DecryptOpenSSLPassPBKDF2.java

/*
 * GovWay - A customizable API Gateway 
 * https://govway.org
 * 
 * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3, as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */


package org.openspcoop2.utils.security;

import org.openspcoop2.utils.UtilsException;
import org.openspcoop2.utils.io.Base64Utilities;
import org.openspcoop2.utils.io.HexBinaryUtilities;

/** 
 * Encrypt
 *
 * @author Poli Andrea (apoli@link.it)
 * @author $Author$
 * @version $Rev$, $Date$
 */
public class DecryptOpenSSLPassPBKDF2 extends AbstractCipher {

    /**
      * 
      * Openssl encrypts data using the following steps:
      * 1. bytes = cipherText
      * 2. salt = bytes[8,16)
      * 3. key = PBKDF2(password+salt)
      * 4. iv = derivated with PBKDF2
      * 5. plainText = decrypt("aes256cbc", key, iv, bytes[16..end])
    */

    public static CipherInfo buildCipherInfo(byte[] cipherBytes, String password, Integer iterationCount, OpenSSLEncryptionMode mode) throws UtilsException {
        
        CipherInfo cipherInfo = new CipherInfo();
        
        cipherInfo.setSalt(DecryptOpenSSLPass.buildSalt(cipherBytes));
        
        EncryptOpenSSLPassPBKDF2.buildSecretKeyAndIV(password, cipherInfo.getSalt(), iterationCount, mode, cipherInfo);
        
        return cipherInfo;
    }
    
    private OpenSSLEncryptionMode mode;
    private String password;
    private Integer iterationCount;
    
    public DecryptOpenSSLPassPBKDF2(String password) {
        this(password, null, null);
    }
    public DecryptOpenSSLPassPBKDF2(String password, Integer iterationCount) {
        this(password, iterationCount, null);
    }
    public DecryptOpenSSLPassPBKDF2(String password, OpenSSLEncryptionMode modeParam) {
        this(password, null, modeParam);
    }
    public DecryptOpenSSLPassPBKDF2(String password, Integer iterationCount, OpenSSLEncryptionMode modeParam) {
        super(javax.crypto.Cipher.DECRYPT_MODE);
        this.mode = modeParam!=null ? modeParam : OpenSSLEncryptionMode.AES_256_CBC;
        this.password = password;
        this.iterationCount = iterationCount;
    }


    public byte[] decrypt(byte[] data) throws UtilsException{
        CipherInfo cipherInfo = buildCipherInfo(data, this.password, this.iterationCount, this.mode);
        this.key = cipherInfo.getKey();
        this.ivParameterSpec = cipherInfo.getIvParameterSpec();
        byte[] cipherBytes = DecryptOpenSSLPass.extractCipherBytes(data);
        return super.process(cipherBytes, EncryptOpenSSLPass.getAlgorithm(this.mode));
    }
    
    public byte[] decryptBase64(byte[] data) throws UtilsException{
        return this.decrypt(Base64Utilities.decode(data));
    }
    
    public byte[] decryptBase64(String data) throws UtilsException{
        return this.decrypt(Base64Utilities.decode(data));
    }
    
    public byte[] decryptHexBinary(char[] data) throws UtilsException{
        return this.decrypt(HexBinaryUtilities.decode(data));
    }
    
    public byte[] decryptHexBinary(String data) throws UtilsException{
        return this.decrypt(HexBinaryUtilities.decode(data));
    }
    
    
    @Override
    public void initIV(String algorithm) throws UtilsException{
        // NOP
        // Non deve fare nulla questa chiamata, viene gestita dalla funzione sopra l'IV
    }
}