nl.open.jwtdependency.org.bouncycastle.crypto.engines.NaccacheSternEngine Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of java-jwt-nodependencies Show documentation
Show all versions of java-jwt-nodependencies Show documentation
This is a drop in replacement for the auth0 java-jwt library (see https://github.com/auth0/java-jwt). This jar makes sure there are no external dependencies (e.g. fasterXml, Apacha Commons) needed. This is useful when deploying to an application server (e.g. tomcat with Alfreso or Pega).
The newest version!
package org.bouncycastle.crypto.engines;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.params.NaccacheSternKeyParameters;
import org.bouncycastle.crypto.params.NaccacheSternPrivateKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
/**
* NaccacheStern Engine. For details on this cipher, please see
* http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
*/
public class NaccacheSternEngine
implements AsymmetricBlockCipher
{
private boolean forEncryption;
private NaccacheSternKeyParameters key;
private Vector[] lookup = null;
private boolean debug = false;
private static BigInteger ZERO = BigInteger.valueOf(0);
private static BigInteger ONE = BigInteger.valueOf(1);
/**
* Initializes this algorithm. Must be called before all other Functions.
*
* @see org.bouncycastle.crypto.AsymmetricBlockCipher#init(boolean,
* org.bouncycastle.crypto.CipherParameters)
*/
public void init(boolean forEncryption, CipherParameters param)
{
this.forEncryption = forEncryption;
if (param instanceof ParametersWithRandom)
{
param = ((ParametersWithRandom) param).getParameters();
}
key = (NaccacheSternKeyParameters)param;
// construct lookup table for faster decryption if necessary
if (!this.forEncryption)
{
if (debug)
{
System.out.println("Constructing lookup Array");
}
NaccacheSternPrivateKeyParameters priv = (NaccacheSternPrivateKeyParameters)key;
Vector primes = priv.getSmallPrimes();
lookup = new Vector[primes.size()];
for (int i = 0; i < primes.size(); i++)
{
BigInteger actualPrime = (BigInteger)primes.elementAt(i);
int actualPrimeValue = actualPrime.intValue();
lookup[i] = new Vector();
lookup[i].addElement(ONE);
if (debug)
{
System.out.println("Constructing lookup ArrayList for " + actualPrimeValue);
}
BigInteger accJ = ZERO;
for (int j = 1; j < actualPrimeValue; j++)
{
accJ = accJ.add(priv.getPhi_n());
BigInteger comp = accJ.divide(actualPrime);
lookup[i].addElement(priv.getG().modPow(comp, priv.getModulus()));
}
}
}
}
public void setDebug(boolean debug)
{
this.debug = debug;
}
/**
* Returns the input block size of this algorithm.
*
* @see org.bouncycastle.crypto.AsymmetricBlockCipher#getInputBlockSize()
*/
public int getInputBlockSize()
{
if (forEncryption)
{
// We can only encrypt values up to lowerSigmaBound
return (key.getLowerSigmaBound() + 7) / 8 - 1;
}
else
{
// We pad to modulus-size bytes for easier decryption.
return key.getModulus().toByteArray().length;
}
}
/**
* Returns the output block size of this algorithm.
*
* @see org.bouncycastle.crypto.AsymmetricBlockCipher#getOutputBlockSize()
*/
public int getOutputBlockSize()
{
if (forEncryption)
{
// encrypted Data is always padded up to modulus size
return key.getModulus().toByteArray().length;
}
else
{
// decrypted Data has upper limit lowerSigmaBound
return (key.getLowerSigmaBound() + 7) / 8 - 1;
}
}
/**
* Process a single Block using the Naccache-Stern algorithm.
