private boolean isSimilarHmacPbkd(PBKDFConfig storePBKDFConfig, KeyDerivationFunc hmacPkbdAlgorithm) if (!storePBKDFConfig.getAlgorithm().equals(hmacPkbdAlgorithm.getAlgorithm())) if (MiscObjectIdentifiers.id_scrypt.equals(hmacPkbdAlgorithm.getAlgorithm()))
private KeyDerivationFunc generatePkbdAlgorithmIdentifier(KeyDerivationFunc baseAlg, int keySizeInBytes) { if (MiscObjectIdentifiers.id_scrypt.equals(baseAlg.getAlgorithm())) { ScryptParams oldParams = ScryptParams.getInstance(baseAlg.getParameters()); byte[] pbkdSalt = new byte[oldParams.getSalt().length]; getDefaultSecureRandom().nextBytes(pbkdSalt); ScryptParams params = new ScryptParams( pbkdSalt, oldParams.getCostParameter(), oldParams.getBlockSize(), oldParams.getParallelizationParameter(), BigInteger.valueOf(keySizeInBytes)); return new KeyDerivationFunc(MiscObjectIdentifiers.id_scrypt, params); } else { PBKDF2Params oldParams = PBKDF2Params.getInstance(baseAlg.getParameters()); byte[] pbkdSalt = new byte[oldParams.getSalt().length]; getDefaultSecureRandom().nextBytes(pbkdSalt); PBKDF2Params params = new PBKDF2Params(pbkdSalt, oldParams.getIterationCount().intValue(), keySizeInBytes, oldParams.getPrf()); return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, params); } }
if (MiscObjectIdentifiers.id_scrypt.equals(hmacPkbdAlgorithm.getAlgorithm()))
private static byte[] decrypt(EncryptedValue ev, char[] password) throws XiSecurityException { AlgorithmIdentifier symmAlg = ev.getSymmAlg(); if (!PKCSObjectIdentifiers.id_PBES2.equals(symmAlg.getAlgorithm())) { throw new XiSecurityException("unsupported symmAlg " + symmAlg.getAlgorithm().getId()); } PBES2Parameters alg = PBES2Parameters.getInstance(symmAlg.getParameters()); PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; int iterations = func.getIterationCount().intValue(); key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), iterations, KEYSIZE_PROVIDER.getKeySize(encScheme), func.getPrf())); key = new SecretKeySpec(key.getEncoded(), "AES"); String cipherAlgOid = alg.getEncryptionScheme().getAlgorithm().getId(); Cipher cipher = Cipher.getInstance(cipherAlgOid); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); GCMParameters gcmParameters = GCMParameters.getInstance(encParams); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(gcmParameters.getIcvLen() * 8, gcmParameters.getNonce()); cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec); return cipher.doFinal(ev.getEncValue().getOctets()); } catch (IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException ex) { throw new XiSecurityException("Error while decrypting the EncryptedValue", ex); } }
SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key;
if (MiscObjectIdentifiers.id_scrypt.equals(pbkdAlgorithm.getAlgorithm())) params.getBlockSize().intValue(), keySizeInBytes); else if (pbkdAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2))
private Cipher createCipher(int mode, char[] password, AlgorithmIdentifier algId) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException { PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters()); PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; if (func.isDefaultPrf()) { key = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme))); } else { key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf())); } Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); if (encParams instanceof ASN1OctetString) { cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets())); } else { // TODO: at the moment it's just GOST, but... GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams); cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV())); } return cipher; }