public static NamedGroup fromJavaName(String name) { if (name.equals("prime256v1")) { return SECP256R1; } for (NamedGroup group : values()) { if (group.getJavaName().equals(name)) { return group; } } return null; }
public static byte[] createX25519KeyShare(NamedGroup group, BigInteger privateKey) { if (!group.isCurve() || group.isStandardCurve()) { throw new IllegalArgumentException( "Cannot create ClassicEcPublicKey for group which is not a classic curve:" + group.name()); } byte[] privateKeyBytes; if (privateKey.toByteArray().length != 32) { LOGGER.warn("ECDH_25519 private Key is not 32 byte - using as much as possible and padding the rest with Zeros."); privateKeyBytes = Arrays.copyOf(privateKey.toByteArray(), 32); } else { privateKeyBytes = privateKey.toByteArray(); } LOGGER.debug("Clamping private key"); Curve25519.clamp(privateKeyBytes); byte[] publicKey = new byte[32]; Curve25519.keygen(publicKey, null, privateKeyBytes); return publicKey; }
/** * Converts named curves into BC style notation * * @param namedGroups * The NamedCurves to convert * @return int[] of the NamedCurves in BC Style */ public static int[] convertNamedCurves(NamedGroup[] namedGroups) { if (namedGroups == null || namedGroups.length == 0) { return new int[0]; } int[] nc = new int[namedGroups.length]; for (int i = 0; i < namedGroups.length; i++) { nc[i] = namedGroups[i].getIntValue(); } return nc; }
public boolean isGost() { return name().contains("GOST"); } }
public static ECPoint createClassicEcPoint(NamedGroup group, BigInteger privateKey) { if (!group.isStandardCurve()) { throw new IllegalArgumentException( "Cannot create ClassicEcPublicKey for group which is not a classic curve:" + group.name()); } ECDomainParameters ecDomainParameters = generateEcParameters(group); ECPoint ecPoint = ecDomainParameters.getG().multiply(privateKey); ecPoint = ecPoint.normalize(); return ecPoint; }
@Override public ECParameterSpec getParams() { try { AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC"); parameters.init(new ECGenParameterSpec(group.getJavaName())); ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class); return ecParameters; } catch (NoSuchAlgorithmException | InvalidParameterSpecException ex) { throw new UnsupportedOperationException("Could not generate ECParameterSpec", ex); } }
protected static ECDomainParameters generateEcParameters(NamedGroup group) { InputStream is = new ByteArrayInputStream(ArrayConverter.concatenate( new byte[] { EllipticCurveType.NAMED_CURVE.getValue() }, group.getValue())); try { return ECCUtilsBCWrapper.readECParameters(group, ECPointFormat.UNCOMPRESSED, is); } catch (IOException ex) { throw new PreparationException("Failed to generate EC domain parameters", ex); } }
protected void prepareNamedGroup(T msg) { NamedGroup[] groups; try { groups = NamedGroup.namedGroupsFromByteArray(msg.getComputations().getNamedGroupList().getValue()); } catch (IOException | ClassNotFoundException ex) { LOGGER.warn("Could not get named groups from ByteArray"); groups = new NamedGroup[] { chooser.getConfig().getDefaultSelectedNamedGroup() }; } msg.setNamedGroup(groups[0].getValue()); }
@Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("PskEcDheServerKeyExchangeMessage:"); sb.append("\n Curve Type: "); if (this.curveType != null && this.curveType.getValue() != null) { sb.append(EllipticCurveType.getCurveType(this.curveType.getValue())); } else { sb.append("null"); } sb.append("\n Named Group: "); if (namedGroup != null && namedGroup.getValue() != null) { sb.append(NamedGroup.getNamedGroup(this.namedGroup.getValue())); } else { sb.append("null"); } sb.append("\n Public Key: "); if (getPublicKey() != null) { sb.append(ArrayConverter.bytesToHexString(getPublicKey().getValue())); } else { sb.append("null"); } return sb.toString(); }
private NamedGroup getPublicNamedGroup(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } if (!(publicKey instanceof CustomEcPublicKey)) { return null; } try { X509CertificateObject obj = new X509CertificateObject(cert.getCertificateAt(0)); if (obj.getPublicKey() instanceof BCECGOST3410PublicKey) { return NamedGroup.GOST3410; } if (obj.getPublicKey() instanceof BCECGOST3410_2012PublicKey) { return NamedGroup.GOST3410_2012; } BCECPublicKey ecKey = (BCECPublicKey) obj.getPublicKey(); ECNamedCurveSpec spec = (ECNamedCurveSpec) ecKey.getParams(); return NamedGroup.fromJavaName(spec.getName()); } catch (Exception ex) { LOGGER.warn("Could not determine EC public key group", ex); return null; } }
