Examples with IllegalBlockSizeException org.mozilla.jss.crypto.IllegalBlockSizeException used on opensource projects

Example 1 with IllegalBlockSizeException

use of org.mozilla.jss.crypto.IllegalBlockSizeException in project jss by dogtagpki.

the class EncryptedContentInfo method createPBE.

// /////////////////////////////////////////////////////////////////////
// Crypto shortcuts
// /////////////////////////////////////////////////////////////////////
/**
 * Creates a new EncryptedContentInfo, where the data is encrypted
 * with a password-based key.
 *
 * @param pbeAlg The algorithm for generating a symmetric key from
 *      a password, salt, and iteration count.
 * @param password The password to use in generating the key.
 * @param salt The salt to use in generating the key.
 * @param iterationCount The number of hashing iterations to perform
 *      while generating the key.
 * @param charToByteConverter The mechanism for converting the characters
 *      in the password into bytes.  If null, the default mechanism
 *      will be used, which is UTF8.
 * @param toBeEncrypted The bytes to be encrypted and stored in the
 *      EncryptedContentInfo. Before they are encrypted, they will be
 *      padded using PKCS padding.
 */
public static EncryptedContentInfo createPBE(PBEAlgorithm pbeAlg, Password password, byte[] salt, int iterationCount, KeyGenerator.CharToByteConverter charToByteConverter, byte[] toBeEncrypted) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
    try {
        CryptoManager cman = CryptoManager.getInstance();
        // generate key
        CryptoToken token = cman.getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(pbeAlg);
        PBEKeyGenParams pbekgParams = new PBEKeyGenParams(password, salt, iterationCount);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(pbekgParams);
        SymmetricKey key = kg.generate();
        // generate IV
        EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
        AlgorithmParameterSpec params = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
                params = new IVParameterSpec(kg.generatePBE_IV());
                break;
            } else if (paramClasses[i].equals(RC2ParameterSpec.class)) {
                params = new RC2ParameterSpec(key.getStrength(), kg.generatePBE_IV());
                break;
            }
        }
        // perform encryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initEncrypt(key, params);
        byte[] encrypted = cipher.doFinal(Cipher.pad(toBeEncrypted, encAlg.getBlockSize()));
        // make encryption algorithm identifier
        PBEParameter pbeParam = new PBEParameter(salt, iterationCount);
        AlgorithmIdentifier encAlgID = new AlgorithmIdentifier(pbeAlg.toOID(), pbeParam);
        // create EncryptedContentInfo
        EncryptedContentInfo encCI = new EncryptedContentInfo(ContentInfo.DATA, encAlgID, new OCTET_STRING(encrypted));
        return encCI;
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new RuntimeException("BadPaddingException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    }
}

Example 2 with IllegalBlockSizeException

use of org.mozilla.jss.crypto.IllegalBlockSizeException in project jss by dogtagpki.

the class EncryptedContentInfo method createPBE.

