Search in sources :

Example 36 with AlgorithmParameters

use of java.security.AlgorithmParameters in project wycheproof by google.

the class AesGcmTest method testDefaultTagSizeAlgorithmParameterGenerator.

/**
   * The default authentication tag size should be 128-bit by default for the following reasons:
   * <br>
   * (1) Security: Ferguson, N., Authentication Weaknesses in GCM, Natl. Inst. Stand. Technol. [Web
   * page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/
   * CWC-GCM/Ferguson2.pdf, May 20, 2005. This paper points out that a n-bit tag has lower strength
   * than expected. <br>
   * (2) Compatibility: Assume an implementer tests some code using one provider than switches to
   * another provider. Such a switch should ideally not lower the security. <br>
   * BouncyCastle used to have only 12-byte authentication tag (b/26186727).
   */
public void testDefaultTagSizeAlgorithmParameterGenerator() throws Exception {
    byte[] input = new byte[10];
    byte[] key = new byte[16];
    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    try {
        AlgorithmParameterGenerator.getInstance("GCM");
    } catch (NoSuchAlgorithmException ex) {
        // Conscrypt does not support AlgorithmParameterGenerator for GCM.
        System.out.println("testDefaultTagSizeAlgorithmParameterGenerator:" + ex.toString());
        return;
    }
    AlgorithmParameters param = AlgorithmParameterGenerator.getInstance("GCM").generateParameters();
    cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), param);
    byte[] output = cipher.doFinal(input);
    assertEquals(input.length + 16, output.length);
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmParameters(java.security.AlgorithmParameters)

Example 37 with AlgorithmParameters

use of java.security.AlgorithmParameters in project wycheproof by google.

the class EcUtil method getCurveSpec.

/**
   * Returns the ECParameterSpec for a named curve. Not every provider implements the
   * AlgorithmParameters. Therefore, most test use alternative functions.
   */
public static ECParameterSpec getCurveSpec(String name) throws NoSuchAlgorithmException, InvalidParameterSpecException {
    AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
    parameters.init(new ECGenParameterSpec(name));
    return parameters.getParameterSpec(ECParameterSpec.class);
}
Also used : ECGenParameterSpec(java.security.spec.ECGenParameterSpec) AlgorithmParameters(java.security.AlgorithmParameters)

Example 38 with AlgorithmParameters

use of java.security.AlgorithmParameters in project XobotOS by xamarin.

the class SealedObject method getObject.

/**
     * Returns the wrapped object, decrypting it using the specified key.
     *
     * @param key
     *            the key to decrypt the data with.
     * @return the encapsulated object.
     * @throws IOException
     *             if deserialization fails.
     * @throws ClassNotFoundException
     *             if deserialization fails.
     * @throws NoSuchAlgorithmException
     *             if the algorithm to decrypt the data is not available.
     * @throws InvalidKeyException
     *             if the specified key cannot be used to decrypt the data.
     */
public final Object getObject(Key key) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, InvalidKeyException {
    if (key == null) {
        throw new InvalidKeyException("key == null");
    }
    try {
        Cipher cipher = Cipher.getInstance(sealAlg);
        if ((paramsAlg != null) && (paramsAlg.length() != 0)) {
            AlgorithmParameters params = AlgorithmParameters.getInstance(paramsAlg);
            params.init(encodedParams);
            cipher.init(Cipher.DECRYPT_MODE, key, params);
        } else {
            cipher.init(Cipher.DECRYPT_MODE, key);
        }
        byte[] serialized = cipher.doFinal(encryptedContent);
        ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(serialized));
        return ois.readObject();
    } catch (NoSuchPaddingException e) {
        // with existing padding
        throw new NoSuchAlgorithmException(e.toString());
    } catch (InvalidAlgorithmParameterException e) {
        // with correct algorithm parameters
        throw new NoSuchAlgorithmException(e.toString());
    } catch (IllegalBlockSizeException e) {
        // was correctly made
        throw new NoSuchAlgorithmException(e.toString());
    } catch (BadPaddingException e) {
        // was correctly made
        throw new NoSuchAlgorithmException(e.toString());
    } catch (IllegalStateException e) {
        // should never be thrown because cipher is initialized
        throw new NoSuchAlgorithmException(e.toString());
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) ByteArrayInputStream(java.io.ByteArrayInputStream) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) AlgorithmParameters(java.security.AlgorithmParameters) ObjectInputStream(java.io.ObjectInputStream)

Example 39 with AlgorithmParameters

use of java.security.AlgorithmParameters in project nhin-d by DirectProject.

the class PKCS11Commands method exportPrivateKey.

