Examples of makwa.Makwa

makwa.Makwa
A {@code Makwa} instance implements the Makwa password hashingfunction. It is a context structure which contains some useful parameters.

The Makwa password hashing function uses as input a "password" (actually an arbitrary sequence of bytes) and produces a binary output. The parameters for this processing are the following:
- Modulus: a big integer of at least 1273 bits, at most 32768 bits. It is a composite integer, product of two prime integers; the two primes constitute the private key; Makwa can use either the modulus or the private key; processing with the private key is faster, and unlocks some features such as unescrowing.
- Hash function: a hash function is used internally, and is identified by a symbolic constant. The value 0 selects the default function, which is SHA-256.
- Salt: an arbitary sequence of bytes. Salts should strive to achieve worldwide uniqueness. This implementation generates 16-byte salts which are serialized UUID.
- Pre-hashing: a boolean flag. If pre-hashing is applied, then inputs can have an arbitrary length; however, pre-hashing is not compatible with unescrow.
- Post-hashing length: the requested output length. If that length is set to 0, then the Makwa output is the primary output: the encoding of an integer, as long as the modulus. If post-hashing is applied, then the binary output will consist of exactly that many unbiased bytes, suitable for usage as key for a symmetric cryptographic algorithm. Post-hashing allows for a shorter and unbiased output; however, it prevents offline work factor changes and unescrow.
- Work factor: the internal number of iterations (repeated modular squarings). The processing time (without the private key) is proportional to the work factor. The work factor must be a nonnegative integer.
The Makwa output can be optionally encoded as a character string as is described in section A.4 of the Makwa specification. Such a string also contains the salt value, whether pre-hashing and/or post-hashing were applied, the work factor, and a checksum for the modulus and hash function. When the Makwa output is a string, the following restrictions apply:
- The post-hashing length must be either 0 (no post hashing) or an integer greater than or equal to 10 bytes.
- The work factor must be equal to 2 or 3 multiplied by a power of 2. The smallest acceptable work factors are 2, 3, 4, 6, 8, 12, 16, 24, 32...
The modulus can be provided as a {@link BigInteger}, while the private key can be represented as a {@link MakwaPrivateKey} instance.Both modulus and private key can be encoded into bytes, using a format described in the {@link MakwaPrivateKey} class comments.
A {@code Makwa} instance contains the following parameters:
- the modulus;
- optionally, the private key;
- the hash function to use;
- whether pre-hashing should be applied by default;
- whether post-hashing should be applied by default, and, if yes, the default output length (in bytes);
- the default work factor.
These parameters shall comply to the "character string" restrictions. They are used with the "simple API". That API is what most users of Makwa should use:
- {@link #hashNewPassword}: hash a password into an encoded string. The password is internally encoded into bytes using UTF-8. A new salt is generated. The configured modulus, hash function, pre- and post-hashing parameters, and work factor, are used for this hashing.
- {@link #verifyPassword}: verify a password with regards to the provided reference output string.
- {@link #setNewWorkFactor}: modify an output string to increase or decrease its work factor. This method is applicable only if no post-hashing was applied. Decrease is possible only if the context was initialized with a private key.
- {@link #unescrow(String)}: recover the source password. This is possible only if no pre- or post-hashing was applied, and the context was initialized with a private key.
Other methods are provided, which use only the modulus (or private key) and hash function, but ignore the other initialization parameters. The pre-hashing, post-hashing length, and work factors are provided explicitly when required:
- {@link #doHash}: compute Makwa with explicit input, salt, pre-hashing, post-hashing length, and work factor.
- {@link #doHashToString}: same as {@link #doHash}, and the output is encoded into the character string format used by {@link #hashNewPassword}.
- {@link #changeWorkFactor}: modify the work factor; the work factor difference is given as parameter. A negative work factor difference is allowed if the context was initialized with a private key.
- {@link #unescrow(byte[],byte[],int)}: recover the source password. The salt and work factor must be provided explicitly. This recovery works only if a private key is known.
The {@code doKDF()} methods give a direct access to the internalKDF. These are static methods, usable without context initialization.

