Home Explore Help
Sign In
nnesse
/
minwin-gcc-5-2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f5de7b477e
Branches Tags
minwin-gcc-5-2
/
libjava
/
classpath
/
gnu
/
javax
/
crypto
/
keyring
/
PasswordEncryptedEntry.java

PasswordEncryptedEntry.java 10 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294 
  1. /* PasswordEncryptedEntry.java --
    2. 

  2.    Copyright (C) 2003, 2006 Free Software Foundation, Inc.
    3. 

  3. 

  4. This file is a part of GNU Classpath.
    5. 

  5. 

  6. GNU Classpath is free software; you can redistribute it and/or modify
    7. 

  7. it under the terms of the GNU General Public License as published by
    8. 

  8. the Free Software Foundation; either version 2 of the License, or (at
    9. 

  9. your option) any later version.
    10. 

  10. 

  11. GNU Classpath is distributed in the hope that it will be useful, but
    12. 

  12. WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14. General Public License for more details.
    15. 

  15. 

  16. You should have received a copy of the GNU General Public License
    17. 

  17. along with GNU Classpath; if not, write to the Free Software
    18. 

  18. Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
    19. 

  19. USA
    20. 

  20. 

  21. Linking this library statically or dynamically with other modules is
    22. 

  22. making a combined work based on this library.  Thus, the terms and
    23. 

  23. conditions of the GNU General Public License cover the whole
    24. 

  24. combination.
    25. 

  25. 

  26. As a special exception, the copyright holders of this library give you
    27. 

  27. permission to link this library with independent modules to produce an
    28. 

  28. executable, regardless of the license terms of these independent
    29. 

  29. modules, and to copy and distribute the resulting executable under
    30. 

  30. terms of your choice, provided that you also meet, for each linked
    31. 

  31. independent module, the terms and conditions of the license of that
    32. 

  32. module.  An independent module is a module which is not derived from
    33. 

  33. or based on this library.  If you modify this library, you may extend
    34. 

  34. this exception to your version of the library, but you are not
    35. 

  35. obligated to do so.  If you do not wish to do so, delete this
    36. 

  36. exception statement from your version.  */
    37. 

  37. 

  38. 

  39. package gnu.javax.crypto.keyring;
    40. 

  40. 

  41. import gnu.java.security.Configuration;
    42. 

  42. import gnu.java.security.Registry;
    43. 

  43. import gnu.java.security.prng.IRandom;
    44. 

  44. import gnu.java.security.prng.LimitReachedException;
    45. 

  45. import gnu.java.security.util.PRNG;
    46. 

  46. import gnu.java.security.util.Util;
    47. 

  47. import gnu.javax.crypto.cipher.CipherFactory;
    48. 

  48. import gnu.javax.crypto.cipher.IBlockCipher;
    49. 

  49. import gnu.javax.crypto.mode.IMode;
    50. 

  50. import gnu.javax.crypto.mode.ModeFactory;
    51. 

  51. import gnu.javax.crypto.pad.IPad;
    52. 

  52. import gnu.javax.crypto.pad.PadFactory;
    53. 

  53. import gnu.javax.crypto.pad.WrongPaddingException;
    54. 

  54. import gnu.javax.crypto.prng.IPBE;
    55. 

  55. import gnu.javax.crypto.prng.PRNGFactory;
    56. 

  56. 

  57. import java.io.ByteArrayInputStream;
    58. 

  58. import java.io.ByteArrayOutputStream;
    59. 

  59. import java.io.DataInputStream;
    60. 

  60. import java.io.DataOutputStream;
    61. 

  61. import java.io.IOException;
    62. 

  62. import java.security.InvalidKeyException;
    63. 

  63. import java.util.HashMap;
    64. 

  64. import java.util.Iterator;
    65. 

  65. import java.util.logging.Logger;
    66. 

  66. 

  67. /**
    68. 

  68.  * An envelope that is encrypted with a password-derived key.
    69. 

  69.  */
    70. 

  70. public class PasswordEncryptedEntry
    71. 

  71.     extends MaskableEnvelopeEntry
    72. 

