Beispiel #1
0
        public void testRsaDecryption()
        {
            TestTpmPrivateKey.KeyTestData dataSet = rsaKeyTestData;

            byte[]        pkcs8 = net.named_data.jndn.util.Common.base64Decode(dataSet.privateKeyPkcs8Unencrypted);
            TpmPrivateKey key   = new TpmPrivateKey();

            key.loadPkcs8(ILOG.J2CsMapping.NIO.ByteBuffer.wrap(pkcs8));

            Blob plainText = new Blob(new int[] { 0x00, 0x01, 0x02, 0x03, 0x04,
                                                  0x05, 0x06, 0x07 });

            String cipherTextBase64 = "i2XNpZ2JbLa4JmBTdDrGmsd4/0C+p+BSCpW3MuPBNe5uChQ0eRO1dvjTnEqwSECY\n"
                                      + "38en9JZwcyb0It/TSFNXHlq+Z1ZpffnjIJxQR9HcgwvwQJh6WRH0vu38tvGkGuNv\n"
                                      + "60Rdn85hqSy1CikmXCeWXL9yCqeqcP21R94G/T3FuA+c1FtFko8KOzCwvrTXMO6n\n"
                                      + "5PNsqlLXabSGr+jz4EwOsSCgPkiDf9U6tXoSPRA2/YvqFQdaiUXIVlomESvaqqZ8\n"
                                      + "FxPs2BON0lobM8gT+xdzbRKofp+rNjNK+5uWyeOnXJwzCszh17cdJl2BH1dZwaVD\n"
                                      + "PmTiSdeDQXZ94U5boDQ4Aw==\n";

            byte[] cipherText = net.named_data.jndn.util.Common.base64Decode(cipherTextBase64);

            Blob decryptedText = key.decrypt(ILOG.J2CsMapping.NIO.ByteBuffer.wrap(cipherText));

            Assert.AssertTrue(decryptedText.equals(plainText));
        }
Beispiel #2
0
        /// <summary>
        /// Decrypt the encryptedData using the keyBits according the encrypt params.
        /// </summary>
        ///
        /// <param name="keyBits">The key value (PKCS8-encoded private key).</param>
        /// <param name="encryptedData">The data to decrypt.</param>
        /// <param name="params">This decrypts according to params.getAlgorithmType().</param>
        /// <returns>The decrypted data.</returns>
        public static Blob decrypt(Blob keyBits, Blob encryptedData,
                                   EncryptParams paras)
        {
            TpmPrivateKey privateKey = new TpmPrivateKey();

            try {
                privateKey.loadPkcs8(keyBits.buf());
            } catch (TpmPrivateKey.Error ex) {
                throw new SecurityException("decrypt: Error in loadPkcs8: " + ex);
            }

            try {
                return(privateKey.decrypt(encryptedData.buf(),
                                          paras.getAlgorithmType()));
            } catch (TpmPrivateKey.Error ex_0) {
                throw new SecurityException("decrypt: Error in decrypt: " + ex_0);
            }
        }
Beispiel #3
0
        /// <summary>
        /// Derive a new encrypt key from the given decrypt key value.
        /// </summary>
        ///
        /// <param name="keyBits"></param>
        /// <returns>The new encrypt key (DER-encoded public key).</returns>
        public static EncryptKey deriveEncryptKey(Blob keyBits)
        {
            TpmPrivateKey privateKey = new TpmPrivateKey();

            try {
                privateKey.loadPkcs8(keyBits.buf());
            } catch (TpmPrivateKey.Error ex) {
                throw new SecurityException(
                          "deriveEncryptKey: Error in loadPkcs8: " + ex);
            }

            try {
                return(new EncryptKey(privateKey.derivePublicKey()));
            } catch (TpmPrivateKey.Error ex_0) {
                throw new SecurityException(
                          "deriveEncryptKey: Error in derivePublicKey: " + ex_0);
            }
        }
Beispiel #4
0
        public void testDerivePublicKey()
        {
            /* foreach */
            foreach (TestTpmPrivateKey.KeyTestData dataSet  in  keyTestData)
            {
                byte[] pkcs8 = net.named_data.jndn.util.Common
                               .base64Decode(dataSet.privateKeyPkcs8Unencrypted);
                TpmPrivateKey key = new TpmPrivateKey();
                try {
                    key.loadPkcs8(ILOG.J2CsMapping.NIO.ByteBuffer.wrap(pkcs8));
                } catch (Exception ex) {
                    Assert.Fail("Unexpected exception: " + ex.Message);
                }

