1
/*
2
 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package com.sun.crypto.provider;
27

28
import java.io.*;
29
import java.util.Objects;
30
import java.math.BigInteger;
31
import java.security.KeyRep;
32
import java.security.PrivateKey;
33
import java.security.InvalidKeyException;
34
import java.security.ProviderException;
35
import javax.crypto.spec.DHParameterSpec;
36
import sun.security.util.*;
37

38
/**
39
 * A private key in PKCS#8 format for the Diffie-Hellman key agreement
40
 * algorithm.
41
 *
42
 * @author Jan Luehe
43
 *
44
 *
45
 * @see DHPublicKey
46
 * @see java.security.KeyAgreement
47
 */
48
final class DHPrivateKey implements PrivateKey,
49
javax.crypto.interfaces.DHPrivateKey, Serializable {
50

51
    static final long serialVersionUID = 7565477590005668886L;
52

53
    // only supported version of PKCS#8 PrivateKeyInfo
54
    private static final BigInteger PKCS8_VERSION = BigInteger.ZERO;
55

56
    // the private key
57
    private BigInteger x;
58

59
    // the key bytes, without the algorithm information
60
    private byte[] key;
61

62
    // the encoded key
63
    private byte[] encodedKey;
64

65
    // the prime modulus
66
    private BigInteger p;
67

68
    // the base generator
69
    private BigInteger g;
70

71
    // the private-value length (optional)
72
    private int l;
73

74
    private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
75

76
    /**
77
     * Make a DH private key out of a private value <code>x</code>, a prime
78
     * modulus <code>p</code>, and a base generator <code>g</code>.
79
     *
80
     * @param x the private value
81
     * @param p the prime modulus
82
     * @param g the base generator
83
     *
84
     * @exception ProviderException if the key cannot be encoded
85
     */
86
    DHPrivateKey(BigInteger x, BigInteger p, BigInteger g)
87
        throws InvalidKeyException {
88
        this(x, p, g, 0);
89
    }
90

91
    /**
92
     * Make a DH private key out of a private value <code>x</code>, a prime
93
     * modulus <code>p</code>, a base generator <code>g</code>, and a
94
     * private-value length <code>l</code>.
95
     *
96
     * @param x the private value
97
     * @param p the prime modulus
98
     * @param g the base generator
99
     * @param l the private-value length
100
     *
101
     * @exception InvalidKeyException if the key cannot be encoded
102
     */
103
    DHPrivateKey(BigInteger x, BigInteger p, BigInteger g, int l) {
104
        this.x = x;
105
        this.p = p;
106
        this.g = g;
107
        this.l = l;
108
        try {
109
            this.key = new DerValue(DerValue.tag_Integer,
110
                                    this.x.toByteArray()).toByteArray();
111
            this.encodedKey = getEncoded();
112
        } catch (IOException e) {
113
            throw new ProviderException("Cannot produce ASN.1 encoding", e);
114
        }
115
    }
116

117
    /**
118
     * Make a DH private key from its DER encoding (PKCS #8).
119
     *
120
     * @param encodedKey the encoded key
121
     *
122
     * @exception InvalidKeyException if the encoded key does not represent
123
     * a Diffie-Hellman private key
124
     */
125
    DHPrivateKey(byte[] encodedKey) throws InvalidKeyException {
126
        InputStream inStream = new ByteArrayInputStream(encodedKey);
127
        try {
128
            DerValue val = new DerValue(inStream);
129
            if (val.tag != DerValue.tag_Sequence) {
130
                throw new InvalidKeyException ("Key not a SEQUENCE");
131
            }
132

133
            //
134
            // version
135
            //
136
            BigInteger parsedVersion = val.data.getBigInteger();
137
            if (!parsedVersion.equals(PKCS8_VERSION)) {
138
                throw new IOException("version mismatch: (supported: " +
139
                                      PKCS8_VERSION + ", parsed: " +
140
                                      parsedVersion);
141
            }
142

143
            //
144
            // privateKeyAlgorithm
145
            //
146
            DerValue algid = val.data.getDerValue();
147
            if (algid.tag != DerValue.tag_Sequence) {
148
                throw new InvalidKeyException("AlgId is not a SEQUENCE");
149
            }
150
            DerInputStream derInStream = algid.toDerInputStream();
151
            ObjectIdentifier oid = derInStream.getOID();
152
            if (oid == null) {
153
                throw new InvalidKeyException("Null OID");
154
            }
155
            if (derInStream.available() == 0) {
156
                throw new InvalidKeyException("Parameters missing");
157
            }
158
            // parse the parameters
159
            DerValue params = derInStream.getDerValue();
160
            if (params.tag == DerValue.tag_Null) {
161
                throw new InvalidKeyException("Null parameters");
162
            }
163
            if (params.tag != DerValue.tag_Sequence) {
164
                throw new InvalidKeyException("Parameters not a SEQUENCE");
165
            }
166
            params.data.reset();
167
            this.p = params.data.getBigInteger();
168
            this.g = params.data.getBigInteger();
169
            // Private-value length is OPTIONAL
170
            if (params.data.available() != 0) {
171
                this.l = params.data.getInteger();
172
            }
173
            if (params.data.available() != 0) {
174
                throw new InvalidKeyException("Extra parameter data");
175
            }
176

