stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8171277: Elliptic Curves for Security in Crypto

Browse Source 
Implementations of X25519 and X448 key agreement in SunEC

Reviewed-by: mullan
This commit is contained in:
Adam Petcher 2018-05-08 09:47:28 -04:00
parent f15ab37909
commit f5a247a85f
28 changed files with 7938 additions and 95 deletions

47
src/java.base/share/classes/java/security/interfaces/XECKey.java Normal file

@ -0,0 +1,47 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.security.spec.AlgorithmParameterSpec;
/**
* An interface for an elliptic curve public/private key as defined by
* RFC 7748. These keys are distinct from the keys represented by
* {@code ECKey}, and they are intended for use with algorithms based on RFC
* 7748 such as the XDH {@code KeyAgreement} algorithm. This interface allows
* access to the algorithm parameters associated with the key.
*
* @since 11
*/
public interface XECKey {
/**
* Returns the algorithm parameters associated
* with the key.
*
* @return the associated algorithm parameters
*/
AlgorithmParameterSpec getParams();
}

57
src/java.base/share/classes/java/security/interfaces/XECPrivateKey.java Normal file

@ -0,0 +1,57 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.security.PrivateKey;
import java.util.Optional;
/**
* An interface for an elliptic curve private key as defined by RFC 7748.
* These keys are distinct from the keys represented by {@code ECPrivateKey},
* and they are intended for use with algorithms based on RFC 7748 such as the
* XDH {@code KeyAgreement} algorithm.
*
* An XEC private key is an encoded scalar value as described in RFC 7748.
* The decoding procedure defined in this RFC includes an operation that forces
* certain bits of the key to either 1 or 0. This operation is known as
* "pruning" or "clamping" the private key. Arrays returned by this interface
* are unpruned, and implementations will need to prune the array before
* using it in any numerical operations.
*
* @since 11
*/
public interface XECPrivateKey extends XECKey, PrivateKey {
/**
* Get the scalar value encoded as an unpruned byte array. A new copy of
* the array is returned each time this method is called.
*
* @return the unpruned encoded scalar value, or an empty Optional if the
* scalar cannot be extracted (e.g. if the provider is a hardware token
* and the private key is not allowed to leave the crypto boundary).
*/
Optional<byte[]> getScalar();
}

56
src/java.base/share/classes/java/security/interfaces/XECPublicKey.java Normal file

@ -0,0 +1,56 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.math.BigInteger;
import java.security.PublicKey;
/**
* An interface for an elliptic curve public key as defined by RFC 7748.
* These keys are distinct from the keys represented by {@code ECPublicKey},
* and they are intended for use with algorithms based on RFC 7748 such as the
* XDH {@code KeyAgreement} algorithm.
*
* An XEC public key is a particular point on the curve, which is represented
* using only its u-coordinate as described in RFC 7748. A u-coordinate is an
* element of the field of integers modulo some value that is determined by
* the algorithm parameters. This field element is represented by a BigInteger
* which may hold any value. That is, the BigInteger is not restricted to the
* range of canonical field elements.
*
* @since 11
*/
public interface XECPublicKey extends XECKey, PublicKey {
/**
* Get the u coordinate of the point.
*
* @return the u-coordinate, represented using a BigInteger which may hold
* any value
*/
BigInteger getU();
}

30
src/java.base/share/classes/java/security/spec/ECGenParameterSpec.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,9 +34,7 @@ package java.security.spec;
*
* @since 1.5
*/
public class ECGenParameterSpec implements AlgorithmParameterSpec {
private String name;
public class ECGenParameterSpec extends NamedParameterSpec {
/**
* Creates a parameter specification for EC parameter
@ -44,25 +42,15 @@ public class ECGenParameterSpec implements AlgorithmParameterSpec {
* {@code stdName} in order to generate the corresponding
* (precomputed) elliptic curve domain parameters. For the
* list of supported names, please consult the documentation
* of provider whose implementation will be used.
* of the provider whose implementation will be used.
*
* @param stdName the standard name of the to-be-generated EC
* domain parameters.
* @exception NullPointerException if {@code stdName}
* is null.
* domain parameters.
* @throws NullPointerException if {@code stdName}
* is null.
*/
public ECGenParameterSpec(String stdName) {
if (stdName == null) {
throw new NullPointerException("stdName is null");
}
this.name = stdName;
}
/**
* Returns the standard or predefined name of the
* to-be-generated EC domain parameters.
* @return the standard or predefined name.
*/
public String getName() {
return name;
super(stdName);
}
}

81
src/java.base/share/classes/java/security/spec/NamedParameterSpec.java Normal file

@ -0,0 +1,81 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.util.Objects;
/**
* This class is used to specify any algorithm parameters that are determined
* by a standard name. This class also holds constants for standard parameter
* set names. The names of these constants exactly match the corresponding
* parameter set name. For example, NamedParameterSpec.X25519 represents the
* parameter set identified by the string "X25519". These strings are defined
* in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#parameter-spec-names">
* Java Security Standard Algorithm Names Specification</a>.
*
* @since 11
*
*/
public class NamedParameterSpec implements AlgorithmParameterSpec {
/**
* The X25519 parameters
*/
public static final NamedParameterSpec X25519
= new NamedParameterSpec("X25519");
/**
* The X448 parameters
*/
public static final NamedParameterSpec X448
= new NamedParameterSpec("X448");
private String name;
/**
* Creates a parameter specification using a standard (or predefined)
* name {@code stdName}. For the
* list of supported names, please consult the documentation
* of the provider whose implementation will be used.
*
* @param stdName the standard name of the algorithm parameters
*
* @throws NullPointerException if {@code stdName}
* is null.
*/
public NamedParameterSpec(String stdName) {
Objects.requireNonNull(stdName, "stdName must not be null");
this.name = stdName;
}
/**
* Returns the standard name that determines the algorithm parameters.
* @return the standard name.
*/
public String getName() {
return name;
}
}

82
src/java.base/share/classes/java/security/spec/XECPrivateKeySpec.java Normal file

@ -0,0 +1,82 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.util.Objects;
/**
* A class representing elliptic curve private keys as defined in RFC 7748,
* including the curve and other algorithm parameters. The private key is
* represented as an encoded scalar value. The decoding procedure defined in
* the RFC includes an operation that forces certain bits of the key to either
* 1 or 0. This operation is known as "pruning" or "clamping" the private key.
* All arrays in this spec are unpruned, and implementations will need to prune
* the array before using it in any numerical operations.
*
* @since 11
*/
public class XECPrivateKeySpec implements KeySpec {
private final AlgorithmParameterSpec params;
private final byte[] scalar;
/**
* Construct a private key spec using the supplied parameters and
* encoded scalar value.
*
* @param params the algorithm parameters
* @param scalar the unpruned encoded scalar value. This array is copied
* to protect against subsequent modification.
*
* @throws NullPointerException if {@code params} or {@code scalar}
* is null.
*/
public XECPrivateKeySpec(AlgorithmParameterSpec params, byte[] scalar) {
Objects.requireNonNull(params, "params must not be null");
Objects.requireNonNull(scalar, "scalar must not be null");
this.params = params;
this.scalar = scalar.clone();
}
/**
* Get the algorithm parameters that define the curve and other settings.
*
* @return the algorithm parameters
*/
public AlgorithmParameterSpec getParams() {
return params;
}
/**
* Get the scalar value encoded as an unpruned byte array. A new copy of
* the array is returned each time this method is called.
*
* @return the unpruned encoded scalar value
*/
public byte[] getScalar() {
return scalar.clone();
}
}

83
src/java.base/share/classes/java/security/spec/XECPublicKeySpec.java Normal file

@ -0,0 +1,83 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.math.BigInteger;
import java.util.Objects;
/**
* A class representing elliptic curve public keys as defined in RFC 7748,
* including the curve and other algorithm parameters. The public key is a
* particular point on the curve, which is represented using only its
* u-coordinate. A u-coordinate is an element of the field of integers modulo
* some value that is determined by the algorithm parameters. This field
* element is represented by a BigInteger which may hold any value. That is,
* the BigInteger is not restricted to the range of canonical field elements.
*
* @since 11
*/
public class XECPublicKeySpec implements KeySpec {
private final AlgorithmParameterSpec params;
private final BigInteger u;
/**
* Construct a public key spec using the supplied parameters and
* u coordinate.
*
* @param params the algorithm parameters
* @param u the u-coordinate of the point, represented using a BigInteger
* which may hold any value
*
* @throws NullPointerException if {@code params} or {@code u}
* is null.
*/
public XECPublicKeySpec(AlgorithmParameterSpec params, BigInteger u) {
Objects.requireNonNull(params, "params must not be null");
Objects.requireNonNull(u, "u must not be null");
this.params = params;
this.u = u;
}
/**
* Get the algorithm parameters that define the curve and other settings.
*
* @return the parameters
*/
public AlgorithmParameterSpec getParams() {
return params;
}
/**
* Get the u coordinate of the point.
*
* @return the u-coordinate, represented using a BigInteger which may hold
* any value
*/
public BigInteger getU() {
return u;
}
}

4
src/java.base/share/classes/module-info.java

@ -289,6 +289,10 @@ module java.base {
jdk.jartool,
jdk.security.auth,
jdk.security.jgss;
exports sun.security.util.math to
jdk.crypto.ec
exports sun.security.util.math.intpoly to
jdk.crypto.ec
exports sun.security.x509 to
jdk.crypto.ec,
jdk.crypto.cryptoki,

59
src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,7 @@ import java.security.*;
import java.util.regex.Pattern;
import sun.security.util.CurveDB;
import sun.security.util.NamedCurve;
import sun.security.util.ECParameters;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
/**
@ -119,6 +119,12 @@ public final class SunEC extends Provider {
} else if (type.equals("KeyFactory")) {
if (algo.equals("EC")) {
return new ECKeyFactory();
} else if (algo.equals("XDH")) {
return new XDHKeyFactory();
} else if (algo.equals("X25519")) {
return new XDHKeyFactory.X25519();
} else if (algo.equals("X448")) {
return new XDHKeyFactory.X448();
}
} else if (type.equals("AlgorithmParameters")) {
if (algo.equals("EC")) {
@ -127,10 +133,22 @@ public final class SunEC extends Provider {
} else if (type.equals("KeyPairGenerator")) {
if (algo.equals("EC")) {
return new ECKeyPairGenerator();
} else if (algo.equals("XDH")) {
return new XDHKeyPairGenerator();
} else if (algo.equals("X25519")) {
return new XDHKeyPairGenerator.X25519();
} else if (algo.equals("X448")) {
return new XDHKeyPairGenerator.X448();
}
} else if (type.equals("KeyAgreement")) {
if (algo.equals("ECDH")) {
return new ECDHKeyAgreement();
} else if (algo.equals("XDH")) {
return new XDHKeyAgreement();
} else if (algo.equals("X25519")) {
return new XDHKeyAgreement.X25519();
} else if (algo.equals("X448")) {
return new XDHKeyAgreement.X448();
}
}
} catch (Exception ex) {
@ -205,6 +223,8 @@ public final class SunEC extends Provider {
new String[] { "EllipticCurve", "1.2.840.10045.2.1", "OID.1.2.840.10045.2.1" },
apAttrs));
putXDHEntries();
/*
* Register the algorithms below only when the full ECC implementation
* is available
@ -272,4 +292,39 @@ public final class SunEC extends Provider {
putService(new ProviderService(this, "KeyAgreement",
"ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
}
private void putXDHEntries() {
HashMap<String, String> ATTRS = new HashMap<>(1);
ATTRS.put("ImplementedIn", "Software");
/* XDH does not require native implementation */
putService(new ProviderService(this, "KeyFactory",
"XDH", "sun.security.ec.XDHKeyFactory", null, ATTRS));
putService(new ProviderService(this, "KeyFactory",
"X25519", "sun.security.ec.XDHKeyFactory.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
putService(new ProviderService(this, "KeyFactory",
"X448", "sun.security.ec.XDHKeyFactory.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
"XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
"X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
putService(new ProviderService(this, "KeyPairGenerator",
"X448", "sun.security.ec.XDHKeyPairGenerator.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
putService(new ProviderService(this, "KeyAgreement",
"XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
putService(new ProviderService(this, "KeyAgreement",
"X25519", "sun.security.ec.XDHKeyAgreement.X25519",
new String[]{"1.3.101.110", "OID.1.3.101.110"}, ATTRS));
putService(new ProviderService(this, "KeyAgreement",
"X448", "sun.security.ec.XDHKeyAgreement.X448",
new String[]{"1.3.101.111", "OID.1.3.101.111"}, ATTRS));
}
}

216
src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyAgreement.java Normal file

