improve and simplify key formats
Dominik Schürmann
2 years ago
parent
39ef489a92
commit
56254aedb7
@ -1,200 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2017 Schürmann & Breitmoser GbR
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import androidx.annotation.Nullable;
|
||||
|
||||
import com.google.auto.value.AutoValue;
|
||||
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
||||
import org.bouncycastle.asn1.nist.NISTNamedCurves;
|
||||
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
|
||||
import org.bouncycastle.asn1.x9.X9ECParameters;
|
||||
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
|
||||
import org.bouncycastle.bcpg.sig.KeyFlags;
|
||||
import org.bouncycastle.math.ec.ECCurve;
|
||||
import org.bouncycastle.util.Arrays;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import timber.log.Timber;
|
||||
|
||||
|
||||
// 4.3.3.6 Algorithm Attributes
|
||||
@AutoValue
|
||||
public abstract class ECKeyFormat extends KeyFormat {
|
||||
|
||||
public abstract byte[] oidField();
|
||||
|
||||
@Nullable // TODO
|
||||
public abstract ECAlgorithmFormat ecAlgorithmFormat();
|
||||
|
||||
private static final byte ATTRS_IMPORT_FORMAT_WITH_PUBKEY = (byte) 0xff;
|
||||
|
||||
ECKeyFormat() {
|
||||
super(KeyFormatType.ECKeyFormatType);
|
||||
}
|
||||
|
||||
public static KeyFormat getInstance(byte[] oidField, ECAlgorithmFormat from) {
|
||||
return new AutoValue_ECKeyFormat(oidField, from);
|
||||
}
|
||||
|
||||
public static ECKeyFormat getInstance(ASN1ObjectIdentifier oidAsn1, ECAlgorithmFormat from) {
|
||||
byte[] oidField = asn1ToOidField(oidAsn1);
|
||||
return new AutoValue_ECKeyFormat(oidField, from);
|
||||
}
|
||||
|
||||
public static KeyFormat getInstanceFromBytes(byte[] bytes) {
|
||||
if (bytes.length < 2) {
|
||||
throw new IllegalArgumentException("Bad length for EC attributes");
|
||||
}
|
||||
|
||||
int len = bytes.length - 1;
|
||||
if (bytes[bytes.length - 1] == ATTRS_IMPORT_FORMAT_WITH_PUBKEY) {
|
||||
len -= 1;
|
||||
}
|
||||
|
||||
final byte[] oidField = new byte[len];
|
||||
System.arraycopy(bytes, 1, oidField, 0, len);
|
||||
return getInstance(oidField, ECKeyFormat.ECAlgorithmFormat.from(bytes[0], bytes[bytes.length - 1]));
|
||||
}
|
||||
|
||||
public byte[] toBytes(KeyType slot) {
|
||||
byte[] attrs = new byte[1 + oidField().length + 1];
|
||||
|
||||
attrs[0] = ecAlgorithmFormat().getAlgorithmId();
|
||||
System.arraycopy(oidField(), 0, attrs, 1, oidField().length);
|
||||
attrs[attrs.length - 1] = ATTRS_IMPORT_FORMAT_WITH_PUBKEY;
|
||||
|
||||
return attrs;
|
||||
}
|
||||
|
||||
public ASN1ObjectIdentifier asn1ParseOid() {
|
||||
ASN1ObjectIdentifier asn1CurveOid = oidFieldToOidAsn1(oidField());
|
||||
String curveName = ECNamedCurveTable.getName(asn1CurveOid);
|
||||
if (curveName == null) {
|
||||
Timber.w("Unknown curve OID: %s. Could be YubiKey firmware bug < 5.2.8. Trying again with last byte removed.", asn1CurveOid.getId());
|
||||
|
||||
// https://bugs.chromium.org/p/chromium/issues/detail?id=1120933#c10
|
||||
// The OpenPGP applet of a Yubikey with firmware version below 5.2.8 appends
|
||||
// a potentially arbitrary byte to the intended byte representation of an ECC
|
||||
// curve OID. This case is handled by retrying the decoding with the last
|
||||
// byte stripped if the resulting OID does not label a known curve.
