Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8076190: Customizing the generation of a PKCS12 keystore #12

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,28 +26,73 @@
package com.sun.crypto.provider;

import java.util.Arrays;
import java.nio.ByteBuffer;

import javax.crypto.MacSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.security.*;
import java.security.spec.*;

/**
* This is an implementation of the HMAC-PBESHA1 algorithm as defined
* in PKCS#12 v1.0 standard.
* This is an implementation of the HMAC algorithms as defined
* in PKCS#12 v1.1 standard (see RFC 7292 Appendix B.4).
*
* @author Valerie Peng
*/
public final class HmacPKCS12PBESHA1 extends HmacCore {
abstract class HmacPKCS12PBECore extends HmacCore {

public static final class HmacPKCS12PBE_SHA1 extends HmacPKCS12PBECore {
public HmacPKCS12PBE_SHA1() throws NoSuchAlgorithmException {
super("SHA1", 64);
}
}

public static final class HmacPKCS12PBE_SHA224 extends HmacPKCS12PBECore {
public HmacPKCS12PBE_SHA224() throws NoSuchAlgorithmException {
super("SHA-224", 64);
}
}

public static final class HmacPKCS12PBE_SHA256 extends HmacPKCS12PBECore {
public HmacPKCS12PBE_SHA256() throws NoSuchAlgorithmException {
super("SHA-256", 64);
}
}

public static final class HmacPKCS12PBE_SHA384 extends HmacPKCS12PBECore {
public HmacPKCS12PBE_SHA384() throws NoSuchAlgorithmException {
super("SHA-384", 128);
}
}

public static final class HmacPKCS12PBE_SHA512 extends HmacPKCS12PBECore {
public HmacPKCS12PBE_SHA512() throws NoSuchAlgorithmException {
super("SHA-512", 128);
}
}

public static final class HmacPKCS12PBE_SHA512_224 extends HmacPKCS12PBECore {
public HmacPKCS12PBE_SHA512_224() throws NoSuchAlgorithmException {
super("SHA-512/224", 128);
}
}

public static final class HmacPKCS12PBE_SHA512_256 extends HmacPKCS12PBECore {
public HmacPKCS12PBE_SHA512_256() throws NoSuchAlgorithmException {
super("SHA-512/256", 128);
}
}

private final String algorithm;
private final int bl;

/**
* Standard constructor, creates a new HmacSHA1 instance.
*/
public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
super("SHA1", 64);
public HmacPKCS12PBECore(String algorithm, int bl) throws NoSuchAlgorithmException {
super(algorithm, bl);
this.algorithm = algorithm;
this.bl = bl;
}

/**
@@ -132,7 +177,8 @@ protected void engineInit(Key key, AlgorithmParameterSpec params)
("IterationCount must be a positive number");
}
derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY,
algorithm, bl);
} finally {
Arrays.fill(passwdChars, '\0');
}
@@ -312,41 +312,48 @@ private String parseKDF(DerValue keyDerivationFunc) throws IOException {
+ "not an ASN.1 OCTET STRING tag");
}
iCount = pBKDF2_params.data.getInteger();

DerValue prf = null;
// keyLength INTEGER (1..MAX) OPTIONAL,
if (pBKDF2_params.data.available() > 0) {
DerValue keyLength = pBKDF2_params.data.getDerValue();
if (keyLength.tag == DerValue.tag_Integer) {
keysize = keyLength.getInteger() * 8; // keysize (in bits)
} else {
// Should be the prf
prf = keyLength;
}
}
// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
String kdfAlgo = "HmacSHA1";
if (pBKDF2_params.data.available() > 0) {
if (pBKDF2_params.tag == DerValue.tag_Sequence) {
DerValue prf = pBKDF2_params.data.getDerValue();
kdfAlgo_OID = prf.data.getOID();
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA1";
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA224";
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA256";
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA384";
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA512";
} else {
if (prf == null) {
if (pBKDF2_params.data.available() > 0) {
prf = pBKDF2_params.data.getDerValue();
}
}
if (prf != null) {
kdfAlgo_OID = prf.data.getOID();
if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA1";
} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA224";
} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA256";
} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA384";
} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
kdfAlgo = "HmacSHA512";
} else {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
}
if (prf.data.available() != 0) {
// parameter is 'NULL' for all HmacSHA KDFs
DerValue parameter = prf.data.getDerValue();
if (parameter.tag != DerValue.tag_Null) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
}
if (prf.data.available() != 0) {
// parameter is 'NULL' for all HmacSHA KDFs
DerValue parameter = prf.data.getDerValue();
if (parameter.tag != DerValue.tag_Null) {
throw new IOException("PBE parameter parsing error: "
+ "not an ASN.1 NULL tag");
}
+ "not an ASN.1 NULL tag");
}
}
}
@@ -707,7 +707,19 @@ public Object run() {
put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");

put("Mac.HmacPBESHA1",
"com.sun.crypto.provider.HmacPKCS12PBESHA1");
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1");
put("Mac.HmacPBESHA224",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224");
put("Mac.HmacPBESHA256",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256");
put("Mac.HmacPBESHA384",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384");
put("Mac.HmacPBESHA512",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512");
put("Mac.HmacPBESHA512/224",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224");
put("Mac.HmacPBESHA512/256",
"com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256");

// PBMAC1

@@ -734,6 +746,12 @@ public Object run() {
put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA512/224 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA512/256 SupportedKeyFormats", "RAW");
put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW");
put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW");
put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW");