/** * Generate a shared AES key using ECDH. */ public static byte[] generateSharedSecret(byte[] privateKey, byte[] publicKey) { try { ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(SECP256K1); ECDomainParameters domain = new ECDomainParameters(spec.getCurve(), spec.getG(), spec.getN(), spec.getH()); ECPublicKeyParameters pubKey = new ECPublicKeyParameters(spec.getCurve().decodePoint(publicKey), domain); ECPrivateKeyParameters prvkey = new ECPrivateKeyParameters(new BigInteger(1, privateKey), domain); ECDHBasicAgreement agreement = new ECDHBasicAgreement(); agreement.init(prvkey); byte[] password = agreement.calculateAgreement(pubKey).toByteArray(); return Aes.generateKey(ByteUtilities.toHexString(password), password); } catch (Exception e) { LOGGER.error(null, e); return new byte[0]; } }
@Test public void curveTest() { final X9ECParameters curve = NISTNamedCurves.getByName("P-384"); final ECDomainParameters domainParameters = new ECDomainParameters( curve.getCurve(), curve.getG(), curve.getN()); final SecureRandom random = new SecureRandom(); final ECKeyPairGenerator gen = new ECKeyPairGenerator(); gen.init(new ECKeyGenerationParameters(domainParameters, random)); final AsymmetricCipherKeyPair senderPair = gen.generateKeyPair(); final AsymmetricCipherKeyPair receiverPair = gen.generateKeyPair(); final ECDHBasicAgreement senderAgreement = new ECDHBasicAgreement(); senderAgreement.init(senderPair.getPrivate()); final BigInteger senderResult = senderAgreement.calculateAgreement( receiverPair.getPublic()); final ECDHBasicAgreement receiverAgreement = new ECDHBasicAgreement(); receiverAgreement.init(receiverPair.getPrivate()); final BigInteger receiverResult = receiverAgreement.calculateAgreement( senderPair.getPublic()); assertEquals(senderResult, receiverResult); //System.out.println(receiverResult); }
public static byte[] calculateECDHBasicAgreement(ECPublicKeyParameters publicKey, ECPrivateKeyParameters privateKey) { ECDHBasicAgreement basicAgreement = new ECDHBasicAgreement(); basicAgreement.init(privateKey); BigInteger agreementValue = basicAgreement.calculateAgreement(publicKey); /* * RFC 4492 5.10. Note that this octet string (Z in IEEE 1363 terminology) as output by * FE2OSP, the Field Element to Octet String Conversion Primitive, has constant length for * any given field; leading zeros found in this octet string MUST NOT be truncated. */ return BigIntegers.asUnsignedByteArray(basicAgreement.getFieldSize(), agreementValue); }
public ECIESwithDESede() { super(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()), new PaddedBufferedBlockCipher(new DESedeEngine()))); }
public ECIESwithAES() { super(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()), new PaddedBufferedBlockCipher(new AESEngine()))); }
public ECIES() { super(new IESEngine( new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()))); }
public static void main( String[] args ) throws InvalidKeySpecException, InvalidKeyException, IOException { ECPublicKey clientKey = (ECPublicKey) ECDH_KEY_FACTORY.generatePublic( new X509EncodedKeySpec( Base64.getDecoder().decode( "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyodFH+wO0dEr4GM1WoaWog8xsYQ6mQJAC0eVpBM96spUB1eMN56+BwlJ4H3Qx4TAvAs" ) ) ); ECPrivateKey privateKey = (ECPrivateKey) ECDH_KEY_FACTORY.generatePrivate( new PKCS8EncodedKeySpec( Base64.getDecoder().decode( "MB8CAQAwEAYHKoZIzj0CAQYFK4EEACIECDAGAgEBBAEB" ) ) ); ECDHBasicAgreement agreement = new ECDHBasicAgreement(); agreement.init( PrivateKeyFactory.createKey( privateKey.getEncoded() ) ); byte[] secret = agreement.calculateAgreement( PublicKeyFactory.createKey( clientKey.getEncoded() ) ).toByteArray(); System.out.println( Util.toHexString( secret ) ); System.out.println( Util.toHexString( Base64.getDecoder().decode( "DEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyod" ) ) ); }
public ECIESwithCipher(BlockCipher cipher) { super(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()), new PaddedBufferedBlockCipher(cipher))); }
public ECIESwithCipher(BlockCipher cipher, int ivLength) { super(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()), new PaddedBufferedBlockCipher(cipher)), ivLength); }
public OldECIESwithCipher(BlockCipher baseCipher) { super(new OldIESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()), new PaddedBufferedBlockCipher(baseCipher))); }
public OldECIESwithCipher(BlockCipher baseCipher, int ivLength) { super(new OldIESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()), new PaddedBufferedBlockCipher(baseCipher)), ivLength); }
