protected X9ECParameters createParameters() {
          int m = 571;
          int k1 = 2;
          int k2 = 5;
          int k3 = 10;

          BigInteger a = BigInteger.valueOf(1);
          BigInteger b =
              fromHex(
                  "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A");
          byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
          BigInteger n =
              fromHex(
                  "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47");
          BigInteger h = BigInteger.valueOf(2);

          ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
          // ECPoint G = curve.decodePoint(Hex.decode("03"
          // +
          // "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
                          + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));

          return new X9ECParameters(curve, G, n, h, S);
        }
        protected X9ECParameters createParameters() {
          // p = 2^521 - 1
          BigInteger p =
              fromHex(
                  "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
          BigInteger a =
              fromHex(
                  "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC");
          BigInteger b =
              fromHex(
                  "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00");
          byte[] S = Hex.decode("D09E8800291CB85396CC6717393284AAA0DA64BA");
          BigInteger n =
              fromHex(
                  "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409");
          BigInteger h = BigInteger.valueOf(1);

          ECCurve curve = new ECCurve.Fp(p, a, b);
          // ECPoint G = curve.decodePoint(Hex.decode("02"
          // +
          // "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"
                          + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"));

          return new X9ECParameters(curve, G, n, h, S);
        }
示例#3
0
  private void testNullCFB() throws InvalidCipherTextException {
    BufferedBlockCipher b = new BufferedBlockCipher(new CFBBlockCipher(new AESEngine(), 128));
    KeyParameter kp = new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917"));

    b.init(true, new ParametersWithIV(kp, new byte[16]));

    byte[] out = new byte[b.getOutputSize(tData.length)];

    int len = b.processBytes(tData, 0, tData.length, out, 0);

    len += b.doFinal(out, len);

    if (!areEqual(outCFB1, out)) {
      fail("no match on first nullCFB check");
    }

    b.init(true, new ParametersWithIV(null, Hex.decode("000102030405060708090a0b0c0d0e0f")));

    len = b.processBytes(tData, 0, tData.length, out, 0);

    len += b.doFinal(out, len);

    if (!areEqual(outCFB2, out)) {
      fail("no match on second nullCFB check");
    }
  }
        protected X9ECParameters createParameters() {
          // p = 2^384 - 2^128 - 2^96 + 2^32 - 1
          BigInteger p =
              fromHex(
                  "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF");
          BigInteger a =
              fromHex(
                  "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC");
          BigInteger b =
              fromHex(
                  "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF");
          byte[] S = Hex.decode("A335926AA319A27A1D00896A6773A4827ACDAC73");
          BigInteger n =
              fromHex(
                  "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973");
          BigInteger h = BigInteger.valueOf(1);

          ECCurve curve = new ECCurve.Fp(p, a, b);
          // ECPoint G = curve.decodePoint(Hex.decode("03"
          // +
          // "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"
                          + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"));

          return new X9ECParameters(curve, G, n, h, S);
        }
        protected X9ECParameters createParameters() {
          // p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1
          BigInteger p =
              fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
          BigInteger a =
              fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC");
          BigInteger b =
              fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B");
          byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90");
          BigInteger n =
              fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
          BigInteger h = BigInteger.valueOf(1);

          ECCurve curve = new ECCurve.Fp(p, a, b);
          // ECPoint G = curve.decodePoint(Hex.decode("03"
          // + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
                          + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"));

          return new X9ECParameters(curve, G, n, h, S);
        }
示例#6
0
  private void ctrCounterTest() {
    CipherParameters params =
        new ParametersWithIV(
            new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")),
            Hex.decode("000000000000000000000000000000"));
    SICBlockCipher engine = new SICBlockCipher(new AESEngine());

    engine.init(true, params);

    SecureRandom rand = new SecureRandom();
    byte[] cipher = new byte[256 * 16];
    byte[] plain = new byte[255 * 16];

    rand.nextBytes(plain);
    engine.processBytes(plain, 0, plain.length, cipher, 0);

    engine.init(true, params);

    byte[] fragment = new byte[20];

    plain = new byte[256 * 16];
    engine.init(true, params);

    try {
      engine.processBytes(plain, 0, plain.length, cipher, 0);
      fail("out of range data not caught");
    } catch (IllegalStateException e) {
      if (!"Counter in CTR/SIC mode out of range.".equals(e.getMessage())) {
        fail("wrong exception");
      }
    }
  }
        protected X9ECParameters createParameters() {
          int m = 283;
          int k1 = 5;
          int k2 = 7;
          int k3 = 12;

          BigInteger a = BigInteger.valueOf(1);
          BigInteger b =
              fromHex("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5");
          byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
          BigInteger n =
              fromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307");
          BigInteger h = BigInteger.valueOf(2);

          ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
          // ECPoint G = curve.decodePoint(Hex.decode("03"
          // + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
                          + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));

          return new X9ECParameters(curve, G, n, h, S);
        }
        protected X9ECParameters createParameters() {
          int m = 409;
          int k = 87;

          BigInteger a = BigInteger.valueOf(1);
          BigInteger b =
              fromHex(
                  "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F");
          byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
          BigInteger n =
              fromHex(
                  "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173");
          BigInteger h = BigInteger.valueOf(2);

          ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
          // ECPoint G = curve.decodePoint(Hex.decode("03"
          // +
          // "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
                          + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));

          return new X9ECParameters(curve, G, n, h, S);
        }
  /** from: http://www.ietf.org/rfc/rfc3211.txt */
  @Test
  public void pbkdf2ConformanceTest1() throws Exception {
    byte[] salt = Hex.decode("12 34 56 78 78 56 34 12");
    byte[] password = PasswordToByteConverter.convert("password", PKCS5);
    byte[] key = Hex.decode("D1 DA A7 86 15 F2 87 E6");

    assertThat(
        getKDFInstance(new PBKDF2Parameters(8, 5, salt)).derive(password).getKey(), equalTo(key));
  }
示例#10
0
  private void testNONEwithECDSA239bitPrime() throws Exception {
    ECCurve curve =
        new ECCurve.Fp(
            new BigInteger(
                "883423532389192164791648750360308885314476597252960362792450860609699839"), // q
            new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
            new BigInteger(
                "6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b

    ECParameterSpec spec =
        new ECParameterSpec(
            curve,
            curve.decodePoint(
                Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
            new BigInteger(
                "883423532389192164791648750360308884807550341691627752275345424702807307")); // n

    ECPrivateKeySpec priKey =
        new ECPrivateKeySpec(
            new BigInteger(
                "876300101507107567501066130761671078357010671067781776716671676178726717"), // d
            spec);

    ECPublicKeySpec pubKey =
        new ECPublicKeySpec(
            curve.decodePoint(
                Hex.decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
            spec);

    Signature sgr = Signature.getInstance("NONEwithECDSA", "BC");
    KeyFactory f = KeyFactory.getInstance("ECDSA", "BC");
    PrivateKey sKey = f.generatePrivate(priKey);
    PublicKey vKey = f.generatePublic(pubKey);
    SecureRandom k = new SecureRandom();

    byte[] message = "abc".getBytes();
    byte[] sig =
        Hex.decode(
            "3040021e2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0021e64cb19604be06c57e761b3de5518f71de0f6e0cd2df677cec8a6ffcb690d");

    checkMessage(sgr, sKey, vKey, message, sig);

    message = "abcdefghijklmnopqrstuvwxyz".getBytes();
    sig =
        Hex.decode(
            "3040021e2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0021e43fd65b3363d76aabef8630572257dbb67c82818ad9fad31256539b1b02c");

    checkMessage(sgr, sKey, vKey, message, sig);

    message = "a very very long message gauranteed to cause an overflow".getBytes();
    sig =
        Hex.decode(
            "3040021e2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0021e7d5be84b22937a1691859a3c6fe45ed30b108574431d01b34025825ec17a");

    checkMessage(sgr, sKey, vKey, message, sig);
  }
  /** from: http://pythonhosted.org/passlib/lib/passlib.hash.atlassian_pbkdf2_sha1.html */
  @Test
  public void pbkdf2ConfluenceTest() throws Exception {
    byte[] salt = Hex.decode("0d0217254d37f2ee0fec576cb854d8ff");
    byte[] password = PasswordToByteConverter.convert("password");
    byte[] key = Hex.decode("edf96e6e3591f8d96b9ed4addc47a7632edea176bb2fa8a03fa3179b75b5bf09");

