Extract JceAEADUtil.processAeadKeyData

Author: gefeili

pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcaAEADSecretKeyEncryptorBuilder.java

@@ -4,24 +4,16 @@
 import java.security.SecureRandom;
 
 import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.bcpg.AEADUtils;
 import org.bouncycastle.bcpg.PacketTags;
 import org.bouncycastle.bcpg.PublicKeyPacket;
 import org.bouncycastle.bcpg.S2K;
-import org.bouncycastle.bcpg.SymmetricKeyUtils;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
-import org.bouncycastle.crypto.params.HKDFParameters;
 import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
 import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
 import org.bouncycastle.openpgp.PGPException;
-import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
-import org.bouncycastle.util.Arrays;
 
 public class JcaAEADSecretKeyEncryptorBuilder
 {
@@ -70,33 +62,21 @@ public PBESecretKeyEncryptor build(char[] passphrase, final PublicKeyPacket pubK
             public byte[] encryptKeyData(byte[] key, byte[] keyData, int keyOff, int keyLen)
                 throws PGPException
             {
-                int packetTag = pubKey.getPacketTag() == PacketTags.PUBLIC_KEY ? PacketTags.SECRET_KEY : PacketTags.SECRET_SUBKEY;
-                byte[] hkdfInfo = new byte[] {
-                    (byte) (0xC0 | packetTag),
-                    (byte) pubKey.getVersion(),
-                    (byte) symmetricAlgorithm,
-                    (byte) aeadAlgorithm
-                };
-
-                HKDFParameters hkdfParameters = new HKDFParameters(
-                    getKey(),
-                    null,
-                    hkdfInfo);
-
-                HKDFBytesGenerator hkdfGen = new HKDFBytesGenerator(new SHA256Digest());
-                hkdfGen.init(hkdfParameters);
-                key = new byte[SymmetricKeyUtils.getKeyLengthInOctets(encAlgorithm)];
-                hkdfGen.generateBytes(key, 0, key.length);
-
                 try
                 {
-                    byte[] aad = Arrays.prepend(pubKey.getEncodedContents(), (byte) (0xC0 | packetTag));
-                    SecretKey secretKey = new SecretKeySpec(key, PGPUtil.getSymmetricCipherName(encAlgorithm));
-                    final Cipher c = aeadUtil.createAEADCipher(encAlgorithm, aeadAlgorithm);
-
-                    JceAEADCipherUtil.setUpAeadCipher(c, secretKey, Cipher.ENCRYPT_MODE, iv, 128, aad);
-                    byte[] data = c.doFinal(keyData, keyOff, keyLen);
-                    return data;
+                    return JceAEADUtil.processAeadKeyData(
+                        aeadUtil,
+                        Cipher.ENCRYPT_MODE,
+                        encAlgorithm,
+                        aeadAlgorithm,
+                        getKey(),
+                        iv,
+                        pubKey.getPacketTag() == PacketTags.PUBLIC_KEY ? PacketTags.SECRET_KEY : PacketTags.SECRET_SUBKEY,
+                        pubKey.getVersion(),
+                        keyData,
+                        keyOff,
+                        keyLen,
+                        pubKey.getEncodedContents());
                 }
                 catch (Exception e)
                 {

pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JceAEADUtil.java

@@ -4,8 +4,12 @@
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
 
+import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -276,6 +280,30 @@ Cipher createAEADCipher(int encAlgorithm, int aeadAlgorithm)
         return helper.createCipher(cName);
     }
 
