本文整理汇总了Java中org.bouncycastle.util.Arrays.constantTimeAreEqual方法的典型用法代码示例。如果您正苦于以下问题:Java Arrays.constantTimeAreEqual方法的具体用法?Java Arrays.constantTimeAreEqual怎么用?Java Arrays.constantTimeAreEqual使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.util.Arrays
的用法示例。
在下文中一共展示了Arrays.constantTimeAreEqual方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: isMacValid
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
/**
* Verify the MacData attached to the PFX is consistent with what is expected.
*
* @param macCalcProviderBuilder provider builder for the calculator for the MAC
* @param password password to use
* @return true if mac data is valid, false otherwise.
* @throws PKCSException if there is a problem evaluating the MAC.
* @throws IllegalStateException if no MAC is actually present
*/
public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password)
throws PKCSException
{
if (hasMac())
{
MacData pfxmData = pfx.getMacData();
MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue()))));
try
{
MacData mData = mdGen.build(
password,
ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets());
return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded());
}
catch (IOException e)
{
throw new PKCSException("unable to process AuthSafe: " + e.getMessage());
}
}
throw new IllegalStateException("no MAC present on PFX");
}
示例2: processFinishedMessage
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
protected void processFinishedMessage(ByteArrayInputStream buf)
throws IOException
{
byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf);
assertEmpty(buf);
/*
* Compare both checksums.
*/
if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data))
{
/*
* Wrong checksum in the finished message.
*/
this.failWithError(AlertLevel.fatal, AlertDescription.decrypt_error);
}
}
示例3: decodeCiphertext
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len)
throws IOException
{
int macSize = readMac.getSize();
if (len < macSize)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
byte[] deciphered = new byte[len];
decryptCipher.processBytes(ciphertext, offset, len, deciphered, 0);
int macInputLen = len - macSize;
byte[] receivedMac = Arrays.copyOfRange(deciphered, macInputLen, len);
byte[] computedMac = readMac.calculateMac(seqNo, type, deciphered, 0, macInputLen);
if (!Arrays.constantTimeAreEqual(receivedMac, computedMac))
{
throw new TlsFatalAlert(AlertDescription.bad_record_mac);
}
return Arrays.copyOfRange(deciphered, 0, macInputLen);
}
示例4: verifySignature
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
/**
* return true if the internal state represents the signature described in
* the passed in array.
*/
public boolean verifySignature(
byte[] signature)
{
if (forSigning)
{
throw new IllegalStateException("GenericSigner not initialised for verification");
}
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
try
{
byte[] sig = engine.processBlock(signature, 0, signature.length);
return Arrays.constantTimeAreEqual(sig, hash);
}
catch (Exception e)
{
return false;
}
}
示例5: checkCMSKeyChecksum
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
/**
* @param key
* @param checksum
* @return true if okay, false otherwise.
* @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
*/
private boolean checkCMSKeyChecksum(
byte[] key,
byte[] checksum)
{
return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum);
}
示例6: checkCMSKeyChecksum
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
/**
* @param key
* @param checksum
* @return
* @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
*/
private boolean checkCMSKeyChecksum(
byte[] key,
byte[] checksum)
{
return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum);
}
示例7: processFinished
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
protected void processFinished(byte[] body, byte[] expected_verify_data)
throws IOException
{
ByteArrayInputStream buf = new ByteArrayInputStream(body);
byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf);
