public byte[] decryptPreMasterSecret(byte[] encryptedPreMasterSecret) throws IOException { PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(false, new ParametersWithRandom(this.privateKey, context.getSecureRandom())); try { return encoding.processBlock(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.length); } catch (InvalidCipherTextException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } }
public static byte[] encryptKeyRSA(AKey encryptionKey, ASecretKey toBeEncrypted) throws Exception { PKCS1Encoding rsa = new PKCS1Encoding(new RSAEngine()); rsa.init(true, getCipherParameters(encryptionKey)); byte[] k = toBeEncrypted.toByteArray(); try { byte[] encrypted = rsa.processBlock(k, 0, k.length); return encrypted; } finally { Crypto.zero(k); } }
/** * @return an RSA decryption cipher */ protected synchronized AsymmetricBlockCipher getRSADecryptCipher() { if (decodeCipher == null) { try { byte[] bytes = getEncoder().decode(privateKey); EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(bytes); KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PrivateKey key = keyFactory.generatePrivate(privateKeySpec); this.decodeCipher = new PKCS1Encoding(new RSABlindedEngine()); decodeCipher.init(false, generatePrivateKeyParameter((RSAPrivateKey) key)); } catch (Exception e) { throw new RuntimeException("Error constructing Cipher: ", e); } } return decodeCipher; }
/** * @return */ protected synchronized AsymmetricBlockCipher getRSAEncryptCipher() { if (encodeCipher == null) { try { byte[] bytes = getEncoder().decode(publicKey); EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(bytes); KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PublicKey key = keyFactory.generatePublic(publicKeySpec); this.encodeCipher = new PKCS1Encoding(new RSABlindedEngine()); encodeCipher.init(true, generatePublicKeyParameter((RSAPublicKey) key)); } catch (Exception e) { throw new RuntimeException("Error constructing Cipher: ", e); } } return encodeCipher; }
/** * checks signature of PKCS1-padded SHA1 hash of the input * * Hint: A different implementation of this method can be found in the svn history revision<=229. * * @param signature * signature to check * @param signingKey * public key from signing * @param input * byte array, signature is made over * * @return true, if the signature is correct * */ public static boolean verifySignature(byte[] signature, RSAPublicKeyStructure signingKey, byte[] input) { byte[] hash = getDigest(input); try { RSAKeyParameters myRSAKeyParameters = new RSAKeyParameters(false, signingKey.getModulus(), signingKey.getPublicExponent()); PKCS1Encoding pkcsAlg = new PKCS1Encoding(new RSAEngine()); pkcsAlg.init(false, myRSAKeyParameters); byte[] decryptedSignature = pkcsAlg.processBlock(signature, 0, signature.length); return Encoding.arraysEqual(hash, decryptedSignature); } catch (Exception e) { log.log(Level.WARNING, "unexpected", e); return false; } }
public byte[] generateClientKeyExchange() throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ premasterSecret = new byte[48]; handler.getRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(this.rsaServerPublicKey, handler.getRandom())); try { return encoding.processBlock(premasterSecret, 0, premasterSecret.length); } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ handler.failWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_internal_error); return null; // Unreachable! } }
protected AsymmetricBlockCipher createRSAImpl() { /* * RFC 5264 7.4.7.1. Implementation note: It is now known that remote timing-based attacks * on TLS are possible, at least when the client and server are on the same LAN. * Accordingly, implementations that use static RSA keys MUST use RSA blinding or some other * anti-timing technique, as described in [TIMING]. */ return new PKCS1Encoding(new RSABlindedEngine()); }
public static byte[] generateEncryptedPreMasterSecret(TlsContext context, RSAKeyParameters rsaServerPublicKey, OutputStream output) throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; context.getSecureRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(context.getClientVersion(), premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(rsaServerPublicKey, context.getSecureRandom())); try { byte[] encryptedPreMasterSecret = encoding.processBlock(premasterSecret, 0, premasterSecret.length); if (context.getServerVersion().isSSL()) { // TODO Do any SSLv3 servers actually expect the length? output.write(encryptedPreMasterSecret); } else { TlsUtils.writeOpaque16(encryptedPreMasterSecret, output); } } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error); } return premasterSecret; }
