/** Key Derivation Function for client.dat: Use the database key as an HMAC key to an HMAC * of the key plus some constant plus the storeIdentifier. * @return An encryption key, as byte[]. */ public byte[] getKeyForClientLayer() { byte[] full = new byte[databaseKey.length+CLIENT_LAYER.length]; int x = 0; System.arraycopy(databaseKey, 0, full, 0, databaseKey.length); x += databaseKey.length; System.arraycopy(CLIENT_LAYER, 0, full, x, CLIENT_LAYER.length); return HMAC.macWithSHA256(databaseKey, full); }
public static boolean verifyWithSHA256(byte[] K, byte[] text, byte[] mac) { return verify(HMAC.SHA2_256, K, text, mac); } }
public void testSHA256SignVerify() { byte[] key = new byte[32]; random.nextBytes(key); byte[] hmac = HMAC.macWithSHA256(key, plaintext); assertNotNull(hmac); assertTrue(HMAC.verifyWithSHA256(key, plaintext, hmac)); }
decypheredPayloadOffset += JFK_PREFIX_RESPONDER.length; System.arraycopy(payload, inputOffset, decypheredPayload, decypheredPayloadOffset, payload.length-inputOffset); if(!HMAC.verifyWithSHA256(pn.jfkKa, decypheredPayload, hmac)) { Logger.normal(this, "The digest-HMAC doesn't match; let's discard the packet - "+pn.getPeer()); return false;
public static byte[] macWithSHA256(byte[] K, byte[] text) { return mac(HMAC.SHA2_256, K, text); }
if(!HMAC.verifyWithSHA256(getTransientKey(), assembleJFKAuthenticator(responderExponential, initiatorExponential, nonceResponder, nonceInitiatorHashed, replyTo.getAddress().getAddress()) , authenticator)) { if(shouldLogErrorInHandshake(t1)) { if(logDEBUG) Logger.debug(this, "We received the following HMAC : " + HexUtil.bytesToHex(authenticator)); decypheredPayloadOffset += JFK_PREFIX_INITIATOR.length; System.arraycopy(payload, inputOffset, decypheredPayload, decypheredPayloadOffset, decypheredPayload.length-decypheredPayloadOffset); if(!HMAC.verifyWithSHA256(Ka, decypheredPayload, hmac)) { Logger.error(this, "The inner-HMAC doesn't match; let's discard the packet JFK(3) - "+pn); return;
public static boolean verify(HMAC hash, byte[] key, byte[] data, byte[] mac) { return MessageDigest.isEqual(mac, mac(hash, key, data)); }
/** Key Derivation Function for plugin stores: Use the database key as an HMAC key to an HMAC * of the key plus some constant plus the storeIdentifier. * @param storeIdentifier The classname of the plugin, used as part of a filename. * @return An encryption key, as byte[]. */ public byte[] getPluginStoreKey(String storeIdentifier) { try { byte[] id = storeIdentifier.getBytes("UTF-8"); byte[] full = new byte[databaseKey.length+PLUGIN.length+id.length]; int x = 0; System.arraycopy(databaseKey, 0, full, 0, databaseKey.length); x += databaseKey.length; System.arraycopy(PLUGIN, 0, full, x, PLUGIN.length); x += PLUGIN.length; System.arraycopy(id, 0, full, x, id.length); return HMAC.macWithSHA256(databaseKey, full); } catch (UnsupportedEncodingException e) { throw new Error(e); } }
byte[] authenticator = ((ShortBuffer) m.getObject(DMT.OFFER_AUTHENTICATOR)).getData(); long uid = m.getLong(DMT.UID); if(!HMAC.verifyWithSHA256(node.failureTable.offerAuthenticatorKey, key.getFullKey(), authenticator)) { Logger.error(this, "Invalid offer request from "+source+" : authenticator did not verify"); try {
private byte[] computeJFKSharedKey(byte[] exponential, byte[] nI, byte[] nR, String what) { assert("0".equals(what) || "1".equals(what) || "2".equals(what) || "3".equals(what) || "4".equals(what) || "5".equals(what) || "6".equals(what) || "7".equals(what)); byte[] number = null; try { number = what.getBytes("UTF-8"); } catch (UnsupportedEncodingException e) { throw new Error("Impossible: JVM doesn't support UTF-8: " + e, e); } byte[] toHash = new byte[nI.length + nR.length + number.length]; int offset = 0; System.arraycopy(nI, 0, toHash, offset, nI.length); offset += nI.length; System.arraycopy(nR, 0, toHash, offset, nR.length); offset += nR.length; System.arraycopy(number, 0, toHash, offset, number.length); return HMAC.macWithSHA256(exponential, toHash); }
