Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/pkix/src/main/java/org/spongycastle/cms/PasswordRecipientInfoGenerator.java
diff options
context:
space:
mode:
Diffstat (limited to 'pkix/src/main/java/org/spongycastle/cms/PasswordRecipientInfoGenerator.java')
-rw-r--r--pkix/src/main/java/org/spongycastle/cms/PasswordRecipientInfoGenerator.java122
1 files changed, 122 insertions, 0 deletions
diff --git a/pkix/src/main/java/org/spongycastle/cms/PasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/spongycastle/cms/PasswordRecipientInfoGenerator.java
new file mode 100644
index 00000000..33c34b7a
--- /dev/null
+++ b/pkix/src/main/java/org/spongycastle/cms/PasswordRecipientInfoGenerator.java
@@ -0,0 +1,122 @@
+package org.spongycastle.cms;
+
+import java.security.SecureRandom;
+
+import org.spongycastle.asn1.ASN1EncodableVector;
+import org.spongycastle.asn1.ASN1ObjectIdentifier;
+import org.spongycastle.asn1.ASN1OctetString;
+import org.spongycastle.asn1.DEROctetString;
+import org.spongycastle.asn1.DERSequence;
+import org.spongycastle.asn1.cms.PasswordRecipientInfo;
+import org.spongycastle.asn1.cms.RecipientInfo;
+import org.spongycastle.asn1.pkcs.PBKDF2Params;
+import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.spongycastle.asn1.x509.AlgorithmIdentifier;
+import org.spongycastle.operator.GenericKey;
+
+public abstract class PasswordRecipientInfoGenerator
+ implements RecipientInfoGenerator
+{
+ private char[] password;
+ private AlgorithmIdentifier keyDerivationAlgorithm;
+ private ASN1ObjectIdentifier kekAlgorithm;
+ private SecureRandom random;
+ private int schemeID;
+ private int keySize;
+ private int blockSize;
+
+ protected PasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password)
+ {
+ this(kekAlgorithm, password, getKeySize(kekAlgorithm), ((Integer)PasswordRecipientInformation.BLOCKSIZES.get(kekAlgorithm)).intValue());
+ }
+
+ protected PasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password, int keySize, int blockSize)
+ {
+ this.password = password;
+ this.schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8;
+ this.kekAlgorithm = kekAlgorithm;
+ this.keySize = keySize;
+ this.blockSize = blockSize;
+ }
+
+ private static int getKeySize(ASN1ObjectIdentifier kekAlgorithm)
+ {
+ Integer size = (Integer)PasswordRecipientInformation.KEYSIZES.get(kekAlgorithm);
+
+ if (size == null)
+ {
+ throw new IllegalArgumentException("cannot find key size for algorithm: " + kekAlgorithm);
+ }
+
+ return size.intValue();
+ }
+
+ public PasswordRecipientInfoGenerator setPasswordConversionScheme(int schemeID)
+ {
+ this.schemeID = schemeID;
+
+ return this;
+ }
+
+ public PasswordRecipientInfoGenerator setSaltAndIterationCount(byte[] salt, int iterationCount)
+ {
+ this.keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount));
+
+ return this;
+ }
+
+ public PasswordRecipientInfoGenerator setSecureRandom(SecureRandom random)
+ {
+ this.random = random;
+
+ return this;
+ }
+
+ public RecipientInfo generate(GenericKey contentEncryptionKey)
+ throws CMSException
+ {
+ byte[] iv = new byte[blockSize]; /// TODO: set IV size properly!
+
+ if (random == null)
+ {
+ random = new SecureRandom();
+ }
+
+ random.nextBytes(iv);
+
+ if (keyDerivationAlgorithm == null)
+ {
+ byte[] salt = new byte[20];
+
+ random.nextBytes(salt);
+
+ keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, 1024));
+ }
+
+ byte[] encodedPassword = CMSUtils.getPasswordBytes(schemeID, password);
+
+ byte[] derivedKey = calculateDerivedKey(encodedPassword, keyDerivationAlgorithm, keySize);
+
+ AlgorithmIdentifier kekAlgorithmId = new AlgorithmIdentifier(kekAlgorithm, new DEROctetString(iv));
+
+ byte[] encryptedKeyBytes = generateEncryptedBytes(kekAlgorithmId, derivedKey, contentEncryptionKey);
+
+ ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
+
+ ASN1EncodableVector v = new ASN1EncodableVector();
+ v.add(kekAlgorithm);
+ v.add(new DEROctetString(iv));
+
+ AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(
+ PKCSObjectIdentifiers.id_alg_PWRI_KEK, new DERSequence(v));
+
+ return new RecipientInfo(new PasswordRecipientInfo(keyDerivationAlgorithm,
+ keyEncryptionAlgorithm, encryptedKey));
+ }
+
+ protected abstract byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize)
+ throws CMSException;
+
+ protected abstract byte[] generateEncryptedBytes(AlgorithmIdentifier algorithm, byte[] derivedKey, GenericKey contentEncryptionKey)
+ throws CMSException;
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 07:45:18 +0300