Example 1 with CCMParameters
use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method decryptData.
private byte[] decryptData(String purpose, AlgorithmIdentifier protectAlgId, char[] password, byte[] encryptedData) throws IOException {
if (!protectAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2)) {
throw new IOException("BCFKS KeyStore cannot recognize protection algorithm.");
}
PBES2Parameters pbes2Parameters = PBES2Parameters.getInstance(protectAlgId.getParameters());
EncryptionScheme algId = pbes2Parameters.getEncryptionScheme();
try {
Cipher c;
AlgorithmParameters algParams;
if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_CCM)) {
c = helper.createCipher("AES/CCM/NoPadding");
algParams = helper.createAlgorithmParameters("CCM");
CCMParameters ccmParameters = CCMParameters.getInstance(algId.getParameters());
algParams.init(ccmParameters.getEncoded());
} else if (algId.getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_wrap_pad)) {
c = helper.createCipher("AESKWP");
algParams = null;
} else {
throw new IOException("BCFKS KeyStore cannot recognize protection encryption algorithm.");
}
byte[] keyBytes = generateKey(pbes2Parameters.getKeyDerivationFunc(), purpose, ((password != null) ? password : new char[0]), 32);
c.init(Cipher.DECRYPT_MODE, new SecretKeySpec(keyBytes, "AES"), algParams);
byte[] rv = c.doFinal(encryptedData);
return rv;
} catch (IOException e) {
throw e;
} catch (Exception e) {
throw new IOException(e.toString());
}
}
Also used :
PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)
EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
IOException(java.io.IOException)
Cipher(javax.crypto.Cipher)
CCMParameters(com.github.zhenwei.core.internal.asn1.cms.CCMParameters)
KeyStoreException(java.security.KeyStoreException)
GeneralSecurityException(java.security.GeneralSecurityException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
ParseException(java.text.ParseException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchProviderException(java.security.NoSuchProviderException)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 2 with CCMParameters
use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.
the class CipherFactory method createContentCipher.
/**
* Create a content cipher for encrypting bulk data.
*
* @param forEncryption true if the cipher is for encryption, false otherwise.
* @param encKey the basic key to use.
* @param encryptionAlgID identifying algorithm OID and parameters to use.
* @return a StreamCipher or a BufferedBlockCipher depending on the algorithm.
* @throws IllegalArgumentException
*/
public static Object createContentCipher(boolean forEncryption, CipherParameters encKey, AlgorithmIdentifier encryptionAlgID) throws IllegalArgumentException {
ASN1ObjectIdentifier encAlg = encryptionAlgID.getAlgorithm();
if (encAlg.equals(PKCSObjectIdentifiers.rc4)) {
StreamCipher cipher = new RC4Engine();
cipher.init(forEncryption, encKey);
return cipher;
} else if (encAlg.equals(NISTObjectIdentifiers.id_aes128_GCM) || encAlg.equals(NISTObjectIdentifiers.id_aes192_GCM) || encAlg.equals(NISTObjectIdentifiers.id_aes256_GCM)) {
AEADBlockCipher cipher = createAEADCipher(encryptionAlgID.getAlgorithm());
GCMParameters gcmParameters = GCMParameters.getInstance(encryptionAlgID.getParameters());
if (!(encKey instanceof KeyParameter)) {
throw new IllegalArgumentException("key data must be accessible for GCM operation");
}
AEADParameters aeadParameters = new AEADParameters((KeyParameter) encKey, gcmParameters.getIcvLen() * 8, gcmParameters.getNonce());
cipher.init(forEncryption, aeadParameters);
return cipher;
