Example 1 with MacCalculator
use of com.github.zhenwei.pkix.operator.MacCalculator in project LinLong-Java by zhenwei1108.
the class PKMACBuilder method genCalculator.
private MacCalculator genCalculator(final PBMParameter params, char[] password) throws CRMFException {
// From RFC 4211
//
// 1. Generate a random salt value S
//
// 2. Append the salt to the pw. K = pw || salt.
//
// 3. Hash the value of K. K = HASH(K)
//
// 4. Iter = Iter - 1. If Iter is greater than zero. Goto step 3.
//
// 5. Compute an HMAC as documented in [HMAC].
//
// MAC = HASH( K XOR opad, HASH( K XOR ipad, data) )
//
// Where opad and ipad are defined in [HMAC].
byte[] pw = Strings.toUTF8ByteArray(password);
byte[] salt = params.getSalt().getOctets();
byte[] K = new byte[pw.length + salt.length];
System.arraycopy(pw, 0, K, 0, pw.length);
System.arraycopy(salt, 0, K, pw.length, salt.length);
calculator.setup(params.getOwf(), params.getMac());
int iter = params.getIterationCount().intValueExact();
do {
K = calculator.calculateDigest(K);
} while (--iter > 0);
final byte[] key = K;
return new MacCalculator() {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(CMPObjectIdentifiers.passwordBasedMac, params);
}
public GenericKey getKey() {
return new GenericKey(getAlgorithmIdentifier(), key);
}
public OutputStream getOutputStream() {
return bOut;
}
public byte[] getMac() {
try {
return calculator.calculateMac(key, bOut.toByteArray());
} catch (CRMFException e) {
throw new RuntimeOperatorException("exception calculating mac: " + e.getMessage(), e);
}
}
};
}
Also used :
RuntimeOperatorException(com.github.zhenwei.pkix.operator.RuntimeOperatorException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 2 with MacCalculator
use of com.github.zhenwei.pkix.operator.MacCalculator in project LinLong-Java by zhenwei1108.
the class PKMACValueVerifier method isValid.
public boolean isValid(PKMACValue value, char[] password, SubjectPublicKeyInfo keyInfo) throws CRMFException {
builder.setParameters(PBMParameter.getInstance(value.getAlgId().getParameters()));
MacCalculator calculator = builder.build(password);
OutputStream macOut = calculator.getOutputStream();
try {
macOut.write(keyInfo.getEncoded(ASN1Encoding.DER));
macOut.close();
} catch (IOException e) {
throw new CRMFException("exception encoding mac input: " + e.getMessage(), e);
}
return Arrays.constantTimeAreEqual(calculator.getMac(), value.getValue().getBytes());
}
Also used :
OutputStream(java.io.OutputStream)
IOException(java.io.IOException)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
Example 3 with MacCalculator
use of com.github.zhenwei.pkix.operator.MacCalculator in project LinLong-Java by zhenwei1108.
the class PKMACValueGenerator method generate.
public PKMACValue generate(char[] password, SubjectPublicKeyInfo keyInfo) throws CRMFException {
MacCalculator calculator = builder.build(password);
OutputStream macOut = calculator.getOutputStream();
try {
macOut.write(keyInfo.getEncoded(ASN1Encoding.DER));
macOut.close();
} catch (IOException e) {
throw new CRMFException("exception encoding mac input: " + e.getMessage(), e);
}
return new PKMACValue(calculator.getAlgorithmIdentifier(), new DERBitString(calculator.getMac()));
}
Also used :
PKMACValue(com.github.zhenwei.pkix.util.asn1.crmf.PKMACValue)
OutputStream(java.io.OutputStream)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
IOException(java.io.IOException)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
Example 4 with MacCalculator
use of com.github.zhenwei.pkix.operator.MacCalculator in project LinLong-Java by zhenwei1108.
the class ProtectedPKIMessage method verify.
/**
* Verify a message with password based MAC protection.
*
* @param pkMacBuilder MAC builder that can be used to construct the appropriate MacCalculator
* @param password the MAC password
* @return true if the passed in password and MAC builder verify the message, false otherwise.
* @throws CMPException if algorithm not MAC based, or an exception is thrown verifying the MAC.
*/
public boolean verify(PKMACBuilder pkMacBuilder, char[] password) throws CMPException {
if (!CMPObjectIdentifiers.passwordBasedMac.equals(pkiMessage.getHeader().getProtectionAlg().getAlgorithm())) {
throw new CMPException("protection algorithm not mac based");
}
try {
pkMacBuilder.setParameters(PBMParameter.getInstance(pkiMessage.getHeader().getProtectionAlg().getParameters()));
MacCalculator calculator = pkMacBuilder.build(password);
OutputStream macOut = calculator.getOutputStream();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(pkiMessage.getHeader());
v.add(pkiMessage.getBody());
macOut.write(new DERSequence(v).getEncoded(ASN1Encoding.DER));
macOut.close();
return Arrays.areEqual(calculator.getMac(), pkiMessage.getProtection().getBytes());
} catch (Exception e) {
throw new CMPException("unable to verify MAC: " + e.getMessage(), e);
}
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
OutputStream(java.io.OutputStream)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
IOException(java.io.IOException)
Example 5 with MacCalculator
use of com.github.zhenwei.pkix.operator.MacCalculator in project LinLong-Java by zhenwei1108.
the class JcePKCS12MacCalculatorBuilder method build.
public MacCalculator build(final char[] password) throws OperatorCreationException {
if (random == null) {
random = new SecureRandom();
}
try {
final Mac mac = helper.createMac(algorithm.getId());
saltLength = mac.getMacLength();
final byte[] salt = new byte[saltLength];
random.nextBytes(salt);
PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
final SecretKey key = new PKCS12Key(password);
mac.init(key, defParams);
return new MacCalculator() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
}
public OutputStream getOutputStream() {
return new MacOutputStream(mac);
}
public byte[] getMac() {
return mac.doFinal();
}
public GenericKey getKey() {
return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
}
};
} catch (Exception e) {
throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
}
}
Also used :
SecureRandom(java.security.SecureRandom)
MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream)
Mac(javax.crypto.Mac)
MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Aggregations
MacCalculator (com.github.zhenwei.pkix.operator.MacCalculator)13
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)10
GenericKey (com.github.zhenwei.pkix.operator.GenericKey)9
OutputStream (java.io.OutputStream)9
MacOutputStream (com.github.zhenwei.provider.jcajce.io.MacOutputStream)7
Mac (javax.crypto.Mac)7
RecipientOperator (com.github.zhenwei.pkix.cms.RecipientOperator)5
JceGenericKey (com.github.zhenwei.pkix.operator.jcajce.JceGenericKey)5
Key (java.security.Key)5
PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)3
IOException (java.io.IOException)3
PrivateKey (java.security.PrivateKey)3
SecretKey (javax.crypto.SecretKey)3
OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)2
PKCS12Key (com.github.zhenwei.provider.jcajce.PKCS12Key)2
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)2
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)1
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1
DERBitString (com.github.zhenwei.core.asn1.DERBitString)1
DERSequence (com.github.zhenwei.core.asn1.DERSequence)1
