diff options
Diffstat (limited to 'pkix/src/main/jdk1.1/org/spongycastle/cms')
16 files changed, 2258 insertions, 0 deletions
diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSAbsentContent.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSAbsentContent.java new file mode 100644 index 00000000..e1d7e586 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSAbsentContent.java @@ -0,0 +1,49 @@ +package org.spongycastle.cms; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.cms.CMSObjectIdentifiers; + +/** + * a class representing null or absent content. + */ +public class CMSAbsentContent + implements CMSTypedData, CMSReadable +{ + private ASN1ObjectIdentifier type; + + public CMSAbsentContent() + { + this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId())); + } + + public CMSAbsentContent( + ASN1ObjectIdentifier type) + { + this.type = type; + } + + public InputStream getInputStream() + { + return null; + } + + public void write(OutputStream zOut) + throws IOException, CMSException + { + // do nothing + } + + public Object getContent() + { + return null; + } + + public ASN1ObjectIdentifier getContentType() + { + return type; + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableByteArray.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableByteArray.java new file mode 100644 index 00000000..6ac965c7 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableByteArray.java @@ -0,0 +1,55 @@ +package org.spongycastle.cms; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.cms.CMSObjectIdentifiers; +import org.spongycastle.util.Arrays; + +/** + * a holding class for a byte array of data to be processed. + */ +public class CMSProcessableByteArray + implements CMSTypedData, CMSReadable +{ + private ASN1ObjectIdentifier type; + private byte[] bytes; + + public CMSProcessableByteArray( + byte[] bytes) + { + this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), bytes); + } + + public CMSProcessableByteArray( + ASN1ObjectIdentifier type, + byte[] bytes) + { + this.type = type; + this.bytes = bytes; + } + + public InputStream getInputStream() + { + return new ByteArrayInputStream(bytes); + } + + public void write(OutputStream zOut) + throws IOException, CMSException + { + zOut.write(bytes); + } + + public Object getContent() + { + return Arrays.clone(bytes); + } + + public ASN1ObjectIdentifier getContentType() + { + return type; + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableFile.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableFile.java new file mode 100644 index 00000000..87b7c4e9 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableFile.java @@ -0,0 +1,80 @@ +package org.spongycastle.cms; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.cms.CMSObjectIdentifiers; + +/** + * a holding class for a file of data to be processed. + */ +public class CMSProcessableFile + implements CMSTypedData, CMSReadable +{ + private static final int DEFAULT_BUF_SIZE = 32 * 1024; + + private ASN1ObjectIdentifier type; + private File file; + private byte[] buf; + + public CMSProcessableFile( + File file) + { + this(file, DEFAULT_BUF_SIZE); + } + + public CMSProcessableFile( + File file, + int bufSize) + { + this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), file, bufSize); + } + + public CMSProcessableFile( + ASN1ObjectIdentifier type, + File file, + int bufSize) + { + this.type = type; + this.file = file; + buf = new byte[bufSize]; + } + + public InputStream getInputStream() + throws IOException, CMSException + { + return new BufferedInputStream(new FileInputStream(file), DEFAULT_BUF_SIZE); + } + + public void write(OutputStream zOut) + throws IOException, CMSException + { + FileInputStream fIn = new FileInputStream(file); + int len; + + while ((len = fIn.read(buf, 0, buf.length)) > 0) + { + zOut.write(buf, 0, len); + } + + fIn.close(); + } + + /** + * Return the file handle. + */ + public Object getContent() + { + return file; + } + + public ASN1ObjectIdentifier getContentType() + { + return type; + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSTypedStream.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSTypedStream.java new file mode 100644 index 00000000..82466af7 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSTypedStream.java @@ -0,0 +1,86 @@ +package org.spongycastle.cms; + +import java.io.BufferedInputStream; +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.spongycastle.util.io.Streams; + +public class CMSTypedStream +{ + private static final int BUF_SIZ = 32 * 1024; + + private ASN1ObjectIdentifier _oid; + private InputStream _in; + + public CMSTypedStream( + InputStream in) + { + this(PKCSObjectIdentifiers.data.getId(), in, BUF_SIZ); + } + + public CMSTypedStream( + String oid, + InputStream in) + { + this(new ASN1ObjectIdentifier(oid), in, BUF_SIZ); + } + + public CMSTypedStream( + String oid, + InputStream in, + int bufSize) + { + this(new ASN1ObjectIdentifier(oid), in, bufSize); + } + + public CMSTypedStream( + ASN1ObjectIdentifier oid, + InputStream in) + { + this(oid, in, BUF_SIZ); + } + + public CMSTypedStream( + ASN1ObjectIdentifier oid, + InputStream in, + int bufSize) + { + _oid = oid; + _in = new FullReaderStream(new BufferedInputStream(in, bufSize)); + } + + public ASN1ObjectIdentifier getContentType() + { + return _oid; + } + + public InputStream getContentStream() + { + return _in; + } + + public void drain() + throws IOException + { + Streams.drain(_in); + _in.close(); + } + + private static class FullReaderStream extends FilterInputStream + { + FullReaderStream(InputStream in) + { + super(in); + } + + public int read(byte[] buf, int off, int len) throws IOException + { + int totalRead = Streams.readFully(super.in, buf, off, len); + return totalRead > 0 ? totalRead : -1; + } + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/OriginatorInfoGenerator.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/OriginatorInfoGenerator.java new file mode 100644 index 00000000..b6cfdd0b --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/OriginatorInfoGenerator.java @@ -0,0 +1,54 @@ +package org.spongycastle.cms; + +import java.util.ArrayList; +import java.util.List; + +import org.spongycastle.asn1.cms.OriginatorInfo; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.util.Store; + +public class OriginatorInfoGenerator +{ + private List origCerts; + private List origCRLs; + + public OriginatorInfoGenerator(X509CertificateHolder origCert) + { + this.origCerts = new ArrayList(1); + this.origCRLs = null; + origCerts.add(origCert.toASN1Structure()); + } + + public OriginatorInfoGenerator(Store origCerts) + throws CMSException + { + this(origCerts, null); + } + + public OriginatorInfoGenerator(Store origCerts, Store origCRLs) + throws CMSException + { + this.origCerts = CMSUtils.getCertificatesFromStore(origCerts); + + if (origCRLs != null) + { + this.origCRLs = CMSUtils.getCRLsFromStore(origCRLs); + } + else + { + this.origCRLs = null; + } + } + + public OriginatorInformation generate() + { + if (origCRLs != null) + { + return new OriginatorInformation(new OriginatorInfo(CMSUtils.createDerSetFromList(origCerts), CMSUtils.createDerSetFromList(origCRLs))); + } + else + { + return new OriginatorInformation(new OriginatorInfo(CMSUtils.createDerSetFromList(origCerts), null)); + } + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/RecipientId.