public boolean isStandardCurve() { return this.isCurve() && this != ECDH_X25519 && this != ECDH_X448; }
protected void generateNamedGroupList(T msg) { List<NamedGroup> sharedGroups = new ArrayList<>(chooser.getClientSupportedNamedGroups()); List<NamedGroup> unsupportedGroups = new ArrayList<>(); if (!chooser.getConfig().isEnforceSettings()) { List<NamedGroup> clientGroups = chooser.getServerSupportedNamedGroups(); for (NamedGroup c : sharedGroups) { if (!clientGroups.contains(c)) { unsupportedGroups.add(c); } } sharedGroups.removeAll(unsupportedGroups); if (sharedGroups.isEmpty()) { if (chooser.getConnectionEndType() == ConnectionEndType.CLIENT) { sharedGroups = new ArrayList<>(chooser.getConfig().getDefaultClientNamedGroups()); } else { sharedGroups = new ArrayList<>(chooser.getConfig().getDefaultServerNamedGroups()); } } } try { msg.getComputations().setNamedGroupList(NamedGroup.namedGroupsToByteArray(sharedGroups)); } catch (IOException ex) { throw new PreparationException("Couldn't set named groups in computations", ex); } }
public boolean isGrease() { return this.name().contains("GREASE"); }
public static CustomECPoint createClassicEcPublicKey(NamedGroup group, BigInteger privateKey) { if (!group.isStandardCurve()) { throw new IllegalArgumentException( "Cannot create ClassicEcPublicKey for group which is not a classic curve:" + group.name()); } ECDomainParameters ecDomainParameters = generateEcParameters(group); ECPoint ecPoint = ecDomainParameters.getG().multiply(privateKey); ecPoint = ecPoint.normalize(); if (ecPoint.isInfinity()) { // TODO ??? return new CustomECPoint(BigInteger.ZERO, BigInteger.ZERO); } return new CustomECPoint(ecPoint.getRawXCoord().toBigInteger(), ecPoint.getRawYCoord().toBigInteger()); }
@Override public ECParameterSpec getParams() { try { AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC"); parameters.init(new ECGenParameterSpec(group.getJavaName())); ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class); return ecParameters; } catch (NoSuchAlgorithmException | InvalidParameterSpecException ex) { throw new UnsupportedOperationException("Could not generate ECParameterSpec", ex); } }
private ECDomainParameters generateEcParameters() { NamedGroup[] groups = new NamedGroup[] { NamedGroup.SECP256R1 }; ECPointFormat[] formats = new ECPointFormat[] { ECPointFormat.UNCOMPRESSED }; InputStream is = new ByteArrayInputStream(ArrayConverter.concatenate( new byte[] { EllipticCurveType.NAMED_CURVE.getValue() }, NamedGroup.SECP256R1.getValue())); ECDomainParameters ecParams; try { ecParams = ECCUtilsBCWrapper.readECParameters(groups, formats, is); } catch (IOException ex) { throw new PreparationException("Failed to generate EC domain parameters", ex); } return ecParams; }
groups = NamedGroup.namedGroupsFromByteArray(msg.getComputations().getNamedGroupList().getValue()); } catch (IOException | ClassNotFoundException ex) { LOGGER.warn("Couldn't read list of named groups from computations.", ex); } catch (IOException ex) { is = new ByteArrayInputStream(ArrayConverter.concatenate( new byte[] { EllipticCurveType.NAMED_CURVE.getValue() }, groups[0].getValue())); try { ecParams = ECCUtilsBCWrapper.readECParameters(groups, formats, is);
@Override public void adjustTLSExtensionContext(EllipticCurvesExtensionMessage message) { byte[] groupBytes = message.getSupportedGroups().getValue(); if (groupBytes.length % NamedGroup.LENGTH != 0) { throw new AdjustmentException("Could not create resonable NamedGroups from groupBytes"); } List<NamedGroup> groupList = new LinkedList<>(); for (int i = 0; i < groupBytes.length; i += NamedGroup.LENGTH) { byte[] group = Arrays.copyOfRange(groupBytes, i, i + NamedGroup.LENGTH); NamedGroup namedGroup = NamedGroup.getNamedGroup(group); if (namedGroup == null) { LOGGER.warn("Unknown EllipticCruve:" + ArrayConverter.bytesToHexString(group)); } else { groupList.add(namedGroup); } } if (context.getTalkingConnectionEndType() == ConnectionEndType.CLIENT) { context.setClientNamedGroupsList(groupList); } else { context.setServerNamedGroupsList(groupList); } }
NamedGroup group = NamedGroup.fromJavaName(spec.getName()); if (group == null) { return null;