|
||||
byte[] oidRemoveLastByte = Arrays.copyOf(oidField(), oidField().length - 1);
|
||||
ASN1ObjectIdentifier asn1CurveOidYubikey = oidFieldToOidAsn1(oidRemoveLastByte);
|
||||
curveName = ECNamedCurveTable.getName(asn1CurveOidYubikey);
|
||||
|
||||
if (curveName != null) {
|
||||
Timber.w("Detected curve OID: %s", asn1CurveOidYubikey.getId());
|
||||
return asn1CurveOidYubikey;
|
||||
} else {
|
||||
Timber.e("Still Unknown curve OID: %s", asn1CurveOidYubikey.getId());
|
||||
return asn1CurveOid;
|
||||
}
|
||||
}
|
||||
|
||||
return asn1CurveOid;
|
||||
}
|
||||
|
||||
private static byte[] asn1ToOidField(ASN1ObjectIdentifier oidAsn1) {
|
||||
byte[] encodedAsn1Oid;
|
||||
try {
|
||||
encodedAsn1Oid = oidAsn1.getEncoded();
|
||||
} catch (IOException e) {
|
||||
throw new IllegalStateException("Failed to encode curve OID!");
|
||||
}
|
||||
byte[] oidField = new byte[encodedAsn1Oid.length - 2];
|
||||
System.arraycopy(encodedAsn1Oid, 2, oidField, 0, encodedAsn1Oid.length - 2);
|
||||
|
||||
return oidField;
|
||||
}
|
||||
|
||||
private static ASN1ObjectIdentifier oidFieldToOidAsn1(byte[] oidField) {
|
||||
final byte[] boid = new byte[2 + oidField.length];
|
||||
boid[0] = (byte) 0x06;
|
||||
boid[1] = (byte) oidField.length;
|
||||
System.arraycopy(oidField, 0, boid, 2, oidField.length);
|
||||
return ASN1ObjectIdentifier.getInstance(boid);
|
||||
}
|
||||
|
||||
public enum ECAlgorithmFormat {
|
||||
ECDH((byte) PublicKeyAlgorithmTags.ECDH, true, false),
|
||||
ECDH_WITH_PUBKEY((byte) PublicKeyAlgorithmTags.ECDH, true, true),
|
||||
ECDSA((byte) PublicKeyAlgorithmTags.ECDSA, false, false),
|
||||
ECDSA_WITH_PUBKEY((byte) PublicKeyAlgorithmTags.ECDSA, false, true);
|
||||
|
||||
private final byte mAlgorithmId;
|
||||
private final boolean mIsECDH;
|
||||
private final boolean mWithPubkey;
|
||||
|
||||
ECAlgorithmFormat(final byte algorithmId, final boolean isECDH, final boolean withPubkey) {
|
||||
mAlgorithmId = algorithmId;
|
||||
mIsECDH = isECDH;
|
||||
mWithPubkey = withPubkey;
|
||||
}
|
||||
|
||||
public static ECKeyFormat.ECAlgorithmFormat from(final byte bFirst, final byte bLast) {
|
||||
for (ECKeyFormat.ECAlgorithmFormat format : values()) {
|
||||
if (format.mAlgorithmId == bFirst &&
|
||||
((bLast == ATTRS_IMPORT_FORMAT_WITH_PUBKEY) == format.isWithPubkey())) {
|
||||
return format;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public final byte getAlgorithmId() {
|
||||
return mAlgorithmId;
|
||||
}
|
||||
|
||||
public final boolean isECDH() {
|
||||
return mIsECDH;
|
||||
}
|
||||
|
||||
public final boolean isWithPubkey() {
|
||||
return mWithPubkey;
|
||||
}
|
||||
}
|
||||
|
||||
public void addToSaveKeyringParcel(SaveKeyringParcel.Builder builder, int keyFlags) {
|
||||
ASN1ObjectIdentifier oidAsn1 = asn1ParseOid();
|
||||
final X9ECParameters params = NISTNamedCurves.getByOID(oidAsn1);
|
||||
final ECCurve curve = params.getCurve();
|
||||
|
||||
SaveKeyringParcel.Algorithm algo = SaveKeyringParcel.Algorithm.ECDSA;
|
||||
if (((keyFlags & KeyFlags.ENCRYPT_COMMS) == KeyFlags.ENCRYPT_COMMS)
|
||||
