The Tor Browser / annotate

mobile/android/base/browserid/RSACryptoImplementation.java@6474c204b198 (annotated)

mobile/android/base/browserid/RSACryptoImplementation.java

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 package org.mozilla.gecko.browserid;
michael@0 6
michael@0 7 import java.math.BigInteger;
michael@0 8 import java.security.GeneralSecurityException;
michael@0 9 import java.security.KeyFactory;
michael@0 10 import java.security.KeyPair;
michael@0 11 import java.security.KeyPairGenerator;
michael@0 12 import java.security.NoSuchAlgorithmException;
michael@0 13 import java.security.Signature;
michael@0 14 import java.security.interfaces.RSAPrivateKey;
michael@0 15 import java.security.interfaces.RSAPublicKey;
michael@0 16 import java.security.spec.InvalidKeySpecException;
michael@0 17 import java.security.spec.KeySpec;
michael@0 18 import java.security.spec.RSAPrivateKeySpec;
michael@0 19 import java.security.spec.RSAPublicKeySpec;
michael@0 20
michael@0 21 import org.mozilla.gecko.sync.ExtendedJSONObject;
michael@0 22 import org.mozilla.gecko.sync.NonObjectJSONException;
michael@0 23
michael@0 24 public class RSACryptoImplementation {
michael@0 25 public static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
michael@0 26
michael@0 27 /**
michael@0 28 * Parameters are serialized as decimal strings. Hex-versus-decimal was
michael@0 29 * reverse-engineered from what the Persona public verifier accepted. We
michael@0 30 * expect to follow the JOSE/JWT spec as it solidifies, and that will probably
michael@0 31 * mean unifying this base.
michael@0 32 */
michael@0 33 protected static final int SERIALIZATION_BASE = 10;
michael@0 34
michael@0 35 protected static class RSAVerifyingPublicKey implements VerifyingPublicKey {
michael@0 36 protected final RSAPublicKey publicKey;
michael@0 37
michael@0 38 public RSAVerifyingPublicKey(RSAPublicKey publicKey) {
michael@0 39 this.publicKey = publicKey;
michael@0 40 }
michael@0 41
michael@0 42 /**
michael@0 43 * Serialize to a JSON object.
michael@0 44 * <p>
michael@0 45 * Parameters are serialized as decimal strings. Hex-versus-decimal was
michael@0 46 * reverse-engineered from what the Persona public verifier accepted.
michael@0 47 */
michael@0 48 @Override
michael@0 49 public ExtendedJSONObject toJSONObject() {
michael@0 50 ExtendedJSONObject o = new ExtendedJSONObject();
michael@0 51 o.put("algorithm", "RS");
michael@0 52 o.put("n", publicKey.getModulus().toString(SERIALIZATION_BASE));
michael@0 53 o.put("e", publicKey.getPublicExponent().toString(SERIALIZATION_BASE));
michael@0 54 return o;
michael@0 55 }
michael@0 56
michael@0 57 @Override
michael@0 58 public boolean verifyMessage(byte[] bytes, byte[] signature)
michael@0 59 throws GeneralSecurityException {
michael@0 60 final Signature signer = Signature.getInstance(SIGNATURE_ALGORITHM);
michael@0 61 signer.initVerify(publicKey);
michael@0 62 signer.update(bytes);
michael@0 63 return signer.verify(signature);
michael@0 64 }
michael@0 65 }
michael@0 66
michael@0 67 protected static class RSASigningPrivateKey implements SigningPrivateKey {
michael@0 68 protected final RSAPrivateKey privateKey;
michael@0 69
michael@0 70 public RSASigningPrivateKey(RSAPrivateKey privateKey) {
michael@0 71 this.privateKey = privateKey;
michael@0 72 }
michael@0 73
michael@0 74 @Override
michael@0 75 public String getAlgorithm() {
michael@0 76 return "RS" + (privateKey.getModulus().bitLength() + 7)/8;
michael@0 77 }
michael@0 78
michael@0 79 /**
michael@0 80 * Serialize to a JSON object.
michael@0 81 * <p>
michael@0 82 * Parameters are serialized as decimal strings. Hex-versus-decimal was
michael@0 83 * reverse-engineered from what the Persona public verifier accepted.
michael@0 84 */
michael@0 85 @Override
michael@0 86 public ExtendedJSONObject toJSONObject() {
michael@0 87 ExtendedJSONObject o = new ExtendedJSONObject();
michael@0 88 o.put("algorithm", "RS");
michael@0 89 o.put("n", privateKey.getModulus().toString(SERIALIZATION_BASE));
michael@0 90 o.put("d", privateKey.getPrivateExponent().toString(SERIALIZATION_BASE));
michael@0 91 return o;
michael@0 92 }
michael@0 93
michael@0 94 @Override
michael@0 95 public byte[] signMessage(byte[] bytes)
michael@0 96 throws GeneralSecurityException {
michael@0 97 final Signature signer = Signature.getInstance(SIGNATURE_ALGORITHM);
michael@0 98 signer.initSign(privateKey);
michael@0 99 signer.update(bytes);
michael@0 100 return signer.sign();
michael@0 101 }
michael@0 102 }
michael@0 103
michael@0 104 public static BrowserIDKeyPair generateKeyPair(final int keysize) throws NoSuchAlgorithmException {
