List of usage examples for org.bouncycastle.crypto.digests SHA512Digest reset
public void reset()
From source file:cologne.eck.dr.op.crypto.password_hashing.Battcrypt_v0.java
License:Open Source License
@Override public byte[] hashPassword(int outlen, byte[] in, byte[] salt, int t_cost, int m_cost, Object... varArgs) throws DataLengthException, IllegalStateException, InvalidCipherTextException { SHA512Digest sha = new SHA512Digest(); int[] data = new int[DATA_SIZE_INT]; BlowfishEngine blowfish;// w ww . j a v a2s . co m long upgradeLoops = 1; long loops; int memSize = 4 << m_cost;//= 4 * 2 ** m_cost int memMask = memSize - 1; int[] mem; byte[] hashBuffer = new byte[HASH_LENGTH_BYTE];// holds hash value as bytes byte[] dataBuffer = new byte[DATA_SIZE_BYTE];// holds encrypted bytes // These are the PHP max. values if (m_cost > 18 || // maximum: 2.147.483.648 bytes (t_cost & 0xffff) > 62 || (t_cost >> 16) > 63 || outlen > HASH_LENGTH_BYTE) { throw new IllegalArgumentException("invalid parameters"); } int tmp = t_cost >> 16; if (tmp != 0) { // upgradeLoops = 1, 2, 3, 4, 6, 8, 12, 16, ... upgradeLoops = (long) (3 - (tmp & 1)) << ((tmp - 1) >> 1); } // loops = 2, 3, 4, 6, 8, 12, 16, ... tmp = t_cost & 0xffff; loops = (long) ((tmp & 1) + 2) << (tmp >> 1); // key = SHA512(SHA512(salt) || in) byte[] keyBytes = new byte[HASH_LENGTH_BYTE]; sha.update(salt, 0, salt.length); sha.doFinal(keyBytes, 0); sha.reset(); sha.update(keyBytes, 0, HASH_LENGTH_BYTE); sha.update(in, 0, in.length);//password sha.doFinal(keyBytes, 0); sha.reset(); if (wipePassword == true) { Arrays.fill(in, (byte) 0); } // initialize cipher with 448 bit (56 byte) key: // truncate keyBytes: byte[] blowfishKey = new byte[56]; System.arraycopy(keyBytes, 0, blowfishKey, 0, 56); // use zeros as IV byte[] iv = new byte[IV_LENGTH_BYTE]; KeyParameter params = new KeyParameter(blowfishKey); Arrays.fill(blowfishKey, (byte) 0); ParametersWithIV ivParams = new ParametersWithIV(params, iv); blowfish = new BlowfishEngine(); // CBC, no padding: all vectors are multiples of Blowfish block length BufferedBlockCipher cipher = new BufferedBlockCipher(new CBCBlockCipher(blowfish)); cipher.init(true, ivParams); // initialize memory-hard vector: mem = new int[DATA_SIZE_INT * memSize]; for (long u = 0; u < upgradeLoops; u++) { // initialize data: // data = SHA512(BIG_ENDIAN_64( 0) || key) || ... // ... || SHA512(BIG_ENDIAN_64(31) || key) byte[] counterBytesBE = new byte[8]; // holds counter as long to update for (int i = 0; i < DATA_SIZE_BYTE / HASH_LENGTH_BYTE; i++) { counterBytesBE[7] = (byte) i; // set first byte sha.update(counterBytesBE, 0, counterBytesBE.length); // BIG_ENDIAN_64(i) sha.update(keyBytes, 0, HASH_LENGTH_BYTE); sha.doFinal(hashBuffer, 0); sha.reset(); // hash values allow weak garbage collector attack - // so, avoid new allocations: for (int j = 0; j < HASH_LENGTH_BYTE / 4; j++) { data[HASH_LENGTH_INT * i + j] = ((hashBuffer[j * 4 + 3] & 0xFF) << 24) | ((hashBuffer[j * 4 + 2] & 0xFF) << 16) | ((hashBuffer[j * 4 + 1] & 0xFF) << 8) | (hashBuffer[j * 4 + 0] & 0xFF); // little endian order } Arrays.fill(hashBuffer, (byte) 0); } // Initialize memory: for (int i = 0; i < memSize; i++) { // data = blowfish_encrypt_cbc(data) // mem = mem || data for (int j = 0; j < DATA_SIZE_INT; j++) { dataBuffer[j * 4 + 0] = (byte) (data[j]);// little endian dataBuffer[j * 4 + 1] = (byte) (data[j] >>> 8); dataBuffer[j * 4 + 2] = (byte) (data[j] >>> 16); dataBuffer[j * 4 + 3] = (byte) (data[j] >>> 24); } int len = cipher.processBytes(dataBuffer, 0, DATA_SIZE_BYTE, dataBuffer, 0); cipher.doFinal(dataBuffer, len); cipher.reset(); // get iv for next encryption step: // "running CBC": the last block of the // previous call is the IV for the next call System.arraycopy(dataBuffer, DATA_SIZE_BYTE - IV_LENGTH_BYTE, iv, 0, IV_LENGTH_BYTE); ivParams = new ParametersWithIV(params, iv); cipher.init(true, ivParams); for (int j = 0; j < DATA_SIZE_INT; j++) { data[j] = ((dataBuffer[j * 4 + 3] & 0xFF) << 24) | ((dataBuffer[j * 4 + 2] & 0xFF) << 16) | ((dataBuffer[j * 4 + 1] & 0xFF) << 8) | (dataBuffer[j * 4 + 0] & 0xFF); // little endian order } System.arraycopy(data, 0, mem, DATA_SIZE_INT * i, DATA_SIZE_INT); } // encrypt data: for (int j = 0; j < DATA_SIZE_INT; j++) { dataBuffer[j * 4 + 0] = (byte) (data[j]);// little endian dataBuffer[j * 4 + 1] = (byte) (data[j] >>> 8); dataBuffer[j * 4 + 2] = (byte) (data[j] >>> 16); dataBuffer[j * 4 + 3] = (byte) (data[j] >>> 24); } int len = cipher.processBytes(dataBuffer, 0, DATA_SIZE_BYTE, dataBuffer, 0); cipher.doFinal(dataBuffer, len); cipher.reset(); System.arraycopy(dataBuffer, DATA_SIZE_BYTE - IV_LENGTH_BYTE, iv, 0, IV_LENGTH_BYTE); ivParams = new ParametersWithIV(params, iv); cipher.init(true, ivParams); for (int j = 0; j < DATA_SIZE_INT; j++) { data[j] = ((dataBuffer[j * 4 + 3] & 0xFF) << 24) | ((dataBuffer[j * 4 + 2] & 0xFF) << 16) | ((dataBuffer[j * 4 + 1] & 0xFF) << 8) | (dataBuffer[j * 4 + 0] & 0xFF); // little endian order } // work: for (long i = 0; i < loops; i++) { for (int j = 0; j < memSize; j++) { // in the C++ reference implementation and the paper // this rValue a 64 bit integer, but this makes only a // difference for memSize > 0xFFFFFFFF +1, while the // recommended maximum for memSize is 2^32 int rValue = ((((int) data[DATA_SIZE_INT - 1]) << 24) & 0xff000000) | ((((int) data[DATA_SIZE_INT - 1]) << 8) & 0x00ff0000) | ((((int) data[DATA_SIZE_INT - 1]) >>> 8) & 0x0000ff00) | ((((int) data[DATA_SIZE_INT - 1]) >>> 24) & 0x000000ff); int index = (int) (DATA_SIZE_INT * (rValue & memMask)); for (int k = 0; k < DATA_SIZE_INT; k++) { mem[j * DATA_SIZE_INT + k] ^= data[k] ^ mem[index + k]; } // convert