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/RecipientId.java new file mode 100644 index 00000000..f2dd5dff --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/RecipientId.java @@ -0,0 +1,31 @@ +package org.spongycastle.cms; + +import org.spongycastle.util.Selector; + +public abstract class RecipientId + implements Selector +{ + public static final int keyTrans = 0; + public static final int kek = 1; + public static final int keyAgree = 2; + public static final int password = 3; + + private int type; + + protected RecipientId(int type) + { + this.type = type; + } + + /** + * Return the type code for this recipient ID. + * + * @return one of keyTrans, kek, keyAgree, password + */ + public int getType() + { + return type; + } + + public abstract Object clone(); +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/SignerInfoGenerator.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/SignerInfoGenerator.java new file mode 100644 index 00000000..47028b99 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/SignerInfoGenerator.java @@ -0,0 +1,291 @@ +package org.spongycastle.cms; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import org.spongycastle.asn1.ASN1Encoding; +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.ASN1Set; +import org.spongycastle.asn1.DEROctetString; +import org.spongycastle.asn1.DERSet; +import org.spongycastle.asn1.cms.AttributeTable; +import org.spongycastle.asn1.cms.SignerIdentifier; +import org.spongycastle.asn1.cms.SignerInfo; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.operator.ContentSigner; +import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder; +import org.spongycastle.operator.DigestAlgorithmIdentifierFinder; +import org.spongycastle.operator.DigestCalculator; +import org.spongycastle.operator.DigestCalculatorProvider; +import org.spongycastle.operator.OperatorCreationException; +import org.spongycastle.util.Arrays; +import org.spongycastle.util.io.TeeOutputStream; + +public class SignerInfoGenerator +{ + private SignerIdentifier signerIdentifier; + private CMSAttributeTableGenerator sAttrGen; + private CMSAttributeTableGenerator unsAttrGen; + private ContentSigner signer; + private DigestCalculator digester; + private DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); + private CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder; + + private byte[] calculatedDigest = null; + private X509CertificateHolder certHolder; + + SignerInfoGenerator( + SignerIdentifier signerIdentifier, + ContentSigner signer, + DigestCalculatorProvider digesterProvider, + CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder) + throws OperatorCreationException + { + this(signerIdentifier, signer, digesterProvider, sigEncAlgFinder, false); + } + + SignerInfoGenerator( + SignerIdentifier signerIdentifier, + ContentSigner signer, + DigestCalculatorProvider digesterProvider, + CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, + boolean isDirectSignature) + throws OperatorCreationException + { + this.signerIdentifier = signerIdentifier; + this.signer = signer; + + if (digesterProvider != null) + { + this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); + } + else + { + this.digester = null; + } + + if (isDirectSignature) + { + this.sAttrGen = null; + this.unsAttrGen = null; + } + else + { + this.sAttrGen = new DefaultSignedAttributeTableGenerator(); + this.unsAttrGen = null; + } + + this.sigEncAlgFinder = sigEncAlgFinder; + } + + public SignerInfoGenerator( + SignerInfoGenerator original, + CMSAttributeTableGenerator sAttrGen, + CMSAttributeTableGenerator unsAttrGen) + { + this.signerIdentifier = original.signerIdentifier; + this.signer = original.signer; + this.digester = original.digester; + this.sigEncAlgFinder = original.sigEncAlgFinder; + this.sAttrGen = sAttrGen; + this.unsAttrGen = unsAttrGen; + } + + SignerInfoGenerator( + SignerIdentifier signerIdentifier, + ContentSigner signer, + DigestCalculatorProvider digesterProvider, + CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, + CMSAttributeTableGenerator sAttrGen, + CMSAttributeTableGenerator unsAttrGen) + throws OperatorCreationException + { + this.signerIdentifier = signerIdentifier; + this.signer = signer; + + if (digesterProvider != null) + { + this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); + } + else + { + this.digester = null; + } + + this.sAttrGen = sAttrGen; + this.unsAttrGen = unsAttrGen; + this.sigEncAlgFinder = sigEncAlgFinder; + } + + public SignerIdentifier getSID() + { + return signerIdentifier; + } + + public int getGeneratedVersion() + { + return signerIdentifier.isTagged() ? 3 : 1; + } + + public boolean hasAssociatedCertificate() + { + return certHolder != null; + } + + public X509CertificateHolder getAssociatedCertificate() + { + return certHolder; + } + + public AlgorithmIdentifier getDigestAlgorithm() + { + if (digester != null) + { + return digester.getAlgorithmIdentifier(); + } + + return digAlgFinder.find(signer.getAlgorithmIdentifier()); + } + + public OutputStream getCalculatingOutputStream() + { + if (digester != null) + { + if (sAttrGen == null) + { + return new TeeOutputStream(digester.getOutputStream(), signer.getOutputStream()); + } + return digester.getOutputStream(); + } + else + { + return signer.getOutputStream(); + } + } + + public SignerInfo generate(ASN1ObjectIdentifier contentType) + throws CMSException + { + try + { + /* RFC 3852 5.4 + * The result of the message digest calculation process depends on + * whether the signedAttrs field is present. When the field is absent, + * the result is just the message digest of the content as described + * + * above. When the field is present, however, the result is the message + * digest of the complete DER encoding of the SignedAttrs value + * contained in the signedAttrs field. + */ + ASN1Set signedAttr = null; + + AlgorithmIdentifier digestAlg = null; + + if (sAttrGen != null) + { + digestAlg = digester.getAlgorithmIdentifier(); + calculatedDigest = digester.getDigest(); + Map parameters = getBaseParameters(contentType, digester.getAlgorithmIdentifier(), calculatedDigest); + AttributeTable signed = sAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); + + signedAttr = getAttributeSet(signed); + + // sig must be composed from the DER encoding. + OutputStream sOut = signer.getOutputStream(); + + sOut.write(signedAttr.getEncoded(ASN1Encoding.DER)); + + sOut.close(); + } + else + { + if (digester != null) + { + digestAlg = digester.getAlgorithmIdentifier(); + calculatedDigest = digester.getDigest(); + } + else + { + digestAlg = digAlgFinder.find(signer.getAlgorithmIdentifier()); + calculatedDigest = null; + } + } + + byte[] sigBytes = signer.getSignature(); + + ASN1Set unsignedAttr = null; + if (unsAttrGen != null) + { + Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest); + parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes)); + + AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); + + unsignedAttr = getAttributeSet(unsigned); + } + + AlgorithmIdentifier digestEncryptionAlgorithm = sigEncAlgFinder.findEncryptionAlgorithm(signer.getAlgorithmIdentifier()); + + return new