Search in sources :

Example 1 with InputDecryptorProvider

use of com.github.zhenwei.pkix.operator.InputDecryptorProvider in project LinLong-Java by zhenwei1108.

the class JceInputDecryptorProviderBuilder method build.

/**
 * Build a decryptor provider which will use the passed in bytes for the symmetric key.
 *
 * @param keyBytes bytes representing the key to use.
 * @return an decryptor provider.
 */
public InputDecryptorProvider build(byte[] keyBytes) {
    final byte[] encKeyBytes = Arrays.clone(keyBytes);
    return new InputDecryptorProvider() {

        private Cipher cipher;

        private AlgorithmIdentifier encryptionAlg;

        public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) throws OperatorCreationException {
            encryptionAlg = algorithmIdentifier;
            ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
            try {
                cipher = helper.createCipher(algorithm.getId());
                SecretKey key = new SecretKeySpec(encKeyBytes, algorithm.getId());
                ASN1Encodable encParams = algorithmIdentifier.getParameters();
                if (encParams instanceof ASN1OctetString) {
                    cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
                } else {
                    // TODO: at the moment it's just GOST, but...
                    GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
                    cipher.init(Cipher.DECRYPT_MODE, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
                }
            } catch (Exception e) {
                throw new OperatorCreationException("unable to create InputDecryptor: " + e.getMessage(), e);
            }
            return new InputDecryptor() {

                public AlgorithmIdentifier getAlgorithmIdentifier() {
                    return encryptionAlg;
                }

                public InputStream getInputStream(InputStream input) {
                    return new CipherInputStream(input, cipher);
                }
            };
        }
    };
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) GOST28147Parameters(com.github.zhenwei.core.asn1.cryptopro.GOST28147Parameters) InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) InputStream(java.io.InputStream) GOST28147ParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147ParameterSpec) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider) SecretKeySpec(javax.crypto.spec.SecretKeySpec) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)

Example 2 with InputDecryptorProvider

use of com.github.zhenwei.pkix.operator.InputDecryptorProvider in project LinLong-Java by zhenwei1108.

the class JcePKCSPBEInputDecryptorProviderBuilder method build.

public InputDecryptorProvider build(final char[] password) {
    return new InputDecryptorProvider() {

        private Cipher cipher;

        private AlgorithmIdentifier encryptionAlg;

        public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) throws OperatorCreationException {
            SecretKey key;
            ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
            try {
                if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
                    PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
                    cipher = helper.createCipher(algorithm.getId());
                    cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, wrongPKCS12Zero, pbeParams.getIV(), pbeParams.getIterations().intValue()));
                    encryptionAlg = algorithmIdentifier;
                } else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
                    PBES2Parameters alg = PBES2Parameters.getInstance(algorithmIdentifier.getParameters());
                    if (MiscObjectIdentifiers.id_scrypt.equals(alg.getKeyDerivationFunc().getAlgorithm())) {
                        ScryptParams params = ScryptParams.getInstance(alg.getKeyDerivationFunc().getParameters());
                        AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
                        SecretKeyFactory keyFact = helper.createSecretKeyFactory("SCRYPT");
                        key = keyFact.generateSecret(new ScryptKeySpec(password, params.getSalt(), params.getCostParameter().intValue(), params.getBlockSize().intValue(), params.getParallelizationParameter().intValue(), keySizeProvider.getKeySize(encScheme)));
                    } else {
                        SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
                        PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
                        AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
                        if (func.isDefaultPrf()) {
                            key = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme)));
                        } else {
                            key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme), func.getPrf()));
                        }
                    }
                    cipher = helper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId());
                    encryptionAlg = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
                    ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
                    if (encParams instanceof ASN1OctetString) {
                        cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
                    } else if (encParams instanceof ASN1Sequence && isCCMorGCM(alg.getEncryptionScheme())) {
                        AlgorithmParameters params = AlgorithmParameters.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
                        params.init(((ASN1Sequence) encParams).getEncoded());
                        cipher.init(Cipher.DECRYPT_MODE, key, params);
                    } else if (// absent parameters
                    encParams == null) {
                        cipher.init(Cipher.DECRYPT_MODE, key);
                    } else {
                        // TODO: at the moment it's just GOST, but...
                        GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
                        cipher.init(Cipher.DECRYPT_MODE, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
                    }
                } else if (algorithm.equals(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC) || algorithm.equals(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC)) {
                    PBEParameter pbeParams = PBEParameter.getInstance(algorithmIdentifier.getParameters());
                    cipher = helper.createCipher(algorithm.getId());
                    cipher.init(Cipher.DECRYPT_MODE, new PBKDF1Key(password, PasswordConverter.ASCII), new PBEParameterSpec(pbeParams.getSalt(), pbeParams.getIterationCount().intValue()));
                } else {
                    throw new OperatorCreationException("unable to create InputDecryptor: algorithm " + algorithm + " unknown.");
                }
            } catch (Exception e) {
                throw new OperatorCreationException("unable to create InputDecryptor: " + e.getMessage(), e);
            }
            return new InputDecryptor() {

