EncryptOpenSSLPassPBKDF2.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */


  22. package org.openspcoop2.utils.security;

  24. import java.security.spec.KeySpec;

  26. import javax.crypto.SecretKey;
  27. import javax.crypto.SecretKeyFactory;
  28. import javax.crypto.spec.IvParameterSpec;
  29. import javax.crypto.spec.PBEKeySpec;
  30. import javax.crypto.spec.SecretKeySpec;

  32. import org.openspcoop2.utils.UtilsException;
  33. import org.openspcoop2.utils.certificate.SymmetricKeyUtils;
  34. import org.openspcoop2.utils.io.Base64Utilities;
  35. import org.openspcoop2.utils.io.HexBinaryUtilities;

  37. /** 
  38.  * EncryptOpenSSLPassw
  39.  *
  40.  * @author Poli Andrea (apoli@link.it)
  41.  * @author $Author$
  42.  * @version $Rev$, $Date$
  43.  */
  44. public class EncryptOpenSSLPassPBKDF2 extends AbstractCipher {

  46.      /**
  47.       * 
  48.       * Openssl encrypts data using the following steps:
  49.       * 1. salt = 8-byte cryptographically-strong random number
  50.       * 2. key = PBKDF2(password+salt)
  51.       * 3. iv = derivated with PBKDF2
  52.       * 4. cipherTextRaw = encrypt("aes256cbc", key, iv, textPlain)
  53.       * 5. cipherText = "Salted__"+salt+cipherTextRaw
  54.     */
  55.     public static CipherInfo buildCipherInfo(String password, Integer iterationCount, OpenSSLEncryptionMode mode) throws UtilsException {
  56.         
  57.         CipherInfo cipherInfo = new CipherInfo();
  58.         
  59.         cipherInfo.setSalt(EncryptOpenSSLPass.buildSalt());
  60.         
  61.         buildSecretKeyAndIV(password, cipherInfo.getSalt(), iterationCount, mode, cipherInfo);
  62.         
  63.         return cipherInfo;
  64.     }
  65.     static void buildSecretKeyAndIV(String password, byte[] salt, Integer iterationCountParam, OpenSSLEncryptionMode modeParam, CipherInfo cipherInfo) throws UtilsException {
  66.         try {
  67.             int keylen = -1;
  68.             int ivlen = 16;
  69.             OpenSSLEncryptionMode mode = modeParam!=null ? modeParam : OpenSSLEncryptionMode.AES_256_CBC;
  70.             switch (mode) {
  71.             case AES_128_CBC:
  72.                 keylen = 16; // AES-128 richiede una chiave di 128 bit (16 byte).
  73.                 break;
  74.             case AES_192_CBC:
  75.                 keylen = 24;// AES-192 richiede una chiave di 192 bit (24 byte).
  76.                 break;
  77.             case AES_256_CBC:
  78.                 keylen = 32; // AES-256 richiede una chiave di 256 bit (32 byte). 
  79.                 break;
  80.             } 
  81.             
  82.             SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
  83.             int iterationCount = iterationCountParam == null || iterationCountParam.intValue()<=0 ? 10000 : iterationCountParam.intValue();
  84.             KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, (keylen+ivlen)*8); 
  85.             SecretKey tmp = factory.generateSecret(spec);
  86.             byte[] keyandIV = tmp.getEncoded();
  87.             
  88.             SecretKey secretKey = new SecretKeySpec(keyandIV,0,keylen,SymmetricKeyUtils.ALGO_AES);
  89.             cipherInfo.setKey(secretKey);
  90.             cipherInfo.setEncodedKey(secretKey.getEncoded());
  91.             
  92.             // Derive IV using PBKDF2
  93.             IvParameterSpec iv = convertTo(keyandIV,keylen,ivlen);
  94.             cipherInfo.setIv(iv.getIV());
  95.             cipherInfo.setIvParameterSpec(iv);
  96.             
  97.         }catch(Exception e) {
  98.             throw new UtilsException(e.getMessage(),e);
  99.         }
  100.     }
  101.     static IvParameterSpec convertTo(byte[] keyandIV, int keylen, int ivlen) {
  102.         return new IvParameterSpec(keyandIV,keylen,ivlen);
  103.     }
  104.     

