Search in sources :

Example 11 with DSAParameters

use of org.bouncycastle.crypto.params.DSAParameters in project robovm by robovm.

the class DSAParametersGenerator method generateParameters_FIPS186_3.

/**
     * generate suitable parameters for DSA, in line with
     * <i>FIPS 186-3 A.1 Generation of the FFC Primes p and q</i>.
     */
private DSAParameters generateParameters_FIPS186_3() {
    // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function
    // FIXME This should be configurable (digest size in bits must be >= N)
    Digest d = digest;
    int outlen = d.getDigestSize() * 8;
    // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If
    //    the pair is not in the list, then return INVALID.
    // Note: checked at initialisation
    // 2. If (seedlen < N), then return INVALID.
    // FIXME This should be configurable (must be >= N)
    int seedlen = N;
    byte[] seed = new byte[seedlen / 8];
    // 3. n = ceiling(L ⁄ outlen) – 1.
    int n = (L - 1) / outlen;
    // 4. b = L – 1 – (n ∗ outlen).
    int b = (L - 1) % outlen;
    byte[] output = new byte[d.getDigestSize()];
    for (; ; ) {
        // 5. Get an arbitrary sequence of seedlen bits as the domain_parameter_seed.
        random.nextBytes(seed);
        // 6. U = Hash (domain_parameter_seed) mod 2^(N–1).
        hash(d, seed, output);
        BigInteger U = new BigInteger(1, output).mod(ONE.shiftLeft(N - 1));
        // 7. q = 2^(N–1) + U + 1 – ( U mod 2).
        BigInteger q = ONE.shiftLeft(N - 1).add(U).add(ONE).subtract(U.mod(TWO));
        // TODO Review C.3 for primality checking
        if (!q.isProbablePrime(certainty)) {
            // 9. If q is not a prime, then go to step 5.
            continue;
        }
        // 10. offset = 1.
        // Note: 'offset' value managed incrementally
        byte[] offset = Arrays.clone(seed);
        // 11. For counter = 0 to (4L – 1) do
        int counterLimit = 4 * L;
        for (int counter = 0; counter < counterLimit; ++counter) {
            // 11.1 For j = 0 to n do
            //      Vj = Hash ((domain_parameter_seed + offset + j) mod 2^seedlen).
            // 11.2 W = V0 + (V1 ∗ 2^outlen) + ... + (V^(n–1) ∗ 2^((n–1) ∗ outlen)) + ((Vn mod 2^b) ∗ 2^(n ∗ outlen)).
            // TODO Assemble w as a byte array
            BigInteger W = ZERO;
            for (int j = 0, exp = 0; j <= n; ++j, exp += outlen) {
                inc(offset);
                hash(d, offset, output);
                BigInteger Vj = new BigInteger(1, output);
                if (j == n) {
                    Vj = Vj.mod(ONE.shiftLeft(b));
                }
                W = W.add(Vj.shiftLeft(exp));
            }
            // 11.3 X = W + 2^(L–1). Comment: 0 ≤ W < 2L–1; hence, 2L–1 ≤ X < 2L.
            BigInteger X = W.add(ONE.shiftLeft(L - 1));
            // 11.4 c = X mod 2q.
            BigInteger c = X.mod(q.shiftLeft(1));
            // 11.5 p = X - (c - 1). Comment: p ≡ 1 (mod 2q).
            BigInteger p = X.subtract(c.subtract(ONE));
            // 11.6 If (p < 2^(L - 1)), then go to step 11.9
            if (p.bitLength() != L) {
                continue;
            }
            // TODO Review C.3 for primality checking
            if (p.isProbablePrime(certainty)) {
                //      (optionally) the values of domain_parameter_seed and counter.
                if (usageIndex >= 0) {
                    BigInteger g = calculateGenerator_FIPS186_3_Verifiable(d, p, q, seed, usageIndex);
                    if (g != null) {
                        return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter, usageIndex));
                    }
                }
                BigInteger g = calculateGenerator_FIPS186_3_Unverifiable(p, q, random);
                return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter));
            }
        // 11.9 offset = offset + n + 1.      Comment: Increment offset; then, as part of
        //                                    the loop in step 11, increment counter; if
        //                                    counter < 4L, repeat steps 11.1 through 11.8.
        // Note: 'offset' value already incremented in inner loop
        }
    // 12. Go to step 5.
    }
}
Also used : Digest(org.bouncycastle.crypto.Digest) DSAValidationParameters(org.bouncycastle.crypto.params.DSAValidationParameters) BigInteger(java.math.BigInteger) DSAParameters(org.bouncycastle.crypto.params.DSAParameters)

Example 12 with DSAParameters

use of org.bouncycastle.crypto.params.DSAParameters in project robovm by robovm.

the class DSASigner method verifySignature.

