类javax.crypto.KeyAgreement源码实例Demo

下面列出了怎么用javax.crypto.KeyAgreement的API类实例代码及写法,或者点击链接到github查看源代码。

源代码1 项目: openjsse   文件: DHKeyExchange.java
private SecretKey t12DeriveKey(String algorithm,
        AlgorithmParameterSpec params) throws IOException {
    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");
        ka.init(localPrivateKey);
        ka.doPhase(peerPublicKey, true);
        SecretKey preMasterSecret =
                ka.generateSecret("TlsPremasterSecret");
        SSLMasterKeyDerivation mskd =
                SSLMasterKeyDerivation.valueOf(
                        context.negotiatedProtocol);
        if (mskd == null) {
            // unlikely
            throw new SSLHandshakeException(
                "No expected master key derivation for protocol: " +
                context.negotiatedProtocol.name);
        }
        SSLKeyDerivation kd = mskd.createKeyDerivation(
                context, preMasterSecret);
        return kd.deriveKey("MasterSecret", params);
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(gse);
    }
}
 
源代码2 项目: openjsse   文件: ECDHKeyExchange.java
private SecretKey t12DeriveKey(String algorithm,
        AlgorithmParameterSpec params) throws IOException {
    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
        ka.init(localPrivateKey);
        ka.doPhase(peerPublicKey, true);
        SecretKey preMasterSecret =
                ka.generateSecret("TlsPremasterSecret");

        SSLMasterKeyDerivation mskd =
                SSLMasterKeyDerivation.valueOf(
                        context.negotiatedProtocol);
        if (mskd == null) {
            // unlikely
            throw new SSLHandshakeException(
                    "No expected master key derivation for protocol: " +
                    context.negotiatedProtocol.name);
        }
        SSLKeyDerivation kd = mskd.createKeyDerivation(
                context, preMasterSecret);
        return kd.deriveKey("MasterSecret", params);
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(gse);
    }
}
 
源代码3 项目: wycheproof   文件: DhTest.java
/** Check that key agreement using DH works. */
@SuppressWarnings("InsecureCryptoUsage")
@Test
public void testDh() throws Exception {
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
  DHParameterSpec dhparams = ike2048();
  keyGen.initialize(dhparams);
  KeyPair keyPairA = keyGen.generateKeyPair();
  KeyPair keyPairB = keyGen.generateKeyPair();

  KeyAgreement kaA = KeyAgreement.getInstance("DH");
  KeyAgreement kaB = KeyAgreement.getInstance("DH");
  kaA.init(keyPairA.getPrivate());
  kaB.init(keyPairB.getPrivate());
  kaA.doPhase(keyPairB.getPublic(), true);
  kaB.doPhase(keyPairA.getPublic(), true);
  byte[] kAB = kaA.generateSecret();
  byte[] kBA = kaB.generateSecret();
  assertEquals(TestUtil.bytesToHex(kAB), TestUtil.bytesToHex(kBA));
}
 
源代码4 项目: wycheproof   文件: DhTest.java
/** This test tries a key agreement with keys using distinct parameters. */
@SuppressWarnings("InsecureCryptoUsage")
@Test
public void testDHDistinctParameters() throws Exception {
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
  keyGen.initialize(ike1536());
  KeyPair keyPairA = keyGen.generateKeyPair();

  keyGen.initialize(ike2048());
  KeyPair keyPairB = keyGen.generateKeyPair();

  KeyAgreement kaA = KeyAgreement.getInstance("DH");
  kaA.init(keyPairA.getPrivate());
  try {
    kaA.doPhase(keyPairB.getPublic(), true);
    byte[] kAB = kaA.generateSecret();
    fail("Generated secrets with mixed keys " + TestUtil.bytesToHex(kAB) + ", ");
  } catch (java.security.GeneralSecurityException ex) {
    // This is expected.
  }
}
 
源代码5 项目: Bytecoder   文件: KAKeyDerivation.java
/**
 * Handle the TLSv1-1.2 objects, which don't use the HKDF algorithms.
 */
private SecretKey t12DeriveKey(String algorithm,
        AlgorithmParameterSpec params) throws IOException {
    try {
        KeyAgreement ka = KeyAgreement.getInstance(algorithmName);
        ka.init(localPrivateKey);
        ka.doPhase(peerPublicKey, true);
        SecretKey preMasterSecret
                = ka.generateSecret("TlsPremasterSecret");
        SSLMasterKeyDerivation mskd
                = SSLMasterKeyDerivation.valueOf(
                        context.negotiatedProtocol);
        if (mskd == null) {
            // unlikely
            throw new SSLHandshakeException(
                    "No expected master key derivation for protocol: "
                    + context.negotiatedProtocol.name);
        }
        SSLKeyDerivation kd = mskd.createKeyDerivation(
                context, preMasterSecret);
        return kd.deriveKey("MasterSecret", params);
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
                "Could not generate secret").initCause(gse);
    }
}
 
