mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-26 14:24:46 +02:00
428 lines
16 KiB
Java
428 lines
16 KiB
Java
/*
|
|
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation. Oracle designates this
|
|
* particular file as subject to the "Classpath" exception as provided
|
|
* by Oracle in the LICENSE file that accompanied this code.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
package com.sun.crypto.provider;
|
|
|
|
import java.security.*;
|
|
import java.security.spec.*;
|
|
import javax.crypto.*;
|
|
import javax.crypto.spec.*;
|
|
|
|
/**
|
|
* This class represents password-based encryption as defined by the PKCS #5
|
|
* standard.
|
|
* The particular algorithm implemented is pbeWithMD5AndDES-CBC.
|
|
* Padding is done as described in PKCS #5.
|
|
*
|
|
* @author Jan Luehe
|
|
*
|
|
*
|
|
* @see javax.crypto.Cipher
|
|
*/
|
|
public final class PBEWithMD5AndDESCipher extends CipherSpi {
|
|
|
|
// the encapsulated DES cipher
|
|
private PBES1Core core;
|
|
|
|
/**
|
|
* Creates an instance of this cipher, and initializes its mode (CBC) and
|
|
* padding (PKCS5).
|
|
*
|
|
* @exception NoSuchAlgorithmException if the required cipher mode (CBC) is
|
|
* unavailable
|
|
* @exception NoSuchPaddingException if the required padding mechanism
|
|
* (PKCS5Padding) is unavailable
|
|
*/
|
|
public PBEWithMD5AndDESCipher()
|
|
throws NoSuchAlgorithmException, NoSuchPaddingException {
|
|
core = new PBES1Core("DES");
|
|
}
|
|
|
|
/**
|
|
* Sets the mode of this cipher. This algorithm can only be run in CBC
|
|
* mode.
|
|
*
|
|
* @param mode the cipher mode
|
|
*
|
|
* @exception NoSuchAlgorithmException if the requested cipher mode is
|
|
* invalid
|
|
*/
|
|
protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
|
|
if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
|
|
throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Sets the padding mechanism of this cipher. This algorithm only uses
|
|
* PKCS #5 padding.
|
|
*
|
|
* @param paddingScheme the padding mechanism
|
|
*
|
|
* @exception NoSuchPaddingException if the requested padding mechanism
|
|
* is invalid
|
|
*/
|
|
protected void engineSetPadding(String paddingScheme)
|
|
throws NoSuchPaddingException
|
|
{
|
|
if ((paddingScheme != null) &&
|
|
(!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
|
|
throw new NoSuchPaddingException("Invalid padding scheme: " +
|
|
paddingScheme);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the block size (in bytes).
|
|
*
|
|
* @return the block size (in bytes)
|
|
*/
|
|
protected int engineGetBlockSize() {
|
|
return core.getBlockSize();
|
|
}
|
|
|
|
/**
|
|
* Returns the length in bytes that an output buffer would need to be in
|
|
* order to hold the result of the next <code>update</code> or
|
|
* <code>doFinal</code> operation, given the input length
|
|
* <code>inputLen</code> (in bytes).
|
|
*
|
|
* <p>This call takes into account any unprocessed (buffered) data from a
|
|
* previous <code>update</code> call, and padding.
|
|
*
|
|
* <p>The actual output length of the next <code>update</code> or
|
|
* <code>doFinal</code> call may be smaller than the length returned by
|
|
* this method.
|
|
*
|
|
* @param inputLen the input length (in bytes)
|
|
*
|
|
* @return the required output buffer size (in bytes)
|
|
*
|
|
*/
|
|
protected int engineGetOutputSize(int inputLen) {
|
|
return core.getOutputSize(inputLen);
|
|
}
|
|
|
|
/**
|
|
* Returns the initialization vector (IV) in a new buffer.
