use of com.github.zhenwei.core.asn1.misc.ScryptParams in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method generatePkbdAlgorithmIdentifier.
private KeyDerivationFunc generatePkbdAlgorithmIdentifier(PBKDFConfig pbkdfConfig, int keySizeInBytes) {
if (MiscObjectIdentifiers.id_scrypt.equals(pbkdfConfig.getAlgorithm())) {
ScryptConfig scryptConfig = (ScryptConfig) pbkdfConfig;
byte[] pbkdSalt = new byte[scryptConfig.getSaltLength()];
getDefaultSecureRandom().nextBytes(pbkdSalt);
ScryptParams params = new ScryptParams(pbkdSalt, scryptConfig.getCostParameter(), scryptConfig.getBlockSize(), scryptConfig.getParallelizationParameter(), keySizeInBytes);
return new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params);
} else {
PBKDF2Config pbkdf2Config = (PBKDF2Config) pbkdfConfig;
byte[] pbkdSalt = new byte[pbkdf2Config.getSaltLength()];
getDefaultSecureRandom().nextBytes(pbkdSalt);
return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(pbkdSalt, pbkdf2Config.getIterationCount(), keySizeInBytes, pbkdf2Config.getPRF()));
}
}
use of com.github.zhenwei.core.asn1.misc.ScryptParams in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method generatePkbdAlgorithmIdentifier.
private KeyDerivationFunc generatePkbdAlgorithmIdentifier(KeyDerivationFunc baseAlg, int keySizeInBytes) {
if (MiscObjectIdentifiers.id_scrypt.equals(baseAlg.getAlgorithm())) {
ScryptParams oldParams = ScryptParams.getInstance(baseAlg.getParameters());
byte[] pbkdSalt = new byte[oldParams.getSalt().length];
getDefaultSecureRandom().nextBytes(pbkdSalt);
ScryptParams params = new ScryptParams(pbkdSalt, oldParams.getCostParameter(), oldParams.getBlockSize(), oldParams.getParallelizationParameter(), BigInteger.valueOf(keySizeInBytes));
return new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params);
} else {
PBKDF2Params oldParams = PBKDF2Params.getInstance(baseAlg.getParameters());
byte[] pbkdSalt = new byte[oldParams.getSalt().length];
getDefaultSecureRandom().nextBytes(pbkdSalt);
PBKDF2Params params = new PBKDF2Params(pbkdSalt, oldParams.getIterationCount().intValue(), keySizeInBytes, oldParams.getPrf());
return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, params);
}
}
use of com.github.zhenwei.core.asn1.misc.ScryptParams in project LinLong-Java by zhenwei1108.
the class JcePKCSPBEInputDecryptorProviderBuilder method build.
public InputDecryptorProvider build(final char[] password) {
return new InputDecryptorProvider() {
private Cipher cipher;
private AlgorithmIdentifier encryptionAlg;
public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) throws OperatorCreationException {
SecretKey key;
ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
try {
if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
cipher = helper.createCipher(algorithm.getId());
cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, wrongPKCS12Zero, pbeParams.getIV(), pbeParams.getIterations().intValue()));
encryptionAlg = algorithmIdentifier;
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
PBES2Parameters alg = PBES2Parameters.getInstance(algorithmIdentifier.getParameters());
if (MiscObjectIdentifiers.id_scrypt.equals(alg.getKeyDerivationFunc().getAlgorithm())) {
ScryptParams params = ScryptParams.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
SecretKeyFactory keyFact = helper.createSecretKeyFactory("SCRYPT");
key = keyFact.generateSecret(new ScryptKeySpec(password, params.getSalt(), params.getCostParameter().intValue(), params.getBlockSize().intValue(), params.getParallelizationParameter().intValue(), keySizeProvider.getKeySize(encScheme)));
} else {
SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
if (func.isDefaultPrf()) {
key = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme)));
} else {
key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme), func.getPrf()));
}
}
cipher = helper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId());
encryptionAlg = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
if (encParams instanceof ASN1OctetString) {
cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
} else if (encParams instanceof ASN1Sequence && isCCMorGCM(alg.getEncryptionScheme())) {
AlgorithmParameters params = AlgorithmParameters.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
params.init(((ASN1Sequence) encParams).getEncoded());
cipher.init(Cipher.DECRYPT_MODE, key, params);
} else if (// absent parameters
encParams == null) {
cipher.init(Cipher.DECRYPT_MODE, key);
} else {
// TODO: at the moment it's just GOST, but...
GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
cipher.init(Cipher.DECRYPT_MODE, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
}
} else if (algorithm.equals(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC) || algorithm.equals(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC)) {
PBEParameter pbeParams = PBEParameter.getInstance(algorithmIdentifier.getParameters());
cipher = helper.createCipher(algorithm.getId());
cipher.init(Cipher.DECRYPT_MODE, new PBKDF1Key(password, PasswordConverter.ASCII), new PBEParameterSpec(pbeParams.getSalt(), pbeParams.getIterationCount().intValue()));
} else {
throw new OperatorCreationException("unable to create InputDecryptor: algorithm " + algorithm + " unknown.");
}
} catch (Exception e) {
throw new OperatorCreationException("unable to create InputDecryptor: " + e.getMessage(), e);
}
return new InputDecryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return encryptionAlg;
}
public InputStream getInputStream(InputStream input) {
return new CipherInputStream(input, cipher);
}
};
}
};
}
use of com.github.zhenwei.core.asn1.misc.ScryptParams in project LinLong-Java by zhenwei1108.
the class JcePKCSPBEOutputEncryptorBuilder method build.
public OutputEncryptor build(final char[] password) throws OperatorCreationException {
final Cipher cipher;
SecretKey key;
if (random == null) {
random = new SecureRandom();
}
final AlgorithmIdentifier encryptionAlg;
try {
if (isPKCS12(algorithm)) {
byte[] salt = new byte[20];
random.nextBytes(salt);
cipher = helper.createCipher(algorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, new PKCS12KeyWithParameters(password, salt, iterationCount));
encryptionAlg = new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
PBKDFConfig pbkDef = (pbkdf == null) ? pbkdfBuilder.build() : pbkdf;
if (MiscObjectIdentifiers.id_scrypt.equals(pbkDef.getAlgorithm())) {
ScryptConfig skdf = (ScryptConfig) pbkDef;
byte[] salt = new byte[skdf.getSaltLength()];
random.nextBytes(salt);
ScryptParams params = new ScryptParams(salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter());
SecretKeyFactory keyFact = helper.createSecretKeyFactory("SCRYPT");
key = keyFact.generateSecret(new ScryptKeySpec(password, salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
cipher = helper.createCipher(keyEncAlgorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
AlgorithmParameters algP = cipher.getParameters();
PBES2Parameters algParams;
if (algP != null) {
algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
} else {
algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm));
}
encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
} else {
PBKDF2Config pkdf = (PBKDF2Config) pbkDef;
byte[] salt = new byte[pkdf.getSaltLength()];
random.nextBytes(salt);
SecretKeyFactory keyFact = helper.createSecretKeyFactory(JceUtils.getAlgorithm(pkdf.getPRF().getAlgorithm()));
key = keyFact.generateSecret(new PBEKeySpec(password, salt, pkdf.getIterationCount(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
cipher = helper.createCipher(keyEncAlgorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
AlgorithmParameters algP = cipher.getParameters();
PBES2Parameters algParams;
if (algP != null) {
algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
} else {
algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm));
}
encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
}
} else {
throw new OperatorCreationException("unrecognised algorithm");
}
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return encryptionAlg;
}
public OutputStream getOutputStream(OutputStream out) {
return new CipherOutputStream(out, cipher);
}
public GenericKey getKey() {
if (isPKCS12(encryptionAlg.getAlgorithm())) {
return new GenericKey(encryptionAlg, PKCS12PasswordToBytes(password));
} else {
return new GenericKey(encryptionAlg, PKCS5PasswordToBytes(password));
}
}
};
} catch (Exception e) {
throw new OperatorCreationException("unable to create OutputEncryptor: " + e.getMessage(), e);
}
}
use of com.github.zhenwei.core.asn1.misc.ScryptParams in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineStore.
public void engineStore(OutputStream outputStream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
if (creationDate == null) {
throw new IOException("KeyStore not initialized");
}
EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(hmacAlgorithm, password);
// update the salt
if (MiscObjectIdentifiers.id_scrypt.equals(hmacPkbdAlgorithm.getAlgorithm())) {
ScryptParams sParams = ScryptParams.getInstance(hmacPkbdAlgorithm.getParameters());
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, sParams.getKeyLength().intValue());
} else {
PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(hmacPkbdAlgorithm.getParameters());
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, pbkdf2Params.getKeyLength().intValue());
}
byte[] mac;
try {
mac = calculateMac(encStoreData.getEncoded(), hmacAlgorithm, hmacPkbdAlgorithm, password);
} catch (NoSuchProviderException e) {
throw new IOException("cannot calculate mac: " + e.getMessage());
}
ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(hmacAlgorithm, hmacPkbdAlgorithm, mac)));
outputStream.write(store.getEncoded());
outputStream.flush();
}
Aggregations