List of usage examples for org.bouncycastle.crypto.digests SHA1Digest SHA1Digest
public SHA1Digest()
From source file:org.xwiki.crypto.signer.internal.factory.BcSHA1withRsaSignerFactory.java
License:Open Source License
@Override protected org.bouncycastle.crypto.Signer getSignerInstance(AsymmetricCipherParameters parameters) { return new RSADigestSigner(new SHA1Digest()); }
From source file:org.xwiki.mail.ExtendedMimeMessage.java
License:Open Source License
private String digest(String data) { SHA1Digest digest = SHA1_DIGEST.get(); if (digest == null) { digest = new SHA1Digest(); SHA1_DIGEST.set(new SHA1Digest()); }//from ww w. j a v a 2s .c o m byte[] bytes = data.getBytes(); digest.update(bytes, 0, bytes.length); byte[] dig = new byte[digest.getDigestSize()]; digest.doFinal(dig, 0); return Base64.toBase64String(dig); }
From source file:pa55.java.core.PA55.java
License:Apache License
/** * Method to generate a strong password from the input parameters using PBKDF2. * /*from w ww .j ava 2 s . co m*/ * @throws UnsupportedEncodingException * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException */ public void generatePBKDF2Password() throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { Digest digest = null; switch (pbkdfAlgorithm) { case SHA1: digest = new SHA1Digest(); break; case SHA256: digest = new SHA256Digest(); break; case SHA512: digest = new SHA512Digest(); break; } PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digest); generator.init(masterSecret.getBytes(CHAR_ENCODING), passwordHint.getBytes(CHAR_ENCODING), pbkdfRounds.intValue()); byte[] password = ((KeyParameter) generator.generateDerivedParameters(pbkdfLength.intValue() * 8)).getKey(); pbkdfGeneratedPassword = Base64.encodeBase64String(password); }
From source file:test.bunkr.core.streams.TestBlockReaderInputStream.java
License:Open Source License
public byte[] hashUp(byte[] input) { GeneralDigest d = new SHA1Digest(); d.update(input, 0, input.length);/*from w w w. j a va2 s . c o m*/ byte[] b = new byte[d.getDigestSize()]; d.doFinal(b, 0); return b; }
From source file:TorJava.Common.Encryption.java
License:Open Source License
/** * returns the hash of the input//from ww w . j a v a 2s.c o m * * */ public static byte[] getHash(byte[] input) { SHA1Digest sha1 = new SHA1Digest(); sha1.reset(); sha1.update(input, 0, input.length); byte[] hash = new byte[sha1.getDigestSize()]; sha1.doFinal(hash, 0); return hash; }
From source file:TorJava.Node.java
License:Open Source License
/** constructor for server-side. */ Node(Server init, byte[] dh_x_bytes) { if (init == null) throw new NullPointerException("can't init node on NULL server"); // save a pointer to the server's data this.server = init; Random rnd = new Random(); // do Diffie-Hellmann dh_x = new BigInteger(1, dh_x_bytes); dh_private = new BigInteger(dh_p.bitLength() - 1, rnd); BigInteger dh_xy = dh_x.modPow(dh_private, dh_p); byte[] dh_xy_bytes = BigIntegerTo128Bytes(dh_xy); // return dh_y-Bytes BigInteger dh_y = dh_g.modPow(dh_private, dh_p); dh_y_bytes = BigIntegerTo128Bytes(dh_y); // derive key-material SHA1Digest sha1 = new SHA1Digest(); byte[] k = new byte[100]; byte[] sha1_input = new byte[dh_xy_bytes.length + 1]; System.arraycopy(dh_xy_bytes, 0, sha1_input, 0, dh_xy_bytes.length); for (int i = 0; i < 5; ++i) { sha1.reset();/*from w ww. j a v a2s .co m*/ sha1_input[sha1_input.length - 1] = (byte) i; sha1.update(sha1_input, 0, sha1_input.length); sha1.doFinal(k, i * 20); } ; // DEBUGGING OUTPUT -- BEGIN Logger.logCrypto(Logger.VERBOSE, "Node.<init>: dh_x = \n" + Encoding.toHexString(dh_x_bytes, 100) + "\n" + "dh_y = \n" + Encoding.toHexString(dh_y_bytes, 100) + "\n" + "dh_xy = keymaterial:\n" + Encoding.toHexString(dh_xy_bytes, 100) + "\n" + "Key Data:\n" + Encoding.toHexString(k, 100)); // DEBUGGING OUTPUT -- END // derived key info is correct - save to final destination // handshake kh = new byte[20]; System.arraycopy(k, 0, kh, 0, 20); // forward digest forward_digest = new byte[20]; System.arraycopy(k, 40, forward_digest, 0, 20); sha1_forward = new SHA1Digest(); sha1_forward.update(forward_digest, 0, 20); // backward digest backward_digest = new byte[20]; System.arraycopy(k, 20, backward_digest, 0, 20); sha1_backward = new SHA1Digest(); sha1_backward.update(backward_digest, 0, 20); // secret key for sending data kf = new byte[16]; System.arraycopy(k, 76, kf, 0, 16); aes_encrypt = new AESCounterMode(true, kf); // secret key for receiving data kb = new byte[16]; System.arraycopy(k, 60, kb, 0, 16); aes_decrypt = new AESCounterMode(true, kb); }
