Example 6 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project jruby-openssl by jruby.
the class PEMInputOutput method derivePrivateKeyPBES1.
private static PrivateKey derivePrivateKeyPBES1(EncryptedPrivateKeyInfo eIn, AlgorithmIdentifier algId, char[] password) throws GeneralSecurityException, IOException {
// From BC's PEMReader
PKCS12PBEParams pkcs12Params = PKCS12PBEParams.getInstance(algId.getParameters());
PBEKeySpec pbeSpec = new PBEKeySpec(password);
PBEParameterSpec pbeParams = new PBEParameterSpec(pkcs12Params.getIV(), pkcs12Params.getIterations().intValue());
String algorithm = ASN1Registry.o2a(algId.getAlgorithm());
algorithm = (algorithm.split("-"))[0];
SecretKeyFactory secKeyFactory = SecurityHelper.getSecretKeyFactory(algorithm);
Cipher cipher = SecurityHelper.getCipher(algorithm);
cipher.init(Cipher.DECRYPT_MODE, secKeyFactory.generateSecret(pbeSpec), pbeParams);
PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(cipher.doFinal(eIn.getEncryptedData())));
KeyFactory keyFactory = getKeyFactory(pInfo.getPrivateKeyAlgorithm());
return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pInfo.getEncoded()));
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
BufferedBlockCipher(org.bouncycastle.crypto.BufferedBlockCipher)
CBCBlockCipher(org.bouncycastle.crypto.modes.CBCBlockCipher)
PaddedBufferedBlockCipher(org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)
Cipher(javax.crypto.Cipher)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyFactory(java.security.KeyFactory)
Example 7 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class PKCS12KeyStoreSpi method doStore.
private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException {
if (keys.size() == 0) {
if (password == null) {
Enumeration cs = certs.keys();
ASN1EncodableVector certSeq = new ASN1EncodableVector();
while (cs.hasMoreElements()) {
try {
String certId = (String) cs.nextElement();
Certificate cert = (Certificate) certs.get(certId);
SafeBag sBag = createSafeBag(certId, cert);
certSeq.add(sBag);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
if (useDEREncoding) {
ContentInfo bagInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DERSequence(certSeq).getEncoded()));
Pfx pfx = new Pfx(new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DERSequence(bagInfo).getEncoded())), null);
pfx.encodeTo(stream, ASN1Encoding.DER);
} else {
ContentInfo bagInfo = new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(new BERSequence(certSeq).getEncoded()));
Pfx pfx = new Pfx(new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(new BERSequence(bagInfo).getEncoded())), null);
pfx.encodeTo(stream, ASN1Encoding.BER);
}
return;
}
} else {
if (password == null) {
throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
}
}
//
// handle the key
//
ASN1EncodableVector keyS = new ASN1EncodableVector();
Enumeration ks = keys.keys();
while (ks.hasMoreElements()) {
byte[] kSalt = new byte[SALT_SIZE];
random.nextBytes(kSalt);
String name = (String) ks.nextElement();
PrivateKey privKey = (PrivateKey) keys.get(name);
PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS);
byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password);
AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive());
com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes);
boolean attrSet = false;
ASN1EncodableVector kName = new ASN1EncodableVector();
if (privKey instanceof PKCS12BagAttributeCarrier) {
PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) privKey;
//
// make sure we are using the local alias on store
//
ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
if (nm == null || !nm.getString().equals(name)) {
bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
}
//
if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
Certificate ct = engineGetCertificate(name);
bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey()));
}
Enumeration e = bagAttrs.getBagAttributeKeys();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
ASN1EncodableVector kSeq = new ASN1EncodableVector();
kSeq.add(oid);
kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
attrSet = true;
kName.add(new DERSequence(kSeq));
}
}
if (!attrSet) {
//
// set a default friendly name (from the key id) and local id
//
ASN1EncodableVector kSeq = new ASN1EncodableVector();
Certificate ct = engineGetCertificate(name);
kSeq.add(pkcs_9_at_localKeyId);
kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey())));
kName.add(new DERSequence(kSeq));
kSeq = new ASN1EncodableVector();
kSeq.add(pkcs_9_at_friendlyName);
kSeq.add(new DERSet(new DERBMPString(name)));
kName.add(new DERSequence(kSeq));
}
SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName));
keyS.add(kBag);
}
byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER);
BEROctetString keyString = new BEROctetString(keySEncoded);
//
// certificate processing
//
byte[] cSalt = new byte[SALT_SIZE];
random.nextBytes(cSalt);
ASN1EncodableVector certSeq = new ASN1EncodableVector();
PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS);
AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive());
Hashtable doneCerts = new Hashtable();
Enumeration cs = keys.keys();
while (cs.hasMoreElements()) {
try {
String name = (String) cs.nextElement();
Certificate cert = engineGetCertificate(name);
boolean cAttrSet = false;
CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
ASN1EncodableVector fName = new ASN1EncodableVector();
if (cert instanceof PKCS12BagAttributeCarrier) {
PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
//
// make sure we are using the local alias on store
//
ASN1BMPString nm = (ASN1BMPString) bagAttrs.getBagAttribute(pkcs_9_at_friendlyName);
if (nm == null || !nm.getString().equals(name)) {
bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name));
}
//
if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) {
bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey()));
}
Enumeration e = bagAttrs.getBagAttributeKeys();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(oid);
fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
fName.add(new DERSequence(fSeq));
cAttrSet = true;
}
}
if (!cAttrSet) {
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(pkcs_9_at_localKeyId);
fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey())));
fName.add(new DERSequence(fSeq));
fSeq = new ASN1EncodableVector();
fSeq.add(pkcs_9_at_friendlyName);
fSeq.add(new DERSet(new DERBMPString(name)));
fName.add(new DERSequence(fSeq));
}
SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
certSeq.add(sBag);
doneCerts.put(cert, cert);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
cs = certs.keys();
while (cs.hasMoreElements()) {
try {
String certId = (String) cs.nextElement();
Certificate cert = (Certificate) certs.get(certId);
if (keys.get(certId) != null) {
continue;
}
SafeBag sBag = createSafeBag(certId, cert);
certSeq.add(sBag);
doneCerts.put(cert, cert);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
Set usedSet = getUsedCertificateSet();
cs = chainCerts.keys();
while (cs.hasMoreElements()) {
try {
CertId certId = (CertId) cs.nextElement();
Certificate cert = (Certificate) chainCerts.get(certId);
if (!usedSet.contains(cert)) {
continue;
}
if (doneCerts.get(cert) != null) {
continue;
}
CertBag cBag = new CertBag(x509Certificate, new DEROctetString(cert.getEncoded()));
ASN1EncodableVector fName = new ASN1EncodableVector();
if (cert instanceof PKCS12BagAttributeCarrier) {
PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier) cert;
Enumeration e = bagAttrs.getBagAttributeKeys();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
// If we find one, we'll prune it out.
