Save This Page
Home » openjdk-7 » com.sun.crypto » provider » [javadoc | source]
    1   /*
    2    * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
    3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
    4    *
    5    * This code is free software; you can redistribute it and/or modify it
    6    * under the terms of the GNU General Public License version 2 only, as
    7    * published by the Free Software Foundation.  Oracle designates this
    8    * particular file as subject to the "Classpath" exception as provided
    9    * by Oracle in the LICENSE file that accompanied this code.
   10    *
   11    * This code is distributed in the hope that it will be useful, but WITHOUT
   12    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
   13    * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   14    * version 2 for more details (a copy is included in the LICENSE file that
   15    * accompanied this code).
   16    *
   17    * You should have received a copy of the GNU General Public License version
   18    * 2 along with this work; if not, write to the Free Software Foundation,
   19    * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   20    *
   21    * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
   22    * or visit www.oracle.com if you need additional information or have any
   23    * questions.
   24    */
   25   
   26   package com.sun.crypto.provider;
   27   
   28   import java.util.Arrays;
   29   import java.nio.ByteBuffer;
   30   
   31   import javax.crypto.MacSpi;
   32   import javax.crypto.SecretKey;
   33   import javax.crypto.spec.SecretKeySpec;
   34   import javax.crypto.spec.PBEParameterSpec;
   35   import java.security;
   36   import java.security.spec;
   37   
   38   /**
   39    * This is an implementation of the HMAC-PBESHA1 algorithm as defined
   40    * in PKCS#12 v1.0 standard.
   41    *
   42    * @author Valerie Peng
   43    */
   44   public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable {
   45   
   46       private HmacCore hmac = null;
   47       private static final int SHA1_BLOCK_LENGTH = 64;
   48   
   49       /**
   50        * Standard constructor, creates a new HmacSHA1 instance.
   51        */
   52       public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
   53           this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
   54                                    SHA1_BLOCK_LENGTH);
   55       }
   56   
   57       /**
   58        * Returns the length of the HMAC in bytes.
   59        *
   60        * @return the HMAC length in bytes.
   61        */
   62       protected int engineGetMacLength() {
   63           return hmac.getDigestLength();
   64       }
   65   
   66       /**
   67        * Initializes the HMAC with the given secret key and algorithm parameters.
   68        *
   69        * @param key the secret key.
   70        * @param params the algorithm parameters.
   71        *
   72        * @exception InvalidKeyException if the given key is inappropriate for
   73        * initializing this MAC.
   74        u* @exception InvalidAlgorithmParameterException if the given algorithm
   75        * parameters are inappropriate for this MAC.
   76        */
   77       protected void engineInit(Key key, AlgorithmParameterSpec params)
   78           throws InvalidKeyException, InvalidAlgorithmParameterException {
   79           char[] passwdChars;
   80           byte[] salt = null;
   81           int iCount = 0;
   82           if (key instanceof javax.crypto.interfaces.PBEKey) {
   83               javax.crypto.interfaces.PBEKey pbeKey =
   84                   (javax.crypto.interfaces.PBEKey) key;
   85               passwdChars = pbeKey.getPassword();
   86               salt = pbeKey.getSalt(); // maybe null if unspecified
   87               iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
   88           } else if (key instanceof SecretKey) {
   89               byte[] passwdBytes = key.getEncoded();
   90               if ((passwdBytes == null) ||
   91                   !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
   92                   throw new InvalidKeyException("Missing password");
   93               }
   94               passwdChars = new char[passwdBytes.length];
   95               for (int i=0; i<passwdChars.length; i++) {
   96                   passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
   97               }
   98           } else {
   99               throw new InvalidKeyException("SecretKey of PBE type required");
  100           }
  101           if (params == null) {
  102               // generate default for salt and iteration count if necessary
  103               if (salt == null) {
  104                   salt = new byte[20];
  105                   SunJCE.RANDOM.nextBytes(salt);
  106               }
  107               if (iCount == 0) iCount = 100;
  108           } else if (!(params instanceof PBEParameterSpec)) {
  109               throw new InvalidAlgorithmParameterException
  110                   ("PBEParameterSpec type required");
  111           } else {
  112               PBEParameterSpec pbeParams = (PBEParameterSpec) params;
  113               // make sure the parameter values are consistent
  114               if (salt != null) {
  115                   if (!Arrays.equals(salt, pbeParams.getSalt())) {
  116                       throw new InvalidAlgorithmParameterException
  117                           ("Inconsistent value of salt between key and params");
  118                   }
  119               } else {
  120                   salt = pbeParams.getSalt();
  121               }
  122               if (iCount != 0) {
  123                   if (iCount != pbeParams.getIterationCount()) {
  124                       throw new InvalidAlgorithmParameterException
  125                           ("Different iteration count between key and params");
  126                   }
  127               } else {
  128                   iCount = pbeParams.getIterationCount();
  129               }
  130           }
  131           // For security purpose, we need to enforce a minimum length
  132           // for salt; just require the minimum salt length to be 8-byte
  133           // which is what PKCS#5 recommends and openssl does.
  134           if (salt.length < 8) {
  135               throw new InvalidAlgorithmParameterException
  136                   ("Salt must be at least 8 bytes long");
  137           }
  138           if (iCount <= 0) {
  139               throw new InvalidAlgorithmParameterException
  140                   ("IterationCount must be a positive number");
  141           }
  142           byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
  143               iCount, hmac.getDigestLength(), PKCS12PBECipherCore.MAC_KEY);
  144           SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
  145           hmac.init(cipherKey, null);
  146       }
  147   
  148       /**
  149        * Processes the given byte.
  150        *
  151        * @param input the input byte to be processed.
  152        */
  153       protected void engineUpdate(byte input) {
  154           hmac.update(input);
  155       }
  156   
  157       /**
  158        * Processes the first <code>len</code> bytes in <code>input</code>,
  159        * starting at <code>offset</code>.
  160        *
  161        * @param input the input buffer.
  162        * @param offset the offset in <code>input</code> where the input starts.
  163        * @param len the number of bytes to process.
  164        */
  165       protected void engineUpdate(byte input[], int offset, int len) {
  166           hmac.update(input, offset, len);
  167       }
  168   
  169       protected void engineUpdate(ByteBuffer input) {
  170           hmac.update(input);
  171       }
  172   
  173       /**
  174        * Completes the HMAC computation and resets the HMAC for further use,
  175        * maintaining the secret key that the HMAC was initialized with.
  176        *
  177        * @return the HMAC result.
  178        */
  179       protected byte[] engineDoFinal() {
  180           return hmac.doFinal();
  181       }
  182   
  183       /**
  184        * Resets the HMAC for further use, maintaining the secret key that the
  185        * HMAC was initialized with.
  186        */
  187       protected void engineReset() {
  188           hmac.reset();
  189       }
  190   
  191       /*
  192        * Clones this object.
  193        */
  194       public Object clone() {
  195           HmacPKCS12PBESHA1 that = null;
  196           try {
  197               that = (HmacPKCS12PBESHA1)super.clone();
  198               that.hmac = (HmacCore)this.hmac.clone();
  199           } catch (CloneNotSupportedException e) {
  200           }
  201           return that;
  202       }
  203   }

Save This Page
Home » openjdk-7 » com.sun.crypto » provider » [javadoc | source]