From source file:TorJava.Node.java
License:Open Source License
/** * called after receiving created or extended cell: finished DH-key * exchange. Expects the first 148 bytes of the data array to be filled * with:<br>/*from w w w . j a v a 2s . c om*/ * <ul> * <li>128 bytes of DH-data (g^y) * <li>20 bytes of derivated key data (KH) (see chapter 4.2 of torspec) * </ul> * * @param data * expects the received second half of the DH-key exchange */ void finish_dh(byte[] data) throws TorException { // calculate g^xy // - fix some undocument stuff: all numbers are 128-bytes only! // - add a leading zero to all numbers dh_y_bytes = new byte[128]; System.arraycopy(data, 0, dh_y_bytes, 0, 128); BigInteger dh_y = new BigInteger(1, dh_y_bytes); BigInteger dh_xy = dh_y.modPow(dh_private, dh_p); byte[] dh_xy_bytes = BigIntegerTo128Bytes(dh_xy); // derivate key material SHA1Digest sha1 = new SHA1Digest(); byte[] k = new byte[100]; byte[] sha1_input = new byte[dh_xy_bytes.length + 1]; System.arraycopy(dh_xy_bytes, 0, sha1_input, 0, dh_xy_bytes.length); for (int i = 0; i < 5; ++i) { sha1.reset(); sha1_input[sha1_input.length - 1] = (byte) i; sha1.update(sha1_input, 0, sha1_input.length); sha1.doFinal(k, i * 20); } ; // DEBUGGING OUTPUT -- BEGIN Logger.logCrypto(Logger.VERBOSE, "Node.finish_dh: dh_x = \n" + Encoding.toHexString(dh_x_bytes, 100) + "\n" + "dh_y = \n" + Encoding.toHexString(dh_y_bytes, 100) + "\n" + "dh_xy = keymaterial:\n" + Encoding.toHexString(dh_xy_bytes, 100) + "\n" + "Key Data:\n" + Encoding.toHexString(k, 100) + "\n" + "Data:\n" + Encoding.toHexString(data, 100)); // DEBUGGING OUTPUT -- END // check if derived key data is equal to bytes 128-147 of data[] boolean equal = true; for (int i = 0; equal && (i < 20); ++i) equal = (k[i] == data[128 + i]); // is there some error in the key data? if (!equal) throw new TorException("derived key material is wrong!"); // derived key info is correct - save to final destination // handshake kh = new byte[20]; System.arraycopy(k, 0, kh, 0, 20); // forward digest forward_digest = new byte[20]; System.arraycopy(k, 20, forward_digest, 0, 20); sha1_forward = new SHA1Digest(); sha1_forward.update(forward_digest, 0, 20); // backward digest backward_digest = new byte[20]; System.arraycopy(k, 40, backward_digest, 0, 20); sha1_backward = new SHA1Digest(); sha1_backward.update(backward_digest, 0, 20); // secret key for sending data kf = new byte[16]; System.arraycopy(k, 60, kf, 0, 16); aes_encrypt = new AESCounterMode(true, kf); // secret key for receiving data kb = new byte[16]; System.arraycopy(k, 76, kb, 0, 16); aes_decrypt = new AESCounterMode(true, kb); }
From source file:TorJava.Server.java
License:Open Source License
/** * extracts all relevant information from the router discriptor and saves it * in the member variables.//from ww w . jav a 2s . c om * * @param rd * string encoded router descriptor */ private void parseRouterDescriptor(String rd) throws TorException { this.routerDescriptor = rd; // Router item: nickname, hostname, onion-router-port, socks-port, dir-port Pattern p = Pattern.compile("^router (\\w+) (\\S+) (\\d+) (\\d+) (\\d+)", Pattern.DOTALL + Pattern.MULTILINE + Pattern.CASE_INSENSITIVE + Pattern.UNIX_LINES); Matcher m = p.matcher(rd); m.find(); this.nickname = m.group(1); this.hostname = m.group(2); this.orPort = Integer.parseInt(m.group(3)); this.socksPort = Integer.parseInt(m.group(4)); this.dirPort = Integer.parseInt(m.group(5)); // secondary information platform = Parsing.parseStringByRE(rd, "^platform (.*?)$", "unknown"); published = dateFormat.parse(Parsing.parseStringByRE(rd, "^published (.*?)$", ""), (new ParsePosition(0))); uptime = Integer.parseInt(Parsing.parseStringByRE(rd, "^uptime (\\d+)", "0")); fingerprint = Encoding.parseHex(Parsing.parseStringByRE(rd, "^opt fingerprint (.*?)$", "")); contact = Parsing.parseStringByRE(rd, "^contact (.*?)$", ""); // make that IF description is from a trusted server, that fingerprint is correct if (tor.config.trustedServers.containsKey(nickname)) { String fingerprintFromConfig = (String) (tor.config.trustedServers.get(nickname)).get("fingerprint"); if (!Encoding.toHexString(fingerprint).equalsIgnoreCase(fingerprintFromConfig)) throw new TorException("Server " + nickname + " is trusted, but fingerprint check failed"); } // bandwith p = Pattern.compile("^bandwidth (\\d+) (\\d+) (\\d+)?", Pattern.DOTALL + Pattern.MULTILINE + Pattern.CASE_INSENSITIVE + Pattern.UNIX_LINES); m = p.matcher(rd); if (m.find()) { bandwidthAvg = Integer.parseInt(m.group(1)); bandwidthBurst = Integer.parseInt(m.group(2)); bandwidthObserved = Integer.parseInt(m.group(3)); } ; // onion key String stringOnionKey = Parsing.parseStringByRE(rd, "^onion-key\n(.