@ -0,0 +1,216 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Key;
import java.security.SecureRandom;
import java.security.ProviderException;
import java.security.interfaces.XECPrivateKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import java.util.function.Function;
public class XDHKeyAgreement extends KeyAgreementSpi {
private byte[] privateKey;
private byte[] secret;
private XECOperations ops;
private XECParameters lockedParams = null;
XDHKeyAgreement() {
// do nothing
}
XDHKeyAgreement(AlgorithmParameterSpec paramSpec) {
lockedParams = XECParameters.get(ProviderException::new, paramSpec);
}
@Override
protected void engineInit(Key key, SecureRandom random)
throws InvalidKeyException {
initImpl(key);
}
@Override
protected void engineInit(Key key, final AlgorithmParameterSpec params,
SecureRandom random) throws InvalidKeyException,
InvalidAlgorithmParameterException {
initImpl(key);
// the private key parameters must match params
XECParameters xecParams = XECParameters.get(
InvalidAlgorithmParameterException::new, params);
if (!xecParams.oidEquals(this.ops.getParameters())) {
throw new InvalidKeyException(
"Incorrect private key parameters"
);
}
}
private
<T extends Throwable>
void checkLockedParams(Function<String, T> exception,
XECParameters params) throws T {
if (lockedParams != null && lockedParams != params) {
throw exception.apply("Parameters must be " +
lockedParams.getName());
}
}
private void initImpl(Key key) throws InvalidKeyException {
if (!(key instanceof XECPrivateKey)) {
throw new InvalidKeyException
("Unsupported key type");
}
XECPrivateKey privateKey = (XECPrivateKey) key;
XECParameters xecParams = XECParameters.get(
InvalidKeyException::new, privateKey.getParams());
checkLockedParams(InvalidKeyException::new, xecParams);
this.ops = new XECOperations(xecParams);
this.privateKey = privateKey.getScalar().orElseThrow(
() -> new InvalidKeyException("No private key value")
);
secret = null;
}
@Override
protected Key engineDoPhase(Key key, boolean lastPhase)
throws InvalidKeyException, IllegalStateException {
if (this.privateKey == null) {
throw new IllegalStateException("Not initialized");
}
if (this.secret != null) {
throw new IllegalStateException("Phase already executed");
}
if (!lastPhase) {
throw new IllegalStateException
("Only two party agreement supported, lastPhase must be true");
}
if (!(key instanceof XECPublicKey)) {
throw new InvalidKeyException
("Unsupported key type");
}
XECPublicKey publicKey = (XECPublicKey) key;
// Ensure public key parameters are compatible with private key
XECParameters xecParams = XECParameters.get(InvalidKeyException::new,
publicKey.getParams());
if (!ops.getParameters().oidEquals(xecParams)) {
throw new InvalidKeyException(
"Public key parameters are not compatible with private key.");
}
// The privateKey may be modified to a value that is equivalent for
// the purposes of this algorithm.
byte[] computedSecret = ops.encodedPointMultiply(
this.privateKey,
publicKey.getU());
// test for contributory behavior
if (allZero(computedSecret)) {
throw new InvalidKeyException("Point has small order");
}
this.secret = computedSecret;
return null;
}
/*
* Constant-time check for an all-zero array
*/
private boolean allZero(byte[] arr) {
byte orValue = (byte) 0;
for (int i = 0; i < arr.length; i++) {
orValue |= arr[i];
}
return orValue == (byte) 0;
}
@Override
protected byte[] engineGenerateSecret() throws IllegalStateException {
if (secret == null) {
throw new IllegalStateException("Not initialized correctly");
}
return secret.clone();
}
@Override
protected int engineGenerateSecret(byte[] sharedSecret, int offset)
throws IllegalStateException, ShortBufferException {
if (secret == null) {
throw new IllegalStateException("Not initialized correctly");
}
int secretLen = this.secret.length;
if (offset + secretLen > sharedSecret.length) {
throw new ShortBufferException("Need " + secretLen
+ " bytes, only " + (sharedSecret.length - offset)
+ " available");
}
System.arraycopy(this.secret, 0, sharedSecret, offset, secretLen);
return secret.length;
}
@Override
protected SecretKey engineGenerateSecret(String algorithm)
throws IllegalStateException, NoSuchAlgorithmException,
InvalidKeyException {
throw new NoSuchAlgorithmException("Not supported");
}
static class X25519 extends XDHKeyAgreement {
public X25519() {
super(NamedParameterSpec.X25519);
}
}
static class X448 extends XDHKeyAgreement {
public X448() {
super(NamedParameterSpec.X448);
}
}
}

243
src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyFactory.java Normal file

@ -0,0 +1,243 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import java.security.KeyFactorySpi;
import java.security.Key;
import java.security.PublicKey;
import java.security.PrivateKey;
import java.security.InvalidKeyException;
import java.security.ProviderException;
import java.security.interfaces.XECKey;
import java.security.interfaces.XECPrivateKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.security.spec.KeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.security.spec.XECPublicKeySpec;
import java.security.spec.XECPrivateKeySpec;
import java.util.function.Function;
public class XDHKeyFactory extends KeyFactorySpi {
private XECParameters lockedParams = null;
XDHKeyFactory() {
// do nothing
}
protected XDHKeyFactory(AlgorithmParameterSpec paramSpec) {
lockedParams = XECParameters.get(ProviderException::new, paramSpec);
}
@Override
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("Key must not be null");
}
if (key instanceof XECKey) {
XECKey xecKey = (XECKey) key;
XECParameters params = XECParameters.get(InvalidKeyException::new,
xecKey.getParams());
checkLockedParams(InvalidKeyException::new, params);
if (xecKey instanceof XECPublicKey) {
XECPublicKey publicKey = (XECPublicKey) xecKey;
return new XDHPublicKeyImpl(params, publicKey.getU());
} else if (xecKey instanceof XECPrivateKey) {
XECPrivateKey privateKey = (XECPrivateKey) xecKey;
byte[] scalar = privateKey.getScalar().orElseThrow(
() -> new InvalidKeyException("No private key data"));
return new XDHPrivateKeyImpl(params, scalar);
} else {
throw new InvalidKeyException("Unsupported XECKey subclass");
}
} else if (key instanceof PublicKey &&
key.getFormat().equals("X.509")) {
XDHPublicKeyImpl result = new XDHPublicKeyImpl(key.getEncoded());
checkLockedParams(InvalidKeyException::new, result.getParams());
return result;
} else if (key instanceof PrivateKey &&
key.getFormat().equals("PKCS#8")) {
XDHPrivateKeyImpl result = new XDHPrivateKeyImpl(key.getEncoded());
checkLockedParams(InvalidKeyException::new, result.getParams());
return result;
} else {
throw new InvalidKeyException("Unsupported key type or format");
}
}
private
<T extends Throwable>
void checkLockedParams(Function<String, T> exception,
AlgorithmParameterSpec spec) throws T {
XECParameters params = XECParameters.get(exception, spec);
checkLockedParams(exception, params);
}
private
<T extends Throwable>
void checkLockedParams(Function<String, T> exception,
XECParameters params) throws T {
if (lockedParams != null && lockedParams != params) {
throw exception.apply("Parameters must be " +
lockedParams.getName());
}
}
@Override
protected PublicKey engineGeneratePublic(KeySpec keySpec)
throws InvalidKeySpecException {
try {
return generatePublicImpl(keySpec);
} catch (InvalidKeyException ex) {
throw new InvalidKeySpecException(ex);
}
}
@Override
protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
throws InvalidKeySpecException {
try {
return generatePrivateImpl(keySpec);
} catch (InvalidKeyException ex) {
throw new InvalidKeySpecException(ex);
}
}
private PublicKey generatePublicImpl(KeySpec keySpec)
throws InvalidKeyException, InvalidKeySpecException {
if (keySpec instanceof X509EncodedKeySpec) {
X509EncodedKeySpec x509Spec = (X509EncodedKeySpec) keySpec;
XDHPublicKeyImpl result =
new XDHPublicKeyImpl(x509Spec.getEncoded());
checkLockedParams(InvalidKeySpecException::new,
result.getParams());
return result;
} else if (keySpec instanceof XECPublicKeySpec) {
XECPublicKeySpec publicKeySpec = (XECPublicKeySpec) keySpec;
XECParameters params = XECParameters.get(
InvalidKeySpecException::new, publicKeySpec.getParams());
checkLockedParams(InvalidKeySpecException::new, params);
return new XDHPublicKeyImpl(params, publicKeySpec.getU());
} else {
throw new InvalidKeySpecException(
"Only X509EncodedKeySpec and XECPublicKeySpec are supported");
}
}
private PrivateKey generatePrivateImpl(KeySpec keySpec)
throws InvalidKeyException, InvalidKeySpecException {
if (keySpec instanceof PKCS8EncodedKeySpec) {
PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec) keySpec;
XDHPrivateKeyImpl result =
new XDHPrivateKeyImpl(pkcsSpec.getEncoded());
checkLockedParams(InvalidKeySpecException::new,
result.getParams());
return result;
} else if (keySpec instanceof XECPrivateKeySpec) {
XECPrivateKeySpec privateKeySpec = (XECPrivateKeySpec) keySpec;
XECParameters params = XECParameters.get(
InvalidKeySpecException::new, privateKeySpec.getParams());
checkLockedParams(InvalidKeySpecException::new, params);
return new XDHPrivateKeyImpl(params, privateKeySpec.getScalar());
} else {
throw new InvalidKeySpecException(
"Only PKCS8EncodedKeySpec and XECPrivateKeySpec supported");
}
}
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
throws InvalidKeySpecException {
if (key instanceof XECPublicKey) {
checkLockedParams(InvalidKeySpecException::new,
((XECPublicKey) key).getParams());
if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
if (!key.getFormat().equals("X.509")) {
throw new InvalidKeySpecException("Format is not X.509");
}
return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
} else if (XECPublicKeySpec.class.isAssignableFrom(keySpec)) {
XECPublicKey xecKey = (XECPublicKey) key;
return keySpec.cast(
new XECPublicKeySpec(xecKey.getParams(), xecKey.getU()));
} else {
throw new InvalidKeySpecException(
"KeySpec must be X509EncodedKeySpec or XECPublicKeySpec");
}
} else if (key instanceof XECPrivateKey) {
checkLockedParams(InvalidKeySpecException::new,
((XECPrivateKey) key).getParams());
if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
if (!key.getFormat().equals("PKCS#8")) {
throw new InvalidKeySpecException("Format is not PKCS#8");
}
return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
} else if (XECPrivateKeySpec.class.isAssignableFrom(keySpec)) {
XECPrivateKey xecKey = (XECPrivateKey) key;
byte[] scalar = xecKey.getScalar().orElseThrow(
() -> new InvalidKeySpecException("No private key value")
);
return keySpec.cast(
new XECPrivateKeySpec(xecKey.getParams(), scalar));
} else {
throw new InvalidKeySpecException
("KeySpec must be PKCS8EncodedKeySpec or XECPrivateKeySpec");
}
} else {
throw new InvalidKeySpecException("Unsupported key type");
}
}
static class X25519 extends XDHKeyFactory {
public X25519() {
super(NamedParameterSpec.X25519);
}
}
static class X448 extends XDHKeyFactory {
public X448() {
super(NamedParameterSpec.X448);
}
}
}

132
src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyPairGenerator.java Normal file

@ -0,0 +1,132 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import java.math.BigInteger;
import java.security.KeyPairGeneratorSpi;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import sun.security.jca.JCAUtil;
/**
* Key pair generator for the XDH key agreement algorithm.
*/
public class XDHKeyPairGenerator extends KeyPairGeneratorSpi {
private static final NamedParameterSpec DEFAULT_PARAM_SPEC
= NamedParameterSpec.X25519;
private SecureRandom random = null;
private XECOperations ops = null;
private XECParameters lockedParams = null;
XDHKeyPairGenerator() {
tryInitialize(DEFAULT_PARAM_SPEC);
}
private XDHKeyPairGenerator(NamedParameterSpec paramSpec) {
tryInitialize(paramSpec);
lockedParams = ops.getParameters();
}
private void tryInitialize(NamedParameterSpec paramSpec) {
try {
initialize(paramSpec, null);
} catch (InvalidAlgorithmParameterException ex) {
String name = paramSpec.getName();
throw new ProviderException(name + " not supported");
}
}
@Override
public void initialize(int keySize, SecureRandom random) {
XECParameters params = XECParameters.getBySize(
InvalidParameterException::new, keySize);
initializeImpl(params, random);
}
@Override
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
throws InvalidAlgorithmParameterException {
XECParameters xecParams = XECParameters.get(
InvalidAlgorithmParameterException::new, params);
initializeImpl(xecParams, random);
}
private void initializeImpl(XECParameters params, SecureRandom random) {
if (lockedParams != null && lockedParams != params) {
throw new InvalidParameterException("Parameters must be " +
lockedParams.getName());
}
this.ops = new XECOperations(params);
this.random = random == null ? JCAUtil.getSecureRandom() : random;
}
@Override
public KeyPair generateKeyPair() {
byte[] privateKey = ops.generatePrivate(random);
// computePublic may modify the private key, so clone it first
BigInteger publicKey = ops.computePublic(privateKey.clone());
try {
return new KeyPair(
new XDHPublicKeyImpl(ops.getParameters(), publicKey),
new XDHPrivateKeyImpl(ops.getParameters(), privateKey)
);
} catch (InvalidKeyException ex) {
throw new ProviderException(ex);
}
}
static class X25519 extends XDHKeyPairGenerator {
public X25519() {
super(NamedParameterSpec.X25519);
}
}
static class X448 extends XDHKeyPairGenerator {
public X448() {
super(NamedParameterSpec.X448);
}
}
}

91
src/jdk.crypto.ec/share/classes/sun/security/ec/XDHPrivateKeyImpl.java Normal file

@ -0,0 +1,91 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import java.security.interfaces.XECPrivateKey;
import java.util.Optional;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import sun.security.pkcs.PKCS8Key;
import sun.security.x509.AlgorithmId;
public final class XDHPrivateKeyImpl extends PKCS8Key implements XECPrivateKey {
private static final long serialVersionUID = 1L;
private AlgorithmParameterSpec paramSpec;
XDHPrivateKeyImpl(XECParameters params, byte[] k)
throws InvalidKeyException {
this.paramSpec = new NamedParameterSpec(params.getName());
this.algid = new AlgorithmId(params.getOid());
this.key = k.clone();
checkLength(params);
}
XDHPrivateKeyImpl(byte[] encoded) throws InvalidKeyException {
decode(encoded);
XECParameters params = XECParameters.get(
InvalidKeyException::new, algid);
paramSpec = new NamedParameterSpec(params.getName());
checkLength(params);
}
void checkLength(XECParameters params) throws InvalidKeyException {
if (params.getBytes() != this.key.length) {
throw new InvalidKeyException(
"key length must be " + params.getBytes());
}
}
public byte[] getK() {
return key.clone();
}
@Override
public String getAlgorithm() {
return "XDH";
}
@Override
public AlgorithmParameterSpec getParams() {
return paramSpec;
}
@Override
public Optional<byte[]> getScalar() {
return Optional.of(getK());
}
}

134
src/jdk.crypto.ec/share/classes/sun/security/ec/XDHPublicKeyImpl.java Normal file

@ -0,0 +1,134 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyRep;
import java.security.PublicKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.util.Arrays;
import sun.security.util.BitArray;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key;
public final class XDHPublicKeyImpl extends X509Key implements XECPublicKey {
private static final long serialVersionUID = 1L;
private final BigInteger u;
private final NamedParameterSpec paramSpec;
XDHPublicKeyImpl(XECParameters params, BigInteger u)
throws InvalidKeyException {
this.paramSpec = new NamedParameterSpec(params.getName());
this.algid = new AlgorithmId(params.getOid());
this.u = u.mod(params.getP());
byte[] u_arr = this.u.toByteArray();
reverse(u_arr);
// u_arr may be too large or too small, depending on the value of u
u_arr = Arrays.copyOf(u_arr, params.getBytes());
setKey(new BitArray(u_arr.length * 8, u_arr));
checkLength(params);
}
XDHPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
decode(encoded);
XECParameters params =
XECParameters.get(InvalidKeyException::new, algid);
this.paramSpec = new NamedParameterSpec(params.getName());
// construct the BigInteger representation
byte[] u_arr = getKey().toByteArray();
reverse(u_arr);
// clear the extra bits
int bitsMod8 = params.getBits() % 8;
if (bitsMod8 != 0) {
int mask = (1 << bitsMod8) - 1;
u_arr[0] &= mask;
}
this.u = new BigInteger(1, u_arr);
checkLength(params);
}
void checkLength(XECParameters params) throws InvalidKeyException {
if (params.getBytes() * 8 != getKey().length()) {
throw new InvalidKeyException(
"key length must be " + params.getBytes());
}
}
@Override
public BigInteger getU() {
return u;
}
@Override
public AlgorithmParameterSpec getParams() {
return paramSpec;
}
@Override
public String getAlgorithm() {
return "XDH";
}
protected Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
getEncoded());
}
private static void swap(byte[] arr, int i, int j) {
byte tmp = arr[i];
arr[i] = arr[j];
arr[j] = tmp;
}
private static void reverse(byte [] arr) {
int i = 0;
int j = arr.length - 1;
while (i < j) {
swap(arr, i, j);
i++;
j--;
}
}
}

271
src/jdk.crypto.ec/share/classes/sun/security/ec/XECOperations.java Normal file

@ -0,0 +1,271 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import sun.security.util.math.IntegerFieldModuloP;
import sun.security.util.math.ImmutableIntegerModuloP;
import sun.security.util.math.IntegerModuloP;
import sun.security.util.math.MutableIntegerModuloP;
import sun.security.util.math.SmallValue;
import sun.security.util.math.intpoly.IntegerPolynomial25519;
import sun.security.util.math.intpoly.IntegerPolynomial448;
import java.math.BigInteger;
import java.security.ProviderException;
import java.security.SecureRandom;
public class XECOperations {
private final XECParameters params;
private final IntegerFieldModuloP field;
private final ImmutableIntegerModuloP zero;
private final ImmutableIntegerModuloP one;
private final SmallValue a24;
private final ImmutableIntegerModuloP basePoint;
public XECOperations(XECParameters c) {
this.params = c;
BigInteger p = params.getP();
this.field = getIntegerFieldModulo(p);
this.zero = field.getElement(BigInteger.ZERO).fixed();
this.one = field.get1().fixed();
this.a24 = field.getSmallValue(params.getA24());
this.basePoint = field.getElement(
BigInteger.valueOf(c.getBasePoint()));
}
public XECParameters getParameters() {
return params;
}
public byte[] generatePrivate(SecureRandom random) {
byte[] result = new byte[this.params.getBytes()];
random.nextBytes(result);
return result;
}
/**
* Compute a public key from an encoded private key. This method will
* modify the supplied array in order to prune it.
*/
public BigInteger computePublic(byte[] k) {
pruneK(k);
return pointMultiply(k, this.basePoint).asBigInteger();
}
/**
*
* Multiply an encoded scalar with a point as a BigInteger and return an
* encoded point. The array k holding the scalar will be pruned by
* modifying it in place.
*
* @param k an encoded scalar
* @param u the u-coordinate of a point as a BigInteger
* @return the encoded product
*/
public byte[] encodedPointMultiply(byte[] k, BigInteger u) {
pruneK(k);
ImmutableIntegerModuloP elemU = field.getElement(u);
return pointMultiply(k, elemU).asByteArray(params.getBytes());
}
/**
*
* Multiply an encoded scalar with an encoded point and return an encoded
* point. The array k holding the scalar will be pruned by
* modifying it in place.
*
* @param k an encoded scalar
* @param u an encoded point
* @return the encoded product
*/
public byte[] encodedPointMultiply(byte[] k, byte[] u) {
pruneK(k);
ImmutableIntegerModuloP elemU = decodeU(u);
return pointMultiply(k, elemU).asByteArray(params.getBytes());
}
/**
* Return the field element corresponding to an encoded u-coordinate.
* This method prunes u by modifying it in place.
*
* @param u
* @param bits
* @return
*/
private ImmutableIntegerModuloP decodeU(byte[] u, int bits) {
maskHighOrder(u, bits);
return field.getElement(u);
}
/**
* Mask off the high order bits of an encoded integer in an array. The
* array is modified in place.
*
* @param arr an array containing an encoded integer
* @param bits the number of bits to keep
* @return the number, in range [1,8], of bits kept in the highest byte
*/
private static byte maskHighOrder(byte[] arr, int bits) {
int lastByteIndex = arr.length - 1;
byte bitsMod8 = (byte) (bits % 8);
byte highBits = bitsMod8 == 0 ? 8 : bitsMod8;
byte msbMaskOff = (byte) ((1 << highBits) - 1);
arr[lastByteIndex] &= msbMaskOff;
return highBits;
}
/**
* Prune an encoded scalar value by modifying it in place. The extra
* high-order bits are masked off, the highest valid bit it set, and the
* number is rounded down to a multiple of the cofactor.
*
* @param k an encoded scalar value
* @param bits the number of bits in the scalar
* @param logCofactor the base-2 logarithm of the cofactor
*/
private static void pruneK(byte[] k, int bits, int logCofactor) {
int lastByteIndex = k.length - 1;
// mask off unused high-order bits
byte highBits = maskHighOrder(k, bits);
// set the highest bit
byte msbMaskOn = (byte) (1 << (highBits - 1));
k[lastByteIndex] |= msbMaskOn;
// round down to a multiple of the cofactor
byte lsbMaskOff = (byte) (0xFF << logCofactor);
k[0] &= lsbMaskOff;
}
private void pruneK(byte[] k) {
pruneK(k, params.getBits(), params.getLogCofactor());
}
private ImmutableIntegerModuloP decodeU(byte [] u) {
return decodeU(u, params.getBits());
}
// Constant-time conditional swap
private static void cswap(int swap, MutableIntegerModuloP x1,
MutableIntegerModuloP x2) {
x1.conditionalSwapWith(x2, swap);
}
private static IntegerFieldModuloP getIntegerFieldModulo(BigInteger p) {
if (p.equals(IntegerPolynomial25519.MODULUS)) {
return new IntegerPolynomial25519();
}
else if (p.equals(IntegerPolynomial448.MODULUS)) {
return new IntegerPolynomial448();
}
throw new ProviderException("Unsupported prime: " + p.toString());
}
private int bitAt(byte[] arr, int index) {
int byteIndex = index / 8;
int bitIndex = index % 8;
return (arr[byteIndex] & (1 << bitIndex)) >> bitIndex;
}
/*
* Constant-time Montgomery ladder that computes k*u and returns the
* result as a field element.
*/
private IntegerModuloP pointMultiply(byte[] k,
ImmutableIntegerModuloP u) {
ImmutableIntegerModuloP x_1 = u;
MutableIntegerModuloP x_2 = this.one.mutable();
MutableIntegerModuloP z_2 = this.zero.mutable();
MutableIntegerModuloP x_3 = u.mutable();
MutableIntegerModuloP z_3 = this.one.mutable();
int swap = 0;
// Variables below are reused to avoid unnecessary allocation
// They will be assigned in the loop, so initial value doesn't matter
MutableIntegerModuloP m1 = this.zero.mutable();
MutableIntegerModuloP DA = this.zero.mutable();
MutableIntegerModuloP E = this.zero.mutable();
MutableIntegerModuloP a24_times_E = this.zero.mutable();
// Comments describe the equivalent operations from RFC 7748
// In comments, A(m1) means the variable m1 holds the value A
for (int t = params.getBits() - 1; t >= 0; t--) {
int k_t = bitAt(k, t);
swap = swap ^ k_t;
cswap(swap, x_2, x_3);
cswap(swap, z_2, z_3);
swap = k_t;
// A(m1) = x_2 + z_2
m1.setValue(x_2).setSum(z_2);
// D = x_3 - z_3
// DA = D * A(m1)
DA.setValue(x_3).setDifference(z_3).setProduct(m1);
// AA(m1) = A(m1)^2
m1.setSquare();
// B(x_2) = x_2 - z_2
x_2.setDifference(z_2);
// C = x_3 + z_3
// CB(x_3) = C * B(x_2)
x_3.setSum(z_3).setProduct(x_2);
// BB(x_2) = B^2
x_2.setSquare();
// E = AA(m1) - BB(x_2)
E.setValue(m1).setDifference(x_2);
// compute a24 * E using SmallValue
a24_times_E.setValue(E);
a24_times_E.setProduct(this.a24);
// assign results to x_3, z_3, x_2, z_2
// x_2 = AA(m1) * BB
x_2.setProduct(m1);
// z_2 = E * (AA(m1) + a24 * E)
z_2.setValue(m1).setSum(a24_times_E).setProduct(E);
// z_3 = x_1*(DA - CB(x_3))^2
z_3.setValue(DA).setDifference(x_3).setSquare().setProduct(x_1);
// x_3 = (CB(x_3) + DA)^2
x_3.setSum(DA).setSquare();
}
cswap(swap, x_2, x_3);
cswap(swap, z_2, z_3);
// return (x_2 * z_2^(p - 2))
return x_2.setProduct(z_2.multiplicativeInverse());
}
}

263
src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java Normal file

@ -0,0 +1,263 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.util.Collections;
import java.util.Map;
import java.util.HashMap;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Supplier;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
public class XECParameters {
// Naming/identification parameters
private final ObjectIdentifier oid;
private final String name;
// Curve/field parameters
private final int bits;
private final BigInteger p;
private final int logCofactor;
private final int a24;
private final byte basePoint;
/**
*
* Construct an object holding the supplied parameters. No parameters are
* checked, so this method always succeeds. This method supports
* Montgomery curves of the form y^2 = x^3 + ax^2 + x.
*
* @param bits The number of relevant bits in a public/private key.
* @param p The prime that defines the finite field.
* @param a24 The value of (a - 2) / 4, where a is the second-degree curve
* coefficient.
* @param basePoint The point that generates the desired group
* @param logCofactor The base-2 logarithm of the cofactor of the curve
* @param oid
* @param name
*/
public XECParameters(int bits, BigInteger p, int a24,
byte basePoint, int logCofactor,
ObjectIdentifier oid, String name) {
this.bits = bits;
this.logCofactor = logCofactor;
this.p = p;
this.a24 = a24;
this.basePoint = basePoint;
this.oid = oid;
this.name = name;
}
public int getBits() {
return bits;
}
public int getBytes() {
return (bits + 7) / 8;
}
public int getLogCofactor() {
return logCofactor;
}
public BigInteger getP() {
return p;
}
public int getA24() {
return a24;
}
public byte getBasePoint() {
return basePoint;
}
public ObjectIdentifier getOid() {
return oid;
}
public String getName() {
return name;
}
private static final Map<Integer, XECParameters> SIZE_MAP;
private static final Map<ObjectIdentifier, XECParameters> OID_MAP;
private static final Map<String, XECParameters> NAME_MAP;
static {
final BigInteger TWO = BigInteger.valueOf(2);
Map<Integer, XECParameters> bySize = new HashMap<>();
Map<ObjectIdentifier, XECParameters> byOid = new HashMap<>();
Map<String, XECParameters> byName = new HashMap<>();
// set up X25519
try {
BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19));
addParameters(255, p, 121665, (byte) 0x09, 3,
new int[]{1, 3, 101, 110}, NamedParameterSpec.X25519.getName(),
bySize, byOid, byName);
} catch (IOException ex) {
// Unable to set X25519 parameters---it will be disabled
}
// set up X448
try {
BigInteger p = TWO.pow(448).subtract(TWO.pow(224))
.subtract(BigInteger.ONE);
addParameters(448, p, 39081, (byte) 0x05, 2,
new int[]{1, 3, 101, 111}, NamedParameterSpec.X448.getName(),
bySize, byOid, byName);
} catch (IOException ex) {
// Unable to set X448 parameters---it will be disabled
}
SIZE_MAP = Collections.unmodifiableMap(bySize);
OID_MAP = Collections.unmodifiableMap(byOid);
NAME_MAP = Collections.unmodifiableMap(byName);
}
private static void addParameters(int bits, BigInteger p, int a24,
byte basePoint, int logCofactor, int[] oidBytes, String name,
Map<Integer, XECParameters> bySize,
Map<ObjectIdentifier, XECParameters> byOid,
Map<String, XECParameters> byName) throws IOException {
ObjectIdentifier oid = new ObjectIdentifier(oidBytes);
XECParameters params =
new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
bySize.put(bits, params);
byOid.put(oid, params);
byName.put(name, params);
}
public static Optional<XECParameters> getByOid(ObjectIdentifier id) {
return Optional.ofNullable(OID_MAP.get(id));
}
public static Optional<XECParameters> getBySize(int size) {
return Optional.ofNullable(SIZE_MAP.get(size));
}
public static Optional<XECParameters> getByName(String name) {
return Optional.ofNullable(NAME_MAP.get(name));
}
boolean oidEquals(XECParameters other) {
return oid.equals(other.getOid());
}
// Utility method that is used by the methods below to handle exception
// suppliers
private static
<A, B> Supplier<B> apply(final Function<A, B> func, final A a) {
return new Supplier<B>() {
@Override
public B get() {
return func.apply(a);
}
};
}
/**
* Get parameters by key size, or throw an exception if no parameters are
* defined for the specified key size. This method is used in several
* contexts that should throw different exceptions when the parameters
* are not found. The first argument is a function that produces the
* desired exception.
*
* @param exception a function that produces an exception from a string
* @param size the desired key size
* @param <T> the type of exception that is thrown
* @return the parameters for the specified key size
* @throws T when suitable parameters do not exist
*/
public static
<T extends Throwable>
XECParameters getBySize(Function<String, T> exception,
int size) throws T {
Optional<XECParameters> xecParams = getBySize(size);
return xecParams.orElseThrow(
apply(exception, "Unsupported size: " + size));
}
/**
* Get parameters by algorithm ID, or throw an exception if no
* parameters are defined for the specified ID. This method is used in
* several contexts that should throw different exceptions when the
* parameters are not found. The first argument is a function that produces
* the desired exception.
*
* @param exception a function that produces an exception from a string
* @param algId the algorithm ID
* @param <T> the type of exception that is thrown
* @return the parameters for the specified algorithm ID
* @throws T when suitable parameters do not exist
*/
public static
<T extends Throwable>
XECParameters get(Function<String, T> exception,
AlgorithmId algId) throws T {
Optional<XECParameters> xecParams = getByOid(algId.getOID());
return xecParams.orElseThrow(
apply(exception, "Unsupported OID: " + algId.getOID()));
}
/**
* Get parameters by algorithm parameter spec, or throw an exception if no
* parameters are defined for the spec. This method is used in
* several contexts that should throw different exceptions when the
* parameters are not found. The first argument is a function that produces
* the desired exception.
*
* @param exception a function that produces an exception from a string
* @param params the algorithm parameters spec
* @param <T> the type of exception that is thrown
* @return the parameters for the spec
* @throws T when suitable parameters do not exist
*/
public static
<T extends Throwable>
XECParameters get(Function<String, T> exception,
AlgorithmParameterSpec params) throws T {
if (params instanceof NamedParameterSpec) {
NamedParameterSpec namedParams = (NamedParameterSpec) params;
Optional<XECParameters> xecParams =
getByName(namedParams.getName());
return xecParams.orElseThrow(
apply(exception, "Unsupported name: " + namedParams.getName()));
} else {
throw exception.apply("Only NamedParameterSpec is supported.");
}
}
}

