Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk

体验新版 GitCode,发现更多精彩内容 >>

提交 749e65bb 编写于 作者: V vinnie
浏览文件
操作

6383200: PBE: need new algorithm support in password based encryption 

Reviewed-by: valeriep
上级 7f2a12a3
展开全部 隐藏空白更改
内联 并排
Showing with 2821 addition and 88 deletion
src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -55,12 +55,25 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
static {
validTypes = new HashSet<String>(4);
validTypes = new HashSet<String>(17);
validTypes.add("PBEWithMD5AndDES".toUpperCase());
validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase());
validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase());
validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase());
// Proprietary algorithm.
validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase());
validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase());
validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase());
}
public static final class PBEWithMD5AndDES
......@@ -84,6 +97,27 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
}
public static final class PBEWithSHA1AndRC2_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC2_128() {
super("PBEWithSHA1AndRC2_128");
}
}
public static final class PBEWithSHA1AndRC4_40
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_40() {
super("PBEWithSHA1AndRC4_40");
}
}
public static final class PBEWithSHA1AndRC4_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_128() {
super("PBEWithSHA1AndRC4_128");
}
}
/*
* Private proprietary algorithm for supporting JCEKS.
*/
......@@ -94,6 +128,75 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
}
public static final class PBEWithHmacSHA1AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_128() {
super("PBEWithHmacSHA1AndAES_128");
}
}
public static final class PBEWithHmacSHA224AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_128() {
super("PBEWithHmacSHA224AndAES_128");
}
}
public static final class PBEWithHmacSHA256AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_128() {
super("PBEWithHmacSHA256AndAES_128");
}
}
public static final class PBEWithHmacSHA384AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_128() {
super("PBEWithHmacSHA384AndAES_128");
}
}
public static final class PBEWithHmacSHA512AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_128() {
super("PBEWithHmacSHA512AndAES_128");
}
}
public static final class PBEWithHmacSHA1AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_256() {
super("PBEWithHmacSHA1AndAES_256");
}
}
public static final class PBEWithHmacSHA224AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_256() {
super("PBEWithHmacSHA224AndAES_256");
}
}
public static final class PBEWithHmacSHA256AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_256() {
super("PBEWithHmacSHA256AndAES_256");
}
}
public static final class PBEWithHmacSHA384AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_256() {
super("PBEWithHmacSHA384AndAES_256");
}
}
public static final class PBEWithHmacSHA512AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_256() {
super("PBEWithHmacSHA512AndAES_256");
}
}
/**
* Generates a <code>SecretKey</code> object from the provided key
......
src/share/classes/com/sun/crypto/provider/PBEParameters.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -57,6 +57,9 @@ public final class PBEParameters extends AlgorithmParametersSpi {
// the iteration count
private int iCount = 0;
// the cipher parameter
private AlgorithmParameterSpec cipherParam = null;
protected void engineInit(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException
{
......@@ -66,6 +69,7 @@ public final class PBEParameters extends AlgorithmParametersSpi {
}
this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
}
protected void engineInit(byte[] encoded)
......@@ -102,7 +106,8 @@ public final class PBEParameters extends AlgorithmParametersSpi {
throws InvalidParameterSpecException
{
if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
return paramSpec.cast(
new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
} else {
throw new InvalidParameterSpecException
("Inappropriate parameter specification");
......
src/share/classes/com/sun/crypto/provider/PBES2Core.java 0 → 100644
浏览文件 @ 749e65bb
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.io.UnsupportedEncodingException;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.interfaces.*;
import javax.crypto.spec.*;
/**
* This class represents password-based encryption as defined by the PKCS #5
* standard.
* These algorithms implement PBE with HmacSHA1/HmacSHA2-family and AES-CBC.
* Padding is done as described in PKCS #5.
*
* @author Jan Luehe
*
*
* @see javax.crypto.Cipher
*/
abstract class PBES2Core extends CipherSpi {
private static final int DEFAULT_SALT_LENGTH = 20;
private static final int DEFAULT_COUNT = 4096;
// the encapsulated cipher
private final CipherCore cipher;
private final int keyLength; // in bits
private final int blkSize; // in bits
private final PBKDF2Core kdf;
private final String pbeAlgo;
private final String cipherAlgo;
private int iCount = DEFAULT_COUNT;
private byte[] salt = null;
private IvParameterSpec ivSpec = null;
/**
* Creates an instance of PBE Scheme 2 according to the selected
* password-based key derivation function and encryption scheme.
*/
PBES2Core(String kdfAlgo, String cipherAlgo, int keySize)
throws NoSuchAlgorithmException, NoSuchPaddingException {
this.cipherAlgo = cipherAlgo;
keyLength = keySize * 8;
pbeAlgo = "PBEWith" + kdfAlgo + "And" + cipherAlgo + "_" + keyLength;
if (cipherAlgo.equals("AES")) {
blkSize = AESConstants.AES_BLOCK_SIZE;
cipher = new CipherCore(new AESCrypt(), blkSize);
switch(kdfAlgo) {
case "HmacSHA1":
kdf = new PBKDF2Core.HmacSHA1();
break;
case "HmacSHA224":
kdf = new PBKDF2Core.HmacSHA224();
break;
case "HmacSHA256":
kdf = new PBKDF2Core.HmacSHA256();
break;
case "HmacSHA384":
kdf = new PBKDF2Core.HmacSHA384();
break;
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
default:
throw new NoSuchAlgorithmException(
"No Cipher implementation for " + kdfAlgo);
}
} else {
throw new NoSuchAlgorithmException("No Cipher implementation for " +
pbeAlgo);
}
cipher.setMode("CBC");
cipher.setPadding("PKCS5Padding");
}
protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
}
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
if ((paddingScheme != null) &&
(!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
throw new NoSuchPaddingException("Invalid padding scheme: " +
paddingScheme);
}
}
protected int engineGetBlockSize() {
return blkSize;
}
protected int engineGetOutputSize(int inputLen) {
return cipher.getOutputSize(inputLen);
}
protected byte[] engineGetIV() {
return cipher.getIV();
}
protected AlgorithmParameters engineGetParameters() {
AlgorithmParameters params = null;
if (salt == null) {
// generate random salt and use default iteration count
salt = new byte[DEFAULT_SALT_LENGTH];
SunJCE.RANDOM.nextBytes(salt);
iCount = DEFAULT_COUNT;
}
if (ivSpec == null) {
// generate random IV
byte[] ivBytes = new byte[blkSize];
SunJCE.RANDOM.nextBytes(ivBytes);
ivSpec = new IvParameterSpec(ivBytes);
}
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
try {
params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
} catch (NoSuchAlgorithmException nsae) {
// should never happen
throw new RuntimeException("SunJCE called, but not configured");
} catch (NoSuchProviderException nspe) {
// should never happen
throw new RuntimeException("SunJCE called, but not configured");
}
try {
params.init(pbeSpec);
} catch (InvalidParameterSpecException ipse) {
// should never happen
throw new RuntimeException("PBEParameterSpec not supported");
}
return params;
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
try {
engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
} catch (InvalidAlgorithmParameterException ie) {
InvalidKeyException ike =
new InvalidKeyException("requires PBE parameters");
ike.initCause(ie);
throw ike;
}
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
if ((key == null) ||
(key.getEncoded() == null) ||
!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
throw new InvalidKeyException("Missing password");
}
// TBD: consolidate the salt, ic and IV parameter checks below
// Extract salt and iteration count from the key, if present
if (key instanceof javax.crypto.interfaces.PBEKey) {
salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
if (salt != null && salt.length < 8) {
throw new InvalidAlgorithmParameterException(
"Salt must be at least 8 bytes long");
}
iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
if (iCount == 0) {
iCount = DEFAULT_COUNT;
} else if (iCount < 0) {
throw new InvalidAlgorithmParameterException(
"Iteration count must be a positive number");
}
}
// Extract salt, iteration count and IV from the params, if present
if (params == null) {
if (salt == null) {
// generate random salt and use default iteration count
salt = new byte[DEFAULT_SALT_LENGTH];
random.nextBytes(salt);
iCount = DEFAULT_COUNT;
}
if ((opmode == Cipher.ENCRYPT_MODE) ||
(opmode == Cipher.WRAP_MODE)) {
// generate random IV
byte[] ivBytes = new byte[blkSize];
random.nextBytes(ivBytes);
ivSpec = new IvParameterSpec(ivBytes);
}
} else {
if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
("Wrong parameter type: PBE expected");
}
// salt and iteration count from the params take precedence
byte[] specSalt = ((PBEParameterSpec) params).getSalt();
if (specSalt != null && specSalt.length < 8) {
throw new InvalidAlgorithmParameterException(
"Salt must be at least 8 bytes long");
}
salt = specSalt;
int specICount = ((PBEParameterSpec) params).getIterationCount();
if (specICount == 0) {
specICount = DEFAULT_COUNT;
} else if (specICount < 0) {
throw new InvalidAlgorithmParameterException(
"Iteration count must be a positive number");
}
iCount = specICount;
AlgorithmParameterSpec specParams =
((PBEParameterSpec) params).getParameterSpec();
if (specParams != null) {
if (specParams instanceof IvParameterSpec) {
ivSpec = (IvParameterSpec)specParams;
} else {
throw new InvalidAlgorithmParameterException(
"Wrong parameter type: IV expected");
}
} else if ((opmode == Cipher.ENCRYPT_MODE) ||
(opmode == Cipher.WRAP_MODE)) {
// generate random IV
byte[] ivBytes = new byte[blkSize];
random.nextBytes(ivBytes);
ivSpec = new IvParameterSpec(ivBytes);
} else {
throw new InvalidAlgorithmParameterException(
"Missing parameter type: IV expected");
}
}
SecretKeySpec cipherKey = null;
byte[] derivedKey = null;
byte[] passwdBytes = key.getEncoded();
char[] passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++)
passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
PBEKeySpec pbeSpec =
new PBEKeySpec(passwdChars, salt, iCount, blkSize * 8);
// password char[] was cloned in PBEKeySpec constructor,
// so we can zero it out here
java.util.Arrays.fill(passwdChars, ' ');
java.util.Arrays.fill(passwdBytes, (byte)0x00);
SecretKey s = null;
try {
s = kdf.engineGenerateSecret(pbeSpec);
} catch (InvalidKeySpecException ikse) {
InvalidKeyException ike =
new InvalidKeyException("Cannot construct PBE key");
ike.initCause(ikse);
throw ike;
}
derivedKey = s.getEncoded();
cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
}
protected void engineInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
AlgorithmParameterSpec pbeSpec = null;
if (params != null) {
try {
pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
throw new InvalidAlgorithmParameterException(
"Wrong parameter type: PBE expected");
}
}
engineInit(opmode, key, pbeSpec, random);
}
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
return cipher.update(input, inputOffset, inputLen);
}
protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
throws ShortBufferException {
return cipher.update(input, inputOffset, inputLen,
output, outputOffset);
}
protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
throws IllegalBlockSizeException, BadPaddingException {
return cipher.doFinal(input, inputOffset, inputLen);
}
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return cipher.doFinal(input, inputOffset, inputLen,
output, outputOffset);
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return keyLength;
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return cipher.wrap(key);
}
protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
byte[] encodedKey;
return cipher.unwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
public static final class HmacSHA1AndAES_128 extends PBES2Core {
public HmacSHA1AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA1", "AES", 16);
}
}
public static final class HmacSHA224AndAES_128 extends PBES2Core {
public HmacSHA224AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA224", "AES", 16);
}
}
public static final class HmacSHA256AndAES_128 extends PBES2Core {
public HmacSHA256AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA256", "AES", 16);
}
}
public static final class HmacSHA384AndAES_128 extends PBES2Core {
public HmacSHA384AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA384", "AES", 16);
}
}
public static final class HmacSHA512AndAES_128 extends PBES2Core {
public HmacSHA512AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512", "AES", 16);
}
}
public static final class HmacSHA1AndAES_256 extends PBES2Core {
public HmacSHA1AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA1", "AES", 32);
}
}
public static final class HmacSHA224AndAES_256 extends PBES2Core {
public HmacSHA224AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA224", "AES", 32);
}
}
public static final class HmacSHA256AndAES_256 extends PBES2Core {
public HmacSHA256AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA256", "AES", 32);
}
}
public static final class HmacSHA384AndAES_256 extends PBES2Core {
public HmacSHA384AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA384", "AES", 32);
}
}
public static final class HmacSHA512AndAES_256 extends PBES2Core {
public HmacSHA512AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512", "AES", 32);
}
}
}
src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -45,7 +45,7 @@ import javax.crypto.spec.*;
public final class PBEWithMD5AndDESCipher extends CipherSpi {
// the encapsulated DES cipher
private PBECipherCore core;
private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
......@@ -58,7 +58,7 @@ public final class PBEWithMD5AndDESCipher extends CipherSpi {
*/
public PBEWithMD5AndDESCipher()
throws NoSuchAlgorithmException, NoSuchPaddingException {
core = new PBECipherCore("DES");
core = new PBES1Core("DES");
}
/**
......
src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -55,7 +55,7 @@ import javax.crypto.spec.*;
*/
public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
private PBECipherCore core;
private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
......@@ -70,7 +70,7 @@ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
throws NoSuchAlgorithmException, NoSuchPaddingException
{
// set the encapsulated cipher to do triple DES
core = new PBECipherCore("DESede");
core = new PBES1Core("DESede");
}
/**
......
src/share/classes/com/sun/crypto/provider/PBKDF2Core.java 0 → 100644
浏览文件 @ 749e65bb
/*
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.security.InvalidKeyException;
import java.security.spec.KeySpec;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.PBEKeySpec;
/**
* This class implements a key factory for PBE keys derived using
* PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
* pseudo random function (PRF) as defined in PKCS#5 v2.1.