@Command(name = "ExportPrivateKey", usage = EXPORT_PRIVATE_KEY)
public void exportPrivateKey(String[] args) {
    final String alias = StringArrayUtil.getRequiredValue(args, 0);
    final String wrapperAlias = StringArrayUtil.getRequiredValue(args, 1);
    final String file = StringArrayUtil.getOptionalValue(args, 2, alias + "-privKey.der");
    try {
        final KeyStore ks = mgr.getKS();
        // get the wrapper key
        final Key wrapperKey = mgr.getKey(wrapperAlias);
        if (wrapperKey == null) {
            System.out.println("Wrapper key with name " + wrapperKey + " does not exist.");
            return;
        }
        if (!ks.containsAlias(alias)) {
            System.out.println("Private key with name " + alias + " does not exist.");
            return;
        }
        final PrivateKey privKey = (PrivateKey) ks.getKey(alias, "".toCharArray());
        if (privKey == null) {
            System.out.println("Key name " + alias + " does not contain a private key");
            return;
        }
        // the algorithm used to wrap the key depends on the key type
        Cipher myWrapper = null;
        if (wrapperKey.getAlgorithm().startsWith("AES")) {
            myWrapper = Cipher.getInstance("AES/CBC/PKCS5Padding", ks.getProvider().getName());
            AlgorithmParameters mAlgParams = null;
            try {
                mAlgParams = AlgorithmParameters.getInstance("IV", ks.getProvider().getName());
                mAlgParams.init(new IvParameterSpec(AbstractPKCS11TokenKeyStoreProtectionManager.IV_BYTES));
            } catch (Exception e) {
            }
            if (mAlgParams == null)
                myWrapper.init(Cipher.WRAP_MODE, wrapperKey, new IvParameterSpec(AbstractPKCS11TokenKeyStoreProtectionManager.IV_BYTES));
            else
                myWrapper.init(Cipher.WRAP_MODE, wrapperKey, mAlgParams);
        } else if (wrapperKey.getAlgorithm().startsWith("RSA")) {
            myWrapper = Cipher.getInstance("RSA/ECB/NoPadding", ks.getProvider().getName());
            myWrapper.init(Cipher.WRAP_MODE, wrapperKey);
        }
        byte[] wrappedKey = null;
        try {
            wrappedKey = myWrapper.wrap(privKey);
        } catch (Exception e) {
            System.out.println("Private key with name " + alias + " could not be extracted.  Your hardware may not allow exporting of private keys or " + "attributes on the key may not allow the key to be exported.  \r\nError message: " + e.getMessage());
            e.printStackTrace();
            return;
        }
        final File fl = new File(file);
        FileUtils.writeByteArrayToFile(fl, wrappedKey);
        System.out.println("Wrapped private key written to file " + fl.getAbsolutePath());
    } catch (Exception e) {
        e.printStackTrace();
        System.err.println("Failed to export private key: " + e.getMessage());
    }
}
Also used : PrivateKey(java.security.PrivateKey) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) KeyStore(java.security.KeyStore) File(java.io.File) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) AlgorithmParameters(java.security.AlgorithmParameters) Command(org.nhindirect.common.tooling.Command)

Example 40 with AlgorithmParameters

use of java.security.AlgorithmParameters in project nhin-d by DirectProject.

the class CertGenerator method writeCertAndKey.

private static void writeCertAndKey(X509Certificate cert, PrivateKey key, CertCreateFields fields) throws Exception {
    // write the cert
    FileUtils.writeByteArrayToFile(fields.getNewCertFile(), cert.getEncoded());
    if (fields.getNewPassword() == null || fields.getNewPassword().length == 0) {
        // no password... just write the file 
        FileUtils.writeByteArrayToFile(fields.getNewKeyFile(), key.getEncoded());
    } else {
        // encypt it, then write it
        // prime the salts
        byte[] salt = new byte[8];
        VMPCRandomGenerator ranGen = new VMPCRandomGenerator();
        ranGen.addSeedMaterial(new SecureRandom().nextLong());
        ranGen.nextBytes(salt);
        // create PBE parameters from salt and iteration count
        PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
        PBEKeySpec pbeKeySpec = new PBEKeySpec(fields.getNewPassword());
        SecretKey sKey = SecretKeyFactory.getInstance("PBEWithMD5AndDES", CryptoExtensions.getJCEProviderName()).generateSecret(pbeKeySpec);
        // encrypt
        Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES", CryptoExtensions.getJCEProviderName());
        cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
        byte[] plain = (byte[]) key.getEncoded();
        byte[] encrKey = cipher.doFinal(plain, 0, plain.length);
        // set the algorithm parameters
        AlgorithmParameters pbeParams = AlgorithmParameters.getInstance(PBE_WITH_MD5_AND_DES_CBC_OID, Security.getProvider("SunJCE"));
        pbeParams.init(pbeSpec);
        // place in a EncryptedPrivateKeyInfo to encode to the proper file format
        EncryptedPrivateKeyInfo info = new EncryptedPrivateKeyInfo(pbeParams, encrKey);
        // now write it to the file
        FileUtils.writeByteArrayToFile(fields.getNewKeyFile(), info.getEncoded());
    }
    if (fields.getSignerCert() == null)
        fields.setSignerCert(cert);
    if (fields.getSignerKey() == null)
        fields.setSignerKey(key);
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) VMPCRandomGenerator(org.bouncycastle.crypto.prng.VMPCRandomGenerator) SecureRandom(java.security.SecureRandom) EncryptedPrivateKeyInfo(javax.crypto.EncryptedPrivateKeyInfo) Cipher(javax.crypto.Cipher) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

AlgorithmParameters (java.security.AlgorithmParameters)107 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)39 IOException (java.io.IOException)31 InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)22 Cipher (javax.crypto.Cipher)22 SecretKey (javax.crypto.SecretKey)18 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)13 NoSuchProviderException (java.security.NoSuchProviderException)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 Key (java.security.Key)11 SecureRandom (java.security.SecureRandom)10 EncryptedPrivateKeyInfo (javax.crypto.EncryptedPrivateKeyInfo)10 InvalidKeyException (java.security.InvalidKeyException)8 PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)8 UnrecoverableKeyException (java.security.UnrecoverableKeyException)7 KeyPair (java.security.KeyPair)6 KeyPairGenerator (java.security.KeyPairGenerator)6 AlgorithmId (sun.security.x509.AlgorithmId)6 Nullable (android.annotation.Nullable)5 Asn1Integer (com.android.hotspot2.asn1.Asn1Integer)5