295 }
296 if (keyDerivationFunc.tag != DerValue.tag_Sequence) {
297 throw new IOException("PBE parameter parsing error: "
298 + "not an ASN.1 SEQUENCE tag");
299 }
300 DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue();
301 if (pBKDF2_params.tag != DerValue.tag_Sequence) {
302 throw new IOException("PBE parameter parsing error: "
303 + "not an ASN.1 SEQUENCE tag");
304 }
305 DerValue specified = pBKDF2_params.data.getDerValue();
306 // the 'specified' ASN.1 CHOICE for 'salt' is supported
307 if (specified.tag == DerValue.tag_OctetString) {
308 salt = specified.getOctetString();
309 } else {
310 // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
311 throw new IOException("PBE parameter parsing error: "
312 + "not an ASN.1 OCTET STRING tag");
313 }
314 iCount = pBKDF2_params.data.getInteger();
315 // keyLength INTEGER (1..MAX) OPTIONAL,
316 if (pBKDF2_params.data.available() > 0) {
317 DerValue keyLength = pBKDF2_params.data.getDerValue();
318 if (keyLength.tag == DerValue.tag_Integer) {
319 keysize = keyLength.getInteger() * 8; // keysize (in bits)
320 }
321 }
322 // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
323 String kdfAlgo = "HmacSHA1";
324 if (pBKDF2_params.data.available() > 0) {
325 if (pBKDF2_params.tag == DerValue.tag_Sequence) {
326 DerValue prf = pBKDF2_params.data.getDerValue();
327 kdfAlgo_OID = prf.data.getOID();
328 if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
329 kdfAlgo = "HmacSHA1";
330 } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
331 kdfAlgo = "HmacSHA224";
332 } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
333 kdfAlgo = "HmacSHA256";
334 } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
335 kdfAlgo = "HmacSHA384";
336 } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
337 kdfAlgo = "HmacSHA512";
338 } else {
339 throw new IOException("PBE parameter parsing error: "
340 + "expecting the object identifier for a HmacSHA key "
341 + "derivation function");
342 }
343 if (prf.data.available() != 0) {
344 // parameter is 'NULL' for all HmacSHA KDFs
345 DerValue parameter = prf.data.getDerValue();
346 if (parameter.tag != DerValue.tag_Null) {
347 throw new IOException("PBE parameter parsing error: "
348 + "not an ASN.1 NULL tag");
349 }
350 }
351 }
352 }
353
354 return kdfAlgo;
355 }
356
357 private String parseES(DerValue encryptionScheme) throws IOException {
358 String cipherAlgo = null;
359
360 cipherAlgo_OID = encryptionScheme.data.getOID();
361 if (aes128CBC_OID.equals(cipherAlgo_OID)) {
362 cipherAlgo = "AES_128";
363 // parameter is AES-IV 'OCTET STRING (SIZE(16))'
364 cipherParam =
365 new IvParameterSpec(encryptionScheme.data.getOctetString());
366 keysize = 128;
367 } else if (aes256CBC_OID.equals(cipherAlgo_OID)) {
368 cipherAlgo = "AES_256";
369 // parameter is AES-IV 'OCTET STRING (SIZE(16))'
370 cipherParam =
371 new IvParameterSpec(encryptionScheme.data.getOctetString());
372 keysize = 256;
|
295 }
296 if (keyDerivationFunc.tag != DerValue.tag_Sequence) {
297 throw new IOException("PBE parameter parsing error: "
298 + "not an ASN.1 SEQUENCE tag");
299 }
300 DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue();
301 if (pBKDF2_params.tag != DerValue.tag_Sequence) {
302 throw new IOException("PBE parameter parsing error: "
303 + "not an ASN.1 SEQUENCE tag");
304 }
305 DerValue specified = pBKDF2_params.data.getDerValue();
306 // the 'specified' ASN.1 CHOICE for 'salt' is supported
307 if (specified.tag == DerValue.tag_OctetString) {
308 salt = specified.getOctetString();
309 } else {
310 // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
311 throw new IOException("PBE parameter parsing error: "
312 + "not an ASN.1 OCTET STRING tag");
313 }
314 iCount = pBKDF2_params.data.getInteger();
315
316 DerValue prf = null;
317 // keyLength INTEGER (1..MAX) OPTIONAL,
318 if (pBKDF2_params.data.available() > 0) {
319 DerValue keyLength = pBKDF2_params.data.getDerValue();
320 if (keyLength.tag == DerValue.tag_Integer) {
321 keysize = keyLength.getInteger() * 8; // keysize (in bits)
322 } else {
323 // Should be the prf
324 prf = keyLength;
325 }
326 }
327 // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
328 String kdfAlgo = "HmacSHA1";
329 if (prf == null) {
330 if (pBKDF2_params.data.available() > 0) {
331 prf = pBKDF2_params.data.getDerValue();
332 }
333 }
334 if (prf != null) {
335 kdfAlgo_OID = prf.data.getOID();
336 if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
337 kdfAlgo = "HmacSHA1";
338 } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
339 kdfAlgo = "HmacSHA224";
340 } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
341 kdfAlgo = "HmacSHA256";
342 } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
343 kdfAlgo = "HmacSHA384";
344 } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
345 kdfAlgo = "HmacSHA512";
346 } else {
347 throw new IOException("PBE parameter parsing error: "
348 + "expecting the object identifier for a HmacSHA key "
349 + "derivation function");
350 }
351 if (prf.data.available() != 0) {
352 // parameter is 'NULL' for all HmacSHA KDFs
353 DerValue parameter = prf.data.getDerValue();
354 if (parameter.tag != DerValue.tag_Null) {
355 throw new IOException("PBE parameter parsing error: "
356 + "not an ASN.1 NULL tag");
357 }
358 }
359 }
360
361 return kdfAlgo;
362 }
363
364 private String parseES(DerValue encryptionScheme) throws IOException {
365 String cipherAlgo = null;
366
367 cipherAlgo_OID = encryptionScheme.data.getOID();
368 if (aes128CBC_OID.equals(cipherAlgo_OID)) {
369 cipherAlgo = "AES_128";
370 // parameter is AES-IV 'OCTET STRING (SIZE(16))'
371 cipherParam =
372 new IvParameterSpec(encryptionScheme.data.getOctetString());
373 keysize = 128;
374 } else if (aes256CBC_OID.equals(cipherAlgo_OID)) {
375 cipherAlgo = "AES_256";
376 // parameter is AES-IV 'OCTET STRING (SIZE(16))'
377 cipherParam =
378 new IvParameterSpec(encryptionScheme.data.getOctetString());
379 keysize = 256;
|