                // Derive the public key and compare.
                Blob   publicKeyBits = key.derivePublicKey();
                byte[] expected      = net.named_data.jndn.util.Common.base64Decode(dataSet.publicKeyEncoding);
                Assert.AssertTrue(publicKeyBits.equals(new Blob(expected)));
            }
        }
Beispiel #5
0
        public void testGenerateKey()
        {
            /* foreach */
            foreach (TestTpmPrivateKey.KeyTestData dataSet  in  keyTestData)
            {
                TpmPrivateKey key = net.named_data.jndn.security.tpm.TpmPrivateKey
                                    .generatePrivateKey(dataSet.keyParams);
                Blob publicKeyBits = key.derivePublicKey();

                Blob data = new Blob(new int[] { 0x01, 0x02, 0x03, 0x04 });

                // Sign and verify.
                Blob signature = key.sign(data.buf(), net.named_data.jndn.security.DigestAlgorithm.SHA256);

                bool result = net.named_data.jndn.security.VerificationHelpers.verifySignature(data,
                                                                                               signature, new PublicKey(publicKeyBits));
                Assert.AssertTrue(result);

                // Check that another generated private key is different.
                TpmPrivateKey key2 = net.named_data.jndn.security.tpm.TpmPrivateKey
                                     .generatePrivateKey(dataSet.keyParams);
                Assert.AssertTrue(!key.toPkcs8().equals(key2.toPkcs8()));
            }
        }
Beispiel #6
0
        /* Debug: derivePublicKey for EC is not implemented.
         * @Test
         * public void
         * testEcdsaSigning() throws TpmBackEnd.Error, Tpm.Error, SecurityException
         * {
         *  for (TpmBackEnd tpm : backEndList) {
         *    // Create an EC key.
         *    Name identityName = new Name("/Test/Ec/KeyName");
         *
         *    TpmKeyHandle key = tpm.createKey(identityName, new EcKeyParams());
         *    Name ecKeyName = key.getKeyName();
         *
         *    Blob content = new Blob(new int[] { 0x01, 0x02, 0x03, 0x04});
         *    Blob signature = key.sign(DigestAlgorithm.SHA256, content.buf());
         *
         *    Blob publicKey = key.derivePublicKey();
         *
         *    // TODO: Move verify to PublicKey?
         *    boolean result = VerificationHelpers.verifySignature
         *      (content, signature, publicKey);
         *    assertEquals(true, result);
         *
         *    tpm.deleteKey(ecKeyName);
         *    assertEquals(false, tpm.hasKey(ecKeyName));
         *  }
         * }
         */

        public void testImportExport()
        {
            String privateKeyPkcs1Base64 = "MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n"
                                           + "sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n"
                                           + "GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n"
                                           + "c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n"
                                           + "OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n"
                                           + "RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n"
                                           + "W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n"
                                           + "cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n"
                                           + "Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n"
                                           + "wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n"
                                           + "Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n"
                                           + "CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n"
                                           + "c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n"
                                           + "SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n"
                                           + "T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n"
                                           + "OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n"
                                           + "Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n"
                                           + "vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n"
                                           + "ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n"
                                           + "HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n"
                                           + "Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n"
                                           + "ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n"
                                           + "cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n"
                                           + "lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n"
                                           + "jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n";

            /* foreach */
            foreach (TpmBackEnd tpm  in  backEndList)
            {
                Name keyName = new Name("/Test/KeyName/KEY/1");
                tpm.deleteKey(keyName);
                Assert.AssertEquals(false, tpm.hasKey(keyName));

                TpmPrivateKey privateKey = new TpmPrivateKey();
                Blob          privateKeyPkcs1Encoding = new Blob(
                    net.named_data.jndn.util.Common.base64Decode(privateKeyPkcs1Base64));
                privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf());