if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) {
continue;
}
ASN1EncodableVector fSeq = new ASN1EncodableVector();
fSeq.add(oid);
fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid)));
fName.add(new DERSequence(fSeq));
}
}
SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName));
certSeq.add(sBag);
} catch (CertificateEncodingException e) {
throw new IOException("Error encoding certificate: " + e.toString());
}
}
byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER);
byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded);
EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes));
ContentInfo[] info = new ContentInfo[] { new ContentInfo(data, keyString), new ContentInfo(encryptedData, cInfo.toASN1Primitive()) };
AuthenticatedSafe auth = new AuthenticatedSafe(info);
byte[] pkg = auth.getEncoded(useDEREncoding ? ASN1Encoding.DER : ASN1Encoding.BER);
ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg));
//
// create the mac
//
byte[] mSalt = new byte[saltLength];
random.nextBytes(mSalt);
byte[] data = ((ASN1OctetString) mainInfo.getContent()).getOctets();
MacData mData;
try {
byte[] res = calculatePbeMac(macAlgorithm.getAlgorithm(), mSalt, itCount, password, false, data);
DigestInfo dInfo = new DigestInfo(macAlgorithm, res);
mData = new MacData(dInfo, mSalt, itCount);
} catch (Exception e) {
throw new IOException("error constructing MAC: " + e.toString());
}
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, mData);
pfx.encodeTo(stream, useDEREncoding ? ASN1Encoding.DER : ASN1Encoding.BER);
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
PrivateKey(java.security.PrivateKey)
Set(java.util.Set)
DERSet(com.github.zhenwei.core.asn1.DERSet)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
HashSet(java.util.HashSet)
ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString)
AuthenticatedSafe(com.github.zhenwei.core.asn1.pkcs.AuthenticatedSafe)
BEROctetString(com.github.zhenwei.core.asn1.BEROctetString)
DERBMPString(com.github.zhenwei.core.asn1.DERBMPString)
ASN1BMPString(com.github.zhenwei.core.asn1.ASN1BMPString)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
DERSet(com.github.zhenwei.core.asn1.DERSet)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
PKCS12BagAttributeCarrier(com.github.zhenwei.provider.jce.interfaces.PKCS12BagAttributeCarrier)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
BEROctetString(com.github.zhenwei.core.asn1.BEROctetString)
ContentInfo(com.github.zhenwei.core.asn1.pkcs.ContentInfo)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
EncryptedData(com.github.zhenwei.core.asn1.pkcs.EncryptedData)
MacData(com.github.zhenwei.core.asn1.pkcs.MacData)
Enumeration(java.util.Enumeration)
Pfx(com.github.zhenwei.core.asn1.pkcs.Pfx)
DERBMPString(com.github.zhenwei.core.asn1.DERBMPString)
Hashtable(java.util.Hashtable)
BERSequence(com.github.zhenwei.core.asn1.BERSequence)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
SafeBag(com.github.zhenwei.core.asn1.pkcs.SafeBag)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertBag(com.github.zhenwei.core.asn1.pkcs.CertBag)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
DigestInfo(com.github.zhenwei.core.asn1.x509.DigestInfo)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 8 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class PKCS12KeyStoreSpi method cryptData.
protected byte[] cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException {
ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
try {
PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
PKCS12Key key = new PKCS12Key(password, wrongPKCS12Zero);
Cipher cipher = helper.createCipher(algorithm.getId());
cipher.init(mode, key, defParams);
return cipher.doFinal(data);
} catch (Exception e) {
throw new IOException("exception decrypting data - " + e.toString());
}
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
try {
Cipher cipher = createCipher(mode, password, algId);
return cipher.doFinal(data);
} catch (Exception e) {
throw new IOException("exception decrypting data - " + e.toString());
}
} else {
throw new IOException("unknown PBE algorithm: " + algorithm);
}
}
Also used :
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key)
Cipher(javax.crypto.Cipher)
IOException(java.io.IOException)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 9 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class JcePKCS12MacCalculatorBuilder method build.
public MacCalculator build(final char[] password) throws OperatorCreationException {
if (random == null) {
random = new SecureRandom();
}
try {
final Mac mac = helper.createMac(algorithm.getId());
saltLength = mac.getMacLength();
final byte[] salt = new byte[saltLength];
random.nextBytes(salt);
PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
final SecretKey key = new PKCS12Key(password);
mac.init(key, defParams);
return new MacCalculator() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
}
public OutputStream getOutputStream() {
return new MacOutputStream(mac);
}
public byte[] getMac() {
return mac.doFinal();
}
public GenericKey getKey() {
return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
}
};
} catch (Exception e) {
throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
}
}
Also used :
SecureRandom(java.security.SecureRandom)
MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream)
Mac(javax.crypto.Mac)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 10 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class JcePKCSPBEInputDecryptorProviderBuilder method build.
public InputDecryptorProvider build(final char[] password) {
return new InputDecryptorProvider() {
private Cipher cipher;
private AlgorithmIdentifier encryptionAlg;
public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) throws OperatorCreationException {
SecretKey key;
ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
try {
if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
cipher = helper.createCipher(algorithm.getId());
cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, wrongPKCS12Zero, pbeParams.getIV(), pbeParams.getIterations().intValue()));
encryptionAlg = algorithmIdentifier;
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
PBES2Parameters alg = PBES2Parameters.getInstance(algorithmIdentifier.getParameters());
if (MiscObjectIdentifiers.id_scrypt.equals(alg.getKeyDerivationFunc().getAlgorithm())) {
ScryptParams params = ScryptParams.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
SecretKeyFactory keyFact = helper.createSecretKeyFactory("SCRYPT");
key = keyFact.generateSecret(new ScryptKeySpec(password, params.getSalt(), params.getCostParameter().intValue(), params.getBlockSize().intValue(), params.getParallelizationParameter().intValue(), keySizeProvider.getKeySize(encScheme)));
} else {
SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
if (func.isDefaultPrf()) {
key = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme)));
} else {
key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme), func.getPrf()));
}
}
cipher = helper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId());
encryptionAlg = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
if (encParams instanceof ASN1OctetString) {
cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
} else if (encParams instanceof ASN1Sequence && isCCMorGCM(alg.getEncryptionScheme())) {
AlgorithmParameters params = AlgorithmParameters.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
params.init(((ASN1Sequence) encParams).getEncoded());
cipher.init(Cipher.DECRYPT_MODE, key, params);
} else if (// absent parameters
encParams == null) {
cipher.init(Cipher.DECRYPT_MODE, key);
} else {
// TODO: at the moment it's just GOST, but...
GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
cipher.init(Cipher.DECRYPT_MODE, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
}
} else if (algorithm.equals(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC) || algorithm.equals(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC)) {
PBEParameter pbeParams = PBEParameter.getInstance(algorithmIdentifier.getParameters());
cipher = helper.createCipher(algorithm.getId());
cipher.init(Cipher.DECRYPT_MODE, new PBKDF1Key(password, PasswordConverter.ASCII), new PBEParameterSpec(pbeParams.getSalt(), pbeParams.getIterationCount().intValue()));
} else {
throw new OperatorCreationException("unable to create InputDecryptor: algorithm " + algorithm + " unknown.");
}
} catch (Exception e) {
throw new OperatorCreationException("unable to create InputDecryptor: " + e.getMessage(), e);
}
return new InputDecryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return encryptionAlg;
}
public InputStream getInputStream(InputStream input) {
return new CipherInputStream(input, cipher);
}
};
}
};
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
GOST28147Parameters(com.github.zhenwei.core.asn1.cryptopro.GOST28147Parameters)
GOST28147ParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147ParameterSpec)
PBKDF2KeySpec(com.github.zhenwei.provider.jcajce.spec.PBKDF2KeySpec)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
PBKDF1Key(com.github.zhenwei.provider.jcajce.PBKDF1Key)
PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)
ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
ScryptParams(com.github.zhenwei.core.asn1.misc.ScryptParams)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
PBEParameter(com.github.zhenwei.core.asn1.pkcs.PBEParameter)
PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)
CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream)
InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor)
CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream)
InputStream(java.io.InputStream)
ScryptKeySpec(com.github.zhenwei.provider.jcajce.spec.ScryptKeySpec)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
SecretKey(javax.crypto.SecretKey)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)13
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)11
IOException (java.io.IOException)11
Cipher (javax.crypto.Cipher)10
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)10
KeyStoreException (java.security.KeyStoreException)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
UnrecoverableKeyException (java.security.UnrecoverableKeyException)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
CertificateException (java.security.cert.CertificateException)9
SecretKey (javax.crypto.SecretKey)7
SecretKeyFactory (javax.crypto.SecretKeyFactory)7
PBEKeySpec (javax.crypto.spec.PBEKeySpec)7
GenericKey (com.github.zhenwei.pkix.operator.GenericKey)6
PKCS12PBEParams (org.bouncycastle.asn1.pkcs.PKCS12PBEParams)6
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)5
OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)5
PrivateKey (java.security.PrivateKey)5
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
DEROctetString (org.bouncycastle.asn1.DEROctetString)5
