/// <exception cref="System.Exception"/> public KeyProvider.KeyVersion Run() { KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf); IDictionary <string, string> m = new Dictionary <string, string>(); m["key.acl.name"] = "testKey"; opt.SetAttributes(m); try { KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt); kpExt.RollNewVersion(kv.GetName()); kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16)); kpExt.DeleteKey(kv.GetName()); } catch (IOException) { NUnit.Framework.Assert.Fail("User should be Authorized !!"); } KeyProvider.KeyVersion retkv = null; try { retkv = kpExt.CreateKey("bar", SecureRandom.GetSeed(16), opt); kpExt.GenerateEncryptedKey(retkv.GetName()); NUnit.Framework.Assert.Fail("User should NOT be Authorized to generate EEK !!"); } catch (IOException) { } NUnit.Framework.Assert.IsNotNull(retkv); return(retkv); }
private static double MeasureChiSquared(SecureRandom random, int rounds) { byte[] opts = SecureRandom.GetSeed(2); int[] counts = new int[256]; byte[] bs = new byte[256]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[bs[b]]; } } byte mask = opts[0]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[bs[b] ^ mask]; } ++mask; } byte shift = opts[1]; for (int i = 0; i < rounds; ++i) { random.NextBytes(bs); for (int b = 0; b < 256; ++b) { ++counts[(byte)(bs[b] + shift)]; } ++shift; } int total = 3 * rounds; double chi2 = 0; for (int k = 0; k < counts.Length; ++k) { double diff = ((double)counts[k]) - total; double diff2 = diff * diff; chi2 += diff2; } chi2 /= total; return(chi2); }
public void TestVmpcPrng() { SecureRandom random = new SecureRandom(new VmpcRandomGenerator()); random.SetSeed(SecureRandom.GetSeed(32)); CheckSecureRandom(random); }
public void TestSha256Prng() { SecureRandom random = SecureRandom.GetInstance("SHA256PRNG"); random.SetSeed(SecureRandom.GetSeed(32)); checkSecureRandom(random); }
public void TestSha1Prng() { SecureRandom random = SecureRandom.GetInstance("SHA1PRNG"); random.SetSeed(SecureRandom.GetSeed(20)); checkSecureRandom(random); }
/// <summary> /// Encrypts and encodes the private key. /// </summary> /// <param name="key">The private key.</param> /// <param name="passPhrase">The pass phrase to encrypt the private key.</param> /// <returns>The encrypted private key.</returns> public static string ToEncryptedPrivateKeyString(AsymmetricKeyParameter key, string passPhrase) { var salt = new byte[16]; var secureRandom = SecureRandom.GetInstance("SHA256PRNG"); secureRandom.SetSeed(SecureRandom.GetSeed(16)); //See Bug #135 secureRandom.NextBytes(salt); return(Convert.ToBase64String(PrivateKeyFactory.EncryptKey(keyEncryptionAlgorithm, passPhrase.ToCharArray(), salt, 10, key))); }
public static void Setup() { conf = new Configuration(); kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf); kpExt = KeyProviderCryptoExtension.CreateKeyProviderCryptoExtension(kp); options = new KeyProvider.Options(conf); options.SetCipher(Cipher); options.SetBitLength(128); encryptionKey = kp.CreateKey(EncryptionKeyName, SecureRandom.GetSeed(16), options ); }
/// <exception cref="System.Exception"/> public Void Run() { try { kpExt.CreateKey("foo", SecureRandom.GetSeed(16), TestKeyAuthorizationKeyProvider. NewOptions(conf)); NUnit.Framework.Assert.Fail("User should NOT be Authorized !!"); } catch (IOException) { } // Ignore return(null); }
/// <exception cref="System.Exception"/> public Void Run() { KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf); IDictionary <string, string> m = new Dictionary <string, string>(); m["key.acl.name"] = "testKey"; opt.SetAttributes(m); KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt); kpExt.RollNewVersion(kv.GetName()); kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16)); KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv .GetName()); ekv = KeyProviderCryptoExtension.EncryptedKeyVersion.CreateForDecryption(ekv.GetEncryptionKeyName () + "x", ekv.GetEncryptionKeyVersionName(), ekv.GetEncryptedKeyIv(), ekv.GetEncryptedKeyVersion ().GetMaterial()); kpExt.DecryptEncryptedKey(ekv); return(null); }
