/* * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package com.sun.crypto.provider; import java.io.UnsupportedEncodingException; import java.security.*; import java.security.spec.*; import javax.crypto.*; import javax.crypto.spec.*; /** * This class implements a proprietary password-based encryption algorithm. * It is based on password-based encryption as defined by the PKCS #5 * standard, except that is uses triple DES instead of DES. * * Here's how this algorithm works: * * 1. Create random salt and split it in two halves. If the two halves are * identical, invert one of them. * 2. Concatenate password with each of the halves. * 3. Digest each concatenation with c iterations, where c is the * iterationCount. Concatenate the output from each digest round with the * password, and use the result as the input to the next digest operation. * The digest algorithm is MD5. * 4. After c iterations, use the 2 resulting digests as follows: * The 16 bytes of the first digest and the 1st 8 bytes of the 2nd digest * form the triple DES key, and the last 8 bytes of the 2nd digest form the * IV. * * @author Jan Luehe * @see javax.crypto.Cipher */ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi { private PBES1Core core; /** * Creates an instance of this cipher, and initializes its mode (CBC) and * padding (PKCS5). * * @exception NoSuchAlgorithmException if the required cipher mode (CBC) is * unavailable * @exception NoSuchPaddingException if the required padding mechanism * (PKCS5Padding) is unavailable */ public PBEWithMD5AndTripleDESCipher() throws NoSuchAlgorithmException, NoSuchPaddingException { // set the encapsulated cipher to do triple DES core = new PBES1Core("DESede"); } /** * Sets the mode of this cipher. This algorithm can only be run in CBC * mode. * * @param mode the cipher mode * * @exception NoSuchAlgorithmException if the requested cipher mode is * invalid */ protected void engineSetMode(String mode) throws NoSuchAlgorithmException { if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) { throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode); } } /** * Sets the padding mechanism of this cipher. This algorithm only uses * PKCS #5 padding. * * @param paddingScheme the padding mechanism * * @exception NoSuchPaddingException if the requested padding mechanism * is invalid */ protected void engineSetPadding(String paddingScheme) throws NoSuchPaddingException { if ((paddingScheme != null) && (!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) { throw new NoSuchPaddingException("Invalid padding scheme: " + paddingScheme); } } /** * Returns the block size (in bytes). * * @return the block size (in bytes) */ protected int engineGetBlockSize() { return core.getBlockSize(); } /** * Returns the length in bytes that an output buffer would need to be in * order to hold the result of the next update or * doFinal operation, given the input length * inputLen (in bytes). * *

This call takes into account any unprocessed (buffered) data from a * previous update call, and padding. * *

The actual output length of the next update or * doFinal call may be smaller than the length returned by * this method. * * @param inputLen the input length (in bytes) * * @return the required output buffer size (in bytes) * */ protected int engineGetOutputSize(int inputLen) { return core.getOutputSize(inputLen); } /** * Returns the initialization vector (IV) in a new buffer. * *

This is useful in the case where a random IV has been created * (see init), * or in the context of password-based encryption or * decryption, where the IV is derived from a user-supplied password. * * @return the initialization vector in a new buffer, or null if the * underlying algorithm does not use an IV, or if the IV has not yet * been set. */ protected byte[] engineGetIV() { return core.getIV(); } /** * Returns the parameters used with this cipher. * *

The returned parameters may be the same that were used to initialize * this cipher, or may contain the default set of parameters or a set of * randomly generated parameters used by the underlying cipher * implementation (provided that the underlying cipher implementation * uses a default set of parameters or creates new parameters if it needs * parameters but was not initialized with any). * * @return the parameters used with this cipher, or null if this cipher * does not use any parameters. */ protected AlgorithmParameters engineGetParameters() { return core.getParameters(); } /** * Initializes this cipher with a key and a source * of randomness. * The cipher is initialized for one of the following four operations: * encryption, decryption, key wrapping or key unwrapping, depending on * the value of opmode. * *

If this cipher (including its underlying feedback or padding scheme) * requires any random bytes, it will get them from random. * * @param opmode the operation mode of this cipher (this is one of * the following: * ENCRYPT_MODE, DECRYPT_MODE), * WRAP_MODE or UNWRAP_MODE) * @param key the encryption key * @param random the source of randomness * * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher */ protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { try { core.init(opmode, key, (AlgorithmParameterSpec) null, random); } catch (InvalidAlgorithmParameterException ie) { InvalidKeyException ike = new InvalidKeyException("requires PBE parameters"); ike.initCause(ie); throw ike; } } /** * Initializes this cipher with a key, a set of * algorithm parameters, and a source of randomness. * The cipher is initialized for encryption or decryption, depending on * the value of opmode. * *

