示例#1
0
  protected byte[] engineSign() throws SignatureException {
    byte[] hash = new byte[digest.getDigestSize()];

    digest.doFinal(hash, 0);

    try {
      byte[] sigBytes = new byte[64];
      BigInteger[] sig = signer.generateSignature(hash);
      byte[] r = sig[0].toByteArray();
      byte[] s = sig[1].toByteArray();

      if (s[0] != 0) {
        System.arraycopy(s, 0, sigBytes, 32 - s.length, s.length);
      } else {
        System.arraycopy(s, 1, sigBytes, 32 - (s.length - 1), s.length - 1);
      }

      if (r[0] != 0) {
        System.arraycopy(r, 0, sigBytes, 64 - r.length, r.length);
      } else {
        System.arraycopy(r, 1, sigBytes, 64 - (r.length - 1), r.length - 1);
      }

      return sigBytes;
    } catch (Exception e) {
      throw new SignatureException(e.toString());
    }
  }
示例#2
0
 public static byte[] hashContents(byte[] contents) {
   final Digest digest = new SHA256Digest();
   digest.update(contents, 0, contents.length);
   final byte[] digestValue = new byte[digest.getDigestSize()];
   digest.doFinal(digestValue, 0);
   return digestValue;
 }
  private void appendHash(BitString m, byte[] hash) {
    hashAlg.update(seed, 0, seed.length);

    putInt(hashAlg, counter);

    hashAlg.doFinal(hash, 0);

    m.appendBits(hash);
  }
  /**
   * Some key wrap algorithms make use of the Key Checksum defined in CMS [CMS-Algorithms]. This is
   * used to provide an integrity check value for the key being wrapped. The algorithm is
   *
   * <p>- Compute the 20 octet SHA-1 hash on the key being wrapped. - Use the first 8 octets of this
   * hash as the checksum value.
   *
   * @param key
   * @return the CMS checksum.
   * @throws RuntimeException
   * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
   */
  private byte[] calculateCMSKeyChecksum(byte[] key) {
    byte[] result = new byte[8];

    sha1.update(key, 0, key.length);
    sha1.doFinal(digest, 0);

    System.arraycopy(digest, 0, result, 0, 8);

    return result;
  }
  /**
   * Computes the digest for the given data in a single operation.
   *
   * @param input Data to be digested.
   * @return Message digest as byte array.
   */
  public byte[] digest(final byte[] input) {
    if (salt != null) {
      digest.update(salt, 0, salt.length);
    }
    digest.update(input, 0, input.length);

    final byte[] hash = new byte[digest.getDigestSize()];
    digest.doFinal(hash, 0);
    return hash;
  }
  /** generate a signature for the loaded message using the key we were initialised with. */
  public byte[] generateSignature() throws CryptoException {
    int digSize = digest.getDigestSize();

    int t = 0;
    int delta = 0;

    if (trailer == TRAILER_IMPLICIT) {
      t = 8;
      delta = block.length - digSize - 1;
      digest.doFinal(block, delta);
      block[block.length - 1] = (byte) TRAILER_IMPLICIT;
    } else {
      t = 16;
      delta = block.length - digSize - 2;
      digest.doFinal(block, delta);
      block[block.length - 2] = (byte) (trailer >>> 8);
      block[block.length - 1] = (byte) trailer;
    }

    byte header = 0;
    int x = (digSize + messageLength) * 8 + t + 4 - keyBits;

    if (x > 0) {
      int mR = messageLength - ((x + 7) / 8);
      header = 0x60;

      delta -= mR;

      System.arraycopy(mBuf, 0, block, delta, mR);
    } else {
      header = 0x40;
      delta -= messageLength;

