1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
package org.bouncycastle.cms;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.cms.PasswordRecipientInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.util.Integers;
/**
* the RecipientInfo class for a recipient who has been sent a message
* encrypted using a password.
*/
public class PasswordRecipientInformation
extends RecipientInformation
{
static Map KEYSIZES = new HashMap();
static Map BLOCKSIZES = new HashMap();
static
{
BLOCKSIZES.put(CMSAlgorithm.DES_EDE3_CBC, Integers.valueOf(8));
BLOCKSIZES.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(16));
BLOCKSIZES.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(16));
BLOCKSIZES.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(16));
KEYSIZES.put(CMSAlgorithm.DES_EDE3_CBC, Integers.valueOf(192));
KEYSIZES.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(128));
KEYSIZES.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(192));
KEYSIZES.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(256));
}
private PasswordRecipientInfo info;
PasswordRecipientInformation(
PasswordRecipientInfo info,
AlgorithmIdentifier messageAlgorithm,
CMSSecureReadable secureReadable,
AuthAttributesProvider additionalData)
{
super(info.getKeyEncryptionAlgorithm(), messageAlgorithm, secureReadable, additionalData);
this.info = info;
this.rid = new PasswordRecipientId();
}
/**
* return the object identifier for the key derivation algorithm, or null
* if there is none present.
*
* @return OID for key derivation algorithm, if present.
*/
public String getKeyDerivationAlgOID()
{
if (info.getKeyDerivationAlgorithm() != null)
{
return info.getKeyDerivationAlgorithm().getAlgorithm().getId();
}
return null;
}
/**
* return the ASN.1 encoded key derivation algorithm parameters, or null if
* there aren't any.
* @return ASN.1 encoding of key derivation algorithm parameters.
*/
public byte[] getKeyDerivationAlgParams()
{
try
{
if (info.getKeyDerivationAlgorithm() != null)
{
ASN1Encodable params = info.getKeyDerivationAlgorithm().getParameters();
if (params != null)
{
return params.toASN1Primitive().getEncoded();
}
}
return null;
}
catch (Exception e)
{
throw new RuntimeException("exception getting encryption parameters " + e);
}
}
/**
* Return the key derivation algorithm details for the key in this recipient.
*
* @return AlgorithmIdentifier representing the key derivation algorithm.
*/
public AlgorithmIdentifier getKeyDerivationAlgorithm()
{
return info.getKeyDerivationAlgorithm();
}
protected RecipientOperator getRecipientOperator(Recipient recipient)
throws CMSException, IOException
{
PasswordRecipient pbeRecipient = (PasswordRecipient)recipient;
AlgorithmIdentifier kekAlg = AlgorithmIdentifier.getInstance(info.getKeyEncryptionAlgorithm());
AlgorithmIdentifier kekAlgParams = AlgorithmIdentifier.getInstance(kekAlg.getParameters());
byte[] passwordBytes = CMSUtils.getPasswordBytes(pbeRecipient.getPasswordConversionScheme(), pbeRecipient.getPassword());
int keySize = ((Integer)KEYSIZES.get(kekAlgParams.getAlgorithm())).intValue();
byte[] derivedKey = pbeRecipient.calculateDerivedKey(passwordBytes, this.getKeyDerivationAlgorithm(), keySize);
return pbeRecipient.getRecipientOperator(kekAlgParams, messageAlgorithm, derivedKey, info.getEncryptedKey().getOctets());
}
}
|
