public final class Util extends Object
Modifier and Type | Field and Description |
---|---|
static int |
ENC_MODE
Mode for KDF.
|
static int |
MAC_MODE |
static int |
PACE_MODE |
static DHParameters |
RFC5114_1024_160
Deprecated.
Existence of a "hidden SNFS" backdoor cannot be ruled out. see https://eprint.iacr.org/2016/961.pdf
|
static DHParameters |
RFC5114_2048_224
Deprecated.
Existence of a "hidden SNFS" backdoor cannot be ruled out. see https://eprint.iacr.org/2016/961.pdf
|
static DHParameters |
RFC5114_2048_256
Deprecated.
Existence of a "hidden SNFS" backdoor cannot be ruled out. see https://eprint.iacr.org/2016/961.pdf
|
Modifier and Type | Method and Description |
---|---|
static ECPoint |
add(ECPoint x,
ECPoint y,
ECParameterSpec params)
Adds two EC points.
|
static byte[] |
alignKeyDataToSize(byte[] keyData,
int size)
Align the given key data.
|
static BigInteger |
computeAffineY(BigInteger affineX,
ECParameterSpec params)
This just solves the curve equation for y.
|
static byte[] |
computeKeySeed(String cardAccessNumber,
String digestAlg,
boolean doTruncate)
Computes the key seed from a card access number (CAN) to derive
secure messaging keys from.
|
static byte[] |
computeKeySeed(String documentNumber,
String dateOfBirth,
String dateOfExpiry,
String digestAlg,
boolean doTruncate)
Computes the static key seed, based on information from the MRZ.
|
static SecretKey |
deriveKey(byte[] keySeed,
int mode)
Derives the ENC or MAC key for BAC from the keySeed.
|
static SecretKey |
deriveKey(byte[] keySeed,
String cipherAlg,
int keyLength,
byte[] nonce,
int mode)
Derives a shared key.
|
static SecretKey |
deriveKey(byte[] keySeed,
String cipherAlg,
int keyLength,
byte[] nonce,
int mode,
byte paceKeyReference)
Derives a shared key.
|
static SecretKey |
deriveKey(byte[] keySeed,
String cipherAlgName,
int keyLength,
int mode)
Derives the ENC or MAC key for BAC or PACE.
|
static byte[] |
ecPoint2OS(ECPoint point,
int bitLength)
Encodes (using BSI encoding) an EC point (for use as public key value).
|
static ECPoint |
fromBouncyCastleECPoint(ECPoint point)
Convert a BC EC point to a JCA EC point.
|
static Provider |
getBouncyCastleProvider()
Returns the BC provider, if present.
|
static byte[] |
getBytes(String str)
Converts a string to bytes using UTF-8.
|
static CertificateFactory |
getCertificateFactory(String algorithm)
Returns a certificate factory object for the given certificate algorithm,
possibly using the BC provider explicitly if the configured JCA providers
cannot provide a certificate factory for the algorithm.
|
static Cipher |
getCipher(String algorithm)
Returns a cipher for the given encryption algorithm,
possibly using the BC provider explicitly if the
configured JCA providers cannot provide a cipher for the
algorithm.
|
static Cipher |
getCipher(String algorithm,
int mode,
Key key)
Returns a cipher for the given encryption algorithm and key,
possibly using the BC provider explicitly if the
configured JCA providers cannot provide a cipher for the
algorithm and key.
|
static String |
getCurveName(ECParameterSpec params)
Returns the curve name, if known, or
null . |
static String |
getDetailedPrivateKeyAlgorithm(PrivateKey privateKey)
Returns detailed algorithm information (including key length) about the given private key.
|
static String |
getDetailedPublicKeyAlgorithm(PublicKey publicKey)
Returns detailed information about the given public key (like RSA or) with some extra
information (like 1024 bits).
|
static KeyAgreement |
getKeyAgreement(String algorithm)
Returns a key agreement object for the given algorithm, possibly using
the BC provider explicitly if the configured JCA providers cannot provide
a key agreement for the algorithm.
|
static KeyPairGenerator |
getKeyPairGenerator(String algorithm)
Returns a key pair generator for the given algorithm, possibly using
the BC provider explicitly when the configured JCA providers cannot
provide a generator for the algorithm.
|
static Mac |
getMac(String algorithm)
Returns a MAC for the given algorithm, possibly using the
BC provider explicitly if the configured JCA providers cannot
provide a MAC for the algorithm.
|
static Mac |
getMac(String algorithm,
Key key)
Returns a MAC for the given algorithm and key, possibly using
the BC provider explicitly when the configured JCA providers
cannot provide a MAC for the algorithm and key.
|
static MessageDigest |
getMessageDigest(String algorithm)
Returns a message digest for the given algorithm, possibly
using the BC provider explicitly if the configured JCA providers
cannot provide a message digest for the algorithm.
|
static BigInteger |
getPrime(AlgorithmParameterSpec params)
Extracts the prime from the given DH or ECDH parameter specification
which (hopefully) specifies a curve over a prime field.
|
static PublicKey |
getPublicKey(String algorithm,
KeySpec keySpec)
Returns a public key for the given algorithm and key specification,
possibly using the BC provider explicitly when the configured JCA
providers cannot provide a public key for the algorithm and key
specification.
|
static byte[] |
getRawECDSASignature(byte[] signedData,
int keySize)
For ECDSA the EAC 1.11 specification requires the signature to be stripped down from any ASN.1 wrappers, as so.
|
static Signature |
getSignature(String algorithm)
Returns a signature for the given signature algorithm, possibly using the BC
provider if the configured JCA providers cannot provide a signature.
|
static byte[] |
i2os(BigInteger val)
Converts a non-negative integer to an octet string.
|
static byte[] |
i2os(BigInteger val,
int length)
Converts an integer to an octet string.
|
static String |
inferDigestAlgorithmFromCipherAlgorithmForKeyDerivation(String cipherAlg,
int keyLength)
Infers a digest algorithm mnemonic from a signature algorithm mnemonic for
use in key derivation.
|
static String |
inferDigestAlgorithmFromSignatureAlgorithm(String signatureAlgorithm)
Infers a digest algorithm mnemonic from a signature algorithm mnemonic.
|
static String |
inferKeyAgreementAlgorithm(PublicKey publicKey)
Attempts to infer a relevant key agreement algorithm
(either
"DH" or "ECDH" ) given a public key. |
static String |
inferProtocolIdentifier(PublicKey publicKey)
Infers an EAC object identifier for an EC or DH public key.
|
static boolean |
isPointOnCurve(ECPoint xy,
ECParameterSpec ecParams)
Checks whether the given point is on the given curve.
|
static boolean |
isValid(ECPoint ecPoint,
ECParameterSpec params)
Determines whether an EC point is valid with respect to the given EC parameters.
|
static ECPoint |
multiply(BigInteger s,
ECPoint point,
ECParameterSpec params)
Multiplies a scalar and an EC point.
|
static ECPoint |
normalize(ECPoint ecPoint,
ECParameterSpec params)
Normalizes an EC point given the EC parameters.
|
static ECPoint |
os2ECPoint(byte[] encodedECPoint)
Decodes an EC point from a BSI encoded octet string.
|
static BigInteger |
os2fe(byte[] bytes,
BigInteger p)
Converts an octet string to a field element via OS2FE as specified in BSI TR-03111.
|
static BigInteger |
os2i(byte[] bytes)
Converts an octet string to an integer.
|
static BigInteger |
os2i(byte[] bytes,
int offset,
int length)
Converts an octet string to an integer.
|
static byte[] |
pad(byte[] in,
int blockSize)
Pads the input
in according to ISO9797-1 padding method 2,
using the given block size. |
static byte[] |
pad(byte[] bytes,
int offset,
int length,
int blockSize)
Pads the input
bytes indicated by offset and length
according to ISO9797-1 padding method 2, using the given block size in blockSize . |
static List<byte[]> |
partition(int segmentSize,
byte[] data)
Partitions a byte array into a number of segments of the given size,
and a final segment if there is a remainder.
|
static PublicKey |
reconstructPublicKey(PublicKey publicKey)
Reconstructs the public key to use explicit domain params for EC public keys.
|
static byte[] |
recoverMessage(int digestLength,
byte[] decryptedResponse)
Recovers the M1 part of the message sent back by the AA protocol
(INTERNAL AUTHENTICATE command).
