public class Util
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
static int |
ENC_MODE
Deprecated.
Mode for KDF.
|
static int |
MAC_MODE
Deprecated.
Mode for KDF.
|
static int |
PACE_MODE
Deprecated.
Mode for KDF.
|
Modifier and Type | Method and Description |
---|---|
static byte[] |
alignKeyDataToSize(byte[] keyData,
int size)
Deprecated.
|
static java.math.BigInteger |
computeAffineY(java.math.BigInteger affineX,
java.security.spec.ECParameterSpec params)
Deprecated.
This just solves the curve equation for y.
|
static byte[] |
computeKeySeed(java.lang.String documentNumber,
java.lang.String dateOfBirth,
java.lang.String dateOfExpiry,
java.lang.String digestAlg,
boolean doTruncate)
Deprecated.
Computes the static key seed, based on information from the MRZ.
|
static byte[] |
computeKeySeedForBAC(java.lang.String documentNumber,
java.lang.String dateOfBirth,
java.lang.String dateOfExpiry)
Deprecated.
Computes the static key seed to be used in BAC KDF, based on information from the MRZ.
|
static byte[] |
computeKeySeedForPACE(java.lang.String documentNumber,
java.lang.String dateOfBirth,
java.lang.String dateOfExpiry)
Deprecated.
Computes the static key seed to be used in PACE KDF, based on information from the MRZ.
|
static long |
computeSendSequenceCounter(byte[] rndICC,
byte[] rndIFD)
Deprecated.
|
static java.security.PublicKey |
decodePublicKeyFromSmartCard(byte[] encodedPublicKey,
java.security.spec.AlgorithmParameterSpec params)
Deprecated.
|
static javax.crypto.SecretKey |
deriveKey(byte[] keySeed,
int mode)
Deprecated.
Derives the ENC or MAC key for BAC from the keySeed.
|
static javax.crypto.SecretKey |
deriveKey(byte[] keySeed,
java.lang.String cipherAlg,
int keyLength,
byte[] nonce,
int counter)
Deprecated.
Derives a shared key.
|
static javax.crypto.SecretKey |
deriveKey(byte[] keySeed,
java.lang.String cipherAlgName,
int keyLength,
int mode)
Deprecated.
Derives the ENC or MAC key for BAC or PACE
|
static byte[] |
encodePublicKeyDataObject(java.lang.String oid,
java.security.PublicKey publicKey)
Deprecated.
Based on TR-SAC 1.01 4.5.1 and 4.5.2.
|
static byte[] |
encodePublicKeyDataObject(java.lang.String oid,
java.security.PublicKey publicKey,
boolean isContextKnown)
Deprecated.
Based on TR-SAC 1.01 4.5.1 and 4.5.2.
|
static byte[] |
encodePublicKeyForSmartCard(java.security.PublicKey publicKey)
Deprecated.
Write uncompressed coordinates (for EC) or public value (DH).
|
static byte[] |
generateAuthenticationToken(java.lang.String oid,
javax.crypto.SecretKey macKey,
java.security.PublicKey publicKey)
Deprecated.
The authentication token SHALL be computed over a public key data object (cf.
|
static java.lang.String |
getCurveName(java.security.spec.ECParameterSpec params)
Deprecated.
Gets the curve name if known (or null).
|
static java.lang.String |
getDetailedPublicKeyAlgorithm(java.security.PublicKey publicKey)
Deprecated.
The public key algorithm (like RSA or) with some extra information (like 1024 bits).
|
static java.math.BigInteger |
getPrime(java.security.spec.AlgorithmParameterSpec params)
Deprecated.
|
static byte[] |
getRawECDSASignature(byte[] signedData,
int keySize)
Deprecated.
For ECDSA the EAC 1.11 specification requires the signature to be stripped down from any ASN.1 wrappers, as so.
|
static byte[] |
i2os(java.math.BigInteger val)
Deprecated.
Converts an integer to an octet string.
|
static byte[] |
i2os(java.math.BigInteger val,
int length)
Deprecated.
Converts an integer to an octet string.
|
static java.lang.String |
inferDigestAlgorithmFromCipherAlgorithmForKeyDerivation(java.lang.String cipherAlg,
int keyLength)
Deprecated.
|
static java.lang.String |
inferDigestAlgorithmFromSignatureAlgorithm(java.lang.String signatureAlgorithm)
Deprecated.
