jdk-sandbox: comparison src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java

equal deleted inserted replaced

-:2dd2d73c52f6
+:69dc9ea17b33
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import sun.security.util.HexDumpEncoder;
 import sun.security.util.*;
 /**
 * This class implements the parameter set used with password-based
 * encryption scheme 2 (PBES2), which is defined in PKCS#5 as follows:
 throws IOException
 {
 String kdfAlgo = null;
 String cipherAlgo = null;
-DerValue pBES2Algorithms = new DerValue(encoded);
+DerValue pBES2_params = new DerValue(encoded);
-if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
-throw new IOException("PBE parameter parsing error: "
-+ "not an ASN.1 SEQUENCE tag");
-}
-if (!pkcs5PBES2_OID.equals(pBES2Algorithms.data.getOID())) {
-throw new IOException("PBE parameter parsing error: "
-+ "expecting the object identifier for PBES2");
-}
-if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
-throw new IOException("PBE parameter parsing error: "
-+ "not an ASN.1 SEQUENCE tag");
-}
-DerValue pBES2_params = pBES2Algorithms.data.getDerValue();
 if (pBES2_params.tag != DerValue.tag_Sequence) {
 throw new IOException("PBE parameter parsing error: "
 + "not an ASN.1 SEQUENCE tag");
 }
 kdfAlgo = parseKDF(pBES2_params.data.getDerValue());
 .append(kdfAlgo).append("And").append(cipherAlgo).toString();
 }
 @SuppressWarnings("deprecation")
 private String parseKDF(DerValue keyDerivationFunc) throws IOException {
-String kdfAlgo = null;
 if (!pkcs5PBKDF2_OID.equals(keyDerivationFunc.data.getOID())) {
 throw new IOException("PBE parameter parsing error: "
 + "expecting the object identifier for PBKDF2");
 }
 // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
 throw new IOException("PBE parameter parsing error: "
 + "not an ASN.1 OCTET STRING tag");
 }
 iCount = pBKDF2_params.data.getInteger();
-DerValue keyLength = pBKDF2_params.data.getDerValue();
+// keyLength INTEGER (1..MAX) OPTIONAL,
-if (keyLength.tag == DerValue.tag_Integer) {
+if (pBKDF2_params.data.available() > 0) {
-keysize = keyLength.getInteger() * 8; // keysize (in bits)
+DerValue keyLength = pBKDF2_params.data.getDerValue();
-}
+if (keyLength.tag == DerValue.tag_Integer) {
-if (pBKDF2_params.tag == DerValue.tag_Sequence) {
+keysize = keyLength.getInteger() * 8; // keysize (in bits)
-DerValue prf = pBKDF2_params.data.getDerValue();
-kdfAlgo_OID = prf.data.getOID();
-if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
-kdfAlgo = "HmacSHA1";
-} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
-kdfAlgo = "HmacSHA224";
-} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
-kdfAlgo = "HmacSHA256";
-} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
-kdfAlgo = "HmacSHA384";
-} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
-kdfAlgo = "HmacSHA512";
-} else {
-throw new IOException("PBE parameter parsing error: "
-+ "expecting the object identifier for a HmacSHA key "
-+ "derivation function");
 }
-if (prf.data.available() != 0) {
+}
-// parameter is 'NULL' for all HmacSHA KDFs
+// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
-DerValue parameter = prf.data.getDerValue();
+String kdfAlgo = "HmacSHA1";
-if (parameter.tag != DerValue.tag_Null) {
+if (pBKDF2_params.data.available() > 0) {
+if (pBKDF2_params.tag == DerValue.tag_Sequence) {
+DerValue prf = pBKDF2_params.data.getDerValue();
+kdfAlgo_OID = prf.data.getOID();
+if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
+kdfAlgo = "HmacSHA1";
+} else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
+kdfAlgo = "HmacSHA224";
+} else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
+kdfAlgo = "HmacSHA256";
+} else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
+kdfAlgo = "HmacSHA384";
+} else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
+kdfAlgo = "HmacSHA512";
+} else {
 throw new IOException("PBE parameter parsing error: "
-+ "not an ASN.1 NULL tag");
++ "expecting the object identifier for a HmacSHA key "
++ "derivation function");
+}
+if (prf.data.available() != 0) {
+// parameter is 'NULL' for all HmacSHA KDFs
+DerValue parameter = prf.data.getDerValue();
+if (parameter.tag != DerValue.tag_Null) {
+throw new IOException("PBE parameter parsing error: "
++ "not an ASN.1 NULL tag");
+}
 }
 }
 }
 return kdfAlgo;
 }
 }
 protected byte[] engineGetEncoded() throws IOException {
 DerOutputStream out = new DerOutputStream();
-DerOutputStream pBES2Algorithms = new DerOutputStream();
-pBES2Algorithms.putOID(pkcs5PBES2_OID);
 DerOutputStream pBES2_params = new DerOutputStream();
 DerOutputStream keyDerivationFunc = new DerOutputStream();
 keyDerivationFunc.putOID(pkcs5PBKDF2_OID);
 DerOutputStream pBKDF2_params = new DerOutputStream();
 pBKDF2_params.putOctetString(salt); // choice: 'specified OCTET STRING'
 pBKDF2_params.putInteger(iCount);
-pBKDF2_params.putInteger(keysize / 8); // derived key length (in octets)
+if (keysize > 0) {
+pBKDF2_params.putInteger(keysize / 8); // derived key length (in octets)
+}
 DerOutputStream prf = new DerOutputStream();
 // algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
 prf.putOID(kdfAlgo_OID);
 // parameters is 'NULL'
 } else {
 throw new IOException("Wrong parameter type: IV expected");
 }
 pBES2_params.write(DerValue.tag_Sequence, encryptionScheme);
-pBES2Algorithms.write(DerValue.tag_Sequence, pBES2_params);
+out.write(DerValue.tag_Sequence, pBES2_params);
-out.write(DerValue.tag_Sequence, pBES2Algorithms);
 return out.toByteArray();
 }
 protected byte[] engineGetEncoded(String encodingMethod)

changeset 51142	69dc9ea17b33
parent 47216	71c04702a3d5
child 52826	c0f40bca91a5