michael@0 105 final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
michael@0 106 keyPairGenerator.initialize(keysize);
michael@0 107 final KeyPair keyPair = keyPairGenerator.generateKeyPair();
michael@0 108 RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
michael@0 109 RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
michael@0 110 return new BrowserIDKeyPair(new RSASigningPrivateKey(privateKey), new RSAVerifyingPublicKey(publicKey));
michael@0 111 }
michael@0 112
michael@0 113 public static SigningPrivateKey createPrivateKey(BigInteger n, BigInteger d) throws NoSuchAlgorithmException, InvalidKeySpecException {
michael@0 114 if (n == null) {
michael@0 115 throw new IllegalArgumentException("n must not be null");
michael@0 116 }
michael@0 117 if (d == null) {
michael@0 118 throw new IllegalArgumentException("d must not be null");
michael@0 119 }
michael@0 120 KeyFactory keyFactory = KeyFactory.getInstance("RSA");
michael@0 121 KeySpec keySpec = new RSAPrivateKeySpec(n, d);
michael@0 122 RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
michael@0 123 return new RSASigningPrivateKey(privateKey);
michael@0 124 }
michael@0 125
michael@0 126 public static VerifyingPublicKey createPublicKey(BigInteger n, BigInteger e) throws NoSuchAlgorithmException, InvalidKeySpecException {
michael@0 127 if (n == null) {
michael@0 128 throw new IllegalArgumentException("n must not be null");
michael@0 129 }
michael@0 130 if (e == null) {
michael@0 131 throw new IllegalArgumentException("e must not be null");
michael@0 132 }
michael@0 133 KeyFactory keyFactory = KeyFactory.getInstance("RSA");
michael@0 134 KeySpec keySpec = new RSAPublicKeySpec(n, e);
michael@0 135 RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
michael@0 136 return new RSAVerifyingPublicKey(publicKey);
michael@0 137 }
michael@0 138
michael@0 139 public static SigningPrivateKey createPrivateKey(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0 140 String algorithm = o.getString("algorithm");
michael@0 141 if (!"RS".equals(algorithm)) {
michael@0 142 throw new InvalidKeySpecException("algorithm must equal RS, was " + algorithm);
michael@0 143 }
michael@0 144 try {
michael@0 145 BigInteger n = new BigInteger(o.getString("n"), SERIALIZATION_BASE);
michael@0 146 BigInteger d = new BigInteger(o.getString("d"), SERIALIZATION_BASE);
michael@0 147 return createPrivateKey(n, d);
michael@0 148 } catch (NullPointerException e) {
michael@0 149 throw new InvalidKeySpecException("n and d must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0 150 } catch (NumberFormatException e) {
michael@0 151 throw new InvalidKeySpecException("n and d must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0 152 }
michael@0 153 }
michael@0 154
michael@0 155 public static VerifyingPublicKey createPublicKey(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0 156 String algorithm = o.getString("algorithm");
michael@0 157 if (!"RS".equals(algorithm)) {
michael@0 158 throw new InvalidKeySpecException("algorithm must equal RS, was " + algorithm);
michael@0 159 }
michael@0 160 try {
michael@0 161 BigInteger n = new BigInteger(o.getString("n"), SERIALIZATION_BASE);
michael@0 162 BigInteger e = new BigInteger(o.getString("e"), SERIALIZATION_BASE);
michael@0 163 return createPublicKey(n, e);
michael@0 164 } catch (NullPointerException e) {
michael@0 165 throw new InvalidKeySpecException("n and e must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0 166 } catch (NumberFormatException e) {
michael@0 167 throw new InvalidKeySpecException("n and e must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0 168 }
michael@0 169 }
michael@0 170
michael@0 171 public static BrowserIDKeyPair fromJSONObject(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0 172 try {
michael@0 173 ExtendedJSONObject privateKey = o.getObject(BrowserIDKeyPair.JSON_KEY_PRIVATEKEY);
michael@0 174 ExtendedJSONObject publicKey = o.getObject(BrowserIDKeyPair.JSON_KEY_PUBLICKEY);
michael@0 175 if (privateKey == null) {
michael@0 176 throw new InvalidKeySpecException("privateKey must not be null");
michael@0 177 }
michael@0 178 if (publicKey == null) {
michael@0 179 throw new InvalidKeySpecException("publicKey must not be null");
michael@0 180 }
michael@0 181 return new BrowserIDKeyPair(createPrivateKey(privateKey), createPublicKey(publicKey));
michael@0 182 } catch (NonObjectJSONException e) {
michael@0 183 throw new InvalidKeySpecException("privateKey and publicKey must be JSON objects");
michael@0 184 }
michael@0 185 }
michael@0 186 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial