1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
package org.bouncycastle.openpgp.operator.jcajce;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
public class JcePBESecretKeyEncryptorBuilder
{
private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
private int encAlgorithm;
private PGPDigestCalculator s2kDigestCalculator;
private SecureRandom random;
private int s2kCount = 0x60;
public JcePBESecretKeyEncryptorBuilder(int encAlgorithm)
{
this(encAlgorithm, new SHA1PGPDigestCalculator());
}
/**
* Create a SecretKeyEncryptorBuilder with the S2K count different to the default of 0x60.
*
* @param encAlgorithm encryption algorithm to use.
* @param s2kCount iteration count to use for S2K function.
*/
public JcePBESecretKeyEncryptorBuilder(int encAlgorithm, int s2kCount)
{
this(encAlgorithm, new SHA1PGPDigestCalculator(), s2kCount);
}
/**
* Create a builder which will make encryptors using the passed in digest calculator. If a MD5 calculator is
* passed in the builder will assume the encryptors are for use with version 3 keys.
*
* @param encAlgorithm encryption algorithm to use.
* @param s2kDigestCalculator digest calculator to use.
*/
public JcePBESecretKeyEncryptorBuilder(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator)
{
this(encAlgorithm, s2kDigestCalculator, 0x60);
}
/**
* Create an SecretKeyEncryptorBuilder with the S2k count different to the default of 0x60, and the S2K digest
* different from SHA-1.
*
* @param encAlgorithm encryption algorithm to use.
* @param s2kDigestCalculator digest calculator to use.
* @param s2kCount iteration count to use for S2K function.
*/
public JcePBESecretKeyEncryptorBuilder(int encAlgorithm, PGPDigestCalculator s2kDigestCalculator, int s2kCount)
{
this.encAlgorithm = encAlgorithm;
this.s2kDigestCalculator = s2kDigestCalculator;
if (s2kCount < 0 || s2kCount > 0xff)
{
throw new IllegalArgumentException("s2KCount value outside of range 0 to 255.");
}
this.s2kCount = s2kCount;
}
public JcePBESecretKeyEncryptorBuilder setProvider(Provider provider)
{
this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
return this;
}
public JcePBESecretKeyEncryptorBuilder setProvider(String providerName)
{
this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
return this;
}
/**
* Provide a user defined source of randomness.
*
* @param random the secure random to be used.
* @return the current builder.
*/
public JcePBESecretKeyEncryptorBuilder setSecureRandom(SecureRandom random)
{
this.random = random;
return this;
}
public PBESecretKeyEncryptor build(char[] passPhrase)
{
if (random == null)
{
random = new SecureRandom();
}
return new PBESecretKeyEncryptor(encAlgorithm, s2kDigestCalculator, s2kCount, random, passPhrase)
{
private Cipher c;
private byte[] iv;
public byte[] encryptKeyData(byte[] key, byte[] keyData, int keyOff, int keyLen)
throws PGPException
{
try
{
c = helper.createCipher(PGPUtil.getSymmetricCipherName(this.encAlgorithm) + "/CFB/NoPadding");
c.init(Cipher.ENCRYPT_MODE, PGPUtil.makeSymmetricKey(this.encAlgorithm, key), this.random);
iv = c.getIV();
return c.doFinal(keyData, keyOff, keyLen);
}
catch (IllegalBlockSizeException e)
{
throw new PGPException("illegal block size: " + e.getMessage(), e);
}
catch (BadPaddingException e)
{
throw new PGPException("bad padding: " + e.getMessage(), e);
}
catch (InvalidKeyException e)
{
throw new PGPException("invalid key: " + e.getMessage(), e);
}
}
public byte[] encryptKeyData(byte[] key, byte[] iv, byte[] keyData, int keyOff, int keyLen)
throws PGPException
{
try
{
c = helper.createCipher(PGPUtil.getSymmetricCipherName(this.encAlgorithm) + "/CFB/NoPadding");
c.init(Cipher.ENCRYPT_MODE, PGPUtil.makeSymmetricKey(this.encAlgorithm, key), new IvParameterSpec(iv));
this.iv = iv;
return c.doFinal(keyData, keyOff, keyLen);
}
catch (IllegalBlockSizeException e)
{
throw new PGPException("illegal block size: " + e.getMessage(), e);
}
catch (BadPaddingException e)
{
throw new PGPException("bad padding: " + e.getMessage(), e);
}
catch (InvalidKeyException e)
{
throw new PGPException("invalid key: " + e.getMessage(), e);
}
catch (InvalidAlgorithmParameterException e)
{
throw new PGPException("invalid iv: " + e.getMessage(), e);
}
}
public byte[] getCipherIV()
{
return iv;
}
};
}
}
|