SignerInfo(signerIdentifier, digestAlg, + signedAttr, digestEncryptionAlgorithm, new DEROctetString(sigBytes), unsignedAttr); + } + catch (IOException e) + { + throw new CMSException("encoding error.", e); + } + } + + void setAssociatedCertificate(X509CertificateHolder certHolder) + { + this.certHolder = certHolder; + } + + private ASN1Set getAttributeSet( + AttributeTable attr) + { + if (attr != null) + { + return new DERSet(attr.toASN1EncodableVector()); + } + + return null; + } + + private Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) + { + Map param = new HashMap(); + + if (contentType != null) + { + param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); + } + + param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); + param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); + return param; + } + + public byte[] getCalculatedDigest() + { + if (calculatedDigest != null) + { + return Arrays.clone(calculatedDigest); + } + + return null; + } + + public CMSAttributeTableGenerator getSignedAttributeTableGenerator() + { + return sAttrGen; + } + + public CMSAttributeTableGenerator getUnsignedAttributeTableGenerator() + { + return unsAttrGen; + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/EnvelopedDataHelper.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/EnvelopedDataHelper.java new file mode 100644 index 00000000..56f6f2f2 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/EnvelopedDataHelper.java @@ -0,0 +1,671 @@ +package org.spongycastle.cms.jcajce; + +import java.security.AlgorithmParameterGenerator; +import java.security.AlgorithmParameters; +import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; +import java.util.HashMap; +import java.util.Map; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.RC2ParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.spongycastle.asn1.ASN1Encodable; +import org.spongycastle.asn1.ASN1Null; +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.ASN1OctetString; +import org.spongycastle.asn1.DERNull; +import org.spongycastle.asn1.DEROctetString; +import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.spongycastle.asn1.pkcs.RC2CBCParameter; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.cms.CMSAlgorithm; +import org.spongycastle.cms.CMSEnvelopedDataGenerator; +import org.spongycastle.cms.CMSException; +import org.spongycastle.operator.DefaultSecretKeySizeProvider; +import org.spongycastle.operator.GenericKey; +import org.spongycastle.operator.SecretKeySizeProvider; +import org.spongycastle.operator.SymmetricKeyUnwrapper; +import org.spongycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; + +public class EnvelopedDataHelper +{ + protected static final SecretKeySizeProvider KEY_SIZE_PROVIDER = DefaultSecretKeySizeProvider.INSTANCE; + + protected static final Map BASE_CIPHER_NAMES = new HashMap(); + protected static final Map CIPHER_ALG_NAMES = new HashMap(); + protected static final Map MAC_ALG_NAMES = new HashMap(); + + static + { + BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_CBC, "DES"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.AES128_CBC, "AES"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.AES192_CBC, "AES"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.AES256_CBC, "AES"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia"); + BASE_CIPHER_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED"); + BASE_CIPHER_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); + + CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_CBC, "DES/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AES/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AES/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AES/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED/CBC/PKCS5Padding"); + CIPHER_ALG_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); + + MAC_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDEMac"); + MAC_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AESMac"); + MAC_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AESMac"); + MAC_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AESMac"); + MAC_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2Mac"); + } + + private static final short[] rc2Table = { + 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, + 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, + 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, + 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, + 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, + 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, + 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, + 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, + 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, + 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, + 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, + 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, + 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, + 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, + 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, + 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab + }; + + private static final short[] rc2Ekb = { + 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, + 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, + 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, + 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, + 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, + 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, + 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, + 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, + 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, + 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, + 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, + 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, + 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, + 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, + 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, + 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd + }; + + private JcaJceExtHelper helper; + + EnvelopedDataHelper(JcaJceExtHelper helper) + { + this.helper = helper; + } + + String getBaseCipherName(ASN1ObjectIdentifier algorithm) + { + String name = (String)BASE_CIPHER_NAMES.get(algorithm); + + if (name == null) + { + return algorithm.getId(); + } + + return name; + } + + Key getJceKey(GenericKey key) + { + if (key.getRepresentation() instanceof Key) + { + return (Key)key.getRepresentation(); + } + + if (key.getRepresentation() instanceof byte[]) + { + return new SecretKeySpec((byte[])key.getRepresentation(), "ENC"); + } + + throw new IllegalArgumentException("unknown generic key type"); + } + + public Key getJceKey(ASN1ObjectIdentifier algorithm, GenericKey key) + { + if (key.getRepresentation() instanceof Key) + { + return (Key)key.getRepresentation(); + } + + if (key.getRepresentation() instanceof byte[]) + { + return new SecretKeySpec((byte[])key.getRepresentation(), getBaseCipherName(algorithm)); + } + + throw new IllegalArgumentException("unknown generic key type"); + } + + public void keySizeCheck(AlgorithmIdentifier keyAlgorithm, Key key) + throws CMSException + { + int expectedKeySize = EnvelopedDataHelper.KEY_SIZE_PROVIDER.getKeySize(keyAlgorithm); + if (expectedKeySize > 0) + { + byte[] keyEnc = null; + + try + { + keyEnc = key.getEncoded(); + } + catch (Exception e) + { + // ignore - we're using a HSM... + } + + if (keyEnc != null) + { + if (keyEnc.length * 8 != expectedKeySize) + { + throw new CMSException("Expected key size for algorithm OID not found in recipient."); + } + } + } + } + + Cipher createCipher(ASN1ObjectIdentifier algorithm) + throws CMSException + { + try + { + String cipherName = (String)CIPHER_ALG_NAMES.get(algorithm); + + if (cipherName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createCipher(cipherName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createCipher(algorithm.getId()); + } + catch (Exception e) + { + throw new CMSException("cannot create cipher: " + e.getMessage(), e); + } + } + + Mac createMac(ASN1ObjectIdentifier algorithm) + throws CMSException + { + try + { + String macName = (String)MAC_ALG_NAMES.get(algorithm); + + if (macName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createMac(macName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createMac(algorithm.getId()); + } + catch (Exception e) + { + throw new CMSException("cannot create mac: " + e.getMessage(), e); + } + } + + Cipher createRFC3211Wrapper(ASN1ObjectIdentifier algorithm) + throws CMSException + { + String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); + + if (cipherName == null) + { + throw new CMSException("no name for " + algorithm); + } + + cipherName += "RFC3211Wrap"; + + try + { + return helper.createCipher(cipherName); + } + catch (Exception e) + { + throw new CMSException("cannot create cipher: " + e.getMessage(), e); + } + } + + KeyAgreement createKeyAgreement(ASN1ObjectIdentifier algorithm) + throws CMSException + { + try + { + String agreementName = (String)BASE_CIPHER_NAMES.get(algorithm); + + if (agreementName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createKeyAgreement(agreementName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createKeyAgreement(algorithm.getId()); + } + catch (Exception e) + { + throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); + } + } + + AlgorithmParameterGenerator createAlgorithmParameterGenerator(ASN1ObjectIdentifier algorithm) + throws CMSException + { + String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); + + try + { + if (algorithmName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createAlgorithmParameterGenerator(algorithmName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createAlgorithmParameterGenerator(algorithm.getId()); + } + catch (Exception e) + { + throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); + } + } + + public Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID) + throws CMSException + { + return (Cipher)execute(new JCECallback() + { + public Object doInJCE() + throws CMSException, InvalidAlgorithmParameterException, + InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, + NoSuchPaddingException, NoSuchProviderException + { + Cipher cipher = createCipher(encryptionAlgID.getAlgorithm()); + ASN1Encodable sParams = encryptionAlgID.getParameters(); + String encAlg = encryptionAlgID.getAlgorithm().getId(); + + if (sParams != null && !(sParams instanceof ASN1Null)) + { + try + { + AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm()); + + CMSUtils.loadParameters(params, sParams); + + cipher.init(Cipher.DECRYPT_MODE, sKey, params); + } + catch (NoSuchAlgorithmException e) + { + if (encAlg.equals(CMSAlgorithm.DES_CBC.getId()) + || encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) + || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) + || encAlg.equals(CMSEnvelopedDataGenerator.AES128_CBC) + || encAlg.equals(CMSEnvelopedDataGenerator.AES192_CBC) + || encAlg.equals(CMSEnvelopedDataGenerator.AES256_CBC)) + { + cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec( + ASN1OctetString.getInstance(sParams).getOctets())); + } + else + { + throw e; + } + } + } + else + { + if (encAlg.equals(CMSAlgorithm.DES_CBC.getId()) + || encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) + || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) + || encAlg.equals(CMSEnvelopedDataGenerator.CAST5_CBC)) + { + cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8])); + } + else + { + cipher.init(Cipher.DECRYPT_MODE, sKey); + } + } + + return cipher; + } + }); + } + + Mac createContentMac(final Key sKey, final AlgorithmIdentifier macAlgId) + throws CMSException + { + return (Mac)execute(new JCECallback() + { + public Object doInJCE() + throws CMSException, InvalidAlgorithmParameterException, + InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, + NoSuchPaddingException, NoSuchProviderException + { + Mac mac = createMac(macAlgId.getAlgorithm()); + ASN1Encodable sParams = macAlgId.getParameters(); + String macAlg = macAlgId.getAlgorithm().getId(); + + if (sParams != null && !(sParams instanceof ASN1Null)) + { + try + { + AlgorithmParameters params = createAlgorithmParameters(macAlgId.getAlgorithm()); + + CMSUtils.loadParameters(params, sParams); + + mac.init(sKey, params.getParameterSpec(IvParameterSpec.class)); + } + catch (NoSuchAlgorithmException e) + { + throw e; + } + } + else + { + mac.init(sKey); + } + + return mac; + } + }); + } + + AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm) + throws NoSuchAlgorithmException, NoSuchProviderException + { + String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); + + if (algorithmName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createAlgorithmParameters(algorithmName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createAlgorithmParameters(algorithm.getId()); + } + + + KeyPairGenerator createKeyPairGenerator(ASN1ObjectIdentifier algorithm) + throws CMSException + { + try + { + String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); + + if (cipherName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createKeyPairGenerator(cipherName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createKeyPairGenerator(algorithm.getId()); + } + catch (Exception e) + { + throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); + } + } + + public KeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm) + throws CMSException + { + try + { + String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); + + if (cipherName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createKeyGenerator(cipherName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createKeyGenerator(algorithm.getId()); + } + catch (Exception e) + { + throw new CMSException("cannot create key generator: " + e.getMessage(), e); + } + } + + AlgorithmParameters generateParameters(ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand) + throws CMSException + { + try + { + AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID); + + if (encryptionOID.equals(CMSAlgorithm.RC2_CBC)) + { + byte[] iv = new byte[8]; + + rand.nextBytes(iv); + + try + { + pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand); + } + catch (InvalidAlgorithmParameterException e) + { + throw new CMSException("parameters generation error: " + e, e); + } + } + + return pGen.generateParameters(); + } + catch (Exception e) + { + throw new CMSException("exception creating algorithm