Created
August 7, 2019 19:11
-
-
Save ReFLeXive007/65adc3a4112b8634648fea600c8f803c to your computer and use it in GitHub Desktop.
Расшифровка
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static DecryptedSessionKey decryptSessionKey(PrivateKey pk, EncryptedSessionKey encryptedSessionKey) throws KomandorException { | |
| SecretKey key_ = null; | |
| byte[] iv = null; | |
| try { | |
| int sizeLength = 4; | |
| byte[] bKey = Base64.decode(encryptedSessionKey.getEncryptedKey(), Base64.NO_WRAP); | |
| byte[] bBlobLength = SystemUtils.reverseByteArray(Arrays.copyOfRange(bKey, 0, sizeLength)); | |
| int blobLength = ByteBuffer.wrap(bBlobLength).getInt(); | |
| byte[] bSimpleBlob = Arrays.copyOfRange(bKey, sizeLength, sizeLength + blobLength); | |
| byte[] bBlobHeader = Arrays.copyOfRange(bSimpleBlob, 0, 16); | |
| byte[] sv = Arrays.copyOfRange(bSimpleBlob, 16, 24); | |
| byte[] bEncryptedKey = Arrays.copyOfRange(bSimpleBlob, 24, 24 + 32); | |
| byte[] bMacKey = Arrays.copyOfRange(bSimpleBlob, 56, 56 + 4); | |
| byte[] bEncryptedParams = Arrays.copyOfRange(bSimpleBlob, 60, blobLength); | |
| // Получаем IV вектор | |
| int IVStart = sizeLength + blobLength; | |
| byte[] bIVLength = SystemUtils.reverseByteArray(Arrays.copyOfRange(bKey, IVStart, IVStart + sizeLength)); | |
| int IVLength = ByteBuffer.wrap(bIVLength).getInt(); | |
| iv = Arrays.copyOfRange(bKey, IVStart + sizeLength, IVStart + sizeLength + IVLength); | |
| // Получаем зашифрованный ключ | |
| final Gost28147_89_EncryptedKey ek = new Gost28147_89_EncryptedKey(); | |
| ek.encryptedKey = new Gost28147_89_Key(bEncryptedKey); | |
| ek.macKey = new Gost28147_89_MAC(bMacKey); | |
| final Asn1BerEncodeBuffer ebuf = new Asn1BerEncodeBuffer(); | |
| ek.encode(ebuf); | |
| final byte[] wrap = ebuf.getMsgCopy(); | |
| // Генерируем ключ согласования | |
| SecretKey responderAgree = generateKeyAgreement(pk, encryptedSessionKey.getCertificate(), sv); | |
| if (responderAgree == null) { | |
| throw new KomandorException("Key agreement is null"); | |
| } | |
| // Расшифровываем ключ | |
| Cipher cipher = Cipher.getInstance(CIPHER_ALG + CIPHER_KEY_ALG_PARAMS); | |
| cipher.init(Cipher.UNWRAP_MODE, responderAgree); | |
| key_ = (SecretKey) cipher.unwrap(wrap, null, Cipher.SECRET_KEY); | |
| } catch (Exception e) { | |
| throw new KomandorException(e); | |
| } | |
| return new DecryptedSessionKey(key_, iv); | |
| } | |
| private static SecretKey generateKeyAgreement(PrivateKey pk, X509Certificate partnerCert, byte[] sv) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException { | |
| final IvParameterSpec ivspec = new IvParameterSpec(sv); | |
| final KeyAgreement keyAgree = KeyAgreement.getInstance(pk.getAlgorithm(), JCSP.PROVIDER_NAME); | |
| keyAgree.init(pk, ivspec, null); | |
| keyAgree.doPhase(partnerCert.getPublicKey(), true); | |
| return keyAgree.generateSecret(CIPHER_ALG); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment