Example 1 with GenericKey
use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.
the class PKMACBuilder method genCalculator.
private MacCalculator genCalculator(final PBMParameter params, char[] password) throws CRMFException {
// From RFC 4211
//
// 1. Generate a random salt value S
//
// 2. Append the salt to the pw. K = pw || salt.
//
// 3. Hash the value of K. K = HASH(K)
//
// 4. Iter = Iter - 1. If Iter is greater than zero. Goto step 3.
//
// 5. Compute an HMAC as documented in [HMAC].
//
// MAC = HASH( K XOR opad, HASH( K XOR ipad, data) )
//
// Where opad and ipad are defined in [HMAC].
byte[] pw = Strings.toUTF8ByteArray(password);
byte[] salt = params.getSalt().getOctets();
byte[] K = new byte[pw.length + salt.length];
System.arraycopy(pw, 0, K, 0, pw.length);
System.arraycopy(salt, 0, K, pw.length, salt.length);
calculator.setup(params.getOwf(), params.getMac());
int iter = params.getIterationCount().intValueExact();
do {
K = calculator.calculateDigest(K);
} while (--iter > 0);
final byte[] key = K;
return new MacCalculator() {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(CMPObjectIdentifiers.passwordBasedMac, params);
}
public GenericKey getKey() {
return new GenericKey(getAlgorithmIdentifier(), key);
}
public OutputStream getOutputStream() {
return bOut;
}
public byte[] getMac() {
try {
return calculator.calculateMac(key, bOut.toByteArray());
} catch (CRMFException e) {
throw new RuntimeOperatorException("exception calculating mac: " + e.getMessage(), e);
}
}
};
}
Also used :
RuntimeOperatorException(com.github.zhenwei.pkix.operator.RuntimeOperatorException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 2 with GenericKey
use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.
the class JcePKCS12MacCalculatorBuilder method build.
public MacCalculator build(final char[] password) throws OperatorCreationException {
if (random == null) {
random = new SecureRandom();
}
try {
final Mac mac = helper.createMac(algorithm.getId());
saltLength = mac.getMacLength();
final byte[] salt = new byte[saltLength];
random.nextBytes(salt);
PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
final SecretKey key = new PKCS12Key(password);
mac.init(key, defParams);
return new MacCalculator() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
}
public OutputStream getOutputStream() {
return new MacOutputStream(mac);
}
public byte[] getMac() {
return mac.doFinal();
}
public GenericKey getKey() {
return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
}
};
} catch (Exception e) {
throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
}
}
Also used :
SecureRandom(java.security.SecureRandom)
MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream)
Mac(javax.crypto.Mac)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 3 with GenericKey
use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.
the class PKCS12PBEUtils method createMacCalculator.
static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password) {
PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);
pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());
final KeyParameter keyParam = (KeyParameter) pGen.generateDerivedMacParameters(digest.getDigestSize() * 8);
final HMac hMac = new HMac(digest);
hMac.init(keyParam);
return new MacCalculator() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(digestAlgorithm, pbeParams);
}
public OutputStream getOutputStream() {
return new MacOutputStream(hMac);
}
public byte[] getMac() {
byte[] res = new byte[hMac.getMacSize()];
hMac.doFinal(res, 0);
return res;
}
public GenericKey getKey() {
return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
}
};
}
Also used :
PKCS12ParametersGenerator(com.github.zhenwei.core.crypto.generators.PKCS12ParametersGenerator)
HMac(com.github.zhenwei.core.crypto.macs.HMac)
KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter)
MacOutputStream(com.github.zhenwei.core.crypto.io.MacOutputStream)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 4 with GenericKey
use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.
the class JcePKCS12MacCalculatorBuilderProvider method get.
public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier) {
return new PKCS12MacCalculatorBuilder() {
public MacCalculator build(final char[] password) throws OperatorCreationException {
final PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
try {
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
final Mac mac = helper.createMac(algorithm.getId());
PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
final SecretKey key = new PKCS12Key(password);
mac.init(key, defParams);
return new MacCalculator() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(algorithm, pbeParams);
}
public OutputStream getOutputStream() {
return new MacOutputStream(mac);
}
public byte[] getMac() {
return mac.doFinal();
}
public GenericKey getKey() {
return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
}
};
} catch (Exception e) {
throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
}
}
public AlgorithmIdentifier getDigestAlgorithmIdentifier() {
return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
}
};
}
Also used :
MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream)
Mac(javax.crypto.Mac)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
PKCS12MacCalculatorBuilder(com.github.zhenwei.pkix.pkcs.PKCS12MacCalculatorBuilder)
PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 5 with GenericKey
use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.
the class JceAsymmetricKeyUnwrapper method generateUnwrappedKey.
public GenericKey generateUnwrappedKey(AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedKey) throws OperatorException {
try {
Key sKey = null;
Cipher keyCipher = helper.createAsymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm(), extraMappings);
AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
try {
if (algParams != null) {
keyCipher.init(Cipher.UNWRAP_MODE, privKey, algParams);
} else {
keyCipher.init(Cipher.UNWRAP_MODE, privKey);
}
sKey = keyCipher.unwrap(encryptedKey, helper.getKeyAlgorithmName(encryptedKeyAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
// check key will work with a software provider.
if (unwrappedKeyMustBeEncodable) {
try {
byte[] keyBytes = sKey.getEncoded();
if (keyBytes == null || keyBytes.length == 0) {
sKey = null;
}
} catch (Exception e) {
// try doing a decrypt
sKey = null;
}
}
} catch (GeneralSecurityException e) {
// try decrypt
} catch (IllegalStateException e) {
// try decrypt
} catch (UnsupportedOperationException e) {
// try decrypt
} catch (ProviderException e) {
// try decrypt
}
// some providers do not support UNWRAP (this appears to be only for asymmetric algorithms)
if (sKey == null) {
keyCipher.init(Cipher.DECRYPT_MODE, privKey);
sKey = new SecretKeySpec(keyCipher.doFinal(encryptedKey), encryptedKeyAlgorithm.getAlgorithm().getId());
}
return new JceGenericKey(encryptedKeyAlgorithm, sKey);
} catch (InvalidKeyException e) {
throw new OperatorException("key invalid: " + e.getMessage(), e);
} catch (IllegalBlockSizeException e) {
throw new OperatorException("illegal blocksize: " + e.getMessage(), e);
} catch (BadPaddingException e) {
throw new OperatorException("bad padding: " + e.getMessage(), e);
}
}
Also used :
ProviderException(java.security.ProviderException)
GeneralSecurityException(java.security.GeneralSecurityException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeyException(java.security.InvalidKeyException)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
ProviderException(java.security.ProviderException)
BadPaddingException(javax.crypto.BadPaddingException)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidKeyException(java.security.InvalidKeyException)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Cipher(javax.crypto.Cipher)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
GenericKey (com.github.zhenwei.pkix.operator.GenericKey)20
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)14
MacCalculator (com.github.zhenwei.pkix.operator.MacCalculator)9
OutputStream (java.io.OutputStream)9
Key (java.security.Key)9
MacOutputStream (com.github.zhenwei.provider.jcajce.io.MacOutputStream)7
Mac (javax.crypto.Mac)7
PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)5
RecipientOperator (com.github.zhenwei.pkix.cms.RecipientOperator)5
JceGenericKey (com.github.zhenwei.pkix.operator.jcajce.JceGenericKey)5
PrivateKey (java.security.PrivateKey)5
Cipher (javax.crypto.Cipher)5
SecretKey (javax.crypto.SecretKey)4
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)3
OperatorException (com.github.zhenwei.pkix.operator.OperatorException)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
SecureRandom (java.security.SecureRandom)3
Iterator (java.util.Iterator)3
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)2
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)2
