Search in sources :

Example 11 with PBES2Parameters

use of com.github.zhenwei.core.asn1.pkcs.PBES2Parameters in project LinLong-Java by zhenwei1108.

the class JceOpenSSLPKCS8DecryptorProviderBuilder method build.

public InputDecryptorProvider build(final char[] password) throws OperatorCreationException {
    return new InputDecryptorProvider() {

        public InputDecryptor get(final AlgorithmIdentifier algorithm) throws OperatorCreationException {
            final Cipher cipher;
            try {
                if (PEMUtilities.isPKCS5Scheme2(algorithm.getAlgorithm())) {
                    PBES2Parameters params = PBES2Parameters.getInstance(algorithm.getParameters());
                    KeyDerivationFunc func = params.getKeyDerivationFunc();
                    EncryptionScheme scheme = params.getEncryptionScheme();
                    PBKDF2Params defParams = (PBKDF2Params) func.getParameters();
                    int iterationCount = defParams.getIterationCount().intValue();
                    byte[] salt = defParams.getSalt();
                    String oid = scheme.getAlgorithm().getId();
                    SecretKey key;
                    if (PEMUtilities.isHmacSHA1(defParams.getPrf())) {
                        key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount);
                    } else {
                        key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount, defParams.getPrf());
                    }
                    cipher = helper.createCipher(oid);
                    AlgorithmParameters algParams = helper.createAlgorithmParameters(oid);
                    algParams.init(scheme.getParameters().toASN1Primitive().getEncoded());
                    cipher.init(Cipher.DECRYPT_MODE, key, algParams);
                } else if (PEMUtilities.isPKCS12(algorithm.getAlgorithm())) {
                    PKCS12PBEParams params = PKCS12PBEParams.getInstance(algorithm.getParameters());
                    cipher = helper.createCipher(algorithm.getAlgorithm().getId());
                    cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, params.getIV(), params.getIterations().intValue()));
                } else if (PEMUtilities.isPKCS5Scheme1(algorithm.getAlgorithm())) {
                    PBEParameter params = PBEParameter.getInstance(algorithm.getParameters());
                    cipher = helper.createCipher(algorithm.getAlgorithm().getId());
                    cipher.init(Cipher.DECRYPT_MODE, new PBKDF1KeyWithParameters(password, new CharToByteConverter() {

                        public String getType() {
                            return "ASCII";
                        }

                        public byte[] convert(char[] password) {
                            // just drop hi-order byte.
                            return Strings.toByteArray(password);
                        }
                    }, params.getSalt(), params.getIterationCount().intValue()));
                } else {
                    throw new PEMException("Unknown algorithm: " + algorithm.getAlgorithm());
                }
                return new InputDecryptor() {

                    public AlgorithmIdentifier getAlgorithmIdentifier() {
                        return algorithm;
                    }

                    public InputStream getInputStream(InputStream encIn) {
                        return new CipherInputStream(encIn, cipher);
                    }
                };
            } catch (IOException e) {
                throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
            } catch (GeneralSecurityException e) {
                throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
            }
        }
    };
}
Also used : PBEParameter(com.github.zhenwei.core.asn1.pkcs.PBEParameter) PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) InputStream(java.io.InputStream) PBKDF1KeyWithParameters(com.github.zhenwei.provider.jcajce.PBKDF1KeyWithParameters) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) CharToByteConverter(com.github.zhenwei.core.crypto.CharToByteConverter) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) PEMException(com.github.zhenwei.pkix.openssl.PEMException) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) Cipher(javax.crypto.Cipher) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters) AlgorithmParameters(java.security.AlgorithmParameters)

Example 12 with PBES2Parameters

use of com.github.zhenwei.core.asn1.pkcs.PBES2Parameters in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method decryptData.

private byte[] decryptData(String purpose, AlgorithmIdentifier protectAlgId, char[] password, byte[] encryptedData) throws IOException {
    if (!protectAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2)) {
        throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
    }
    PBES2Parameters pbes2Parameters = PBES2Parameters.getInstance(protectAlgId.getParameters());
    EncryptionScheme algId = pbes2Parameters.getEncryptionScheme();
    try {
        Cipher c;
        AlgorithmParameters algParams;
        if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_CCM)) {
            c = helper.createCipher("AES/CCM/NoPadding");
            algParams = helper.createAlgorithmParameters("CCM");
            CCMParameters ccmParameters = CCMParameters.getInstance(algId.getParameters());
            algParams.init(ccmParameters.getEncoded());
        } else if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_wrap_pad)) {
            c = helper.createCipher("AESKWP");
            algParams = null;
        } else {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        byte[] keyBytes = generateKey(pbes2Parameters.getKeyDerivationFunc(), purpose, ((password != null) ? password : new char[0]), 32);
        c.init(Cipher.DECRYPT_MODE, new SecretKeySpec(keyBytes, "AES"), algParams);
        byte[] rv = c.doFinal(encryptedData);
        return rv;
    } catch (IOException e) {
        throw e;
    } catch (Exception e) {
        throw new IOException(e.toString());
    }
}
Also used : PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) SecretKeySpec(javax.crypto.spec.SecretKeySpec) IOException(java.io.IOException) Cipher(javax.crypto.Cipher) CCMParameters(com.github.zhenwei.core.internal.asn1.cms.CCMParameters) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ParseException(java.text.ParseException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) AlgorithmParameters(java.security.AlgorithmParameters)

Example 13 with PBES2Parameters

use of com.github.zhenwei.core.asn1.pkcs.PBES2Parameters in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method getEncryptedObjectStoreData.

private EncryptedObjectStoreData getEncryptedObjectStoreData(AlgorithmIdentifier integrityAlgorithm, char[] password) throws IOException, NoSuchAlgorithmException {
    ObjectData[] dataArray = (ObjectData[]) entries.values().toArray(new ObjectData[entries.size()]);
    KeyDerivationFunc pbkdAlgId = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, 256 / 8);
    byte[] keyBytes = generateKey(pbkdAlgId, "STORE_ENCRYPTION", ((password != null) ? password : new char[0]), 256 / 8);
    ObjectStoreData storeData = new ObjectStoreData(integrityAlgorithm, creationDate, lastModifiedDate, new ObjectDataSequence(dataArray), null);
    EncryptedObjectStoreData encStoreData;
    try {
        if (storeEncryptionAlgorithm.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
            Cipher c = createCipher("AES/CCM/NoPadding", keyBytes);
            byte[] encOut = c.doFinal(storeData.getEncoded());
            AlgorithmParameters algorithmParameters = c.getParameters();
            PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_CCM, CCMParameters.getInstance(algorithmParameters.getEncoded())));
            encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
        } else {
            Cipher c = createCipher("AESKWP", keyBytes);
            byte[] encOut = c.doFinal(storeData.getEncoded());
            PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_wrap_pad));
            encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
        }
    } catch (NoSuchPaddingException e) {
        throw new NoSuchAlgorithmException(e.toString());
    } catch (BadPaddingException e) {
        throw new IOException(e.toString());
    } catch (IllegalBlockSizeException e) {
        throw new IOException(e.toString());
    } catch (InvalidKeyException e) {
        throw new IOException(e.toString());
    } catch (NoSuchProviderException e) {
        throw new IOException(e.toString());
    }
    return encStoreData;
}
Also used : PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) ObjectDataSequence(com.github.zhenwei.core.asn1.bc.ObjectDataSequence) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) Cipher(javax.crypto.Cipher) ObjectStoreData(com.github.zhenwei.core.asn1.bc.ObjectStoreData) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) NoSuchProviderException(java.security.NoSuchProviderException) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

Cipher (javax.crypto.Cipher)11 PBES2Parameters (com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)7 AlgorithmParameters (java.security.AlgorithmParameters)7 SecretKey (javax.crypto.SecretKey)7 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 PBES2Parameters (org.bouncycastle.asn1.pkcs.PBES2Parameters)6 IOException (java.io.IOException)5 InvalidKeyException (java.security.InvalidKeyException)5 SecretKeyFactory (javax.crypto.SecretKeyFactory)5 PBKDF2Params (org.bouncycastle.asn1.pkcs.PBKDF2Params)5 EncryptionScheme (com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)4 PBKDF2Params (com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)4 KeyDerivationFunc (com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc)3 IvParameterSpec (javax.crypto.spec.IvParameterSpec)3 PBEKeySpec (javax.crypto.spec.PBEKeySpec)3 EncryptionScheme (org.bouncycastle.asn1.pkcs.EncryptionScheme)3 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)3 ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)2 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2