to byte: for (int k = 0; k < DATA_SIZE_INT; k++) { dataBuffer[k * 4 + 0] = (byte) (mem[j * DATA_SIZE_INT + k]); dataBuffer[k * 4 + 1] = (byte) (mem[j * DATA_SIZE_INT + k] >>> 8); dataBuffer[k * 4 + 2] = (byte) (mem[j * DATA_SIZE_INT + k] >>> 16); dataBuffer[k * 4 + 3] = (byte) (mem[j * DATA_SIZE_INT + k] >>> 24); } int len1 = cipher.processBytes(dataBuffer, 0, DATA_SIZE_BYTE, dataBuffer, 0); cipher.doFinal(dataBuffer, len1); cipher.reset(); // get iv for next step: System.arraycopy(dataBuffer, DATA_SIZE_BYTE - IV_LENGTH_BYTE, iv, 0, IV_LENGTH_BYTE); for (int k = 0; k < DATA_SIZE_INT; k++) { mem[j * DATA_SIZE_INT + k] = ((dataBuffer[k * 4 + 3] & 0xFF) << 24) | ((dataBuffer[k * 4 + 2] & 0xFF) << 16) | ((dataBuffer[k * 4 + 1] & 0xFF) << 8) | (dataBuffer[k * 4 + 0] & 0xFF); // little endian order } ivParams = new ParametersWithIV(params, iv); cipher.init(true, ivParams); // data ^= mem[j] for (int k = 0; k < DATA_SIZE_INT; k++) { data[k] ^= mem[DATA_SIZE_INT * j + k]; } } } // Finish // key = truncate(SHA512(SHA512(data || key)), outlen) || zeros(HASH_LENGTH - outlen) // convert to byte: for (int k = 0; k < DATA_SIZE_INT; k++) { dataBuffer[k * 4 + 0] = (byte) (data[k]); dataBuffer[k * 4 + 1] = (byte) (data[k] >>> 8); dataBuffer[k * 4 + 2] = (byte) (data[k] >>> 16); dataBuffer[k * 4 + 3] = (byte) (data[k] >>> 24); } sha.update(dataBuffer, 0, DATA_SIZE_BYTE); sha.update(keyBytes, 0, HASH_LENGTH_BYTE); sha.doFinal(keyBytes, 0); sha.reset(); } sha.update(keyBytes, 0, HASH_LENGTH_BYTE); sha.doFinal(keyBytes, 0); sha.reset(); byte[] out = new byte[outlen]; System.arraycopy(keyBytes, 0, out, 0, out.length); // Clean-up: Arrays.fill(keyBytes, (byte) 0); Arrays.fill(dataBuffer, (byte) 0); Arrays.fill(iv, (byte) 0); Arrays.fill(data, 0); Arrays.fill(mem, (byte) 0); // wipe the key from parameters Arrays.fill(params.getKey(), (byte) 0); // prevent dead code eliminations (compiler optimizations): if ((keyBytes[HASH_LENGTH_BYTE - 1] | blowfishKey[blowfishKey.length - 1] | dataBuffer[DATA_SIZE_BYTE - 1] | hashBuffer[HASH_LENGTH_BYTE - 1] | data[DATA_SIZE_INT - 1] | iv[IV_LENGTH_BYTE - 1] | mem[mem.length - 1] | params.getKey()[params.getKey().length - 1]) != 0) { System.err.print("zeroization failed!"); } if ((wipePassword == true) && (in[in.length - 1] != 0)) { System.err.print("zeroization failed!"); } return out; }
From source file:com.verhas.licensor.License.java
License:Open Source License
/** * Calculate the SHA512 digest of the public key ring that is used to decode * the license.//from ww w . j ava2 s .c om * * @return the digest as a byte array. */ public byte[] calculatePublicKeyRingDigest() { final SHA512Digest dig = new SHA512Digest(); dig.reset(); dig.update(publicKeyRing, 0, publicKeyRing.length); final byte[] digest = new byte[dig.getDigestSize()]; dig.doFinal(digest, 0); return digest; }