1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. 4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 * 6 * This code is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 only, as 8 * published by the Free Software Foundation. Oracle designates this 9 * particular file as subject to the "Classpath" exception as provided 10 * by Oracle in the LICENSE file that accompanied this code. 11 * 12 * This code is distributed in the hope that it will be useful, but WITHOUT 13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 * version 2 for more details (a copy is included in the LICENSE file that 16 * accompanied this code). 17 * 18 * You should have received a copy of the GNU General Public License version 19 * 2 along with this work; if not, write to the Free Software Foundation, 20 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 21 * 22 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 23 * or visit www.oracle.com if you need additional information or have any 24 * questions. 25 */ 26 27 package sun.security.ec; 28 29 import java.security.*; 30 import java.security.interfaces.*; 31 import java.security.spec.*; 32 33 /** 34 * KeyFactory for EC keys. Keys must be instances of PublicKey or PrivateKey 35 * and getAlgorithm() must return "EC". For such keys, it supports conversion 36 * between the following: 37 * 38 * For public keys: 39 * . PublicKey with an X.509 encoding 40 * . ECPublicKey 41 * . ECPublicKeySpec 42 * . X509EncodedKeySpec 43 * 44 * For private keys: 45 * . PrivateKey with a PKCS#8 encoding 46 * . ECPrivateKey 47 * . ECPrivateKeySpec 48 * . PKCS8EncodedKeySpec 49 * 50 * @since 1.6 51 * @author Andreas Sterbenz 52 */ 53 public final class ECKeyFactory extends KeyFactorySpi { 54 55 // Used by translateKey() and the SunPKCS11 provider 56 public final static KeyFactory INSTANCE; 57 58 // Internal provider object we can obtain the KeyFactory and 59 // AlgorithmParameters from. Used by ECParameters and AlgorithmId. 60 // This can go away once we have EC always available in the SUN provider. 61 // Used by ECParameters and AlgorithmId. 62 public final static Provider ecInternalProvider; 63 64 static { 65 final Provider p = new Provider("SunEC-Internal", 1.0d, null) {}; 66 AccessController.doPrivileged(new PrivilegedAction<Void>() { 67 public Void run() { 68 // Android changed : replace string reference with class name. It 69 // makes no difference in this case since these classes are already 70 // in direct use here. 71 p.put("KeyFactory.EC", ECKeyFactory.class.getName()); 72 p.put("AlgorithmParameters.EC", ECParameters.class.getName()); 73 p.put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC"); 74 return null; 75 } 76 }); 77 try { 78 INSTANCE = KeyFactory.getInstance("EC", p); 79 } catch (NoSuchAlgorithmException e) { 80 throw new RuntimeException(e); 81 } 82 ecInternalProvider = p; 83 } 84 85 public ECKeyFactory() { 86 // empty 87 } 88 89 /** 90 * Static method to convert Key into a useable instance of 91 * ECPublicKey or ECPrivateKey. Check the key and convert it 92 * to a Sun key if necessary. If the key is not an EC key 93 * or cannot be used, throw an InvalidKeyException. 94 * 95 * The difference between this method and engineTranslateKey() is that 96 * we do not convert keys of other providers that are already an 97 * instance of ECPublicKey or ECPrivateKey. 98 * 99 * To be used by future Java ECDSA and ECDH implementations. 100 */ 101 public static ECKey toECKey(Key key) throws InvalidKeyException { 102 if (key instanceof ECKey) { 103 ECKey ecKey = (ECKey)key; 104 checkKey(ecKey); 105 return ecKey; 106 } else { 107 return (ECKey)INSTANCE.translateKey(key); 108 } 109 } 110 111 /** 112 * Check that the given EC key is valid. 113 */ 114 private static void checkKey(ECKey key) throws InvalidKeyException { 115 // check for subinterfaces, omit additional checks for our keys 116 if (key instanceof ECPublicKey) { 117 if (key instanceof ECPublicKeyImpl) { 118 return; 119 } 120 } else if (key instanceof ECPrivateKey) { 121 if (key instanceof ECPrivateKeyImpl) { 122 return; 123 } 124 } else { 125 throw new InvalidKeyException("Neither a public nor a private key"); 126 } 127 // ECKey does not extend Key, so we need to do a cast 128 String keyAlg = ((Key)key).getAlgorithm(); 129 if (keyAlg.equals("EC") == false) { 130 throw new InvalidKeyException("Not an EC key: " + keyAlg); 131 } 132 // XXX further sanity checks about whether this key uses supported 133 // fields, point formats, etc. would go here 134 } 135 136 /** 137 * Translate an EC key into a Sun EC key. If conversion is 138 * not possible, throw an InvalidKeyException. 