use of java.security.AlgorithmParameters in project wycheproof by google.
the class AesGcmTest method testDefaultTagSizeAlgorithmParameterGenerator.
/**
* The default authentication tag size should be 128-bit by default for the following reasons:
* <br>
* (1) Security: Ferguson, N., Authentication Weaknesses in GCM, Natl. Inst. Stand. Technol. [Web
* page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/
* CWC-GCM/Ferguson2.pdf, May 20, 2005. This paper points out that a n-bit tag has lower strength
* than expected. <br>
* (2) Compatibility: Assume an implementer tests some code using one provider than switches to
* another provider. Such a switch should ideally not lower the security. <br>
* BouncyCastle used to have only 12-byte authentication tag (b/26186727).
*/
public void testDefaultTagSizeAlgorithmParameterGenerator() throws Exception {
byte[] input = new byte[10];
byte[] key = new byte[16];
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
try {
AlgorithmParameterGenerator.getInstance("GCM");
} catch (NoSuchAlgorithmException ex) {
// Conscrypt does not support AlgorithmParameterGenerator for GCM.
System.out.println("testDefaultTagSizeAlgorithmParameterGenerator:" + ex.toString());
return;
}
AlgorithmParameters param = AlgorithmParameterGenerator.getInstance("GCM").generateParameters();
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), param);
byte[] output = cipher.doFinal(input);
assertEquals(input.length + 16, output.length);
}
use of java.security.AlgorithmParameters in project wycheproof by google.
the class EcUtil method getCurveSpec.
/**
* Returns the ECParameterSpec for a named curve. Not every provider implements the
* AlgorithmParameters. Therefore, most test use alternative functions.
*/
public static ECParameterSpec getCurveSpec(String name) throws NoSuchAlgorithmException, InvalidParameterSpecException {
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
parameters.init(new ECGenParameterSpec(name));
return parameters.getParameterSpec(ECParameterSpec.class);
}
use of java.security.AlgorithmParameters in project XobotOS by xamarin.
the class SealedObject method getObject.
/**
* Returns the wrapped object, decrypting it using the specified key.
*
* @param key
* the key to decrypt the data with.
* @return the encapsulated object.
* @throws IOException
* if deserialization fails.
* @throws ClassNotFoundException
* if deserialization fails.
* @throws NoSuchAlgorithmException
* if the algorithm to decrypt the data is not available.
* @throws InvalidKeyException
* if the specified key cannot be used to decrypt the data.
*/
public final Object getObject(Key key) throws IOException, ClassNotFoundException, NoSuchAlgorithmException, InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("key == null");
}
try {
Cipher cipher = Cipher.getInstance(sealAlg);
if ((paramsAlg != null) && (paramsAlg.length() != 0)) {
AlgorithmParameters params = AlgorithmParameters.getInstance(paramsAlg);
params.init(encodedParams);
cipher.init(Cipher.DECRYPT_MODE, key, params);
} else {
cipher.init(Cipher.DECRYPT_MODE, key);
}
byte[] serialized = cipher.doFinal(encryptedContent);
ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(serialized));
return ois.readObject();
} catch (NoSuchPaddingException e) {
// with existing padding
throw new NoSuchAlgorithmException(e.toString());
} catch (InvalidAlgorithmParameterException e) {
// with correct algorithm parameters
throw new NoSuchAlgorithmException(e.toString());
} catch (IllegalBlockSizeException e) {
// was correctly made
throw new NoSuchAlgorithmException(e.toString());
} catch (BadPaddingException e) {
// was correctly made
throw new NoSuchAlgorithmException(e.toString());
} catch (IllegalStateException e) {
// should never be thrown because cipher is initialized
throw new NoSuchAlgorithmException(e.toString());
}
}
use of java.security.AlgorithmParameters in project nhin-d by DirectProject.
the class PKCS11Commands method exportPrivateKey.
