From 4cf16120aa4c3b9c543079fa2d92577ec44e7f62 Mon Sep 17 00:00:00 2001 From: Tobias Kellner Date: Fri, 16 Oct 2015 01:06:00 +0200 Subject: Switch to ECCelerate --- BKULocal/pom.xml | 2 +- .../bku/local/webapp/MoccaContextListener.java | 6 +- BKUOnline/pom.xml | 2 +- .../bku/online/webapp/MoccaContextListener.java | 6 +- bkucommon/pom.xml | 6 +- .../gv/egiz/bku/slcommands/impl/cms/Signature.java | 11 +- .../impl/xsect/AlgorithmMethodFactoryImpl.java | 10 +- .../bku/binding/AbstractBindingProcessorTest.java | 4 +- pom.xml | 9 +- smccTest/pom.xml | 2 +- utils/pom.xml | 2 +- .../java/at/gv/egiz/xmldsig/KeyValueFactory.java | 191 ++++++++++----------- 12 files changed, 118 insertions(+), 133 deletions(-) diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 7a346273..6b072dda 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -152,7 +152,7 @@ iaik - iaik_ecc_signed + iaik_eccelerate org.springframework diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/MoccaContextListener.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/MoccaContextListener.java index 8bccb187..316a7eaa 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/MoccaContextListener.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/MoccaContextListener.java @@ -25,7 +25,7 @@ package at.gv.egiz.bku.local.webapp; -import iaik.security.ecc.provider.ECCProvider; +import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; import iaik.xml.crypto.XSecProvider; @@ -81,8 +81,8 @@ public class MoccaContextListener implements ServletContextListener { protected static void registerProviders() { registerProvider(new IAIK(), 1); - registerProvider(new ECCProvider(false), 2); - + registerProvider(new ECCelerate(false), 2); + final String name = XSecProvider.NAME; if (Security.getProvider(XSecProvider.NAME) == null) { // register XML Security provider diff --git a/BKUOnline/pom.xml b/BKUOnline/pom.xml index 1fbd1b98..78ae83af 100644 --- a/BKUOnline/pom.xml +++ b/BKUOnline/pom.xml @@ -57,7 +57,7 @@ iaik - iaik_ecc_signed + iaik_eccelerate org.springframework diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java index f0680e0b..fbaef4f6 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/MoccaContextListener.java @@ -25,7 +25,7 @@ package at.gv.egiz.bku.online.webapp; -import iaik.security.ecc.provider.ECCProvider; +import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; import iaik.xml.crypto.XSecProvider; @@ -114,8 +114,8 @@ public class MoccaContextListener implements ServletContextListener { protected void registerProviders() { registerProvider(new IAIK(), 1); - registerProvider(new ECCProvider(false), 2); - + registerProvider(new ECCelerate(false), 2); + final String name = XSecProvider.NAME; if (Security.getProvider(XSecProvider.NAME) == null) { // register XML Security provider diff --git a/bkucommon/pom.xml b/bkucommon/pom.xml index 2031a827..e9baae09 100644 --- a/bkucommon/pom.xml +++ b/bkucommon/pom.xml @@ -65,7 +65,11 @@ iaik - iaik_ecc_signed + iaik_eccelerate + + + iaik + iaik_eccelerate_cms commons-fileupload diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java index 8743192e..fc42dcb4 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java @@ -39,7 +39,6 @@ import iaik.cms.ContentInfo; import iaik.cms.IssuerAndSerialNumber; import iaik.cms.SignedData; import iaik.cms.SignerInfo; -import iaik.security.ecc.interfaces.ECDSAParams; import iaik.smime.ess.ESSCertID; import iaik.smime.ess.ESSCertIDv2; import iaik.x509.X509ExtensionException; @@ -271,16 +270,14 @@ public class Signature { } } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { - int fieldSize = 0; - if (publicKey instanceof iaik.security.ecc.ecdsa.ECPublicKey) { - ECDSAParams params = ((iaik.security.ecc.ecdsa.ECPublicKey) publicKey).getParameter(); - fieldSize = params.getG().getCurve().getField().getSize().bitLength(); - } else if (publicKey instanceof ECPublicKey) { + if (publicKey instanceof ECPublicKey) { ECParameterSpec params = ((ECPublicKey) publicKey).getParams(); fieldSize = params.getCurve().getField().getFieldSize(); + } else { + throw new NoSuchAlgorithmException("Public key type not supported."); } - + if (useStrongHash && fieldSize >= 512) { signatureAlgorithm = AlgorithmID.ecdsa_With_SHA512; digestAlgorithm = AlgorithmID.sha512; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java