Infers a digest algorithm mnemonic from a signature algorithm mnemonic.
|
static java.lang.String |
inferKeyAgreementAlgorithm(java.security.PublicKey publicKey)
Deprecated.
|
static java.lang.String |
inferMacAlgorithmFromCipherAlgorithm(java.lang.String cipherAlg)
Deprecated.
|
static java.lang.String |
inferProtocolIdentifier(java.security.PublicKey publicKey)
Deprecated.
Infer an EAC object identifier for an EC or DH public key.
|
static boolean |
isValid(java.security.spec.ECPoint ecPoint,
java.security.spec.ECParameterSpec params)
Deprecated.
|
static java.security.spec.AlgorithmParameterSpec |
mapNonceGM(byte[] nonceS,
byte[] sharedSecretH,
java.security.spec.AlgorithmParameterSpec params)
Deprecated.
|
static java.security.spec.AlgorithmParameterSpec |
mapNonceIM(byte[] nonceS,
byte[] nonceT,
byte[] sharedSecretH,
java.security.spec.AlgorithmParameterSpec params)
Deprecated.
|
static java.security.spec.ECPoint |
multiply(java.math.BigInteger s,
java.security.spec.ECPoint point,
java.security.spec.ECParameterSpec params)
Deprecated.
|
static java.security.spec.ECPoint |
normalize(java.security.spec.ECPoint ecPoint,
java.security.spec.ECParameterSpec params)
Deprecated.
|
static java.math.BigInteger |
os2fe(byte[] bytes,
java.math.BigInteger p)
Deprecated.
Convert an octet string to field element via OS2FE as specified in BSI TR-03111.
|
static java.math.BigInteger |
os2i(byte[] bytes)
Deprecated.
Converts an octet string to an integer.
|
static java.math.BigInteger |
os2i(byte[] bytes,
int offset,
int length)
Deprecated.
Converts an octet string to an integer.
|
static byte[] |
padWithCAN(byte[] in,
int blockSize)
Deprecated.
|
static byte[] |
padWithCAN(byte[] in,
int offset,
int length,
int blockSize)
Deprecated.
|
static byte[] |
padWithMRZ(byte[] in)
Deprecated.
Pads the input
in according to ISO9797-1 padding method 2. |
static byte[] |
padWithMRZ(byte[] in,
int offset,
int length)
Deprecated.
|
static byte[] |
publicKeyECPointToOS(java.security.spec.ECPoint point)
Deprecated.
Encode an EC public key point.
|
static java.security.PublicKey |
reconstructPublicKey(java.security.PublicKey publicKey)
Deprecated.
Reconstructs the public key to use explicit domain params for EC public keys
|
static byte[] |
recoverMessage(int digestLength,
byte[] plaintext)
Deprecated.
Recovers the M1 part of the message sent back by the AA protocol
(INTERNAL AUTHENTICATE command).
|
static org.bouncycastle.jce.spec.ECNamedCurveSpec |
toECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec namedParamSpec)
Deprecated.
Translates internal BC named curve spec to BC provided JCA compliant named curve spec.
|
static javax.crypto.spec.DHParameterSpec |
toExplicitDHParameterSpec(org.bouncycastle.crypto.params.DHParameters params)
Deprecated.
|
static java.security.spec.ECParameterSpec |
toExplicitECParameterSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec parameterSpec)
Deprecated.
|
static java.security.spec.ECParameterSpec |
toExplicitECParameterSpec(java.security.spec.ECParameterSpec params)
Deprecated.
Translates (named) curve spec to JCA compliant explicit param spec.
|
static java.security.PublicKey |
toPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
Deprecated.
|
static org.bouncycastle.asn1.x509.SubjectPublicKeyInfo |
toSubjectPublicKeyInfo(java.security.PublicKey publicKey)
Deprecated.
|
static byte[] |
unpad(byte[] in)
Deprecated.
|
static byte[] |
unwrapDO(byte expectedTag,
byte[] wrappedData)
Deprecated.
|
static byte[] |
wrapDO(byte tag,
byte[] data)
Deprecated.