TlsProtocol.assertEmpty(buf);
if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data))
{
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
}
示例8: decodeCiphertext
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len)
throws IOException
{
if (readMac == null)
{
return Arrays.copyOfRange(ciphertext, offset, offset + len);
}
int macSize = readMac.getSize();
if (len < macSize)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
int macInputLen = len - macSize;
byte[] receivedMac = Arrays.copyOfRange(ciphertext, offset + macInputLen, offset + len);
byte[] computedMac = readMac.calculateMac(seqNo, type, ciphertext, offset, macInputLen);
if (!Arrays.constantTimeAreEqual(receivedMac, computedMac))
{
throw new TlsFatalAlert(AlertDescription.bad_record_mac);
}
return Arrays.copyOfRange(ciphertext, offset, offset + macInputLen);
}
示例9: verifyRawSignature
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
public boolean verifyRawSignature(byte[] sigBytes, AsymmetricKeyParameter publicKey, byte[] md5AndSha1)
throws CryptoException
{
AsymmetricBlockCipher engine = createRSAImpl();
engine.init(false, publicKey);
byte[] signed = engine.processBlock(sigBytes, 0, sigBytes.length);
return Arrays.constantTimeAreEqual(signed, md5AndSha1);
}
示例10: unwrap
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
public byte[] unwrap(
byte[] in,
int inOff,
int inLen)
throws InvalidCipherTextException
{
if (forWrapping)
{
throw new IllegalStateException("not set for unwrapping");
}
int n = inLen / 8;
if ((n * 8) != inLen)
{
throw new InvalidCipherTextException("unwrap data must be a multiple of 8 bytes");
}
byte[] block = new byte[inLen - iv.length];
byte[] a = new byte[iv.length];
byte[] buf = new byte[8 + iv.length];
System.arraycopy(in, 0, a, 0, iv.length);
System.arraycopy(in, iv.length, block, 0, inLen - iv.length);
engine.init(false, param);
n = n - 1;
for (int j = 5; j >= 0; j--)
{
for (int i = n; i >= 1; i--)
{
System.arraycopy(a, 0, buf, 0, iv.length);
System.arraycopy(block, 8 * (i - 1), buf, iv.length, 8);
int t = n * j + i;
for (int k = 1; t != 0; k++)
{
byte v = (byte)t;
buf[iv.length - k] ^= v;
t >>>= 8;
}
engine.processBlock(buf, 0, buf, 0);
System.arraycopy(buf, 0, a, 0, 8);
System.arraycopy(buf, 8, block, 8 * (i - 1), 8);
}
}
if (!Arrays.constantTimeAreEqual(a, iv))
{
throw new InvalidCipherTextException("checksum failed");
}
return block;
}
示例11: decodeCiphertext
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
public byte[] decodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len)
throws IOException
{
int blockSize = decryptCipher.getBlockSize();
int macSize = readMac.getSize();
int minLen = Math.max(blockSize, macSize + 1);
if (useExplicitIV)
{
minLen += blockSize;
}
if (len < minLen)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
if (len % blockSize != 0)
{
throw new TlsFatalAlert(AlertDescription.decryption_failed);
}
if (useExplicitIV)
{
decryptCipher.init(false, new ParametersWithIV(null, ciphertext, offset, blockSize));
offset += blockSize;
len -= blockSize;
}
for (int i = 0; i < len; i += blockSize)
{
decryptCipher.processBlock(ciphertext, offset + i, ciphertext, offset + i);
}
// If there's anything wrong with the padding, this will return zero
int totalPad = checkPaddingConstantTime(ciphertext, offset, len, blockSize, macSize);
int macInputLen = len - totalPad - macSize;
byte[] decryptedMac = Arrays.copyOfRange(ciphertext, offset + macInputLen, offset + macInputLen + macSize);
byte[] calculatedMac = readMac.calculateMacConstantTime(seqNo, type, ciphertext, offset, macInputLen, len
- macSize, randomData);
boolean badMac = !Arrays.constantTimeAreEqual(calculatedMac, decryptedMac);
if (badMac || totalPad == 0)
{
throw new TlsFatalAlert(AlertDescription.bad_record_mac);
}
return Arrays.copyOfRange(ciphertext, offset, offset + macInputLen);
}
示例12: verifySignature
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
/**
* return true if the internal state represents the signature described in
* the passed in array.
