Search in sources :

Example 1 with PKCS12ParametersGenerator

use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project robovm by robovm.

the class BcKeyStoreSpi method engineLoad.

public void engineLoad(InputStream stream, char[] password) throws IOException {
    table.clear();
    if (// just initialising
    stream == null) {
        return;
    }
    DataInputStream dIn = new DataInputStream(stream);
    int version = dIn.readInt();
    if (version != STORE_VERSION) {
        if (version != 0 && version != 1) {
            throw new IOException("Wrong version of key store.");
        }
    }
    int saltLength = dIn.readInt();
    if (saltLength <= 0) {
        throw new IOException("Invalid salt detected");
    }
    byte[] salt = new byte[saltLength];
    dIn.readFully(salt);
    int iterationCount = dIn.readInt();
    //
    // we only do an integrity check if the password is provided.
    //
    HMac hMac = new HMac(new SHA1Digest());
    if (password != null && password.length != 0) {
        byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
        PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
        pbeGen.init(passKey, salt, iterationCount);
        CipherParameters macParams;
        if (version != 2) {
            macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
        } else {
            macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8);
        }
        Arrays.fill(passKey, (byte) 0);
        hMac.init(macParams);
        MacInputStream mIn = new MacInputStream(dIn, hMac);
        loadStore(mIn);
        // Finalise our mac calculation
        byte[] mac = new byte[hMac.getMacSize()];
        hMac.doFinal(mac, 0);
        // TODO Should this actually be reading the remainder of the stream?
        // Read the original mac from the stream
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
        if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
            table.clear();
            throw new IOException("KeyStore integrity check failed.");
        }
    } else {
        loadStore(dIn);
        // TODO Should this actually be reading the remainder of the stream?
        // Parse the original mac from the stream too
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
    }
}
Also used : CipherParameters(org.bouncycastle.crypto.CipherParameters) MacInputStream(org.bouncycastle.crypto.io.MacInputStream) PKCS12ParametersGenerator(org.bouncycastle.crypto.generators.PKCS12ParametersGenerator) HMac(org.bouncycastle.crypto.macs.HMac) SHA1Digest(org.bouncycastle.crypto.digests.SHA1Digest) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) PBEParametersGenerator(org.bouncycastle.crypto.PBEParametersGenerator)

Example 2 with PKCS12ParametersGenerator

use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project XobotOS by xamarin.

the class JDKKeyStore method engineLoad.

public void engineLoad(InputStream stream, char[] password) throws IOException {
    table.clear();
    if (// just initialising
    stream == null) {
        return;
    }
    DataInputStream dIn = new DataInputStream(stream);
    int version = dIn.readInt();
    if (version != STORE_VERSION) {
        if (version != 0) {
            throw new IOException("Wrong version of key store.");
        }
    }
    byte[] salt = new byte[dIn.readInt()];
    dIn.readFully(salt);
    int iterationCount = dIn.readInt();
    //
    // we only do an integrity check if the password is provided.
    //
    // BEGIN android-changed
    HMac hMac = new HMac(new OpenSSLDigest.SHA1());
    // END android-changed
    if (password != null && password.length != 0) {
        byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
        // BEGIN android-changed
        PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1());
        // END android-changed
        pbeGen.init(passKey, salt, iterationCount);
        CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
        Arrays.fill(passKey, (byte) 0);
        hMac.init(macParams);
        MacInputStream mIn = new MacInputStream(dIn, hMac);
        loadStore(mIn);
        // Finalise our mac calculation
        byte[] mac = new byte[hMac.getMacSize()];
        hMac.doFinal(mac, 0);
        // TODO Should this actually be reading the remainder of the stream?
        // Read the original mac from the stream
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
        if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
            table.clear();
            throw new IOException("KeyStore integrity check failed.");
        }
    } else {
        loadStore(dIn);
        // TODO Should this actually be reading the remainder of the stream?
        // Parse the original mac from the stream too
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
    }
}
Also used : CipherParameters(org.bouncycastle.crypto.CipherParameters) MacInputStream(org.bouncycastle.crypto.io.MacInputStream) PKCS12ParametersGenerator(org.bouncycastle.crypto.generators.PKCS12ParametersGenerator) HMac(org.bouncycastle.crypto.macs.HMac) IOException(java.io.IOException) OpenSSLDigest(org.bouncycastle.crypto.digests.OpenSSLDigest) DataInputStream(java.io.DataInputStream) PBEParametersGenerator(org.bouncycastle.crypto.PBEParametersGenerator)

