Last active
December 31, 2015 23:58
-
-
Save cpu/8063059 to your computer and use it in GitHub Desktop.
Example code using BSAFE & DUAL_EC_DRBG to generate n bytes of randomness from a terrifically suspect CSRNG, unlike https://gist.github.com/binaryparadox/8063008 this version allows you to supply your own backdoored curve points instead of using the NIST standard points for DUAL_EC_DRBG. You must have the BSAFE shareCrypto.jar library on your cl…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.math.BigInteger; | |
| import java.security.Provider; | |
| import java.security.SecureRandom; | |
| import java.security.Security; | |
| import com.rsa.crypto.ECPoint; | |
| import com.rsa.jsafe.provider.ECDRBGInstantiationParameterSpec; | |
| import com.rsa.jsafe.provider.ECPointVerifiable; | |
| import com.rsa.jsafe.provider.SecureRandomEx; | |
| import com.rsa.jsafe.provider.SensitiveData; | |
| //Largely cribbed from RSA BSAFE Docs. | |
| public class ShittyCrypto { | |
| private static final int NUM_BYTES = 32; | |
| public static void main(String[] args) throws Exception { | |
| int numRandBytes = NUM_BYTES; | |
| if(args.length >= 1) | |
| numRandBytes = Integer.parseInt(args[0]); | |
| System.out.println("Generating "+ numRandBytes +" bytes from Dual_EC_DRBG - <3<3 NSA"); | |
| // Create a new provider object for the JsafeJCE provider. | |
| Provider jsafeProvider = new com.rsa.jsafe.provider.JsafeJCE(); | |
| // Register provider in 1st position. | |
| int position = Security.insertProviderAt(jsafeProvider, 1); | |
| if (position != 1) { | |
| throw new RuntimeException( | |
| "Failed to insert provider at first position"); | |
| } | |
| SecureRandom random = null; | |
| byte[] randomBytes = null; | |
| try { | |
| /* | |
| * TODO TODO TODO | |
| * Need to instantiate a px, py, qx, qy BigInteger for the P and Q values | |
| * before this will compile! | |
| * TODO TODO TODO | |
| */ | |
| BigInteger px = new BigInteger(); | |
| BigInteger py = new BigInteger(); | |
| java.security.spec.ECPoint p = new java.security.spec.ECPoint(px, py); | |
| BigInteger qx = new BigInteger(); | |
| BigInteger qy = new BigInteger(); | |
| java.security.spec.ECPoint q = new java.security.spec.ECPoint(qx, qy); | |
| ECPointVerifiable pv = new ECPointVerifiable(p, null, null); | |
| ECPointVerifiable qv = new ECPointVerifiable(q, null, null); | |
| ECDRBGInstantiationParameterSpec frontDoorBackDoor = | |
| new ECDRBGInstantiationParameterSpec(pv, qv); | |
| random = SecureRandomEx.getInstance("ECDRBG128", frontDoorBackDoor); | |
| random.setSeed(generateSeed()); | |
| randomBytes = new byte[numRandBytes]; | |
| random.nextBytes(randomBytes); | |
| print(randomBytes); | |
| } finally { | |
| SensitiveData.clear(random); | |
| SensitiveData.clear(randomBytes); | |
| } | |
| } | |
| protected static void print(byte[] buffer) | |
| { | |
| BigInteger bi = new BigInteger(1, buffer); | |
| System.out.println(String.format("%0" + (buffer.length << 1) + "X", bi)); | |
| } | |
| protected static byte[] generateSeed() { | |
| SecureRandom seeder = new SecureRandom(); | |
| return seeder.generateSeed(20); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment