List of usage examples for org.bouncycastle.crypto.params DHPublicKeyParameters getY
public BigInteger getY()
From source file:de.rub.nds.tlsattacker.tls.protocol.handshake.DHClientKeyExchangeHandler.java
License:Apache License
@Override byte[] prepareKeyExchangeMessage() { if (tlsContext.getServerDHParameters() == null) { // we are probably handling a simple DH ciphersuite, we try to // establish server public key parameters from the server // certificate message Certificate x509Cert = tlsContext.getServerCertificate(); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); DHPublicKeyParameters parameters; try {// w w w .j a va 2s .c om parameters = (DHPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); tlsContext.setServerDHParameters(new ServerDHParams(parameters)); } catch (IOException e) { throw new WorkflowExecutionException("Problem in parsing public key parameters from certificate", e); } } // generate client's original dh public and private key, based on the // server's public parameters AsymmetricCipherKeyPair kp = TlsDHUtils.generateDHKeyPair(new SecureRandom(), tlsContext.getServerDHParameters().getPublicKey().getParameters()); DHPublicKeyParameters dhPublic = (DHPublicKeyParameters) kp.getPublic(); DHPrivateKeyParameters dhPrivate = (DHPrivateKeyParameters) kp.getPrivate(); protocolMessage.setG(dhPublic.getParameters().getG()); protocolMessage.setP(dhPublic.getParameters().getP()); protocolMessage.setY(dhPublic.getY()); protocolMessage.setX(dhPrivate.getX()); // set the modified values of client's private and public parameters DHParameters newParams = new DHParameters(protocolMessage.getP().getValue(), protocolMessage.getG().getValue()); // DHPublicKeyParameters newDhPublic = new // DHPublicKeyParameters(dhMessage.getY().getValue(), newParams); DHPrivateKeyParameters newDhPrivate = new DHPrivateKeyParameters(protocolMessage.getX().getValue(), newParams); byte[] serializedPublicKey = BigIntegers.asUnsignedByteArray(protocolMessage.getY().getValue()); protocolMessage.setSerializedPublicKey(serializedPublicKey); protocolMessage.setSerializedPublicKeyLength(serializedPublicKey.length); byte[] result = ArrayConverter .concatenate( ArrayConverter.intToBytes(protocolMessage.getSerializedPublicKeyLength().getValue(), HandshakeByteLength.DH_PARAM_LENGTH), protocolMessage.getSerializedPublicKey().getValue()); byte[] premasterSecret = TlsDHUtils .calculateDHBasicAgreement(tlsContext.getServerDHParameters().getPublicKey(), newDhPrivate); protocolMessage.setPremasterSecret(premasterSecret); LOGGER.debug("Computed PreMaster Secret: {}", ArrayConverter.bytesToHexString(protocolMessage.getPremasterSecret().getValue())); byte[] random = tlsContext.getClientServerRandom(); PRFAlgorithm prfAlgorithm = AlgorithmResolver.getPRFAlgorithm(tlsContext.getProtocolVersion(), tlsContext.getSelectedCipherSuite()); byte[] masterSecret = PseudoRandomFunction.compute(prfAlgorithm, protocolMessage.getPremasterSecret().getValue(), PseudoRandomFunction.MASTER_SECRET_LABEL, random, HandshakeByteLength.MASTER_SECRET); LOGGER.debug("Computed Master Secret: {}", ArrayConverter.bytesToHexString(masterSecret)); protocolMessage.setMasterSecret(masterSecret); tlsContext.setMasterSecret(protocolMessage.getMasterSecret().getValue()); return result; }
From source file:de.rub.nds.tlsattacker.tls.protocol.handshake.DHEServerKeyExchangeHandler.java
License:Apache License
@Override public byte[] prepareMessageAction() { // To use true DH ephemeral we need to precompute the prime number P(DH modulus) /**int defaultPrimeProbability = 30; DHParametersGenerator generator = new DHParametersGenerator(); //Genration of a higher bit prime number takes too long (512 bits takes 2 seconds) generator.init(512, defaultPrimeProbability, new SecureRandom()); DHParameters params = generator.generateParameters();*/ //w w w .j a va 2 s . c om //fixed DH modulus P and DH generator G byte [] pArray = ArrayConverter .hexStringToByteArray("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc" + "74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d" + "51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24" + "117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83" + "655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca1821" + "7c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf695" + "5817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff"); byte [] gArray = {0x02}; BigInteger p = new BigInteger(1, pArray); BigInteger g = new BigInteger(1, gArray); DHParameters params = new DHParameters( p, g ); KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), params); DHKeyPairGenerator keyGen = new DHKeyPairGenerator(); keyGen.init(kgp); AsymmetricCipherKeyPair serverKeyPair = keyGen.generateKeyPair(); DHPublicKeyParameters dhPublic = (DHPublicKeyParameters) serverKeyPair.getPublic(); DHPrivateKeyParameters dhPrivate = (DHPrivateKeyParameters) serverKeyPair.getPrivate(); protocolMessage.setG(dhPublic.getParameters().getG()); protocolMessage.setP(dhPublic.getParameters().getP()); protocolMessage.setPublicKey(dhPublic.getY()); protocolMessage.setPrivateKey(dhPrivate.getX()); tlsContext.setServerDHPrivateKeyParameters(dhPrivate); byte[] serializedP = BigIntegers.asUnsignedByteArray(protocolMessage.getP().getValue()); protocolMessage.setSerializedP(serializedP); protocolMessage.setSerializedPLength(serializedP.length); byte[] serializedG = BigIntegers.asUnsignedByteArray(protocolMessage.getG().getValue()); protocolMessage.setSerializedG(serializedG); protocolMessage.setSerializedGLength(serializedG.length); byte[] serializedPublicKey = BigIntegers.asUnsignedByteArray(protocolMessage.getPublicKey().getValue()); protocolMessage.setSerializedPublicKey(serializedPublicKey); protocolMessage.setSerializedPublicKeyLength(serializedPublicKey.length); byte[] dhParams = ArrayConverter.concatenate(ArrayConverter.intToBytes(protocolMessage.getSerializedPLength() .getValue(), HandshakeByteLength.DH_PARAM_LENGTH), protocolMessage.getSerializedP().getValue(), ArrayConverter.intToBytes(protocolMessage.getSerializedGLength().getValue(), HandshakeByteLength.DH_PARAM_LENGTH), protocolMessage.getSerializedG().getValue(), ArrayConverter.intToBytes(protocolMessage.getSerializedPublicKeyLength().getValue(), HandshakeByteLength.DH_PARAM_LENGTH), protocolMessage.getSerializedPublicKey().getValue()); InputStream is = new ByteArrayInputStream(dhParams); try { ServerDHParams publicKeyParameters = ServerDHParams.parse(is); tlsContext.setServerDHParameters(publicKeyParameters); KeyStore ks = tlsContext.getKeyStore(); SignatureAndHashAlgorithm selectedSignatureHashAlgo = new SignatureAndHashAlgorithm(SignatureAlgorithm.RSA, HashAlgorithm.SHA1); protocolMessage.setSignatureAlgorithm(selectedSignatureHashAlgo.getSignatureAlgorithm().getValue()); protocolMessage.setHashAlgorithm(selectedSignatureHashAlgo.getHashAlgorithm().getValue()); Key key = ks.getKey(tlsContext.getAlias(), tlsContext.getPassword().toCharArray()); RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key; Signature instance = Signature.getInstance(selectedSignatureHashAlgo.getJavaName()); instance.initSign(rsaKey); LOGGER.debug("SignatureAndHashAlgorithm for ServerKeyExchange message: {}", selectedSignatureHashAlgo.getJavaName()); byte[] toBeSignedBytes = ArrayConverter.concatenate(tlsContext.getClientRandom(), tlsContext .getServerRandom(), dhParams); instance.update(toBeSignedBytes); byte[] signature = instance.sign(); protocolMessage.setSignature(signature); protocolMessage.setSignatureLength(signature.length); byte[] result = ArrayConverter.concatenate(dhParams, new