Example 3 with PKCS12ParametersGenerator

use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project robovm by robovm.

the class BcKeyStoreSpi method engineStore.

public void engineStore(OutputStream stream, char[] password) throws IOException {
    DataOutputStream dOut = new DataOutputStream(stream);
    byte[] salt = new byte[STORE_SALT_SIZE];
    int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
    random.nextBytes(salt);
    dOut.writeInt(version);
    dOut.writeInt(salt.length);
    dOut.write(salt);
    dOut.writeInt(iterationCount);
    HMac hMac = new HMac(new SHA1Digest());
    MacOutputStream mOut = new MacOutputStream(hMac);
    PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
    byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
    pbeGen.init(passKey, salt, iterationCount);
    if (version < 2) {
        hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize()));
    } else {
        hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8));
    }
    for (int i = 0; i != passKey.length; i++) {
        passKey[i] = 0;
    }
    saveStore(new TeeOutputStream(dOut, mOut));
    byte[] mac = new byte[hMac.getMacSize()];
    hMac.doFinal(mac, 0);
    dOut.write(mac);
    dOut.close();
}
Also used : TeeOutputStream(org.bouncycastle.util.io.TeeOutputStream) PKCS12ParametersGenerator(org.bouncycastle.crypto.generators.PKCS12ParametersGenerator) DataOutputStream(java.io.DataOutputStream) HMac(org.bouncycastle.crypto.macs.HMac) SHA1Digest(org.bouncycastle.crypto.digests.SHA1Digest) MacOutputStream(org.bouncycastle.crypto.io.MacOutputStream) PBEParametersGenerator(org.bouncycastle.crypto.PBEParametersGenerator)

Example 4 with PKCS12ParametersGenerator

use of org.bouncycastle.crypto.generators.PKCS12ParametersGenerator in project XobotOS by xamarin.

the class JDKKeyStore method engineStore.

public void engineStore(OutputStream stream, char[] password) throws IOException {
    DataOutputStream dOut = new DataOutputStream(stream);
    byte[] salt = new byte[STORE_SALT_SIZE];
    int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff);
    random.nextBytes(salt);
    dOut.writeInt(STORE_VERSION);
    dOut.writeInt(salt.length);
    dOut.write(salt);
    dOut.writeInt(iterationCount);
    // BEGIN android-changed
    HMac hMac = new HMac(new OpenSSLDigest.SHA1());
    MacOutputStream mOut = new MacOutputStream(dOut, hMac);
    PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1());
    // END android-changed
    byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
    pbeGen.init(passKey, salt, iterationCount);
    hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize()));
    for (int i = 0; i != passKey.length; i++) {
        passKey[i] = 0;
    }
    saveStore(mOut);
    byte[] mac = new byte[hMac.getMacSize()];
    hMac.doFinal(mac, 0);
    dOut.write(mac);
    dOut.close();
}
Also used : PKCS12ParametersGenerator(org.bouncycastle.crypto.generators.PKCS12ParametersGenerator) DataOutputStream(java.io.DataOutputStream) HMac(org.bouncycastle.crypto.macs.HMac) MacOutputStream(org.bouncycastle.crypto.io.MacOutputStream) OpenSSLDigest(org.bouncycastle.crypto.digests.OpenSSLDigest) PBEParametersGenerator(org.bouncycastle.crypto.PBEParametersGenerator)

Aggregations

PBEParametersGenerator (org.bouncycastle.crypto.PBEParametersGenerator)4 PKCS12ParametersGenerator (org.bouncycastle.crypto.generators.PKCS12ParametersGenerator)4 HMac (org.bouncycastle.crypto.macs.HMac)4 DataInputStream (java.io.DataInputStream)2 DataOutputStream (java.io.DataOutputStream)2 IOException (java.io.IOException)2 CipherParameters (org.bouncycastle.crypto.CipherParameters)2 OpenSSLDigest (org.bouncycastle.crypto.digests.OpenSSLDigest)2 SHA1Digest (org.bouncycastle.crypto.digests.SHA1Digest)2 MacInputStream (org.bouncycastle.crypto.io.MacInputStream)2 MacOutputStream (org.bouncycastle.crypto.io.MacOutputStream)2 TeeOutputStream (org.bouncycastle.util.io.TeeOutputStream)1