1
/*
2
 * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package com.sun.crypto.provider;
27

28
import java.io.*;
29
import java.util.Arrays;
30
import java.util.Objects;
31
import java.math.BigInteger;
32
import java.security.KeyRep;
33
import java.security.PrivateKey;
34
import java.security.InvalidKeyException;
35
import java.security.ProviderException;
36
import javax.crypto.spec.DHParameterSpec;
37
import sun.security.util.*;
38

39
/**
40
 * A private key in PKCS#8 format for the Diffie-Hellman key agreement
41
 * algorithm.
42
 *
43
 * @author Jan Luehe
44
 *
45
 *
46
 * @see DHPublicKey
47
 * @see java.security.KeyAgreement
48
 */
49
final class DHPrivateKey implements PrivateKey,
50
        javax.crypto.interfaces.DHPrivateKey, Serializable {
51

52
    @java.io.Serial
53
    static final long serialVersionUID = 7565477590005668886L;
54

55
    // only supported version of PKCS#8 PrivateKeyInfo
56
    private static final BigInteger PKCS8_VERSION = BigInteger.ZERO;
57

58
    // the private key
59
    private BigInteger x;
60

61
    // the key bytes, without the algorithm information
62
    private byte[] key;
63

64
    // the encoded key
65
    private byte[] encodedKey;
66

67
    // the prime modulus
68
    private BigInteger p;
69

70
    // the base generator
71
    private BigInteger g;
72

73
    // the private-value length (optional)
74
    private int l;
75

76
    /**
77
     * Make a DH private key out of a private value <code>x</code>, a prime
78
     * modulus <code>p</code>, and a base generator <code>g</code>.
79
     *
80
     * @param x the private value
81
     * @param p the prime modulus
82
     * @param g the base generator
83
     *
84
     * @throws ProviderException if the key cannot be encoded
85
     */
86
    DHPrivateKey(BigInteger x, BigInteger p, BigInteger g)
87
        throws InvalidKeyException {
88
        this(x, p, g, 0);
89
    }
90

91
    /**
92
     * Make a DH private key out of a private value <code>x</code>, a prime
93
     * modulus <code>p</code>, a base generator <code>g</code>, and a
94
     * private-value length <code>l</code>.
95
     *
96
     * @param x the private value
97
     * @param p the prime modulus
98
     * @param g the base generator
99
     * @param l the private-value length
100
     *
101
     * @throws ProviderException if the key cannot be encoded
102
     */
103
    DHPrivateKey(BigInteger x, BigInteger p, BigInteger g, int l) {
104
        this.x = x;
105
        this.p = p;
106
        this.g = g;
107
        this.l = l;
108
        try {
109
            byte[] xbytes = x.toByteArray();
110
            DerValue val = new DerValue(DerValue.tag_Integer, xbytes);
111
            this.key = val.toByteArray();
112
            val.clear();
113
            Arrays.fill(xbytes, (byte)0);
114
            encode();
115
        } catch (IOException e) {
116
            throw new ProviderException("Cannot produce ASN.1 encoding", e);
117
        }
118
    }
119

120
    /**
121
     * Make a DH private key from its DER encoding (PKCS #8).
122
     *
123
     * @param encodedKey the encoded key
124
     *
125
     * @throws InvalidKeyException if the encoded key does not represent
126
     * a Diffie-Hellman private key
127
     */
128
    DHPrivateKey(byte[] encodedKey) throws InvalidKeyException {
129
        DerValue val = null;
130
        try {
131
            val = new DerValue(encodedKey);
132
            if (val.tag != DerValue.tag_Sequence) {
133
                throw new InvalidKeyException ("Key not a SEQUENCE");
134
            }
135

136
            //
137
            // version
138
            //
139
            BigInteger parsedVersion = val.data.getBigInteger();
140
            if (!parsedVersion.equals(PKCS8_VERSION)) {
141
                throw new IOException("version mismatch: (supported: " +
142
                                      PKCS8_VERSION + ", parsed: " +
143
                                      parsedVersion);
144
            }
145

146
            //
147
            // privateKeyAlgorithm
148
            //
149
            DerValue algid = val.data.getDerValue();
150
            if (algid.tag != DerValue.tag_Sequence) {
151
                throw new InvalidKeyException("AlgId is not a SEQUENCE");
152
            }
153
            DerInputStream derInStream = algid.toDerInputStream();
154
            ObjectIdentifier oid = derInStream.getOID();
155
            if (oid == null) {
156
                throw new InvalidKeyException("Null OID");
157
            }
158
            if (derInStream.available() == 0) {
159
                throw new InvalidKeyException("Parameters missing");
160
            }
161
            // parse the parameters
162
            DerValue params = derInStream.getDerValue();
163
            if (params.tag == DerValue.tag_Null) {
164
                throw new InvalidKeyException("Null parameters");
165
            }
166
            if (params.tag != DerValue.tag_Sequence) {
167
                throw new InvalidKeyException("Parameters not a SEQUENCE");
168
            }
169
            params.data.reset();
170
            this.p = params.data.getBigInteger();
171
            this.g = params.data.getBigInteger();
172
            // Private-value length is OPTIONAL
173
            if (params.data.available() != 0) {
174
                this.l = params.data.getInteger();
175
            }
176
            if (params.data.available() != 0) {
177
                throw new InvalidKeyException("Extra parameter data");
178
            }
179