/** Offer a key to this node */ public void offer(Key key) { byte[] keyBytes = key.getFullKey(); // FIXME maybe the authenticator should be shorter than 32 bytes to save memory? byte[] authenticator = HMAC.macWithSHA256(node.failureTable.offerAuthenticatorKey, keyBytes); Message msg = DMT.createFNPOfferKey(key, authenticator); try { sendAsync(msg, null, node.nodeStats.sendOffersCtr); } catch(NotConnectedException e) { // Ignore } }
public void testWrongKeySize() { byte[] keyTooLong = new byte[31]; byte[] keyTooShort = new byte[29]; random.nextBytes(keyTooLong); random.nextBytes(keyTooShort); try { HMAC.macWithSHA256(keyTooLong, plaintext); fail(); } catch (IllegalArgumentException e) { // This is expected } try { HMAC.macWithSHA256(keyTooShort, plaintext); fail(); } catch (IllegalArgumentException e) { // This is expected } }
/** Must NOT modify buf contents. */ private NPFPacket decipherFromSeqnum(byte[] buf, int offset, int length, SessionKey sessionKey, int sequenceNumber) { BlockCipher ivCipher = sessionKey.ivCipher; byte[] IV = new byte[ivCipher.getBlockSize() / 8]; System.arraycopy(sessionKey.ivNonce, 0, IV, 0, IV.length); IV[IV.length - 4] = (byte) (sequenceNumber >>> 24); IV[IV.length - 3] = (byte) (sequenceNumber >>> 16); IV[IV.length - 2] = (byte) (sequenceNumber >>> 8); IV[IV.length - 1] = (byte) (sequenceNumber); ivCipher.encipher(IV, IV); byte[] payload = Arrays.copyOfRange(buf, offset + HMAC_LENGTH, offset + length); byte[] hash = Arrays.copyOfRange(buf, offset, offset + HMAC_LENGTH); byte[] localHash = Arrays.copyOf(HMAC.macWithSHA256(sessionKey.hmacKey, payload), HMAC_LENGTH); if (!MessageDigest.isEqual(hash, localHash)) { if (logMINOR) { Logger.minor(this, "Failed to validate the HMAC using TrackerID="+sessionKey.trackerID); } return null; } PCFBMode payloadCipher = PCFBMode.create(sessionKey.incommingCipher, IV); payloadCipher.blockDecipher(payload, 0, payload.length); NPFPacket p = NPFPacket.create(payload, pn); NewPacketFormatKeyContext keyContext = sessionKey.packetContext; synchronized(this) { if(seqNumGreaterThan(sequenceNumber, keyContext.highestReceivedSeqNum, 31)) { keyContext.highestReceivedSeqNum = sequenceNumber; } } return p; }
public void testKnownVectors() { byte[] hmac = HMAC.macWithSHA256(knownKey, plaintext); assertEquals(Hex.toHexString(hmac), Hex.toHexString(knownSHA256)); }
if(sig.length != getSignatureLength(negType)) throw new IllegalStateException("This shouldn't happen: please report! We are attempting to send "+sig.length+" bytes of signature in JFK2! "+pn.getPeer()); byte[] authenticator = HMAC.macWithSHA256(getTransientKey(),assembleJFKAuthenticator(myExponential, hisExponential, myNonce, nonceInitator, replyTo.getAddress().getAddress())); if(logDEBUG) Logger.debug(this, "We are using the following HMAC : " + HexUtil.bytesToHex(authenticator)); if(logDEBUG) Logger.debug(this, "We have Ni' : " + HexUtil.bytesToHex(nonceInitator));
byte[] hmac = HMAC.macWithSHA256(Ka, cyphertext);
byte[] r1 = HMAC.macWithSHA256(knownKey, plaintext); for (int j = 0; j < r1.length; j++) { count += r1[j];
System.arraycopy(data, HMAC_LENGTH, text, 0, text.length); byte[] hash = HMAC.macWithSHA256(sessionKey.hmacKey, text);
byte[] hmac = HMAC.macWithSHA256(pn.jfkKa, cleartext);