Home Explore Help
Sign In
nnesse
/
minwin-gcc-5-2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f5de7b477e
Branches Tags
minwin-gcc-5-2
/
libjava
/
classpath
/
gnu
/
javax
/
crypto
/
kwa
/
AESKeyWrap.java

AESKeyWrap.java 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. /* AESWrap.java -- An implementation of RFC-3394 AES Key Wrap Algorithm
    2. 

  2.    Copyright (C) 2006 Free Software Foundation, Inc.
    3. 

  3. 

  4. This file is part of GNU Classpath.
    5. 

  5. 

  6. GNU Classpath is free software; you can redistribute it and/or modify
    7. 

  7. it under the terms of the GNU General Public License as published by
    8. 

  8. the Free Software Foundation; either version 2, or (at your option)
    9. 

  9. any later version.
    10. 

  10. 

  11. GNU Classpath is distributed in the hope that it will be useful, but
    12. 

  12. WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14. General Public License for more details.
    15. 

  15. 

  16. You should have received a copy of the GNU General Public License
    17. 

  17. along with GNU Classpath; see the file COPYING.  If not, write to the
    18. 

  18. Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    19. 

  19. 02110-1301 USA.
    20. 

  20. 

  21. Linking this library statically or dynamically with other modules is
    22. 

  22. making a combined work based on this library.  Thus, the terms and
    23. 

  23. conditions of the GNU General Public License cover the whole
    24. 

  24. combination.
    25. 

  25. 

  26. As a special exception, the copyright holders of this library give you
    27. 

  27. permission to link this library with independent modules to produce an
    28. 

  28. executable, regardless of the license terms of these independent
    29. 

  29. modules, and to copy and distribute the resulting executable under
    30. 

  30. terms of your choice, provided that you also meet, for each linked
    31. 

  31. independent module, the terms and conditions of the license of that
    32. 

  32. module.  An independent module is a module which is not derived from
    33. 

  33. or based on this library.  If you modify this library, you may extend
    34. 

  34. this exception to your version of the library, but you are not
    35. 

  35. obligated to do so.  If you do not wish to do so, delete this
    36. 

  36. exception statement from your version. */
    37. 

  37. 

  38. 

  39. package gnu.javax.crypto.kwa;
    40. 

  40. 

  41. import gnu.java.security.Registry;
    42. 

  42. import gnu.javax.crypto.cipher.IBlockCipher;
    43. 

  43. import gnu.javax.crypto.cipher.Rijndael;
    44. 

  44. 

  45. import java.security.InvalidKeyException;
    46. 

  46. import java.util.Arrays;
    47. 

  47. import java.util.HashMap;
    48. 

  48. import java.util.Map;
    49. 

  49. 

  50. /**
    51. 

  51.  * The GNU implementation of the AES Key Wrap Algorithm as described in [1].
    52. 

  52.  * <p>
    53. 

  53.  * References:
    54. 

  54.  * <ol>
    55. 

  55.  * <li><a href="http://csrc.nist.gov/encryption/kms/key-wrap.pdf"></a>.</li>
    56. 

  56.  * <li><a href="http://www.rfc-archive.org/getrfc.php?rfc=3394">Advanced
    57. 

  57.  * Encryption Standard (AES) Key Wrap Algorithm</a>.</li>
    58. 

  58.  * <li><a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption Syntax and
    59. 

  59.  * Processing</a>.</li>
    60. 

  60.  * </ol>
    61. 

  61.  */
    62. 

  62. public class AESKeyWrap
    63. 

  63.     extends BaseKeyWrappingAlgorithm
    64. 

  64. {
    65. 

  65.   private static final byte[] DEFAULT_IV = new byte[] {
    66. 

  66.       (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6,
    67. 

  67.       (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6 };
    68. 

  68. 

  69.   private Rijndael aes;
    70. 

  70.   private byte[] iv;
    71. 

  71. 

  72.   public AESKeyWrap()
    73. 

  73.   {
    74. 

  74.     super(Registry.AES_KWA);
    75. 

  75. 

  76.     aes = new Rijndael();
    77. 

  77.   }
    78. 

  78. 

  79.   protected void engineInit(Map attributes) throws InvalidKeyException
    80. 

  80.   {
    81. 

  81.     Map cipherAttributes = new HashMap();
    82. 

  82.     cipherAttributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(16));
    83. 

  83.     cipherAttributes.put(IBlockCipher.KEY_MATERIAL,
    84. 

  84.                          attributes.get(KEY_ENCRYPTION_KEY_MATERIAL));
    85. 

  85.     aes.reset();
    86. 

  86.     aes.init(cipherAttributes);
    87. 

  87.     byte[] initialValue = (byte[]) attributes.get(INITIAL_VALUE);
    88. 

  88.     iv = initialValue == null ? DEFAULT_IV : (byte[]) initialValue.clone();
    89. 

  89.   }
    90. 

  90. 

  91.   protected byte[] engineWrap(byte[] in, int inOffset, int length)
    92. 

