Search in sources :

Example 51 with KeyParameter

use of com.github.zhenwei.core.crypto.params.KeyParameter in project LinLong-Java by zhenwei1108.

the class BcKEKEnvelopedRecipient method getRecipientOperator.

public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) throws CMSException {
    KeyParameter secretKey = (KeyParameter) extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey);
    final Object dataCipher = EnvelopedDataHelper.createContentCipher(false, secretKey, contentEncryptionAlgorithm);
    return new RecipientOperator(new InputDecryptor() {

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return contentEncryptionAlgorithm;
        }

        public InputStream getInputStream(InputStream dataOut) {
            if (dataCipher instanceof BufferedBlockCipher) {
                return new com.github.zhenwei.core.crypto.io.CipherInputStream(dataOut, (BufferedBlockCipher) dataCipher);
            } else {
                return new com.github.zhenwei.core.crypto.io.CipherInputStream(dataOut, (StreamCipher) dataCipher);
            }
        }
    });
}
Also used : InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor) InputStream(java.io.InputStream) BufferedBlockCipher(com.github.zhenwei.core.crypto.BufferedBlockCipher) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) RecipientOperator(com.github.zhenwei.pkix.cms.RecipientOperator) StreamCipher(com.github.zhenwei.core.crypto.StreamCipher) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 52 with KeyParameter

use of com.github.zhenwei.core.crypto.params.KeyParameter in project LinLong-Java by zhenwei1108.

the class BcPasswordEnvelopedRecipient method getRecipientOperator.

public RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) throws CMSException {
    KeyParameter secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, derivedKey, encryptedContentEncryptionKey);
    final Object dataCipher = EnvelopedDataHelper.createContentCipher(false, secretKey, contentEncryptionAlgorithm);
    return new RecipientOperator(new InputDecryptor() {

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return contentEncryptionAlgorithm;
        }

        public InputStream getInputStream(InputStream dataOut) {
            if (dataCipher instanceof BufferedBlockCipher) {
                return new CipherInputStream(dataOut, (BufferedBlockCipher) dataCipher);
            } else {
                return new CipherInputStream(dataOut, (StreamCipher) dataCipher);
            }
        }
    });
}
Also used : CipherInputStream(com.github.zhenwei.core.crypto.io.CipherInputStream) InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor) CipherInputStream(com.github.zhenwei.core.crypto.io.CipherInputStream) InputStream(java.io.InputStream) BufferedBlockCipher(com.github.zhenwei.core.crypto.BufferedBlockCipher) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) RecipientOperator(com.github.zhenwei.pkix.cms.RecipientOperator) StreamCipher(com.github.zhenwei.core.crypto.StreamCipher) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 53 with KeyParameter

use of com.github.zhenwei.core.crypto.params.KeyParameter in project LinLong-Java by zhenwei1108.

the class PEMUtilities method generateSecretKeyForPKCS5Scheme2.

public static KeyParameter generateSecretKeyForPKCS5Scheme2(String algorithm, char[] password, byte[] salt, int iterationCount) {
    PBEParametersGenerator paramsGen = new PKCS5S2ParametersGenerator(new SHA1Digest());
    paramsGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt, iterationCount);
    return (KeyParameter) paramsGen.generateDerivedParameters(PEMUtilities.getKeySize(algorithm));
}
Also used : PKCS5S2ParametersGenerator(com.github.zhenwei.core.crypto.generators.PKCS5S2ParametersGenerator) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) OpenSSLPBEParametersGenerator(com.github.zhenwei.core.crypto.generators.OpenSSLPBEParametersGenerator) PBEParametersGenerator(com.github.zhenwei.core.crypto.PBEParametersGenerator)

Example 54 with KeyParameter

use of com.github.zhenwei.core.crypto.params.KeyParameter in project LinLong-Java by zhenwei1108.

the class PEMUtilities method crypt.

