private void validateDigest(String digest, byte[] encodedState) { SHA256Digest computedDigest = new SHA256Digest(encodedState); byte[] computedBytes = new byte[computedDigest.getDigestSize()]; computedDigest.doFinal(computedBytes, 0); String computed = "sha256:" + printHexBinary(computedBytes); computed = computed.toLowerCase(); if ( ! digest.equals(computed) ) { throw new RegistryError("Invalid digest, expected "+computed+", but got "+digest, RegistryErrorCode.DIGEST_INVALID); } } }
private static BigInteger deriveSessionKey(BigInteger keyingMaterial) { /* * You should use a secure key derivation function (KDF) to derive the session key. * * For the purposes of this example, I'm just going to use a hash of the keying material. */ SHA256Digest digest = new SHA256Digest(); byte[] keyByteArray = keyingMaterial.toByteArray(); byte[] output = new byte[digest.getDigestSize()]; digest.update(keyByteArray, 0, keyByteArray.length); digest.doFinal(output, 0); return new BigInteger(output); } }
private static BigInteger deriveSessionKey(BigInteger keyingMaterial) { /* * You should use a secure key derivation function (KDF) to derive the session key. * * For the purposes of this example, I'm just going to use a hash of the keying material. */ SHA256Digest digest = new SHA256Digest(); byte[] keyByteArray = keyingMaterial.toByteArray(); byte[] output = new byte[digest.getDigestSize()]; digest.update(keyByteArray, 0, keyByteArray.length); digest.doFinal(output, 0); return new BigInteger(output); } }
static byte[] sha256DigestOf(byte[] input) { SHA256Digest d = new SHA256Digest(); d.update(input, 0, input.length); byte[] result = new byte[d.getDigestSize()]; d.doFinal(result, 0); return result; }
private void collect(String filename) { FileInputStream file = null; try { file = new FileInputStream(filename); } catch (FileNotFoundException e) { throw new RuntimeException("The file " + filename + " couldn't be recorded"); } SHA256Digest digest = new SHA256Digest(); byte[] result = new byte[digest.getDigestSize()]; int length; try { while ((length = file.read(result)) != -1) { digest.update(result, 0, length); } } catch (IOException e) { throw new RuntimeException("The file " + filename + " couldn't be recorded"); } digest.doFinal(result, 0); // We should be able to submit more hashes, but we will do sha256 // only for the time being this.put("sha256", Hex.toHexString(result)); } }
/** * Returns the signer associated with the signing method for this key * * @return a Signer instance that can be used to sign or verify using * RSASSA-PSS */ public Signer getSigner() { RSAEngine engine = new RSAEngine(); try { engine.init(false, getPrivate()); } catch (IOException e) { throw new RuntimeException(e.toString()); } SHA256Digest digest = new SHA256Digest(); return new PSSSigner(engine, digest, digest.getDigestSize()); } }
/** * Convenience method to obtain the keyid for this key * * @return the keyid for this key (Sha256 is baked in, for the time being) */ public String computeKeyId() { if (this.kpr == null) return null; byte[] JSONrepr = getJSONEncodeableFields(); // initialize digest SHA256Digest digest = new SHA256Digest(); byte[] result = new byte[digest.getDigestSize()]; digest.update(JSONrepr, 0, JSONrepr.length); digest.doFinal(result, 0); return Hex.toHexString(result); }
byte[] retValue = new byte[digester.getDigestSize()]; digester.update(key.getBytes(), 0, key.length()); digester.doFinal(retValue,0);
byte[] shared = Curve25519.create().agreement(otherPublicKey, myPrivateKey); byte[] pad = new byte[]{0x00, 0x00, 0x00, 0x01}; byte[] hash = new byte[sha256.getDigestSize()];
public static Optional<byte[]> curve25519Unwrap( byte[] myPublicKey, byte[] myPrivateKey, byte[] otherPublicKey, byte[] wrappedKey) { SHA256Digest sha256 = new SHA256Digest(); byte[] shared = Curve25519.agreement(otherPublicKey, myPrivateKey); logger.debug("-- curve25519Unwrap() - shared agreement: 0x{}", Hex.toHexString(shared)); // Stripped down NIST SP 800-56A KDF. byte[] counter = new byte[]{0x00, 0x00, 0x00, 0x01}; byte[] hash = new byte[sha256.getDigestSize()]; sha256.reset(); sha256.update(counter, 0, counter.length); sha256.update(shared, 0, shared.length); sha256.update(otherPublicKey, 0, otherPublicKey.length); sha256.update(myPublicKey, 0, myPublicKey.length); sha256.doFinal(hash, 0); logger.debug("-- curve25519Unwrap() - kek: {}", Hex.toHexString(hash)); return RFC3394Wrap.unwrapAES(hash, wrappedKey); } }