Search in sources :

Example 21 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project jdk8u_jdk by JetBrains.

the class KAParticipant method runTest.

public static boolean runTest(String algo, int numParties, String secretAlgo) {
    KAParticipant[] parties = new KAParticipant[numParties];
    Key[] keyArchives = new Key[numParties];
    try {
        // generate AlogirhtmParameterSpec
        AlgorithmParameterGenerator apg = AlgorithmParameterGenerator.getInstance("DH", "SunJCE");
        AlgorithmParameterSpec aps = new DHGenParameterSpec(512, 64);
        apg.init(aps);
        DHParameterSpec spec = apg.generateParameters().getParameterSpec(DHParameterSpec.class);
        //initilize all KeyAgreement participants
        for (int i = 0; i < numParties; i++) {
            parties[i] = new KAParticipant(PA_NAMES[i], algo);
            parties[i].initialize(spec);
            keyArchives[i] = parties[i].getPublicKey();
        }
        // Do all phases in the KeyAgreement for all participants
        Key[] keyBuffer = new Key[numParties];
        boolean lastPhase = false;
        for (int j = 0; j < numParties - 1; j++) {
            if (j == numParties - 2) {
                lastPhase = true;
            }
            for (int k = 0; k < numParties; k++) {
                if (k == numParties - 1) {
                    keyBuffer[k] = parties[k].doPhase(keyArchives[0], lastPhase);
                } else {
                    keyBuffer[k] = parties[k].doPhase(keyArchives[k + 1], lastPhase);
                }
            }
            System.arraycopy(keyBuffer, 0, keyArchives, 0, numParties);
        }
        //Comparison: The secret keys generated by all involved parties should be the same
        SecretKey[] sKeys = new SecretKey[numParties];
        for (int n = 0; n < numParties; n++) {
            sKeys[n] = parties[n].generateSecret(secretAlgo);
        }
        for (int q = 0; q < numParties - 1; q++) {
            if (!Arrays.equals(sKeys[q].getEncoded(), sKeys[q + 1].getEncoded())) {
                return false;
            }
        }
        return true;
    } catch (Exception ex) {
        ex.printStackTrace();
        return false;
    }
}
Also used : DHGenParameterSpec(javax.crypto.spec.DHGenParameterSpec) AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator) DHParameterSpec(javax.crypto.spec.DHParameterSpec) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) SecretKey(javax.crypto.SecretKey) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) Key(java.security.Key) SecretKey(javax.crypto.SecretKey)

Example 22 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project geode by apache.

the class HandShake method initDHKeys.

/**
   * Initialize the Diffie-Hellman keys. This method is not thread safe
   */
public static void initDHKeys(DistributionConfig config) throws Exception {
    dhSKAlgo = config.getSecurityClientDHAlgo();
    dhPrivateKey = null;
    dhPublicKey = null;
    // that has authenticator defined.
    if ((dhSKAlgo != null && dhSKAlgo.length() > 0) || securityService.isClientSecurityRequired()) {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
        DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
        keyGen.initialize(dhSpec);
        KeyPair keypair = keyGen.generateKeyPair();
        // Get the generated public and private keys
        dhPrivateKey = keypair.getPrivate();
        dhPublicKey = keypair.getPublic();
        random = new SecureRandom();
        // Force the random generator to seed itself.
        byte[] someBytes = new byte[48];
        random.nextBytes(someBytes);
    }
}
Also used : KeyPair(java.security.KeyPair) SecureRandom(java.security.SecureRandom) DHParameterSpec(javax.crypto.spec.DHParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator)

Example 23 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project wycheproof by google.

the class DhTest method testSubgroupConfinement.