72
test/jdk/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java

@ -1,72 +0,0 @@
/*
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4936763
* @summary Verify that DHKeyAgreement can generate secret key
* objects for AES algorithm
* @author Valerie Peng
* @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHGenSecretKey
*/
import java.security.*;
import java.security.interfaces.*;
import javax.crypto.*;
public class DHGenSecretKey {
public static void main(String[] args) throws Exception {
DHGenSecretKey test = new DHGenSecretKey();
test.run();
}
public void run() throws Exception {
// generate keyPairs using parameters
KeyPairGenerator keyGen =
KeyPairGenerator.getInstance("DH", "SunJCE");
// Alice generates her key pairs
KeyPair keyA = keyGen.generateKeyPair();
// Bob generates his key pairs
KeyPair keyB = keyGen.generateKeyPair();
KeyAgreement bobAlice = KeyAgreement.getInstance("DH", "SunJCE");
bobAlice.init(keyB.getPrivate());
bobAlice.doPhase(keyA.getPublic(), true);
byte[] keyMaterial = bobAlice.generateSecret();
bobAlice.doPhase(keyA.getPublic(), true);
SecretKey skey = bobAlice.generateSecret("AES");
byte[] keyVal = skey.getEncoded();
System.out.println("Generated " + keyVal.length*8 +
"-bit AES key");
for (int i = 0; i < keyVal.length; i++) {
if (keyVal[i] != keyMaterial[i]) {
throw new Exception("Error: key value comparison failed!");
}
}
System.out.println("Test Passed");
}
}

154
test/jdk/java/security/KeyAgreement/KeyAgreementTest.java Normal file

@ -0,0 +1,154 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4936763 8184359
* @summary KeyAgreement Test with all supported algorithms from JCE.
* Arguments order <KeyExchangeAlgorithm> <KeyGenAlgorithm> <Provider>
* It removes com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
* as the same functionality for DiffieHellman is covered along with
* this test file was covered before with JDK-4936763.
* @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true KeyAgreementTest
* DiffieHellman DH SunJCE
* @run main KeyAgreementTest ECDH EC SunEC
* @run main KeyAgreementTest XDH XDH SunEC
*/
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.spec.NamedParameterSpec;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.DHGenParameterSpec;
public class KeyAgreementTest {
public static void main(String[] args) throws Exception {
String kaAlgo = args[0];
String kpgAlgo = args[1];
String provider = args[2];
AlgoSpec aSpec = AlgoSpec.valueOf(AlgoSpec.class, kaAlgo);
List<AlgorithmParameterSpec> specs = aSpec.getAlgorithmParameterSpecs();
for (AlgorithmParameterSpec spec : specs) {
testKeyAgreement(provider, kaAlgo, kpgAlgo, spec);
}
}
/**
* Generate AlgorithmParameterSpec using all possible supported curve for
* KeyExchangeAlgorithm.
*/
private enum AlgoSpec {
// EC curve supported for KeyGeneration can found between intersection
// of curves define in
// "java.base/share/classes/sun/security/util/CurveDB.java"
// and
// "jdk.crypto.ec/share/native/libsunec/impl/ecdecode.c"
ECDH(
// SEC2 prime curves
"secp112r1", "secp112r2", "secp128r1", "secp128r2", "secp160k1",
"secp160r1", "secp192k1", "secp192r1", "secp224k1", "secp224r1",
"secp256k1", "secp256r1", "secp384r1", "secp521r1",
// ANSI X9.62 prime curves
"X9.62 prime192v2", "X9.62 prime192v3", "X9.62 prime239v1",
"X9.62 prime239v2", "X9.62 prime239v3",
// SEC2 binary curves
"sect113r1", "sect113r2", "sect131r1", "sect131r2", "sect163k1",
"sect163r1", "sect163r2", "sect193r1", "sect193r2", "sect233k1",
"sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1",
"sect409r1", "sect571k1", "sect571r1",
// ANSI X9.62 binary curves
"X9.62 c2tnb191v1", "X9.62 c2tnb191v2", "X9.62 c2tnb191v3",
"X9.62 c2tnb239v1", "X9.62 c2tnb239v2", "X9.62 c2tnb239v3",
"X9.62 c2tnb359v1", "X9.62 c2tnb431r1"
),
XDH("X25519", "X448"),
// There is no curve for DiffieHellman
DiffieHellman(new String[]{});
private final List<AlgorithmParameterSpec> specs = new ArrayList<>();
private AlgoSpec(String... curves) {
// Generate AlgorithmParameterSpec for each KeyExchangeAlgorithm
for (String crv : curves) {
switch (this.name()) {
case "ECDH":
specs.add(new ECGenParameterSpec(crv));
break;
case "XDH":
specs.add(new NamedParameterSpec(crv));
break;
case "DiffieHellman":
specs.add(new DHGenParameterSpec(512, 64));
break;
default:
throw new RuntimeException("Invalid Algo name "
+ this.name());
}
}
}
public List<AlgorithmParameterSpec> getAlgorithmParameterSpecs() {
return this.specs;
}
}
/**
* Perform KeyAgreement operation using native as well as JCE provider.
*/
private static void testKeyAgreement(String provider, String kaAlgo,
String kpgAlgo, AlgorithmParameterSpec spec) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgo, provider);
kpg.initialize(spec);
KeyPair kp1 = kpg.generateKeyPair();
KeyPair kp2 = kpg.generateKeyPair();
// Uses KeyAgreement based on Provider search order.
KeyAgreement ka1 = KeyAgreement.getInstance(kaAlgo);
ka1.init(kp1.getPrivate());
ka1.doPhase(kp2.getPublic(), true);
byte[] secret1 = ka1.generateSecret();
// Uses SunJCE provider
KeyAgreement ka2 = KeyAgreement.getInstance(kaAlgo, provider);
ka2.init(kp2.getPrivate());
ka2.doPhase(kp1.getPublic(), true);
// Keeping the legacy generateSecret method for DiffieHellman as it was
// defined in removed Test file from JDK-4936763,
// com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java.
byte[] secret2 = "DiffieHellman".equals(kaAlgo)
? ka2.generateSecret("AES").getEncoded() : ka2.generateSecret();
// With related keypairs, each provider should generate same
// KeyAgreement secret.
if (!Arrays.equals(secret1, secret2)) {
throw new Exception("KeyAgreement secret mismatch.");
}
}
}

238
test/jdk/java/security/KeyAgreement/KeySizeTest.java Normal file

@ -0,0 +1,238 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8184359
* @summary KeyLength support test for DiffieHellman, EC, XDH.
* Arguments order <KeyExchangeAlgorithm> <Provider> <KeyGenAlgorithm> <keyLen>
* @library /test/lib
* @build jdk.test.lib.Convert
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 512
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 768
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 832
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 1024
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 2048
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 3072
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 4096
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 6144
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 8192
* @run main KeySizeTest ECDH SunEC EC 128
* @run main KeySizeTest ECDH SunEC EC 192
* @run main KeySizeTest ECDH SunEC EC 256
* @run main KeySizeTest XDH SunEC XDH 255
* @run main KeySizeTest XDH SunEC XDH 448
*/
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.XECPrivateKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.security.spec.NamedParameterSpec;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import jdk.test.lib.Convert;
public class KeySizeTest {
public static void main(String[] args) throws Exception {
String kaAlgo = args[0];
String provider = args[1];
String kpgAlgo = args[2];
int keySize = Integer.parseInt(args[3]);
testKeyAgreement(provider, kaAlgo, kpgAlgo, keySize);
}
/**
* Perform KeyAgreement operation.
*/
private static void testKeyAgreement(String provider, String kaAlgo,
String kpgAlgo, int keySize) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgo, provider);
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
// Test standard Key attributes.
testKeyAttributes(provider, kpgAlgo, kp, keySize);
// Test KeyAgreement.
KeyAgreement ka = KeyAgreement.getInstance(kaAlgo, provider);
ka.init(kp.getPrivate());
ka.doPhase(kp.getPublic(), true);
ka.generateSecret();
}
/**
* Test standard Key attributes.
*/
private static void testKeyAttributes(String provider, String kpgAlgo,
KeyPair kp, int keySize) throws Exception {
KeyFactory kf = KeyFactory.getInstance(kpgAlgo, provider);
switch (kpgAlgo) {
case "DiffieHellman":
// Verify PrivateKey attributes.
DHPrivateKey dhPri = (DHPrivateKey) kp.getPrivate();
BigInteger p = dhPri.getParams().getP();
if (p.bitLength() != keySize) {
throw new Exception(String.format("Invalid modulus size: "
+ "%s/%s", p.bitLength(), keySize));
}
if (!p.isProbablePrime(128)) {
throw new Exception("The modulus is composite!");
}
PKCS8EncodedKeySpec dhPriSpec
= new PKCS8EncodedKeySpec(dhPri.getEncoded());
DHPrivateKey dhPriDecod
= (DHPrivateKey) kf.generatePrivate(dhPriSpec);
equals(dhPri.getX(), dhPriDecod.getX());
equals(dhPri.getFormat(), dhPriDecod.getFormat());
equals(dhPri.getEncoded(), dhPriDecod.getEncoded());
equals(dhPri.getParams().getG(), dhPriDecod.getParams().getG());
equals(dhPri.getParams().getL(), dhPriDecod.getParams().getL());
equals(dhPri.getParams().getP(), dhPriDecod.getParams().getP());
// Verify PublicKey attributes.
DHPublicKey dhPub = (DHPublicKey) kp.getPublic();
p = dhPub.getParams().getP();
if (p.bitLength() != keySize) {
throw new Exception(String.format("Invalid modulus size: "
+ "%s/%s", p.bitLength(), keySize));
}
X509EncodedKeySpec dhPubSpec
= new X509EncodedKeySpec(dhPub.getEncoded());
DHPublicKey dhPubDecod
= (DHPublicKey) kf.generatePublic(dhPubSpec);
equals(dhPub.getY(), dhPubDecod.getY());
equals(dhPub.getFormat(), dhPubDecod.getFormat());
equals(dhPub.getEncoded(), dhPubDecod.getEncoded());
equals(dhPub.getParams().getG(), dhPubDecod.getParams().getG());
equals(dhPub.getParams().getL(), dhPubDecod.getParams().getL());
equals(dhPub.getParams().getP(), dhPubDecod.getParams().getP());
BigInteger left = BigInteger.ONE;
BigInteger right = p.subtract(BigInteger.ONE);
BigInteger x = dhPri.getX();
if ((x.compareTo(left) <= 0) || (x.compareTo(right) >= 0)) {
throw new Exception(
"X outside range [2, p - 2]: x: " + x + " p: " + p);
}
BigInteger y = dhPub.getY();
if ((y.compareTo(left) <= 0) || (y.compareTo(right) >= 0)) {
throw new Exception(
"Y outside range [2, p - 2]: x: " + x + " p: " + p);
}
break;
case "EC":
// Verify PrivateKey attributes.
ECPrivateKey ecPriv = (ECPrivateKey) kp.getPrivate();
PKCS8EncodedKeySpec ecPriSpec
= new PKCS8EncodedKeySpec(ecPriv.getEncoded());
ECPrivateKey ecPriDecod
= (ECPrivateKey) kf.generatePrivate(ecPriSpec);
equals(ecPriv.getS(), ecPriDecod.getS());
equals(ecPriv.getFormat(), ecPriDecod.getFormat());
equals(ecPriv.getEncoded(), ecPriDecod.getEncoded());
equals(ecPriv.getParams().getCofactor(),
ecPriDecod.getParams().getCofactor());
equals(ecPriv.getParams().getCurve(),
ecPriDecod.getParams().getCurve());
equals(ecPriv.getParams().getGenerator(),
ecPriDecod.getParams().getGenerator());
equals(ecPriv.getParams().getOrder(),
ecPriDecod.getParams().getOrder());
// Verify PublicKey attributes.
ECPublicKey ecPub = (ECPublicKey) kp.getPublic();
X509EncodedKeySpec ecPubSpec
= new X509EncodedKeySpec(ecPub.getEncoded());
ECPublicKey ecPubDecod
= (ECPublicKey) kf.generatePublic(ecPubSpec);
equals(ecPub.getW(), ecPubDecod.getW());
equals(ecPub.getFormat(), ecPubDecod.getFormat());
equals(ecPub.getEncoded(), ecPubDecod.getEncoded());
equals(ecPub.getParams().getCofactor(),
ecPubDecod.getParams().getCofactor());
equals(ecPub.getParams().getCurve(),
ecPubDecod.getParams().getCurve());
equals(ecPub.getParams().getGenerator(),
ecPubDecod.getParams().getGenerator());
equals(ecPub.getParams().getOrder(),
ecPubDecod.getParams().getOrder());
break;
case "XDH":
// Verify PrivateKey attributes.
XECPrivateKey xdhPri = (XECPrivateKey) kp.getPrivate();
PKCS8EncodedKeySpec xdhPriSpec
= new PKCS8EncodedKeySpec(xdhPri.getEncoded());
XECPrivateKey xdhPriDec
= (XECPrivateKey) kf.generatePrivate(xdhPriSpec);
equals(xdhPri.getScalar().get(), xdhPriDec.getScalar().get());
equals(xdhPri.getFormat(), xdhPriDec.getFormat());
equals(xdhPri.getEncoded(), xdhPriDec.getEncoded());
equals(((NamedParameterSpec) xdhPri.getParams()).getName(),
((NamedParameterSpec) xdhPriDec.getParams()).getName());
// Verify PublicKey attributes.
XECPublicKey xdhPub = (XECPublicKey) kp.getPublic();
X509EncodedKeySpec xdhPubSpec
= new X509EncodedKeySpec(xdhPub.getEncoded());
XECPublicKey xdhPubDec
= (XECPublicKey) kf.generatePublic(xdhPubSpec);
equals(xdhPub.getU(), xdhPubDec.getU());
equals(xdhPub.getFormat(), xdhPubDec.getFormat());
equals(xdhPub.getEncoded(), xdhPubDec.getEncoded());
equals(((NamedParameterSpec) xdhPub.getParams()).getName(),
((NamedParameterSpec) xdhPubDec.getParams()).getName());
break;
default:
throw new RuntimeException("Invalid Algo name " + kpgAlgo);
}
}
private static boolean equals(Object actual, Object expected) {
boolean equals = actual.equals(expected);
if (!equals) {
throw new RuntimeException(String.format("Actual: %s, Expected: %s",
actual, expected));
}
return equals;
}
private static boolean equals(byte[] actual, byte[] expected) {
boolean equals = Arrays.equals(actual, expected);
if (!equals) {
throw new RuntimeException(String.format("Actual array: %s, "
+ "Expected array:%s", Convert.byteArrayToHexString(actual),
Convert.byteArrayToHexString(expected)));
}
return equals;
}
}