static byte[] crypt(boolean encrypt, byte[] bytes, char[] password, String dekAlgName, byte[] iv) throws PEMException {
    byte[] ivValue = iv;
    String blockMode = "CBC";
    BlockCipher engine;
    BlockCipherPadding padding = new PKCS7Padding();
    KeyParameter sKey;
    // Figure out block mode and padding.
    if (dekAlgName.endsWith("-CFB")) {
        blockMode = "CFB";
        padding = null;
    }
    if (dekAlgName.endsWith("-ECB") || "DES-EDE".equals(dekAlgName) || "DES-EDE3".equals(dekAlgName)) {
        // ECB is actually the default (though seldom used) when OpenSSL
        // uses DES-EDE (des2) or DES-EDE3 (des3).
        blockMode = "ECB";
        ivValue = null;
    }
    if (dekAlgName.endsWith("-OFB")) {
        blockMode = "OFB";
        padding = null;
    }
    // Figure out algorithm and key size.
    if (dekAlgName.startsWith("DES-EDE")) {
        // "DES-EDE" is actually des2 in OpenSSL-speak!
        // "DES-EDE3" is des3.
        boolean des2 = !dekAlgName.startsWith("DES-EDE3");
        sKey = getKey(password, 24, iv, des2);
        engine = new DESedeEngine();
    } else if (dekAlgName.startsWith("DES-")) {
        sKey = getKey(password, 8, iv);
        engine = new DESEngine();
    } else if (dekAlgName.startsWith("BF-")) {
        sKey = getKey(password, 16, iv);
        engine = new BlowfishEngine();
    } else if (dekAlgName.startsWith("RC2-")) {
        int keyBits = 128;
        if (dekAlgName.startsWith("RC2-40-")) {
            keyBits = 40;
        } else if (dekAlgName.startsWith("RC2-64-")) {
            keyBits = 64;
        }
        sKey = new RC2Parameters(getKey(password, keyBits / 8, iv).getKey(), keyBits);
        ;
        engine = new RC2Engine();
    } else if (dekAlgName.startsWith("AES-")) {
        byte[] salt = iv;
        if (salt.length > 8) {
            salt = new byte[8];
            System.arraycopy(iv, 0, salt, 0, 8);
        }
        int keyBits;
        if (dekAlgName.startsWith("AES-128-")) {
            keyBits = 128;
        } else if (dekAlgName.startsWith("AES-192-")) {
            keyBits = 192;
        } else if (dekAlgName.startsWith("AES-256-")) {
            keyBits = 256;
        } else {
            throw new EncryptionException("unknown AES encryption with private key: " + dekAlgName);
        }
        sKey = getKey(password, keyBits / 8, salt);
        engine = new AESEngine();
    } else {
        throw new EncryptionException("unknown encryption with private key: " + dekAlgName);
    }
    if (blockMode.equals("CBC")) {
        engine = new CBCBlockCipher(engine);
    } else if (blockMode.equals("CFB")) {
        engine = new CFBBlockCipher(engine, engine.getBlockSize() * 8);
    } else if (blockMode.equals("OFB")) {
        engine = new OFBBlockCipher(engine, engine.getBlockSize() * 8);
    }
    try {
        BufferedBlockCipher c;
        if (padding == null) {
            c = new BufferedBlockCipher(engine);
        } else {
            c = new PaddedBufferedBlockCipher(engine, padding);
        }
        if (// ECB block mode
        ivValue == null) {
            c.init(encrypt, sKey);
        } else {
            c.init(encrypt, new ParametersWithIV(sKey, ivValue));
        }
        byte[] out = new byte[c.getOutputSize(bytes.length)];
        int procLen = c.processBytes(bytes, 0, bytes.length, out, 0);
        procLen += c.doFinal(out, procLen);
        if (procLen == out.length) {
            return out;
        } else {
            byte[] rv = new byte[procLen];
            System.arraycopy(out, 0, rv, 0, procLen);
            return rv;
        }
    } catch (Exception e) {
        throw new EncryptionException("exception using cipher - please check password and data.", e);
    }
}
Also used : RC2Parameters(com.github.zhenwei.core.crypto.params.RC2Parameters) AESEngine(com.github.zhenwei.core.crypto.engines.AESEngine) OFBBlockCipher(com.github.zhenwei.core.crypto.modes.OFBBlockCipher) PaddedBufferedBlockCipher(com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher) CBCBlockCipher(com.github.zhenwei.core.crypto.modes.CBCBlockCipher) CFBBlockCipher(com.github.zhenwei.core.crypto.modes.CFBBlockCipher) BufferedBlockCipher(com.github.zhenwei.core.crypto.BufferedBlockCipher) BlockCipher(com.github.zhenwei.core.crypto.BlockCipher) PaddedBufferedBlockCipher(com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher) OFBBlockCipher(com.github.zhenwei.core.crypto.modes.OFBBlockCipher) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) BlowfishEngine(com.github.zhenwei.core.crypto.engines.BlowfishEngine) RC2Engine(com.github.zhenwei.core.crypto.engines.RC2Engine) EncryptionException(com.github.zhenwei.pkix.openssl.EncryptionException) PEMException(com.github.zhenwei.pkix.openssl.PEMException) ParametersWithIV(com.github.zhenwei.core.crypto.params.ParametersWithIV) PKCS7Padding(com.github.zhenwei.core.crypto.paddings.PKCS7Padding) CFBBlockCipher(com.github.zhenwei.core.crypto.modes.CFBBlockCipher) DESEngine(com.github.zhenwei.core.crypto.engines.DESEngine) BlockCipherPadding(com.github.zhenwei.core.crypto.paddings.BlockCipherPadding) BufferedBlockCipher(com.github.zhenwei.core.crypto.BufferedBlockCipher) PaddedBufferedBlockCipher(com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher) EncryptionException(com.github.zhenwei.pkix.openssl.EncryptionException) CBCBlockCipher(com.github.zhenwei.core.crypto.modes.CBCBlockCipher) DESedeEngine(com.github.zhenwei.core.crypto.engines.DESedeEngine)

