Java 类org.bouncycastle.crypto.PBEParametersGenerator 实例源码

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    PBEKeySpec keySpec,
    int type,
    int hash,
    int keySize)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    key = convertPassword(type, keySpec);

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

private static byte[] convertPassword(int type, PBEKeySpec keySpec)
{
    byte[] key;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8)
    {
        key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword());
    }
    else
    {
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }
    return key;
}

@Test
public void compareModes() {
    BlockCipher engine = new AESEngine();
    int blockSize = engine.getBlockSize();
    BlockCipher ref = new SICBlockCipher(engine); // reference implementation
    BlockCipher uut = new CtrBlockCipher(engine); // unit under test
    PBEParametersGenerator gen = new PKCS5S2ParametersGenerator();
    byte[] salt = new byte[blockSize]; // used as salt and cipher input
    new SecureRandom().nextBytes(salt);
    gen.init("top secret".getBytes(), salt, 1);
    ParametersWithIV
            param = (ParametersWithIV) gen.generateDerivedParameters(
                blockSize * 8,
                blockSize * 8);

    ref.init(true, param);
    uut.init(true, param);
    assertModes(ref, uut);

    ref.init(false, param);
    uut.init(false, param);
    assertModes(ref, uut);
}

private static SecretKey getKey(
    char[]  password,
    String  algorithm,
    int     keyLength,
    byte[]  salt,
    boolean des2)
    throws IOException
{
    OpenSSLPBEParametersGenerator   pGen = new OpenSSLPBEParametersGenerator();

    pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);

    KeyParameter keyParam;
    keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8);
    byte[] key = keyParam.getKey();
    if (des2 && key.length >= 24)
    {
        // For DES2, we must copy first 8 bytes into the last 8 bytes.
        System.arraycopy(key, 0, key, 16, 8);
    }
    return new javax.crypto.spec.SecretKeySpec(key, algorithm);
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    BCPBEKey pbeKey,
    AlgorithmParameterSpec spec)
{
    if ((spec == null) || !(spec instanceof PBEParameterSpec))
    {
        throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
    }

    PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
    PBEParametersGenerator  generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest());
    byte[]                  key = pbeKey.getEncoded();
    CipherParameters        param;

    generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());

    param = generator.generateDerivedMacParameters(pbeKey.getKeySize());

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    PBEKeySpec keySpec,
    int type,
    int hash,
    int keySize)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    key = convertPassword(type, keySpec);

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    SecretKey key,
    int type,
    int hash,
    int keySize,
    PBEParameterSpec pbeSpec)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    CipherParameters        param;

    byte[] keyBytes = key.getEncoded();

    generator.init(key.getEncoded(), pbeSpec.getSalt(), pbeSpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != keyBytes.length; i++)
    {
        keyBytes[i] = 0;
    }

    return param;
}

private static byte[] convertPassword(int type, PBEKeySpec keySpec)
{
    byte[] key;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8)
    {
        key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword());
    }
    else
    {
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }
    return key;
}

private static KeyParameter getKey(
    char[]  password,
    int     keyLength,
    byte[]  salt,
    boolean des2)
    throws PEMException
{
    PBEParametersGenerator paramsGen = new OpenSSLPBEParametersGenerator();

    paramsGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt, 1);

    KeyParameter kp = (KeyParameter)paramsGen.generateDerivedParameters(keyLength * 8);

    if (des2 && kp.getKey().length == 24)
    {
        // For DES2, we must copy first 8 bytes into the last 8 bytes.
        byte[] key = kp.getKey();

        System.arraycopy(key, 0, key, 16, 8);

        return new KeyParameter(key);
    }

    return kp;
}

/**
 * A password-based data decryption using a constant salt value "<b>constantSalt</b>"
 * @param cipher
 * @param password
 * @param salt
 * @param iterationCount
 * @return
 * @throws Exception
 */
public static byte[] decrypt(byte[] cipher, String password) throws Exception
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(new SHA256Digest());
    char[] passwordChars = password.toCharArray();
    final byte[] pkcs12PasswordBytes = PBEParametersGenerator.PKCS12PasswordToBytes(passwordChars);
    pGen.init(pkcs12PasswordBytes, constantSalt.getBytes(), iterations);
    CBCBlockCipher aesCBC = new CBCBlockCipher(new AESEngine());
    ParametersWithIV aesCBCParams = (ParametersWithIV) pGen.generateDerivedParameters(256, 128);
    aesCBC.init(false, aesCBCParams);
    PaddedBufferedBlockCipher aesCipher = new PaddedBufferedBlockCipher(aesCBC, new PKCS7Padding());
    byte[] plainTemp = new byte[aesCipher.getOutputSize(cipher.length)];
    int offset = aesCipher.processBytes(cipher, 0, cipher.length, plainTemp, 0);
    int last = aesCipher.doFinal(plainTemp, offset);
    final byte[] plain = new byte[offset + last];
    System.arraycopy(plainTemp, 0, plain, 0, plain.length);
    return plain;
}

