if (!Arrays.constantTimeAreEqual(T1, T2))
private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); } }
/** * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum * * @param key key to be validated. * @param checksum the checksum. * @return true if okay, false otherwise. */ private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); }
/** * @param key * @param checksum * @return true if okay, false otherwise. * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum */ private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); }
/** * @param key * @param checksum * @return * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum */ private boolean checkCMSKeyChecksum( byte[] key, byte[] checksum) { return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum); } }
protected void processFinished(byte[] body, byte[] expected_verify_data) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); TlsProtocol.assertEmpty(buf); if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } }
protected void processFinished(byte[] body, byte[] expected_verify_data) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(body); byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); TlsProtocol.assertEmpty(buf); if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } }
protected void checkMAC(long seqNo, short type, byte[] recBuf, int recStart, int recEnd, byte[] calcBuf, int calcOff, int calcLen) throws IOException { byte[] receivedMac = Arrays.copyOfRange(recBuf, recStart, recEnd); byte[] computedMac = readMac.calculateMac(seqNo, type, calcBuf, calcOff, calcLen); if (!Arrays.constantTimeAreEqual(receivedMac, computedMac)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } }
private void verifyMac(byte[] content, PbkdMacIntegrityCheck integrityCheck, char[] password) throws NoSuchAlgorithmException, IOException { byte[] check = calculateMac(content, integrityCheck.getMacAlgorithm(), integrityCheck.getPbkdAlgorithm(), password); if (!Arrays.constantTimeAreEqual(check, integrityCheck.getMac())) { throw new IOException("BCFKS KeyStore corrupted: MAC calculation failed."); } }
/** * return true if the internal state represents the signature described in * the passed in array. */ public boolean verifySignature( byte[] signature) { if (forSigning) { throw new IllegalStateException("GenericSigner not initialised for verification"); } byte[] hash = new byte[digest.getDigestSize()]; digest.doFinal(hash, 0); try { byte[] sig = engine.processBlock(signature, 0, signature.length); return Arrays.constantTimeAreEqual(sig, hash); } catch (Exception e) { return false; } }
protected void processFinishedMessage(ByteArrayInputStream buf) throws IOException { if (expected_verify_data == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); assertEmpty(buf); /* * Compare both checksums. */ if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { /* * Wrong checksum in the finished message. */ throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
/** * Return true if the passed in commitment represents a commitment to the passed in message. * * @param commitment a commitment previously generated. * @param message the message that was expected to have been committed to. * @return true if commitment matches message, false otherwise. */ public boolean isRevealed(Commitment commitment, byte[] message) { if (message.length + commitment.getSecret().length != byteLength) { throw new DataLengthException("Message and witness secret lengths do not match."); } byte[] calcCommitment = calculateCommitment(commitment.getSecret(), message); return Arrays.constantTimeAreEqual(commitment.getCommitment(), calcCommitment); }
/** * Return true if the passed in commitment represents a commitment to the passed in message. * * @param commitment a commitment previously generated. * @param message the message that was expected to have been committed to. * @return true if commitment matches message, false otherwise. */ public boolean isRevealed(Commitment commitment, byte[] message) { if (message.length + commitment.getSecret().length != byteLength) { throw new DataLengthException("Message and witness secret lengths do not match."); } byte[] calcCommitment = calculateCommitment(commitment.getSecret(), message); return Arrays.constantTimeAreEqual(commitment.getCommitment(), calcCommitment); }
public byte[] unwrap(byte[] input, int inOff, int inLen) throws InvalidCipherTextException { byte[] decKey = new byte[inLen - mac.getMacSize()]; cipher.processBlock(input, inOff, decKey, 0); cipher.processBlock(input, inOff + 8, decKey, 8); cipher.processBlock(input, inOff + 16, decKey, 16); cipher.processBlock(input, inOff + 24, decKey, 24); byte[] macResult = new byte[mac.getMacSize()]; mac.update(decKey, 0, decKey.length); mac.doFinal(macResult, 0); byte[] macExpected = new byte[mac.getMacSize()]; System.arraycopy(input, inOff + inLen - 4, macExpected, 0, mac.getMacSize()); if (!Arrays.constantTimeAreEqual(macResult, macExpected)) { throw new IllegalStateException("mac mismatch"); } return decKey; } }
public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len) throws IOException { int macSize = readMac.getSize(); if (len < macSize) { throw new TlsFatalAlert(AlertDescription.decode_error); } int macInputLen = len - macSize; byte[] receivedMac = Arrays.copyOfRange(ciphertext, offset + macInputLen, offset + len); byte[] computedMac = readMac.calculateMac(seqNo, type, ciphertext, offset, macInputLen); if (!Arrays.constantTimeAreEqual(receivedMac, computedMac)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } return Arrays.copyOfRange(ciphertext, offset, offset + macInputLen); } }
protected void processFinishedMessage(ByteArrayInputStream buf) throws IOException { if (expected_verify_data == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); assertEmpty(buf); /* * Compare both checksums. */ if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) { /* * Wrong checksum in the finished message. */ throw new TlsFatalAlert(AlertDescription.decrypt_error); } if (null == securityParameters.getTLSUnique()) { securityParameters.tlsUnique = verify_data; } }
public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len) throws IOException { if (readMac == null) { return Arrays.copyOfRange(ciphertext, offset, offset + len); } int macSize = readMac.getSize(); if (len < macSize) { throw new TlsFatalAlert(AlertDescription.decode_error); } int macInputLen = len - macSize; byte[] receivedMac = Arrays.copyOfRange(ciphertext, offset + macInputLen, offset + len); byte[] computedMac = readMac.calculateMac(seqNo, type, ciphertext, offset, macInputLen); if (!Arrays.constantTimeAreEqual(receivedMac, computedMac)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } return Arrays.copyOfRange(ciphertext, offset, offset + macInputLen); } }
public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len) throws IOException { if (getPlaintextLimit(len) < 0) { throw new TlsFatalAlert(AlertDescription.decode_error); } KeyParameter macKey = initRecord(decryptCipher, false, seqNo, decryptIV); int plaintextLength = len - 16; byte[] additionalData = getAdditionalData(seqNo, type, plaintextLength); byte[] calculatedMAC = calculateRecordMAC(macKey, additionalData, ciphertext, offset, plaintextLength); byte[] receivedMAC = Arrays.copyOfRange(ciphertext, offset + plaintextLength, offset + len); if (!Arrays.constantTimeAreEqual(calculatedMAC, receivedMAC)) { throw new TlsFatalAlert(AlertDescription.bad_record_mac); } byte[] output = new byte[plaintextLength]; decryptCipher.processBytes(ciphertext, offset, plaintextLength, output, 0); return output; }
/** * Verify the MacData attached to the PFX is consistent with what is expected. * * @param macCalcProviderBuilder provider builder for the calculator for the MAC * @param password password to use * @return true if mac data is valid, false otherwise. * @throws PKCSException if there is a problem evaluating the MAC. * @throws IllegalStateException if no MAC is actually present */ public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password) throws PKCSException { if (hasMac()) { MacData pfxmData = pfx.getMacData(); MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue())))); try { MacData mData = mdGen.build( password, ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets()); return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded()); } catch (IOException e) { throw new PKCSException("unable to process AuthSafe: " + e.getMessage()); } } throw new IllegalStateException("no MAC present on PFX"); }
public boolean verifySignature(byte[] message, byte[] signature) { /* parse signature and public key */ XMSSSignature sig = new XMSSSignature.Builder(params).withSignature(signature).build(); /* generate public key */ int index = sig.getIndex(); /* reinitialize WOTS+ object */ params.getWOTSPlus().importKeys(new byte[params.getDigestSize()], publicKey.getPublicSeed()); /* create message digest */ byte[] concatenated = Arrays.concatenate(sig.getRandom(), publicKey.getRoot(), XMSSUtil.toBytesBigEndian(index, params.getDigestSize())); byte[] messageDigest = khf.HMsg(concatenated, message); int xmssHeight = params.getHeight(); int indexLeaf = XMSSUtil.getLeafIndex(index, xmssHeight); /* get root from signature */ OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withOTSAddress(index).build(); XMSSNode rootNodeFromSignature = XMSSVerifierUtil.getRootNodeFromSignature(params.getWOTSPlus(), xmssHeight, messageDigest, sig, otsHashAddress, indexLeaf); return Arrays.constantTimeAreEqual(rootNodeFromSignature.getValue(), publicKey.getRoot()); }