Search in sources :

Example 16 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.

the class XMLCipher method encryptKey.

/**
     * Encrypts a key to an EncryptedKey structure
     *
     * @param doc the Context document that will be used to general DOM
     * @param key Key to encrypt (will use previously set KEK to
     * perform encryption
     * @param mgfAlgorithm The xenc11 MGF Algorithm to use
     * @param oaepParams The OAEPParams to use
     * @return the <code>EncryptedKey</code>
     * @throws XMLEncryptionException
     */
public EncryptedKey encryptKey(Document doc, Key key, String mgfAlgorithm, byte[] oaepParams) throws XMLEncryptionException {
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Encrypting key ...");
    }
    if (null == key) {
        log.log(java.util.logging.Level.SEVERE, "Key unexpectedly null...");
    }
    if (cipherMode != WRAP_MODE) {
        log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");
    }
    if (algorithm == null) {
        throw new XMLEncryptionException("XMLCipher instance without transformation specified");
    }
    contextDocument = doc;
    byte[] encryptedBytes = null;
    Cipher c;
    if (contextCipher == null) {
        // Now create the working cipher
        c = constructCipher(algorithm, null);
    } else {
        c = contextCipher;
    }
    try {
        // Should internally generate an IV
        // todo - allow user to set an IV
        OAEPParameterSpec oaepParameters = constructOAEPParameters(algorithm, digestAlg, mgfAlgorithm, oaepParams);
        if (oaepParameters == null) {
            c.init(Cipher.WRAP_MODE, this.key);
        } else {
            c.init(Cipher.WRAP_MODE, this.key, oaepParameters);
        }
        encryptedBytes = c.wrap(key);
    } catch (InvalidKeyException ike) {
        throw new XMLEncryptionException("empty", ike);
    } catch (IllegalBlockSizeException ibse) {
        throw new XMLEncryptionException("empty", ibse);
    } catch (InvalidAlgorithmParameterException e) {
        throw new XMLEncryptionException("empty", e);
    }
    String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
        log.log(java.util.logging.Level.FINE, "Encrypted key octets length = " + base64EncodedEncryptedOctets.length());
    }
    CipherValue cv = ek.getCipherData().getCipherValue();
    cv.setValue(base64EncodedEncryptedOctets);
    try {
        EncryptionMethod method = factory.newEncryptionMethod(new URI(algorithm).toString());
        method.setDigestAlgorithm(digestAlg);
        method.setMGFAlgorithm(mgfAlgorithm);
        method.setOAEPparams(oaepParams);
        ek.setEncryptionMethod(method);
    } catch (URISyntaxException ex) {
        throw new XMLEncryptionException("empty", ex);
    }
    return ek;
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) Cipher(javax.crypto.Cipher) URISyntaxException(java.net.URISyntaxException) InvalidKeyException(java.security.InvalidKeyException) URI(java.net.URI) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 17 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.

the class XMLCipher method constructOAEPParameters.

/**
     * Construct an OAEPParameterSpec object from the given parameters
     */
private OAEPParameterSpec constructOAEPParameters(String encryptionAlgorithm, String digestAlgorithm, String mgfAlgorithm, byte[] oaepParams) {
    if (XMLCipher.RSA_OAEP.equals(encryptionAlgorithm) || XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
        String jceDigestAlgorithm = "SHA-1";
        if (digestAlgorithm != null) {
            jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
        }
        PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
        if (oaepParams != null) {
            pSource = new PSource.PSpecified(oaepParams);
        }
        MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
        if (XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
            if (EncryptionConstants.MGF1_SHA256.equals(mgfAlgorithm)) {
                mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
            } else if (EncryptionConstants.MGF1_SHA384.equals(mgfAlgorithm)) {
                mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
            } else if (EncryptionConstants.MGF1_SHA512.equals(mgfAlgorithm)) {
                mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
            }
        }
        return new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
    }
    return null;
}
Also used : PSource(javax.crypto.spec.PSource) MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 18 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.

the class XMLCipher method decryptKey.

/**
     * Decrypt a key from a passed in EncryptedKey structure
     *
     * @param encryptedKey Previously loaded EncryptedKey that needs
     * to be decrypted.
     * @param algorithm Algorithm for the decryption
     * @return a key corresponding to the given type
     * @throws XMLEncryptionException
     */
public Key decryptKey(EncryptedKey encryptedKey, String algorithm) throws XMLEncryptionException {
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
    }
    if (cipherMode != UNWRAP_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
    }
    if (algorithm == null) {
        throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
    }
    if (key == null) {
        if (log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
        }
        KeyInfo ki = encryptedKey.getKeyInfo();
        if (ki != null) {
            ki.setSecureValidation(secureValidation);
            try {
                String keyWrapAlg = encryptedKey.getEncryptionMethod().getAlgorithm();
                String keyType = JCEMapper.getJCEKeyAlgorithmFromURI(keyWrapAlg);
                if ("RSA".equals(keyType)) {
                    key = ki.getPrivateKey();
                } else {
                    key = ki.getSecretKey();
                }
            } catch (Exception e) {
                if (log.isLoggable(java.util.logging.Level.FINE)) {
                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
                }
            }
        }
        if (key == null) {
            log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptKey called without a KEK and cannot resolve");
            throw new XMLEncryptionException("Unable to decrypt without a KEK");
        }
    }
    // Obtain the encrypted octets
    XMLCipherInput cipherInput = new XMLCipherInput(encryptedKey);
    cipherInput.setSecureValidation(secureValidation);
    byte[] encryptedBytes = cipherInput.getBytes();
    String jceKeyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithm);
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "JCE Key Algorithm: " + jceKeyAlgorithm);
    }
    Cipher c;
    if (contextCipher == null) {
        // Now create the working cipher
        c = constructCipher(encryptedKey.getEncryptionMethod().getAlgorithm(), encryptedKey.getEncryptionMethod().getDigestAlgorithm());
    } else {
        c = contextCipher;
    }
    Key ret;
    try {
        EncryptionMethod encMethod = encryptedKey.getEncryptionMethod();
        OAEPParameterSpec oaepParameters = constructOAEPParameters(encMethod.getAlgorithm(), encMethod.getDigestAlgorithm(), encMethod.getMGFAlgorithm(), encMethod.getOAEPparams());
        if (oaepParameters == null) {
            c.init(Cipher.UNWRAP_MODE, key);
        } else {
            c.init(Cipher.UNWRAP_MODE, key, oaepParameters);
        }
        ret = c.unwrap(encryptedBytes, jceKeyAlgorithm, Cipher.SECRET_KEY);
    } catch (InvalidKeyException ike) {
        throw new XMLEncryptionException("empty", ike);
    } catch (NoSuchAlgorithmException nsae) {
        throw new XMLEncryptionException("empty", nsae);
    } catch (InvalidAlgorithmParameterException e) {
        throw new XMLEncryptionException("empty", e);
    }
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
    }
    return ret;
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) URISyntaxException(java.net.URISyntaxException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) Base64DecodingException(com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) InvalidCanonicalizerException(com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException) InvalidTransformException(com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException) XMLSignatureException(com.sun.org.apache.xml.internal.security.signature.XMLSignatureException) BadPaddingException(javax.crypto.BadPaddingException) KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) TransformationException(com.sun.org.apache.xml.internal.security.transforms.TransformationException) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NoSuchProviderException(java.security.NoSuchProviderException) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec) KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo) Cipher(javax.crypto.Cipher) Key(java.security.Key)

Example 19 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.

the class RSACipher method engineInit.

// see JCE spec
protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
    if (params == null) {
        init(opmode, key, random, null);
    } else {
        try {
            OAEPParameterSpec spec = params.getParameterSpec(OAEPParameterSpec.class);
            init(opmode, key, random, spec);
        } catch (InvalidParameterSpecException ipse) {
            InvalidAlgorithmParameterException iape = new InvalidAlgorithmParameterException("Wrong parameter");
            iape.initCause(ipse);
            throw iape;
        }
    }
}
Also used : InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 20 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.

the class OAEPParameters method engineInit.

protected void engineInit(AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException {
    if (!(paramSpec instanceof OAEPParameterSpec)) {
        throw new InvalidParameterSpecException("Inappropriate parameter specification");
    }
    OAEPParameterSpec spec = (OAEPParameterSpec) paramSpec;
    mdName = spec.getDigestAlgorithm();
    String mgfName = spec.getMGFAlgorithm();
    if (!mgfName.equalsIgnoreCase("MGF1")) {
        throw new InvalidParameterSpecException("Unsupported mgf " + mgfName + "; MGF1 only");
    }
    AlgorithmParameterSpec mgfSpec = spec.getMGFParameters();
    if (!(mgfSpec instanceof MGF1ParameterSpec)) {
        throw new InvalidParameterSpecException("Inappropriate mgf " + "parameters; non-null MGF1ParameterSpec only");
    }
    this.mgfSpec = (MGF1ParameterSpec) mgfSpec;
    PSource pSrc = spec.getPSource();
    if (pSrc.getAlgorithm().equals("PSpecified")) {
        p = ((PSource.PSpecified) pSrc).getValue();
    } else {
        throw new InvalidParameterSpecException("Unsupported pSource " + pSrc.getAlgorithm() + "; PSpecified only");
    }
}
Also used : InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) PSource(javax.crypto.spec.PSource) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec) MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)

Aggregations

OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)34 PSource (javax.crypto.spec.PSource)19 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)15 MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)11 Cipher (javax.crypto.Cipher)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6 InvalidKeyException (java.security.InvalidKeyException)6 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)6 URISyntaxException (java.net.URISyntaxException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)4 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)4 AlgorithmParameters (java.security.AlgorithmParameters)3 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 URI (java.net.URI)2 InvalidParameterException (java.security.InvalidParameterException)2 Key (java.security.Key)2 NoSuchProviderException (java.security.NoSuchProviderException)2 SecureRandom (java.security.SecureRandom)2