源代码6 项目: openjdk-jdk9   文件: TestDH.java
private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1,
        KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
    SecretKey key1;

    ka1.init(kp1.getPrivate());
    ka1.doPhase(kp2.getPublic(), true);
    System.out.println("Derive " + algorithm + " using SunJCE...");
    key1 = ka1.generateSecret(algorithm);

    ka2.init(kp1.getPrivate());
    ka2.doPhase(kp2.getPublic(), true);
    System.out.println("Derive " + algorithm + " using PKCS#11...");
    SecretKey key2 = ka2.generateSecret(algorithm);

    byte[] b1 = key1.getEncoded();
    byte[] b2 = key2.getEncoded();

    if (Arrays.equals(b1, b2) == false) {
        System.out.println(b1.length + " bytes: " + toString(b1));
        System.out.println(b2.length + " bytes: " + toString(b2));
        throw new Exception(algorithm + " secret mismatch");
    }
}
 
源代码7 项目: Jose4j   文件: EcdhKeyAgreementAlgorithm.java
private byte[] generateEcdhSecret(PrivateKey privateKey, PublicKey publicKey, ProviderContext providerContext) throws JoseException
{
    String keyAgreementProvider = providerContext.getSuppliedKeyProviderContext().getKeyAgreementProvider();
    KeyAgreement keyAgreement = getKeyAgreement(keyAgreementProvider);

    try
    {
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
    }
    catch (java.security.InvalidKeyException e)
    {
        throw new InvalidKeyException("Invalid Key for " + getJavaAlgorithm() + " key agreement." ,e);
    }

    return keyAgreement.generateSecret();
}
 
源代码8 项目: openjdk-jdk9   文件: TestECDH2.java
private static void testKeyAgreement(KeyPair kpA, KeyPair kpB, Provider p)
    throws Exception {
    KeyAgreement ka1 = KeyAgreement.getInstance("ECDH", p);
    ka1.init(kpA.getPrivate());
    ka1.doPhase(kpB.getPublic(), true);
    byte[] s1 = ka1.generateSecret();

    KeyAgreement ka2 = KeyAgreement.getInstance("ECDH", p);
    ka2.init(kpB.getPrivate());
    ka2.doPhase(kpA.getPublic(), true);
    byte[] s2 = ka2.generateSecret();
    if (Arrays.equals(s1, s2) == false) {
        System.out.println("expected: " + toString(s1));
        System.out.println("actual:   " + toString(s2));
        throw new Exception("Generated secrets do not match");
    }
}
 
源代码9 项目: thunder   文件: ECDH.java
public static ECDHKeySet getSharedSecret (ECKey keyServer, ECKey keyClient) {
    try {

        ECPrivateKeySpec specPrivate = new ECPrivateKeySpec(keyServer.getPrivKey(), ecParameters);
        ECPublicKeySpec specPublic = new ECPublicKeySpec(new ECPoint(keyClient.getPubKeyPoint().getXCoord().toBigInteger(), keyClient.getPubKeyPoint()
                .getYCoord().toBigInteger()), ecParameters);

        ECPrivateKey privateKey = (ECPrivateKey) kf.generatePrivate(specPrivate);
        ECPublicKey publicKey = (ECPublicKey) kf.generatePublic(specPublic);

        JCEECPrivateKey ecPrivKey = new JCEECPrivateKey(privateKey);
        JCEECPublicKey ecPubKey = new JCEECPublicKey(publicKey);

        KeyAgreement aKeyAgree = KeyAgreement.getInstance("ECDH");
        aKeyAgree.init(ecPrivKey);
        aKeyAgree.doPhase(ecPubKey, true);

        return new ECDHKeySet(aKeyAgree.generateSecret(), keyServer.getPubKey(), keyClient.getPubKey());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
 
源代码10 项目: javasdk   文件: ECKeyAgreement.java
public static KeyAgreement getInstance() {
    try {
        return KeyAgreement.getInstance(ALGORITHM);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg);
    }
}
 
