Ejemplo n.º 1
  protected byte[] engineSign() throws SignatureException {
    byte[] hash = new byte[digest.getDigestSize()];

    digest.doFinal(hash, 0);

    try {
      byte[] sigBytes = new byte[64];
      BigInteger[] sig = signer.generateSignature(hash);
      byte[] r = sig[0].toByteArray();
      byte[] s = sig[1].toByteArray();

      if (s[0] != 0) {
        System.arraycopy(s, 0, sigBytes, 32 - s.length, s.length);
      } else {
        System.arraycopy(s, 1, sigBytes, 32 - (s.length - 1), s.length - 1);

      if (r[0] != 0) {
        System.arraycopy(r, 0, sigBytes, 64 - r.length, r.length);
      } else {
        System.arraycopy(r, 1, sigBytes, 64 - (r.length - 1), r.length - 1);

      return sigBytes;
    } catch (Exception e) {
      throw new SignatureException(e.toString());
Ejemplo n.º 2
 public static byte[] hashContents(byte[] contents) {
   final Digest digest = new SHA256Digest();
   digest.update(contents, 0, contents.length);
   final byte[] digestValue = new byte[digest.getDigestSize()];
   digest.doFinal(digestValue, 0);
   return digestValue;
Ejemplo n.º 3
  private void appendHash(BitString m, byte[] hash) {
    hashAlg.update(seed, 0, seed.length);

    putInt(hashAlg, counter);

    hashAlg.doFinal(hash, 0);

   * Some key wrap algorithms make use of the Key Checksum defined in CMS [CMS-Algorithms]. This is
   * used to provide an integrity check value for the key being wrapped. The algorithm is
   * <p>- Compute the 20 octet SHA-1 hash on the key being wrapped. - Use the first 8 octets of this
   * hash as the checksum value.
   * @param key
   * @return the CMS checksum.
   * @throws RuntimeException
   * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
  private byte[] calculateCMSKeyChecksum(byte[] key) {
    byte[] result = new byte[8];

    sha1.update(key, 0, key.length);
    sha1.doFinal(digest, 0);

    System.arraycopy(digest, 0, result, 0, 8);

    return result;
Ejemplo n.º 5
   * Computes the digest for the given data in a single operation.
   * @param input Data to be digested.
   * @return Message digest as byte array.
  public byte[] digest(final byte[] input) {
    if (salt != null) {
      digest.update(salt, 0, salt.length);
    digest.update(input, 0, input.length);

    final byte[] hash = new byte[digest.getDigestSize()];
    digest.doFinal(hash, 0);
    return hash;
Ejemplo n.º 6
  /** generate a signature for the loaded message using the key we were initialised with. */
  public byte[] generateSignature() throws CryptoException {
    int digSize = digest.getDigestSize();

    int t = 0;
    int delta = 0;

    if (trailer == TRAILER_IMPLICIT) {
      t = 8;
      delta = block.length - digSize - 1;
      digest.doFinal(block, delta);
      block[block.length - 1] = (byte) TRAILER_IMPLICIT;
    } else {
      t = 16;
      delta = block.length - digSize - 2;
      digest.doFinal(block, delta);
      block[block.length - 2] = (byte) (trailer >>> 8);
      block[block.length - 1] = (byte) trailer;

    byte header = 0;
    int x = (digSize + messageLength) * 8 + t + 4 - keyBits;

    if (x > 0) {
      int mR = messageLength - ((x + 7) / 8);
      header = 0x60;

      delta -= mR;

      System.arraycopy(mBuf, 0, block, delta, mR);
    } else {
      header = 0x40;
      delta -= messageLength;

      System.arraycopy(mBuf, 0, block, delta, messageLength);

    if ((delta - 1) > 0) {
      for (int i = delta - 1; i != 0; i--) {
        block[i] = (byte) 0xbb;
      block[delta - 1] ^= (byte) 0x01;
      block[0] = (byte) 0x0b;
      block[0] |= header;
    } else {
      block[0] = (byte) 0x0a;
      block[0] |= header;

    byte[] b = cipher.processBlock(block, 0, block.length);


    return b;
Ejemplo n.º 7
  private void testDetachedRSA() throws Exception {
    Digest md = new SHA1Digest();
    List certList = new ArrayList();
    CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());


    Store certs = new CollectionStore(certList);

    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

    byte[] digValue = new byte[md.getDigestSize()];
    byte[] data = "Hello world!".getBytes();

    md.update(data, 0, data.length);
    md.doFinal(digValue, 0);

    Attribute attr =
        new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digValue)));

