use of java.security.spec.ECGenParameterSpec in project perun by CESNET.
the class urn_perun_user_attribute_def_def_sshPublicKey method getECParameterSpec.
/**
* Gets the curve parameters for the given key type identifier.
*
* @param identifier According to RFC 5656:
* "The string [identifier] is the identifier of the elliptic curve domain parameters."
* @return An ECParameterSpec suitable for creating a JCE ECPublicKeySpec.
*/
private ECParameterSpec getECParameterSpec(String identifier) {
try {
// http://www.bouncycastle.org/wiki/pages/viewpage.action?pageId=362269#SupportedCurves(ECDSAandECGOST)-NIST(aliasesforSECcurves)
String name = identifier.replace("nist", "sec") + "r1";
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
parameters.init(new ECGenParameterSpec(name));
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException | NoSuchAlgorithmException e) {
throw new IllegalArgumentException("Unable to parse curve parameters: ", e);
}
}
use of java.security.spec.ECGenParameterSpec in project gitblit by gitblit.
the class LdapPublicKeyManagerTest method getKeyPair.
private KeyPair getKeyPair(String type, String comment, KeyPairGenerator generator) {
String kpkey = type + ":" + comment;
KeyPair kp = keyPairs.get(kpkey);
if (kp == null) {
if ("EC".equals(type)) {
ECGenParameterSpec ecSpec = new ECGenParameterSpec("P-384");
try {
ecGenerator.initialize(ecSpec);
} catch (InvalidAlgorithmParameterException e) {
kp = generator.generateKeyPair();
e.printStackTrace();
}
kp = ecGenerator.generateKeyPair();
} else {
kp = generator.generateKeyPair();
}
keyPairs.put(kpkey, kp);
}
return kp;
}
use of java.security.spec.ECGenParameterSpec in project wycheproof by google.
the class EciesTest method testNotEcb.
/**
* This test tries to detect ECIES implementations using ECB. This is insecure and also violates
* the claims of ECIES, since ECIES is secure agains adaptive chosen-ciphertext attacks.
*/
@SuppressWarnings("InsecureCryptoUsage")
public void testNotEcb(String algorithm) throws Exception {
Cipher ecies;
try {
ecies = Cipher.getInstance(algorithm);
} catch (NoSuchAlgorithmException ex) {
// This test is called with short algorithm names such as just "ECIES".
// Requiring full names is typically a good practice. Hence it is OK
// to not assigning default algorithms.
System.out.println("No implementation for:" + algorithm);
return;
}
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
KeyPairGenerator kf = KeyPairGenerator.getInstance("EC");
kf.initialize(ecSpec);
KeyPair keyPair = kf.generateKeyPair();
PublicKey pub = keyPair.getPublic();
byte[] message = new byte[512];
ecies.init(Cipher.ENCRYPT_MODE, pub);
byte[] ciphertext = ecies.doFinal(message);
String block1 = TestUtil.bytesToHex(Arrays.copyOfRange(ciphertext, 241, 257));
String block2 = TestUtil.bytesToHex(Arrays.copyOfRange(ciphertext, 257, 273));
assertTrue("Ciphertext repeats:" + TestUtil.bytesToHex(ciphertext), !block1.equals(block2));
}
use of java.security.spec.ECGenParameterSpec in project wycheproof by google.
the class EciesTest method testEciesBasic.
/**
* Check that key agreement using ECIES works. This example does not specify an IESParametersSpec.
* BouncyCastle v.1.52 uses the following algorithms: KDF2 with SHA1 for the key derivation
* AES-CBC with PKCS #5 padding. HMAC-SHA1 with a 20 byte digest. The AES and the HMAC key are
* both 128 bits.
*/
@SuppressWarnings("InsecureCryptoUsage")
@Test
public void testEciesBasic() throws Exception {
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
KeyPairGenerator kf = KeyPairGenerator.getInstance("EC");
kf.initialize(ecSpec);
KeyPair keyPair = kf.generateKeyPair();
PrivateKey priv = keyPair.getPrivate();
PublicKey pub = keyPair.getPublic();
byte[] message = "Hello".getBytes("UTF-8");
Cipher ecies = Cipher.getInstance("ECIESwithAES-CBC");
ecies.init(Cipher.ENCRYPT_MODE, pub);
// Gets the parameters used.
// Getting the parameters here and setting them below for the decryption avoids the use of
// org.bouncycastle.jce.spec.IESParameterSpec and hence making the code provider dependent.
// The drawback of this approach is that it can only be used in a test environment.
AlgorithmParameters params = ecies.getParameters();
byte[] ciphertext = ecies.doFinal(message);
System.out.println("testEciesBasic:" + TestUtil.bytesToHex(ciphertext));
ecies.init(Cipher.DECRYPT_MODE, priv, params);
byte[] decrypted = ecies.doFinal(ciphertext);
assertEquals(TestUtil.bytesToHex(message), TestUtil.bytesToHex(decrypted));
}
use of java.security.spec.ECGenParameterSpec in project wycheproof by google.
the class EciesTest method testModifyPoint.
@SuppressWarnings("InsecureCryptoUsage")
@Test
public void testModifyPoint() throws Exception {
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
KeyPairGenerator kf = KeyPairGenerator.getInstance("EC");
kf.initialize(ecSpec);
KeyPair keyPair = kf.generateKeyPair();
PrivateKey priv = keyPair.getPrivate();
PublicKey pub = keyPair.getPublic();
byte[] message = "This is a long text since we need 32 bytes.".getBytes("UTF-8");
Cipher ecies = Cipher.getInstance("ECIESwithAES-CBC");
ecies.init(Cipher.ENCRYPT_MODE, pub);
byte[] ciphertext = ecies.doFinal(message);
ciphertext[2] ^= (byte) 1;
ecies.init(Cipher.DECRYPT_MODE, priv, ecies.getParameters());
try {
ecies.doFinal(ciphertext);
fail("This should not work");
} catch (GeneralSecurityException ex) {
// This is as expected
} catch (Exception ex) {
fail("Expected subclass of java.security.GeneralSecurityException, but got: " + ex.getClass().getName());
}
}
Aggregations