bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JceSymmetricKeyWrapper.java - platform/external/bouncycastle - Git at Google

 package org.bouncycastle.operator.jcajce;

 import java.security.GeneralSecurityException;
 import java.security.Key;
 import java.security.Provider;
 import java.security.SecureRandom;

 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;

 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
 import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
 import org.bouncycastle.operator.GenericKey;
 import org.bouncycastle.operator.OperatorException;
 import org.bouncycastle.operator.SymmetricKeyWrapper;

 public class JceSymmetricKeyWrapper
     extends SymmetricKeyWrapper
 {
     private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
     private SecureRandom random;
     private SecretKey wrappingKey;

     public JceSymmetricKeyWrapper(SecretKey wrappingKey)
     {
         super(determineKeyEncAlg(wrappingKey));

         this.wrappingKey = wrappingKey;
     }

     public JceSymmetricKeyWrapper setProvider(Provider provider)
     {
         this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));

         return this;
     }

     public JceSymmetricKeyWrapper setProvider(String providerName)
     {
         this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));

         return this;
     }

     public JceSymmetricKeyWrapper setSecureRandom(SecureRandom random)
     {
         this.random = random;

         return this;
     }

     public byte[] generateWrappedKey(GenericKey encryptionKey)
         throws OperatorException
     {
         Key contentEncryptionKeySpec = OperatorUtils.getJceKey(encryptionKey);

         Cipher keyEncryptionCipher = helper.createSymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm());

         try
         {
             keyEncryptionCipher.init(Cipher.WRAP_MODE, wrappingKey, random);

             return keyEncryptionCipher.wrap(contentEncryptionKeySpec);
         }
         catch (GeneralSecurityException e)
         {
             throw new OperatorException("cannot wrap key: " + e.getMessage(), e);
         }
     }

     private static AlgorithmIdentifier determineKeyEncAlg(SecretKey key)
     {
         return determineKeyEncAlg(key.getAlgorithm(), key.getEncoded().length * 8);
     }

     static AlgorithmIdentifier determineKeyEncAlg(String algorithm, int keySizeInBits)
     {
         if (algorithm.startsWith("DES") || algorithm.startsWith("TripleDES"))
         {
             return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE);
         }
         else if (algorithm.startsWith("RC2"))
         {
             return new AlgorithmIdentifier(new ASN1ObjectIdentifier(
                     "1.2.840.113549.1.9.16.3.7"), new ASN1Integer(58));
         }
         else if (algorithm.startsWith("AES"))
         {
             ASN1ObjectIdentifier wrapOid;

             if (keySizeInBits == 128)
             {
                 wrapOid = NISTObjectIdentifiers.id_aes128_wrap;
             }
             else if (keySizeInBits == 192)
             {
                 wrapOid = NISTObjectIdentifiers.id_aes192_wrap;
             }
             else if (keySizeInBits == 256)
             {
                 wrapOid = NISTObjectIdentifiers.id_aes256_wrap;
             }
             else
             {
                 throw new IllegalArgumentException("illegal keysize in AES");
             }

             return new AlgorithmIdentifier(wrapOid); // parameters absent
         }
         else if (algorithm.startsWith("SEED"))
         {
             // parameters absent
             return new AlgorithmIdentifier(
                     KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap);
         }
         else if (algorithm.startsWith("Camellia"))
         {
             ASN1ObjectIdentifier wrapOid;

             if (keySizeInBits == 128)
             {
                 wrapOid = NTTObjectIdentifiers.id_camellia128_wrap;
             }
             else if (keySizeInBits == 192)
             {
                 wrapOid = NTTObjectIdentifiers.id_camellia192_wrap;
             }
             else if (keySizeInBits == 256)
             {
                 wrapOid = NTTObjectIdentifiers.id_camellia256_wrap;
             }
             else
             {
                 throw new IllegalArgumentException(
                         "illegal keysize in Camellia");
             }

             return new AlgorithmIdentifier(wrapOid); // parameters must be
                                                      // absent
         }
         else
         {
             throw new IllegalArgumentException("unknown algorithm");
         }
     }
 }
	package org.bouncycastle.operator.jcajce;