      System.arraycopy(mBuf, 0, block, delta, messageLength);
    }

    if ((delta - 1) > 0) {
      for (int i = delta - 1; i != 0; i--) {
        block[i] = (byte) 0xbb;
      }
      block[delta - 1] ^= (byte) 0x01;
      block[0] = (byte) 0x0b;
      block[0] |= header;
    } else {
      block[0] = (byte) 0x0a;
      block[0] |= header;
    }

    byte[] b = cipher.processBlock(block, 0, block.length);

    clearBlock(mBuf);
    clearBlock(block);

    return b;
  }
示例#7
0
  private void testDetachedRSA() throws Exception {
    Digest md = new SHA1Digest();
    List certList = new ArrayList();
    CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());

    certList.add(_origCert);
    certList.add(_signCert);

    Store certs = new CollectionStore(certList);

    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

    byte[] digValue = new byte[md.getDigestSize()];
    byte[] data = "Hello world!".getBytes();

    md.update(data, 0, data.length);
    md.doFinal(digValue, 0);

    Attribute attr =
        new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digValue)));

    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(attr);

    AsymmetricKeyParameter privKey = (AsymmetricKeyParameter) _origKP.getPrivate();

    AlgorithmIdentifier sigAlgId =
        new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);

    BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);

    gen.addSignerInfoGenerator(
        new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
            .setSignedAttributeGenerator(
                new DefaultSignedAttributeTableGenerator(new AttributeTable(v)))
            .build(contentSignerBuilder.build(privKey), _origCert));

    gen.addCertificates(certs);

    CMSSignedData s = gen.generate(new CMSAbsentContent(), false);

    //
    // the signature is detached, so need to add msg before passing on
    //
    s = new CMSSignedData(msg, s.getEncoded());
    //
    // compute expected content digest
    //

    verifyRSASignatures(s, digValue);
  }
示例#8
0
 public boolean isPublicKeyBlackListed(PublicKey publicKey) {
   byte[] encoded = publicKey.getEncoded();
   Digest digest = AndroidDigestFactory.getSHA1();
   digest.update(encoded, 0, encoded.length);
   byte[] out = new byte[digest.getDigestSize()];
   digest.doFinal(out, 0);
   for (byte[] blacklisted : pubkeyBlacklist) {
     if (Arrays.equals(blacklisted, Hex.encode(out))) {
       return true;
     }
   }
   return false;
 }
示例#9
0
  /**
   * Calculates the MacKey (i.e. the key to use when calculating the MagTag for key confirmation).
   *
   * <p>
   *
   * <p>
   *
   * <pre>
   * MacKey = H(K || "JPAKE_KC")
   * </pre>
   */
  private static byte[] calculateMacKey(BigInteger keyingMaterial, Digest digest) {
    digest.reset();

    updateDigest(digest, keyingMaterial);
    /*
     * This constant is used to ensure that the macKey is NOT the same as the derived key.
     */
    updateDigest(digest, "JPAKE_KC");

    byte[] output = new byte[digest.getDigestSize()];
    digest.doFinal(output, 0);

    return output;
  }
示例#10
0
  protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
    CipherParameters param;

    if (publicKey instanceof ECPublicKey) {
      param = ECUtil.generatePublicKeyParameter(publicKey);
    } else if (publicKey instanceof GOST3410Key) {
      param = GOST3410Util.generatePublicKeyParameter(publicKey);
    } else {
      try {
        byte[] bytes = publicKey.getEncoded();

        publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes));

        if (publicKey instanceof ECPublicKey) {
          param = ECUtil.generatePublicKeyParameter(publicKey);
        } else {
          throw new InvalidKeyException("can't recognise key type in DSA based signer");
        }
      } catch (Exception e) {
        throw new InvalidKeyException("can't recognise key type in DSA based signer");
      }
    }

    digest.reset();
    signer.init(false, param);
  }
  private static BigInteger calculateGenerator_FIPS186_3_Verifiable(
      Digest d, BigInteger p, BigInteger q, byte[] seed, int index) {
    // A.2.3 Verifiable Canonical Generation of the Generator g
    BigInteger e = p.subtract(ONE).divide(q);
    byte[] ggen = Hex.decode("6767656E");