Each {@code Makwa} instance is thread-safe and immutable.
@version $Revision$ @author Thomas Pornin

  }


  private void checkSimple(boolean preHash,
    int postHashLength, int workFactor)
  {
    Makwa mpub = new Makwa(modulus, Makwa.SHA256,
      preHash, postHashLength, workFactor);
    Makwa mpriv = new Makwa(privKey, Makwa.SHA256,
      preHash, postHashLength, workFactor);


    String h1 = mpub.hashNewPassword("test1");
    check(mpub.verifyPassword("test1", h1));
    check(mpriv.verifyPassword("test1", h1));
    check(!mpub.verifyPassword("test2", h1));
    check(!mpriv.verifyPassword("test2", h1));
    String h2 = mpriv.hashNewPassword("test1");
    check(mpub.verifyPassword("test1", h2));
    check(mpriv.verifyPassword("test1", h2));
    check(!mpub.verifyPassword("test2", h2));
    check(!mpriv.verifyPassword("test2", h2));


    // Since each hash value uses its own salt, the strings
    // ought to be different.
    check(!h1.equals(h2));
  }

View Full Code Here

    check(!h1.equals(h2));
  }


  private void checkWFChange()
  {
    Makwa mpubSmall = new Makwa(modulus, Makwa.SHA256,
      false, 0, 384);
    Makwa mprivSmall = new Makwa(privKey, Makwa.SHA256,
      false, 0, 384);
    Makwa mpubLarge = new Makwa(modulus, Makwa.SHA256,
      false, 0, 4096);
    Makwa mprivLarge = new Makwa(privKey, Makwa.SHA256,
      false, 0, 4096);


    String hsmall = mpubSmall.hashNewPassword("test1");
    String hlarge = mpubSmall.setNewWorkFactor(hsmall, 4096);
    check(mprivLarge.verifyPassword("test1", hlarge));
    hlarge = mprivSmall.setNewWorkFactor(hsmall, 4096);
    check(mpubLarge.verifyPassword("test1", hlarge));
    hsmall = mprivLarge.setNewWorkFactor(hlarge, 384);
    check(mpubSmall.verifyPassword("test1", hsmall));
  }

View Full Code Here

  }


  private void checkUnescrow()
    throws Exception
  {
    Makwa mpub = new Makwa(modulus, Makwa.SHA256,
      false, 0, 3072);
    Makwa mpriv = new Makwa(privKey, Makwa.SHA256,
      false, 0, 3072);


    String h = mpub.hashNewPassword("test1");
    check(equals("test1".getBytes("UTF-8"),
      mpriv.unescrow(h)));
  }

View Full Code Here

  {
    MakwaDelegation md = MakwaDelegation.generate(
      PRIV2048, 4096);
    byte[] mdEnc = md.export();
    md = new MakwaDelegation(mdEnc);
    Makwa mpub = new Makwa(modulus, Makwa.SHA256,
      false, 0, 4096);
    Makwa mpriv = new Makwa(privKey, Makwa.SHA256,
      false, 0, 4096);


    Makwa.DelegationContext dc =
      mpub.hashNewPasswordDelegate("test1", md);
    byte[] req = dc.getRequest();
    byte[] ans = Makwa.processDelegationRequest(req);
    String h = dc.doFinalToString(ans);
    check(mpriv.verifyPassword("test1", h));


    dc = mpub.verifyPasswordDelegate("test1", h, md);
    req = dc.getRequest();
    ans = Makwa.processDelegationRequest(req);
    check(dc.doFinalVerify(ans));

View Full Code Here

     * is no "PHC-compliant API" in Java. However, we can still
     * check a test vector.
     */
    byte[] salt = new byte[] { 1, 2, 3, 4 };
    byte[] input = "sample for PHC".getBytes("UTF-8");
    Makwa m = new Makwa(PHC_PUB2048, 0, false, 0, 4096);
    byte[] out = m.doHash(input, salt, true, 16, 8192);
    byte[] ref = new byte[] {
      (byte)0x1d, (byte)0x4f, (byte)0x1b, (byte)0x05,
      (byte)0x58, (byte)0xe9, (byte)0x60, (byte)0xce,
      (byte)0x11, (byte)0xad, (byte)0xd5, (byte)0x20,
      (byte)0xca, (byte)0x9e, (byte)0x28, (byte)0xf3

