Search in sources :

Example 1 with GenericKey

use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.

the class PKMACBuilder method genCalculator.

private MacCalculator genCalculator(final PBMParameter params, char[] password) throws CRMFException {
    // From RFC 4211
    // 
    // 1.  Generate a random salt value S
    // 
    // 2.  Append the salt to the pw.  K = pw || salt.
    // 
    // 3.  Hash the value of K.  K = HASH(K)
    // 
    // 4.  Iter = Iter - 1.  If Iter is greater than zero.  Goto step 3.
    // 
    // 5.  Compute an HMAC as documented in [HMAC].
    // 
    // MAC = HASH( K XOR opad, HASH( K XOR ipad, data) )
    // 
    // Where opad and ipad are defined in [HMAC].
    byte[] pw = Strings.toUTF8ByteArray(password);
    byte[] salt = params.getSalt().getOctets();
    byte[] K = new byte[pw.length + salt.length];
    System.arraycopy(pw, 0, K, 0, pw.length);
    System.arraycopy(salt, 0, K, pw.length, salt.length);
    calculator.setup(params.getOwf(), params.getMac());
    int iter = params.getIterationCount().intValueExact();
    do {
        K = calculator.calculateDigest(K);
    } while (--iter > 0);
    final byte[] key = K;
    return new MacCalculator() {

        ByteArrayOutputStream bOut = new ByteArrayOutputStream();

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return new AlgorithmIdentifier(CMPObjectIdentifiers.passwordBasedMac, params);
        }

        public GenericKey getKey() {
            return new GenericKey(getAlgorithmIdentifier(), key);
        }

        public OutputStream getOutputStream() {
            return bOut;
        }

        public byte[] getMac() {
            try {
                return calculator.calculateMac(key, bOut.toByteArray());
            } catch (CRMFException e) {
                throw new RuntimeOperatorException("exception calculating mac: " + e.getMessage(), e);
            }
        }
    };
}
Also used : RuntimeOperatorException(com.github.zhenwei.pkix.operator.RuntimeOperatorException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 2 with GenericKey

use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.

the class JcePKCS12MacCalculatorBuilder method build.

public MacCalculator build(final char[] password) throws OperatorCreationException {
    if (random == null) {
        random = new SecureRandom();
    }
    try {
        final Mac mac = helper.createMac(algorithm.getId());
        saltLength = mac.getMacLength();
        final byte[] salt = new byte[saltLength];
        random.nextBytes(salt);
        PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
        final SecretKey key = new PKCS12Key(password);
        mac.init(key, defParams);
        return new MacCalculator() {

            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
            }

            public OutputStream getOutputStream() {
                return new MacOutputStream(mac);
            }

            public byte[] getMac() {
                return mac.doFinal();
            }

            public GenericKey getKey() {
                return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
            }
        };
    } catch (Exception e) {
        throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
    }
}
Also used : SecureRandom(java.security.SecureRandom) MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream) Mac(javax.crypto.Mac) MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 3 with GenericKey

use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.

the class PKCS12PBEUtils method createMacCalculator.

static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password) {
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);
    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());
    final KeyParameter keyParam = (KeyParameter) pGen.generateDerivedMacParameters(digest.getDigestSize() * 8);
    final HMac hMac = new HMac(digest);
    hMac.init(keyParam);
    return new MacCalculator() {

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return new AlgorithmIdentifier(digestAlgorithm, pbeParams);
        }

        public OutputStream getOutputStream() {
            return new MacOutputStream(hMac);
        }

        public byte[] getMac() {
            byte[] res = new byte[hMac.getMacSize()];
            hMac.doFinal(res, 0);
            return res;
        }

        public GenericKey getKey() {
            return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}
Also used : PKCS12ParametersGenerator(com.github.zhenwei.core.crypto.generators.PKCS12ParametersGenerator) HMac(com.github.zhenwei.core.crypto.macs.HMac) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) MacOutputStream(com.github.zhenwei.core.crypto.io.MacOutputStream) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 4 with GenericKey

use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.

the class JcePKCS12MacCalculatorBuilderProvider method get.