316
test/jdk/java/security/KeyAgreement/KeySpecTest.java Normal file

@ -0,0 +1,316 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8184359
* @summary Standard tests on KeySpec, KeyFactory, KeyPairs and Keys.
* Arguments order <KeyExchangeAlgorithm> <Provider> <KeyGenAlgorithm> <Curve*>
* @run main KeySpecTest DiffieHellman SunJCE DiffieHellman
* @run main KeySpecTest ECDH SunEC EC
* @run main KeySpecTest XDH SunEC XDH X25519
* @run main KeySpecTest XDH SunEC XDH X448
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.security.spec.NamedParameterSpec;
import java.security.spec.XECPublicKeySpec;
import java.security.spec.XECPrivateKeySpec;
import java.security.spec.KeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.DHPrivateKeySpec;
import javax.crypto.spec.DHPublicKeySpec;
public class KeySpecTest {
public static void main(String[] args) throws Exception {
String kaAlgo = args[0];
String provider = args[1];
String kpgAlgo = args[2];
KeyPair kp = genKeyPair(provider, kpgAlgo,
(args.length > 3) ? args[3] : kpgAlgo);
testKeySpecs(provider, kaAlgo, kpgAlgo, kp);
testEncodedKeySpecs(provider, kaAlgo, kpgAlgo, kp);
}
/**
* Generate keyPair based on KeyPairGenerator algorithm.
*/
private static KeyPair genKeyPair(String provider, String kpgAlgo,
String kpgInit) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgo, provider);
switch (kpgInit) {
case "DiffieHellman":
kpg.initialize(512);
break;
case "EC":
kpg.initialize(256);
break;
case "X25519":
kpg.initialize(255);
break;
case "X448":
kpg.initialize(448);
break;
default:
throw new RuntimeException("Invalid Algo name " + kpgInit);
}
return kpg.generateKeyPair();
}
/**
* Standard Test with Keys and the one generated through Spec.
*/
private static void testKeySpecs(String provider, String kaAlgo,
String kpgAlgo, KeyPair kp) throws Exception {
KeyFactory kf = KeyFactory.getInstance(kpgAlgo, provider);
// For each public KeySpec supported by KeyPairGenerator
for (Class pubSpecType
: getCompatibleKeySpecs(kpgAlgo, KeyType.PUBLIC)) {
//For each private KeySpec supported by KeyPairGenerator
for (Class priSpecType
: getCompatibleKeySpecs(kpgAlgo, KeyType.PRIVATE)) {
// Transform original PublicKey through KeySpec
KeySpec pubSpec = kf.getKeySpec(kp.getPublic(), pubSpecType);
PublicKey pubKey = kf.generatePublic(pubSpec);
// Transform original PrivateKey through KeySpec
KeySpec priSpec = kf.getKeySpec(kp.getPrivate(), priSpecType);
PrivateKey priKey = kf.generatePrivate(priSpec);
// Test the keys are equal after transformation through KeySpec.
testKeyEquals(kp, pubKey, priKey);
// Test the keys are serializable.
testSerialize(kp);
// Test Parameter name.
if (!kaAlgo.equals("DiffieHellman")) {
testParamName(priSpec, pubSpec);
}
// Compare KeyAgreement secret generated from original keys
// and by the keys after transformed through KeySpec.
if (!Arrays.equals(getKeyAgreementSecret(provider, kaAlgo,
kp.getPublic(), kp.getPrivate()),
getKeyAgreementSecret(provider, kaAlgo,
pubKey, priKey))) {
throw new RuntimeException("KeyAgreement secret mismatch.");
}
}
}
}
/**
* Standard Test with Keys and the one generated from encoded bytes.
*/
private static void testEncodedKeySpecs(String provider, String kaAlgo,
String kpgAlgo, KeyPair kp) throws Exception {
KeyFactory kf = KeyFactory.getInstance(kpgAlgo, provider);
PKCS8EncodedKeySpec priSpec
= new PKCS8EncodedKeySpec(kp.getPrivate().getEncoded());
PrivateKey priKey = kf.generatePrivate(priSpec);
X509EncodedKeySpec pubSpec
= new X509EncodedKeySpec(kp.getPublic().getEncoded());
PublicKey pubKey = kf.generatePublic(pubSpec);
// Test the keys are equal after transformation through KeySpec.
testKeyEquals(kp, pubKey, priKey);
// Test the keys are serializable.
testSerialize(kp);
// Test Parameter name.
if (!kaAlgo.equals("DiffieHellman")) {
testParamName(priSpec, pubSpec);
}
// Compare KeyAgreement secret generated from original keys
// and by the keys after transformed through KeySpec.
if (!Arrays.equals(getKeyAgreementSecret(provider, kaAlgo,
kp.getPublic(), kp.getPrivate()),
getKeyAgreementSecret(provider, kaAlgo, pubKey, priKey))) {
throw new RuntimeException("KeyAgreement secret mismatch.");
}
}
private enum KeyType {
PUBLIC, PRIVATE;
}
/**
* Provides Compatible KeySpec Type list for KeyPairGenerator algorithm.
*/
private static List<Class> getCompatibleKeySpecs(String kpgAlgo,
KeyType type) {
List<Class> specs = new ArrayList<>();
switch (kpgAlgo) {
case "DiffieHellman":
if (type == KeyType.PUBLIC) {
return Arrays.asList(X509EncodedKeySpec.class,
DHPublicKeySpec.class);
} else {
return Arrays.asList(PKCS8EncodedKeySpec.class,
DHPrivateKeySpec.class);
}
case "EC":
if (type == KeyType.PUBLIC) {
return Arrays.asList(X509EncodedKeySpec.class,
ECPublicKeySpec.class);
} else {
return Arrays.asList(PKCS8EncodedKeySpec.class,
ECPrivateKeySpec.class);
}
case "XDH":
if (type == KeyType.PUBLIC) {
return Arrays.asList(X509EncodedKeySpec.class,
XECPublicKeySpec.class);
} else {
return Arrays.asList(PKCS8EncodedKeySpec.class,
XECPrivateKeySpec.class);
}
}
return specs;
}
/**
* Generate KeyAgreement Secret.
*/
private static byte[] getKeyAgreementSecret(String provider, String kaAlgo,
PublicKey pubKey, PrivateKey priKey) throws Exception {
KeyAgreement ka = KeyAgreement.getInstance(kaAlgo, provider);
ka.init(priKey);
ka.doPhase(pubKey, true);
return ka.generateSecret();
}
/**
* Compare original KeyPair with transformed ones.
*/
private static void testKeyEquals(KeyPair kp, PublicKey pubKey,
PrivateKey priKey) {
if (!kp.getPrivate().equals(priKey)
&& kp.getPrivate().hashCode() != priKey.hashCode()) {
throw new RuntimeException("PrivateKey is not equal with PrivateKey"
+ " generated through KeySpec");
}
if (!kp.getPublic().equals(pubKey)
&& kp.getPublic().hashCode() != pubKey.hashCode()) {
throw new RuntimeException("PublicKey is not equal with PublicKey"
+ " generated through KeySpec");
}
}
/**
* Compare the parameter names of Public/Private KeySpec from a pair.
*/
private static void testParamName(KeySpec priSpec, KeySpec pubSpec) {
if (priSpec instanceof XECPrivateKeySpec
&& pubSpec instanceof XECPublicKeySpec) {
if (((NamedParameterSpec) ((XECPrivateKeySpec) priSpec)
.getParams()).getName()
!= ((NamedParameterSpec) ((XECPublicKeySpec) pubSpec)
.getParams()).getName()) {
throw new RuntimeException("Curve name mismatch found");
}
}
}
/**
* Test serialization of KeyPair and Keys it holds.
*/
private static void testSerialize(KeyPair keyPair) throws Exception {
// Verify Serialized PrivateKey instance.
if (!keyPair.getPrivate().equals(
deserializedCopy(keyPair.getPrivate(), PrivateKey.class))) {
throw new RuntimeException("PrivateKey is not equal with PrivateKey"
+ " generated through Serialization");
}
// Verify Serialized PublicKey instance.
if (!keyPair.getPublic().equals(
deserializedCopy(keyPair.getPublic(), PublicKey.class))) {
throw new RuntimeException("PublicKey is not equal with PublicKey"
+ " generated through Serialization");
}
// Verify Serialized KeyPair instance.
KeyPair copy = deserializedCopy(keyPair, KeyPair.class);
if (!keyPair.getPrivate().equals(copy.getPrivate())) {
throw new RuntimeException("PrivateKey is not equal with PrivateKey"
+ " generated through Serialized KeyPair");
}
if (!keyPair.getPublic().equals(copy.getPublic())) {
throw new RuntimeException("PublicKey is not equal with PublicKey"
+ " generated through Serialized KeyPair");
}
}
private static <T extends Object> T deserializedCopy(T orig, Class<T> type)
throws IOException, ClassNotFoundException {
return deserialize(serialize(orig), type);
}
/**
* Deserialize the Key object.
*/
private static <T extends Object> T deserialize(byte[] serialized,
Class<T> type) throws IOException, ClassNotFoundException {
T key = null;
try (ByteArrayInputStream bis = new ByteArrayInputStream(serialized);
ObjectInputStream ois = new ObjectInputStream(bis)) {
key = (T) ois.readObject();
}
return key;
}
/**
* Serialize the given Key object.
*/
private static <T extends Object> byte[] serialize(T key)
throws IOException {
try (ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bos)) {
oos.writeObject(key);
return bos.toByteArray();
}
}
}