|
public static final int ENC_MODE
public static final int MAC_MODE
public static final int PACE_MODE
public static javax.crypto.SecretKey deriveKey(byte[] keySeed, int mode) throws java.security.GeneralSecurityException
keySeed
- the key seed.mode
- either ENC_MODE
or MAC_MODE
java.security.GeneralSecurityException
- on security errorpublic static javax.crypto.SecretKey deriveKey(byte[] keySeed, java.lang.String cipherAlgName, int keyLength, int mode) throws java.security.GeneralSecurityException
keySeed
- the key seed.cipherAlgName
- either AES or DESedekeyLength
- key length in bitsmode
- either ENC_MODE
or MAC_MODE
java.security.GeneralSecurityException
- on security errorpublic static javax.crypto.SecretKey deriveKey(byte[] keySeed, java.lang.String cipherAlg, int keyLength, byte[] nonce, int counter) throws java.security.GeneralSecurityException
keySeed
- the shared secret, as octetscipherAlg
- in Java mnemonic notation (for example "DESede", "AES")keyLength
- length in bitsnonce
- optional nonce or null
counter
- counter or modejava.security.GeneralSecurityException
- if something went wrongpublic static byte[] computeKeySeedForBAC(java.lang.String documentNumber, java.lang.String dateOfBirth, java.lang.String dateOfExpiry) throws java.security.GeneralSecurityException
documentNumber
- a string containing the document numberdateOfBirth
- a string containing the date of birth (YYMMDD)dateOfExpiry
- a string containing the date of expiry (YYMMDD)java.security.GeneralSecurityException
- on security errorpublic static byte[] computeKeySeedForPACE(java.lang.String documentNumber, java.lang.String dateOfBirth, java.lang.String dateOfExpiry) throws java.security.GeneralSecurityException
documentNumber
- a string containing the document numberdateOfBirth
- a string containing the date of birth (YYMMDD)dateOfExpiry
- a string containing the date of expiry (YYMMDD)java.security.GeneralSecurityException
- on security errorpublic static byte[] computeKeySeed(java.lang.String documentNumber, java.lang.String dateOfBirth, java.lang.String dateOfExpiry, java.lang.String digestAlg, boolean doTruncate) throws java.security.GeneralSecurityException
documentNumber
- a string containing the document numberdateOfBirth
- a string containing the date of birth (YYMMDD)dateOfExpiry
- a string containing the date of expiry (YYMMDD)digestAlg
- a Java mnemonic algorithm string to indicate the digest algorithm (typically SHA-1)doTruncate
- whether to truncate the resulting output to 16 bytesjava.security.GeneralSecurityException
- on security errorpublic static byte[] padWithMRZ(byte[] in)
in
according to ISO9797-1 padding method 2.in
- inputpublic static byte[] padWithCAN(byte[] in, int blockSize)
public static byte[] padWithMRZ(byte[] in, int offset, int length)
public static byte[] padWithCAN(byte[] in, int offset, int length, int blockSize)
public static long computeSendSequenceCounter(byte[] rndICC, byte[] rndIFD)
public static byte[] unpad(byte[] in) throws javax.crypto.BadPaddingException
javax.crypto.BadPaddingException
public static byte[] recoverMessage(int digestLength, byte[] plaintext)
digestLength
- should be 20plaintext
- response from card, already 'decrypted' (using the
AA public key)public static byte[] getRawECDSASignature(byte[] signedData, int keySize) throws java.io.IOException
signedData
- signed datakeySize
- key sizejava.io.IOException
- on errorpublic static byte[] alignKeyDataToSize(byte[] keyData, int size)
public static byte[] i2os(java.math.BigInteger val, int length)
val
- positive integerlength
- lengthpublic static byte[] i2os(java.math.BigInteger val)
val
- positive integerpublic static java.math.BigInteger os2i(byte[] bytes)
bytes
- octet stringpublic static java.math.BigInteger os2i(byte[] bytes, int offset, int length)
bytes
- octet stringoffset
- offset of octet stringlength
- length of octet stringpublic static java.math.BigInteger os2fe(byte[] bytes, java.math.BigInteger p)
bytes
- octet stringp
- moduluspublic static byte[] publicKeyECPointToOS(java.security.spec.ECPoint point)
0x04
(without a length).point
- public key pointpublic static java.lang.String inferDigestAlgorithmFromSignatureAlgorithm(java.lang.String signatureAlgorithm)
signatureAlgorithm