parameter generator: " + e, e); + } + } + + AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params) + throws CMSException + { + ASN1Encodable asn1Params; + if (params != null) + { + asn1Params = CMSUtils.extractParameters(params); + } + else + { + asn1Params = DERNull.INSTANCE; + } + + return new AlgorithmIdentifier( + encryptionOID, + asn1Params); + } + + static Object execute(JCECallback callback) throws CMSException + { + try + { + return callback.doInJCE(); + } + catch (NoSuchAlgorithmException e) + { + throw new CMSException("can't find algorithm.", e); + } + catch (InvalidKeyException e) + { + throw new CMSException("key invalid in message.", e); + } + catch (NoSuchProviderException e) + { + throw new CMSException("can't find provider.", e); + } + catch (NoSuchPaddingException e) + { + throw new CMSException("required padding not supported.", e); + } + catch (InvalidAlgorithmParameterException e) + { + throw new CMSException("algorithm parameters invalid.", e); + } + catch (InvalidParameterSpecException e) + { + throw new CMSException("MAC algorithm parameter spec invalid.", e); + } + } + + public KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm) + throws CMSException + { + try + { + String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); + + if (cipherName != null) + { + try + { + // this is reversed as the Sun policy files now allow unlimited strength RSA + return helper.createKeyFactory(cipherName); + } + catch (NoSuchAlgorithmException e) + { + // Ignore + } + } + return helper.createKeyFactory(algorithm.getId()); + } + catch (Exception e) + { + throw new CMSException("cannot create key factory: " + e.getMessage(), e); + } + } + + public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey) + { + return helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); + } + + public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey) + { + return helper.createSymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); + } + + public AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier macOID, AlgorithmParameterSpec paramSpec) + { + if (paramSpec instanceof IvParameterSpec) + { + return new AlgorithmIdentifier(macOID, new DEROctetString(((IvParameterSpec)paramSpec).getIV())); + } + + if (paramSpec instanceof RC2ParameterSpec) + { + RC2ParameterSpec rc2Spec = (RC2ParameterSpec)paramSpec; + + int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); + + if (effKeyBits != -1) + { + int parameterVersion; + + if (effKeyBits < 256) + { + parameterVersion = rc2Table[effKeyBits]; + } + else + { + parameterVersion = effKeyBits; + } + + return new AlgorithmIdentifier(macOID, new RC2CBCParameter(parameterVersion, rc2Spec.getIV())); + } + + return new AlgorithmIdentifier(macOID, new RC2CBCParameter(rc2Spec.getIV())); + } + + throw new IllegalStateException("unknown parameter spec: " + paramSpec); + } + + static interface JCECallback + { + Object doInJCE() + throws CMSException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException, + NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException; + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaSelectorConverter.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaSelectorConverter.java new file mode 100644 index 00000000..6f022467 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaSelectorConverter.java @@ -0,0 +1,54 @@ +package org.spongycastle.cms.jcajce; + +import java.security.cert.X509CertSelector; + +import org.spongycastle.asn1.ASN1OctetString; +import org.spongycastle.asn1.x500.X500Name; +import org.spongycastle.cms.KeyTransRecipientId; +import org.spongycastle.cms.SignerId; + +public class JcaSelectorConverter +{ + public JcaSelectorConverter() + { + + } + + public SignerId getSignerId(X509CertSelector certSelector) + { +try +{ + if (certSelector.getSubjectKeyIdentifier() != null) + { + return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); + } + else + { + return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); + } +} +catch (Exception e) +{ + throw new IllegalArgumentException("conversion failed: " + e.toString()); +} + } + + public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector) + { +try +{ + if (certSelector.getSubjectKeyIdentifier() != null) + { + return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); + } + else + { + return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); + } +} +catch (Exception e) +{ + throw new IllegalArgumentException("conversion failed: " + e.toString()); +} + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaX509CertSelectorConverter.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaX509CertSelectorConverter.java new file mode 100644 index 00000000..ceb138ed --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaX509CertSelectorConverter.java @@ -0,0 +1,24 @@ +package org.spongycastle.cms.jcajce; + +import java.security.cert.X509CertSelector; + +import org.spongycastle.cms.KeyTransRecipientId; +import org.spongycastle.cms.SignerId; + +public class JcaX509CertSelectorConverter + extends org.spongycastle.cert.selector.jcajce.JcaX509CertSelectorConverter +{ + public JcaX509CertSelectorConverter() + { + } + + public X509CertSelector getCertSelector(KeyTransRecipientId recipientId) + { + return doConversion(recipientId.getIssuer(), recipientId.getSerialNumber(), recipientId.getSubjectKeyIdentifier()); + } + + public X509CertSelector getCertSelector(SignerId signerId) + { + return doConversion(signerId.getIssuer(), signerId.getSerialNumber(), signerId.getSubjectKeyIdentifier()); + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java new file mode 100644 index 00000000..b4bdd4ad --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java @@ -0,0 +1,166 @@ +package org.spongycastle.cms.jcajce; + +import java.io.OutputStream; +import java.security.AlgorithmParameters; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Provider; +import java.security.SecureRandom; +import java.util.HashMap; +import java.util.Map; + +import javax.crypto.Cipher; +import javax.crypto.CipherOutputStream; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.cms.CMSAlgorithm; +import org.spongycastle.cms.CMSException; +import org.spongycastle.operator.GenericKey; +import org.spongycastle.operator.OutputEncryptor; +import org.spongycastle.util.Integers; + +public class JceCMSContentEncryptorBuilder +{ + private static Map keySizes = new HashMap(); + + static + { + keySizes.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(128)); + keySizes.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(192)); + keySizes.