use of com.github.zhenwei.core.asn1.pkcs.PBES2Parameters in project LinLong-Java by zhenwei1108.
the class JceOpenSSLPKCS8DecryptorProviderBuilder method build.
public InputDecryptorProvider build(final char[] password) throws OperatorCreationException {
return new InputDecryptorProvider() {
public InputDecryptor get(final AlgorithmIdentifier algorithm) throws OperatorCreationException {
final Cipher cipher;
try {
if (PEMUtilities.isPKCS5Scheme2(algorithm.getAlgorithm())) {
PBES2Parameters params = PBES2Parameters.getInstance(algorithm.getParameters());
KeyDerivationFunc func = params.getKeyDerivationFunc();
EncryptionScheme scheme = params.getEncryptionScheme();
PBKDF2Params defParams = (PBKDF2Params) func.getParameters();
int iterationCount = defParams.getIterationCount().intValue();
byte[] salt = defParams.getSalt();
String oid = scheme.getAlgorithm().getId();
SecretKey key;
if (PEMUtilities.isHmacSHA1(defParams.getPrf())) {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount);
} else {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount, defParams.getPrf());
}
cipher = helper.createCipher(oid);
AlgorithmParameters algParams = helper.createAlgorithmParameters(oid);
algParams.init(scheme.getParameters().toASN1Primitive().getEncoded());
cipher.init(Cipher.DECRYPT_MODE, key, algParams);
} else if (PEMUtilities.isPKCS12(algorithm.getAlgorithm())) {
PKCS12PBEParams params = PKCS12PBEParams.getInstance(algorithm.getParameters());
cipher = helper.createCipher(algorithm.getAlgorithm().getId());
cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, params.getIV(), params.getIterations().intValue()));
} else if (PEMUtilities.isPKCS5Scheme1(algorithm.getAlgorithm())) {
PBEParameter params = PBEParameter.getInstance(algorithm.getParameters());
cipher = helper.createCipher(algorithm.getAlgorithm().getId());
cipher.init(Cipher.DECRYPT_MODE, new PBKDF1KeyWithParameters(password, new CharToByteConverter() {
public String getType() {
return "ASCII";
}
public byte[] convert(char[] password) {
// just drop hi-order byte.
return Strings.toByteArray(password);
}
}, params.getSalt(), params.getIterationCount().intValue()));
} else {
throw new PEMException("Unknown algorithm: " + algorithm.getAlgorithm());
}
return new InputDecryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algorithm;
}
public InputStream getInputStream(InputStream encIn) {
return new CipherInputStream(encIn, cipher);
}
};
} catch (IOException e) {
throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
}
}
};
}
use of com.github.zhenwei.core.asn1.pkcs.PBES2Parameters in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method decryptData.
private byte[] decryptData(String purpose, AlgorithmIdentifier protectAlgId, char[] password, byte[] encryptedData) throws IOException {
if (!protectAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2)) {
throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
}
PBES2Parameters pbes2Parameters = PBES2Parameters.getInstance(protectAlgId.getParameters());
EncryptionScheme algId = pbes2Parameters.getEncryptionScheme();
try {
Cipher c;
AlgorithmParameters algParams;
if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_CCM)) {
c = helper.createCipher("AES/CCM/NoPadding");
algParams = helper.createAlgorithmParameters("CCM");
CCMParameters ccmParameters = CCMParameters.getInstance(algId.getParameters());
algParams.init(ccmParameters.getEncoded());
} else if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_wrap_pad)) {
c = helper.createCipher("AESKWP");
algParams = null;
} else {
throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
}
byte[] keyBytes = generateKey(pbes2Parameters.getKeyDerivationFunc(), purpose, ((password != null) ? password : new char[0]), 32);
c.init(Cipher.DECRYPT_MODE, new SecretKeySpec(keyBytes, "AES"), algParams);
byte[] rv = c.doFinal(encryptedData);
return rv;
} catch (IOException e) {
throw e;
} catch (Exception e) {
throw new IOException(e.toString());
}
}
use of com.github.zhenwei.core.asn1.pkcs.PBES2Parameters in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method getEncryptedObjectStoreData.
private EncryptedObjectStoreData getEncryptedObjectStoreData(AlgorithmIdentifier integrityAlgorithm, char[] password) throws IOException, NoSuchAlgorithmException {
ObjectData[] dataArray = (ObjectData[]) entries.values().toArray(new ObjectData[entries.size()]);
KeyDerivationFunc pbkdAlgId = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, 256 / 8);
byte[] keyBytes = generateKey(pbkdAlgId, "STORE_ENCRYPTION", ((password != null) ? password : new char[0]), 256 / 8);
ObjectStoreData storeData = new ObjectStoreData(integrityAlgorithm, creationDate, lastModifiedDate, new ObjectDataSequence(dataArray), null);
EncryptedObjectStoreData encStoreData;
try {
if (storeEncryptionAlgorithm.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
Cipher c = createCipher("AES/CCM/NoPadding", keyBytes);
byte[] encOut = c.doFinal(storeData.getEncoded());
AlgorithmParameters algorithmParameters = c.getParameters();
PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_CCM, CCMParameters.getInstance(algorithmParameters.getEncoded())));
encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
} else {
Cipher c = createCipher("AESKWP", keyBytes);
byte[] encOut = c.doFinal(storeData.getEncoded());
PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_wrap_pad));
encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
}
} catch (NoSuchPaddingException e) {
throw new NoSuchAlgorithmException(e.toString());
} catch (BadPaddingException e) {
throw new IOException(e.toString());
} catch (IllegalBlockSizeException e) {
throw new IOException(e.toString());
} catch (InvalidKeyException e) {
throw new IOException(e.toString());
} catch (NoSuchProviderException e) {
throw new IOException(e.toString());
}
return encStoreData;
}
Aggregations