Java Code Examples for javax.crypto.spec.PBEKeySpec#getIterationCount()

The following examples show how to use javax.crypto.spec.PBEKeySpec#getIterationCount() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PBKDF2KeyImpl.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 2
Source File: SHA1.java    From ripple-lib-java with ISC License 5 votes vote down vote up
protected SecretKey engineGenerateSecret(
    KeySpec keySpec)
    throws InvalidKeySpecException
{
    if (keySpec instanceof PBEKeySpec)
    {
        PBEKeySpec pbeSpec = (PBEKeySpec)keySpec;

        if (pbeSpec.getSalt() == null)
        {
            throw new InvalidKeySpecException("missing required salt");
        }

        if (pbeSpec.getIterationCount() <= 0)
        {
            throw new InvalidKeySpecException("positive iteration count required: "
                + pbeSpec.getIterationCount());
        }

        if (pbeSpec.getKeyLength() <= 0)
        {
            throw new InvalidKeySpecException("positive key length required: "
                + pbeSpec.getKeyLength());
        }

        if (pbeSpec.getPassword().length == 0)
        {
            throw new IllegalArgumentException("password empty");
        }

        int digest = SHA1;
        int keySize = pbeSpec.getKeyLength();
        int ivSize = -1;    // JDK 1,2 and earlier does not understand simplified version.
        CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);

        return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
    }

    throw new InvalidKeySpecException("Invalid KeySpec");
}
 
Example 3
Source File: StringEncryptor.java    From nifi with Apache License 2.0 5 votes vote down vote up
/**
 * Returns true if the two {@link PBEKeySpec} objects are logically equivalent (same params and password).
 *
 * @param a a PBEKeySpec to compare
 * @param b a PBEKeySpec to compare
 * @return true if they can be used for encryption interchangeably
 */
private static boolean isPBEKeySpecEqual(PBEKeySpec a, PBEKeySpec b) {
    if (a != null) {
        if (b == null) {
            return false;
        } else {
            // Compare all the accessors that will not throw exceptions
            boolean nonNullsEqual = a.getIterationCount() == b.getIterationCount()
                    && a.getKeyLength() == b.getKeyLength()
                    && Arrays.equals(a.getSalt(), b.getSalt());

            // Compare the passwords using constant-time equality while catching exceptions
            boolean passwordsEqual;
            try {
                passwordsEqual = CryptoUtils.constantTimeEquals(a.getPassword(), b.getPassword());
            } catch (IllegalStateException e) {
                logger.warn("Encountered an error trying to compare password equality (one or more passwords have been cleared)");
                // Assume any key spec with password cleared is unusable; return false
                return false;
            }

            // Logging for debug assistance
            if (logger.isDebugEnabled()) {
                logger.debug("The PBEKeySpec objects have equal non-null elements ({}) and equal passwords ({})", new Object[]{String.valueOf(nonNullsEqual), String.valueOf(passwordsEqual)});
            }
            return nonNullsEqual && passwordsEqual;
        }
    } else {
        // If here, a == null
        return b == null;
    }
}
 
Example 4
Source File: SHA1.java    From RipplePower with Apache License 2.0 5 votes vote down vote up
protected SecretKey engineGenerateSecret(
    KeySpec keySpec)
    throws InvalidKeySpecException
{
    if (keySpec instanceof PBEKeySpec)
    {
        PBEKeySpec pbeSpec = (PBEKeySpec)keySpec;

        if (pbeSpec.getSalt() == null)
        {
            throw new InvalidKeySpecException("missing required salt");
        }

        if (pbeSpec.getIterationCount() <= 0)
        {
            throw new InvalidKeySpecException("positive iteration count required: "
                + pbeSpec.getIterationCount());
        }

        if (pbeSpec.getKeyLength() <= 0)
        {
            throw new InvalidKeySpecException("positive key length required: "
                + pbeSpec.getKeyLength());
        }

        if (pbeSpec.getPassword().length == 0)
        {
            throw new IllegalArgumentException("password empty");
        }

        int digest = SHA1;
        int keySize = pbeSpec.getKeyLength();
        int ivSize = -1;    // JDK 1,2 and earlier does not understand simplified version.
        CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);

        return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
    }

    throw new InvalidKeySpecException("Invalid KeySpec");
}
 
Example 5
Source File: RangerMasterKey.java    From ranger with Apache License 2.0 5 votes vote down vote up
private byte[] decryptKey(byte[] encrypted, PBEKeySpec keyspec) throws Throwable {
    SecretKey key = getPasswordKey(keyspec);
    if (keyspec.getSalt() != null) {
        PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
        Cipher c = Cipher.getInstance(key.getAlgorithm());
        c.init(Cipher.DECRYPT_MODE, key, paramSpec);
        return c.doFinal(encrypted);
    }
    return null;
}
 