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(256)); + + keySizes.put(CMSAlgorithm.CAMELLIA128_CBC, Integers.valueOf(128)); + keySizes.put(CMSAlgorithm.CAMELLIA192_CBC, Integers.valueOf(192)); + keySizes.put(CMSAlgorithm.CAMELLIA256_CBC, Integers.valueOf(256)); + } + + private static int getKeySize(ASN1ObjectIdentifier oid) + { + Integer size = (Integer)keySizes.get(oid); + + if (size != null) + { + return size.intValue(); + } + + return -1; + } + + private ASN1ObjectIdentifier encryptionOID; + private int keySize; + + private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); + private SecureRandom random; + + public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID) + { + this(encryptionOID, getKeySize(encryptionOID)); + } + + public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize) + { + this.encryptionOID = encryptionOID; + this.keySize = keySize; + } + + public JceCMSContentEncryptorBuilder setProvider(Provider provider) + { + this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); + + return this; + } + + public JceCMSContentEncryptorBuilder setProvider(String providerName) + { + this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); + + return this; + } + + public JceCMSContentEncryptorBuilder setSecureRandom(SecureRandom random) + { + this.random = random; + + return this; + } + + public OutputEncryptor build() + throws CMSException + { + return new CMSOutputEncryptor(encryptionOID, keySize, random); + } + + private class CMSOutputEncryptor + implements OutputEncryptor + { + private SecretKey encKey; + private AlgorithmIdentifier algorithmIdentifier; + private Cipher cipher; + + CMSOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) + throws CMSException + { + KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID); + + if (random == null) + { + random = new SecureRandom(); + } + + if (keySize < 0) + { + keyGen.init(random); + } + else + { + keyGen.init(keySize, random); + } + + cipher = helper.createCipher(encryptionOID); + encKey = keyGen.generateKey(); + AlgorithmParameters params = helper.generateParameters(encryptionOID, encKey, random); + + try + { + cipher.init(Cipher.ENCRYPT_MODE, encKey, params, random); + } + catch (InvalidKeyException e) + { + throw new CMSException("unable to initialize cipher: " + e.getMessage(), e); + } + catch (GeneralSecurityException e) + { + throw new CMSException("unable to initialize cipher: " + e.getMessage(), e); + } + + // + // If params are null we try and second guess on them as some providers don't provide + // algorithm parameter generation explicity but instead generate them under the hood. + // + if (params == null) + { + params = cipher.getParameters(); + } + + algorithmIdentifier = helper.getAlgorithmIdentifier(encryptionOID, params); + } + + public AlgorithmIdentifier getAlgorithmIdentifier() + { + return algorithmIdentifier; + } + + public OutputStream getOutputStream(OutputStream dOut) + { + return new CipherOutputStream(dOut, cipher); + } + + public GenericKey getKey() + { + return new GenericKey(encKey); + } + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipient.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipient.java new file mode 100644 index 00000000..93c11b21 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipient.java @@ -0,0 +1,184 @@ +package org.spongycastle.cms.jcajce; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.ASN1OctetString; +import org.spongycastle.asn1.ASN1Primitive; +import org.spongycastle.asn1.cms.ecc.MQVuserKeyingMaterial; +import org.spongycastle.asn1.pkcs.PrivateKeyInfo; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; +import org.spongycastle.cms.CMSEnvelopedGenerator; +import org.spongycastle.cms.CMSException; +import org.spongycastle.cms.KeyAgreeRecipient; +import org.spongycastle.jce.spec.MQVPrivateKeySpec; +import org.spongycastle.jce.spec.MQVPublicKeySpec; + +public abstract class JceKeyAgreeRecipient + implements KeyAgreeRecipient +{ + private PrivateKey recipientKey; + protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); + protected EnvelopedDataHelper contentHelper = helper; + + public JceKeyAgreeRecipient(PrivateKey recipientKey) + { + this.recipientKey = recipientKey; + } + + /** + * Set the provider to use for key recovery and content processing. + * + * @param provider provider to use. + * @return this recipient. + */ + public JceKeyAgreeRecipient setProvider(Provider provider) + { + this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); + this.contentHelper = helper; + + return this; + } + + /** + * Set the provider to use for key recovery and content processing. + * + * @param providerName the name of the provider to use. + * @return this recipient. + */ + public JceKeyAgreeRecipient setProvider(String providerName) + { + this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); + this.contentHelper = helper; + + return this; + } + + /** + * Set the provider to use for content processing. If providerName is null a "no provider" search will be + * used to satisfy getInstance calls. + * + * @param provider the provider to use. + * @return this recipient. + */ + public JceKeyAgreeRecipient setContentProvider(Provider provider) + { + this.contentHelper = CMSUtils.createContentHelper(provider); + + return this; + } + + /** + * Set the provider to use for content processing. If providerName is null a "no provider" search will be + * used to satisfy getInstance calls. + * + * @param providerName the name of the provider to use. + * @return this recipient. + */ + public JceKeyAgreeRecipient setContentProvider(String providerName) + { + this.contentHelper = CMSUtils.createContentHelper(providerName); + + return this; + } + + private SecretKey calculateAgreedWrapKey(AlgorithmIdentifier keyEncAlg, ASN1ObjectIdentifier wrapAlg, + PublicKey senderPublicKey, ASN1OctetString userKeyingMaterial, PrivateKey receiverPrivateKey) + throws CMSException, GeneralSecurityException, IOException, InvalidKeyException, NoSuchAlgorithmException + { + String agreeAlg = keyEncAlg.getAlgorithm().getId(); + + if (agreeAlg.equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) + { + byte[] ukmEncoding = userKeyingMaterial.getOctets(); + MQVuserKeyingMaterial ukm = MQVuserKeyingMaterial.getInstance( + ASN1Primitive.fromByteArray(ukmEncoding)); + + SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo( + getPrivateKeyAlgorithmIdentifier(), + ukm.getEphemeralPublicKey().getPublicKey().getBytes()); + + X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded()); + KeyFactory fact = helper.createKeyFactory(keyEncAlg.getAlgorithm()); + PublicKey ephemeralKey = fact.generatePublic(pubSpec); + + senderPublicKey = new MQVPublicKeySpec(senderPublicKey, ephemeralKey); + receiverPrivateKey = new MQVPrivateKeySpec(receiverPrivateKey, receiverPrivateKey); + } + + KeyAgreement agreement = helper.createKeyAgreement(keyEncAlg.getAlgorithm()); + + agreement.init(receiverPrivateKey); + agreement.doPhase(senderPublicKey, true); + + return agreement.generateSecret(wrapAlg.getId()); + } + + private Key unwrapSessionKey(ASN1ObjectIdentifier wrapAlg, SecretKey agreedKey, ASN1ObjectIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) + throws CMSException, InvalidKeyException, NoSuchAlgorithmException + { + Cipher keyCipher = helper.createCipher(wrapAlg); + keyCipher.init(Cipher.UNWRAP_MODE, agreedKey); + return keyCipher.unwrap(encryptedContentEncryptionKey, helper.getBaseCipherName(contentEncryptionAlgorithm), Cipher.SECRET_KEY); + } + + protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentEncryptionKey) + throws CMSException + { + try + { + ASN1ObjectIdentifier wrapAlg = + AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters()).getAlgorithm(); + + X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(senderKey.getEncoded()); + KeyFactory fact = helper.createKeyFactory(keyEncryptionAlgorithm.getAlgorithm()); + PublicKey senderPublicKey = fact.generatePublic(pubSpec); + + SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, + senderPublicKey, userKeyingMaterial, recipientKey); + + return unwrapSessionKey(wrapAlg, agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey); + } + catch (NoSuchAlgorithmException e) + { + throw new CMSException("can't find algorithm.", e); + } + catch (InvalidKeyException e) + { + throw new CMSException("key invalid in message.", e); + } + catch (InvalidKeySpecException e) + { + throw new CMSException("originator key spec invalid.", e); + } + catch (NoSuchPaddingException e) + { + throw new CMSException("required padding not supported.", e); + } + catch (Exception e) + { + throw new CMSException("originator key invalid.", e); + } + } + + public AlgorithmIdentifier getPrivateKeyAlgorithmIdentifier() + { + return PrivateKeyInfo.getInstance(recipientKey.getEncoded()).getAlgorithmId(); + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java new file mode 100644 index 00000000..b3782884 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java @@ -0,0 +1,212 @@ +package org.spongycastle.cms.jcajce; + +import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.SecretKey; + +import org.spongycastle.asn1.ASN1Encodable; +import org.spongycastle.asn1.ASN1EncodableVector; +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.ASN1OctetString; +import org.spongycastle.asn1.ASN1Sequence; +import org.spongycastle.asn1.DEROctetString; +import org.spongycastle.asn1.DERSequence; +import org.spongycastle.asn1.cms.KeyAgreeRecipientIdentifier; +import org.spongycastle.asn1.cms.RecipientEncryptedKey; +import org.spongycastle.asn1.cms.RecipientKeyIdentifier; +import org.spongycastle.asn1.cms.ecc.MQVuserKeyingMaterial; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; +import org.spongycastle.cms.CMSAlgorithm; +import org.spongycastle.cms.CMSEnvelopedGenerator; +import org.spongycastle.cms.CMSException; +import org.spongycastle.cms.KeyAgreeRecipientInfoGenerator; +import org.spongycastle.jce.interfaces.ECPublicKey; +import org.spongycastle.jce.spec.ECParameterSpec; +import org.spongycastle.jce.spec.MQVPrivateKeySpec; +import org.spongycastle.jce.spec.MQVPublicKeySpec; +import org.spongycastle.operator.GenericKey; + +public class JceKeyAgreeRecipientInfoGenerator + extends KeyAgreeRecipientInfoGenerator +{ + private List recipientIDs = new ArrayList(); + private List recipientKeys = new ArrayList(); + private PublicKey senderPublicKey; + private PrivateKey senderPrivateKey; + + private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); + private SecureRandom random; + private KeyPair ephemeralKP; + + public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, PrivateKey senderPrivateKey, PublicKey senderPublicKey, ASN1ObjectIdentifier keyEncryptionOID) + { + super(keyAgreementOID, SubjectPublicKeyInfo.getInstance(senderPublicKey.getEncoded()), keyEncryptionOID); + + this.senderPublicKey = senderPublicKey; + this.senderPrivateKey = senderPrivateKey; + } + + public JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider) + { + this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); + + return this; + } + + public JceKeyAgreeRecipientInfoGenerator setProvider(String providerName) + { + this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); + + return this; + } + + public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom random) + { + this.random = random; + + return this; + } + + /** + * Add a recipient based on the passed in certificate's public key and its issuer and serial number. + * + * @param recipientCert recipient's certificate + * @return the current instance. + * @throws CertificateEncodingException if the necessary data cannot be extracted from the certificate. + */ + public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate recipientCert) + throws CertificateEncodingException + { + recipientIDs.add(new KeyAgreeRecipientIdentifier(CMSUtils.getIssuerAndSerialNumber(recipientCert))); + recipientKeys.add(recipientCert.getPublicKey()); + + return this; + } + + /** + * Add a recipient identified by the passed in subjectKeyID and the for the passed in public key. + * + * @param subjectKeyID identifier actual recipient will use to match the private key. + * @param publicKey the public key for encrypting the secret key. + * @return the current instance. + * @throws CertificateEncodingException + */ + public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] subjectKeyID, PublicKey publicKey) + throws CertificateEncodingException + { + recipientIDs.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(subjectKeyID))); + recipientKeys.add(publicKey); + + return this; + } + + public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey) + throws CMSException + { + init(keyAgreeAlgorithm.getAlgorithm()); + + PrivateKey senderPrivateKey = this.senderPrivateKey; + + ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm(); + + if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) + { + senderPrivateKey = new MQVPrivateKeySpec( + senderPrivateKey, ephemeralKP.getPrivate(), ephemeralKP.getPublic()); + } + + ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector(); + for (int i = 0; i != recipientIDs.size(); i++) + { + PublicKey recipientPublicKey = (PublicKey)recipientKeys.get(i); + KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier)recipientIDs.get(i); + + if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) + { + recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey); + } + + try + { + // Use key agreement to choose a wrap key for this recipient + KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID); + keyAgreement.init(senderPrivateKey, random); + keyAgreement.doPhase(recipientPublicKey, true); + SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncryptionAlgorithm.getAlgorithm().getId()); + + // Wrap the content encryption key with the agreement key + Cipher keyEncryptionCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm()); + + keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random); + + byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey)); + + ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes); + + recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey)); + } + catch (NoSuchAlgorithmException e) + { + throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); + } + catch (InvalidKeyException e) + { + throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); + } + catch (GeneralSecurityException e) + { + throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); + } + } + + return new DERSequence(recipientEncryptedKeys); + } + + protected ASN1Encodable getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlg) + throws CMSException + { + init(keyAgreeAlg.getAlgorithm()); + + if (ephemeralKP != null) + { + return new MQVuserKeyingMaterial( + createOriginatorPublicKey(SubjectPublicKeyInfo.getInstance(ephemeralKP.getPublic().getEncoded())), null); + } + + return null; + } + + private void init(ASN1ObjectIdentifier keyAgreementOID) + throws CMSException + { + if (random == null) + { + random = new SecureRandom(); + } + + if (keyAgreementOID.equals(CMSAlgorithm.ECMQV_SHA1KDF)) + { + if (ephemeralKP == null) + { + throw new CMSException( + "cannot determine MQV ephemeral key pair parameters from public key"); + } + } + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipient.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipient.java new file mode 100644 index 00000000..31e8729b --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipient.java @@ -0,0 +1,107 @@ +package org.spongycastle.cms.jcajce; + +import java.security.InvalidKeyException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Key; +import java.security.Provider; + +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.spongycastle.asn1.ASN1OctetString; +import org.spongycastle.asn1.pkcs.PBKDF2Params; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.cms.CMSException; +import org.spongycastle.cms.PasswordRecipient; +import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.spongycastle.crypto.params.KeyParameter; + +/** + * the RecipientInfo class for a recipient who has been sent a message + * encrypted using a password. + */ +public abstract class JcePasswordRecipient + implements PasswordRecipient +{ + private int schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8; + protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); + private char[] password; + + JcePasswordRecipient( + char[] password) + { + this.password = password; + } + + public JcePasswordRecipient setPasswordConversionScheme(int schemeID) + { + this.schemeID = schemeID; + + return this; + } + + public JcePasswordRecipient setProvider(Provider provider) + { + this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); + + return this; + } + + public JcePasswordRecipient setProvider(String providerName) + { + this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); + + return this; + } + + protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) + throws CMSException + { + Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); + + try + { + IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); + + keyEncryptionCipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); + + return keyEncryptionCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY); + } + catch (NoSuchAlgorithmException e) + { + throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); + } + catch (InvalidKeyException e) + { + throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); + } + catch (InvalidAlgorithmParameterException e) + { + throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); + } + } + + public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + + public int getPasswordConversionScheme() + { + return schemeID; + } + + public char[] getPassword() + { + return password; + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java new file mode 100644 index 00000000..ae706b10 --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java @@ -0,0 +1,81 @@ +package org.spongycastle.cms.jcajce; + +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.Provider; + +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.ASN1OctetString; +import org.spongycastle.asn1.pkcs.PBKDF2Params; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.cms.CMSException; +import org.spongycastle.cms.PasswordRecipientInfoGenerator; +import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.spongycastle.crypto.params.KeyParameter; +import org.spongycastle.operator.GenericKey; + +public class JcePasswordRecipientInfoGenerator + extends PasswordRecipientInfoGenerator +{ + private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); + + public JcePasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password) + { + super(kekAlgorithm, password); + } + + public JcePasswordRecipientInfoGenerator setProvider(Provider provider) + { + this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); + + return this; + } + + public JcePasswordRecipientInfoGenerator setProvider(String providerName) + { + this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); + + return this; + } + + protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + + public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) + throws CMSException + { + Key contentEncryptionKeySpec = helper.getJceKey(contentEncryptionKey); + Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); + + try + { + IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); + + keyEncryptionCipher.init(Cipher.WRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); + + return keyEncryptionCipher.wrap(contentEncryptionKeySpec); + } + catch (GeneralSecurityException e) + { + throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); + } + catch (InvalidKeyException e) + { + throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); + } + } +} diff --git a/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/ZlibExpanderProvider.java b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/ZlibExpanderProvider.java new file mode 100644 index 00000000..880dc2ce --- /dev/null +++ b/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/ZlibExpanderProvider.java @@ -0,0 +1,113 @@ +package org.spongycastle.cms.jcajce; + +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.zip.InflaterInputStream; + +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.operator.InputExpander; +import org.spongycastle.operator.InputExpanderProvider; +import org.spongycastle.util.io.StreamOverflowException; + +public class ZlibExpanderProvider + implements InputExpanderProvider +{ + private long limit; + + public ZlibExpanderProvider() + { + this.limit = -1; + } + + /** + * Create a provider which caps the number of expanded bytes that can be produced when the + * compressed stream is parsed. + * + * @param limit max number of bytes allowed in an expanded stream. + */ + public ZlibExpanderProvider(long limit) + { + this.limit = limit; + } + + public InputExpander get(final AlgorithmIdentifier algorithm) + { + return new InputExpander() + { + public AlgorithmIdentifier getAlgorithmIdentifier() + { + return algorithm; + } + + public InputStream getInputStream(InputStream comIn) + { + InputStream s = new InflaterInputStream(comIn); + if (limit >= 0) + { + s = new LimitedInputStream(s, limit); + } + return s; + } + }; + } + + private static class LimitedInputStream + extends FilterInputStream + { + private long remaining; + + public LimitedInputStream(InputStream input, long limit) + { + super(input); + + this.remaining = limit; + } + + public int read() + throws IOException + { + // Only a single 'extra' byte will ever be read + if (remaining >= 0) + { + int b = super.in.read(); + if (b < 0 || --remaining >= 0) + { + return b; + } + } + + throw new StreamOverflowException("expanded byte limit exceeded"); + } + + public int read(byte[] buf, int off, int len) + throws IOException + { + if (len < 1) + { + // This will give correct exceptions/returns for strange lengths + return super.read(buf, off, len); + } + + if (remaining < 1) + { + // Will either return EOF or throw exception + read(); + return -1; + } + + /* + * Limit the underlying request to 'remaining' bytes. This ensures the + * caller will see the full 'limit' bytes before getting an exception. + * Also, only one extra byte will ever be read. + */ + int actualLen = (remaining > len ? len : (int)remaining); + int numRead = super.in.read(buf, off, actualLen); + if (numRead > 0) + { + remaining -= numRead; + } + return numRead; + } + } +} |