	import java.security.GeneralSecurityException;
	import java.security.Key;
	import java.security.Provider;
	import java.security.SecureRandom;

	import javax.crypto.Cipher;
	import javax.crypto.SecretKey;

	import org.bouncycastle.asn1.ASN1Integer;
	import org.bouncycastle.asn1.ASN1ObjectIdentifier;
	import org.bouncycastle.asn1.DERNull;
	import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
	import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
	import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
	import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
	import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
	import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
	import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
	import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
	import org.bouncycastle.operator.GenericKey;
	import org.bouncycastle.operator.OperatorException;
	import org.bouncycastle.operator.SymmetricKeyWrapper;

	public class JceSymmetricKeyWrapper
	extends SymmetricKeyWrapper
	{
	private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
	private SecureRandom random;
	private SecretKey wrappingKey;

	public JceSymmetricKeyWrapper(SecretKey wrappingKey)
	{
	super(determineKeyEncAlg(wrappingKey));

	this.wrappingKey = wrappingKey;
	}

	public JceSymmetricKeyWrapper setProvider(Provider provider)
	{
	this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));

	return this;
	}

	public JceSymmetricKeyWrapper setProvider(String providerName)
	{
	this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));

	return this;
	}

	public JceSymmetricKeyWrapper setSecureRandom(SecureRandom random)
	{
	this.random = random;

	return this;
	}

	public byte[] generateWrappedKey(GenericKey encryptionKey)
	throws OperatorException
	{
	Key contentEncryptionKeySpec = OperatorUtils.getJceKey(encryptionKey);

	Cipher keyEncryptionCipher = helper.createSymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm());

	try
	{
	keyEncryptionCipher.init(Cipher.WRAP_MODE, wrappingKey, random);

	return keyEncryptionCipher.wrap(contentEncryptionKeySpec);
	}
	catch (GeneralSecurityException e)
	{
	throw new OperatorException("cannot wrap key: " + e.getMessage(), e);
	}
	}

	private static AlgorithmIdentifier determineKeyEncAlg(SecretKey key)
	{
	return determineKeyEncAlg(key.getAlgorithm(), key.getEncoded().length * 8);
	}

	static AlgorithmIdentifier determineKeyEncAlg(String algorithm, int keySizeInBits)
	{
	if (algorithm.startsWith("DES") \|\| algorithm.startsWith("TripleDES"))
	{
	return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE);
	}
	else if (algorithm.startsWith("RC2"))
	{
	return new AlgorithmIdentifier(new ASN1ObjectIdentifier(
	"1.2.840.113549.1.9.16.3.7"), new ASN1Integer(58));
	}
	else if (algorithm.startsWith("AES"))
	{
	ASN1ObjectIdentifier wrapOid;

	if (keySizeInBits == 128)
	{
	wrapOid = NISTObjectIdentifiers.id_aes128_wrap;
	}
	else if (keySizeInBits == 192)
	{
	wrapOid = NISTObjectIdentifiers.id_aes192_wrap;
	}
	else if (keySizeInBits == 256)
	{
	wrapOid = NISTObjectIdentifiers.id_aes256_wrap;
	}
	else
	{
	throw new IllegalArgumentException("illegal keysize in AES");
	}

	return new AlgorithmIdentifier(wrapOid); // parameters absent
	}
	else if (algorithm.startsWith("SEED"))
	{
	// parameters absent
	return new AlgorithmIdentifier(
	KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap);
	}
	else if (algorithm.startsWith("Camellia"))
	{
	ASN1ObjectIdentifier wrapOid;

	if (keySizeInBits == 128)
	{
	wrapOid = NTTObjectIdentifiers.id_camellia128_wrap;
	}
	else if (keySizeInBits == 192)
	{
	wrapOid = NTTObjectIdentifiers.id_camellia192_wrap;
	}
	else if (keySizeInBits == 256)
	{
	wrapOid = NTTObjectIdentifiers.id_camellia256_wrap;
	}
	else
	{
	throw new IllegalArgumentException(
	"illegal keysize in Camellia");
	}

	return new AlgorithmIdentifier(wrapOid); // parameters must be
	// absent
	}
	else
	{
	throw new IllegalArgumentException("unknown algorithm");
	}
	}
	}