|| ((keyFlags & KeyFlags.ENCRYPT_STORAGE) == KeyFlags.ENCRYPT_STORAGE)) {
|
||||
algo = SaveKeyringParcel.Algorithm.ECDH;
|
||||
}
|
||||
|
||||
SaveKeyringParcel.Curve scurve;
|
||||
if (oidAsn1.equals(NISTNamedCurves.getOID("P-256"))) {
|
||||
scurve = SaveKeyringParcel.Curve.NIST_P256;
|
||||
} else if (oidAsn1.equals(NISTNamedCurves.getOID("P-384"))) {
|
||||
scurve = SaveKeyringParcel.Curve.NIST_P384;
|
||||
} else if (oidAsn1.equals(NISTNamedCurves.getOID("P-521"))) {
|
||||
scurve = SaveKeyringParcel.Curve.NIST_P521;
|
||||
} else {
|
||||
throw new IllegalArgumentException("Unsupported curve " + oidAsn1);
|
||||
}
|
||||
|
||||
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(algo, curve.getFieldSize(), scurve, keyFlags, 0L));
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,131 @@
|
||||
/*
|
||||
* Copyright (C) 2017 Schürmann & Breitmoser GbR
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import com.google.auto.value.AutoValue;
|
||||
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
||||
import org.bouncycastle.asn1.nist.NISTNamedCurves;
|
||||
import org.bouncycastle.asn1.x9.X9ECParameters;
|
||||
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
|
||||
import org.bouncycastle.bcpg.sig.KeyFlags;
|
||||
import org.bouncycastle.math.ec.ECCurve;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
|
||||
|
||||
|
||||
// OpenPGP Card Spec: Algorithm Attributes: ECC
|
||||
@AutoValue
|
||||
public abstract class EcKeyFormat extends KeyFormat {
|
||||
|
||||
public abstract int algorithmId();
|
||||
|
||||
public abstract ASN1ObjectIdentifier curveOid();
|
||||
|
||||
public abstract boolean withPubkey();
|
||||
|
||||
private static final byte ATTRS_IMPORT_FORMAT_WITH_PUBKEY = (byte) 0xff;
|
||||
|
||||
public static EcKeyFormat getInstance(int algorithmId, ASN1ObjectIdentifier oid, boolean withPubkey) {
|
||||
return new AutoValue_EcKeyFormat(algorithmId, oid, withPubkey);
|
||||
}
|
||||
|
||||
public static EcKeyFormat getInstanceForKeyGeneration(KeyType keyType, ASN1ObjectIdentifier oidAsn1) {
|
||||
if (keyType == KeyType.ENCRYPT) {
|
||||
return getInstance(PublicKeyAlgorithmTags.ECDH, oidAsn1, true);
|
||||
} else { // SIGN, AUTH
|
||||
if (EcObjectIdentifiers.ED25519.equals(oidAsn1)) {
|
||||
return getInstance(PublicKeyAlgorithmTags.EDDSA, oidAsn1, true);
|
||||
} else {
|
||||
return getInstance(PublicKeyAlgorithmTags.ECDSA, oidAsn1, true);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static EcKeyFormat getInstanceFromBytes(byte[] bytes) {
|
||||
if (bytes.length < 2) {
|
||||
throw new IllegalArgumentException("Bad length for EC attributes");
|
||||
}
|
||||
|
||||
int algorithmId = bytes[0];
|
||||
int oidLen = bytes.length - 1;
|
||||
|
||||
boolean withPubkey = false;
|
||||
if (bytes[bytes.length - 1] == ATTRS_IMPORT_FORMAT_WITH_PUBKEY) {
|
||||
withPubkey = true;
|
||||
oidLen -= 1;
|
||||
}
|
||||
|
||||
final byte[] oidField = new byte[oidLen];
|
||||
System.arraycopy(bytes, 1, oidField, 0, oidLen);
|
||||
ASN1ObjectIdentifier oid = EcObjectIdentifiers.parseOid(oidField);
|
||||
|
||||
return getInstance(algorithmId, oid, withPubkey);
