diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric')
17 files changed, 689 insertions, 668 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java index 3e16254..2efffbf 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java @@ -32,6 +32,13 @@ public class DSA provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); + provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA"); + provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA"); + provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224"); + provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256"); + provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384"); + provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512"); + addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java index 4c2ca28..d06e05c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java @@ -67,6 +67,13 @@ public class EC provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); + provider.addAlgorithm("Signature.DETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); + provider.addAlgorithm("Signature.SHA1WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); + provider.addAlgorithm("Signature.SHA224WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA224"); + provider.addAlgorithm("Signature.SHA256WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA256"); + provider.addAlgorithm("Signature.SHA384WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA384"); + provider.addAlgorithm("Signature.SHA512WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA512"); + addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java index c9462a6..f2b5314 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java @@ -50,17 +50,34 @@ public class KeyAgreementSpi private byte[] bigIntToBytes( BigInteger r) { + // + // RFC 2631 (2.1.2) specifies that the secret should be padded with leading zeros if necessary + // must be the same length as p + // + int expectedLength = (p.bitLength() + 7) / 8; + byte[] tmp = r.toByteArray(); - - if (tmp[0] == 0) + + if (tmp.length == expectedLength) + { + return tmp; + } + + if (tmp[0] == 0 && tmp.length == expectedLength + 1) { - byte[] ntmp = new byte[tmp.length - 1]; + byte[] rv = new byte[tmp.length - 1]; - System.arraycopy(tmp, 1, ntmp, 0, ntmp.length); - return ntmp; + System.arraycopy(tmp, 1, rv, 0, rv.length); + return rv; } - - return tmp; + + // tmp must be shorter than expectedLength + // pad to the left with zeros. + byte[] rv = new byte[expectedLength]; + + System.arraycopy(tmp, 0, rv, rv.length - tmp.length, tmp.length); + + return rv; } protected Key engineDoPhase( diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java index ef12b4f..ade49b3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java @@ -29,6 +29,7 @@ import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.digests.SHA384Digest; import org.bouncycastle.crypto.digests.SHA512Digest; import org.bouncycastle.crypto.params.ParametersWithRandom; +import org.bouncycastle.crypto.signers.HMacDSAKCalculator; public class DSASigner extends SignatureSpi @@ -220,6 +221,15 @@ public class DSASigner } } + static public class detDSA + extends DSASigner + { + public detDSA() + { + super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA1Digest()))); + } + } + static public class dsa224 extends DSASigner { @@ -228,7 +238,16 @@ public class DSASigner super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); } } - + + static public class detDSA224 + extends DSASigner + { + public detDSA224() + { + super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA224Digest()))); + } + } + static public class dsa256 extends DSASigner { @@ -237,7 +256,16 @@ public class DSASigner super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); } } - + + static public class detDSA256 + extends DSASigner + { + public detDSA256() + { + super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA256Digest()))); + } + } + static public class dsa384 extends DSASigner { @@ -246,7 +274,16 @@ public class DSASigner super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); } } - + + static public class detDSA384 + extends DSASigner + { + public detDSA384() + { + super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA384Digest()))); + } + } + static public class dsa512 extends DSASigner { @@ -256,6 +293,15 @@ public class DSASigner } } + static public class detDSA512 + extends DSASigner + { + public detDSA512() + { + super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA512Digest()))); + } + } + static public class noneDSA extends DSASigner { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java index 56fe741..9b7e797 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java @@ -119,8 +119,8 @@ public class BCDSTU4145PrivateKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), dp.getN(), dp.getH().intValue()); } @@ -150,8 +150,8 @@ public class BCDSTU4145PrivateKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), dp.getN(), dp.getH().intValue()); } @@ -162,8 +162,8 @@ public class BCDSTU4145PrivateKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), spec.getN(), spec.getH().intValue()); } @@ -206,8 +206,8 @@ public class BCDSTU4145PrivateKey oid.getId(), ellipticCurve, new ECPoint( - gParam.getG().getX().toBigInteger(), - gParam.getG().getY().toBigInteger()), + gParam.getG().getAffineXCoord().toBigInteger(), + gParam.getG().getAffineYCoord().toBigInteger()), gParam.getN(), gParam.getH()); } @@ -219,8 +219,8 @@ public class BCDSTU4145PrivateKey ECUtil.getCurveName(oid), ellipticCurve, new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH()); } @@ -237,8 +237,8 @@ public class BCDSTU4145PrivateKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH().intValue()); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java index a060ae6..c641ee9 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java @@ -16,7 +16,6 @@ import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.ua.DSTU4145BinaryField; import org.bouncycastle.asn1.ua.DSTU4145ECBinary; @@ -28,13 +27,9 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ECPoint; -import org.bouncycastle.asn1.x9.X9IntegerConverter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -88,7 +83,7 @@ public class BCDSTU4145PublicKey { org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false); + q = s.getCurve().createPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); } this.ecSpec = null; } @@ -157,8 +152,8 @@ public class BCDSTU4145PublicKey return new ECParameterSpec( ellipticCurve, new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), dp.getN(), dp.getH().intValue()); } @@ -191,155 +186,79 @@ public class BCDSTU4145PublicKey private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) { - if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145be) || info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) - { - DERBitString bits = info.getPublicKeyData(); - ASN1OctetString key; - this.algorithm = "DSTU4145"; - - try - { - key = (ASN1OctetString)ASN1Primitive.fromByteArray(bits.getBytes()); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - - byte[] keyEnc = key.getOctets(); - - if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) - { - reverseBytes(keyEnc); - } - - dstuParams = DSTU4145Params.getInstance((ASN1Sequence)info.getAlgorithm().getParameters()); + DERBitString bits = info.getPublicKeyData(); + ASN1OctetString key; + this.algorithm = "DSTU4145"; - //ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - org.bouncycastle.jce.spec.ECParameterSpec spec = null; - if (dstuParams.isNamedCurve()) - { - ASN1ObjectIdentifier curveOid = dstuParams.getNamedCurve(); - ECDomainParameters ecP = DSTU4145NamedCurves.getByOID(curveOid); + try + { + key = (ASN1OctetString)ASN1Primitive.fromByteArray(bits.getBytes()); + } + catch (IOException ex) + { + throw new IllegalArgumentException("error recovering public key"); + } - spec = new ECNamedCurveParameterSpec(curveOid.getId(), ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed()); - } - else - { - DSTU4145ECBinary binary = dstuParams.getECBinary(); - byte[] b_bytes = binary.getB(); - if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) - { - reverseBytes(b_bytes); - } - DSTU4145BinaryField field = binary.getField(); - ECCurve curve = new ECCurve.F2m(field.getM(), field.getK1(), field.getK2(), field.getK3(), binary.getA(), new BigInteger(1, b_bytes)); - byte[] g_bytes = binary.getG(); - if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) - { - reverseBytes(g_bytes); - } - spec = new org.bouncycastle.jce.spec.ECParameterSpec(curve, DSTU4145PointEncoder.decodePoint(curve, g_bytes), binary.getN()); - } + byte[] keyEnc = key.getOctets(); - ECCurve curve = spec.getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); + if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) + { + reverseBytes(keyEnc); + } - //this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); - this.q = DSTU4145PointEncoder.decodePoint(curve, keyEnc); + dstuParams = DSTU4145Params.getInstance((ASN1Sequence)info.getAlgorithm().getParameters()); - if (dstuParams.isNamedCurve()) - { - ecSpec = new ECNamedCurveSpec( - dstuParams.getNamedCurve().getId(), - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), spec.getH()); - } - else - { - ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), spec.getH().intValue()); - } + //ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); + org.bouncycastle.jce.spec.ECParameterSpec spec = null; + if (dstuParams.isNamedCurve()) + { + ASN1ObjectIdentifier curveOid = dstuParams.getNamedCurve(); + ECDomainParameters ecP = DSTU4145NamedCurves.getByOID(curveOid); + spec = new ECNamedCurveParameterSpec(curveOid.getId(), ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed()); } else { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithm().getParameters()); - ECCurve curve; - EllipticCurve ellipticCurve; - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters(); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - else if (params.isImplicitlyCA()) + DSTU4145ECBinary binary = dstuParams.getECBinary(); + byte[] b_bytes = binary.getB(); + if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) { - ecSpec = null; - curve = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getCurve(); + reverseBytes(b_bytes); } - else + DSTU4145BinaryField field = binary.getField(); + ECCurve curve = new ECCurve.F2m(field.getM(), field.getK1(), field.getK2(), field.getK3(), binary.getA(), new BigInteger(1, b_bytes)); + byte[] g_bytes = binary.getG(); + if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); + reverseBytes(g_bytes); } + spec = new org.bouncycastle.jce.spec.ECParameterSpec(curve, DSTU4145PointEncoder.decodePoint(curve, g_bytes), binary.getN()); + } - DERBitString bits = info.getPublicKeyData(); - byte[] data = bits.getBytes(); - ASN1OctetString key = new DEROctetString(data); + ECCurve curve = spec.getCurve(); + EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - // - // extra octet string - one of our old certs... - // - if (data[0] == 0x04 && data[1] == data.length - 2 - && (data[2] == 0x02 || data[2] == 0x03)) - { - int qLength = new X9IntegerConverter().getByteLength(curve); - - if (qLength >= data.length - 3) - { - try - { - key = (ASN1OctetString)ASN1Primitive.fromByteArray(data); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - } - } - X9ECPoint derQ = new X9ECPoint(curve, key); + //this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); + this.q = DSTU4145PointEncoder.decodePoint(curve, keyEnc); - this.q = derQ.getPoint(); + if (dstuParams.isNamedCurve()) + { + ecSpec = new ECNamedCurveSpec( + dstuParams.getNamedCurve().getId(), + ellipticCurve, + new ECPoint( + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), + spec.getN(), spec.getH()); + } + else + { + ecSpec = new ECParameterSpec( + ellipticCurve, + new ECPoint( + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), + spec.getN(), spec.getH().intValue()); } } @@ -370,61 +289,18 @@ public class BCDSTU4145PublicKey ASN1Encodable params; SubjectPublicKeyInfo info; - if (algorithm.equals("DSTU4145")) + if (dstuParams != null) { - if (dstuParams != null) - { - params = dstuParams; - } - else - { - if (ecSpec instanceof ECNamedCurveSpec) - { - params = new DSTU4145Params(new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName())); - } - else - { // strictly speaking this may not be applicable... - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - } - - byte[] encKey = DSTU4145PointEncoder.encodePoint(this.q); - - try - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(UAObjectIdentifiers.dstu4145be, params), new DEROctetString(encKey)); - } - catch (IOException e) - { - return null; - } + params = dstuParams; } else { if (ecSpec instanceof ECNamedCurveSpec) { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); + params = new DSTU4145Params(new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName())); } else - { + { // strictly speaking this may not be applicable... ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); X9ECParameters ecP = new X9ECParameters( @@ -436,12 +312,17 @@ public class BCDSTU4145PublicKey params = new X962Parameters(ecP); } + } - ECCurve curve = this.engineGetQ().getCurve(); - ASN1OctetString p = (ASN1OctetString) - new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).toASN1Primitive(); + byte[] encKey = DSTU4145PointEncoder.encodePoint(this.q); - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets()); + try + { + info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(UAObjectIdentifiers.dstu4145be, params), new DEROctetString(encKey)); + } + catch (IOException e) + { + return null; } return KeyUtil.getEncodedSubjectPublicKeyInfo(info); @@ -464,7 +345,7 @@ public class BCDSTU4145PublicKey public ECPoint getW() { - return new ECPoint(q.getX().toBigInteger(), q.getY().toBigInteger()); + return new ECPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); } public org.bouncycastle.math.ec.ECPoint getQ() @@ -473,11 +354,11 @@ public class BCDSTU4145PublicKey { if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp) { - return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getX(), q.getY()); + return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getAffineXCoord(), q.getAffineYCoord()); } else { - return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getX(), q.getY()); + return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getAffineXCoord(), q.getAffineYCoord()); } } @@ -505,8 +386,8 @@ public class BCDSTU4145PublicKey String nl = System.getProperty("line.separator"); buf.append("EC Public Key").append(nl); - buf.append(" X: ").append(this.q.getX().toBigInteger().toString(16)).append(nl); - buf.append(" Y: ").append(this.q.getY().toBigInteger().toString(16)).append(nl); + buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); + buf.append(" Y: ").append(this.q.getAffineYCoord().toBigInteger().toString(16)).append(nl); return buf.toString(); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java index ac04d3c..45d5b08 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java @@ -13,14 +13,11 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -138,8 +135,8 @@ public class BCECPrivateKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), dp.getN(), dp.getH().intValue()); } @@ -171,22 +168,16 @@ public class BCECPrivateKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), dp.getN(), dp.getH().intValue()); } else { EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), - spec.getH().intValue()); + + this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec); } publicKey = getPublicKeyDetails(pubKey); @@ -223,34 +214,16 @@ public class BCECPrivateKey { ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - if (ecP == null) // GOST Curve - { - ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(oid), - ellipticCurve, - new ECPoint( - gParam.getG().getX().toBigInteger(), - gParam.getG().getY().toBigInteger()), - gParam.getN(), - gParam.getH()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), - ecP.getN(), - ecP.getH()); - } + EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); + + ecSpec = new ECNamedCurveSpec( + ECUtil.getCurveName(oid), + ellipticCurve, + new ECPoint( + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), + ecP.getN(), + ecP.getH()); } else if (params.isImplicitlyCA()) { @@ -264,16 +237,16 @@ public class BCECPrivateKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH().intValue()); } ASN1Encodable privKey = info.parsePrivateKey(); - if (privKey instanceof DERInteger) + if (privKey instanceof ASN1Integer) { - DERInteger derD = DERInteger.getInstance(privKey); + ASN1Integer derD = ASN1Integer.getInstance(privKey); this.d = derD.getValue(); } @@ -313,11 +286,12 @@ public class BCECPrivateKey if (ecSpec instanceof ECNamedCurveSpec) { - DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); + ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); if (curveOid == null) // guess it's the OID { - curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); + curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); } + params = new X962Parameters(curveOid); } else if (ecSpec == null) @@ -352,15 +326,7 @@ public class BCECPrivateKey try { - if (algorithm.equals("ECGOST3410")) - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } - else - { - - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } + info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), keyStructure); return info.getEncoded(ASN1Encoding.DER); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java index 2b61727..0eaae1d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java @@ -90,7 +90,7 @@ public class BCECPublicKey { org.bouncycastle.jce.spec.ECParameterSpec s = configuration.getEcImplicitlyCa(); - q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false); + q = s.getCurve().createPoint(q.getXCoord().toBigInteger(), q.getYCoord().toBigInteger(), false); } this.ecSpec = null; } @@ -188,8 +188,8 @@ public class BCECPublicKey return new ECParameterSpec( ellipticCurve, new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), dp.getN(), dp.getH().intValue()); } @@ -212,8 +212,8 @@ public class BCECPublicKey ECUtil.getCurveName(oid), ellipticCurve, new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH()); } @@ -232,8 +232,8 @@ public class BCECPublicKey this.ecSpec = new ECParameterSpec( ellipticCurve, new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH().intValue()); } @@ -310,8 +310,19 @@ public class BCECPublicKey } ECCurve curve = this.engineGetQ().getCurve(); - ASN1OctetString p = (ASN1OctetString) - new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).toASN1Primitive(); + ASN1OctetString p; + + // stored curve is null if ImplicitlyCa + if (ecSpec == null) + { + p = (ASN1OctetString) + new X9ECPoint(curve.createPoint(this.getQ().getXCoord().toBigInteger(), this.getQ().getYCoord().toBigInteger(), withCompression)).toASN1Primitive(); + } + else + { + p = (ASN1OctetString) + new X9ECPoint(curve.createPoint(this.getQ().getAffineXCoord().toBigInteger(), this.getQ().getAffineYCoord().toBigInteger(), withCompression)).toASN1Primitive(); + } info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets()); @@ -351,7 +362,7 @@ public class BCECPublicKey public ECPoint getW() { - return new ECPoint(q.getX().toBigInteger(), q.getY().toBigInteger()); + return new ECPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); } public org.bouncycastle.math.ec.ECPoint getQ() @@ -360,11 +371,11 @@ public class BCECPublicKey { if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp) { - return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getX(), q.getY()); + return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getAffineXCoord(), q.getAffineYCoord()); } else { - return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getX(), q.getY()); + return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getAffineXCoord(), q.getAffineYCoord()); } } @@ -392,8 +403,8 @@ public class BCECPublicKey String nl = System.getProperty("line.separator"); buf.append("EC Public Key").append(nl); - buf.append(" X: ").append(this.q.getX().toBigInteger().toString(16)).append(nl); - buf.append(" Y: ").append(this.q.getY().toBigInteger().toString(16)).append(nl); + buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); + buf.append(" Y: ").append(this.q.getAffineYCoord().toBigInteger().toString(16)).append(nl); return buf.toString(); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java index c609d95..0556378 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java @@ -15,7 +15,7 @@ import javax.crypto.SecretKey; import javax.crypto.ShortBufferException; import javax.crypto.spec.SecretKeySpec; -import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x9.X9IntegerConverter; @@ -76,7 +76,7 @@ public class KeyAgreementSpi private byte[] bigIntToBytes( BigInteger r) { - return converter.integerToBytes(r, converter.getByteLength(parameters.getG().getX())); + return converter.integerToBytes(r, converter.getByteLength(parameters.getG().getAffineXCoord())); } protected KeyAgreementSpi( @@ -185,7 +185,7 @@ public class KeyAgreementSpi int keySize = ((Integer)algorithms.get(algorithm)).intValue(); - DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret); + DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(algorithm), keySize, secret); byte[] keyBytes = new byte[keySize / 8]; kdf.init(params); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java index 5e1a8a3..f47f8a2 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java @@ -10,10 +10,7 @@ import java.security.spec.ECGenParameterSpec; import java.util.Hashtable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -import org.bouncycastle.asn1.x9.X962NamedCurves; +import org.bouncycastle.asn1.x9.ECNamedCurveTable; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.crypto.AsymmetricCipherKeyPair; import org.bouncycastle.crypto.generators.ECKeyPairGenerator; @@ -148,47 +145,23 @@ public abstract class KeyPairGeneratorSpi curveName = ((ECNamedCurveGenParameterSpec)params).getName(); } - X9ECParameters ecP = X962NamedCurves.getByName(curveName); + X9ECParameters ecP = ECNamedCurveTable.getByName(curveName); if (ecP == null) { - ecP = SECNamedCurves.getByName(curveName); - if (ecP == null) + // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) + try { - ecP = NISTNamedCurves.getByName(curveName); - } - if (ecP == null) - { - ecP = TeleTrusTNamedCurves.getByName(curveName); - } - if (ecP == null) - { - // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) - try + ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(curveName); + ecP = ECNamedCurveTable.getByOID(oid); + if (ecP == null) { - ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(curveName); - ecP = X962NamedCurves.getByOID(oid); - if (ecP == null) - { - ecP = SECNamedCurves.getByOID(oid); - } - if (ecP == null) - { - ecP = NISTNamedCurves.getByOID(oid); - } - if (ecP == null) - { - ecP = TeleTrusTNamedCurves.getByOID(oid); - } - if (ecP == null) - { - throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); - } - } - catch (IllegalArgumentException ex) - { - throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); + throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); } } + catch (IllegalArgumentException ex) + { + throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); + } } this.ecParams = new ECNamedCurveSpec( diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java index 29c50f4..e94746c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java @@ -25,6 +25,7 @@ import org.bouncycastle.crypto.digests.SHA512Digest; import org.bouncycastle.crypto.params.ParametersWithRandom; import org.bouncycastle.crypto.signers.ECDSASigner; import org.bouncycastle.crypto.signers.ECNRSigner; +import org.bouncycastle.crypto.signers.HMacDSAKCalculator; import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; @@ -73,6 +74,15 @@ public class SignatureSpi } } + static public class ecDetDSA + extends SignatureSpi + { + public ecDetDSA() + { + super(new SHA1Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA1Digest())), new StdDSAEncoder()); + } + } + static public class ecDSAnone extends SignatureSpi { @@ -91,6 +101,15 @@ public class SignatureSpi } } + static public class ecDetDSA224 + extends SignatureSpi + { + public ecDetDSA224() + { + super(new SHA224Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA224Digest())), new StdDSAEncoder()); + } + } + static public class ecDSA256 extends SignatureSpi { @@ -100,6 +119,15 @@ public class SignatureSpi } } + static public class ecDetDSA256 + extends SignatureSpi + { + public ecDetDSA256() + { + super(new SHA256Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())), new StdDSAEncoder()); + } + } + static public class ecDSA384 extends SignatureSpi { @@ -109,6 +137,15 @@ public class SignatureSpi } } + static public class ecDetDSA384 + extends SignatureSpi + { + public ecDetDSA384() + { + super(new SHA384Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA384Digest())), new StdDSAEncoder()); + } + } + static public class ecDSA512 extends SignatureSpi { @@ -118,6 +155,15 @@ public class SignatureSpi } } + static public class ecDetDSA512 + extends SignatureSpi + { + public ecDetDSA512() + { + super(new SHA512Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA512Digest())), new StdDSAEncoder()); + } + } + static public class ecDSARipeMD160 extends SignatureSpi { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java index 88d81c0..2b1c3fa 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java @@ -14,27 +14,32 @@ import java.util.Enumeration; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; +import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; +import org.bouncycastle.jce.ECGOST3410NamedCurveTable; import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.math.ec.ECCurve; @@ -43,10 +48,11 @@ public class BCECGOST3410PrivateKey { static final long serialVersionUID = 7245981689601667138L; - private String algorithm = "ECGOST3410"; - private boolean withCompression; + private String algorithm = "ECGOST3410"; + private boolean withCompression; - private transient BigInteger d; + private transient GOST3410PublicKeyAlgParameters gostParams; + private transient BigInteger d; private transient ECParameterSpec ecSpec; private transient DERBitString publicKey; private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); @@ -99,6 +105,7 @@ public class BCECGOST3410PrivateKey this.withCompression = key.withCompression; this.attrCarrier = key.attrCarrier; this.publicKey = key.publicKey; + this.gostParams = key.gostParams; } public BCECGOST3410PrivateKey( @@ -107,7 +114,7 @@ public class BCECGOST3410PrivateKey BCECGOST3410PublicKey pubKey, ECParameterSpec spec) { - ECDomainParameters dp = params.getParameters(); + ECDomainParameters dp = params.getParameters(); this.algorithm = algorithm; this.d = params.getD(); @@ -117,18 +124,20 @@ public class BCECGOST3410PrivateKey EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), - dp.getN(), - dp.getH().intValue()); + ellipticCurve, + new ECPoint( + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), + dp.getN(), + dp.getH().intValue()); } else { this.ecSpec = spec; } + this.gostParams = pubKey.getGostParams(); + publicKey = getPublicKeyDetails(pubKey); } @@ -138,7 +147,7 @@ public class BCECGOST3410PrivateKey BCECGOST3410PublicKey pubKey, org.bouncycastle.jce.spec.ECParameterSpec spec) { - ECDomainParameters dp = params.getParameters(); + ECDomainParameters dp = params.getParameters(); this.algorithm = algorithm; this.d = params.getD(); @@ -148,26 +157,28 @@ public class BCECGOST3410PrivateKey EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), - dp.getN(), - dp.getH().intValue()); + ellipticCurve, + new ECPoint( + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), + dp.getN(), + dp.getH().intValue()); } else { EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - + this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), - spec.getH().intValue()); + ellipticCurve, + new ECPoint( + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), + spec.getN(), + spec.getH().intValue()); } + this.gostParams = pubKey.getGostParams(); + publicKey = getPublicKeyDetails(pubKey); } @@ -190,72 +201,107 @@ public class BCECGOST3410PrivateKey private void populateFromPrivKeyInfo(PrivateKeyInfo info) throws IOException { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getPrivateKeyAlgorithm().getParameters()); + ASN1Primitive p = info.getPrivateKeyAlgorithm().getParameters().toASN1Primitive(); + + if (p instanceof ASN1Sequence && (ASN1Sequence.getInstance(p).size() == 2 || ASN1Sequence.getInstance(p).size() == 3)) + { + gostParams = GOST3410PublicKeyAlgParameters.getInstance(info.getPrivateKeyAlgorithm().getParameters()); + + ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - if (params.isNamedCurve()) + ECCurve curve = spec.getCurve(); + EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); + + ecSpec = new ECNamedCurveSpec( + ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), + ellipticCurve, + new ECPoint( + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), + spec.getN(), spec.getH()); + + ASN1Encodable privKey = info.parsePrivateKey(); + + byte[] encVal = ASN1OctetString.getInstance(privKey).getOctets(); + byte[] dVal = new byte[encVal.length]; + + for (int i = 0; i != encVal.length; i++) + { + dVal[i] = encVal[encVal.length - 1 - i]; + } + + this.d = new BigInteger(1, dVal); + } + else { - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); + // for backwards compatibility + X962Parameters params = X962Parameters.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - if (ecP == null) // GOST Curve + if (params.isNamedCurve()) { - ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); + ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); + X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - ecSpec = new ECNamedCurveSpec( + if (ecP == null) // GOST Curve + { + ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); + EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); + + ecSpec = new ECNamedCurveSpec( ECGOST3410NamedCurves.getName(oid), ellipticCurve, new ECPoint( - gParam.getG().getX().toBigInteger(), - gParam.getG().getY().toBigInteger()), + gParam.getG().getAffineXCoord().toBigInteger(), + gParam.getG().getAffineYCoord().toBigInteger()), gParam.getN(), gParam.getH()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); + } + else + { + EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - ecSpec = new ECNamedCurveSpec( + ecSpec = new ECNamedCurveSpec( ECUtil.getCurveName(oid), ellipticCurve, new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), ecP.getN(), ecP.getH()); + } } - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); + else if (params.isImplicitlyCA()) + { + ecSpec = null; + } + else + { + X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); + EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } + this.ecSpec = new ECParameterSpec( + ellipticCurve, + new ECPoint( + ecP.getG().getAffineXCoord().toBigInteger(), + ecP.getG().getAffineYCoord().toBigInteger()), + ecP.getN(), + ecP.getH().intValue()); + } - ASN1Encodable privKey = info.parsePrivateKey(); - if (privKey instanceof DERInteger) - { - DERInteger derD = DERInteger.getInstance(privKey); + ASN1Encodable privKey = info.parsePrivateKey(); + if (privKey instanceof DERInteger) + { + DERInteger derD = DERInteger.getInstance(privKey); - this.d = derD.getValue(); - } - else - { - org.bouncycastle.asn1.sec.ECPrivateKey ec = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(privKey); + this.d = derD.getValue(); + } + else + { + org.bouncycastle.asn1.sec.ECPrivateKey ec = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(privKey); - this.d = ec.getKey(); - this.publicKey = ec.getPublicKey(); + this.d = ec.getKey(); + this.publicKey = ec.getPublicKey(); + } } } @@ -282,64 +328,92 @@ public class BCECGOST3410PrivateKey */ public byte[] getEncoded() { - X962Parameters params; - - if (ecSpec instanceof ECNamedCurveSpec) + if (gostParams != null) { - DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) // guess it's the OID + byte[] encKey = new byte[32]; + + extractBytes(encKey, 0, this.getS()); + + try { - curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); + PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, gostParams), new DEROctetString(encKey)); + + return info.getEncoded(ASN1Encoding.DER); + } + catch (IOException e) + { + return null; } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); } else { - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); + X962Parameters params; - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); + if (ecSpec instanceof ECNamedCurveSpec) + { + DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); + if (curveOid == null) // guess it's the OID + { + curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); + } + params = new X962Parameters(curveOid); + } + else if (ecSpec == null) + { + params = new X962Parameters(DERNull.INSTANCE); + } + else + { + ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - params = new X962Parameters(ecP); - } - - PrivateKeyInfo info; - org.bouncycastle.asn1.sec.ECPrivateKey keyStructure; + X9ECParameters ecP = new X9ECParameters( + curve, + EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), + ecSpec.getOrder(), + BigInteger.valueOf(ecSpec.getCofactor()), + ecSpec.getCurve().getSeed()); - if (publicKey != null) - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params); - } - else - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params); - } + params = new X962Parameters(ecP); + } - try - { - if (algorithm.equals("ECGOST3410")) + PrivateKeyInfo info; + org.bouncycastle.asn1.sec.ECPrivateKey keyStructure; + + if (publicKey != null) { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params); } else { + keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params); + } + + try + { + info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); + return info.getEncoded(ASN1Encoding.DER); } + catch (IOException e) + { + return null; + } + } + } - return info.getEncoded(ASN1Encoding.DER); + private void extractBytes(byte[] encKey, int offSet, BigInteger bI) + { + byte[] val = bI.toByteArray(); + if (val.length < 32) + { + byte[] tmp = new byte[32]; + System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length); + val = tmp; } - catch (IOException e) + + for (int i = 0; i != 32; i++) { - return null; + encKey[offSet + i] = val[val.length - 1 - i]; } } @@ -354,7 +428,7 @@ public class BCECGOST3410PrivateKey { return null; } - + return EC5Util.convertSpec(ecSpec, withCompression); } @@ -377,10 +451,10 @@ public class BCECGOST3410PrivateKey { return d; } - + public void setBagAttribute( ASN1ObjectIdentifier oid, - ASN1Encodable attribute) + ASN1Encodable attribute) { attrCarrier.setBagAttribute(oid, attribute); } @@ -398,7 +472,7 @@ public class BCECGOST3410PrivateKey public void setPointFormat(String style) { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); + withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); } public boolean equals(Object o) @@ -420,8 +494,8 @@ public class BCECGOST3410PrivateKey public String toString() { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); buf.append("EC Private Key").append(nl); buf.append(" S: ").append(this.d.toString(16)).append(nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java index b7a1170..650855e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java @@ -11,12 +11,9 @@ import java.security.spec.ECPublicKeySpec; import java.security.spec.EllipticCurve; import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; @@ -25,13 +22,9 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ECPoint; -import org.bouncycastle.asn1.x9.X9IntegerConverter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; import org.bouncycastle.jce.ECGOST3410NamedCurveTable; import org.bouncycastle.jce.interfaces.ECPointEncoder; @@ -45,12 +38,12 @@ public class BCECGOST3410PublicKey { static final long serialVersionUID = 7026240464295649314L; - private String algorithm = "ECGOST3410"; - private boolean withCompression; + private String algorithm = "ECGOST3410"; + private boolean withCompression; private transient org.bouncycastle.math.ec.ECPoint q; - private transient ECParameterSpec ecSpec; - private transient GOST3410PublicKeyAlgParameters gostParams; + private transient ECParameterSpec ecSpec; + private transient GOST3410PublicKeyAlgParameters gostParams; public BCECGOST3410PublicKey( BCECGOST3410PublicKey key) @@ -60,7 +53,7 @@ public class BCECGOST3410PublicKey this.withCompression = key.withCompression; this.gostParams = key.gostParams; } - + public BCECGOST3410PublicKey( ECPublicKeySpec spec) { @@ -86,18 +79,18 @@ public class BCECGOST3410PublicKey { org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false); - } + q = s.getCurve().createPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); + } this.ecSpec = null; } } - + public BCECGOST3410PublicKey( String algorithm, ECPublicKeyParameters params, ECParameterSpec spec) { - ECDomainParameters dp = params.getParameters(); + ECDomainParameters dp = params.getParameters(); this.algorithm = algorithm; this.q = params.getQ(); @@ -119,7 +112,7 @@ public class BCECGOST3410PublicKey ECPublicKeyParameters params, org.bouncycastle.jce.spec.ECParameterSpec spec) { - ECDomainParameters dp = params.getParameters(); + ECDomainParameters dp = params.getParameters(); this.algorithm = algorithm; this.q = params.getQ(); @@ -153,14 +146,14 @@ public class BCECGOST3410PublicKey private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp) { return new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getX().toBigInteger(), - dp.getG().getY().toBigInteger()), - dp.getN(), - dp.getH().intValue()); + ellipticCurve, + new ECPoint( + dp.getG().getAffineXCoord().toBigInteger(), + dp.getG().getAffineYCoord().toBigInteger()), + dp.getN(), + dp.getH().intValue()); } - + public BCECGOST3410PublicKey( ECPublicKey key) { @@ -177,125 +170,49 @@ public class BCECGOST3410PublicKey private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) { - if (info.getAlgorithm().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { - DERBitString bits = info.getPublicKeyData(); - ASN1OctetString key; - this.algorithm = "ECGOST3410"; - - try - { - key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - - byte[] keyEnc = key.getOctets(); - byte[] x = new byte[32]; - byte[] y = new byte[32]; - - for (int i = 0; i != x.length; i++) - { - x[i] = keyEnc[32 - 1 - i]; - } - - for (int i = 0; i != y.length; i++) - { - y[i] = keyEnc[64 - 1 - i]; - } - - gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithm().getParameters()); - - ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - - ECCurve curve = spec.getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); + DERBitString bits = info.getPublicKeyData(); + ASN1OctetString key; + this.algorithm = "ECGOST3410"; - this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); + try + { + key = (ASN1OctetString)ASN1Primitive.fromByteArray(bits.getBytes()); + } + catch (IOException ex) + { + throw new IllegalArgumentException("error recovering public key"); + } - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), - ellipticCurve, - new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), - spec.getN(), spec.getH()); + byte[] keyEnc = key.getOctets(); + byte[] x = new byte[32]; + byte[] y = new byte[32]; + for (int i = 0; i != x.length; i++) + { + x[i] = keyEnc[32 - 1 - i]; } - else + + for (int i = 0; i != y.length; i++) { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithm().getParameters()); - ECCurve curve; - EllipticCurve ellipticCurve; + y[i] = keyEnc[64 - 1 - i]; + } - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters(); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - curve = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getCurve(); - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getX().toBigInteger(), - ecP.getG().getY().