  92.   {
    93. 

  93.     // TODO: handle input length which is not a multiple of 8 as suggested by
    94. 

  94.     // section 2.2.3.2 of RFC-3394
    95. 

  95.     if (length % 8 != 0)
    96. 

  96.       throw new IllegalArgumentException("Input length MUST be a multiple of 8");
    97. 

  97.     int n = length / 8;
    98. 

  98.     // output is always one block larger than input
    99. 

  99.     byte[] result = new byte[length + 8];
    100. 

  100. 

  101.     // 1. init variables: we'll use out buffer for our work buffer;
    102. 

  102.     //    A will be the first block in out, while R will be the rest
    103. 

  103.     System.arraycopy(iv, 0, result, 0, 8);
    104. 

  104.     System.arraycopy(in, inOffset, result, 8, length);
    105. 

  105.     byte[] B = new byte[2 * 8];
    106. 

  106.     // 2. compute intermediate values
    107. 

  107.     long t;
    108. 

  108.     for (int j = 0; j < 6; j++)
    109. 

  109.       for (int i = 1; i <= n; i++)
    110. 

  110.         {
    111. 

  111.           System.arraycopy(result, 0, B, 0, 8);
    112. 

  112.           System.arraycopy(result, i * 8, B, 8, 8);
    113. 

  113.           aes.encryptBlock(B, 0, B, 0);
    114. 

  114.           t = (n * j) + i;
    115. 

  115.           result[0] = (byte)(B[0] ^ (t >>> 56));
    116. 

  116.           result[1] = (byte)(B[1] ^ (t >>> 48));
    117. 

  117.           result[2] = (byte)(B[2] ^ (t >>> 40));
    118. 

  118.           result[3] = (byte)(B[3] ^ (t >>> 32));
    119. 

  119.           result[4] = (byte)(B[4] ^ (t >>> 24));
    120. 

  120.           result[5] = (byte)(B[5] ^ (t >>> 16));
    121. 

  121.           result[6] = (byte)(B[6] ^ (t >>>  8));
    122. 

  122.           result[7] = (byte)(B[7] ^  t        );
    123. 

  123.           System.arraycopy(B, 8, result, i * 8, 8);
    124. 

  124.         }
    125. 

  125.     return result;
    126. 

  126.   }
    127. 

  127. 

  128.   protected byte[] engineUnwrap(byte[] in, int inOffset, int length)
    129. 

  129.       throws KeyUnwrappingException
    130. 

  130.   {
    131. 

  131.     // TODO: handle input length which is not a multiple of 8 as suggested by
    132. 

  132.     // section 2.2.3.2 of RFC-3394
    133. 

  133.     if (length % 8 != 0)
    134. 

  134.       throw new IllegalArgumentException("Input length MUST be a multiple of 8");
    135. 

  135.     // output is always one block shorter than input
    136. 

  136.     byte[] result = new byte[length - 8];
    137. 

  137. 

  138.     // 1. init variables: we'll use out buffer for our R work buffer
    139. 

  139.     byte[] A = new byte[8];
    140. 

  140.     System.arraycopy(in, inOffset, A, 0, 8);
    141. 

  141.     System.arraycopy(in, inOffset + 8, result, 0, result.length);
    142. 

  142.     byte[] B = new byte[2 * 8];
    143. 

  143.     // 2. compute intermediate values
    144. 

  144.     int n = length / 8 - 1;
    145. 

  145.     long t;
    146. 

  146.     for (int j = 5; j >= 0; j--)
    147. 

  147.       for (int i = n; i >= 1; i--)
    148. 

  148.         {
    149. 

  149.           t = (n * j) + i;
    150. 

  150.           B[0] = (byte)(A[0] ^ (t >>> 56));
    151. 

  151.           B[1] = (byte)(A[1] ^ (t >>> 48));
    152. 

  152.           B[2] = (byte)(A[2] ^ (t >>> 40));
    153. 

  153.           B[3] = (byte)(A[3] ^ (t >>> 32));
    154. 

  154.           B[4] = (byte)(A[4] ^ (t >>> 24));
    155. 

  155.           B[5] = (byte)(A[5] ^ (t >>> 16));
    156. 

  156.           B[6] = (byte)(A[6] ^ (t >>>  8));
    157. 

  157.           B[7] = (byte)(A[7] ^  t        );
    158. 

  158.           System.arraycopy(result, (i - 1) * 8, B, 8, 8);
    159. 

  159.           aes.decryptBlock(B, 0, B, 0);
    160. 

  160.           System.arraycopy(B, 0, A, 0, 8);
    161. 

  161.           System.arraycopy(B, 8, result, (i - 1) * 8, 8);
    162. 

  162.         }
    163. 

  163.     if (! Arrays.equals(A, iv))
    164. 

  164.       throw new KeyUnwrappingException();
    165. 

  165. 

  166.     return result;
    167. 

  167.   }
    168. 

  168. }
    169. 

  169.