// /////////////////////////////////////////////////////////////////////
// Crypto shortcuts
// /////////////////////////////////////////////////////////////////////
/**
 * Creates a new EncryptedContentInfo, where the data is encrypted
 * with a password-based key.
 *
 * @param pbeAlg The algorithm for generating a symmetric key from
 *      a password, salt, and iteration count.
 * @param password The password to use in generating the key.
 * @param salt The salt to use in generating the key.
 * @param iterationCount The number of hashing iterations to perform
 *      while generating the key.
 * @param charToByteConverter The mechanism for converting the characters
 *      in the password into bytes.  If null, the default mechanism
 *      will be used, which is UTF8.
 * @param toBeEncrypted The bytes to be encrypted and stored in the
 *      EncryptedContentInfo. Before they are encrypted, they will be
 *      padded using PKCS padding.
 */
public static EncryptedContentInfo createPBE(PBEAlgorithm pbeAlg, Password password, byte[] salt, int iterationCount, KeyGenerator.CharToByteConverter charToByteConverter, byte[] toBeEncrypted) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
    try {
        CryptoManager cman = CryptoManager.getInstance();
        // generate key
        CryptoToken token = cman.getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(pbeAlg);
        PBEKeyGenParams pbekgParams = new PBEKeyGenParams(password, salt, iterationCount);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(pbekgParams);
        SymmetricKey key = kg.generate();
        // generate IV
        EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
        AlgorithmParameterSpec params = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(IVParameterSpec.class)) {
                params = new IVParameterSpec(kg.generatePBE_IV());
                break;
            }
        }
        // perform encryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initEncrypt(key, params);
        byte[] encrypted = cipher.doFinal(Cipher.pad(toBeEncrypted, encAlg.getBlockSize()));
        // make encryption algorithm identifier
        PBEParameter pbeParam = new PBEParameter(salt, iterationCount);
        AlgorithmIdentifier encAlgID = new AlgorithmIdentifier(pbeAlg.toOID(), pbeParam);
        // create EncryptedContentInfo
        EncryptedContentInfo encCI = new EncryptedContentInfo(ContentInfo.DATA, encAlgID, new OCTET_STRING(encrypted));
        return encCI;
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new RuntimeException("BadPaddingException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    }
}

Example 3 with IllegalBlockSizeException

use of org.mozilla.jss.crypto.IllegalBlockSizeException in project jss by dogtagpki.

the class EncryptedPrivateKeyInfo method createPBES2.

/**
 * Export a private key in PBES2 format, using a random PBKDF2 salt.
 *
 * Token must support the CKM_PKCS5_PBKD2 mechanism.
 *
 * @param saltLen Length of salt in bytes (default: 16)
 * @param kdfIterations PBKDF2 iterations (default: 2000)
 * @param encAlg The symmetric encryption algorithm for enciphering the
 *               private key.  Determines the size of derived key.
 * @param pwd Password
 * @param charToByteConverter The mechanism for converting the characters
 *      in the password into bytes.  If null, the default mechanism
 *      will be used, which is UTF8.
 * @param privateKeyInfo The encoded PrivateKeyInfo to be encrypted and
 *                       stored in the EncryptedContentInfo.
 */
public static EncryptedPrivateKeyInfo createPBES2(int saltLen, int kdfIterations, EncryptionAlgorithm encAlg, Password pwd, KeyGenerator.CharToByteConverter charToByteConverter, PrivateKeyInfo privateKeyInfo) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
    if (encAlg == null)
        throw new IllegalArgumentException("encAlg cannot be null");
    if (pwd == null)
        throw new IllegalArgumentException("pwd cannot be null");
    if (privateKeyInfo == null)
        throw new IllegalArgumentException("privateKeyInfo cannot be null");
    if (kdfIterations < 1)
        kdfIterations = 2000;
    if (saltLen < 1)
        saltLen = 16;
    try {
        // generate random PBKDF2 salt
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[saltLen];
        random.nextBytes(salt);
        // derive symmetric key from passphrase using PBKDF2
        CryptoManager cm = CryptoManager.getInstance();
        CryptoToken token = cm.getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(PBEAlgorithm.PBE_PKCS5_PBKDF2);
        PBEKeyGenParams pbekgParams = new PBEKeyGenParams(pwd.getChars(), salt, kdfIterations, encAlg);
        if (charToByteConverter != null)
            kg.setCharToByteConverter(charToByteConverter);
        kg.initialize(pbekgParams);
        SymmetricKey sk = kg.generate();
        // encrypt PrivateKeyInfo
        byte[] iv = new byte[encAlg.getBlockSize()];
        random.nextBytes(iv);
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initEncrypt(sk, new IVParameterSpec(iv));
        byte[] encData = cipher.doFinal(ASN1Util.encode(privateKeyInfo));
        // construct KDF AlgorithmIdentifier
        SEQUENCE paramsKdf = new SEQUENCE();
        paramsKdf.addElement(new OCTET_STRING(salt));
        paramsKdf.addElement(new INTEGER(kdfIterations));
        paramsKdf.addElement(new INTEGER(sk.getLength()));
        AlgorithmIdentifier algIdKdf = new AlgorithmIdentifier(PBEAlgorithm.PBE_PKCS5_PBKDF2.toOID(), paramsKdf);
        // construct encryption AlgorithmIdentifier
        AlgorithmIdentifier algIdEnc = new AlgorithmIdentifier(encAlg.toOID(), new OCTET_STRING(iv));
        // construct "composite" PBES2 AlgorithmIdentifier
        SEQUENCE paramsPBES2 = new SEQUENCE();
        paramsPBES2.addElement(algIdKdf);
        paramsPBES2.addElement(algIdEnc);
        AlgorithmIdentifier algIdPBES2 = new AlgorithmIdentifier(PBEAlgorithm.PBE_PKCS5_PBES2.toOID(), paramsPBES2);
        // construct EncryptedPrivateKeyInfo
        return new EncryptedPrivateKeyInfo(algIdPBES2, new OCTET_STRING(encData));
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo.createPBES2: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new RuntimeException("BadPaddingException in EncryptedContentInfo.createPBES2: " + e.getMessage(), e);
    }
}

