Java 类org.bouncycastle.crypto.modes.CBCBlockCipher 实例源码

@Override
    public String decrypt(byte[] encrypted) {
//        Cipher cipher = null;
        String plain;
        try {
//            Security.addProvider(new BouncyCastlePQCProvider());
//            cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", new BouncyCastlePQCProvider());
//            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(encryptionKey, "AES"), new IvParameterSpec(iv));
//            plain = new String(cipher.doFinal(encrypted), "UTF-8");
            KeyParameter keyParam = new KeyParameter(encryptionKey);
            CipherParameters params = new ParametersWithIV(keyParam, iv);
            BlockCipherPadding padding = new PKCS7Padding();
            BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(
                    new CBCBlockCipher(new AESEngine()), padding);
            cipher.reset();
            cipher.init(false, params);
            byte[] buffer = new byte[cipher.getOutputSize(encrypted.length)];
            int len = cipher.processBytes(encrypted, 0, encrypted.length, buffer, 0);
            len += cipher.doFinal(buffer, len);
            byte[] out = Arrays.copyOfRange(buffer, 0, len);
            plain = new String(out, "UTF-8");
        } catch (Exception e) {
            throw new RuntimeException("decrypt error in SimpleAesManaged", e);
        }
        return plain;
    }

private byte[] encryptDESFile(String keys, byte[] plainText) {
BlockCipher engine = new DESEngine();

      byte[] key = keys.getBytes();
      byte[] ptBytes = plainText;
      BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(engine));
      cipher.init(true, new KeyParameter(key));
      byte[] rv = new byte[cipher.getOutputSize(ptBytes.length)];
      int tam = cipher.processBytes(ptBytes, 0, ptBytes.length, rv, 0);
      try {
          cipher.doFinal(rv, tam);
      } catch (Exception ce) {
          ce.printStackTrace();
      }
      return rv;
  }

public String testEncryptRijndael(String value,String key) throws DataLengthException, IllegalStateException, InvalidCipherTextException {
    BlockCipher engine = new RijndaelEngine(256);
    BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(engine), new ZeroBytePadding());

    byte[] keyBytes = key.getBytes();
    cipher.init(true, new KeyParameter(keyBytes));

    byte[] input = value.getBytes();
    byte[] cipherText = new byte[cipher.getOutputSize(input.length)];

    int cipherLength = cipher.processBytes(input, 0, input.length, cipherText, 0);
    cipher.doFinal(cipherText, cipherLength);

    String result = new String(Base64.encode(cipherText));
    //Log.e("testEncryptRijndael : " , result);
    return  result;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits.
 * <p>
 * Note: the size of the MAC must be at least 16 bits (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @deprecated use CBCBlockCipherMac
 */
public BlockCipherMac(
    BlockCipher     cipher,
    int             macSizeInBits)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses CBC mode as the basis for the
 * MAC generation.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public CBCBlockCipherMac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses single DES CBC mode as the basis for the
 * MAC generation. The final block is decrypted and then encrypted using the
 * middle and right part of the key.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public ISO9797Alg3Mac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    if (!(cipher instanceof DESEngine))
    {
        throw new IllegalArgumentException("cipher must be instance of DESEngine");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey, byte[] nonce) {
    try {
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        for (int i = 0; i < 32; i++) {
            dhSharedSecret[i] ^= nonce[i];
        }
        byte[] key = sha256().digest(dhSharedSecret);
        byte[] iv = new byte[16];
        secureRandom.get().nextBytes(iv);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(true, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(plaintext.length)];
        int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
        ciphertextLength += aes.doFinal(output, ciphertextLength);
        byte[] result = new byte[iv.length + ciphertextLength];
        System.arraycopy(iv, 0, result, 0, iv.length);
        System.arraycopy(output, 0, result, iv.length, ciphertextLength);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