    // 7. U = domain_parameter_seed || "ggen" || index || count.
    byte[] U = new byte[seed.length + ggen.length + 1 + 2];
    System.arraycopy(seed, 0, U, 0, seed.length);
    System.arraycopy(ggen, 0, U, seed.length, ggen.length);
    U[U.length - 3] = (byte) index;

    byte[] w = new byte[d.getDigestSize()];
    for (int count = 1; count < (1 << 16); ++count) {
      inc(U);
      hash(d, U, w);
      BigInteger W = new BigInteger(1, w);
      BigInteger g = W.modPow(e, p);
      if (g.compareTo(TWO) >= 0) {
        return g;
      }
    }

    return null;
  }
示例#12
0
 // TODO
 public GMSSSigner(GMSSDigestProvider digest) {
   digestProvider = digest;
   messDigestTrees = digest.get();
   messDigestOTS = messDigestTrees;
   mdLength = messDigestTrees.getDigestSize();
   gmssRandom = new GMSSRandom(messDigestTrees);
 }
示例#13
0
  public void init(boolean forSigning, CipherParameters param) {
    RSAKeyParameters kParam = (RSAKeyParameters) param;

    cipher.init(forSigning, kParam);

    keyBits = kParam.getModulus().bitLength();

    block = new byte[(keyBits + 7) / 8];

    if (trailer == TRAILER_IMPLICIT) {
      mBuf = new byte[block.length - digest.getDigestSize() - 2];
    } else {
      mBuf = new byte[block.length - digest.getDigestSize() - 3];
    }

    reset();
  }
示例#14
0
  private static BigInteger calculateHashForZeroKnowledgeProof(
      BigInteger g, BigInteger gr, BigInteger gx, String participantId, Digest digest) {
    digest.reset();

    updateDigestIncludingSize(digest, g);

    updateDigestIncludingSize(digest, gr);

    updateDigestIncludingSize(digest, gx);

    updateDigestIncludingSize(digest, participantId);

    byte[] output = new byte[digest.getDigestSize()];
    digest.doFinal(output, 0);

    return new BigInteger(output);
  }
示例#15
0
  /** Initializes the signature algorithm for signing a message. */
  private void initSign() {
    messDigestTrees.reset();
    // set private key and take from it ots key, auth, tree and key
    // counter, rootSign
    GMSSPrivateKeyParameters gmssPrivateKey = (GMSSPrivateKeyParameters) key;

    if (gmssPrivateKey.isUsed()) {
      throw new IllegalStateException("Private key already used");
    }

    // check if last signature has been generated
    if (gmssPrivateKey.getIndex(0) >= gmssPrivateKey.getNumLeafs(0)) {
      throw new IllegalStateException("No more signatures can be generated");
    }

    // get Parameterset
    this.gmssPS = gmssPrivateKey.getParameters();
    // get numLayer
    this.numLayer = gmssPS.getNumOfLayers();

    // get OTS Instance of lowest layer
    byte[] seed = gmssPrivateKey.getCurrentSeeds()[numLayer - 1];
    byte[] OTSSeed = new byte[mdLength];
    byte[] dummy = new byte[mdLength];
    System.arraycopy(seed, 0, dummy, 0, mdLength);
    OTSSeed =
        gmssRandom.nextSeed(
            dummy); // secureRandom.nextBytes(currentSeeds[currentSeeds.length-1]);secureRandom.nextBytes(OTSseed);
    this.ots =
        new WinternitzOTSignature(
            OTSSeed, digestProvider.get(), gmssPS.getWinternitzParameter()[numLayer - 1]);

    byte[][][] helpCurrentAuthPaths = gmssPrivateKey.getCurrentAuthPaths();
    currentAuthPaths = new byte[numLayer][][];

    // copy the main tree authentication path
    for (int j = 0; j < numLayer; j++) {
      currentAuthPaths[j] = new byte[helpCurrentAuthPaths[j].length][mdLength];
      for (int i = 0; i < helpCurrentAuthPaths[j].length; i++) {
        System.arraycopy(helpCurrentAuthPaths[j][i], 0, currentAuthPaths[j][i], 0, mdLength);
      }
    }