Example 4 with IllegalBlockSizeException

use of org.mozilla.jss.crypto.IllegalBlockSizeException in project jss by dogtagpki.

the class EncryptedPrivateKeyInfo method createPBE.

// /////////////////////////////////////////////////////////////////////
// crypto shortcuts
// /////////////////////////////////////////////////////////////////////
/**
 * Creates a new EncryptedPrivateKeyInfo, where the data is encrypted
 * with a password-based key.
 *
 * @param pbeAlg The algorithm for generating a symmetric key from
 *      a password, salt, and iteration count.
 * @param password The password to use in generating the key.
 * @param salt The salt to use in generating the key.
 * @param iterationCount The number of hashing iterations to perform
 *      while generating the key.
 * @param charToByteConverter The mechanism for converting the characters
 *      in the password into bytes.  If null, the default mechanism
 *      will be used, which is UTF8.
 * @param pki The PrivateKeyInfo to be encrypted and stored in the
 *      EncryptedContentInfo. Before they are encrypted, they will be
 *      padded using PKCS padding.
 */
public static EncryptedPrivateKeyInfo createPBE(PBEAlgorithm pbeAlg, Password password, byte[] salt, int iterationCount, KeyGenerator.CharToByteConverter charToByteConverter, PrivateKeyInfo pki) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
    try {
        CryptoManager cman = CryptoManager.getInstance();
        // generate key
        CryptoToken token = cman.getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(pbeAlg);
        PBEKeyGenParams pbekgParams = new PBEKeyGenParams(password, salt, iterationCount);
        if (charToByteConverter != null) {
            kg.setCharToByteConverter(charToByteConverter);
        }
        kg.initialize(pbekgParams);
        SymmetricKey key = kg.generate();
        // generate IV
        EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
        AlgorithmParameterSpec params = null;
        Class<?>[] paramClasses = encAlg.getParameterClasses();
        for (int i = 0; i < paramClasses.length; i++) {
            if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
                params = new IVParameterSpec(kg.generatePBE_IV());
                break;
            }
        }
        // perform encryption
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initEncrypt(key, params);
        byte[] encrypted = cipher.doFinal(Cipher.pad(ASN1Util.encode(pki), encAlg.getBlockSize()));
        // make encryption algorithm identifier
        PBEParameter pbeParam = new PBEParameter(salt, iterationCount);
        AlgorithmIdentifier encAlgID = new AlgorithmIdentifier(pbeAlg.toOID(), pbeParam);
        // create EncryptedPrivateKeyInfo
        EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(encAlgID, new OCTET_STRING(encrypted));
        return epki;
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new RuntimeException("BadPaddingException in EncryptedContentInfo" + ".createPBE: " + e.getMessage(), e);
    }
}