*?END RSA PUBLIC KEY......)", ""); onionKey = Encryption.extractRSAKey(stringOnionKey); // signing key String stringSigningKey = Parsing.parseStringByRE(rd, "^signing-key\n(.*?END RSA PUBLIC KEY-----\n)", ""); signingKey = Encryption.extractRSAKey(stringSigningKey); SHA1Digest sha1 = new SHA1Digest(); // verify signing-key against fingerprint try { RSAPublicKeyStructure signingKey_asn = new RSAPublicKeyStructure(signingKey.getModulus(), signingKey.getPublicExponent()); byte[] pkcs = Encryption.getPKCS1EncodingFromRSAPublicKey(signingKey_asn); byte[] key_hash = new byte[20]; sha1.update(pkcs, 0, pkcs.length); sha1.doFinal(key_hash, 0); if (!Encoding.arraysEqual(key_hash, fingerprint)) throw new TorException("Server " + nickname + " doesn't verify signature vs fingerprint"); } catch (Exception e) { throw new TorException("Server " + nickname + " doesn't verify signature vs fingerprint"); } // parse family String stringFamily = Parsing.parseStringByRE(rd, "^family (.*?)$", ""); if (stringFamily == "") stringFamily = Parsing.parseStringByRE(rd, "^opt family (.*?)$", ""); Pattern p_family = Pattern.compile("(\\S+)"); Matcher m_family = p_family.matcher(stringFamily); while (m_family.find()) { String host = m_family.group(1); family.add(host); } // check the validity of the signature router_signature = Encoding.parseBase64(Parsing.parseStringByRE(rd, "^router-signature\n-----BEGIN SIGNATURE-----(.*?)-----END SIGNATURE-----", "")); byte[] sha1_input = (Parsing.parseStringByRE(rd, "^(router .*?router-signature\n)", "")).getBytes(); if (!Encryption.verifySignature(router_signature, signingKey, sha1_input)) { Logger.logCrypto(Logger.ERROR, "Server -> router-signature check failed for " + nickname); throw new TorException("Server " + nickname + ": description signature verification failed"); } // exit policy exitpolicy = parseExitPolicy(rd); // usually in directory the hostname is already set to the IP // so, following resolve just converts it to the InetAddress try { address = InetAddress.getByName(hostname); } catch (UnknownHostException e) { throw new TorException("Server.ParseRouterDescriptor: Unresolvable hostname " + hostname); } }
From source file:us.exultant.ahs.crypto.bc.AesCtrPkcs7Sha1.java
License:Open Source License
public AesCtrPkcs7Sha1() { // build the system $cipher = new PaddedBufferedBlockCipher(new SICBlockCipher(new AESEngineMod()), // i've decided to frown upon CBC because of the bug i noticed with IVs in that code. new PKCS7Padding()); $hmac = new HMac(new SHA1Digest()); }
From source file:us.exultant.ahs.crypto.bc.BcUtil.java
License:Open Source License
/** * Derives symmetric keys by hashing a given key along with a predictable nonce to * produce more keys of the same length. The derived keys are random unless the * base key and the nonce are known./* w w w . j av a2 s . c om*/ * * @param $baseKey * a symmetric key to derive more keys from. * @param $baseModified * will be converted to bytes and prepended to the base key for * hashing (this will be incremented before each derivation in the * case of $keyCount > 1). * @param $keyCount * how many new keys to derive. * @return an array of size $keyCount containing new symmetric keys. */ static Ks[] deriveKeys(Ks $baseKey, int $baseModified, int $keyCount) { Ks[] $v = new Ks[$keyCount]; Digest $dig = new SHA1Digest(); final int $rounds = $baseKey.getBytes().length / $dig.getDigestSize() + 1; byte[] $fwee = new byte[$rounds * $dig.getDigestSize()]; for (int $i = 0; $i < $keyCount; $i++) { for (int $round = 0; $round < $rounds; $round++) { $dig.update(Primitives.byteArrayFromInt($baseModified + $i), 0, 4); // make each key different $dig.update(Primitives.byteArrayFromInt($round), 0, 4); // make each chunk of a key different if it takes more than one digest to get enough material $dig.update($baseKey.getBytes(), 0, $baseKey.getBytes().length); $dig.doFinal($fwee, $rounds * $dig.getDigestSize()); } $v[$i] = new Ks.Basic(Arr.copyFromBeginning($fwee, $baseKey.getBytes().length)); } return $v; }