Search in sources :

Example 1 with BCPBEKey

use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.

the class PKCS12KeyStoreSpi method unwrapKey.

protected PrivateKey unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException {
    ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
    try {
        if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
            PBEKeySpec pbeSpec = new PBEKeySpec(password);
            PrivateKey out;
            SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm.getId(), bcProvider);
            PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
            SecretKey k = keyFact.generateSecret(pbeSpec);
            ((BCPBEKey) k).setTryWrongPKCS12Zero(wrongPKCS12Zero);
            Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider);
            cipher.init(Cipher.UNWRAP_MODE, k, defParams);
            // we pass "" as the key algorithm type as it is unknown at this point
            return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
        } else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
            PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters());
            PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
            SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider);
            SecretKey k = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), SecretKeyUtil.getKeySize(alg.getEncryptionScheme().getAlgorithm())));
            Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId(), bcProvider);
            cipher.init(Cipher.UNWRAP_MODE, k, new IvParameterSpec(ASN1OctetString.getInstance(alg.getEncryptionScheme().getParameters()).getOctets()));
            // we pass "" as the key algorithm type as it is unknown at this point
            return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
        }
    } catch (Exception e) {
        throw new IOException("exception unwrapping private key - " + e.toString());
    }
    throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm);
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters) PrivateKey(java.security.PrivateKey) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SecretKey(javax.crypto.SecretKey) PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams) BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey) PBKDF2Params(org.bouncycastle.asn1.pkcs.PBKDF2Params) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) SecretKeyFactory(javax.crypto.SecretKeyFactory) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 2 with BCPBEKey

use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.

the class PKCS12KeyStoreSpi method calculatePbeMac.

private static byte[] calculatePbeMac(ASN1ObjectIdentifier oid, byte[] salt, int itCount, char[] password, boolean wrongPkcs12Zero, byte[] data) throws Exception {
    SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider);
    PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
    PBEKeySpec pbeSpec = new PBEKeySpec(password);
    BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
    key.setTryWrongPKCS12Zero(wrongPkcs12Zero);
    Mac mac = Mac.getInstance(oid.getId(), bcProvider);
    mac.init(key, defParams);
    mac.update(data);
    return mac.doFinal();
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) Mac(javax.crypto.Mac)

Example 3 with BCPBEKey

use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.

the class PKCS12KeyStoreSpi method cryptData.

protected byte[] cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException {
    String algorithm = algId.getAlgorithm().getId();
    PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
    PBEKeySpec pbeSpec = new PBEKeySpec(password);
    try {
        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider);
        PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
        BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
        key.setTryWrongPKCS12Zero(wrongPKCS12Zero);
        Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
        int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
        cipher.init(mode, key, defParams);
        return cipher.doFinal(data);
    } catch (Exception e) {
        throw new IOException("exception decrypting data - " + e.toString());
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams) BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DEROctetString(org.bouncycastle.asn1.DEROctetString) BEROctetString(org.bouncycastle.asn1.BEROctetString) Cipher(javax.crypto.Cipher) IOException(java.io.IOException) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException)

Example 4 with BCPBEKey

use of org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey in project robovm by robovm.

the class JCEStreamCipher method engineInit.

protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
    CipherParameters param;
    this.pbeSpec = null;
    this.pbeAlgorithm = null;
    this.engineParams = null;
    //
    if (!(key instanceof SecretKey)) {
        throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
    }
    if (key instanceof BCPBEKey) {
        BCPBEKey k = (BCPBEKey) key;
        if (k.getOID() != null) {
            pbeAlgorithm = k.getOID().getId();
        } else {
            pbeAlgorithm = k.getAlgorithm();
        }
        if (k.getParam() != null) {
            param = k.getParam();
            pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount());
        } else if (params instanceof PBEParameterSpec) {
            param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName());
            pbeSpec = (PBEParameterSpec) params;
        } else {
            throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set.");
        }
        if (k.getIvSize() != 0) {
            ivParam = (ParametersWithIV) param;
        }
    } else if (params == null) {
        param = new KeyParameter(key.getEncoded());
    } else if (params instanceof IvParameterSpec) {
        param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec) params).getIV());
        ivParam = (ParametersWithIV) param;
    } else {
        throw new IllegalArgumentException("unknown parameter type.");
    }
    if ((ivLength != 0) && !(param instanceof ParametersWithIV)) {
        SecureRandom ivRandom = random;
        if (ivRandom == null) {
            ivRandom = new SecureRandom();
        }
        if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) {
            byte[] iv = new byte[ivLength];
            ivRandom.nextBytes(iv);
            param = new ParametersWithIV(param, iv);
            ivParam = (ParametersWithIV) param;
        } else {
            throw new InvalidAlgorithmParameterException("no IV set when one expected");
        }
    }
    switch(opmode) {
        case Cipher.ENCRYPT_MODE:
        case Cipher.WRAP_MODE:
            cipher.init(true, param);
            break;
        case Cipher.DECRYPT_MODE:
        case Cipher.UNWRAP_MODE:
            cipher.init(false, param);
            break;
        default:
            System.out.println("eeek!");
    }
}
Also used : CipherParameters(org.bouncycastle.crypto.CipherParameters) ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV) SecretKey(javax.crypto.SecretKey) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey) SecureRandom(java.security.SecureRandom) IvParameterSpec(javax.crypto.spec.IvParameterSpec) InvalidKeyException(java.security.InvalidKeyException) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Aggregations

PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)4 BCPBEKey (org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)4 SecretKeyFactory (javax.crypto.SecretKeyFactory)3 PBEKeySpec (javax.crypto.spec.PBEKeySpec)3 IOException (java.io.IOException)2 KeyStoreException (java.security.KeyStoreException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 UnrecoverableKeyException (java.security.UnrecoverableKeyException)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 CertificateException (java.security.cert.CertificateException)2 Cipher (javax.crypto.Cipher)2 SecretKey (javax.crypto.SecretKey)2 IvParameterSpec (javax.crypto.spec.IvParameterSpec)2 PKCS12PBEParams (org.bouncycastle.asn1.pkcs.PKCS12PBEParams)2 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 InvalidKeyException (java.security.InvalidKeyException)1 PrivateKey (java.security.PrivateKey)1 SecureRandom (java.security.SecureRandom)1 Mac (javax.crypto.Mac)1 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1