private static ICipherParameters GetPrivateParameters(IKey key) { AsymmetricECPrivateKey pK; SecureRandom random; if (key is KeyWithRandom) { KeyWithRandom k = (KeyWithRandom)key; pK = (AsymmetricECPrivateKey)k.Key; random = k.Random; } else { pK = (AsymmetricECPrivateKey)key; random = CryptoServicesRegistrar.GetSecureRandom(); } if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { validateCurveSize(Alg, pK.DomainParameters); } return(new ParametersWithRandom(GetPrivateKeyParameters(pK), random)); }
/** * Generates a random polynomial with <code>numOnes</code> coefficients equal to 1, * <code>numNegOnes</code> coefficients equal to -1, and the rest equal to 0. * * @param N number of coefficients * @param numOnes number of 1's * @param numNegOnes number of -1's * @return a random polynomial. */ static BigIntPolynomial GenerateRandomSmall(int N, int numOnes, int numNegOnes) { List <BigInteger> coeffs = new List <BigInteger>(); for (int i = 0; i < numOnes; i++) { coeffs.Add(BigInteger.ValueOf(1)); } for (int i = 0; i < numNegOnes; i++) { coeffs.Add(BigInteger.ValueOf(-1)); } while (coeffs.Count < N) { coeffs.Add(BigInteger.ValueOf(0)); } Shuffle(coeffs, CryptoServicesRegistrar.GetSecureRandom()); BigIntPolynomial poly = new BigIntPolynomial(N); for (int i = 0; i < coeffs.Count; i++) { poly.coeffs[i] = (BigInteger)coeffs[i]; } return(poly); }
private static ICipherParameters GetPrivateParameters(IKey key) { DsaPrivateKeyParameters privateKeyParameters; SecureRandom random; if (key is KeyWithRandom) { KeyWithRandom k = (KeyWithRandom)key; privateKeyParameters = GetPrivateKeyParameters((AsymmetricDsaPrivateKey)k.Key); random = k.Random; } else { privateKeyParameters = GetPrivateKeyParameters((AsymmetricDsaPrivateKey)key); random = CryptoServicesRegistrar.GetSecureRandom(); } int effSizeInBits = privateKeyParameters.Parameters.P.BitLength; if (CryptoServicesRegistrar.IsInApprovedOnlyMode()) { if (effSizeInBits != 2048 && effSizeInBits != 3072) { throw new CryptoUnapprovedOperationError("attempt to create signer with unapproved keysize [" + effSizeInBits + "]", Alg); } } return(new ParametersWithRandom(privateKeyParameters, random)); }
private byte[] CreateIV(DekAlgorithm algorithm) { if (algorithm.Name.EndsWith("ECB")) { return(null); } byte[] iv; if (algorithm.Name.Contains("AES")) { iv = new byte[16]; } else { iv = new byte[8]; } if (random != null) { random.NextBytes(iv); } else { CryptoServicesRegistrar.GetSecureRandom().NextBytes(iv); } return(iv); }
internal static EncryptionScheme GetEncryptionSchemeIdentifier(DerObjectIdentifier keyEncAlgorithm, SecureRandom random) { int ivLength = (int)Utils.ivSizesInBytes[keyEncAlgorithm]; byte[] iv = null; if (ivLength != 0) { iv = new byte[ivLength]; if (random != null) { random.NextBytes(iv); } else { CryptoServicesRegistrar.GetSecureRandom().NextBytes(iv); } } EncryptionScheme encScheme; if (Utils.IsAeadMode(keyEncAlgorithm)) { // at the moment GCM/CCM have the same structure encScheme = new EncryptionScheme(keyEncAlgorithm, new CcmParameters(iv, 12)); } else { encScheme = new EncryptionScheme(keyEncAlgorithm, new DerOctetString(iv)); } return(encScheme); }
/** * Reads a parameter set from an input stream. * * @param is an input stream * @throws java.io.IOException */ public NTRUEncryptionKeyGenerationParameters(Stream inputStream) : base(CryptoServicesRegistrar.GetSecureRandom(), -1) { BinaryReader dis = new BinaryReader(inputStream); N = dis.ReadInt32(); q = dis.ReadInt32(); df = dis.ReadInt32(); df1 = dis.ReadInt32(); df2 = dis.ReadInt32(); df3 = dis.ReadInt32(); db = dis.ReadInt32(); dm0 = dis.ReadInt32(); c = dis.ReadInt32(); minCallsR = dis.ReadInt32(); minCallsMask = dis.ReadInt32(); hashSeed = dis.ReadBoolean(); oid = dis.ReadBytes(3); sparse = dis.ReadBoolean(); fastFp = dis.ReadBoolean(); polyType = dis.Read(); string alg = dis.ReadString(); if ("SHA-512".Equals(alg)) { hashAlg = new Sha512Digest(); } else if ("SHA-256".Equals(alg)) { hashAlg = new Sha256Digest(); } Init(); }
/** * Reads a parameter set from an input stream. * * @param is an input stream * @throws java.io.IOException */ public NTRUSigningKeyGenerationParameters(Stream stream) : base(CryptoServicesRegistrar.GetSecureRandom(), 0) { BinaryReader dis = new BinaryReader(stream); N = dis.ReadInt32(); q = dis.ReadInt32(); d = dis.ReadInt32(); d1 = dis.ReadInt32(); d2 = dis.ReadInt32(); d3 = dis.ReadInt32(); B = dis.ReadInt32(); basisType = dis.ReadInt32(); beta = dis.ReadDouble(); normBound = dis.ReadDouble(); keyNormBound = dis.ReadDouble(); signFailTolerance = dis.ReadInt32(); primeCheck = dis.ReadBoolean(); sparse = dis.ReadBoolean(); bitsF = dis.ReadInt32(); keyGenAlg = dis.ReadInt32(); string alg = dis.ReadString(); if ("SHA-512".Equals(alg)) { hashAlg = new Sha512Digest(); } else if ("SHA-256".Equals(alg)) { hashAlg = new Sha256Digest(); } polyType = dis.ReadInt32(); init(); }
public void Init( KeyGenerationParameters parameters) { if (parameters is ECKeyGenerationParameters) { ECKeyGenerationParameters ecP = (ECKeyGenerationParameters)parameters; this.publicKeyParamSet = ecP.PublicKeyParamSet; this.parameters = ecP.DomainParameters; } else { DerObjectIdentifier oid; switch (parameters.Strength) { case 192: oid = X9ObjectIdentifiers.Prime192v1; break; case 224: oid = SecObjectIdentifiers.SecP224r1; break; case 239: oid = X9ObjectIdentifiers.Prime239v1; break; case 256: oid = X9ObjectIdentifiers.Prime256v1; break; case 384: oid = SecObjectIdentifiers.SecP384r1; break; case 521: oid = SecObjectIdentifiers.SecP521r1; break; default: throw new ArgumentException("unknown key size."); } X9ECParameters ecps = FindECCurveByOid(oid); this.publicKeyParamSet = oid; this.parameters = new EcDomainParameters( ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed()); } this.random = parameters.Random; if (this.random == null) { this.random = CryptoServicesRegistrar.GetSecureRandom(); } }
public IPbeSecretKeyEncryptor Build(char[] passPhrase) { byte[] s2kIv = new byte[8]; if (random == null) { random = CryptoServicesRegistrar.GetSecureRandom(); } random.NextBytes(s2kIv); S2k s2k = new S2k(s2kDigestFactory.AlgorithmDetails.Algorithm, s2kIv, s2kCount); byte[] key = PgpUtilities.MakeKeyFromPassPhrase(s2kDigestFactory, encAlgorithm, s2k, passPhrase); return(new SecretKeyEncryptor(encAlgorithm, key, null, s2k, new PgpSha1DigestFactory())); }
public void Init( bool forEncryption, ICipherParameters param) { if (param is ParametersWithRandom) { ParametersWithRandom rParam = (ParametersWithRandom)param; this.random = rParam.Random; } else if (forEncryption) { this.random = CryptoServicesRegistrar.GetSecureRandom(); } engine.Init(forEncryption, param); this.forEncryption = forEncryption; }
public virtual void Init( bool forSigning, ICipherParameters parameters) { if (parameters is ParametersWithRandom) { ParametersWithRandom p = (ParametersWithRandom)parameters; parameters = p.Parameters; random = p.Random; cipher.Init(forSigning, p); } else { if (forSigning) { random = CryptoServicesRegistrar.GetSecureRandom(); } cipher.Init(forSigning, parameters); } RsaKeyParameters kParam; if (parameters is RsaBlindingParameters) { kParam = ((RsaBlindingParameters)parameters).PublicKey; } else { kParam = (RsaKeyParameters)parameters; } emBits = kParam.Modulus.BitLength - 1; if (emBits < (8 * hLen + 8 * sLen + 9)) { throw new ArgumentException("key too small for specified hash and salt lengths"); } block = new byte[(emBits + 7) / 8]; }