源代码11 项目: javasdk   文件: ECKeyAgreement.java
public static KeyAgreement getInstance(final String provider) throws NoSuchProviderException {
    try {
        return KeyAgreement.getInstance(ALGORITHM, provider);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg);
    }
}
 
源代码12 项目: openjsse   文件: DHKeyExchange.java
private SecretKey t13DeriveKey(String algorithm,
        AlgorithmParameterSpec params) throws IOException {
    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");
        ka.init(localPrivateKey);
        ka.doPhase(peerPublicKey, true);
        SecretKey sharedSecret =
                ka.generateSecret("TlsPremasterSecret");

        HashAlg hashAlg = context.negotiatedCipherSuite.hashAlg;
        SSLKeyDerivation kd = context.handshakeKeyDerivation;
        HKDF hkdf = new HKDF(hashAlg.name);
        if (kd == null) {   // No PSK is in use.
            // If PSK is not in use Early Secret will still be
            // HKDF-Extract(0, 0).
            byte[] zeros = new byte[hashAlg.hashLength];
            SecretKeySpec ikm =
                    new SecretKeySpec(zeros, "TlsPreSharedSecret");
            SecretKey earlySecret =
                    hkdf.extract(zeros, ikm, "TlsEarlySecret");
            kd = new SSLSecretDerivation(context, earlySecret);
        }

        // derive salt secret
        SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);

        // derive handshake secret
        return hkdf.extract(saltSecret, sharedSecret, algorithm);
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(gse);
    }
}
 
源代码13 项目: openjsse   文件: ECDHKeyExchange.java
SecretKey getAgreedSecret(
        PublicKey peerPublicKey) throws SSLHandshakeException {

    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
        ka.init(privateKey);
        ka.doPhase(peerPublicKey, true);
        return ka.generateSecret("TlsPremasterSecret");
    } catch (GeneralSecurityException e) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(e);
    }
}
 
源代码14 项目: openjsse   文件: ECDHKeyExchange.java
private SecretKey t13DeriveKey(String algorithm,
        AlgorithmParameterSpec params) throws IOException {
    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
        ka.init(localPrivateKey);
        ka.doPhase(peerPublicKey, true);
        SecretKey sharedSecret =
                ka.generateSecret("TlsPremasterSecret");

        HashAlg hashAlg = context.negotiatedCipherSuite.hashAlg;
        SSLKeyDerivation kd = context.handshakeKeyDerivation;
        HKDF hkdf = new HKDF(hashAlg.name);
        if (kd == null) {   // No PSK is in use.
            // If PSK is not in use Early Secret will still be
            // HKDF-Extract(0, 0).
            byte[] zeros = new byte[hashAlg.hashLength];
            SecretKeySpec ikm =
                    new SecretKeySpec(zeros, "TlsPreSharedSecret");
            SecretKey earlySecret =
                    hkdf.extract(zeros, ikm, "TlsEarlySecret");
            kd = new SSLSecretDerivation(context, earlySecret);
        }

        // derive salt secret
        SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);

        // derive handshake secret
        return hkdf.extract(saltSecret, sharedSecret, algorithm);
    } catch (GeneralSecurityException gse) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(gse);
    }
}
 
源代码15 项目: android_9.0.0_r45   文件: SecureBox.java
private static byte[] dhComputeSecret(PrivateKey ourPrivateKey, PublicKey theirPublicKey)
        throws NoSuchAlgorithmException, InvalidKeyException {
    KeyAgreement agreement = KeyAgreement.getInstance(KA_ALG);
    try {
        agreement.init(ourPrivateKey);
    } catch (RuntimeException ex) {
        // Rethrow the RuntimeException as InvalidKeyException
        throw new InvalidKeyException(ex);
    }
    agreement.doPhase(theirPublicKey, /*lastPhase=*/ true);
    return agreement.generateSecret();
}
 
