Examples with KeyAgreement javax.crypto.KeyAgreement used on opensource projects

Example 36 with KeyAgreement

use of javax.crypto.KeyAgreement in project geode by apache.

the class HandShake method getDecryptCipher.

private Cipher getDecryptCipher(String dhSKAlgo, PublicKey publicKey) throws Exception {
    if (_decrypt == null) {
        try {
            KeyAgreement ka = KeyAgreement.getInstance("DH");
            ka.init(dhPrivateKey);
            ka.doPhase(publicKey, true);
            Cipher decrypt;
            int keysize = getKeySize(dhSKAlgo);
            int blocksize = getBlockSize(dhSKAlgo);
            if (keysize == -1 || blocksize == -1) {
                SecretKey sKey = ka.generateSecret(dhSKAlgo);
                decrypt = Cipher.getInstance(dhSKAlgo);
                decrypt.init(Cipher.DECRYPT_MODE, sKey);
            } else {
                String algoStr = getDhAlgoStr(dhSKAlgo);
                byte[] sKeyBytes = ka.generateSecret();
                SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
                IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
                decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
                decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
            }
            _decrypt = decrypt;
        } catch (Exception ex) {
            throw ex;
        }
    }
    return _decrypt;
}

Example 37 with KeyAgreement

use of javax.crypto.KeyAgreement in project geode by apache.

the class HandShake method getEncryptCipher.

private Cipher getEncryptCipher(String dhSKAlgo, PublicKey publicKey) throws Exception {
    try {
        if (_encrypt == null) {
            KeyAgreement ka = KeyAgreement.getInstance("DH");
            ka.init(dhPrivateKey);
            ka.doPhase(publicKey, true);
            Cipher encrypt;
            int keysize = getKeySize(dhSKAlgo);
            int blocksize = getBlockSize(dhSKAlgo);
            if (keysize == -1 || blocksize == -1) {
                SecretKey sKey = ka.generateSecret(dhSKAlgo);
                encrypt = Cipher.getInstance(dhSKAlgo);
                encrypt.init(Cipher.ENCRYPT_MODE, sKey);
            } else {
                String dhAlgoStr = getDhAlgoStr(dhSKAlgo);
                byte[] sKeyBytes = ka.generateSecret();
                SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, dhAlgoStr);
                IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
                encrypt = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
                encrypt.init(Cipher.ENCRYPT_MODE, sks, ivps);
            }
            _encrypt = encrypt;
        }
    } catch (Exception ex) {
        throw ex;
    }
    return _encrypt;
}

Example 38 with KeyAgreement

use of javax.crypto.KeyAgreement in project wycheproof by google.

the class EcdhTest method testModifiedPublicSpec.

/**
   * This is a similar test as testModifiedPublic. However, this test uses test vectors
   * ECPublicKeySpec
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testModifiedPublicSpec(String algorithm) throws Exception {
    KeyAgreement ka;
    try {
        ka = KeyAgreement.getInstance(algorithm);
    } catch (NoSuchAlgorithmException ex) {
        System.out.println("testWrongOrder: " + algorithm + " not supported");
        return;
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(EcUtil.getNistP256Params());
    ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPublicKey validKey = (ECPublicKey) kf.generatePublic(EC_VALID_PUBLIC_KEY.getSpec());
    ka.init(priv);
    ka.doPhase(validKey, true);
    String expected = TestUtil.bytesToHex(ka.generateSecret());
    for (EcPublicKeyTestVector test : EC_MODIFIED_PUBLIC_KEYS) {
        ECPublicKeySpec spec = test.getSpec();
        if (spec == null) {
            // spec == null if one of these validity checks fails. Of course such a failure is OK.
            continue;
        }
        try {
            ECPublicKey modifiedKey = (ECPublicKey) kf.generatePublic(spec);
            ka.init(priv);
            ka.doPhase(modifiedKey, true);
            String shared = TestUtil.bytesToHex(ka.generateSecret());
            // The implementation did not notice that the public key was modified.
            // This is not nice, but at the moment we only fail the test if the
            // modification was essential for computing the shared secret.
            //
            // BouncyCastle v.1.53 fails this test, for ECDHC with modified order.
            // This implementation reduces the product s*h modulo the order given
            // in the public key. An attacker who can modify the order of the public key
            // and who can learn whether such a modification changes the shared secret is
            // able to learn the private key with a simple binary search.
            assertEquals("algorithm:" + algorithm + " test:" + test.comment, expected, shared);
        } catch (GeneralSecurityException ex) {
            // OK, since the public keys have been modified.
            System.out.println("testModifiedPublic:" + test.comment + " throws " + ex.toString());
        }
    }
}

Example 39 with KeyAgreement

use of javax.crypto.KeyAgreement in project wycheproof by google.

the class EcdhTest method testModifiedPublic.

