use of com.github.zhenwei.core.crypto.params.AEADParameters in project LinLong-Java by zhenwei1108.
the class BaseBlockCipher method engineInit.
protected void engineInit(int opmode, Key key, final AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
CipherParameters param;
this.pbeSpec = null;
this.pbeAlgorithm = null;
this.engineParams = null;
this.aeadParams = null;
//
if (!(key instanceof SecretKey)) {
throw new InvalidKeyException("Key for algorithm " + ((key != null) ? key.getAlgorithm() : null) + " not suitable for symmetric enryption.");
}
//
if (params == null && (baseEngine != null && baseEngine.getAlgorithmName().startsWith("RC5-64"))) {
throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in.");
}
//
if (scheme == PKCS12 || key instanceof PKCS12Key) {
SecretKey k;
try {
k = (SecretKey) key;
} catch (Exception e) {
throw new InvalidKeyException("PKCS12 requires a SecretKey/PBEKey");
}
if (params instanceof PBEParameterSpec) {
pbeSpec = (PBEParameterSpec) params;
}
if (k instanceof PBEKey && pbeSpec == null) {
PBEKey pbeKey = (PBEKey) k;
if (pbeKey.getSalt() == null) {
throw new InvalidAlgorithmParameterException("PBEKey requires parameters to specify salt");
}
pbeSpec = new PBEParameterSpec(pbeKey.getSalt(), pbeKey.getIterationCount());
}
if (pbeSpec == null && !(k instanceof PBEKey)) {
throw new InvalidKeyException("Algorithm requires a PBE key");
}
if (key instanceof BCPBEKey) {
// PKCS#12 sets an IV, if we get a key that doesn't have ParametersWithIV we need to reject it. If the
// key has no parameters it means it's an old-school JCE PBE Key - we use getEncoded() on it.
CipherParameters pbeKeyParam = ((BCPBEKey) key).getParam();
if (pbeKeyParam instanceof ParametersWithIV) {
param = pbeKeyParam;
} else if (pbeKeyParam == null) {
param = Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
} else {
throw new InvalidKeyException("Algorithm requires a PBE key suitable for PKCS12");
}
} else {
param = Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
}
if (param instanceof ParametersWithIV) {
ivParam = (ParametersWithIV) param;
}
} else if (key instanceof PBKDF1Key) {
PBKDF1Key k = (PBKDF1Key) key;
if (params instanceof PBEParameterSpec) {
pbeSpec = (PBEParameterSpec) params;
}
if (k instanceof PBKDF1KeyWithParameters && pbeSpec == null) {
pbeSpec = new PBEParameterSpec(((PBKDF1KeyWithParameters) k).getSalt(), ((PBKDF1KeyWithParameters) k).getIterationCount());
}
param = Util.makePBEParameters(k.getEncoded(), PKCS5S1, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
if (param instanceof ParametersWithIV) {
ivParam = (ParametersWithIV) param;
}
} else if (key instanceof BCPBEKey) {
BCPBEKey k = (BCPBEKey) key;
if (k.getOID() != null) {
pbeAlgorithm = k.getOID().getId();
} else {
pbeAlgorithm = k.getAlgorithm();
}
if (k.getParam() != null) {
param = adjustParameters(params, k.getParam());
} else if (params instanceof PBEParameterSpec) {
pbeSpec = (PBEParameterSpec) params;
param = Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName());
} else {
throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
}
if (param instanceof ParametersWithIV) {
ivParam = (ParametersWithIV) param;
}
} else if (key instanceof PBEKey) {
PBEKey k = (PBEKey) key;
pbeSpec = (PBEParameterSpec) params;
if (k instanceof PKCS12KeyWithParameters && pbeSpec == null) {
pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount());
}
param = Util.makePBEParameters(k.getEncoded(), scheme, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
if (param instanceof ParametersWithIV) {
ivParam = (ParametersWithIV) param;
}
} else if (!(key instanceof RepeatedSecretKeySpec)) {
if (scheme == PKCS5S1 || scheme == PKCS5S1_UTF8 || scheme == PKCS5S2 || scheme == PKCS5S2_UTF8) {
throw new InvalidKeyException("Algorithm requires a PBE key");
}
param = new KeyParameter(key.getEncoded());
} else {
param = null;
}
if (params instanceof AEADParameterSpec) {
if (!isAEADModeName(modeName) && !(cipher instanceof AEADGenericBlockCipher)) {
throw new InvalidAlgorithmParameterException("AEADParameterSpec can only be used with AEAD modes.");
}
AEADParameterSpec aeadSpec = (AEADParameterSpec) params;
KeyParameter keyParam;
if (param instanceof ParametersWithIV) {
keyParam = (KeyParameter) ((ParametersWithIV) param).getParameters();
} else {
keyParam = (KeyParameter) param;
}
param = aeadParams = new AEADParameters(keyParam, aeadSpec.getMacSizeInBits(), aeadSpec.getNonce(), aeadSpec.getAssociatedData());
} else if (params instanceof IvParameterSpec) {
if (ivLength != 0) {
IvParameterSpec p = (IvParameterSpec) params;
if (p.getIV().length != ivLength && !(cipher instanceof AEADGenericBlockCipher) && fixedIv) {
throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long.");
}
if (param instanceof ParametersWithIV) {
param = new ParametersWithIV(((ParametersWithIV) param).getParameters(), p.getIV());
} else {
param = new ParametersWithIV(param, p.getIV());
}
ivParam = (ParametersWithIV) param;
} else {
if (modeName != null && modeName.equals("ECB")) {
throw new InvalidAlgorithmParameterException("ECB mode does not use an IV");
}
}
} else if (params instanceof GOST28147ParameterSpec) {
GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec) params;
param = new ParametersWithSBox(new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec) params).getSbox());
if (gost28147Param.getIV() != null && ivLength != 0) {
if (param instanceof ParametersWithIV) {
param = new ParametersWithIV(((ParametersWithIV) param).getParameters(), gost28147Param.getIV());
} else {
param = new ParametersWithIV(param, gost28147Param.getIV());
}
ivParam = (ParametersWithIV) param;
}
} else if (params instanceof RC2ParameterSpec) {
RC2ParameterSpec rc2Param = (RC2ParameterSpec) params;
param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec) params).getEffectiveKeyBits());
if (rc2Param.getIV() != null && ivLength != 0) {
if (param instanceof ParametersWithIV) {
param = new ParametersWithIV(((ParametersWithIV) param).getParameters(), rc2Param.getIV());
} else {
param = new ParametersWithIV(param, rc2Param.getIV());
}
ivParam = (ParametersWithIV) param;
}
} else if (params instanceof RC5ParameterSpec) {
RC5ParameterSpec rc5Param = (RC5ParameterSpec) params;
param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec) params).getRounds());
if (baseEngine.getAlgorithmName().startsWith("RC5")) {
if (baseEngine.getAlgorithmName().equals("RC5-32")) {
if (rc5Param.getWordSize() != 32) {
throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
}
} else if (baseEngine.getAlgorithmName().equals("RC5-64")) {
if (rc5Param.getWordSize() != 64) {
throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
}
}
} else {
throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
}
if ((rc5Param.getIV() != null) && (ivLength != 0)) {
if (param instanceof ParametersWithIV) {
param = new ParametersWithIV(((ParametersWithIV) param).getParameters(), rc5Param.getIV());
} else {
param = new ParametersWithIV(param, rc5Param.getIV());
}
ivParam = (ParametersWithIV) param;
}
} else if (params instanceof FPEParameterSpec) {
FPEParameterSpec spec = (FPEParameterSpec) params;
param = new FPEParameters((KeyParameter) param, spec.getRadix(), spec.getTweak(), spec.isUsingInverseFunction());
} else if (gcmSpecClass != null && gcmSpecClass.isInstance(params)) {
if (!isAEADModeName(modeName) && !(cipher instanceof AEADGenericBlockCipher)) {
throw new InvalidAlgorithmParameterException("GCMParameterSpec can only be used with AEAD modes.");
}
final KeyParameter keyParam;
if (param instanceof ParametersWithIV) {
keyParam = (KeyParameter) ((ParametersWithIV) param).getParameters();
} else {
keyParam = (KeyParameter) param;
}
param = aeadParams = GcmSpecUtil.extractAeadParameters(keyParam, params);
} else if (params != null && !(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException("unknown parameter type.");
}
if ((ivLength != 0) && !(param instanceof ParametersWithIV) && !(param instanceof AEADParameters)) {
SecureRandom ivRandom = random;
if (ivRandom == null) {
ivRandom = CryptoServicesRegistrar.getSecureRandom();
}
if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) {
byte[] iv = new byte[ivLength];
ivRandom.nextBytes(iv);
param = new ParametersWithIV(param, iv);
ivParam = (ParametersWithIV) param;
} else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) {
throw new InvalidAlgorithmParameterException("no IV set when one expected");
}
}
if (random != null && padded) {
param = new ParametersWithRandom(param, random);
}
try {
switch(opmode) {
case Cipher.ENCRYPT_MODE:
case Cipher.WRAP_MODE:
cipher.init(true, param);
break;
case Cipher.DECRYPT_MODE:
case Cipher.UNWRAP_MODE:
cipher.init(false, param);
break;
default:
throw new InvalidParameterException("unknown opmode " + opmode + " passed");
}
if (cipher instanceof AEADGenericBlockCipher && aeadParams == null) {
AEADCipher aeadCipher = ((AEADGenericBlockCipher) cipher).cipher;
aeadParams = new AEADParameters((KeyParameter) ivParam.getParameters(), aeadCipher.getMac().length * 8, ivParam.getIV());
}
} catch (IllegalArgumentException e) {
throw new InvalidAlgorithmParameterException(e.getMessage(), e);
} catch (Exception e) {
throw new InvalidKeyOrParametersException(e.getMessage(), e);
}
}
use of com.github.zhenwei.core.crypto.params.AEADParameters in project LinLong-Java by zhenwei1108.