public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier) {
    return new PKCS12MacCalculatorBuilder() {

        public MacCalculator build(final char[] password) throws OperatorCreationException {
            final PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
            try {
                final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
                final Mac mac = helper.createMac(algorithm.getId());
                PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
                final SecretKey key = new PKCS12Key(password);
                mac.init(key, defParams);
                return new MacCalculator() {

                    public AlgorithmIdentifier getAlgorithmIdentifier() {
                        return new AlgorithmIdentifier(algorithm, pbeParams);
                    }

                    public OutputStream getOutputStream() {
                        return new MacOutputStream(mac);
                    }

                    public byte[] getMac() {
                        return mac.doFinal();
                    }

                    public GenericKey getKey() {
                        return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
                    }
                };
            } catch (Exception e) {
                throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
            }
        }

        public AlgorithmIdentifier getDigestAlgorithmIdentifier() {
            return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
        }
    };
}
Also used : MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream) Mac(javax.crypto.Mac) MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) PKCS12MacCalculatorBuilder(com.github.zhenwei.pkix.pkcs.PKCS12MacCalculatorBuilder) PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 5 with GenericKey

use of com.github.zhenwei.pkix.operator.GenericKey in project LinLong-Java by zhenwei1108.

the class JceAsymmetricKeyUnwrapper method generateUnwrappedKey.

public GenericKey generateUnwrappedKey(AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedKey) throws OperatorException {
    try {
        Key sKey = null;
        Cipher keyCipher = helper.createAsymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm(), extraMappings);
        AlgorithmParameters algParams = helper.createAlgorithmParameters(this.getAlgorithmIdentifier());
        try {
            if (algParams != null) {
                keyCipher.init(Cipher.UNWRAP_MODE, privKey, algParams);
            } else {
                keyCipher.init(Cipher.UNWRAP_MODE, privKey);
            }
            sKey = keyCipher.unwrap(encryptedKey, helper.getKeyAlgorithmName(encryptedKeyAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
            // check key will work with a software provider.
            if (unwrappedKeyMustBeEncodable) {
                try {
                    byte[] keyBytes = sKey.getEncoded();
                    if (keyBytes == null || keyBytes.length == 0) {
                        sKey = null;
                    }
                } catch (Exception e) {
                    // try doing a decrypt
                    sKey = null;
                }
            }
        } catch (GeneralSecurityException e) {
        // try decrypt
        } catch (IllegalStateException e) {
        // try decrypt
        } catch (UnsupportedOperationException e) {
        // try decrypt
        } catch (ProviderException e) {
        // try decrypt
        }
        // some providers do not support UNWRAP (this appears to be only for asymmetric algorithms)
        if (sKey == null) {
            keyCipher.init(Cipher.DECRYPT_MODE, privKey);
            sKey = new SecretKeySpec(keyCipher.doFinal(encryptedKey), encryptedKeyAlgorithm.getAlgorithm().getId());
        }
        return new JceGenericKey(encryptedKeyAlgorithm, sKey);
    } catch (InvalidKeyException e) {
        throw new OperatorException("key invalid: " + e.getMessage(), e);
    } catch (IllegalBlockSizeException e) {
        throw new OperatorException("illegal blocksize: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new OperatorException("bad padding: " + e.getMessage(), e);
    }
}
Also used : ProviderException(java.security.ProviderException) GeneralSecurityException(java.security.GeneralSecurityException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeyException(java.security.InvalidKeyException) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) ProviderException(java.security.ProviderException) BadPaddingException(javax.crypto.BadPaddingException) GeneralSecurityException(java.security.GeneralSecurityException) InvalidKeyException(java.security.InvalidKeyException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) Key(java.security.Key) PrivateKey(java.security.PrivateKey) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

GenericKey (com.github.zhenwei.pkix.operator.GenericKey)20 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)14 MacCalculator (com.github.zhenwei.pkix.operator.MacCalculator)9 OutputStream (java.io.OutputStream)9 Key (java.security.Key)9 MacOutputStream (com.github.zhenwei.provider.jcajce.io.MacOutputStream)7 Mac (javax.crypto.Mac)7 PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)5 RecipientOperator (com.github.zhenwei.pkix.cms.RecipientOperator)5 JceGenericKey (com.github.zhenwei.pkix.operator.jcajce.JceGenericKey)5 PrivateKey (java.security.PrivateKey)5 Cipher (javax.crypto.Cipher)5 SecretKey (javax.crypto.SecretKey)4 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)3 OperatorException (com.github.zhenwei.pkix.operator.OperatorException)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 SecureRandom (java.security.SecureRandom)3 Iterator (java.util.Iterator)3 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)2 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)2