    assertThat(
        getKDFInstance(new PBKDF2Parameters(32, 10000, salt)).derive(password).getKey(),
        equalTo(key));
  }
示例#12
0
  public void performTest() throws Exception {
    for (int i = 0; i != cipherTests.length; i += 8) {
      testECB(
          Integer.parseInt(cipherTests[i]),
          Hex.decode(cipherTests[i + 1]),
          Hex.decode(cipherTests[i + 2]),
          Hex.decode(cipherTests[i + 3]));

      testCFB(
          Integer.parseInt(cipherTests[i + 4]),
          Hex.decode(cipherTests[i + 4 + 1]),
          Hex.decode(cipherTests[i + 4 + 2]),
          Hex.decode(cipherTests[i + 4 + 3]));

      oidTest();
    }

    Mac mac = Mac.getInstance("GOST28147MAC", "BC");

    mac.init(
        new SecretKeySpec(
            Hex.decode("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"),
            "GOST28147"));

    if (!Arrays.areEqual(
        Hex.decode("1b69996e"),
        mac.doFinal(Hex.decode("4e6f77206973207468652074696d6520666f7220616c6c20")))) {
      fail("mac test falied.");
    }
  }
示例#13
0
  private void runVector(StreamCipher hc, String fileName, PeekableLineReader r, String vectorName)
      throws IOException {
    //        System.out.println(fileName + " => " + vectorName);
    String hexKey = readBlock(r);
    String hexIV = readBlock(r);

    CipherParameters cp = new KeyParameter(Hex.decode(hexKey));
    cp = new ParametersWithIV(cp, Hex.decode(hexIV));
    hc.init(true, cp);

    byte[] input = new byte[64];
    byte[] output = new byte[64];
    byte[] digest = new byte[64];
    int pos = 0;

    for (; ; ) {
      String line1 = r.peekLine().trim();
      int equalsPos = line1.indexOf('=');
      String lead = line1.substring(0, equalsPos - 1);

      String hexData = readBlock(r);
      byte[] data = Hex.decode(hexData);

      if (lead.equals("xor-digest")) {
        if (!Arrays.areEqual(data, digest)) {
          fail("Failed in " + fileName + " for test vector: " + vectorName + " at " + lead);
          //                  System.out.println(fileName + " => " + vectorName + " failed at " +
          // lead); return;
        }
        break;
      }

      int posA = lead.indexOf('[');
      int posB = lead.indexOf("..");
      int posC = lead.indexOf(']');
      int start = Integer.parseInt(lead.substring(posA + 1, posB));
      int end = Integer.parseInt(lead.substring(posB + 2, posC));

      if (start % 64 != 0 || (end - start != 63)) {
        throw new IllegalStateException(vectorName + ": " + lead + " not on 64 byte boundaries");
      }

      while (pos < end) {
        hc.processBytes(input, 0, input.length, output, 0);
        xor(digest, output);
        pos += 64;
      }

      if (!Arrays.areEqual(data, output)) {
        fail("Failed in " + fileName + " for test vector: " + vectorName + " at " + lead);
        //              System.out.println(fileName + " => " + vectorName + " failed at " + lead);
        // return;
      }
    }
  }
  /** from: http://www.ietf.org/rfc/rfc3211.txt */
  @Test
  public void pbkdf2ConformanceTest2() throws Exception {
    byte[] salt = Hex.decode("12 34 56 78 78 56 34 12");
    byte[] password =
        PasswordToByteConverter.convert(
            "All n-entities must communicate with other n-entities via n-1 entiteeheehees", PKCS5);
    byte[] key = Hex.decode("6A 89 70 BF 68 C9 2C AE A8 4A 8D F2 85 10 85 86");

    assertThat(
        getKDFInstance(new PBKDF2Parameters(16, 500, salt)).derive(password).getKey(),
        equalTo(key));
  }
  @Test
  public void pbkdf2WithIVTest() throws Exception {
    byte[] salt = Hex.decode("12 34 56 78 78 56 34 12");
    byte[] password = PasswordToByteConverter.convert("password");
    byte[] key = Hex.decode("d1daa78615f287e6a1c8b120d7062a493f98d203e6be49a6adf4fa574b6e64ee");
    byte[] iv = Hex.decode("df377ef2e8ad463fb711f1b4ff27139a");

