use of com.github.zhenwei.core.crypto.util.PBKDFConfig in project LinLong-Java by zhenwei1108.
the class JcePKCSPBEOutputEncryptorBuilder method build.
public OutputEncryptor build(final char[] password) throws OperatorCreationException {
final Cipher cipher;
SecretKey key;
if (random == null) {
random = new SecureRandom();
}
final AlgorithmIdentifier encryptionAlg;
try {
if (isPKCS12(algorithm)) {
byte[] salt = new byte[20];
random.nextBytes(salt);
cipher = helper.createCipher(algorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, new PKCS12KeyWithParameters(password, salt, iterationCount));
encryptionAlg = new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
PBKDFConfig pbkDef = (pbkdf == null) ? pbkdfBuilder.build() : pbkdf;
if (MiscObjectIdentifiers.id_scrypt.equals(pbkDef.getAlgorithm())) {
ScryptConfig skdf = (ScryptConfig) pbkDef;
byte[] salt = new byte[skdf.getSaltLength()];
random.nextBytes(salt);
ScryptParams params = new ScryptParams(salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter());
SecretKeyFactory keyFact = helper.createSecretKeyFactory("SCRYPT");
key = keyFact.generateSecret(new ScryptKeySpec(password, salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
cipher = helper.createCipher(keyEncAlgorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
AlgorithmParameters algP = cipher.getParameters();
PBES2Parameters algParams;
if (algP != null) {
algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
} else {
algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm));
}
encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
} else {
PBKDF2Config pkdf = (PBKDF2Config) pbkDef;
byte[] salt = new byte[pkdf.getSaltLength()];
random.nextBytes(salt);
SecretKeyFactory keyFact = helper.createSecretKeyFactory(JceUtils.getAlgorithm(pkdf.getPRF().getAlgorithm()));
key = keyFact.generateSecret(new PBEKeySpec(password, salt, pkdf.getIterationCount(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
cipher = helper.createCipher(keyEncAlgorithm.getId());
cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
AlgorithmParameters algP = cipher.getParameters();
PBES2Parameters algParams;
if (algP != null) {
algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
} else {
algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm));
}
encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
}
} else {
throw new OperatorCreationException("unrecognised algorithm");
}
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return encryptionAlg;
}
public OutputStream getOutputStream(OutputStream out) {
return new CipherOutputStream(out, cipher);
}
public GenericKey getKey() {
if (isPKCS12(encryptionAlg.getAlgorithm())) {
return new GenericKey(encryptionAlg, PKCS12PasswordToBytes(password));
} else {
return new GenericKey(encryptionAlg, PKCS5PasswordToBytes(password));
}
}
};
} catch (Exception e) {
throw new OperatorCreationException("unable to create OutputEncryptor: " + e.getMessage(), e);
}
}
Aggregations