/* * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package com.sun.crypto.provider; import java.io.*; import java.security.InvalidKeyException; import java.security.spec.KeySpec; import java.security.spec.InvalidKeySpecException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactorySpi; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; /** * This class implements a key factory for PBE keys derived using * PBKDF2 with HmacSHA1 psuedo random function(PRF) as defined in * PKCS#5 v2.0. * * @author Valerie Peng * */ public final class PBKDF2HmacSHA1Factory extends SecretKeyFactorySpi { /** * Empty constructor */ public PBKDF2HmacSHA1Factory() { } /** * Generates a SecretKey object from the provided key * specification (key material). * * @param keySpec the specification (key material) of the secret key * * @return the secret key * * @exception InvalidKeySpecException if the given key specification * is inappropriate for this key factory to produce a public key. */ protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException { if (!(keySpec instanceof PBEKeySpec)) { throw new InvalidKeySpecException("Invalid key spec"); } PBEKeySpec ks = (PBEKeySpec) keySpec; return new PBKDF2KeyImpl(ks, "HmacSHA1"); } /** * Returns a specification (key material) of the given key * in the requested format. * * @param key the key * * @param keySpec the requested format in which the key material shall be * returned * * @return the underlying key specification (key material) in the * requested format * * @exception InvalidKeySpecException if the requested key * specification is inappropriate for the given key, or the * given key cannot be processed (e.g., the given key has an * unrecognized algorithm or format). */ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpecCl) throws InvalidKeySpecException { if (key instanceof javax.crypto.interfaces.PBEKey) { // Check if requested key spec is amongst the valid ones if ((keySpecCl != null) && PBEKeySpec.class.isAssignableFrom(keySpecCl)) { javax.crypto.interfaces.PBEKey pKey = (javax.crypto.interfaces.PBEKey) key; return new PBEKeySpec (pKey.getPassword(), pKey.getSalt(), pKey.getIterationCount(), pKey.getEncoded().length*8); } else { throw new InvalidKeySpecException("Invalid key spec"); } } else { throw new InvalidKeySpecException("Invalid key " + "format/algorithm"); } } /** * Translates a SecretKey object, whose provider may be * unknown or potentially untrusted, into a corresponding * SecretKey object of this key factory. * * @param key the key whose provider is unknown or untrusted * * @return the translated key * * @exception InvalidKeyException if the given key cannot be processed by * this key factory. */ protected SecretKey engineTranslateKey(SecretKey key) throws InvalidKeyException { if ((key != null) && (key.getAlgorithm().equalsIgnoreCase("PBKDF2WithHmacSHA1")) && (key.getFormat().equalsIgnoreCase("RAW"))) { // Check if key originates from this factory if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) { return key; } // Check if key implements the PBEKey if (key instanceof javax.crypto.interfaces.PBEKey) { javax.crypto.interfaces.PBEKey pKey = (javax.crypto.interfaces.PBEKey) key; try { PBEKeySpec spec = new PBEKeySpec(pKey.getPassword(), pKey.getSalt(), pKey.getIterationCount(), pKey.getEncoded().length*8); return new PBKDF2KeyImpl(spec, "HmacSHA1"); } catch (InvalidKeySpecException re) { InvalidKeyException ike = new InvalidKeyException ("Invalid key component(s)"); ike.initCause(re); throw ike; } } } throw new InvalidKeyException("Invalid key format/algorithm"); } }