private static ICipherParameters GetPrivateParameters(IKey key) { DsaPrivateKeyParameters privateKeyParameters; SecureRandom random; if (key is KeyWithRandom) { KeyWithRandom k = (KeyWithRandom)key; privateKeyParameters = GetPrivateKeyParameters((AsymmetricDsaPrivateKey)k.Key); random = k.Random; } else { privateKeyParameters = GetPrivateKeyParameters((AsymmetricDsaPrivateKey)key); random = CryptoServicesRegistrar.GetSecureRandom(); } return(new ParametersWithRandom(privateKeyParameters, random)); }
/** * initialise the RSA engine. * * @param forEncryption true if we are encrypting, false otherwise. * @param param the necessary RSA key parameters. */ public virtual void Init( bool forEncryption, ICipherParameters param) { core.Init(forEncryption, param); if (param is ParametersWithRandom) { ParametersWithRandom rParam = (ParametersWithRandom)param; key = (RsaKeyParameters)rParam.Parameters; random = rParam.Random; } else { key = (RsaKeyParameters)param; if (key.IsPrivate) { random = CryptoServicesRegistrar.GetSecureRandom(); } } }
protected virtual SecureRandom InitSecureRandom(bool needed, SecureRandom provided) { return(!needed ? null : (provided != null) ? provided : CryptoServicesRegistrar.GetSecureRandom()); }
private static ICipherParameters GetPrivateParameters(IKey privateKey, AsymmetricRsaKey.Usage rsaUsage) { if (privateKey is KeyWithRandom) { KeyWithRandom k = (KeyWithRandom)privateKey; return(new ParametersWithRandom(GetPrivateKeyParameters((AsymmetricRsaPrivateKey)k.Key, rsaUsage), k.Random)); } else { return(new ParametersWithRandom(GetPrivateKeyParameters((AsymmetricRsaPrivateKey)privateKey, rsaUsage), CryptoServicesRegistrar.GetSecureRandom())); } }
internal ParametersWithRandom( ICipherParameters parameters) : this(parameters, CryptoServicesRegistrar.GetSecureRandom()) { }
/** * Constructs a parameter set that uses ternary private keys (i.e. <code>polyType=SIMPLE</code>). * * @param N number of polynomial coefficients * @param q modulus * @param d number of -1's in the private polynomials <code>f</code> and <code>g</code> * @param B number of perturbations * @param basisType whether to use the standard or transpose lattice * @param beta balancing factor for the transpose lattice * @param normBound maximum norm for valid signatures * @param keyNormBound maximum norm for the ploynomials <code>F</code> and <code>G</code> * @param primeCheck whether <code>2N+1</code> is prime * @param sparse whether to treat ternary polynomials as sparsely populated ({@link org.bouncycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial} vs {@link org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial}) * @param keyGenAlg <code>RESULTANT</code> produces better bases, <code>FLOAT</code> is slightly faster. <code>RESULTANT</code> follows the EESS standard while <code>FLOAT</code> is described in Hoffstein et al: An Introduction to Mathematical Cryptography. * @param hashAlg a valid identifier for a <code>java.security.MessageDigest</code> instance such as <code>SHA-256</code>. The <code>MessageDigest</code> must support the <code>getDigestLength()</code> method. */ public NTRUSigningKeyGenerationParameters(int N, int q, int d, int B, int basisType, double beta, double normBound, double keyNormBound, bool primeCheck, bool sparse, int keyGenAlg, IDigest hashAlg) : base(CryptoServicesRegistrar.GetSecureRandom(), N) { this.N = N; this.q = q; this.d = d; this.B = B; this.basisType = basisType; this.beta = beta; this.normBound = normBound; this.keyNormBound = keyNormBound; this.primeCheck = primeCheck; this.sparse = sparse; this.keyGenAlg = keyGenAlg; this.hashAlg = hashAlg; polyType = (int)NTRUParameters.TERNARY_POLYNOMIAL_TYPE_SIMPLE; init(); }
