Example 21 with KeyAgreement
use of javax.crypto.KeyAgreement in project error-prone by google.
the class InsecureCipherModePositiveCases method keyOperations.
public void keyOperations(StringProvider provider) {
KeyFactory keyFactory;
KeyAgreement keyAgreement;
KeyPairGenerator keyPairGenerator;
final String dh = "DH";
try {
// BUG: Diagnostic contains: compile-time constant
keyFactory = KeyFactory.getInstance(provider.get());
// BUG: Diagnostic contains: Diffie-Hellman on prime fields
keyFactory = KeyFactory.getInstance(dh);
// BUG: Diagnostic contains: DSA
keyAgreement = KeyAgreement.getInstance("DSA");
// BUG: Diagnostic contains: compile-time constant
keyAgreement = KeyAgreement.getInstance(provider.get());
// BUG: Diagnostic contains: Diffie-Hellman on prime fields
keyPairGenerator = KeyPairGenerator.getInstance(dh);
// BUG: Diagnostic contains: compile-time constant
keyPairGenerator = KeyPairGenerator.getInstance(provider.get());
} catch (NoSuchAlgorithmException e) {
// We don't handle any exception as this code is not meant to be executed.
}
}
Also used :
KeyPairGenerator(java.security.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyAgreement(javax.crypto.KeyAgreement)
KeyFactory(java.security.KeyFactory)
Example 22 with KeyAgreement
use of javax.crypto.KeyAgreement in project wycheproof by google.
the class EcdhTest method testBasic.
/** Checks that key agreement using ECDH works. */
public void testBasic() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
keyGen.initialize(ecSpec);
KeyPair keyPairA = keyGen.generateKeyPair();
KeyPair keyPairB = keyGen.generateKeyPair();
KeyAgreement kaA = KeyAgreement.getInstance("ECDH");
KeyAgreement kaB = KeyAgreement.getInstance("ECDH");
kaA.init(keyPairA.getPrivate());
kaB.init(keyPairB.getPrivate());
kaA.doPhase(keyPairB.getPublic(), true);
kaB.doPhase(keyPairA.getPublic(), true);
byte[] kAB = kaA.generateSecret();
byte[] kBA = kaB.generateSecret();
assertEquals(TestUtil.bytesToHex(kAB), TestUtil.bytesToHex(kBA));
}
Also used :
KeyPair(java.security.KeyPair)
ECGenParameterSpec(java.security.spec.ECGenParameterSpec)
KeyPairGenerator(java.security.KeyPairGenerator)
KeyAgreement(javax.crypto.KeyAgreement)
Example 23 with KeyAgreement
use of javax.crypto.KeyAgreement in project wycheproof by google.
the class EcdhTest method testVectors.
public void testVectors() throws Exception {
KeyAgreement ka = KeyAgreement.getInstance("ECDH");
for (EcdhTestVector t : ECDH_TEST_VECTORS) {
try {
ka.init(t.getPrivateKey());
ka.doPhase(t.getPublicKey(), true);
byte[] shared = ka.generateSecret();
assertEquals("Curve:" + t.curvename, TestUtil.bytesToHex(shared), t.shared);
} catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {
// Skipped, because the provider does not support the curve.
}
}
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
KeyAgreement(javax.crypto.KeyAgreement)
Example 24 with KeyAgreement
use of javax.crypto.KeyAgreement in project wycheproof by google.
the class EcdhTest method testWrongOrder.
/**
* This test modifies the order of group in the public key. A severe bug would be an
* implementation that leaks information whether the private key is larger than the order given in
* the public key. Also a severe bug would be to reduce the private key modulo the order given in
* the public key parameters.
*/
// TODO(bleichen): This can be merged with testModifiedPublic once this is fixed.
@SuppressWarnings("InsecureCryptoUsage")
public void testWrongOrder(String algorithm, ECParameterSpec spec) throws Exception {
KeyAgreement ka;
try {
ka = KeyAgreement.getInstance(algorithm);
} catch (NoSuchAlgorithmException ex) {
System.out.println("testWrongOrder: " + algorithm + " not supported");
return;
}
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
ECPrivateKey priv;
ECPublicKey pub;
try {
keyGen.initialize(spec);
priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
pub = (ECPublicKey) keyGen.generateKeyPair().getPublic();
} catch (GeneralSecurityException ex) {
// This is OK, since not all provider support Brainpool curves
System.out.println("testWrongOrder: could not generate keys for curve");
return;
}
// Get the shared secret for the unmodified keys.
ka.init(priv);
ka.doPhase(pub, true);
byte[] shared = ka.generateSecret();
// Generate a modified public key.
ECParameterSpec modifiedParams = new ECParameterSpec(spec.getCurve(), spec.getGenerator(), spec.getOrder().shiftRight(16), 1);
ECPublicKeySpec modifiedPubSpec = new ECPublicKeySpec(pub.getW(), modifiedParams);
KeyFactory kf = KeyFactory.getInstance("EC");
ECPublicKey modifiedPub;
try {
modifiedPub = (ECPublicKey) kf.generatePublic(modifiedPubSpec);
} catch (GeneralSecurityException ex) {
// The provider does not support non-standard curves or did a validity check.