@Command(name = "ExportPrivateKey", usage = EXPORT_PRIVATE_KEY)
public void exportPrivateKey(String[] args) {
final String alias = StringArrayUtil.getRequiredValue(args, 0);
final String wrapperAlias = StringArrayUtil.getRequiredValue(args, 1);
final String file = StringArrayUtil.getOptionalValue(args, 2, alias + "-privKey.der");
try {
final KeyStore ks = mgr.getKS();
// get the wrapper key
final Key wrapperKey = mgr.getKey(wrapperAlias);
if (wrapperKey == null) {
System.out.println("Wrapper key with name " + wrapperKey + " does not exist.");
return;
}
if (!ks.containsAlias(alias)) {
System.out.println("Private key with name " + alias + " does not exist.");
return;
}
final PrivateKey privKey = (PrivateKey) ks.getKey(alias, "".toCharArray());
if (privKey == null) {
System.out.println("Key name " + alias + " does not contain a private key");
return;
}
// the algorithm used to wrap the key depends on the key type
Cipher myWrapper = null;
if (wrapperKey.getAlgorithm().startsWith("AES")) {
myWrapper = Cipher.getInstance("AES/CBC/PKCS5Padding", ks.getProvider().getName());
AlgorithmParameters mAlgParams = null;
try {
mAlgParams = AlgorithmParameters.getInstance("IV", ks.getProvider().getName());
mAlgParams.init(new IvParameterSpec(AbstractPKCS11TokenKeyStoreProtectionManager.IV_BYTES));
} catch (Exception e) {
}
if (mAlgParams == null)
myWrapper.init(Cipher.WRAP_MODE, wrapperKey, new IvParameterSpec(AbstractPKCS11TokenKeyStoreProtectionManager.IV_BYTES));
else
myWrapper.init(Cipher.WRAP_MODE, wrapperKey, mAlgParams);
} else if (wrapperKey.getAlgorithm().startsWith("RSA")) {
myWrapper = Cipher.getInstance("RSA/ECB/NoPadding", ks.getProvider().getName());
myWrapper.init(Cipher.WRAP_MODE, wrapperKey);
}
byte[] wrappedKey = null;
try {
wrappedKey = myWrapper.wrap(privKey);
} catch (Exception e) {
System.out.println("Private key with name " + alias + " could not be extracted. Your hardware may not allow exporting of private keys or " + "attributes on the key may not allow the key to be exported. \r\nError message: " + e.getMessage());
e.printStackTrace();
return;
}
final File fl = new File(file);
FileUtils.writeByteArrayToFile(fl, wrappedKey);
System.out.println("Wrapped private key written to file " + fl.getAbsolutePath());
} catch (Exception e) {
e.printStackTrace();
System.err.println("Failed to export private key: " + e.getMessage());
}
}
use of java.security.AlgorithmParameters in project nhin-d by DirectProject.
the class CertGenerator method writeCertAndKey.
private static void writeCertAndKey(X509Certificate cert, PrivateKey key, CertCreateFields fields) throws Exception {
// write the cert
FileUtils.writeByteArrayToFile(fields.getNewCertFile(), cert.getEncoded());
if (fields.getNewPassword() == null || fields.getNewPassword().length == 0) {
// no password... just write the file
FileUtils.writeByteArrayToFile(fields.getNewKeyFile(), key.getEncoded());
} else {
// encypt it, then write it
// prime the salts
byte[] salt = new byte[8];
VMPCRandomGenerator ranGen = new VMPCRandomGenerator();
ranGen.addSeedMaterial(new SecureRandom().nextLong());
ranGen.nextBytes(salt);
// create PBE parameters from salt and iteration count
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
PBEKeySpec pbeKeySpec = new PBEKeySpec(fields.getNewPassword());
SecretKey sKey = SecretKeyFactory.getInstance("PBEWithMD5AndDES", CryptoExtensions.getJCEProviderName()).generateSecret(pbeKeySpec);
// encrypt
Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES", CryptoExtensions.getJCEProviderName());
cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
byte[] plain = (byte[]) key.getEncoded();
byte[] encrKey = cipher.doFinal(plain, 0, plain.length);
// set the algorithm parameters
AlgorithmParameters pbeParams = AlgorithmParameters.getInstance(PBE_WITH_MD5_AND_DES_CBC_OID, Security.getProvider("SunJCE"));
pbeParams.init(pbeSpec);
// place in a EncryptedPrivateKeyInfo to encode to the proper file format
EncryptedPrivateKeyInfo info = new EncryptedPrivateKeyInfo(pbeParams, encrKey);
// now write it to the file
FileUtils.writeByteArrayToFile(fields.getNewKeyFile(), info.getEncoded());
}
if (fields.getSignerCert() == null)
fields.setSignerCert(cert);
if (fields.getSignerKey() == null)
fields.setSignerKey(key);
}
Aggregations