/** * Test that the keys are correctly generated. * * @throws Exception When test fails. */ @Test public void testGenerateKeys() throws Exception { CryptoProviderUtil keyConvertor = PowerAuthConfiguration.INSTANCE.getKeyConvertor(); KeyGenerator keyGenerator = new KeyGenerator(); KeyPair kp = keyGenerator.generateKeyPair(); System.out.println( "Private Key: " + BaseEncoding.base64().encode(keyConvertor.convertPrivateKeyToBytes(kp.getPrivate()))); System.out.println( "Public Key: " + BaseEncoding.base64().encode(keyConvertor.convertPublicKeyToBytes(kp.getPublic()))); }
/** * Encrypt the server public key using activation OTP and device public key. As a technical * component for public key encryption, an ephemeral private key is used (in order to deduce * ephemeral symmetric key using ECDH). * * @param serverPublicKey Server public key to be encrypted. * @param devicePublicKey Device public key used for encryption. * @param ephemeralPrivateKey Ephemeral private key. * @param activationOTP Activation OTP value. * @param activationIdShort Short activation ID. * @param activationNonce Activation nonce, used as an initialization vector for AES encryption. * @return Encrypted server public key. * @throws InvalidKeyException In case some of the provided keys is invalid. */ public byte[] encryptServerPublicKey( PublicKey serverPublicKey, PublicKey devicePublicKey, PrivateKey ephemeralPrivateKey, String activationOTP, String activationIdShort, byte[] activationNonce) throws InvalidKeyException { try { // Convert public key to bytes byte[] serverPublicKeyBytes = PowerAuthConfiguration.INSTANCE .getKeyConvertor() .convertPublicKeyToBytes(serverPublicKey); // Generate symmetric keys KeyGenerator keyGenerator = new KeyGenerator(); SecretKey ephemeralSymmetricKey = keyGenerator.computeSharedKey(ephemeralPrivateKey, devicePublicKey); byte[] activationIdShortBytes = activationIdShort.getBytes("UTF-8"); SecretKey otpBasedSymmetricKey = keyGenerator.deriveSecretKeyFromPassword(activationOTP, activationIdShortBytes); // Encrypt the data AESEncryptionUtils aes = new AESEncryptionUtils(); byte[] encryptedTMP = aes.encrypt(serverPublicKeyBytes, activationNonce, otpBasedSymmetricKey); byte[] encryptServerPublicKey = aes.encrypt(encryptedTMP, activationNonce, ephemeralSymmetricKey); return encryptServerPublicKey; } catch (IllegalBlockSizeException | BadPaddingException | UnsupportedEncodingException ex) { Logger.getLogger(PowerAuthServerActivation.class.getName()).log(Level.SEVERE, null, ex); } return null; }
/** * Test of the complete activation process, orchestration between client and server. * * @throws Exception In case test fails */ @Test public void testActivationProcess() throws Exception { System.out.println("TEST: Activation Process"); // Prepare test data KeyGenerator keyGenerator = new KeyGenerator(); PowerAuthClientActivation clientActivation = new PowerAuthClientActivation(); PowerAuthServerActivation serverActivation = new PowerAuthServerActivation(); KeyPair masterKeyPair = keyGenerator.generateKeyPair(); // Generate master keypair PrivateKey masterPrivateKey = masterKeyPair.getPrivate(); PublicKey masterPublicKey = masterKeyPair.getPublic(); for (int i = 0; i < 20; i++) { // SERVER: Generate data for activation String activationId = serverActivation.generateActivationId(); String activationIdShort = serverActivation.generateActivationIdShort(); String activationOTP = serverActivation.generateActivationOTP(); byte[] activationSignature = serverActivation.generateActivationSignature( activationIdShort, activationOTP, masterPrivateKey); KeyPair serverKeyPair = serverActivation.generateServerKeyPair(); PrivateKey serverPrivateKey = serverKeyPair.getPrivate(); PublicKey serverPublicKey = serverKeyPair.getPublic(); // CLIENT: Verify activation signature boolean activationSignatureOK = clientActivation.verifyActivationDataSignature( activationIdShort, activationOTP, activationSignature, masterPublicKey); assertTrue(activationSignatureOK); // CLIENT: Generate and send public key KeyPair deviceKeyPair = clientActivation.generateDeviceKeyPair(); KeyPair clientEphemeralKeyPair = keyGenerator.generateKeyPair(); PrivateKey devicePrivateKey = deviceKeyPair.getPrivate(); PublicKey devicePublicKey = deviceKeyPair.getPublic(); byte[] clientNonce = clientActivation.generateActivationNonce(); byte[] c_devicePublicKey = clientActivation.encryptDevicePublicKey( devicePublicKey, clientEphemeralKeyPair.getPrivate(), masterPublicKey, activationOTP, activationIdShort, clientNonce); // SERVER: Decrypt device public key PublicKey decryptedDevicePublicKey = serverActivation.decryptDevicePublicKey( c_devicePublicKey, activationIdShort, masterPrivateKey, clientEphemeralKeyPair.getPublic(), activationOTP, clientNonce); assertEquals(devicePublicKey, decryptedDevicePublicKey); // SERVER: Encrypt and send encrypted server public and it's signature KeyPair ephemeralKeyPair = keyGenerator.generateKeyPair(); PrivateKey ephemeralPrivateKey = ephemeralKeyPair.getPrivate(); PublicKey ephemeralPublicKey = ephemeralKeyPair.getPublic(); byte[] serverNonce = serverActivation.generateActivationNonce(); byte[] c_serverPublicKey = serverActivation.encryptServerPublicKey( serverPublicKey, devicePublicKey, ephemeralPrivateKey, activationOTP, activationIdShort, serverNonce); byte[] c_serverPublicKeySignature = serverActivation.computeServerDataSignature( activationId, c_serverPublicKey, masterPrivateKey); // CLIENT: Validate server public key signature and decrypt server public key boolean serverPublicKeySignatureOK = clientActivation.verifyServerDataSignature( activationId, c_serverPublicKey, c_serverPublicKeySignature, masterPublicKey); assertTrue(serverPublicKeySignatureOK); PublicKey decryptedServerPublicKey = clientActivation.decryptServerPublicKey( c_serverPublicKey, devicePrivateKey, ephemeralPublicKey, activationOTP, activationIdShort, serverNonce); assertEquals(serverPublicKey, decryptedServerPublicKey); // CLIENT and SERVER: Compute device public key fingerprint int devicePublicKeyFingerprintClient = clientActivation.computeDevicePublicKeyFingerprint(devicePublicKey); int devicePublicKeyFingerprintServer = serverActivation.computeDevicePublicKeyFingerprint(decryptedDevicePublicKey); assertEquals(devicePublicKeyFingerprintClient, devicePublicKeyFingerprintServer); // CLIENT and SERVER: Compute shared master secret SecretKey sharedMasterSecretDevice = keyGenerator.computeSharedKey(devicePrivateKey, serverPublicKey); SecretKey sharedMasterSecretServer = keyGenerator.computeSharedKey(serverPrivateKey, devicePublicKey); assertEquals(sharedMasterSecretDevice, sharedMasterSecretServer); } }