/**
   * This test modifies the order of group in the public key. A severe bug would be an
   * implementation that leaks information whether the private key is larger than the order given in
   * the public key. Also a severe bug would be to reduce the private key modulo the order given in
   * the public key parameters.
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testModifiedPublic(String algorithm) throws Exception {
    KeyAgreement ka;
    try {
        ka = KeyAgreement.getInstance(algorithm);
    } catch (NoSuchAlgorithmException ex) {
        System.out.println("testWrongOrder: " + algorithm + " not supported");
        return;
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(EcUtil.getNistP256Params());
    ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPublicKey validKey = (ECPublicKey) kf.generatePublic(EC_VALID_PUBLIC_KEY.getSpec());
    ka.init(priv);
    ka.doPhase(validKey, true);
    String expected = TestUtil.bytesToHex(ka.generateSecret());
    for (EcPublicKeyTestVector test : EC_MODIFIED_PUBLIC_KEYS) {
        try {
            X509EncodedKeySpec spec = test.getX509EncodedKeySpec();
            ECPublicKey modifiedKey = (ECPublicKey) kf.generatePublic(spec);
            ka.init(priv);
            ka.doPhase(modifiedKey, true);
            String shared = TestUtil.bytesToHex(ka.generateSecret());
            // The implementation did not notice that the public key was modified.
            // This is not nice, but at the moment we only fail the test if the
            // modification was essential for computing the shared secret.
            //
            // BouncyCastle v.1.53 fails this test, for ECDHC with modified order.
            // This implementation reduces the product s*h modulo the order given
            // in the public key. An attacker who can modify the order of the public key
            // and who can learn whether such a modification changes the shared secret is
            // able to learn the private key with a simple binary search.
            assertEquals("algorithm:" + algorithm + " test:" + test.comment, expected, shared);
        } catch (GeneralSecurityException ex) {
            // OK, since the public keys have been modified.
            System.out.println("testModifiedPublic:" + test.comment + " throws " + ex.toString());
        }
    }
}

Example 40 with KeyAgreement

use of javax.crypto.KeyAgreement in project wycheproof by google.

the class DhTest method testSubgroupConfinement.

/**
   * Tests whether a provider accepts invalid public keys that result in predictable shared secrets.
   * This test is based on RFC 2785, Section 4 and NIST SP 800-56A, If an attacker can modify both
   * public keys in an ephemeral-ephemeral key agreement scheme then it may be possible to coerce
   * both parties into computing the same predictable shared key.
   *
   * <p> Note: the test is quite whimsical. If the prime p is not a safe prime then the provider
   * itself cannot prevent all small-subgroup attacks because of the missing parameter q in the
   * Diffie-Hellman parameters. Implementations must add additional countermeasures such as the ones
   * proposed in RFC 2785.
   *
   * <p> CVE-2016-1000346: BouncyCastle before v.1.56 did not validate the other parties public key.
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testSubgroupConfinement() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    DHParameterSpec params = ike2048();
    BigInteger p = params.getP();
    BigInteger g = params.getG();
    keyGen.initialize(params);
    PrivateKey priv = keyGen.generateKeyPair().getPrivate();
    KeyAgreement ka = KeyAgreement.getInstance("DH");
    BigInteger[] weakPublicKeys = { BigInteger.ZERO, BigInteger.ONE, p.subtract(BigInteger.ONE), p, p.add(BigInteger.ONE), BigInteger.ONE.negate() };
    for (BigInteger weakKey : weakPublicKeys) {
        ka.init(priv);
        try {
            KeyFactory kf = KeyFactory.getInstance("DH");
            DHPublicKeySpec weakSpec = new DHPublicKeySpec(weakKey, p, g);
            PublicKey pub = kf.generatePublic(weakSpec);
            ka.doPhase(pub, true);
            byte[] kAB = ka.generateSecret();
            fail("Generated secrets with weak public key:" + weakKey.toString() + " secret:" + TestUtil.bytesToHex(kAB));
        } catch (GeneralSecurityException ex) {
        // this is expected
        }
    }
}