Examples with KeyPairGenerator java.security.KeyPairGenerator used on opensource projects

Example 41 with KeyPairGenerator

use of java.security.KeyPairGenerator in project wycheproof by google.

the class DhTest method testDh.

/** Check that key agreement using DH works. */
@SuppressWarnings("InsecureCryptoUsage")
public void testDh() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    DHParameterSpec dhparams = ike2048();
    keyGen.initialize(dhparams);
    KeyPair keyPairA = keyGen.generateKeyPair();
    KeyPair keyPairB = keyGen.generateKeyPair();
    KeyAgreement kaA = KeyAgreement.getInstance("DH");
    KeyAgreement kaB = KeyAgreement.getInstance("DH");
    kaA.init(keyPairA.getPrivate());
    kaB.init(keyPairB.getPrivate());
    kaA.doPhase(keyPairB.getPublic(), true);
    kaB.doPhase(keyPairA.getPublic(), true);
    byte[] kAB = kaA.generateSecret();
    byte[] kBA = kaB.generateSecret();
    assertEquals(TestUtil.bytesToHex(kAB), TestUtil.bytesToHex(kBA));
}

Example 42 with KeyPairGenerator

use of java.security.KeyPairGenerator in project wycheproof by google.

the class DhTest method testDHDistinctParameters.

/** This test tries a key agreement with keys using distinct parameters. */
@SuppressWarnings("InsecureCryptoUsage")
public void testDHDistinctParameters() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    keyGen.initialize(ike1536());
    KeyPair keyPairA = keyGen.generateKeyPair();
    keyGen.initialize(ike2048());
    KeyPair keyPairB = keyGen.generateKeyPair();
    KeyAgreement kaA = KeyAgreement.getInstance("DH");
    kaA.init(keyPairA.getPrivate());
    try {
        kaA.doPhase(keyPairB.getPublic(), true);
        byte[] kAB = kaA.generateSecret();
        fail("Generated secrets with mixed keys " + TestUtil.bytesToHex(kAB) + ", ");
    } catch (java.security.GeneralSecurityException ex) {
    // This is expected.
    }
}

Example 43 with KeyPairGenerator

use of java.security.KeyPairGenerator in project wycheproof by google.

the class DhiesTest method testDhiesCorrupt.

/**
   * WARNING: This test uses weak crypto (i.e. DHIESWithAES). DHIES should be secure against chosen
   * ciphertexts. Checks that a modification of the ciphertext is dectected.
   */
@SlowTest(providers = { ProviderType.BOUNCY_CASTLE, ProviderType.SPONGY_CASTLE })
@SuppressWarnings("InsecureCryptoUsage")
public void testDhiesCorrupt() throws Exception {
    KeyPairGenerator kf = KeyPairGenerator.getInstance("DH");
    kf.initialize(ike2048());
    KeyPair keyPair = kf.generateKeyPair();
    PrivateKey priv = keyPair.getPrivate();
    PublicKey pub = keyPair.getPublic();
    byte[] message = new byte[32];
    Cipher dhies;
    try {
        dhies = Cipher.getInstance("DHIESwithAES");
    } catch (NoSuchAlgorithmException ex) {
        // The algorithm isn't supported - even better!
        return;
    }
    dhies.init(Cipher.ENCRYPT_MODE, pub);
    byte[] ciphertext = dhies.doFinal(message);
    for (int i = 0; i < ciphertext.length; i++) {
        byte[] corrupt = Arrays.copyOf(ciphertext, ciphertext.length);
        corrupt[i] ^= (byte) 1;
        try {
            dhies.init(Cipher.DECRYPT_MODE, priv);
            dhies.doFinal(corrupt);
            fail("Corrupt ciphertext accepted:" + i);
        } catch (GeneralSecurityException ex) {
        // This is expected
        }
    }
}

Example 44 with KeyPairGenerator

use of java.security.KeyPairGenerator in project wycheproof by google.

the class DsaTest method testKeyGeneration.

@SuppressWarnings("InsecureCryptoUsage")
public void testKeyGeneration(int keysize) throws Exception {
    KeyPairGenerator generator = KeyPairGenerator.getInstance("DSA");
    generator.initialize(keysize);
    KeyPair keyPair = generator.generateKeyPair();
    DSAPrivateKey priv = (DSAPrivateKey) keyPair.getPrivate();
    DSAParams params = priv.getParams();
    assertEquals(keysize, params.getP().bitLength());
    // The NIST standard does not fully specify the size of q that
    // must be used for a given key size. Hence there are differences.
    // For example if keysize = 2048, then OpenSSL uses 256 bit q's by default,
    // but the SUN provider uses 224 bits. Both are acceptable sizes.
    // The tests below simply asserts that the size of q does not decrease the
    // overall security of the DSA.
    int qsize = params.getQ().bitLength();
    switch(keysize) {
        case 1024:
            assertTrue("Invalid qsize for 1024 bit key:" + qsize, qsize >= 160);
            break;
        case 2048:
            assertTrue("Invalid qsize for 2048 bit key:" + qsize, qsize >= 224);
            break;
        case 3072:
            assertTrue("Invalid qsize for 3072 bit key:" + qsize, qsize >= 256);
            break;
        default:
            fail("Invalid key size:" + keysize);
    }
    // Check the length of the private key.
    // For example GPG4Browsers or the KJUR library derived from it use
    // q.bitCount() instead of q.bitLength() to determine the size of the private key
    // and hence would generate keys that are much too small.
    assertTrue(priv.getX().bitLength() >= qsize - 32);
}

Example 45 with KeyPairGenerator

use of java.security.KeyPairGenerator in project wycheproof by google.

the class DsaTest method testBiasSha1WithDSA.

/**
   * Checks whether CVE-2016-0695 has been fixed. Before the April 2016 security update, the SUN
   * provider had a serious flaw that leaked the private key with about 3-5 signatures. In
   * particular, "Sha1WithDSA" always generated 160 bit k's independently of q. Unfortunately, it is
   * easily possible to use 2048 and 3072 bit DSA keys together with SHA1WithDSA. All a user has to
   * do is to use the algorithm name "DSA" instead of "SHA256WithDSA" rsp. "SHA224WithDSA".
   *
   * <p>An algorithm to extract the key from the signatures has been described for example in the
   * paper <a href="http://www.hpl.hp.com/techreports/1999/HPL-1999-90.pdf">Lattice Attacks on
   * Digital Signature Schemes</a> by N.A. Howgrave-Graham, N.P. Smart.
   *
   * <p>This bug is the same as US-CERT: VU # 940388: GnuPG generated ElGamal signatures that leaked
   * the private key.
   */
@SlowTest(providers = { ProviderType.BOUNCY_CASTLE, ProviderType.SPONGY_CASTLE })
@SuppressWarnings("InsecureCryptoUsage")
public void testBiasSha1WithDSA() throws Exception {
    String hashAlgorithm = "SHA";
    String message = "Hello";
    byte[] messageBytes = message.getBytes("UTF-8");
    byte[] digest = MessageDigest.getInstance(hashAlgorithm).digest(messageBytes);
    BigInteger h = new BigInteger(1, digest);
    KeyPairGenerator generator = java.security.KeyPairGenerator.getInstance("DSA");
    generator.initialize(2048);
    KeyPair keyPair = generator.generateKeyPair();
    DSAPrivateKey priv = (DSAPrivateKey) keyPair.getPrivate();
    Signature signer = Signature.getInstance("DSA");
    try {
        // Private key and selected algorithm by signer do not match.
        // Hence throwing an exception at this point would be the reasonable.
        signer.initSign(priv);
        signer.update(messageBytes);
        byte[] signature = signer.sign();
        BigInteger q = priv.getParams().getQ();
        BigInteger k = extractK(signature, h, priv, true);
        // Now check if k is heavily biased.
        int lengthDiff = q.bitLength() - k.bitLength();
        if (lengthDiff > 32) {
            fail("Severly biased DSA signature:" + " len(q)=" + q.bitLength() + " len(k)=" + k.bitLength());
        }
    } catch (GeneralSecurityException ex) {
        // The key is invalid, hence getting here is reasonable.
        return;
    }
}