                public AlgorithmIdentifier getAlgorithmIdentifier() {
                    return encryptionAlg;
                }

                public InputStream getInputStream(InputStream input) {
                    return new CipherInputStream(input, cipher);
                }
            };
        }
    };
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) PBEKeySpec(javax.crypto.spec.PBEKeySpec) GOST28147Parameters(com.github.zhenwei.core.asn1.cryptopro.GOST28147Parameters) GOST28147ParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST28147ParameterSpec) PBKDF2KeySpec(com.github.zhenwei.provider.jcajce.spec.PBKDF2KeySpec) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) PBKDF1Key(com.github.zhenwei.provider.jcajce.PBKDF1Key) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) ScryptParams(com.github.zhenwei.core.asn1.misc.ScryptParams) SecretKeyFactory(javax.crypto.SecretKeyFactory) PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) PBEParameter(com.github.zhenwei.core.asn1.pkcs.PBEParameter) PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) InputStream(java.io.InputStream) ScryptKeySpec(com.github.zhenwei.provider.jcajce.spec.ScryptKeySpec) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) SecretKey(javax.crypto.SecretKey) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) AlgorithmParameters(java.security.AlgorithmParameters)

Example 3 with InputDecryptorProvider

use of com.github.zhenwei.pkix.operator.InputDecryptorProvider in project LinLong-Java by zhenwei1108.

the class BcPKCS12PBEInputDecryptorProviderBuilder method build.

public InputDecryptorProvider build(final char[] password) {
    return new InputDecryptorProvider() {

        public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) {
            final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm());
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
            CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password);
            engine.init(false, params);
            return new InputDecryptor() {

                public AlgorithmIdentifier getAlgorithmIdentifier() {
                    return algorithmIdentifier;
                }

                public InputStream getInputStream(InputStream input) {
                    return new CipherInputStream(input, engine);
                }

                public GenericKey getKey() {
                    return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
                }
            };
        }
    };
}
Also used : CipherParameters(com.github.zhenwei.core.crypto.CipherParameters) PaddedBufferedBlockCipher(com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher) InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider) CipherInputStream(com.github.zhenwei.core.crypto.io.CipherInputStream) InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) CipherInputStream(com.github.zhenwei.core.crypto.io.CipherInputStream) InputStream(java.io.InputStream) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 4 with InputDecryptorProvider

use of com.github.zhenwei.pkix.operator.InputDecryptorProvider in project LinLong-Java by zhenwei1108.

the class JceOpenSSLPKCS8DecryptorProviderBuilder method build.

public InputDecryptorProvider build(final char[] password) throws OperatorCreationException {
    return new InputDecryptorProvider() {

        public InputDecryptor get(final AlgorithmIdentifier algorithm) throws OperatorCreationException {
            final Cipher cipher;
            try {
                if (PEMUtilities.isPKCS5Scheme2(algorithm.getAlgorithm())) {
                    PBES2Parameters params = PBES2Parameters.getInstance(algorithm.getParameters());
                    KeyDerivationFunc func = params.getKeyDerivationFunc();
                    EncryptionScheme scheme = params.getEncryptionScheme();
                    PBKDF2Params defParams = (PBKDF2Params) func.getParameters();
                    int iterationCount = defParams.getIterationCount().intValue();
                    byte[] salt = defParams.getSalt();
                    String oid = scheme.getAlgorithm().getId();
                    SecretKey key;
                    if (PEMUtilities.isHmacSHA1(defParams.getPrf())) {
                        key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount);
                    } else {
                        key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount, defParams.getPrf());
                    }
                    cipher = helper.createCipher(oid);
                    AlgorithmParameters algParams = helper.createAlgorithmParameters(oid);
                    algParams.init(scheme.getParameters().toASN1Primitive().getEncoded());
                    cipher.init(Cipher.DECRYPT_MODE, key, algParams);
                } else if (PEMUtilities.isPKCS12(algorithm.getAlgorithm())) {
                    PKCS12PBEParams params = PKCS12PBEParams.getInstance(algorithm.getParameters());
                    cipher = helper.createCipher(algorithm.getAlgorithm().getId());
                    cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, params.getIV(), params.getIterations().intValue()));
                } else if (PEMUtilities.isPKCS5Scheme1(algorithm.getAlgorithm())) {
                    PBEParameter params = PBEParameter.getInstance(algorithm.getParameters());
                    cipher = helper.createCipher(algorithm.getAlgorithm().getId());
                    cipher.init(Cipher.DECRYPT_MODE, new PBKDF1KeyWithParameters(password, new CharToByteConverter() {

                        public String getType() {
                            return "ASCII";
                        }

                        public byte[] convert(char[] password) {
                            // just drop hi-order byte.
                            return Strings.toByteArray(password);
                        }
                    }, params.getSalt(), params.getIterationCount().intValue()));
                } else {
                    throw new PEMException("Unknown algorithm: " + algorithm.getAlgorithm());
                }
                return new InputDecryptor() {

                    public AlgorithmIdentifier getAlgorithmIdentifier() {
                        return algorithm;
                    }

                    public InputStream getInputStream(InputStream encIn) {
                        return new CipherInputStream(encIn, cipher);
                    }
                };
            } catch (IOException e) {
                throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
            } catch (GeneralSecurityException e) {
                throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
            }
        }
    };
}
Also used : PBEParameter(com.github.zhenwei.core.asn1.pkcs.PBEParameter) PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor) CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream) InputStream(java.io.InputStream) PBKDF1KeyWithParameters(com.github.zhenwei.provider.jcajce.PBKDF1KeyWithParameters) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) CharToByteConverter(com.github.zhenwei.core.crypto.CharToByteConverter) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) PEMException(com.github.zhenwei.pkix.openssl.PEMException) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) Cipher(javax.crypto.Cipher) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)4 InputDecryptor (com.github.zhenwei.pkix.operator.InputDecryptor)4 InputDecryptorProvider (com.github.zhenwei.pkix.operator.InputDecryptorProvider)4 InputStream (java.io.InputStream)4 PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)3 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)3 CipherInputStream (com.github.zhenwei.provider.jcajce.io.CipherInputStream)3 Cipher (javax.crypto.Cipher)3 SecretKey (javax.crypto.SecretKey)3 ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)2 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)2 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)2 GOST28147Parameters (com.github.zhenwei.core.asn1.cryptopro.GOST28147Parameters)2 PBEParameter (com.github.zhenwei.core.asn1.pkcs.PBEParameter)2 PBES2Parameters (com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)2 PBKDF2Params (com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)2 PKCS12KeyWithParameters (com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)2 GOST28147ParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST28147ParameterSpec)2 AlgorithmParameters (java.security.AlgorithmParameters)2 IvParameterSpec (javax.crypto.spec.IvParameterSpec)2