List of usage examples for org.bouncycastle.crypto.digests SHA256Digest SHA256Digest
public SHA256Digest()
From source file:org.xipki.ocsp.client.impl.SHA256DigestCalculator.java
License:Open Source License
@Override protected Digest getDigester() { return new SHA256Digest(); }
From source file:org.xipki.pki.scep.crypto.ScepHashAlgoType.java
License:Open Source License
public byte[] digest(final byte[] content) { ParamUtil.requireNonNull("content", content); Digest digest;/*from w ww. j a v a 2s. co m*/ if (this == SHA1) { digest = new SHA1Digest(); } else if (this == SHA256) { digest = new SHA256Digest(); } else if (this == SHA512) { digest = new SHA512Digest(); } else if (this == MD5) { digest = new MD5Digest(); } else { throw new RuntimeException("should not reach here"); } byte[] ret = new byte[length]; digest.doFinal(ret, 0); return ret; }
From source file:org.xipki.security.p11.iaik.IaikP11Slot.java
License:Open Source License
private X509CertificateHolder generateCertificate(final Session session, final byte[] id, final String label, final String subject, final AlgorithmIdentifier signatureAlgId, final PrivateKeyAndPKInfo privateKeyAndPkInfo, Integer keyUsage, List<ASN1ObjectIdentifier> extendedKeyUsage) throws Exception { BigInteger serialNumber = BigInteger.ONE; Date startDate = new Date(); Date endDate = new Date(startDate.getTime() + 20 * YEAR); X500Name x500Name_subject = new X500Name(subject); x500Name_subject = X509Util.sortX509Name(x500Name_subject); V3TBSCertificateGenerator tbsGen = new V3TBSCertificateGenerator(); tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); tbsGen.setSignature(signatureAlgId); tbsGen.setIssuer(x500Name_subject); tbsGen.setStartDate(new Time(startDate)); tbsGen.setEndDate(new Time(endDate)); tbsGen.setSubject(x500Name_subject); tbsGen.setSubjectPublicKeyInfo(privateKeyAndPkInfo.getPublicKeyInfo()); List<Extension> extensions = new ArrayList<>(2); if (keyUsage == null) { keyUsage = KeyUsage.keyCertSign | KeyUsage.cRLSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment; }//from w ww . ja v a 2 s .c om extensions.add(new Extension(Extension.keyUsage, true, new DEROctetString(new KeyUsage(keyUsage)))); if (CollectionUtil.isNotEmpty(extendedKeyUsage)) { KeyPurposeId[] kps = new KeyPurposeId[extendedKeyUsage.size()]; int i = 0; for (ASN1ObjectIdentifier oid : extendedKeyUsage) { kps[i++] = KeyPurposeId.getInstance(oid); } extensions.add(new Extension(Extension.extendedKeyUsage, false, new DEROctetString(new ExtendedKeyUsage(kps)))); } Extensions paramX509Extensions = new Extensions(extensions.toArray(new Extension[0])); tbsGen.setExtensions(paramX509Extensions); TBSCertificate tbsCertificate = tbsGen.generateTBSCertificate(); byte[] encodedTbsCertificate = tbsCertificate.getEncoded(); byte[] signature = null; Digest digest = null; Mechanism sigMechanism = null; ASN1ObjectIdentifier sigAlgID = signatureAlgId.getAlgorithm(); if (sigAlgID.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) { sigMechanism = Mechanism.get(PKCS11Constants.CKM_SHA256_RSA_PKCS); session.signInit(sigMechanism, privateKeyAndPkInfo.getPrivateKey()); signature = session.sign(encodedTbsCertificate); } else if (sigAlgID.equals(NISTObjectIdentifiers.dsa_with_sha256)) { digest = new SHA256Digest(); byte[] digestValue = new byte[digest.getDigestSize()]; digest.update(encodedTbsCertificate, 0, encodedTbsCertificate.length); digest.doFinal(digestValue, 0); session.signInit(Mechanism.get(PKCS11Constants.CKM_DSA), privateKeyAndPkInfo.getPrivateKey()); byte[] rawSignature = session.sign(digestValue); signature = convertToX962Signature(rawSignature); } else { if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA1)) { digest = new SHA1Digest(); } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA256)) { digest = new SHA256Digest(); } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA384)) { digest = new SHA384Digest(); } else if (sigAlgID.equals(X9ObjectIdentifiers.ecdsa_with_SHA512)) { digest = new SHA512Digest(); } else { System.err.println("unknown algorithm ID: " + sigAlgID.getId()); return null; } byte[] digestValue = new byte[digest.getDigestSize()]; digest.update(encodedTbsCertificate, 0, encodedTbsCertificate.length); digest.doFinal(digestValue, 0); session.signInit(Mechanism.get(PKCS11Constants.CKM_ECDSA), privateKeyAndPkInfo.getPrivateKey()); byte[] rawSignature = session.sign(digestValue); signature = convertToX962Signature(rawSignature); } // build DER certificate ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCertificate); v.add(signatureAlgId); v.add(new DERBitString(signature)); DERSequence cert = new DERSequence(v); // build and store PKCS#11 certificate object X509PublicKeyCertificate certTemp = new X509PublicKeyCertificate(); certTemp.getToken().setBooleanValue(true); certTemp.getId().setByteArrayValue(id); certTemp.getLabel().setCharArrayValue(label.toCharArray()); certTemp.getSubject().setByteArrayValue(x500Name_subject.getEncoded()); certTemp.getIssuer().setByteArrayValue(x500Name_subject.getEncoded()); certTemp.getSerialNumber().setByteArrayValue(serialNumber.toByteArray()); certTemp.getValue().setByteArrayValue(cert.getEncoded()); session.createObject(certTemp); return new X509CertificateHolder(Certificate.getInstance(cert)); }
