blob: 9690a89ae334b1ae6350b4b869af97aebdddebd6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.google.security.cryptauth.lib.securegcm;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.security.cryptauth.lib.securemessage.PublicKeyProtoUtil;
import com.google.security.cryptauth.lib.securemessage.SecureMessageProto.GenericPublicKey;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.spec.SecretKeySpec;
/**
* Utility class for encoding and parsing keys used by SecureGcm.
*/
public class KeyEncoding {
private KeyEncoding() {} // Do not instantiate
private static boolean simulateLegacyCryptoRequired = false;
/**
* The JCA algorithm name to use when encoding/decoding symmetric keys.
*/
static final String SYMMETRIC_KEY_ENCODING_ALG = "AES";
public static byte[] encodeMasterKey(SecretKey masterKey) {
return masterKey.getEncoded();
}
public static SecretKey parseMasterKey(byte[] encodedMasterKey) {
return new SecretKeySpec(encodedMasterKey, SYMMETRIC_KEY_ENCODING_ALG);
}
public static byte[] encodeUserPublicKey(PublicKey pk) {
return encodePublicKey(pk);
}
public static byte[] encodeUserPrivateKey(PrivateKey sk) {
return sk.getEncoded();
}
public static PrivateKey parseUserPrivateKey(byte[] encodedPrivateKey, boolean isLegacy)
throws InvalidKeySpecException {
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);
if (isLegacy) {
return getRsaKeyFactory().generatePrivate(keySpec);
}
return getEcKeyFactory().generatePrivate(keySpec);
}
public static PublicKey parseUserPublicKey(byte[] keyBytes) throws InvalidKeySpecException {
return parsePublicKey(keyBytes);
}
public static byte[] encodeKeyAgreementPublicKey(PublicKey pk) {
return encodePublicKey(pk);
}
public static PublicKey parseKeyAgreementPublicKey(byte[] keyBytes)
throws InvalidKeySpecException {
return parsePublicKey(keyBytes);
}
public static byte[] encodeKeyAgreementPrivateKey(PrivateKey sk) {
if (isLegacyPrivateKey(sk)) {
return PublicKeyProtoUtil.encodeDh2048PrivateKey((DHPrivateKey) sk);
}
return sk.getEncoded();
}
public static PrivateKey parseKeyAgreementPrivateKey(byte[] keyBytes, boolean isLegacy)
throws InvalidKeySpecException {
if (isLegacy) {
return PublicKeyProtoUtil.parseDh2048PrivateKey(keyBytes);
}
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
return getEcKeyFactory().generatePrivate(keySpec);
}
public static byte[] encodeSigningPublicKey(PublicKey pk) {
return encodePublicKey(pk);
}
public static PublicKey parseSigningPublicKey(byte[] keyBytes) throws InvalidKeySpecException {
return parsePublicKey(keyBytes);
}
public static byte[] encodeSigningPrivateKey(PrivateKey sk) {
return sk.getEncoded();
}
public static PrivateKey parseSigningPrivateKey(byte[] keyBytes) throws InvalidKeySpecException {
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
return getEcKeyFactory().generatePrivate(keySpec);
}
public static boolean isLegacyPublicKey(PublicKey pk) {
if (pk instanceof ECPublicKey) {
return false;
}
return true;
}
public static boolean isLegacyPrivateKey(PrivateKey sk) {
if (sk instanceof ECPrivateKey) {
return false;
}
return true;
}
public static boolean isLegacyCryptoRequired() {
return PublicKeyProtoUtil.isLegacyCryptoRequired() || simulateLegacyCryptoRequired;
}
/**
* When testing, use this to force {@link #isLegacyCryptoRequired()} to return {@code true}
*/
// @VisibleForTesting
public static void setSimulateLegacyCrypto(boolean forceLegacy) {
simulateLegacyCryptoRequired = forceLegacy;
}
private static byte[] encodePublicKey(PublicKey pk) {
return PublicKeyProtoUtil.encodePublicKey(pk).toByteArray();
}
private static PublicKey parsePublicKey(byte[] keyBytes) throws InvalidKeySpecException {
try {
return PublicKeyProtoUtil.parsePublicKey(GenericPublicKey.parseFrom(keyBytes));
} catch (InvalidProtocolBufferException e) {
throw new InvalidKeySpecException("Unable to parse GenericPublicKey", e);
} catch (IllegalArgumentException e) {
throw new InvalidKeySpecException("Unable to parse GenericPublicKey", e);
}
}
static KeyFactory getEcKeyFactory() {
try {
return KeyFactory.getInstance("EC");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e); // No ECDH provider available
}
}
static KeyFactory getRsaKeyFactory() {
try {
return KeyFactory.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e); // No RSA provider available
}
}
}
|
