Examples with HMac org.bouncycastle.crypto.macs.HMac used on opensource projects

Example 1 with HMac

use of org.bouncycastle.crypto.macs.HMac in project robovm by robovm.

the class BcKeyStoreSpi method engineLoad.

public void engineLoad(InputStream stream, char[] password) throws IOException {
    table.clear();
    if (// just initialising
    stream == null) {
        return;
    }
    DataInputStream dIn = new DataInputStream(stream);
    int version = dIn.readInt();
    if (version != STORE_VERSION) {
        if (version != 0 && version != 1) {
            throw new IOException("Wrong version of key store.");
        }
    }
    int saltLength = dIn.readInt();
    if (saltLength <= 0) {
        throw new IOException("Invalid salt detected");
    }
    byte[] salt = new byte[saltLength];
    dIn.readFully(salt);
    int iterationCount = dIn.readInt();
    //
    // we only do an integrity check if the password is provided.
    //
    HMac hMac = new HMac(new SHA1Digest());
    if (password != null && password.length != 0) {
        byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
        PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
        pbeGen.init(passKey, salt, iterationCount);
        CipherParameters macParams;
        if (version != 2) {
            macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
        } else {
            macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8);
        }
        Arrays.fill(passKey, (byte) 0);
        hMac.init(macParams);
        MacInputStream mIn = new MacInputStream(dIn, hMac);
        loadStore(mIn);
        // Finalise our mac calculation
        byte[] mac = new byte[hMac.getMacSize()];
        hMac.doFinal(mac, 0);
        // TODO Should this actually be reading the remainder of the stream?
        // Read the original mac from the stream
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
        if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
            table.clear();
            throw new IOException("KeyStore integrity check failed.");
        }
    } else {
        loadStore(dIn);
        // TODO Should this actually be reading the remainder of the stream?
        // Parse the original mac from the stream too
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
    }
}

Example 2 with HMac

use of org.bouncycastle.crypto.macs.HMac in project google-authenticator by google.

the class AuthenticatorScreen method computePin.

/**
   * Computes the one-time PIN given the secret key.
   * 
   * @param secret
   *          the secret key
   * @return the PIN
   * @throws GeneralSecurityException
   * @throws DecodingException
   *           If the key string is improperly encoded.
   */
public static String computePin(String secret, Long counter) {
    try {
        final byte[] keyBytes = Base32String.decode(secret);
        Mac mac = new HMac(new SHA1Digest());
        mac.init(new KeyParameter(keyBytes));
        PasscodeGenerator pcg = new PasscodeGenerator(mac);
        if (counter == null) {
            // time-based totp
            return pcg.generateTimeoutCode();
        } else {
            // counter-based hotp
            return pcg.generateResponseCode(counter.longValue());
        }
    } catch (RuntimeException e) {
        return "General security exception";
    } catch (DecodingException e) {
        return "Decoding exception";
    }
}

Example 3 with HMac

use of org.bouncycastle.crypto.macs.HMac in project XobotOS by xamarin.

the class JDKKeyStore method engineLoad.

public void engineLoad(InputStream stream, char[] password) throws IOException {
    table.clear();
    if (// just initialising
    stream == null) {
        return;
    }
    DataInputStream dIn = new DataInputStream(stream);
    int version = dIn.readInt();
    if (version != STORE_VERSION) {
        if (version != 0) {
            throw new IOException("Wrong version of key store.");
        }
    }
    byte[] salt = new byte[dIn.readInt()];
    dIn.readFully(salt);
    int iterationCount = dIn.readInt();
    //
    // we only do an integrity check if the password is provided.
    //
    // BEGIN android-changed
    HMac hMac = new HMac(new OpenSSLDigest.SHA1());
    // END android-changed
    if (password != null && password.length != 0) {
        byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
        // BEGIN android-changed
        PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1());
        // END android-changed
        pbeGen.init(passKey, salt, iterationCount);
        CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
        Arrays.fill(passKey, (byte) 0);
        hMac.init(macParams);
        MacInputStream mIn = new MacInputStream(dIn, hMac);
        loadStore(mIn);
        // Finalise our mac calculation
        byte[] mac = new byte[hMac.getMacSize()];
        hMac.doFinal(mac, 0);
        // TODO Should this actually be reading the remainder of the stream?
        // Read the original mac from the stream
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
        if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
            table.clear();
            throw new IOException("KeyStore integrity check failed.");
        }
    } else {
        loadStore(dIn);
        // TODO Should this actually be reading the remainder of the stream?
        // Parse the original mac from the stream too
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
    }
}

Example 4 with HMac

use of org.bouncycastle.crypto.macs.HMac in project google-authenticator by google.

the class CheckCodeScreen method getCheckCode.

static String getCheckCode(String secret) throws Base32String.DecodingException {
    final byte[] keyBytes = Base32String.decode(secret);
    Mac mac = new HMac(new SHA1Digest());
    mac.init(new KeyParameter(keyBytes));
    PasscodeGenerator pcg = new PasscodeGenerator(mac);
    return pcg.generateResponseCode(0L);
}

Example 5 with HMac

use of org.bouncycastle.crypto.macs.HMac in project robovm by robovm.

the class BcKeyStoreSpi method engineStore.

public void engineStore(OutputStream stream, char[] password) throws IOException {
    DataOutputStream dOut = new DataOutputStream(stream);
    byte[] salt = new byte[STORE_SALT_SIZE];
    int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
    random.nextBytes(salt);
    dOut.writeInt(version);
    dOut.writeInt(salt.length);
    dOut.write(salt);
    dOut.writeInt(iterationCount);
    HMac hMac = new HMac(new SHA1Digest());
    MacOutputStream mOut = new MacOutputStream(hMac);
    PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
    byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
    pbeGen.init(passKey, salt, iterationCount);
    if (version < 2) {
        hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize()));
    } else {
        hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8));
    }
    for (int i = 0; i != passKey.length; i++) {
        passKey[i] = 0;
    }
    saveStore(new TeeOutputStream(dOut, mOut));
    byte[] mac = new byte[hMac.getMacSize()];
    hMac.doFinal(mac, 0);
    dOut.write(mac);
    dOut.close();
}