com.unbound.client.CipherMode Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.client;
import com.dyadicsec.cryptoki.CK;
import com.unbound.common.crypto.CryptoRandom;
import com.unbound.kmip.KMIP;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import java.security.InvalidAlgorithmParameterException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
public final class CipherMode
{
private final String name;
private final boolean blockCipher;
private final Integer kmipBlockCipherMode;
private final Integer kmipPadding;
private final int pkcs11Mech;
private final int pkcs113DesMech;
private final int pkcs11PadMech;
private final int pkcs113DesPadMech;
public String getName() { return name; }
public Integer getKmipBlockCipherMode() { return kmipBlockCipherMode; }
public Integer getKmipPadding(boolean padding)
{
if (this==CBC && !padding) return null;
return kmipPadding;
}
public boolean isBlockCipher() { return blockCipher; }
private CipherMode(String name, boolean blockCipher, Integer kmipBlockCipherMode, Integer kmipPadding, int pkcs11Mech, int pkcs113DesMech, int pkcs11PadMech, int pkcs113DesPadMech)
{
this.name = name;
this.blockCipher = blockCipher;
this.kmipBlockCipherMode = kmipBlockCipherMode;
this.kmipPadding = kmipPadding;
this.pkcs11Mech = pkcs11Mech;
this.pkcs113DesMech = pkcs113DesMech;
this.pkcs11PadMech = pkcs11PadMech;
this.pkcs113DesPadMech = pkcs113DesPadMech;
}
public int getPkcs11Mech(ObjectType type, boolean padding)
{
if (type== ObjectType.DES3) return padding ? pkcs113DesPadMech : pkcs113DesMech;
return padding ? pkcs11PadMech : pkcs11Mech;
}
public static CipherMode GCM = new CipherMode("GCM", true, KMIP.BlockCipherMode.GCM, null, CK.CKM_AES_GCM, -1, -1, -1);
public static CipherMode ECB = new CipherMode("ECB", true, KMIP.BlockCipherMode.ECB, null, CK.CKM_AES_ECB, CK.CKM_DES3_ECB, -1, -1);
public static CipherMode CBC = new CipherMode("CBC", true, KMIP.BlockCipherMode.CBC, KMIP.PaddingMethod.PKCS5, CK.CKM_AES_CBC, CK.CKM_DES3_CBC, CK.CKM_AES_CBC_PAD, CK.CKM_DES3_CBC_PAD);
public static CipherMode CTR = new CipherMode("CTR", true, KMIP.BlockCipherMode.CTR, null, CK.CKM_AES_CTR, -1, -1, -1);
public static CipherMode OFB = new CipherMode("OFB", true, KMIP.BlockCipherMode.OFB, null, CK.CKM_AES_OFB, CK.CKM_DES_OFB64, -1, -1);
public static CipherMode CFB = new CipherMode("CFB", true, KMIP.BlockCipherMode.CFB, null, CK.CKM_AES_CFB128, CK.CKM_DES_CFB64, -1, -1);
public static CipherMode SIV = new CipherMode("AESSIV", true, KMIP.BlockCipherMode.SIV, null, CK.DYCKK_AES_SIV, -1, -1, -1);
public static CipherMode XTS = new CipherMode("AESXTS", true, KMIP.BlockCipherMode.XTS, null, CK.DYCKK_AES_XTS, -1, -1, -1);
public static CipherMode RSA_RAW = new CipherMode("RSA_RAW", false, null, KMIP.PaddingMethod.None, CK.CKM_RSA_X_509, -1, -1, -1);
public static CipherMode RSA_PKCS1 = new CipherMode("RSA_PKCS1", false, null, KMIP.PaddingMethod.PKCS1_V1_5, CK.CKM_RSA_PKCS, -1, -1, -1);
public static CipherMode RSA_OAEP = new CipherMode("RSA_OAEP", false, null, KMIP.PaddingMethod.OAEP, CK.CKM_RSA_PKCS_OAEP, -1, -1, -1);
public static CipherMode SPE = new CipherMode("SPE", false, null, null, CK.DYCKM_SPE, -1, -1, -1);
public static CipherMode FPE = new CipherMode("FPE", false, null, null, CK.DYCKM_FPE, -1, -1, -1);
public static CipherMode OPE = new CipherMode("OPE", false, null, null, CK.DYCKM_OPE, -1, -1, -1);
private static CipherMode[] list = new CipherMode[]
{
GCM, ECB, CBC, CTR, OFB, CFB, SPE, FPE, OPE
};
public static CipherMode getByName(String name)
{
for (CipherMode mode: list)
{
if (mode.name.equalsIgnoreCase(name)) return mode;
}
throw new ProviderException("Block cipher mode not supported");
}
public void setParams(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
oper.iv = null;
if (this==GCM) setParams_GCM(oper, spec);
else if (this==ECB) setParams_ECB(spec);
else if (this==CBC) setParams_CBC(oper, spec);
else if (this==CTR) setParams_CTR(oper, spec);
else if (this==OFB) setParams_OFB(oper, spec);
else if (this==CFB) setParams_CFB(oper, spec);
else if (this==SIV) setParams_SIV(spec);
else if (this==XTS) setParams_XTS(oper, spec);
else if (this==RSA_RAW) setParams_RSA_RAW(spec);
else if (this==RSA_PKCS1) setParams_RSA_PKCS1(spec);
else if (this==RSA_OAEP) setParams_RSA_OAEP(oper, spec);
else throw new ProviderException("Unsupported cipher mode");
}
private static void unsupportedParameter() throws InvalidAlgorithmParameterException
{
throw new InvalidAlgorithmParameterException("This cipher mode does not support additional parameter");
}
private static void unsupportedParameterType() throws InvalidAlgorithmParameterException
{
throw new InvalidAlgorithmParameterException("This parameter is not supported by the cipher");
}
private static void invalidIvSize() throws InvalidAlgorithmParameterException
{
throw new InvalidAlgorithmParameterException("Invalid IV size");
}
private static void checkIv(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
if (spec==null)
{
if (oper.encMode) return;
throw new InvalidAlgorithmParameterException("IV is missing");
}
if (!(spec instanceof IvParameterSpec)) unsupportedParameterType();
oper.iv = ((IvParameterSpec)spec).getIV();
}
private static void setParams_ECB(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
if (spec!=null) unsupportedParameter();
}
private static void setParams_CBC(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
checkIv(oper, spec);
int blockSize = oper.keyObject.getType().getBlockSize();
if (oper.iv==null) oper.iv = CryptoRandom.generate(blockSize);
if (oper.iv.length!=blockSize) invalidIvSize();
}
private static void setParams_OFB(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
checkIv(oper, spec);
int blockSize = oper.keyObject.getType().getBlockSize();
if (oper.iv==null) oper.iv = CryptoRandom.generate(blockSize);
if (oper.iv.length!=blockSize) invalidIvSize();
}
private static void setParams_CFB(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
checkIv(oper, spec);
int blockSize = oper.keyObject.getType().getBlockSize();
if (oper.iv==null) oper.iv = CryptoRandom.generate(blockSize);
if (oper.iv.length!=blockSize) invalidIvSize();
}
private static void setParams_SIV(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
if (spec!=null) unsupportedParameter();
}
private static void setParams_XTS(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
checkIv(oper, spec);
if (oper.iv==null) oper.iv = CryptoRandom.generate(16);
if (oper.iv.length!=16) invalidIvSize();
}
private static void setParams_CTR(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
checkIv(oper, spec);
if (oper.iv==null) oper.iv = CryptoRandom.generate(16);
if (oper.iv.length!=16) invalidIvSize();
}
private static void setParams_GCM(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
oper.tagLen = 12;
if (spec==null)
{
if (!oper.encMode) throw new InvalidAlgorithmParameterException("GCM parameter is missing");
oper.iv = CryptoRandom.generate(12);
return;
}
if (!(spec instanceof GCMParameterSpec)) unsupportedParameterType();
GCMParameterSpec gcm = (GCMParameterSpec)spec;
oper.iv = gcm.getIV();
if (oper.iv.length!=12) invalidIvSize();
int tagBits = gcm.getTLen();
if (tagBits<8 || tagBits>128 || (tagBits % 8)!=0) throw new InvalidAlgorithmParameterException("Unsupported tag length");
oper.tagLen = tagBits / 8;
}
private static void setParams_RSA_RAW(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
if (spec!=null) unsupportedParameter();
}
private static void setParams_RSA_PKCS1(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
if (spec!=null) unsupportedParameter();
}
private static void setParams_RSA_OAEP(CipherOper oper, AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException
{
if (spec==null) return;
if (!(spec instanceof OAEPParameterSpec)) unsupportedParameterType();
OAEPParameterSpec oaep = (OAEPParameterSpec)spec;
oper.hashType = HashType.getFromName(oaep.getDigestAlgorithm());
String mgfAlgName = oaep.getMGFAlgorithm();
if (!mgfAlgName.toUpperCase().equals("MGF1")) throw new InvalidAlgorithmParameterException("Unsupported MGF algorithm: " + mgfAlgName);
AlgorithmParameterSpec mgfParam = oaep.getMGFParameters();
if (mgfParam instanceof MGF1ParameterSpec)
{
String mgfHashName = ((MGF1ParameterSpec)mgfParam).getDigestAlgorithm();
oper.mgfHashType = HashType.getFromName(mgfHashName);
}
else throw new InvalidAlgorithmParameterException("Unsupported MGF hash");
PSource s = oaep.getPSource();
if (s.getAlgorithm().equals("PSpecified")) oper.oaepLabel = ((PSource.PSpecified) s).getValue();
else throw new InvalidAlgorithmParameterException("Unsupported pSource " + s.getAlgorithm() + "; PSpecified only");
}
}