コード例 #1
0
  /**
   * Method wrap
   *
   * @param in
   * @param inOff
   * @param inLen
   * @return the wrapped bytes.
   */
  public byte[] wrap(byte[] in, int inOff, int inLen) {
    if (!forWrapping) {
      throw new IllegalStateException("Not initialized for wrapping");
    }

    byte keyToBeWrapped[] = new byte[inLen];

    System.arraycopy(in, inOff, keyToBeWrapped, 0, inLen);

    // Compute the CMS Key Checksum, (section 5.6.1), call this CKS.
    byte[] CKS = calculateCMSKeyChecksum(keyToBeWrapped);

    // Let WKCKS = WK || CKS where || is concatenation.
    byte[] WKCKS = new byte[keyToBeWrapped.length + CKS.length];

    System.arraycopy(keyToBeWrapped, 0, WKCKS, 0, keyToBeWrapped.length);
    System.arraycopy(CKS, 0, WKCKS, keyToBeWrapped.length, CKS.length);

    // Encrypt WKCKS in CBC mode using KEK as the key and IV as the
    // initialization vector. Call the results TEMP1.

    int blockSize = engine.getBlockSize();

    if (WKCKS.length % blockSize != 0) {
      throw new IllegalStateException("Not multiple of block length");
    }

    engine.init(true, paramPlusIV);

    byte TEMP1[] = new byte[WKCKS.length];

    for (int currentBytePos = 0; currentBytePos != WKCKS.length; currentBytePos += blockSize) {
      engine.processBlock(WKCKS, currentBytePos, TEMP1, currentBytePos);
    }

    // Let TEMP2 = IV || TEMP1.
    byte[] TEMP2 = new byte[this.iv.length + TEMP1.length];

    System.arraycopy(this.iv, 0, TEMP2, 0, this.iv.length);
    System.arraycopy(TEMP1, 0, TEMP2, this.iv.length, TEMP1.length);

    // Reverse the order of the octets in TEMP2 and call the result TEMP3.
    byte[] TEMP3 = reverse(TEMP2);

    // Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
    // of 0x 4a dd a2 2c 79 e8 21 05. The resulting cipher text is the desired
    // result. It is 40 octets long if a 168 bit key is being wrapped.
    ParametersWithIV param2 = new ParametersWithIV(this.param, IV2);

    this.engine.init(true, param2);

    for (int currentBytePos = 0; currentBytePos != TEMP3.length; currentBytePos += blockSize) {
      engine.processBlock(TEMP3, currentBytePos, TEMP3, currentBytePos);
    }

    return TEMP3;
  }
コード例 #2
0
  /**
   * Method unwrap
   *
   * @param in
   * @param inOff
   * @param inLen
   * @return the unwrapped bytes.
   * @throws InvalidCipherTextException
   */
  public byte[] unwrap(byte[] in, int inOff, int inLen) throws InvalidCipherTextException {
    if (forWrapping) {
      throw new IllegalStateException("Not set for unwrapping");
    }

    if (in == null) {
      throw new InvalidCipherTextException("Null pointer as ciphertext");
    }

    final int blockSize = engine.getBlockSize();
    if (inLen % blockSize != 0) {
      throw new InvalidCipherTextException("Ciphertext not multiple of " + blockSize);
    }

    /*
    // Check if the length of the cipher text is reasonable given the key
    // type. It must be 40 bytes for a 168 bit key and either 32, 40, or
    // 48 bytes for a 128, 192, or 256 bit key. If the length is not supported
    // or inconsistent with the algorithm for which the key is intended,
    // return error.
    //
    // we do not accept 168 bit keys. it has to be 192 bit.
    int lengthA = (estimatedKeyLengthInBit / 8) + 16;
    int lengthB = estimatedKeyLengthInBit % 8;

    if ((lengthA != keyToBeUnwrapped.length) || (lengthB != 0)) {
       throw new XMLSecurityException("empty");
    }
    */

    // Decrypt the cipher text with TRIPLedeS in CBC mode using the KEK
    // and an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3.
    ParametersWithIV param2 = new ParametersWithIV(this.param, IV2);

    this.engine.init(false, param2);

    byte TEMP3[] = new byte[inLen];

    for (int currentBytePos = 0; currentBytePos != inLen; currentBytePos += blockSize) {
      engine.processBlock(in, inOff + currentBytePos, TEMP3, currentBytePos);
    }

    // Reverse the order of the octets in TEMP3 and call the result TEMP2.
    byte[] TEMP2 = reverse(TEMP3);

    // Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining octets.
    this.iv = new byte[8];

    byte[] TEMP1 = new byte[TEMP2.length - 8];

    System.arraycopy(TEMP2, 0, this.iv, 0, 8);
    System.arraycopy(TEMP2, 8, TEMP1, 0, TEMP2.length - 8);

    // Decrypt TEMP1 using TRIPLedeS in CBC mode using the KEK and the IV
    // found in the previous step. Call the result WKCKS.
    this.paramPlusIV = new ParametersWithIV(this.param, this.iv);

    this.engine.init(false, this.paramPlusIV);

    byte[] WKCKS = new byte[TEMP1.length];

    for (int currentBytePos = 0; currentBytePos != WKCKS.length; currentBytePos += blockSize) {
      engine.processBlock(TEMP1, currentBytePos, WKCKS, currentBytePos);
    }

    // Decompose WKCKS. CKS is the last 8 octets and WK, the wrapped key, are
    // those octets before the CKS.
    byte[] result = new byte[WKCKS.length - 8];
    byte[] CKStoBeVerified = new byte[8];

    System.arraycopy(WKCKS, 0, result, 0, WKCKS.length - 8);
    System.arraycopy(WKCKS, WKCKS.length - 8, CKStoBeVerified, 0, 8);

    // Calculate a CMS Key Checksum, (section 5.6.1), over the WK and compare
    // with the CKS extracted in the above step. If they are not equal, return error.
    if (!checkCMSKeyChecksum(result, CKStoBeVerified)) {
      throw new InvalidCipherTextException("Checksum inside ciphertext is corrupted");
    }

    // WK is the wrapped key, now extracted for use in data decryption.
    return result;
  }