*
* @see org.bouncycastle.crypto.AsymmetricBlockCipher#processBlock(byte[],
* int, int)
*/
public byte[] processBlock(byte[] in, int inOff, int len) throws InvalidCipherTextException
{
if (key == null)
{
throw new IllegalStateException("NaccacheStern engine not initialised");
}
if (len > (getInputBlockSize() + 1))
{
throw new DataLengthException("input too large for Naccache-Stern cipher.\n");
}
if (!forEncryption)
{
// At decryption make sure that we receive padded data blocks
if (len < getInputBlockSize())
{
throw new InvalidCipherTextException("BlockLength does not match modulus for Naccache-Stern cipher.\n");
}
}
byte[] block;
if (inOff != 0 || len != in.length)
{
block = new byte[len];
System.arraycopy(in, inOff, block, 0, len);
}
else
{
block = in;
}
// transform input into BigInteger
BigInteger input = new BigInteger(1, block);
if (debug)
{
System.out.println("input as BigInteger: " + input);
}
byte[] output;
if (forEncryption)
{
output = encrypt(input);
}
else
{
Vector plain = new Vector();
NaccacheSternPrivateKeyParameters priv = (NaccacheSternPrivateKeyParameters)key;
Vector primes = priv.getSmallPrimes();
// Get Chinese Remainders of CipherText
for (int i = 0; i < primes.size(); i++)
{
BigInteger exp = input.modPow(priv.getPhi_n().divide((BigInteger)primes.elementAt(i)), priv.getModulus());
Vector al = lookup[i];
if (lookup[i].size() != ((BigInteger)primes.elementAt(i)).intValue())
{
if (debug)
{
System.out.println("Prime is " + primes.elementAt(i) + ", lookup table has size " + al.size());
}
throw new InvalidCipherTextException("Error in lookup Array for "
+ ((BigInteger)primes.elementAt(i)).intValue()
+ ": Size mismatch. Expected ArrayList with length "
+ ((BigInteger)primes.elementAt(i)).intValue() + " but found ArrayList of length "
+ lookup[i].size());
}
int lookedup = al.indexOf(exp);
if (lookedup == -1)
{
if (debug)
{
System.out.println("Actual prime is " + primes.elementAt(i));
System.out.println("Decrypted value is " + exp);
System.out.println("LookupList for " + primes.elementAt(i) + " with size " + lookup[i].size()
+ " is: ");
for (int j = 0; j < lookup[i].size(); j++)
{
System.out.println(lookup[i].elementAt(j));
}
}
throw new InvalidCipherTextException("Lookup failed");
}
plain.addElement(BigInteger.valueOf(lookedup));
}
BigInteger test = chineseRemainder(plain, primes);
// Should not be used as an oracle, so reencrypt output to see
// if it corresponds to input
// this breaks probabilisic encryption, so disable it. Anyway, we do
// use the first n primes for key generation, so it is pretty easy
// to guess them. But as stated in the paper, this is not a security
// breach. So we can just work with the correct sigma.
// if (debug) {
// System.out.println("Decryption is " + test);
// }
// if ((key.getG().modPow(test, key.getModulus())).equals(input)) {
// output = test.toByteArray();
// } else {
// if(debug){
// System.out.println("Engine seems to be used as an oracle,
// returning null");
// }
// output = null;
// }
output = test.toByteArray();
}
return output;
}
/**
* Encrypts a BigInteger aka Plaintext with the public key.
*
* @param plain
* The BigInteger to encrypt
* @return The byte[] representation of the encrypted BigInteger (i.e.
