Search in sources :

Example 11 with KeyParameter

use of org.bouncycastle.crypto.params.KeyParameter in project XobotOS by xamarin.

the class RC2Engine method init.

/**
     * initialise a RC2 cipher.
     *
     * @param encrypting whether or not we are for encryption.
     * @param params the parameters required to set up the cipher.
     * @exception IllegalArgumentException if the params argument is
     * inappropriate.
     */
public void init(boolean encrypting, CipherParameters params) {
    this.encrypting = encrypting;
    if (params instanceof RC2Parameters) {
        RC2Parameters param = (RC2Parameters) params;
        workingKey = generateWorkingKey(param.getKey(), param.getEffectiveKeyBits());
    } else if (params instanceof KeyParameter) {
        byte[] key = ((KeyParameter) params).getKey();
        workingKey = generateWorkingKey(key, key.length * 8);
    } else {
        throw new IllegalArgumentException("invalid parameter passed to RC2 init - " + params.getClass().getName());
    }
}
Also used : RC2Parameters(org.bouncycastle.crypto.params.RC2Parameters) KeyParameter(org.bouncycastle.crypto.params.KeyParameter)

Example 12 with KeyParameter

use of org.bouncycastle.crypto.params.KeyParameter in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptEncryptionKey.

@Override
public byte[] decryptEncryptionKey(String encodedEncryptedKey) throws InvalidJweException {
    if (getKeyEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The key encryption algorithm is null");
    }
    if (encodedEncryptedKey == null) {
        throw new InvalidJweException("The encoded encryption key is null");
    }
    try {
        if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
            if (rsaPrivateKey == null && privateKey == null) {
                throw new InvalidJweException("The RSA private key is null");
            }
            //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
            Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
            if (rsaPrivateKey != null) {
                KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
                RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
                java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
                cipher.init(Cipher.DECRYPT_MODE, privKey);
            } else {
                cipher.init(Cipher.DECRYPT_MODE, privateKey);
            }
            byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));
            return decryptedKey;
        } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (sharedSymmetricKey.length != 16) {
                // 128 bit
                MessageDigest sha = MessageDigest.getInstance("SHA-1");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
            }
            byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
            SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
            AESWrapEngine aesWrapEngine = new AESWrapEngine();
            CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
            aesWrapEngine.init(false, params);
            byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);
            return decryptedKey;
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeySpecException e) {
        throw new InvalidJweException(e);
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) CipherParameters(org.bouncycastle.crypto.CipherParameters) java.security(java.security) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) AESWrapEngine(org.bouncycastle.crypto.engines.AESWrapEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(org.xdi.oxauth.model.crypto.signature.RSAPrivateKey) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)

Example 13 with KeyParameter

use of org.bouncycastle.crypto.params.KeyParameter in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptCipherText.

@Override
public String decryptCipherText(String encodedCipherText, byte[] contentMasterKey, byte[] initializationVector, byte[] authenticationTag, byte[] additionalAuthenticatedData) throws InvalidJweException {
    if (getBlockEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The block encryption algorithm is null");
    }
    if (contentMasterKey == null) {
        throw new InvalidJweException("The content master key (CMK) is null");
    }
    if (initializationVector == null) {
        throw new InvalidJweException("The initialization vector is null");
    }
    if (authenticationTag == null) {
        throw new InvalidJweException("The authentication tag is null");
    }
    if (additionalAuthenticatedData == null) {
        throw new InvalidJweException("The additional authentication data is null");
    }
    try {
        if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
            final int MAC_SIZE_BITS = 128;
            byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
            KeyParameter key = new KeyParameter(contentMasterKey);
            AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
            SecretKeySpec sks = new SecretKeySpec(contentMasterKey, "AES");
            BlockCipher blockCipher = new AESEngine();
            CipherParameters params = new KeyParameter(sks.getEncoded());
            blockCipher.init(false, params);
            GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
            aGCMBlockCipher.init(false, aeadParameters);
            byte[] input = new byte[cipherText.length + authenticationTag.length];
            System.arraycopy(cipherText, 0, input, 0, cipherText.length);
            System.arraycopy(authenticationTag, 0, input, cipherText.length, authenticationTag.length);
            int len = aGCMBlockCipher.getOutputSize(input.length);
            byte[] out = new byte[len];
            int outOff = aGCMBlockCipher.processBytes(input, 0, input.length, out, 0);
            aGCMBlockCipher.doFinal(out, outOff);
            String plaintext = new String(out, Charset.forName(Util.UTF8_STRING_ENCODING));
            return plaintext;
        } else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
            byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
            byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
            Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
            IvParameterSpec ivParameter = new IvParameterSpec(initializationVector);
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cek, "AES"), ivParameter);
            byte[] decodedPlainTextBytes = cipher.doFinal(cipherText);
            String decodedPlainText = new String(decodedPlainTextBytes, Charset.forName(Util.UTF8_STRING_ENCODING));
            // Integrity check
            String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText;
            byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
            SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            mac.init(secretKey);
            byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
            if (!Arrays.equals(integrityValue, authenticationTag)) {
                throw new InvalidJweException("The authentication tag is not valid");
            }
            return decodedPlainText;
        } else {
            throw new InvalidJweException("The block encryption algorithm is not supported");
        }
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (UnsupportedEncodingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidParameterException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) InvalidParameterException(org.xdi.oxauth.model.exception.InvalidParameterException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException) AESEngine(org.bouncycastle.crypto.engines.AESEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) UnsupportedEncodingException(java.io.UnsupportedEncodingException) CipherParameters(org.bouncycastle.crypto.CipherParameters) AEADParameters(org.bouncycastle.crypto.params.AEADParameters) IvParameterSpec(javax.crypto.spec.IvParameterSpec) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)

Example 14 with KeyParameter

use of org.bouncycastle.crypto.params.KeyParameter in project oxAuth by GluuFederation.

the class JweEncrypterImpl method generateEncryptedKey.