// Both would be correct.
System.out.println("testWrongOrder: can't modify order.");
return;
}
byte[] shared2;
try {
ka.init(priv);
ka.doPhase(modifiedPub, true);
shared2 = ka.generateSecret();
} catch (GeneralSecurityException ex) {
// This is the expected behavior
System.out.println("testWrongOrder:" + ex.toString());
return;
}
// TODO(bleichen): Getting here is already a bug and we might flag this later.
// At the moment we are only interested in really bad behavior of a library, that potentially
// leaks the secret key. This is the case when the shared secrets are different, since this
// suggests that the implementation reduces the multiplier modulo the given order of the curve
// or some other behaviour that is dependent on the private key.
// An attacker who can check whether a DH computation was done correctly or incorrectly because
// of modular reduction, can determine the private key, either by a binary search or by trying
// to guess the private key modulo some small "order".
// BouncyCastle v.1.53 fails this test, and leaks the private key.
System.out.println("Generated shared secret with a modified order:" + algorithm + "\n" + "expected:" + TestUtil.bytesToHex(shared) + " computed:" + TestUtil.bytesToHex(shared2));
assertEquals("Algorithm:" + algorithm, TestUtil.bytesToHex(shared), TestUtil.bytesToHex(shared2));
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
ECParameterSpec(java.security.spec.ECParameterSpec)
GeneralSecurityException(java.security.GeneralSecurityException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyPairGenerator(java.security.KeyPairGenerator)
KeyAgreement(javax.crypto.KeyAgreement)
ECPublicKeySpec(java.security.spec.ECPublicKeySpec)
KeyFactory(java.security.KeyFactory)
Example 25 with KeyAgreement
use of javax.crypto.KeyAgreement in project wycheproof by google.
the class EcdhTest method testDistinctCurves.
@SuppressWarnings("InsecureCryptoUsage")
public void testDistinctCurves(String algorithm, ECPrivateKey priv, ECPublicKey pub) throws Exception {
KeyAgreement kaA;
try {
kaA = KeyAgreement.getInstance(algorithm);
} catch (NoSuchAlgorithmException ex) {
System.out.println("Algorithm not supported: " + algorithm);
return;
}
byte[] shared;
try {
kaA.init(priv);
kaA.doPhase(pub, true);
shared = kaA.generateSecret();
} catch (InvalidKeyException ex) {
// This is expected.
return;
}
// Printing some information to determine what might have gone wrong:
// E.g., if the generated secret is the same as the x-coordinate of the public key
// then it is likely that the ECDH computation was using a fake group with small order.
// Such a situation is probably exploitable.
// This probably is exploitable. If the curve of the private key was used for the ECDH
// then the generated secret and the x-coordinate of the public key are likely
// distinct.
EllipticCurve pubCurve = pub.getParams().getCurve();
EllipticCurve privCurve = priv.getParams().getCurve();
ECPoint pubW = pub.getW();
System.out.println("testDistinctCurves: algorithm=" + algorithm);
System.out.println("Private key: a=" + privCurve.getA() + " b=" + privCurve.getB() + " p" + EcUtil.getModulus(privCurve));
System.out.println(" s =" + priv.getS());
System.out.println("Public key: a=" + pubCurve.getA() + " b=" + pubCurve.getB() + " p" + EcUtil.getModulus(pubCurve));
System.out.println(" w = (" + pubW.getAffineX() + ", " + pubW.getAffineY() + ")");
System.out.println(" = (" + pubW.getAffineX().toString(16) + ", " + pubW.getAffineY().toString(16) + ")");
System.out.println("generated shared secret:" + TestUtil.bytesToHex(shared));
fail("Generated secret with distinct Curves using " + algorithm);
}
Also used :
EllipticCurve(java.security.spec.EllipticCurve)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyAgreement(javax.crypto.KeyAgreement)
InvalidKeyException(java.security.InvalidKeyException)
ECPoint(java.security.spec.ECPoint)
Aggregations
KeyAgreement (javax.crypto.KeyAgreement)55
KeyPairGenerator (java.security.KeyPairGenerator)15
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14
InvalidKeyException (java.security.InvalidKeyException)12
KeyFactory (java.security.KeyFactory)12
SecretKey (javax.crypto.SecretKey)10
DHParameterSpec (javax.crypto.spec.DHParameterSpec)10
KeyPair (java.security.KeyPair)9
Cipher (javax.crypto.Cipher)9
IOException (java.io.IOException)7
PublicKey (java.security.PublicKey)7
BigInteger (java.math.BigInteger)6
SecureRandom (java.security.SecureRandom)6
DHPublicKey (javax.crypto.interfaces.DHPublicKey)6
SecretKeySpec (javax.crypto.spec.SecretKeySpec)6
GeneralSecurityException (java.security.GeneralSecurityException)5
DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)5
IvParameterSpec (javax.crypto.spec.IvParameterSpec)5
PrivateKey (java.security.PrivateKey)4
CertificateException (java.security.cert.CertificateException)4
