if (! org.bouncycastle.util.Arrays.constantTimeAreEqual(expectedAuthTag, authTag)) {
private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); } }
/** * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum * * @param key key to be validated. * @param checksum the checksum. * @return true if okay, false otherwise. */ private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); }
/** * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum * * @param key key to be validated. * @param checksum the checksum. * @return true if okay, false otherwise. */ private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); }
/** * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum * * @param key * @param checksum * @return */ private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); } }
protected void processFinished(byte[] body, byte[] expected_verify_data) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); TlsProtocol.assertEmpty(buf); if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } }
protected void processFinished(byte[] body, byte[] expected_verify_data) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); TlsProtocol.assertEmpty(buf); if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } }
private void verifyMac(byte[] content, PbkdMacIntegrityCheck integrityCheck, char[] password) throws NoSuchAlgorithmException, IOException, NoSuchProviderException { byte[] check = calculateMac(content, integrityCheck.getMacAlgorithm(), integrityCheck.getPbkdAlgorithm(), password); if (!Arrays.constantTimeAreEqual(check, integrityCheck.getMac())) { throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed"); } }
protected void checkMAC(long seqNo, short type, byte[] recBuf, int recStart, int recEnd, byte[] calcBuf, int calcOff, int calcLen) throws IOException { byte[] receivedMac = Arrays.copyOfRange(recBuf, recStart, recEnd); byte[] computedMac = readMac.calculateMac(seqNo, type, calcBuf, calcOff, calcLen); if (!Arrays.constantTimeAreEqual(receivedMac, computedMac)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } }
protected void checkMAC(long seqNo, short type, byte[] recBuf, int recStart, int recEnd, byte[] calcBuf, int calcOff, int calcLen) throws IOException { byte[] receivedMac = Arrays.copyOfRange(recBuf, recStart, recEnd); byte[] computedMac = readMac.calculateMac(seqNo, type, calcBuf, calcOff, calcLen); if (!Arrays.constantTimeAreEqual(receivedMac, computedMac)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } }
protected void processFinishedMessage(ByteArrayInputStream buf) throws IOException { byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); assertEmpty(buf); /* * Compare both checksums. */ if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { /* * Wrong checksum in the finished message. */ throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
public byte[] decodeCiphertext(byte[] receivedMAC, byte[] additionalData, byte[] ciphertext) throws IOException { KeyParameter macKey = initRecordMAC(decryptCipher); byte[] calculatedMAC = PolyKeyCreator.create(macKey, additionalData, ciphertext); if (!Arrays.constantTimeAreEqual(calculatedMAC, receivedMAC)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } byte[] output = new byte[ciphertext.length]; decryptCipher.processBytes(ciphertext, 0, ciphertext.length, output, 0); return output; }
protected void processFinishedMessage(ByteArrayInputStream buf) throws IOException { if (expected_verify_data == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); assertEmpty(buf); /* * Compare both checksums. */ if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { /* * Wrong checksum in the finished message. */ throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
/** * Return true if the passed in commitment represents a commitment to the passed in message. * * @param commitment a commitment previously generated. * @param message the message that was expected to have been committed to. * @return true if commitment matches message, false otherwise. */ public boolean isRevealed(Commitment commitment, byte[] message) { if (message.length + commitment.getSecret().length != byteLength) { throw new DataLengthException("Message and witness secret lengths do not match."); } byte[] calcCommitment = calculateCommitment(commitment.getSecret(), message); return Arrays.constantTimeAreEqual(commitment.getCommitment(), calcCommitment); }
/** * Return true if the passed in commitment represents a commitment to the passed in message. * * @param commitment a commitment previously generated. * @param message the message that was expected to have been committed to. * @return true if commitment matches message, false otherwise. */ public boolean isRevealed(Commitment commitment, byte[] message) { if (message.length + commitment.getSecret().length != byteLength) { throw new DataLengthException("Message and witness secret lengths do not match."); } byte[] calcCommitment = calculateCommitment(commitment.getSecret(), message); return Arrays.constantTimeAreEqual(commitment.getCommitment(), calcCommitment); }
/** * Return true if the passed in commitment represents a commitment to the passed in message. * * @param commitment a commitment previously generated. * @param message the message that was expected to have been committed to. * @return true if commitment matches message, false otherwise. */ public boolean isRevealed(Commitment commitment, byte[] message) { if (message.length + commitment.getSecret().length != byteLength) { throw new DataLengthException("Message and witness secret lengths do not match."); } byte[] calcCommitment = calculateCommitment(commitment.getSecret(), message); return Arrays.constantTimeAreEqual(commitment.getCommitment(), calcCommitment); }
/** * Return true if the passed in commitment represents a commitment to the passed in message. * * @param commitment a commitment previously generated. * @param message the message that was expected to have been committed to. * @return true if commitment matches message, false otherwise. */ public boolean isRevealed(Commitment commitment, byte[] message) { if (message.length + commitment.getSecret().length != byteLength) { throw new DataLengthException("Message and witness secret lengths do not match."); } byte[] calcCommitment = calculateCommitment(commitment.getSecret(), message); return Arrays.constantTimeAreEqual(commitment.getCommitment(), calcCommitment); }
public byte[] unwrap(byte[] input, int inOff, int inLen) { byte[] decKey = new byte[inLen - mac.getMacSize()]; cipher.processBlock(input, inOff, decKey, 0); cipher.processBlock(input, inOff + 8, decKey, 8); cipher.processBlock(input, inOff + 16, decKey, 16); cipher.processBlock(input, inOff + 24, decKey, 24); byte[] macResult = new byte[mac.getMacSize()]; mac.update(decKey, 0, decKey.length); mac.doFinal(macResult, 0); byte[] macExpected = new byte[mac.getMacSize()]; System.arraycopy(input, inOff + inLen - 4, macExpected, 0, mac.getMacSize()); if (!Arrays.constantTimeAreEqual(macResult, macExpected)) { throw new IllegalStateException("mac mismatch"); } return decKey; }
public byte[] unwrap(byte[] input, int inOff, int inLen) throws InvalidCipherTextException { byte[] decKey = new byte[inLen - mac.getMacSize()]; cipher.processBlock(input, inOff, decKey, 0); cipher.processBlock(input, inOff + 8, decKey, 8); cipher.processBlock(input, inOff + 16, decKey, 16); cipher.processBlock(input, inOff + 24, decKey, 24); byte[] macResult = new byte[mac.getMacSize()]; mac.update(decKey, 0, decKey.length); mac.doFinal(macResult, 0); byte[] macExpected = new byte[mac.getMacSize()]; System.arraycopy(input, inOff + inLen - 4, macExpected, 0, mac.getMacSize()); if (!Arrays.constantTimeAreEqual(macResult, macExpected)) { throw new IllegalStateException("mac mismatch"); } return decKey; } }
public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len) throws IOException { if (getPlaintextLimit(len) < 0) { throw new TlsFatalAlert(AlertDescription.decode_error); } KeyParameter macKey = initRecord(decryptCipher, false, seqNo, decryptIV); int plaintextLength = len - 16; byte[] additionalData = getAdditionalData(seqNo, type, plaintextLength); byte[] calculatedMAC = calculateRecordMAC(macKey, additionalData, ciphertext, offset, plaintextLength); byte[] receivedMAC = Arrays.copyOfRange(ciphertext, offset + plaintextLength, offset + len); if (!Arrays.constantTimeAreEqual(calculatedMAC, receivedMAC)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } byte[] output = new byte[plaintextLength]; decryptCipher.processBytes(ciphertext, offset, plaintextLength, output, 0); return output; }