/// <exception cref="System.Exception"/> public Void Run() { KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf); IDictionary <string, string> m = new Dictionary <string, string>(); m["key.acl.name"] = "testKey"; opt.SetAttributes(m); try { KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt); kpExt.RollNewVersion(kv.GetName()); kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16)); KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv .GetName()); kpExt.DecryptEncryptedKey(ekv); kpExt.DeleteKey(kv.GetName()); } catch (IOException) { NUnit.Framework.Assert.Fail("User should be Allowed to do everything !!"); } return(null); }
/** * Method init * * @param forWrapping * @param param */ public void Init( bool forWrapping, ICipherParameters parameters) { this.forWrapping = forWrapping; this.engine = new CbcBlockCipher(new DesEdeEngine()); if (parameters is KeyParameter) { this.param = (KeyParameter)parameters; if (this.forWrapping) { // Hm, we have no IV but we want to wrap ?!? // well, then we have to create our own IV. this.iv = SecureRandom.GetSeed(8); this.paramPlusIV = new ParametersWithIV(this.param, this.iv); } } else if (parameters is ParametersWithIV) { if (!forWrapping) { throw new ArgumentException("You should not supply an IV for unwrapping"); } this.paramPlusIV = (ParametersWithIV)parameters; this.iv = this.paramPlusIV.GetIV(); this.param = (KeyParameter)this.paramPlusIV.Parameters; if (this.iv.Length != 8) { throw new ArgumentException("IV is not 8 octets", "parameters"); } } }
private Zone SignWithNSec3(DateTime inception, DateTime expiration, List <DnsKeyRecord> zoneSigningKeys, List <DnsKeyRecord> keySigningKeys, NSec3HashAlgorithm nsec3Algorithm, int nsec3Iterations, byte[] nsec3Salt, bool nsec3OptOut) { var soaRecord = _records.OfType <SoaRecord>().First(); var subZoneNameserver = _records.Where(x => (x.RecordType == RecordType.Ns) && (x.Name != Name)).ToList(); var subZones = subZoneNameserver.Select(x => x.Name).Distinct().ToList(); var unsignedRecords = _records.Where(x => subZones.Any(y => x.Name.IsSubDomainOf(y))).ToList(); // glue records if (nsec3OptOut) { unsignedRecords = unsignedRecords.Union(subZoneNameserver.Where(x => !_records.Any(y => (y.RecordType == RecordType.Ds) && (y.Name == x.Name)))).ToList(); // delegations without DS record } var recordsByName = _records.Except(unsignedRecords).Union(zoneSigningKeys).Union(keySigningKeys).GroupBy(x => x.Name).Select(x => new Tuple <DomainName, List <DnsRecordBase> >(x.Key, x.OrderBy(y => y.RecordType == RecordType.Soa ? -1 : (int)y.RecordType).ToList())).OrderBy(x => x.Item1).ToList(); byte nsec3RecordFlags = (byte)(nsec3OptOut ? 1 : 0); Zone res = new Zone(Name, Count * 3); List <NSec3Record> nSec3Records = new List <NSec3Record>(Count); if (nsec3Salt == null) { nsec3Salt = SecureRandom.GetSeed(8); } recordsByName[0].Item2.Add(new NSec3ParamRecord(soaRecord.Name, soaRecord.RecordClass, 0, nsec3Algorithm, 0, (ushort)nsec3Iterations, nsec3Salt)); HashSet <DomainName> allNames = new HashSet <DomainName>(); for (int i = 0; i < recordsByName.Count; i++) { List <RecordType> recordTypes = new List <RecordType>(); DomainName currentName = recordsByName[i].Item1; foreach (var recordsByType in recordsByName[i].Item2.GroupBy(x => x.RecordType)) { List <DnsRecordBase> records = recordsByType.ToList(); recordTypes.Add(recordsByType.Key); res.AddRange(records); // do not sign nameserver delegations for sub zones if ((records[0].RecordType == RecordType.Ns) && (currentName != Name)) { continue; } recordTypes.Add(RecordType.RrSig); foreach (var key in zoneSigningKeys) { res.Add(new RrSigRecord(records, key, inception, expiration)); } if (records[0].RecordType == RecordType.DnsKey) { foreach (var key in keySigningKeys) { res.Add(new RrSigRecord(records, key, inception, expiration)); } } } byte[] hash = recordsByName[i].Item1.GetNSec3Hash(nsec3Algorithm, nsec3Iterations, nsec3Salt); nSec3Records.Add(new NSec3Record(DomainName.ParseFromMasterfile(hash.ToBase32HexString()) + Name, soaRecord.RecordClass, soaRecord.NegativeCachingTTL, nsec3Algorithm, nsec3RecordFlags, (ushort)nsec3Iterations, nsec3Salt, hash, recordTypes)); allNames.Add(currentName); for (int j = currentName.LabelCount - Name.LabelCount; j > 0; j--) { DomainName possibleNonTerminal = currentName.GetParentName(j); if (!allNames.Contains(possibleNonTerminal)) { hash = possibleNonTerminal.GetNSec3Hash(nsec3Algorithm, nsec3Iterations, nsec3Salt); nSec3Records.Add(new NSec3Record(DomainName.ParseFromMasterfile(hash.ToBase32HexString()) + Name, soaRecord.RecordClass, soaRecord.NegativeCachingTTL, nsec3Algorithm, nsec3RecordFlags, (ushort)nsec3Iterations, nsec3Salt, hash, new List <RecordType>())); allNames.Add(possibleNonTerminal); } } } nSec3Records = nSec3Records.OrderBy(x => x.Name).ToList(); byte[] firstNextHashedOwnerName = nSec3Records[0].NextHashedOwnerName; for (int i = 1; i < nSec3Records.Count; i++) { nSec3Records[i - 1].NextHashedOwnerName = nSec3Records[i].NextHashedOwnerName; } nSec3Records[nSec3Records.Count - 1].NextHashedOwnerName = firstNextHashedOwnerName; foreach (var nSec3Record in nSec3Records) { res.Add(nSec3Record); foreach (var key in zoneSigningKeys) { res.Add(new RrSigRecord(new List <DnsRecordBase>() { nSec3Record }, key, inception, expiration)); } } res.AddRange(unsignedRecords); return(res); }
public override void GetBytes(byte[] data) { _rng.NextBytes(data); _rng.SetSeed(SecureRandom.GetSeed(16)); }
public static byte[] GetRandomBytes(int length) { byte[] result = SecureRandom.GetSeed(length); return(result); }
internal RecipientInfo ToRecipientInfo( KeyParameter key) { byte[] keyBytes = key.GetKey(); if (pubKey != null) { IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id); keyWrapper.Init(true, pubKey); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); RecipientIdentifier recipId; if (cert != null) { TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray(cert.GetTbsCertificate())); Asn1.Cms.IssuerAndSerialNumber encSid = new Asn1.Cms.IssuerAndSerialNumber( tbs.Issuer, tbs.SerialNumber.Value); recipId = new RecipientIdentifier(encSid); } else { recipId = new RecipientIdentifier(subKeyId); } return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncAlg, encKey))); } else if (originator != null) { IWrapper keyWrapper = Helper.CreateWrapper( DerObjectIdentifier.GetInstance( Asn1Sequence.GetInstance(keyEncAlg.Parameters)[0]).Id); keyWrapper.Init(true, secKey); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); RecipientEncryptedKey rKey = new RecipientEncryptedKey( new KeyAgreeRecipientIdentifier( new Asn1.Cms.IssuerAndSerialNumber( PrincipalUtilities.GetIssuerX509Principal(cert), cert.SerialNumber)), encKey); return(new RecipientInfo( new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg, new DerSequence(rKey)))); } else if (derivationAlg != null) { string rfc3211WrapperName = Helper.GetRfc3211WrapperName(secKeyAlgorithm); IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName); // Note: In Java build, the IV is automatically generated in JCE layer int ivLength = rfc3211WrapperName.StartsWith("DESEDE") ? 8 : 16; byte[] iv = SecureRandom.GetSeed(ivLength); ICipherParameters parameters = new ParametersWithIV(secKey, iv); keyWrapper.Init(true, parameters); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); // byte[] iv = keyWrapper.GetIV(); DerSequence seq = new DerSequence( new DerObjectIdentifier(secKeyAlgorithm), new DerOctetString(iv)); keyEncAlg = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgPwriKek, seq); return(new RecipientInfo(new PasswordRecipientInfo(derivationAlg, keyEncAlg, encKey))); } else { IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id); keyWrapper.Init(true, secKey); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); return(new RecipientInfo(new KekRecipientInfo(secKeyId, keyEncAlg, encKey))); } }
private static byte[] GetChallege() { return(SecureRandom.GetSeed(16)); }
/// <summary> /// Initializes a new instance of the <see cref="KeyGenerator"/> class /// with the specified key size. /// </summary> /// <remarks>Following key sizes are supported: /// - 192 /// - 224 /// - 239 /// - 256 (default) /// - 384 /// - 521</remarks> /// <param name="keySize">The key size.</param> public KeyGenerator(int keySize) : this(keySize, SecureRandom.GetSeed(32)) { }
public BouncyCastleRandomNumberGenerator() { _rng = new SecureRandom(new DigestRandomGenerator(new Sha512Digest())); _rng.SetSeed(SecureRandom.GetSeed(32)); }