180
            //
181
            // privateKey
182
            //
183
            this.key = val.data.getOctetString();
184
            parseKeyBits();
185

186
            this.encodedKey = encodedKey.clone();
187
        } catch (IOException | NumberFormatException e) {
188
            throw new InvalidKeyException("Error parsing key encoding", e);
189
        } finally {
190
            if (val != null) {
191
                val.clear();
192
            }
193
        }
194
    }
195

196
    /**
197
     * Returns the encoding format of this key: "PKCS#8"
198
     */
199
    public String getFormat() {
200
        return "PKCS#8";
201
    }
202

203
    /**
204
     * Returns the name of the algorithm associated with this key: "DH"
205
     */
206
    public String getAlgorithm() {
207
        return "DH";
208
    }
209

210
    /**
211
     * Get the encoding of the key.
212
     */
213
    public synchronized byte[] getEncoded() {
214
        encode();
215
        return encodedKey.clone();
216
    }
217

218
    /**
219
     * Generate the encodedKey field if it has not been calculated.
220
     * Could generate null.
221
     */
222
    private void encode() {
223
        if (this.encodedKey == null) {
224
            try {
225
                DerOutputStream tmp = new DerOutputStream();
226

227
                //
228
                // version
229
                //
230
                tmp.putInteger(PKCS8_VERSION);
231

232
                //
233
                // privateKeyAlgorithm
234
                //
235
                DerOutputStream algid = new DerOutputStream();
236

237
                // store OID
238
                algid.putOID(DHPublicKey.DH_OID);
239
                // encode parameters
240
                DerOutputStream params = new DerOutputStream();
241
                params.putInteger(this.p);
242
                params.putInteger(this.g);
243
                if (this.l != 0) {
244
                    params.putInteger(this.l);
245
                }
246
                // wrap parameters into SEQUENCE
247
                DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
248
                                                      params.toByteArray());
249
                // store parameter SEQUENCE in algid
250
                algid.putDerValue(paramSequence);
251
                // wrap algid into SEQUENCE
252
                tmp.write(DerValue.tag_Sequence, algid);
253

254
                // privateKey
255
                tmp.putOctetString(this.key);
256

257
                // make it a SEQUENCE
258
                DerValue val = DerValue.wrap(DerValue.tag_Sequence, tmp);
259
                this.encodedKey = val.toByteArray();
260
                val.clear();
261
            } catch (IOException e) {
262
                throw new AssertionError(e);
263
            }
264
        }
265
    }
266

267
    /**
268
     * Returns the private value, <code>x</code>.
269
     *
270
     * @return the private value, <code>x</code>
271
     */
272
    public BigInteger getX() {
273
        return this.x;
274
    }
275

276
    /**
277
     * Returns the key parameters.
278
     *
279
     * @return the key parameters
280
     */
281
    public DHParameterSpec getParams() {
282
        if (this.l != 0) {
283
            return new DHParameterSpec(this.p, this.g, this.l);
284
        } else {
285
            return new DHParameterSpec(this.p, this.g);
286
        }
287
    }
288

289
    private void parseKeyBits() throws InvalidKeyException {
290
        try {
291
            DerInputStream in = new DerInputStream(this.key);
292
            this.x = in.getBigInteger();
293
        } catch (IOException e) {
294
            InvalidKeyException ike = new InvalidKeyException(
295
                "Error parsing key encoding: " + e.getMessage());
296
            ike.initCause(e);
297
            throw ike;
298
        }
299
    }
300

301
    /**
302
     * Calculates a hash code value for the object.
303
     * Objects that are equal will also have the same hashcode.
304
     */
305
    public int hashCode() {
306
        return Objects.hash(x, p, g);
307
    }
308

309
    public boolean equals(Object obj) {
310
        if (this == obj) return true;
311

312
        if (!(obj instanceof javax.crypto.interfaces.DHPrivateKey)) {
313
            return false;
314
        }
315
        javax.crypto.interfaces.DHPrivateKey other =
316
                (javax.crypto.interfaces.DHPrivateKey) obj;
317
        DHParameterSpec otherParams = other.getParams();
318
        return ((this.x.compareTo(other.getX()) == 0) &&
319
                (this.p.compareTo(otherParams.getP()) == 0) &&
320
                (this.g.compareTo(otherParams.getG()) == 0));
321
    }
322

323
    /**
324
     * Replace the DH private key to be serialized.
325
     *
326
     * @return the standard KeyRep object to be serialized
327
     *
328
     * @throws java.io.ObjectStreamException if a new object representing
329
     * this DH private key could not be created
330
     */
331
    @java.io.Serial
332
    private Object writeReplace() throws java.io.ObjectStreamException {
333
        encode();
334
        return new KeyRep(KeyRep.Type.PRIVATE,
335
                getAlgorithm(),
336
                getFormat(),
337
                encodedKey);
338
    }
339
}
340

341