static CipherParameters createCipherParameters(ASN1ObjectIdentifier algorithm, ExtendedDigest digest, int blockSize, PKCS12PBEParams pbeParams, char[] password) { PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest); pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue()); CipherParameters params; if (PKCS12PBEUtils.hasNoIv(algorithm)) { params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm)); } else { params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm), blockSize * 8); if (PKCS12PBEUtils.isDesAlg(algorithm)) { DESedeParameters.setOddParity(((KeyParameter)((ParametersWithIV)params).getParameters()).getKey()); } } return params; }
/** * A password-based data decryption using a constant salt value "<b>constantSalt</b>" * @param cipher * @param password * @param salt * @param iterationCount * @return * @throws Exception */ public static byte[] decrypt(byte[] cipher, String password) throws Exception { PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(new SHA256Digest()); char[] passwordChars = password.toCharArray(); final byte[] pkcs12PasswordBytes = PBEParametersGenerator.PKCS12PasswordToBytes(passwordChars); pGen.init(pkcs12PasswordBytes, constantSalt.getBytes(), iterations); CBCBlockCipher aesCBC = new CBCBlockCipher(new AESEngine()); ParametersWithIV aesCBCParams = (ParametersWithIV) pGen.generateDerivedParameters(256, 128); aesCBC.init(false, aesCBCParams); PaddedBufferedBlockCipher aesCipher = new PaddedBufferedBlockCipher(aesCBC, new PKCS7Padding()); byte[] plainTemp = new byte[aesCipher.getOutputSize(cipher.length)]; int offset = aesCipher.processBytes(cipher, 0, cipher.length, plainTemp, 0); int last = aesCipher.doFinal(plainTemp, offset); final byte[] plain = new byte[offset + last]; System.arraycopy(plainTemp, 0, plain, 0, plain.length); return plain; }
private static byte[] crypt(final boolean encrypt, final byte[] bytes, final String password, final byte[] salt) throws InvalidCipherTextException { final PBEParametersGenerator keyGenerator = new PKCS12ParametersGenerator(new SHA256Digest()); keyGenerator.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password.toCharArray()), salt, 20); final CipherParameters keyParams = keyGenerator.generateDerivedParameters(256, 128); final BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding()); cipher.init(encrypt, keyParams); final byte[] processed = new byte[cipher.getOutputSize(bytes.length)]; int outputLength = cipher.processBytes(bytes, 0, bytes.length, processed, 0); outputLength += cipher.doFinal(processed, outputLength); final byte[] results = new byte[outputLength]; System.arraycopy(processed, 0, results, 0, outputLength); return results; }
public InputDecryptorProvider build(final char[] password) { return new InputDecryptorProvider() { public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) { final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm()); PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters()); CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password); engine.init(false, params); return new InputDecryptor() { public AlgorithmIdentifier getAlgorithmIdentifier() { return algorithmIdentifier; } public InputStream getInputStream(InputStream input) { return new CipherInputStream(input, engine); } public GenericKey getKey() { return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); } }; } }; }
static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password) { PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest); pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue()); final KeyParameter keyParam = (KeyParameter)pGen.generateDerivedMacParameters(digest.getDigestSize() * 8); final HMac hMac = new HMac(digest); hMac.init(keyParam); return new MacCalculator() { public AlgorithmIdentifier getAlgorithmIdentifier() { return new AlgorithmIdentifier(digestAlgorithm, pbeParams); } public OutputStream getOutputStream() { return new MacOutputStream(hMac); } public byte[] getMac() { byte[] res = new byte[hMac.getMacSize()]; hMac.doFinal(res, 0); return res; } public GenericKey getKey() { return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); } }; }
public OutputEncryptor build(final char[] password) { if (random == null) { random = new SecureRandom(); } final byte[] salt = new byte[20]; random.nextBytes(salt); final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount); CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password); engine.init(true, params); return new OutputEncryptor() { public AlgorithmIdentifier getAlgorithmIdentifier() { return new AlgorithmIdentifier(algorithm, pbeParams); } public OutputStream getOutputStream(OutputStream out) { return new CipherOutputStream(out, engine); } public GenericKey getKey() { return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); } }; }
private TestResult run1( int id, char[] password, byte[] salt, int iCount, byte[] result) { PBEParametersGenerator generator = new PKCS12ParametersGenerator( new SHA1Digest()); generator.init( PBEParametersGenerator.PKCS12PasswordToBytes(password), salt, iCount); CipherParameters key = generator.generateDerivedParameters(24 * 8); if (isEqual(result, ((KeyParameter)key).getKey())) { return new SimpleTestResult(true, "PKCS12Test: Okay"); } else { return new SimpleTestResult(false, "PKCS12Test: id " + id + " Failed"); } }