*
* @author Valerie Peng
*
*/
abstract class PBKDF2Core extends SecretKeyFactorySpi {
private final String prfAlgo;
PBKDF2Core(String prfAlgo) {
this.prfAlgo = prfAlgo;
}
/**
* Generates a <code>SecretKey</code> object from the provided key
* specification (key material).
*
* @param keySpec the specification (key material) of the secret key
*
* @return the secret key
*
* @exception InvalidKeySpecException if the given key specification
* is inappropriate for this key factory to produce a public key.
*/
protected SecretKey engineGenerateSecret(KeySpec keySpec)
throws InvalidKeySpecException
{
if (!(keySpec instanceof PBEKeySpec)) {
throw new InvalidKeySpecException("Invalid key spec");
}
PBEKeySpec ks = (PBEKeySpec) keySpec;
return new PBKDF2KeyImpl(ks, prfAlgo);
}
/**
* Returns a specification (key material) of the given key
* in the requested format.
*
* @param key the key
*
* @param keySpec the requested format in which the key material shall be
* returned
*
* @return the underlying key specification (key material) in the
* requested format
*
* @exception InvalidKeySpecException if the requested key
* specification is inappropriate for the given key, or the
* given key cannot be processed (e.g., the given key has an
* unrecognized algorithm or format).
*/
protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
throws InvalidKeySpecException {
if (key instanceof javax.crypto.interfaces.PBEKey) {
// Check if requested key spec is amongst the valid ones
if ((keySpecCl != null)
&& PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
javax.crypto.interfaces.PBEKey pKey =
(javax.crypto.interfaces.PBEKey) key;
return new PBEKeySpec
(pKey.getPassword(), pKey.getSalt(),
pKey.getIterationCount(), pKey.getEncoded().length*8);
} else {
throw new InvalidKeySpecException("Invalid key spec");
}
} else {
throw new InvalidKeySpecException("Invalid key " +
"format/algorithm");
}
}
/**
* Translates a <code>SecretKey</code> object, whose provider may be
* unknown or potentially untrusted, into a corresponding
* <code>SecretKey</code> object of this key factory.
*
* @param key the key whose provider is unknown or untrusted
*
* @return the translated key
*
* @exception InvalidKeyException if the given key cannot be processed by
* this key factory.
*/
protected SecretKey engineTranslateKey(SecretKey key)
throws InvalidKeyException {
if ((key != null) &&
(key.getAlgorithm().equalsIgnoreCase("PBKDF2With" + prfAlgo)) &&
(key.getFormat().equalsIgnoreCase("RAW"))) {
// Check if key originates from this factory
if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
return key;
}
// Check if key implements the PBEKey
if (key instanceof javax.crypto.interfaces.PBEKey) {
javax.crypto.interfaces.PBEKey pKey =
(javax.crypto.interfaces.PBEKey) key;
try {
PBEKeySpec spec =
new PBEKeySpec(pKey.getPassword(),
pKey.getSalt(),
pKey.getIterationCount(),
pKey.getEncoded().length*8);
return new PBKDF2KeyImpl(spec, prfAlgo);
} catch (InvalidKeySpecException re) {
InvalidKeyException ike = new InvalidKeyException
("Invalid key component(s)");
ike.initCause(re);
throw ike;
}
}
}
throw new InvalidKeyException("Invalid key format/algorithm");
}
public static final class HmacSHA1 extends PBKDF2Core {
public HmacSHA1() {
super("HmacSHA1");
}
}
public static final class HmacSHA224 extends PBKDF2Core {
public HmacSHA224() {
super("HmacSHA224");
}
}
public static final class HmacSHA256 extends PBKDF2Core {
public HmacSHA256() {
super("HmacSHA256");
}
}
public static final class HmacSHA384 extends PBKDF2Core {
public HmacSHA384() {
super("HmacSHA384");
}
}
public static final class HmacSHA512 extends PBKDF2Core {
public HmacSHA512() {
super("HmacSHA512");
}
}
}
src/share/classes/com/sun/crypto/provider/PBMAC1Core.java 0 → 100644
浏览文件 @ 749e65bb
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.util.Arrays;
import java.nio.ByteBuffer;
import javax.crypto.MacSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.security.*;
import java.security.spec.*;
/**
* This is an implementation of the PBMAC1 algorithms as defined
* in PKCS#5 v2.1 standard.
*/
abstract class PBMAC1Core extends HmacCore {
private static final int DEFAULT_SALT_LENGTH = 20;
private static final int DEFAULT_COUNT = 4096;
private final String kdfAlgo;
private final String hashAlgo;
private final PBKDF2Core kdf;
private final int blockLength; // in octets
/**
* Creates an instance of PBMAC1 according to the selected
* password-based key derivation function.
*/
PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
throws NoSuchAlgorithmException {
super(hashAlgo, blockLength);
this.kdfAlgo = kdfAlgo;
this.hashAlgo = hashAlgo;
this.blockLength = blockLength;
switch(kdfAlgo) {
case "HmacSHA1":
kdf = new PBKDF2Core.HmacSHA1();
break;
case "HmacSHA224":
kdf = new PBKDF2Core.HmacSHA224();
break;
case "HmacSHA256":
kdf = new PBKDF2Core.HmacSHA256();
break;
case "HmacSHA384":
kdf = new PBKDF2Core.HmacSHA384();
break;
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
default:
throw new NoSuchAlgorithmException(
"No MAC implementation for " + kdfAlgo);
}
}
/**
* Initializes the HMAC with the given secret key and algorithm parameters.
*
* @param key the secret key.
* @param params the algorithm parameters.
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this MAC.
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this MAC.
