List of usage examples for org.bouncycastle.util Arrays constantTimeAreEqual
public static boolean constantTimeAreEqual(byte[] expected, byte[] supplied)
From source file:ch.lamacrypt.internal.crypto.CPCipher.java
License:Open Source License
/** * Decrypts a given file with ChaCha20 w/ Poly1305 as MAC in * encrypt-then-MAC scheme./*www . j a va2s. c o m*/ * <p> * Reads data from the InputStream and writes the decrypted data to the * OutputStream * * @param key * @param nonce * @param input * @param output * @throws IOException */ protected void decrypt(byte[] key, byte[] nonce, InputStream input, OutputStream output) throws IOException { this.cipher.init(false, new ParametersWithIV(new KeyParameter(key), nonce)); byte[] computedMac = new byte[16], receivedMac = new byte[16], readBuf = new byte[BUFFER_SIZE], chachaBuf = new byte[BUFFER_SIZE]; initMAC(cipher); int r = 0; while ((r = input.read(readBuf)) != -1) { if (r == BUFFER_SIZE) { // use C in whole to update the MAC and decrypt updateMAC(readBuf, 0, r); cipher.processBytes(readBuf, 0, r, chachaBuf, 0); output.write(chachaBuf, 0, r); } else { // use all but the last 16 bytes from C to update the MAC and decrypt updateMAC(Arrays.copyOfRange(readBuf, 0, r - 16), 0, r - 16); cipher.processBytes(Arrays.copyOfRange(readBuf, 0, r - 16), 0, r - 16, chachaBuf, 0); output.write(chachaBuf, 0, r - 16); // copy the last 16 bytes as the original MAC receivedMac = Arrays.copyOfRange(readBuf, r - 16, r); } } // check if the two MACs match mac.doFinal(computedMac, 0); if (!Arrays.constantTimeAreEqual(computedMac, receivedMac)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } }
From source file:freenet.crypt.OCBBlockCipher_v149.java
License:Open Source License
public int doFinal(byte[] output, int outOff) throws IllegalStateException, InvalidCipherTextException { /*//w w w. ja v a2s . c o m * For decryption, get the tag from the end of the message */ byte[] tag = null; if (!forEncryption) { if (mainBlockPos < macSize) { throw new InvalidCipherTextException("data too short"); } mainBlockPos -= macSize; tag = new byte[macSize]; System.arraycopy(mainBlock, mainBlockPos, tag, 0, macSize); } /* * HASH: Process any final partial block; compute final hash value */ if (hashBlockPos > 0) { OCB_extend(hashBlock, hashBlockPos); updateHASH(L_Asterisk); } /* * OCB-ENCRYPT/OCB-DECRYPT: Process any final partial block */ if (mainBlockPos > 0) { if (forEncryption) { OCB_extend(mainBlock, mainBlockPos); xor(Checksum, mainBlock); } xor(OffsetMAIN, L_Asterisk); byte[] Pad = new byte[16]; hashCipher.processBlock(OffsetMAIN, 0, Pad, 0); xor(mainBlock, Pad); System.arraycopy(mainBlock, 0, output, outOff, mainBlockPos); if (!forEncryption) { OCB_extend(mainBlock, mainBlockPos); xor(Checksum, mainBlock); } } /* * OCB-ENCRYPT/OCB-DECRYPT: Compute raw tag */ xor(Checksum, OffsetMAIN); xor(Checksum, L_Dollar); hashCipher.processBlock(Checksum, 0, Checksum, 0); xor(Checksum, Sum); this.macBlock = new byte[macSize]; System.arraycopy(Checksum, 0, macBlock, 0, macSize); /* * Validate or append tag and reset this cipher for the next run */ int resultLen = mainBlockPos; if (forEncryption) { // Append tag to the message System.arraycopy(macBlock, 0, output, outOff + resultLen, macSize); resultLen += macSize; } else { // Compare the tag from the message with the calculated one if (!Arrays.constantTimeAreEqual(macBlock, tag)) { throw new InvalidCipherTextException("mac check in OCB failed"); } } reset(false); return resultLen; }
From source file:net.wstech2.me.httpsclient.CertificateValidatorUtils.java
License:Apache License
private static Boolean isTrustedCertificate(Certificate cert, String fullCommonName, String friendlyCommonName) throws RecordStoreNotOpenException, InvalidRecordIDException, RecordStoreException, IOException { Certificate repositoryCertificate = getCertificateFromJarOrRecordStore(fullCommonName, friendlyCommonName); if (repositoryCertificate == null) { HttpsConnectionUtils.logDebug("A file for [[" + fullCommonName + "/" + friendlyCommonName + "]] was not located as a resource in the local repository."); return Boolean.FALSE; }/*from ww w . j a va 2s . c om*/ boolean certificatesMatch = Arrays.constantTimeAreEqual(cert.getEncoded("DER"), repositoryCertificate.getEncoded("DER")); if (certificatesMatch) { HttpsConnectionUtils.logDebug("A file for [[" + fullCommonName + "/" + friendlyCommonName + "]] was located as a resource in the local repository and " + "the certificate will be considered as TRUSTED."); } else { HttpsConnectionUtils.logDebug("A file for [[" + fullCommonName + "/" + friendlyCommonName + "]] was located as a resource in the local repository, but it DOES NOT" + "MATCH the certificate sent by the client. It will NOT be considered as TRUESTED."); HttpsConnectionUtils.logDebug("Base 64 for[[" + fullCommonName + "/" + friendlyCommonName + "]] sent by the client: \n" + Base64.toBase64String(cert.getEncoded("DER"))); HttpsConnectionUtils.logDebug( "Base 64 for[[" + fullCommonName + "/" + friendlyCommonName + "]] from the local repository:\n" + Base64.toBase64String(repositoryCertificate.getEncoded("DER"))); } return certificatesMatch ? Boolean.TRUE : Boolean.FALSE; }