    KeyWithIVParameters params =
        getKDFInstance(new PBKDF2Parameters(32, 5, salt)).derive(password, 16);

    assertThat(params.getKey(), equalTo(key));
    assertThat(params.getIV(), equalTo(iv));
  }
示例#16
0
/** DHKEK Generator tests - from RFC 2631. */
public class DHKEKGeneratorTest extends SimpleTest {
  private byte[] seed1 = Hex.decode("000102030405060708090a0b0c0d0e0f10111213");
  private DERObjectIdentifier alg1 = PKCSObjectIdentifiers.id_alg_CMS3DESwrap;
  private byte[] result1 = Hex.decode("a09661392376f7044d9052a397883246b67f5f1ef63eb5fb");

  private byte[] seed2 = Hex.decode("000102030405060708090a0b0c0d0e0f10111213");
  private DERObjectIdentifier alg2 = PKCSObjectIdentifiers.id_alg_CMSRC2wrap;
  private byte[] partyAInfo =
      Hex.decode(
          "0123456789abcdeffedcba9876543201"
              + "0123456789abcdeffedcba9876543201"
              + "0123456789abcdeffedcba9876543201"
              + "0123456789abcdeffedcba9876543201");
  private byte[] result2 = Hex.decode("48950c46e0530075403cce72889604e0");

  public DHKEKGeneratorTest() {}

  public void performTest() {
    checkMask(
        1, new DHKEKGenerator(new SHA1Digest()), new DHKDFParameters(alg1, 192, seed1), result1);
    checkMask(
        2,
        new DHKEKGenerator(new SHA1Digest()),
        new DHKDFParameters(alg2, 128, seed2, partyAInfo),
        result2);
  }

  private void checkMask(
      int count, DerivationFunction kdf, DerivationParameters params, byte[] result) {
    byte[] data = new byte[result.length];

    kdf.init(params);

    kdf.generateBytes(data, 0, data.length);

    if (!areEqual(result, data)) {
      fail("DHKEKGenerator failed generator test " + count);
    }
  }

  public String getName() {
    return "DHKEKGenerator";
  }

  public static void main(String[] args) {
    runTest(new DHKEKGeneratorTest());
  }
}
示例#17
0
  /** signature with a "forged signature" (sig block not at end of plain text) */
  private void testBadSig(PrivateKey priv, PublicKey pub) throws Exception {
    MessageDigest sha1 = MessageDigest.getInstance("SHA1", "BC");
    Cipher signer = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");

    signer.init(Cipher.ENCRYPT_MODE, priv);

    byte[] block = new byte[signer.getBlockSize()];

    sha1.update((byte) 0);

    byte[] sigHeader = Hex.decode("3021300906052b0e03021a05000414");
    System.arraycopy(sigHeader, 0, block, 0, sigHeader.length);

    byte[] dig = sha1.digest();

    System.arraycopy(dig, 0, block, sigHeader.length, dig.length);

    System.arraycopy(sigHeader, 0, block, sigHeader.length + dig.length, sigHeader.length);

    byte[] sig = signer.doFinal(block);

    Signature verifier = Signature.getInstance("SHA1WithRSA", "BC");

    verifier.initVerify(pub);

    verifier.update((byte) 0);

    if (verifier.verify(sig)) {
      fail("bad signature passed");
    }
  }
  private static BigInteger calculateGenerator_FIPS186_3_Verifiable(
      Digest d, BigInteger p, BigInteger q, byte[] seed, int index) {
    // A.2.3 Verifiable Canonical Generation of the Generator g
    BigInteger e = p.subtract(ONE).divide(q);
    byte[] ggen = Hex.decode("6767656E");

    // 7. U = domain_parameter_seed || "ggen" || index || count.
    byte[] U = new byte[seed.length + ggen.length + 1 + 2];
    System.arraycopy(seed, 0, U, 0, seed.length);
    System.arraycopy(ggen, 0, U, seed.length, ggen.length);
    U[U.length - 3] = (byte) index;

    byte[] w = new byte[d.getDigestSize()];
    for (int count = 1; count < (1 << 16); ++count) {
      inc(U);
      hash(d, U, w);
      BigInteger W = new BigInteger(1, w);
      BigInteger g = W.modPow(e, p);
      if (g.compareTo(TWO) >= 0) {
        return g;
      }
    }

    return null;
  }
        protected X9ECParameters createParameters() {
          int m = 283;
          int k1 = 5;
          int k2 = 7;
          int k3 = 12;