@Override
public String generateEncryptedKey(byte[] contentMasterKey) throws InvalidJweException {
    if (getKeyEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The key encryption algorithm is null");
    }
    if (contentMasterKey == null) {
        throw new InvalidJweException("The content master key (CMK) is null");
    }
    try {
        if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
            if (publicKey != null) {
                Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
                //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
                cipher.init(Cipher.ENCRYPT_MODE, publicKey);
                byte[] encryptedKey = cipher.doFinal(contentMasterKey);
                String encodedEncryptedKey = Base64Util.base64urlencode(encryptedKey);
                return encodedEncryptedKey;
            } else {
                throw new InvalidJweException("The RSA public key is null");
            }
        } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (sharedSymmetricKey.length != 16) {
                // 128 bit
                MessageDigest sha = MessageDigest.getInstance("SHA-1");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
            }
            SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
            AESWrapEngine aesWrapEngine = new AESWrapEngine();
            CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
            aesWrapEngine.init(true, params);
            byte[] wrappedKey = aesWrapEngine.wrap(contentMasterKey, 0, contentMasterKey.length);
            String encodedEncryptedKey = Base64Util.base64urlencode(wrappedKey);
            return encodedEncryptedKey;
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    }
}
Also used : KeyParameter(org.bouncycastle.crypto.params.KeyParameter) CipherParameters(org.bouncycastle.crypto.CipherParameters) SecretKeySpec(javax.crypto.spec.SecretKeySpec) AESWrapEngine(org.bouncycastle.crypto.engines.AESWrapEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)

Example 15 with KeyParameter

use of org.bouncycastle.crypto.params.KeyParameter in project Conversations by siacs.

the class AbstractConnectionManager method createOutputStream.

private static OutputStream createOutputStream(DownloadableFile file, boolean gcm, boolean append) {
    FileOutputStream os;
    try {
        os = new FileOutputStream(file, append);
        if (file.getKey() == null) {
            return os;
        }
    } catch (FileNotFoundException e) {
        return null;
    }
    try {
        if (gcm) {
            AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
            cipher.init(false, new AEADParameters(new KeyParameter(file.getKey()), 128, file.getIv()));
            return new org.bouncycastle.crypto.io.CipherOutputStream(os, cipher);
        } else {
            IvParameterSpec ips = new IvParameterSpec(file.getIv());
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(file.getKey(), "AES"), ips);
            Log.d(Config.LOGTAG, "opening encrypted output stream");
            return new CipherOutputStream(os, cipher);
        }
    } catch (InvalidKeyException e) {
        return null;
    } catch (NoSuchAlgorithmException e) {
        return null;
    } catch (NoSuchPaddingException e) {
        return null;
    } catch (InvalidAlgorithmParameterException e) {
        return null;
    }
}
Also used : AESEngine(org.bouncycastle.crypto.engines.AESEngine) CipherOutputStream(javax.crypto.CipherOutputStream) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) FileNotFoundException(java.io.FileNotFoundException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) AEADParameters(org.bouncycastle.crypto.params.AEADParameters) SecretKeySpec(javax.crypto.spec.SecretKeySpec) FileOutputStream(java.io.FileOutputStream) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher)

Aggregations

KeyParameter (org.bouncycastle.crypto.params.KeyParameter)58 ParametersWithIV (org.bouncycastle.crypto.params.ParametersWithIV)28 CipherParameters (org.bouncycastle.crypto.CipherParameters)21 AESEngine (org.bouncycastle.crypto.engines.AESEngine)17 GCMBlockCipher (org.bouncycastle.crypto.modes.GCMBlockCipher)16 AEADParameters (org.bouncycastle.crypto.params.AEADParameters)14 IvParameterSpec (javax.crypto.spec.IvParameterSpec)13 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)11 InvalidCipherTextException (org.bouncycastle.crypto.InvalidCipherTextException)11 AEADBlockCipher (org.bouncycastle.crypto.modes.AEADBlockCipher)10 InvalidKeyException (java.security.InvalidKeyException)9 PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)9 CBCBlockCipher (org.bouncycastle.crypto.modes.CBCBlockCipher)9 SecureRandom (java.security.SecureRandom)7 SecretKeySpec (javax.crypto.spec.SecretKeySpec)7 PaddedBufferedBlockCipher (org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher)7 SecretKey (javax.crypto.SecretKey)5 ByteArrayInputStream (java.io.ByteArrayInputStream)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)4