    // copy index
    index = new int[numLayer];
    System.arraycopy(gmssPrivateKey.getIndex(), 0, index, 0, numLayer);

    // copy subtreeRootSig
    byte[] helpSubtreeRootSig;
    subtreeRootSig = new byte[numLayer - 1][];
    for (int i = 0; i < numLayer - 1; i++) {
      helpSubtreeRootSig = gmssPrivateKey.getSubtreeRootSig(i);
      subtreeRootSig[i] = new byte[helpSubtreeRootSig.length];
      System.arraycopy(helpSubtreeRootSig, 0, subtreeRootSig[i], 0, helpSubtreeRootSig.length);
    }

    gmssPrivateKey.markUsed();
  }
示例#16
0
  /** update the internal digest with the byte b */
  public void update(byte b) {
    digest.update(b);

    if (preSig == null && messageLength < mBuf.length) {
      mBuf[messageLength] = b;
    }

    messageLength++;
  }
  /**
   * Computes the digest for all the data in the stream by reading data and hashing it in chunks.
   *
   * @param in Input stream containing data to be digested.
   * @return Message digest as byte array.
   * @throws IOException On input stream read errors.
   */
  public byte[] digest(final InputStream in) throws IOException {
    if (in == null) {
      throw new IllegalArgumentException("Input stream cannot be null.");
    }

    final byte[] buffer = new byte[CHUNK_SIZE];
    int count;
    if (salt != null) {
      digest.update(salt, 0, salt.length);
    }
    while ((count = in.read(buffer, 0, CHUNK_SIZE)) > 0) {
      digest.update(buffer, 0, count);
    }

    final byte[] hash = new byte[digest.getDigestSize()];
    digest.doFinal(hash, 0);
    return hash;
  }
示例#18
0
  /** Initializes the signature algorithm for verifying a signature. */
  private void initVerify() {
    messDigestTrees.reset();

    GMSSPublicKeyParameters gmssPublicKey = (GMSSPublicKeyParameters) key;
    pubKeyBytes = gmssPublicKey.getPublicKey();
    gmssPS = gmssPublicKey.getParameters();
    // get numLayer
    this.numLayer = gmssPS.getNumOfLayers();
  }
示例#19
0
  /** update the internal digest with the byte array in */
  public void update(byte[] in, int off, int len) {
    digest.update(in, off, len);

    if (preSig == null && messageLength < mBuf.length) {
      for (int i = 0; i < len && (i + messageLength) < mBuf.length; i++) {
        mBuf[messageLength + i] = in[off + i];
      }
    }

    messageLength += len;
  }
  /**
   * fill len bytes of the output buffer with bytes generated from the derivation function.
   *
   * @throws IllegalArgumentException if the size of the request will cause an overflow.
   * @throws DataLengthException if the out buffer is too small.
   */
  public int generateBytes(byte[] out, int outOff, int len)
      throws DataLengthException, IllegalArgumentException {
    if ((out.length - len) < outOff) {
      throw new DataLengthException("output buffer too small");
    }

    long oBytes = len;
    int outLen = digest.getDigestSize();

    //
    // this is at odds with the standard implementation, the
    // maximum value should be hBits * (2^32 - 1) where hBits
    // is the digest output size in bits. We can't have an
    // array with a long index at the moment...
    //
    if (oBytes > ((2L << 32) - 1)) {
      throw new IllegalArgumentException("Output length too large");
    }

    int cThreshold = (int) ((oBytes + outLen - 1) / outLen);

    byte[] dig = new byte[digest.getDigestSize()];

    byte[] C = new byte[4];
    Pack.intToBigEndian(counterStart, C, 0);

    int counterBase = counterStart & ~0xFF;

    for (int i = 0; i < cThreshold; i++) {
      digest.update(shared, 0, shared.length);
      digest.update(C, 0, C.length);

      if (iv != null) {
        digest.update(iv, 0, iv.length);
      }

      digest.doFinal(dig, 0);

      if (len > outLen) {
        System.arraycopy(dig, 0, out, outOff, outLen);
        outOff += outLen;
        len -= outLen;
      } else {
        System.arraycopy(dig, 0, out, outOff, len);
      }

      if (++C[3] == 0) {
        counterBase += 0x100;
        Pack.intToBigEndian(counterBase, C, 0);
      }
    }

    digest.reset();

    return (int) oBytes;
  }
  /**
   * Generate a key parameter derived from the password, salt, and iteration count we are currently
   * initialised with.
   *
   * @param keySize the size of the key we want (in bits)
   * @return a KeyParameter object.
   * @exception IllegalArgumentException if the key length larger than the base hash size.
   */
  public CipherParameters generateDerivedParameters(int keySize) {
    keySize = keySize / 8;

    if (keySize > digest.getDigestSize()) {
      throw new IllegalArgumentException(
          "Can't generate a derived key " + keySize + " bytes long.");
    }

    byte[] dKey = generateDerivedKey();

    return new KeyParameter(dKey, 0, keySize);
  }
示例#22
0
  /** reset the internal state */
  public void reset() {
    digest.reset();
    messageLength = 0;
    clearBlock(mBuf);

    if (recoveredMessage != null) {
      clearBlock(recoveredMessage);
    }

    recoveredMessage = null;
    fullMessage = false;
  }
示例#23
0
  /**
   * Returns a number <code>i</code> such that <code>0 &lt;= i &lt; N</code>.
   *
   * @return
   */
  int nextIndex() {
    if (!initialized) {
      buf = new BitString();
      byte[] hash = new byte[hashAlg.getDigestSize()];
      while (counter < minCallsR) {
        appendHash(buf, hash);
        counter++;
      }
      totLen = minCallsR * 8 * hLen;
      remLen = totLen;
      initialized = true;
    }

    while (true) {
      totLen += c;
      BitString M = buf.getTrailing(remLen);
      if (remLen < c) {
        int tmpLen = c - remLen;
        int cThreshold = counter + (tmpLen + hLen - 1) / hLen;
        byte[] hash = new byte[hashAlg.getDigestSize()];
        while (counter < cThreshold) {
          appendHash(M, hash);
          counter++;
          if (tmpLen > 8 * hLen) {
            tmpLen -= 8 * hLen;
          }
        }
        remLen = 8 * hLen - tmpLen;
        buf = new BitString();
        buf.appendBits(hash);
      } else {
        remLen -= c;
      }

      int i = M.getLeadingAsInt(c); // assume c<32
      if (i < (1 << c) - ((1 << c) % N)) {
        return i % N;
      }
    }
  }
示例#24
0
  // 1. m = [requested_number_of_bits / outlen]
  // 2. data = V.
  // 3. W = the Null string.
  // 4. For i = 1 to m
  // 4.1 wi = Hash (data).
  // 4.2 W = W || wi.
  // 4.3 data = (data + 1) mod 2^seedlen
  // .
  // 5. returned_bits = Leftmost (requested_no_of_bits) bits of W.
  private byte[] hashgen(byte[] input, int lengthInBits) {
    int digestSize = _digest.getDigestSize();
    int m = (lengthInBits / 8) / digestSize;

    byte[] data = new byte[input.length];
    System.arraycopy(input, 0, data, 0, input.length);

    byte[] W = new byte[lengthInBits / 8];

    byte[] dig = new byte[_digest.getDigestSize()];
    for (int i = 0; i <= m; i++) {
      doHash(data, dig);

      int bytesToCopy =
          ((W.length - i * dig.length) > dig.length) ? dig.length : (W.length - i * dig.length);
      System.arraycopy(dig, 0, W, i * dig.length, bytesToCopy);

      addTo(data, ONE);
    }

    return W;
  }
示例#25
0
  /**
   * Constructs a new index generator.
   *
   * @param seed a seed of arbitrary length to initialize the index generator with
   * @param params NtruEncrypt parameters
   */
  IndexGenerator(byte[] seed, NTRUEncryptionParameters params) {
    this.seed = seed;
    N = params.N;
    c = params.c;
    minCallsR = params.minCallsR;

    totLen = 0;
    remLen = 0;
    counter = 0;
    hashAlg = params.hashAlg;

    hLen = hashAlg.getDigestSize(); // hash length
    initialized = false;
  }
示例#26
0
  protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
    byte[] hash = new byte[digest.getDigestSize()];

    digest.doFinal(hash, 0);

    BigInteger[] sig;

    try {
      byte[] r = new byte[32];
      byte[] s = new byte[32];

      System.arraycopy(sigBytes, 0, s, 0, 32);

      System.arraycopy(sigBytes, 32, r, 0, 32);

      sig = new BigInteger[2];
      sig[0] = new BigInteger(1, r);
      sig[1] = new BigInteger(1, s);
    } catch (Exception e) {
      throw new SignatureException("error decoding signature bytes.");
    }

    return signer.verifySignature(hash, sig[0], sig[1]);
  }
示例#27
0
  /**
   * Generate a signer for the with either implicit or explicit trailers for ISO9796-2.
   *
   * @param cipher base cipher to use for signature creation/verification
   * @param digest digest to use.
   * @param implicit whether or not the trailer is implicit or gives the hash.
   */
  public ISO9796d2Signer(AsymmetricBlockCipher cipher, Digest digest, boolean implicit) {
    this.cipher = cipher;
    this.digest = digest;

    if (implicit) {
      trailer = TRAILER_IMPLICIT;
    } else {
      Integer trailerObj = (Integer) trailerMap.get(digest.getAlgorithmName());

      if (trailerObj != null) {
        trailer = trailerObj.intValue();
      } else {
        throw new IllegalArgumentException("no valid trailer for digest");
      }
    }
  }
  public byte[] calculateFingerprint(PublicKeyPacket publicPk) throws PGPException {
    BCPGKey key = publicPk.getKey();
    Digest digest;

    if (publicPk.getVersion() <= 3) {
      RSAPublicBCPGKey rK = (RSAPublicBCPGKey) key;

      try {
        digest = new MD5Digest();

        byte[] bytes = new MPInteger(rK.getModulus()).getEncoded();
        digest.update(bytes, 2, bytes.length - 2);

        bytes = new MPInteger(rK.getPublicExponent()).getEncoded();
        digest.update(bytes, 2, bytes.length - 2);
      } catch (IOException e) {
        throw new PGPException("can't encode key components: " + e.getMessage(), e);
      }
    } else {
      try {
        byte[] kBytes = publicPk.getEncodedContents();

        digest = new SHA1Digest();

        digest.update((byte) 0x99);
        digest.update((byte) (kBytes.length >> 8));
        digest.update((byte) kBytes.length);
        digest.update(kBytes, 0, kBytes.length);
      } catch (IOException e) {
        throw new PGPException("can't encode key components: " + e.getMessage(), e);
      }
    }

    byte[] digBuf = new byte[digest.getDigestSize()];

    digest.doFinal(digBuf, 0);

    return digBuf;
  }
示例#29
0
  protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
    CipherParameters param;

    if (privateKey instanceof ECKey) {
      param = ECUtil.generatePrivateKeyParameter(privateKey);
    } else {
      param = GOST3410Util.generatePrivateKeyParameter(privateKey);
    }

    digest.reset();

    if (random != null) {
      signer.init(true, new ParametersWithRandom(param, random));
    } else {
      signer.init(true, param);
    }
  }
  /** the derived key function, the ith hash of the password and the salt. */
  private byte[] generateDerivedKey() {
    byte[] digestBytes = new byte[digest.getDigestSize()];

    digest.update(password, 0, password.length);
    digest.update(salt, 0, salt.length);

    digest.doFinal(digestBytes, 0);
    for (int i = 1; i < iterationCount; i++) {
      digest.update(digestBytes, 0, digestBytes.length);
      digest.doFinal(digestBytes, 0);
    }

    return digestBytes;
  }