use of org.bouncycastle.crypto.params.DSAParameters in project robovm by robovm.
the class DSAParametersGenerator method generateParameters_FIPS186_3.
/**
* generate suitable parameters for DSA, in line with
* <i>FIPS 186-3 A.1 Generation of the FFC Primes p and q</i>.
*/
private DSAParameters generateParameters_FIPS186_3() {
// A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function
// FIXME This should be configurable (digest size in bits must be >= N)
Digest d = digest;
int outlen = d.getDigestSize() * 8;
// 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If
// the pair is not in the list, then return INVALID.
// Note: checked at initialisation
// 2. If (seedlen < N), then return INVALID.
// FIXME This should be configurable (must be >= N)
int seedlen = N;
byte[] seed = new byte[seedlen / 8];
// 3. n = ceiling(L ⁄ outlen) – 1.
int n = (L - 1) / outlen;
// 4. b = L – 1 – (n ∗ outlen).
int b = (L - 1) % outlen;
byte[] output = new byte[d.getDigestSize()];
for (; ; ) {
// 5. Get an arbitrary sequence of seedlen bits as the domain_parameter_seed.
random.nextBytes(seed);
// 6. U = Hash (domain_parameter_seed) mod 2^(N–1).
hash(d, seed, output);
BigInteger U = new BigInteger(1, output).mod(ONE.shiftLeft(N - 1));
// 7. q = 2^(N–1) + U + 1 – ( U mod 2).
BigInteger q = ONE.shiftLeft(N - 1).add(U).add(ONE).subtract(U.mod(TWO));
// TODO Review C.3 for primality checking
if (!q.isProbablePrime(certainty)) {
// 9. If q is not a prime, then go to step 5.
continue;
}
// 10. offset = 1.
// Note: 'offset' value managed incrementally
byte[] offset = Arrays.clone(seed);
// 11. For counter = 0 to (4L – 1) do
int counterLimit = 4 * L;
for (int counter = 0; counter < counterLimit; ++counter) {
// 11.1 For j = 0 to n do
// Vj = Hash ((domain_parameter_seed + offset + j) mod 2^seedlen).
// 11.2 W = V0 + (V1 ∗ 2^outlen) + ... + (V^(n–1) ∗ 2^((n–1) ∗ outlen)) + ((Vn mod 2^b) ∗ 2^(n ∗ outlen)).
// TODO Assemble w as a byte array
BigInteger W = ZERO;
for (int j = 0, exp = 0; j <= n; ++j, exp += outlen) {
inc(offset);
hash(d, offset, output);
BigInteger Vj = new BigInteger(1, output);
if (j == n) {
Vj = Vj.mod(ONE.shiftLeft(b));
}
W = W.add(Vj.shiftLeft(exp));
}
// 11.3 X = W + 2^(L–1). Comment: 0 ≤ W < 2L–1; hence, 2L–1 ≤ X < 2L.
BigInteger X = W.add(ONE.shiftLeft(L - 1));
// 11.4 c = X mod 2q.
BigInteger c = X.mod(q.shiftLeft(1));
// 11.5 p = X - (c - 1). Comment: p ≡ 1 (mod 2q).
BigInteger p = X.subtract(c.subtract(ONE));
// 11.6 If (p < 2^(L - 1)), then go to step 11.9
if (p.bitLength() != L) {
continue;
}
// TODO Review C.3 for primality checking
if (p.isProbablePrime(certainty)) {
// (optionally) the values of domain_parameter_seed and counter.
if (usageIndex >= 0) {
BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, usageIndex);
if (g != null) {
return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter, usageIndex));
}
}
BigInteger g = calculateGenerator_FIPS186_3_Unverifiable(p, q, random);
return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter));
}
// 11.9 offset = offset + n + 1. Comment: Increment offset; then, as part of
// the loop in step 11, increment counter; if
// counter < 4L, repeat steps 11.1 through 11.8.
// Note: 'offset' value already incremented in inner loop
}
// 12. Go to step 5.
}
}
use of org.bouncycastle.crypto.params.DSAParameters in project robovm by robovm.
the class DSASigner method verifySignature.
/**
* return true if the value r and s represent a DSA signature for
* the passed in message for standard DSA the message should be a
* SHA-1 hash of the real message to be verified.
*/
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) {
DSAParameters params = key.getParameters();
BigInteger m = calculateE(params.getQ(), message);
BigInteger zero = BigInteger.valueOf(0);
if (zero.compareTo(r) >= 0 || params.getQ().compareTo(r) <= 0) {
return false;
}
if (zero.compareTo(s) >= 0 || params.getQ().compareTo(s) <= 0) {
return false;
}
BigInteger w = s.modInverse(params.getQ());
BigInteger u1 = m.multiply(w).mod(params.getQ());
BigInteger u2 = r.multiply(w).mod(params.getQ());
u1 = params.getG().modPow(u1, params.getP());
u2 = ((DSAPublicKeyParameters) key).getY().modPow(u2, params.getP());
BigInteger v = u1.multiply(u2).mod(params.getP()).mod(params.getQ());
return v.equals(r);
}
use of org.bouncycastle.crypto.params.DSAParameters in project robovm by robovm.
the class DSASigner method generateSignature.
/**
* generate a signature for the given message using the key we were
* initialised with. For conventional DSA the message should be a SHA-1
* hash of the message of interest.
*
* @param message the message that will be verified later.
*/
public BigInteger[] generateSignature(byte[] message) {
DSAParameters params = key.getParameters();
BigInteger m = calculateE(params.getQ(), message);
BigInteger k;
int qBitLength = params.getQ().bitLength();
do {
k = new BigInteger(qBitLength, random);
} while (k.compareTo(params.getQ()) >= 0);
BigInteger r = params.getG().modPow(k, params.getP()).mod(params.getQ());
k = k.modInverse(params.getQ()).multiply(m.add(((DSAPrivateKeyParameters) key).getX().multiply(r)));
BigInteger s = k.mod(params.getQ());
BigInteger[] res = new BigInteger[2];
res[0] = r;
res[1] = s;
return res;
}
use of org.bouncycastle.crypto.params.DSAParameters in project XobotOS by xamarin.
the class PublicKeyFactory method createKey.
/**
* Create a public key from the passed in SubjectPublicKeyInfo
*
* @param keyInfo the SubjectPublicKeyInfo containing the key data
* @return the appropriate key parameter
* @throws IOException on an error decoding the key
*/
public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo) throws IOException {
AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption) || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa)) {
RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence) keyInfo.getPublicKey());
return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent());
} else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber)) {
DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.getPublicKey());
BigInteger y = dhPublicKey.getY().getValue();
DHDomainParameters dhParams = DHDomainParameters.getInstance(keyInfo.getAlgorithmId().getParameters());
BigInteger p = dhParams.getP().getValue();
BigInteger g = dhParams.getG().getValue();
BigInteger q = dhParams.getQ().getValue();
BigInteger j = null;
if (dhParams.getJ() != null) {
j = dhParams.getJ().getValue();
}
DHValidationParameters validation = null;
DHValidationParms dhValidationParms = dhParams.getValidationParms();
if (dhValidationParms != null) {
byte[] seed = dhValidationParms.getSeed().getBytes();
BigInteger pgenCounter = dhValidationParms.getPgenCounter().getValue();
// TODO Check pgenCounter size?
validation = new DHValidationParameters(seed, pgenCounter.intValue());
}
return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
} else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) {
DHParameter params = new DHParameter((ASN1Sequence) keyInfo.getAlgorithmId().getParameters());
DERInteger derY = (DERInteger) keyInfo.getPublicKey();
BigInteger lVal = params.getL();
int l = lVal == null ? 0 : lVal.intValue();
DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
return new DHPublicKeyParameters(derY.getValue(), dhParams);
} else // END android-removed
if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa) || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1)) {
DERInteger derY = (DERInteger) keyInfo.getPublicKey();
DEREncodable de = keyInfo.getAlgorithmId().getParameters();
DSAParameters parameters = null;
if (de != null) {
DSAParameter params = DSAParameter.getInstance(de.getDERObject());
parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
}
return new DSAPublicKeyParameters(derY.getValue(), parameters);
} else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) {
X962Parameters params = new X962Parameters((DERObject) keyInfo.getAlgorithmId().getParameters());
ECDomainParameters dParams = null;
if (params.isNamedCurve()) {
DERObjectIdentifier oid = (DERObjectIdentifier) params.getParameters();
X9ECParameters ecP = X962NamedCurves.getByOID(oid);
if (ecP == null) {
ecP = SECNamedCurves.getByOID(oid);
if (ecP == null) {
ecP = NISTNamedCurves.getByOID(oid);
// BEGIN android-removed
// if (ecP == null)
// {
// ecP = TeleTrusTNamedCurves.getByOID(oid);
// }
// END android-removed
}
}
dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
} else {
X9ECParameters ecP = new X9ECParameters((ASN1Sequence) params.getParameters());
dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
}
DERBitString bits = keyInfo.getPublicKeyData();
byte[] data = bits.getBytes();
ASN1OctetString key = new DEROctetString(data);
X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
return new ECPublicKeyParameters(derQ.getPoint(), dParams);
} else {
throw new RuntimeException("algorithm identifier in key not recognised");
}
}
use of org.bouncycastle.crypto.params.DSAParameters in project XobotOS by xamarin.
the class DSASigner method generateSignature.
/**
* generate a signature for the given message using the key we were
* initialised with. For conventional DSA the message should be a SHA-1
* hash of the message of interest.
*
* @param message the message that will be verified later.
*/
public BigInteger[] generateSignature(byte[] message) {
DSAParameters params = key.getParameters();
BigInteger m = calculateE(params.getQ(), message);
BigInteger k;
int qBitLength = params.getQ().bitLength();
do {
k = new BigInteger(qBitLength, random);
} while (k.compareTo(params.getQ()) >= 0);
BigInteger r = params.getG().modPow(k, params.getP()).mod(params.getQ());
k = k.modInverse(params.getQ()).multiply(m.add(((DSAPrivateKeyParameters) key).getX().multiply(r)));
BigInteger s = k.mod(params.getQ());
BigInteger[] res = new BigInteger[2];
res[0] = r;
res[1] = s;
return res;
}
Aggregations