List of usage examples for org.bouncycastle.crypto.digests SHA256Digest SHA256Digest
public SHA256Digest()
From source file:COSE.Recipient.java
public void encrypt() throws CoseException { AlgorithmID alg = AlgorithmID.FromCBOR(findAttribute(HeaderKeys.Algorithm)); byte[] rgbKey = null; SecureRandom random;//from w ww.j a va 2 s.c om int recipientTypes = 0; if (recipientList != null && !recipientList.isEmpty()) { if (privateKey != null) throw new CoseException("Cannot have dependent recipients if key is specified"); for (Recipient r : recipientList) { switch (r.getRecipientType()) { case 1: if ((recipientTypes & 1) != 0) throw new CoseException("Cannot have two direct recipients"); recipientTypes |= 1; rgbKey = r.getKey(alg); break; default: recipientTypes |= 2; break; } } } if (recipientTypes == 3) throw new CoseException("Do not mix direct and indirect recipients"); if (recipientTypes == 2) { rgbKey = new byte[alg.getKeySize() / 8]; random = new SecureRandom(); random.nextBytes(rgbKey); } switch (alg) { case Direct: case HKDF_HMAC_SHA_256: case HKDF_HMAC_SHA_512: rgbEncrypted = new byte[0]; break; case AES_KW_128: case AES_KW_192: case AES_KW_256: if (rgbKey == null) { if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_Octet) throw new CoseException("Key and algorithm do not agree"); rgbKey = privateKey.get(KeyKeys.Octet_K.AsCBOR()).GetByteString(); } rgbEncrypted = AES_KeyWrap_Encrypt(alg, rgbKey); break; case ECDH_ES_HKDF_256: case ECDH_ES_HKDF_512: case ECDH_SS_HKDF_256: case ECDH_SS_HKDF_512: rgbEncrypted = new byte[0]; break; case ECDH_ES_HKDF_256_AES_KW_128: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); ECDH_GenerateEphemeral(); rgbKey = ECDH_GenerateSecret(privateKey); rgbKey = HKDF(rgbKey, 128, AlgorithmID.AES_KW_128, new SHA256Digest()); rgbEncrypted = AES_KeyWrap_Encrypt(AlgorithmID.AES_KW_128, rgbKey); break; case ECDH_SS_HKDF_256_AES_KW_128: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); if (findAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR()) == null) { byte[] rgbAPU = new byte[256 / 8]; random = new SecureRandom(); random.nextBytes(rgbAPU); addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED); } rgbKey = ECDH_GenerateSecret(privateKey); rgbKey = HKDF(rgbKey, 128, AlgorithmID.AES_KW_128, new SHA256Digest()); rgbEncrypted = AES_KeyWrap_Encrypt(AlgorithmID.AES_KW_128, rgbKey); break; case ECDH_ES_HKDF_256_AES_KW_192: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); ECDH_GenerateEphemeral(); rgbKey = ECDH_GenerateSecret(privateKey); rgbKey = HKDF(rgbKey, 192, AlgorithmID.AES_KW_192, new SHA256Digest()); rgbEncrypted = AES_KeyWrap_Encrypt(AlgorithmID.AES_KW_192, rgbKey); break; case ECDH_SS_HKDF_256_AES_KW_192: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); if (findAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR()) == null) { byte[] rgbAPU = new byte[256 / 8]; random = new SecureRandom(); random.nextBytes(rgbAPU); addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED); } rgbKey = ECDH_GenerateSecret(privateKey); rgbKey = HKDF(rgbKey, 192, AlgorithmID.AES_KW_192, new SHA256Digest()); rgbEncrypted = AES_KeyWrap_Encrypt(AlgorithmID.AES_KW_192, rgbKey); break; case ECDH_ES_HKDF_256_AES_KW_256: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); ECDH_GenerateEphemeral(); rgbKey = ECDH_GenerateSecret(privateKey); rgbKey = HKDF(rgbKey, 256, AlgorithmID.AES_KW_256, new SHA256Digest()); rgbEncrypted = AES_KeyWrap_Encrypt(AlgorithmID.AES_KW_256, rgbKey); break; case ECDH_SS_HKDF_256_AES_KW_256: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); if (findAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR()) == null) { byte[] rgbAPU = new byte[256 / 8]; random = new SecureRandom(); random.nextBytes(rgbAPU); addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED); } rgbKey = ECDH_GenerateSecret(privateKey); rgbKey = HKDF(rgbKey, 256, AlgorithmID.AES_KW_256, new SHA256Digest()); rgbEncrypted = AES_KeyWrap_Encrypt(AlgorithmID.AES_KW_256, rgbKey); break; default: throw new CoseException("Unsupported Recipient Algorithm"); } if (recipientList != null) { for (Recipient r : recipientList) { r.SetContent(rgbKey); r.encrypt(); } } }
From source file:COSE.Recipient.java
public byte[] getKey(AlgorithmID algCEK) throws CoseException { byte[] rgbSecret; SecureRandom random;/*from ww w . j a v a2 s . c o m*/ if (privateKey == null) throw new CoseException("Private key not set for recipient"); AlgorithmID alg = AlgorithmID.FromCBOR(findAttribute(HeaderKeys.Algorithm)); switch (alg) { case Direct: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_Octet) throw new CoseException("Key and algorithm do not agree"); return privateKey.get(KeyKeys.Octet_K.AsCBOR()).GetByteString(); case AES_KW_128: case AES_KW_192: case AES_KW_256: if (!privateKey.HasKeyType(KeyKeys.KeyType_Octet)) throw new CoseException("Key and algorithm do not agree"); return privateKey.get(KeyKeys.Octet_K).GetByteString(); case ECDH_ES_HKDF_256: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); ECDH_GenerateEphemeral(); rgbSecret = ECDH_GenerateSecret(privateKey); return HKDF(rgbSecret, algCEK.getKeySize(), algCEK, new SHA256Digest()); case ECDH_ES_HKDF_512: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); ECDH_GenerateEphemeral(); rgbSecret = ECDH_GenerateSecret(privateKey); return HKDF(rgbSecret, algCEK.getKeySize(), algCEK, new SHA512Digest()); case ECDH_SS_HKDF_256: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); if (findAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR()) == null) { byte[] rgbAPU = new byte[256 / 8]; random = new SecureRandom(); random.nextBytes(rgbAPU); addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED); } rgbSecret = ECDH_GenerateSecret(privateKey); return HKDF(rgbSecret, algCEK.getKeySize(), algCEK, new SHA256Digest()); case ECDH_SS_HKDF_512: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_EC2) throw new CoseException("Key and algorithm do not agree"); if (findAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR()) == null) { byte[] rgbAPU = new byte[512 / 8]; random = new SecureRandom(); random.nextBytes(rgbAPU); addAttribute(HeaderKeys.HKDF_Context_PartyU_nonce.AsCBOR(), CBORObject.FromObject(rgbAPU), Attribute.UNPROTECTED); } rgbSecret = ECDH_GenerateSecret(privateKey); return HKDF(rgbSecret, algCEK.getKeySize(), algCEK, new SHA512Digest()); case HKDF_HMAC_SHA_256: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_Octet) throw new CoseException("Needs to be an octet key"); return HKDF(privateKey.get(KeyKeys.Octet_K.AsCBOR()).GetByteString(), algCEK.getKeySize(), algCEK, new SHA256Digest()); case HKDF_HMAC_SHA_512: if (privateKey.get(KeyKeys.KeyType.AsCBOR()) != KeyKeys.KeyType_Octet) throw new CoseException("Needs to be an octet key"); return HKDF(privateKey.get(KeyKeys.Octet_K.AsCBOR()).GetByteString(), algCEK.getKeySize(), algCEK, new SHA512Digest()); default: throw new CoseException("Recipient Algorithm not supported"); } }
