Example 1 with BCPBEKey
use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.
the class PKCS12KeyStoreSpi method unwrapKey.
protected PrivateKey unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException {
ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
try {
if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
PBEKeySpec pbeSpec = new PBEKeySpec(password);
PrivateKey out;
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm.getId(), bcProvider);
PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
SecretKey k = keyFact.generateSecret(pbeSpec);
((BCPBEKey) k).setTryWrongPKCS12Zero(wrongPKCS12Zero);
Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider);
cipher.init(Cipher.UNWRAP_MODE, k, defParams);
// we pass "" as the key algorithm type as it is unknown at this point
return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters());
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider);
SecretKey k = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), SecretKeyUtil.getKeySize(alg.getEncryptionScheme().getAlgorithm())));
Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId(), bcProvider);
cipher.init(Cipher.UNWRAP_MODE, k, new IvParameterSpec(ASN1OctetString.getInstance(alg.getEncryptionScheme().getParameters()).getOctets()));
// we pass "" as the key algorithm type as it is unknown at this point
return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
}
} catch (Exception e) {
throw new IOException("exception unwrapping private key - " + e.toString());
}
throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm);
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters)
PrivateKey(java.security.PrivateKey)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SecretKey(javax.crypto.SecretKey)
PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
PBKDF2Params(org.bouncycastle.asn1.pkcs.PBKDF2Params)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 2 with BCPBEKey
use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.
the class PKCS12KeyStoreSpi method calculatePbeMac.
private static byte[] calculatePbeMac(ASN1ObjectIdentifier oid, byte[] salt, int itCount, char[] password, boolean wrongPkcs12Zero, byte[] data) throws Exception {
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider);
PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
PBEKeySpec pbeSpec = new PBEKeySpec(password);
BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
key.setTryWrongPKCS12Zero(wrongPkcs12Zero);
Mac mac = Mac.getInstance(oid.getId(), bcProvider);
mac.init(key, defParams);
mac.update(data);
return mac.doFinal();
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Mac(javax.crypto.Mac)
Example 3 with BCPBEKey
use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.
the class PKCS12KeyStoreSpi method cryptData.
protected byte[] cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException {
String algorithm = algId.getAlgorithm().getId();
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
PBEKeySpec pbeSpec = new PBEKeySpec(password);
try {
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider);
PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
key.setTryWrongPKCS12Zero(wrongPKCS12Zero);
Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
cipher.init(mode, key, defParams);
return cipher.doFinal(data);
} catch (Exception e) {
throw new IOException("exception decrypting data - " + e.toString());
}
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
BEROctetString(org.bouncycastle.asn1.BEROctetString)
Cipher(javax.crypto.Cipher)
IOException(java.io.IOException)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
Example 4 with BCPBEKey
use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.
the class JCEStreamCipher method engineInit.
protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
CipherParameters param;
this.pbeSpec = null;
this.pbeAlgorithm = null;
this.engineParams = null;
//
if (!(key instanceof SecretKey)) {
throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
}
if (key instanceof BCPBEKey) {
BCPBEKey k = (BCPBEKey) key;
if (k.getOID() != null) {
pbeAlgorithm = k.getOID().getId();
} else {
pbeAlgorithm = k.getAlgorithm();
}
if (k.getParam() != null) {
param = k.getParam();
pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount());
} else if (params instanceof PBEParameterSpec) {
param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName());
pbeSpec = (PBEParameterSpec) params;
} else {
throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
}
if (k.getIvSize() != 0) {
ivParam = (ParametersWithIV) param;
}
} else if (params == null) {
param = new KeyParameter(key.getEncoded());
} else if (params instanceof IvParameterSpec) {
param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec) params).getIV());
ivParam = (ParametersWithIV) param;
} else {
throw new IllegalArgumentException("unknown parameter type.");
}
if ((ivLength != 0) && !(param instanceof ParametersWithIV)) {
SecureRandom ivRandom = random;
if (ivRandom == null) {
ivRandom = new SecureRandom();
}
if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) {
byte[] iv = new byte[ivLength];
ivRandom.nextBytes(iv);
param = new ParametersWithIV(param, iv);
ivParam = (ParametersWithIV) param;
} else {
throw new InvalidAlgorithmParameterException("no IV set when one expected");
}
}
switch(opmode) {
case Cipher.ENCRYPT_MODE:
case Cipher.WRAP_MODE:
cipher.init(true, param);
break;
case Cipher.DECRYPT_MODE:
case Cipher.UNWRAP_MODE:
cipher.init(false, param);
break;
default:
System.out.println("eeek!");
}
}
Also used :
CipherParameters(org.bouncycastle.crypto.CipherParameters)
ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV)
SecretKey(javax.crypto.SecretKey)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
SecureRandom(java.security.SecureRandom)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
InvalidKeyException(java.security.InvalidKeyException)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Aggregations
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)4
BCPBEKey (org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)4
SecretKeyFactory (javax.crypto.SecretKeyFactory)3
PBEKeySpec (javax.crypto.spec.PBEKeySpec)3
IOException (java.io.IOException)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
CertificateEncodingException (java.security.cert.CertificateEncodingException)2
CertificateException (java.security.cert.CertificateException)2
Cipher (javax.crypto.Cipher)2
SecretKey (javax.crypto.SecretKey)2
IvParameterSpec (javax.crypto.spec.IvParameterSpec)2
PKCS12PBEParams (org.bouncycastle.asn1.pkcs.PKCS12PBEParams)2
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1
InvalidKeyException (java.security.InvalidKeyException)1
PrivateKey (java.security.PrivateKey)1
SecureRandom (java.security.SecureRandom)1
Mac (javax.crypto.Mac)1
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1