  72.     implements PasswordProtectedEntry, Registry
    73. 

  73. {
    74. 

  74.   private static final Logger log = Logger.getLogger(PasswordEncryptedEntry.class.getName());
    75. 

  75.   public static final int TYPE = 1;
    76. 

  76. 

  77.   public PasswordEncryptedEntry(String cipher, String mode, int keylen,
    78. 

  78.                                 Properties properties)
    79. 

  79.   {
    80. 

  80.     super(TYPE, properties);
    81. 

  81.     if ((cipher == null || cipher.length() == 0)
    82. 

  82.         || (mode == null || mode.length() == 0))
    83. 

  83.       throw new IllegalArgumentException("cipher nor mode can be empty");
    84. 

  84.     this.properties.put("cipher", cipher);
    85. 

  85.     this.properties.put("mode", mode);
    86. 

  86.     this.properties.put("keylen", String.valueOf(keylen));
    87. 

  87.     setMasked(false);
    88. 

  88.   }
    89. 

  89. 

  90.   private PasswordEncryptedEntry()
    91. 

  91.   {
    92. 

  92.     super(TYPE);
    93. 

  93.     setMasked(true);
    94. 

  94.   }
    95. 

  95. 

  96.   public static PasswordEncryptedEntry decode(DataInputStream in,
    97. 

  97.                                               char[] password)
    98. 

  98.       throws IOException
    99. 

  99.   {
    100. 

  100.     PasswordEncryptedEntry entry = decode(in);
    101. 

  101.     try
    102. 

  102.       {
    103. 

  103.         entry.decrypt(password);
    104. 

  104.       }
    105. 

  105.     catch (WrongPaddingException wpe)
    106. 

  106.       {
    107. 

  107.         throw new MalformedKeyringException("wrong padding in decrypted data");
    108. 

  108.       }
    109. 

  109.     return entry;
    110. 

  110.   }
    111. 

  111. 

  112.   public static PasswordEncryptedEntry decode(DataInputStream in)
    113. 

  113.       throws IOException
    114. 

  114.   {
    115. 

  115.     PasswordEncryptedEntry entry = new PasswordEncryptedEntry();
    116. 

  116.     entry.defaultDecode(in);
    117. 

  117.     return entry;
    118. 

  118.   }
    119. 

  119. 

  120.   public void decrypt(char[] password) throws IllegalArgumentException,
    121. 

  121.       WrongPaddingException
    122. 

  122.   {
    123. 

  123.     if (Configuration.DEBUG)
    124. 

  124.       log.entering(this.getClass().getName(), "decrypt");
    125. 

  125.     if (isMasked() && payload != null)
    126. 

  126.       {
    127. 

  127.         long tt = -System.currentTimeMillis();
    128. 

  128.         IMode mode = getMode(password, IMode.DECRYPTION);
    129. 

  129.         IPad padding = PadFactory.getInstance("PKCS7");
    130. 

  130.         padding.init(mode.currentBlockSize());
    131. 

  131.         byte[] buf = new byte[payload.length];
    132. 

  132.         int count = 0;
    133. 

  133.         while (count + mode.currentBlockSize() <= payload.length)
    134. 

  134.           {
    135. 

  135.             mode.update(payload, count, buf, count);
    136. 

  136.             count += mode.currentBlockSize();
    137. 

  137.           }
    138. 

  138.         int padlen = padding.unpad(buf, 0, buf.length);
    139. 

  139.         setMasked(false);
    140. 

  140.         int len = buf.length - padlen;
    141. 

  141.         ByteArrayInputStream baos = new ByteArrayInputStream(buf, 0, len);
    142. 

  142.         DataInputStream in = new DataInputStream(baos);
    143. 

  143.         try
    144. 

  144.           {
    145. 

  145.             decodeEnvelope(in);
    146. 

  146.           }
    147. 

  147.         catch (IOException ioe)
    148. 

  148.           {
    149. 

  149.             throw new IllegalArgumentException("decryption failed");
    150. 

  150.           }
    151. 

  151.         tt += System.currentTimeMillis();
    152. 

