1
/*
2
 * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package com.sun.crypto.provider;
27

28
import java.io.*;
29
import java.util.Objects;
30
import java.math.BigInteger;
31
import java.security.KeyRep;
32
import java.security.InvalidKeyException;
33
import java.security.ProviderException;
34
import java.security.PublicKey;
35
import javax.crypto.spec.DHParameterSpec;
36
import sun.security.util.*;
37

38

39
/**
40
 * A public key in X.509 format for the Diffie-Hellman key agreement algorithm.
41
 *
42
 * @author Jan Luehe
43
 *
44
 *
45
 * @see DHPrivateKey
46
 * @see javax.crypto.KeyAgreement
47
 */
48
final class DHPublicKey implements PublicKey,
49
javax.crypto.interfaces.DHPublicKey, Serializable {
50

51
    @java.io.Serial
52
    static final long serialVersionUID = 7647557958927458271L;
53

54
    // the public key
55
    private BigInteger y;
56

57
    // the key bytes, without the algorithm information
58
    private byte[] key;
59

60
    // the encoded key
61
    private byte[] encodedKey;
62

63
    // the prime modulus
64
    private BigInteger p;
65

66
    // the base generator
67
    private BigInteger g;
68

69
    // the private-value length (optional)
70
    private int l;
71

72
    // Note: this OID is used by DHPrivateKey as well.
73
    static ObjectIdentifier DH_OID =
74
            ObjectIdentifier.of(KnownOIDs.DiffieHellman);
75

76
    /**
77
     * Make a DH public key out of a public value <code>y</code>, a prime
78
     * modulus <code>p</code>, and a base generator <code>g</code>.
79
     *
80
     * @param y the public value
81
     * @param p the prime modulus
82
     * @param g the base generator
83
     *
84
     * @exception InvalidKeyException if the key cannot be encoded
85
     */
86
    DHPublicKey(BigInteger y, BigInteger p, BigInteger g)
87
        throws InvalidKeyException {
88
        this(y, p, g, 0);
89
    }
90

91
    /**
92
     * Make a DH public key out of a public value <code>y</code>, a prime
93
     * modulus <code>p</code>, a base generator <code>g</code>, and a
94
     * private-value length <code>l</code>.
95
     *
96
     * @param y the public value
97
     * @param p the prime modulus
98
     * @param g the base generator
99
     * @param l the private-value length
100
     *
101
     * @exception ProviderException if the key cannot be encoded
102
     */
103
    DHPublicKey(BigInteger y, BigInteger p, BigInteger g, int l) {
104
        this.y = y;
105
        this.p = p;
106
        this.g = g;
107
        this.l = l;
108
        try {
109
            this.key = new DerValue(DerValue.tag_Integer,
110
                                    this.y.toByteArray()).toByteArray();
111
            this.encodedKey = getEncoded();
112
        } catch (IOException e) {
113
            throw new ProviderException("Cannot produce ASN.1 encoding", e);
114
        }
115
    }
116

117
    /**
118
     * Make a DH public key from its DER encoding (X.509).
119
     *
120
     * @param encodedKey the encoded key
121
     *
122
     * @exception InvalidKeyException if the encoded key does not represent
123
     * a Diffie-Hellman public key
124
     */
125
    DHPublicKey(byte[] encodedKey) throws InvalidKeyException {
126
        InputStream inStream = new ByteArrayInputStream(encodedKey);
127
        try {
128
            DerValue derKeyVal = new DerValue(inStream);
129
            if (derKeyVal.tag != DerValue.tag_Sequence) {
130
                throw new InvalidKeyException ("Invalid key format");
131
            }
132

133
            /*
134
             * Parse the algorithm identifier
135
             */
136
            DerValue algid = derKeyVal.data.getDerValue();
137
            if (algid.tag != DerValue.tag_Sequence) {
138
                throw new InvalidKeyException("AlgId is not a SEQUENCE");
139
            }
140
            DerInputStream derInStream = algid.toDerInputStream();
141
            ObjectIdentifier oid = derInStream.getOID();
142
            if (oid == null) {
143
                throw new InvalidKeyException("Null OID");
144
            }
145
            if (derInStream.available() == 0) {
146
                throw new InvalidKeyException("Parameters missing");
147
            }
148

149
            /*
150
             * Parse the parameters
151
             */
152
            DerValue params = derInStream.getDerValue();
153
            if (params.tag == DerValue.tag_Null) {
154
                throw new InvalidKeyException("Null parameters");
155
            }
156
            if (params.tag != DerValue.tag_Sequence) {
157
                throw new InvalidKeyException("Parameters not a SEQUENCE");
158
            }
159
            params.data.reset();
160
            this.p = params.data.getBigInteger();
161
            this.g = params.data.getBigInteger();
162
            // Private-value length is OPTIONAL
163
            if (params.data.available() != 0) {
164
                this.l = params.data.getInteger();
165
            }
166
            if (params.data.available() != 0) {
167
                throw new InvalidKeyException("Extra parameter data");
168
            }
169