150
test/jdk/java/security/KeyAgreement/MultiThreadTest.java Normal file

@ -0,0 +1,150 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8184359
* @summary KeyPairGenerator Test with multiple threads.
* Arguments order <KeyExchangeAlgorithm> <Provider> <KeyGenAlgorithm> <Curve*>
* @run main MultiThreadTest DiffieHellman SunJCE DiffieHellman
* @run main MultiThreadTest ECDH SunEC EC
* @run main MultiThreadTest XDH SunEC XDH X25519
* @run main MultiThreadTest XDH SunEC XDH X448
*/
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.Arrays;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import javax.crypto.KeyAgreement;
/**
* This test targets KeyPairGenerator API related issue in a multi threaded
* context.
*/
public class MultiThreadTest {
// Tested a shared KeyPairGenerator with 100 number of threads.
private static final int THREAD_COUNT = 100;
public static void main(String[] args) throws Exception {
String kaAlgo = args[0];
String provider = args[1];
String kpgAlgo = args[2];
KeyPairGenerator kpg = genKeyGenerator(provider, kpgAlgo,
(args.length > 3) ? args[3] : kpgAlgo);
new MultiThreadTest().runTest(provider, kaAlgo, kpg);
}
/**
* Initialize KeyPairGenerator based on different algorithm names.
*/
private static KeyPairGenerator genKeyGenerator(String provider,
String kpgAlgo, String kpgInit) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgo, provider);
switch (kpgInit) {
case "DiffieHellman":
kpg.initialize(512);
break;
case "EC":
kpg.initialize(256);
break;
case "X25519":
kpg.initialize(255);
break;
case "X448":
kpg.initialize(448);
break;
default:
throw new RuntimeException("Invalid Algo name " + kpgInit);
}
return kpg;
}
private void runTest(String provider, String kaAlgo, KeyPairGenerator kpg)
throws Exception {
ExecutorService executor = null;
try {
executor = Executors.newCachedThreadPool(new ThreadFactory() {
@Override
public Thread newThread(Runnable r) {
Thread t = Executors.defaultThreadFactory().newThread(r);
t.setDaemon(true);
return t;
}
});
CountDownLatch latch = new CountDownLatch(THREAD_COUNT);
for (int i = 0; i < THREAD_COUNT; i++) {
executor.execute(new Runnable() {
@Override
public void run() {
try {
testKeyAgreement(provider, kaAlgo, kpg);
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
// Indicate a task completed.
latch.countDown();
}
}
});
}
// Wait till all tasks get complete.
latch.await();
} finally {
if (executor != null) {
executor.shutdown();
}
}
}
/**
* Perform KeyAgreement operation with a shared KeyPairGenerator instance.
*/
private static void testKeyAgreement(String provider, String kaAlgo,
KeyPairGenerator kpg) throws Exception {
KeyPair kp1 = kpg.generateKeyPair();
KeyPair kp2 = kpg.generateKeyPair();
KeyAgreement ka1 = KeyAgreement.getInstance(kaAlgo, provider);
ka1.init(kp1.getPrivate());
ka1.doPhase(kp2.getPublic(), true);
byte[] secret1 = ka1.generateSecret();
KeyAgreement ka2 = KeyAgreement.getInstance(kaAlgo, provider);
ka2.init(kp2.getPrivate());
ka2.doPhase(kp1.getPublic(), true);
byte[] secret2 = ka2.generateSecret();
// With related keypairs, generated KeyAgreement secret should be same.
if (!Arrays.equals(secret1, secret2)) {
throw new Exception("KeyAgreement secret mismatch.");
}
}
}

408
test/jdk/java/security/KeyAgreement/NegativeTest.java Normal file

@ -0,0 +1,408 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8200219
* @summary Negative tests for Key related Test with DiffieHellman, ECDH, XDH.
* It Tests,
* Use modified encoding while generating Public/Private Keys
* Short, long, unsupported keysize
* Invalid Algo names including Null
* Invalid provider names including Null
* Invalid curve names
* Invalid spec usage
* Arguments order <KeyExchangeAlgorithm> <Provider> <KeyGenAlgorithm>
* <keySize> <Curve*>
* @library /test/lib
* @build jdk.test.lib.Convert
* @run main NegativeTest DiffieHellman SunJCE DiffieHellman 1024
* @run main NegativeTest ECDH SunEC EC 256
* @run main NegativeTest XDH SunEC XDH 255 X25519
* @run main NegativeTest XDH SunEC XDH 448 X448
*/
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.NamedParameterSpec;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.security.spec.XECPrivateKeySpec;
import java.security.spec.XECPublicKeySpec;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import jdk.test.lib.Convert;
public class NegativeTest {
public static void main(String[] args) throws Exception {
String kaAlgo = args[0];
String provider = args[1];
String kpgAlgo = args[2];
int keySize = Integer.parseInt(args[3]);
String kpgInit = (args.length > 4) ? args[4] : args[2];
testModifiedKeyEncodingTest(provider, kpgAlgo, kpgInit);
testInvalidKeyLen(provider, kaAlgo, kpgAlgo, kpgInit);
testInvalidKpgAlgo(provider, kaAlgo, keySize);
testInvalidKaAlgo(provider, kpgAlgo, keySize);
testInvalidProvider(kaAlgo, kpgAlgo, keySize);
if (!kaAlgo.equals("DiffieHellman")) {
testNamedParameter(provider, kpgAlgo);
}
if (kaAlgo.equals("XDH")) {
testInvalidSpec(provider, kpgAlgo, kpgInit);
testInCompatibleSpec(provider, kpgAlgo, kpgInit);
}
}
/**
* Generate keyPair based on KeyPairGenerator algorithm.
*/
private static KeyPair genKeyPair(String provider, String kpgAlgo,
String kpgInit) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgo,
Security.getProvider(provider));
switch (kpgInit) {
case "DiffieHellman":
kpg.initialize(512);
break;
case "EC":
kpg.initialize(256);
break;
case "X25519":
kpg.initialize(255);
break;
case "X448":
kpg.initialize(448);
break;
default:
throw new RuntimeException("Invalid Algo name " + kpgInit);
}
return kpg.generateKeyPair();
}
private static void testModifiedKeyEncodingTest(String provider,
String kpgAlgo, String kpgInit) throws Exception {
KeyFactory kf = KeyFactory.getInstance(kpgAlgo, provider);
KeyPair kp = genKeyPair(provider, kpgAlgo, kpgInit);
// Test modified PrivateKey encoding
byte[] encoded = kp.getPrivate().getEncoded();
byte[] modified = modifyEncoded(encoded);
PKCS8EncodedKeySpec priSpec = new PKCS8EncodedKeySpec(modified);
try {
// Generate PrivateKey with modified encoding
kf.generatePrivate(priSpec);
throw new RuntimeException(
"testModifiedKeyTest should fail but passed.");
} catch (InvalidKeySpecException e) {
System.out.printf("Expected InvalidKeySpecException for invalid "
+ "PrivateKey %s%n and modified encoding: %s, %s%n",
Convert.byteArrayToHexString(encoded),
Convert.byteArrayToHexString(modified), e.getMessage());
}
// Test modified PublicKey encoding
encoded = kp.getPublic().getEncoded();
modified = modifyEncoded(encoded);
X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(modified);
try {
// Generate PublicKey with modified encoding
kf.generatePublic(pubSpec);
throw new RuntimeException(
"testModifiedKeyTest should fail but passed.");
} catch (InvalidKeySpecException e) {
System.out.printf("Expected InvalidKeySpecException for invalid "
+ "PublicKey %s%n and modified encoding: %s, %s%n",
Convert.byteArrayToHexString(encoded),
Convert.byteArrayToHexString(modified), e.getMessage());
}
}
/**
* Test with all Invalid key length.
*/
private static void testInvalidKeyLen(String provider, String kaAlgo,
String kpgAlgo, String kpgInit) throws Exception {
for (int keySize : selectInvalidKeylength(kpgInit)) {
try {
startKeyAgreement(provider, kaAlgo, kpgAlgo, keySize);
throw new RuntimeException(
"testInvalidKeyLen should fail but passed.");
} catch (InvalidParameterException e) {
System.out.printf("Expected InvalidParameterException for "
+ "keyLength: %s, %s%n", keySize, e.getMessage());
}
}
}
/**
* Test with all Invalid KeyPairGenerator algorithms.
*/
private static void testInvalidKpgAlgo(String provider, String algo,
int keySize) throws Exception {
for (String kpgAlgo : new String[]{null, " ", "", "NoSuchAlgorithm"}) {
try {
startKeyAgreement(provider, algo, kpgAlgo, keySize);
throw new RuntimeException(
"testInvalidKpgAlgo should fail but passed.");
} catch (NoSuchAlgorithmException e) {
System.out.printf("Expected NoSuchAlgorithmException for "
+ "KeyAgreement algo: %s, %s%n",
kpgAlgo, e.getMessage());
} catch (NullPointerException e) {
if (kpgAlgo == null) {
System.out.printf("Expected NullPointerException for "
+ "KeyPairGenerator algo: %s, %s%n",
kpgAlgo, e.getMessage());
continue;
}
throw new RuntimeException(
"Unknown failure in testInvalidKpgAlgo.");
}
}
}
/**
* Test with all Invalid KeyAgreement algorithms.
*/
private static void testInvalidKaAlgo(String provider, String kpgAlgo,
int keySize) throws Exception {
for (String algo : new String[]{null, " ", "", "NoSuchAlgorithm"}) {
try {
startKeyAgreement(provider, algo, kpgAlgo, keySize);
throw new RuntimeException(
"testInvalidKaAlgo should fail but passed.");
} catch (NoSuchAlgorithmException e) {
System.out.printf("Expected NoSuchAlgorithmException for "
+ "KeyAgreement algo: %s, %s%n", algo, e.getMessage());
} catch (NullPointerException e) {
if (algo == null) {
System.out.printf("Expected NullPointerException for "
+ "KeyAgreement algo: %s, %s%n",
algo, e.getMessage());
continue;
}
throw new RuntimeException(
"Unknown failure in testInvalidKaAlgo.");
}
}
}
/**
* Test with all Invalid Provider names.
*/
private static void testInvalidProvider(String kaAlgo, String kpgAlgo,
int keySize) throws Exception {
for (String provider : new String[]{null, " ", "", "NoSuchProvider"}) {
try {
startKeyAgreement(provider, kaAlgo, kpgAlgo, keySize);
throw new RuntimeException(
"testInvalidProvider should fail but passed.");
} catch (NoSuchProviderException e) {
System.out.printf("Expected NoSuchProviderException for "
+ "Provider: %s, %s%n", provider, e.getMessage());
} catch (IllegalArgumentException e) {
System.out.printf("Expected IllegalArgumentException for "
+ "Provider: %s, %s%n", provider, e.getMessage());
}
}
}
/**
* Test for (in)valid curve names as argument to NamedParameterSpec
*/
private static void testNamedParameter(String provider, String kpgAlgo)
throws Exception {
for (String name : new String[]{null, " ", "", "NoSuchCurve"}) {
try {
NamedParameterSpec spec = new NamedParameterSpec(name);
KeyPairGenerator kpg
= KeyPairGenerator.getInstance(kpgAlgo, provider);
kpg.initialize(spec);
kpg.generateKeyPair();
throw new RuntimeException(
"testNamedParameter should fail but passed.");
} catch (NullPointerException e) {
if (name == null) {
System.out.printf("Expected NullPointerException for "
+ "NamedParameterSpec name: %s, %s%n",
name, e.getMessage());
continue;
}
throw new RuntimeException(
"Unknown failure in testNamedParameter.");
} catch (InvalidAlgorithmParameterException e) {
System.out.printf("Expected InvalidAlgorithmParameterException"
+ " for NamedParameterSpec name: %s, %s%n",
name, e.getMessage());
}
}
}
/**
* Test to generate Public/Private keys using (in)valid coordinate/scalar.
*/
private static void testInvalidSpec(String provider,
String kpgAlgo, String curve) throws Exception {
NamedParameterSpec spec = new NamedParameterSpec(curve);
KeyFactory kf = KeyFactory.getInstance(kpgAlgo, provider);
int validLen = curve.equalsIgnoreCase("X448") ? 56 : 32;
for (byte[] scalarBytes : new byte[][]{null, new byte[]{},
new byte[32], new byte[56], new byte[65535]}) {
try {
KeySpec privateSpec = new XECPrivateKeySpec(spec, scalarBytes);
kf.generatePrivate(privateSpec);
if (scalarBytes.length != validLen) {
throw new RuntimeException(String.format("testInvalidSpec "
+ "should fail but passed when Scalar bytes length "
+ "!= %s for curve %s", validLen, curve));
}
} catch (NullPointerException e) {
if (scalarBytes == null) {
System.out.printf("Expected NullPointerException for "
+ "scalar: %s, %s%n", scalarBytes, e.getMessage());
continue;
}
throw new RuntimeException(e);
} catch (InvalidKeySpecException e) {
if (scalarBytes.length != validLen) {
System.out.printf("Expected InvalidKeySpecException for "
+ "scalar length %s and curve %s: %s%n",
scalarBytes.length, curve, e.getMessage());
continue;
}
throw new RuntimeException(e);
}
}
for (BigInteger coordinate : new BigInteger[]{null, BigInteger.ZERO,
BigInteger.ONE, new BigInteger("2").pow(255),
new BigInteger("2").pow(448)}) {
try {
KeySpec publicSpec = new XECPublicKeySpec(spec, coordinate);
kf.generatePublic(publicSpec);
} catch (NullPointerException e) {
if (coordinate == null) {
System.out.printf("Expected NullPointerException for "
+ "coordinate : %s, %s%n", coordinate,
e.getMessage());
continue;
}
throw new RuntimeException(e);
}
}
}
private static void testInCompatibleSpec(String provider,
String kpgAlgo, String curve) throws Exception {
int validLen = curve.equalsIgnoreCase("X448") ? 56 : 32;
NamedParameterSpec spec = new NamedParameterSpec(curve);
KeyFactory kf = KeyFactory.getInstance(kpgAlgo, provider);
KeySpec privateSpec = new XECPrivateKeySpec(spec, new byte[validLen]);
KeySpec publicSpec = new XECPublicKeySpec(spec, BigInteger.ONE);
try {
kf.generatePrivate(publicSpec);
throw new RuntimeException(
"testInCompatibleSpec should fail but passed.");
} catch (InvalidKeySpecException e) {
System.out.printf("Expected XECPublicKeySpec to XECPrivateKeySpec :"
+ " %s%n", e.getMessage());
}
try {
kf.generatePublic(privateSpec);
throw new RuntimeException(
"testInCompatibleSpec should fail but passed.");
} catch (InvalidKeySpecException e) {
System.out.printf("Expected XECPrivateKeySpec to XECPublicKeySpec :"
+ " %s%n", e.getMessage());
}
}
/**
* Perform KeyAgreement operation.
*/
private static void startKeyAgreement(String provider, String kaAlgo,
String kpgAlgo, int keySize) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgo, provider);
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
KeyAgreement ka = KeyAgreement.getInstance(kaAlgo, provider);
ka.init(kp.getPrivate());
ka.doPhase(kp.getPublic(), true);
ka.generateSecret();
}
/**
* Return manipulated encoded bytes.
*/
private static byte[] modifyEncoded(byte[] encoded) {
byte[] copy = Arrays.copyOf(encoded, encoded.length);
for (int i = 0; i < copy.length; i++) {
copy[i] = (byte) ~copy[i];
}
return copy;
}
/**
* Select invalid key sizes for different Key generation algorithms.
*/
private static int[] selectInvalidKeylength(String kpgInit) {
int[] keySize = new int[]{};
switch (kpgInit) {
case "DiffieHellman":
keySize = new int[]{256, 513, 1023, 2176, 4032, 6400, 8200};
break;
case "EC":
keySize = new int[]{100, 300};
break;
case "X25519":
keySize = new int[]{100, 300};
break;
case "X448":
keySize = new int[]{100, 500};
break;
default:
throw new RuntimeException("Invalid Algo name " + kpgInit);
}
return keySize;
}
}