  152.         log.fine("Decrypted in " + tt + "ms.");
    153. 

  153.       }
    154. 

  154.     else if (Configuration.DEBUG)
    155. 

  155.       log.fine("Skip decryption; " + (isMasked() ? "null payload" : "unmasked"));
    156. 

  156.     if (Configuration.DEBUG)
    157. 

  157.       log.exiting(this.getClass().getName(), "decrypt");
    158. 

  158.   }
    159. 

  159. 

  160.   public void encrypt(char[] password) throws IOException
    161. 

  161.   {
    162. 

  162.     if (Configuration.DEBUG)
    163. 

  163.       log.entering(this.getClass().getName(), "encrypt", String.valueOf(password));
    164. 

  164.     long tt = -System.currentTimeMillis();
    165. 

  165.     long t1 = -System.currentTimeMillis();
    166. 

  166.     byte[] salt = new byte[8];
    167. 

  167.     PRNG.getInstance().nextBytes(salt);
    168. 

  168.     t1 += System.currentTimeMillis();
    169. 

  169.     if (Configuration.DEBUG)
    170. 

  170.       log.fine("-- Generated salt in " + t1 + "ms.");
    171. 

  171.     properties.put("salt", Util.toString(salt));
    172. 

  172.     IMode mode = getMode(password, IMode.ENCRYPTION);
    173. 

  173.     IPad pad = PadFactory.getInstance("PKCS7");
    174. 

  174.     pad.init(mode.currentBlockSize());
    175. 

  175.     ByteArrayOutputStream bout = new ByteArrayOutputStream(1024);
    176. 

  176.     DataOutputStream out2 = new DataOutputStream(bout);
    177. 

  177.     for (Iterator it = entries.iterator(); it.hasNext();)
    178. 

  178.       {
    179. 

  179.         Entry entry = (Entry) it.next();
    180. 

  180.         if (Configuration.DEBUG)
    181. 

  181.           log.fine("-- About to encode one " + entry);
    182. 

  182.         t1 = -System.currentTimeMillis();
    183. 

  183.         entry.encode(out2);
    184. 

  184.         t1 += System.currentTimeMillis();
    185. 

  185.         if (Configuration.DEBUG)
    186. 

  186.           log.fine("-- Encoded an Entry in " + t1 + "ms.");
    187. 

  187.       }
    188. 

  188.     byte[] plaintext = bout.toByteArray();
    189. 

  189.     byte[] padding = pad.pad(plaintext, 0, plaintext.length);
    190. 

  190.     payload = new byte[plaintext.length + padding.length];
    191. 

  191.     byte[] lastBlock = new byte[mode.currentBlockSize()];
    192. 

  192.     int l = mode.currentBlockSize() - padding.length;
    193. 

  193.     System.arraycopy(plaintext, plaintext.length - l, lastBlock, 0, l);
    194. 

  194.     System.arraycopy(padding, 0, lastBlock, l, padding.length);
    195. 

  195.     int count = 0;
    196. 

  196.     while (count + mode.currentBlockSize() < plaintext.length)
    197. 

  197.       {
    198. 

  198.         mode.update(plaintext, count, payload, count);
    199. 

  199.         count += mode.currentBlockSize();
    200. 

  200.       }
    201. 

  201.     mode.update(lastBlock, 0, payload, count);
    202. 

  202.     setMasked(true);
    203. 

  203.     tt += System.currentTimeMillis();
    204. 

  204.     if (Configuration.DEBUG)
    205. 

  205.       {
    206. 

  206.         log.fine("Encrypted in " + tt + "ms.");
    207. 

  207.         log.exiting(this.getClass().getName(), "encrypt");
    208. 

  208.       }
    209. 

  209.   }
    210. 

  210. 

  211.   public void encode(DataOutputStream out, char[] password) throws IOException
    212. 

  212.   {
    213. 

  213.     encrypt(password);
    214. 

  214.     encode(out);
    215. 

  215.   }
    216. 

  216. 

  217.   protected void encodePayload() throws IOException
    218. 

  218.   {
    219. 

  219.     if (payload == null)
    220. 

  220.       {
    221. 

  221.         if (Configuration.DEBUG)
    222. 

  222.           log.fine("Null payload: " + this);
    223. 

  223.         throw new IllegalStateException("not encrypted");
    224. 

  224.       }
    225. 

  225.   }
    226. 

  226. 

  227.   private IMode getMode(char[] password, int state)
    228. 

  228.   {
    229. 

  229.     String s = properties.get("salt");
    230. 

  230.     if (s == null)
    231. 

  231.       throw new IllegalArgumentException("no salt");
    232. 

  232.     byte[] salt = Util.toBytesFromString(s);
    233. 

  233.     IBlockCipher cipher = CipherFactory.getInstance(properties.get("cipher"));
    234. 

  234.     if (cipher == null)
    235. 

  235.       throw new IllegalArgumentException("no such cipher: "
    236. 

  236.                                          + properties.get("cipher"));
    237. 

  237.     int blockSize = cipher.defaultBlockSize();
    238. 

  238.     if (properties.containsKey("block-size"))
    239. 

  239.       try
    240. 

  240.         {
    241. 

  241.           blockSize = Integer.parseInt(properties.get("block-size"));
    242. 

  242.         }
    243. 

  243.       catch (NumberFormatException nfe)
    244. 

  244.         {
    245. 

  245.           throw new IllegalArgumentException("bad block size: "
    246. 

  246.                                              + nfe.getMessage());
    247. 

  247.         }
    248. 

  248.     String modeName = properties.get("mode");
    249. 

  249.     IMode mode = ModeFactory.getInstance(modeName, cipher, blockSize);
    250. 

  250.     if (mode == null)
    251. 

  251.       throw new IllegalArgumentException("no such mode: " + modeName);
    252. 

  252.     HashMap pbAttr = new HashMap();
    253. 

  253.     pbAttr.put(IPBE.PASSWORD, password);
    254. 

  254.     pbAttr.put(IPBE.SALT, salt);
    255. 

  255.     pbAttr.put(IPBE.ITERATION_COUNT, ITERATION_COUNT);
    256. 

  256.     IRandom kdf = PRNGFactory.getInstance("PBKDF2-HMAC-SHA");
    257. 

  257.     kdf.init(pbAttr);
    258. 

  258.     int keylen = 0;
    259. 

  259.     if (! properties.containsKey("keylen"))
    260. 

  260.       throw new IllegalArgumentException("no key length");
    261. 

  261.     try
    262. 

  262.       {
    263. 

  263.         keylen = Integer.parseInt(properties.get("keylen"));
    264. 

  264.       }
    265. 

  265.     catch (NumberFormatException nfe)
    266. 

  266.       {
    267. 

  267.       }
    268. 

  268.     byte[] dk = new byte[keylen];
    269. 

  269.     byte[] iv = new byte[blockSize];
    270. 

  270.     try
    271. 

  271.       {
    272. 

  272.         kdf.nextBytes(dk, 0, keylen);
    273. 

  273.         kdf.nextBytes(iv, 0, blockSize);
    274. 

  274.       }
    275. 

  275.     catch (LimitReachedException shouldNotHappen)
    276. 

  276.       {
    277. 

  277.         throw new Error(shouldNotHappen.toString());
    278. 

  278.       }
    279. 

  279.     HashMap modeAttr = new HashMap();
    280. 

  280.     modeAttr.put(IMode.KEY_MATERIAL, dk);
    281. 

  281.     modeAttr.put(IMode.STATE, Integer.valueOf(state));
    282. 

  282.     modeAttr.put(IMode.IV, iv);
    283. 

  283.     try
    284. 

  284.       {
    285. 

  285.         mode.init(modeAttr);
    286. 

  286.       }
    287. 

  287.     catch (InvalidKeyException ike)
    288. 

  288.       {
    289. 

  289.         throw new IllegalArgumentException(ike.toString());
    290. 

  290.       }
    291. 

  291.     return mode;
    292. 

  292.   }
    293. 

  293. }
    294. 

  294.