From source file:COSE.SignCommon.java
byte[] computeSignature(byte[] rgbToBeSigned, CipherParameters key) throws CoseException { AlgorithmID alg = AlgorithmID.FromCBOR(findAttribute(HeaderKeys.Algorithm)); Digest digest;/*from www . j a va 2 s. c om*/ CBORObject cn; switch (alg) { case ECDSA_256: digest = new SHA256Digest(); break; case ECDSA_384: digest = new SHA384Digest(); break; case ECDSA_512: digest = new SHA512Digest(); break; default: throw new CoseException("Unsupported Algorithm Specified"); } switch (alg) { case ECDSA_256: case ECDSA_384: case ECDSA_512: { digest.update(rgbToBeSigned, 0, rgbToBeSigned.length); byte[] rgbDigest = new byte[digest.getDigestSize()]; digest.doFinal(rgbDigest, 0); ECDSASigner ecdsa = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())); ecdsa.init(true, key); BigInteger[] sig = ecdsa.generateSignature(rgbDigest); int cb = (((ECPrivateKeyParameters) key).getParameters().getCurve().getFieldSize() + 7) / 8; byte[] r = sig[0].toByteArray(); byte[] s = sig[1].toByteArray(); byte[] sigs = new byte[cb * 2]; int cbR = min(cb, r.length); System.arraycopy(r, r.length - cbR, sigs, cb - cbR, cbR); cbR = min(cb, s.length); System.arraycopy(s, s.length - cbR, sigs, cb + cb - cbR, cbR); return sigs; } default: throw new CoseException("Inernal error"); } }
From source file:COSE.SignCommon.java
byte[] computeSignature(byte[] rgbToBeSigned, OneKey cnKey) throws CoseException { AlgorithmID alg = AlgorithmID.FromCBOR(findAttribute(HeaderKeys.Algorithm)); Digest digest;/*from w w w. j a va 2 s .co m*/ CBORObject cn; switch (alg) { case ECDSA_256: digest = new SHA256Digest(); break; case ECDSA_384: digest = new SHA384Digest(); break; case ECDSA_512: digest = new SHA512Digest(); break; default: throw new CoseException("Unsupported Algorithm Specified"); } switch (alg) { case ECDSA_256: case ECDSA_384: case ECDSA_512: { digest.update(rgbToBeSigned, 0, rgbToBeSigned.length); byte[] rgbDigest = new byte[digest.getDigestSize()]; digest.doFinal(rgbDigest, 0); cn = cnKey.get(KeyKeys.KeyType); if ((cn == null) || (cn != KeyKeys.KeyType_EC2)) throw new CoseException("Must use key with key type EC2"); cn = cnKey.get(KeyKeys.EC2_D); if (cn == null) throw new CoseException("Private key required to sign"); X9ECParameters p = cnKey.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters(new BigInteger(1, cn.GetByteString()), parameters); ECDSASigner ecdsa = new ECDSASigner(); ecdsa.init(true, privKey); BigInteger[] sig = ecdsa.generateSignature(rgbDigest); int cb = (p.getCurve().getFieldSize() + 7) / 8; byte[] r = sig[0].toByteArray(); byte[] s = sig[1].toByteArray(); byte[] sigs = new byte[cb * 2]; int cbR = min(cb, r.length); System.arraycopy(r, r.length - cbR, sigs, cb - cbR, cbR); cbR = min(cb, s.length); System.arraycopy(s, s.length - cbR, sigs, cb + cb - cbR, cbR); return sigs; } default: throw new CoseException("Inernal error"); } }
From source file:COSE.SignCommon.java