Example 55 with KeyParameter

use of com.github.zhenwei.core.crypto.params.KeyParameter in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method generateKey.

private byte[] generateKey(KeyDerivationFunc pbkdAlgorithm, String purpose, char[] password, int defKeySize) throws IOException {
    byte[] encPassword = PBEParametersGenerator.PKCS12PasswordToBytes(password);
    byte[] differentiator = PBEParametersGenerator.PKCS12PasswordToBytes(purpose.toCharArray());
    int keySizeInBytes = defKeySize;
    if (MiscObjectIdentifiers.id_scrypt.equals(pbkdAlgorithm.getAlgorithm())) {
        ScryptParams params = ScryptParams.getInstance(pbkdAlgorithm.getParameters());
        if (params.getKeyLength() != null) {
            keySizeInBytes = params.getKeyLength().intValue();
        } else if (keySizeInBytes == -1) {
            throw new IOException("no keyLength found in ScryptParams");
        }
        return SCrypt.generate(Arrays.concatenate(encPassword, differentiator), params.getSalt(), params.getCostParameter().intValue(), params.getBlockSize().intValue(), params.getBlockSize().intValue(), keySizeInBytes);
    } else if (pbkdAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2)) {
        PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(pbkdAlgorithm.getParameters());
        if (pbkdf2Params.getKeyLength() != null) {
            keySizeInBytes = pbkdf2Params.getKeyLength().intValue();
        } else if (keySizeInBytes == -1) {
            throw new IOException("no keyLength found in PBKDF2Params");
        }
        if (pbkdf2Params.getPrf().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512)) {
            PKCS5S2ParametersGenerator pGen = new PKCS5S2ParametersGenerator(new SHA512Digest());
            pGen.init(Arrays.concatenate(encPassword, differentiator), pbkdf2Params.getSalt(), pbkdf2Params.getIterationCount().intValue());
            return ((KeyParameter) pGen.generateDerivedParameters(keySizeInBytes * 8)).getKey();
        } else if (pbkdf2Params.getPrf().getAlgorithm().equals(NISTObjectIdentifiers.id_hmacWithSHA3_512)) {
            PKCS5S2ParametersGenerator pGen = new PKCS5S2ParametersGenerator(new SHA3Digest(512));
            pGen.init(Arrays.concatenate(encPassword, differentiator), pbkdf2Params.getSalt(), pbkdf2Params.getIterationCount().intValue());
            return ((KeyParameter) pGen.generateDerivedParameters(keySizeInBytes * 8)).getKey();
        } else {
            throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + pbkdf2Params.getPrf().getAlgorithm());
        }
    } else {
        throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD.");
    }
}
Also used : SHA512Digest(com.github.zhenwei.core.crypto.digests.SHA512Digest) SHA3Digest(com.github.zhenwei.core.crypto.digests.SHA3Digest) PKCS5S2ParametersGenerator(com.github.zhenwei.core.crypto.generators.PKCS5S2ParametersGenerator) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) IOException(java.io.IOException) ScryptParams(com.github.zhenwei.core.asn1.misc.ScryptParams)

Aggregations

KeyParameter (com.github.zhenwei.core.crypto.params.KeyParameter)91 ParametersWithIV (com.github.zhenwei.core.crypto.params.ParametersWithIV)41 CipherParameters (com.github.zhenwei.core.crypto.CipherParameters)15 AEADParameters (com.github.zhenwei.core.crypto.params.AEADParameters)10 InvalidCipherTextException (com.github.zhenwei.core.crypto.InvalidCipherTextException)6 ParametersWithSBox (com.github.zhenwei.core.crypto.params.ParametersWithSBox)6 RC2Parameters (com.github.zhenwei.core.crypto.params.RC2Parameters)6 BigInteger (java.math.BigInteger)6 BufferedBlockCipher (com.github.zhenwei.core.crypto.BufferedBlockCipher)4 StreamCipher (com.github.zhenwei.core.crypto.StreamCipher)4 PKCS5S2ParametersGenerator (com.github.zhenwei.core.crypto.generators.PKCS5S2ParametersGenerator)4 HMac (com.github.zhenwei.core.crypto.macs.HMac)4 AsymmetricKeyParameter (com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter)4 IESWithCipherParameters (com.github.zhenwei.core.crypto.params.IESWithCipherParameters)4 ParametersWithRandom (com.github.zhenwei.core.crypto.params.ParametersWithRandom)4 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4 IvParameterSpec (javax.crypto.spec.IvParameterSpec)4 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)3 RC5Parameters (com.github.zhenwei.core.crypto.params.RC5Parameters)3 CMSException (com.github.zhenwei.pkix.cms.CMSException)3