List of usage examples for org.bouncycastle.crypto.digests SHA1Digest doFinal
public int doFinal(byte[] out, int outOff)
From source file:org.xipki.pki.scep.transaction.TransactionId.java
License:Open Source License
public static TransactionId sha1TransactionId(final byte[] content) { ParamUtil.requireNonNull("content", content); SHA1Digest dgst = new SHA1Digest(); dgst.update(content, 0, content.length); byte[] digest = new byte[20]; dgst.doFinal(digest, 0); return new TransactionId(digest); }
From source file:org.xwiki.mail.ExtendedMimeMessage.java
License:Open Source License
private String digest(String data) { SHA1Digest digest = SHA1_DIGEST.get(); if (digest == null) { digest = new SHA1Digest(); SHA1_DIGEST.set(new SHA1Digest()); }//from w ww.ja v a2 s. co m byte[] bytes = data.getBytes(); digest.update(bytes, 0, bytes.length); byte[] dig = new byte[digest.getDigestSize()]; digest.doFinal(dig, 0); return Base64.toBase64String(dig); }
From source file:TorJava.Common.Encryption.java
License:Open Source License
/** * returns the hash of the input//from w w w . j av a 2 s . c o m * * */ public static byte[] getHash(byte[] input) { SHA1Digest sha1 = new SHA1Digest(); sha1.reset(); sha1.update(input, 0, input.length); byte[] hash = new byte[sha1.getDigestSize()]; sha1.doFinal(hash, 0); return hash; }
From source file:TorJava.Node.java
License:Open Source License
/** constructor for server-side. */ Node(Server init, byte[] dh_x_bytes) { if (init == null) throw new NullPointerException("can't init node on NULL server"); // save a pointer to the server's data this.server = init; Random rnd = new Random(); // do Diffie-Hellmann dh_x = new BigInteger(1, dh_x_bytes); dh_private = new BigInteger(dh_p.bitLength() - 1, rnd); BigInteger dh_xy = dh_x.modPow(dh_private, dh_p); byte[] dh_xy_bytes = BigIntegerTo128Bytes(dh_xy); // return dh_y-Bytes BigInteger dh_y = dh_g.modPow(dh_private, dh_p); dh_y_bytes = BigIntegerTo128Bytes(dh_y); // derive key-material SHA1Digest sha1 = new SHA1Digest(); byte[] k = new byte[100]; byte[] sha1_input = new byte[dh_xy_bytes.length + 1]; System.arraycopy(dh_xy_bytes, 0, sha1_input, 0, dh_xy_bytes.length); for (int i = 0; i < 5; ++i) { sha1.reset();// w w w. jav a 2 s.c o m sha1_input[sha1_input.length - 1] = (byte) i; sha1.update(sha1_input, 0, sha1_input.length); sha1.doFinal(k, i * 20); } ; // DEBUGGING OUTPUT -- BEGIN Logger.logCrypto(Logger.VERBOSE, "Node.<init>: dh_x = \n" + Encoding.toHexString(dh_x_bytes, 100) + "\n" + "dh_y = \n" + Encoding.toHexString(dh_y_bytes, 100) + "\n" + "dh_xy = keymaterial:\n" + Encoding.toHexString(dh_xy_bytes, 100) + "\n" + "Key Data:\n" + Encoding.toHexString(k, 100)); // DEBUGGING OUTPUT -- END // derived key info is correct - save to final destination // handshake kh = new byte[20]; System.arraycopy(k, 0, kh, 0, 20); // forward digest forward_digest = new byte[20]; System.arraycopy(k, 40, forward_digest, 0, 20); sha1_forward = new SHA1Digest(); sha1_forward.update(forward_digest, 0, 20); // backward digest backward_digest = new byte[20]; System.arraycopy(k, 20, backward_digest, 0, 20); sha1_backward = new SHA1Digest(); sha1_backward.update(backward_digest, 0, 20); // secret key for sending data kf = new byte[16]; System.arraycopy(k, 76, kf, 0, 16); aes_encrypt = new AESCounterMode(true, kf); // secret key for receiving data kb = new byte[16]; System.arraycopy(k, 60, kb, 0, 16); aes_decrypt = new AESCounterMode(true, kb); }
From source file:TorJava.Node.java
License:Open Source License
/** * called after receiving created or extended cell: finished DH-key * exchange. Expects the first 148 bytes of the data array to be filled * with:<br>// ww w .j a v a 2 s . c o m * <ul> * <li>128 bytes of DH-data (g^y) * <li>20 bytes of derivated key data (KH) (see chapter 4.2 of torspec) * </ul> * * @param data * expects the received second half of the DH-key exchange */ void finish_dh(byte[] data) throws TorException { // calculate g^xy // - fix some undocument stuff: all numbers are 128-bytes only! // - add a leading zero to all numbers dh_y_bytes = new byte[128]; System.arraycopy(data, 0, dh_y_bytes, 0, 128); BigInteger dh_y = new BigInteger(1, dh_y_bytes); BigInteger dh_xy = dh_y.modPow(dh_private, dh_p); byte[] dh_xy_bytes = BigIntegerTo128Bytes(dh_xy); // derivate key material SHA1Digest sha1 = new SHA1Digest(); byte[] k = new byte[100]; byte[] sha1_input = new byte[dh_xy_bytes.length + 1]; System.arraycopy(dh_xy_bytes, 0, sha1_input, 0, dh_xy_bytes.length); for (int i = 0; i < 5; ++i) { sha1.reset(); sha1_input[sha1_input.length - 1] = (byte) i; sha1.update(sha1_input, 0, sha1_input.length); sha1.doFinal(k, i * 20); } ; // DEBUGGING OUTPUT -- BEGIN Logger.logCrypto(Logger.VERBOSE, "Node.finish_dh: dh_x = \n" + Encoding.toHexString(dh_x_bytes, 100) + "\n" + "dh_y = \n" + Encoding.toHexString(dh_y_bytes, 100) + "\n" + "dh_xy = keymaterial:\n" + Encoding.toHexString(dh_xy_bytes, 100) + "\n" + "Key Data:\n" + Encoding.toHexString(k, 100) + "\n" + "Data:\n" + Encoding.toHexString(data, 100)); // DEBUGGING OUTPUT -- END // check if derived key data is equal to bytes 128-147 of data[] boolean equal = true; for (int i = 0; equal && (i < 20); ++i) equal = (k[i] == data[128 + i]); // is there some error in the key data? if (!equal) throw new TorException("derived key material is wrong!"); // derived key info is correct - save to final destination // handshake kh = new byte[20]; System.arraycopy(k, 0, kh, 0, 20); // forward digest forward_digest = new byte[20]; System.arraycopy(k, 20, forward_digest, 0, 20); sha1_forward = new SHA1Digest(); sha1_forward.update(forward_digest, 0, 20); // backward digest backward_digest = new byte[20]; System.arraycopy(k, 40, backward_digest, 0, 20); sha1_backward = new SHA1Digest(); sha1_backward.update(backward_digest, 0, 20); // secret key for sending data kf = new byte[16]; System.arraycopy(k, 60, kf, 0, 16); aes_encrypt = new AESCounterMode(true, kf); // secret key for receiving data kb = new byte[16]; System.arraycopy(k, 76, kb, 0, 16); aes_decrypt = new AESCounterMode(true, kb); }
From source file:TorJava.Server.java
License:Open Source License
/** * extracts all relevant information from the router discriptor and saves it * in the member variables.//from w w w .ja v a2 s . c om * * @param rd * string encoded router descriptor */ private void parseRouterDescriptor(String rd) throws TorException { this.routerDescriptor = rd; // Router item: nickname, hostname, onion-router-port, socks-port, dir-port Pattern p = Pattern.compile("^router (\\w+) (\\S+) (\\d+) (\\d+) (\\d+)", Pattern.DOTALL + Pattern.MULTILINE + Pattern.CASE_INSENSITIVE + Pattern.UNIX_LINES); Matcher m = p.matcher(rd); m.find(); this.nickname = m.group(1); this.hostname = m.group(2); this.orPort = Integer.parseInt(m.group(3)); this.socksPort = Integer.parseInt(m.group(4)); this.dirPort = Integer.parseInt(m.group(5)); // secondary information platform = Parsing.parseStringByRE(rd, "^platform (.*?)$", "unknown"); published = dateFormat.parse(Parsing.parseStringByRE(rd, "^published (.*?)$", ""), (new ParsePosition(0))); uptime = Integer.parseInt(Parsing.parseStringByRE(rd, "^uptime (\\d+)", "0")); fingerprint = Encoding.parseHex(Parsing.parseStringByRE(rd, "^opt fingerprint (.*?)$", "")); contact = Parsing.parseStringByRE(rd, "^contact (.*?)$", ""); // make that IF description is from a trusted server, that fingerprint is correct if (tor.config.trustedServers.containsKey(nickname)) { String fingerprintFromConfig = (String) (tor.config.trustedServers.get(nickname)).get("fingerprint"); if (!Encoding.toHexString(fingerprint).equalsIgnoreCase(fingerprintFromConfig)) throw new TorException("Server " + nickname + " is trusted, but fingerprint check failed"); } // bandwith p = Pattern.compile("^bandwidth (\\d+) (\\d+) (\\d+)?", Pattern.DOTALL + Pattern.MULTILINE + Pattern.CASE_INSENSITIVE + Pattern.UNIX_LINES); m = p.matcher(rd); if (m.find()) { bandwidthAvg = Integer.parseInt(m.group(1)); bandwidthBurst = Integer.parseInt(m.group(2)); bandwidthObserved = Integer.parseInt(m.group(3)); } ; // onion key String stringOnionKey = Parsing.parseStringByRE(rd, "^onion-key\n(.*?END RSA PUBLIC KEY......)", ""); onionKey = Encryption.extractRSAKey(stringOnionKey); // signing key String stringSigningKey = Parsing.parseStringByRE(rd, "^signing-key\n(.*?END RSA PUBLIC KEY-----\n)", ""); signingKey = Encryption.extractRSAKey(stringSigningKey); SHA1Digest sha1 = new SHA1Digest(); // verify signing-key against fingerprint try { RSAPublicKeyStructure signingKey_asn = new RSAPublicKeyStructure(signingKey.getModulus(), signingKey.getPublicExponent()); byte[] pkcs = Encryption.getPKCS1EncodingFromRSAPublicKey(signingKey_asn); byte[] key_hash = new byte[20]; sha1.update(pkcs, 0, pkcs.length); sha1.doFinal(key_hash, 0); if (!Encoding.arraysEqual(key_hash, fingerprint)) throw new TorException("Server " + nickname + " doesn't verify signature vs fingerprint"); } catch (Exception e) { throw new TorException("Server " + nickname + " doesn't verify signature vs fingerprint"); } // parse family String stringFamily = Parsing.parseStringByRE(rd, "^family (.*?)$", ""); if (stringFamily == "") stringFamily = Parsing.parseStringByRE(rd, "^opt family (.*?)$", ""); Pattern p_family = Pattern.compile("(\\S+)"); Matcher m_family = p_family.matcher(stringFamily); while (m_family.find()) { String host = m_family.group(1); family.add(host); } // check the validity of the signature router_signature = Encoding.parseBase64(Parsing.parseStringByRE(rd, "^router-signature\n-----BEGIN SIGNATURE-----(.*?)-----END SIGNATURE-----", "")); byte[] sha1_input = (Parsing.parseStringByRE(rd, "^(router .*?router-signature\n)", "")).getBytes(); if (!Encryption.verifySignature(router_signature, signingKey, sha1_input)) { Logger.logCrypto(Logger.ERROR, "Server -> router-signature check failed for " + nickname); throw new TorException("Server " + nickname + ": description signature verification failed"); } // exit policy exitpolicy = parseExitPolicy(rd); // usually in directory the hostname is already set to the IP // so, following resolve just converts it to the InetAddress try { address = InetAddress.getByName(hostname); } catch (UnknownHostException e) { throw new TorException("Server.ParseRouterDescriptor: Unresolvable hostname " + hostname); } }