public boolean isGost() { return name().contains("GOST"); } }
public boolean isGrease() { return this.name().contains("GREASE"); }
public boolean isDhGroup() { return this.name().toLowerCase().contains("dhe"); }
public static byte[] createX25519KeyShare(NamedGroup group, BigInteger privateKey) { if (!group.isCurve() || group.isStandardCurve()) { throw new IllegalArgumentException( "Cannot create ClassicEcPublicKey for group which is not a classic curve:" + group.name()); } byte[] privateKeyBytes; if (privateKey.toByteArray().length != 32) { LOGGER.warn("ECDH_25519 private Key is not 32 byte - using as much as possible and padding the rest with Zeros."); privateKeyBytes = Arrays.copyOf(privateKey.toByteArray(), 32); } else { privateKeyBytes = privateKey.toByteArray(); } LOGGER.debug("Clamping private key"); Curve25519.clamp(privateKeyBytes); byte[] publicKey = new byte[32]; Curve25519.keygen(publicKey, null, privateKeyBytes); return publicKey; }
public static ECPoint createClassicEcPoint(NamedGroup group, BigInteger privateKey) { if (!group.isStandardCurve()) { throw new IllegalArgumentException( "Cannot create ClassicEcPublicKey for group which is not a classic curve:" + group.name()); } ECDomainParameters ecDomainParameters = generateEcParameters(group); ECPoint ecPoint = ecDomainParameters.getG().multiply(privateKey); ecPoint = ecPoint.normalize(); return ecPoint; }
public static NamedGroup getNamedCuveFromECCurve(ECCurve unknownCurve) { for (NamedGroup group : NamedGroup.values()) { ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(group.name()); if (parameterSpec.getCurve().equals(unknownCurve)) { return group; } } return null; }
@Override public void executeAttack() { Config tlsConfig = getTlsConfig(); LOGGER.info("Executing attack against the server with named curve {}", tlsConfig.getDefaultClientNamedGroups() .get(0)); Curve curve = CurveFactory.getNamedCurve(tlsConfig.getDefaultClientNamedGroups().get(0).name()); RealDirectMessageECOracle oracle = new RealDirectMessageECOracle(tlsConfig, curve); ICEAttacker attacker = new ICEAttacker(oracle, config.getServerType(), config.getAdditionalEquations()); attacker.attack(); BigInteger result = attacker.getResult(); LOGGER.info("Result found: {}", result); }
public static CustomECPoint createClassicEcPublicKey(NamedGroup group, BigInteger privateKey) { if (!group.isStandardCurve()) { throw new IllegalArgumentException( "Cannot create ClassicEcPublicKey for group which is not a classic curve:" + group.name()); } ECDomainParameters ecDomainParameters = generateEcParameters(group); ECPoint ecPoint = ecDomainParameters.getG().multiply(privateKey); ecPoint = ecPoint.normalize(); if (ecPoint.isInfinity()) { // TODO ??? return new CustomECPoint(BigInteger.ZERO, BigInteger.ZERO); } return new CustomECPoint(ecPoint.getRawXCoord().toBigInteger(), ecPoint.getRawYCoord().toBigInteger()); }
private void prepareKeyShare() { if (entry.getPrivateKey() == null) { if (chooser.getConnectionEndType().equals(ConnectionEndType.CLIENT)) { entry.setPrivateKey(chooser.getClientEcPrivateKey()); } if (chooser.getConnectionEndType().equals(ConnectionEndType.SERVER)) { entry.setPrivateKey(chooser.getServerEcPrivateKey()); } } if (entry.getGroupConfig().isStandardCurve()) { ECPoint ecPublicKey = KeyShareCalculator .createClassicEcPoint(entry.getGroupConfig(), entry.getPrivateKey()); List<ECPointFormat> pointFormatList = chooser.getServerSupportedPointFormats(); ECPointFormat[] formatArray = pointFormatList.toArray(new ECPointFormat[pointFormatList.size()]); byte[] serializedPoint; try { serializedPoint = ECCUtilsBCWrapper.serializeECPoint(formatArray, ecPublicKey); } catch (IOException ex) { throw new PreparationException("Could not serialize clientPublicKey", ex); } entry.setPublicKey(serializedPoint); } else if (entry.getGroupConfig().isCurve() && !entry.getGroupConfig().isStandardCurve()) { byte[] publicKey = KeyShareCalculator.createX25519KeyShare(entry.getGroupConfig(), entry.getPrivateKey()); entry.setPublicKey(publicKey); } else { throw new UnsupportedOperationException("The group \"" + entry.getGroupConfig().name() + "\" is not supported yet"); } LOGGER.debug("KeyShare: " + ArrayConverter.bytesToHexString(entry.getPublicKey().getValue())); }
@Override public void prepareAfterParse(boolean clientMode) { msg.prepareComputations(); prepareClientServerRandom(msg); NamedGroup usedGroup = chooser.getSelectedNamedGroup(); LOGGER.debug("Used Group: " + usedGroup.name()); setComputationPrivateKey(msg, clientMode); ECDomainParameters ecParams = getDomainParameters(chooser.getEcCurveType(), usedGroup); if (clientMode) { ECPoint clientPublicKey = ecParams.getG().multiply(msg.getComputations().getPrivateKey().getValue()); clientPublicKey = clientPublicKey.normalize(); if (clientPublicKey.getRawXCoord() != null && clientPublicKey.getRawYCoord() != null) { msg.getComputations().setComputedPublicKeyX(clientPublicKey.getRawXCoord().toBigInteger()); msg.getComputations().setComputedPublicKeyY(clientPublicKey.getRawYCoord().toBigInteger()); } else { LOGGER.warn("Could not compute correct public key. Using empty one instead"); msg.getComputations().setComputedPublicKeyX(BigInteger.ZERO); msg.getComputations().setComputedPublicKeyY(BigInteger.ZERO); } } setComputationPublicKey(msg, clientMode); LOGGER.debug("PublicKey used:" + msg.getComputations().getPublicKey().toString()); LOGGER.debug("PrivateKey used:" + msg.getComputations().getPrivateKey().getValue()); ECPoint publicKey = ecParams.getCurve().createPoint(msg.getComputations().getPublicKey().getX(), msg.getComputations().getPublicKey().getY()); publicKey = publicKey.normalize(); premasterSecret = computePremasterSecret(new ECPublicKeyParameters(publicKey, ecParams), new ECPrivateKeyParameters(msg.getComputations().getPrivateKey().getValue(), ecParams)); preparePremasterSecret(msg); }