490
test/jdk/sun/security/ec/xec/TestXDH.java Normal file

@ -0,0 +1,490 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8171277
* @summary Test XDH key agreement
* @library /test/lib
* @build jdk.test.lib.Convert
* @run main TestXDH
*/
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import java.util.Arrays;
import java.math.BigInteger;
import jdk.test.lib.Convert;
public class TestXDH {
public static void main(String[] args) throws Exception {
runBasicTests();
runKAT();
runSmallOrderTest();
runNonCanonicalTest();
runCurveMixTest();
}
private static void runBasicTests() throws Exception {
runBasicTest("XDH", null);
runBasicTest("XDH", 255);
runBasicTest("XDH", 448);
runBasicTest("XDH", "X25519");
runBasicTest("XDH", "X448");
runBasicTest("X25519", null);
runBasicTest("X448", null);
runBasicTest("1.3.101.110", null);
runBasicTest("1.3.101.111", null);
runBasicTest("OID.1.3.101.110", null);
runBasicTest("OID.1.3.101.111", null);
}
private static void runBasicTest(String name, Object param)
throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(name);
if (param instanceof Integer) {
kpg.initialize((Integer) param);
} else if (param instanceof String) {
kpg.initialize(new NamedParameterSpec((String) param));
}
KeyPair kp = kpg.generateKeyPair();
KeyAgreement ka = KeyAgreement.getInstance(name);
ka.init(kp.getPrivate());
ka.doPhase(kp.getPublic(), true);
byte[] secret = ka.generateSecret();
KeyFactory kf = KeyFactory.getInstance(name);
// Test with X509 and PKCS8 key specs
X509EncodedKeySpec pubSpec =
kf.getKeySpec(kp.getPublic(), X509EncodedKeySpec.class);
PKCS8EncodedKeySpec priSpec =
kf.getKeySpec(kp.getPrivate(), PKCS8EncodedKeySpec.class);
PublicKey pubKey = kf.generatePublic(pubSpec);
PrivateKey priKey = kf.generatePrivate(priSpec);
ka.init(priKey);
ka.doPhase(pubKey, true);
byte[] secret2 = ka.generateSecret();
if (!Arrays.equals(secret, secret2)) {
throw new RuntimeException("Arrays not equal");
}
// test with XDH key specs
XECPublicKeySpec xdhPublic =
kf.getKeySpec(kp.getPublic(), XECPublicKeySpec.class);
XECPrivateKeySpec xdhPrivate =
kf.getKeySpec(kp.getPrivate(), XECPrivateKeySpec.class);
PublicKey pubKey2 = kf.generatePublic(xdhPublic);
PrivateKey priKey2 = kf.generatePrivate(xdhPrivate);
ka.init(priKey2);
ka.doPhase(pubKey2, true);
byte[] secret3 = ka.generateSecret();
if (!Arrays.equals(secret, secret3)) {
throw new RuntimeException("Arrays not equal");
}
}
private static void runSmallOrderTest() throws Exception {
// Ensure that small-order points are rejected
// X25519
// 0
testSmallOrder(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000");
// 1 and -1
testSmallOrder(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"0100000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000");
testSmallOrder(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
"0000000000000000000000000000000000000000000000000000000000000000");
// order 8 points
testSmallOrder(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157",
"0000000000000000000000000000000000000000000000000000000000000000");
testSmallOrder(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800",
"0000000000000000000000000000000000000000000000000000000000000000");
// X448
// 0
testSmallOrder(
"X448",
"9A8F4925D1519F5775CF46B04B5800D4EE9EE8BAE8BC5565D498C28DD9C9BA" +
"F574A9419744897391006382A6F127AB1D9AC2D8C0A598726B",
"00000000000000000000000000000000000000000000000000000000000000" +
"00000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000000000000000000000000000000000" +
"00000000000000000000000000000000000000000000000000");
// 1 and -1
testSmallOrder(
"X448",
"9A8F4925D1519F5775CF46B04B5800D4EE9EE8BAE8BC5565D498C28DD9C9BA" +
"F574A9419744897391006382A6F127AB1D9AC2D8C0A598726B",
"01000000000000000000000000000000000000000000000000000000000000" +
"00000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000000000000000000000000000000000" +
"00000000000000000000000000000000000000000000000000");
testSmallOrder(
"X448",
"9A8F4925D1519F5775CF46B04B5800D4EE9EE8BAE8BC5565D498C28DD9C9BAF" +
"574A9419744897391006382A6F127AB1D9AC2D8C0A598726B",
"fefffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff" +
"fffffffffffffffffffffffffffffffffffffffffffffffff",
"000000000000000000000000000000000000000000000000000000000000000" +
"0000000000000000000000000000000000000000000000000");
}
private static void testSmallOrder(String name, String a_pri,
String b_pub, String result) throws Exception {
try {
runDiffieHellmanTest(name, a_pri, b_pub, result);
} catch (InvalidKeyException ex) {
return;
}
throw new RuntimeException("No exception on small-order point");
}
private static void runNonCanonicalTest() throws Exception {
// Test non-canonical values
// high bit of public key set
// X25519
runDiffieHellmanTest(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B8F",
"954e472439316f118ae158b65619eecff9e6bcf51ab29add66f3fd088681e233");
runDiffieHellmanTest(
"302e020100300706032b656e0500042077076d0a7318a57d3c16c17251b266" +
"45df4c2f87ebc0992ab177fba51db92c2a",
"302c300706032b656e0500032100de9edb7d7b7dc1b4d35b61c2ece435373f" +
"8343c85b78674dadfc7e146f882b8f",
"954e472439316f118ae158b65619eecff9e6bcf51ab29add66f3fd088681e233");
// large public key
// X25519
// public key value is 2^255-2
runDiffieHellmanTest(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7F",
"81a02a45014594332261085128959869fc0540c6b12380f51db4b41380de2c2c");
runDiffieHellmanTest(
"302e020100300706032b656e0500042077076d0a7318a57d3c16c17251b266" +
"45df4c2f87ebc0992ab177fba51db92c2a",
"302c300706032b656e0500032100FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF7F",
"81a02a45014594332261085128959869fc0540c6b12380f51db4b41380de2c2c");
// X448
// public key value is 2^448-2
runDiffieHellmanTest(
"X448",
"9A8F4925D1519F5775CF46B04B5800D4EE9EE8BAE8BC5565D498C28DD9C9BA" +
"F574A9419744897391006382A6F127AB1D9AC2D8C0A598726B",
"FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
"66e2e682b1f8e68c809f1bb3e406bd826921d9c1a5bfbfcbab7ae72feecee6" +
"3660eabd54934f3382061d17607f581a90bdac917a064959fb");
runDiffieHellmanTest(
"3046020100300706032B656F050004389A8F4925D1519F5775CF46B04B5800" +
"D4EE9EE8BAE8BC5565D498C28DD9C9BAF574A9419744897391006382A6F127" +
"AB1D9AC2D8C0A598726B",
"3044300706032B656F0500033900FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +
"FFFFFFFFFFFFFFFF",
"66e2e682b1f8e68c809f1bb3e406bd826921d9c1a5bfbfcbab7ae72feecee6" +
"3660eabd54934f3382061d17607f581a90bdac917a064959fb");
}
private static void runKAT() throws Exception {
// Test both sides of the key exchange using vectors in RFC 7748
// X25519
// raw
runDiffieHellmanTest(
"X25519",
"77076D0A7318A57D3C16C17251B26645DF4C2F87EBC0992AB177FBA51DB92C2A",
"DE9EDB7D7B7DC1B4D35B61C2ECE435373F8343C85B78674DADFC7E146F882B4F",
"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
runDiffieHellmanTest(
"X25519",
"5DAB087E624A8A4B79E17F8B83800EE66F3BB1292618B6FD1C2F8B27FF88E0EB",
"8520F0098930A754748B7DDCB43EF75A0DBF3A0D26381AF4EBA4A98EAA9B4E6A",
"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
// encoded
runDiffieHellmanTest(
"302E020100300706032B656E0500042077076D0A7318A57D3C16C17251B266" +
"45DF4C2F87EBC0992AB177FBA51DB92C2A",
"302C300706032B656E0500032100DE9EDB7D7B7DC1B4D35B61C2ECE435373F" +
"8343C85B78674DADFC7E146F882B4F",
"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
runDiffieHellmanTest(
"302E020100300706032B656E050004205DAB087E624A8A4B79E17F8B83800E" +
"E66F3BB1292618B6FD1C2F8B27FF88E0EB",
"302C300706032B656E05000321008520F0098930A754748B7DDCB43EF75A0D" +
"BF3A0D26381AF4EBA4A98EAA9B4E6A",
"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
// X448
//raw
runDiffieHellmanTest(
"X448",
"9A8F4925D1519F5775CF46B04B5800D4EE9EE8BAE8BC5565D498C28DD9C9BA" +
"F574A9419744897391006382A6F127AB1D9AC2D8C0A598726B",
"3EB7A829B0CD20F5BCFC0B599B6FECCF6DA4627107BDB0D4F345B43027D8B9" +
"72FC3E34FB4232A13CA706DCB57AEC3DAE07BDC1C67BF33609",
"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b" +
"56fd2464c335543936521c24403085d59a449a5037514a879d");
runDiffieHellmanTest(
"X448",
"1C306A7AC2A0E2E0990B294470CBA339E6453772B075811D8FAD0D1D6927C1" +
"20BB5EE8972B0D3E21374C9C921B09D1B0366F10B65173992D",
"9B08F7CC31B7E3E67D22D5AEA121074A273BD2B83DE09C63FAA73D2C22C5D9" +
"BBC836647241D953D40C5B12DA88120D53177F80E532C41FA0",
"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b" +
"56fd2464c335543936521c24403085d59a449a5037514a879d");
//encoded
runDiffieHellmanTest(
"3046020100300706032B656F050004389A8F4925D1519F5775CF46B04B5800" +
"D4EE9EE8BAE8BC5565D498C28DD9C9BAF574A9419744897391006382A6F127" +
"AB1D9AC2D8C0A598726B",
"3044300706032B656F05000339003EB7A829B0CD20F5BCFC0B599B6FECCF6D" +
"A4627107BDB0D4F345B43027D8B972FC3E34FB4232A13CA706DCB57AEC3DAE" +
"07BDC1C67BF33609",
"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b" +
"56fd2464c335543936521c24403085d59a449a5037514a879d");
runDiffieHellmanTest(
"3046020100300706032B656F050004381C306A7AC2A0E2E0990B294470CBA3" +
"39E6453772B075811D8FAD0D1D6927C120BB5EE8972B0D3E21374C9C921B09" +
"D1B0366F10B65173992D",
"3044300706032B656F05000339009B08F7CC31B7E3E67D22D5AEA121074A27" +
"3BD2B83DE09C63FAA73D2C22C5D9BBC836647241D953D40C5B12DA88120D53" +
"177F80E532C41FA0",
"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b" +
"56fd2464c335543936521c24403085d59a449a5037514a879d");
}
private static void runDiffieHellmanTest(String a_pri,
String b_pub, String result) throws Exception {
KeyFactory kf = KeyFactory.getInstance("XDH");
byte[] a_pri_ba = Convert.hexStringToByteArray(a_pri);
KeySpec privateSpec = new PKCS8EncodedKeySpec(a_pri_ba);
PrivateKey privateKey = kf.generatePrivate(privateSpec);
byte[] b_pub_ba = Convert.hexStringToByteArray(b_pub);
KeySpec publicSpec = new X509EncodedKeySpec(b_pub_ba);
PublicKey publicKey = kf.generatePublic(publicSpec);
KeyAgreement ka = KeyAgreement.getInstance("XDH");
ka.init(privateKey);
ka.doPhase(publicKey, true);
byte[] sharedSecret = ka.generateSecret();
byte[] expectedResult = Convert.hexStringToByteArray(result);
if (!Arrays.equals(sharedSecret, expectedResult)) {
throw new RuntimeException("fail: expected=" + result + ", actual="
+ Convert.byteArrayToHexString(sharedSecret));
}
}
private static void runDiffieHellmanTest(String curveName, String a_pri,
String b_pub, String result) throws Exception {
NamedParameterSpec paramSpec = new NamedParameterSpec(curveName);
KeyFactory kf = KeyFactory.getInstance("XDH");
KeySpec privateSpec = new XECPrivateKeySpec(paramSpec,
Convert.hexStringToByteArray(a_pri));
PrivateKey privateKey = kf.generatePrivate(privateSpec);
boolean clearHighBit = curveName.equals("X25519");
KeySpec publicSpec = new XECPublicKeySpec(paramSpec,
Convert.hexStringToBigInteger(clearHighBit, b_pub));
PublicKey publicKey = kf.generatePublic(publicSpec);
byte[] encodedPrivateKey = privateKey.getEncoded();
System.out.println("Encoded private: " +
Convert.byteArrayToHexString(encodedPrivateKey));
byte[] encodedPublicKey = publicKey.getEncoded();
System.out.println("Encoded public: " +
Convert.byteArrayToHexString(encodedPublicKey));
KeyAgreement ka = KeyAgreement.getInstance("XDH");
ka.init(privateKey);
ka.doPhase(publicKey, true);
byte[] sharedSecret = ka.generateSecret();
byte[] expectedResult = Convert.hexStringToByteArray(result);
if (!Arrays.equals(sharedSecret, expectedResult)) {
throw new RuntimeException("fail: expected=" + result + ", actual="
+ Convert.byteArrayToHexString(sharedSecret));
}
}
/*
* Ensure that SunEC rejects parameters/points for the wrong curve
* when the algorithm ID for a specific curve is specified.
*/
private static void runCurveMixTest() throws Exception {
runCurveMixTest("SunEC", "X25519", 448);
runCurveMixTest("SunEC", "X25519", "X448");
runCurveMixTest("SunEC", "X448", 255);
runCurveMixTest("SunEC", "X448", "X25519");
}
private static void runCurveMixTest(String providerName, String name,
Object param) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(name,
providerName);
try {
if (param instanceof Integer) {
kpg.initialize((Integer) param);
} else if (param instanceof String) {
kpg.initialize(new NamedParameterSpec((String) param));
}
throw new RuntimeException(name + " KeyPairGenerator accepted "
+ param.toString() + " parameters");
} catch (InvalidParameterException ex) {
// expected
}
// the rest of the test uses the parameter as an algorithm name to
// produce keys
if (param instanceof Integer) {
return;
}
String otherName = (String) param;
KeyPairGenerator otherKpg = KeyPairGenerator.getInstance(otherName,
providerName);
KeyPair otherKp = otherKpg.generateKeyPair();
// ensure the KeyFactory rejects incorrect keys
KeyFactory kf = KeyFactory.getInstance(name, providerName);
try {
kf.getKeySpec(otherKp.getPublic(), XECPublicKeySpec.class);
throw new RuntimeException(name + " KeyFactory accepted "
+ param.toString() + " key");
} catch (InvalidKeySpecException ex) {
// expected
}
try {
kf.getKeySpec(otherKp.getPrivate(), XECPrivateKeySpec.class);
throw new RuntimeException(name + " KeyFactory accepted "
+ param.toString() + " key");
} catch (InvalidKeySpecException ex) {
// expected
}
try {
kf.translateKey(otherKp.getPublic());
throw new RuntimeException(name + " KeyFactory accepted "
+ param.toString() + " key");
} catch (InvalidKeyException ex) {
// expected
}
try {
kf.translateKey(otherKp.getPrivate());
throw new RuntimeException(name + " KeyFactory accepted "
+ param.toString() + " key");
} catch (InvalidKeyException ex) {
// expected
}
KeyFactory otherKf = KeyFactory.getInstance(otherName, providerName);
XECPublicKeySpec otherPubSpec = otherKf.getKeySpec(otherKp.getPublic(),
XECPublicKeySpec.class);
try {
kf.generatePublic(otherPubSpec);
throw new RuntimeException(name + " KeyFactory accepted "
+ param.toString() + " key");
} catch (InvalidKeySpecException ex) {
// expected
}
XECPrivateKeySpec otherPriSpec =
otherKf.getKeySpec(otherKp.getPrivate(), XECPrivateKeySpec.class);
try {
kf.generatePrivate(otherPriSpec);
throw new RuntimeException(name + " KeyFactory accepted "
+ param.toString() + " key");
} catch (InvalidKeySpecException ex) {
// expected
}
// ensure the KeyAgreement rejects incorrect keys
KeyAgreement ka = KeyAgreement.getInstance(name, providerName);
try {
ka.init(otherKp.getPrivate());
throw new RuntimeException(name + " KeyAgreement accepted "
+ param.toString() + " key");
} catch (InvalidKeyException ex) {
// expected
}
KeyPair kp = kpg.generateKeyPair();
ka.init(kp.getPrivate());
try {
// This should always be rejected because it doesn't match the key
// passed to init, but it is tested here for good measure.
ka.doPhase(otherKp.getPublic(), true);
throw new RuntimeException(name + " KeyAgreement accepted "
+ param.toString() + " key");
} catch (InvalidKeyException ex) {
// expected
}
}
}

130
test/jdk/sun/security/ec/xec/TestXECOps.java Normal file

@ -0,0 +1,130 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8171277
* @summary Test XEC curve operations
* @modules jdk.crypto.ec/sun.security.ec
* @library /test/lib
* @build jdk.test.lib.Convert
* @run main TestXECOps
*/
import sun.security.ec.*;
import java.util.*;
import jdk.test.lib.Convert;
// Test vectors are from RFC 7748
public class TestXECOps {
public static void main(String[] args) {
TestXECOps m = new TestXECOps();
m.runTest("X25519",
"a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
"e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c",
"c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552");
m.runTest("X25519",
"4b66e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba0d",
"e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a493",
"95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957");
m.runDiffieHellmanTest("X25519",
"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb",
"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
m.runTest("X448",
"3d262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a77" +
"9c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3",
"06fce640fa3487bfda5f6cf2d5263f8aad88334cbd07437f020f08f9814dc0" +
"31ddbdc38c19c6da2583fa5429db94ada18aa7a7fb4ef8a086",
"ce3e4ff95a60dc6697da1db1d85e6afbdf79b50a2412d7546d5f239fe14fba" +
"adeb445fc66a01b0779d98223961111e21766282f73dd96b6f");
m.runTest("X448",
"203d494428b8399352665ddca42f9de8fef600908e0d461cb021f8c538345d" +
"d77c3e4806e25f46d3315c44e0a5b4371282dd2c8d5be3095f",
"0fbcc2f993cd56d3305b0b7d9e55d4c1a8fb5dbb52f8e9a1e9b6201b165d01" +
"5894e56c4d3570bee52fe205e28a78b91cdfbde71ce8d157db",
"884a02576239ff7a2f2f63b2db6a9ff37047ac13568e1e30fe63c4a7ad1b3e" +
"e3a5700df34321d62077e63633c575c1c954514e99da7c179d");
m.runDiffieHellmanTest("X448",
"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9ba" +
"f574a9419744897391006382a6f127ab1d9ac2d8c0a598726b",
"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c1" +
"20bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d",
"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b" +
"56fd2464c335543936521c24403085d59a449a5037514a879d");
}
private void runDiffieHellmanTest(String opName, String a_str,
String b_str, String result_str) {
XECParameters settings = XECParameters.getByName(opName).get();
XECOperations ops = new XECOperations(settings);
byte[] basePoint = Convert.byteToByteArray(settings.getBasePoint(),
settings.getBytes());
byte[] a = Convert.hexStringToByteArray(a_str);
byte[] b = Convert.hexStringToByteArray(b_str);
byte[] expectedResult = Convert.hexStringToByteArray(result_str);
byte[] a_copy = Arrays.copyOf(a, a.length);
byte[] b_copy = Arrays.copyOf(b, b.length);
byte[] basePoint_copy = Arrays.copyOf(basePoint, basePoint.length);
byte[] resultA = ops.encodedPointMultiply(b,
ops.encodedPointMultiply(a, basePoint));
byte[] resultB = ops.encodedPointMultiply(a_copy,
ops.encodedPointMultiply(b_copy, basePoint_copy));
if (!Arrays.equals(resultA, expectedResult)) {
throw new RuntimeException("fail");
}
if (!Arrays.equals(resultB, expectedResult)) {
throw new RuntimeException("fail");
}
}
private void runTest(String opName, String k_in_str,
String u_in_str, String u_out_str) {
byte[] k_in = Convert.hexStringToByteArray(k_in_str);
byte[] u_in = Convert.hexStringToByteArray(u_in_str);
byte[] u_out_expected = Convert.hexStringToByteArray(u_out_str);
XECParameters settings = XECParameters.getByName(opName).get();
XECOperations ops = new XECOperations(settings);
byte[] u_out = ops.encodedPointMultiply(k_in, u_in);
if (!Arrays.equals(u_out, u_out_expected)) {
throw new RuntimeException("fail");
}
}
}

2002
test/jdk/sun/security/ec/xec/X25519.iter Normal file

File diff suppressed because it is too large Load Diff

2002
test/jdk/sun/security/ec/xec/X448.iter Normal file

File diff suppressed because it is too large Load Diff

137
test/jdk/sun/security/ec/xec/XECIterative.java Normal file

@ -0,0 +1,137 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8171277
* @summary XEC curve operations iterative test vectors
* @library /test/lib
* @build jdk.test.lib.Convert
* @modules jdk.crypto.ec/sun.security.ec
* @run main XECIterative 0 10000
* @run main XECIterative 10000 20000
* @run main XECIterative 20000 30000
* @run main XECIterative 30000 40000
* @run main XECIterative 40000 50000
* @run main XECIterative 50000 60000
* @run main XECIterative 60000 70000
* @run main XECIterative 70000 80000
* @run main XECIterative 80000 90000
* @run main XECIterative 90000 100000
*/
import sun.security.ec.*;
import java.io.*;
import java.util.*;
import jdk.test.lib.Convert;
/*
* This test is derived from the iterative test in RFC 7748. To produce the
* test vectors, the implementation ran for 1,000,000 iterations and saved
* values of k and u at periodic checkpoints. The RFC includes the correct
* value of k after 1,000,000 iterations, and this value was used to ensure
* that the test vectors are correct. This test has multiple @run tags so that
* no single run takes too long.
*/
public class XECIterative {
private static class KU {
public byte[] k;
public byte[] u;
}
public static void main(String[] args) throws IOException {
long start = Long.parseLong(args[0]);
long end = Long.parseLong(args[1]);
XECIterative m = new XECIterative();
m.runIterativeTest("X25519", start, end);
m.runIterativeTest("X448", start, end);
}
private void runIterativeTest(String opName, long start, long end)
throws IOException {
XECParameters settings = XECParameters.getByName(opName).get();
XECOperations ops = new XECOperations(settings);
File vectorFile = new File(System.getProperty("test.src", "."),
opName + ".iter");
Map<Long, KU> testIters = new HashMap<Long, KU>();
BufferedReader in = new BufferedReader(new FileReader(vectorFile));
String line;
while ((line = in.readLine()) != null) {
StringTokenizer tok = new StringTokenizer(line, ",");
long iter = Long.parseLong(tok.nextToken());
String kOrU = tok.nextToken();
byte[] value = Convert.hexStringToByteArray(tok.nextToken());
KU entry = testIters.get(iter);
if (entry == null) {
entry = new KU();
testIters.put(iter, entry);
}
if (kOrU.equals("k")) {
entry.k = value;
} else {
entry.u = value;
}
}
KU startEntry = testIters.get(start);
byte[] k = startEntry.k.clone();
byte[] u = startEntry.u.clone();
for (long i = start; i <= end; i++) {
KU curEntry;
if (i % 1000 == 0 && (curEntry = testIters.get(i)) != null) {
if (!Arrays.equals(k, curEntry.k)) {
throw new RuntimeException("At iter " + i + ": expected k: "
+ Convert.byteArrayToHexString(curEntry.k)
+ ", computed k: " + Convert.byteArrayToHexString(k));
}
if (!Arrays.equals(u, curEntry.u)) {
throw new RuntimeException("At iter " + i + ": expected u: "
+ Convert.byteArrayToHexString(curEntry.u)
+ ", computed u: " + Convert.byteArrayToHexString(u));
}
System.out.println(opName + " checkpoint passed at " + i);
}
byte[] k_copy = Arrays.copyOf(k, k.length);
byte[] u_out = ops.encodedPointMultiply(k, u);
u = k_copy;
k = u_out;
}
}
}

85
test/lib/jdk/test/lib/Convert.java Normal file

@ -0,0 +1,85 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.test.lib;
import java.math.BigInteger;
/**
* Utility class containing conversions between strings, arrays, and numeric
* values.
*/
public class Convert {
// Convert from a byte array to a hexadecimal representation as a string.
public static String byteArrayToHexString(byte[] arr) {
StringBuilder result = new StringBuilder();
for (int i = 0; i < arr.length; ++i) {
byte curVal = arr[i];
result.append(Character.forDigit(curVal >> 4 & 0xF, 16));
result.append(Character.forDigit(curVal & 0xF, 16));
}
return result.toString();
}
// Expand a single byte to a byte array
public static byte[] byteToByteArray(byte v, int length) {
byte[] result = new byte[length];
result[0] = v;
return result;
}
// Convert a hexadecimal string to a byte array
public static byte[] hexStringToByteArray(String str) {
byte[] result = new byte[str.length() / 2];
for (int i = 0; i < result.length; i++) {
result[i] = (byte) Character.digit(str.charAt(2 * i), 16);
result[i] <<= 4;
result[i] += Character.digit(str.charAt(2 * i + 1), 16);
}
return result;
}
/*
* Convert a hexadecimal string to the corresponding little-ending number
* as a BigInteger. The clearHighBit argument determines whether the most
* significant bit of the highest byte should be set to 0 in the result.
*/
public static
BigInteger hexStringToBigInteger(boolean clearHighBit, String str) {
BigInteger result = BigInteger.ZERO;
for (int i = 0; i < str.length() / 2; i++) {
int curVal = Character.digit(str.charAt(2 * i), 16);
curVal <<= 4;
curVal += Character.digit(str.charAt(2 * i + 1), 16);
if (clearHighBit && i == str.length() / 2 - 1) {
curVal &= 0x7F;
}
result = result.add(BigInteger.valueOf(curVal).shiftLeft(8 * i));
}
return result;
}
}