byte[] { protocolMessage.getHashAlgorithm().getValue(), protocolMessage.getSignatureAlgorithm().getValue() }, ArrayConverter.intToBytes( protocolMessage.getSignatureLength().getValue(), HandshakeByteLength.SIGNATURE_LENGTH), protocolMessage.getSignature().getValue()); protocolMessage.setLength(result.length); long header = (HandshakeMessageType.SERVER_KEY_EXCHANGE.getValue() << 24) + protocolMessage.getLength().getValue(); protocolMessage.setCompleteResultingMessage(ArrayConverter.concatenate( ArrayConverter.longToUint32Bytes(header), result)); } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | InvalidKeyException | SignatureException | IOException ex) { throw new ConfigurationException(ex.getLocalizedMessage(), ex); } return protocolMessage.getCompleteResultingMessage().getValue(); }
From source file:net.java.otr4j.crypto.DHKeyPairOTR3.java
License:LGPL
/** * Generate a DH key pair./*from w ww . ja v a 2 s.co m*/ * * @param random the SecureRandom instance * @return Returns the DH key pair. */ @Nonnull public static DHKeyPairOTR3 generateDHKeyPair(final SecureRandom random) { // Generate a AsymmetricCipherKeyPair using BC. final DHParameters dhParams = new DHParameters(MODULUS, GENERATOR, null, DH_PRIVATE_KEY_MINIMUM_BIT_LENGTH); final DHKeyGenerationParameters params = new DHKeyGenerationParameters(random, dhParams); final DHKeyPairGenerator kpGen = new DHKeyPairGenerator(); kpGen.init(params); final KeyFactory keyFac; try { keyFac = KeyFactory.getInstance(KF_DH); } catch (final NoSuchAlgorithmException ex) { throw new IllegalStateException("DH key factory unavailable.", ex); } final AsymmetricCipherKeyPair pair = kpGen.generateKeyPair(); final DHPublicKeyParameters pub = convertToPublicKeyParams(pair.getPublic()); final DHPublicKeySpec pubKeySpecs = new DHPublicKeySpec(pub.getY(), MODULUS, GENERATOR); final DHPublicKey pubKey; try { pubKey = (DHPublicKey) keyFac.generatePublic(pubKeySpecs); } catch (final InvalidKeySpecException ex) { throw new IllegalStateException("Failed to generate DH public key.", ex); } final DHPrivateKeyParameters priv = convertToPrivateKeyParams(pair.getPrivate()); final DHParameters dhParameters = priv.getParameters(); final DHPrivateKeySpec privKeySpecs = new DHPrivateKeySpec(priv.getX(), dhParameters.getP(), dhParameters.getG()); final DHPrivateKey privKey; try { privKey = (DHPrivateKey) keyFac.generatePrivate(privKeySpecs); } catch (final InvalidKeySpecException ex) { throw new IllegalStateException("Failed to generate DH private key.", ex); } return new DHKeyPairOTR3(privKey, pubKey); }
From source file:net.java.otr4j.crypto.OtrCryptoEngineImpl.java
License:Apache License
@Override public KeyPair generateDHKeyPair() throws OtrCryptoException { // Generate a AsymmetricCipherKeyPair using BC. DHParameters dhParams = new DHParameters(MODULUS, GENERATOR, null, DH_PRIVATE_KEY_MINIMUM_BIT_LENGTH); DHKeyGenerationParameters params = new DHKeyGenerationParameters(new SecureRandom(), dhParams); DHKeyPairGenerator kpGen = new DHKeyPairGenerator(); kpGen.init(params);/*from w ww .j a v a 2s .co m*/ AsymmetricCipherKeyPair pair = kpGen.generateKeyPair(); // Convert this AsymmetricCipherKeyPair to a standard JCE KeyPair. DHPublicKeyParameters pub = (DHPublicKeyParameters) pair.getPublic(); DHPrivateKeyParameters priv = (DHPrivateKeyParameters) pair.getPrivate(); try { KeyFactory keyFac = KeyFactory.getInstance("DH"); DHPublicKeySpec pubKeySpecs = new DHPublicKeySpec(pub.getY(), MODULUS, GENERATOR); DHPublicKey pubKey = (DHPublicKey) keyFac.generatePublic(pubKeySpecs); DHParameters dhParameters = priv.getParameters(); DHPrivateKeySpec privKeySpecs = new DHPrivateKeySpec(priv.getX(), dhParameters.getP(), dhParameters.getG()); DHPrivateKey privKey = (DHPrivateKey) keyFac.generatePrivate(privKeySpecs); return new KeyPair(pubKey, privKey); } catch (Exception e) { throw new OtrCryptoException(e); } }