- a signature algorithmpublic static java.lang.String inferDigestAlgorithmFromCipherAlgorithmForKeyDerivation(java.lang.String cipherAlg, int keyLength)
public static javax.crypto.spec.DHParameterSpec toExplicitDHParameterSpec(org.bouncycastle.crypto.params.DHParameters params)
public static java.lang.String getDetailedPublicKeyAlgorithm(java.security.PublicKey publicKey)
publicKey
- a public keypublic static java.lang.String getCurveName(java.security.spec.ECParameterSpec params)
params
- an specification of the curvepublic static java.security.spec.ECParameterSpec toExplicitECParameterSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec parameterSpec)
public static java.security.spec.ECParameterSpec toExplicitECParameterSpec(java.security.spec.ECParameterSpec params)
params
- an EC parameter spec, possibly namedpublic static org.bouncycastle.jce.spec.ECNamedCurveSpec toECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec namedParamSpec)
namedParamSpec
- a named EC parameter specpublic static org.bouncycastle.asn1.x509.SubjectPublicKeyInfo toSubjectPublicKeyInfo(java.security.PublicKey publicKey)
public static java.security.PublicKey toPublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
public static java.security.PublicKey reconstructPublicKey(java.security.PublicKey publicKey)
publicKey
- the public keypublic static byte[] encodePublicKeyDataObject(java.lang.String oid, java.security.PublicKey publicKey) throws java.security.InvalidKeyException
oid
- object identifierpublicKey
- public keyjava.security.InvalidKeyException
- when public key is not DH or ECpublic static byte[] encodePublicKeyDataObject(java.lang.String oid, java.security.PublicKey publicKey, boolean isContextKnown) throws java.security.InvalidKeyException
oid
- object identifierpublicKey
- public keyisContextKnown
- whether context of public key is known to receiver (we will not include domain parameters in that case).java.security.InvalidKeyException
- when public key is not DH or ECpublic static byte[] encodePublicKeyForSmartCard(java.security.PublicKey publicKey) throws java.security.InvalidKeyException
publicKey
- public keyjava.security.InvalidKeyException
- if the key type is not EC or DHpublic static java.security.PublicKey decodePublicKeyFromSmartCard(byte[] encodedPublicKey, java.security.spec.AlgorithmParameterSpec params)
public static java.lang.String inferMacAlgorithmFromCipherAlgorithm(java.lang.String cipherAlg) throws java.security.InvalidAlgorithmParameterException
java.security.InvalidAlgorithmParameterException
public static byte[] generateAuthenticationToken(java.lang.String oid, javax.crypto.SecretKey macKey, java.security.PublicKey publicKey) throws java.security.GeneralSecurityException
oid
- the object identifier as indicated in MSE Set ATmacKey
- the KS MAC key derived from the key agreementpublicKey
- the received public keyjava.security.GeneralSecurityException
- on error while performing the MAC operationpublic static java.lang.String inferProtocolIdentifier(java.security.PublicKey publicKey)
publicKey
- a public keypublic static java.security.spec.AlgorithmParameterSpec mapNonceGM(byte[] nonceS, byte[] sharedSecretH, java.security.spec.AlgorithmParameterSpec params)
public static java.security.spec.AlgorithmParameterSpec mapNonceIM(byte[] nonceS, byte[] nonceT, byte[] sharedSecretH, java.security.spec.AlgorithmParameterSpec params)
public static java.security.spec.ECPoint multiply(java.math.BigInteger s, java.security.spec.ECPoint point, java.security.spec.ECParameterSpec params)
public static java.math.BigInteger getPrime(java.security.spec.AlgorithmParameterSpec params)
public static byte[] wrapDO(byte tag, byte[] data)
public static byte[] unwrapDO(byte expectedTag, byte[] wrappedData)
public static java.lang.String inferKeyAgreementAlgorithm(java.security.PublicKey publicKey)
public static java.math.BigInteger computeAffineY(java.math.BigInteger affineX, java.security.spec.ECParameterSpec params)
affineX
- the x coord of a point on the curveparams
- EC parameters for curve over Fppublic static boolean isValid(java.security.spec.ECPoint ecPoint, java.security.spec.ECParameterSpec params)
public static java.security.spec.ECPoint normalize(java.security.spec.ECPoint ecPoint, java.security.spec.ECParameterSpec params)