|
||||
}
|
||||
|
||||
public byte[] toBytes(KeyType slot) {
|
||||
byte[] oidField = EcObjectIdentifiers.asn1ToOidField(curveOid());
|
||||
|
||||
int len = 1 + oidField.length;
|
||||
if (withPubkey()) {
|
||||
len += 1;
|
||||
}
|
||||
byte[] attrs = new byte[len];
|
||||
|
||||
attrs[0] = (byte) algorithmId();
|
||||
System.arraycopy(oidField, 0, attrs, 1, oidField.length);
|
||||
if (withPubkey()) {
|
||||
attrs[len - 1] = ATTRS_IMPORT_FORMAT_WITH_PUBKEY;
|
||||
}
|
||||
|
||||
return attrs;
|
||||
}
|
||||
|
||||
public boolean isX25519() {
|
||||
return EcObjectIdentifiers.X25519.equals(curveOid());
|
||||
}
|
||||
|
||||
public final boolean isEdDsa() {
|
||||
return algorithmId() == PublicKeyAlgorithmTags.EDDSA;
|
||||
}
|
||||
|
||||
public void addToSaveKeyringParcel(SaveKeyringParcel.Builder builder, int keyFlags) {
|
||||
final X9ECParameters params = NISTNamedCurves.getByOID(curveOid());
|
||||
final ECCurve curve = params.getCurve();
|
||||
|
||||
SaveKeyringParcel.Algorithm algo = SaveKeyringParcel.Algorithm.ECDSA;
|
||||
if (((keyFlags & KeyFlags.ENCRYPT_COMMS) == KeyFlags.ENCRYPT_COMMS)
|
||||
|| ((keyFlags & KeyFlags.ENCRYPT_STORAGE) == KeyFlags.ENCRYPT_STORAGE)) {
|
||||
algo = SaveKeyringParcel.Algorithm.ECDH;
|
||||
}
|
||||
|
||||
SaveKeyringParcel.Curve scurve;
|
||||
if (EcObjectIdentifiers.NIST_P_256.equals(curveOid())) {
|
||||
scurve = SaveKeyringParcel.Curve.NIST_P256;
|
||||
} else if (EcObjectIdentifiers.NIST_P_384.equals(curveOid())) {
|
||||
scurve = SaveKeyringParcel.Curve.NIST_P384;
|
||||
} else if (EcObjectIdentifiers.NIST_P_521.equals(curveOid())) {
|
||||
scurve = SaveKeyringParcel.Curve.NIST_P521;
|
||||
} else {
|
||||
throw new IllegalArgumentException("Unsupported curve " + curveOid());
|
||||
}
|
||||
|
||||
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(algo, curve.getFieldSize(), scurve, keyFlags, 0L));
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,72 @@
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
||||
import org.bouncycastle.asn1.cryptlib.CryptlibObjectIdentifiers;
|
||||
import org.bouncycastle.asn1.gnu.GNUObjectIdentifiers;
|
||||
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
|
||||
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
|
||||
import timber.log.Timber;
|
||||
|
||||
public class EcObjectIdentifiers {
|
||||
|
||||
public static final ASN1ObjectIdentifier NIST_P_256 = SECObjectIdentifiers.secp256r1;
|
||||
public static final ASN1ObjectIdentifier NIST_P_384 = SECObjectIdentifiers.secp384r1;
|
||||
public static final ASN1ObjectIdentifier NIST_P_521 = SECObjectIdentifiers.secp521r1;
|
||||
public static final ASN1ObjectIdentifier BRAINPOOL_P256_R1 = TeleTrusTObjectIdentifiers.brainpoolP256r1;
|
||||
public static final ASN1ObjectIdentifier BRAINPOOL_P512_R1 = TeleTrusTObjectIdentifiers.brainpoolP512r1;
|
||||
public static final ASN1ObjectIdentifier ED25519 = GNUObjectIdentifiers.Ed25519; // for use with EdDSA
|
||||
public static final ASN1ObjectIdentifier X25519 = CryptlibObjectIdentifiers.curvey25519; // for use with ECDH
|
||||
|
||||
