use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project robovm by robovm.
the class BcKeyStoreSpi method engineLoad.
public void engineLoad(InputStream stream, char[] password) throws IOException {
table.clear();
if (// just initialising
stream == null) {
return;
}
DataInputStream dIn = new DataInputStream(stream);
int version = dIn.readInt();
if (version != STORE_VERSION) {
if (version != 0 && version != 1) {
throw new IOException("Wrong version of key store.");
}
}
int saltLength = dIn.readInt();
if (saltLength <= 0) {
throw new IOException("Invalid salt detected");
}
byte[] salt = new byte[saltLength];
dIn.readFully(salt);
int iterationCount = dIn.readInt();
//
// we only do an integrity check if the password is provided.
//
HMac hMac = new HMac(new SHA1Digest());
if (password != null && password.length != 0) {
byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
pbeGen.init(passKey, salt, iterationCount);
CipherParameters macParams;
if (version != 2) {
macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
} else {
macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8);
}
Arrays.fill(passKey, (byte) 0);
hMac.init(macParams);
MacInputStream mIn = new MacInputStream(dIn, hMac);
loadStore(mIn);
// Finalise our mac calculation
byte[] mac = new byte[hMac.getMacSize()];
hMac.doFinal(mac, 0);
// TODO Should this actually be reading the remainder of the stream?
// Read the original mac from the stream
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
table.clear();
throw new IOException("KeyStore integrity check failed.");
}
} else {
loadStore(dIn);
// TODO Should this actually be reading the remainder of the stream?
// Parse the original mac from the stream too
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
}
}
use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project XobotOS by xamarin.
the class JDKKeyStore method engineLoad.
public void engineLoad(InputStream stream, char[] password) throws IOException {
table.clear();
if (// just initialising
stream == null) {
return;
}
DataInputStream dIn = new DataInputStream(stream);
int version = dIn.readInt();
if (version != STORE_VERSION) {
if (version != 0) {
throw new IOException("Wrong version of key store.");
}
}
byte[] salt = new byte[dIn.readInt()];
dIn.readFully(salt);
int iterationCount = dIn.readInt();
//
// we only do an integrity check if the password is provided.
//
// BEGIN android-changed
HMac hMac = new HMac(new OpenSSLDigest.SHA1());
// END android-changed
if (password != null && password.length != 0) {
byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
// BEGIN android-changed
PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1());
// END android-changed
pbeGen.init(passKey, salt, iterationCount);
CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
Arrays.fill(passKey, (byte) 0);
hMac.init(macParams);
MacInputStream mIn = new MacInputStream(dIn, hMac);
loadStore(mIn);
// Finalise our mac calculation
byte[] mac = new byte[hMac.getMacSize()];
hMac.doFinal(mac, 0);
// TODO Should this actually be reading the remainder of the stream?
// Read the original mac from the stream
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
table.clear();
throw new IOException("KeyStore integrity check failed.");
}
} else {
loadStore(dIn);
// TODO Should this actually be reading the remainder of the stream?
// Parse the original mac from the stream too
byte[] oldMac = new byte[hMac.getMacSize()];
dIn.readFully(oldMac);
}
}
use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project robovm by robovm.
the class BcKeyStoreSpi method engineStore.
public void engineStore(OutputStream stream, char[] password) throws IOException {
DataOutputStream dOut = new DataOutputStream(stream);
byte[] salt = new byte[STORE_SALT_SIZE];
int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
random.nextBytes(salt);
dOut.writeInt(version);
dOut.writeInt(salt.length);
dOut.write(salt);
dOut.writeInt(iterationCount);
HMac hMac = new HMac(new SHA1Digest());
MacOutputStream mOut = new MacOutputStream(hMac);
PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
pbeGen.init(passKey, salt, iterationCount);
if (version < 2) {
hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize()));
} else {
hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8));
}
for (int i = 0; i != passKey.length; i++) {
passKey[i] = 0;
}
saveStore(new TeeOutputStream(dOut, mOut));
byte[] mac = new byte[hMac.getMacSize()];
hMac.doFinal(mac, 0);
dOut.write(mac);
dOut.close();
}
use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project XobotOS by xamarin.
the class JDKKeyStore method engineStore.
public void engineStore(OutputStream stream, char[] password) throws IOException {
DataOutputStream dOut = new DataOutputStream(stream);
byte[] salt = new byte[STORE_SALT_SIZE];
int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
random.nextBytes(salt);
dOut.writeInt(STORE_VERSION);
dOut.writeInt(salt.length);
dOut.write(salt);
dOut.writeInt(iterationCount);
// BEGIN android-changed
HMac hMac = new HMac(new OpenSSLDigest.SHA1());
MacOutputStream mOut = new MacOutputStream(dOut, hMac);
PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1());
// END android-changed
byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
pbeGen.init(passKey, salt, iterationCount);
hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize()));
for (int i = 0; i != passKey.length; i++) {
passKey[i] = 0;
}
saveStore(mOut);
byte[] mac = new byte[hMac.getMacSize()];
hMac.doFinal(mac, 0);
dOut.write(mac);
dOut.close();
}
Aggregations