/**
     * return true if the value r and s represent a DSA signature for
     * the passed in message for standard DSA the message should be a
     * SHA-1 hash of the real message to be verified.
     */
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) {
    DSAParameters params = key.getParameters();
    BigInteger m = calculateE(params.getQ(), message);
    BigInteger zero = BigInteger.valueOf(0);
    if (zero.compareTo(r) >= 0 || params.getQ().compareTo(r) <= 0) {
        return false;
    }
    if (zero.compareTo(s) >= 0 || params.getQ().compareTo(s) <= 0) {
        return false;
    }
    BigInteger w = s.modInverse(params.getQ());
    BigInteger u1 = m.multiply(w).mod(params.getQ());
    BigInteger u2 = r.multiply(w).mod(params.getQ());
    u1 = params.getG().modPow(u1, params.getP());
    u2 = ((DSAPublicKeyParameters) key).getY().modPow(u2, params.getP());
    BigInteger v = u1.multiply(u2).mod(params.getP()).mod(params.getQ());
    return v.equals(r);
}
Also used : DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters) BigInteger(java.math.BigInteger) DSAParameters(org.bouncycastle.crypto.params.DSAParameters)

Example 13 with DSAParameters

use of org.bouncycastle.crypto.params.DSAParameters in project robovm by robovm.

the class DSASigner method generateSignature.

/**
     * generate a signature for the given message using the key we were
     * initialised with. For conventional DSA the message should be a SHA-1
     * hash of the message of interest.
     *
     * @param message the message that will be verified later.
     */
public BigInteger[] generateSignature(byte[] message) {
    DSAParameters params = key.getParameters();
    BigInteger m = calculateE(params.getQ(), message);
    BigInteger k;
    int qBitLength = params.getQ().bitLength();
    do {
        k = new BigInteger(qBitLength, random);
    } while (k.compareTo(params.getQ()) >= 0);
    BigInteger r = params.getG().modPow(k, params.getP()).mod(params.getQ());
    k = k.modInverse(params.getQ()).multiply(m.add(((DSAPrivateKeyParameters) key).getX().multiply(r)));
    BigInteger s = k.mod(params.getQ());
    BigInteger[] res = new BigInteger[2];
    res[0] = r;
    res[1] = s;
    return res;
}
Also used : DSAPrivateKeyParameters(org.bouncycastle.crypto.params.DSAPrivateKeyParameters) BigInteger(java.math.BigInteger) DSAParameters(org.bouncycastle.crypto.params.DSAParameters)

Example 14 with DSAParameters

use of org.bouncycastle.crypto.params.DSAParameters in project XobotOS by xamarin.

the class PublicKeyFactory method createKey.