*/
protected void engineInit(Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException {
char[] passwdChars;
byte[] salt = null;
int iCount = 0;
if (key instanceof javax.crypto.interfaces.PBEKey) {
javax.crypto.interfaces.PBEKey pbeKey =
(javax.crypto.interfaces.PBEKey) key;
passwdChars = pbeKey.getPassword();
salt = pbeKey.getSalt(); // maybe null if unspecified
iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
} else if (key instanceof SecretKey) {
byte[] passwdBytes = key.getEncoded();
if ((passwdBytes == null) ||
!(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
throw new InvalidKeyException("Missing password");
}
passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++) {
passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
}
} else {
throw new InvalidKeyException("SecretKey of PBE type required");
}
if (params == null) {
// generate default for salt and iteration count if necessary
if (salt == null) {
salt = new byte[DEFAULT_SALT_LENGTH];
SunJCE.RANDOM.nextBytes(salt);
}
if (iCount == 0) iCount = DEFAULT_COUNT;
} else if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
("PBEParameterSpec type required");
} else {
PBEParameterSpec pbeParams = (PBEParameterSpec) params;
// make sure the parameter values are consistent
if (salt != null) {
if (!Arrays.equals(salt, pbeParams.getSalt())) {
throw new InvalidAlgorithmParameterException
("Inconsistent value of salt between key and params");
}
} else {
salt = pbeParams.getSalt();
}
if (iCount != 0) {
if (iCount != pbeParams.getIterationCount()) {
throw new InvalidAlgorithmParameterException
("Different iteration count between key and params");
}
} else {
iCount = pbeParams.getIterationCount();
}
}
// For security purpose, we need to enforce a minimum length
// for salt; just require the minimum salt length to be 8-byte
// which is what PKCS#5 recommends and openssl does.
if (salt.length < 8) {
throw new InvalidAlgorithmParameterException
("Salt must be at least 8 bytes long");
}
if (iCount <= 0) {
throw new InvalidAlgorithmParameterException
("IterationCount must be a positive number");
}
PBEKeySpec pbeSpec =
new PBEKeySpec(passwdChars, salt, iCount, blockLength);
// password char[] was cloned in PBEKeySpec constructor,
// so we can zero it out here
java.util.Arrays.fill(passwdChars, ' ');
SecretKey s = null;
try {
s = kdf.engineGenerateSecret(pbeSpec);
} catch (InvalidKeySpecException ikse) {
InvalidKeyException ike =
new InvalidKeyException("Cannot construct PBE key");
ike.initCause(ikse);
throw ike;
}
byte[] derivedKey = s.getEncoded();
SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
super.engineInit(cipherKey, null);
}
public static final class HmacSHA1 extends PBMAC1Core {
public HmacSHA1() throws NoSuchAlgorithmException {
super("HmacSHA1", "SHA1", 64);
}
}
public static final class HmacSHA224 extends PBMAC1Core {
public HmacSHA224() throws NoSuchAlgorithmException {
super("HmacSHA224", "SHA-224", 64);
}
}
public static final class HmacSHA256 extends PBMAC1Core {
public HmacSHA256() throws NoSuchAlgorithmException {
super("HmacSHA256", "SHA-256", 64);
}
}
public static final class HmacSHA384 extends PBMAC1Core {
public HmacSHA384() throws NoSuchAlgorithmException {
super("HmacSHA384", "SHA-384", 128);
}
}
public static final class HmacSHA512 extends PBMAC1Core {
public HmacSHA512() throws NoSuchAlgorithmException {
super("HmacSHA512", "SHA-512", 128);
}
}
}
src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
浏览文件 @ 749e65bb
......@@ -35,19 +35,24 @@ import javax.crypto.spec.*;
/**
* This class implements password-base encryption algorithm with
* SHA1 digest and the following Ciphers in CBC mode
* SHA1 digest and the following Ciphers (in CBC mode, where applicable):
* - DESede cipher and
* - RC2 Cipher with 40-bit effective key length
* - RC2 Cipher with 40-bit or 128-bit effective key length and
* - RC4 Cipher with 40-bit or 128-bit effective key length
* as defined by PKCS #12 version 1.0 standard.
*
* @author Valerie Peng
* @see javax.crypto.CipherSpi
*/
final class PKCS12PBECipherCore {
// TBD: replace CipherCore with a CipherSpi object to simplify maintenance
private CipherCore cipher;
private int blockSize;
private int keySize;
private String algo = null;
private String pbeAlgo = null;
private byte[] salt = null;
private int iCount = 0;
......@@ -58,8 +63,16 @@ final class PKCS12PBECipherCore {
static final int CIPHER_IV = 2;
static final int MAC_KEY = 3;
// Uses default hash algorithm (SHA-1)
static byte[] derive(char[] chars, byte[] salt,
int ic, int n, int type) {
return derive(chars, salt, ic, n, type, "SHA-1", 64);
}
// Uses supplied hash algorithm
static byte[] derive(char[] chars, byte[] salt, int ic, int n, int type,
String hashAlgo, int blockLength) {
// Add in trailing NULL terminator. Special case:
// no terminator if password is "\0".
