View Javadoc
1   /*
2    * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  
26  package com.sun.crypto.provider;
27  
28  import java.util.Arrays;
29  import java.nio.ByteBuffer;
30  
31  import javax.crypto.MacSpi;
32  import javax.crypto.SecretKey;
33  import javax.crypto.spec.SecretKeySpec;
34  import javax.crypto.spec.PBEKeySpec;
35  import javax.crypto.spec.PBEParameterSpec;
36  import java.security.*;
37  import java.security.spec.*;
38  
39  /**
40   * This is an implementation of the PBMAC1 algorithms as defined
41   * in PKCS#5 v2.1 standard.
42   */
43  abstract class PBMAC1Core extends HmacCore {
44  
45      // NOTE: this class inherits the Cloneable interface from HmacCore
46      // Need to override clone() if mutable fields are added.
47      private final String kdfAlgo;
48      private final String hashAlgo;
49      private final int blockLength; // in octets
50  
51      /**
52       * Creates an instance of PBMAC1 according to the selected
53       * password-based key derivation function.
54       */
55      PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
56          throws NoSuchAlgorithmException {
57          super(hashAlgo, blockLength);
58          this.kdfAlgo = kdfAlgo;
59          this.hashAlgo = hashAlgo;
60          this.blockLength = blockLength;
61      }
62  
63      private static PBKDF2Core getKDFImpl(String algo) {
64          PBKDF2Core kdf = null;
65          switch(algo) {
66          case "HmacSHA1":
67                  kdf = new PBKDF2Core.HmacSHA1();
68                  break;
69          case "HmacSHA224":
70                  kdf = new PBKDF2Core.HmacSHA224();
71                  break;
72          case "HmacSHA256":
73                  kdf = new PBKDF2Core.HmacSHA256();
74                  break;
75          case "HmacSHA384":
76                  kdf = new PBKDF2Core.HmacSHA384();
77                  break;
78          case "HmacSHA512":
79                  kdf = new PBKDF2Core.HmacSHA512();
80                  break;
81          default:
82                  throw new ProviderException(
83                      "No MAC implementation for " + algo);
84          }
85          return kdf;
86      }
87  
88      /**
89       * Initializes the HMAC with the given secret key and algorithm parameters.
90       *
91       * @param key the secret key.
92       * @param params the algorithm parameters.
93       *
94       * @exception InvalidKeyException if the given key is inappropriate for
95       * initializing this MAC.
96       * @exception InvalidAlgorithmParameterException if the given algorithm
97       * parameters are inappropriate for this MAC.
98       */
99      protected void engineInit(Key key, AlgorithmParameterSpec params)
100         throws InvalidKeyException, InvalidAlgorithmParameterException {
101         char[] passwdChars;
102         byte[] salt = null;
103         int iCount = 0;
104         if (key instanceof javax.crypto.interfaces.PBEKey) {
105             javax.crypto.interfaces.PBEKey pbeKey =
106                 (javax.crypto.interfaces.PBEKey) key;
107             passwdChars = pbeKey.getPassword();
108             salt = pbeKey.getSalt(); // maybe null if unspecified
109             iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
110         } else if (key instanceof SecretKey) {
111             byte[] passwdBytes = key.getEncoded();
112             if ((passwdBytes == null) ||
113                 !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
114                 throw new InvalidKeyException("Missing password");
115             }
116             passwdChars = new char[passwdBytes.length];
117             for (int i=0; i<passwdChars.length; i++) {
118                 passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
119             }
120         } else {
121             throw new InvalidKeyException("SecretKey of PBE type required");
122         }
123         if (params == null) {
124             // should not auto-generate default values since current
125             // javax.crypto.Mac api does not have any method for caller to
126             // retrieve the generated defaults.
127             if ((salt == null) || (iCount == 0)) {
128                 throw new InvalidAlgorithmParameterException
129                     ("PBEParameterSpec required for salt and iteration count");
130             }
131         } else if (!(params instanceof PBEParameterSpec)) {
132             throw new InvalidAlgorithmParameterException
133                 ("PBEParameterSpec type required");
134         } else {
135             PBEParameterSpec pbeParams = (PBEParameterSpec) params;
136             // make sure the parameter values are consistent
137             if (salt != null) {
138                 if (!Arrays.equals(salt, pbeParams.getSalt())) {
139                     throw new InvalidAlgorithmParameterException
140                         ("Inconsistent value of salt between key and params");
141                 }
142             } else {
143                 salt = pbeParams.getSalt();
144             }
145             if (iCount != 0) {
146                 if (iCount != pbeParams.getIterationCount()) {
147                     throw new InvalidAlgorithmParameterException
148                         ("Different iteration count between key and params");
149                 }
150             } else {
151                 iCount = pbeParams.getIterationCount();
152             }
153         }
154         // For security purpose, we need to enforce a minimum length
155         // for salt; just require the minimum salt length to be 8-byte
156         // which is what PKCS#5 recommends and openssl does.
157         if (salt.length < 8) {
158             throw new InvalidAlgorithmParameterException
159                 ("Salt must be at least 8 bytes long");
160         }
161         if (iCount <= 0) {
162             throw new InvalidAlgorithmParameterException
163                 ("IterationCount must be a positive number");
164         }
165 
166         PBEKeySpec pbeSpec =
167             new PBEKeySpec(passwdChars, salt, iCount, blockLength);
168             // password char[] was cloned in PBEKeySpec constructor,
169             // so we can zero it out here
170         java.util.Arrays.fill(passwdChars, ' ');
171 
172         SecretKey s = null;
173         PBKDF2Core kdf = getKDFImpl(kdfAlgo);
174         try {
175             s = kdf.engineGenerateSecret(pbeSpec);
176 
177         } catch (InvalidKeySpecException ikse) {
178             InvalidKeyException ike =
179                 new InvalidKeyException("Cannot construct PBE key");
180             ike.initCause(ikse);
181             throw ike;
182         }
183         byte[] derivedKey = s.getEncoded();
184         SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
185 
186         super.engineInit(cipherKey, null);
187     }
188 
189     public static final class HmacSHA1 extends PBMAC1Core {
190         public HmacSHA1() throws NoSuchAlgorithmException {
191             super("HmacSHA1", "SHA1", 64);
192         }
193     }
194 
195     public static final class HmacSHA224 extends PBMAC1Core {
196         public HmacSHA224() throws NoSuchAlgorithmException {
197             super("HmacSHA224", "SHA-224", 64);
198         }
199     }
200 
201     public static final class HmacSHA256 extends PBMAC1Core {
202         public HmacSHA256() throws NoSuchAlgorithmException {
203             super("HmacSHA256", "SHA-256", 64);
204         }
205     }
206 
207     public static final class HmacSHA384 extends PBMAC1Core {
208         public HmacSHA384() throws NoSuchAlgorithmException {
209             super("HmacSHA384", "SHA-384", 128);
210         }
211     }
212 
213     public static final class HmacSHA512 extends PBMAC1Core {
214         public HmacSHA512() throws NoSuchAlgorithmException {
215             super("HmacSHA512", "SHA-512", 128);
216         }
217     }
218 }