177
            //
178
            // privateKey
179
            //
180
            this.key = val.data.getOctetString();
181
            parseKeyBits();
182

183
            this.encodedKey = encodedKey.clone();
184
        } catch (IOException | NumberFormatException e) {
185
            throw new InvalidKeyException("Error parsing key encoding", e);
186
        }
187
    }
188

189
    /**
190
     * Returns the encoding format of this key: "PKCS#8"
191
     */
192
    public String getFormat() {
193
        return "PKCS#8";
194
    }
195

196
    /**
197
     * Returns the name of the algorithm associated with this key: "DH"
198
     */
199
    public String getAlgorithm() {
200
        return "DH";
201
    }
202

203
    /**
204
     * Get the encoding of the key.
205
     */
206
    public synchronized byte[] getEncoded() {
207
        if (this.encodedKey == null) {
208
            try {
209
                DerOutputStream tmp = new DerOutputStream();
210

211
                //
212
                // version
213
                //
214
                tmp.putInteger(PKCS8_VERSION);
215

216
                //
217
                // privateKeyAlgorithm
218
                //
219
                DerOutputStream algid = new DerOutputStream();
220

221
                // store OID
222
                algid.putOID(new ObjectIdentifier(DH_data));
223
                // encode parameters
224
                DerOutputStream params = new DerOutputStream();
225
                params.putInteger(this.p);
226
                params.putInteger(this.g);
227
                if (this.l != 0) {
228
                    params.putInteger(this.l);
229
                }
230
                // wrap parameters into SEQUENCE
231
                DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
232
                                                      params.toByteArray());
233
                // store parameter SEQUENCE in algid
234
                algid.putDerValue(paramSequence);
235
                // wrap algid into SEQUENCE
236
                tmp.write(DerValue.tag_Sequence, algid);
237

238
                // privateKey
239
                tmp.putOctetString(this.key);
240

241
                // make it a SEQUENCE
242
                DerOutputStream derKey = new DerOutputStream();
243
                derKey.write(DerValue.tag_Sequence, tmp);
244
                this.encodedKey = derKey.toByteArray();
245
            } catch (IOException e) {
246
                return null;
247
            }
248
        }
249
        return this.encodedKey.clone();
250
    }
251

252
    /**
253
     * Returns the private value, <code>x</code>.
254
     *
255
     * @return the private value, <code>x</code>
256
     */
257
    public BigInteger getX() {
258
        return this.x;
259
    }
260

261
    /**
262
     * Returns the key parameters.
263
     *
264
     * @return the key parameters
265
     */
266
    public DHParameterSpec getParams() {
267
        if (this.l != 0) {
268
            return new DHParameterSpec(this.p, this.g, this.l);
269
        } else {
270
            return new DHParameterSpec(this.p, this.g);
271
        }
272
    }
273

274
    private void parseKeyBits() throws InvalidKeyException {
275
        try {
276
            DerInputStream in = new DerInputStream(this.key);
277
            this.x = in.getBigInteger();
278
        } catch (IOException e) {
279
            InvalidKeyException ike = new InvalidKeyException(
280
                "Error parsing key encoding: " + e.getMessage());
281
            ike.initCause(e);
282
            throw ike;
283
        }
284
    }
285

286
    /**
287
     * Calculates a hash code value for the object.
288
     * Objects that are equal will also have the same hashcode.
289
     */
290
    public int hashCode() {
291
        return Objects.hash(x, p, g);
292
    }
293

294
    public boolean equals(Object obj) {
295
        if (this == obj) return true;
296

297
        if (!(obj instanceof javax.crypto.interfaces.DHPrivateKey)) {
298
            return false;
299
        }
300
        javax.crypto.interfaces.DHPrivateKey other =
301
                (javax.crypto.interfaces.DHPrivateKey) obj;
302
        DHParameterSpec otherParams = other.getParams();
303
        return ((this.x.compareTo(other.getX()) == 0) &&
304
                (this.p.compareTo(otherParams.getP()) == 0) &&
305
                (this.g.compareTo(otherParams.getG()) == 0));
306
    }
307

308
    /**
309
     * Replace the DH private key to be serialized.
310
     *
311
     * @return the standard KeyRep object to be serialized
312
     *
313
     * @throws java.io.ObjectStreamException if a new object representing
314
     * this DH private key could not be created
315
     */
316
    private Object writeReplace() throws java.io.ObjectStreamException {
317
        return new KeyRep(KeyRep.Type.PRIVATE,
318
                        getAlgorithm(),
319
                        getFormat(),
320
                        getEncoded());
321
    }
322
}
323

324