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } + gostParams = GOST3410PublicKeyAlgParameters.getInstance(info.getAlgorithm().getParameters()); - DERBitString bits = info.getPublicKeyData(); - byte[] data = bits.getBytes(); - ASN1OctetString key = new DEROctetString(data); + ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - // - // extra octet string - one of our old certs... - // - if (data[0] == 0x04 && data[1] == data.length - 2 - && (data[2] == 0x02 || data[2] == 0x03)) - { - int qLength = new X9IntegerConverter().getByteLength(curve); - - if (qLength >= data.length - 3) - { - try - { - key = (ASN1OctetString) ASN1Primitive.fromByteArray(data); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - } - } - X9ECPoint derQ = new X9ECPoint(curve, key); + ECCurve curve = spec.getCurve(); + EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - this.q = derQ.getPoint(); - } + this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y)); + + ecSpec = new ECNamedCurveSpec( + ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), + ellipticCurve, + new ECPoint( + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), + spec.getN(), spec.getH()); } public String getAlgorithm() @@ -310,71 +227,23 @@ public class BCECGOST3410PublicKey public byte[] getEncoded() { - ASN1Encodable params; + ASN1Encodable params; SubjectPublicKeyInfo info; - if (algorithm.equals("ECGOST3410")) + if (gostParams != null) { - if (gostParams != null) - { - params = gostParams; - } - else - { - if (ecSpec instanceof ECNamedCurveSpec) - { - params = new GOST3410PublicKeyAlgParameters( - ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), - CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); - } - else - { // strictly speaking this may not be applicable... - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - } - - BigInteger bX = this.q.getX().toBigInteger(); - BigInteger bY = this.q.getY().toBigInteger(); - byte[] encKey = new byte[64]; - - extractBytes(encKey, 0, bX); - extractBytes(encKey, 32, bY); - - try - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); - } - catch (IOException e) - { - return null; - } + params = gostParams; } else { if (ecSpec instanceof ECNamedCurveSpec) { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); + params = new GOST3410PublicKeyAlgParameters( + ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), + CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); } else - { + { // strictly speaking this may not be applicable... ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); X9ECParameters ecP = new X9ECParameters( @@ -386,12 +255,22 @@ public class BCECGOST3410PublicKey params = new X962Parameters(ecP); } + } + + BigInteger bX = this.q.getAffineXCoord().toBigInteger(); + BigInteger bY = this.q.getAffineYCoord().toBigInteger(); + byte[] encKey = new byte[64]; - ECCurve curve = this.engineGetQ().getCurve(); - ASN1OctetString p = (ASN1OctetString) - new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).toASN1Primitive(); + extractBytes(encKey, 0, bX); + extractBytes(encKey, 32, bY); - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets()); + try + { + info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); + } + catch (IOException e) + { + return null; } return KeyUtil.getEncodedSubjectPublicKeyInfo(info); @@ -430,7 +309,7 @@ public class BCECGOST3410PublicKey public ECPoint getW() { - return new ECPoint(q.getX().toBigInteger(), q.getY().toBigInteger()); + return new ECPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); } public org.bouncycastle.math.ec.ECPoint getQ() @@ -439,11 +318,11 @@ public class BCECGOST3410PublicKey { if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp) { - return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getX(), q.getY()); + return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getAffineXCoord(), q.getAffineYCoord()); } else { - return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getX(), q.getY()); + return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getAffineXCoord(), q.getAffineYCoord()); } } @@ -467,19 +346,19 @@ public class BCECGOST3410PublicKey public String toString() { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); buf.append("EC Public Key").append(nl); - buf.append(" X: ").append(this.q.getX().toBigInteger().toString(16)).append(nl); - buf.append(" Y: ").append(this.q.getY().toBigInteger().toString(16)).append(nl); + buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); + buf.append(" Y: ").append(this.q.getAffineYCoord().toBigInteger().toString(16)).append(nl); return buf.toString(); } - + public void setPointFormat(String style) { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); + withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); } public boolean equals(Object o) @@ -518,4 +397,9 @@ public class BCECGOST3410PublicKey out.writeObject(this.getEncoded()); } + + public GOST3410PublicKeyAlgParameters getGostParams() + { + return gostParams; + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java index ce0e603..a2114fa 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java @@ -1,6 +1,9 @@ package org.bouncycastle.jcajce.provider.asymmetric.rsa; import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.OptionalDataException; import java.math.BigInteger; import java.security.interfaces.RSAPublicKey; import java.security.spec.RSAPublicKeySpec; @@ -15,14 +18,18 @@ import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; public class BCRSAPublicKey implements RSAPublicKey { + private static final AlgorithmIdentifier DEFAULT_ALGORITHM_IDENTIFIER = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE); + static final long serialVersionUID = 2675817738516720772L; - + private