static AlgorithmParameterSpec extractGcmSpec(ASN1Primitive spec) throws InvalidParameterSpecException { try { GCMParameters gcmParams = GCMParameters.getInstance(spec); Constructor constructor = gcmSpecClass.getConstructor(new Class[]{Integer.TYPE, byte[].class}); return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(gcmParams.getIcvLen() * 8), gcmParams.getNonce() }); } catch (NoSuchMethodException e) { throw new InvalidParameterSpecException("No constructor found!"); // should never happen } catch (Exception e) { throw new InvalidParameterSpecException("Construction failed: " + e.getMessage()); // should never happen } }
protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException { if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec)) { if (GcmSpecUtil.gcmSpecExists()) { return GcmSpecUtil.extractGcmSpec(gcmParams.toASN1Primitive()); } return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8); } if (paramSpec == AEADParameterSpec.class) { return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8); } if (paramSpec == IvParameterSpec.class) { return new IvParameterSpec(gcmParams.getNonce()); } throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName()); } }
protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException { if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec)) { if (GcmSpecUtil.gcmSpecExists()) { return GcmSpecUtil.extractGcmSpec(gcmParams.toASN1Primitive()); } return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8); } if (paramSpec == AEADParameterSpec.class) { return new AEADParameterSpec(gcmParams.getNonce(), gcmParams.getIcvLen() * 8); } if (paramSpec == IvParameterSpec.class) { return new IvParameterSpec(gcmParams.getNonce()); } throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName()); } }
GCMParameters gcmParameters = GCMParameters.getInstance(encParams); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(gcmParameters.getIcvLen() * 8, gcmParameters.getNonce()); cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec);
private static byte[] decrypt(EncryptedValue ev, char[] password) throws XiSecurityException { AlgorithmIdentifier symmAlg = ev.getSymmAlg(); if (!PKCSObjectIdentifiers.id_PBES2.equals(symmAlg.getAlgorithm())) { throw new XiSecurityException("unsupported symmAlg " + symmAlg.getAlgorithm().getId()); } PBES2Parameters alg = PBES2Parameters.getInstance(symmAlg.getParameters()); PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; int iterations = func.getIterationCount().intValue(); key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), iterations, KEYSIZE_PROVIDER.getKeySize(encScheme), func.getPrf())); key = new SecretKeySpec(key.getEncoded(), "AES"); String cipherAlgOid = alg.getEncryptionScheme().getAlgorithm().getId(); Cipher cipher = Cipher.getInstance(cipherAlgOid); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); GCMParameters gcmParameters = GCMParameters.getInstance(encParams); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(gcmParameters.getIcvLen() * 8, gcmParameters.getNonce()); cipher.init(Cipher.DECRYPT_MODE, key, gcmParamSpec); return cipher.doFinal(ev.getEncValue().getOctets()); } catch (IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException ex) { throw new XiSecurityException("Error while decrypting the EncryptedValue", ex); } }
GCMParameterSpec spec = new GCMParameterSpec(gcmParams.getIcvLen() * 8, gcmParams.getNonce()); dataCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(symmKey, "AES"), spec);
Cipher dataCipher = Cipher.getInstance(symmAlgOid.getId()); AlgorithmParameterSpec algParams = new GCMParameterSpec(params.getIcvLen() << 3, params.getNonce()); dataCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(symmKey, "AES"), algParams);