use of org.bouncycastle.crypto.PBEParametersGenerator in project XobotOS by xamarin.
the class JDKKeyStore method engineLoad.
public void engineLoad(InputStream stream, char[] password) throws IOException {
table.clear();
if (// just initialising
stream == null) {
return;
}
DataInputStream dIn = new DataInputStream(stream);
int version = dIn.readInt();
if (version != STORE_VERSION) {
if (version != 0) {
throw new IOException("Wrong version of key store.");
}
}
byte[] salt = new byte[dIn.readInt()];
dIn.readFully(salt);
int iterationCount = dIn.readInt();
//
// we only do an integrity check if the password is provided.
//
// BEGIN android-changed
HMac hMac = new HMac(new OpenSSLDigest.SHA1());
// END android-changed
if (password != null && password.length != 0) {
byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
// BEGIN android-changed
PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1());
// END android-changed
pbeGen.init(passKey, salt, iterationCount);
CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
Arrays.fill(passKey, (byte) 0);
hMac.init(macParams);
MacInputStream mIn = new MacInputStream(dIn, hMac);
loadStore(mIn);
// Finalise our mac calculation
byte[] mac = new byte[hMac.getMacSize()];
hMac.doFinal(mac, 0);
// TODO Should this actually be reading the remainder of the stream?
// Read the original mac from the stream
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
table.clear();
throw new IOException("KeyStore integrity check failed.");
}
} else {
loadStore(dIn);
// TODO Should this actually be reading the remainder of the stream?
// Parse the original mac from the stream too
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
}
}
use of org.bouncycastle.crypto.PBEParametersGenerator in project robovm by robovm.
the class BcKeyStoreSpi method engineLoad.
public void engineLoad(InputStream stream, char[] password) throws IOException {
table.clear();
if (// just initialising
stream == null) {
return;
}
DataInputStream dIn = new DataInputStream(stream);
int version = dIn.readInt();
if (version != STORE_VERSION) {
if (version != 0 && version != 1) {
throw new IOException("Wrong version of key store.");
}
}
int saltLength = dIn.readInt();
if (saltLength <= 0) {
throw new IOException("Invalid salt detected");
}
byte[] salt = new byte[saltLength];
dIn.readFully(salt);
int iterationCount = dIn.readInt();
//
// we only do an integrity check if the password is provided.
//
HMac hMac = new HMac(new SHA1Digest());
if (password != null && password.length != 0) {
byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
pbeGen.init(passKey, salt, iterationCount);
CipherParameters macParams;
if (version != 2) {
macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
} else {
macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8);
}
Arrays.fill(passKey, (byte) 0);
hMac.init(macParams);
MacInputStream mIn = new MacInputStream(dIn, hMac);
loadStore(mIn);
// Finalise our mac calculation
byte[] mac = new byte[hMac.getMacSize()];
hMac.doFinal(mac, 0);
// TODO Should this actually be reading the remainder of the stream?
// Read the original mac from the stream
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
table.clear();
throw new IOException("KeyStore integrity check failed.");
}
} else {
loadStore(dIn);
// TODO Should this actually be reading the remainder of the stream?
// Parse the original mac from the stream too
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
}
}
use of org.bouncycastle.crypto.PBEParametersGenerator in project samourai-wallet-android by Samourai-Wallet.
the class AESUtil method decryptWithSetMode.
public static String decryptWithSetMode(String ciphertext, CharSequenceX password, int iterations, int mode, @Nullable BlockCipherPadding padding) throws InvalidCipherTextException, UnsupportedEncodingException, DecryptionException {
final int AESBlockSize = 4;
byte[] cipherdata = Base64.decodeBase64(ciphertext.getBytes());
// Separate the IV and cipher data
byte[] iv = copyOfRange(cipherdata, 0, AESBlockSize * 4);
byte[] input = copyOfRange(cipherdata, AESBlockSize * 4, cipherdata.length);
PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password.toString().toCharArray()), iv, iterations);
KeyParameter keyParam = (KeyParameter) generator.generateDerivedParameters(256);
CipherParameters params = new ParametersWithIV(keyParam, iv);
BlockCipher cipherMode;
if (mode == MODE_CBC) {
cipherMode = new CBCBlockCipher(new AESEngine());
} else {
// mode == MODE_OFB
cipherMode = new OFBBlockCipher(new AESEngine(), 128);
}
BufferedBlockCipher cipher;
if (padding != null) {
cipher = new PaddedBufferedBlockCipher(cipherMode, padding);
} else {
cipher = new BufferedBlockCipher(cipherMode);
}
cipher.reset();
cipher.init(false, params);
// create a temporary buffer to decode into (includes padding)
byte[] buf = new byte[cipher.getOutputSize(input.length)];
int len = cipher.processBytes(input, 0, input.length, buf, 0);
len += cipher.doFinal(buf, len);
// remove padding
byte[] out = new byte[len];
System.arraycopy(buf, 0, out, 0, len);
// return string representation of decoded bytes
String result = new String(out, "UTF-8");
if (result.isEmpty()) {
throw new DecryptionException("Decrypted string is empty.");
}
return result;
}
use of org.bouncycastle.crypto.PBEParametersGenerator in project jruby-openssl by jruby.
the class PKCS5 method generatePBEKey.
private static RubyString generatePBEKey(final Ruby runtime, final char[] pass, final byte[] salt, final int iter, final int keySize) {
PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(pass), salt, iter);
CipherParameters params = generator.generateDerivedParameters(keySize * 8);
return StringHelper.newString(runtime, ((KeyParameter) params).getKey());
}
use of org.bouncycastle.crypto.PBEParametersGenerator in project jruby-openssl by jruby.
the class PEMInputOutput method extractPBES2CipherParams.
private static CipherParameters extractPBES2CipherParams(char[] password, PBES2Parameters pbeParams) {
PBKDF2Params pbkdfParams = PBKDF2Params.getInstance(pbeParams.getKeyDerivationFunc().getParameters());
int keySize = 192;
if (pbkdfParams.getKeyLength() != null) {
keySize = pbkdfParams.getKeyLength().intValue() * 8;
}
int iterationCount = pbkdfParams.getIterationCount().intValue();
byte[] salt = pbkdfParams.getSalt();
PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt, iterationCount);
return generator.generateDerivedParameters(keySize);
}
Aggregations