public static HashSet<ASN1ObjectIdentifier> sOids = new HashSet<>(Arrays.asList(
|
||||
NIST_P_256, NIST_P_384, NIST_P_521, BRAINPOOL_P256_R1, BRAINPOOL_P512_R1, ED25519, X25519
|
||||
));
|
||||
|
||||
public static ASN1ObjectIdentifier parseOid(byte[] oidField) {
|
||||
ASN1ObjectIdentifier asn1CurveOid = oidFieldToOidAsn1(oidField);
|
||||
if (sOids.contains(asn1CurveOid)) {
|
||||
return asn1CurveOid;
|
||||
}
|
||||
Timber.w("Unknown curve OID: %s. Could be YubiKey firmware bug < 5.2.8. Trying again with last byte removed.", asn1CurveOid.getId());
|
||||
|
||||
// https://bugs.chromium.org/p/chromium/issues/detail?id=1120933#c10
|
||||
// The OpenPGP applet of a Yubikey with firmware version below 5.2.8 appends
|
||||
// a potentially arbitrary byte to the intended byte representation of an ECC
|
||||
// curve OID. This case is handled by retrying the decoding with the last
|
||||
// byte stripped if the resulting OID does not label a known curve.
|
||||
byte[] oidRemoveLastByte = Arrays.copyOf(oidField, oidField.length - 1);
|
||||
ASN1ObjectIdentifier asn1CurveOidYubikey = oidFieldToOidAsn1(oidRemoveLastByte);
|
||||
if (sOids.contains(asn1CurveOidYubikey)) {
|
||||
Timber.w("Detected curve OID: %s", asn1CurveOidYubikey.getId());
|
||||
} else {
|
||||
Timber.e("Still Unknown curve OID: %s", asn1CurveOidYubikey.getId());
|
||||
}
|
||||
return asn1CurveOidYubikey;
|
||||
}
|
||||
|
||||
public static byte[] asn1ToOidField(ASN1ObjectIdentifier oidAsn1) {
|
||||
byte[] encodedAsn1Oid;
|
||||
try {
|
||||
encodedAsn1Oid = oidAsn1.getEncoded();
|
||||
} catch (IOException e) {
|
||||
throw new IllegalStateException("Failed to encode curve OID!");
|
||||
}
|
||||
byte[] oidField = new byte[encodedAsn1Oid.length - 2];
|
||||
System.arraycopy(encodedAsn1Oid, 2, oidField, 0, encodedAsn1Oid.length - 2);
|
||||
|
||||
return oidField;
|
||||
}
|
||||
|
||||
public static ASN1ObjectIdentifier oidFieldToOidAsn1(byte[] oidField) {
|
||||
final byte[] boid = new byte[2 + oidField.length];
|
||||
boid[0] = (byte) 0x06;
|
||||
boid[1] = (byte) oidField.length;
|
||||
System.arraycopy(oidField, 0, boid, 2, oidField.length);
|
||||
return ASN1ObjectIdentifier.getInstance(boid);
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,41 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2017 Schürmann & Breitmoser GbR
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
||||
import org.bouncycastle.asn1.nist.NISTNamedCurves;
|
||||
import org.bouncycastle.asn1.x9.X9ECParameters;
|
||||
import org.bouncycastle.bcpg.sig.KeyFlags;
|
||||
import org.bouncycastle.math.ec.ECCurve;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
|
||||
|
||||
|
||||
// 4.3.3.6 Algorithm Attributes
|
||||
public class EdDSAKeyFormat extends KeyFormat {
|
||||
|
||||
public EdDSAKeyFormat() {
|
||||
super(KeyFormatType.EdDSAKeyFormatType);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addToSaveKeyringParcel(SaveKeyringParcel.Builder builder, int keyFlags) {
|
||||
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(SaveKeyringParcel.Algorithm.EDDSA,
|
||||
null, null, keyFlags, 0L));