139 * See also JCA doc. 140 */ 141 protected Key engineTranslateKey(Key key) throws InvalidKeyException { 142 if (key == null) { 143 throw new InvalidKeyException("Key must not be null"); 144 } 145 String keyAlg = key.getAlgorithm(); 146 if (keyAlg.equals("EC") == false) { 147 throw new InvalidKeyException("Not an EC key: " + keyAlg); 148 } 149 if (key instanceof PublicKey) { 150 return implTranslatePublicKey((PublicKey)key); 151 } else if (key instanceof PrivateKey) { 152 return implTranslatePrivateKey((PrivateKey)key); 153 } else { 154 throw new InvalidKeyException("Neither a public nor a private key"); 155 } 156 } 157 158 // see JCA doc 159 protected PublicKey engineGeneratePublic(KeySpec keySpec) 160 throws InvalidKeySpecException { 161 try { 162 return implGeneratePublic(keySpec); 163 } catch (InvalidKeySpecException e) { 164 throw e; 165 } catch (GeneralSecurityException e) { 166 throw new InvalidKeySpecException(e); 167 } 168 } 169 170 // see JCA doc 171 protected PrivateKey engineGeneratePrivate(KeySpec keySpec) 172 throws InvalidKeySpecException { 173 try { 174 return implGeneratePrivate(keySpec); 175 } catch (InvalidKeySpecException e) { 176 throw e; 177 } catch (GeneralSecurityException e) { 178 throw new InvalidKeySpecException(e); 179 } 180 } 181 182 // internal implementation of translateKey() for public keys. See JCA doc 183 private PublicKey implTranslatePublicKey(PublicKey key) 184 throws InvalidKeyException { 185 if (key instanceof ECPublicKey) { 186 if (key instanceof ECPublicKeyImpl) { 187 return key; 188 } 189 ECPublicKey ecKey = (ECPublicKey)key; 190 return new ECPublicKeyImpl( 191 ecKey.getW(), 192 ecKey.getParams() 193 ); 194 } else if ("X.509".equals(key.getFormat())) { 195 byte[] encoded = key.getEncoded(); 196 return new ECPublicKeyImpl(encoded); 197 } else { 198 throw new InvalidKeyException("Public keys must be instance " 199 + "of ECPublicKey or have X.509 encoding"); 200 } 201 } 202 203 // internal implementation of translateKey() for private keys. See JCA doc 204 private PrivateKey implTranslatePrivateKey(PrivateKey key) 205 throws InvalidKeyException { 206 if (key instanceof ECPrivateKey) { 207 if (key instanceof ECPrivateKeyImpl) { 208 return key; 209 } 210 ECPrivateKey ecKey = (ECPrivateKey)key; 211 return new ECPrivateKeyImpl( 212 ecKey.getS(), 213 ecKey.getParams() 214 ); 215 } else if ("PKCS#8".equals(key.getFormat())) { 216 return new ECPrivateKeyImpl(key.getEncoded()); 217 } else { 218 throw new InvalidKeyException("Private keys must be instance " 219 + "of ECPrivateKey or have PKCS#8 encoding"); 220 } 221 } 222 223 // internal implementation of generatePublic. See JCA doc 224 private PublicKey implGeneratePublic(KeySpec keySpec) 225 throws GeneralSecurityException { 226 if (keySpec instanceof X509EncodedKeySpec) { 227 X509EncodedKeySpec x509Spec = (X509EncodedKeySpec)keySpec; 228 return new ECPublicKeyImpl(x509Spec.getEncoded()); 229 } else if (keySpec instanceof ECPublicKeySpec) { 230 ECPublicKeySpec ecSpec = (ECPublicKeySpec)keySpec; 231 return new ECPublicKeyImpl( 232 ecSpec.getW(), 233 ecSpec.getParams() 234 ); 235 } else { 236 throw new InvalidKeySpecException("Only ECPublicKeySpec " 237 + "and X509EncodedKeySpec supported for EC public keys"); 238 } 239 } 240 241 // internal implementation of generatePrivate. See JCA doc 242 private PrivateKey implGeneratePrivate(KeySpec keySpec) 243 throws GeneralSecurityException { 244 if (keySpec instanceof PKCS8EncodedKeySpec) { 245 PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec)keySpec; 246 return new ECPrivateKeyImpl(pkcsSpec.getEncoded()); 247 } else if (keySpec instanceof ECPrivateKeySpec) { 248 ECPrivateKeySpec ecSpec = (ECPrivateKeySpec)keySpec; 249 return new ECPrivateKeyImpl(ecSpec.getS(), ecSpec.getParams()); 250 } else { 251 throw new InvalidKeySpecException("Only ECPrivateKeySpec " 252 + "and PKCS8EncodedKeySpec supported for EC private keys"); 253 } 254 } 255 256 protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) 257 throws InvalidKeySpecException { 258 try { 259 // convert key to one of our keys 260 // this also verifies that the key is a valid EC key and ensures 261 // that the encoding is X.509/PKCS#8 for public/private keys 262 key = engineTranslateKey(key); 263 } catch (InvalidKeyException e) { 264 throw new InvalidKeySpecException(e); 265 } 266 if (key instanceof ECPublicKey) { 267 ECPublicKey ecKey = (ECPublicKey)key; 268 if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) { 269 return (T) new ECPublicKeySpec( 270 ecKey.getW(), 271 ecKey.getParams() 272 ); 273 } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) { 274 return (T) new X509EncodedKeySpec(key.getEncoded()); 275 } else { 276 throw new InvalidKeySpecException 277 ("KeySpec must be ECPublicKeySpec or " 278 + "X509EncodedKeySpec for EC public keys"); 279 } 280 } else if (key instanceof ECPrivateKey) { 281 if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) { 282 return (T) new PKCS8EncodedKeySpec(key.getEncoded()); 283 } else if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) { 284 ECPrivateKey ecKey = (ECPrivateKey)key; 285 return (T) new ECPrivateKeySpec( 286 ecKey.getS(), 287 ecKey.getParams() 288 ); 289 } else { 290 throw new InvalidKeySpecException 291 ("KeySpec must be ECPrivateKeySpec or " 292 + "PKCS8EncodedKeySpec for EC private keys"); 293 } 294 } else { 295 // should not occur, caught in engineTranslateKey() 296 throw new InvalidKeySpecException("Neither public nor private key"); 297 } 298 } 299 } 300