private TestResult run2( int id, char[] password, byte[] salt, int iCount, byte[] result) { PBEParametersGenerator generator = new PKCS12ParametersGenerator( new SHA1Digest()); generator.init( PBEParametersGenerator.PKCS12PasswordToBytes(password), salt, iCount); ParametersWithIV params = (ParametersWithIV)generator.generateDerivedParameters(64, 64); if (isEqual(result, params.getIV())) { return new SimpleTestResult(true, "PKCS12Test: Okay"); } else { return new SimpleTestResult(false, "PKCS12Test: id " + id + " Failed"); } }
private TestResult run3( int id, char[] password, byte[] salt, int iCount, byte[] result) { PBEParametersGenerator generator = new PKCS12ParametersGenerator( new SHA1Digest()); generator.init( PBEParametersGenerator.PKCS12PasswordToBytes(password), salt, iCount); CipherParameters key = generator.generateDerivedMacParameters(160); if (isEqual(result, ((KeyParameter)key).getKey())) { return new SimpleTestResult(true, "PKCS12Test: Okay"); } else { return new SimpleTestResult(false, "PKCS12Test: id " + id + " Failed"); } }
@Override public byte[] generate(String password, int length) { PBEParametersGenerator gen = new PKCS12ParametersGenerator(digester); gen.init(PBEParametersGenerator.PKCS12PasswordToBytes(password.toCharArray()), salt, iteration); KeyParameter param = (KeyParameter) gen.generateDerivedParameters(length); return param.getKey(); }
public OutputEncryptor build(final char[] password) { if (random == null) { random = new SecureRandom(); } final byte[] salt = new byte[20]; final int iterationCount = 1024; random.nextBytes(salt); final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount); CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password); engine.init(true, params); return new OutputEncryptor() { public AlgorithmIdentifier getAlgorithmIdentifier() { return new AlgorithmIdentifier(algorithm, pbeParams); } public OutputStream getOutputStream(OutputStream out) { return new CipherOutputStream(out, engine); } public GenericKey getKey() { return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); } }; }
public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier) { return new PKCS12MacCalculatorBuilder() { public MacCalculator build(final char[] password) throws OperatorCreationException { final PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters()); try { final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm(); final Mac mac = helper.createMac(algorithm.getId()); SecretKeyFactory keyFact = helper.createSecretKeyFactory(algorithm.getId()); PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue()); PBEKeySpec pbeSpec = new PBEKeySpec(password); SecretKey key = keyFact.generateSecret(pbeSpec); mac.init(key, defParams); return new MacCalculator() { public AlgorithmIdentifier getAlgorithmIdentifier() { return new AlgorithmIdentifier(algorithm, pbeParams); } public OutputStream getOutputStream() { return new MacOutputStream(mac); } public byte[] getMac() { return mac.doFinal(); } public GenericKey getKey() { return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); } }; } catch (Exception e) { throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e); } } public AlgorithmIdentifier getDigestAlgorithmIdentifier() { return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE); } }; }
public void engineStore(OutputStream stream, char[] password) throws IOException { DataOutputStream dOut = new DataOutputStream(stream); byte[] salt = new byte[STORE_SALT_SIZE]; int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); random.nextBytes(salt); dOut.writeInt(version); dOut.writeInt(salt.length); dOut.write(salt); dOut.writeInt(iterationCount); HMac hMac = new HMac(new SHA1Digest()); MacOutputStream mOut = new MacOutputStream(hMac); PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); if (version < 2) { hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); } else { hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); } for (int i = 0; i != passKey.length; i++) { passKey[i] = 0; } saveStore(new TeeOutputStream(dOut, mOut)); byte[] mac = new byte[hMac.getMacSize()]; hMac.doFinal(mac, 0); dOut.write(mac); dOut.close(); }
/** {@inheritDoc} */ protected PBEParametersGenerator newParamGenerator() { return new PKCS12ParametersGenerator(digest.getDigest()); }
public MacCalculator build(final char[] password) throws OperatorCreationException { if (random == null) { random = new SecureRandom(); } try { final Mac mac = helper.createMac(algorithm.getId()); saltLength = mac.getMacLength(); final byte[] salt = new byte[saltLength]; random.nextBytes(salt); SecretKeyFactory keyFact = helper.createSecretKeyFactory(algorithm.getId()); PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); PBEKeySpec pbeSpec = new PBEKeySpec(password); SecretKey key = keyFact.generateSecret(pbeSpec); mac.init(key, defParams); return new MacCalculator() { public AlgorithmIdentifier getAlgorithmIdentifier() { return new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount)); } public OutputStream getOutputStream() { return new MacOutputStream(mac); } public byte[] getMac() { return mac.doFinal(); } public GenericKey getKey() { return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); } }; } catch (Exception e) { throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e); } }