use of com.github.zhenwei.pkix.openssl.PEMException in project LinLong-Java by zhenwei1108.
the class PEMUtilities method getKey.
private static SecretKey getKey(JcaJceHelper helper, char[] password, String algorithm, int keyLength, byte[] salt, boolean des2) throws PEMException {
try {
PBEKeySpec spec = new PBEKeySpec(password, salt, 1, keyLength * 8);
SecretKeyFactory keyFactory = helper.createSecretKeyFactory("PBKDF-OpenSSL");
byte[] key = keyFactory.generateSecret(spec).getEncoded();
if (des2 && key.length >= 24) {
// For DES2, we must copy first 8 bytes into the last 8 bytes.
System.arraycopy(key, 0, key, 16, 8);
}
return new SecretKeySpec(key, algorithm);
} catch (GeneralSecurityException e) {
throw new PEMException("Unable to create OpenSSL PBDKF: " + e.getMessage(), e);
}
}
use of com.github.zhenwei.pkix.openssl.PEMException in project LinLong-Java by zhenwei1108.
the class PEMUtilities method crypt.
static byte[] crypt(boolean encrypt, JcaJceHelper helper, byte[] bytes, char[] password, String dekAlgName, byte[] iv) throws PEMException {
AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
String alg;
String blockMode = "CBC";
String padding = "PKCS5Padding";
Key sKey;
// Figure out block mode and padding.
if (dekAlgName.endsWith("-CFB")) {
blockMode = "CFB";
padding = "NoPadding";
}
if (dekAlgName.endsWith("-ECB") || "DES-EDE".equals(dekAlgName) || "DES-EDE3".equals(dekAlgName)) {
// ECB is actually the default (though seldom used) when OpenSSL
// uses DES-EDE (des2) or DES-EDE3 (des3).
blockMode = "ECB";
paramSpec = null;
}
if (dekAlgName.endsWith("-OFB")) {
blockMode = "OFB";
padding = "NoPadding";
}
// Figure out algorithm and key size.
if (dekAlgName.startsWith("DES-EDE")) {
alg = "DESede";
// "DES-EDE" is actually des2 in OpenSSL-speak!
// "DES-EDE3" is des3.
boolean des2 = !dekAlgName.startsWith("DES-EDE3");
sKey = getKey(helper, password, alg, 24, iv, des2);
} else if (dekAlgName.startsWith("DES-")) {
alg = "DES";
sKey = getKey(helper, password, alg, 8, iv);
} else if (dekAlgName.startsWith("BF-")) {
alg = "Blowfish";
sKey = getKey(helper, password, alg, 16, iv);
} else if (dekAlgName.startsWith("RC2-")) {
alg = "RC2";
int keyBits = 128;
if (dekAlgName.startsWith("RC2-40-")) {
keyBits = 40;
} else if (dekAlgName.startsWith("RC2-64-")) {
keyBits = 64;
}
sKey = getKey(helper, password, alg, keyBits / 8, iv);
if (// ECB block mode
paramSpec == null) {
paramSpec = new RC2ParameterSpec(keyBits);
} else {
paramSpec = new RC2ParameterSpec(keyBits, iv);
}
} else if (dekAlgName.startsWith("AES-")) {
alg = "AES";
byte[] salt = iv;
if (salt.length > 8) {
salt = new byte[8];
System.arraycopy(iv, 0, salt, 0, 8);
}
int keyBits;
if (dekAlgName.startsWith("AES-128-")) {
keyBits = 128;
} else if (dekAlgName.startsWith("AES-192-")) {
keyBits = 192;
} else if (dekAlgName.startsWith("AES-256-")) {
keyBits = 256;
} else {
throw new EncryptionException("unknown AES encryption with private key");
}
sKey = getKey(helper, password, "AES", keyBits / 8, salt);
} else {
throw new EncryptionException("unknown encryption with private key");
}
String transformation = alg + "/" + blockMode + "/" + padding;
try {
Cipher c = helper.createCipher(transformation);
int mode = encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
if (// ECB block mode
paramSpec == null) {
c.init(mode, sKey);
} else {
c.init(mode, sKey, paramSpec);
}
return c.doFinal(bytes);
} catch (Exception e) {
throw new EncryptionException("exception using cipher - please check password and data.", e);
}
}
use of com.github.zhenwei.pkix.openssl.PEMException in project LinLong-Java by zhenwei1108.
the class PEMUtilities method crypt.
static byte[] crypt(boolean encrypt, byte[] bytes, char[] password, String dekAlgName, byte[] iv) throws PEMException {
byte[] ivValue = iv;
String blockMode = "CBC";
BlockCipher engine;
BlockCipherPadding padding = new PKCS7Padding();
KeyParameter sKey;
// Figure out block mode and padding.
if (dekAlgName.endsWith("-CFB")) {
blockMode = "CFB";
padding = null;
}
if (dekAlgName.endsWith("-ECB") || "DES-EDE".equals(dekAlgName) || "DES-EDE3".equals(dekAlgName)) {
// ECB is actually the default (though seldom used) when OpenSSL
// uses DES-EDE (des2) or DES-EDE3 (des3).
blockMode = "ECB";
ivValue = null;
}
if (dekAlgName.endsWith("-OFB")) {
blockMode = "OFB";
padding = null;
}
// Figure out algorithm and key size.
if (dekAlgName.startsWith("DES-EDE")) {
// "DES-EDE" is actually des2 in OpenSSL-speak!
// "DES-EDE3" is des3.
boolean des2 = !dekAlgName.startsWith("DES-EDE3");
sKey = getKey(password, 24, iv, des2);
engine = new DESedeEngine();
} else if (dekAlgName.startsWith("DES-")) {
sKey = getKey(password, 8, iv);
engine = new DESEngine();
} else if (dekAlgName.startsWith("BF-")) {
sKey = getKey(password, 16, iv);
engine = new BlowfishEngine();
} else if (dekAlgName.startsWith("RC2-")) {
int keyBits = 128;
if (dekAlgName.startsWith("RC2-40-")) {
keyBits = 40;
} else if (dekAlgName.startsWith("RC2-64-")) {
keyBits = 64;
}
sKey = new RC2Parameters(getKey(password, keyBits / 8, iv).getKey(), keyBits);
;
engine = new RC2Engine();
} else if (dekAlgName.startsWith("AES-")) {
byte[] salt = iv;
if (salt.length > 8) {
salt = new byte[8];
System.arraycopy(iv, 0, salt, 0, 8);
}
int keyBits;
if (dekAlgName.startsWith("AES-128-")) {
keyBits = 128;
} else if (dekAlgName.startsWith("AES-192-")) {
keyBits = 192;
} else if (dekAlgName.startsWith("AES-256-")) {
keyBits = 256;
} else {
throw new EncryptionException("unknown AES encryption with private key: " + dekAlgName);
}
sKey = getKey(password, keyBits / 8, salt);
engine = new AESEngine();
} else {
throw new EncryptionException("unknown encryption with private key: " + dekAlgName);
}
if (blockMode.equals("CBC")) {
engine = new CBCBlockCipher(engine);
} else if (blockMode.equals("CFB")) {
engine = new CFBBlockCipher(engine, engine.getBlockSize() * 8);
} else if (blockMode.equals("OFB")) {
engine = new OFBBlockCipher(engine, engine.getBlockSize() * 8);
}
try {
BufferedBlockCipher c;
if (padding == null) {
c = new BufferedBlockCipher(engine);
} else {
c = new PaddedBufferedBlockCipher(engine, padding);
}
if (// ECB block mode
ivValue == null) {
c.init(encrypt, sKey);
} else {
c.init(encrypt, new ParametersWithIV(sKey, ivValue));
}
byte[] out = new byte[c.getOutputSize(bytes.length)];
int procLen = c.processBytes(bytes, 0, bytes.length, out, 0);
procLen += c.doFinal(out, procLen);
if (procLen == out.length) {
return out;
} else {
byte[] rv = new byte[procLen];
System.arraycopy(out, 0, rv, 0, procLen);
return rv;
}
} catch (Exception e) {
throw new EncryptionException("exception using cipher - please check password and data.", e);
}
}
use of com.github.zhenwei.pkix.openssl.PEMException in project LinLong-Java by zhenwei1108.
the class JceOpenSSLPKCS8DecryptorProviderBuilder method build.
public InputDecryptorProvider build(final char[] password) throws OperatorCreationException {
return new InputDecryptorProvider() {
public InputDecryptor get(final AlgorithmIdentifier algorithm) throws OperatorCreationException {
final Cipher cipher;
try {
if (PEMUtilities.isPKCS5Scheme2(algorithm.getAlgorithm())) {
PBES2Parameters params = PBES2Parameters.getInstance(algorithm.getParameters());
KeyDerivationFunc func = params.getKeyDerivationFunc();
EncryptionScheme scheme = params.getEncryptionScheme();
PBKDF2Params defParams = (PBKDF2Params) func.getParameters();
int iterationCount = defParams.getIterationCount().intValue();
byte[] salt = defParams.getSalt();
String oid = scheme.getAlgorithm().getId();
SecretKey key;
if (PEMUtilities.isHmacSHA1(defParams.getPrf())) {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount);
} else {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount, defParams.getPrf());
}
cipher = helper.createCipher(oid);
AlgorithmParameters algParams = helper.createAlgorithmParameters(oid);
algParams.init(scheme.getParameters().toASN1Primitive().getEncoded());
cipher.init(Cipher.DECRYPT_MODE, key, algParams);
} else if (PEMUtilities.isPKCS12(algorithm.getAlgorithm())) {
PKCS12PBEParams params = PKCS12PBEParams.getInstance(algorithm.getParameters());
cipher = helper.createCipher(algorithm.getAlgorithm().getId());
cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, params.getIV(), params.getIterations().intValue()));
} else if (PEMUtilities.isPKCS5Scheme1(algorithm.getAlgorithm())) {
PBEParameter params = PBEParameter.getInstance(algorithm.getParameters());
cipher = helper.createCipher(algorithm.getAlgorithm().getId());
cipher.init(Cipher.DECRYPT_MODE, new PBKDF1KeyWithParameters(password, new CharToByteConverter() {
public String getType() {
return "ASCII";
}
public byte[] convert(char[] password) {
// just drop hi-order byte.
return Strings.toByteArray(password);
}
}, params.getSalt(), params.getIterationCount().intValue()));
} else {
throw new PEMException("Unknown algorithm: " + algorithm.getAlgorithm());
}
return new InputDecryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algorithm;
}
public InputStream getInputStream(InputStream encIn) {
return new CipherInputStream(encIn, cipher);
}
};
} catch (IOException e) {
throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
}
}
};
}
Aggregations