private static SecretKey getKey(
    char[]  password,
    String  algorithm,
    int     keyLength,
    byte[]  salt,
    boolean des2)
    throws IOException
{
    OpenSSLPBEParametersGenerator   pGen = new OpenSSLPBEParametersGenerator();

    pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);

    KeyParameter keyParam;
    keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8);
    byte[] key = keyParam.getKey();
    if (des2 && key.length >= 24)
    {
        // For DES2, we must copy first 8 bytes into the last 8 bytes.
        System.arraycopy(key, 0, key, 16, 8);
    }
    return new javax.crypto.spec.SecretKeySpec(key, algorithm);
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    PBEKeySpec keySpec,
    int type,
    int hash,
    int keySize)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    key = convertPassword(type, keySpec);

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

private static byte[] convertPassword(int type, PBEKeySpec keySpec)
{
    byte[] key;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8)
    {
        key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword());
    }
    else
    {
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }
    return key;
}

private static SecretKey getKey(
    char[]  password,
    String  algorithm,
    int     keyLength,
    byte[]  salt,
    boolean des2)
{
    OpenSSLPBEParametersGenerator   pGen = new OpenSSLPBEParametersGenerator();

    pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);

    KeyParameter keyParam;
    keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8);
    byte[] key = keyParam.getKey();
    if (des2 && key.length >= 24)
    {
        // For DES2, we must copy first 8 bytes into the last 8 bytes.
        System.arraycopy(key, 0, key, 16, 8);
    }
    return new SecretKeySpec(key, algorithm);
}

private static SecretKey getKey(
    char[] password,
    String algorithm,
    int keyLength,
    byte[] salt,
    boolean des2)
{
    OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator();

    pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);

    KeyParameter keyParam;
    keyParam = (KeyParameter)pGen.generateDerivedParameters(keyLength * 8);
    byte[] key = keyParam.getKey();
    if (des2 && key.length >= 24)
    {
        // For DES2, we must copy first 8 bytes into the last 8 bytes.
        System.arraycopy(key, 0, key, 16, 8);
    }
    return new javax.crypto.spec.SecretKeySpec(key, algorithm);
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    PBEKeySpec keySpec,
    int type,
    int hash,
    int keySize)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    key = convertPassword(type, keySpec);

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

private static byte[] convertPassword(int type, PBEKeySpec keySpec)
{
    byte[] key;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8)
    {
        key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword());
    }
    else
    {
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }
    return key;
}

private static SecretKey getKey(
    char[]  password,
    String  algorithm,
    int     keyLength,
    byte[]  salt,
    boolean des2)
{
    OpenSSLPBEParametersGenerator   pGen = new OpenSSLPBEParametersGenerator();

    pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);

    KeyParameter keyParam;
    keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8);
    byte[] key = keyParam.getKey();
    if (des2 && key.length >= 24)
    {
        // For DES2, we must copy first 8 bytes into the last 8 bytes.
        System.arraycopy(key, 0, key, 16, 8);
    }
    return new SecretKeySpec(key, algorithm);
}

private static SecretKey getKey(
    char[] password,
    String algorithm,
    int keyLength,
    byte[] salt,
    boolean des2)
{
    OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator();

    pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);

    KeyParameter keyParam;
    keyParam = (KeyParameter)pGen.generateDerivedParameters(keyLength * 8);
    byte[] key = keyParam.getKey();
    if (des2 && key.length >= 24)
    {
        // For DES2, we must copy first 8 bytes into the last 8 bytes.
        System.arraycopy(key, 0, key, 16, 8);
    }
    return new javax.crypto.spec.SecretKeySpec(key, algorithm);
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    PBEKeySpec keySpec,
    int type,
    int hash,
    int keySize)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    key = convertPassword(type, keySpec);

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

private static byte[] convertPassword(int type, PBEKeySpec keySpec)
{
    byte[] key;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8)
    {
        key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword());
    }
    else
    {
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }
    return key;
}

private static byte[] crypt(final boolean encrypt, final byte[] bytes, final String password, final byte[] salt) throws InvalidCipherTextException {
    final PBEParametersGenerator keyGenerator = new PKCS12ParametersGenerator(new SHA256Digest());
    keyGenerator.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password.toCharArray()), salt, 20);
    final CipherParameters keyParams = keyGenerator.generateDerivedParameters(256, 128);

    final BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
    cipher.init(encrypt, keyParams);

    final byte[] processed = new byte[cipher.getOutputSize(bytes.length)];
    int outputLength = cipher.processBytes(bytes, 0, bytes.length, processed, 0);
    outputLength += cipher.doFinal(processed, outputLength);

    final byte[] results = new byte[outputLength];
    System.arraycopy(processed, 0, results, 0, outputLength);
    return results;
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
static CipherParameters makePBEMacParameters(
    JCEPBEKey               pbeKey,
    AlgorithmParameterSpec  spec)
{
    if ((spec == null) || !(spec instanceof PBEParameterSpec))
    {
        throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
    }

    PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
    PBEParametersGenerator  generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest());
    byte[]                  key = pbeKey.getEncoded();
    CipherParameters        param;

    if (pbeKey.shouldTryWrongPKCS12())
    {
        key = new byte[2];
    }

    generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());

    param = generator.generateDerivedMacParameters(pbeKey.getKeySize());

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * construct a key and iv (if necessary) suitable for use with a 
 * Cipher.
 */
static CipherParameters makePBEParameters(
    PBEKeySpec              keySpec,
    int                     type,
    int                     hash,
    int                     keySize,
    int                     ivSize)
{    
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else
    {   
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    if (ivSize != 0)
    {
        param = generator.generateDerivedParameters(keySize, ivSize);
    }
    else
    {
        param = generator.generateDerivedParameters(keySize);
    }

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
static CipherParameters makePBEMacParameters(
    PBEKeySpec              keySpec,
    int                     type,
    int                     hash,
    int                     keySize)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else
    {   
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
static CipherParameters makePBEMacParameters(
    BCPBEKey pbeKey,
    AlgorithmParameterSpec  spec,
    int                     type,
    int                     hash,
    int                     keySize)
{
    if ((spec == null) || !(spec instanceof PBEParameterSpec))
    {
        throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
    }

    PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key = pbeKey.getEncoded();
    CipherParameters        param;

    generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen)
{
    PBEParametersGenerator pGen = new PKCS5S2ParametersGenerator(new SHA256Digest());
    pGen.init(P, S, 1);
    KeyParameter key = (KeyParameter) pGen.generateDerivedMacParameters(dkLen * 8);
    return key.getKey();
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
public static CipherParameters makePBEMacParameters(
    BCPBEKey pbeKey,
    AlgorithmParameterSpec spec)
{
    if ((spec == null) || !(spec instanceof PBEParameterSpec))
    {
        throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
    }

    PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
    PBEParametersGenerator  generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest());
    byte[]                  key = pbeKey.getEncoded();
    CipherParameters        param;

    if (pbeKey.shouldTryWrongPKCS12())
    {
        key = new byte[2];
    }

    generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());

    param = generator.generateDerivedMacParameters(pbeKey.getKeySize());

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * construct a key and iv (if necessary) suitable for use with a 
 * Cipher.
 */
public static CipherParameters makePBEParameters(
    PBEKeySpec keySpec,
    int type,
    int hash,
    int keySize,
    int ivSize)
{    
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    key = convertPassword(type, keySpec);

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    if (ivSize != 0)
    {
        param = generator.generateDerivedParameters(keySize, ivSize);
    }
    else
    {
        param = generator.generateDerivedParameters(keySize);
    }

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

protected byte[] getPasswordBytes(int scheme, char[] password)
{
    if (scheme == PasswordRecipient.PKCS5_SCHEME2)
    {
        return PBEParametersGenerator.PKCS5PasswordToBytes(password);
    }

    return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password);
}

byte[] getEncoded(String algorithmOid)
{
    PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();

    gen.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(this.getPassword()), this.getSalt(), this.getIterationCount());

    return ((KeyParameter)gen.generateDerivedParameters(CMSEnvelopedHelper.INSTANCE.getKeySize(algorithmOid))).getKey();
}

byte[] getEncoded(String algorithmOid)
{
    PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();

    gen.init(PBEParametersGenerator.PKCS5PasswordToBytes(this.getPassword()), this.getSalt(), this.getIterationCount());

    return ((KeyParameter)gen.generateDerivedParameters(CMSEnvelopedHelper.INSTANCE.getKeySize(algorithmOid))).getKey();
}

public static SecretKey generateSecretKeyForPKCS5Scheme2(String algorithm, char[] password, byte[] salt, int iterationCount)
{
    PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();

    generator.init(
        PBEParametersGenerator.PKCS5PasswordToBytes(password),
        salt,
        iterationCount);

    return new SecretKeySpec(((KeyParameter)generator.generateDerivedParameters(PEMUtilities.getKeySize(algorithm))).getKey(), algorithm);
}

public static SecretKey generateSecretKeyForPKCS5Scheme2(String algorithm, char[] password, byte[] salt, int iterationCount)
{
    PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();

    generator.init(
        PBEParametersGenerator.PKCS5PasswordToBytes(password),
        salt,
        iterationCount);

    return new SecretKeySpec(((KeyParameter)generator.generateDerivedParameters(PEMUtilities.getKeySize(algorithm))).getKey(), algorithm);
}

public byte[] getEncoded()
{
    if (param != null)
    {
        KeyParameter    kParam;

        if (param instanceof ParametersWithIV)
        {
            kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
        }
        else
        {
            kParam = (KeyParameter)param;
        }

        return kParam.getKey();
    }
    else
    {
        if (type == PBE.PKCS12)
        {
            return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword());
        }
        else
        {   
            return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword());
        }
    }
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
static CipherParameters makePBEMacParameters(
    JCEPBEKey               pbeKey,
    AlgorithmParameterSpec  spec)
{
    if ((spec == null) || !(spec instanceof PBEParameterSpec))
    {
        throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key.");
    }

    PBEParameterSpec        pbeParam = (PBEParameterSpec)spec;
    PBEParametersGenerator  generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest());
    byte[]                  key = pbeKey.getEncoded();
    CipherParameters        param;

    if (pbeKey.shouldTryWrongPKCS12())
    {
        key = new byte[2];
    }

    generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount());

    param = generator.generateDerivedMacParameters(pbeKey.getKeySize());

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * construct a key and iv (if necessary) suitable for use with a 
 * Cipher.
 */
static CipherParameters makePBEParameters(
    PBEKeySpec              keySpec,
    int                     type,
    int                     hash,
    int                     keySize,
    int                     ivSize)
{    
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else
    {   
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    if (ivSize != 0)
    {
        param = generator.generateDerivedParameters(keySize, ivSize);
    }
    else
    {
        param = generator.generateDerivedParameters(keySize);
    }

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

/**
 * generate a PBE based key suitable for a MAC algorithm, the
 * key size is chosen according the MAC size, or the hashing algorithm,
 * whichever is greater.
 */
static CipherParameters makePBEMacParameters(
    PBEKeySpec              keySpec,
    int                     type,
    int                     hash,
    int                     keySize)
{
    PBEParametersGenerator  generator = makePBEGenerator(type, hash);
    byte[]                  key;
    CipherParameters        param;

    if (type == PKCS12)
    {
        key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
    }
    else
    {   
        key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
    }

    generator.init(key, keySpec.getSalt(), keySpec.getIterationCount());

    param = generator.generateDerivedMacParameters(keySize);

    for (int i = 0; i != key.length; i++)
    {
        key[i] = 0;
    }

    return param;
}

private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen)
{
    PBEParametersGenerator pGen = new PKCS5S2ParametersGenerator(new SHA256Digest());
    pGen.init(P, S, 1);
    KeyParameter key = (KeyParameter) pGen.generateDerivedMacParameters(dkLen * 8);
    return key.getKey();
}

protected byte[] calculateDerivedKey(int schemeID, AlgorithmIdentifier derivationAlgorithm, int keySize)
    throws CMSException
{
    PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters());
    byte[] encodedPassword = (schemeID == PasswordRecipient.PKCS5_SCHEME2) ? PBEParametersGenerator.PKCS5PasswordToBytes(password) : PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password);

    PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator();

    gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue());

    return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey();
}