diff options
author | Ade Lee <alee@redhat.com> | 2017-03-09 12:54:57 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-03-14 17:10:43 -0400 |
commit | 648361bac96996e76339b9390b8a8882dcde8ad7 (patch) | |
tree | 498bd346e4621e69030ee33e39cf934d725691cb /base/util | |
parent | 7e42ef2f63a73931610252db3e30b8a7357e4425 (diff) | |
download | pki-648361bac96996e76339b9390b8a8882dcde8ad7.tar.gz pki-648361bac96996e76339b9390b8a8882dcde8ad7.tar.xz pki-648361bac96996e76339b9390b8a8882dcde8ad7.zip |
Continue to move more crypto into CryptoUtil
Change-Id: I6024ca5a32769b460d578dfad46598432381784c
Diffstat (limited to 'base/util')
-rw-r--r-- | base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 60 |
1 files changed, 48 insertions, 12 deletions
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index f98dcc80b..de1ac442c 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -1991,30 +1991,22 @@ public class CryptoUtil { PublicKey pubkey, byte[] data) throws InvalidBERException, Exception { ByteArrayInputStream in = new ByteArrayInputStream(data); - PKIArchiveOptions options = (PKIArchiveOptions) - (new PKIArchiveOptions.Template()).decode(in); + PKIArchiveOptions options = (PKIArchiveOptions) (new PKIArchiveOptions.Template()).decode(in); EncryptedKey encKey = options.getEncryptedKey(); EncryptedValue encVal = encKey.getEncryptedValue(); AlgorithmIdentifier algId = encVal.getSymmAlg(); BIT_STRING encSymKey = encVal.getEncSymmKey(); BIT_STRING encPrivKey = encVal.getEncValue(); - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); - wrapper.initUnwrap(unwrappingKey, null); - SymmetricKey sk = wrapper.unwrapSymmetric( - encSymKey.getBits(), SymmetricKey.Type.DES3, 0); + SymmetricKey sk = unwrap(token, SymmetricKey.Type.DES3, 0, null, unwrappingKey, encSymKey.getBits(), + KeyWrapAlgorithm.RSA); ASN1Value v = algId.getParameters(); v = ((ANY) v).decodeWith(new OCTET_STRING.Template()); byte iv[] = ((OCTET_STRING) v).toByteArray(); IVParameterSpec ivps = new IVParameterSpec(iv); - wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - wrapper.initUnwrap(sk, ivps); - PrivateKey.Type keyType = pubkey.getAlgorithm().equals("EC") - ? PrivateKey.Type.EC - : PrivateKey.Type.RSA; - return wrapper.unwrapPrivate(encPrivKey.getBits(), keyType, pubkey); + return unwrap(token, pubkey, false, sk, encPrivKey.getBits(), KeyWrapAlgorithm.DES3_CBC_PAD, ivps); } public static boolean sharedSecretExists(String nickname) throws NotInitializedException, TokenException { @@ -2210,6 +2202,50 @@ public class CryptoUtil { rsaWrap.initWrap(wrappingKey, null); return rsaWrap.wrap(data); } + + public static SymmetricKey unwrap(CryptoToken token, SymmetricKey.Type keyType, + int strength, SymmetricKey.Usage usage, SymmetricKey wrappingKey, byte[] wrappedData, + KeyWrapAlgorithm wrapAlgorithm, IVParameterSpec wrappingIV) throws Exception { + KeyWrapper wrapper = token.getKeyWrapper(wrapAlgorithm); + wrapper.initUnwrap(wrappingKey, wrappingIV); + return wrapper.unwrapSymmetric(wrappedData, keyType, usage, strength); + } + + public static SymmetricKey unwrap(CryptoToken token, SymmetricKey.Type keyType, + int strength, SymmetricKey.Usage usage, PrivateKey wrappingKey, byte[] wrappedData, + KeyWrapAlgorithm wrapAlgorithm) throws Exception { + KeyWrapper keyWrapper = token.getKeyWrapper(wrapAlgorithm); + keyWrapper.initUnwrap(wrappingKey, null); + + return keyWrapper.unwrapSymmetric(wrappedData, keyType, usage, strength); + } + + public static PrivateKey unwrap(CryptoToken token, PublicKey pubKey, boolean temporary, + SymmetricKey wrappingKey, byte[] wrappedData, KeyWrapAlgorithm wrapAlgorithm, IVParameterSpec wrapIV) + throws Exception { + KeyWrapper wrapper = token.getKeyWrapper(wrapAlgorithm); + wrapper.initUnwrap(wrappingKey, wrapIV); + + // Get the key type for unwrapping the private key. + PrivateKey.Type keyType = null; + if (pubKey.getAlgorithm().equalsIgnoreCase("RSA")) { + keyType = PrivateKey.RSA; + } else if (pubKey.getAlgorithm().equalsIgnoreCase("DSA")) { + keyType = PrivateKey.DSA; + } else if (pubKey.getAlgorithm().equalsIgnoreCase("EC")) { + keyType = PrivateKey.EC; + } + + PrivateKey pk = null; + if (temporary) { + pk = wrapper.unwrapTemporaryPrivate(wrappedData, + keyType, pubKey); + } else { + pk = wrapper.unwrapPrivate(wrappedData, + keyType, pubKey); + } + return pk; + } } // START ENABLE_ECC |