Search in sources :

Example 1 with CipherOutputStream

use of com.github.zhenwei.provider.jcajce.io.CipherOutputStream in project LinLong-Java by zhenwei1108.

the class JceOpenSSLPKCS8EncryptorBuilder method build.

public OutputEncryptor build() throws OperatorCreationException {
    final AlgorithmIdentifier algID;
    if (random == null) {
        random = new SecureRandom();
    }
    try {
        this.cipher = helper.createCipher(algOID.getId());
        if (PEMUtilities.isPKCS5Scheme2(algOID)) {
            this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId());
        }
    } catch (GeneralSecurityException e) {
        throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e);
    }
    if (PEMUtilities.isPKCS5Scheme2(algOID)) {
        salt = new byte[PEMUtilities.getSaltSize(prf.getAlgorithm())];
        random.nextBytes(salt);
        params = paramGen.generateParameters();
        try {
            EncryptionScheme scheme = new EncryptionScheme(algOID, ASN1Primitive.fromByteArray(params.getEncoded()));
            KeyDerivationFunc func = new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount, prf));
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(func);
            v.add(scheme);
            algID = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v)));
        } catch (IOException e) {
            throw new OperatorCreationException(e.getMessage(), e);
        }
        try {
            if (PEMUtilities.isHmacSHA1(prf)) {
                key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, algOID.getId(), password, salt, iterationCount);
            } else {
                key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, algOID.getId(), password, salt, iterationCount, prf);
            }
            cipher.init(Cipher.ENCRYPT_MODE, key, params);
        } catch (GeneralSecurityException e) {
            throw new OperatorCreationException(e.getMessage(), e);
        }
    } else if (PEMUtilities.isPKCS12(algOID)) {
        ASN1EncodableVector v = new ASN1EncodableVector();
        salt = new byte[20];
        random.nextBytes(salt);
        v.add(new DEROctetString(salt));
        v.add(new ASN1Integer(iterationCount));
        algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v)));
        try {
            cipher.init(Cipher.ENCRYPT_MODE, new PKCS12KeyWithParameters(password, salt, iterationCount));
        } catch (GeneralSecurityException e) {
            throw new OperatorCreationException(e.getMessage(), e);
        }
    } else {
        throw new OperatorCreationException("unknown algorithm: " + algOID, null);
    }
    return new OutputEncryptor() {

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return algID;
        }

        public OutputStream getOutputStream(OutputStream encOut) {
            return new CipherOutputStream(encOut, cipher);
        }

        public GenericKey getKey() {
            return new JceGenericKey(algID, key);
        }
    };
}
Also used : EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream) GeneralSecurityException(java.security.GeneralSecurityException) OutputStream(java.io.OutputStream) CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream) SecureRandom(java.security.SecureRandom) IOException(java.io.IOException) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) DERSequence(com.github.zhenwei.core.asn1.DERSequence) JceGenericKey(com.github.zhenwei.pkix.operator.jcajce.JceGenericKey) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters) OutputEncryptor(com.github.zhenwei.pkix.operator.OutputEncryptor)

Example 2 with CipherOutputStream

use of com.github.zhenwei.provider.jcajce.io.CipherOutputStream in project LinLong-Java by zhenwei1108.

the class JcePKCSPBEOutputEncryptorBuilder method build.

public OutputEncryptor build(final char[] password) throws OperatorCreationException {
    final Cipher cipher;
    SecretKey key;
    if (random == null) {
        random = new SecureRandom();
    }
    final AlgorithmIdentifier encryptionAlg;
    try {
        if (isPKCS12(algorithm)) {
            byte[] salt = new byte[20];
            random.nextBytes(salt);
            cipher = helper.createCipher(algorithm.getId());
            cipher.init(Cipher.ENCRYPT_MODE, new PKCS12KeyWithParameters(password, salt, iterationCount));
            encryptionAlg = new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount));
        } else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
            PBKDFConfig pbkDef = (pbkdf == null) ? pbkdfBuilder.build() : pbkdf;
            if (MiscObjectIdentifiers.id_scrypt.equals(pbkDef.getAlgorithm())) {
                ScryptConfig skdf = (ScryptConfig) pbkDef;
                byte[] salt = new byte[skdf.getSaltLength()];
                random.nextBytes(salt);
                ScryptParams params = new ScryptParams(salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter());
                SecretKeyFactory keyFact = helper.createSecretKeyFactory("SCRYPT");
                key = keyFact.generateSecret(new ScryptKeySpec(password, salt, skdf.getCostParameter(), skdf.getBlockSize(), skdf.getParallelizationParameter(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
                cipher = helper.createCipher(keyEncAlgorithm.getId());
                cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
                AlgorithmParameters algP = cipher.getParameters();
                PBES2Parameters algParams;
                if (algP != null) {
                    algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
                } else {
                    algParams = new PBES2Parameters(new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params), new EncryptionScheme(keyEncAlgorithm));
                }
                encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
            } else {
                PBKDF2Config pkdf = (PBKDF2Config) pbkDef;
                byte[] salt = new byte[pkdf.getSaltLength()];
                random.nextBytes(salt);
                SecretKeyFactory keyFact = helper.createSecretKeyFactory(JceUtils.getAlgorithm(pkdf.getPRF().getAlgorithm()));
                key = keyFact.generateSecret(new PBEKeySpec(password, salt, pkdf.getIterationCount(), keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm))));
                cipher = helper.createCipher(keyEncAlgorithm.getId());
                cipher.init(Cipher.ENCRYPT_MODE, simplifyPbeKey(key), random);
                AlgorithmParameters algP = cipher.getParameters();
                PBES2Parameters algParams;
                if (algP != null) {
                    algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded())));
                } else {
                    algParams = new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, pkdf.getIterationCount(), pkdf.getPRF())), new EncryptionScheme(keyEncAlgorithm));
                }
                encryptionAlg = new AlgorithmIdentifier(algorithm, algParams);
            }
        } else {
            throw new OperatorCreationException("unrecognised algorithm");
        }
        return new OutputEncryptor() {

            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return encryptionAlg;
            }

            public OutputStream getOutputStream(OutputStream out) {
                return new CipherOutputStream(out, cipher);
            }

            public GenericKey getKey() {
                if (isPKCS12(encryptionAlg.getAlgorithm())) {
                    return new GenericKey(encryptionAlg, PKCS12PasswordToBytes(password));
                } else {
                    return new GenericKey(encryptionAlg, PKCS5PasswordToBytes(password));
                }
            }
        };
    } catch (Exception e) {
        throw new OperatorCreationException("unable to create OutputEncryptor: " + e.getMessage(), e);
    }
}
Also used : PBKDF2Config(com.github.zhenwei.core.crypto.util.PBKDF2Config) PBEKeySpec(javax.crypto.spec.PBEKeySpec) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream) OutputStream(java.io.OutputStream) CipherOutputStream(com.github.zhenwei.provider.jcajce.io.CipherOutputStream) ScryptConfig(com.github.zhenwei.core.crypto.util.ScryptConfig) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) GenericKey(com.github.zhenwei.pkix.operator.GenericKey) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) ScryptParams(com.github.zhenwei.core.asn1.misc.ScryptParams) SecretKeyFactory(javax.crypto.SecretKeyFactory) PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters) PBKDFConfig(com.github.zhenwei.core.crypto.util.PBKDFConfig) PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) SecureRandom(java.security.SecureRandom) ScryptKeySpec(com.github.zhenwei.provider.jcajce.spec.ScryptKeySpec) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) SecretKey(javax.crypto.SecretKey) PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams) Cipher(javax.crypto.Cipher) OutputEncryptor(com.github.zhenwei.pkix.operator.OutputEncryptor) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

EncryptionScheme (com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)2 KeyDerivationFunc (com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc)2 PBKDF2Params (com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)2 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)2 OutputEncryptor (com.github.zhenwei.pkix.operator.OutputEncryptor)2 PKCS12KeyWithParameters (com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)2 CipherOutputStream (com.github.zhenwei.provider.jcajce.io.CipherOutputStream)2 OutputStream (java.io.OutputStream)2 SecureRandom (java.security.SecureRandom)2 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)1 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1 DERSequence (com.github.zhenwei.core.asn1.DERSequence)1 ScryptParams (com.github.zhenwei.core.asn1.misc.ScryptParams)1 PBES2Parameters (com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)1 PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)1 PBKDF2Config (com.github.zhenwei.core.crypto.util.PBKDF2Config)1 PBKDFConfig (com.github.zhenwei.core.crypto.util.PBKDFConfig)1 ScryptConfig (com.github.zhenwei.core.crypto.util.ScryptConfig)1