/** * Constructs a parameter set that uses ternary private keys (i.e. <code>polyType=SIMPLE</code>). * @param N number of polynomial coefficients * @param q modulus * @param df number of ones in the private polynomial <code>f</code> * @param dm0 minimum acceptable number of -1's, 0's, and 1's in the polynomial <code>m'</code> in the last encryption step * @param db number of random bits to prepend to the message * @param c a parameter for the Index Generation Function ({@link IndexGenerator}) * @param minCallsR minimum number of hash calls for the IGF to make * @param minCallsMask minimum number of calls to generate the masking polynomial * @param hashSeed whether to hash the seed in the MGF first (true) or use the seed directly (false) * @param oid three bytes that uniquely identify the parameter set * @param sparse whether to treat ternary polynomials as sparsely populated ({@link org.bouncycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial} vs {@link org.bouncycastle.pqc.math.ntru.polynomial.DenseTernaryPolynomial}) * @param fastFp whether <code>f=1+p*F</code> for a ternary <code>F</code> (true) or <code>f</code> is ternary (false) * @param hashAlg a valid identifier for a <code>java.security.MessageDigest</code> instance such as <code>SHA-256</code>. The <code>MessageDigest</code> must support the <code>getDigestLength()</code> method. * @param random entropy source, if <code>null</code> uses {@link CryptoServicesRegistrar#getSecureRandom()} */ public NTRUEncryptionKeyGenerationParameters(int N, int q, int df, int dm0, int db, int c, int minCallsR, int minCallsMask, bool hashSeed, byte[] oid, bool sparse, bool fastFp, IDigest hashAlg, SecureRandom random) : base(random ?? CryptoServicesRegistrar.GetSecureRandom(), db) { this.N = N; this.q = q; this.df = df; this.db = db; this.dm0 = dm0; this.c = c; this.minCallsR = minCallsR; this.minCallsMask = minCallsMask; this.hashSeed = hashSeed; this.oid = oid; this.sparse = sparse; this.fastFp = fastFp; this.polyType = (int)NTRUParameters.TERNARY_POLYNOMIAL_TYPE_SIMPLE; this.hashAlg = hashAlg; Init(); }
public RecipientOperator GetRecipientOperator(AlgorithmIdentifier keyEncAlg, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentKey) { byte[] keyBytes = null; AsymmetricRsaPrivateKey rsaKey = privKey as AsymmetricRsaPrivateKey; if (rsaKey != null) { // random required for blinding operations keyBytes = CryptoServicesRegistrar.CreateService(rsaKey, random != null ? random: CryptoServicesRegistrar.GetSecureRandom()).CreateKeyUnwrapper(FipsRsa.WrapOaep.WithDigest(FipsShs.Sha1)).Unwrap(encryptedContentKey, 0, encryptedContentKey.Length).Collect(); } IParameters <Algorithm> cipherParams = Utils.GetCipherParameters(contentEncryptionAlgorithm); ICipherBuilder <AlgorithmIdentifier> decryptor; if (Utils.IsBlockMode(cipherParams.Algorithm)) { decryptor = new PkixBlockCipherBuilder(contentEncryptionAlgorithm, Utils.CreateBlockDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams)); } else if (Utils.IsAeadMode(cipherParams.Algorithm)) { decryptor = new PkixAeadCipherBuilder(contentEncryptionAlgorithm, Utils.CreateAeadDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams)); } else { decryptor = new PkixCipherBuilder(contentEncryptionAlgorithm, Utils.CreateDecryptorBuilder(contentEncryptionAlgorithm, keyBytes, cipherParams)); } return(new RecipientOperator(decryptor)); }