List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider BouncyCastleProvider
public BouncyCastleProvider()
From source file:de.rub.nds.tlsattacker.attacks.pkcs1.MangerAttackServerTest.java
License:Apache License
@Test @Ignore/*from ww w . j a v a 2s . c om*/ public final void testMangerAttack() throws Exception { Security.addProvider(new BouncyCastleProvider()); ClientCommandConfig config = new ClientCommandConfig(); config.setConnect(CONNECT); List<CipherSuite> ciphersuites = new LinkedList<>(); ciphersuites.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA); config.setCipherSuites(ciphersuites); RSAPublicKey publicKey = (RSAPublicKey) CertificateFetcher.fetchServerPublicKey(config); byte[] plainBytes = new byte[PREMASTER_SECRET_LENGTH]; Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] cipherBytes = cipher.doFinal(plainBytes); config.setTlsTimeout(50); Pkcs1Oracle oracle = new RealDirectMessagePkcs1Oracle(publicKey, config); long start = System.currentTimeMillis(); // we are handling plaintexts, so we insert raw message there Manger attacker = new Manger(cipherBytes, oracle); attacker.attack(); BigInteger solution = attacker.getSolution(); System.out.println(ArrayConverter.bytesToHexString(solution.toByteArray())); byte[] array = solution.toByteArray(); byte[] last48 = Arrays.copyOfRange(array, array.length - PREMASTER_SECRET_LENGTH - 1, array.length - 1); Assert.assertArrayEquals(plainBytes, last48); System.out.println("Queries: " + oracle.getNumberOfQueries()); System.out.println("Lasted: " + (System.currentTimeMillis() - start) + " millis."); }
From source file:de.rub.nds.tlsattacker.dtls.workflow.Dtls12WorkflowExecutorTest.java
License:Apache License
public Dtls12WorkflowExecutorTest() { Security.removeProvider("SunPKCS11-NSS"); Security.addProvider(new BouncyCastleProvider()); }
From source file:de.rub.nds.tlsattacker.testsuite.Main.java
License:Apache License
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); GeneralConfig generalConfig = new GeneralConfig(); JCommander jc = new JCommander(generalConfig); ServerTestConfig stconfig = new ServerTestConfig(); jc.addCommand(ServerTestConfig.COMMAND, stconfig); jc.parse(args);/*from w ww.j a va 2 s . c o m*/ if (generalConfig.isHelp() || jc.getParsedCommand() == null) { jc.usage(); return; } switch (jc.getParsedCommand()) { case ServerTestConfig.COMMAND: ServerTestSuite st = new ServerTestSuite(stconfig, generalConfig); st.startTests(); return; default: throw new ConfigurationException("No command found"); } }
From source file:de.rub.nds.tlsattacker.testtls.Main.java
License:Apache License
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); GeneralConfig generalConfig = new GeneralConfig(); JCommander jc = new JCommander(generalConfig); TestServerConfig config = new TestServerConfig(); jc.addCommand(TestServerConfig.COMMAND, config); jc.parse(args);//from w ww.j a va 2 s . c o m if (generalConfig.isHelp() || jc.getParsedCommand() == null) { jc.usage(); return; } switch (jc.getParsedCommand()) { case TestServerConfig.COMMAND: TestTLSServer st = new TestTLSServer(config, generalConfig); st.startTests(); return; default: throw new ConfigurationException("No command found"); } }
From source file:de.rub.nds.tlsattacker.tls.config.ConfigHandler.java
License:Apache License
/** * Initializes TLS Attacker according to the config file. In addition, it * adds the Bouncy Castle provider and removes the PKCS#11 security provider * since there are some problems when handling ECC. * // w ww . ja va2 s. com * @param config */ public void initialize(GeneralConfig config) { // ECC does not work properly in the NSS provider Security.removeProvider("SunPKCS11-NSS"); Security.addProvider(new BouncyCastleProvider()); LOGGER.debug("Using the following security providers"); for (Provider p : Security.getProviders()) { LOGGER.debug("Provider {}, version, {}", p.getName(), p.getVersion()); } LoggerContext ctx = (LoggerContext) LogManager.getContext(false); Configuration ctxConfig = ctx.getConfiguration(); LoggerConfig loggerConfig = ctxConfig.getLoggerConfig(LogManager.ROOT_LOGGER_NAME); if (config.isDebug()) { loggerConfig.setLevel(Level.DEBUG); ctx.updateLoggers(); } else if (config.isQuiet()) { loggerConfig.setLevel(Level.OFF); ctx.updateLoggers(); } else if (config.getLogLevel() != null) { loggerConfig.setLevel(config.getLogLevel()); ctx.updateLoggers(); } // remove stupid Oracle JDK security restriction (otherwise, it is not // possible to use strong crypto with Oracle JDK) try { Field field = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted"); field.setAccessible(true); field.set(null, java.lang.Boolean.FALSE); } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException ex) { throw new ConfigurationException("Not possible to use unrestricted policy in Oracle JDK", ex); } }
From source file:de.rub.nds.tlsattacker.tls.misc.UnlimitedStrengthTest.java
License:Apache License
@Test public void testAES256() throws Exception { try {/*from w w w .j a v a2 s . c o m*/ Field field = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted"); field.setAccessible(true); field.set(null, java.lang.Boolean.FALSE); Cipher encryptCipher = Cipher.getInstance("AES/CBC/NoPadding", new BouncyCastleProvider()); IvParameterSpec encryptIv = new IvParameterSpec(new byte[16]); SecretKey encryptKey = new SecretKeySpec(new byte[32], "AES"); encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey, encryptIv); } catch (InvalidKeyException ex) { logger.warn("AES256 is probably not supported, you have to install Java Cryptography " + "Extension (JCE) Unlimited Strength Jurisdiction Policy Files."); } }
From source file:de.rub.nds.tlsattacker.tls.protocol.handshake.DHEServerKeyExchangeHandlerTest.java
License:Apache License
public DHEServerKeyExchangeHandlerTest() { // ECC does not work properly in the NSS provider Security.removeProvider("SunPKCS11-NSS"); Security.addProvider(new BouncyCastleProvider()); tlsContext = new TlsContext(); tlsContext.setClientRandom(clientRandom); tlsContext.setServerRandom(serverRandom); try {/*w w w. java 2 s. c om*/ KeyStore ks = KeystoreHandler.loadKeyStore("../resources/rsa1024.jks", "password"); tlsContext.setKeyStore(ks); tlsContext.setAlias("alias"); tlsContext.setPassword("password"); } catch (CertificateException | KeyStoreException | IOException | NoSuchAlgorithmException ex) { throw new ConfigurationException("Something went wrong loading key from Keystore", ex); } handler = new DHEServerKeyExchangeHandler(tlsContext); }
From source file:de.rub.nds.tlsattacker.tls.protocol.handshake.RSAClientKeyExchangeHandlerTest.java
License:Apache License
public RSAClientKeyExchangeHandlerTest() { // ECC does not work properly in the NSS provider Security.removeProvider("SunPKCS11-NSS"); Security.addProvider(new BouncyCastleProvider()); tlsContext = new TlsContext(); tlsContext.setSelectedCipherSuite(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA); tlsContext.setClientRandom(clientRandom); tlsContext.setServerRandom(serverRandom); try {/*from w ww .jav a 2s . c om*/ KeyStore ks = KeystoreHandler.loadKeyStore("../resources/rsa1024.jks", "password"); tlsContext.setKeyStore(ks); tlsContext.setAlias("alias"); tlsContext.setPassword("password"); } catch (CertificateException | KeyStoreException | IOException | NoSuchAlgorithmException ex) { throw new ConfigurationException( "Something went wrong loading key from Keystore or decrypting Premastersecret", ex); } try { String alias = tlsContext.getAlias(); java.security.cert.Certificate sunCert = tlsContext.getKeyStore().getCertificate(alias); if (alias == null || sunCert == null) { throw new ConfigurationException("The certificate cannot be fetched. Have you provided correct " + "certificate alias and key? (Current alias: " + alias + ")"); } byte[] certBytes = sunCert.getEncoded(); ASN1Primitive asn1Cert = TlsUtils.readDERObject(certBytes); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate .getInstance(asn1Cert); org.bouncycastle.asn1.x509.Certificate[] certs = new org.bouncycastle.asn1.x509.Certificate[1]; certs[0] = cert; Certificate tlsCerts = new Certificate(certs); X509CertificateObject x509CertObject = new X509CertificateObject(tlsCerts.getCertificateAt(0)); tlsContext.setServerCertificate(tlsCerts.getCertificateAt(0)); tlsContext.setX509ServerCertificateObject(x509CertObject); } catch (KeyStoreException | CertificateEncodingException | IOException | CertificateParsingException ex) { throw new ConfigurationException("Certificate with the selected alias could not be found", ex); } handler = new RSAClientKeyExchangeHandler(tlsContext); }
From source file:de.rub.nds.tlsattacker.tls.record.RecordHandlerTest.java
License:Apache License
public RecordHandlerTest() { Security.addProvider(new BouncyCastleProvider()); ClientCommandConfig config = new ClientCommandConfig(); WorkflowConfigurationFactory factory = WorkflowConfigurationFactory.createInstance(config); TlsContext context = factory.createHandshakeTlsContext(); context.setRecordHandler(new RecordHandler(context)); recordHandler = context.getRecordHandler(); }
From source file:de.rub.nds.tlsattacker.tls.TlsClientTest.java
License:Apache License
public TlsClientTest() { Security.addProvider(new BouncyCastleProvider()); }