/**
   * Tests whether a provider accepts invalid public keys that result in predictable shared secrets.
   * This test is based on RFC 2785, Section 4 and NIST SP 800-56A, If an attacker can modify both
   * public keys in an ephemeral-ephemeral key agreement scheme then it may be possible to coerce
   * both parties into computing the same predictable shared key.
   *
   * <p> Note: the test is quite whimsical. If the prime p is not a safe prime then the provider
   * itself cannot prevent all small-subgroup attacks because of the missing parameter q in the
   * Diffie-Hellman parameters. Implementations must add additional countermeasures such as the ones
   * proposed in RFC 2785.
   *
   * <p> CVE-2016-1000346: BouncyCastle before v.1.56 did not validate the other parties public key.
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testSubgroupConfinement() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    DHParameterSpec params = ike2048();
    BigInteger p = params.getP();
    BigInteger g = params.getG();
    keyGen.initialize(params);
    PrivateKey priv = keyGen.generateKeyPair().getPrivate();
    KeyAgreement ka = KeyAgreement.getInstance("DH");
    BigInteger[] weakPublicKeys = { BigInteger.ZERO, BigInteger.ONE, p.subtract(BigInteger.ONE), p, p.add(BigInteger.ONE), BigInteger.ONE.negate() };
    for (BigInteger weakKey : weakPublicKeys) {
        ka.init(priv);
        try {
            KeyFactory kf = KeyFactory.getInstance("DH");
            DHPublicKeySpec weakSpec = new DHPublicKeySpec(weakKey, p, g);
            PublicKey pub = kf.generatePublic(weakSpec);
            ka.doPhase(pub, true);
            byte[] kAB = ka.generateSecret();
            fail("Generated secrets with weak public key:" + weakKey.toString() + " secret:" + TestUtil.bytesToHex(kAB));
        } catch (GeneralSecurityException ex) {
        // this is expected
        }
    }
}
Also used : DHPrivateKey(javax.crypto.interfaces.DHPrivateKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) GeneralSecurityException(java.security.GeneralSecurityException) BigInteger(java.math.BigInteger) DHParameterSpec(javax.crypto.spec.DHParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory)

Example 24 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project wycheproof by google.

the class DhTest method ike1536.

public DHParameterSpec ike1536() {
    final BigInteger p = new BigInteger("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74" + "020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f1437" + "4fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7ed" + "ee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf05" + "98da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb" + "9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff", 16);
    final BigInteger g = new BigInteger("2");
    return new DHParameterSpec(p, g);
}
Also used : BigInteger(java.math.BigInteger) DHParameterSpec(javax.crypto.spec.DHParameterSpec)

Example 25 with DHParameterSpec

use of javax.crypto.spec.DHParameterSpec in project wycheproof by google.

the class DhTest method ike2048.

public DHParameterSpec ike2048() {
    final BigInteger p = new BigInteger("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74" + "020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f1437" + "4fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7ed" + "ee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf05" + "98da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb" + "9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3b" + "e39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf695581718" + "3995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff", 16);
    final BigInteger g = new BigInteger("2");
    return new DHParameterSpec(p, g);
}
Also used : BigInteger(java.math.BigInteger) DHParameterSpec(javax.crypto.spec.DHParameterSpec)

Aggregations

DHParameterSpec (javax.crypto.spec.DHParameterSpec)44 BigInteger (java.math.BigInteger)18 KeyPair (java.security.KeyPair)13 KeyPairGenerator (java.security.KeyPairGenerator)13 KeyAgreement (javax.crypto.KeyAgreement)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 SecureRandom (java.security.SecureRandom)7 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6 InvalidKeyException (java.security.InvalidKeyException)6 KeyFactory (java.security.KeyFactory)6 PublicKey (java.security.PublicKey)6 DHPrivateKey (javax.crypto.interfaces.DHPrivateKey)6 DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)6 DHPublicKey (javax.crypto.interfaces.DHPublicKey)5 IOException (java.io.IOException)4 PrivateKey (java.security.PrivateKey)4 CertificateException (java.security.cert.CertificateException)4 X509Certificate (java.security.cert.X509Certificate)4 X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)4 X509KeyManager (javax.net.ssl.X509KeyManager)4