Search in sources :

Example 86 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project Zom-Android by zom.

the class OpenSSLPBECommon method initializeCipher.

protected static Cipher initializeCipher(char[] password, byte[] salt, int cipherMode, final String algorithm, int iterationCount) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException {
    PBEKeySpec keySpec = new PBEKeySpec(password);
    SecretKeyFactory factory = SecretKeyFactory.getInstance(algorithm);
    SecretKey key = factory.generateSecret(keySpec);
    Cipher cipher = Cipher.getInstance(algorithm);
    cipher.init(cipherMode, key, new PBEParameterSpec(salt, iterationCount));
    return cipher;
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) Cipher(javax.crypto.Cipher) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 87 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project Bytecoder by mirkosertic.

the class HmacPKCS12PBESHA1 method engineInit.

/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey = (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        // maybe null if unspecified
        salt = pbeKey.getSalt();
        // maybe 0 if unspecified
        iCount = pbeKey.getIterationCount();
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) || !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i = 0; i < passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt, iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
Also used : SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 88 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project Bytecoder by mirkosertic.

the class PBMAC1Core method engineInit.

/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey = (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        // maybe null if unspecified
        salt = pbeKey.getSalt();
        // maybe 0 if unspecified
        iCount = pbeKey.getIterationCount();
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) || !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i = 0; i < passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException("IterationCount must be a positive number");
    }
    PBEKeySpec pbeSpec = new PBEKeySpec(passwdChars, salt, iCount, blockLength);
    // password char[] was cloned in PBEKeySpec constructor,
    // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');
    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);
    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike = new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
    super.engineInit(cipherKey, null);
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 89 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project polymap4-core by Polymap4.

the class JavaEncryption method internalDecrypt.

private byte[] internalDecrypt(PasswordExt passwordExt, CryptoData encryptedData) throws StorageException, IllegalStateException, IllegalBlockSizeException, BadPaddingException {
    try {
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(keyFactoryAlgorithm);
        SecretKey key = keyFactory.generateSecret(passwordExt.getPassword());
        PBEParameterSpec entropy = new PBEParameterSpec(encryptedData.getSalt(), SALT_ITERATIONS);
        Cipher c = Cipher.getInstance(cipherAlgorithm);
        c.init(Cipher.DECRYPT_MODE, key, entropy);
        byte[] result = c.doFinal(encryptedData.getData());
        return result;
    } catch (InvalidAlgorithmParameterException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    } catch (InvalidKeyException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    } catch (InvalidKeySpecException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    } catch (NoSuchPaddingException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    } catch (NoSuchAlgorithmException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    }
}
Also used : InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 90 with PBEParameterSpec

use of javax.crypto.spec.PBEParameterSpec in project polymap4-core by Polymap4.

the class JavaEncryption method internalEncrypt.

private CryptoData internalEncrypt(PasswordExt passwordExt, byte[] clearText) throws StorageException {
    try {
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(keyFactoryAlgorithm);
        SecretKey key = keyFactory.generateSecret(passwordExt.getPassword());
        byte[] salt = new byte[8];
        SecureRandom random = new SecureRandom();
        random.nextBytes(salt);
        PBEParameterSpec entropy = new PBEParameterSpec(salt, SALT_ITERATIONS);
        Cipher c = Cipher.getInstance(cipherAlgorithm);
        c.init(Cipher.ENCRYPT_MODE, key, entropy);
        byte[] result = c.doFinal(clearText);
        return new CryptoData(passwordExt.getModuleID(), salt, result);
    } catch (InvalidKeyException e) {
        handle(e, StorageException.ENCRYPTION_ERROR);
        return null;
    } catch (InvalidAlgorithmParameterException e) {
        handle(e, StorageException.ENCRYPTION_ERROR);
        return null;
    } catch (IllegalBlockSizeException e) {
        handle(e, StorageException.ENCRYPTION_ERROR);
        return null;
    } catch (BadPaddingException e) {
        handle(e, StorageException.ENCRYPTION_ERROR);
        return null;
    } catch (InvalidKeySpecException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    } catch (NoSuchPaddingException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    } catch (NoSuchAlgorithmException e) {
        handle(e, StorageException.INTERNAL_ERROR);
        return null;
    }
}
Also used : InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Aggregations

PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)101 SecretKey (javax.crypto.SecretKey)72 Cipher (javax.crypto.Cipher)65 PBEKeySpec (javax.crypto.spec.PBEKeySpec)59 SecretKeyFactory (javax.crypto.SecretKeyFactory)51 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)19 IvParameterSpec (javax.crypto.spec.IvParameterSpec)18 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)17 InvalidKeyException (java.security.InvalidKeyException)17 KeyStoreException (java.security.KeyStoreException)14 UnrecoverableKeyException (java.security.UnrecoverableKeyException)14 CertificateException (java.security.cert.CertificateException)14 AlgorithmParameters (java.security.AlgorithmParameters)12 SecureRandom (java.security.SecureRandom)12 CipherParameters (org.bouncycastle.crypto.CipherParameters)12 KeyParameter (org.bouncycastle.crypto.params.KeyParameter)12 ParametersWithIV (org.bouncycastle.crypto.params.ParametersWithIV)12 IOException (java.io.IOException)11 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)9 Key (java.security.Key)8