Search in sources :

Example 1 with MacInputStream

use of org.bouncycastle.crypto.io.MacInputStream in project XobotOS by xamarin.

the class JDKKeyStore method engineLoad.

public void engineLoad(InputStream stream, char[] password) throws IOException {
    table.clear();
    if (// just initialising
    stream == null) {
        return;
    }
    DataInputStream dIn = new DataInputStream(stream);
    int version = dIn.readInt();
    if (version != STORE_VERSION) {
        if (version != 0) {
            throw new IOException("Wrong version of key store.");
        }
    }
    byte[] salt = new byte[dIn.readInt()];
    dIn.readFully(salt);
    int iterationCount = dIn.readInt();
    //
    // we only do an integrity check if the password is provided.
    //
    // BEGIN android-changed
    HMac hMac = new HMac(new OpenSSLDigest.SHA1());
    // END android-changed
    if (password != null && password.length != 0) {
        byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
        // BEGIN android-changed
        PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new OpenSSLDigest.SHA1());
        // END android-changed
        pbeGen.init(passKey, salt, iterationCount);
        CipherParameters macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
        Arrays.fill(passKey, (byte) 0);
        hMac.init(macParams);
        MacInputStream mIn = new MacInputStream(dIn, hMac);
        loadStore(mIn);
        // Finalise our mac calculation
        byte[] mac = new byte[hMac.getMacSize()];
        hMac.doFinal(mac, 0);
        // TODO Should this actually be reading the remainder of the stream?
        // Read the original mac from the stream
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
        if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
            table.clear();
            throw new IOException("KeyStore integrity check failed.");
        }
    } else {
        loadStore(dIn);
        // TODO Should this actually be reading the remainder of the stream?
        // Parse the original mac from the stream too
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
    }
}
Also used : CipherParameters(org.bouncycastle.crypto.CipherParameters) MacInputStream(org.bouncycastle.crypto.io.MacInputStream) PKCS12ParametersGenerator(org.bouncycastle.crypto.generators.PKCS12ParametersGenerator) HMac(org.bouncycastle.crypto.macs.HMac) IOException(java.io.IOException) OpenSSLDigest(org.bouncycastle.crypto.digests.OpenSSLDigest) DataInputStream(java.io.DataInputStream) PBEParametersGenerator(org.bouncycastle.crypto.PBEParametersGenerator)

Example 2 with MacInputStream

use of org.bouncycastle.crypto.io.MacInputStream in project robovm by robovm.

the class BcKeyStoreSpi method engineLoad.

public void engineLoad(InputStream stream, char[] password) throws IOException {
    table.clear();
    if (// just initialising
    stream == null) {
        return;
    }
    DataInputStream dIn = new DataInputStream(stream);
    int version = dIn.readInt();
    if (version != STORE_VERSION) {
        if (version != 0 && version != 1) {
            throw new IOException("Wrong version of key store.");
        }
    }
    int saltLength = dIn.readInt();
    if (saltLength <= 0) {
        throw new IOException("Invalid salt detected");
    }
    byte[] salt = new byte[saltLength];
    dIn.readFully(salt);
    int iterationCount = dIn.readInt();
    //
    // we only do an integrity check if the password is provided.
    //
    HMac hMac = new HMac(new SHA1Digest());
    if (password != null && password.length != 0) {
        byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
        PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
        pbeGen.init(passKey, salt, iterationCount);
        CipherParameters macParams;
        if (version != 2) {
            macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize());
        } else {
            macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8);
        }
        Arrays.fill(passKey, (byte) 0);
        hMac.init(macParams);
        MacInputStream mIn = new MacInputStream(dIn, hMac);
        loadStore(mIn);
        // Finalise our mac calculation
        byte[] mac = new byte[hMac.getMacSize()];
        hMac.doFinal(mac, 0);
        // TODO Should this actually be reading the remainder of the stream?
        // Read the original mac from the stream
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
        if (!Arrays.constantTimeAreEqual(mac, oldMac)) {
            table.clear();
            throw new IOException("KeyStore integrity check failed.");
        }
    } else {
        loadStore(dIn);
        // TODO Should this actually be reading the remainder of the stream?
        // Parse the original mac from the stream too
        byte[] oldMac = new byte[hMac.getMacSize()];
        dIn.readFully(oldMac);
    }
}
Also used : CipherParameters(org.bouncycastle.crypto.CipherParameters) MacInputStream(org.bouncycastle.crypto.io.MacInputStream) PKCS12ParametersGenerator(org.bouncycastle.crypto.generators.PKCS12ParametersGenerator) HMac(org.bouncycastle.crypto.macs.HMac) SHA1Digest(org.bouncycastle.crypto.digests.SHA1Digest) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) PBEParametersGenerator(org.bouncycastle.crypto.PBEParametersGenerator)

Aggregations

DataInputStream (java.io.DataInputStream)2 IOException (java.io.IOException)2 CipherParameters (org.bouncycastle.crypto.CipherParameters)2 PBEParametersGenerator (org.bouncycastle.crypto.PBEParametersGenerator)2 PKCS12ParametersGenerator (org.bouncycastle.crypto.generators.PKCS12ParametersGenerator)2 MacInputStream (org.bouncycastle.crypto.io.MacInputStream)2 HMac (org.bouncycastle.crypto.macs.HMac)2 OpenSSLDigest (org.bouncycastle.crypto.digests.OpenSSLDigest)1 SHA1Digest (org.bouncycastle.crypto.digests.SHA1Digest)1