295 } 296 if (keyDerivationFunc.tag != DerValue.tag_Sequence) { 297 throw new IOException("PBE parameter parsing error: " 298 + "not an ASN.1 SEQUENCE tag"); 299 } 300 DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue(); 301 if (pBKDF2_params.tag != DerValue.tag_Sequence) { 302 throw new IOException("PBE parameter parsing error: " 303 + "not an ASN.1 SEQUENCE tag"); 304 } 305 DerValue specified = pBKDF2_params.data.getDerValue(); 306 // the 'specified' ASN.1 CHOICE for 'salt' is supported 307 if (specified.tag == DerValue.tag_OctetString) { 308 salt = specified.getOctetString(); 309 } else { 310 // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported 311 throw new IOException("PBE parameter parsing error: " 312 + "not an ASN.1 OCTET STRING tag"); 313 } 314 iCount = pBKDF2_params.data.getInteger(); 315 // keyLength INTEGER (1..MAX) OPTIONAL, 316 if (pBKDF2_params.data.available() > 0) { 317 DerValue keyLength = pBKDF2_params.data.getDerValue(); 318 if (keyLength.tag == DerValue.tag_Integer) { 319 keysize = keyLength.getInteger() * 8; // keysize (in bits) 320 } 321 } 322 // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 323 String kdfAlgo = "HmacSHA1"; 324 if (pBKDF2_params.data.available() > 0) { 325 if (pBKDF2_params.tag == DerValue.tag_Sequence) { 326 DerValue prf = pBKDF2_params.data.getDerValue(); 327 kdfAlgo_OID = prf.data.getOID(); 328 if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) { 329 kdfAlgo = "HmacSHA1"; 330 } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) { 331 kdfAlgo = "HmacSHA224"; 332 } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) { 333 kdfAlgo = "HmacSHA256"; 334 } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) { 335 kdfAlgo = "HmacSHA384"; 336 } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) { 337 kdfAlgo = "HmacSHA512"; 338 } else { 339 throw new IOException("PBE parameter parsing error: " 340 + "expecting the object identifier for a HmacSHA key " 341 + "derivation function"); 342 } 343 if (prf.data.available() != 0) { 344 // parameter is 'NULL' for all HmacSHA KDFs 345 DerValue parameter = prf.data.getDerValue(); 346 if (parameter.tag != DerValue.tag_Null) { 347 throw new IOException("PBE parameter parsing error: " 348 + "not an ASN.1 NULL tag"); 349 } 350 } 351 } 352 } 353 354 return kdfAlgo; 355 } 356 357 private String parseES(DerValue encryptionScheme) throws IOException { 358 String cipherAlgo = null; 359 360 cipherAlgo_OID = encryptionScheme.data.getOID(); 361 if (aes128CBC_OID.equals(cipherAlgo_OID)) { 362 cipherAlgo = "AES_128"; 363 // parameter is AES-IV 'OCTET STRING (SIZE(16))' 364 cipherParam = 365 new IvParameterSpec(encryptionScheme.data.getOctetString()); 366 keysize = 128; 367 } else if (aes256CBC_OID.equals(cipherAlgo_OID)) { 368 cipherAlgo = "AES_256"; 369 // parameter is AES-IV 'OCTET STRING (SIZE(16))' 370 cipherParam = 371 new IvParameterSpec(encryptionScheme.data.getOctetString()); 372 keysize = 256; | 295 } 296 if (keyDerivationFunc.tag != DerValue.tag_Sequence) { 297 throw new IOException("PBE parameter parsing error: " 298 + "not an ASN.1 SEQUENCE tag"); 299 } 300 DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue(); 301 if (pBKDF2_params.tag != DerValue.tag_Sequence) { 302 throw new IOException("PBE parameter parsing error: " 303 + "not an ASN.1 SEQUENCE tag"); 304 } 305 DerValue specified = pBKDF2_params.data.getDerValue(); 306 // the 'specified' ASN.1 CHOICE for 'salt' is supported 307 if (specified.tag == DerValue.tag_OctetString) { 308 salt = specified.getOctetString(); 309 } else { 310 // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported 311 throw new IOException("PBE parameter parsing error: " 312 + "not an ASN.1 OCTET STRING tag"); 313 } 314 iCount = pBKDF2_params.data.getInteger(); 315 316 DerValue prf = null; 317 // keyLength INTEGER (1..MAX) OPTIONAL, 318 if (pBKDF2_params.data.available() > 0) { 319 DerValue keyLength = pBKDF2_params.data.getDerValue(); 320 if (keyLength.tag == DerValue.tag_Integer) { 321 keysize = keyLength.getInteger() * 8; // keysize (in bits) 322 } else { 323 // Should be the prf 324 prf = keyLength; 325 } 326 } 327 // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 328 String kdfAlgo = "HmacSHA1"; 329 if (prf == null) { 330 if (pBKDF2_params.data.available() > 0) { 331 prf = pBKDF2_params.data.getDerValue(); 332 } 333 } 334 if (prf != null) { 335 kdfAlgo_OID = prf.data.getOID(); 336 if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) { 337 kdfAlgo = "HmacSHA1"; 338 } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) { 339 kdfAlgo = "HmacSHA224"; 340 } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) { 341 kdfAlgo = "HmacSHA256"; 342 } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) { 343 kdfAlgo = "HmacSHA384"; 344 } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) { 345 kdfAlgo = "HmacSHA512"; 346 } else { 347 throw new IOException("PBE parameter parsing error: " 348 + "expecting the object identifier for a HmacSHA key " 349 + "derivation function"); 350 } 351 if (prf.data.available() != 0) { 352 // parameter is 'NULL' for all HmacSHA KDFs 353 DerValue parameter = prf.data.getDerValue(); 354 if (parameter.tag != DerValue.tag_Null) { 355 throw new IOException("PBE parameter parsing error: " 356 + "not an ASN.1 NULL tag"); 357 } 358 } 359 } 360 361 return kdfAlgo; 362 } 363 364 private String parseES(DerValue encryptionScheme) throws IOException { 365 String cipherAlgo = null; 366 367 cipherAlgo_OID = encryptionScheme.data.getOID(); 368 if (aes128CBC_OID.equals(cipherAlgo_OID)) { 369 cipherAlgo = "AES_128"; 370 // parameter is AES-IV 'OCTET STRING (SIZE(16))' 371 cipherParam = 372 new IvParameterSpec(encryptionScheme.data.getOctetString()); 373 keysize = 128; 374 } else if (aes256CBC_OID.equals(cipherAlgo_OID)) { 375 cipherAlgo = "AES_256"; 376 // parameter is AES-IV 'OCTET STRING (SIZE(16))' 377 cipherParam = 378 new IvParameterSpec(encryptionScheme.data.getOctetString()); 379 keysize = 256; |