Search in sources :

Example 1 with MACValue

use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.

the class MultiThreadMacSample method run.

public void run() {
    try {
        System.out.println("[" + Thread.currentThread().getName() + "] starting sample.");
        // create and initialize mac object
        NAEMac mac = NAEMac.getNAEMacInstance("HmacSHA512", "IngrianProvider");
        mac.init(_key);
        // Generate random data to mac
        SecureRandom rng = SecureRandom.getInstance("IngrianRNG", "IngrianProvider");
        byte[] randomBytes = new byte[16];
        rng.nextBytes(randomBytes);
        String dataToMac = new String(randomBytes);
        // perform the mac operation and send message string to Key Manager
        mac.setMessage("client is creating mac: " + Thread.currentThread().getName());
        byte[] macValue = mac.doFinal(dataToMac.getBytes());
        // create and initialize mac object for verification
        NAEMac macV = NAEMac.getNAEMacInstance("HmacSHA512Verify", "IngrianProvider");
        macV.init(_key, new MACValue(macValue));
        // perform the macV operation and send message string to Key Manager
        macV.setMessage("client is verifying the mac: " + Thread.currentThread().getName());
        byte[] result = macV.doFinal(dataToMac.getBytes());
        // check verification result
        if (result.length != 1 || result[0] != 1) {
            System.out.println(Thread.currentThread().getName() + " Invalid MAC.");
        } else {
            System.out.println(Thread.currentThread().getName() + " MAC Verified OK.");
        }
    } catch (Exception e) {
        System.out.println("Got exception: " + e);
        e.printStackTrace();
    }
}
Also used : NAEMac(com.ingrian.security.nae.NAEMac) SecureRandom(java.security.SecureRandom) MACValue(com.ingrian.security.nae.MACValue)

Example 2 with MACValue

use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.

the class CustomLoggerSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.println("Usage: java CustomLoggerSample user password keyname");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider(new JavaUtilLogger()));
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
    System.out.println("Data to mac \"" + dataToMac + "\"");
    NAESession session = null;
    try {
        // create HMAC key on the Key Manager
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // create key which is exportable and deletable,
        // key owner is passed in Key Manager user.
        // For HmacSHA1 key length 160 bits
        // For HmacSHA256 key length is 256 bits
        // For HmacSHA384 key length is 384 bits
        // For HmacSHA512 key length is 512 bits
        NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
        KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
        kg.init(spec);
        SecretKey secret_key = kg.generateKey();
        // get the handle to created key
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        // create MAC instance to get the message authentication code
        Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
        mac.init(key);
        byte[] macValue = mac.doFinal(dataToMac.getBytes());
        // create MAC instance to verify the message authentication code
        Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
        macV.init(key, new MACValue(macValue));
        byte[] result = macV.doFinal(dataToMac.getBytes());
        // check verification result
        if (result.length != 1 || result[0] != 1) {
            System.out.println("Invalid MAC.");
        } else {
            System.out.println("MAC Verified OK.");
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEKey(com.ingrian.security.nae.NAEKey) Mac(javax.crypto.Mac) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) MACValue(com.ingrian.security.nae.MACValue) SecretKey(javax.crypto.SecretKey) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 3 with MACValue

use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.

the class HKDFSecretKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 7) {
        System.err.println("Usage: java HKDFSecretKeySample user password masterKeyName aesKeyName_1 aesKeyName_2 hmacKeyName_1 hmacKeyName_2 ");
        System.exit(-1);
    /*
			 * Usage description: 
			 * masterKeyName: Master key to create the AES and Hmac keys. 
			 * aesKeyName_1 and aesKeyName_2: AES key names to be created. These are used to determine that their key data is same 
			 * using Encryption/Decryption operation.  
			 * hmacKeyName_1 and hmacKeyName_2: Hmac key names to be created. These are used to determine that their key data is same
			 * using MAC/MACVerify operation. 
			 * 
			 */
    }
    String username = args[0];
    String password = args[1];
    String masterKeyName = args[2];
    String aesKeyName_1 = args[3];
    String aesKeyName_2 = args[4];
    String hmacKeyName_1 = args[5];
    String hmacKeyName_2 = args[6];
    // Add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
    NAESession session = null;
    try {
        // Creates NAE Session: pass in NAE user name and password
        session = NAESession.getSession(username, password.toCharArray());
        byte[] salt = "010203".getBytes();
        byte[] info = "010203".getBytes();
        int size = 256;
        // Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec aesSpec = new HKDFParameterSpec(aesKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        // Initializes key generator with parameter spec to generate the AES key
        kg.init(aesSpec);
        // Creates AES Key on Key Manager
        NAEKey nae_key_aes_1 = (NAEKey) kg.generateKey();
        System.out.println("AES Key: " + aesKeyName_1 + " generated Successfully");
        // Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec aesSpec_2 = new HKDFParameterSpec(aesKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        // Initializes key generator with parameter spec to generate the AES key
        kg.init(aesSpec_2);
        // Creates AES Key on Key Manager
        NAEKey nae_key_aes_2 = (NAEKey) kg.generateKey();
        System.out.println("AES Key: " + aesKeyName_2 + " generated Successfully");
        // Below code illustrates that two keys created using HKDF have same key data using Encryption/Decryption operation
        String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
        // Note: HKDF generates same key data on Key Manager but they have different default IV
        // That is why we are passing the external iv when using AES in CBC mode
        byte[] iv = "1234567812345678".getBytes();
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // Get a cipher
        Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // Initialize cipher to encrypt
        encryptCipher.init(Cipher.ENCRYPT_MODE, nae_key_aes_1, ivSpec);
        // Encrypt data
        byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
        // Get a cipher for decryption
        Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // To decrypt data, initialize cipher to decrypt
        decryptCipher.init(Cipher.DECRYPT_MODE, nae_key_aes_2, ivSpec);
        // Decrypt data
        byte[] newbuf = decryptCipher.doFinal(outbuf);
        if (dataToEncrypt.equals(new String(newbuf))) {
            System.out.println("AES keys generated have same key data.");
        } else {
            System.out.println("AES keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
            nae_key_aes_1.delete();
            nae_key_aes_2.delete();
        }
        // Below code illustrates that two keys created using HKDF have same key data using MAC/MACVerify operation
        // Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec hamcSpec_1 = new HKDFParameterSpec(hmacKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        KeyGenerator kg1 = KeyGenerator.getInstance("HmacSHA256", "IngrianProvider");
        // Initializes key generator with parameter spec to generate the HmacSHA256 key
        kg1.init(hamcSpec_1);
        // Creates HmacSHA256 key on Key Manager
        NAEKey nae_key_hmac_1 = (NAEKey) kg1.generateKey();
        System.out.println("Hmac Key: " + hmacKeyName_1 + " generated Successfully");
        // Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec hamcSpec_2 = new HKDFParameterSpec(hmacKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        // Initializes key generator with parameter spec to generate the HmacSHA256 key
        kg1.init(hamcSpec_2);
        // To illustrate two key bytes generated by HKDF are same
        // Creates HmacSHA256 key on Key Manager
        NAEKey nae_key_hmac_2 = (NAEKey) kg1.generateKey();
        System.out.println("Hmac Key: " + hmacKeyName_2 + " generated Successfully");
        // Creates MAC instance to get the message authentication code using first key
        Mac mac = Mac.getInstance("HmacSHA256", "IngrianProvider");
        mac.init(nae_key_hmac_1);
        byte[] macValue = mac.doFinal(dataToMac.getBytes());
        // Creates MAC instance to verify the message authentication code using second key
        Mac macV = Mac.getInstance("HmacSHA256Verify", "IngrianProvider");
        macV.init(nae_key_hmac_2, new MACValue(macValue));
        byte[] result = macV.doFinal(dataToMac.getBytes());
        // Check verification result
        if (result.length != 1 || result[0] != 1) {
            System.out.println("HMAC256 keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
            nae_key_hmac_1.delete();
            nae_key_hmac_2.delete();
        } else {
            System.out.println("HMAC256 Keys generated have same key data.");
        }
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : NAEKey(com.ingrian.security.nae.NAEKey) HKDFParameterSpec(com.ingrian.security.nae.HKDFParameterSpec) Mac(javax.crypto.Mac) IngrianProvider(com.ingrian.security.nae.IngrianProvider) MACValue(com.ingrian.security.nae.MACValue) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 4 with MACValue

use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.

the class CryptoTool method doMACV.