    ASN1EncodableVector v = new ASN1EncodableVector();


    AsymmetricKeyParameter privKey = (AsymmetricKeyParameter) _origKP.getPrivate();

    AlgorithmIdentifier sigAlgId =
        new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);

    BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);

        new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
                new DefaultSignedAttributeTableGenerator(new AttributeTable(v)))
            .build(contentSignerBuilder.build(privKey), _origCert));


    CMSSignedData s = gen.generate(new CMSAbsentContent(), false);

    // the signature is detached, so need to add msg before passing on
    s = new CMSSignedData(msg, s.getEncoded());
    // compute expected content digest

    verifyRSASignatures(s, digValue);
Ejemplo n.º 8
 public boolean isPublicKeyBlackListed(PublicKey publicKey) {
   byte[] encoded = publicKey.getEncoded();
   Digest digest = AndroidDigestFactory.getSHA1();
   digest.update(encoded, 0, encoded.length);
   byte[] out = new byte[digest.getDigestSize()];
   digest.doFinal(out, 0);
   for (byte[] blacklisted : pubkeyBlacklist) {
     if (Arrays.equals(blacklisted, Hex.encode(out))) {
       return true;
   return false;
Ejemplo n.º 9
   * Calculates the MacKey (i.e. the key to use when calculating the MagTag for key confirmation).
   * <p>
   * <p>
   * <pre>
   * MacKey = H(K || "JPAKE_KC")
   * </pre>
  private static byte[] calculateMacKey(BigInteger keyingMaterial, Digest digest) {

    updateDigest(digest, keyingMaterial);
     * This constant is used to ensure that the macKey is NOT the same as the derived key.
    updateDigest(digest, "JPAKE_KC");

    byte[] output = new byte[digest.getDigestSize()];
    digest.doFinal(output, 0);

    return output;
Ejemplo n.º 10
  protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
    CipherParameters param;

    if (publicKey instanceof ECPublicKey) {
      param = ECUtil.generatePublicKeyParameter(publicKey);
    } else if (publicKey instanceof GOST3410Key) {
      param = GOST3410Util.generatePublicKeyParameter(publicKey);
    } else {
      try {
        byte[] bytes = publicKey.getEncoded();

        publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes));

        if (publicKey instanceof ECPublicKey) {
          param = ECUtil.generatePublicKeyParameter(publicKey);
        } else {
          throw new InvalidKeyException("can't recognise key type in DSA based signer");
      } catch (Exception e) {
        throw new InvalidKeyException("can't recognise key type in DSA based signer");

    signer.init(false, param);
Ejemplo n.º 11
  private static BigInteger calculateGenerator_FIPS186_3_Verifiable(
      Digest d, BigInteger p, BigInteger q, byte[] seed, int index) {
    // A.2.3 Verifiable Canonical Generation of the Generator g
    BigInteger e = p.subtract(ONE).divide(q);
    byte[] ggen = Hex.decode("6767656E");

    // 7. U = domain_parameter_seed || "ggen" || index || count.
    byte[] U = new byte[seed.length + ggen.length + 1 + 2];
    System.arraycopy(seed, 0, U, 0, seed.length);
    System.arraycopy(ggen, 0, U, seed.length, ggen.length);
    U[U.length - 3] = (byte) index;

    byte[] w = new byte[d.getDigestSize()];
    for (int count = 1; count < (1 << 16); ++count) {
      hash(d, U, w);
      BigInteger W = new BigInteger(1, w);
      BigInteger g = W.modPow(e, p);
      if (g.compareTo(TWO) >= 0) {
        return g;

    return null;
Ejemplo n.º 12
 // TODO
 public GMSSSigner(GMSSDigestProvider digest) {
   digestProvider = digest;
   messDigestTrees = digest.get();
   messDigestOTS = messDigestTrees;
   mdLength = messDigestTrees.getDigestSize();
   gmssRandom = new GMSSRandom(messDigestTrees);
Ejemplo n.º 13
  public void init(boolean forSigning, CipherParameters param) {
    RSAKeyParameters kParam = (RSAKeyParameters) param;

    cipher.init(forSigning, kParam);

    keyBits = kParam.getModulus().bitLength();

    block = new byte[(keyBits + 7) / 8];

    if (trailer == TRAILER_IMPLICIT) {
      mBuf = new byte[block.length - digest.getDigestSize() - 2];
    } else {
      mBuf = new byte[block.length - digest.getDigestSize() - 3];

Ejemplo n.º 14
  private static BigInteger calculateHashForZeroKnowledgeProof(
      BigInteger g, BigInteger gr, BigInteger gx, String participantId, Digest digest) {

    updateDigestIncludingSize(digest, g);

    updateDigestIncludingSize(digest, gr);

    updateDigestIncludingSize(digest, gx);

    updateDigestIncludingSize(digest, participantId);

    byte[] output = new byte[digest.getDigestSize()];
    digest.doFinal(output, 0);

    return new BigInteger(output);
Ejemplo n.º 15
  /** Initializes the signature algorithm for signing a message. */
  private void initSign() {
    // set private key and take from it ots key, auth, tree and key
    // counter, rootSign
    GMSSPrivateKeyParameters gmssPrivateKey = (GMSSPrivateKeyParameters) key;

    if (gmssPrivateKey.isUsed()) {
      throw new IllegalStateException("Private key already used");

    // check if last signature has been generated
    if (gmssPrivateKey.getIndex(0) >= gmssPrivateKey.getNumLeafs(0)) {
      throw new IllegalStateException("No more signatures can be generated");

    // get Parameterset
    this.gmssPS = gmssPrivateKey.getParameters();
    // get numLayer
    this.numLayer = gmssPS.getNumOfLayers();

    // get OTS Instance of lowest layer
    byte[] seed = gmssPrivateKey.getCurrentSeeds()[numLayer - 1];
    byte[] OTSSeed = new byte[mdLength];
    byte[] dummy = new byte[mdLength];
    System.arraycopy(seed, 0, dummy, 0, mdLength);
    OTSSeed =
            dummy); // secureRandom.nextBytes(currentSeeds[currentSeeds.length-1]);secureRandom.nextBytes(OTSseed);
    this.ots =
        new WinternitzOTSignature(
            OTSSeed, digestProvider.get(), gmssPS.getWinternitzParameter()[numLayer - 1]);

    byte[][][] helpCurrentAuthPaths = gmssPrivateKey.getCurrentAuthPaths();
    currentAuthPaths = new byte[numLayer][][];

    // copy the main tree authentication path
    for (int j = 0; j < numLayer; j++) {
      currentAuthPaths[j] = new byte[helpCurrentAuthPaths[j].length][mdLength];
      for (int i = 0; i < helpCurrentAuthPaths[j].length; i++) {
        System.arraycopy(helpCurrentAuthPaths[j][i], 0, currentAuthPaths[j][i], 0, mdLength);

    // copy index
    index = new int[numLayer];
    System.arraycopy(gmssPrivateKey.getIndex(), 0, index, 0, numLayer);

    // copy subtreeRootSig
    byte[] helpSubtreeRootSig;
    subtreeRootSig = new byte[numLayer - 1][];
    for (int i = 0; i < numLayer - 1; i++) {
      helpSubtreeRootSig = gmssPrivateKey.getSubtreeRootSig(i);
      subtreeRootSig[i] = new byte[helpSubtreeRootSig.length];
      System.arraycopy(helpSubtreeRootSig, 0, subtreeRootSig[i], 0, helpSubtreeRootSig.length);

Ejemplo n.º 16
  /** update the internal digest with the byte b */
  public void update(byte b) {

    if (preSig == null && messageLength < mBuf.length) {
      mBuf[messageLength] = b;

Ejemplo n.º 17
   * Computes the digest for all the data in the stream by reading data and hashing it in chunks.
   * @param in Input stream containing data to be digested.
   * @return Message digest as byte array.
   * @throws IOException On input stream read errors.
  public byte[] digest(final InputStream in) throws IOException {
    if (in == null) {
      throw new IllegalArgumentException("Input stream cannot be null.");

    final byte[] buffer = new byte[CHUNK_SIZE];
    int count;
    if (salt != null) {
      digest.update(salt, 0, salt.length);
    while ((count = in.read(buffer, 0, CHUNK_SIZE)) > 0) {
      digest.update(buffer, 0, count);

    final byte[] hash = new byte[digest.getDigestSize()];
    digest.doFinal(hash, 0);
    return hash;
Ejemplo n.º 18
  /** Initializes the signature algorithm for verifying a signature. */
  private void initVerify() {

