Search in sources :

Example 1 with PKCS12Key

use of com.github.zhenwei.provider.jcajce.PKCS12Key in project LinLong-Java by zhenwei1108.

the class PKCS12KeyStoreSpi method calculatePbeMac.

private byte[] calculatePbeMac(ASN1ObjectIdentifier oid, byte[] salt, int itCount, char[] password, boolean wrongPkcs12Zero, byte[] data) throws Exception {
    PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
    Mac mac = helper.createMac(oid.getId());
    mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams);
    mac.update(data);
    return mac.doFinal();
}
Also used : PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) Mac(javax.crypto.Mac)

Example 2 with PKCS12Key

use of com.github.zhenwei.provider.jcajce.PKCS12Key in project LinLong-Java by zhenwei1108.

the class PKCS12KeyStoreSpi method cryptData.

protected byte[] cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException {
    ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
    int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
    if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
        PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
        try {
            PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
            PKCS12Key key = new PKCS12Key(password, wrongPKCS12Zero);
            Cipher cipher = helper.createCipher(algorithm.getId());
            cipher.init(mode, key, defParams);
            return cipher.doFinal(data);
        } catch (Exception e) {
            throw new IOException("exception decrypting data - " + e.toString());
        }
    } else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
        try {
            Cipher cipher = createCipher(mode, password, algId);
            return cipher.doFinal(data);
        } catch (Exception e) {
            throw new IOException("exception decrypting data - " + e.toString());
        }
    } else {
        throw new IOException("unknown PBE algorithm: " + algorithm);
    }
}
Also used : PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key) Cipher(javax.crypto.Cipher) IOException(java.io.IOException) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) EOFException(java.io.EOFException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 3 with PKCS12Key

use of com.github.zhenwei.provider.jcajce.PKCS12Key in project LinLong-Java by zhenwei1108.

the class BaseMac method engineInit.

protected void engineInit(Key key, final AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException {
    CipherParameters param;
    if (key == null) {
        throw new InvalidKeyException("key is null");
    }
    if (key instanceof PKCS12Key) {
        SecretKey k;
        PBEParameterSpec pbeSpec;
        try {
            k = (SecretKey) key;
        } catch (Exception e) {
            throw new InvalidKeyException("PKCS12 requires a SecretKey/PBEKey");
        }
        try {
            pbeSpec = (PBEParameterSpec) params;
        } catch (Exception e) {
            throw new InvalidAlgorithmParameterException("PKCS12 requires a PBEParameterSpec");
        }
        if (k instanceof PBEKey && pbeSpec == null) {
            pbeSpec = new PBEParameterSpec(((PBEKey) k).getSalt(), ((PBEKey) k).getIterationCount());
        }
        int digest = SHA1;
        int keySize = 160;
        if (macEngine.getAlgorithmName().startsWith("GOST")) {
            digest = GOST3411;
            keySize = 256;
        } else if (macEngine instanceof HMac) {
            if (!macEngine.getAlgorithmName().startsWith("SHA-1")) {
                if (macEngine.getAlgorithmName().startsWith("SHA-224")) {
                    digest = SHA224;
                    keySize = 224;
                } else if (macEngine.getAlgorithmName().startsWith("SHA-256")) {
                    digest = SHA256;
                    keySize = 256;
                } else if (macEngine.getAlgorithmName().startsWith("SHA-384")) {
                    digest = SHA384;
                    keySize = 384;
                } else if (macEngine.getAlgorithmName().startsWith("SHA-512")) {
                    digest = SHA512;
                    keySize = 512;
                } else if (macEngine.getAlgorithmName().startsWith("RIPEMD160")) {
                    digest = RIPEMD160;
                    keySize = 160;
                } else {
                    throw new InvalidAlgorithmParameterException("no PKCS12 mapping for HMAC: " + macEngine.getAlgorithmName());
                }
            }
        }
        // TODO: add correct handling for other digests
        param = Util.makePBEMacParameters(k, PKCS12, digest, keySize, pbeSpec);
    } else if (key instanceof BCPBEKey) {
        BCPBEKey k = (BCPBEKey) key;
        if (k.getParam() != null) {
            param = k.getParam();
        } else if (params instanceof PBEParameterSpec) {
            param = Util.makePBEMacParameters(k, params);
        } else {
            throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
        }
    } else {
        if (params instanceof PBEParameterSpec) {
            throw new InvalidAlgorithmParameterException("inappropriate parameter type: " + params.getClass().getName());
        }
        param = new KeyParameter(key.getEncoded());
    }
    final KeyParameter keyParam;
    if (param instanceof ParametersWithIV) {
        keyParam = (KeyParameter) ((ParametersWithIV) param).getParameters();
    } else {
        keyParam = (KeyParameter) param;
    }
    if (params instanceof AEADParameterSpec) {
        AEADParameterSpec aeadSpec = (AEADParameterSpec) params;
        param = new AEADParameters(keyParam, aeadSpec.getMacSizeInBits(), aeadSpec.getNonce(), aeadSpec.getAssociatedData());
    } else if (params instanceof IvParameterSpec) {
        param = new ParametersWithIV(keyParam, ((IvParameterSpec) params).getIV());
    } else if (params instanceof RC2ParameterSpec) {
        param = new ParametersWithIV(new RC2Parameters(keyParam.getKey(), ((RC2ParameterSpec) params).getEffectiveKeyBits()), ((RC2ParameterSpec) params).getIV());
    } else if (params instanceof SkeinParameterSpec) {
        param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec) params).getParameters())).setKey(keyParam.getKey()).build();
    } else if (params == null) {
        param = new KeyParameter(key.getEncoded());
    } else if (gcmSpecClass != null && gcmSpecClass.isAssignableFrom(params.getClass())) {
        param = GcmSpecUtil.extractAeadParameters(keyParam, params);
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException("unknown parameter type: " + params.getClass().getName());
    }
    try {
        macEngine.init(param);
    } catch (Exception e) {
        throw new InvalidAlgorithmParameterException("cannot initialize MAC: " + e.getMessage());
    }
}
Also used : RC2Parameters(com.github.zhenwei.core.crypto.params.RC2Parameters) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) HMac(com.github.zhenwei.core.crypto.macs.HMac) KeyParameter(com.github.zhenwei.core.crypto.params.KeyParameter) PBEKey(javax.crypto.interfaces.PBEKey) InvalidKeyException(java.security.InvalidKeyException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) InvalidKeyException(java.security.InvalidKeyException) AEADParameterSpec(com.github.zhenwei.provider.jcajce.spec.AEADParameterSpec) CipherParameters(com.github.zhenwei.core.crypto.CipherParameters) ParametersWithIV(com.github.zhenwei.core.crypto.params.ParametersWithIV) SecretKey(javax.crypto.SecretKey) AEADParameters(com.github.zhenwei.core.crypto.params.AEADParameters) SkeinParameterSpec(com.github.zhenwei.provider.jcajce.spec.SkeinParameterSpec) IvParameterSpec(javax.crypto.spec.IvParameterSpec) PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key) RC2ParameterSpec(javax.crypto.spec.RC2ParameterSpec) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 4 with PKCS12Key

use of com.github.zhenwei.provider.jcajce.PKCS12Key in project LinLong-Java by zhenwei1108.

the class JcePKCS12MacCalculatorBuilder method build.

public MacCalculator build(final char[] password) throws OperatorCreationException {
    if (random == null) {
        random = new SecureRandom();
    }
    try {
        final Mac mac = helper.createMac(algorithm.getId());
        saltLength = mac.getMacLength();
        final byte[] salt = new byte[saltLength];
        random.nextBytes(salt);
        PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);
        final SecretKey key = new PKCS12Key(password);
        mac.init(key, defParams);
        return new MacCalculator() {

            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
            }

            public OutputStream getOutputStream() {
                return new MacOutputStream(mac);
            }

            public byte[] getMac() {
                return mac.doFinal();
            }

            public GenericKey getKey() {
                return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
            }
        };
    } catch (Exception e) {
        throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
    }
}
Also used : SecureRandom(java.security.SecureRandom) MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream) Mac(javax.crypto.Mac) MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 5 with PKCS12Key

use of com.github.zhenwei.provider.jcajce.PKCS12Key in project LinLong-Java by zhenwei1108.

the class JcePKCS12MacCalculatorBuilderProvider method get.

public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier) {
    return new PKCS12MacCalculatorBuilder() {

        public MacCalculator build(final char[] password) throws OperatorCreationException {
            final PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
            try {
                final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
                final Mac mac = helper.createMac(algorithm.getId());
                PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
                final SecretKey key = new PKCS12Key(password);
                mac.init(key, defParams);
                return new MacCalculator() {

                    public AlgorithmIdentifier getAlgorithmIdentifier() {
                        return new AlgorithmIdentifier(algorithm, pbeParams);
                    }

                    public OutputStream getOutputStream() {
                        return new MacOutputStream(mac);
                    }

                    public byte[] getMac() {
                        return mac.doFinal();
                    }

                    public GenericKey getKey() {
                        return new GenericKey(getAlgorithmIdentifier(), key.getEncoded());
                    }
                };
            } catch (Exception e) {
                throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e);
            }
        }

        public AlgorithmIdentifier getDigestAlgorithmIdentifier() {
            return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
        }
    };
}
Also used : MacOutputStream(com.github.zhenwei.provider.jcajce.io.MacOutputStream) Mac(javax.crypto.Mac) MacCalculator(com.github.zhenwei.pkix.operator.MacCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) PKCS12MacCalculatorBuilder(com.github.zhenwei.pkix.pkcs.PKCS12MacCalculatorBuilder) PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Aggregations

PKCS12Key (com.github.zhenwei.provider.jcajce.PKCS12Key)8 PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)8 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)5 InvalidKeyException (java.security.InvalidKeyException)5 SecretKey (javax.crypto.SecretKey)5 PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)4 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)3 CipherParameters (com.github.zhenwei.core.crypto.CipherParameters)3 KeyParameter (com.github.zhenwei.core.crypto.params.KeyParameter)3 ParametersWithIV (com.github.zhenwei.core.crypto.params.ParametersWithIV)3 SecureRandom (java.security.SecureRandom)3 Mac (javax.crypto.Mac)3 IvParameterSpec (javax.crypto.spec.IvParameterSpec)3 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2 DataLengthException (com.github.zhenwei.core.crypto.DataLengthException)2 AEADParameters (com.github.zhenwei.core.crypto.params.AEADParameters)2 RC2Parameters (com.github.zhenwei.core.crypto.params.RC2Parameters)2 GenericKey (com.github.zhenwei.pkix.operator.GenericKey)2