public byte[] decryptPreMasterSecret(byte[] encryptedPreMasterSecret) throws IOException { PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(false, new ParametersWithRandom(this.privateKey, context.getSecureRandom())); try { return encoding.processBlock(encryptedPreMasterSecret, 0, encryptedPreMasterSecret.length); } catch (InvalidCipherTextException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } }
protected byte[] engineUpdate( byte[] input, int inputOffset, int inputLen) { bOut.write(input, inputOffset, inputLen); if (cipher instanceof RSABlindedEngine) { if (bOut.size() > cipher.getInputBlockSize() + 1) { throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); } } else { if (bOut.size() > cipher.getInputBlockSize()) { throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); } } return null; }
protected int engineUpdate( byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) { bOut.write(input, inputOffset, inputLen); if (cipher instanceof RSABlindedEngine) { if (bOut.size() > cipher.getInputBlockSize() + 1) { throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); } } else { if (bOut.size() > cipher.getInputBlockSize()) { throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); } } return 0; }
/** * @return an RSA decryption cipher */ protected synchronized AsymmetricBlockCipher getRSADecryptCipher() { if (decodeCipher == null) { try { byte[] bytes = getEncoder().decode(privateKey); EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(bytes); KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PrivateKey key = keyFactory.generatePrivate(privateKeySpec); this.decodeCipher = new PKCS1Encoding(new RSABlindedEngine()); decodeCipher.init(false, generatePrivateKeyParameter((RSAPrivateKey) key)); } catch (Exception e) { throw new RuntimeException("Error constructing Cipher: ", e); } } return decodeCipher; }
/** * @return */ protected synchronized AsymmetricBlockCipher getRSAEncryptCipher() { if (encodeCipher == null) { try { byte[] bytes = getEncoder().decode(publicKey); EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(bytes); KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PublicKey key = keyFactory.generatePublic(publicKeySpec); this.encodeCipher = new PKCS1Encoding(new RSABlindedEngine()); encodeCipher.init(true, generatePublicKeyParameter((RSAPublicKey) key)); } catch (Exception e) { throw new RuntimeException("Error constructing Cipher: ", e); } } return encodeCipher; }
public byte[] generateClientKeyExchange() throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ premasterSecret = new byte[48]; handler.getRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(this.rsaServerPublicKey, handler.getRandom())); try { return encoding.processBlock(premasterSecret, 0, premasterSecret.length); } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ handler.failWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_internal_error); return null; // Unreachable! } }
protected AsymmetricBlockCipher createRSAImpl() { /* * RFC 5264 7.4.7.1. Implementation note: It is now known that remote timing-based attacks * on TLS are possible, at least when the client and server are on the same LAN. * Accordingly, implementations that use static RSA keys MUST use RSA blinding or some other * anti-timing technique, as described in [TIMING]. */ return new PKCS1Encoding(new RSABlindedEngine()); }
public static byte[] generateEncryptedPreMasterSecret(TlsContext context, RSAKeyParameters rsaServerPublicKey, OutputStream output) throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; context.getSecureRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(context.getClientVersion(), premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(rsaServerPublicKey, context.getSecureRandom())); try { byte[] encryptedPreMasterSecret = encoding.processBlock(premasterSecret, 0, premasterSecret.length); if (context.getServerVersion().isSSL()) { // TODO Do any SSLv3 servers actually expect the length? output.write(encryptedPreMasterSecret); } else { TlsUtils.writeOpaque16(encryptedPreMasterSecret, output); } } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error); } return premasterSecret; }
private void initFromSpec( OAEPParameterSpec pSpec) throws NoSuchPaddingException { MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)pSpec.getMGFParameters(); Digest digest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm()); if (digest == null) { throw new NoSuchPaddingException("no match on OAEP constructor for digest algorithm: "+ mgfParams.getDigestAlgorithm()); } cipher = new OAEPEncoding(new RSABlindedEngine(), digest, ((PSource.PSpecified)pSpec.getPSource()).getValue()); paramSpec = pSpec; }