} else if (encAlg.equals(NISTObjectIdentifiers.id_aes128_CCM) || encAlg.equals(NISTObjectIdentifiers.id_aes192_CCM) || encAlg.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
AEADBlockCipher cipher = createAEADCipher(encryptionAlgID.getAlgorithm());
CCMParameters ccmParameters = CCMParameters.getInstance(encryptionAlgID.getParameters());
if (!(encKey instanceof KeyParameter)) {
throw new IllegalArgumentException("key data must be accessible for GCM operation");
}
AEADParameters aeadParameters = new AEADParameters((KeyParameter) encKey, ccmParameters.getIcvLen() * 8, ccmParameters.getNonce());
cipher.init(forEncryption, aeadParameters);
return cipher;
} else {
BufferedBlockCipher cipher = createCipher(encryptionAlgID.getAlgorithm());
ASN1Primitive sParams = encryptionAlgID.getParameters().toASN1Primitive();
if (sParams != null && !(sParams instanceof ASN1Null)) {
if (encAlg.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encAlg.equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes128_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes192_CBC) || encAlg.equals(NISTObjectIdentifiers.id_aes256_CBC) || encAlg.equals(NTTObjectIdentifiers.id_camellia128_cbc) || encAlg.equals(NTTObjectIdentifiers.id_camellia192_cbc) || encAlg.equals(NTTObjectIdentifiers.id_camellia256_cbc) || encAlg.equals(KISAObjectIdentifiers.id_seedCBC) || encAlg.equals(OIWObjectIdentifiers.desCBC)) {
cipher.init(forEncryption, new ParametersWithIV(encKey, ASN1OctetString.getInstance(sParams).getOctets()));
} else if (encAlg.equals(AlgorithmIdentifierFactory.CAST5_CBC)) {
CAST5CBCParameters cbcParams = CAST5CBCParameters.getInstance(sParams);
cipher.init(forEncryption, new ParametersWithIV(encKey, cbcParams.getIV()));
} else if (encAlg.equals(PKCSObjectIdentifiers.RC2_CBC)) {
RC2CBCParameter cbcParams = RC2CBCParameter.getInstance(sParams);
cipher.init(forEncryption, new ParametersWithIV(new RC2Parameters(((KeyParameter) encKey).getKey(), rc2Ekb[cbcParams.getRC2ParameterVersion().intValue()]), cbcParams.getIV()));
} else {
throw new IllegalArgumentException("cannot match parameters");
}
} else {
if (encAlg.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encAlg.equals(AlgorithmIdentifierFactory.IDEA_CBC) || encAlg.equals(AlgorithmIdentifierFactory.CAST5_CBC)) {
cipher.init(forEncryption, new ParametersWithIV(encKey, new byte[8]));
} else {
cipher.init(forEncryption, encKey);
}
}
return cipher;
}
}
Also used :
RC2Parameters(com.github.zhenwei.core.crypto.params.RC2Parameters)
KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter)
CAST5CBCParameters(com.github.zhenwei.core.asn1.misc.CAST5CBCParameters)
CCMParameters(com.github.zhenwei.core.internal.asn1.cms.CCMParameters)
RC2CBCParameter(com.github.zhenwei.core.asn1.pkcs.RC2CBCParameter)
ParametersWithIV(com.github.zhenwei.core.crypto.params.ParametersWithIV)
GCMParameters(com.github.zhenwei.core.internal.asn1.cms.GCMParameters)
AEADParameters(com.github.zhenwei.core.crypto.params.AEADParameters)
BufferedBlockCipher(com.github.zhenwei.core.crypto.BufferedBlockCipher)
PaddedBufferedBlockCipher(com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher)
StreamCipher(com.github.zhenwei.core.crypto.StreamCipher)
ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
RC4Engine(com.github.zhenwei.core.crypto.engines.RC4Engine)
AEADBlockCipher(com.github.zhenwei.core.crypto.modes.AEADBlockCipher)
ASN1Null(com.github.zhenwei.core.asn1.ASN1Null)
Example 3 with CCMParameters
use of com.github.zhenwei.core.internal.asn1.cms.CCMParameters in project LinLong-Java by zhenwei1108.
the class AlgorithmIdentifierFactory method generateEncryptionAlgID.
/**
* Create an AlgorithmIdentifier for the passed in encryption algorithm.
