCE spec
3863 8e0f58b1c072 6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: 3492 diff changeset	192	@Override
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	193	protected SecretKey engineGenerateSecret(String algorithm)
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	194	throws IllegalStateException, NoSuchAlgorithmException,
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	195	InvalidKeyException {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	196	if (algorithm == null) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	197	throw new NoSuchAlgorithmException("Algorithm must not be null");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	198	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	199	if (!(algorithm.equals("TlsPremasterSecret"))) {
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	200	throw new NoSuchAlgorithmException
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	201	("Only supported for algorithm TlsPremasterSecret");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	202	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	203	return new SecretKeySpec(engineGenerateSecret(), "TlsPremasterSecret");
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	204	}
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	205
52946 752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	206	private static
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	207	Optional<byte[]> deriveKeyImpl(ECPrivateKey priv, ECPublicKey pubKey) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	208
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	209	ECParameterSpec ecSpec = priv.getParams();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	210	EllipticCurve curve = ecSpec.getCurve();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	211	Optional<ECOperations> opsOpt = ECOperations.forParameters(ecSpec);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	212	if (opsOpt.isEmpty()) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	213	return Optional.empty();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	214	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	215	ECOperations ops = opsOpt.get();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	216	if (! (priv instanceof ECPrivateKeyImpl)) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	217	return Optional.empty();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	218	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	219	ECPrivateKeyImpl privImpl = (ECPrivateKeyImpl) priv;
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	220	byte[] sArr = privImpl.getArrayS();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	221
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	222	// to match the native implementation, validate the public key here
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	223	// and throw ProviderException if it is invalid
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	224	validate(ops, pubKey);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	225
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	226	IntegerFieldModuloP field = ops.getField();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	227	// convert s array into field element and multiply by the cofactor
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	228	MutableIntegerModuloP scalar = field.getElement(sArr).mutable();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	229	SmallValue cofactor =
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	230	field.getSmallValue(priv.getParams().getCofactor());
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	231	scalar.setProduct(cofactor);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	232	int keySize = (curve.getField().getFieldSize() + 7) / 8;
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	233	byte[] privArr = scalar.asByteArray(keySize);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	234
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	235	ImmutableIntegerModuloP x =
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	236	field.getElement(pubKey.getW().getAffineX());
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	237	ImmutableIntegerModuloP y =
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	238	field.getElement(pubKey.getW().getAffineY());
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	239	AffinePoint affPub = new AffinePoint(x, y);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	240	Point product = ops.multiply(affPub, privArr);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	241	if (ops.isNeutral(product)) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	242	throw new ProviderException("Product is zero");
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	243	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	244	AffinePoint affProduct = product.asAffine();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	245
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	246	byte[] result = affProduct.getX().asByteArray(keySize);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	247	ArrayUtil.reverse(result);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	248
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	249	return Optional.of(result);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	250	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	251
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	252	private static
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	253	byte[] deriveKeyNative(ECPrivateKey privateKey, ECPublicKey publicKey) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	254
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	255	ECParameterSpec params = privateKey.getParams();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	256	byte[] s = privateKey.getS().toByteArray();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	257	byte[] encodedParams = // DER OID
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	258	ECUtil.encodeECParameterSpec(null, params);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	259
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	260	byte[] publicValue;
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	261	if (publicKey instanceof ECPublicKeyImpl) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	262	ECPublicKeyImpl ecPub = (ECPublicKeyImpl) publicKey;
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	263	publicValue = ecPub.getEncodedPublicValue();
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	264	} else { // instanceof ECPublicKey
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	265	publicValue =
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	266	ECUtil.encodePoint(publicKey.getW(), params.getCurve());
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	267	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	268
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	269	try {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	270	return deriveKey(s, publicValue, encodedParams);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	271
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	272	} catch (GeneralSecurityException e) {
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	273	throw new ProviderException("Could not derive key", e);
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	274	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	275	}
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	276
752e57845ad2 8208698: Improved ECC Implementation apetcher parents: 52330 diff changeset	277
3492 e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	278	/**
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	279	* Generates a secret key using the public and private keys.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	280	*
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	281	* @param s the private key's S value.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	282	* @param w the public key's W point (in uncompressed form).
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	283	* @param encodedParams the curve's DER encoded object identifier.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	284	*
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	285	* @return byte[] the secret key.
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	286	*/
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	287	private static native byte[] deriveKey(byte[] s, byte[] w,
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	288	byte[] encodedParams) throws GeneralSecurityException;
e549cea58864 6840752: Provide out-of-the-box support for ECC algorithms vinnie parents: diff changeset	289	}

author	apetcher
	Tue, 11 Dec 2018 09:42:45 -0500
changeset 52946	752e57845ad2
parent 52330	df10a0cacf3e
child 53397	bc1de01b3e78
permissions	-rw-r--r--