Search in sources :

Example 71 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.

the class PBESealedObject method runTest.

// Have a generic throws Exception as it can throw many different exceptions
public boolean runTest(Provider p, String algo, PrintStream out) throws Exception {
    byte[] salt = new byte[8];
    int ITERATION_COUNT = 1000;
    AlgorithmParameters pbeParams = null;
    String baseAlgo = new StringTokenizer(algo, "/").nextToken().toUpperCase();
    boolean isAES = baseAlgo.contains("AES");
    try {
        // Initialization
        Cipher ci = Cipher.getInstance(algo, p);
        new Random().nextBytes(salt);
        AlgorithmParameterSpec aps = new PBEParameterSpec(salt, ITERATION_COUNT);
        SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
        SecretKey key = skf.generateSecret(new PBEKeySpec("Secret Lover".toCharArray()));
        // Seal
        if (isAES) {
            ci.init(Cipher.ENCRYPT_MODE, key);
            pbeParams = ci.getParameters();
        } else {
            ci.init(Cipher.ENCRYPT_MODE, key, aps);
        }
        SealedObject so = new SealedObject(key, ci);
        // Unseal and compare
        if (isAES) {
            ci.init(Cipher.DECRYPT_MODE, key, pbeParams);
        } else {
            ci.init(Cipher.DECRYPT_MODE, key, aps);
        }
        SecretKey unsealedKey;
        unsealedKey = (SecretKey) so.getObject(ci);
        if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
            return false;
        }
        unsealedKey = (SecretKey) so.getObject(key);
        if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
            return false;
        }
        unsealedKey = (SecretKey) so.getObject(key, "SunJCE");
        return Arrays.equals(unsealedKey.getEncoded(), key.getEncoded());
    } catch (InvalidKeyException ex) {
        if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
            out.println("Expected exception , keyStrength > 128 within" + algo);
            return true;
        }
        throw ex;
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SealedObject(javax.crypto.SealedObject) InvalidKeyException(java.security.InvalidKeyException) StringTokenizer(java.util.StringTokenizer) SecretKey(javax.crypto.SecretKey) Random(java.util.Random) Cipher(javax.crypto.Cipher) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) AlgorithmParameters(java.security.AlgorithmParameters)

Example 72 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.

the class TestCipherKeyWrapperPBEKey method runTest.

// Have a generic throws Exception as it can throw many different exceptions
public boolean runTest(Provider p, String algo, PrintStream out) throws Exception {
    byte[] salt = new byte[8];
    int ITERATION_COUNT = 1000;
    AlgorithmParameters pbeParams = null;
    String baseAlgo = new StringTokenizer(algo, "/").nextToken().toUpperCase();
    boolean isAES = baseAlgo.contains("AES");
    try {
        // Initialization
        new Random().nextBytes(salt);
        AlgorithmParameterSpec aps = new PBEParameterSpec(salt, ITERATION_COUNT);
        SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
        SecretKey key = skf.generateSecret(new PBEKeySpec("Secret Key".toCharArray()));
        Cipher ci = Cipher.getInstance(algo);
        if (isAES) {
            ci.init(Cipher.WRAP_MODE, key);
            pbeParams = ci.getParameters();
        } else {
            ci.init(Cipher.WRAP_MODE, key, aps);
        }
        byte[] keyWrapper = ci.wrap(key);
        if (isAES) {
            ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
        } else {
            ci.init(Cipher.UNWRAP_MODE, key, aps);
        }
        Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
        if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
            out.print("InvalidKeyException not thrown when keyStrength > 128");
            return false;
        }
        return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
    } catch (InvalidKeyException ex) {
        if ((baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256"))) {
            out.println("Expected InvalidKeyException, keyStrength > 128");
            return true;
        } else {
            throw ex;
        }
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) InvalidKeyException(java.security.InvalidKeyException) StringTokenizer(java.util.StringTokenizer) SecretKey(javax.crypto.SecretKey) Random(java.util.Random) Cipher(javax.crypto.Cipher) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) Key(java.security.Key) SecretKey(javax.crypto.SecretKey) AlgorithmParameters(java.security.AlgorithmParameters)

Example 73 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.

the class EntryProtectionTest method setUp.

private void setUp() {
    out.println("Using KEYSTORE_PATH:" + KEYSTORE_PATH);
    Utils.createKeyStore(Utils.KeyStoreType.pkcs12, KEYSTORE_PATH, ALIAS);
    Random rand = RandomFactory.getRandom();
    rand.nextBytes(SALT);
    out.print("Salt: ");
    for (byte b : SALT) {
        out.format("%02X ", b);
    }
    out.println("");
    PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithMD5AndDES", new PBEParameterSpec(SALT, ITERATION_COUNT)));
    PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndDESede", null));
    PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC2_40", null));
    PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC2_128", null));
    PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC4_40", null));
    PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD, "PBEWithSHA1AndRC4_128", null));
}
Also used : Random(java.util.Random) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 74 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.

the class TestCipherKeyWrapperTest method wrapTest.

