Search in sources :

Example 1 with CCMParameters

use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method decryptData.

private byte[] decryptData(String purpose, AlgorithmIdentifier protectAlgId, char[] password, byte[] encryptedData) throws IOException {
    if (!protectAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2)) {
        throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
    }
    PBES2Parameters pbes2Parameters = PBES2Parameters.getInstance(protectAlgId.getParameters());
    EncryptionScheme algId = pbes2Parameters.getEncryptionScheme();
    try {
        Cipher c;
        AlgorithmParameters algParams;
        if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_CCM)) {
            c = helper.createCipher("AES/CCM/NoPadding");
            algParams = helper.createAlgorithmParameters("CCM");
            CCMParameters ccmParameters = CCMParameters.getInstance(algId.getParameters());
            algParams.init(ccmParameters.getEncoded());
        } else if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_wrap_pad)) {
            c = helper.createCipher("AESKWP");
            algParams = null;
        } else {
            throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
        }
        byte[] keyBytes = generateKey(pbes2Parameters.getKeyDerivationFunc(), purpose, ((password != null) ? password : new char[0]), 32);
        c.init(Cipher.DECRYPT_MODE, new SecretKeySpec(keyBytes, "AES"), algParams);
        byte[] rv = c.doFinal(encryptedData);
        return rv;
    } catch (IOException e) {
        throw e;
    } catch (Exception e) {
        throw new IOException(e.toString());
    }
}
Also used : PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) SecretKeySpec(javax.crypto.spec.SecretKeySpec) IOException(java.io.IOException) Cipher(javax.crypto.Cipher) CCMParameters(com.github.zhenwei.core.internal.asn1.cms.CCMParameters) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ParseException(java.text.ParseException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) AlgorithmParameters(java.security.AlgorithmParameters)

Example 2 with CCMParameters

use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.

the class CipherFactory method createContentCipher.

