Java Code Examples for javax.crypto.spec.PBEParameterSpec#getIterationCount()

The following examples show how to use javax.crypto.spec.PBEParameterSpec#getIterationCount() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HmacPKCS12PBESHA1.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 2
Source File: HmacPKCS12PBESHA1.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 3
Source File: PBMAC1Core.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 4
Source File: PBMAC1Core.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 5
Source File: HmacPKCS12PBESHA1.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 6
Source File: PBMAC1Core.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 7
Source File: HmacPKCS12PBESHA1.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 8
Source File: PBMAC1Core.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 9
Source File: HmacPKCS12PBESHA1.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 10
Source File: PBMAC1Core.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 11
Source File: HmacPKCS12PBESHA1.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes;
        if (!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)) ||
                (passwdBytes = key.getEncoded()) == null) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
        Arrays.fill(passwdBytes, (byte)0x00);
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }

    byte[] derivedKey;
    try {
        if (params == null) {
            // should not auto-generate default values since current
            // javax.crypto.Mac api does not have any method for caller to
            // retrieve the generated defaults.
            if ((salt == null) || (iCount == 0)) {
                throw new InvalidAlgorithmParameterException
                        ("PBEParameterSpec required for salt and iteration count");
            }
        } else if (!(params instanceof PBEParameterSpec)) {
            throw new InvalidAlgorithmParameterException
                    ("PBEParameterSpec type required");
        } else {
            PBEParameterSpec pbeParams = (PBEParameterSpec) params;
            // make sure the parameter values are consistent
            if (salt != null) {
                if (!Arrays.equals(salt, pbeParams.getSalt())) {
                    throw new InvalidAlgorithmParameterException
                            ("Inconsistent value of salt between key and params");
                }
            } else {
                salt = pbeParams.getSalt();
            }
            if (iCount != 0) {
                if (iCount != pbeParams.getIterationCount()) {
                    throw new InvalidAlgorithmParameterException
                            ("Different iteration count between key and params");
                }
            } else {
                iCount = pbeParams.getIterationCount();
            }
        }
        // For security purpose, we need to enforce a minimum length
        // for salt; just require the minimum salt length to be 8-byte
        // which is what PKCS#5 recommends and openssl does.
        if (salt.length < 8) {
            throw new InvalidAlgorithmParameterException
                    ("Salt must be at least 8 bytes long");
        }
        if (iCount <= 0) {
            throw new InvalidAlgorithmParameterException
                    ("IterationCount must be a positive number");
        }
        derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
                iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    } finally {
        Arrays.fill(passwdChars, '\0');
    }
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 12
Source File: PBMAC1Core.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 13
Source File: HmacPKCS12PBESHA1.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 14
Source File: HmacPKCS12PBECore.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes;
        if (!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)) ||
                (passwdBytes = key.getEncoded()) == null) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
        Arrays.fill(passwdBytes, (byte)0x00);
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }

    byte[] derivedKey;
    try {
        if (params == null) {
            // should not auto-generate default values since current
            // javax.crypto.Mac api does not have any method for caller to
            // retrieve the generated defaults.
            if ((salt == null) || (iCount == 0)) {
                throw new InvalidAlgorithmParameterException
                        ("PBEParameterSpec required for salt and iteration count");
            }
        } else if (!(params instanceof PBEParameterSpec)) {
            throw new InvalidAlgorithmParameterException
                    ("PBEParameterSpec type required");
        } else {
            PBEParameterSpec pbeParams = (PBEParameterSpec) params;
            // make sure the parameter values are consistent
            if (salt != null) {
                if (!Arrays.equals(salt, pbeParams.getSalt())) {
                    throw new InvalidAlgorithmParameterException
                            ("Inconsistent value of salt between key and params");
                }
            } else {
                salt = pbeParams.getSalt();
            }
            if (iCount != 0) {
                if (iCount != pbeParams.getIterationCount()) {
                    throw new InvalidAlgorithmParameterException
                            ("Different iteration count between key and params");
                }
            } else {
                iCount = pbeParams.getIterationCount();
            }
        }
        // For security purpose, we need to enforce a minimum length
        // for salt; just require the minimum salt length to be 8-byte
        // which is what PKCS#5 recommends and openssl does.
        if (salt.length < 8) {
            throw new InvalidAlgorithmParameterException
                    ("Salt must be at least 8 bytes long");
        }
        if (iCount <= 0) {
            throw new InvalidAlgorithmParameterException
                    ("IterationCount must be a positive number");
        }
        derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
                iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY,
                algorithm, bl);
    } finally {
        Arrays.fill(passwdChars, '\0');
    }
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 15
Source File: PBMAC1Core.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 16
Source File: HmacPKCS12PBESHA1.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 17
Source File: HmacPKCS12PBESHA1.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes;
        if (!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)) ||
                (passwdBytes = key.getEncoded()) == null) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
        Arrays.fill(passwdBytes, (byte)0x00);
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }

    byte[] derivedKey;
    try {
        if (params == null) {
            // should not auto-generate default values since current
            // javax.crypto.Mac api does not have any method for caller to
            // retrieve the generated defaults.
            if ((salt == null) || (iCount == 0)) {
                throw new InvalidAlgorithmParameterException
                        ("PBEParameterSpec required for salt and iteration count");
            }
        } else if (!(params instanceof PBEParameterSpec)) {
            throw new InvalidAlgorithmParameterException
                    ("PBEParameterSpec type required");
        } else {
            PBEParameterSpec pbeParams = (PBEParameterSpec) params;
            // make sure the parameter values are consistent
            if (salt != null) {
                if (!Arrays.equals(salt, pbeParams.getSalt())) {
                    throw new InvalidAlgorithmParameterException
                            ("Inconsistent value of salt between key and params");
                }
            } else {
                salt = pbeParams.getSalt();
            }
            if (iCount != 0) {
                if (iCount != pbeParams.getIterationCount()) {
                    throw new InvalidAlgorithmParameterException
                            ("Different iteration count between key and params");
                }
            } else {
                iCount = pbeParams.getIterationCount();
            }
        }
        // For security purpose, we need to enforce a minimum length
        // for salt; just require the minimum salt length to be 8-byte
        // which is what PKCS#5 recommends and openssl does.
        if (salt.length < 8) {
            throw new InvalidAlgorithmParameterException
                    ("Salt must be at least 8 bytes long");
        }
        if (iCount <= 0) {
            throw new InvalidAlgorithmParameterException
                    ("IterationCount must be a positive number");
        }
        derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
                iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    } finally {
        Arrays.fill(passwdChars, '\0');
    }
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 18
Source File: PBMAC1Core.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }

    PBEKeySpec pbeSpec =
        new PBEKeySpec(passwdChars, salt, iCount, blockLength);
        // password char[] was cloned in PBEKeySpec constructor,
        // so we can zero it out here
    java.util.Arrays.fill(passwdChars, ' ');

    SecretKey s = null;
    PBKDF2Core kdf = getKDFImpl(kdfAlgo);
    try {
        s = kdf.engineGenerateSecret(pbeSpec);

    } catch (InvalidKeySpecException ikse) {
        InvalidKeyException ike =
            new InvalidKeyException("Cannot construct PBE key");
        ike.initCause(ikse);
        throw ike;
    }
    byte[] derivedKey = s.getEncoded();
    SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);

    super.engineInit(cipherKey, null);
}
 
Example 19
Source File: HmacPKCS12PBESHA1.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes = key.getEncoded();
        if ((passwdBytes == null) ||
            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }
    if (params == null) {
        // should not auto-generate default values since current
        // javax.crypto.Mac api does not have any method for caller to
        // retrieve the generated defaults.
        if ((salt == null) || (iCount == 0)) {
            throw new InvalidAlgorithmParameterException
                ("PBEParameterSpec required for salt and iteration count");
        }
    } else if (!(params instanceof PBEParameterSpec)) {
        throw new InvalidAlgorithmParameterException
            ("PBEParameterSpec type required");
    } else {
        PBEParameterSpec pbeParams = (PBEParameterSpec) params;
        // make sure the parameter values are consistent
        if (salt != null) {
            if (!Arrays.equals(salt, pbeParams.getSalt())) {
                throw new InvalidAlgorithmParameterException
                    ("Inconsistent value of salt between key and params");
            }
        } else {
            salt = pbeParams.getSalt();
        }
        if (iCount != 0) {
            if (iCount != pbeParams.getIterationCount()) {
                throw new InvalidAlgorithmParameterException
                    ("Different iteration count between key and params");
            }
        } else {
            iCount = pbeParams.getIterationCount();
        }
    }
    // For security purpose, we need to enforce a minimum length
    // for salt; just require the minimum salt length to be 8-byte
    // which is what PKCS#5 recommends and openssl does.
    if (salt.length < 8) {
        throw new InvalidAlgorithmParameterException
            ("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
        throw new InvalidAlgorithmParameterException
            ("IterationCount must be a positive number");
    }
    byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
        iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}
 
Example 20
Source File: HmacPKCS12PBESHA1.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Initializes the HMAC with the given secret key and algorithm parameters.
 *
 * @param key the secret key.
 * @param params the algorithm parameters.
 *
 * @exception InvalidKeyException if the given key is inappropriate for
 * initializing this MAC.
 * @exception InvalidAlgorithmParameterException if the given algorithm
 * parameters are inappropriate for this MAC.
 */
protected void engineInit(Key key, AlgorithmParameterSpec params)
    throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars;
    byte[] salt = null;
    int iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
        javax.crypto.interfaces.PBEKey pbeKey =
            (javax.crypto.interfaces.PBEKey) key;
        passwdChars = pbeKey.getPassword();
        salt = pbeKey.getSalt(); // maybe null if unspecified
        iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
        byte[] passwdBytes;
        if (!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)) ||
                (passwdBytes = key.getEncoded()) == null) {
            throw new InvalidKeyException("Missing password");
        }
        passwdChars = new char[passwdBytes.length];
        for (int i=0; i<passwdChars.length; i++) {
            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
        }
        Arrays.fill(passwdBytes, (byte)0x00);
    } else {
        throw new InvalidKeyException("SecretKey of PBE type required");
    }

    byte[] derivedKey;
    try {
        if (params == null) {
            // should not auto-generate default values since current
            // javax.crypto.Mac api does not have any method for caller to
            // retrieve the generated defaults.
            if ((salt == null) || (iCount == 0)) {
                throw new InvalidAlgorithmParameterException
                        ("PBEParameterSpec required for salt and iteration count");
            }
        } else if (!(params instanceof PBEParameterSpec)) {
            throw new InvalidAlgorithmParameterException
                    ("PBEParameterSpec type required");
        } else {
            PBEParameterSpec pbeParams = (PBEParameterSpec) params;
            // make sure the parameter values are consistent
            if (salt != null) {
                if (!Arrays.equals(salt, pbeParams.getSalt())) {
                    throw new InvalidAlgorithmParameterException
                            ("Inconsistent value of salt between key and params");
                }
            } else {
                salt = pbeParams.getSalt();
            }
            if (iCount != 0) {
                if (iCount != pbeParams.getIterationCount()) {
                    throw new InvalidAlgorithmParameterException
                            ("Different iteration count between key and params");
                }
            } else {
                iCount = pbeParams.getIterationCount();
            }
        }
        // For security purpose, we need to enforce a minimum length
        // for salt; just require the minimum salt length to be 8-byte
        // which is what PKCS#5 recommends and openssl does.
        if (salt.length < 8) {
            throw new InvalidAlgorithmParameterException
                    ("Salt must be at least 8 bytes long");
        }
        if (iCount <= 0) {
            throw new InvalidAlgorithmParameterException
                    ("IterationCount must be a positive number");
        }
        derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
                iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
    } finally {
        Arrays.fill(passwdChars, '\0');
    }
    SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
    super.engineInit(cipherKey, null);
}