* crypted.toByteArray())
*/
public byte[] encrypt(BigInteger plain)
{
// Always return modulus size values 0-padded at the beginning
// 0-padding at the beginning is correctly parsed by BigInteger :)
byte[] output = key.getModulus().toByteArray();
Arrays.fill(output, (byte)0);
byte[] tmp = key.getG().modPow(plain, key.getModulus()).toByteArray();
System
.arraycopy(tmp, 0, output, output.length - tmp.length,
tmp.length);
if (debug)
{
System.out
.println("Encrypted value is: " + new BigInteger(output));
}
return output;
}
/**
* Adds the contents of two encrypted blocks mod sigma
*
* @param block1
* the first encrypted block
* @param block2
* the second encrypted block
* @return encrypt((block1 + block2) mod sigma)
* @throws InvalidCipherTextException
*/
public byte[] addCryptedBlocks(byte[] block1, byte[] block2)
throws InvalidCipherTextException
{
// check for correct blocksize
if (forEncryption)
{
if ((block1.length > getOutputBlockSize())
|| (block2.length > getOutputBlockSize()))
{
throw new InvalidCipherTextException(
"BlockLength too large for simple addition.\n");
}
}
else
{
if ((block1.length > getInputBlockSize())
|| (block2.length > getInputBlockSize()))
{
throw new InvalidCipherTextException(
"BlockLength too large for simple addition.\n");
}
}
// calculate resulting block
BigInteger m1Crypt = new BigInteger(1, block1);
BigInteger m2Crypt = new BigInteger(1, block2);
BigInteger m1m2Crypt = m1Crypt.multiply(m2Crypt);
m1m2Crypt = m1m2Crypt.mod(key.getModulus());
if (debug)
{
System.out.println("c(m1) as BigInteger:....... " + m1Crypt);
System.out.println("c(m2) as BigInteger:....... " + m2Crypt);
System.out.println("c(m1)*c(m2)%n = c(m1+m2)%n: " + m1m2Crypt);
}
byte[] output = key.getModulus().toByteArray();
Arrays.fill(output, (byte)0);
System.arraycopy(m1m2Crypt.toByteArray(), 0, output, output.length
- m1m2Crypt.toByteArray().length,
m1m2Crypt.toByteArray().length);
return output;
}
/**
* Convenience Method for data exchange with the cipher.
*
* Determines blocksize and splits data to blocksize.
*
* @param data the data to be processed
* @return the data after it went through the NaccacheSternEngine.
* @throws InvalidCipherTextException
*/
public byte[] processData(byte[] data) throws InvalidCipherTextException
{
if (debug)
{
System.out.println();
}
if (data.length > getInputBlockSize())
{
int inBlocksize = getInputBlockSize();
int outBlocksize = getOutputBlockSize();
if (debug)
{
System.out.println("Input blocksize is: " + inBlocksize + " bytes");
System.out.println("Output blocksize is: " + outBlocksize + " bytes");
System.out.println("Data has length:.... " + data.length + " bytes");
}
int datapos = 0;
int retpos = 0;
byte[] retval = new byte[(data.length / inBlocksize + 1) * outBlocksize];
while (datapos < data.length)
{
byte[] tmp;
if (datapos + inBlocksize < data.length)
{
tmp = processBlock(data, datapos, inBlocksize);
datapos += inBlocksize;
}
else
{
tmp = processBlock(data, datapos, data.length - datapos);
datapos += data.length - datapos;
}
if (debug)
{
System.out.println("new datapos is " + datapos);
}
if (tmp != null)
{
System.arraycopy(tmp, 0, retval, retpos, tmp.length);
retpos += tmp.length;
}
else
{
if (debug)
{
System.out.println("cipher returned null");
}
throw new InvalidCipherTextException("cipher returned null");
}
}
byte[] ret = new byte[retpos];
System.arraycopy(retval, 0, ret, 0, retpos);
if (debug)
{
System.out.println("returning " + ret.length + " bytes");
}
return ret;
}
else
{
if (debug)
{
System.out.println("data size is less then input block size, processing directly");
}
return processBlock(data, 0, data.length);
}
}
/**
* Computes the integer x that is expressed through the given primes and the
* congruences with the chinese remainder theorem (CRT).
*
* @param congruences
* the congruences c_i
* @param primes
* the primes p_i
* @return an integer x for that x % p_i == c_i
*/
private static BigInteger chineseRemainder(Vector congruences, Vector primes)
{
BigInteger retval = ZERO;
BigInteger all = ONE;
for (int i = 0; i < primes.size(); i++)
{
all = all.multiply((BigInteger)primes.elementAt(i));
}
for (int i = 0; i < primes.size(); i++)
{
BigInteger a = (BigInteger)primes.elementAt(i);
BigInteger b = all.divide(a);
BigInteger b_ = b.modInverse(a);
BigInteger tmp = b.multiply(b_);
tmp = tmp.multiply((BigInteger)congruences.elementAt(i));
retval = retval.add(tmp);
}
return retval.mod(all);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy