static Wrapper createRFC3211Wrapper(ASN1ObjectIdentifier algorithm) throws CMSException { if (NISTObjectIdentifiers.id_aes128_CBC.equals(algorithm) || NISTObjectIdentifiers.id_aes192_CBC.equals(algorithm) || NISTObjectIdentifiers.id_aes256_CBC.equals(algorithm)) { return new RFC3211WrapEngine(new AESEngine()); } else if (PKCSObjectIdentifiers.des_EDE3_CBC.equals(algorithm)) { return new RFC3211WrapEngine(new DESedeEngine()); } else if (OIWObjectIdentifiers.desCBC.equals(algorithm)) { return new RFC3211WrapEngine(new DESEngine()); } else if (PKCSObjectIdentifiers.RC2_CBC.equals(algorithm)) { return new RFC3211WrapEngine(new RC2Engine()); } else { throw new CMSException("cannot recognise wrapper: " + algorithm); } }
protected KeyParameter extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) throws CMSException { Wrapper keyEncryptionCipher = EnvelopedDataHelper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); keyEncryptionCipher.init(false, new ParametersWithIV(new KeyParameter(derivedKey), ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets())); try { return new KeyParameter(keyEncryptionCipher.unwrap(encryptedContentEncryptionKey, 0, encryptedContentEncryptionKey.length)); } catch (InvalidCipherTextException e) { throw new CMSException("unable to unwrap key: " + e.getMessage(), e); } }
static Wrapper createWrapper(int encAlgorithm) throws PGPException { switch (encAlgorithm) { case SymmetricKeyAlgorithmTags.AES_128: case SymmetricKeyAlgorithmTags.AES_192: case SymmetricKeyAlgorithmTags.AES_256: return new RFC3394WrapEngine(new AESFastEngine()); case SymmetricKeyAlgorithmTags.CAMELLIA_128: case SymmetricKeyAlgorithmTags.CAMELLIA_192: case SymmetricKeyAlgorithmTags.CAMELLIA_256: return new RFC3394WrapEngine(new CamelliaEngine()); default: throw new PGPException("unknown wrap algorithm: " + encAlgorithm); } }
private void wrapAndUnwrap(byte[] kek, byte[] key, byte[] expected) throws Exception { Wrapper wrapper = new AESWrapPadEngine(); wrapper.init(true, new KeyParameter(kek)); byte[] cipherText = wrapper.wrap(key, 0, key.length); if (!areEqual(cipherText, expected)) { fail("Wrapped value does not match expected."); } wrapper.init(false, new KeyParameter(kek)); byte[] plainText = wrapper.unwrap(cipherText, 0, cipherText.length); if (!areEqual(key, plainText)) { fail("Unwrapped value does not match original."); } }
private void wrapAndUnwrap(byte[] kek, byte[] key) throws Exception { Wrapper wrapper = new AESWrapPadEngine(); wrapper.init(true, new KeyParameter(kek)); byte[] cipherText = wrapper.wrap(key, 0, key.length); wrapper.init(false, new KeyParameter(kek)); byte[] plainText = wrapper.unwrap(cipherText, 0, cipherText.length); if (!areEqual(key, plainText)) { fail("Unwrapped value does not match original."); } }
private void heapIssueTest() { byte[] key = Hex.decode("d305ef52a6b9e72c810b821261d2d678"); byte[] ciphertext = Hex.decode("d2b2906d209a46261d8f6794eca3179d"); Wrapper aes = new AESWrapPadEngine(); aes.init(false, new KeyParameter(key)); try { byte[] result = aes.unwrap(ciphertext, 0, ciphertext.length); fail("incorrect pad not detected"); } catch (InvalidCipherTextException e) { // ignore } }
private void testChecksum(byte[] kek, byte[] iv, byte[] block, Wrapper wrapper) { encryptBlock(kek, iv, block); try { wrapper.unwrap(block, 0, block.length); fail("bad checksum not detected"); } catch (InvalidCipherTextException e) { if (!e.getMessage().equals("wrapped key fails checksum")) { fail("wrong exception"); } } }
private static RFC6637 create( String curveName, Supplier<Digest> digestFactory, Supplier<Wrapper> wrapperFactory, int publicKeyAlgID, int symAlgID, int symAlgIDLength, int kdfHashID) { try { ASN1ObjectIdentifier oid = ECNamedCurveTable.getOID(curveName); RFC6637KDF kdf = new RFC6637KDF( digestFactory, oid, (byte) publicKeyAlgID, (byte) symAlgID, (byte) kdfHashID); return new RFC6637(wrapperFactory, curveName, symAlgIDLength, kdf); } catch (IOException ex) { throw new IllegalStateException(ex); } }
protected WrapCipherSpi( Wrapper wrapEngine, int ivSize) { this.wrapEngine = wrapEngine; this.ivSize = ivSize; }
public BcSymmetricKeyUnwrapper(AlgorithmIdentifier wrappingAlgorithm, Wrapper wrapper, KeyParameter wrappingKey) { super(wrappingAlgorithm); this.wrapper = wrapper; this.wrappingKey = wrappingKey; }
public BcSymmetricKeyWrapper(AlgorithmIdentifier wrappingAlgorithm, Wrapper wrapper, KeyParameter wrappingKey) { super(wrappingAlgorithm); this.wrapper = wrapper; this.wrappingKey = wrappingKey; }
protected BaseWrapCipher( Wrapper wrapEngine, int ivSize) { this.wrapEngine = wrapEngine; this.ivSize = ivSize; }
public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException { byte[] contentEncryptionKeySpec = ((KeyParameter)CMSUtils.getBcKey(contentEncryptionKey)).getKey(); Wrapper keyEncryptionCipher = EnvelopedDataHelper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); keyEncryptionCipher.init(true, new ParametersWithIV(new KeyParameter(derivedKey), ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets())); return keyEncryptionCipher.wrap(contentEncryptionKeySpec, 0, contentEncryptionKeySpec.length); }
private void wrapTest( int id, BlockCipher engine, byte[] kek, byte[] iv, SecureRandom rand, byte[] in, byte[] out) throws Exception { Wrapper wrapper = new RFC3211WrapEngine(engine); wrapper.init(true, new ParametersWithRandom(new ParametersWithIV(new KeyParameter(kek), iv), rand)); byte[] cText = wrapper.wrap(in, 0, in.length); if (!Arrays.areEqual(cText, out)) { fail("failed wrap test " + id + " expected " + new String(Hex.encode(out)) + " got " + new String(Hex.encode(cText))); } wrapper.init(false, new ParametersWithIV(new KeyParameter(kek), iv)); byte[] pText = wrapper.unwrap(out, 0, out.length); if (!Arrays.areEqual(pText, in)) { fail("rfailed unwrap test " + id + " expected " + new String(Hex.encode(in)) + " got " + new String(Hex.encode(pText))); } }
private void testCorruption() throws InvalidCipherTextException { byte[] kek = Hex.decode("D1DAA78615F287E6"); byte[] iv = Hex.decode("EFE598EF21B33D6D"); Wrapper wrapper = new RFC3211WrapEngine(new DESEngine()); wrapper.init(false, new ParametersWithIV(new KeyParameter(kek), iv)); byte[] block = Hex.decode("ff739D838C627C897323A2F8C436F541"); encryptBlock(kek, iv, block); try { wrapper.unwrap(block, 0, block.length); fail("bad length not detected"); } catch (InvalidCipherTextException e) { if (!e.getMessage().equals("wrapped key corrupted")) { fail("wrong exception on length"); } } block = Hex.decode("08639D838C627C897323A2F8C436F541"); testChecksum(kek, iv, block, wrapper); block = Hex.decode("08736D838C627C897323A2F8C436F541"); testChecksum(kek, iv, block, wrapper); block = Hex.decode("08739D638C627C897323A2F8C436F541"); testChecksum(kek, iv, block, wrapper); }
public RFC6637( Supplier<Wrapper> wrapperFactory, String curveName, int symAlgIDKeyLength, RFC6637KDF kdf ) throws IOException { this.wrapperFactory = Objects.requireNonNull(wrapperFactory, "wrapperFactory"); this.curveName = Objects.requireNonNull(curveName, "curveName"); this.symAlgIDKeyLength = symAlgIDKeyLength; this.kdf = Objects.requireNonNull(kdf, "kdf"); }