|
static byte[] |
stripLeadingZeroes(byte[] bytes)
Strips any leading zeroes from a byte-array and
returns the resulting byte-array.
|
static ECPoint |
toBouncyCastleECPoint(ECPoint point,
ECParameterSpec params)
Converts a JCA EC point to a BC EC point.
|
static ECDomainParameters |
toBouncyECDomainParameters(ECParameterSpec params)
Converts a JCA compliant EC parameter (domain) specification to a BC
EC domain specification.
|
static ECPrivateKeyParameters |
toBouncyECPrivateKeyParameters(ECPrivateKey privateKey)
Converts the EC private key to a BC private key parameter specification.
|
static ECPublicKeyParameters |
toBouncyECPublicKeyParameters(ECPublicKey publicKey)
Converts the EC public key to a BC public key parameter specification.
|
static ECNamedCurveSpec |
toECNamedCurveSpec(ECNamedCurveParameterSpec namedParamSpec)
Translates internal BC named curve spec to BC provided JCA compliant named curve spec.
|
static DHParameterSpec |
toExplicitDHParameterSpec(DHParameters params)
Returns a Difie-Hellman parameter specification which includes
the prime order of the subgroup generated by the generator if this
information is available in the given (Bouncy Castle) parameters.
|
static ECParameterSpec |
toExplicitECParameterSpec(ECNamedCurveParameterSpec parameterSpec)
Translates (named) curve specification to JCA compliant explicit parameter specification.
|
static ECParameterSpec |
toExplicitECParameterSpec(ECParameterSpec params)
Translates (named) curve specification to JCA compliant explicit param specification.
|
static byte[] |
toOIDBytes(String oid)
Encodes an object identifier.
|
static PublicKey |
toPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo)
Extracts a public key from a BC subject public key info structure.
|
static SubjectPublicKeyInfo |
toSubjectPublicKeyInfo(PublicKey publicKey)
Convert the given JCA compliant public key to a BC subject public key info structure.
|
static byte[] |
unpad(byte[] bytes)
Unpads the input
bytes according to ISO9797-1 padding method 2. |
public static final int ENC_MODE
public static final int MAC_MODE
public static final int PACE_MODE
@Deprecated public static final DHParameters RFC5114_1024_160
@Deprecated public static final DHParameters RFC5114_2048_224
@Deprecated public static final DHParameters RFC5114_2048_256
public static Provider getBouncyCastleProvider()
null
public static SecretKey deriveKey(byte[] keySeed, int mode) throws GeneralSecurityException
keySeed
- the key seed.mode
- either ENC_MODE
or MAC_MODE
GeneralSecurityException
- on security errorpublic static SecretKey deriveKey(byte[] keySeed, String cipherAlgName, int keyLength, int mode) throws GeneralSecurityException
keySeed
- the key seed.cipherAlgName
- either AES or DESedekeyLength
- key length in bitsmode
- either ENC_MODE
, MAC_MODE
, or PACE_MODE
GeneralSecurityException
- on security errorpublic static SecretKey deriveKey(byte[] keySeed, String cipherAlg, int keyLength, byte[] nonce, int mode) throws GeneralSecurityException
keySeed
- the shared secret, as octetscipherAlg
- in Java mnemonic notation (for example "DESede", "AES")keyLength
- length in bitsnonce
- optional nonce or null
mode
- the mode either ENC
, MAC
, or PACE
modeGeneralSecurityException
- if something went wrongpublic static SecretKey deriveKey(byte[] keySeed, String cipherAlg, int keyLength, byte[] nonce, int mode, byte paceKeyReference) throws GeneralSecurityException
keySeed
- the shared secret, as octetscipherAlg
- in Java mnemonic notation (for example "DESede", "AES")keyLength
- length in bitsnonce
- optional nonce or null
mode
- the mode either ENC
, MAC
, or PACE
modepaceKeyReference
- Key Reference For Pace ProtocolGeneralSecurityException
- if something went wrongpublic static byte[] computeKeySeed(String documentNumber, String dateOfBirth, String dateOfExpiry, String digestAlg, boolean doTruncate) throws GeneralSecurityException
documentNumber
- a string containing the document numberdateOfBirth
- a string containing the date of birth (YYMMDD)dateOfExpiry
- a string containing the date of expiry (YYMMDD)digestAlg
- a Java mnemonic algorithm string to indicate the digest algorithm (typically SHA-1)doTruncate
- whether to truncate the resulting output to 16 bytesGeneralSecurityException
- on security errorpublic static byte[] computeKeySeed(String cardAccessNumber, String digestAlg, boolean doTruncate) throws GeneralSecurityException
cardAccessNumber
- the card access numberdigestAlg
- the digest algorithm to usedoTruncate
- whether to truncate to 16 bytes or notGeneralSecurityException
- on errorpublic static byte[] pad(byte[] in, int blockSize)
in
according to ISO9797-1 padding method 2,
using the given block size.in
- inputblockSize
- the block sizepublic static byte[] pad(byte[] bytes, int offset, int length, int blockSize)
bytes
indicated by offset
and length
according to ISO9797-1 padding method 2, using the given block size in blockSize
.bytes
- inputoffset
- the offsetlength
- the lengthblockSize
- the block sizepublic static byte[] unpad(byte[] bytes) throws BadPaddingException
bytes
according to ISO9797-1 padding method 2.bytes
- the inputBadPaddingException
- on padding exceptionpublic static byte[] recoverMessage(int digestLength, byte[] decryptedResponse)
digestLength
- should be 20decryptedResponse
- response from card, already 'decrypted' (using the AA public key)public static byte[] getRawECDSASignature(byte[] signedData, int keySize) throws IOException
signedData
- signed datakeySize
- key sizeIOException
- on errorpublic static byte[] alignKeyDataToSize(byte[] keyData, int size)
keyData
- the key datasize
- the new sizepublic static byte[] i2os(BigInteger val, int length)
val
- a non-negative integerlength
- the desired length of the octet stringpublic static byte[] i2os(BigInteger val)
val
- non-negative integerpublic static BigInteger os2i(byte[] bytes)
bytes
- octet stringpublic static BigInteger os2i(byte[] bytes, int offset, int length)
bytes
- a byte array containing the octet stringoffset
- the offset of the octet string within the given byte arraylength
- the length of the octet stringpublic static BigInteger os2fe(byte[] bytes, BigInteger p)
bytes
- octet stringp
- the moduluspublic static String inferDigestAlgorithmFromSignatureAlgorithm(String signatureAlgorithm)
signatureAlgorithm
- a signature algorithmnull
if inference failedpublic static String inferDigestAlgorithmFromCipherAlgorithmForKeyDerivation(String cipherAlg, int keyLength)
cipherAlg
- a cipher algorithmkeyLength
- the key lengthnull
if inference failedpublic static DHParameterSpec toExplicitDHParameterSpec(DHParameters params)
params
- parameters for Diffie-Hellman as a Bouncy Castle specific object.public static String getDetailedPublicKeyAlgorithm(PublicKey publicKey)
publicKey
- a public keypublic static String getDetailedPrivateKeyAlgorithm(PrivateKey privateKey)
privateKey
- a private keypublic static String getCurveName(ECParameterSpec params)
null
.params
- an specification of the curvepublic static ECParameterSpec toExplicitECParameterSpec(ECNamedCurveParameterSpec parameterSpec)
parameterSpec
- a BC named curve parameter specificationpublic static ECParameterSpec toExplicitECParameterSpec(ECParameterSpec params)
params
- an EC parameter specification, possibly namedpublic static ECNamedCurveSpec toECNamedCurveSpec(ECNamedCurveParameterSpec namedParamSpec)
namedParamSpec
- a named EC parameter specpublic static SubjectPublicKeyInfo toSubjectPublicKeyInfo(PublicKey publicKey)
publicKey
- a public keypublic static PublicKey toPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo)
subjectPublicKeyInfo
- the BC subject public key info structurenull
public static PublicKey reconstructPublicKey(PublicKey publicKey)
publicKey
- the public keypublic static ECPoint os2ECPoint(byte[] encodedECPoint)
encodedECPoint
- the encoded EC pointpublic static byte[] ecPoint2OS(ECPoint point, int bitLength)
0x04
tag (without a length).point
- an EC PointbitLength