/**
 * Verifies a MAC value based on the input parameters. If verified,
 * it prints "MAC Verified OK" to the output stream.
 * @param keyName Key name to use
 * @param algName Algorithm name to use
 * @param macValue MAC value to use
 * @param session NAESession
 * @throws Exception
 * @return Returns whether the operation was successful
 */
private static boolean doMACV(String keyName, String algName, byte[] macValue, NAESession session) throws Exception {
    // error checking
    if (keyName == null) {
        System.err.println("Missing key name");
        return false;
    }
    if (algName == null) {
        System.err.println("Missing algorithm name");
        return false;
    }
    if (macValue == null && !algName.equals("IngrianHMac")) {
        System.err.println("Missing mac value to verify");
        return false;
    }
    // retrieve secret key
    SecretKey key = NAEKey.getSecretKey(keyName, session);
    byte[] buffer = new byte[BUFFER_LEN];
    int readBytes;
    // create MAC instance
    Mac mac = Mac.getInstance(algName + "Verify", "IngrianProvider");
    mac.init(key, new MACValue(macValue));
    // use the MAC instance to verify the input stream
    while ((readBytes = is.read(buffer)) >= 0) {
        mac.update(buffer, 0, readBytes);
    }
    byte[] result = mac.doFinal();
    // to output stream
    if (result.length != 1 || result[0] != 1) {
        os.write("Invalid MAC\n".getBytes());
    } else {
        os.write("MAC Verified OK\n".getBytes());
    }
    return true;
}
Also used : SecretKey(javax.crypto.SecretKey) Mac(javax.crypto.Mac) MACValue(com.ingrian.security.nae.MACValue)

Example 5 with MACValue

use of com.ingrian.security.nae.MACValue in project CipherTrust_Application_Protection by thalescpl-io.

the class HMACSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.println("Usage: java HMACSample user password hmacKeyName");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
    System.out.println("Data to mac \"" + dataToMac + "\"");
    NAESession session = null;
    try {
        // create HMAC key on the server
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // create key which is exportable and deletable,
        // key owner is passed in Key Manager user.
        // For HmacSHA1 key length 160 bits
        // For HmacSHA256 key length is 256 bits
        // For HmacSHA384 key length is 384 bits
        // For HmacSHA512 key length is 512 bits
        NAEParameterSpec spec = new NAEParameterSpec(keyName, true, true, 160, session);
        KeyGenerator kg = KeyGenerator.getInstance("HmacSHA1", "IngrianProvider");
        kg.init(spec);
        SecretKey secret_key = kg.generateKey();
        // get the handle to created key
        NAEKey key = NAEKey.getSecretKey(keyName, session);
        // create MAC instance to get the message authentication code
        Mac mac = Mac.getInstance("HmacSHA1", "IngrianProvider");
        mac.init(key);
        byte[] macValue = mac.doFinal(dataToMac.getBytes());
        // create MAC instance to verify the message authentication code
        Mac macV = Mac.getInstance("HmacSHA1Verify", "IngrianProvider");
        macV.init(key, new MACValue(macValue));
        byte[] result = macV.doFinal(dataToMac.getBytes());
        // check verification result
        if (result.length != 1 || result[0] != 1) {
            System.out.println("Invalid MAC.");
        } else {
            System.out.println("MAC Verified OK.");
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        throw e;
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEKey(com.ingrian.security.nae.NAEKey) Mac(javax.crypto.Mac) IngrianProvider(com.ingrian.security.nae.IngrianProvider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) MACValue(com.ingrian.security.nae.MACValue) SecretKey(javax.crypto.SecretKey) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Aggregations

MACValue (com.ingrian.security.nae.MACValue)5 Mac (javax.crypto.Mac)4 IngrianProvider (com.ingrian.security.nae.IngrianProvider)3 NAEKey (com.ingrian.security.nae.NAEKey)3 NAESession (com.ingrian.security.nae.NAESession)3 KeyGenerator (javax.crypto.KeyGenerator)3 SecretKey (javax.crypto.SecretKey)3 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)2 Provider (java.security.Provider)2 HKDFParameterSpec (com.ingrian.security.nae.HKDFParameterSpec)1 NAEMac (com.ingrian.security.nae.NAEMac)1 SecureRandom (java.security.SecureRandom)1 Cipher (javax.crypto.Cipher)1 IvParameterSpec (javax.crypto.spec.IvParameterSpec)1