*/
public boolean verifySignature(
byte[] signature)
{
if (forSigning)
{
throw new IllegalStateException("RSADigestSigner not initialised for verification");
}
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
byte[] sig;
byte[] expected;
try
{
sig = rsaEngine.processBlock(signature, 0, signature.length);
expected = derEncode(hash);
}
catch (Exception e)
{
return false;
}
if (sig.length == expected.length)
{
return Arrays.constantTimeAreEqual(sig, expected);
}
else if (sig.length == expected.length - 2) // NULL left out
{
int sigOffset = sig.length - hash.length - 2;
int expectedOffset = expected.length - hash.length - 2;
expected[1] -= 2; // adjust lengths
expected[3] -= 2;
int nonEqual = 0;
for (int i = 0; i < hash.length; i++)
{
nonEqual |= (sig[sigOffset + i] ^ expected[expectedOffset + i]);
}
for (int i = 0; i < sigOffset; i++)
{
nonEqual |= (sig[i] ^ expected[i]); // check header less NULL
}
return nonEqual == 0;
}
else
{
return false;
}
}
示例13: engineLoad
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
public void engineLoad(
InputStream stream,
char[] password)
throws IOException
{
table.clear();
if (stream == null) // just initialising
{
return;
}
DataInputStream dIn = new DataInputStream(stream);
int version = dIn.readInt();
if (version != STORE_VERSION)
{
if (version != 0 && version != 1)
{
throw new IOException("Wrong version of key store.");
}
}
byte[] salt = new byte[dIn.readInt()];
if (salt.length != STORE_SALT_SIZE)
{
throw new IOException("Key store corrupted.");
}
dIn.readFully(salt);
int iterationCount = dIn.readInt();
if ((iterationCount < 0) || (iterationCount > 4 * MIN_ITERATIONS))
{
throw new IOException("Key store corrupted.");
}
String cipherAlg;
if (version == 0)
{
cipherAlg = "Old" + STORE_CIPHER;
}
else
{
cipherAlg = STORE_CIPHER;
}
Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount);
CipherInputStream cIn = new CipherInputStream(dIn, cipher);
Digest dig = new SHA1Digest();
DigestInputStream dgIn = new DigestInputStream(cIn, dig);
this.loadStore(dgIn);
// Finalise our digest calculation
byte[] hash = new byte[dig.getDigestSize()];
dig.doFinal(hash, 0);
// TODO Should this actually be reading the remainder of the stream?
// Read the original digest from the stream
byte[] oldHash = new byte[dig.getDigestSize()];
Streams.readFully(cIn, oldHash);
if (!Arrays.constantTimeAreEqual(hash, oldHash))
{
table.clear();
throw new IOException("KeyStore integrity check failed.");
}
}
示例14: validate
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
/**
* Check this response against to see if it a well formed response for
* the passed in request. Validation will include checking the time stamp
* token if the response status is GRANTED or GRANTED_WITH_MODS.
*
* @param request the request to be checked against
* @throws TSPException if the request can not match this response.
*/
public void validate(
TimeStampRequest request)
throws TSPException
{
TimeStampToken tok = this.getTimeStampToken();
if (tok != null)
{
TimeStampTokenInfo tstInfo = tok.getTimeStampInfo();
if (request.getNonce() != null && !request.getNonce().equals(tstInfo.getNonce()))
{
throw new TSPValidationException("response contains wrong nonce value.");
}
if (this.getStatus() != PKIStatus.GRANTED && this.getStatus() != PKIStatus.GRANTED_WITH_MODS)
{
throw new TSPValidationException("time stamp token found in failed request.");
}
if (!Arrays.constantTimeAreEqual(request.getMessageImprintDigest(), tstInfo.getMessageImprintDigest()))
{
throw new TSPValidationException("response for different message imprint digest.");
}
if (!tstInfo.getMessageImprintAlgOID().equals(request.getMessageImprintAlgOID()))
{
throw new TSPValidationException("response for different message imprint algorithm.");
}
Attribute scV1 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
Attribute scV2 = tok.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
if (scV1 == null && scV2 == null)
{
throw new TSPValidationException("no signing certificate attribute present.");
}
if (scV1 != null && scV2 != null)
{
/*
* RFC 5035 5.4. If both attributes exist in a single message,
* they are independently evaluated.
*/
}
if (request.getReqPolicy() != null && !request.getReqPolicy().equals(tstInfo.getPolicy()))
{
throw new TSPValidationException("TSA policy wrong for request.");
}
}
else if (this.getStatus() == PKIStatus.GRANTED || this.getStatus() == PKIStatus.GRANTED_WITH_MODS)
{
throw new TSPValidationException("no time stamp token found and one expected.");
}
}
示例15: isRevealed
import org.bouncycastle.util.Arrays; //导入方法依赖的package包/类
/**
* Return true if the passed in commitment represents a commitment to the passed in maessage.
*
* @param commitment a commitment previously generated.
* @param message the message that was expected to have been committed to.
* @return true if commitment matches message, false otherwise.
*/
public boolean isRevealed(Commitment commitment, byte[] message)
{
byte[] calcCommitment = calculateCommitment(commitment.getSecret(), message);
return Arrays.constantTimeAreEqual(commitment.getCommitment(), calcCommitment);
}