use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method decryptData.
private byte[] decryptData(String purpose, AlgorithmIdentifier protectAlgId, char[] password, byte[] encryptedData) throws IOException {
if (!protectAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2)) {
throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
}
PBES2Parameters pbes2Parameters = PBES2Parameters.getInstance(protectAlgId.getParameters());
EncryptionScheme algId = pbes2Parameters.getEncryptionScheme();
try {
Cipher c;
AlgorithmParameters algParams;
if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_CCM)) {
c = helper.createCipher("AES/CCM/NoPadding");
algParams = helper.createAlgorithmParameters("CCM");
CCMParameters ccmParameters = CCMParameters.getInstance(algId.getParameters());
algParams.init(ccmParameters.getEncoded());
} else if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_wrap_pad)) {
c = helper.createCipher("AESKWP");
algParams = null;
} else {
throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
}
byte[] keyBytes = generateKey(pbes2Parameters.getKeyDerivationFunc(), purpose, ((password != null) ? password : new char[0]), 32);
c.init(Cipher.DECRYPT_MODE, new SecretKeySpec(keyBytes, "AES"), algParams);
byte[] rv = c.doFinal(encryptedData);
return rv;
} catch (IOException e) {
throw e;
} catch (Exception e) {
throw new IOException(e.toString());
}
}
use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.
the class CipherFactory method createContentCipher.
/**
* Create a content cipher for encrypting bulk data.
*
* @param forEncryption true if the cipher is for encryption, false otherwise.
* @param encKey the basic key to use.
* @param encryptionAlgID identifying algorithm OID and parameters to use.
* @return a StreamCipher or a BufferedBlockCipher depending on the algorithm.
* @throws IllegalArgumentException
*/
public static Object createContentCipher(boolean forEncryption, CipherParameters encKey, AlgorithmIdentifier encryptionAlgID) throws IllegalArgumentException {
ASN1ObjectIdentifier encAlg = encryptionAlgID.getAlgorithm();
if (encAlg.equals(PKCSObjectIdentifiers.rc4)) {
StreamCipher cipher = new RC4Engine();
cipher.init(forEncryption, encKey);
return cipher;
} else if (encAlg.equals(NISTObjectIdentifiers.id_aes128_GCM) || encAlg.equals(NISTObjectIdentifiers.id_aes192_GCM) || encAlg.equals(NISTObjectIdentifiers.id_aes256_GCM)) {
AEADBlockCipher cipher = createAEADCipher(encryptionAlgID.getAlgorithm());
GCMParameters gcmParameters = GCMParameters.getInstance(encryptionAlgID.getParameters());
if (!(encKey instanceof KeyParameter)) {
throw new IllegalArgumentException("key data must be accessible for GCM operation");
}
AEADParameters aeadParameters = new AEADParameters((KeyParameter) encKey, gcmParameters.getIcvLen() * 8, gcmParameters.getNonce());
cipher.init(forEncryption, aeadParameters);
return cipher;
} else if (encAlg.equals(NISTObjectIdentifiers.id_aes128_CCM) || encAlg.equals(NISTObjectIdentifiers.id_aes192_CCM) || encAlg.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
AEADBlockCipher cipher = createAEADCipher(encryptionAlgID.getAlgorithm());
CCMParameters ccmParameters = CCMParameters.getInstance(encryptionAlgID.getParameters());
if (!(encKey instanceof KeyParameter)) {
throw new IllegalArgumentException("key data must be accessible for GCM operation");
}
AEADParameters aeadParameters = new AEADParameters((KeyParameter) encKey, ccmParameters.getIcvLen() * 8, ccmParameters.getNonce());
cipher.init(forEncryption, aeadParameters);
return cipher;
} else {
BufferedBlockCipher cipher = createCipher(encryptionAlgID.getAlgorithm());
ASN1Primitive sParams = encryptionAlgID.getParameters().toASN1Primitive();
if (sParams != null && !(sParams instanceof ASN1Null)) {
if (encAlg.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encAlg.equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes128_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes192_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes256_CBC) || encAlg.equals(NTTObjectIdentifiers.id_camellia128_cbc) || encAlg.equals(NTTObjectIdentifiers.id_camellia192_cbc) || encAlg.equals(NTTObjectIdentifiers.id_camellia256_cbc) || encAlg.equals(KISAObjectIdentifiers.id_seedCBC) || encAlg.equals(OIWObjectIdentifiers.desCBC)) {
cipher.init(forEncryption, new ParametersWithIV(encKey, ASN1OctetString.getInstance(sParams).getOctets()));
} else if (encAlg.equals(AlgorithmIdentifierFactory.CAST5_CBC)) {
CAST5CBCParameters cbcParams = CAST5CBCParameters.getInstance(sParams);
cipher.init(forEncryption, new ParametersWithIV(encKey, cbcParams.getIV()));
} else if (encAlg.equals(PKCSObjectIdentifiers.RC2_CBC)) {
RC2CBCParameter cbcParams = RC2CBCParameter.getInstance(sParams);
cipher.init(forEncryption, new ParametersWithIV(new RC2Parameters(((KeyParameter) encKey).getKey(), rc2Ekb[cbcParams.getRC2ParameterVersion().intValue()]), cbcParams.getIV()));
} else {
throw new IllegalArgumentException("cannot match parameters");
}
} else {
if (encAlg.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encAlg.equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.equals(AlgorithmIdentifierFactory.CAST5_CBC)) {
cipher.init(forEncryption, new ParametersWithIV(encKey, new byte[8]));
} else {
cipher.init(forEncryption, encKey);
}
}
return cipher;
}
}
use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.
the class AlgorithmIdentifierFactory method generateEncryptionAlgID.
/**
* Create an AlgorithmIdentifier for the passed in encryption algorithm.
*
* @param encryptionOID OID for the encryption algorithm
* @param keySize key size in bits (-1 if unknown)
* @param random SecureRandom to use for parameter generation.
* @return a full AlgorithmIdentifier including parameters
* @throws IllegalArgumentException if encryptionOID cannot be matched
*/
public static AlgorithmIdentifier generateEncryptionAlgID(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) throws IllegalArgumentException {
if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_CBC) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_CBC) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_CBC) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia128_cbc) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia192_cbc) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia256_cbc) || encryptionOID.equals(KISAObjectIdentifiers.id_seedCBC)) {
byte[] iv = new byte[16];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv));
} else if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_GCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_GCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_GCM)) {
byte[] iv = new byte[12];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new GCMParameters(iv, 16));
} else if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_CCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_CCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new CCMParameters(iv, 16));
} else if (encryptionOID.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encryptionOID.equals(IDEA_CBC) || encryptionOID.equals(OIWObjectIdentifiers.desCBC)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv));
} else if (encryptionOID.equals(CAST5_CBC)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
CAST5CBCParameters cbcParams = new CAST5CBCParameters(iv, keySize);
return new AlgorithmIdentifier(encryptionOID, cbcParams);
} else if (encryptionOID.equals(PKCSObjectIdentifiers.rc4)) {
return new AlgorithmIdentifier(encryptionOID, DERNull.INSTANCE);
} else if (encryptionOID.equals(PKCSObjectIdentifiers.RC2_CBC)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
RC2CBCParameter cbcParams = new RC2CBCParameter(rc2Table[128], iv);
return new AlgorithmIdentifier(encryptionOID, cbcParams);
} else {
throw new IllegalArgumentException("unable to match algorithm");
}
}
Aggregations