Fix PBKDF2WithHmacSHA1 to use high bits

Bug: 8312059 Bug: https://code.google.com/p/android/issues/detail?id=40578 Cherry picked from commit a2ab0a62bc1ca3978e3ab3a3c1f8288f29a30e7e Change-Id: I749380979671709d63cc87f798b77ed5d8eaef6e
author: William Luh <williamluh@google.com> 2013-04-10 15:02:36 -0700
committer: William Luh <williamluh@google.com> 2013-05-28 10:51:06 -0700
commit: 2768c2948c0b1931bff087e43a8db8059c183b56 (patch)
tree: 8c4ee37d6bd37687c049d66e5846a9d90088b0fd /bcprov
parent: 918e3ef8a32f8e5b5666b4c58948d2965076912a (diff)
download: android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.tar.gz
android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.tar.bz2
android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.zip
4 files changed, 57 insertions, 10 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
index 9c4c831..e9ea6a6 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
@@ -78,6 +78,12 @@ public class BCPBEKey
             {
                 return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword());
             }
+            // BEGIN android-changed
+            else if (type == PBE.PBKDF2)
+            {
+                return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword());
+            }
+            // END android-changed
             else
             {   
                 return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword());
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
index 1074e11..86af83f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
@@ -48,6 +48,9 @@ public interface PBE
     static final int        PKCS5S2     = 1;
     static final int        PKCS12      = 2;
     static final int        OPENSSL     = 3;
+    // BEGIN android-added
+    static final int        PBKDF2      = 4;
+    // END android-added
 
     /**
      * uses the appropriate mixer to generate the key and IV if necessary.
@@ -83,7 +86,9 @@ public interface PBE
                     throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1.");
                 }
             }
-            else if (type == PKCS5S2)
+            // BEGIN android-changed
+            else if ((type == PKCS5S2) || (type == PBKDF2))
+            // END android-changed
             {
                 generator = new PKCS5S2ParametersGenerator();
             }
@@ -250,6 +255,12 @@ public interface PBE
             {
                 key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
             }
+            // BEGIN android-changed
+            else if (type == PBKDF2)
+            {
+                key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword());
+            }
+            // END android-changed
             else
             {   
                 key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
@@ -293,8 +304,14 @@ public interface PBE
             {
                 key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword());
             }
+            // BEGIN android-changed
+            else if (type == PBKDF2)
+            {
+                key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword());
+            }
+            // END android-changed
             else
-            {   
+            {
                 key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword());
             }
             
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index cc6510a..9942975 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -476,6 +476,7 @@ public final class BouncyCastleProvider extends Provider
         put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
         // BEGIN android-added
 
+        put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1");
         put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1");
         // END android-added
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
index faf0ead..ddb3ef1 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
@@ -558,12 +558,17 @@ public class JCESecretKeyFactory
        }
    }
     // BEGIN android-added
-    static public class PBKDF2WithHmacSHA1
+    static public class PBKDF2WithHmacSHA1Base
         extends JCESecretKeyFactory
     {
-        public PBKDF2WithHmacSHA1()
+        int mScheme;
+
+        protected PBKDF2WithHmacSHA1Base(
+            String               algName,
+            int scheme)
         {
-            super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2);
+            super(algName, PKCSObjectIdentifiers.id_PBKDF2);
+            this.mScheme = scheme;
         }
 
         protected SecretKey engineGenerateSecret(
@@ -596,17 +601,35 @@ public class JCESecretKeyFactory
                     throw new IllegalArgumentException("password empty");
                 }
 
-                int scheme = PKCS5S2;
                 int digest = SHA1;
                 int keySize = pbeSpec.getKeyLength();
                 int ivSize = -1;
-                CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);
-                
-                return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
+
+                CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize);
+
+                return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param);
             }
-            
+
             throw new InvalidKeySpecException("Invalid KeySpec");
         }
     }
+
+    static public class PBKDF2WithHmacSHA1
+        extends PBKDF2WithHmacSHA1Base
+    {
+        public PBKDF2WithHmacSHA1()
+        {
+            super("PBKDF2WithHmacSHA1", PBKDF2);
+        }
+    }
+
+    static public class BrokenPBKDF2WithHmacSHA1
+        extends PBKDF2WithHmacSHA1Base
+    {
+        public BrokenPBKDF2WithHmacSHA1()
+        {
+            super("BrokenPBKDF2WithHmacSHA1", PKCS5S2);
+        }
+    }
     // END android-added
 }
author	William Luh <williamluh@google.com>	2013-04-10 15:02:36 -0700
committer	William Luh <williamluh@google.com>	2013-05-28 10:51:06 -0700
commit	2768c2948c0b1931bff087e43a8db8059c183b56 (patch)
tree	8c4ee37d6bd37687c049d66e5846a9d90088b0fd /bcprov
parent	918e3ef8a32f8e5b5666b4c58948d2965076912a (diff)
download	android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.tar.gz android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.tar.bz2 android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.zip