public static AesKey sessionKey( final CipherParameters receiverKey, final CipherParameters senderKey, final CipherParameters privateKey, final ECPublicKeyParameters publicKey ) { final ECDHBasicAgreement senderAgreement = new ECDHBasicAgreement(); senderAgreement.init(privateKey); final EcdhSharedSecret sharedSecret = new EcdhSharedSecret( ((ECPublicKeyParameters)receiverKey).getQ(), ((ECPublicKeyParameters)senderKey).getQ(), senderAgreement.calculateAgreement(publicKey)); final DigestSha384 hash = DigestSha384.digest(sharedSecret); return new AesKey(Arrays.copyOf(hash.getBytes(), AesKey.AES_KEY_BYTES)); }
public DH() { super("ECDH", new ECDHBasicAgreement(), null); }
public DHwithSHA1KDF() { super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); }
public ECIES() { super(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()))); }
public DH() { super(new ECDHBasicAgreement()); }
public ByteString eciesDecrypt(PrivateKey recipientPrivateKey, ByteString cipherText) { BCECPrivateKey bcecPrivateKey = (BCECPrivateKey) recipientPrivateKey; ECNamedCurveSpec ecNamedCurveSpec = (ECNamedCurveSpec) bcecPrivateKey.getParams(); int level = SecurityLevel.from(ecNamedCurveSpec.getName()).size(); //cipherText = ephemeralPubKeyBytes + encryptedTokBytes + macBytes //ephemeralPubKeyBytes = first ((384+7)/8)*2 + 1 bytes = first 97 bytes //hmac is sha3_384 = 48 bytes or sha3_256 = 32 bytes int ephemeralPubKeyLength = ((level + 7) / 8) * 2 + 1; int hmacLength = level >> 3; int cipherTextLength = cipherText.size(); if (cipherTextLength <= ephemeralPubKeyLength + hmacLength) throw new RuntimeException(String.format("Illegal cipherText length: %d must be > %d", cipherTextLength, ephemeralPubKeyLength + hmacLength)); ByteString ephemeralPubKey = cipherText.substring(0, ephemeralPubKeyLength); ByteString encryptedContent = cipherText.substring(ephemeralPubKeyLength, cipherTextLength - hmacLength); ByteString hmac = cipherText.substring(cipherTextLength - hmacLength); ECPrivateKeyParameters ecdhPrivateKeyParameters; try { ecdhPrivateKeyParameters = (ECPrivateKeyParameters) (PrivateKeyFactory.createKey(bcecPrivateKey.getEncoded())); } catch (IOException e) { logger.error("ECIES decrypt load private key exception", e); throw new RuntimeException(e); } ECDomainParameters ecDomainParameters = ecdhPrivateKeyParameters.getParameters(); ECCurve ecCurve = ecDomainParameters.getCurve(); ECPublicKeyParameters ecPublicKeyParameters = new ECPublicKeyParameters(ecCurve.decodePoint(ephemeralPubKey.toByteArray()), ecDomainParameters); BasicAgreement agree = new ECDHBasicAgreement(); agree.init(ecdhPrivateKeyParameters); byte[] keyAgreement = agree.calculateAgreement(ecPublicKeyParameters).toByteArray(); HKDFParameters hkdfParameters = new HKDFParameters(keyAgreement, null, null); HKDFBytesGenerator hkdfBytesGenerator = new HKDFBytesGenerator(digest); hkdfBytesGenerator.init(hkdfParameters); byte[] hkdfOutputBytes = new byte[AESKEY_LENGTH + HMACKEY_LENGTH]; hkdfBytesGenerator.generateBytes(hkdfOutputBytes, 0, AESKEY_LENGTH + HMACKEY_LENGTH); ByteString hkdfOutput = ByteString.copyFrom(hkdfOutputBytes); ByteString aesKey = hkdfOutput.substring(0, AESKEY_LENGTH); ByteString hmacKey = hkdfOutput.substring(AESKEY_LENGTH, AESKEY_LENGTH + HMACKEY_LENGTH); HMac hMac = new HMac(digest); hMac.init(new KeyParameter(hmacKey.toByteArray())); hMac.update(encryptedContent.toByteArray(), 0, encryptedContent.size()); byte[] recoveredHmac = new byte[hMac.getMacSize()]; hMac.doFinal(recoveredHmac, 0); if (!MessageDigest.isEqual(hmac.toByteArray(), recoveredHmac)) { throw new RuntimeException("HMAC verify failed"); } CFBBlockCipher aesCipher = new CFBBlockCipher( new AESEngine(), BLOCK_BIT_SIZE); ByteString iv = encryptedContent.substring(0, IV_LENGTH); CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(aesKey.toByteArray()), iv.toByteArray()); aesCipher.init(false, ivAndKey); byte[] decryptedBytes = new byte[500]; aesCipher.decryptBlock(encryptedContent.substring(IV_LENGTH).toByteArray(), 0, decryptedBytes, 0); return ByteString.copyFrom(decryptedBytes); }
public DHwithSHA1KDF() { super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest())); }
public DHwithSHA1KDFAndSharedInfo() { super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest())); }
public DHwithSHA224KDFAndSharedInfo() { super("ECDHwithSHA224KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA224Digest())); }
public DHwithSHA256KDFAndSharedInfo() { super("ECDHwithSHA256KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest())); }
public DHwithSHA384KDFAndSharedInfo() { super("ECDHwithSHA384KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA384Digest())); }
public DHwithSHA512KDFAndSharedInfo() { super("ECDHwithSHA512KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA512Digest())); }
public OldECIES() { super(new OldIESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()))); }
private static IESEngine createIesEngine() { return new IESEngine( new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest())); }
