diff options
author | William Luh <williamluh@google.com> | 2013-04-10 15:02:36 -0700 |
---|---|---|
committer | William Luh <williamluh@google.com> | 2013-05-28 10:51:06 -0700 |
commit | 2768c2948c0b1931bff087e43a8db8059c183b56 (patch) | |
tree | 8c4ee37d6bd37687c049d66e5846a9d90088b0fd /bcprov | |
parent | 918e3ef8a32f8e5b5666b4c58948d2965076912a (diff) | |
download | android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.tar.gz android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.tar.bz2 android_external_bouncycastle-2768c2948c0b1931bff087e43a8db8059c183b56.zip |
Fix PBKDF2WithHmacSHA1 to use high bits
Bug: 8312059
Bug: https://code.google.com/p/android/issues/detail?id=40578
Cherry picked from commit a2ab0a62bc1ca3978e3ab3a3c1f8288f29a30e7e
Change-Id: I749380979671709d63cc87f798b77ed5d8eaef6e
Diffstat (limited to 'bcprov')
4 files changed, 57 insertions, 10 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java index 9c4c831..e9ea6a6 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java @@ -78,6 +78,12 @@ public class BCPBEKey { return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBE.PBKDF2) + { + return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); + } + // END android-changed else { return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java index 1074e11..86af83f 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java @@ -48,6 +48,9 @@ public interface PBE static final int PKCS5S2 = 1; static final int PKCS12 = 2; static final int OPENSSL = 3; + // BEGIN android-added + static final int PBKDF2 = 4; + // END android-added /** * uses the appropriate mixer to generate the key and IV if necessary. @@ -83,7 +86,9 @@ public interface PBE throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); } } - else if (type == PKCS5S2) + // BEGIN android-changed + else if ((type == PKCS5S2) || (type == PBKDF2)) + // END android-changed { generator = new PKCS5S2ParametersGenerator(); } @@ -250,6 +255,12 @@ public interface PBE { key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBKDF2) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + // END android-changed else { key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); @@ -293,8 +304,14 @@ public interface PBE { key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); } + // BEGIN android-changed + else if (type == PBKDF2) + { + key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); + } + // END android-changed else - { + { key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index cc6510a..9942975 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -476,6 +476,7 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); // BEGIN android-added + put("SecretKeyFactory.BrokenPBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$BrokenPBKDF2WithHmacSHA1"); put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1"); // END android-added diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java index faf0ead..ddb3ef1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java @@ -558,12 +558,17 @@ public class JCESecretKeyFactory } } // BEGIN android-added - static public class PBKDF2WithHmacSHA1 + static public class PBKDF2WithHmacSHA1Base extends JCESecretKeyFactory { - public PBKDF2WithHmacSHA1() + int mScheme; + + protected PBKDF2WithHmacSHA1Base( + String algName, + int scheme) { - super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2); + super(algName, PKCSObjectIdentifiers.id_PBKDF2); + this.mScheme = scheme; } protected SecretKey engineGenerateSecret( @@ -596,17 +601,35 @@ public class JCESecretKeyFactory throw new IllegalArgumentException("password empty"); } - int scheme = PKCS5S2; int digest = SHA1; int keySize = pbeSpec.getKeyLength(); int ivSize = -1; - CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); + + CipherParameters param = Util.makePBEMacParameters(pbeSpec, mScheme, digest, keySize); + + return new BCPBEKey(this.algName, this.algOid, mScheme, digest, keySize, ivSize, pbeSpec, param); } - + throw new InvalidKeySpecException("Invalid KeySpec"); } } + + static public class PBKDF2WithHmacSHA1 + extends PBKDF2WithHmacSHA1Base + { + public PBKDF2WithHmacSHA1() + { + super("PBKDF2WithHmacSHA1", PBKDF2); + } + } + + static public class BrokenPBKDF2WithHmacSHA1 + extends PBKDF2WithHmacSHA1Base + { + public BrokenPBKDF2WithHmacSHA1() + { + super("BrokenPBKDF2WithHmacSHA1", PKCS5S2); + } + } // END android-added } |