  106.     private CipherInfo cipherInfo;
  107.     private OpenSSLEncryptionMode mode;
  108.     
  109.     public EncryptOpenSSLPassPBKDF2(String password) throws UtilsException {
  110.         this(password, null, null);
  111.     }
  112.     public EncryptOpenSSLPassPBKDF2(String password, Integer iterationCount) throws UtilsException {
  113.         this(password, iterationCount, null);
  114.     }
  115.     public EncryptOpenSSLPassPBKDF2(String password, OpenSSLEncryptionMode modeParam) throws UtilsException {
  116.         this(password, null, modeParam);
  117.     }
  118.     public EncryptOpenSSLPassPBKDF2(String password, Integer iterationCount, OpenSSLEncryptionMode modeParam) throws UtilsException {
  119.         super(javax.crypto.Cipher.ENCRYPT_MODE);
  120.         this.mode = modeParam!=null ? modeParam : OpenSSLEncryptionMode.AES_256_CBC;
  121.         this.cipherInfo = buildCipherInfo(password, iterationCount, this.mode);
  122.         this.key = this.cipherInfo.getKey();
  123.         this.ivParameterSpec = this.cipherInfo.getIvParameterSpec();
  124.     }
  125.     
  126.     
  127.     public byte[] encrypt(String data, String charsetName) throws UtilsException{
  128.         return EncryptOpenSSLPass.formatOutput(this.cipherInfo.getSalt(), super.process(data, charsetName, EncryptOpenSSLPass.getAlgorithm(this.mode)));
  129.     }
  130.     public byte[] encrypt(byte[] data) throws UtilsException{
  131.         return EncryptOpenSSLPass.formatOutput(this.cipherInfo.getSalt(), super.process(data, EncryptOpenSSLPass.getAlgorithm(this.mode)));
  132.     }
  133.     
  134.     public byte[] encryptBase64(String data, String charsetName) throws UtilsException{
  135.         return Base64Utilities.encode(this.encrypt(data, charsetName));
  136.     }
  137.     public byte[] encryptBase64(byte[] data) throws UtilsException{
  138.         return Base64Utilities.encode(this.encrypt(data));
  139.     }
  140.     
  141.     public String encryptBase64AsString(String data, String charsetName) throws UtilsException{
  142.         return Base64Utilities.encodeAsString(this.encrypt(data, charsetName));
  143.     }
  144.     public String encryptBase64AsString(byte[] data) throws UtilsException{
  145.         return Base64Utilities.encodeAsString(this.encrypt(data));
  146.     }
  147.     
  148.     public char[] encryptHexBinary(String data, String charsetName) throws UtilsException{
  149.         return HexBinaryUtilities.encode(this.encrypt(data, charsetName));
  150.     }
  151.     public char[] encryptHexBinary(byte[] data) throws UtilsException{
  152.         return HexBinaryUtilities.encode(this.encrypt(data));
  153.     }
  154.     
  155.     public String encryptHexBinaryAsString(String data, String charsetName) throws UtilsException{
  156.         return HexBinaryUtilities.encodeAsString(this.encrypt(data, charsetName));
  157.     }
  158.     public String encryptHexBinaryAsString(byte[] data) throws UtilsException{
  159.         return HexBinaryUtilities.encodeAsString(this.encrypt(data));
  160.     }
  161.     
  162.     @Override
  163.     public void initIV(String algorithm) throws UtilsException{
  164.         // NOP
  165.         // Non deve fare nulla questa chiamata, viene gestita dalla funzione sopra l'IV
  166.     }
  167. }
Created with JaCoCo 0.8.8.202204050719