From source file:org.ethereum.crypto.EthereumIESEngine.java
License:Open Source License
private byte[] decryptBlock(byte[] inEnc, int inOff, int inLen, byte[] macData) throws InvalidCipherTextException { byte[] m = null; byte[] k = null; byte[] k1 = null; byte[] k2 = null; int len;//from ww w. ja v a 2 s.co m // Ensure that the length of the input is greater than the MAC in bytes if (inLen <= (param.getMacKeySize() / 8)) { throw new InvalidCipherTextException("Length of input must be greater than the MAC"); } if (cipher == null) { // Streaming mode. k1 = new byte[inLen - v.length - mac.getMacSize()]; k2 = new byte[param.getMacKeySize() / 8]; k = new byte[k1.length + k2.length]; kdf.generateBytes(k, 0, k.length); // if (v.length != 0) // { // System.arraycopy(K, 0, K2, 0, K2.length); // System.arraycopy(K, K2.length, K1, 0, K1.length); // } // else { System.arraycopy(k, 0, k1, 0, k1.length); System.arraycopy(k, k1.length, k2, 0, k2.length); } m = new byte[k1.length]; for (int i = 0; i != k1.length; i++) { m[i] = (byte) (inEnc[inOff + v.length + i] ^ k1[i]); } len = k1.length; } else { // Block cipher mode. k1 = new byte[((IESWithCipherParameters) param).getCipherKeySize() / 8]; k2 = new byte[param.getMacKeySize() / 8]; k = new byte[k1.length + k2.length]; kdf.generateBytes(k, 0, k.length); System.arraycopy(k, 0, k1, 0, k1.length); System.arraycopy(k, k1.length, k2, 0, k2.length); // If iv provide use it to initialize the cipher if (iv != null) { cipher.init(false, new ParametersWithIV(new KeyParameter(k1), iv)); } else { cipher.init(false, new KeyParameter(k1)); } m = new byte[cipher.getOutputSize(inLen - v.length - mac.getMacSize())]; len = cipher.processBytes(inEnc, inOff + v.length, inLen - v.length - mac.getMacSize(), m, 0); len += cipher.doFinal(m, len); } // Convert the length of the encoding vector into a byte array. byte[] p2 = param.getEncodingV(); // Verify the MAC. int end = inOff + inLen; byte[] t1 = Arrays.copyOfRange(inEnc, end - mac.getMacSize(), end); byte[] t2 = new byte[t1.length]; byte[] k2A; if (hashK2) { k2A = new byte[hash.getDigestSize()]; hash.reset(); hash.update(k2, 0, k2.length); hash.doFinal(k2A, 0); } else { k2A = k2; } mac.init(new KeyParameter(k2A)); mac.update(iv, 0, iv.length); mac.update(inEnc, inOff + v.length, inLen - v.length - t2.length); if (p2 != null) { mac.update(p2, 0, p2.length); } if (v.length != 0 && p2 != null) { byte[] l2 = new byte[4]; Pack.intToBigEndian(p2.length * 8, l2, 0); mac.update(l2, 0, l2.length); } if (macData != null) { mac.update(macData, 0, macData.length); } mac.doFinal(t2, 0); if (!Arrays.constantTimeAreEqual(t1, t2)) { throw new InvalidCipherTextException("Invalid MAC."); } // Output the message. return Arrays.copyOfRange(m, 0, len); }
From source file:org.gity.internal.crypto.CPCipher.java
License:Open Source License
/** * Decrypts a given file with ChaCha20 w/ Poly1305 as MAC in * encrypt-then-MAC scheme./*from w w w. j a v a 2 s .co m*/ * <p> * Reads data from the InputStream and writes the decrypted data to the * OutputStream * * @param key * @param nonce * @param input * @param output * @throws IOException */ public void decrypt(byte[] key, byte[] nonce, InputStream input, OutputStream output) throws IOException { this.cipher.init(false, new ParametersWithIV(new KeyParameter(key), nonce)); byte[] computedMac = new byte[16], receivedMac = new byte[16], readBuf = new byte[BUFFER_SIZE], chachaBuf = new byte[BUFFER_SIZE]; initMAC(cipher); int r = 0; while ((r = input.read(readBuf)) != -1) { // case when EOF has not been reached if (r == BUFFER_SIZE) { // use C in whole to update the MAC and decrypt updateMAC(readBuf, 0, r); cipher.processBytes(readBuf, 0, r, chachaBuf, 0); output.write(chachaBuf, 0, r); } else { // use all but the last 16 bytes from C to update the MAC and decrypt updateMAC(Arrays.copyOfRange(readBuf, 0, r - 16), 0, r - 16); cipher.processBytes(Arrays.copyOfRange(readBuf, 0, r - 16), 0, r - 16, chachaBuf, 0); output.write(chachaBuf, 0, r - 16); // copy the last 16 bytes as the original MAC receivedMac = Arrays.copyOfRange(readBuf, r - 16, r); } } // check if the two MACs match mac.doFinal(computedMac, 0); if (!Arrays.constantTimeAreEqual(computedMac, receivedMac)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } }