use of java.security.spec.ECGenParameterSpec in project wycheproof by google.
the class EciesTest method testKeyGeneration.
/**
* BouncyCastle has a key generation algorithm "ECIES". This test checks that the result are
* ECKeys in both cases.
*/
@Test
public void testKeyGeneration() throws Exception {
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
KeyPairGenerator kf = KeyPairGenerator.getInstance("ECIES");
kf.initialize(ecSpec);
KeyPair keyPair = kf.generateKeyPair();
ECPrivateKey unusedPriv = (ECPrivateKey) keyPair.getPrivate();
ECPublicKey unusedPub = (ECPublicKey) keyPair.getPublic();
}
use of java.security.spec.ECGenParameterSpec in project wycheproof by google.
the class EciesTest method testAlgorithmParameters.
/**
* This test tries to detect ECIES whether AlgorithmParameters are deterministic.
*/
@SuppressWarnings("InsecureCryptoUsage")
public void testAlgorithmParameters(String algorithm) throws Exception {
Cipher eciesA;
Cipher eciesB;
try {
eciesA = Cipher.getInstance(algorithm);
eciesB = Cipher.getInstance(algorithm);
} catch (NoSuchAlgorithmException ex) {
// This test is called with short algorithm names such as just "ECIES".
// Requiring full names is typically a good practice. Hence it is OK
// to not assigning default algorithms.
System.out.println("No implementation for:" + algorithm);
return;
}
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
KeyPairGenerator kf = KeyPairGenerator.getInstance("EC");
kf.initialize(ecSpec);
KeyPair keyPair = kf.generateKeyPair();
PublicKey pub = keyPair.getPublic();
byte[] message = new byte[512];
eciesA.init(Cipher.ENCRYPT_MODE, pub);
eciesB.init(Cipher.ENCRYPT_MODE, pub);
AlgorithmParameters paramsA = eciesA.getParameters();
AlgorithmParameters paramsB = eciesB.getParameters();
// byte[] ciphertextA = eciesA.doFinal(message);
byte[] ciphertextB = eciesB.doFinal(message);
PrivateKey priv = keyPair.getPrivate();
eciesB.init(Cipher.DECRYPT_MODE, priv, paramsA);
try {
byte[] decrypted = eciesB.doFinal(ciphertextB);
String messageHex = TestUtil.bytesToHex(message);
String decryptedHex = TestUtil.bytesToHex(decrypted);
if (messageHex.equals(decryptedHex)) {
System.out.println(algorithm + " does (probably) not randomize AlgorithmParameters");
} else {
// This is the most interesting case.
// The algorithm parameters are randomized but are not authenticated.
// This is for example the case for the IV in ECIESWithAES-CBC in BouncyCastle.
// If the caller attaches the randomized parameters to the ciphertext then
// this would result in malleable encryption.
System.out.println(algorithm + " uses randomized (unauthenticated) AlgorithmParameters." + " message:" + messageHex + " decrypted:" + decryptedHex + "\nparamsA:" + paramsA.toString() + " " + TestUtil.bytesToHex(paramsA.getEncoded()) + "\nparamsB:" + paramsB.toString() + " " + TestUtil.bytesToHex(paramsB.getEncoded()));
}
} catch (GeneralSecurityException ex) {
System.out.println(algorithm + " uses randomized AlgorithmParameters");
}
}
use of java.security.spec.ECGenParameterSpec in project karaf by apache.
the class PublicKeyEncodingTest method testEC256.
@Test
public void testEC256() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
// ecdsa-sha2-nistp256 - generated using: ssh-keygen -t ecdsa
String storedKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL4+Vytknywh/XuOluxIqcHRoBsZHa12z+jpK" + "pwuGFlzlq3yatwC8DqUaywJjzSnoGKSge9GBjuFYwvHN17hq8U=";
String x = "-29742501866672735446035294501787338870744851402037490785638836399245997090445";
String y = "-47637824304079393691947094099226900728731860400898598466261954347951527449659";
KeyFactory keyFactory = KeyFactory.getInstance("EC");
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
parameters.init(new ECGenParameterSpec("secp256r1"));
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
PublicKey publicKey = keyFactory.generatePublic(keySpec);
assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
// Make sure a different stored key does not work
String differentKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDWwVudH/QYr/Nlkf/lZ0yMXVL+PvXBsGat8" + "+n07/Bw0xZGP5E8+x1wbkZVS6qx8XyPMI61NnCRLawB+UX3ZE/A=";
assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
use of java.security.spec.ECGenParameterSpec in project karaf by apache.
the class PublicKeyEncodingTest method testEC256_2.
@Test
public void testEC256_2() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
// ecdsa-sha2-nistp256 - generated using: ssh-keygen -t ecdsa
String storedKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDWwVudH/QYr/Nlkf/lZ0yMXVL+PvXBsGat8" + "+n07/Bw0xZGP5E8+x1wbkZVS6qx8XyPMI61NnCRLawB+UX3ZE/A=";
String x = "24284145843828879115537963613603143837878136357229118319568173718380870376500";
String y = "-26429272137078923303974425138822683171929812869671300956629169158527526562832";
KeyFactory keyFactory = KeyFactory.getInstance("EC");
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
parameters.init(new ECGenParameterSpec("secp256r1"));
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
PublicKey publicKey = keyFactory.generatePublic(keySpec);
assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
// Make sure a different stored key does not work
String differentKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL4+Vytknywh/XuOluxIqcHRoBsZHa12z+jpK" + "pwuGFlzlq3yatwC8DqUaywJjzSnoGKSge9GBjuFYwvHN17hq8U=";
assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
use of java.security.spec.ECGenParameterSpec in project karaf by apache.
the class PublicKeyEncodingTest method testEC521.
@Test
public void testEC521() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException {
// ecdsa-sha2-nistp521 - generated using: ssh-keygen -t ecdsa -b 521
String storedKey = "AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADLxNQ1lf99/8WlEg1nYbDL+qcWY4KSFZG+" + "2euZ1hAO9m1ly4ByuqLhuf1M3JPhhOCMIn9ihrPcxplG2zjpOnhaugDdwGJn+qcwkZSXVWoZOxpYUaQRdfnSd5wAKo9XOPqvc/L3BeHK" + "mPPygLH7eW2MEz2qOWe7Bby9duELK+9Zn3ebOQ==";
String x = "273209377797440455675669012133614826094878213786507845287169633163915658072657502796285437529808606" + "0585712688028315849324172582722748448938768134500098005690";
String y = "297320154107898594969162703371411878757449109919929193169657424280609259087338914952452468191452153" + "1633519626430088785609447337443826933969196755052278553401";
KeyFactory keyFactory = KeyFactory.getInstance("EC");
AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
parameters.init(new ECGenParameterSpec("secp521r1"));
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
ECPoint pubPoint = new ECPoint(new BigInteger(x), new BigInteger(y));
KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
PublicKey publicKey = keyFactory.generatePublic(keySpec);
assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
// Make sure a different stored key does not work
String differentKey = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL4+Vytknywh/XuOluxIqcHRoBsZHa12z+jpK" + "pwuGFlzlq3yatwC8DqUaywJjzSnoGKSge9GBjuFYwvHN17hq8U=";
assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
Aggregations