public static byte[] generateEncryptedPreMasterSecret(TlsContext context, RSAKeyParameters rsaServerPublicKey, OutputStream output) throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; context.getSecureRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(context.getClientVersion(), premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(rsaServerPublicKey, context.getSecureRandom())); try { byte[] encryptedPreMasterSecret = encoding.processBlock(premasterSecret, 0, premasterSecret.length); if (TlsUtils.isSSL(context)) { // TODO Do any SSLv3 servers actually expect the length? output.write(encryptedPreMasterSecret); } else { TlsUtils.writeOpaque16(encryptedPreMasterSecret, output); } } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error, e); } return premasterSecret; }
public PKCS1v1_5Padding_PrivateOnly() { super(new PKCS1Encoding(new NativeRSAEngine())); try { engineSetMode("1");// private key only } catch(Exception e) { throw new RuntimeException( "bug", e ); } }
public PKCS1v1_5Padding_PublicOnly() { super(new PKCS1Encoding(new NativeRSAEngine())); try { engineSetMode("2");// public key only } catch(Exception e) { throw new RuntimeException( "bug", e ); } }
public static ASecretKey decryptKeyRSA(AKey encryptionKey, byte[] b) throws Exception { PKCS1Encoding rsa = new PKCS1Encoding(new RSAEngine()); rsa.init(false, getCipherParameters(encryptionKey)); byte[] decrypted = rsa.processBlock(b, 0, b.length); try { return new ASecretKey(decrypted); } finally { Crypto.zero(decrypted); } }
public static byte[] generateEncryptedPreMasterSecret(TlsContext context, RSAKeyParameters rsaServerPublicKey, OutputStream output) throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; context.getSecureRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(context.getClientVersion(), premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(rsaServerPublicKey, context.getSecureRandom())); try { byte[] encryptedPreMasterSecret = encoding.processBlock(premasterSecret, 0, premasterSecret.length); if (TlsUtils.isSSL(context)) { // TODO Do any SSLv3 servers actually expect the length? output.write(encryptedPreMasterSecret); } else { TlsUtils.writeOpaque16(encryptedPreMasterSecret, output); } } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error); } return premasterSecret; }
/** * sign some data using a private key and PKCS#1 v1.5 padding * * @param data * the data to be signed * @param signingKey * the key to sign the data * @return a signature */ public static byte[] signData(byte[] data, RSAKeyParameters signingKey) { try { byte[] hash = Encryption.getDigest(data); PKCS1Encoding pkcs1 = new PKCS1Encoding(new RSAEngine()); pkcs1.init(true, signingKey); return pkcs1.processBlock(hash, 0, hash.length); } catch (InvalidCipherTextException e) { log.log(Level.WARNING, "Common.signData(): " + e.getMessage(), e); return null; } }
public byte[] calculateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5andsha1) throws CryptoException { Signer sig = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), new NullDigest()); sig.init(true, privateKey); sig.update(md5andsha1, 0, md5andsha1.length); return sig.generateSignature(); }
protected AsymmetricBlockCipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm) { return new PKCS1Encoding(new RSAEngine()); }
protected AsymmetricBlockCipher createAsymmetricUnwrapper(ASN1ObjectIdentifier algorithm) { return new PKCS1Encoding(new RSAEngine()); }
public PKCS1v1_5Padding() { super(new PKCS1Encoding(new RSABlindedEngine())); }
public PKCS1v1_5Padding_PrivateOnly() { super(false, true, new PKCS1Encoding(new RSABlindedEngine())); }
public PKCS1v1_5Padding_PublicOnly() { super(true, false, new PKCS1Encoding(new RSABlindedEngine())); }
public SHA1() { super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine())); }
public SHA224() { super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); }
public SHA256() { super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine())); }
public SHA384() { super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine())); }
public SHA512() { super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine())); }
public MD2() { super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); }
public MD4() { super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); }