+    static byte[] processAeadKeyData(JceAEADUtil aeadUtil, int mode, int encAlgorithm, int aeadAlgorithm, byte[] s2kKey, byte[] iv, int packetTag, int keyVersion, byte[] keyData, int keyOff, int keyLen, byte[] pubkeyData)
+        throws PGPException
+    {
+        // TODO: Replace HDKF code with JCE based implementation
+        byte[] key = generateHKDFBytes(s2kKey, null,
+            new byte[]{(byte)(0xC0 | packetTag), (byte)keyVersion, (byte)encAlgorithm, (byte)aeadAlgorithm},
+            SymmetricKeyUtils.getKeyLengthInOctets(encAlgorithm));
+
+        try
+        {
+            byte[] aad = Arrays.prepend(pubkeyData, (byte)(0xC0 | packetTag));
+            SecretKey secretKey = new SecretKeySpec(key, PGPUtil.getSymmetricCipherName(encAlgorithm));
+            final Cipher c = aeadUtil.createAEADCipher(encAlgorithm, aeadAlgorithm);
+
+            JceAEADCipherUtil.setUpAeadCipher(c, secretKey, mode, iv, 128, aad);
+            return c.doFinal(keyData, keyOff, keyLen);
+        }
+        catch (InvalidAlgorithmParameterException | InvalidKeyException |
+               IllegalBlockSizeException | BadPaddingException e)
+        {
+            throw new PGPException("Exception recovering AEAD protected private key material", e);
+        }
+    }
+
     static class PGPAeadInputStream
         extends InputStream
     {

pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcePBEProtectionRemoverFactory.java

@@ -1,21 +1,14 @@
 package org.bouncycastle.openpgp.operator.jcajce;
 
-import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Provider;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
 
-import org.bouncycastle.bcpg.SymmetricKeyUtils;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
-import org.bouncycastle.crypto.params.HKDFParameters;
 import org.bouncycastle.jcajce.spec.AEADParameterSpec;
 import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
@@ -26,7 +19,6 @@
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
 import org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider;
 import org.bouncycastle.openpgp.operator.PGPSecretKeyDecryptorWithAAD;
-import org.bouncycastle.util.Arrays;
 
 public class JcePBEProtectionRemoverFactory
     implements PBEProtectionRemoverFactory
@@ -121,30 +113,7 @@ public byte[] recoverKeyData(int encAlgorithm, byte[] key, byte[] iv, byte[] aad
                 public byte[] recoverKeyData(int encAlgorithm, int aeadAlgorithm, byte[] s2kKey, byte[] iv, int packetTag, int keyVersion, byte[] keyData, byte[] pubkeyData) 
                     throws PGPException
                 {
-                    byte[] hkdfInfo = new byte[] {
-                        (byte) (0xC0 | packetTag), (byte) keyVersion, (byte) encAlgorithm, (byte) aeadAlgorithm
-                    };
-                    // TODO: Replace HDKF code with JCE based implementation
-                    HKDFParameters hkdfParameters = new HKDFParameters(s2kKey, null, hkdfInfo);
-                    HKDFBytesGenerator hkdfGen = new HKDFBytesGenerator(new SHA256Digest());
-                    hkdfGen.init(hkdfParameters);
-                    byte[] key = new byte[SymmetricKeyUtils.getKeyLengthInOctets(encAlgorithm)];
-                    hkdfGen.generateBytes(key, 0, key.length);
-
-                    byte[] aad = Arrays.prepend(pubkeyData, (byte) (0xC0 | packetTag));
-
-                    SecretKey secretKey = new SecretKeySpec(key, PGPUtil.getSymmetricCipherName(encAlgorithm));
-                    final Cipher c = aeadUtil.createAEADCipher(encAlgorithm, aeadAlgorithm);
-                    try
-                    {
-                        JceAEADCipherUtil.setUpAeadCipher(c, secretKey, Cipher.DECRYPT_MODE, iv, 128, aad);
-                        byte[] data = c.doFinal(keyData);
-                        return data;
-                    }
-                    catch (GeneralSecurityException e)
-                    {
-                        throw new PGPException("Cannot extract AEAD protected secret key material", e);
-                    }
+                    return JceAEADUtil.processAeadKeyData(aeadUtil, Cipher.DECRYPT_MODE, encAlgorithm, aeadAlgorithm, s2kKey, iv, packetTag, keyVersion, keyData, 0, keyData.length, pubkeyData);
                 }
             };
         }
@@ -184,30 +153,7 @@ public byte[] recoverKeyData(int encAlgorithm, byte[] key, byte[] iv, byte[] key
                 public byte[] recoverKeyData(int encAlgorithm, int aeadAlgorithm, byte[] s2kKey, byte[] iv, int packetTag, int keyVersion, byte[] keyData, byte[] pubkeyData) 
                     throws PGPException
                 {
-                    byte[] hkdfInfo = new byte[] {
-                        (byte) (0xC0 | packetTag), (byte) keyVersion, (byte) encAlgorithm, (byte) aeadAlgorithm
-                    };
-                    // TODO: Replace HDKF code with JCE based implementation
-                    HKDFParameters hkdfParameters = new HKDFParameters(s2kKey, null, hkdfInfo);
-                    HKDFBytesGenerator hkdfGen = new HKDFBytesGenerator(new SHA256Digest());
-                    hkdfGen.init(hkdfParameters);
-                    byte[] key = new byte[SymmetricKeyUtils.getKeyLengthInOctets(encAlgorithm)];
-                    hkdfGen.generateBytes(key, 0, key.length);
-
-                    byte[] aad = Arrays.prepend(pubkeyData, (byte) (0xC0 | packetTag));
-
-                    SecretKey secretKey = new SecretKeySpec(key, PGPUtil.getSymmetricCipherName(encAlgorithm));
-                    final Cipher c = aeadUtil.createAEADCipher(encAlgorithm, aeadAlgorithm);
-                    try
-                    {
-                        JceAEADCipherUtil.setUpAeadCipher(c, secretKey, Cipher.DECRYPT_MODE, iv, 128, aad);
-                        byte[] data = c.doFinal(keyData);
-                        return data;
-                    }
-                    catch (GeneralSecurityException e)
-                    {
-                        throw new PGPException("Cannot extract AEAD protected secret key material", e);
-                    }
+                    return JceAEADUtil.processAeadKeyData(aeadUtil, Cipher.DECRYPT_MODE, encAlgorithm, aeadAlgorithm, s2kKey, iv, packetTag, keyVersion, keyData, 0, keyData.length, pubkeyData);
                 }
             };
 

pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcePBESecretKeyDecryptorBuilder.java

@@ -1,29 +1,21 @@
 package org.bouncycastle.openpgp.operator.jcajce;
 
-import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Provider;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
 
-import org.bouncycastle.bcpg.SymmetricKeyUtils;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
-import org.bouncycastle.crypto.params.HKDFParameters;
 import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
 import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
 import org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider;
-import org.bouncycastle.util.Arrays;
 
 public class JcePBESecretKeyDecryptorBuilder
 {
@@ -112,30 +104,7 @@ public byte[] recoverKeyData(int encAlgorithm, byte[] key, byte[] iv, byte[] key
             public byte[] recoverKeyData(int encAlgorithm, int aeadAlgorithm, byte[] s2kKey, byte[] iv, int packetTag, int keyVersion, byte[] keyData, byte[] pubkeyData)
                 throws PGPException
             {
-                byte[] hkdfInfo = new byte[] {
-                    (byte) (0xC0 | packetTag), (byte) keyVersion, (byte) encAlgorithm, (byte) aeadAlgorithm
-                };
-                // TODO: Replace HDKF code with JCE based implementation
-                HKDFParameters hkdfParameters = new HKDFParameters(s2kKey, null, hkdfInfo);
-                HKDFBytesGenerator hkdfGen = new HKDFBytesGenerator(new SHA256Digest());
-                hkdfGen.init(hkdfParameters);
-                byte[] key = new byte[SymmetricKeyUtils.getKeyLengthInOctets(encAlgorithm)];
-                hkdfGen.generateBytes(key, 0, key.length);
-
-                byte[] aad = Arrays.prepend(pubkeyData, (byte) (0xC0 | packetTag));
-
-                SecretKey secretKey = new SecretKeySpec(key, PGPUtil.getSymmetricCipherName(encAlgorithm));
-                final Cipher c = aeadUtil.createAEADCipher(encAlgorithm, aeadAlgorithm);
-                try
-                {
-                    JceAEADCipherUtil.setUpAeadCipher(c, secretKey, Cipher.DECRYPT_MODE, iv, 128, aad);
-                    byte[] data = c.doFinal(keyData);
-                    return data;
-                }
-                catch (GeneralSecurityException e)
-                {
-                    throw new PGPException("Cannot extract AEAD protected secret key material", e);
-                }
+                return JceAEADUtil.processAeadKeyData(aeadUtil, Cipher.DECRYPT_MODE, encAlgorithm, aeadAlgorithm, s2kKey, iv, packetTag, keyVersion, keyData, 0, keyData.length, pubkeyData);
             }
         };
     }