|
||||
}
|
||||
}
|
||||
@ -1,103 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2017 Schürmann & Breitmoser GbR
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
|
||||
|
||||
|
||||
// 4.3.3.6 Algorithm Attributes
|
||||
public class RSAKeyFormat extends KeyFormat {
|
||||
private int mModulusLength;
|
||||
private int mExponentLength;
|
||||
private RSAAlgorithmFormat mRSAAlgorithmFormat;
|
||||
|
||||
public RSAKeyFormat(int modulusLength,
|
||||
int exponentLength,
|
||||
RSAAlgorithmFormat rsaAlgorithmFormat) {
|
||||
super(KeyFormatType.RSAKeyFormatType);
|
||||
mModulusLength = modulusLength;
|
||||
mExponentLength = exponentLength;
|
||||
mRSAAlgorithmFormat = rsaAlgorithmFormat;
|
||||
}
|
||||
|
||||
public int getModulusLength() {
|
||||
return mModulusLength;
|
||||
}
|
||||
|
||||
public int getExponentLength() {
|
||||
return mExponentLength;
|
||||
}
|
||||
|
||||
public static KeyFormat fromBytes(byte[] bytes) {
|
||||
if (bytes.length < 6) {
|
||||
throw new IllegalArgumentException("Bad length for RSA attributes");
|
||||
}
|
||||
return new RSAKeyFormat(bytes[1] << 8 | bytes[2],
|
||||
bytes[3] << 8 | bytes[4],
|
||||
RSAKeyFormat.RSAAlgorithmFormat.from(bytes[5]));
|
||||
}
|
||||
|
||||
public RSAAlgorithmFormat getAlgorithmFormat() {
|
||||
return mRSAAlgorithmFormat;
|
||||
}
|
||||
|
||||
public enum RSAAlgorithmFormat {
|
||||
STANDARD((byte) 0x00, false, false),
|
||||
STANDARD_WITH_MODULUS((byte) 0x01, false, true),
|
||||
CRT((byte) 0x02, true, false),
|
||||
CRT_WITH_MODULUS((byte) 0x03, true, true);
|
||||
|
||||
private byte mImportFormat;
|
||||
private boolean mIncludeModulus;
|
||||
private boolean mIncludeCrt;
|
||||
|
||||
RSAAlgorithmFormat(byte importFormat, boolean includeCrt, boolean includeModulus) {
|
||||
mImportFormat = importFormat;
|
||||
mIncludeModulus = includeModulus;
|
||||
mIncludeCrt = includeCrt;
|
||||
}
|
||||
|
||||
public static RSAAlgorithmFormat from(byte importFormatByte) {
|
||||
for (RSAAlgorithmFormat format : values()) {
|
||||
if (format.mImportFormat == importFormatByte) {
|
||||
return format;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public byte getImportFormat() {
|
||||
return mImportFormat;
|
||||
}
|
||||
|
||||
public boolean isIncludeModulus() {
|
||||
return mIncludeModulus;
|
||||
}
|
||||
|
||||
public boolean isIncludeCrt() {
|
||||
return mIncludeCrt;
|
||||
}
|
||||
}
|
||||
|
||||
public void addToSaveKeyringParcel(SaveKeyringParcel.Builder builder, int keyFlags) {
|
||||
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(SaveKeyringParcel.Algorithm.RSA,
|
||||
mModulusLength, null, keyFlags, 0L));
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,120 @@
|
||||
/*
|
||||
* Copyright (C) 2017 Schürmann & Breitmoser GbR
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import androidx.annotation.RestrictTo;
|
||||
|
||||
import com.google.auto.value.AutoValue;
|
||||
|
||||
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
|
||||
|
||||
|
||||
// OpenPGP Card Spec: Algorithm Attributes: RSA
|
||||
@AutoValue
|
||||