int length = chars.length*2;
......@@ -75,21 +88,23 @@ final class PKCS12PBECipherCore {
passwd[j] = (byte) ((chars[i] >>> 8) & 0xFF);
passwd[j+1] = (byte) (chars[i] & 0xFF);
}
int v = 512 / 8;
int u = 160 / 8;
int c = roundup(n, u) / u;
byte[] D = new byte[v];
int s = roundup(salt.length, v);
int p = roundup(passwd.length, v);
byte[] I = new byte[s + p];
byte[] key = new byte[n];
Arrays.fill(D, (byte)type);
concat(salt, I, 0, s);
concat(passwd, I, s, p);
try {
MessageDigest sha = MessageDigest.getInstance("SHA1");
MessageDigest sha = MessageDigest.getInstance(hashAlgo);
int v = blockLength;
int u = sha.getDigestLength();
int c = roundup(n, u) / u;
byte[] D = new byte[v];
int s = roundup(salt.length, v);
int p = roundup(passwd.length, v);
byte[] I = new byte[s + p];
Arrays.fill(D, (byte)type);
concat(salt, I, 0, s);
concat(passwd, I, s, p);
byte[] Ai;
byte[] B = new byte[v];
byte[] tmp = new byte[v];
......@@ -150,23 +165,30 @@ final class PKCS12PBECipherCore {
PKCS12PBECipherCore(String symmCipherAlg, int defKeySize)
throws NoSuchAlgorithmException {
algo = symmCipherAlg;
SymmetricCipher symmCipher = null;
if (algo.equals("DESede")) {
symmCipher = new DESedeCrypt();
} else if (algo.equals("RC2")) {
symmCipher = new RC2Crypt();
if (algo.equals("RC4")) {
pbeAlgo = "PBEWithSHA1AndRC4_" + defKeySize * 8;
} else {
throw new NoSuchAlgorithmException("No Cipher implementation " +
SymmetricCipher symmCipher = null;
if (algo.equals("DESede")) {
symmCipher = new DESedeCrypt();
pbeAlgo = "PBEWithSHA1AndDESede";
} else if (algo.equals("RC2")) {
symmCipher = new RC2Crypt();
pbeAlgo = "PBEWithSHA1AndRC2_" + defKeySize * 8;
} else {
throw new NoSuchAlgorithmException("No Cipher implementation " +
"for PBEWithSHA1And" + algo);
}
blockSize = symmCipher.getBlockSize();
cipher = new CipherCore(symmCipher, blockSize);
cipher.setMode("CBC");
try {
cipher.setPadding("PKCS5Padding");
} catch (NoSuchPaddingException nspe) {
// should not happen
}
blockSize = symmCipher.getBlockSize();
cipher = new CipherCore(symmCipher, blockSize);
cipher.setMode("CBC");
try {
cipher.setPadding("PKCS5Padding");
} catch (NoSuchPaddingException nspe) {
// should not happen
}
}
keySize = defKeySize;
}
......@@ -210,8 +232,7 @@ final class PKCS12PBECipherCore {
}
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
try {
params = AlgorithmParameters.getInstance("PBEWithSHA1And" +
(algo.equalsIgnoreCase("RC2")?"RC2_40":algo), "SunJCE");
params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
} catch (GeneralSecurityException gse) {
// should never happen
throw new RuntimeException(
......@@ -229,6 +250,13 @@ final class PKCS12PBECipherCore {
void implInit(int opmode, Key key, AlgorithmParameterSpec params,
SecureRandom random) throws InvalidKeyException,
InvalidAlgorithmParameterException {
implInit(opmode, key, params, random, null);
}
void implInit(int opmode, Key key, AlgorithmParameterSpec params,
SecureRandom random, CipherSpi cipherImpl)
throws InvalidKeyException,
InvalidAlgorithmParameterException {
char[] passwdChars = null;
salt = null;
iCount = 0;
......@@ -309,17 +337,29 @@ final class PKCS12PBECipherCore {
byte[] derivedKey = derive(passwdChars, salt, iCount,
keySize, CIPHER_KEY);
SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
} else {
byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
CIPHER_IV);
IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
// initialize the underlying cipher
cipher.init(opmode, cipherKey, ivSpec, random);
}
}
void implInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
implInit(opmode, key, params, random, null);
}
void implInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random, CipherSpi cipherImpl)
throws InvalidKeyException, InvalidAlgorithmParameterException {
AlgorithmParameterSpec paramSpec = null;
if (params != null) {
try {
......@@ -329,13 +369,19 @@ final class PKCS12PBECipherCore {
"requires PBE parameters");
}
}
implInit(opmode, key, paramSpec, random);
implInit(opmode, key, paramSpec, random, cipherImpl);
}
void implInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
implInit(opmode, key, random, null);
}
void implInit(int opmode, Key key, SecureRandom random,
CipherSpi cipherImpl) throws InvalidKeyException {
try {
implInit(opmode, key, (AlgorithmParameterSpec) null, random);
implInit(opmode, key, (AlgorithmParameterSpec) null, random,
cipherImpl);
} catch (InvalidAlgorithmParameterException iape) {
throw new InvalidKeyException("requires PBE parameters");
}
......@@ -526,4 +572,245 @@ final class PKCS12PBECipherCore {
return core.implWrap(key);
}
}
public static final class PBEWithSHA1AndRC2_128 extends CipherSpi {
private final PKCS12PBECipherCore core;
public PBEWithSHA1AndRC2_128() throws NoSuchAlgorithmException {
core = new PKCS12PBECipherCore("RC2", 16);
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
throws IllegalBlockSizeException, BadPaddingException {
return core.implDoFinal(in, inOff, inLen);
}
protected int engineDoFinal(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return core.implDoFinal(in, inOff, inLen, out, outOff);
}
protected int engineGetBlockSize() {
return core.implGetBlockSize();
}
protected byte[] engineGetIV() {
return core.implGetIV();
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return core.implGetKeySize(key);
}
protected int engineGetOutputSize(int inLen) {
return core.implGetOutputSize(inLen);
}
protected AlgorithmParameters engineGetParameters() {
return core.implGetParameters();
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random);
}
protected void engineInit(int opmode, Key key,
AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random);
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
core.implInit(opmode, key, random);
}
protected void engineSetMode(String mode)
throws NoSuchAlgorithmException {
core.implSetMode(mode);
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
core.implSetPadding(paddingScheme);
}
protected Key engineUnwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
return core.implUnwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
return core.implUpdate(in, inOff, inLen);
}
protected int engineUpdate(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException {
return core.implUpdate(in, inOff, inLen, out, outOff);
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return core.implWrap(key);
}
}
public static final class PBEWithSHA1AndRC4_40 extends CipherSpi {
private static final int RC4_KEYSIZE = 5;
private final PKCS12PBECipherCore core;
private final ARCFOURCipher cipher;
public PBEWithSHA1AndRC4_40() throws NoSuchAlgorithmException {
core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
cipher = new ARCFOURCipher();
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
throws IllegalBlockSizeException, BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen);
}
protected int engineDoFinal(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
}
protected int engineGetBlockSize() {
return cipher.engineGetBlockSize();
}
protected byte[] engineGetIV() {
return cipher.engineGetIV();
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return RC4_KEYSIZE;
}
protected int engineGetOutputSize(int inLen) {
return cipher.engineGetOutputSize(inLen);
}
protected AlgorithmParameters engineGetParameters() {
return core.implGetParameters();
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key,
AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
core.implInit(opmode, key, random, cipher);
}
protected void engineSetMode(String mode)
throws NoSuchAlgorithmException {
if (mode.equalsIgnoreCase("ECB") == false) {
throw new NoSuchAlgorithmException("Unsupported mode " + mode);
}
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
throw new NoSuchPaddingException("Padding must be NoPadding");
}
}
protected Key engineUnwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
return cipher.engineUpdate(in, inOff, inLen);
}
protected int engineUpdate(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException {
return cipher.engineUpdate(in, inOff, inLen, out, outOff);
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return cipher.engineWrap(key);
}
}
public static final class PBEWithSHA1AndRC4_128 extends CipherSpi {
private static final int RC4_KEYSIZE = 16;
private final PKCS12PBECipherCore core;
private final ARCFOURCipher cipher;
public PBEWithSHA1AndRC4_128() throws NoSuchAlgorithmException {
core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
cipher = new ARCFOURCipher();
}
protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
throws IllegalBlockSizeException, BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen);
}
protected int engineDoFinal(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
}
protected int engineGetBlockSize() {
return cipher.engineGetBlockSize();
}
protected byte[] engineGetIV() {
return cipher.engineGetIV();
}
protected int engineGetKeySize(Key key) throws InvalidKeyException {
return RC4_KEYSIZE;
}
protected int engineGetOutputSize(int inLen) {
return cipher.engineGetOutputSize(inLen);
}
protected AlgorithmParameters engineGetParameters() {
return core.implGetParameters();
}
protected void engineInit(int opmode, Key key,
AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key,
AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
core.implInit(opmode, key, params, random, cipher);
}
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
core.implInit(opmode, key, random, cipher);
}
protected void engineSetMode(String mode)
throws NoSuchAlgorithmException {
if (mode.equalsIgnoreCase("ECB") == false) {
throw new NoSuchAlgorithmException("Unsupported mode " + mode);
}
}
protected void engineSetPadding(String paddingScheme)
throws NoSuchPaddingException {
if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
throw new NoSuchPaddingException("Padding must be NoPadding");
}
}
protected Key engineUnwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
throws InvalidKeyException, NoSuchAlgorithmException {
return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
wrappedKeyType);
}
protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
return cipher.engineUpdate(in, inOff, inLen);
}
protected int engineUpdate(byte[] in, int inOff, int inLen,
byte[] out, int outOff)
throws ShortBufferException {
return cipher.engineUpdate(in, inOff, inLen, out, outOff);
}
protected byte[] engineWrap(Key key)
throws IllegalBlockSizeException, InvalidKeyException {
return cipher.engineWrap(key);
}
}
}
src/share/classes/com/sun/crypto/provider/SunJCE.java
浏览文件 @ 749e65bb
......@@ -77,10 +77,14 @@ public final class SunJCE extends Provider {
"(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
+ "Diffie-Hellman, HMAC)";
private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
/* Are we debugging? -- for developers */
......@@ -138,14 +142,26 @@ public final class SunJCE extends Provider {
put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
// PBES1
put("Cipher.PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEWithMD5AndDESCipher");
put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
put("Cipher.PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
put("Cipher.PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndDESede");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
"PBEWithSHA1AndDESede");
put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
"PBEWithSHA1AndDESede");
put("Cipher.PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC2_40");
......@@ -153,13 +169,70 @@ public final class SunJCE extends Provider {
"PBEWithSHA1AndRC2_40");
put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("Cipher.PBEWithSHA1AndDESede",
put("Cipher.PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndDESede");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
"PBEWithSHA1AndDESede");
put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
"PBEWithSHA1AndDESede");
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Cipher.PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Cipher.PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
//PBES2
put("Cipher.PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
put("Cipher.PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA224AndAES_128");
put("Cipher.PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA256AndAES_128");
put("Cipher.PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA384AndAES_128");
put("Cipher.PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA512AndAES_128");
put("Cipher.PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
put("Cipher.PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA224AndAES_256");
put("Cipher.PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA256AndAES_256");
put("Cipher.PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA384AndAES_256");
put("Cipher.PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Core$" +
"HmacSHA512AndAES_256");
put("Cipher.Blowfish",
"com.sun.crypto.provider.BlowfishCipher");
......@@ -301,6 +374,7 @@ public final class SunJCE extends Provider {
"DiffieHellman");
put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
"DiffieHellman");
/*
* Algorithm parameter generation engines
*/
......@@ -371,6 +445,64 @@ public final class SunJCE extends Provider {
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEParameters");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEParameters");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEParameters");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("AlgorithmParameters.PBES2",
"com.sun.crypto.provider.PBES2Parameters$General");
put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
"PBES2");
put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
"PBES2");
put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
put("AlgorithmParameters.Blowfish",
"com.sun.crypto.provider.BlowfishParameters");
......@@ -378,6 +510,7 @@ public final class SunJCE extends Provider {
"com.sun.crypto.provider.AESParameters");
put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
put("AlgorithmParameters.RC2",
"com.sun.crypto.provider.RC2Parameters");
......@@ -393,6 +526,7 @@ public final class SunJCE extends Provider {
put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
"DiffieHellman");
put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
/*
* Secret-key factories
*/
......@@ -441,13 +575,90 @@ public final class SunJCE extends Provider {
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
);
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
"PBEWithSHA1AndRC2_128");
put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
);
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
"PBEWithSHA1AndRC4_40");
put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
);
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
"PBEWithSHA1AndRC4_128");
put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA1AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA224AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA256AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA384AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA512AndAES_128");
put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA1AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA224AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA256AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA384AndAES_256");
put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$" +
"PBEWithHmacSHA512AndAES_256");
// PBKDF2
put("SecretKeyFactory.PBKDF2WithHmacSHA1",
"com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
"com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
put("SecretKeyFactory.PBKDF2WithHmacSHA224",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
put("SecretKeyFactory.PBKDF2WithHmacSHA256",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
put("SecretKeyFactory.PBKDF2WithHmacSHA384",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
put("SecretKeyFactory.PBKDF2WithHmacSHA512",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
/*
* MAC
*/
......@@ -475,6 +686,19 @@ public final class SunJCE extends Provider {
put("Mac.HmacPBESHA1",
"com.sun.crypto.provider.HmacPKCS12PBESHA1");
// PBMAC1
put("Mac.PBEWithHmacSHA1",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
put("Mac.PBEWithHmacSHA224",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
put("Mac.PBEWithHmacSHA256",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
put("Mac.PBEWithHmacSHA384",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
put("Mac.PBEWithHmacSHA512",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
put("Mac.SslMacMD5",
"com.sun.crypto.provider.SslMacCore$SslMacMD5");
put("Mac.SslMacSHA1",
......@@ -487,6 +711,10 @@ public final class SunJCE extends Provider {
put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
......
src/share/classes/javax/crypto/spec/PBEParameterSpec.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -41,6 +41,7 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
private byte[] salt;
private int iterationCount;
private AlgorithmParameterSpec paramSpec = null;
/**
* Constructs a parameter set for password-based encryption as defined in
......@@ -56,6 +57,25 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
this.iterationCount = iterationCount;
}
/**
* Constructs a parameter set for password-based encryption as defined in
* the PKCS #5 standard.
*
* @param salt the salt. The contents of <code>salt</code> are copied
* to protect against subsequent modification.
* @param iterationCount the iteration count.
* @param paramSpec the cipher algorithm parameter specification.
* @exception NullPointerException if <code>salt</code> is null.
*
* @since 1.8
*/
public PBEParameterSpec(byte[] salt, int iterationCount,
AlgorithmParameterSpec paramSpec) {
this.salt = salt.clone();
this.iterationCount = iterationCount;
this.paramSpec = paramSpec;
}
/**
* Returns the salt.