From source file:org.xwiki.crypto.internal.digest.factory.BcSHA256DigestFactory.java
License:Open Source License
@Override public Digest getDigestInstance() { return new SHA256Digest(); }
From source file:org.xwiki.crypto.passwd.internal.ScryptMemoryHardKeyDerivationFunction.java
License:Open Source License
/** * {@inheritDoc}//from ww w. j av a2s .c o m * * @see: org.xwiki.crypto.MemoryHardKeyDerivationFunction#deriveKey(byte[]) */ public byte[] deriveKey(final byte[] password) { try { this.allocateMemory(true); PBKDF2KeyDerivationFunction sha256Pbkdf2 = new PBKDF2KeyDerivationFunction(new SHA256Digest()); int blockSizeInBytes = 128 * this.blockSize; int bufferBLength = blockSizeInBytes * this.processorExpense; /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ byte[] workingBufferB = sha256Pbkdf2.generateDerivedKey(password, this.salt, 1, bufferBLength); /* 2: for i = 0 to p - 1 do */ // NOTE: This loop cycles processorExpense number of cycles. for (int i = 0; i < workingBufferB.length; i += blockSizeInBytes) { /* 3: B_i <-- MF(B_i, N) */ this.smix(workingBufferB, i); } /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ return sha256Pbkdf2.generateDerivedKey(password, workingBufferB, 1, this.derivedKeyLength); } finally { this.freeMemory(); } }
From source file:org.xwiki.crypto.passwd.PBKDF2KeyDerivationFunctionTest.java
License:Open Source License
/** Prove that the function will continue to produce the same hash for a given password after serialization. */ @Test/*from ww w . j a v a 2 s . c om*/ public void serializationTest() throws Exception { final byte[] password = "password".getBytes(); final KeyDerivationFunction sha256Function = new PBKDF2KeyDerivationFunction(new SHA256Digest()); sha256Function.init(500, 20); byte[] originalHash = sha256Function.deriveKey(password); byte[] serial = sha256Function.serialize(); // Prove that the function doesn't return the same output _every_ time sha256Function.init(500, 20); byte[] differentHash = sha256Function.deriveKey(password); Assert.assertFalse(Arrays.equals(originalHash, differentHash)); final KeyDerivationFunction serialFunction = (KeyDerivationFunction) SerializationUtils.deserialize(serial); byte[] serialHash = serialFunction.deriveKey(password); Assert.assertTrue(Arrays.equals(originalHash, serialHash)); }
From source file:org.xwiki.crypto.passwd.ScryptMemoryHardKeyDerivationFunctionTest.java
License:Open Source License
@Test public void scryptPBKDF2Test() throws Exception { PBKDF2KeyDerivationFunction sha256Pbkdf2 = new PBKDF2KeyDerivationFunction(new SHA256Digest()); byte[] out = sha256Pbkdf2.generateDerivedKey(scryptPBKDF2InputPassword.getBytes("US-ASCII"), Base64.decode(scryptPBKDF2InputSaltBase64.getBytes("US-ASCII")), 1, scryptPBKDF2DerivedKeyLength); Digest d = new SHA256Digest(); d.update(out, 0, out.length);// w w w.j a v a 2 s . com byte[] hash = new byte[32]; d.doFinal(hash, 0); String outStr = new String(Base64.encode(hash), "US-ASCII"); Assert.assertTrue("Mismatch:\nExpecting: " + scryptPBKDF2OutputSha256Base64 + "\n Got: " + outStr, scryptPBKDF2OutputSha256Base64.equals(outStr)); }
From source file:org.xwiki.crypto.passwd.ScryptMemoryHardKeyDerivationFunctionTest.java
License:Open Source License
@Test public void blockMixTest() throws Exception { byte[] out = Base64.decode(this.blockMixInputBase64.getBytes("US-ASCII")); // Blockmix requires that memory be allocated. this.init(new byte[0], 2, 8, 1, 1); this.allocateMemory(true); this.blockMix(out); Digest d = new SHA256Digest(); d.update(out, 0, out.length);//from w ww . j a va 2 s . co m byte[] hash = new byte[32]; d.doFinal(hash, 0); String outStr = new String(Base64.encode(hash), "US-ASCII"); Assert.assertEquals(this.blockMixOutputSha256Base64, outStr); }
From source file:org.xwiki.crypto.signer.internal.factory.BcSHA256withRsaSignerFactory.java
License:Open Source License
@Override protected org.bouncycastle.crypto.Signer getSignerInstance(AsymmetricCipherParameters parameters) { return new RSADigestSigner(new SHA256Digest()); }
From source file:pa55.java.core.PA55.java
License:Apache License
/** * Method to generate a strong password from the input parameters using PBKDF2. * //from w w w .jav a 2 s .com * @throws UnsupportedEncodingException * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException */ public void generatePBKDF2Password() throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { Digest digest = null; switch (pbkdfAlgorithm) { case SHA1: digest = new SHA1Digest(); break; case SHA256: digest = new SHA256Digest(); break; case SHA512: digest = new SHA512Digest(); break; } PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digest); generator.init(masterSecret.getBytes(CHAR_ENCODING), passwordHint.getBytes(CHAR_ENCODING), pbkdfRounds.intValue()); byte[] password = ((KeyParameter) generator.generateDerivedParameters(pbkdfLength.intValue() * 8)).getKey(); pbkdfGeneratedPassword = Base64.encodeBase64String(password); }