BigInteger modulus; private BigInteger publicExponent; + private transient AlgorithmIdentifier algorithmIdentifier; BCRSAPublicKey( RSAKeyParameters key) { + this.algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; this.modulus = key.getModulus(); this.publicExponent = key.getExponent(); } @@ -30,6 +37,7 @@ public class BCRSAPublicKey BCRSAPublicKey( RSAPublicKeySpec spec) { + this.algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; this.modulus = spec.getModulus(); this.publicExponent = spec.getPublicExponent(); } @@ -37,6 +45,7 @@ public class BCRSAPublicKey BCRSAPublicKey( RSAPublicKey key) { + this.algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; this.modulus = key.getModulus(); this.publicExponent = key.getPublicExponent(); } @@ -44,10 +53,16 @@ public class BCRSAPublicKey BCRSAPublicKey( SubjectPublicKeyInfo info) { + populateFromPublicKeyInfo(info); + } + + private void populateFromPublicKeyInfo(SubjectPublicKeyInfo info) + { try { org.bouncycastle.asn1.pkcs.RSAPublicKey pubKey = org.bouncycastle.asn1.pkcs.RSAPublicKey.getInstance(info.parsePublicKey()); + this.algorithmIdentifier = info.getAlgorithm(); this.modulus = pubKey.getModulus(); this.publicExponent = pubKey.getPublicExponent(); } @@ -89,7 +104,7 @@ public class BCRSAPublicKey public byte[] getEncoded() { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); + return KeyUtil.getEncodedSubjectPublicKeyInfo(algorithmIdentifier, new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); } public int hashCode() @@ -126,4 +141,32 @@ public class BCRSAPublicKey return buf.toString(); } + + private void readObject( + ObjectInputStream in) + throws IOException, ClassNotFoundException + { + in.defaultReadObject(); + + try + { + algorithmIdentifier = AlgorithmIdentifier.getInstance(in.readObject()); + } + catch (OptionalDataException e) + { + algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; + } + } + + private void writeObject( + ObjectOutputStream out) + throws IOException + { + out.defaultWriteObject(); + + if (!algorithmIdentifier.equals(DEFAULT_ALGORITHM_IDENTIFIER)) + { + out.writeObject(algorithmIdentifier.getEncoded()); + } + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java index d4065ac..5eea1b9 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java @@ -74,8 +74,8 @@ public class EC5Util ((ECNamedCurveParameterSpec)spec).getName(), ellipticCurve, new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), spec.getN(), spec.getH()); } @@ -84,8 +84,8 @@ public class EC5Util return new ECParameterSpec( ellipticCurve, new ECPoint( - spec.getG().getX().toBigInteger(), - spec.getG().getY().toBigInteger()), + spec.getG().getAffineXCoord().toBigInteger(), + spec.getG().getAffineYCoord().toBigInteger()), spec.getN(), spec.getH().intValue()); } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java index 1888328..32e595c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java @@ -31,7 +31,7 @@ import org.bouncycastle.asn1.x509.X509Extension; * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer * (critical) */ -class X509CRLEntryObject extends X509CRLEntry +public class X509CRLEntryObject extends X509CRLEntry { private TBSCertList.CRLEntry c; @@ -39,7 +39,7 @@ class X509CRLEntryObject extends X509CRLEntry private int hashValue; private boolean isHashValueSet; - public X509CRLEntryObject(TBSCertList.CRLEntry c) + protected X509CRLEntryObject(TBSCertList.CRLEntry c) { this.c = c; this.certificateIssuer = null; @@ -62,7 +62,7 @@ class X509CRLEntryObject extends X509CRLEntry * @param previousCertificateIssuer * Certificate issuer of the previous CRLEntry. */ - public X509CRLEntryObject( + protected X509CRLEntryObject( TBSCertList.CRLEntry c, boolean isIndirect, X500Name previousCertificateIssuer) @@ -211,6 +211,23 @@ class X509CRLEntryObject extends X509CRLEntry return hashValue; } + public boolean equals(Object o) + { + if (o == this) + { + return true; + } + + if (o instanceof X509CRLEntryObject) + { + X509CRLEntryObject other = (X509CRLEntryObject)o; + + return this.c.equals(other.c); + } + + return super.equals(this); + } + public byte[] getEncoded() throws CRLException { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java index 2fc0826..c7d0402 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java @@ -54,13 +54,15 @@ import org.bouncycastle.util.encoders.Hex; * Delta CRL Indicator (critical) * Issuing Distribution Point (critical) */ -class X509CRLObject +public class X509CRLObject extends X509CRL { private CertificateList c; private String sigAlgName; private byte[] sigAlgParams; private boolean isIndirect; + private boolean isHashCodeSet = false; + private int hashCodeValue; static boolean isIndirectCRL(X509CRL crl) throws CRLException @@ -78,7 +80,7 @@ class X509CRLObject } } - public X509CRLObject( + protected X509CRLObject( CertificateList c) throws CRLException { @@ -522,19 +524,21 @@ class X509CRLObject throw new RuntimeException("X.509 CRL used with non X.509 Cert"); } - TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + Enumeration certs = c.getRevokedCertificateEnumeration(); X500Name caName = c.getIssuer(); - if (certs != null) + if (certs.hasMoreElements()) { BigInteger serial = ((X509Certificate)cert).getSerialNumber(); - for (int i = 0; i < certs.length; i++) + while (certs.hasMoreElements()) { - if (isIndirect && certs[i].hasExtensions()) + TBSCertList.CRLEntry entry = TBSCertList.CRLEntry.getInstance(certs.nextElement()); + + if (isIndirect && entry.hasExtensions()) { - Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer); + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); if (currentCaName != null) { @@ -542,7 +546,7 @@ class X509CRLObject } } - if (certs[i].getUserCertificate().getValue().equals(serial)) + if (entry.getUserCertificate().getValue().equals(serial)) { X500Name issuer; @@ -574,5 +578,50 @@ class X509CRLObject return false; } + + public boolean equals(Object other) + { + if (this == other) + { + return true; + } + + if (!(other instanceof X509CRL)) + { + return false; + } + + if (other instanceof X509CRLObject) + { + X509CRLObject crlObject = (X509CRLObject)other; + + if (isHashCodeSet) + { + boolean otherIsHashCodeSet = crlObject.isHashCodeSet; + if (otherIsHashCodeSet) + { + if (crlObject.hashCodeValue != hashCodeValue) + { + return false; + } + } + } + + return this.c.equals(crlObject.c); + } + + return super.equals(other); + } + + public int hashCode() + { + if (!isHashCodeSet) + { + isHashCodeSet = true; + hashCodeValue = super.hashCode(); + } + + return hashCodeValue; + } } |