|
|
*
|
|
* <p> This is useful in the case where a random IV has been created
|
|
* (see <a href = "#init">init</a>),
|
|
* or in the context of password-based encryption or
|
|
* decryption, where the IV is derived from a user-supplied password.
|
|
*
|
|
* @return the initialization vector in a new buffer, or null if the
|
|
* underlying algorithm does not use an IV, or if the IV has not yet
|
|
* been set.
|
|
*/
|
|
protected byte[] engineGetIV() {
|
|
return core.getIV();
|
|
}
|
|
|
|
/**
|
|
* Returns the parameters used with this cipher.
|
|
*
|
|
* <p>The returned parameters may be the same that were used to initialize
|
|
* this cipher, or may contain the default set of parameters or a set of
|
|
* randomly generated parameters used by the underlying cipher
|
|
* implementation (provided that the underlying cipher implementation
|
|
* uses a default set of parameters or creates new parameters if it needs
|
|
* parameters but was not initialized with any).
|
|
*
|
|
* @return the parameters used with this cipher, or null if this cipher
|
|
* does not use any parameters.
|
|
*/
|
|
protected AlgorithmParameters engineGetParameters() {
|
|
return core.getParameters();
|
|
}
|
|
|
|
/**
|
|
* Initializes this cipher with a key and a source
|
|
* of randomness.
|
|
* The cipher is initialized for one of the following four operations:
|
|
* encryption, decryption, key wrapping or key unwrapping, depending on
|
|
* the value of <code>opmode</code>.
|
|
*
|
|
* <p>If this cipher (including its underlying feedback or padding scheme)
|
|
* requires any random bytes, it will get them from <code>random</code>.
|
|
*
|
|
* @param opmode the operation mode of this cipher (this is one of
|
|
* the following:
|
|
* <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>),
|
|
* <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
|
|
* @param key the encryption key
|
|
* @param random the source of randomness
|
|
*
|
|
* @exception InvalidKeyException if the given key is inappropriate for
|
|
* initializing this cipher
|
|
*/
|
|
protected void engineInit(int opmode, Key key, SecureRandom random)
|
|
throws InvalidKeyException {
|
|
try {
|
|
engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
|
|
} catch (InvalidAlgorithmParameterException ie) {
|
|
InvalidKeyException ike =
|
|
new InvalidKeyException("requires PBE parameters");
|
|
ike.initCause(ie);
|
|
throw ike;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Initializes this cipher with a key, a set of
|
|
* algorithm parameters, and a source of randomness.
|
|
* The cipher is initialized for one of the following four operations:
|
|
* encryption, decryption, key wrapping or key unwrapping, depending on
|
|
* the value of <code>opmode</code>.
|
|
*
|
|
* <p>If this cipher (including its underlying feedback or padding scheme)
|
|
* requires any random bytes, it will get them from <code>random</code>.
|
|
*
|
|
* @param opmode the operation mode of this cipher (this is one of
|
|
* the following:
|
|
* <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>),
|
|
* <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
|
|
* @param key the encryption key
|
|
* @param params the algorithm parameters
|
|
* @param random the source of randomness
|
|
*
|
|
* @exception InvalidKeyException if the given key is inappropriate for
|
|
* initializing this cipher
|
|
* @exception InvalidAlgorithmParameterException if the given algorithm
|
|
* parameters are inappropriate for this cipher
|
|
*/
|
|
protected void engineInit(int opmode, Key key,
|
|
AlgorithmParameterSpec params,
|
|
SecureRandom random)
|
|
throws InvalidKeyException, InvalidAlgorithmParameterException {
|
|
core.init(opmode, key, params, random);
|
|
}
|
|
|
|
protected void engineInit(int opmode, Key key,
|
|
AlgorithmParameters params,
|
|
SecureRandom random)
|
|
throws InvalidKeyException, InvalidAlgorithmParameterException {
|
|
core.init(opmode, key, params, random);
|
|
}
|
|
|
|
/**
|
|
* Continues a multiple-part encryption or decryption operation
|
|
* (depending on how this cipher was initialized), processing another data
|
|
* part.