源代码16 项目: dragonwell8_jdk   文件: DHCrypt.java
/**
 * Get the secret data that has been agreed on through Diffie-Hellman
 * key agreement protocol.  Note that in the two party protocol, if
 * the peer keys are already known, no other data needs to be sent in
 * order to agree on a secret.  That is, a secured message may be
 * sent without any mandatory round-trip overheads.
 *
 * <P>It is illegal to call this member function if the private key
 * has not been set (or generated).
 *
 * @param  peerPublicKey the peer's public key.
 * @param  keyIsValidated whether the {@code peerPublicKey} has beed
 *         validated
 * @return the secret, which is an unsigned big-endian integer
 *         the same size as the Diffie-Hellman modulus.
 */
SecretKey getAgreedSecret(BigInteger peerPublicValue,
        boolean keyIsValidated) throws SSLHandshakeException {
    try {
        KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
        DHPublicKeySpec spec =
                    new DHPublicKeySpec(peerPublicValue, modulus, base);
        PublicKey publicKey = kf.generatePublic(spec);
        KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");

        // validate the Diffie-Hellman public key
        if (!keyIsValidated &&
                !KeyUtil.isOracleJCEProvider(ka.getProvider().getName())) {
            try {
                KeyUtil.validate(spec);
            } catch (InvalidKeyException ike) {
                // prefer handshake_failure alert to internal_error alert
                throw new SSLHandshakeException(ike.getMessage());
            }
        }

        ka.init(privateKey);
        ka.doPhase(publicKey, true);
        return ka.generateSecret("TlsPremasterSecret");
    } catch (GeneralSecurityException e) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(e);
    }
}
 
源代码17 项目: dragonwell8_jdk   文件: ECDHCrypt.java
SecretKey getAgreedSecret(
        PublicKey peerPublicKey) throws SSLHandshakeException {

    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
        ka.init(privateKey);
        ka.doPhase(peerPublicKey, true);
        return ka.generateSecret("TlsPremasterSecret");
    } catch (GeneralSecurityException e) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(e);
    }
}
 
源代码18 项目: TencentKona-8   文件: ECDHCrypt.java
SecretKey getAgreedSecret(
        PublicKey peerPublicKey) throws SSLHandshakeException {

    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
        ka.init(privateKey);
        ka.doPhase(peerPublicKey, true);
        return ka.generateSecret("TlsPremasterSecret");
    } catch (GeneralSecurityException e) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(e);
    }
}
 
源代码19 项目: aion   文件: ECKeyAgreement.java
public static KeyAgreement getInstance() {
    try {
        return KeyAgreement.getInstance(ALGORITHM);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg, ex);
    }
}
 
源代码20 项目: aion   文件: ECKeyAgreement.java
public static KeyAgreement getInstance(final String provider) throws NoSuchProviderException {
    try {
        return KeyAgreement.getInstance(ALGORITHM, provider);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg, ex);
    }
}
 
源代码21 项目: aion   文件: ECKeyAgreement.java
public static KeyAgreement getInstance(final Provider provider) {
    try {
        return KeyAgreement.getInstance(ALGORITHM, provider);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg, ex);
    }
}
 
源代码22 项目: jdk8u60   文件: DHCrypt.java
/**
 * Get the secret data that has been agreed on through Diffie-Hellman
 * key agreement protocol.  Note that in the two party protocol, if
 * the peer keys are already known, no other data needs to be sent in
 * order to agree on a secret.  That is, a secured message may be
 * sent without any mandatory round-trip overheads.
 *
 * <P>It is illegal to call this member function if the private key
 * has not been set (or generated).
 *
 * @param  peerPublicKey the peer's public key.
 * @param  keyIsValidated whether the {@code peerPublicKey} has beed
 *         validated
 * @return the secret, which is an unsigned big-endian integer
 *         the same size as the Diffie-Hellman modulus.
 */
SecretKey getAgreedSecret(BigInteger peerPublicValue,
        boolean keyIsValidated) throws SSLHandshakeException {
    try {
        KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
        DHPublicKeySpec spec =
                    new DHPublicKeySpec(peerPublicValue, modulus, base);
        PublicKey publicKey = kf.generatePublic(spec);
        KeyAgreement ka = JsseJce.getKeyAgreement("DiffieHellman");

        // validate the Diffie-Hellman public key
        if (!keyIsValidated &&
                !KeyUtil.isOracleJCEProvider(ka.getProvider().getName())) {
            try {
                KeyUtil.validate(spec);
            } catch (InvalidKeyException ike) {
                // prefer handshake_failure alert to internal_error alert
                throw new SSLHandshakeException(ike.getMessage());
            }
        }

        ka.init(privateKey);
        ka.doPhase(publicKey, true);
        return ka.generateSecret("TlsPremasterSecret");
    } catch (GeneralSecurityException e) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(e);
    }
}
 