public abstract class RsaKeyFormat extends KeyFormat {
|
||||
|
||||
public static final int ALGORITHM_ID = PublicKeyAlgorithmTags.RSA_GENERAL;
|
||||
|
||||
public abstract int modulusLength();
|
||||
|
||||
public abstract int exponentLength();
|
||||
|
||||
public abstract RsaImportFormat rsaImportFormat();
|
||||
|
||||
public static RsaKeyFormat getInstance(int modulusLength, int exponentLength, RsaImportFormat from) {
|
||||
return new AutoValue_RsaKeyFormat(modulusLength, exponentLength, from);
|
||||
}
|
||||
|
||||
public static RsaKeyFormat getInstanceDefault2048BitFormat() {
|
||||
return getInstance(2048, 4, RsaImportFormat.CRT_WITH_MODULUS);
|
||||
}
|
||||
|
||||
public RsaKeyFormat withModulus(int modulus) {
|
||||
return RsaKeyFormat.getInstance(modulus, exponentLength(), rsaImportFormat());
|
||||
}
|
||||
|
||||
public static KeyFormat getInstanceFromBytes(byte[] bytes) {
|
||||
if (bytes.length < 6) {
|
||||
throw new IllegalArgumentException("Bad length for RSA attributes");
|
||||
}
|
||||
int modulusLength = bytes[1] << 8 | bytes[2];
|
||||
int exponentLength = bytes[3] << 8 | bytes[4];
|
||||
RsaImportFormat importFormat = RsaImportFormat.from(bytes[5]);
|
||||
|
||||
return getInstance(modulusLength, exponentLength, importFormat);
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] toBytes(KeyType slot) {
|
||||
int i = 0;
|
||||
byte[] attrs = new byte[6];
|
||||
attrs[i++] = (byte) ALGORITHM_ID;
|
||||
attrs[i++] = (byte) ((modulusLength() >> 8) & 0xff);
|
||||
attrs[i++] = (byte) (modulusLength() & 0xff);
|
||||
attrs[i++] = (byte) ((exponentLength() >> 8) & 0xff);
|
||||
attrs[i++] = (byte) (exponentLength() & 0xff);
|
||||
attrs[i] = rsaImportFormat().getImportFormat();
|
||||
|
||||
return attrs;
|
||||
}
|
||||
|
||||
public enum RsaImportFormat {
|
||||
STANDARD((byte) 0x00, false, false),
|
||||
STANDARD_WITH_MODULUS((byte) 0x01, false, true),
|
||||
CRT((byte) 0x02, true, false),
|
||||
CRT_WITH_MODULUS((byte) 0x03, true, true);
|
||||
|
||||
private byte importFormat;
|
||||
private boolean includeModulus;
|
||||
private boolean includeCrt;
|
||||
|
||||
RsaImportFormat(byte importFormat, boolean includeCrt, boolean includeModulus) {
|
||||
this.importFormat = importFormat;
|
||||
this.includeModulus = includeModulus;
|
||||
this.includeCrt = includeCrt;
|
||||
}
|
||||
|
||||
public static RsaImportFormat from(byte importFormatByte) {
|
||||
for (RsaImportFormat format : values()) {
|
||||
if (format.importFormat == importFormatByte) {
|
||||
return format;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public byte getImportFormat() {
|
||||
return importFormat;
|
||||
}
|
||||
|
||||
public boolean isIncludeModulus() {
|
||||
return includeModulus;
|
||||
}
|
||||
|
||||
public boolean isIncludeCrt() {
|
||||
return includeCrt;
|
||||
}
|
||||
}
|
||||
|
||||
public void addToSaveKeyringParcel(SaveKeyringParcel.Builder builder, int keyFlags) {
|
||||
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(SaveKeyringParcel.Algorithm.RSA,
|
||||
modulusLength(), null, keyFlags, 0L));
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue