Example 16 with OAEPParameterSpec
use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.
the class XMLCipher method encryptKey.
/**
* Encrypts a key to an EncryptedKey structure
*
* @param doc the Context document that will be used to general DOM
* @param key Key to encrypt (will use previously set KEK to
* perform encryption
* @param mgfAlgorithm The xenc11 MGF Algorithm to use
* @param oaepParams The OAEPParams to use
* @return the <code>EncryptedKey</code>
* @throws XMLEncryptionException
*/
public EncryptedKey encryptKey(Document doc, Key key, String mgfAlgorithm, byte[] oaepParams) throws XMLEncryptionException {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Encrypting key ...");
}
if (null == key) {
log.log(java.util.logging.Level.SEVERE, "Key unexpectedly null...");
}
if (cipherMode != WRAP_MODE) {
log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");
}
if (algorithm == null) {
throw new XMLEncryptionException("XMLCipher instance without transformation specified");
}
contextDocument = doc;
byte[] encryptedBytes = null;
Cipher c;
if (contextCipher == null) {
// Now create the working cipher
c = constructCipher(algorithm, null);
} else {
c = contextCipher;
}
try {
// Should internally generate an IV
// todo - allow user to set an IV
OAEPParameterSpec oaepParameters = constructOAEPParameters(algorithm, digestAlg, mgfAlgorithm, oaepParams);
if (oaepParameters == null) {
c.init(Cipher.WRAP_MODE, this.key);
} else {
c.init(Cipher.WRAP_MODE, this.key, oaepParameters);
}
encryptedBytes = c.wrap(key);
} catch (InvalidKeyException ike) {
throw new XMLEncryptionException("empty", ike);
} catch (IllegalBlockSizeException ibse) {
throw new XMLEncryptionException("empty", ibse);
} catch (InvalidAlgorithmParameterException e) {
throw new XMLEncryptionException("empty", e);
}
String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
log.log(java.util.logging.Level.FINE, "Encrypted key octets length = " + base64EncodedEncryptedOctets.length());
}
CipherValue cv = ek.getCipherData().getCipherValue();
cv.setValue(base64EncodedEncryptedOctets);
try {
EncryptionMethod method = factory.newEncryptionMethod(new URI(algorithm).toString());
method.setDigestAlgorithm(digestAlg);
method.setMGFAlgorithm(mgfAlgorithm);
method.setOAEPparams(oaepParams);
ek.setEncryptionMethod(method);
} catch (URISyntaxException ex) {
throw new XMLEncryptionException("empty", ex);
}
return ek;
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
Cipher(javax.crypto.Cipher)
URISyntaxException(java.net.URISyntaxException)
InvalidKeyException(java.security.InvalidKeyException)
URI(java.net.URI)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
Example 17 with OAEPParameterSpec
use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.
the class XMLCipher method constructOAEPParameters.
/**
* Construct an OAEPParameterSpec object from the given parameters
*/
private OAEPParameterSpec constructOAEPParameters(String encryptionAlgorithm, String digestAlgorithm, String mgfAlgorithm, byte[] oaepParams) {
if (XMLCipher.RSA_OAEP.equals(encryptionAlgorithm) || XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
String jceDigestAlgorithm = "SHA-1";
if (digestAlgorithm != null) {
jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
}
PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
if (oaepParams != null) {
pSource = new PSource.PSpecified(oaepParams);
}
MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
if (XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
if (EncryptionConstants.MGF1_SHA256.equals(mgfAlgorithm)) {
mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
} else if (EncryptionConstants.MGF1_SHA384.equals(mgfAlgorithm)) {
mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
} else if (EncryptionConstants.MGF1_SHA512.equals(mgfAlgorithm)) {
mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
}
}
return new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
}
return null;
}
Also used :
PSource(javax.crypto.spec.PSource)
MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
Example 18 with OAEPParameterSpec
use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.
the class XMLCipher method decryptKey.
/**
* Decrypt a key from a passed in EncryptedKey structure
*
* @param encryptedKey Previously loaded EncryptedKey that needs
* to be decrypted.
