Skip to content

Commit

Permalink
Add separate functions to add crypto providers
Browse files Browse the repository at this point in the history
  • Loading branch information
@hwupathum
hwupathum committed Mar 27, 2024
1 parent 4d7d924 commit 8afab76
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 33 deletions.
21 changes: 21 additions & 0 deletions native/src/main/java/io/ballerina/stdlib/crypto/CryptoUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@
import org.bouncycastle.jcajce.SecretKeyWithEncapsulation;
import org.bouncycastle.jcajce.spec.KEMExtractSpec;
import org.bouncycastle.jcajce.spec.KEMGenerateSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
Expand All @@ -46,6 +48,7 @@
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
Expand Down Expand Up @@ -332,6 +335,24 @@ public static Object aesEncryptDecrypt(CipherMode cipherMode, String algorithmMo
}
}

/**
* Add Bouncy Castle Post Quantum Cryptography provider to the security providers list.
*/
public static void addBCPQCProvider() {
if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastlePQCProvider());
}
}

/**
* Add Bouncy Castle provider to the security providers list.
*/
public static void addBCProvider() {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
}

/**
* Initialize cipher for encryption and decryption operations.
*
Expand Down
34 changes: 8 additions & 26 deletions native/src/main/java/io/ballerina/stdlib/crypto/nativeimpl/Decode.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;

import java.io.File;
import java.io.FileInputStream;
Expand All @@ -52,7 +51,6 @@
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
Expand Down Expand Up @@ -94,9 +92,7 @@ public static Object decodeEcPrivateKeyFromKeyStore(BMap<BString, BString> keySt
public static Object decodeMlDsa65PrivateKeyFromKeyStore(BMap<BString, BString> keyStoreRecord, BString keyAlias,
BString keyPassword) {

if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
CryptoUtils.addBCProvider();
Object decodedPrivateKey = getPrivateKey(keyStoreRecord, keyAlias, keyPassword);
if (decodedPrivateKey instanceof PrivateKey privateKey) {
return buildMlDsa65PrivateKeyRecord(privateKey);
Expand All @@ -106,9 +102,7 @@ public static Object decodeMlDsa65PrivateKeyFromKeyStore(BMap<BString, BString>

public static Object decodeMlKem768PrivateKeyFromKeyStore(BMap<BString, BString> keyStoreRecord, BString keyAlias,
BString keyPassword) {
if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastlePQCProvider());
}
CryptoUtils.addBCPQCProvider();
Object decodedPrivateKey = getPrivateKey(keyStoreRecord, keyAlias, keyPassword);
if (decodedPrivateKey instanceof PrivateKey privateKey) {
return buildMlKem768PrivateKeyRecord(privateKey);
Expand Down Expand Up @@ -169,9 +163,7 @@ public static Object decodeMlDsa65PrivateKeyFromKeyFile(BString keyFilePath, Obj
}

public static Object decodeMlKem768PrivateKeyFromKeyFile(BString keyFilePath, Object keyPassword) {
if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastlePQCProvider());
}
CryptoUtils.addBCPQCProvider();
Object decodedPrivateKey = getPrivateKey(keyFilePath, keyPassword);
if (decodedPrivateKey instanceof PrivateKey privateKey) {
return buildMlKem768PrivateKeyRecord(privateKey);
Expand All @@ -180,9 +172,7 @@ public static Object decodeMlKem768PrivateKeyFromKeyFile(BString keyFilePath, Ob
}

private static Object getPrivateKey(BString keyFilePath, Object keyPassword) {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
CryptoUtils.addBCProvider();
File privateKeyFile = new File(keyFilePath.getValue());
try (PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile, StandardCharsets.UTF_8))) {
Object obj = pemParser.readObject();
Expand Down Expand Up @@ -279,9 +269,7 @@ public static Object decodeEcPublicKeyFromTrustStore(BMap<BString, BString> trus

public static Object decodeMlDsa65PublicKeyFromTrustStore(BMap<BString, BString> trustStoreRecord,
BString keyAlias) {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
CryptoUtils.addBCProvider();
Object certificate = getPublicKey(trustStoreRecord, keyAlias);
if (certificate instanceof Certificate publicKey) {
return buildMlDsa65PublicKeyRecord(publicKey);
Expand All @@ -291,9 +279,7 @@ public static Object decodeMlDsa65PublicKeyFromTrustStore(BMap<BString, BString>

public static Object decodeMlKem768PublicKeyFromTrustStore(BMap<BString, BString> trustStoreRecord,
BString keyAlias) {
if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastlePQCProvider());
}
CryptoUtils.addBCPQCProvider();
Object certificate = getPublicKey(trustStoreRecord, keyAlias);
if (certificate instanceof Certificate publicKey) {
return buildMlKem768PublicKeyRecord(publicKey);
Expand Down Expand Up @@ -351,9 +337,7 @@ public static Object decodeEcPublicKeyFromCertFile(BString certFilePath) {
}

public static Object decodeMlDsa65PublicKeyFromCertFile(BString certFilePath) {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
CryptoUtils.addBCProvider();
File certFile = new File(certFilePath.getValue());
try (FileInputStream fileInputStream = new FileInputStream(certFile)) {
CertificateFactory certificateFactory = CertificateFactory.getInstance(Constants.CERTIFICATE_TYPE_X509);
Expand All @@ -367,9 +351,7 @@ public static Object decodeMlDsa65PublicKeyFromCertFile(BString certFilePath) {
}

public static Object decodeMlKem768PublicKeyFromCertFile(BString certFilePath) {
if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastlePQCProvider());
}
CryptoUtils.addBCPQCProvider();
File certFile = new File(certFilePath.getValue());
try (FileInputStream fileInputStream = new FileInputStream(certFile)) {
CertificateFactory certificateFactory = CertificateFactory.getInstance(Constants.CERTIFICATE_TYPE_X509);
Expand Down
9 changes: 2 additions & 7 deletions native/src/main/java/io/ballerina/stdlib/crypto/nativeimpl/Kem.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,14 @@

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;

public class Kem {

private Kem() {
}

public static Object encapsulateMlKem768(BMap<?, ?> publicKey) {
if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastlePQCProvider());
}
CryptoUtils.addBCPQCProvider();
PublicKey key = (PublicKey) publicKey.getNativeData(Constants.NATIVE_DATA_PUBLIC_KEY);
Object encapsulate = CryptoUtils.generateEncapsulated(Constants.MLKEM768_ALGORITHM, key,
BouncyCastlePQCProvider.PROVIDER_NAME);
Expand Down Expand Up @@ -69,9 +66,7 @@ private static Object getEncapsulationResultRecord(SecretKeyWithEncapsulation se
}

public static Object decapsulateMlKem768(BArray inputValue, BMap<?, ?> privateKey) {
if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastlePQCProvider());
}
CryptoUtils.addBCPQCProvider();
byte[] input = inputValue.getBytes();
PrivateKey key = (PrivateKey) privateKey.getNativeData(Constants.NATIVE_DATA_PRIVATE_KEY);
return CryptoUtils.extractSecret(input, Constants.MLKEM768_ALGORITHM, key,
Expand Down

0 comments on commit 8afab76

Please sign in to comment.