If this cipher (including its underlying feedback or padding scheme) * requires any random bytes, it will get them from random. * * @param opmode the operation mode of this cipher (this is either * ENCRYPT_MODE or DECRYPT_MODE) * @param key the encryption key * @param params the algorithm parameters * @param random the source of randomness * * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher * @exception InvalidAlgorithmParameterException if the given algorithm * parameters are inappropriate for this cipher */ protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { core.init(opmode, key, params, random); } protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { core.init(opmode, key, params, random); } /** * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * part. * *

The first inputLen bytes in the input * buffer, starting at inputOffset, are processed, and the * result is stored in a new buffer. * * @param input the input buffer * @param inputOffset the offset in input where the input * starts * @param inputLen the input length * * @return the new buffer with the result * */ protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) { return core.update(input, inputOffset, inputLen); } /** * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * part. * *

The first inputLen bytes in the input * buffer, starting at inputOffset, are processed, and the * result is stored in the output buffer, starting at * outputOffset. * * @param input the input buffer * @param inputOffset the offset in input where the input * starts * @param inputLen the input length * @param output the buffer for the result * @param outputOffset the offset in output where the result * is stored * * @return the number of bytes stored in output * * @exception ShortBufferException if the given output buffer is too small * to hold the result */ protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException { return core.update(input, inputOffset, inputLen, output, outputOffset); } /** * Encrypts or decrypts data in a single-part operation, * or finishes a multiple-part operation. * The data is encrypted or decrypted, depending on how this cipher was * initialized. * *

The first inputLen bytes in the input * buffer, starting at inputOffset, and any input bytes that * may have been buffered during a previous update operation, * are processed, with padding (if requested) being applied. * The result is stored in a new buffer. * *

The cipher is reset to its initial state (uninitialized) after this * call. * * @param input the input buffer * @param inputOffset the offset in input where the input * starts * @param inputLen the input length * * @return the new buffer with the result * * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size * @exception BadPaddingException if decrypting and padding is chosen, * but the last input data does not have proper padding bytes. */ protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) throws IllegalBlockSizeException, BadPaddingException { return core.doFinal(input, inputOffset, inputLen); } /** * Encrypts or decrypts data in a single-part operation, * or finishes a multiple-part operation. * The data is encrypted or decrypted, depending on how this cipher was * initialized. * *

The first inputLen bytes in the input * buffer, starting at inputOffset, and any input bytes that * may have been buffered during a previous update operation, * are processed, with padding (if requested) being applied. * The result is stored in the output buffer, starting at * outputOffset. * *

The cipher is reset to its initial state (uninitialized) after this * call. * * @param input the input buffer * @param inputOffset the offset in input where the input * starts * @param inputLen the input length * @param output the buffer for the result * @param outputOffset the offset in output where the result * is stored * * @return the number of bytes stored in output * * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size * @exception ShortBufferException if the given output buffer is too small * to hold the result * @exception BadPaddingException if decrypting and padding is chosen, * but the last input data does not have proper padding bytes. */ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { return core.doFinal(input, inputOffset, inputLen, output, outputOffset); } /** * Returns the key size of the given key object. * * @param key the key object. * * @return the key size of the given key object. * * @exception InvalidKeyException if key is invalid. */ protected int engineGetKeySize(Key key) throws InvalidKeyException { return 168; } /** * Wrap a key. * * @param key the key to be wrapped. * * @return the wrapped key. * * @exception IllegalBlockSizeException if this cipher is a block * cipher, no padding has been requested, and the length of the * encoding of the key to be wrapped is not a * multiple of the block size. * * @exception InvalidKeyException if it is impossible or unsafe to * wrap the key with this cipher (e.g., a hardware protected key is * being passed to a software only cipher). */ protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException { return core.wrap(key); } /** * Unwrap a previously wrapped key. * * @param wrappedKey the key to be unwrapped. * * @param wrappedKeyAlgorithm the algorithm the wrapped key is for. * * @param wrappedKeyType the type of the wrapped key. * This is one of Cipher.SECRET_KEY, * Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY. * * @return the unwrapped key. * * @exception NoSuchAlgorithmException if no installed providers * can create keys of type wrappedKeyType for the * wrappedKeyAlgorithm. * * @exception InvalidKeyException if wrappedKey does not * represent a wrapped key of type wrappedKeyType for * the wrappedKeyAlgorithm. */ protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) throws InvalidKeyException, NoSuchAlgorithmException { return core.unwrap(wrappedKey, wrappedKeyAlgorithm, wrappedKeyType); } }