PageRenderTime 46ms CodeModel.GetById 20ms RepoModel.GetById 1ms app.codeStats 0ms

/projects/azureus-4.7.0.2/org/bouncycastle/openssl/PEMUtilities.java

https://gitlab.com/essere.lab.public/qualitas.class-corpus
Java | 185 lines | 163 code | 15 blank | 7 comment | 27 complexity | cc7efb74ed55347e229bed884d94d7a4 MD5 | raw file
  1. package org.bouncycastle.openssl;
  2. import org.bouncycastle.crypto.PBEParametersGenerator;
  3. import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
  4. import org.bouncycastle.crypto.params.KeyParameter;
  5. import javax.crypto.Cipher;
  6. import javax.crypto.SecretKey;
  7. import javax.crypto.spec.IvParameterSpec;
  8. import javax.crypto.spec.RC2ParameterSpec;
  9. import java.io.IOException;
  10. import java.security.Key;
  11. import java.security.spec.AlgorithmParameterSpec;
  12. final class PEMUtilities
  13. {
  14. static byte[] crypt(
  15. boolean encrypt,
  16. String provider,
  17. byte[] bytes,
  18. char[] password,
  19. String dekAlgName,
  20. byte[] iv)
  21. throws IOException
  22. {
  23. AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
  24. String alg;
  25. String blockMode = "CBC";
  26. String padding = "PKCS5Padding";
  27. Key sKey;
  28. // Figure out block mode and padding.
  29. if (dekAlgName.endsWith("-CFB"))
  30. {
  31. blockMode = "CFB";
  32. padding = "NoPadding";
  33. }
  34. if (dekAlgName.endsWith("-ECB") ||
  35. "DES-EDE".equals(dekAlgName) ||
  36. "DES-EDE3".equals(dekAlgName))
  37. {
  38. // ECB is actually the default (though seldom used) when OpenSSL
  39. // uses DES-EDE (des2) or DES-EDE3 (des3).
  40. blockMode = "ECB";
  41. paramSpec = null;
  42. }
  43. if (dekAlgName.endsWith("-OFB"))
  44. {
  45. blockMode = "OFB";
  46. padding = "NoPadding";
  47. }
  48. // Figure out algorithm and key size.
  49. if (dekAlgName.startsWith("DES-EDE"))
  50. {
  51. alg = "DESede";
  52. // "DES-EDE" is actually des2 in OpenSSL-speak!
  53. // "DES-EDE3" is des3.
  54. boolean des2 = !dekAlgName.startsWith("DES-EDE3");
  55. sKey = getKey(password, alg, 24, iv, des2);
  56. }
  57. else if (dekAlgName.startsWith("DES-"))
  58. {
  59. alg = "DES";
  60. sKey = getKey(password, alg, 8, iv);
  61. }
  62. else if (dekAlgName.startsWith("BF-"))
  63. {
  64. alg = "Blowfish";
  65. sKey = getKey(password, alg, 16, iv);
  66. }
  67. else if (dekAlgName.startsWith("RC2-"))
  68. {
  69. alg = "RC2";
  70. int keyBits = 128;
  71. if (dekAlgName.startsWith("RC2-40-"))
  72. {
  73. keyBits = 40;
  74. }
  75. else if (dekAlgName.startsWith("RC2-64-"))
  76. {
  77. keyBits = 64;
  78. }
  79. sKey = getKey(password, alg, keyBits / 8, iv);
  80. if (paramSpec == null) // ECB block mode
  81. {
  82. paramSpec = new RC2ParameterSpec(keyBits);
  83. }
  84. else
  85. {
  86. paramSpec = new RC2ParameterSpec(keyBits, iv);
  87. }
  88. }
  89. else if (dekAlgName.startsWith("AES-"))
  90. {
  91. alg = "AES";
  92. byte[] salt = iv;
  93. if (salt.length > 8)
  94. {
  95. salt = new byte[8];
  96. System.arraycopy(iv, 0, salt, 0, 8);
  97. }
  98. int keyBits;
  99. if (dekAlgName.startsWith("AES-128-"))
  100. {
  101. keyBits = 128;
  102. }
  103. else if (dekAlgName.startsWith("AES-192-"))
  104. {
  105. keyBits = 192;
  106. }
  107. else if (dekAlgName.startsWith("AES-256-"))
  108. {
  109. keyBits = 256;
  110. }
  111. else
  112. {
  113. throw new IOException("unknown AES encryption with private key");
  114. }
  115. sKey = getKey(password, "AES", keyBits / 8, salt);
  116. }
  117. else
  118. {
  119. throw new IOException("unknown encryption with private key");
  120. }
  121. String transformation = alg + "/" + blockMode + "/" + padding;
  122. try
  123. {
  124. Cipher c = Cipher.getInstance(transformation, provider);
  125. int mode = encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
  126. if (paramSpec == null) // ECB block mode
  127. {
  128. c.init(mode, sKey);
  129. }
  130. else
  131. {
  132. c.init(mode, sKey, paramSpec);
  133. }
  134. return c.doFinal(bytes);
  135. }
  136. catch (Exception e)
  137. {
  138. throw new IOException("exception using cipher: " + e.toString());
  139. }
  140. }
  141. private static SecretKey getKey(
  142. char[] password,
  143. String algorithm,
  144. int keyLength,
  145. byte[] salt)
  146. throws IOException
  147. {
  148. return getKey(password, algorithm, keyLength, salt, false);
  149. }
  150. private static SecretKey getKey(
  151. char[] password,
  152. String algorithm,
  153. int keyLength,
  154. byte[] salt,
  155. boolean des2)
  156. throws IOException
  157. {
  158. OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator();
  159. pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt);
  160. KeyParameter keyParam;
  161. keyParam = (KeyParameter) pGen.generateDerivedParameters(keyLength * 8);
  162. byte[] key = keyParam.getKey();
  163. if (des2 && key.length >= 24)
  164. {
  165. // For DES2, we must copy first 8 bytes into the last 8 bytes.
  166. System.arraycopy(key, 0, key, 16, 8);
  167. }
  168. return new javax.crypto.spec.SecretKeySpec(key, algorithm);
  169. }
  170. }