|
|
*
|
|
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
|
|
* buffer, starting at <code>inputOffset</code>, are processed, and the
|
|
* result is stored in a new buffer.
|
|
*
|
|
* @param input the input buffer
|
|
* @param inputOffset the offset in <code>input</code> where the input
|
|
* starts
|
|
* @param inputLen the input length
|
|
*
|
|
* @return the new buffer with the result
|
|
*
|
|
*/
|
|
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
|
|
{
|
|
return core.update(input, inputOffset, inputLen);
|
|
}
|
|
|
|
/**
|
|
* Continues a multiple-part encryption or decryption operation
|
|
* (depending on how this cipher was initialized), processing another data
|
|
* part.
|
|
*
|
|
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
|
|
* buffer, starting at <code>inputOffset</code>, are processed, and the
|
|
* result is stored in the <code>output</code> buffer, starting at
|
|
* <code>outputOffset</code>.
|
|
*
|
|
* @param input the input buffer
|
|
* @param inputOffset the offset in <code>input</code> where the input
|
|
* starts
|
|
* @param inputLen the input length
|
|
* @param output the buffer for the result
|
|
* @param outputOffset the offset in <code>output</code> where the result
|
|
* is stored
|
|
*
|
|
* @return the number of bytes stored in <code>output</code>
|
|
*
|
|
* @exception ShortBufferException if the given output buffer is too small
|
|
* to hold the result
|
|
*/
|
|
protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
|
|
byte[] output, int outputOffset)
|
|
throws ShortBufferException
|
|
{
|
|
return core.update(input, inputOffset, inputLen,
|
|
output, outputOffset);
|
|
}
|
|
|
|
/**
|
|
* Encrypts or decrypts data in a single-part operation,
|
|
* or finishes a multiple-part operation.
|
|
* The data is encrypted or decrypted, depending on how this cipher was
|
|
* initialized.
|
|
*
|
|
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
|
|
* buffer, starting at <code>inputOffset</code>, and any input bytes that
|
|
* may have been buffered during a previous <code>update</code> operation,
|
|
* are processed, with padding (if requested) being applied.
|
|
* The result is stored in a new buffer.
|
|
*
|
|
* <p>The cipher is reset to its initial state (uninitialized) after this
|
|
* call.
|
|
*
|
|
* @param input the input buffer
|
|
* @param inputOffset the offset in <code>input</code> where the input
|
|
* starts
|
|
* @param inputLen the input length
|
|
*
|
|
* @return the new buffer with the result
|
|
*
|
|
* @exception IllegalBlockSizeException if this cipher is a block cipher,
|
|
* no padding has been requested (only in encryption mode), and the total
|
|
* input length of the data processed by this cipher is not a multiple of
|
|
* block size
|
|
* @exception BadPaddingException if decrypting and padding is chosen,
|
|
* but the last input data does not have proper padding bytes.
|
|
*/
|
|
protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
|
|
throws IllegalBlockSizeException, BadPaddingException
|
|
{
|
|
return core.doFinal(input, inputOffset, inputLen);
|
|
}
|
|
|
|
/**
|
|
* Encrypts or decrypts data in a single-part operation,
|
|
* or finishes a multiple-part operation.
|
|
* The data is encrypted or decrypted, depending on how this cipher was
|
|
* initialized.
|
|
*
|
|
* <p>The first <code>inputLen</code> bytes in the <code>input</code>
|
|
* buffer, starting at <code>inputOffset</code>, and any input bytes that
|
|
* may have been buffered during a previous <code>update</code> operation,
|
|
* are processed, with padding (if requested) being applied.
|
|
* The result is stored in the <code>output</code> buffer, starting at
|
|
* <code>outputOffset</code>.
|
|
*
|
|
* <p>The cipher is reset to its initial state (uninitialized) after this
|
|
* call.
