MOA-ID, which use MOA-Sig (includes new IAIK-MOA, with iaik_xect, iaik_eccelerate, and new iaik_PKI module

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-03-10 15:35:48 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-03-10 15:35:48 +0100
commit: 576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (patch)
tree: fce79f2d8e76501337cc5e921838576220d64c87 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util
parent: e8773689b175e5617fe116ac0e3d9978351ac4a8 (diff)
download: moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.gz
moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.bz2
moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.zip
2 files changed, 66 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
index 2c0a82708..f37ae0b0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -20,48 +20,15 @@
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
  ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
 
 package at.gv.egovernment.moa.id.util;
 
-import iaik.security.ecc.ecdsa.ECDSAParameter;
-import iaik.security.ecc.ecdsa.ECPublicKey;
-import iaik.security.ecc.math.ecgroup.AffineCoordinate;
-import iaik.security.ecc.math.ecgroup.Coordinate;
-import iaik.security.ecc.math.ecgroup.CoordinateTypes;
-import iaik.security.ecc.math.ecgroup.ECGroupFactory;
-import iaik.security.ecc.math.ecgroup.ECPoint;
-import iaik.security.ecc.math.ecgroup.EllipticCurve;
-import iaik.security.ecc.math.field.Field;
-import iaik.security.ecc.math.field.FieldElement;
-import iaik.security.ecc.math.field.PrimeField;
-import iaik.security.ecc.parameter.ECCParameterFactory;
-import iaik.security.ecc.spec.ECCParameterSpec;
-
 import java.math.BigInteger;
 import java.security.PublicKey;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECPoint;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Vector;
@@ -72,6 +39,15 @@ import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.security.ec.common.ECParameterSpec;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.security.ec.common.ECStandardizedParameterFactory;
+import iaik.security.ec.common.EllipticCurve;
+import iaik.security.ec.math.field.Field;
+import iaik.security.ec.math.field.FieldElement;
+import iaik.security.ec.math.field.PrimeField;
+
 public class ECDSAKeyValueConverter
 { 
     
@@ -94,15 +70,13 @@ public class ECDSAKeyValueConverter
     if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
 
     Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
-    ECCParameterSpec eccParameterSpec;
+    ECParameterSpec eccParameterSpec;
 
     if (namedCurve != null)
     {
       // URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
       String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
-      ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
-      // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
-      eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
+      eccParameterSpec = ECStandardizedParameterFactory.getParametersByOID(curveNameOID);
     }
     else
     {
@@ -167,14 +141,21 @@ public class ECDSAKeyValueConverter
       String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
       BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
 
+      BigInteger a = new BigInteger(aStr, 10);
+      BigInteger b = new BigInteger(bStr, 10);
+      BigInteger basePointX = new BigInteger(basePointXStr, 10);
+      BigInteger basePointY = new BigInteger(basePointYStr, 10);
+      
       if (fieldParamsType == FIELD_TYPE_PRIME)
-      {
-        BigInteger a = new BigInteger(aStr, 10);
-        BigInteger b = new BigInteger(bStr, 10);
-        BigInteger basePointX = new BigInteger(basePointXStr, 10);
-        BigInteger basePointY = new BigInteger(basePointYStr, 10);
-        eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
-          basePointY, null);
+      {        
+        ECField javaECField = new ECFieldFp(p);
+		java.security.spec.EllipticCurve curve = 
+        		new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+		java.security.spec.ECPoint javaECbasePoint = 
+				new java.security.spec.ECPoint(basePointX, basePointY);		
+		java.security.spec.ECParameterSpec javaECSpec = 
+        		new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());        
+        eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
       }
       else
       {
@@ -193,9 +174,19 @@ public class ECDSAKeyValueConverter
           irreducible[k1/32] += 1 << k1 % 32;
           irreducible[0] += 1;
         }
-        eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
-          octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
-          octetString2IntArray(basePointYStr), null);
+        
+        ECField javaECField = new ECFieldF2m(m, irreducible);
+		java.security.spec.EllipticCurve curve = 
+        		new java.security.spec.EllipticCurve(javaECField, a, b, seed.toByteArray());
+		java.security.spec.ECPoint javaECbasePoint = 
+				new java.security.spec.ECPoint(basePointX, basePointY);		
+		java.security.spec.ECParameterSpec javaECSpec = 
+        		new java.security.spec.ECParameterSpec(curve, javaECbasePoint, order, cofactor.intValue());        
+        eccParameterSpec = ECParameterSpec.getParameterSpec(javaECSpec);
+                
+//        eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
+//          octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
+//          octetString2IntArray(basePointYStr), null);
       }
     }
 
@@ -206,10 +197,14 @@ public class ECDSAKeyValueConverter
     Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
     String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
 
-    ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
-    ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
-    EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
-        eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+    //ECParameterSpec ecdsaParams = new ECParameterSpec(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
+    //ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
+        
+    EllipticCurve eCurve = eccParameterSpec.getCurve();
+    
+//    EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
+//        eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);    
+    
     Field field = eCurve.getField();
 
     // Detect type of public key field elements
@@ -239,10 +234,19 @@ public class ECDSAKeyValueConverter
     }
 //    ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
 //      publicKeyPointY, field.getONEelement());
-    Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
-        publicKeyPointY).toProjective();
-    ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
-    ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
+//    Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
+//        publicKeyPointY).toProjective();
+    
+    ECPoint publicKeyPointECPoint =  new ECPoint(publicKeyPointX.toBigInteger(),
+    		publicKeyPointY.toBigInteger());
+    
+    if (!eCurve.containsPoint(publicKeyPointECPoint)) {
+    	Logger.error("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+    	throw new Exception("IDL ECC parameter extraction FAILED! Public-Key ECPoint is not on the curve!");
+    	
+    }
+    	
+    ECPublicKey publicKey = new ECPublicKey(eccParameterSpec, publicKeyPointECPoint);
 
     return publicKey;
   }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index af3424881..d3fba8854 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,9 +46,6 @@
 
 package at.gv.egovernment.moa.id.util;
 
-import iaik.pki.PKIException;
-import iaik.security.provider.IAIK;
-
 import java.io.BufferedInputStream;
 import java.io.BufferedReader;
 import java.io.IOException;
@@ -71,6 +68,8 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import iaik.pki.PKIException;
+import iaik.security.provider.IAIK;
 
 
 /**
@@ -126,8 +125,7 @@ public class SSLUtils {
    	   //INFO: MOA-ID 2.x always use defaultChainingMode 
 	    
 	    try {	    
-	    	SSLSocketFactory ssf =  
-	    			at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+	    	SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
 	    					connParam.getUrl(), 
 	    					conf.getCertstoreDirectory(), 
 	    					trustStoreURL,
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-03-10 15:35:48 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-03-10 15:35:48 +0100
commit	576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (patch)
tree	fce79f2d8e76501337cc5e921838576220d64c87 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util
parent	e8773689b175e5617fe116ac0e3d9978351ac4a8 (diff)
download	moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.gz moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.bz2 moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.zip