View Full Code Here

    check(equals(out, ref));
  }


  private void speedTest()
  {
    Makwa mpub = new Makwa(modulus, Makwa.SHA256,
      false, 0, 4096);
    int wprev = 1;
    int w = 2;
    long ttprev = 0;
    byte[] input = new byte[9];
    for (;;) {
      long begin = System.currentTimeMillis();
      byte[] salt = Makwa.createSalt();
      mpub.doHash(input, salt, true, 16, w);
      long end = System.currentTimeMillis();
      long tt = end - begin;
      if (tt > 4000) {
        System.out.printf("wf/s = %.2f",
          (1000.0 * (w - wprev)) / (tt - ttprev));
        System.out.println();
        break;
      }
      ttprev = tt;
      wprev = w;
      w <<= 1;
    }


    Makwa mpriv = new Makwa(PRIV2048, 0, true, 16, 65536);
    String ref = mpriv.hashNewPassword("speedtest");
    int cc = 2;
    for (;;) {
      long begin = System.currentTimeMillis();
      for (int m = 0; m < cc; m ++) {
        mpriv.verifyPassword("speedtest", ref);
      }
      long end = System.currentTimeMillis();
      long tt = end - begin;
      if (tt > 4000) {
        System.out.printf("priv/s = %.2f",

View Full Code Here

    }


    BigInteger mod = MakwaPrivateKey.decodePublic(PUB2048);
    MakwaPrivateKey pkey = new MakwaPrivateKey(PRIV2048);
    check(mod.equals(pkey.getModulus()));
    Makwa mpub = new Makwa(mod, Makwa.SHA256, false, 0, 1024);
    Makwa mpriv = new Makwa(pkey, Makwa.SHA256, false, 0, 1024);


    /*
     * Some KDF test vectors.
     */
    for (int i = 0; i < 200; i ++) {
      byte[] input = new byte[i];
      for (int j = 0; j < i; j ++) {
        input[j] = (byte)(7 * i + 83 * j);
      }
      printKDF("KDF/SHA-256", Makwa.SHA256, input, 100);
      printKDF("KDF/SHA-512", Makwa.SHA512, input, 100);
    }


    /*
     * The detailed test vector from the specification.
     */
    byte[] pi;
    try {
      String pwd = "Gego beshwaji'aaken awe makwa;"
        + " onzaam naniizaanizi.";
      pi = pwd.getBytes("UTF-8");
    } catch (Exception e) {
      throw new Error(e);
    }
    byte[] salt = new byte[] {
      (byte)0xC7, (byte)0x27, (byte)0x03, (byte)0xC2,
      (byte)0x2A, (byte)0x96, (byte)0xD9, (byte)0x99,
      (byte)0x2F, (byte)0x3D, (byte)0xEA, (byte)0x87,
      (byte)0x64, (byte)0x97, (byte)0xE3, (byte)0x92
    };
    byte[] ref = new byte[] {
      (byte)0xC9, (byte)0xCE, (byte)0xA0, (byte)0xE6,
      (byte)0xEF, (byte)0x09, (byte)0x39, (byte)0x3A,
      (byte)0xB1, (byte)0x71, (byte)0x0A, (byte)0x08
    };
    check(equals(ref, mpub.doHash(pi, salt, false, 12, 4096)));
    String detailed = mpub.encodeOutput(salt, false, 12, 4096, ref);
    System.out.println("2048-bit modulus, SHA-256");
    println("input", pi);
    println("salt", salt);
    System.out.println("pre-hashing: false");
    System.out.println("post-hashing: 12");
    println("bin4096", ref);
    System.out.println("str4096: " + detailed);
    System.out.println();


    sha256.update(ref);
    sha256.update(detailed.getBytes("UTF-8"));


    /*
     * A lot of test vectors of various sizes and parameters.
     */
    printKAT("2048-bit modulus, SHA-256", mpub, mpriv);


    mpub = new Makwa(mod, Makwa.SHA512, false, 0, 1024);
    mpriv = new Makwa(pkey, Makwa.SHA512, false, 0, 1024);
    printKAT("2048-bit modulus, SHA-512", mpub, mpriv);


    println("KAT digest", sha256.digest());
  }

View Full Code Here

TOP

Related Classes of makwa.Makwa

javax.crypto.spec.SecretKeySpec

javax.crypto.Mac

java.io.ByteArrayOutputStream

java.io.ByteArrayInputStream

java.math.BigInteger

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.