the class EAXBlockCipher method init.
public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException {
this.forEncryption = forEncryption;
byte[] nonce;
CipherParameters keyParam;
if (params instanceof AEADParameters) {
AEADParameters param = (AEADParameters) params;
nonce = param.getNonce();
initialAssociatedText = param.getAssociatedText();
macSize = param.getMacSize() / 8;
keyParam = param.getKey();
} else if (params instanceof ParametersWithIV) {
ParametersWithIV param = (ParametersWithIV) params;
nonce = param.getIV();
initialAssociatedText = null;
macSize = mac.getMacSize() / 2;
keyParam = param.getParameters();
} else {
throw new IllegalArgumentException("invalid parameters passed to EAX");
}
bufBlock = new byte[forEncryption ? blockSize : (blockSize + macSize)];
byte[] tag = new byte[blockSize];
// Key reuse implemented in CBC mode of underlying CMac
mac.init(keyParam);
tag[blockSize - 1] = nTAG;
mac.update(tag, 0, blockSize);
mac.update(nonce, 0, nonce.length);
mac.doFinal(nonceMac, 0);
// Same BlockCipher underlies this and the mac, so reuse last key on cipher
cipher.init(true, new ParametersWithIV(null, nonceMac));
reset();
}
use of com.github.zhenwei.core.crypto.params.AEADParameters in project LinLong-Java by zhenwei1108.
the class GCMBlockCipher method init.
/**
* NOTE: MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default
* is 128 bits. Sizes less than 96 are not recommended, but are supported for specialized
* applications.
*/
public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException {
this.forEncryption = forEncryption;
this.macBlock = null;
this.initialised = true;
KeyParameter keyParam;
byte[] newNonce = null;
if (params instanceof AEADParameters) {
AEADParameters param = (AEADParameters) params;
newNonce = param.getNonce();
initialAssociatedText = param.getAssociatedText();
int macSizeBits = param.getMacSize();
if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0) {
throw new IllegalArgumentException("Invalid value for MAC size: " + macSizeBits);
}
macSize = macSizeBits / 8;
keyParam = param.getKey();
} else if (params instanceof ParametersWithIV) {
ParametersWithIV param = (ParametersWithIV) params;
newNonce = param.getIV();
initialAssociatedText = null;
macSize = 16;
keyParam = (KeyParameter) param.getParameters();
} else {
throw new IllegalArgumentException("invalid parameters passed to GCM");
}
int bufLength = forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize);
this.bufBlock = new byte[bufLength];
if (newNonce == null || newNonce.length < 1) {
throw new IllegalArgumentException("IV must be at least 1 byte");
}
if (forEncryption) {
if (nonce != null && Arrays.areEqual(nonce, newNonce)) {
if (keyParam == null) {
throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
}
if (lastKey != null && Arrays.areEqual(lastKey, keyParam.getKey())) {
throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
}
}
}
nonce = newNonce;
if (keyParam != null) {
lastKey = keyParam.getKey();
}
// if keyParam is null we're reusing the last key.