    GMSSPublicKeyParameters gmssPublicKey = (GMSSPublicKeyParameters) key;
    pubKeyBytes = gmssPublicKey.getPublicKey();
    gmssPS = gmssPublicKey.getParameters();
    // get numLayer
    this.numLayer = gmssPS.getNumOfLayers();
Ejemplo n.º 19
  /** update the internal digest with the byte array in */
  public void update(byte[] in, int off, int len) {
    digest.update(in, off, len);

    if (preSig == null && messageLength < mBuf.length) {
      for (int i = 0; i < len && (i + messageLength) < mBuf.length; i++) {
        mBuf[messageLength + i] = in[off + i];

    messageLength += len;
   * fill len bytes of the output buffer with bytes generated from the derivation function.
   * @throws IllegalArgumentException if the size of the request will cause an overflow.
   * @throws DataLengthException if the out buffer is too small.
  public int generateBytes(byte[] out, int outOff, int len)
      throws DataLengthException, IllegalArgumentException {
    if ((out.length - len) < outOff) {
      throw new DataLengthException("output buffer too small");

    long oBytes = len;
    int outLen = digest.getDigestSize();

    // this is at odds with the standard implementation, the
    // maximum value should be hBits * (2^32 - 1) where hBits
    // is the digest output size in bits. We can't have an
    // array with a long index at the moment...
    if (oBytes > ((2L << 32) - 1)) {
      throw new IllegalArgumentException("Output length too large");

    int cThreshold = (int) ((oBytes + outLen - 1) / outLen);

    byte[] dig = new byte[digest.getDigestSize()];

    byte[] C = new byte[4];
    Pack.intToBigEndian(counterStart, C, 0);

    int counterBase = counterStart & ~0xFF;

    for (int i = 0; i < cThreshold; i++) {
      digest.update(shared, 0, shared.length);
      digest.update(C, 0, C.length);

      if (iv != null) {
        digest.update(iv, 0, iv.length);

      digest.doFinal(dig, 0);

      if (len > outLen) {
        System.arraycopy(dig, 0, out, outOff, outLen);
        outOff += outLen;
        len -= outLen;
      } else {
        System.arraycopy(dig, 0, out, outOff, len);

      if (++C[3] == 0) {
        counterBase += 0x100;
        Pack.intToBigEndian(counterBase, C, 0);


    return (int) oBytes;
Ejemplo n.º 21
   * Generate a key parameter derived from the password, salt, and iteration count we are currently
   * initialised with.
   * @param keySize the size of the key we want (in bits)
   * @return a KeyParameter object.
   * @exception IllegalArgumentException if the key length larger than the base hash size.
  public CipherParameters generateDerivedParameters(int keySize) {
    keySize = keySize / 8;

    if (keySize > digest.getDigestSize()) {
      throw new IllegalArgumentException(
          "Can't generate a derived key " + keySize + " bytes long.");

    byte[] dKey = generateDerivedKey();

    return new KeyParameter(dKey, 0, keySize);
Ejemplo n.º 22
  /** reset the internal state */
  public void reset() {
    messageLength = 0;

    if (recoveredMessage != null) {

    recoveredMessage = null;
    fullMessage = false;
Ejemplo n.º 23
   * Returns a number <code>i</code> such that <code>0 &lt;= i &lt; N</code>.
   * @return
  int nextIndex() {
    if (!initialized) {
      buf = new BitString();
      byte[] hash = new byte[hashAlg.getDigestSize()];
      while (counter < minCallsR) {
        appendHash(buf, hash);
      totLen = minCallsR * 8 * hLen;
      remLen = totLen;
      initialized = true;

    while (true) {
      totLen += c;
      BitString M = buf.getTrailing(remLen);
      if (remLen < c) {
        int tmpLen = c - remLen;
        int cThreshold = counter + (tmpLen + hLen - 1) / hLen;
        byte[] hash = new byte[hashAlg.getDigestSize()];
        while (counter < cThreshold) {
          appendHash(M, hash);
          if (tmpLen > 8 * hLen) {
            tmpLen -= 8 * hLen;
        remLen = 8 * hLen - tmpLen;
        buf = new BitString();
      } else {
        remLen -= c;

      int i = M.getLeadingAsInt(c); // assume c<32
      if (i < (1 << c) - ((1 << c) % N)) {
        return i % N;
Ejemplo n.º 24
  // 1. m = [requested_number_of_bits / outlen]
  // 2. data = V.
  // 3. W = the Null string.
  // 4. For i = 1 to m
  // 4.1 wi = Hash (data).
  // 4.2 W = W || wi.
  // 4.3 data = (data + 1) mod 2^seedlen
  // .
  // 5. returned_bits = Leftmost (requested_no_of_bits) bits of W.
  private byte[] hashgen(byte[] input, int lengthInBits) {
    int digestSize = _digest.getDigestSize();
    int m = (lengthInBits / 8) / digestSize;

    byte[] data = new byte[input.length];
    System.arraycopy(input, 0, data, 0, input.length);

    byte[] W = new byte[lengthInBits / 8];

    byte[] dig = new byte[_digest.getDigestSize()];
    for (int i = 0; i <= m; i++) {
      doHash(data, dig);

      int bytesToCopy =
          ((W.length - i * dig.length) > dig.length) ? dig.length : (W.length - i * dig.length);
      System.arraycopy(dig, 0, W, i * dig.length, bytesToCopy);

      addTo(data, ONE);

    return W;
Ejemplo n.º 25
   * Constructs a new index generator.
   * @param seed a seed of arbitrary length to initialize the index generator with
   * @param params NtruEncrypt parameters
  IndexGenerator(byte[] seed, NTRUEncryptionParameters params) {
    this.seed = seed;
    N = params.N;
    c = params.c;
    minCallsR = params.minCallsR;

    totLen = 0;
    remLen = 0;
    counter = 0;
    hashAlg = params.hashAlg;

    hLen = hashAlg.getDigestSize(); // hash length
    initialized = false;
Ejemplo n.º 26
  protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
    byte[] hash = new byte[digest.getDigestSize()];

    digest.doFinal(hash, 0);

    BigInteger[] sig;

    try {
      byte[] r = new byte[32];
      byte[] s = new byte[32];

      System.arraycopy(sigBytes, 0, s, 0, 32);

      System.arraycopy(sigBytes, 32, r, 0, 32);

      sig = new BigInteger[2];
      sig[0] = new BigInteger(1, r);
      sig[1] = new BigInteger(1, s);
    } catch (Exception e) {
      throw new SignatureException("error decoding signature bytes.");

    return signer.verifySignature(hash, sig[0], sig[1]);
Ejemplo n.º 27
   * Generate a signer for the with either implicit or explicit trailers for ISO9796-2.
   * @param cipher base cipher to use for signature creation/verification
   * @param digest digest to use.
   * @param implicit whether or not the trailer is implicit or gives the hash.
  public ISO9796d2Signer(AsymmetricBlockCipher cipher, Digest digest, boolean implicit) {
    this.cipher = cipher;
    this.digest = digest;

    if (implicit) {
      trailer = TRAILER_IMPLICIT;
    } else {
      Integer trailerObj = (Integer) trailerMap.get(digest.getAlgorithmName());

      if (trailerObj != null) {
        trailer = trailerObj.intValue();
      } else {
        throw new IllegalArgumentException("no valid trailer for digest");
  public byte[] calculateFingerprint(PublicKeyPacket publicPk) throws PGPException {
    BCPGKey key = publicPk.getKey();
    Digest digest;

    if (publicPk.getVersion() <= 3) {
      RSAPublicBCPGKey rK = (RSAPublicBCPGKey) key;

      try {
        digest = new MD5Digest();

        byte[] bytes = new MPInteger(rK.getModulus()).getEncoded();
        digest.update(bytes, 2, bytes.length - 2);

        bytes = new MPInteger(rK.getPublicExponent()).getEncoded();
        digest.update(bytes, 2, bytes.length - 2);
      } catch (IOException e) {
        throw new PGPException("can't encode key components: " + e.getMessage(), e);
    } else {
      try {
        byte[] kBytes = publicPk.getEncodedContents();

        digest = new SHA1Digest();

        digest.update((byte) 0x99);
        digest.update((byte) (kBytes.length >> 8));
        digest.update((byte) kBytes.length);
        digest.update(kBytes, 0, kBytes.length);
      } catch (IOException e) {
        throw new PGPException("can't encode key components: " + e.getMessage(), e);

    byte[] digBuf = new byte[digest.getDigestSize()];

    digest.doFinal(digBuf, 0);

    return digBuf;
Ejemplo n.º 29
  protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
    CipherParameters param;

    if (privateKey instanceof ECKey) {
      param = ECUtil.generatePrivateKeyParameter(privateKey);
    } else {
      param = GOST3410Util.generatePrivateKeyParameter(privateKey);


    if (random != null) {
      signer.init(true, new ParametersWithRandom(param, random));
    } else {
      signer.init(true, param);
Ejemplo n.º 30
  /** the derived key function, the ith hash of the password and the salt. */
  private byte[] generateDerivedKey() {
    byte[] digestBytes = new byte[digest.getDigestSize()];

    digest.update(password, 0, password.length);
    digest.update(salt, 0, salt.length);

    digest.doFinal(digestBytes, 0);
    for (int i = 1; i < iterationCount; i++) {
      digest.update(digestBytes, 0, digestBytes.length);
      digest.doFinal(digestBytes, 0);

    return digestBytes;