Mercurial > hg > openjdk > jigsaw > jdk
view src/share/classes/com/sun/crypto/provider/PBECipherCore.java @ 7335:473ed4b94306
7171982: Cipher getParameters() throws RuntimeException: Cannot find SunJCE provider
Reviewed-by: vinnie, wetmore
Contributed-by: Tony Scarpino <anthony.scarpino@oracle.com>
| author | vinnie |
|---|---|
| date | Thu, 11 Apr 2013 17:57:08 +0100 |
| parents | 3c5a62290939 |
| children | 053a0b46e437 |
line wrap: on
line source
/* * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package com.sun.crypto.provider; import java.security.*; import java.security.spec.*; import javax.crypto.*; import javax.crypto.spec.*; /** * This class represents password-based encryption as defined by the PKCS #5 * standard. * * @author Jan Luehe * * * @see javax.crypto.Cipher */ final class PBECipherCore { // the encapsulated DES cipher private CipherCore cipher; private MessageDigest md; private int blkSize; private String algo = null; private byte[] salt = null; private int iCount = 10; /** * Creates an instance of PBE Cipher using the specified CipherSpi * instance. * */ PBECipherCore(String cipherAlg) throws NoSuchAlgorithmException, NoSuchPaddingException { algo = cipherAlg; if (algo.equals("DES")) { cipher = new CipherCore(new DESCrypt(), DESConstants.DES_BLOCK_SIZE); } else if (algo.equals("DESede")) { cipher = new CipherCore(new DESedeCrypt(), DESConstants.DES_BLOCK_SIZE); } else { throw new NoSuchAlgorithmException("No Cipher implementation " + "for PBEWithMD5And" + algo); } cipher.setMode("CBC"); cipher.setPadding("PKCS5Padding"); // get instance of MD5 md = MessageDigest.getInstance("MD5"); } /** * Sets the mode of this cipher. This algorithm can only be run in CBC * mode. * * @param mode the cipher mode * * @exception NoSuchAlgorithmException if the requested cipher mode is * invalid */ void setMode(String mode) throws NoSuchAlgorithmException { cipher.setMode(mode); } /** * Sets the padding mechanism of this cipher. This algorithm only uses * PKCS #5 padding. * * @param padding the padding mechanism * * @exception NoSuchPaddingException if the requested padding mechanism * is invalid */ void setPadding(String paddingScheme) throws NoSuchPaddingException { cipher.setPadding(paddingScheme); } /** * Returns the block size (in bytes). * * @return the block size (in bytes) */ int getBlockSize() { return DESConstants.DES_BLOCK_SIZE; } /** * Returns the length in bytes that an output buffer would need to be in * order to hold the result of the next <code>update</code> or * <code>doFinal</code> operation, given the input length * <code>inputLen</code> (in bytes). * * <p>This call takes into account any unprocessed (buffered) data from a * previous <code>update</code> call, and padding. * * <p>The actual output length of the next <code>update</code> or * <code>doFinal</code> call may be smaller than the length returned by * this method. * * @param inputLen the input length (in bytes) * * @return the required output buffer size (in bytes) * */ int getOutputSize(int inputLen) { return cipher.getOutputSize(inputLen); } /** * Returns the initialization vector (IV) in a new buffer. * * <p> This is useful in the case where a random IV has been created * (see <a href = "#init">init</a>), * or in the context of password-based encryption or * decryption, where the IV is derived from a user-supplied password. * * @return the initialization vector in a new buffer, or null if the * underlying algorithm does not use an IV, or if the IV has not yet * been set. */ byte[] getIV() { return cipher.getIV(); } /** * Returns the parameters used with this cipher. * * <p>The returned parameters may be the same that were used to initialize * this cipher, or may contain the default set of parameters or a set of * randomly generated parameters used by the underlying cipher * implementation (provided that the underlying cipher implementation * uses a default set of parameters or creates new parameters if it needs * parameters but was not initialized with any). * * @return the parameters used with this cipher, or null if this cipher * does not use any parameters. */ AlgorithmParameters getParameters() { AlgorithmParameters params = null; if (salt == null) { salt = new byte[8]; SunJCE.getRandom().nextBytes(salt); } PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount); try { params = AlgorithmParameters.getInstance("PBEWithMD5And" + (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), SunJCE.getInstance()); params.init(pbeSpec); } catch (NoSuchAlgorithmException nsae) { // should never happen throw new RuntimeException("SunJCE called, but not configured"); } catch (InvalidParameterSpecException ipse) { // should never happen throw new RuntimeException("PBEParameterSpec not supported"); } return params; } /** * Initializes this cipher with a key, a set of * algorithm parameters, and a source of randomness. * The cipher is initialized for one of the following four operations: * encryption, decryption, key