/**
 * Create a content cipher for encrypting bulk data.
 *
 * @param forEncryption   true if the cipher is for encryption, false otherwise.
 * @param encKey          the basic key to use.
 * @param encryptionAlgID identifying algorithm OID and parameters to use.
 * @return a StreamCipher or a BufferedBlockCipher depending on the algorithm.
 * @throws IllegalArgumentException
 */
public static Object createContentCipher(boolean forEncryption, CipherParameters encKey, AlgorithmIdentifier encryptionAlgID) throws IllegalArgumentException {
    ASN1ObjectIdentifier encAlg = encryptionAlgID.getAlgorithm();
    if (encAlg.equals(PKCSObjectIdentifiers.rc4)) {
        StreamCipher cipher = new RC4Engine();
        cipher.init(forEncryption, encKey);
        return cipher;
    } else if (encAlg.equals(NISTObjectIdentifiers.id_aes128_GCM) || encAlg.equals(NISTObjectIdentifiers.id_aes192_GCM) || encAlg.equals(NISTObjectIdentifiers.id_aes256_GCM)) {
        AEADBlockCipher cipher = createAEADCipher(encryptionAlgID.getAlgorithm());
        GCMParameters gcmParameters = GCMParameters.getInstance(encryptionAlgID.getParameters());
        if (!(encKey instanceof KeyParameter)) {
            throw new IllegalArgumentException("key data must be accessible for GCM operation");
        }
        AEADParameters aeadParameters = new AEADParameters((KeyParameter) encKey, gcmParameters.getIcvLen() * 8, gcmParameters.getNonce());
        cipher.init(forEncryption, aeadParameters);
        return cipher;
    } else if (encAlg.equals(NISTObjectIdentifiers.id_aes128_CCM) || encAlg.equals(NISTObjectIdentifiers.id_aes192_CCM) || encAlg.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
        AEADBlockCipher cipher = createAEADCipher(encryptionAlgID.getAlgorithm());
        CCMParameters ccmParameters = CCMParameters.getInstance(encryptionAlgID.getParameters());
        if (!(encKey instanceof KeyParameter)) {
            throw new IllegalArgumentException("key data must be accessible for GCM operation");
        }
        AEADParameters aeadParameters = new AEADParameters((KeyParameter) encKey, ccmParameters.getIcvLen() * 8, ccmParameters.getNonce());
        cipher.init(forEncryption, aeadParameters);
        return cipher;
    } else {
        BufferedBlockCipher cipher = createCipher(encryptionAlgID.getAlgorithm());
        ASN1Primitive sParams = encryptionAlgID.getParameters().toASN1Primitive();
        if (sParams != null && !(sParams instanceof ASN1Null)) {
            if (encAlg.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encAlg.equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes128_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes192_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes256_CBC) || encAlg.equals(NTTObjectIdentifiers.id_camellia128_cbc) || encAlg.equals(NTTObjectIdentifiers.id_camellia192_cbc) || encAlg.equals(NTTObjectIdentifiers.id_camellia256_cbc) || encAlg.equals(KISAObjectIdentifiers.id_seedCBC) || encAlg.equals(OIWObjectIdentifiers.desCBC)) {
                cipher.init(forEncryption, new ParametersWithIV(encKey, ASN1OctetString.getInstance(sParams).getOctets()));
            } else if (encAlg.equals(AlgorithmIdentifierFactory.CAST5_CBC)) {
                CAST5CBCParameters cbcParams = CAST5CBCParameters.getInstance(sParams);
                cipher.init(forEncryption, new ParametersWithIV(encKey, cbcParams.getIV()));
            } else if (encAlg.equals(PKCSObjectIdentifiers.RC2_CBC)) {
                RC2CBCParameter cbcParams = RC2CBCParameter.getInstance(sParams);
                cipher.init(forEncryption, new ParametersWithIV(new RC2Parameters(((KeyParameter) encKey).getKey(), rc2Ekb[cbcParams.getRC2ParameterVersion().intValue()]), cbcParams.getIV()));
            } else {
                throw new IllegalArgumentException("cannot match parameters");
            }
        } else {
            if (encAlg.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encAlg.equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.equals(AlgorithmIdentifierFactory.CAST5_CBC)) {
                cipher.init(forEncryption, new ParametersWithIV(encKey, new byte[8]));
            } else {
                cipher.init(forEncryption, encKey);
            }
        }
        return cipher;
    }
}
Also used : RC2Parameters(com.github.zhenwei.core.crypto.params.RC2Parameters) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) CAST5CBCParameters(com.github.zhenwei.core.asn1.misc.CAST5CBCParameters) CCMParameters(com.github.zhenwei.core.internal.asn1.cms.CCMParameters) RC2CBCParameter(com.github.zhenwei.core.asn1.pkcs.RC2CBCParameter) ParametersWithIV(com.github.zhenwei.core.crypto.params.ParametersWithIV) GCMParameters(com.github.zhenwei.core.internal.asn1.cms.GCMParameters) AEADParameters(com.github.zhenwei.core.crypto.params.AEADParameters) BufferedBlockCipher(com.github.zhenwei.core.crypto.BufferedBlockCipher) PaddedBufferedBlockCipher(com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher) StreamCipher(com.github.zhenwei.core.crypto.StreamCipher) ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) RC4Engine(com.github.zhenwei.core.crypto.engines.RC4Engine) AEADBlockCipher(com.github.zhenwei.core.crypto.modes.AEADBlockCipher) ASN1Null(com.github.zhenwei.core.asn1.ASN1Null)

Example 3 with CCMParameters

use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.

the class AlgorithmIdentifierFactory method generateEncryptionAlgID.

/**
 * Create an AlgorithmIdentifier for the passed in encryption algorithm.
 *
 * @param encryptionOID OID for the encryption algorithm
 * @param keySize       key size in bits (-1 if unknown)
 * @param random        SecureRandom to use for parameter generation.
 * @return a full AlgorithmIdentifier including parameters
 * @throws IllegalArgumentException if encryptionOID cannot be matched
 */
public static AlgorithmIdentifier generateEncryptionAlgID(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) throws IllegalArgumentException {
    if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_CBC) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_CBC) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_CBC) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia128_cbc) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia192_cbc) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia256_cbc) || encryptionOID.equals(KISAObjectIdentifiers.id_seedCBC)) {
        byte[] iv = new byte[16];
        random.nextBytes(iv);
        return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv));
    } else if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_GCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_GCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_GCM)) {
        byte[] iv = new byte[12];
        random.nextBytes(iv);
        return new AlgorithmIdentifier(encryptionOID, new GCMParameters(iv, 16));
    } else if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_CCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_CCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
        byte[] iv = new byte[8];
        random.nextBytes(iv);
        return new AlgorithmIdentifier(encryptionOID, new CCMParameters(iv, 16));
    } else if (encryptionOID.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encryptionOID.equals(IDEA_CBC) || encryptionOID.equals(OIWObjectIdentifiers.desCBC)) {
        byte[] iv = new byte[8];
        random.nextBytes(iv);
        return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv));
    } else if (encryptionOID.equals(CAST5_CBC)) {
        byte[] iv = new byte[8];
        random.nextBytes(iv);
        CAST5CBCParameters cbcParams = new CAST5CBCParameters(iv, keySize);
        return new AlgorithmIdentifier(encryptionOID, cbcParams);
    } else if (encryptionOID.equals(PKCSObjectIdentifiers.rc4)) {
        return new AlgorithmIdentifier(encryptionOID, DERNull.INSTANCE);
    } else if (encryptionOID.equals(PKCSObjectIdentifiers.RC2_CBC)) {
        byte[] iv = new byte[8];
        random.nextBytes(iv);
        RC2CBCParameter cbcParams = new RC2CBCParameter(rc2Table[128], iv);
        return new AlgorithmIdentifier(encryptionOID, cbcParams);
    } else {
        throw new IllegalArgumentException("unable to match algorithm");
    }
}
Also used : GCMParameters(com.github.zhenwei.core.internal.asn1.cms.GCMParameters) CAST5CBCParameters(com.github.zhenwei.core.asn1.misc.CAST5CBCParameters) CCMParameters(com.github.zhenwei.core.internal.asn1.cms.CCMParameters) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) RC2CBCParameter(com.github.zhenwei.core.asn1.pkcs.RC2CBCParameter) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Aggregations

CCMParameters (com.github.zhenwei.core.internal.asn1.cms.CCMParameters)3 CAST5CBCParameters (com.github.zhenwei.core.asn1.misc.CAST5CBCParameters)2 RC2CBCParameter (com.github.zhenwei.core.asn1.pkcs.RC2CBCParameter)2 GCMParameters (com.github.zhenwei.core.internal.asn1.cms.GCMParameters)2 ASN1Null (com.github.zhenwei.core.asn1.ASN1Null)1 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1 ASN1Primitive (com.github.zhenwei.core.asn1.ASN1Primitive)1 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1 EncryptionScheme (com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)1 PBES2Parameters (com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)1 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)1 BufferedBlockCipher (com.github.zhenwei.core.crypto.BufferedBlockCipher)1 StreamCipher (com.github.zhenwei.core.crypto.StreamCipher)1 RC4Engine (com.github.zhenwei.core.crypto.engines.RC4Engine)1 AEADBlockCipher (com.github.zhenwei.core.crypto.modes.AEADBlockCipher)1 PaddedBufferedBlockCipher (com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher)1 AEADParameters (com.github.zhenwei.core.crypto.params.AEADParameters)1 KeyParameter (com.github.zhenwei.core.crypto.params.KeyParameter)1 ParametersWithIV (com.github.zhenwei.core.crypto.params.ParametersWithIV)1 RC2Parameters (com.github.zhenwei.core.crypto.params.RC2Parameters)1