/**
     * Create a public key from the passed in SubjectPublicKeyInfo
     * 
     * @param keyInfo the SubjectPublicKeyInfo containing the key data
     * @return the appropriate key parameter
     * @throws IOException on an error decoding the key
     */
public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo) throws IOException {
    AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
    if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption) || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa)) {
        RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence) keyInfo.getPublicKey());
        return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent());
    } else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber)) {
        DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.getPublicKey());
        BigInteger y = dhPublicKey.getY().getValue();
        DHDomainParameters dhParams = DHDomainParameters.getInstance(keyInfo.getAlgorithmId().getParameters());
        BigInteger p = dhParams.getP().getValue();
        BigInteger g = dhParams.getG().getValue();
        BigInteger q = dhParams.getQ().getValue();
        BigInteger j = null;
        if (dhParams.getJ() != null) {
            j = dhParams.getJ().getValue();
        }
        DHValidationParameters validation = null;
        DHValidationParms dhValidationParms = dhParams.getValidationParms();
        if (dhValidationParms != null) {
            byte[] seed = dhValidationParms.getSeed().getBytes();
            BigInteger pgenCounter = dhValidationParms.getPgenCounter().getValue();
            // TODO Check pgenCounter size?
            validation = new DHValidationParameters(seed, pgenCounter.intValue());
        }
        return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
    } else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) {
        DHParameter params = new DHParameter((ASN1Sequence) keyInfo.getAlgorithmId().getParameters());
        DERInteger derY = (DERInteger) keyInfo.getPublicKey();
        BigInteger lVal = params.getL();
        int l = lVal == null ? 0 : lVal.intValue();
        DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
        return new DHPublicKeyParameters(derY.getValue(), dhParams);
    } else // END android-removed
    if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa) || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1)) {
        DERInteger derY = (DERInteger) keyInfo.getPublicKey();
        DEREncodable de = keyInfo.getAlgorithmId().getParameters();
        DSAParameters parameters = null;
        if (de != null) {
            DSAParameter params = DSAParameter.getInstance(de.getDERObject());
            parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
        }
        return new DSAPublicKeyParameters(derY.getValue(), parameters);
    } else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) {
        X962Parameters params = new X962Parameters((DERObject) keyInfo.getAlgorithmId().getParameters());
        ECDomainParameters dParams = null;
        if (params.isNamedCurve()) {
            DERObjectIdentifier oid = (DERObjectIdentifier) params.getParameters();
            X9ECParameters ecP = X962NamedCurves.getByOID(oid);
            if (ecP == null) {
                ecP = SECNamedCurves.getByOID(oid);
                if (ecP == null) {
                    ecP = NISTNamedCurves.getByOID(oid);
                // BEGIN android-removed
                // if (ecP == null)
                // {
                //     ecP = TeleTrusTNamedCurves.getByOID(oid);
                // }
                // END android-removed
                }
            }
            dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
        } else {
            X9ECParameters ecP = new X9ECParameters((ASN1Sequence) params.getParameters());
            dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
        }
        DERBitString bits = keyInfo.getPublicKeyData();
        byte[] data = bits.getBytes();
        ASN1OctetString key = new DEROctetString(data);
        X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
        return new ECPublicKeyParameters(derQ.getPoint(), dParams);
    } else {
        throw new RuntimeException("algorithm identifier in key not recognised");
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DHPublicKeyParameters(org.bouncycastle.crypto.params.DHPublicKeyParameters) ECDomainParameters(org.bouncycastle.crypto.params.ECDomainParameters) DHPublicKey(org.bouncycastle.asn1.x9.DHPublicKey) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) DHValidationParms(org.bouncycastle.asn1.x9.DHValidationParms) ECPublicKeyParameters(org.bouncycastle.crypto.params.ECPublicKeyParameters) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERInteger(org.bouncycastle.asn1.DERInteger) X962Parameters(org.bouncycastle.asn1.x9.X962Parameters) RSAPublicKeyStructure(org.bouncycastle.asn1.x509.RSAPublicKeyStructure) DHValidationParameters(org.bouncycastle.crypto.params.DHValidationParameters) DSAParameter(org.bouncycastle.asn1.x509.DSAParameter) DHParameter(org.bouncycastle.asn1.pkcs.DHParameter) DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters) DHParameters(org.bouncycastle.crypto.params.DHParameters) DERBitString(org.bouncycastle.asn1.DERBitString) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) X9ECPoint(org.bouncycastle.asn1.x9.X9ECPoint) DEREncodable(org.bouncycastle.asn1.DEREncodable) BigInteger(java.math.BigInteger) DHDomainParameters(org.bouncycastle.asn1.x9.DHDomainParameters) DSAParameters(org.bouncycastle.crypto.params.DSAParameters)

Example 15 with DSAParameters

use of org.bouncycastle.crypto.params.DSAParameters in project XobotOS by xamarin.

the class DSASigner method generateSignature.

/**
     * generate a signature for the given message using the key we were
     * initialised with. For conventional DSA the message should be a SHA-1
     * hash of the message of interest.
     *
     * @param message the message that will be verified later.
     */
public BigInteger[] generateSignature(byte[] message) {
    DSAParameters params = key.getParameters();
    BigInteger m = calculateE(params.getQ(), message);
    BigInteger k;
    int qBitLength = params.getQ().bitLength();
    do {
        k = new BigInteger(qBitLength, random);
    } while (k.compareTo(params.getQ()) >= 0);
    BigInteger r = params.getG().modPow(k, params.getP()).mod(params.getQ());
    k = k.modInverse(params.getQ()).multiply(m.add(((DSAPrivateKeyParameters) key).getX().multiply(r)));
    BigInteger s = k.mod(params.getQ());
    BigInteger[] res = new BigInteger[2];
    res[0] = r;
    res[1] = s;
    return res;
}
Also used : DSAPrivateKeyParameters(org.bouncycastle.crypto.params.DSAPrivateKeyParameters) BigInteger(java.math.BigInteger) DSAParameters(org.bouncycastle.crypto.params.DSAParameters)

Aggregations

DSAParameters (org.bouncycastle.crypto.params.DSAParameters)18 BigInteger (java.math.BigInteger)16 DSAPrivateKeyParameters (org.bouncycastle.crypto.params.DSAPrivateKeyParameters)7 DSAPublicKeyParameters (org.bouncycastle.crypto.params.DSAPublicKeyParameters)7 DHParameter (org.bouncycastle.asn1.pkcs.DHParameter)4 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)4 DSAParameter (org.bouncycastle.asn1.x509.DSAParameter)4 X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)4 X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)4 DHParameters (org.bouncycastle.crypto.params.DHParameters)4 DSAValidationParameters (org.bouncycastle.crypto.params.DSAValidationParameters)4 ECDomainParameters (org.bouncycastle.crypto.params.ECDomainParameters)4 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2 DSAParameterSpec (java.security.spec.DSAParameterSpec)2 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2 DEREncodable (org.bouncycastle.asn1.DEREncodable)2 DERInteger (org.bouncycastle.asn1.DERInteger)2