wrapping or key unwrapping, depending on * the value of <code>opmode</code>. * * <p>If this cipher (including its underlying feedback or padding scheme) * requires any random bytes, it will get them from <code>random</code>. * * @param opmode the operation mode of this cipher (this is one of * the following: * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>), * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) * @param key the encryption key * @param params the algorithm parameters * @param random the source of randomness * * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher * @exception InvalidAlgorithmParameterException if the given algorithm * parameters are inappropriate for this cipher */ void init(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { if (((opmode == Cipher.DECRYPT_MODE) || (opmode == Cipher.UNWRAP_MODE)) && (params == null)) { throw new InvalidAlgorithmParameterException("Parameters " + "missing"); } if ((key == null) || (key.getEncoded() == null) || !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) { throw new InvalidKeyException("Missing password"); } if (params == null) { // create random salt and use default iteration count salt = new byte[8]; random.nextBytes(salt); } else { if (!(params instanceof PBEParameterSpec)) { throw new InvalidAlgorithmParameterException ("Wrong parameter type: PBE expected"); } salt = ((PBEParameterSpec) params).getSalt(); // salt must be 8 bytes long (by definition) if (salt.length != 8) { throw new InvalidAlgorithmParameterException ("Salt must be 8 bytes long"); } iCount = ((PBEParameterSpec) params).getIterationCount(); if (iCount <= 0) { throw new InvalidAlgorithmParameterException ("IterationCount must be a positive number"); } } byte[] derivedKey = deriveCipherKey(key); // use all but the last 8 bytes as the key value SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0, derivedKey.length-8, algo); // use the last 8 bytes as the IV IvParameterSpec ivSpec = new IvParameterSpec(derivedKey, derivedKey.length-8, 8); // initialize the underlying cipher cipher.init(opmode, cipherKey, ivSpec, random); } private byte[] deriveCipherKey(Key key) { byte[] result = null; byte[] passwdBytes = key.getEncoded(); if (algo.equals("DES")) { // P || S (password concatenated with salt) byte[] concat = new byte[passwdBytes.length + salt.length]; System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length); java.util.Arrays.fill(passwdBytes, (byte)0x00); System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length); // digest P || S with c iterations byte[] toBeHashed = concat; for (int i = 0; i < iCount; i++) { md.update(toBeHashed); toBeHashed = md.digest(); // this resets the digest } java.util.Arrays.fill(concat, (byte)0x00); result = toBeHashed; } else if (algo.equals("DESede")) { // if the 2 salt halves are the same, invert one of them int i; for (i=0; i<4; i++) { if (salt[i] != salt[i+4]) break; } if (i==4) { // same, invert 1st half for (i=0; i<2; i++) { byte tmp = salt[i]; salt[i] = salt[3-i]; salt[3-1] = tmp; } } // Now digest each half (concatenated with password). For each // half, go through the loop as many times as specified by the // iteration count parameter (inner for loop). // Concatenate the output from each digest round with the // password, and use the result as the input to the next digest // operation. byte[] kBytes = null; IvParameterSpec iv = null; byte[] toBeHashed = null; result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN + DESConstants.DES_BLOCK_SIZE]; for (i = 0; i < 2; i++) { toBeHashed = new byte[salt.length/2]; System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0, toBeHashed.length); for (int j=0; j < iCount; j++) { md.update(toBeHashed); md.update(passwdBytes); toBeHashed = md.digest(); // this resets the digest } System.arraycopy(toBeHashed, 0, result, i*16, toBeHashed.length); } } return result; } void init(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { PBEParameterSpec pbeSpec = null; if (params != null) { try { pbeSpec = params.getParameterSpec(PBEParameterSpec.class); } catch (InvalidParameterSpecException ipse) { throw new InvalidAlgorithmParameterException("Wrong parameter " + "type: PBE " + "expected"); } } init(opmode, key, pbeSpec, random); } /** * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * part. * * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code>, are processed, and the * result is stored in a new buffer. * * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * starts * @param inputLen the input length * * @return the new buffer with the result * */ byte[] update(byte[] input, int inputOffset, int inputLen) { return cipher.update(input, inputOffset, inputLen); } /** * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * part. * * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code>, are processed, and the * result is stored in the <code>output</code> buffer, starting at * <code>outputOffset</code>. * * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * starts * @param inputLen the input length * @param output the buffer for the result * @param outputOffset the offset in <code>output</code> where the result * is stored * * @return the number of bytes stored in <code>output</code> * * @exception ShortBufferException if the given output buffer is too small * to hold the result */ int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException { return cipher.update(input, inputOffset, inputLen, output, outputOffset); } /** * Encrypts or decrypts data in a single-part operation, * or finishes a multiple-part operation. * The data is encrypted or decrypted, depending on how this cipher was * initialized. * * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code>, and any input bytes that * may have been buffered during a previous <code>update</code> operation, * are processed, with padding (if requested) being applied. * The result is stored in a new buffer. * * <p>The cipher is reset to its initial state (uninitialized) after this * call. * * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * starts * @param inputLen the input length * * @return the new buffer with the result * * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size * @exception BadPaddingException if decrypting and padding is choosen, * but the last input data does not have proper padding bytes. */ byte[] doFinal(byte[] input, int inputOffset, int inputLen) throws IllegalBlockSizeException, BadPaddingException { return cipher.doFinal(input, inputOffset, inputLen); } /** * Encrypts or decrypts data in a single-part operation, * or finishes a multiple-part operation. * The data is encrypted or decrypted, depending on how this cipher was * initialized. * * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code>, and any input bytes that * may have been buffered during a previous <code>update</code> operation, * are processed, with padding (if requested) being applied. * The result is stored in the <code>output</code> buffer, starting at * <code>outputOffset</code>. * * <p>The cipher is reset to its initial state (uninitialized) after this * call. * * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * starts * @param inputLen the input length * @param output the buffer for the result * @param outputOffset the offset in <code>output</code> where the result * is stored * * @return the number of bytes stored in <code>output</code> * * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size * @exception ShortBufferException if the given output buffer is too small * to hold the result * @exception BadPaddingException if decrypting and padding is choosen, * but the last input data does not have proper padding bytes. */ int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { return cipher.doFinal(input, inputOffset, inputLen, output, outputOffset); } /** * Wrap a key. * * @param key the key to be wrapped. * * @return the wrapped key. * * @exception IllegalBlockSizeException if this cipher is a block * cipher, no padding has been requested, and the length of the * encoding of the key to be wrapped is not a * multiple of the block size. * * @exception InvalidKeyException if it is impossible or unsafe to * wrap the key with this cipher (e.g., a hardware protected key is * being passed to a software only cipher). */ byte[] wrap(Key key) throws IllegalBlockSizeException, InvalidKeyException { byte[] result = null; try { byte[] encodedKey = key.getEncoded(); if ((encodedKey == null) || (encodedKey.length == 0)) { throw new InvalidKeyException("Cannot get an encoding of " + "the key to be wrapped"); } result = doFinal(encodedKey, 0, encodedKey.length); } catch (BadPaddingException e) { // Should never happen } return result; } /** * Unwrap a previously wrapped key. * * @param wrappedKey the key to be unwrapped. * * @param wrappedKeyAlgorithm the algorithm the wrapped key is for. * * @param wrappedKeyType the type of the wrapped key. * This is one of <code>Cipher.SECRET_KEY</code>, * <code>Cipher.PRIVATE_KEY</code>, or <code>Cipher.PUBLIC_KEY</code>. * * @return the unwrapped key. * * @exception NoSuchAlgorithmException if no installed providers * can create keys of type <code>wrappedKeyType</code> for the * <code>wrappedKeyAlgorithm</code>. * * @exception InvalidKeyException if <code>wrappedKey</code> does not * represent a wrapped key of type <code>wrappedKeyType</code> for * the <code>wrappedKeyAlgorithm</code>. */ Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) throws InvalidKeyException, NoSuchAlgorithmException { byte[] encodedKey; try { encodedKey = doFinal(wrappedKey, 0, wrappedKey.length); } catch (BadPaddingException ePadding) { throw new InvalidKeyException("The wrapped key is not padded " + "correctly"); } catch (IllegalBlockSizeException eBlockSize) { throw new InvalidKeyException("The wrapped key does not have " + "the correct length"); } return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm, wrappedKeyType); } }