index 317e9e1f..896552d8 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/AlgorithmMethodFactoryImpl.java @@ -24,7 +24,6 @@ package at.gv.egiz.bku.slcommands.impl.xsect; -import iaik.security.ecc.interfaces.ECDSAParams; import iaik.xml.crypto.XmldsigMore; import java.security.InvalidAlgorithmParameterException; @@ -103,14 +102,13 @@ public class AlgorithmMethodFactoryImpl implements AlgorithmMethodFactory { } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { int fieldSize = 0; - if (publicKey instanceof iaik.security.ecc.ecdsa.ECPublicKey) { - ECDSAParams params = ((iaik.security.ecc.ecdsa.ECPublicKey) publicKey).getParameter(); - fieldSize = params.getG().getCurve().getField().getSize().bitLength(); - } else if (publicKey instanceof ECPublicKey) { + if (publicKey instanceof ECPublicKey) { ECParameterSpec params = ((ECPublicKey) publicKey).getParams(); fieldSize = params.getCurve().getField().getFieldSize(); + } else { + throw new NoSuchAlgorithmException("Public key type not supported."); } - + if (useStrongHash && fieldSize >= 512) { signatureAlgorithmURI = XmldsigMore.SIGNATURE_ECDSA_SHA512; digestAlgorithmURI = DigestMethod.SHA512; diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/AbstractBindingProcessorTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/AbstractBindingProcessorTest.java index 898c9d27..6f86caf7 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/AbstractBindingProcessorTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/AbstractBindingProcessorTest.java @@ -27,7 +27,7 @@ package at.gv.egiz.bku.binding; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; -import iaik.security.ecc.provider.ECCProvider; +import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; import iaik.xml.crypto.XSecProvider; @@ -47,7 +47,7 @@ public abstract class AbstractBindingProcessorTest { @BeforeClass public static void setUpClass() { Security.insertProviderAt(new IAIK(), 1); - Security.insertProviderAt(new ECCProvider(false), 2); + Security.insertProviderAt(new ECCelerate(false), 2); XSecProvider.addAsProvider(false); ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext( diff --git a/pom.xml b/pom.xml index 98530a6a..683ca953 100644 --- a/pom.xml +++ b/pom.xml @@ -325,8 +325,13 @@ iaik - iaik_ecc_signed - 2.19 + iaik_eccelerate + 3.0 + + + iaik + iaik_eccelerate_cms + 3.0 iaik diff --git a/smccTest/pom.xml b/smccTest/pom.xml index 57a777ae..bc25ca1d 100644 --- a/smccTest/pom.xml +++ b/smccTest/pom.xml @@ -59,7 +59,7 @@ iaik - iaik_ecc + iaik_eccelerate org.slf4j diff --git a/utils/pom.xml b/utils/pom.xml index 922ff66a..cb153a3f 100644 --- a/utils/pom.xml +++ b/utils/pom.xml @@ -20,7 +20,7 @@ iaik - iaik_ecc_signed + iaik_eccelerate iaik diff --git a/utils/src/main/java/at/gv/egiz/xmldsig/KeyValueFactory.java b/utils/src/main/java/at/gv/egiz/xmldsig/KeyValueFactory.java index 8c328c42..4d5b35d3 100644 --- a/utils/src/main/java/at/gv/egiz/xmldsig/KeyValueFactory.java +++ b/utils/src/main/java/at/gv/egiz/xmldsig/KeyValueFactory.java @@ -1,45 +1,44 @@ -/* - * Copyright 2011 by Graz University of Technology, Austria - * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint - * initiative of the Federal Chancellery Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - +/* + * Copyright 2011 by Graz University of Technology, Austria + * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint + * initiative of the Federal Chancellery Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egiz.xmldsig; -import iaik.security.ecc.interfaces.ECDSAParams; -import iaik.security.ecc.interfaces.ECDSAPublicKey; -import iaik.security.ecc.math.ecgroup.Coordinate; -import iaik.security.ecc.math.ecgroup.ECPoint; -import iaik.security.ecc.math.ecgroup.EllipticCurve; -import iaik.security.ecc.math.field.BinaryField; -import iaik.security.ecc.math.field.Field; -import iaik.security.ecc.math.field.FieldElement; -import iaik.security.ecc.math.field.PrimeField; +import iaik.security.ec.errorhandling.InvalidCurveParameterSpecException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.PublicKey; import java.security.interfaces.DSAParams; import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPublicKey; +import java.security.spec.ECField; +import java.security.spec.ECFieldF2m; +import java.security.spec.ECFieldFp; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.EllipticCurve; import javax.xml.bind.JAXBElement; @@ -89,13 +88,13 @@ public class KeyValueFactory { } else if (publicKey instanceof DSAPublicKey) { DSAKeyValueType keyValueType = createKeyValueType((DSAPublicKey) publicKey); return dsFactory.createDSAKeyValue(keyValueType); - } else if (publicKey instanceof ECDSAPublicKey) { - ECDSAKeyValueType keyValueType = createKeyValueType((ECDSAPublicKey) publicKey); + } else if (publicKey instanceof ECPublicKey) { + ECDSAKeyValueType keyValueType = createKeyValueType((ECPublicKey) publicKey); return ecFactory.createECDSAKeyValue(keyValueType); } else if ("EC".equals(publicKey.getAlgorithm())) { byte[] encoded = publicKey.getEncoded(); try { - iaik.security.ecc.ecdsa.ECPublicKey key = new iaik.security.ecc.ecdsa.ECPublicKey(encoded); + ECPublicKey key = new iaik.security.ec.common.ECPublicKey(encoded); ECDSAKeyValueType keyValueType = createKeyValueType(key); return ecFactory.createECDSAKeyValue(keyValueType); } catch (InvalidKeyException e) { @@ -141,90 +140,71 @@ public class KeyValueFactory { return keyValueType; } - public ECDSAKeyValueType createKeyValueType(ECDSAPublicKey publicKey) throws KeyTypeNotSupportedException { + public ECDSAKeyValueType createKeyValueType(ECPublicKey publicKey) throws KeyTypeNotSupportedException { ECDSAKeyValueType keyValueType = ecFactory.createECDSAKeyValueType(); - - ECDSAParams params = publicKey.getParameter(); + + ECParameterSpec params = publicKey.getParams(); if (params != null) { keyValueType.setDomainParameters(createDomainParamsType(params)); } - if (!publicKey.getW().isInfinity()) { - keyValueType.setPublicKey(createPointType(publicKey.getW())); + if (!publicKey.getW().equals(java.security.spec.ECPoint.POINT_INFINITY)) { + keyValueType.setPublicKey(createPointType(publicKey.getW(), params.getCurve().getField())); } return keyValueType; } - public ECPointType createPointType(ECPoint point) throws KeyTypeNotSupportedException { + public ECPointType createPointType(ECPoint point, ECField field) throws KeyTypeNotSupportedException { ECPointType pointType = ecFactory.createECPointType(); - Coordinate affine = point.getCoordinates().toAffine(); - pointType.setX(createFieldElemType(affine.getX())); - pointType.setY(createFieldElemType(affine.getY())); + pointType.setX(createFieldElemType(point.getAffineX(), field)); + pointType.setY(createFieldElemType(point.getAffineY(), field)); return pointType; } - public FieldElemType createFieldElemType(FieldElement fieldElement) throws KeyTypeNotSupportedException { - int fieldId = fieldElement.getField().getFieldId(); - if (fieldId == PrimeField.PRIME_FIELD_ID) { + public FieldElemType createFieldElemType(BigInteger point, ECField field) throws KeyTypeNotSupportedException { + if (field instanceof ECFieldFp) { PrimeFieldElemType fieldElemType = ecFactory.createPrimeFieldElemType(); - fieldElemType.setValue(fieldElement.toBigInt()); + fieldElemType.setValue(point); return fieldElemType; - } else if (fieldId == BinaryField.BINARY_FIELD_ID) { + } else if (field instanceof ECFieldF2m) { CharTwoFieldElemType fieldElemType = ecFactory.createCharTwoFieldElemType(); - fieldElemType.setValue(fieldElement.toByteArray()); + fieldElemType.setValue(bigInteger2byteArray(point)); return fieldElemType; } else { - throw new KeyTypeNotSupportedException("Field element of type " + fieldId + " not supported."); + throw new KeyTypeNotSupportedException("Field element type not supported."); } } - public FieldParamsType createFieldParamsType(Field field) throws KeyTypeNotSupportedException { + public FieldParamsType createFieldParamsType(ECField field) throws KeyTypeNotSupportedException { - if (field.getFieldId() == PrimeField.PRIME_FIELD_ID) { + if (field instanceof ECFieldFp) { // PrimeFieldParamsType PrimeFieldParamsType primeFieldParamsType = ecFactory.createPrimeFieldParamsType(); - primeFieldParamsType.setP(field.getSize()); + primeFieldParamsType.setP(((ECFieldFp) field).getP()); return primeFieldParamsType; - } else if (field.getFieldId() == BinaryField.BINARY_FIELD_ID && field instanceof BinaryField) { + } else if (field instanceof ECFieldF2m) { // CharTwoFieldParamsType - - BinaryField binaryField = (BinaryField) field; - int[] irreduciblePolynomial = binaryField.getIrreduciblePolynomial(); + ECFieldF2m fieldf2m = (ECFieldF2m) field; + int[] ks = fieldf2m.getMidTermsOfReductionPolynomial(); - // The irreducible polynomial as a BinaryFieldValue - FieldElement irreducible = binaryField.newElement(irreduciblePolynomial); - - int order = binaryField.getOrder(); - int[] coeffPositions = new int[3]; - - // Get coefficients of irreducible polynomial - int coeffCount = 2; - for (int i = 1; i < order -1; i++) { - if (irreducible.testBit(i)) { - coeffPositions[coeffCount - 2] = i; - coeffCount++; - if (coeffCount == 5) - break; - } - } // detect if trinomial or pentanomial base is present... - switch (coeffCount) { - case 3: + switch (ks.length) { + case 1: // trinomial base TnBFieldParamsType tnBFieldParamsType = ecFactory.createTnBFieldParamsType(); - tnBFieldParamsType.setM(BigInteger.valueOf(binaryField.getOrder())); - tnBFieldParamsType.setK(BigInteger.valueOf(coeffPositions[0])); + tnBFieldParamsType.setM(BigInteger.valueOf(fieldf2m.getM())); + tnBFieldParamsType.setK(BigInteger.valueOf(ks[0])); return tnBFieldParamsType; - case 5: + case 3: // pentanomial base PnBFieldParamsType pnBFieldParamsType = ecFactory.createPnBFieldParamsType(); - pnBFieldParamsType.setM(BigInteger.valueOf(binaryField.getOrder())); - pnBFieldParamsType.setK1(BigInteger.valueOf(coeffPositions[0])); - pnBFieldParamsType.setK2(BigInteger.valueOf(coeffPositions[1])); - pnBFieldParamsType.setK3(BigInteger.valueOf(coeffPositions[2])); + pnBFieldParamsType.setM(BigInteger.valueOf(fieldf2m.getM())); + pnBFieldParamsType.setK1(BigInteger.valueOf(ks[0])); + pnBFieldParamsType.setK2(BigInteger.valueOf(ks[1])); + pnBFieldParamsType.setK3(BigInteger.valueOf(ks[2])); return pnBFieldParamsType; default: @@ -232,17 +212,22 @@ public class KeyValueFactory { } } else { - throw new KeyTypeNotSupportedException("Field element of type " + field.getFieldId() + " not supported."); + throw new KeyTypeNotSupportedException("Field element type not supported."); } } - public DomainParamsType createDomainParamsType(ECDSAParams params) throws KeyTypeNotSupportedException { - + public DomainParamsType createDomainParamsType(ECParameterSpec params) throws KeyTypeNotSupportedException { + iaik.security.ec.common.ECParameterSpec params2; + try { + params2 = iaik.security.ec.common.ECParameterSpec.getParameterSpec(params); + } catch (InvalidCurveParameterSpecException e) { + throw new KeyTypeNotSupportedException(e); + } DomainParamsType domainParamsType = ecFactory.createDomainParamsType(); - EllipticCurve curve = params.getG().getCurve(); - - String oid = params.getOID(); + EllipticCurve curve = params.getCurve(); + + String oid = params2.getOID(); if (oid != null) { // NamedCurve NamedCurve namedCurve = ecFactory.createDomainParamsTypeNamedCurve(); @@ -252,31 +237,27 @@ public class KeyValueFactory { // Explicit parameters ExplicitParamsType explicitParamsType = ecFactory.createExplicitParamsType(); explicitParamsType.setFieldParams(createFieldParamsType(curve.getField())); - + CurveParamsType curveParamsType = ecFactory.createCurveParamsType(); - + ECField field = params.getCurve().getField(); + // curve coefficients - curveParamsType.setA(createFieldElemType(curve.getA())); - curveParamsType.setB(createFieldElemType(curve.getB())); + curveParamsType.setA(createFieldElemType(curve.getA(), field)); + curveParamsType.setB(createFieldElemType(curve.getB(), field)); // seed - if (params.getS() != null) { - curveParamsType.setSeed(bigInteger2byteArray(params.getS())); - } + if (curve.getSeed() != null) + curveParamsType.setSeed(curve.getSeed()); explicitParamsType.setCurveParams(curveParamsType); - // BasePoint parameters BasePointParamsType basePointParamsType = ecFactory.createBasePointParamsType(); - if (!params.getG().isInfinity()) { - basePointParamsType.setBasePoint(createPointType(params.getG())); - } - basePointParamsType.setOrder(params.getR()); - if(params.getK() != null) { - basePointParamsType.setCofactor(params.getK()); + if (!params.getGenerator().equals(ECPoint.POINT_INFINITY)) { + basePointParamsType.setBasePoint(createPointType(params.getGenerator(), field)); } + basePointParamsType.setOrder(params.getOrder()); + basePointParamsType.setCofactor(BigInteger.valueOf(params.getCofactor())); explicitParamsType.setBasePointParams(basePointParamsType); - domainParamsType.setExplicitParams(explicitParamsType); } -- cgit v1.2.3