*
......@@ -74,4 +94,15 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
public int getIterationCount() {
return this.iterationCount;
}
/**
* Returns the cipher algorithm parameter specification.
*
* @return the parameter specification, or null if none was set.
*
* @since 1.8
*/
public AlgorithmParameterSpec getParameterSpec() {
return this.paramSpec;
}
}
test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,7 +23,7 @@
/*
* @test
* @bug 6209660
* @bug 6209660 6383200
* @summary Ensure that InvalidAlgorithmParameterException is
* thrown as javadoc specified when parameters of the wrong
* type are used.
......@@ -38,9 +38,21 @@ public class PBEInvalidParamsTest {
private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
private static final String[] PBE_ALGOS = {
"PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
"PBEWithMD5AndDES",
"PBEWithSHA1AndDESede",
"PBEWithSHA1AndRC2_40",
"PBEWithSHA1AndRC2_128",
"PBEWithSHA1AndRC4_40",
"PBEWithSHA1AndRC4_128",
// skip "PBEWithMD5AndTripleDES" since it requires Unlimited
// version of JCE jurisdiction policy files.
"PBEWithHmacSHA1AndAES_128",
"PBEWithHmacSHA224AndAES_128",
"PBEWithHmacSHA256AndAES_128",
"PBEWithHmacSHA384AndAES_128",
"PBEWithHmacSHA512AndAES_128"
// skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
// version of JCE jurisdiction policy files.
};
private static final IvParameterSpec INVALID_PARAMS =
......
test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,7 +23,7 @@
/*
* @test
* @bug 6341599
* @bug 6341599 6383200
* @summary JCE Reference Guide has recommendations, not requirements,
* for algorithm names
* @author Brad R. Wetmore
......@@ -38,8 +38,15 @@ public class PBEKeysAlgorithmNames {
"PBEWithMD5AndDES",
"PBEWithSHA1AndDESede",
"PBEWithSHA1AndRC2_40",
"PBEWithSHA1AndRC2_128",
"PBEWithMD5AndTripleDES",
"PBEWithSHA1AndRC4_40",
"PBEWithSHA1AndRC4_128",
"PBKDF2WithHmacSHA1",
"PBEWithMD5AndTripleDES"
"PBKDF2WithHmacSHA224",
"PBKDF2WithHmacSHA256",
"PBKDF2WithHmacSHA384",
"PBKDF2WithHmacSHA512"
};
public static void main(String[] argv) throws Exception {
......
test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,7 +23,7 @@
/*
* @test
* @bug 4944783
* @bug 4944783 6383200
* @summary ensure that the AlgorithmParameters object returned by
* PBE ciphers have the matching algorithm name.
* @author Valerie Peng
......@@ -37,9 +37,21 @@ public class PBEParametersTest {
private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
private static final String[] PBE_ALGOS = {
"PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
"PBEWithMD5AndDES",
"PBEWithSHA1AndDESede",
"PBEWithSHA1AndRC2_40",
"PBEWithSHA1AndRC2_128",
"PBEWithSHA1AndRC4_40",
"PBEWithSHA1AndRC4_128",
// skip "PBEWithMD5AndTripleDES" since it requires Unlimited
// version of JCE jurisdiction policy files.
"PBEWithHmacSHA1AndAES_128",
"PBEWithHmacSHA224AndAES_128",
"PBEWithHmacSHA256AndAES_128",
"PBEWithHmacSHA384AndAES_128",
"PBEWithHmacSHA512AndAES_128"
// skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
// version of JCE jurisdiction policy files.
};
public static void main(String[] args) throws Exception {
PBEKeySpec ks = new PBEKeySpec(PASSWORD);
......
test/com/sun/crypto/provider/Cipher/PBE/PBES2Test.java 0 → 100644
浏览文件 @ 749e65bb
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6383200
* @summary PBE: need new algorithm support in password based encryption
*/
import java.security.*;
import java.util.Arrays;
import javax.crypto.*;
import javax.crypto.spec.*;
public class PBES2Test {
private static final String[] algos = {
"PBEWithHmacSHA1AndAES_128",
"PBEWithHmacSHA224AndAES_128",
"PBEWithHmacSHA256AndAES_128",
"PBEWithHmacSHA384AndAES_128",
"PBEWithHmacSHA512AndAES_128"
};
private static final byte[] ivBytes = {
0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,
0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
};
public static final void main(String[] args) throws Exception {
for (String algo : algos) {
test(algo, true); // salt, ic, IV supplied by the application
test(algo, false); // salt, ic, IV generated by the implementation
}
}
private static final void test(String algo, boolean suppliedParams)
throws Exception {
System.out.println("***********************************************");
System.out.println(algo +
(suppliedParams ? " [algorithm parameters are supplied]\n"
: " [algorithm parameters are generated]\n"));
int iterationCount = 1000;
byte[] salt = new byte[]{ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 };
// Create PBE key
PBEKeySpec pbeKeySpec = new PBEKeySpec("mypassword".toCharArray());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algo);
SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);
byte[] pbeKeyBytes = pbeKey.getEncoded();
System.out.println(" key[" + pbeKeyBytes.length + "]: " +
String.format("0x%0" + (pbeKeyBytes.length * 2) + "x",
new java.math.BigInteger(1, pbeKeyBytes)));
// Create PBE cipher
System.out.println("Encrypting...");
Cipher pbeCipher = Cipher.getInstance(algo);
if (suppliedParams) {
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey,
new PBEParameterSpec(salt, iterationCount,
new IvParameterSpec(ivBytes)));
} else {
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey);
}
// Encrypt
byte[] cleartext = "This is just an example".getBytes();
System.out.println(" text[" + cleartext.length + "]: " +
String.format("0x%0" + (cleartext.length * 2) + "x",
new java.math.BigInteger(1, cleartext)));
byte[] ciphertext = pbeCipher.doFinal(cleartext);
System.out.println("c'text[" + ciphertext.length + "]: " +
String.format("0x%0" + (ciphertext.length * 2) + "x",
new java.math.BigInteger(1, ciphertext)));
AlgorithmParameters aps = pbeCipher.getParameters();
byte[] iv;
if (suppliedParams) {
iv = ivBytes;
} else {
PBEParameterSpec pbeSpec =
aps.getParameterSpec(PBEParameterSpec.class);
salt = pbeSpec.getSalt();
iterationCount = pbeSpec.getIterationCount();
IvParameterSpec ivSpec =
(IvParameterSpec) pbeSpec.getParameterSpec();
iv = ivSpec.getIV();
}
System.out.println(" salt[" + salt.length + "]: " +
String.format("0x%0" + (salt.length * 2) + "x",
new java.math.BigInteger(1, salt)));
System.out.println("iterationCount=" + iterationCount);
System.out.println(" iv[" + iv.length + "]: " +
String.format("0x%0" + (iv.length * 2) + "x",
new java.math.BigInteger(1, iv)));
// Decrypt
System.out.println("Decrypting...");
Cipher pbeCipher2 = Cipher.getInstance(algo);
pbeCipher2.init(Cipher.DECRYPT_MODE, pbeKey, aps);
byte[] cleartext2 = pbeCipher2.doFinal(ciphertext);
System.out.println(" text[" + cleartext2.length + "]: " +
String.format("0x%0" + (cleartext2.length * 2) + "x",
new java.math.BigInteger(1, cleartext2)));
if (Arrays.equals(cleartext, cleartext2)) {
System.out.println(
"\nPass: decrypted ciphertext matches the original text\n");
} else {
throw new Exception(
"Fail: decrypted ciphertext does NOT match the original text");
}
}
}
test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,9 +23,9 @@
/**
* @test
* @bug 4893959
* @summary basic test for PBEWithSHA1AndDESede and
* PBEWithSHA1AndRC2_40
* @bug 4893959 6383200
* @summary basic test for PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
* and PBEWithSHA1AndRC4_40/128
* @author Valerie Peng
*/
......@@ -87,6 +87,9 @@ public class PKCS12Cipher {
System.out.println("Testing provider " + p.getName() + "...");
runTest("PBEWithSHA1AndDESede", input, PASSWD, p);
runTest("PBEWithSHA1AndRC2_40", input, PASSWD, p);
runTest("PBEWithSHA1AndRC2_128", input, PASSWD, p);
runTest("PBEWithSHA1AndRC4_40", input, PASSWD, p);
runTest("PBEWithSHA1AndRC4_128", input, PASSWD, p);
System.out.println("All tests passed");
long stop = System.currentTimeMillis();
System.out.println("Done (" + (stop - start) + " ms).");
......
test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -23,9 +23,9 @@
/**
* @test
* @bug 4898810
* @summary ensure PBEWithSHA1AndDESede and PBEWithSHA1AndRC2_40
* is registered under correct OID.
* @bug 4898810 6383200
* @summary ensure PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
* and PBEWithSHA1AndRC4_40/128 are registered under correct OID.
* @author Valerie Peng
*/
......@@ -37,12 +37,20 @@ import javax.crypto.spec.*;
import javax.crypto.interfaces.PBEKey;
public class PKCS12Oid {
private static String OID_PBEWithSHAAnd40BitRC2CBC = "1.2.840.113549.1.12.1.6";
private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = "1.2.840.113549.1.12.1.3";
private static String OID_PKCS12 = "1.2.840.113549.1.12.1.";
private static String OID_PBEWithSHAAnd128BitRC4 = OID_PKCS12 + "1";
private static String OID_PBEWithSHAAnd40BitRC4 = OID_PKCS12 + "2";
private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = OID_PKCS12 + "3";
private static String OID_PBEWithSHAAnd128BitRC2CBC = OID_PKCS12 + "5";
private static String OID_PBEWithSHAAnd40BitRC2CBC = OID_PKCS12 + "6";
public static void main(String[] argv) throws Exception {
Cipher c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC2CBC, "SunJCE");
c = Cipher.getInstance(OID_PBEWithSHAAnd3KeyTripleDESCBC, "SunJCE");
c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC4, "SunJCE");
c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC4, "SunJCE");
c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC2CBC, "SunJCE");
System.out.println("All tests passed");
}
}
test/com/sun/crypto/provider/Mac/HmacPBESHA1.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -36,34 +36,45 @@ import javax.crypto.*;
import javax.crypto.spec.*;
public class HmacPBESHA1 {
private static final String MAC_ALGO = "HmacPBESHA1";
private static final String[] MAC_ALGOS = {
"HmacPBESHA1",
"PBEWithHmacSHA1",
"PBEWithHmacSHA224",
"PBEWithHmacSHA256",
"PBEWithHmacSHA384",
"PBEWithHmacSHA512"
};
private static final int[] MAC_LENGTHS = { 20, 20, 28, 32, 48, 64 };
private static final String KEY_ALGO = "PBE";
private static final String PROVIDER = "SunJCE";
private SecretKey key = null;
private static SecretKey key = null;
public static void main(String argv[]) throws Exception {
HmacPBESHA1 test = new HmacPBESHA1();
test.run();
System.out.println("Test Passed");
for (int i = 0; i < MAC_ALGOS.length; i++) {
runtest(MAC_ALGOS[i], MAC_LENGTHS[i]);
}
System.out.println("\nTest Passed");
}
public void run() throws Exception {
private static void runtest(String algo, int length) throws Exception {
System.out.println("Testing: " + algo);
if (key == null) {
char[] password = { 't', 'e', 's', 't' };
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory kf = SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
SecretKeyFactory kf =
SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
key = kf.generateSecret(keySpec);
}
Mac mac = Mac.getInstance(MAC_ALGO, PROVIDER);
Mac mac = Mac.getInstance(algo, PROVIDER);
byte[] plainText = new byte[30];
mac.init(key);
mac.update(plainText);
byte[] value1 = mac.doFinal();
if (value1.length != 20) {
throw new Exception("incorrect MAC output length, " +
"expected 20, got " + value1.length);
if (value1.length != length) {
throw new Exception("incorrect MAC output length, expected " +
length + ", got " + value1.length);
}
mac.update(plainText);
byte[] value2 = mac.doFinal();
......
test/com/sun/crypto/provider/Mac/HmacSaltLengths.java
浏览文件 @ 749e65bb
/*
* Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -38,6 +38,15 @@ import javax.crypto.interfaces.PBEKey;
public class HmacSaltLengths {
private static final String[] ALGOS = {
"HmacPBESHA1",
"PBEWithHmacSHA1",
"PBEWithHmacSHA224",
"PBEWithHmacSHA256",
"PBEWithHmacSHA384",
"PBEWithHmacSHA512"
};
private static void runTest(String alg, byte[] plaintext,
char[] password, Provider p)
throws Exception {
......@@ -81,7 +90,9 @@ public class HmacSaltLengths {
long start = System.currentTimeMillis();
Provider p = Security.getProvider("SunJCE");
System.out.println("Testing provider " + p.getName() + "...");
runTest("HmacPBESHA1", input, PASSWD, p);
for (String algo : ALGOS) {
runTest(algo, input, PASSWD, p);
}
System.out.println("All tests passed");
long stop = System.currentTimeMillis();
System.out.println("Done (" + (stop - start) + " ms).");
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册