byte[] calculateDerivedKey(int schemeID, char[] password, AlgorithmIdentifier derivationAlgorithm, int keySize) throws CMSException { PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); try { SecretKeyFactory keyFact; if (schemeID == PasswordRecipient.PKCS5_SCHEME2) { keyFact = helper.createSecretKeyFactory("PBKDF2with8BIT"); } else { keyFact = helper.createSecretKeyFactory((String)PBKDF2_ALG_NAMES.get(params.getPrf())); } SecretKey key = keyFact.generateSecret(new PBEKeySpec(password, params.getSalt(), params.getIterationCount().intValue(), keySize)); return key.getEncoded(); } catch (GeneralSecurityException e) { throw new CMSException("Unable to calculate derived key from password: " + e.getMessage(), e); } }
/** * Create PBKDF2Params from the passed in object, * * @param obj either PBKDF2Params or an ASN2Sequence. * @return a PBKDF2Params instance. */ public static PBKDF2Params getInstance( Object obj) { if (obj instanceof PBKDF2Params) { return (PBKDF2Params)obj; } if (obj != null) { return new PBKDF2Params(ASN1Sequence.getInstance(obj)); } return null; }
protected AlgorithmParameterSpec localEngineGetParameterSpec( Class paramSpec) throws InvalidParameterSpecException { if (paramSpec == PBEParameterSpec.class) { return new PBEParameterSpec(params.getSalt(), params.getIterationCount().intValue()); } throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object."); }
PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(hmacPkbdAlgorithm.getParameters()); if (pbkdf2Config.getSaltLength() != pbkdf2Params.getSalt().length || pbkdf2Config.getIterationCount() != pbkdf2Params.getIterationCount().intValue())
protected void engineInit( byte[] params, String format) throws IOException { if (this.isASN1FormatString(format)) { engineInit(params); return; } throw new IOException("Unknown parameters format in PBKDF2 parameters object"); }
PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(hmacPkbdAlgorithm.getParameters()); hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, pbkdf2Params.getKeyLength().intValue());
public PBES2Algorithms( ASN1Sequence obj) { super(obj); Enumeration e = obj.getObjects(); objectId = (ASN1ObjectIdentifier)e.nextElement(); ASN1Sequence seq = (ASN1Sequence)e.nextElement(); e = seq.getObjects(); ASN1Sequence funcSeq = (ASN1Sequence)e.nextElement(); if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) { func = new KeyDerivationFunc(id_PBKDF2, PBKDF2Params.getInstance(funcSeq.getObjectAt(1))); } else { func = KeyDerivationFunc.getInstance(funcSeq); } scheme = EncryptionScheme.getInstance(e.nextElement()); }
/** * Creates a new instance with the given parameters. * * @param params PBES2 parameters describing the key derivation function and encryption scheme. * @param password Password used to derive key. */ public PBES2EncryptionScheme(final PBES2Parameters params, final char[] password) { final PBKDF2Params kdfParams = PBKDF2Params.getInstance(params.getKeyDerivationFunc().getParameters()); final byte[] salt = kdfParams.getSalt(); final int iterations = kdfParams.getIterationCount().intValue(); if (kdfParams.getKeyLength() != null) { keyLength = kdfParams.getKeyLength().intValue() * 8; } final PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), salt, iterations); initCipher(generator, params.getEncryptionScheme()); }
/** * Create PBKDF2Params from the passed in object, * * @param obj either PBKDF2Params or an ASN1Sequence. * @return a PBKDF2Params instance. */ public static PBKDF2Params getInstance( Object obj) { if (obj instanceof PBKDF2Params) { return (PBKDF2Params)obj; } if (obj != null) { return new PBKDF2Params(ASN1Sequence.getInstance(obj)); } return null; }
private PBES2Parameters( ASN1Sequence obj) { Enumeration e = obj.getObjects(); ASN1Sequence funcSeq = ASN1Sequence.getInstance(((ASN1Encodable)e.nextElement()).toASN1Primitive()); if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) { func = new KeyDerivationFunc(id_PBKDF2, PBKDF2Params.getInstance(funcSeq.getObjectAt(1))); } else { func = KeyDerivationFunc.getInstance(funcSeq); } scheme = EncryptionScheme.getInstance(e.nextElement()); }
private KeyDerivationFunc generatePkbdAlgorithmIdentifier(KeyDerivationFunc baseAlg, int keySizeInBytes) { if (MiscObjectIdentifiers.id_scrypt.equals(baseAlg.getAlgorithm())) { ScryptParams oldParams = ScryptParams.getInstance(baseAlg.getParameters()); byte[] pbkdSalt = new byte[oldParams.getSalt().length]; getDefaultSecureRandom().nextBytes(pbkdSalt); ScryptParams params = new ScryptParams( pbkdSalt, oldParams.getCostParameter(), oldParams.getBlockSize(), oldParams.getParallelizationParameter(), BigInteger.valueOf(keySizeInBytes)); return new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params); } else { PBKDF2Params oldParams = PBKDF2Params.getInstance(baseAlg.getParameters()); byte[] pbkdSalt = new byte[oldParams.getSalt().length]; getDefaultSecureRandom().nextBytes(pbkdSalt); PBKDF2Params params = new PBKDF2Params(pbkdSalt, oldParams.getIterationCount().intValue(), keySizeInBytes, oldParams.getPrf()); return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, params); } }
private KeyDerivationFunc generatePkbdAlgorithmIdentifier(ASN1ObjectIdentifier derivationAlgorithm, int keySizeInBytes) { byte[] pbkdSalt = new byte[512 / 8]; getDefaultSecureRandom().nextBytes(pbkdSalt); if (PKCSObjectIdentifiers.id_PBKDF2.equals(derivationAlgorithm)) { return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(pbkdSalt, 50 * 1024, keySizeInBytes, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE))); } else { throw new IllegalStateException("unknown derivation algorithm: " + derivationAlgorithm); } }
private PBES2Parameters( ASN1Sequence obj) { Enumeration e = obj.getObjects(); ASN1Sequence funcSeq = ASN1Sequence.getInstance(((ASN1Encodable)e.nextElement()).toASN1Primitive()); if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) { func = new KeyDerivationFunc(id_PBKDF2, PBKDF2Params.getInstance(funcSeq.getObjectAt(1))); } else { func = KeyDerivationFunc.getInstance(funcSeq); } scheme = EncryptionScheme.getInstance(e.nextElement()); }
private Cipher createCipher(int mode, char[] password, AlgorithmIdentifier algId) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException { PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters()); PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; if (func.isDefaultPrf()) { key = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme))); } else { key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf())); } Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); if (encParams instanceof ASN1OctetString) { cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets())); } else { // TODO: at the moment it's just GOST, but... GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams); cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV())); } return cipher; }
protected void engineInit( AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException { if (!(paramSpec instanceof PBEParameterSpec)) { throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object"); } PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; this.params = new PBKDF2Params(pbeSpec.getSalt(), pbeSpec.getIterationCount()); }
PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(pbkdAlgorithm.getParameters()); if (pbkdf2Params.getKeyLength() != null) keySizeInBytes = pbkdf2Params.getKeyLength().intValue(); if (pbkdf2Params.getPrf().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512)) pGen.init(Arrays.concatenate(encPassword, differentiator), pbkdf2Params.getSalt(), pbkdf2Params.getIterationCount().intValue()); else if (pbkdf2Params.getPrf().getAlgorithm().equals(NISTObjectIdentifiers.id_hmacWithSHA3_512)) pGen.init(Arrays.concatenate(encPassword, differentiator), pbkdf2Params.getSalt(), pbkdf2Params.getIterationCount().intValue()); throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF: " + pbkdf2Params.getPrf().getAlgorithm());
private KeyDerivationFunc generatePkbdAlgorithmIdentifier(PBKDFConfig pbkdfConfig, int keySizeInBytes) { if (MiscObjectIdentifiers.id_scrypt.equals(pbkdfConfig.getAlgorithm())) { ScryptConfig scryptConfig = (ScryptConfig)pbkdfConfig; byte[] pbkdSalt = new byte[scryptConfig.getSaltLength()]; getDefaultSecureRandom().nextBytes(pbkdSalt); ScryptParams params = new ScryptParams( pbkdSalt, scryptConfig.getCostParameter(), scryptConfig.getBlockSize(), scryptConfig.getParallelizationParameter(), keySizeInBytes); return new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params); } else { PBKDF2Config pbkdf2Config = (PBKDF2Config)pbkdfConfig; byte[] pbkdSalt = new byte[pbkdf2Config.getSaltLength()]; getDefaultSecureRandom().nextBytes(pbkdSalt); return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(pbkdSalt, pbkdf2Config.getIterationCount(), keySizeInBytes, pbkdf2Config.getPRF())); } }
private static byte[] decrypt(EncryptedValue ev, char[] password) throws XiSecurityException { AlgorithmIdentifier symmAlg = ev.getSymmAlg(); if (!PKCSObjectIdentifiers.id_PBES2.equals(symmAlg.getAlgorithm())) { throw new XiSecurityException("unsupported symmAlg " + symmAlg.getAlgorithm().getId()); } PBES2Parameters alg = PBES2Parameters.getInstance(symmAlg.getParameters()); PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; int iterations = func.getIterationCount().intValue(); key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), iterations, KEYSIZE_PROVIDER.getKeySize(encScheme), func.getPrf())); key = new SecretKeySpec(key.getEncoded(), "AES"); String cipherAlgOid = alg.getEncryptionScheme().getAlgorithm().getId(); Cipher cipher = Cipher.getInstance(cipherAlgOid); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); GCMParameters gcmParameters = GCMParameters.getInstance(encParams); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(gcmParameters.getIcvLen() * 8, gcmParameters.getNonce()); cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec); return cipher.doFinal(ev.getEncValue().getOctets()); } catch (IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException ex) { throw new XiSecurityException("Error while decrypting the EncryptedValue", ex); } }
new PBES2Parameters( new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(pbkdfSalt, iterationCount, keysizeBits / 8, prf_hmacWithSHA256)), new EncryptionScheme(encAlgOid, new GCMParameters(nonce, tagByteLen))));
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); SecretKey key; int iterations = func.getIterationCount().intValue(); key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), iterations, keysizeInBit, func.getPrf())); key = new SecretKeySpec(key.getEncoded(), "AES");