/**
 * Encrypt.
 *
 * @param instr the instr
 * @return the string
 * @throws java.security.GeneralSecurityException the general security exception
 */
@Override
public String encrypt(String instr) throws GeneralSecurityException {
    long t1 = System.currentTimeMillis();
    byte[] in = instr.getBytes();
    PaddedBufferedBlockCipher encryptor = new PaddedBufferedBlockCipher(
            new CBCBlockCipher(new DESedeEngine()));
    encryptor.init(true, keyParameter);
    byte[] cipherText = new byte[encryptor.getOutputSize(in.length)];
    int outputLen = encryptor.processBytes(in, 0, in.length, cipherText, 0);
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    try {
        encryptor.doFinal(cipherText, outputLen);
        Hex.encode(cipherText, os);
    } catch (Exception e) {
        e.printStackTrace();
        throw new GeneralSecurityException(e);
    }
    long t2 = System.currentTimeMillis();
    logger.debug("Time taken to encrypt(millis) :" + (t2 - t1));
    return ENC_PREFIX + os.toString();
}

private String decryptStr(String instr) throws GeneralSecurityException {
    if(StringUtils.isEmpty(instr)){
        return instr;
    }
    long t1 = System.currentTimeMillis();
    PaddedBufferedBlockCipher decryptor = new PaddedBufferedBlockCipher(
            new CBCBlockCipher(new DESedeEngine()));
    decryptor.init(false, keyParameter);
    byte[] in = null;
    byte[] cipherText = null;

    try {
        in = Hex.decode(instr);
        cipherText = new byte[decryptor.getOutputSize(in.length)];

     int outputLen = decryptor.processBytes(in, 0, in.length, cipherText, 0);
        decryptor.doFinal(cipherText, outputLen);
    } catch (Exception e) {
        throw new GeneralSecurityException(e);
    }
    long t2 = System.currentTimeMillis();
    logger.debug("Time taken to decrypt(millis) : " + (t2 - t1));
    return (new String(cipherText)).replaceAll("\\u0000+$", "");
}

private static byte[] EncryptAes256(byte[] data, byte[] encryptionKey)
{
    try {
        KeyParameter keyParam = new KeyParameter(encryptionKey);
        BlockCipherPadding padding = new PKCS7Padding();
        BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(
                new CBCBlockCipher(new AESEngine()), padding);
        cipher.reset();
        cipher.init(true, keyParam);
        byte[] buffer = new byte[cipher.getOutputSize(data.length)];
        int len = cipher.processBytes(data, 0, data.length, buffer, 0);
        len += cipher.doFinal(buffer, len);
        return Arrays.copyOfRange(buffer, 0, len);
    } catch (Exception e) {
        throw new RuntimeException("decrypt error in SimpleAesManaged", e);
    }
}

public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey) {
    try {
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        byte[] key = sha256().digest(dhSharedSecret);
        byte[] iv = new byte[16];
        secureRandom.get().nextBytes(iv);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(true, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(plaintext.length)];
        int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
        ciphertextLength += aes.doFinal(output, ciphertextLength);
        byte[] result = new byte[iv.length + ciphertextLength];
        System.arraycopy(iv, 0, result, 0, iv.length);
        System.arraycopy(output, 0, result, iv.length, ciphertextLength);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

public static byte[] aesDecrypt(byte[] ivCiphertext, byte[] myPrivateKey, byte theirPublicKey[]) {
    try {
        if (ivCiphertext.length < 16 || ivCiphertext.length % 16 != 0) {
            throw new InvalidCipherTextException("invalid ciphertext");
        }
        byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
        byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        byte[] key = sha256().digest(dhSharedSecret);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(false, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(ciphertext.length)];
        int plaintextLength = aes.processBytes(ciphertext, 0, ciphertext.length, output, 0);
        plaintextLength += aes.doFinal(output, plaintextLength);
        byte[] result = new byte[plaintextLength];
        System.arraycopy(output, 0, result, 0, result.length);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits.
 * <p>
 * Note: the size of the MAC must be at least 16 bits (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @deprecated use CBCBlockCipherMac
 */
public BlockCipherMac(
    BlockCipher     cipher,
    int             macSizeInBits)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses CBC mode as the basis for the
 * MAC generation.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public CBCBlockCipherMac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses single DES CBC mode as the basis for the
 * MAC generation. The final block is decrypted and then encrypted using the
 * middle and right part of the key.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public ISO9797Alg3Mac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    if (!(cipher instanceof DESEngine))
    {
        throw new IllegalArgumentException("cipher must be instance of DESEngine");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

private void doCbc(byte[] key, byte[] iv, byte[] pt, byte[] expected)
    throws Exception
{
    PaddedBufferedBlockCipher c = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SerpentEngine()), new PKCS7Padding());

    byte[] ct = new byte[expected.length];

    c.init(true, new ParametersWithIV(new KeyParameter(key), iv));

    int l = c.processBytes(pt, 0, pt.length, ct, 0);

    c.doFinal(ct, l);

    if (!Arrays.areEqual(expected, ct))
    {
        fail("CBC test failed");
    }
}

private void encryptBlock(byte[] key, byte[] iv, byte[] cekBlock)
{
    BlockCipher engine = new CBCBlockCipher(new DESEngine());

    engine.init(true, new ParametersWithIV(new KeyParameter(key), iv));

    for (int i = 0; i < cekBlock.length; i += 8)
    {
        engine.processBlock(cekBlock, i, cekBlock, i);
    }

    for (int i = 0; i < cekBlock.length; i += 8)
    {
        engine.processBlock(cekBlock, i, cekBlock, i);
    }
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits.
 * <p>
 * Note: the size of the MAC must be at least 16 bits (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @deprecated use CBCBlockCipherMac
 */
public BlockCipherMac(
    BlockCipher     cipher,
    int             macSizeInBits)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses CBC mode as the basis for the
 * MAC generation.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public CBCBlockCipherMac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses single DES CBC mode as the basis for the
 * MAC generation. The final block is decrypted and then encrypted using the
 * middle and right part of the key.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public ISO9797Alg3Mac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    if (!(cipher instanceof DESEngine))
    {
        throw new IllegalArgumentException("cipher must be instance of DESEngine");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

public void InitCiphers() {
    // create the ciphers
    // AES block cipher in CBC mode with padding
    encryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(
            new AESEngine()));

    decryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(
            new AESEngine()));

    // create the IV parameter
    ParametersWithIV parameterIV = new ParametersWithIV(new KeyParameter(
            key), IV);

    encryptCipher.init(true, parameterIV);
    decryptCipher.init(false, parameterIV);
}

/**
 * A password-based data decryption using a constant salt value "<b>constantSalt</b>"
 * @param cipher
 * @param password
 * @param salt
 * @param iterationCount
 * @return
 * @throws Exception
 */
public static byte[] decrypt(byte[] cipher, String password) throws Exception
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(new SHA256Digest());
    char[] passwordChars = password.toCharArray();
    final byte[] pkcs12PasswordBytes = PBEParametersGenerator.PKCS12PasswordToBytes(passwordChars);
    pGen.init(pkcs12PasswordBytes, constantSalt.getBytes(), iterations);
    CBCBlockCipher aesCBC = new CBCBlockCipher(new AESEngine());
    ParametersWithIV aesCBCParams = (ParametersWithIV) pGen.generateDerivedParameters(256, 128);
    aesCBC.init(false, aesCBCParams);
    PaddedBufferedBlockCipher aesCipher = new PaddedBufferedBlockCipher(aesCBC, new PKCS7Padding());
    byte[] plainTemp = new byte[aesCipher.getOutputSize(cipher.length)];
    int offset = aesCipher.processBytes(cipher, 0, cipher.length, plainTemp, 0);
    int last = aesCipher.doFinal(plainTemp, offset);
    final byte[] plain = new byte[offset + last];
    System.arraycopy(plainTemp, 0, plain, 0, plain.length);
    return plain;
}

public PKCS12PfxPdu generatePKCS12(X509Certificate caCert, Cert clientCert, String password) throws IOException, CertificateException, PKCSException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
    PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(caCert);
    X509CertificateHolder clientCertHolder =new X509CertificateHolder(clientCert.getClientCert());
    PKCS12SafeBagBuilder clientCertBagBuilder = new JcaPKCS12SafeBagBuilder(new JcaX509CertificateConverter().setProvider("BC").getCertificate(clientCertHolder));

    PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(
            KeyFactory.getInstance("RSA", "BC").generatePrivate(new PKCS8EncodedKeySpec(clientCert.getPrivateKey())),
            new BcPKCS12PBEOutputEncryptorBuilder(
                    PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC,
                    new CBCBlockCipher((new DESedeEngine()))).build(password.toCharArray()));

    PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
    PKCS12SafeBag[] certs = new PKCS12SafeBag[2];
    certs[0] = clientCertBagBuilder.build();
    certs[1] = caCertBagBuilder.build();
    pfxPduBuilder.addData(keyBagBuilder.build());
    return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), password.toCharArray());
}

public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey, byte[] nonce) {
    try {
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        for (int i = 0; i < 32; i++) {
            dhSharedSecret[i] ^= nonce[i];
        }
        byte[] key = sha256().digest(dhSharedSecret);
        byte[] iv = new byte[16];
        secureRandom.get().nextBytes(iv);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(true, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(plaintext.length)];
        int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
        ciphertextLength += aes.doFinal(output, ciphertextLength);
        byte[] result = new byte[iv.length + ciphertextLength];
        System.arraycopy(iv, 0, result, 0, iv.length);
        System.arraycopy(output, 0, result, iv.length, ciphertextLength);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey) {
    try {
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        byte[] key = sha256().digest(dhSharedSecret);
        byte[] iv = new byte[16];
        secureRandom.get().nextBytes(iv);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(true, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(plaintext.length)];
        int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
        ciphertextLength += aes.doFinal(output, ciphertextLength);
        byte[] result = new byte[iv.length + ciphertextLength];
        System.arraycopy(iv, 0, result, 0, iv.length);
        System.arraycopy(output, 0, result, iv.length, ciphertextLength);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

public static byte[] aesDecrypt(byte[] ivCiphertext, byte[] myPrivateKey, byte theirPublicKey[]) {
    try {
        if (ivCiphertext.length < 16 || ivCiphertext.length % 16 != 0) {
            throw new InvalidCipherTextException("invalid ciphertext");
        }
        byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
        byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        byte[] key = sha256().digest(dhSharedSecret);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(false, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(ciphertext.length)];
        int plaintextLength = aes.processBytes(ciphertext, 0, ciphertext.length, output, 0);
        plaintextLength += aes.doFinal(output, plaintextLength);
        byte[] result = new byte[plaintextLength];
        System.arraycopy(output, 0, result, 0, result.length);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

private void initCiphers(byte[] key, byte[] iv) {

        // get the keyBytes
        keyBytes = new byte[key.length];
        System.arraycopy(key, 0, keyBytes, 0, key.length);

        keyP = new KeyParameter(keyBytes);

        // get the IV
        IV = new byte[blockSize];
        System.arraycopy(iv, 0, IV, 0, IV.length);

        // create the ciphers
        // AES block cipher in CBC mode with ISO7816d4 padding
        encryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESFastEngine()), new ISO7816d4Padding());

        decryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESFastEngine()), new ISO7816d4Padding());

        // create the IV parameter
        ParametersWithIV parameterIV = new ParametersWithIV(keyP, IV);

        encryptCipher.init(true, parameterIV);
        decryptCipher.init(false, parameterIV);
    }

private void initCiphers(byte[] key, byte[] iv) {
    // get the keyBytes
    keyBytes = new byte[key.length];
    System.arraycopy(key, 0, keyBytes, 0, key.length);

    // get the IV
    IV = new byte[blockSize];
    System.arraycopy(iv, 0, IV, 0, iv.length);

    keyP = new KeyParameter(keyBytes);

    encryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(
            new DESedeEngine()), new ISO7816d4Padding());
    decryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(
            new DESedeEngine()), new ISO7816d4Padding());

    // create the IV parameter
    ParametersWithIV parameterIV = new ParametersWithIV(keyP, IV);

    encryptCipher.init(true, parameterIV);
    decryptCipher.init(false, parameterIV);
}

private static final byte[] encrypt(byte[] key, byte[] data) throws Exception
{
    PaddedBufferedBlockCipher c = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()));
    CipherParameters p = new KeyParameter(key);
    try
    {
        SecretByteArrayOutputStream ba = new SecretByteArrayOutputStream();
        try
        {
            XCipherOutputStream out = new XCipherOutputStream(c, p, ba);
            out.write(data);
            out.close();

            byte[] b = ba.toByteArray();
            return b;
        }
        finally
        {
            CKit.close(ba);
        }
    }
    finally
    {
        Crypto.zero(p);
    }
}

public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey, byte[] nonce) {
    try {
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        for (int i = 0; i < 32; i++) {
            dhSharedSecret[i] ^= nonce[i];
        }
        byte[] key = sha256().digest(dhSharedSecret);
        byte[] iv = new byte[16];
        secureRandom.get().nextBytes(iv);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(true, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(plaintext.length)];
        int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
        ciphertextLength += aes.doFinal(output, ciphertextLength);
        byte[] result = new byte[iv.length + ciphertextLength];
        System.arraycopy(iv, 0, result, 0, iv.length);
        System.arraycopy(output, 0, result, iv.length, ciphertextLength);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

@Override
public OutputStream encryptedOutputStream(final Path path, final String password) throws IOException,
        EncryptionFailedException {
    try {
        final byte[] salt = generateSalt();
        final byte[] key = generateKey(password, salt);
        final byte[] iv = generateIV();
        final byte[] fileInitBlock = generateOutputInitBlock(salt, iv);

        final PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(
                new CBCBlockCipher(new AESEngine()), new PKCS7Padding());

        final KeyParameter keyParam = new KeyParameter(key);
        final CipherParameters params = new ParametersWithIV(keyParam, iv);
        cipher.init(true, params);

        final BufferedOutputStream out = new BufferedOutputStream(Files.newOutputStream(path));
        out.write(fileInitBlock);

        return new CipherOutputStream(out, cipher);
    } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
        throw new EncryptionFailedException(e);
    }
}

@Override
public InputStream decryptedInputStream(final Path path, final String password) throws IOException,
        DecryptionFailedException {
    try {
        InputStream in = new BufferedInputStream(Files.newInputStream(path));
        byte[] initBlock = readInitBlock(in);
        byte[] salt = extractSalt(initBlock);
        byte[] iv = extractIV(initBlock);
        byte[] key = generateKey(password, salt);

        PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()),
                new PKCS7Padding());
        KeyParameter keyParam = new KeyParameter(key);
        CipherParameters params = new ParametersWithIV(keyParam, iv);
        cipher.init(false, params);

        return new CipherInputStream(in, cipher);
    } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
        throw new DecryptionFailedException(e);
    }
}

private static InputStream CreateInputStream(InputStream s, boolean bEncrypt, byte[] pbKey, byte[] pbIV)
        {

            byte[] pbLocalIV = new byte[16];
            System.arraycopy(pbIV, 0, pbLocalIV, 0, 16);

            byte[] pbLocalKey = new byte[32];
            System.arraycopy(pbKey, 0, pbLocalKey, 0, 32);

            try {
//                Cipher r = Cipher.getInstance("AES/CBC/PKCS5Padding");
//                IvParameterSpec ivspec = new IvParameterSpec(pbLocalIV);
//                SecretKeySpec keyspec = new SecretKeySpec(pbLocalKey, "AES");
//                r.init(Cipher.DECRYPT_MODE, keyspec, ivspec);

                BlockCipher aes = AesEngines.createAesEngine();
                KeyParameter key = new KeyParameter(pbLocalKey);
                ParametersWithIV iv = new ParametersWithIV(key, pbLocalIV);
                BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(aes));
                cipher.init(false, iv);

                return new CipherInputStream(s, cipher);
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        }

private static OutputStream CreateOutputStream(OutputStream s, boolean bEncrypt, byte[] pbKey, byte[] pbIV)
        {

            byte[] pbLocalIV = new byte[16];
            System.arraycopy(pbIV, 0, pbLocalIV, 0, 16);

            byte[] pbLocalKey = new byte[32];
            System.arraycopy(pbKey, 0, pbLocalKey, 0, 32);

            try {
                BlockCipher aes = AesEngines.createAesEngine();
                KeyParameter key = new KeyParameter(pbLocalKey);
                ParametersWithIV iv = new ParametersWithIV(key, pbLocalIV);
                BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(aes));

                cipher.init(true, iv);
//                Cipher r = Cipher.getInstance("AES/CBC/PKCS5Padding");
//                IvParameterSpec ivspec = new IvParameterSpec(pbLocalIV);
//                SecretKeySpec keyspec = new SecretKeySpec(pbLocalKey, "AES");
//                r.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);

                return new CipherOutputStream(s, cipher);
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        }

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits.
 * <p>
 * Note: the size of the MAC must be at least 16 bits (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @deprecated use CBCBlockCipherMac
 */
public BlockCipherMac(
    BlockCipher     cipher,
    int             macSizeInBits)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses CBC mode as the basis for the
 * MAC generation.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public CBCBlockCipherMac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

/**
 * create a standard MAC based on a block cipher with the size of the
 * MAC been given in bits. This class uses single DES CBC mode as the basis for the
 * MAC generation. The final block is decrypted and then encrypted using the
 * middle and right part of the key.
 * <p>
 * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
 * or 16 bits if being used as a data authenticator (FIPS Publication 113),
 * and in general should be less than the size of the block cipher as it reduces
 * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
 *
 * @param cipher the cipher to be used as the basis of the MAC generation.
 * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8.
 * @param padding the padding to be used to complete the last block.
 */
public ISO9797Alg3Mac(
    BlockCipher         cipher,
    int                 macSizeInBits,
    BlockCipherPadding  padding)
{
    if ((macSizeInBits % 8) != 0)
    {
        throw new IllegalArgumentException("MAC size must be multiple of 8");
    }

    if (!(cipher instanceof DESEngine))
    {
        throw new IllegalArgumentException("cipher must be instance of DESEngine");
    }

    this.cipher = new CBCBlockCipher(cipher);
    this.padding = padding;
    this.macSize = macSizeInBits / 8;

    mac = new byte[cipher.getBlockSize()];

    buf = new byte[cipher.getBlockSize()];
    bufOff = 0;
}

public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey, byte[] nonce) {
    try {
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        for (int i = 0; i < 32; i++) {
            dhSharedSecret[i] ^= nonce[i];
        }
        byte[] key = sha256().digest(dhSharedSecret);
        byte[] iv = new byte[16];
        secureRandom.get().nextBytes(iv);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
                new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(true, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(plaintext.length)];
        int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
        ciphertextLength += aes.doFinal(output, ciphertextLength);
        byte[] result = new byte[iv.length + ciphertextLength];
        System.arraycopy(iv, 0, result, 0, iv.length);
        System.arraycopy(output, 0, result, iv.length, ciphertextLength);
        return result;
    } catch (InvalidCipherTextException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}

public static byte[] decryptAESCBC(byte[] key, byte[] iv, byte[] data) {
    // AES CBC PKCS7 decrypt
    try {
        CipherParameters cipherParameters = new ParametersWithIV(new KeyParameter(key), iv);
        PaddedBufferedBlockCipher cipher
                = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESFastEngine()), new PKCS7Padding());
        cipher.init(false, cipherParameters);

        byte[] buffer = new byte[cipher.getOutputSize(data.length)];

        int pos = cipher.processBytes(data, 0, data.length, buffer, 0);
        pos += cipher.doFinal(buffer, pos);

        return Arrays.copyOf(buffer, pos);

    } catch (DataLengthException | IllegalStateException | InvalidCipherTextException ex) {
        throw new IllegalArgumentException("decrypt failed", ex);
    }
}

/**
 * Encrypt or decrypt data with AES256.
 *
 * @param data The data to encrypt.
 * @param output The output to write the encrypted data to.
 *
 * @throws IOException If there is an error reading the data.
 */
private void decryptDataAES256(InputStream data, OutputStream output) throws IOException
{
    byte[] iv = new byte[16];

    // read IV from stream
    int ivSize = data.read(iv);
    if (ivSize == -1)
    {
        return;
    }

    if (ivSize != iv.length)
    {
        throw new IOException("AES initialization vector not fully read: only " + ivSize
                + " bytes read instead of " + iv.length);
    }
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(
            new CBCBlockCipher(new AESFastEngine()));
    cipher.init(false, new ParametersWithIV(new KeyParameter(encryptionKey), iv));
    try (CipherInputStream cis = new CipherInputStream(data, cipher))
    {
        org.apache.commons.io.IOUtils.copy(cis, output);
    }
}