*
* @param encryptionOID OID for the encryption algorithm
* @param keySize key size in bits (-1 if unknown)
* @param random SecureRandom to use for parameter generation.
* @return a full AlgorithmIdentifier including parameters
* @throws IllegalArgumentException if encryptionOID cannot be matched
*/
public static AlgorithmIdentifier generateEncryptionAlgID(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) throws IllegalArgumentException {
if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_CBC) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_CBC) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_CBC) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia128_cbc) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia192_cbc) || encryptionOID.equals(NTTObjectIdentifiers.id_camellia256_cbc) || encryptionOID.equals(KISAObjectIdentifiers.id_seedCBC)) {
byte[] iv = new byte[16];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv));
} else if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_GCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_GCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_GCM)) {
byte[] iv = new byte[12];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new GCMParameters(iv, 16));
} else if (encryptionOID.equals(NISTObjectIdentifiers.id_aes128_CCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes192_CCM) || encryptionOID.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new CCMParameters(iv, 16));
} else if (encryptionOID.equals(PKCSObjectIdentifiers.des_EDE3_CBC) || encryptionOID.equals(IDEA_CBC) || encryptionOID.equals(OIWObjectIdentifiers.desCBC)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
return new AlgorithmIdentifier(encryptionOID, new DEROctetString(iv));
} else if (encryptionOID.equals(CAST5_CBC)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
CAST5CBCParameters cbcParams = new CAST5CBCParameters(iv, keySize);
return new AlgorithmIdentifier(encryptionOID, cbcParams);
} else if (encryptionOID.equals(PKCSObjectIdentifiers.rc4)) {
return new AlgorithmIdentifier(encryptionOID, DERNull.INSTANCE);
} else if (encryptionOID.equals(PKCSObjectIdentifiers.RC2_CBC)) {
byte[] iv = new byte[8];
random.nextBytes(iv);
RC2CBCParameter cbcParams = new RC2CBCParameter(rc2Table[128], iv);
return new AlgorithmIdentifier(encryptionOID, cbcParams);
} else {
throw new IllegalArgumentException("unable to match algorithm");
}
}
Also used :
GCMParameters(com.github.zhenwei.core.internal.asn1.cms.GCMParameters)
CAST5CBCParameters(com.github.zhenwei.core.asn1.misc.CAST5CBCParameters)
CCMParameters(com.github.zhenwei.core.internal.asn1.cms.CCMParameters)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
RC2CBCParameter(com.github.zhenwei.core.asn1.pkcs.RC2CBCParameter)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Aggregations
CCMParameters (com.github.zhenwei.core.internal.asn1.cms.CCMParameters)3
CAST5CBCParameters (com.github.zhenwei.core.asn1.misc.CAST5CBCParameters)2
RC2CBCParameter (com.github.zhenwei.core.asn1.pkcs.RC2CBCParameter)2
GCMParameters (com.github.zhenwei.core.internal.asn1.cms.GCMParameters)2
ASN1Null (com.github.zhenwei.core.asn1.ASN1Null)1
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1
ASN1Primitive (com.github.zhenwei.core.asn1.ASN1Primitive)1
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1
EncryptionScheme (com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)1
PBES2Parameters (com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)1
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)1
BufferedBlockCipher (com.github.zhenwei.core.crypto.BufferedBlockCipher)1
StreamCipher (com.github.zhenwei.core.crypto.StreamCipher)1
RC4Engine (com.github.zhenwei.core.crypto.engines.RC4Engine)1
AEADBlockCipher (com.github.zhenwei.core.crypto.modes.AEADBlockCipher)1
PaddedBufferedBlockCipher (com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher)1
AEADParameters (com.github.zhenwei.core.crypto.params.AEADParameters)1
KeyParameter (com.github.zhenwei.core.crypto.params.KeyParameter)1
ParametersWithIV (com.github.zhenwei.core.crypto.params.ParametersWithIV)1
RC2Parameters (com.github.zhenwei.core.crypto.params.RC2Parameters)1