- the length in bits to use for each coordinate (the field size)public static String inferProtocolIdentifier(PublicKey publicKey)
publicKey
- a public keypublic static ECPoint add(ECPoint x, ECPoint y, ECParameterSpec params)
x
- an EC pointy
- another EC pointparams
- the domain parameterspublic static ECPoint multiply(BigInteger s, ECPoint point, ECParameterSpec params)
s
- the scalarpoint
- the EC pointparams
- the domain parameterspublic static boolean isPointOnCurve(ECPoint xy, ECParameterSpec ecParams)
xy
- a pointecParams
- parameters specifying the curvepublic static byte[] getBytes(String str)
str
- a stringpublic static BigInteger getPrime(AlgorithmParameterSpec params)
IllegalArgumentException
for non-prime fields.)params
- a parameter specificationpublic static String inferKeyAgreementAlgorithm(PublicKey publicKey)
"DH"
or "ECDH"
) given a public key.publicKey
- the public key"DH"
or "ECDH"
public static BigInteger computeAffineY(BigInteger affineX, ECParameterSpec params)
affineX
- the x coord of a point on the curveparams
- EC parameters for curve over Fppublic static ECPoint toBouncyCastleECPoint(ECPoint point, ECParameterSpec params)
point
- the JCA EC pointparams
- the parameters to interpret the pointpublic static ECPoint fromBouncyCastleECPoint(ECPoint point)
point
- the BC EC pointpublic static boolean isValid(ECPoint ecPoint, ECParameterSpec params)
ecPoint
- an EC pointparams
- the EC parameter specificationpublic static ECPoint normalize(ECPoint ecPoint, ECParameterSpec params)
ecPoint
- the EC pointparams
- the EC parameter specificationpublic static ECPublicKeyParameters toBouncyECPublicKeyParameters(ECPublicKey publicKey)
publicKey
- the EC public keypublic static ECPrivateKeyParameters toBouncyECPrivateKeyParameters(ECPrivateKey privateKey)
privateKey
- the EC private keypublic static ECDomainParameters toBouncyECDomainParameters(ECParameterSpec params)
params
- the EC parameter specificationpublic static Cipher getCipher(String algorithm) throws GeneralSecurityException
algorithm
- the encryption algorithmGeneralSecurityException
- on errorpublic static Cipher getCipher(String algorithm, int mode, Key key) throws GeneralSecurityException
algorithm
- the encryption algorithmmode
- the mode of operation (encrypt or decrypt)key
- the keyGeneralSecurityException
- on errorpublic static KeyAgreement getKeyAgreement(String algorithm) throws GeneralSecurityException
algorithm
- the key agreement algorithmGeneralSecurityException
- on errorpublic static KeyPairGenerator getKeyPairGenerator(String algorithm) throws GeneralSecurityException
algorithm
- the algorithmGeneralSecurityException
- on errorpublic static Mac getMac(String algorithm) throws GeneralSecurityException
algorithm
- the MAC algorithmGeneralSecurityException
- on errorpublic static Mac getMac(String algorithm, Key key) throws GeneralSecurityException
algorithm
- the MAC algorithmkey
- the keyGeneralSecurityException
- on errorpublic static MessageDigest getMessageDigest(String algorithm) throws GeneralSecurityException
algorithm
- the message digest algorithmGeneralSecurityException
- on errorpublic static PublicKey getPublicKey(String algorithm, KeySpec keySpec) throws GeneralSecurityException
algorithm
- the public key algorithmkeySpec
- the key specificationGeneralSecurityException
- on errorpublic static Signature getSignature(String algorithm) throws GeneralSecurityException
algorithm
- the signature algorithmGeneralSecurityException
- on errorpublic static CertificateFactory getCertificateFactory(String algorithm) throws GeneralSecurityException
algorithm
- the certificate algorithmGeneralSecurityException
- on errorpublic static byte[] toOIDBytes(String oid)
oid
- the object identifierpublic static List<byte[]> partition(int segmentSize, byte[] data)
segmentSize
- the number of bytes per segmentdata
- the data to be partitionedpublic static byte[] stripLeadingZeroes(byte[] bytes)
bytes
- the input byte-array (which is not modified in the process)Copyright © 2021. All rights reserved.