protected byte[] engineDoFinal( byte[] input, int inputOffset, int inputLen) throws IllegalBlockSizeException, BadPaddingException { if (input != null) { bOut.write(input, inputOffset, inputLen); } if (cipher instanceof RSABlindedEngine) { if (bOut.size() > cipher.getInputBlockSize() + 1) { throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); } } else { if (bOut.size() > cipher.getInputBlockSize()) { throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); } } try { byte[] bytes = bOut.toByteArray(); bOut.reset(); return cipher.processBlock(bytes, 0, bytes.length); } catch (InvalidCipherTextException e) { throw new BadPaddingException(e.getMessage()); } }
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException { ParamUtil.requireNonNull("sigAlgId", sigAlgId); if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed"); } AlgorithmIdentifier digAlgId; try { digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId); } catch (NoSuchAlgorithmException ex) { throw new XiSecurityException(ex.getMessage(), ex); } RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters()); AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance( param.getMaskGenAlgorithm().getParameters()); Digest dig = getDigest(digAlgId); Digest mfgDig = getDigest(mfgDigAlgId); int saltSize = param.getSaltLength().intValue(); int trailerField = param.getTrailerField().intValue(); AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher; return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField)); }
public static byte[] generateEncryptedPreMasterSecret(TlsContext context, RSAKeyParameters rsaServerPublicKey, OutputStream output) throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; context.getSecureRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(context.getClientVersion(), premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(rsaServerPublicKey, context.getSecureRandom())); try { byte[] encryptedPreMasterSecret = encoding.processBlock(premasterSecret, 0, premasterSecret.length); if (TlsUtils.isSSL(context)) { // TODO Do any SSLv3 servers actually expect the length? output.write(encryptedPreMasterSecret); } else { TlsUtils.writeOpaque16(encryptedPreMasterSecret, output); } } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error, e); } return premasterSecret; }
private void doFullMessageTest() throws Exception { BigInteger modulus = new BigInteger(1, Hex.decode("CDCBDABBF93BE8E8294E32B055256BBD0397735189BF75816341BB0D488D05D627991221DF7D59835C76A4BB4808ADEEB779E7794504E956ADC2A661B46904CDC71337DD29DDDD454124EF79CFDD7BC2C21952573CEFBA485CC38C6BD2428809B5A31A898A6B5648CAA4ED678D9743B589134B7187478996300EDBA16271A861")); BigInteger pubExp = new BigInteger(1, Hex.decode("010001")); BigInteger privExp = new BigInteger(1, Hex.decode("4BA6432AD42C74AA5AFCB6DF60FD57846CBC909489994ABD9C59FE439CC6D23D6DE2F3EA65B8335E796FD7904CA37C248367997257AFBD82B26F1A30525C447A236C65E6ADE43ECAAF7283584B2570FA07B340D9C9380D88EAACFFAEEFE7F472DBC9735C3FF3A3211E8A6BBFD94456B6A33C17A2C4EC18CE6335150548ED126D")); RSAKeyParameters pubParams = new RSAKeyParameters(false, modulus, pubExp); RSAKeyParameters privParams = new RSAKeyParameters(true, modulus, privExp); AsymmetricBlockCipher rsaEngine = new RSABlindedEngine(); // set challenge to all zero's for verification byte[] challenge = new byte[8]; ISO9796d2PSSSigner pssSign = new ISO9796d2PSSSigner(new RSAEngine(), new SHA256Digest(), 20, true); pssSign.init(true, privParams); pssSign.update(challenge, 0, challenge.length); byte[] sig = pssSign.generateSignature(); pssSign.init(false, pubParams); pssSign.updateWithRecoveredMessage(sig); if (!pssSign.verifySignature(sig)) { fail("challenge PSS sig verification failed."); } byte[] mm = pssSign.getRecoveredMessage(); if (!Arrays.areEqual(challenge, mm)) { fail("challenge partial PSS recovery failed"); } }
public static byte[] generateEncryptedPreMasterSecret(TlsContext context, RSAKeyParameters rsaServerPublicKey, OutputStream output) throws IOException { /* * Choose a PremasterSecret and send it encrypted to the server */ byte[] premasterSecret = new byte[48]; context.getSecureRandom().nextBytes(premasterSecret); TlsUtils.writeVersion(context.getClientVersion(), premasterSecret, 0); PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); encoding.init(true, new ParametersWithRandom(rsaServerPublicKey, context.getSecureRandom())); try { byte[] encryptedPreMasterSecret = encoding.processBlock(premasterSecret, 0, premasterSecret.length); if (TlsUtils.isSSL(context)) { // TODO Do any SSLv3 servers actually expect the length? output.write(encryptedPreMasterSecret); } else { TlsUtils.writeOpaque16(encryptedPreMasterSecret, output); } } catch (InvalidCipherTextException e) { /* * This should never happen, only during decryption. */ throw new TlsFatalAlert(AlertDescription.internal_error); } return premasterSecret; }
public byte[] calculateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5andsha1) throws CryptoException { Signer sig = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), new NullDigest()); sig.init(true, privateKey); sig.update(md5andsha1, 0, md5andsha1.length); return sig.generateSignature(); }
