forked from eclipse-biscuit/biscuit-java
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSECP256R1KeyPair.java
More file actions
123 lines (101 loc) · 4.31 KB
/
SECP256R1KeyPair.java
File metadata and controls
123 lines (101 loc) · 4.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/*
* Copyright (c) 2019 Geoffroy Couprie <contact@geoffroycouprie.com> and Contributors to the Eclipse Foundation.
* SPDX-License-Identifier: Apache-2.0
*/
package org.eclipse.biscuit.crypto;
import java.io.IOException;
import java.security.SecureRandom;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
import org.bouncycastle.crypto.signers.StandardDSAEncoding;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.BigIntegers;
import org.eclipse.biscuit.error.Error;
import org.eclipse.biscuit.token.builder.Utils;
@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
final class SECP256R1KeyPair extends KeyPair {
static final int MINIMUM_SIGNATURE_LENGTH = 68;
static final int MAXIMUM_SIGNATURE_LENGTH = 72;
private static final int BUFFER_SIZE = 32;
private final BCECPrivateKey privateKey;
private final BCECPublicKey publicKey;
private final boolean deterministicNonce;
static final String ALGORITHM = "ECDSA";
static final String CURVE = "secp256r1";
static final ECNamedCurveParameterSpec SECP256R1 = ECNamedCurveTable.getParameterSpec(CURVE);
SECP256R1KeyPair(byte[] bytes, boolean deterministicNonce)
throws Error.FormatError.InvalidKeySize {
this.deterministicNonce = deterministicNonce;
if (bytes.length != BUFFER_SIZE) {
throw new Error.FormatError.InvalidKeySize(bytes.length);
}
var privateKeySpec = new ECPrivateKeySpec(BigIntegers.fromUnsignedByteArray(bytes), SECP256R1);
var privateKey =
new BCECPrivateKey(ALGORITHM, privateKeySpec, BouncyCastleProvider.CONFIGURATION);
var publicKeySpec =
new ECPublicKeySpec(SECP256R1.getG().multiply(privateKeySpec.getD()), SECP256R1);
var publicKey = new BCECPublicKey(ALGORITHM, publicKeySpec, BouncyCastleProvider.CONFIGURATION);
this.privateKey = privateKey;
this.publicKey = publicKey;
}
SECP256R1KeyPair(SecureRandom rng, boolean deterministicNonce) {
this.deterministicNonce = deterministicNonce;
byte[] bytes = new byte[BUFFER_SIZE];
rng.nextBytes(bytes);
var privateKeySpec = new ECPrivateKeySpec(BigIntegers.fromUnsignedByteArray(bytes), SECP256R1);
var privateKey =
new BCECPrivateKey(ALGORITHM, privateKeySpec, BouncyCastleProvider.CONFIGURATION);
var publicKeySpec =
new ECPublicKeySpec(SECP256R1.getG().multiply(privateKeySpec.getD()), SECP256R1);
var publicKey = new BCECPublicKey(ALGORITHM, publicKeySpec, BouncyCastleProvider.CONFIGURATION);
this.privateKey = privateKey;
this.publicKey = publicKey;
}
/// By default sign message digests with a deterministic k
/// computed using the algorithm described in [RFC6979 § 3.2].
///
/// [RFC6979 § 3.2]: https://tools.ietf.org/html/rfc6979#section-3
///
/// Although deterministic ECDSA signing is typically slower than
/// signing with an RNG, it prevents accidental nonce-reuse due to
/// a weak RNG.
@Override
public byte[] sign(byte[] data) {
var digest = new SHA256Digest();
digest.update(data, 0, data.length);
var hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
ECDSASigner signer;
if (deterministicNonce) {
signer = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
} else {
signer = new ECDSASigner();
}
signer.init(true, privateKey.engineGetKeyParameters());
var sig = signer.generateSignature(hash);
try {
return StandardDSAEncoding.INSTANCE.encode(signer.getOrder(), sig[0], sig[1]);
} catch (IOException e) {
throw new IllegalStateException(e.toString());
}
}
@Override
public byte[] toBytes() {
return BigIntegers.asUnsignedByteArray(BUFFER_SIZE, privateKey.getD());
}
@Override
public String toHex() {
return Utils.byteArrayToHexString(toBytes());
}
@Override
public PublicKey getPublicKey() {
return new SECP256R1PublicKey(this.publicKey);
}
}