          BigInteger a = ECConstants.ZERO;
          BigInteger b = BigInteger.valueOf(1);
          byte[] S = null;
          BigInteger n =
              fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61");
          BigInteger h = BigInteger.valueOf(4);

          ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
          // ECPoint G = curve.decodePoint(Hex.decode("02"
          // + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
                          + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));

          return new X9ECParameters(curve, G, n, h, S);
        }
        protected X9ECParameters createParameters() {
          int m = 571;
          int k1 = 2;
          int k2 = 5;
          int k3 = 10;

          BigInteger a = ECConstants.ZERO;
          BigInteger b = BigInteger.valueOf(1);
          byte[] S = null;
          BigInteger n =
              fromHex(
                  "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001");
          BigInteger h = BigInteger.valueOf(4);

          ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
          // ECPoint G = curve.decodePoint(Hex.decode("02"
          // +
          // "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
                          + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));

          return new X9ECParameters(curve, G, n, h, S);
        }
        protected X9ECParameters createParameters() {
          int m = 409;
          int k = 87;

          BigInteger a = ECConstants.ZERO;
          BigInteger b = BigInteger.valueOf(1);
          byte[] S = null;
          BigInteger n =
              fromHex(
                  "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF");
          BigInteger h = BigInteger.valueOf(4);

          ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
          // ECPoint G = curve.decodePoint(Hex.decode("03"
          // +
          // "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04"
                          + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
                          + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));

          return new X9ECParameters(curve, G, n, h, S);
        }
  @Test
  public void testImportBadEncodedUserId() throws Exception {

    UncachedKeyRing key = readRingFromResource("/test-keys/bad_user_id_encoding.asc");
    long keyId = key.getMasterKeyId();

    SaveKeyringResult result;

    result = mProviderHelper.savePublicKeyRing(key, new ProgressScaler(), null);
    Assert.assertTrue("import of keyring should succeed", result.success());

    CanonicalizedPublicKeyRing ring = mProviderHelper.getCanonicalizedPublicKeyRing(keyId);
    boolean found = false;
    byte[] badUserId =
        Hex.decode(
            "436c61757320467261656e6b656c203c436c6175732e4672e46e6b656c4068616c696661782e727774682d61616368656e2e64653e");
    for (byte[] rawUserId :
        new IterableIterator<byte[]>(ring.getUnorderedRawUserIds().iterator())) {
      if (Arrays.equals(rawUserId, badUserId)) {
        found = true;
      }
    }

    Assert.assertTrue("import of the badly encoded user id should succeed", found);
  }
  @Test
  public void testPromoteDivert() throws Exception {
    PromoteKeyOperation op =
        new PromoteKeyOperation(
            RuntimeEnvironment.application,
            new ProviderHelper(RuntimeEnvironment.application),
            null,
            null);

    byte[] aid = Hex.decode("D2760001240102000000012345670000");

    PromoteKeyResult result =
        op.execute(new PromoteKeyringParcel(mStaticRing.getMasterKeyId(), aid, null), null);

    Assert.assertTrue("promotion must succeed", result.success());

    {
      CanonicalizedSecretKeyRing ring =
          new ProviderHelper(RuntimeEnvironment.application)
              .getCanonicalizedSecretKeyRing(mStaticRing.getMasterKeyId());