private void wrapTest(String transformation, String wrapAlgo, Key initKey, Key wrapKey, int keyType, boolean isPBE) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
    String algo = transformation.split("/")[0];
    boolean isAESBlowfish = algo.indexOf("AES") != -1 || algo.indexOf("Blowfish") != -1;
    AlgorithmParameters aps = null;
    AlgorithmParameterSpec pbeParams = null;
    if (isPBE) {
        byte[] salt = new byte[8];
        int iterCnt = 1000;
        new Random().nextBytes(salt);
        pbeParams = new PBEParameterSpec(salt, iterCnt);
    }
    // Wrap & UnWrap operation
    Cipher wrapCI = Cipher.getInstance(wrapAlgo);
    if (isPBE && !isAESBlowfish) {
        wrapCI.init(Cipher.WRAP_MODE, initKey, pbeParams);
    } else if (isAESBlowfish) {
        wrapCI.init(Cipher.WRAP_MODE, initKey);
        aps = wrapCI.getParameters();
    } else {
        wrapCI.init(Cipher.WRAP_MODE, initKey);
    }
    out.println("keysize : " + wrapKey.getEncoded().length);
    byte[] keyWrapper = wrapCI.wrap(wrapKey);
    if (isPBE && !isAESBlowfish) {
        wrapCI.init(Cipher.UNWRAP_MODE, initKey, pbeParams);
    } else if (isAESBlowfish) {
        wrapCI.init(Cipher.UNWRAP_MODE, initKey, aps);
    } else {
        wrapCI.init(Cipher.UNWRAP_MODE, initKey);
    }
    Key unwrappedKey = wrapCI.unwrap(keyWrapper, algo, keyType);
    // Comparison
    if (!Arrays.equals(wrapKey.getEncoded(), unwrappedKey.getEncoded())) {
        throw new RuntimeException("Comparation failed testing " + transformation + ":" + wrapAlgo + ":" + keyType);
    }
}
Also used : Random(java.util.Random) String(java.lang.String) Cipher(javax.crypto.Cipher) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) Key(java.security.Key) SecretKey(javax.crypto.SecretKey) AlgorithmParameters(java.security.AlgorithmParameters)

Example 75 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project jdk8u_jdk by JetBrains.

the class PKCS12SameKeyId method main.

public static void main(String[] args) throws Exception {
    // Prepare a JKS keystore with many entries
    new File(JKSFILE).delete();
    for (int i = 0; i < SIZE; i++) {
        System.err.print(".");
        String cmd = "-keystore " + JKSFILE + " -storepass changeit -keypass changeit -keyalg rsa " + "-genkeypair -alias p" + i + " -dname CN=" + i;
        sun.security.tools.keytool.Main.main(cmd.split(" "));
    }
    // Prepare EncryptedPrivateKeyInfo parameters, copied from various
    // places in PKCS12KeyStore.java
    AlgorithmParameters algParams = AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
    algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
    AlgorithmId algid = new AlgorithmId(new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
    PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
    SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
    SecretKey skey = skFac.generateSecret(keySpec);
    Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
    cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
    // Pre-calculated keys and certs and aliases
    byte[][] keys = new byte[SIZE][];
    Certificate[][] certChains = new Certificate[SIZE][];
    String[] aliases = new String[SIZE];
    // Reads from JKS keystore and pre-calculate
    KeyStore ks = KeyStore.getInstance("jks");
    try (FileInputStream fis = new FileInputStream(JKSFILE)) {
        ks.load(fis, PASSWORD);
    }
    for (int i = 0; i < SIZE; i++) {
        aliases[i] = "p" + i;
        byte[] enckey = cipher.doFinal(ks.getKey(aliases[i], PASSWORD).getEncoded());
        keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
        certChains[i] = ks.getCertificateChain(aliases[i]);
    }
    // Write into PKCS12 keystore. Use this overloaded version of
    // setKeyEntry() to be as fast as possible, so that they would
    // have same localKeyId.
    KeyStore p12 = KeyStore.getInstance("pkcs12");
    p12.load(null, PASSWORD);
    for (int i = 0; i < SIZE; i++) {
        p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
    }
    try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
        p12.store(fos, PASSWORD);
    }
    // Check private keys still match certs
    p12 = KeyStore.getInstance("pkcs12");
    try (FileInputStream fis = new FileInputStream(P12FILE)) {
        p12.load(fis, PASSWORD);
    }
    for (int i = 0; i < SIZE; i++) {
        String a = "p" + i;
        X509Certificate x = (X509Certificate) p12.getCertificate(a);
        X500Name name = (X500Name) x.getSubjectDN();
        if (!name.getCommonName().equals("" + i)) {
            throw new Exception(a + "'s cert is " + name);
        }
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) X500Name(sun.security.x509.X500Name) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) AlgorithmId(sun.security.x509.AlgorithmId) FileOutputStream(java.io.FileOutputStream) EncryptedPrivateKeyInfo(sun.security.pkcs.EncryptedPrivateKeyInfo) Cipher(javax.crypto.Cipher) File(java.io.File) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) AlgorithmParameters(java.security.AlgorithmParameters) ObjectIdentifier(sun.security.util.ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)101 SecretKey (javax.crypto.SecretKey)72 Cipher (javax.crypto.Cipher)65 PBEKeySpec (javax.crypto.spec.PBEKeySpec)59 SecretKeyFactory (javax.crypto.SecretKeyFactory)51 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)19 IvParameterSpec (javax.crypto.spec.IvParameterSpec)18 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)17 InvalidKeyException (java.security.InvalidKeyException)17 KeyStoreException (java.security.KeyStoreException)14 UnrecoverableKeyException (java.security.UnrecoverableKeyException)14 CertificateException (java.security.cert.CertificateException)14 AlgorithmParameters (java.security.AlgorithmParameters)12 SecureRandom (java.security.SecureRandom)12 CipherParameters (org.bouncycastle.crypto.CipherParameters)12 KeyParameter (org.bouncycastle.crypto.params.KeyParameter)12 ParametersWithIV (org.bouncycastle.crypto.params.ParametersWithIV)12 IOException (java.io.IOException)11 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)9 Key (java.security.Key)8