org.bouncycastle.crypto.general.OpenSSLPBEParametersGenerator Maven / Gradle / Ivy
Show all versions of bc-fips-debug Show documentation
package org.bouncycastle.crypto.general;
import org.bouncycastle.crypto.Parameters;
import org.bouncycastle.crypto.internal.CipherParameters;
import org.bouncycastle.crypto.internal.Digest;
import org.bouncycastle.crypto.internal.PBEParametersGenerator;
import org.bouncycastle.crypto.internal.params.KeyParameterImpl;
import org.bouncycastle.crypto.internal.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
/**
* Generator for PBE derived keys and ivs as usd by OpenSSL.
*
* The scheme is a simple extension of PKCS 5 V2.0 Scheme 1 using MD5 with an
* iteration count of 1.
*
*/
class OpenSSLPBEParametersGenerator
extends PBEParametersGenerator
{
private Digest digest = new MD5Digest();
/**
* Construct a OpenSSL Parameters generator.
*/
public OpenSSLPBEParametersGenerator(T parameters)
{
super(parameters);
}
/**
* Initialise - note the iteration count for this algorithm is fixed at 1.
*
* @param password password to use.
* @param salt salt to use.
*/
public void init(
byte[] password,
byte[] salt)
{
super.init(password, salt, 1);
}
/**
* the derived key function, the ith hash of the password and the salt.
*/
private byte[] generateDerivedKey(
int bytesNeeded)
{
byte[] buf = new byte[digest.getDigestSize()];
byte[] key = new byte[bytesNeeded];
int offset = 0;
for (; ; )
{
digest.update(password, 0, password.length);
digest.update(salt, 0, salt.length);
digest.doFinal(buf, 0);
int len = (bytesNeeded > buf.length) ? buf.length : bytesNeeded;
System.arraycopy(buf, 0, key, offset, len);
offset += len;
// check if we need any more
bytesNeeded -= len;
if (bytesNeeded == 0)
{
break;
}
// do another round
digest.reset();
digest.update(buf, 0, buf.length);
}
return key;
}
/**
* Generate a key parameter derived from the password, salt, and iteration
* count we are currently initialised with.
*
* @param keySize the size of the key we want (in bits)
* @return a KeyParameter object.
* @throws IllegalArgumentException if the key length larger than the base hash size.
*/
public CipherParameters generateDerivedParameters(
int keySize)
{
keySize = keySize / 8;
byte[] dKey = generateDerivedKey(keySize);
return new KeyParameterImpl(dKey);
}
/**
* Generate a key with initialisation vector parameter derived from
* the password, salt, and iteration count we are currently initialised
* with.
*
* @param keySize the size of the key we want (in bits)
* @param ivSize the size of the iv we want (in bits)
* @return a ParametersWithIV object.
* @throws IllegalArgumentException if keySize + ivSize is larger than the base hash size.
*/
public CipherParameters generateDerivedParameters(
int keySize,
int ivSize)
{
keySize = keySize / 8;
ivSize = ivSize / 8;
byte[] dKey = generateDerivedKey(keySize + ivSize);
return new ParametersWithIV(new KeyParameterImpl(Arrays.copyOfRange(dKey, 0, keySize)), dKey, keySize, ivSize);
}
/**
* Generate a key parameter for use with a MAC derived from the password,
* salt, and iteration count we are currently initialised with.
*
* @param keySize the size of the key we want (in bits)
* @return a KeyParameter object.
* @throws IllegalArgumentException if the key length larger than the base hash size.
*/
public CipherParameters generateDerivedMacParameters(
int keySize)
{
return generateDerivedParameters(keySize);
}
public byte[] deriveKey(KeyType keyType, int keySizeInBytes)
{
return generateDerivedKey(keySizeInBytes);
}
public byte[][] deriveKeyAndIV(KeyType keyType, int keySizeInBytes, int ivSizeInBytes)
{
byte[] dKey = generateDerivedKey(keySizeInBytes + ivSizeInBytes);
return new byte[][]{Arrays.copyOfRange(dKey, 0, keySizeInBytes), Arrays.copyOfRange(dKey, keySizeInBytes, keySizeInBytes + ivSizeInBytes)};
}
}