      for (CanonicalizedSecretKey key : ring.secretKeyIterator()) {
        Assert.assertEquals(
            "all subkeys must be divert-to-card",
            SecretKeyType.DIVERT_TO_CARD,
            key.getSecretKeyTypeSuperExpensive());
        Assert.assertArrayEquals("all subkeys must have correct iv", aid, key.getIv());
      }
    }
  }
示例#24
0
 private static byte[] decrypt(byte[] decoded, String dekInfo, char[] passwd)
     throws IOException, GeneralSecurityException {
   if (passwd == null) {
     throw new IOException("Password is null, but a password is required");
   }
   StringTokenizer tknz = new StringTokenizer(dekInfo, ",");
   String algorithm = tknz.nextToken();
   byte[] iv = Hex.decode(tknz.nextToken());
   if (!CipherModule.isSupportedCipher(algorithm)) {
     throw new IOException("Unknown algorithm: " + algorithm);
   }
   String[] cipher = org.jruby.ext.openssl.Cipher.Algorithm.osslToJsse(algorithm);
   String realName = cipher[3];
   int[] lengths = org.jruby.ext.openssl.Cipher.Algorithm.osslKeyIvLength(algorithm);
   int keyLen = lengths[0];
   int ivLen = lengths[1];
   if (iv.length != ivLen) {
     throw new IOException("Illegal IV length");
   }
   byte[] salt = new byte[8];
   System.arraycopy(iv, 0, salt, 0, 8);
   OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator();
   pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(passwd), salt);
   KeyParameter param = (KeyParameter) pGen.generateDerivedParameters(keyLen * 8);
   SecretKey secretKey = new javax.crypto.spec.SecretKeySpec(param.getKey(), realName);
   Cipher c = Cipher.getInstance(realName);
   c.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
   return c.doFinal(decoded);
 }
  @Test
  public void pbkdf2PKCS12Test() throws Exception {
    byte[] salt = Hex.decode("12 34 56 78 78 56 34 12");
    byte[] password = PasswordToByteConverter.convert("password", PKCS12);
    byte[] key = new byte[] {5, 54, -36, -24, 96, -76, 7, -128};

    assertThat(
        getKDFInstance(new PBKDF2Parameters(8, 5, salt)).derive(password).getKey(), equalTo(key));
  }
示例#26
0
  public void doTest(String testname, KeyPairGenerator g, String cipher, IESParameterSpec p)
      throws Exception {

    byte[] message = Hex.decode("0102030405060708090a0b0c0d0e0f10111213141516");
    byte[] out1, out2;

    // Generate static key pair
    KeyPair KeyPair = g.generateKeyPair();
    ECPublicKey Pub = (ECPublicKey) KeyPair.getPublic();
    ECPrivateKey Priv = (ECPrivateKey) KeyPair.getPrivate();

    Cipher c1 = Cipher.getInstance(cipher);
    Cipher c2 = Cipher.getInstance(cipher);

    // Testing with null parameters and DHAES mode off
    c1.init(Cipher.ENCRYPT_MODE, Pub, new SecureRandom());
    c2.init(Cipher.DECRYPT_MODE, Priv, new SecureRandom());
    out1 = c1.doFinal(message, 0, message.length);
    out2 = c2.doFinal(out1, 0, out1.length);
    if (!areEqual(out2, message))
      fail(testname + " test failed with null parameters, DHAES mode false.");

    // Testing with given parameters and DHAES mode off
    c1.init(Cipher.ENCRYPT_MODE, Pub, p, new SecureRandom());
    c2.init(Cipher.DECRYPT_MODE, Priv, p, new SecureRandom());
    out1 = c1.doFinal(message, 0, message.length);
    out2 = c2.doFinal(out1, 0, out1.length);
    if (!areEqual(out2, message))
      fail(testname + " test failed with non-null parameters, DHAES mode false.");

    // TODO: DHAES mode is not currently implemented, perhaps it shouldn't be...
    //        c1 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding","BC");
    //        c2 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding","BC");
    //
    //        // Testing with null parameters and DHAES mode on
    //        c1.init(Cipher.ENCRYPT_MODE, Pub, new SecureRandom());
    //        c2.init(Cipher.DECRYPT_MODE, Priv, new SecureRandom());
    //
    //        out1 = c1.doFinal(message, 0, message.length);
    //        out2 = c2.doFinal(out1, 0, out1.length);
    //        if (!areEqual(out2, message))
    //            fail(testname + " test failed with null parameters, DHAES mode true.");
    //
    //        c1 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding");
    //        c2 = Cipher.getInstance(cipher + "/DHAES/PKCS7Padding");
    //
    //        // Testing with given parameters and DHAES mode on
    //        c1.init(Cipher.ENCRYPT_MODE, Pub, p, new SecureRandom());
    //        c2.init(Cipher.DECRYPT_MODE, Priv, p, new SecureRandom());
    //
    //        out1 = c1.doFinal(message, 0, message.length);
    //        out2 = c2.doFinal(out1, 0, out1.length);
    //        if (!areEqual(out2, message))
    //            fail(testname + " test failed with non-null parameters, DHAES mode true.");

  }
示例#27
0
  public void testKEKDESede() throws Exception {
    tryKekAlgorithm(
        CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"));

    DEROctetString iv = new DEROctetString(Hex.decode("0001020304050607"));
    tryKekAlgorithm(
        CMSTestUtil.makeDesede192Key(),
        new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"),
        iv.getEncoded());
  }
        protected X9ECParameters createParameters() {
          // p = (2^128 - 3) / 76439
          BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B");
          BigInteger a = fromHex("DB7C2ABF62E35E668076BEAD2088");
          BigInteger b = fromHex("659EF8BA043916EEDE8911702B22");
          byte[] S = Hex.decode("00F50B028E4D696E676875615175290472783FB1");
          BigInteger n = fromHex("DB7C2ABF62E35E7628DFAC6561C5");
          BigInteger h = BigInteger.valueOf(1);

          ECCurve curve = new ECCurve.Fp(p, a, b);
          // ECPoint G = curve.decodePoint(Hex.decode("02"
          // + "09487239995A5EE76B55F9C2F098"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04" + "09487239995A5EE76B55F9C2F098" + "A89CE5AF8724C0A23E0E0FF77500"));

          return new X9ECParameters(curve, G, n, h, S);
        }
        protected X9ECParameters createParameters() {
          // p = (2^128 - 3) / 76439
          BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B");
          BigInteger a = fromHex("6127C24C05F38A0AAAF65C0EF02C");
          BigInteger b = fromHex("51DEF1815DB5ED74FCC34C85D709");
          byte[] S = Hex.decode("002757A1114D696E6768756151755316C05E0BD4");
          BigInteger n = fromHex("36DF0AAFD8B8D7597CA10520D04B");
          BigInteger h = BigInteger.valueOf(4);

          ECCurve curve = new ECCurve.Fp(p, a, b);
          // ECPoint G = curve.decodePoint(Hex.decode("03"
          // + "4BA30AB5E892B4E1649DD0928643"));
          ECPoint G =
              curve.decodePoint(
                  Hex.decode(
                      "04" + "4BA30AB5E892B4E1649DD0928643" + "ADCD46F5882E3747DEF36E956E97"));

          return new X9ECParameters(curve, G, n, h, S);
        }
示例#30
0
  /** @param args */
  public static void main(String[] args) throws Exception {
    if (args.length < 3) {
      System.err.println(
          "Usage: OSSLoadAgent OSS_URL SECRET_NAME WRAPPED_PASSPHRASE AGENT_AUTH_SOCK [KEY_FILE]");
      System.exit(1);
    }

    SSHAgentClient sshAgent = new SSHAgentClient(args[2]);

    // Get the secret from OSS
    // FIXME ? Provide a way to specify the ssh signing key fingerprint
    byte[] secret = OSSClient.getSecret(args[0], args[1], null);
    // Use the secret to unwrap the passphrase
    byte[] unwrap = CryptoHelper.unwrapBlob(secret, Hex.decode(args[3]));
    String password = new String(unwrap, "UTF-8");

    // Read private keys
    // openssh store it in PEM format
    List<File> sshKeyFiles;
    if (args.length > 4) {
      sshKeyFiles = new ArrayList<File>(1);
      sshKeyFiles.add(new File(args[4]));
    } else {
      sshKeyFiles = getDefaultsKeyFiles();
    }

    for (File sshKeyFile : sshKeyFiles) {
      Reader fRd = new BufferedReader(new FileReader(sshKeyFile));
      PEMReader pem = new PEMReader(fRd, new DefaultPasswordFinder(password.toCharArray()), "BC");

      Object o;
      try {
        while ((o = pem.readObject()) != null) {
          if (o instanceof KeyPair) {
            KeyPair kp = (KeyPair) o;
            // Add the identity in the ssh-agent
            byte[] keyblob = CryptoHelper.sshPrivateKeyBlobFromKeyPair(kp);
            System.out.println("Loading " + sshKeyFile.getPath());
            sshAgent.addIdentity(keyblob, sshKeyFile.getPath());
          }
        }
      } catch (EncryptionException ee) {
        System.err.println("Can't read private key in " + sshKeyFile.getAbsolutePath());
        ee.printStackTrace();
      }

      pem.close();
    }

    System.out.println("Keys in agent:");
    List<SSHKey> identities = sshAgent.requestIdentities();
    for (SSHKey identity : identities) {
      System.out.println(identity);
    }
  }