源代码23 项目: jdk8u60   文件: ECDHCrypt.java
SecretKey getAgreedSecret(
        PublicKey peerPublicKey) throws SSLHandshakeException {

    try {
        KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
        ka.init(privateKey);
        ka.doPhase(peerPublicKey, true);
        return ka.generateSecret("TlsPremasterSecret");
    } catch (GeneralSecurityException e) {
        throw (SSLHandshakeException) new SSLHandshakeException(
            "Could not generate secret").initCause(e);
    }
}
 
源代码24 项目: gsc-core   文件: ECKeyAgreement.java
public static KeyAgreement getInstance() {
    try {
        return KeyAgreement.getInstance(ALGORITHM);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg, ex);
    }
}
 
源代码25 项目: nuls-v2   文件: ECKeyAgreement.java
public static KeyAgreement getInstance() {
    try {
        return KeyAgreement.getInstance(ALGORITHM);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg, ex);
    }
}
 
源代码26 项目: nuls-v2   文件: ECKeyAgreement.java
public static KeyAgreement getInstance(final String provider) throws NoSuchProviderException {
    try {
        return KeyAgreement.getInstance(ALGORITHM, provider);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError(algorithmAssertionMsg, ex);
    }
}
 
源代码27 项目: wycheproof   文件: DhTest.java
/**
 * Tests whether a provider accepts invalid public keys that result in predictable shared secrets.
 * This test is based on RFC 2785, Section 4 and NIST SP 800-56A, If an attacker can modify both
 * public keys in an ephemeral-ephemeral key agreement scheme then it may be possible to coerce
 * both parties into computing the same predictable shared key.
 *
 * <p>Note: the test is quite whimsical. If the prime p is not a safe prime then the provider
 * itself cannot prevent all small-subgroup attacks because of the missing parameter q in the
 * Diffie-Hellman parameters. Implementations must add additional countermeasures such as the ones
 * proposed in RFC 2785.
 *
 * <p>CVE-2016-1000346: BouncyCastle before v.1.56 did not validate the other parties public key.
 */
@SuppressWarnings("InsecureCryptoUsage")
@Test
public void testSubgroupConfinement() throws Exception {
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
  DHParameterSpec params = ike2048();
  BigInteger p = params.getP();
  BigInteger g = params.getG();
  keyGen.initialize(params);
  PrivateKey priv = keyGen.generateKeyPair().getPrivate();
  KeyAgreement ka = KeyAgreement.getInstance("DH");
  BigInteger[] weakPublicKeys = {
    BigInteger.ZERO,
    BigInteger.ONE,
    p.subtract(BigInteger.ONE),
    p,
    p.add(BigInteger.ONE),
    BigInteger.ONE.negate()
  };
  for (BigInteger weakKey : weakPublicKeys) {
    ka.init(priv);
    try {
      KeyFactory kf = KeyFactory.getInstance("DH");
      DHPublicKeySpec weakSpec = new DHPublicKeySpec(weakKey, p, g);
      PublicKey pub = kf.generatePublic(weakSpec);
      ka.doPhase(pub, true);
      byte[] kAB = ka.generateSecret();
      fail(
          "Generated secrets with weak public key:"
              + weakKey.toString()
              + " secret:"
              + TestUtil.bytesToHex(kAB));
    } catch (GeneralSecurityException ex) {
      // this is expected
    }
  }
}
 
源代码28 项目: wkcwallet-java   文件: ECKeyAgreement.java
public static KeyAgreement getInstance() {
  try {
    return KeyAgreement.getInstance(ALGORITHM);
  } catch (NoSuchAlgorithmException ex) {
    throw new AssertionError(algorithmAssertionMsg, ex);
  }
}
 
源代码29 项目: wkcwallet-java   文件: ECKeyAgreement.java
public static KeyAgreement getInstance(final String provider) throws NoSuchProviderException {
  try {
    return KeyAgreement.getInstance(ALGORITHM, provider);
  } catch (NoSuchAlgorithmException ex) {
    throw new AssertionError(algorithmAssertionMsg, ex);
  }
}
 
源代码30 项目: wkcwallet-java   文件: ECKeyAgreement.java
public static KeyAgreement getInstance(final Provider provider) {
  try {
    return KeyAgreement.getInstance(ALGORITHM, provider);
  } catch (NoSuchAlgorithmException ex) {
    throw new AssertionError(algorithmAssertionMsg, ex);
  }
}