if (keyParam != null) {
cipher.init(true, keyParam);
this.H = new byte[BLOCK_SIZE];
cipher.processBlock(H, 0, H, 0);
// GCMMultiplier tables don't change unless the key changes (and are expensive to init)
multiplier.init(H);
exp = null;
} else if (this.H == null) {
throw new IllegalArgumentException("Key must be specified in initial init");
}
this.J0 = new byte[BLOCK_SIZE];
if (nonce.length == 12) {
System.arraycopy(nonce, 0, J0, 0, nonce.length);
this.J0[BLOCK_SIZE - 1] = 0x01;
} else {
gHASH(J0, nonce, nonce.length);
byte[] X = new byte[BLOCK_SIZE];
Pack.longToBigEndian((long) nonce.length * 8, X, 8);
gHASHBlock(J0, X);
}
this.S = new byte[BLOCK_SIZE];
this.S_at = new byte[BLOCK_SIZE];
this.S_atPre = new byte[BLOCK_SIZE];
this.atBlock = new byte[BLOCK_SIZE];
this.atBlockPos = 0;
this.atLength = 0;
this.atLengthPre = 0;
this.counter = Arrays.clone(J0);
// page 8, len(P) <= 2^39 - 256, 1 block used by tag but done on J0
this.blocksRemaining = -2;
this.bufOff = 0;
this.totalLength = 0;
if (initialAssociatedText != null) {
processAADBytes(initialAssociatedText, 0, initialAssociatedText.length);
}
}
use of com.github.zhenwei.core.crypto.params.AEADParameters in project LinLong-Java by zhenwei1108.
the class GCMSIVBlockCipher method init.
public void init(final boolean pEncrypt, final CipherParameters cipherParameters) throws IllegalArgumentException {
/* Set defaults */
byte[] myInitialAEAD = null;
byte[] myNonce = null;
KeyParameter myKey = null;
/* Access parameters */
if (cipherParameters instanceof AEADParameters) {
final AEADParameters myAEAD = (AEADParameters) cipherParameters;
myInitialAEAD = myAEAD.getAssociatedText();
myNonce = myAEAD.getNonce();
myKey = myAEAD.getKey();
} else if (cipherParameters instanceof ParametersWithIV) {
final ParametersWithIV myParms = (ParametersWithIV) cipherParameters;
myNonce = myParms.getIV();
myKey = (KeyParameter) myParms.getParameters();
} else {
throw new IllegalArgumentException("invalid parameters passed to GCM-SIV");
}
/* Check nonceSize */
if (myNonce == null || myNonce.length != NONCELEN) {
throw new IllegalArgumentException("Invalid nonce");
}
/* Check keysize */
if (myKey == null || (myKey.getKey().length != BUFLEN && myKey.getKey().length != (BUFLEN << 1))) {
throw new IllegalArgumentException("Invalid key");
}
/* Reset details */
forEncryption = pEncrypt;
theInitialAEAD = myInitialAEAD;
theNonce = myNonce;
/* Initialise the keys */
deriveKeys(myKey);
resetStreams();
}
use of com.github.zhenwei.core.crypto.params.AEADParameters in project LinLong-Java by zhenwei1108.
the class KCCMBlockCipher method init.
public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException {
CipherParameters cipherParameters;
if (params instanceof AEADParameters) {
AEADParameters parameters = (AEADParameters) params;
if (parameters.getMacSize() > MAX_MAC_BIT_LENGTH || parameters.getMacSize() < MIN_MAC_BIT_LENGTH || parameters.getMacSize() % 8 != 0) {
throw new IllegalArgumentException("Invalid mac size specified");
}
nonce = parameters.getNonce();
macSize = parameters.getMacSize() / BITS_IN_BYTE;
initialAssociatedText = parameters.getAssociatedText();
cipherParameters = parameters.getKey();
} else if (params instanceof ParametersWithIV) {
nonce = ((ParametersWithIV) params).getIV();
// use default blockSize for MAC if it is not specified
macSize = engine.getBlockSize();
initialAssociatedText = null;
cipherParameters = ((ParametersWithIV) params).getParameters();
} else {
throw new IllegalArgumentException("Invalid parameters specified");
}
this.mac = new byte[macSize];
this.forEncryption = forEncryption;
engine.init(true, cipherParameters);
// defined in standard
counter[0] = 0x01;
if (initialAssociatedText != null) {
processAADBytes(initialAssociatedText, 0, initialAssociatedText.length);
}
}
Aggregations