Example 1 with KeyDerivationFunc
use of com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc in project xwiki-commons by xwiki.
the class BcPKCS5S2KeyDerivationFunctionFactory method getInstance.
@Override
public KeyDerivationFunction getInstance(KeyDerivationFunctionParameters params) {
if (!(params instanceof PBKDF2Parameters)) {
throw new IllegalArgumentException("Invalid parameter used for PKCS5S2 function: " + params.getClass().getName());
}
PBKDF2Parameters kdfParams = (PBKDF2Parameters) params;
PKCS5S2ParametersGenerator generator;
BcDigestFactory factory = null;
if (kdfParams.getPseudoRandomFuntionHint() != null) {
factory = this.getDigestFactory(kdfParams.getPseudoRandomFuntionHint());
generator = new PKCS5S2ParametersGenerator(factory.getDigestInstance());
} else {
generator = new PKCS5S2ParametersGenerator();
}
return new AbstractBcPBKDF2(generator, (PBKDF2Parameters) params, (factory != null) ? toHmacAlgId(factory.getAlgorithmIdentifier()) : HMAC_SHA1) {
@Override
public KeyDerivationFunc getKeyDerivationFunction() {
PBKDF2Parameters parameters = (PBKDF2Parameters) getParameters();
AlgorithmIdentifier algId = getPRFAlgorithmIdentifier();
return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, (isKeySizeOverwritten()) ? new PBKDF2Params(parameters.getSalt(), parameters.getIterationCount(), algId) : new PBKDF2Params(parameters.getSalt(), parameters.getIterationCount(), parameters.getKeySize(), algId));
}
};
}
Also used :
PKCS5S2ParametersGenerator(org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator)
PBKDF2Parameters(org.xwiki.crypto.password.params.PBKDF2Parameters)
KeyDerivationFunc(org.bouncycastle.asn1.pkcs.KeyDerivationFunc)
PBKDF2Params(org.xwiki.crypto.password.internal.kdf.PBKDF2Params)
AbstractBcDigestFactory(org.xwiki.crypto.internal.digest.factory.AbstractBcDigestFactory)
BcDigestFactory(org.xwiki.crypto.internal.digest.factory.BcDigestFactory)
AbstractBcPBKDF2(org.xwiki.crypto.password.internal.kdf.AbstractBcPBKDF2)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 2 with KeyDerivationFunc
use of com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc in project xwiki-commons by xwiki.
the class BcPKCS5S2KeyDerivationFunctionFactory method getInstance.
@Override
public KeyDerivationFunction getInstance(ASN1Encodable parameters) {
KeyDerivationFunc kdf = KeyDerivationFunc.getInstance(parameters);
if (!kdf.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2)) {
throw new IllegalArgumentException("Illegal algorithm identifier for PBKDF2: " + kdf.getAlgorithm().getId());
}
PBKDF2Params params = PBKDF2Params.getInstance(kdf.getParameters());
return getInstance(new PBKDF2Parameters((params.getKeyLength() != null) ? params.getKeyLength().intValue() : -1, params.getIterationCount().intValue(), params.getSalt(), toDigestHint(params.getPseudoRandomFunctionIdentifier())));
}
Also used :
PBKDF2Parameters(org.xwiki.crypto.password.params.PBKDF2Parameters)
KeyDerivationFunc(org.bouncycastle.asn1.pkcs.KeyDerivationFunc)
PBKDF2Params(org.xwiki.crypto.password.internal.kdf.PBKDF2Params)
Example 3 with KeyDerivationFunc
use of com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc in project xwiki-commons by xwiki.
the class DefaultKeyDerivationFunctionFactory method getInstance.
@Override
public KeyDerivationFunction getInstance(byte[] encoded) {
KeyDerivationFunc func = KeyDerivationFunc.getInstance(ASN1Sequence.getInstance(encoded));
KeyDerivationFunctionFactory factory = getFactory(func.getAlgorithm().getId());
KeyDerivationFunction kdf = getBcInstance(factory, func);
if (kdf == null) {
kdf = factory.getInstance(encoded);
}
return kdf;
}
Also used :
KeyDerivationFunction(org.xwiki.crypto.password.KeyDerivationFunction)
KeyDerivationFunc(org.bouncycastle.asn1.pkcs.KeyDerivationFunc)
KeyDerivationFunctionFactory(org.xwiki.crypto.password.KeyDerivationFunctionFactory)
Example 4 with KeyDerivationFunc
use of com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc in project xwiki-commons by xwiki.
the class AbstractBcPBES2Cipher method getPBEParameters.
@Override
public AlgorithmIdentifier getPBEParameters() throws IOException {
KeyDerivationFunc kdfParams;
if (getKeyDerivationFunction() instanceof AbstractBcKDF) {
kdfParams = ((AbstractBcKDF) getKeyDerivationFunction()).getKeyDerivationFunction();
} else {
kdfParams = KeyDerivationFunc.getInstance(getKeyDerivationFunction().getEncoded());
}
EncryptionScheme scheme = getScheme(getParameters());
return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, new PBES2Parameters(kdfParams, scheme));
}
Also used :
PBES2Parameters(org.xwiki.crypto.password.internal.kdf.PBES2Parameters)
EncryptionScheme(org.bouncycastle.asn1.pkcs.EncryptionScheme)
KeyDerivationFunc(org.bouncycastle.asn1.pkcs.KeyDerivationFunc)
AbstractBcKDF(org.xwiki.crypto.password.internal.kdf.AbstractBcKDF)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 5 with KeyDerivationFunc
use of com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc in project hedera-sdk-java by hashgraph.
the class Pem method decryptPrivateKey.
private static PrivateKeyInfo decryptPrivateKey(byte[] encodedStruct, String passphrase) throws IOException {
var encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(encodedStruct));
AlgorithmIdentifier encryptAlg = encryptedPrivateKeyInfo.getEncryptionAlgorithm();
if (!encryptAlg.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2)) {
throw new BadKeyException("unsupported PEM key encryption: " + encryptAlg);
}
PBES2Parameters params = PBES2Parameters.getInstance(encryptAlg.getParameters());
KeyDerivationFunc kdf = params.getKeyDerivationFunc();
EncryptionScheme encScheme = params.getEncryptionScheme();
if (!kdf.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2)) {
throw new BadKeyException("unsupported KDF: " + kdf.getAlgorithm());
}
if (!encScheme.getAlgorithm().equals(NISTObjectIdentifiers.id_aes128_CBC)) {
throw new BadKeyException("unsupported encryption: " + encScheme.getAlgorithm());
}
PBKDF2Params kdfParams = PBKDF2Params.getInstance(kdf.getParameters());
if (!kdfParams.getPrf().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA256)) {
throw new BadKeyException("unsupported PRF: " + kdfParams.getPrf());
}
int keyLength = kdfParams.getKeyLength() != null ? kdfParams.getKeyLength().intValue() : Crypto.CBC_DK_LEN;
KeyParameter derivedKey = Crypto.deriveKeySha256(passphrase, kdfParams.getSalt(), kdfParams.getIterationCount().intValue(), keyLength);
AlgorithmParameters aesParams;
try {
aesParams = AlgorithmParameters.getInstance("AES");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
aesParams.init(encScheme.getParameters().toASN1Primitive().getEncoded());
Cipher cipher = Crypto.initAesCbc128Decrypt(derivedKey, aesParams);
byte[] decrypted = Crypto.runCipher(cipher, encryptedPrivateKeyInfo.getEncryptedData());
// we need to parse our input data as the cipher may add padding
ASN1InputStream inputStream = new ASN1InputStream(new ByteArrayInputStream(decrypted));
return PrivateKeyInfo.getInstance(inputStream.readObject());
}
Also used :
PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters)
EncryptionScheme(org.bouncycastle.asn1.pkcs.EncryptionScheme)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
ByteArrayInputStream(java.io.ByteArrayInputStream)
KeyDerivationFunc(org.bouncycastle.asn1.pkcs.KeyDerivationFunc)
PBKDF2Params(org.bouncycastle.asn1.pkcs.PBKDF2Params)
Cipher(javax.crypto.Cipher)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
KeyDerivationFunc (com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc)8
PBKDF2Params (com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)8
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)6
Cipher (javax.crypto.Cipher)6
KeyDerivationFunc (org.bouncycastle.asn1.pkcs.KeyDerivationFunc)6
ScryptParams (com.github.zhenwei.core.asn1.misc.ScryptParams)5
EncryptionScheme (com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)5
IOException (java.io.IOException)5
AlgorithmParameters (java.security.AlgorithmParameters)5
PBES2Parameters (com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)4
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)4
PBKDF2Config (com.github.zhenwei.core.crypto.util.PBKDF2Config)3
ScryptConfig (com.github.zhenwei.core.crypto.util.ScryptConfig)3
OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)3
PKCS12KeyWithParameters (com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)3
GeneralSecurityException (java.security.GeneralSecurityException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
EncryptionScheme (org.bouncycastle.asn1.pkcs.EncryptionScheme)3
ObjectData (com.github.zhenwei.core.asn1.bc.ObjectData)2
PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)2
