diff -r 000000000000 -r 2c201484c85f crypto/weakcrypto/source/pkcs12kdf/Pkcs12Pbe.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/crypto/weakcrypto/source/pkcs12kdf/Pkcs12Pbe.java Wed Jul 08 11:25:26 2009 +0100 @@ -0,0 +1,130 @@ +/* +* Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* This program uses the Bouncy Castle APIs PKCS#12 KDF to generate encryption keys + ivs +* and mac keys for use with compatibility testing. +* +*/ + + +package com.symbian.security; + +import java.math.BigInteger; +import java.security.SecureRandom; +import org.bouncycastle.crypto.PBEParametersGenerator; +import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; +import org.bouncycastle.crypto.CipherParameters; +import org.bouncycastle.crypto.params.KeyParameter; +import org.bouncycastle.crypto.params.ParametersWithIV; + +public class Pkcs12Pbe { + private PKCS12ParametersGenerator pgen; + + public Pkcs12Pbe() { + pgen = new PKCS12ParametersGenerator(new SHA1Digest()); + } + + public static void main(String args[]) { + try { + if (args.length < 5) { + usage(); + System.exit(-1); + + } + int keyLength = Integer.parseInt(args[0]); + int blockSize = Integer.parseInt(args[1]); + int iterations = Integer.parseInt(args[2]); + String salt = args[3]; + String password = args[4]; + byte[] saltBytes = hexToByteArray(salt); + + Pkcs12Pbe pbe = new Pkcs12Pbe(); + pbe.getKey(keyLength, blockSize, iterations, password, saltBytes); + } + catch (Exception e) { + System.exit(-1); + } + } + + private static byte[] hexToByteArray(String hex) throws Exception { + if (hex.length() % 2 != 0) { + throw new Exception("hexToByteArray: odd number of nibbles"); + } + StringBuffer hexBuffer = new StringBuffer(hex); + + byte[] byteBuffer = new byte[hexBuffer.length() / 2]; + for (int i = 0; i < hexBuffer.length(); i+=2) { + try { + byteBuffer[i / 2] = (byte) Integer.parseInt(hexBuffer.substring(i, i+2), 16); + } + catch (NumberFormatException e) { + System.err.println("hexToByteArray: invalid hex string: " + hex); + throw e; + } + } + return byteBuffer; + } + + private static void usage() { + System.err + .println("Usage: pkcs12pbe \n"); + } + + private void getKey(int keyLen, int ivLen, int iterCount, String password, + byte[] salt) { + System.out.print("key len = " + keyLen + ", iter count = " + + iterCount + ", password = \"" + password + "\", salt = "); + printUnformattedByteArray(salt); + + char[] pwChars = password.toCharArray(); + byte[] pwBytes = PBEParametersGenerator.PKCS12PasswordToBytes(pwChars); + + pgen.init(pwBytes, salt, iterCount); + CipherParameters cp = pgen.generateDerivedParameters(keyLen, ivLen); + + ParametersWithIV ivp = (ParametersWithIV) cp; + KeyParameter kp = (KeyParameter) ivp.getParameters(); + + System.out.print("key "); + printUnformattedByteArray((kp.getKey())); + System.out.print("iv "); + printUnformattedByteArray(ivp.getIV()); + + kp = (KeyParameter) pgen.generateDerivedMacParameters(160); + System.out.print("160bit hmac key "); + printUnformattedByteArray((kp.getKey())); + + } + + // unformatted hex strings that can be passed as arguments to openssl + private void printUnformattedByteArray(byte[] a) { + StringBuffer line = new StringBuffer(); + + for (int i = 0; i < a.length; i++) { + line.append(hexStr(a[i], 2)); + } + System.out.println(line); + } + + private String hexStr(int val, int width) { + StringBuffer result = new StringBuffer(); + while (--width >= 0) { + int bitPos = 4 * width; + int nybble = (val & (0xf << bitPos)) >> bitPos; + result.append(Integer.toHexString(nybble)); + } + return result.toString(); + } +}