170
            /*
171
             * Parse the key
172
             */
173
            this.key = derKeyVal.data.getBitString();
174
            parseKeyBits();
175
            if (derKeyVal.data.available() != 0) {
176
                throw new InvalidKeyException("Excess key data");
177
            }
178

179
            this.encodedKey = encodedKey.clone();
180
        } catch (IOException | NumberFormatException e) {
181
            throw new InvalidKeyException("Error parsing key encoding", e);
182
        }
183
    }
184

185
    /**
186
     * Returns the encoding format of this key: "X.509"
187
     */
188
    public String getFormat() {
189
        return "X.509";
190
    }
191

192
    /**
193
     * Returns the name of the algorithm associated with this key: "DH"
194
     */
195
    public String getAlgorithm() {
196
        return "DH";
197
    }
198

199
    /**
200
     * Get the encoding of the key.
201
     */
202
    public synchronized byte[] getEncoded() {
203
        if (this.encodedKey == null) {
204
            try {
205
                DerOutputStream algid = new DerOutputStream();
206

207
                // store oid in algid
208
                algid.putOID(DH_OID);
209

210
                // encode parameters
211
                DerOutputStream params = new DerOutputStream();
212
                params.putInteger(this.p);
213
                params.putInteger(this.g);
214
                if (this.l != 0) {
215
                    params.putInteger(this.l);
216
                }
217
                // wrap parameters into SEQUENCE
218
                DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
219
                                                      params.toByteArray());
220
                // store parameter SEQUENCE in algid
221
                algid.putDerValue(paramSequence);
222

223
                // wrap algid into SEQUENCE, and store it in key encoding
224
                DerOutputStream tmpDerKey = new DerOutputStream();
225
                tmpDerKey.write(DerValue.tag_Sequence, algid);
226

227
                // store key data
228
                tmpDerKey.putBitString(this.key);
229

230
                // wrap algid and key into SEQUENCE
231
                DerOutputStream derKey = new DerOutputStream();
232
                derKey.write(DerValue.tag_Sequence, tmpDerKey);
233
                this.encodedKey = derKey.toByteArray();
234
            } catch (IOException e) {
235
                return null;
236
            }
237
        }
238
        return this.encodedKey.clone();
239
    }
240

241
    /**
242
     * Returns the public value, <code>y</code>.
243
     *
244
     * @return the public value, <code>y</code>
245
     */
246
    public BigInteger getY() {
247
        return this.y;
248
    }
249

250
    /**
251
     * Returns the key parameters.
252
     *
253
     * @return the key parameters
254
     */
255
    public DHParameterSpec getParams() {
256
        if (this.l != 0) {
257
            return new DHParameterSpec(this.p, this.g, this.l);
258
        } else {
259
            return new DHParameterSpec(this.p, this.g);
260
        }
261
    }
262

263
    public String toString() {
264
        String LINE_SEP = System.lineSeparator();
265

266
        StringBuilder sb
267
            = new StringBuilder("SunJCE Diffie-Hellman Public Key:"
268
                               + LINE_SEP + "y:" + LINE_SEP
269
                               + Debug.toHexString(this.y)
270
                               + LINE_SEP + "p:" + LINE_SEP
271
                               + Debug.toHexString(this.p)
272
                               + LINE_SEP + "g:" + LINE_SEP
273
                               + Debug.toHexString(this.g));
274
        if (this.l != 0)
275
            sb.append(LINE_SEP + "l:" + LINE_SEP + "    " + this.l);
276
        return sb.toString();
277
    }
278

279
    private void parseKeyBits() throws InvalidKeyException {
280
        try {
281
            DerInputStream in = new DerInputStream(this.key);
282
            this.y = in.getBigInteger();
283
        } catch (IOException e) {
284
            throw new InvalidKeyException(
285
                "Error parsing key encoding: " + e.toString());
286
        }
287
    }
288

289
    /**
290
     * Calculates a hash code value for the object.
291
     * Objects that are equal will also have the same hashcode.
292
     */
293
    public int hashCode() {
294
        return Objects.hash(y, p, g);
295
    }
296

297
    public boolean equals(Object obj) {
298
        if (this == obj) return true;
299

300
        if (!(obj instanceof javax.crypto.interfaces.DHPublicKey)) {
301
            return false;
302
        }
303

304
        javax.crypto.interfaces.DHPublicKey other =
305
            (javax.crypto.interfaces.DHPublicKey) obj;
306
        DHParameterSpec otherParams = other.getParams();
307
        return ((this.y.compareTo(other.getY()) == 0) &&
308
                (this.p.compareTo(otherParams.getP()) == 0) &&
309
                (this.g.compareTo(otherParams.getG()) == 0));
310
    }
311

312
    /**
313
     * Replace the DH public key to be serialized.
314
     *
315
     * @return the standard KeyRep object to be serialized
316
     *
317
     * @throws java.io.ObjectStreamException if a new object representing
318
     * this DH public key could not be created
319
     */
320
    @java.io.Serial
321
    private Object writeReplace() throws java.io.ObjectStreamException {
322
        return new KeyRep(KeyRep.Type.PUBLIC,
323
                        getAlgorithm(),
324
                        getFormat(),
325
                        getEncoded());
326
    }
327
}
328

329