src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyFactory.java
author apetcher
Tue, 08 May 2018 09:47:28 -0400
changeset 50053 9bc1e6487cbb
child 56589 bafd8be2f970
permissions -rw-r--r--
8171277: Elliptic Curves for Security in Crypto Summary: Implementations of X25519 and X448 key agreement in SunEC Reviewed-by: mullan
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
50053
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     1
/*
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     2
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     4
 *
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     7
 * published by the Free Software Foundation.  Oracle designates this
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     8
 * particular file as subject to the "Classpath" exception as provided
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
     9
 * by Oracle in the LICENSE file that accompanied this code.
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    10
 *
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    11
 * This code is distributed in the hope that it will be useful, but WITHOUT
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    14
 * version 2 for more details (a copy is included in the LICENSE file that
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    15
 * accompanied this code).
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    16
 *
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License version
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    18
 * 2 along with this work; if not, write to the Free Software Foundation,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    20
 *
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    22
 * or visit www.oracle.com if you need additional information or have any
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    23
 * questions.
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    24
 */
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    25
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    26
package sun.security.ec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    27
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    28
import java.security.KeyFactorySpi;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    29
import java.security.Key;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    30
import java.security.PublicKey;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    31
import java.security.PrivateKey;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    32
import java.security.InvalidKeyException;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    33
import java.security.ProviderException;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    34
import java.security.interfaces.XECKey;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    35
import java.security.interfaces.XECPrivateKey;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    36
import java.security.interfaces.XECPublicKey;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    37
import java.security.spec.AlgorithmParameterSpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    38
import java.security.spec.NamedParameterSpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    39
import java.security.spec.KeySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    40
import java.security.spec.InvalidKeySpecException;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    41
import java.security.spec.PKCS8EncodedKeySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    42
import java.security.spec.X509EncodedKeySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    43
import java.security.spec.XECPublicKeySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    44
import java.security.spec.XECPrivateKeySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    45
import java.util.function.Function;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    46
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    47
public class XDHKeyFactory extends KeyFactorySpi {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    48
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    49
    private XECParameters lockedParams = null;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    50
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    51
    XDHKeyFactory() {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    52
        // do nothing
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    53
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    54
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    55
    protected XDHKeyFactory(AlgorithmParameterSpec paramSpec) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    56
        lockedParams = XECParameters.get(ProviderException::new, paramSpec);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    57
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    58
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    59
    @Override
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    60
    protected Key engineTranslateKey(Key key) throws InvalidKeyException {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    61
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    62
        if (key == null) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    63
            throw new InvalidKeyException("Key must not be null");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    64
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    65
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    66
        if (key instanceof XECKey) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    67
            XECKey xecKey = (XECKey) key;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    68
            XECParameters params = XECParameters.get(InvalidKeyException::new,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    69
                xecKey.getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    70
            checkLockedParams(InvalidKeyException::new, params);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    71
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    72
            if (xecKey instanceof XECPublicKey) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    73
                XECPublicKey publicKey = (XECPublicKey) xecKey;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    74
                return new XDHPublicKeyImpl(params, publicKey.getU());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    75
            } else if (xecKey instanceof XECPrivateKey) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    76
                XECPrivateKey privateKey = (XECPrivateKey) xecKey;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    77
                byte[] scalar = privateKey.getScalar().orElseThrow(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    78
                    () -> new InvalidKeyException("No private key data"));
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    79
                return new XDHPrivateKeyImpl(params, scalar);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    80
            } else {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    81
                throw new InvalidKeyException("Unsupported XECKey subclass");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    82
            }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    83
        } else if (key instanceof PublicKey &&
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    84
                   key.getFormat().equals("X.509")) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    85
            XDHPublicKeyImpl result = new XDHPublicKeyImpl(key.getEncoded());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    86
            checkLockedParams(InvalidKeyException::new, result.getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    87
            return result;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    88
        } else if (key instanceof PrivateKey &&
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    89
                   key.getFormat().equals("PKCS#8")) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    90
            XDHPrivateKeyImpl result =  new XDHPrivateKeyImpl(key.getEncoded());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    91
            checkLockedParams(InvalidKeyException::new, result.getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    92
            return result;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    93
        } else {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    94
            throw new InvalidKeyException("Unsupported key type or format");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    95
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    96
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    97
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    98
    private
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
    99
    <T extends Throwable>
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   100
    void checkLockedParams(Function<String, T> exception,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   101
                           AlgorithmParameterSpec spec) throws T {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   102
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   103
        XECParameters params = XECParameters.get(exception, spec);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   104
        checkLockedParams(exception, params);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   105
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   106
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   107
    private
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   108
    <T extends Throwable>
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   109
    void checkLockedParams(Function<String, T> exception,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   110
                           XECParameters params) throws T {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   111
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   112
        if (lockedParams != null && lockedParams != params) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   113
            throw exception.apply("Parameters must be " +
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   114
                lockedParams.getName());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   115
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   116
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   117
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   118
    @Override
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   119
    protected PublicKey engineGeneratePublic(KeySpec keySpec)
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   120
        throws InvalidKeySpecException {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   121
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   122
        try {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   123
             return generatePublicImpl(keySpec);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   124
        } catch (InvalidKeyException ex) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   125
            throw new InvalidKeySpecException(ex);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   126
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   127
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   128
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   129
    @Override
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   130
    protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   131
        throws InvalidKeySpecException {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   132
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   133
        try {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   134
            return generatePrivateImpl(keySpec);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   135
        } catch (InvalidKeyException ex) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   136
            throw new InvalidKeySpecException(ex);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   137
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   138
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   139
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   140
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   141
    private PublicKey generatePublicImpl(KeySpec keySpec)
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   142
        throws InvalidKeyException, InvalidKeySpecException {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   143
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   144
        if (keySpec instanceof X509EncodedKeySpec) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   145
            X509EncodedKeySpec x509Spec = (X509EncodedKeySpec) keySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   146
            XDHPublicKeyImpl result =
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   147
                new XDHPublicKeyImpl(x509Spec.getEncoded());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   148
            checkLockedParams(InvalidKeySpecException::new,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   149
                result.getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   150
            return result;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   151
        } else if (keySpec instanceof XECPublicKeySpec) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   152
            XECPublicKeySpec publicKeySpec = (XECPublicKeySpec) keySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   153
            XECParameters params = XECParameters.get(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   154
                InvalidKeySpecException::new, publicKeySpec.getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   155
            checkLockedParams(InvalidKeySpecException::new, params);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   156
            return new XDHPublicKeyImpl(params, publicKeySpec.getU());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   157
        } else {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   158
            throw new InvalidKeySpecException(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   159
                "Only X509EncodedKeySpec and XECPublicKeySpec are supported");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   160
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   161
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   162
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   163
    private PrivateKey generatePrivateImpl(KeySpec keySpec)
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   164
        throws InvalidKeyException, InvalidKeySpecException {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   165
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   166
        if (keySpec instanceof PKCS8EncodedKeySpec) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   167
            PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec) keySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   168
            XDHPrivateKeyImpl result =
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   169
                new XDHPrivateKeyImpl(pkcsSpec.getEncoded());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   170
            checkLockedParams(InvalidKeySpecException::new,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   171
                result.getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   172
            return result;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   173
        } else if (keySpec instanceof XECPrivateKeySpec) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   174
            XECPrivateKeySpec privateKeySpec = (XECPrivateKeySpec) keySpec;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   175
            XECParameters params = XECParameters.get(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   176
                InvalidKeySpecException::new, privateKeySpec.getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   177
            checkLockedParams(InvalidKeySpecException::new, params);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   178
            return new XDHPrivateKeyImpl(params, privateKeySpec.getScalar());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   179
        } else {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   180
            throw new InvalidKeySpecException(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   181
                "Only PKCS8EncodedKeySpec and XECPrivateKeySpec supported");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   182
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   183
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   184
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   185
    protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   186
            throws InvalidKeySpecException {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   187
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   188
        if (key instanceof XECPublicKey) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   189
            checkLockedParams(InvalidKeySpecException::new,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   190
                ((XECPublicKey) key).getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   191
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   192
            if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   193
                if (!key.getFormat().equals("X.509")) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   194
                    throw new InvalidKeySpecException("Format is not X.509");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   195
                }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   196
                return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   197
            } else if (XECPublicKeySpec.class.isAssignableFrom(keySpec)) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   198
                XECPublicKey xecKey = (XECPublicKey) key;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   199
                return keySpec.cast(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   200
                    new XECPublicKeySpec(xecKey.getParams(), xecKey.getU()));
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   201
            } else {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   202
                throw new InvalidKeySpecException(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   203
                    "KeySpec must be X509EncodedKeySpec or XECPublicKeySpec");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   204
            }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   205
        } else if (key instanceof XECPrivateKey) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   206
            checkLockedParams(InvalidKeySpecException::new,
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   207
                ((XECPrivateKey) key).getParams());
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   208
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   209
            if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   210
                if (!key.getFormat().equals("PKCS#8")) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   211
                    throw new InvalidKeySpecException("Format is not PKCS#8");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   212
                }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   213
                return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   214
            } else if (XECPrivateKeySpec.class.isAssignableFrom(keySpec)) {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   215
                XECPrivateKey xecKey = (XECPrivateKey) key;
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   216
                byte[] scalar = xecKey.getScalar().orElseThrow(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   217
                    () -> new InvalidKeySpecException("No private key value")
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   218
                );
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   219
                return keySpec.cast(
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   220
                    new XECPrivateKeySpec(xecKey.getParams(), scalar));
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   221
            } else {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   222
                throw new InvalidKeySpecException
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   223
                ("KeySpec must be PKCS8EncodedKeySpec or XECPrivateKeySpec");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   224
            }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   225
        } else {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   226
            throw new InvalidKeySpecException("Unsupported key type");
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   227
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   228
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   229
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   230
    static class X25519 extends XDHKeyFactory {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   231
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   232
        public X25519() {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   233
            super(NamedParameterSpec.X25519);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   234
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   235
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   236
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   237
    static class X448 extends XDHKeyFactory {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   238
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   239
        public X448() {
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   240
            super(NamedParameterSpec.X448);
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   241
        }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   242
    }
9bc1e6487cbb 8171277: Elliptic Curves for Security in Crypto
apetcher
parents:
diff changeset
   243
}