Java Code Examples for javax.crypto.Cipher#unwrap()
The following examples show how to use
javax.crypto.Cipher#unwrap() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RsaUtil.java From util4j with Apache License 2.0 | 6 votes |
|
/**
* 使用密钥解包密钥
* @param key
* @param unwrapKey
* @return
*/
public PublicKey unwrapPublicKeyByKey(byte[] key,Key unwrapKey)
{
try {
if(key==null || key.length<=0 || unwrapKey==null)
{
return null;
}
Cipher cipher=Cipher.getInstance(algorithm);
//使用私钥包裹模式
cipher.init(Cipher.UNWRAP_MODE,unwrapKey);
return (PublicKey) cipher.unwrap(key, algorithm,Cipher.PUBLIC_KEY);
} catch (Exception e) {
log.error(e.getMessage(),e);
}
return null;
}
Example 2
| Source File: Crypto.java From divide with Apache License 2.0 | 6 votes |
|
public static byte[] decrypt(byte[] encryptedMessage, PrivateKey privateKey)
{
try
{
// Read the symmetric key from the encrypted message (and its length)
int length = byteArrayToInt(Arrays.copyOf(encryptedMessage,4));
byte[] wrappedKey = Arrays.copyOfRange(encryptedMessage,4,4+length);
// Decrypt the symmetric key
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
cipher.init(Cipher.UNWRAP_MODE, privateKey);
Key symmetricKey = cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
// Decrypt the message and return it
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, symmetricKey);
return cipher.doFinal(Arrays.copyOfRange(encryptedMessage,4+length,encryptedMessage.length));
}
catch (GeneralSecurityException exception)
{
exception.printStackTrace();
return null;
}
}
Example 3
| Source File: WrappedRawMaterials.java From aws-dynamodb-encryption-java with Apache License 2.0 | 5 votes |
|
protected SecretKey unwrapKey(Map<String, String> description, byte[] encryptedKey, String wrappingAlgorithm)
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
if (unwrappingKey instanceof DelegatedKey) {
return (SecretKey)((DelegatedKey)unwrappingKey).unwrap(encryptedKey,
description.get(CONTENT_KEY_ALGORITHM), Cipher.SECRET_KEY, null, wrappingAlgorithm);
} else {
Cipher cipher = Cipher.getInstance(wrappingAlgorithm);
cipher.init(Cipher.UNWRAP_MODE, unwrappingKey, Utils.getRng());
return (SecretKey) cipher.unwrap(encryptedKey,
description.get(CONTENT_KEY_ALGORITHM), Cipher.SECRET_KEY);
}
}
Example 4
| Source File: KeyWrapper.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
private static void doTest(String provider, String algo) throws Exception {
SecretKey key;
SecretKey keyToWrap;
// init a secret Key
KeyGenerator kg = KeyGenerator.getInstance(AES, PROVIDER);
kg.init(KEY_LENGTH);
key = kg.generateKey();
keyToWrap = kg.generateKey();
// initialization
Cipher cipher = Cipher.getInstance(algo, provider);
cipher.init(Cipher.WRAP_MODE, key);
AlgorithmParameters params = cipher.getParameters();
// wrap the key
byte[] keyWrapper = cipher.wrap(keyToWrap);
try {
// check if we can't wrap it again with the same key/IV
keyWrapper = cipher.wrap(keyToWrap);
throw new RuntimeException(
"FAILED: expected IllegalStateException hasn't "
+ "been thrown ");
} catch (IllegalStateException ise) {
System.out.println(ise.getMessage());
System.out.println("Expected exception");
}
// unwrap the key
cipher.init(Cipher.UNWRAP_MODE, key, params);
cipher.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
// check if we can unwrap second time
Key unwrapKey = cipher.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if (!Arrays.equals(keyToWrap.getEncoded(), unwrapKey.getEncoded())) {
throw new RuntimeException(
"FAILED: original and unwrapped keys are not equal");
}
}
Example 5
| Source File: TestDelegatedKey.java From aws-dynamodb-encryption-java with Apache License 2.0 | 5 votes |
|
@Override
public Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType,
byte[] additionalAssociatedData, String algorithm) throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException {
Cipher cipher = Cipher.getInstance(extractAlgorithm(algorithm));
cipher.init(Cipher.UNWRAP_MODE, realKey);
return cipher.unwrap(wrappedKey, wrappedKeyAlgorithm, wrappedKeyType);
}
Example 6
| Source File: CryptoSerialization.java From JPPF with Apache License 2.0 | 5 votes |
|
@Override
public Object deserialize(final InputStream is) throws Exception {
// start by reading the secret key to use to decrypt the data
final DataInputStream dis = new DataInputStream(is);
// read the length of the key
final int keyLength = dis.readInt();
// read the encrypted key
final byte[] keyBytes = new byte[keyLength];
int count = 0;
while (count < keyLength) {
final int n = dis.read(keyBytes, count, keyLength - count);
if (n > 0) count += n;
else throw new EOFException("could only read " + count + " bytes of the key, out of " + keyLength);
}
// decrypt the key using the initial key stored in the keystore
Cipher cipher = Cipher.getInstance(Helper.getTransformation());
cipher.init(Cipher.UNWRAP_MODE, getSecretKey(), getInitializationVector());
final SecretKey key = (SecretKey) cipher.unwrap(keyBytes, Helper.getAlgorithm(), Cipher.SECRET_KEY);
// get a new cipher for the actual decryption
cipher = Cipher.getInstance(Helper.getTransformation());
// init the cipher in decryption mode with the retireved key
cipher.init(Cipher.DECRYPT_MODE, key, getInitializationVector());
// deserialize a sealed (encrypted) object
final SealedObject sealed = (SealedObject) getDelegate().deserialize(is);
// decrypt the sealed object into the plain riginal object
return sealed.getObject(cipher);
}
Example 7
| Source File: KeyWrapper.java From hottub with GNU General Public License v2.0 | 5 votes |
|
private static void doTest(String provider, String algo) throws Exception {
SecretKey key;
SecretKey keyToWrap;
// init a secret Key
KeyGenerator kg = KeyGenerator.getInstance(AES, PROVIDER);
kg.init(KEY_LENGTH);
key = kg.generateKey();
keyToWrap = kg.generateKey();
// initialization
Cipher cipher = Cipher.getInstance(algo, provider);
cipher.init(Cipher.WRAP_MODE, key);
AlgorithmParameters params = cipher.getParameters();
// wrap the key
byte[] keyWrapper = cipher.wrap(keyToWrap);
try {
// check if we can't wrap it again with the same key/IV
keyWrapper = cipher.wrap(keyToWrap);
throw new RuntimeException(
"FAILED: expected IllegalStateException hasn't "
+ "been thrown ");
} catch (IllegalStateException ise) {
System.out.println(ise.getMessage());
System.out.println("Expected exception");
}
// unwrap the key
cipher.init(Cipher.UNWRAP_MODE, key, params);
cipher.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
// check if we can unwrap second time
Key unwrapKey = cipher.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if (!Arrays.equals(keyToWrap.getEncoded(), unwrapKey.getEncoded())) {
throw new RuntimeException(
"FAILED: original and unwrapped keys are not equal");
}
}
Example 8
| Source File: KeyWrapper.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
private static void doTest(String provider, String algo) throws Exception {
SecretKey key;
SecretKey keyToWrap;
// init a secret Key
KeyGenerator kg = KeyGenerator.getInstance(AES, PROVIDER);
kg.init(KEY_LENGTH);
key = kg.generateKey();
keyToWrap = kg.generateKey();
// initialization
Cipher cipher = Cipher.getInstance(algo, provider);
cipher.init(Cipher.WRAP_MODE, key);
AlgorithmParameters params = cipher.getParameters();
// wrap the key
byte[] keyWrapper = cipher.wrap(keyToWrap);
try {
// check if we can't wrap it again with the same key/IV
keyWrapper = cipher.wrap(keyToWrap);
throw new RuntimeException(
"FAILED: expected IllegalStateException hasn't "
+ "been thrown ");
} catch (IllegalStateException ise) {
System.out.println(ise.getMessage());
System.out.println("Expected exception");
}
// unwrap the key
cipher.init(Cipher.UNWRAP_MODE, key, params);
cipher.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
// check if we can unwrap second time
Key unwrapKey = cipher.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if (!Arrays.equals(keyToWrap.getEncoded(), unwrapKey.getEncoded())) {
throw new RuntimeException(
"FAILED: original and unwrapped keys are not equal");
}
}
Example 9
| Source File: WrappedRawMaterials.java From aws-dynamodb-encryption-java with Apache License 2.0 | 5 votes |
|
protected SecretKey unwrapKey(Map<String, String> description, byte[] encryptedKey, String wrappingAlgorithm)
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
if (unwrappingKey instanceof DelegatedKey) {
return (SecretKey)((DelegatedKey)unwrappingKey).unwrap(encryptedKey,
description.get(CONTENT_KEY_ALGORITHM), Cipher.SECRET_KEY, null, wrappingAlgorithm);
} else {
Cipher cipher = Cipher.getInstance(wrappingAlgorithm);
cipher.init(Cipher.UNWRAP_MODE, unwrappingKey, Utils.getRng());
return (SecretKey) cipher.unwrap(encryptedKey,
description.get(CONTENT_KEY_ALGORITHM), Cipher.SECRET_KEY);
}
}
Example 10
| Source File: AuthHampManager.java From baratine with GNU General Public License v2.0 | 5 votes |
|
public Key decryptKey(String keyAlgorithm, byte []encKey)
{
try {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.UNWRAP_MODE, _authKeyPair.getPrivate());
Key key = cipher.unwrap(encKey, keyAlgorithm, Cipher.SECRET_KEY);
return key;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example 11
| Source File: TestCipherKeyWrapperPBEKey.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public boolean runTest(Provider p, String algo, PrintStream out)
throws Exception {
byte[] salt = new byte[8];
int ITERATION_COUNT = 1000;
AlgorithmParameters pbeParams = null;
String baseAlgo
= new StringTokenizer(algo, "/").nextToken().toUpperCase();
boolean isAES = baseAlgo.contains("AES");
boolean isUnlimited =
(Cipher.getMaxAllowedKeyLength(algo) == Integer.MAX_VALUE);
try {
// Initialization
new Random().nextBytes(salt);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
ITERATION_COUNT);
SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
SecretKey key = skf.generateSecret(new PBEKeySpec(
"Secret Key".toCharArray()));
Cipher ci = Cipher.getInstance(algo);
if (isAES) {
ci.init(Cipher.WRAP_MODE, key);
pbeParams = ci.getParameters();
} else {
ci.init(Cipher.WRAP_MODE, key, aps);
}
byte[] keyWrapper = ci.wrap(key);
if (isAES) {
ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
} else {
ci.init(Cipher.UNWRAP_MODE, key, aps);
}
Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if ((baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256")) && !isUnlimited) {
out.print(
"Expected InvalidKeyException not thrown");
return false;
}
return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
} catch (InvalidKeyException ex) {
if ((baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256")) && !isUnlimited) {
out.print(
"Expected InvalidKeyException thrown");
return true;
} else {
throw ex;
}
}
}
Example 12
| Source File: TestAESWrapOids.java From hottub with GNU General Public License v2.0 | 4 votes |
|
private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException {
Cipher algorithmCipher = Cipher.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(
dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.oid));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// Wrap the key
algorithmCipher.init(Cipher.WRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
// Unwrap the key
oidCipher.init(Cipher.UNWRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] keyWrapper = algorithmCipher.wrap(key);
Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
Cipher.SECRET_KEY);
// Comparison
if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Key comparison failed");
}
}
Example 13
| Source File: TestAESWrapOids.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException {
Cipher algorithmCipher = Cipher.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(
dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.oid));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// Wrap the key
algorithmCipher.init(Cipher.WRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
// Unwrap the key
oidCipher.init(Cipher.UNWRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] keyWrapper = algorithmCipher.wrap(key);
Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
Cipher.SECRET_KEY);
// Comparison
if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Key comparison failed");
}
}
Example 14
| Source File: TestAESWrapOids.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException {
Cipher algorithmCipher = Cipher.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(
dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.oid));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// Wrap the key
algorithmCipher.init(Cipher.WRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
// Unwrap the key
oidCipher.init(Cipher.UNWRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] keyWrapper = algorithmCipher.wrap(key);
Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
Cipher.SECRET_KEY);
// Comparison
if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Key comparison failed");
}
}
Example 15
| Source File: TestAESWrapOids.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException {
Cipher algorithmCipher = Cipher.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(
dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.oid));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// Wrap the key
algorithmCipher.init(Cipher.WRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
// Unwrap the key
oidCipher.init(Cipher.UNWRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] keyWrapper = algorithmCipher.wrap(key);
Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
Cipher.SECRET_KEY);
// Comparison
if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Key comparison failed");
}
}
Example 16
| Source File: TestAESWrapOids.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException {
Cipher algorithmCipher = Cipher.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(
dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.oid));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// Wrap the key
algorithmCipher.init(Cipher.WRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
// Unwrap the key
oidCipher.init(Cipher.UNWRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] keyWrapper = algorithmCipher.wrap(key);
Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
Cipher.SECRET_KEY);
// Comparison
if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Key comparison failed");
}
}
Example 17
| Source File: TestCipherKeyWrapperPBEKey.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
public boolean runTest(Provider p, String algo, PrintStream out)
throws Exception {
byte[] salt = new byte[8];
int ITERATION_COUNT = 1000;
AlgorithmParameters pbeParams = null;
String baseAlgo
= new StringTokenizer(algo, "/").nextToken().toUpperCase();
boolean isAES = baseAlgo.contains("AES");
boolean isUnlimited =
(Cipher.getMaxAllowedKeyLength(algo) == Integer.MAX_VALUE);
try {
// Initialization
new Random().nextBytes(salt);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
ITERATION_COUNT);
SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
SecretKey key = skf.generateSecret(new PBEKeySpec(
"Secret Key".toCharArray()));
Cipher ci = Cipher.getInstance(algo);
if (isAES) {
ci.init(Cipher.WRAP_MODE, key);
pbeParams = ci.getParameters();
} else {
ci.init(Cipher.WRAP_MODE, key, aps);
}
byte[] keyWrapper = ci.wrap(key);
if (isAES) {
ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
} else {
ci.init(Cipher.UNWRAP_MODE, key, aps);
}
Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if ((baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256")) && !isUnlimited) {
out.print(
"Expected InvalidKeyException not thrown");
return false;
}
return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
} catch (InvalidKeyException ex) {
if ((baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256")) && !isUnlimited) {
out.print(
"Expected InvalidKeyException thrown");
return true;
} else {
throw ex;
}
}
}
Example 18
| Source File: TestCipherKeyWrapperPBEKey.java From hottub with GNU General Public License v2.0 | 4 votes |
|
public boolean runTest(Provider p, String algo, PrintStream out)
throws Exception {
byte[] salt = new byte[8];
int ITERATION_COUNT = 1000;
AlgorithmParameters pbeParams = null;
String baseAlgo
= new StringTokenizer(algo, "/").nextToken().toUpperCase();
boolean isAES = baseAlgo.contains("AES");
try {
// Initialization
new Random().nextBytes(salt);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
ITERATION_COUNT);
SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
SecretKey key = skf.generateSecret(new PBEKeySpec(
"Secret Key".toCharArray()));
Cipher ci = Cipher.getInstance(algo);
if (isAES) {
ci.init(Cipher.WRAP_MODE, key);
pbeParams = ci.getParameters();
} else {
ci.init(Cipher.WRAP_MODE, key, aps);
}
byte[] keyWrapper = ci.wrap(key);
if (isAES) {
ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
} else {
ci.init(Cipher.UNWRAP_MODE, key, aps);
}
Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if (baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256")) {
out.print(
"InvalidKeyException not thrown when keyStrength > 128");
return false;
}
return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
} catch (InvalidKeyException ex) {
if ((baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256"))) {
out.println("Expected InvalidKeyException, keyStrength > 128");
return true;
} else {
throw ex;
}
}
}
Example 19
| Source File: TestCipherKeyWrapperPBEKey.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
public boolean runTest(Provider p, String algo, PrintStream out)
throws Exception {
byte[] salt = new byte[8];
int ITERATION_COUNT = 1000;
AlgorithmParameters pbeParams = null;
String baseAlgo
= new StringTokenizer(algo, "/").nextToken().toUpperCase();
boolean isAES = baseAlgo.contains("AES");
boolean isUnlimited =
(Cipher.getMaxAllowedKeyLength(algo) == Integer.MAX_VALUE);
try {
// Initialization
new Random().nextBytes(salt);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
ITERATION_COUNT);
SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
SecretKey key = skf.generateSecret(new PBEKeySpec(
"Secret Key".toCharArray()));
Cipher ci = Cipher.getInstance(algo);
if (isAES) {
ci.init(Cipher.WRAP_MODE, key);
pbeParams = ci.getParameters();
} else {
ci.init(Cipher.WRAP_MODE, key, aps);
}
byte[] keyWrapper = ci.wrap(key);
if (isAES) {
ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
} else {
ci.init(Cipher.UNWRAP_MODE, key, aps);
}
Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
if ((baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256")) && !isUnlimited) {
out.print(
"Expected InvalidKeyException not thrown");
return false;
}
return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
} catch (InvalidKeyException ex) {
if ((baseAlgo.endsWith("TRIPLEDES")
|| baseAlgo.endsWith("AES_256")) && !isUnlimited) {
out.print(
"Expected InvalidKeyException thrown");
return true;
} else {
throw ex;
}
}
}
Example 20
| Source File: TestAESWrapOids.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException {
Cipher algorithmCipher = Cipher.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(
dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.oid));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// Wrap the key
algorithmCipher.init(Cipher.WRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
// Unwrap the key
oidCipher.init(Cipher.UNWRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] keyWrapper = algorithmCipher.wrap(key);
Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
Cipher.SECRET_KEY);
// Comparison
if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Key comparison failed");
}
}
