/** * generate a PBE based key suitable for a MAC algorithm, the key size is chosen according the * MAC size, or the hashing algorithm, whichever is greater. */ public static CipherParameters makePBEMacParameters( BCPBEKey pbeKey, AlgorithmParameterSpec spec) { if ((spec == null) || !(spec instanceof PBEParameterSpec)) { throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); } PBEParameterSpec pbeParam = (PBEParameterSpec) spec; PBEParametersGenerator generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest()); byte[] key = pbeKey.getEncoded(); CipherParameters param; if (pbeKey.shouldTryWrongPKCS12()) { key = new byte[2]; } generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); param = generator.generateDerivedMacParameters(pbeKey.getKeySize()); for (int i = 0; i != key.length; i++) { key[i] = 0; } return param; }
protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { CipherParameters param; if (key instanceof BCPBEKey) { BCPBEKey k = (BCPBEKey) key; if (params instanceof PBEParameterSpec) { param = PBE.Util.makePBEParameters(k, params, wrapEngine.getAlgorithmName()); } else if (k.getParam() != null) { param = k.getParam(); } else { throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); } } else { param = new KeyParameter(key.getEncoded()); } if (params instanceof IvParameterSpec) { IvParameterSpec iv = (IvParameterSpec) params; param = new ParametersWithIV(param, iv.getIV()); } if (param instanceof KeyParameter && ivSize != 0) { iv = new byte[ivSize]; random.nextBytes(iv); param = new ParametersWithIV(param, iv); } switch (opmode) { case Cipher.WRAP_MODE: wrapEngine.init(true, param); break; case Cipher.UNWRAP_MODE: wrapEngine.init(false, param); break; case Cipher.ENCRYPT_MODE: case Cipher.DECRYPT_MODE: throw new IllegalArgumentException("engine only valid for wrapping"); default: System.out.println("eeek!"); } }
/** construct a key and iv (if necessary) suitable for use with a Cipher. */ public static CipherParameters makePBEParameters( BCPBEKey pbeKey, AlgorithmParameterSpec spec, String targetAlgorithm) { if ((spec == null) || !(spec instanceof PBEParameterSpec)) { throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); } PBEParameterSpec pbeParam = (PBEParameterSpec) spec; PBEParametersGenerator generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest()); byte[] key = pbeKey.getEncoded(); CipherParameters param; if (pbeKey.shouldTryWrongPKCS12()) { key = new byte[2]; } generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); if (pbeKey.getIvSize() != 0) { param = generator.generateDerivedParameters(pbeKey.getKeySize(), pbeKey.getIvSize()); } else { param = generator.generateDerivedParameters(pbeKey.getKeySize()); } if (targetAlgorithm.startsWith("DES")) { if (param instanceof ParametersWithIV) { KeyParameter kParam = (KeyParameter) ((ParametersWithIV) param).getParameters(); DESParameters.setOddParity(kParam.getKey()); } else { KeyParameter kParam = (KeyParameter) param; DESParameters.setOddParity(kParam.getKey()); } } for (int i = 0; i != key.length; i++) { key[i] = 0; } return param; }