mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-26 14:24:46 +02:00
8076190: Customizing the generation of a PKCS12 keystore
Reviewed-by: mullan
This commit is contained in:
Weijun Wang
parent
0b05ebed2e
commit
9136c7d1d0
19 changed files with 1782 additions and 350 deletions
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -26,9 +26,7 @@
|
|||
package com.sun.crypto.provider;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.nio.ByteBuffer;
|
||||
|
||||
import javax.crypto.MacSpi;
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
import javax.crypto.spec.PBEParameterSpec;
|
||||
|
|
@ -36,18 +34,65 @@ import java.security.*;
|
|||
import java.security.spec.*;
|
||||
|
||||
/**
|
||||
* This is an implementation of the HMAC-PBESHA1 algorithm as defined
|
||||
* in PKCS#12 v1.0 standard.
|
||||
* This is an implementation of the HMAC algorithms as defined
|
||||
* in PKCS#12 v1.1 standard (see RFC 7292 Appendix B.4).
|
||||
*
|
||||
* @author Valerie Peng
|
||||
*/
|
||||
public final class HmacPKCS12PBESHA1 extends HmacCore {
|
||||
abstract class HmacPKCS12PBECore extends HmacCore {
|
||||
|
||||
public static final class HmacPKCS12PBE_SHA1 extends HmacPKCS12PBECore {
|
||||
public HmacPKCS12PBE_SHA1() throws NoSuchAlgorithmException {
|
||||
super("SHA1", 64);
|
||||
}
|
||||
}
|
||||
|
||||
public static final class HmacPKCS12PBE_SHA224 extends HmacPKCS12PBECore {
|
||||
public HmacPKCS12PBE_SHA224() throws NoSuchAlgorithmException {
|
||||
super("SHA-224", 64);
|
||||
}
|
||||
}
|
||||
|
||||
public static final class HmacPKCS12PBE_SHA256 extends HmacPKCS12PBECore {
|
||||
public HmacPKCS12PBE_SHA256() throws NoSuchAlgorithmException {
|
||||
super("SHA-256", 64);
|
||||
}
|
||||
}
|
||||
|
||||
public static final class HmacPKCS12PBE_SHA384 extends HmacPKCS12PBECore {
|
||||
public HmacPKCS12PBE_SHA384() throws NoSuchAlgorithmException {
|
||||
super("SHA-384", 128);
|
||||
}
|
||||
}
|
||||
|
||||
public static final class HmacPKCS12PBE_SHA512 extends HmacPKCS12PBECore {
|
||||
public HmacPKCS12PBE_SHA512() throws NoSuchAlgorithmException {
|
||||
super("SHA-512", 128);
|
||||
}
|
||||
}
|
||||
|
||||
public static final class HmacPKCS12PBE_SHA512_224 extends HmacPKCS12PBECore {
|
||||
public HmacPKCS12PBE_SHA512_224() throws NoSuchAlgorithmException {
|
||||
super("SHA-512/224", 128);
|
||||
}
|
||||
}
|
||||
|
||||
public static final class HmacPKCS12PBE_SHA512_256 extends HmacPKCS12PBECore {
|
||||
public HmacPKCS12PBE_SHA512_256() throws NoSuchAlgorithmException {
|
||||
super("SHA-512/256", 128);
|
||||
}
|
||||
}
|
||||
|
||||
private final String algorithm;
|
||||
private final int bl;
|
||||
|
||||
/**
|
||||
* Standard constructor, creates a new HmacSHA1 instance.
|
||||
*/
|
||||
public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
|
||||
super("SHA1", 64);
|
||||
public HmacPKCS12PBECore(String algorithm, int bl) throws NoSuchAlgorithmException {
|
||||
super(algorithm, bl);
|
||||
this.algorithm = algorithm;
|
||||
this.bl = bl;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -132,7 +177,8 @@ public final class HmacPKCS12PBESHA1 extends HmacCore {
|
|||
("IterationCount must be a positive number");
|
||||
}
|
||||
derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
|
||||
iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
|
||||
iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY,
|
||||
algorithm, bl);
|
||||
} finally {
|
||||
Arrays.fill(passwdChars, '\0');
|
||||
}
|
||||
|
|
@ -314,41 +314,48 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
|
|||
+ "not an ASN.1 OCTET STRING tag");
|
||||
}
|
||||
iCount = pBKDF2_params.data.getInteger();
|
||||
|
||||
DerValue prf = null;
|
||||
// keyLength INTEGER (1..MAX) OPTIONAL,
|
||||
if (pBKDF2_params.data.available() > 0) {
|
||||
DerValue keyLength = pBKDF2_params.data.getDerValue();
|
||||
if (keyLength.tag == DerValue.tag_Integer) {
|
||||
keysize = keyLength.getInteger() * 8; // keysize (in bits)
|
||||
} else {
|
||||
// Should be the prf
|
||||
prf = keyLength;
|
||||
}
|
||||
}
|
||||
// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
|
||||
String kdfAlgo = "HmacSHA1";
|
||||
if (pBKDF2_params.data.available() > 0) {
|
||||
if (pBKDF2_params.tag == DerValue.tag_Sequence) {
|
||||
DerValue prf = pBKDF2_params.data.getDerValue();
|
||||
kdfAlgo_OID = prf.data.getOID();
|
||||
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA1";
|
||||
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA224";
|
||||
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA256";
|
||||
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA384";
|
||||
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA512";
|
||||
} else {
|
||||
if (prf == null) {
|
||||
if (pBKDF2_params.data.available() > 0) {
|
||||
prf = pBKDF2_params.data.getDerValue();
|
||||
}
|
||||
}
|
||||
if (prf != null) {
|
||||
kdfAlgo_OID = prf.data.getOID();
|
||||
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA1";
|
||||
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA224";
|
||||
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA256";
|
||||
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA384";
|
||||
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
|
||||
kdfAlgo = "HmacSHA512";
|
||||
} else {
|
||||
throw new IOException("PBE parameter parsing error: "
|
||||
+ "expecting the object identifier for a HmacSHA key "
|
||||
+ "derivation function");
|
||||
}
|
||||
if (prf.data.available() != 0) {
|
||||
// parameter is 'NULL' for all HmacSHA KDFs
|
||||
DerValue parameter = prf.data.getDerValue();
|
||||
if (parameter.tag != DerValue.tag_Null) {
|
||||
throw new IOException("PBE parameter parsing error: "
|
||||
+ "expecting the object identifier for a HmacSHA key "
|
||||
+ "derivation function");
|
||||
}
|
||||
if (prf.data.available() != 0) {
|
||||
// parameter is 'NULL' for all HmacSHA KDFs
|
||||
DerValue parameter = prf.data.getDerValue();
|
||||
if (parameter.tag != DerValue.tag_Null) {
|
||||
throw new IOException("PBE parameter parsing error: "
|
||||
+ "not an ASN.1 NULL tag");
|
||||
}
|
||||
+ "not an ASN.1 NULL tag");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -684,8 +684,29 @@ public final class SunJCE extends Provider {
|
|||
ps("Mac", "HmacSHA512/256",
|
||||
"com.sun.crypto.provider.HmacCore$HmacSHA512_256",
|
||||
null, attrs);
|
||||
ps("Mac", "HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBESHA1",
|
||||
ps("Mac", "HmacPBESHA1",
|
||||
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
|
||||
null, attrs);
|
||||
ps("Mac", "HmacPBESHA224",
|
||||
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
|
||||
null, attrs);
|
||||
ps("Mac", "HmacPBESHA256",
|
||||
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
|
||||
null, attrs);
|
||||
ps("Mac", "HmacPBESHA384",
|
||||
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
|
||||
null, attrs);
|
||||
ps("Mac", "HmacPBESHA512",
|
||||
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
|
||||
null, attrs);
|
||||
ps("Mac", "HmacPBESHA512/224",
|
||||
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
|
||||
null, attrs);
|
||||
ps("Mac", "HmacPBESHA512/256",
|
||||
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
|
||||
null, attrs);
|
||||
|
||||
|
||||
// PBMAC1
|
||||
ps("Mac", "PBEWithHmacSHA1",
|
||||
"com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue