From b8054933b3d07ef8bfc3bec56b2bb795c1d01e5e Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 7 Aug 2024 13:02:34 +0200 Subject: Add support for deterministic PRNG to SunEC and BouncyCastle. --- .../java/cz/crcs/ectester/common/util/Util.java | 23 +++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'common/src') diff --git a/common/src/main/java/cz/crcs/ectester/common/util/Util.java b/common/src/main/java/cz/crcs/ectester/common/util/Util.java index 5b0cd79..9e6daa2 100644 --- a/common/src/main/java/cz/crcs/ectester/common/util/Util.java +++ b/common/src/main/java/cz/crcs/ectester/common/util/Util.java @@ -1,5 +1,8 @@ package cz.crcs.ectester.common.util; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + /** * @author Jan Jancar johny@neuromancer.sk */ @@ -18,11 +21,25 @@ public class Util { public static int getVersion() { String version = System.getProperty("java.version"); - if(version.startsWith("1.")) { + if (version.startsWith("1.")) { version = version.substring(2, 3); } else { int dot = version.indexOf("."); - if(dot != -1) { version = version.substring(0, dot); } - } return Integer.parseInt(version); + if (dot != -1) { + version = version.substring(0, dot); + } + } + return Integer.parseInt(version); + } + + public static SecureRandom getRandom(byte[] seed) { + SecureRandom random; + try { + random = SecureRandom.getInstance("DRBG"); + } catch (NoSuchAlgorithmException ignored) { + return null; + } + random.setSeed(seed); + return random; } } -- cgit v1.2.3-70-g09d2 From 6e399ce3dec913be7728c2892301dd3eceb2cd83 Mon Sep 17 00:00:00 2001 From: J08nY Date: Wed, 7 Aug 2024 13:31:39 +0200 Subject: Test deterministic keygen in standalone. --- .../java/cz/crcs/ectester/common/util/Util.java | 2 +- .../ectester/standalone/ECTesterStandalone.java | 10 +++--- .../java/cz/crcs/ectester/standalone/AppTests.java | 39 ++++++++++++++++++++++ 3 files changed, 44 insertions(+), 7 deletions(-) (limited to 'common/src') diff --git a/common/src/main/java/cz/crcs/ectester/common/util/Util.java b/common/src/main/java/cz/crcs/ectester/common/util/Util.java index 9e6daa2..1d9bcf4 100644 --- a/common/src/main/java/cz/crcs/ectester/common/util/Util.java +++ b/common/src/main/java/cz/crcs/ectester/common/util/Util.java @@ -35,7 +35,7 @@ public class Util { public static SecureRandom getRandom(byte[] seed) { SecureRandom random; try { - random = SecureRandom.getInstance("DRBG"); + random = SecureRandom.getInstance("SHA1PRNG"); } catch (NoSuchAlgorithmException ignored) { return null; } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java index f358662..44fc1b4 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java @@ -31,6 +31,7 @@ import cz.crcs.ectester.common.test.TestException; import cz.crcs.ectester.common.util.ByteUtil; import cz.crcs.ectester.common.util.ECUtil; import cz.crcs.ectester.common.util.FileUtil; +import cz.crcs.ectester.common.util.Util; import cz.crcs.ectester.data.EC_Store; import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; @@ -419,8 +420,7 @@ public class ECTesterStandalone { if (cli.hasOption("ecdh.prng-seed")) { String seedString = cli.getOptionValue("ecdh.prng-seed"); byte[] seed = ByteUtil.hexToBytes(seedString, true); - random = SecureRandom.getInstance("DRBG"); - random.setSeed(seed); + random = Util.getRandom(seed); if (!lib.setupDeterministicPRNG(seed)) { System.err.println("Couldn't set PRNG seed."); return; @@ -549,8 +549,7 @@ public class ECTesterStandalone { if (cli.hasOption("ecdsa.prng-seed")) { String seedString = cli.getOptionValue("ecdsa.prng-seed"); byte[] seed = ByteUtil.hexToBytes(seedString, true); - random = SecureRandom.getInstance("DRBG"); - random.setSeed(seed); + random = Util.getRandom(seed); if (!lib.setupDeterministicPRNG(seed)) { System.err.println("Couldn't set PRNG seed."); return; @@ -754,8 +753,7 @@ public class ECTesterStandalone { if (cli.hasOption("generate.prng-seed")) { String seedString = cli.getOptionValue("generate.prng-seed"); byte[] seed = ByteUtil.hexToBytes(seedString, true); - random = SecureRandom.getInstance("DRBG"); - random.setSeed(seed); + random = Util.getRandom(seed); if (!lib.setupDeterministicPRNG(seed)) { System.err.println("Couldn't set PRNG seed."); return; diff --git a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java index d401e58..6072e68 100644 --- a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java +++ b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java @@ -10,9 +10,11 @@ import org.junitpioneer.jupiter.StdOut; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.PrintStream; +import java.util.Arrays; import java.util.Collections; import java.util.LinkedList; import java.util.List; +import java.util.stream.Collectors; import java.util.stream.Stream; import static org.junit.jupiter.api.Assertions.*; @@ -85,6 +87,43 @@ public class AppTests { return args.toArray(new String[]{}); } + @SuppressWarnings("JUnitMalformedDeclaration") + @ParameterizedTest + @MethodSource("libs") + @StdIo() + public void deterministicGenerate(String libName, StdOut out) { + String[] args = new String[]{"generate", "-ps", "123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234", "-n", "10", "-nc", "secg/secp256r1", libName}; + switch (libName) { + case "Botan": + case "Crypto++": + args = new String[]{"generate", "-ps", "123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234", "-n", "10", "-nc", "secg/secp256r1", "-t", "ECDH", libName}; + break; + case "Nettle": + case "libgcrypt": + case "wolfCrypt": + args = new String[]{"generate", "-ps", "123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234", "-n", "10", "-cn", "secp256r1", libName}; + break; + case "BoringSSL": + args = new String[]{"generate", "-ps", "123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234", "-n", "10", "-cn", "prime256v1", libName}; + break; + } + ECTesterStandalone.main(args); + String out1 = out.capturedString(); + ECTesterStandalone.main(args); + String out2 = out.capturedString().substring(out1.length()); + if (!out1.contains(";")) + return; + List lines1 = out1.lines().collect(Collectors.toList()); + List lines2 = out2.lines().collect(Collectors.toList()); + assertEquals(lines1.size(), lines2.size()); + for (int i = 0; i < lines1.size(); ++i) { + String[] parts1 = lines1.get(i).split(";"); + String[] parts2 = lines2.get(i).split(";"); + assertEquals(parts1[2], parts2[2]); + assertEquals(parts1[3], parts2[3]); + } + } + @SuppressWarnings("JUnitMalformedDeclaration") @ParameterizedTest @MethodSource("libs") -- cgit v1.2.3-70-g09d2