boolean validateSignature(byte[] rgbToBeSigned, byte[] rgbSignature, CipherParameters key) throws CoseException { AlgorithmID alg = AlgorithmID.FromCBOR(findAttribute(HeaderKeys.Algorithm)); Digest digest;//www .j av a 2 s . c o m switch (alg) { case ECDSA_256: digest = new SHA256Digest(); break; case ECDSA_384: digest = new SHA384Digest(); break; case ECDSA_512: digest = new SHA512Digest(); break; default: throw new CoseException("Unsupported algorithm specified"); } switch (alg) { case ECDSA_256: case ECDSA_384: case ECDSA_512: { byte[] rgbR = new byte[rgbSignature.length / 2]; byte[] rgbS = new byte[rgbSignature.length / 2]; System.arraycopy(rgbSignature, 0, rgbR, 0, rgbR.length); System.arraycopy(rgbSignature, rgbR.length, rgbS, 0, rgbR.length); digest.update(rgbToBeSigned, 0, rgbToBeSigned.length); byte[] rgbDigest = new byte[digest.getDigestSize()]; digest.doFinal(rgbDigest, 0); ECDSASigner ecdsa = new ECDSASigner(); ecdsa.init(false, key); return ecdsa.verifySignature(rgbDigest, new BigInteger(1, rgbR), new BigInteger(1, rgbS)); } default: throw new CoseException("Internal error"); } }
From source file:COSE.SignCommon.java
boolean validateSignature(byte[] rgbToBeSigned, byte[] rgbSignature, OneKey cnKey) throws CoseException { AlgorithmID alg = AlgorithmID.FromCBOR(findAttribute(HeaderKeys.Algorithm)); Digest digest;/*from ww w . j a v a 2s . c o m*/ switch (alg) { case ECDSA_256: digest = new SHA256Digest(); break; case ECDSA_384: digest = new SHA384Digest(); break; case ECDSA_512: digest = new SHA512Digest(); break; default: throw new CoseException("Unsupported algorithm specified"); } switch (alg) { case ECDSA_256: case ECDSA_384: case ECDSA_512: { byte[] rgbR = new byte[rgbSignature.length / 2]; byte[] rgbS = new byte[rgbSignature.length / 2]; System.arraycopy(rgbSignature, 0, rgbR, 0, rgbR.length); System.arraycopy(rgbSignature, rgbR.length, rgbS, 0, rgbR.length); digest.update(rgbToBeSigned, 0, rgbToBeSigned.length); byte[] rgbDigest = new byte[digest.getDigestSize()]; digest.doFinal(rgbDigest, 0); X9ECParameters p = cnKey.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()); BigInteger bnX = new BigInteger(1, cnKey.get(KeyKeys.EC2_X).GetByteString()); ECPoint point = p.getCurve().createPoint(bnX, new BigInteger(1, cnKey.get(KeyKeys.EC2_Y).GetByteString())); ECPublicKeyParameters pubKey = new ECPublicKeyParameters(point, parameters); ECDSASigner ecdsa = new ECDSASigner(); ecdsa.init(false, pubKey); return ecdsa.verifySignature(rgbDigest, new BigInteger(1, rgbR), new BigInteger(1, rgbS)); } default: throw new CoseException("Internal error"); } }
From source file:COSE.Signer.java
static byte[] computeSignature(AlgorithmID alg, byte[] rgbToBeSigned, OneKey cnKey) throws CoseException { Digest digest;//from w w w .ja v a 2 s . co m CBORObject cn; switch (alg) { case ECDSA_256: digest = new SHA256Digest(); break; case ECDSA_384: digest = new SHA384Digest(); break; case ECDSA_512: digest = new SHA512Digest(); break; default: throw new CoseException("Unsupported Algorithm Specified"); } switch (alg) { case ECDSA_256: case ECDSA_384: case ECDSA_512: { digest.update(rgbToBeSigned, 0, rgbToBeSigned.length); byte[] rgbDigest = new byte[digest.getDigestSize()]; digest.doFinal(rgbDigest, 0); cn = cnKey.get(KeyKeys.KeyType); if ((cn == null) || (cn != KeyKeys.KeyType_EC2)) throw new CoseException("Must use key with key type EC2"); cn = cnKey.get(KeyKeys.EC2_D); if (cn == null) throw new CoseException("Private key required to sign"); X9ECParameters p = cnKey.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters(new BigInteger(1, cn.GetByteString()), parameters); ECDSASigner ecdsa = new ECDSASigner(); ecdsa.init(true, privKey); BigInteger[] sig = ecdsa.generateSignature(rgbDigest); int cb = (p.getCurve().getFieldSize() + 7) / 8; byte[] r = sig[0].toByteArray(); byte[] s = sig[1].toByteArray(); byte[] sigs = new byte[cb * 2]; int cbR = min(cb, r.length); System.arraycopy(r, r.length - cbR, sigs, cb - cbR, cbR); cbR = min(cb, s.length); System.arraycopy(s, s.length - cbR, sigs, cb + cb - cbR, cbR); return sigs; } default: throw new CoseException("Internal error"); } }
From source file:COSE.Signer.java
static boolean validateSignature(AlgorithmID alg, byte[] rgbToBeSigned, byte[] rgbSignature, OneKey cnKey) throws CoseException { Digest digest;//w w w. j a va 2s. c om switch (alg) { case ECDSA_256: digest = new SHA256Digest(); break; case ECDSA_384: digest = new SHA384Digest(); break; case ECDSA_512: digest = new SHA512Digest(); break; default: throw new CoseException("Unsupported algorithm specified"); } switch (alg) { case ECDSA_256: case ECDSA_384: case ECDSA_512: { byte[] rgbR = new byte[rgbSignature.length / 2]; byte[] rgbS = new byte[rgbSignature.length / 2]; System.arraycopy(rgbSignature, 0, rgbR, 0, rgbR.length); System.arraycopy(rgbSignature, rgbR.length, rgbS, 0, rgbR.length); digest.update(rgbToBeSigned, 0, rgbToBeSigned.length); byte[] rgbDigest = new byte[digest.getDigestSize()]; digest.doFinal(rgbDigest, 0); X9ECParameters p = cnKey.GetCurve(); ECDomainParameters parameters = new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()); BigInteger bnX = new BigInteger(1, cnKey.get(KeyKeys.EC2_X.AsCBOR()).GetByteString()); ECPoint point = p.getCurve().createPoint(bnX, new BigInteger(1, cnKey.get(KeyKeys.EC2_Y.AsCBOR()).GetByteString())); ECPublicKeyParameters pubKey = new ECPublicKeyParameters(point, parameters); ECDSASigner ecdsa = new ECDSASigner(); ecdsa.init(false, pubKey); return ecdsa.verifySignature(rgbDigest, new BigInteger(1, rgbR), new BigInteger(1, rgbS)); } default: throw new CoseException("Internal error"); } }
From source file:de.jpm.model.EncryptionService.java
License:Open Source License
/** * * @param password//w ww. java 2 s .c o m */ public void initCipher(char[] password) { PBEParametersGenerator keyGenerator = new PKCS12ParametersGenerator(new SHA256Digest()); keyGenerator.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), salt, 20); CipherParameters keyParams = keyGenerator.generateDerivedParameters(256, 128); encryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding()); encryptCipher.init(true, keyParams); decryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding()); decryptCipher.init(false, keyParams); }
From source file:de.tsenger.animamea.crypto.KeyDerivationFunction.java
License:Open Source License
/** * Erzeugt AES-256 Schlssel/*from w w w . j a v a 2 s. com*/ * * @return Schlssel als Byte-Array */ public byte[] getAES256Key() { byte[] checksum = new byte[32]; SHA256Digest sha256 = new SHA256Digest(); sha256.update(mergedData, 0, mergedData.length); sha256.doFinal(checksum, 0); return checksum; }