|
|
*
|
|
* @param input the input buffer
|
|
* @param inputOffset the offset in <code>input</code> where the input
|
|
* starts
|
|
* @param inputLen the input length
|
|
* @param output the buffer for the result
|
|
* @param outputOffset the offset in <code>output</code> where the result
|
|
* is stored
|
|
*
|
|
* @return the number of bytes stored in <code>output</code>
|
|
*
|
|
* @exception IllegalBlockSizeException if this cipher is a block cipher,
|
|
* no padding has been requested (only in encryption mode), and the total
|
|
* input length of the data processed by this cipher is not a multiple of
|
|
* block size
|
|
* @exception ShortBufferException if the given output buffer is too small
|
|
* to hold the result
|
|
* @exception BadPaddingException if decrypting and padding is chosen,
|
|
* but the last input data does not have proper padding bytes.
|
|
*/
|
|
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
|
|
byte[] output, int outputOffset)
|
|
throws ShortBufferException, IllegalBlockSizeException,
|
|
BadPaddingException
|
|
{
|
|
return core.doFinal(input, inputOffset, inputLen,
|
|
output, outputOffset);
|
|
}
|
|
|
|
/**
|
|
* Returns the key size of the given key object.
|
|
*
|
|
* @param key the key object.
|
|
*
|
|
* @return the key size of the given key object.
|
|
*
|
|
* @exception InvalidKeyException if <code>key</code> is invalid.
|
|
*/
|
|
protected int engineGetKeySize(Key key) throws InvalidKeyException {
|
|
// Always returns 56 since the encryption key
|
|
// is a DES key.
|
|
return 56;
|
|
}
|
|
|
|
/**
|
|
* Wrap a key.
|
|
*
|
|
* @param key the key to be wrapped.
|
|
*
|
|
* @return the wrapped key.
|
|
*
|
|
* @exception IllegalBlockSizeException if this cipher is a block
|
|
* cipher, no padding has been requested, and the length of the
|
|
* encoding of the key to be wrapped is not a
|
|
* multiple of the block size.
|
|
*
|
|
* @exception InvalidKeyException if it is impossible or unsafe to
|
|
* wrap the key with this cipher (e.g., a hardware protected key is
|
|
* being passed to a software only cipher).
|
|
*/
|
|
protected byte[] engineWrap(Key key)
|
|
throws IllegalBlockSizeException, InvalidKeyException {
|
|
return core.wrap(key);
|
|
}
|
|
|
|
/**
|
|
* Unwrap a previously wrapped key.
|
|
*
|
|
* @param wrappedKey the key to be unwrapped.
|
|
*
|
|
* @param wrappedKeyAlgorithm the algorithm the wrapped key is for.
|
|
*
|
|
* @param wrappedKeyType the type of the wrapped key.
|
|
* This is one of <code>Cipher.SECRET_KEY</code>,
|
|
* <code>Cipher.PRIVATE_KEY</code>, or <code>Cipher.PUBLIC_KEY</code>.
|
|
*
|
|
* @return the unwrapped key.
|
|
*
|
|
* @exception NoSuchAlgorithmException if no installed providers
|
|
* can create keys of type <code>wrappedKeyType</code> for the
|
|
* <code>wrappedKeyAlgorithm</code>.
|
|
*
|
|
* @exception InvalidKeyException if <code>wrappedKey</code> does not
|
|
* represent a wrapped key of type <code>wrappedKeyType</code> for
|
|
* the <code>wrappedKeyAlgorithm</code>.
|
|
*/
|
|
protected Key engineUnwrap(byte[] wrappedKey,
|
|
String wrappedKeyAlgorithm,
|
|
int wrappedKeyType)
|
|
throws InvalidKeyException, NoSuchAlgorithmException {
|
|
byte[] encodedKey;
|
|
|
|
return core.unwrap(wrappedKey, wrappedKeyAlgorithm,
|
|
wrappedKeyType);
|
|
}
|
|
}
|