Search in sources :

Example 61 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project wycheproof by google.

the class EciesTest method testKeyGeneration.

/**
 * BouncyCastle has a key generation algorithm "ECIES". This test checks that the result are
 * ECKeys in both cases.
 */
@Test
public void testKeyGeneration() throws Exception {
    ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
    KeyPairGenerator kf = KeyPairGenerator.getInstance("ECIES");
    kf.initialize(ecSpec);
    KeyPair keyPair = kf.generateKeyPair();
    ECPrivateKey unusedPriv = (ECPrivateKey) keyPair.getPrivate();
    ECPublicKey unusedPub = (ECPublicKey) keyPair.getPublic();
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) Test(org.junit.Test)

Example 62 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project wycheproof by google.

the class EciesTest method testAlgorithmParameters.

/**
 * This test tries to detect ECIES whether AlgorithmParameters are deterministic.
 */
@SuppressWarnings("InsecureCryptoUsage")
public void testAlgorithmParameters(String algorithm) throws Exception {
    Cipher eciesA;
    Cipher eciesB;
    try {
        eciesA = Cipher.getInstance(algorithm);
        eciesB = Cipher.getInstance(algorithm);
    } catch (NoSuchAlgorithmException ex) {
        // This test is called with short algorithm names such as just "ECIES".
        // Requiring full names is typically a good practice. Hence it is OK
        // to not assigning default algorithms.
        System.out.println("No implementation for:" + algorithm);
        return;
    }
    ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
    KeyPairGenerator kf = KeyPairGenerator.getInstance("EC");
    kf.initialize(ecSpec);
    KeyPair keyPair = kf.generateKeyPair();
    PublicKey pub = keyPair.getPublic();
    byte[] message = new byte[512];
    eciesA.init(Cipher.ENCRYPT_MODE, pub);
    eciesB.init(Cipher.ENCRYPT_MODE, pub);
    AlgorithmParameters paramsA = eciesA.getParameters();
    AlgorithmParameters paramsB = eciesB.getParameters();
    // byte[] ciphertextA = eciesA.doFinal(message);
    byte[] ciphertextB = eciesB.doFinal(message);
    PrivateKey priv = keyPair.getPrivate();
    eciesB.init(Cipher.DECRYPT_MODE, priv, paramsA);
    try {
        byte[] decrypted = eciesB.doFinal(ciphertextB);
        String messageHex = TestUtil.bytesToHex(message);
        String decryptedHex = TestUtil.bytesToHex(decrypted);
        if (messageHex.equals(decryptedHex)) {
            System.out.println(algorithm + " does (probably) not randomize AlgorithmParameters");
        } else {
            // This is the most interesting case.
            // The algorithm parameters are randomized but are not authenticated.
            // This is for example the case for the IV in ECIESWithAES-CBC in BouncyCastle.
            // If the caller attaches the randomized parameters to the ciphertext then
            // this would result in malleable encryption.
            System.out.println(algorithm + " uses randomized (unauthenticated) AlgorithmParameters." + " message:" + messageHex + " decrypted:" + decryptedHex + "\nparamsA:" + paramsA.toString() + " " + TestUtil.bytesToHex(paramsA.getEncoded()) + "\nparamsB:" + paramsB.toString() + " " + TestUtil.bytesToHex(paramsB.getEncoded()));
        }
    } catch (GeneralSecurityException ex) {
        System.out.println(algorithm + " uses randomized AlgorithmParameters");
    }
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) ECPrivateKey(java.security.interfaces.ECPrivateKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) Cipher(javax.crypto.Cipher) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyPairGenerator(java.security.KeyPairGenerator) AlgorithmParameters(java.security.AlgorithmParameters)

Example 63 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project karaf by apache.

the class PublicKeyEncodingTest method testEC256.

@Test
public void testEC256() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
    // ecdsa-sha2-nistp256 - generated using: ssh-keygen -t ecdsa
    String storedKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL4+Vytknywh/XuOluxIqcHRoBsZHa12z+jpK" + "pwuGFlzlq3yatwC8DqUaywJjzSnoGKSge9GBjuFYwvHN17hq8U=";
    String x = "-29742501866672735446035294501787338870744851402037490785638836399245997090445";
    String y = "-47637824304079393691947094099226900728731860400898598466261954347951527449659";
    KeyFactory keyFactory = KeyFactory.getInstance("EC");
    AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
    parameters.init(new ECGenParameterSpec("secp256r1"));
    ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
    ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
    KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
    PublicKey publicKey = keyFactory.generatePublic(keySpec);
    assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
    // Make sure a different stored key does not work
    String differentKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDWwVudH/QYr/Nlkf/lZ0yMXVL+PvXBsGat8" + "+n07/Bw0xZGP5E8+x1wbkZVS6qx8XyPMI61NnCRLawB+UX3ZE/A=";
    assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
Also used : ECParameterSpec(java.security.spec.ECParameterSpec) PublicKey(java.security.PublicKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) BigInteger(java.math.BigInteger) ECPoint(java.security.spec.ECPoint) KeyFactory(java.security.KeyFactory) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) AlgorithmParameters(java.security.AlgorithmParameters) Test(org.junit.Test)

Example 64 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project karaf by apache.

the class PublicKeyEncodingTest method testEC256_2.

@Test
public void testEC256_2() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
    // ecdsa-sha2-nistp256 - generated using: ssh-keygen -t ecdsa
    String storedKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDWwVudH/QYr/Nlkf/lZ0yMXVL+PvXBsGat8" + "+n07/Bw0xZGP5E8+x1wbkZVS6qx8XyPMI61NnCRLawB+UX3ZE/A=";
    String x = "24284145843828879115537963613603143837878136357229118319568173718380870376500";
    String y = "-26429272137078923303974425138822683171929812869671300956629169158527526562832";
    KeyFactory keyFactory = KeyFactory.getInstance("EC");
    AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
    parameters.init(new ECGenParameterSpec("secp256r1"));
    ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
    ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
    KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
    PublicKey publicKey = keyFactory.generatePublic(keySpec);
    assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
    // Make sure a different stored key does not work
    String differentKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL4+Vytknywh/XuOluxIqcHRoBsZHa12z+jpK" + "pwuGFlzlq3yatwC8DqUaywJjzSnoGKSge9GBjuFYwvHN17hq8U=";
    assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
Also used : ECParameterSpec(java.security.spec.ECParameterSpec) PublicKey(java.security.PublicKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) BigInteger(java.math.BigInteger) ECPoint(java.security.spec.ECPoint) KeyFactory(java.security.KeyFactory) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) AlgorithmParameters(java.security.AlgorithmParameters) Test(org.junit.Test)

Example 65 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project karaf by apache.

the class PublicKeyEncodingTest method testEC521.

@Test
public void testEC521() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
    // ecdsa-sha2-nistp521 - generated using: ssh-keygen -t ecdsa -b 521
    String storedKey = "AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADLxNQ1lf99/8WlEg1nYbDL+qcWY4KSFZG+" + "2euZ1hAO9m1ly4ByuqLhuf1M3JPhhOCMIn9ihrPcxplG2zjpOnhaugDdwGJn+qcwkZSXVWoZOxpYUaQRdfnSd5wAKo9XOPqvc/L3BeHK" + "mPPygLH7eW2MEz2qOWe7Bby9duELK+9Zn3ebOQ==";
    String x = "273209377797440455675669012133614826094878213786507845287169633163915658072657502796285437529808606" + "0585712688028315849324172582722748448938768134500098005690";
    String y = "297320154107898594969162703371411878757449109919929193169657424280609259087338914952452468191452153" + "1633519626430088785609447337443826933969196755052278553401";
    KeyFactory keyFactory = KeyFactory.getInstance("EC");
    AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
    parameters.init(new ECGenParameterSpec("secp521r1"));
    ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
    ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
    KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
    PublicKey publicKey = keyFactory.generatePublic(keySpec);
    assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
    // Make sure a different stored key does not work
    String differentKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL4+Vytknywh/XuOluxIqcHRoBsZHa12z+jpK" + "pwuGFlzlq3yatwC8DqUaywJjzSnoGKSge9GBjuFYwvHN17hq8U=";
    assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
Also used : ECParameterSpec(java.security.spec.ECParameterSpec) PublicKey(java.security.PublicKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) BigInteger(java.math.BigInteger) ECPoint(java.security.spec.ECPoint) KeyFactory(java.security.KeyFactory) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) AlgorithmParameters(java.security.AlgorithmParameters) Test(org.junit.Test)

Aggregations

ECGenParameterSpec (java.security.spec.ECGenParameterSpec)66 KeyPairGenerator (java.security.KeyPairGenerator)31 KeyPair (java.security.KeyPair)23 AlgorithmParameters (java.security.AlgorithmParameters)22 PublicKey (java.security.PublicKey)19 BigInteger (java.math.BigInteger)18 ECPublicKey (java.security.interfaces.ECPublicKey)17 ECParameterSpec (java.security.spec.ECParameterSpec)14 ECPoint (java.security.spec.ECPoint)14 Test (org.junit.Test)13 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)12 ECPublicKeySpec (java.security.spec.ECPublicKeySpec)12 KeySpec (java.security.spec.KeySpec)10 ECPrivateKey (java.security.interfaces.ECPrivateKey)9 PrivateKey (java.security.PrivateKey)8 SecureRandom (java.security.SecureRandom)8 Cipher (javax.crypto.Cipher)8 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)7 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)7