* @param algorithm Algorithm for the decryption
* @return a key corresponding to the given type
* @throws XMLEncryptionException
*/
public Key decryptKey(EncryptedKey encryptedKey, String algorithm) throws XMLEncryptionException {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
}
if (cipherMode != UNWRAP_MODE && log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
}
if (algorithm == null) {
throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
}
if (key == null) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
}
KeyInfo ki = encryptedKey.getKeyInfo();
if (ki != null) {
ki.setSecureValidation(secureValidation);
try {
String keyWrapAlg = encryptedKey.getEncryptionMethod().getAlgorithm();
String keyType = JCEMapper.getJCEKeyAlgorithmFromURI(keyWrapAlg);
if ("RSA".equals(keyType)) {
key = ki.getPrivateKey();
} else {
key = ki.getSecretKey();
}
} catch (Exception e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
}
}
if (key == null) {
log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptKey called without a KEK and cannot resolve");
throw new XMLEncryptionException("Unable to decrypt without a KEK");
}
}
// Obtain the encrypted octets
XMLCipherInput cipherInput = new XMLCipherInput(encryptedKey);
cipherInput.setSecureValidation(secureValidation);
byte[] encryptedBytes = cipherInput.getBytes();
String jceKeyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithm);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "JCE Key Algorithm: " + jceKeyAlgorithm);
}
Cipher c;
if (contextCipher == null) {
// Now create the working cipher
c = constructCipher(encryptedKey.getEncryptionMethod().getAlgorithm(), encryptedKey.getEncryptionMethod().getDigestAlgorithm());
} else {
c = contextCipher;
}
Key ret;
try {
EncryptionMethod encMethod = encryptedKey.getEncryptionMethod();
OAEPParameterSpec oaepParameters = constructOAEPParameters(encMethod.getAlgorithm(), encMethod.getDigestAlgorithm(), encMethod.getMGFAlgorithm(), encMethod.getOAEPparams());
if (oaepParameters == null) {
c.init(Cipher.UNWRAP_MODE, key);
} else {
c.init(Cipher.UNWRAP_MODE, key, oaepParameters);
}
ret = c.unwrap(encryptedBytes, jceKeyAlgorithm, Cipher.SECRET_KEY);
} catch (InvalidKeyException ike) {
throw new XMLEncryptionException("empty", ike);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException("empty", nsae);
} catch (InvalidAlgorithmParameterException e) {
throw new XMLEncryptionException("empty", e);
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
}
return ret;
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
URISyntaxException(java.net.URISyntaxException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
Base64DecodingException(com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
InvalidCanonicalizerException(com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException)
InvalidTransformException(com.sun.org.apache.xml.internal.security.transforms.InvalidTransformException)
XMLSignatureException(com.sun.org.apache.xml.internal.security.signature.XMLSignatureException)
BadPaddingException(javax.crypto.BadPaddingException)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
TransformationException(com.sun.org.apache.xml.internal.security.transforms.TransformationException)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchProviderException(java.security.NoSuchProviderException)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo)
Cipher(javax.crypto.Cipher)
Key(java.security.Key)
Example 19 with OAEPParameterSpec
use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.
the class RSACipher method engineInit.
// see JCE spec
protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params == null) {
init(opmode, key, random, null);
} else {
try {
OAEPParameterSpec spec = params.getParameterSpec(OAEPParameterSpec.class);
init(opmode, key, random, spec);
} catch (InvalidParameterSpecException ipse) {
InvalidAlgorithmParameterException iape = new InvalidAlgorithmParameterException("Wrong parameter");
iape.initCause(ipse);
throw iape;
}
}
}
Also used :
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
Example 20 with OAEPParameterSpec
use of javax.crypto.spec.OAEPParameterSpec in project jdk8u_jdk by JetBrains.
the class OAEPParameters method engineInit.
protected void engineInit(AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException {
if (!(paramSpec instanceof OAEPParameterSpec)) {
throw new InvalidParameterSpecException("Inappropriate parameter specification");
}
OAEPParameterSpec spec = (OAEPParameterSpec) paramSpec;
mdName = spec.getDigestAlgorithm();
String mgfName = spec.getMGFAlgorithm();
if (!mgfName.equalsIgnoreCase("MGF1")) {
throw new InvalidParameterSpecException("Unsupported mgf " + mgfName + "; MGF1 only");
}
AlgorithmParameterSpec mgfSpec = spec.getMGFParameters();
if (!(mgfSpec instanceof MGF1ParameterSpec)) {
throw new InvalidParameterSpecException("Inappropriate mgf " + "parameters; non-null MGF1ParameterSpec only");
}
this.mgfSpec = (MGF1ParameterSpec) mgfSpec;
PSource pSrc = spec.getPSource();
if (pSrc.getAlgorithm().equals("PSpecified")) {
p = ((PSource.PSpecified) pSrc).getValue();
} else {
throw new InvalidParameterSpecException("Unsupported pSource " + pSrc.getAlgorithm() + "; PSpecified only");
}
}
Also used :
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
PSource(javax.crypto.spec.PSource)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)
Aggregations
OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)34
PSource (javax.crypto.spec.PSource)19
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)15
MGF1ParameterSpec (java.security.spec.MGF1ParameterSpec)11
Cipher (javax.crypto.Cipher)10
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6
InvalidKeyException (java.security.InvalidKeyException)6
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)6
URISyntaxException (java.net.URISyntaxException)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)4
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)4
AlgorithmParameters (java.security.AlgorithmParameters)3
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
URI (java.net.URI)2
InvalidParameterException (java.security.InvalidParameterException)2
Key (java.security.Key)2
NoSuchProviderException (java.security.NoSuchProviderException)2
SecureRandom (java.security.SecureRandom)2