                ByteBuffer password       = new Blob("password").buf();
                Blob       encryptedPkcs8 = privateKey.toEncryptedPkcs8(password);

                tpm.importKey(keyName, encryptedPkcs8.buf(), password);
                Assert.AssertEquals(true, tpm.hasKey(keyName));
                try {
                    // Can't import the same keyName again.
                    tpm.importKey(keyName, encryptedPkcs8.buf(), password);
                    Assert.Fail("Did not throw the expected exception");
                } catch (TpmBackEnd.Error ex) {
                } catch (Exception ex_0) {
                    Assert.Fail("Did not throw the expected exception");
                }

                Blob exportedKey = tpm.exportKey(keyName, password);
                Assert.AssertEquals(true, tpm.hasKey(keyName));

                TpmPrivateKey privateKey2 = new TpmPrivateKey();
                privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password);
                Blob privateKey2Pkcs1Encoding = privateKey2.toPkcs1();
                Assert.AssertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding));

                tpm.deleteKey(keyName);
                Assert.AssertEquals(false, tpm.hasKey(keyName));
                try {
                    tpm.exportKey(keyName, password);
                    Assert.Fail("Did not throw the expected exception");
                } catch (TpmBackEnd.Error ex_1) {
                } catch (Exception ex_2) {
                    Assert.Fail("Did not throw the expected exception");
                }
            }
        }
Beispiel #7
0
        public void testSaveLoad()
        {
            /* foreach */
            foreach (TestTpmPrivateKey.KeyTestData dataSet  in  keyTestData)
            {
                // Load the key in PKCS #1 format.
                byte[]        pkcs1 = net.named_data.jndn.util.Common.base64Decode(dataSet.privateKeyPkcs1);
                TpmPrivateKey key1  = new TpmPrivateKey();
                try {
                    key1.loadPkcs1(ILOG.J2CsMapping.NIO.ByteBuffer.wrap(pkcs1));
                } catch (Exception ex) {
                    Assert.Fail("Unexpected exception: " + ex.Message);
                }

                // Save the key in PKCS #1 format.
                Blob savedPkcs1Key = null;
                try {
                    savedPkcs1Key = key1.toPkcs1();
                } catch (Exception ex_0) {
                    Assert.Fail("Unexpected exception: " + ex_0.Message);
                }
                Assert.AssertTrue(savedPkcs1Key.equals(new Blob(pkcs1)));

                // Load the key in unencrypted PKCS #8 format.
                byte[] pkcs8 = net.named_data.jndn.util.Common
                               .base64Decode(dataSet.privateKeyPkcs8Unencrypted);
                TpmPrivateKey key8 = new TpmPrivateKey();
                try {
                    key8.loadPkcs8(ILOG.J2CsMapping.NIO.ByteBuffer.wrap(pkcs8));
                } catch (Exception ex_1) {
                    Assert.Fail("Unexpected exception: " + ex_1.Message);
                }

                // Save the key in unencrypted PKCS #8 format.
                Blob savedPkcs8Key = null;
                try {
                    savedPkcs8Key = key8.toPkcs8();
                } catch (Exception ex_2) {
                    Assert.Fail("Unexpected exception: " + ex_2.Message);
                }
                Assert.AssertTrue(savedPkcs8Key.equals(new Blob(pkcs8)));

                ByteBuffer password = new Blob("password").buf();

                // Load the key in encrypted PKCS #8 format.
                byte[] encryptedPkcs8 = net.named_data.jndn.util.Common
                                        .base64Decode(dataSet.privateKeyPkcs8);
                TpmPrivateKey encryptedKey8 = new TpmPrivateKey();
                try {
                    encryptedKey8.loadEncryptedPkcs8(
                        ILOG.J2CsMapping.NIO.ByteBuffer.wrap(encryptedPkcs8), password);
                } catch (Exception ex_3) {
                    Assert.Fail("Unexpected exception: " + ex_3.Message);
                }

                // Save the key in encrypted PKCS #8 format and resave as unencrypted.
                Blob savedEncryptedPkcs8Key = null;
                try {
                    savedEncryptedPkcs8Key = encryptedKey8
                                             .toEncryptedPkcs8(password);
                } catch (Exception ex_4) {
                    Assert.Fail("Unexpected exception: " + ex_4.Message);
                }
                key8 = new TpmPrivateKey();
                key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key.buf(), password);
                Blob resavedPkcs8Key = key8.toPkcs8();
                Assert.AssertTrue(resavedPkcs8Key.equals(new Blob(pkcs8)));
            }
        }