Example 6
Source File: RangerMasterKey.java    From ranger with Apache License 2.0 5 votes vote down vote up
private byte[] encryptKey(byte[] data, PBEKeySpec keyspec) throws Throwable {
    if (logger.isDebugEnabled()) {
        logger.debug("==> RangerMasterKey.encryptKey()");
    }
    SecretKey key = getPasswordKey(keyspec);
    if (keyspec.getSalt() != null) {
        PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount());
        Cipher c = Cipher.getInstance(key.getAlgorithm());
        c.init(Cipher.ENCRYPT_MODE, key, paramSpec);
        return c.doFinal(data);
    }
    return null;
}
 
Example 7
Source File: PBKDF2KeyImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 8
Source File: PBKDF2KeyImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 9
Source File: PBKDF2KeyImpl.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 10
Source File: PBKDF2KeyImpl.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 11
Source File: PBKDF2KeyImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 12
Source File: PBKDF2KeyImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 13
Source File: PBKDF2KeyImpl.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 14
Source File: PBKDF2KeyImpl.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);
    // remove local copy
    if (passwd != null) Arrays.fill(passwd, '\0');

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
        this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    } finally {
        Arrays.fill(passwdBytes, (byte)0x00);
    }
}
 
Example 15
Source File: PBKDF2KeyImpl.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);
    // remove local copy
    if (passwd != null) Arrays.fill(passwd, '\0');

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
        this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    } finally {
        Arrays.fill(passwdBytes, (byte)0x00);
    }
}
 
Example 16
Source File: PBKDF2KeyImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo);
        // SunPKCS11 requires a non-empty PBE password
        if (passwdBytes.length == 0 &&
            this.prf.getProvider().getName().startsWith("SunPKCS11")) {
            this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
        }
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    }
    this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
}
 
Example 17
Source File: PBKDF2KeyImpl.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param keySpec the given PBE key specification
 * @param prfAlgo the given PBE key algorithm
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);
    // remove local copy
    if (passwd != null) Arrays.fill(passwd, '\0');

    try {
        this.salt = keySpec.getSalt();
        if (salt == null) {
            throw new InvalidKeySpecException("Salt not found");
        }
        this.iterCount = keySpec.getIterationCount();
        if (iterCount == 0) {
            throw new InvalidKeySpecException("Iteration count not found");
        } else if (iterCount < 0) {
            throw new InvalidKeySpecException("Iteration count is negative");
        }
        int keyLength = keySpec.getKeyLength();
        if (keyLength == 0) {
            throw new InvalidKeySpecException("Key length not found");
        } else if (keyLength < 0) {
            throw new InvalidKeySpecException("Key length is negative");
        }
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
        this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    } finally {
        Arrays.fill(passwdBytes, (byte) 0x00);

        // Use the cleaner to zero the key when no longer referenced
        final byte[] k = this.key;
        final char[] p = this.passwd;
        CleanerFactory.cleaner().register(this,
                () -> {
                    Arrays.fill(k, (byte) 0x00);
                    Arrays.fill(p, '\0');
                });
    }
}
 
Example 18
Source File: PBKDF2KeyImpl.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);
    // remove local copy
    if (passwd != null) Arrays.fill(passwd, '\0');

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
        this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    } finally {
        Arrays.fill(passwdBytes, (byte)0x00);
    }
}
 
Example 19
Source File: PBKDF2KeyImpl.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PBE key from a given PBE key specification.
 *
 * @param key the given PBE key specification
 */
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
    throws InvalidKeySpecException {
    char[] passwd = keySpec.getPassword();
    if (passwd == null) {
        // Should allow an empty password.
        this.passwd = new char[0];
    } else {
        this.passwd = passwd.clone();
    }
    // Convert the password from char[] to byte[]
    byte[] passwdBytes = getPasswordBytes(this.passwd);
    // remove local copy
    if (passwd != null) Arrays.fill(passwd, '\0');

    this.salt = keySpec.getSalt();
    if (salt == null) {
        throw new InvalidKeySpecException("Salt not found");
    }
    this.iterCount = keySpec.getIterationCount();
    if (iterCount == 0) {
        throw new InvalidKeySpecException("Iteration count not found");
    } else if (iterCount < 0) {
        throw new InvalidKeySpecException("Iteration count is negative");
    }
    int keyLength = keySpec.getKeyLength();
    if (keyLength == 0) {
        throw new InvalidKeySpecException("Key length not found");
    } else if (keyLength < 0) {
        throw new InvalidKeySpecException("Key length is negative");
    }
    try {
        this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
        this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
    } catch (NoSuchAlgorithmException nsae) {
        // not gonna happen; re-throw just in case
        InvalidKeySpecException ike = new InvalidKeySpecException();
        ike.initCause(nsae);
        throw ike;
    } finally {
        Arrays.fill(passwdBytes, (byte)0x00);
    }
}