hello there, as suggested by Stephen, the attached patch, already committed, modifies the setup() method of the PBEKDF2 generator to check first for a raw byte array, to use as the underlying MAC's key material, in preference to a password (characters). furthermore, the patch also allows the user, when passing a password, to specify a charset encoding to use when converting the password chars into bytes --UTF-8 remains the fallback charset encoding.
2006-04-19 Raif S. Naffah <[EMAIL PROTECTED]>
Suggested by Stephen White <[EMAIL PROTECTED]>
* gnu/javax/crypto/prng/IPBE.java: Updated documentation.
(ITERATION_COUNT): Removed modifiers.
(PASSWORD): Likewise.
(SALT): Likewise.
(PASSWORD_ENCODING): New property.
(DEFAULT_PASSWORD_ENCODING): New constant.
* gnu/javax/crypto/prng/PBKDF2.java (setup): Check for MAC's raw key
material (bytes) before a password (chars).
cheers;
rsn
Index: IPBE.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/prng/IPBE.java,v
retrieving revision 1.2
diff -u -r1.2 IPBE.java
--- IPBE.java 13 Apr 2006 21:07:03 -0000 1.2
+++ IPBE.java 19 Apr 2006 11:49:06 -0000
@@ -39,29 +39,43 @@
package gnu.javax.crypto.prng;
/**
- * <p>Trivial interface to group Password-based encryption property names.</p>
+ * Trivial interface to group Password-based encryption property names and
+ * constants.
*/
public interface IPBE
{
-
- // Constants
- // -------------------------------------------------------------------------
-
/**
* Property name for the iteration count in a PBE algorithm. The property
* associated with this is expected to be an [EMAIL PROTECTED] Integer}.
*/
- public static final String ITERATION_COUNT =
"gnu.crypto.pbe.iteration.count";
+ String ITERATION_COUNT = "gnu.crypto.pbe.iteration.count";
/**
* Property name for the password in a PBE algorithm. The property associated
* with this is expected to be a char array.
*/
- public static final String PASSWORD = "gnu.crypto.pbe.password";
+ String PASSWORD = "gnu.crypto.pbe.password";
+
+ /**
+ * Property name for the password character encoding in a PBE algorithm. The
+ * property associated with this is expected to be a String denoting a valid
+ * character-encoding name. If this property is not set, and a password is
+ * used, then [EMAIL PROTECTED] #DEFAULT_PASSWORD_ENCODING} will be used
when converting
+ * the password character(s) to bytes.
+ */
+ String PASSWORD_ENCODING = "gnu.crypto.pbe.password.encoding";
/**
* Property name for the salt in a PBE algorithm. The property associated
* with this is expected to be a byte array.
*/
- public static final String SALT = "gnu.crypto.pbe.salt";
+ String SALT = "gnu.crypto.pbe.salt";
+
+ /**
+ * The default character set encoding name to be used if (a) a password is
+ * to be used as the source for a PBE-based Key Derivation Function (KDF) and
+ * (b) no character set encoding name was specified among the attributes used
+ * to initialize the instance.
+ */
+ String DEFAULT_PASSWORD_ENCODING = "UTF-8";
}
Index: PBKDF2.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/prng/PBKDF2.java,v
retrieving revision 1.2
diff -u -r1.2 PBKDF2.java
--- PBKDF2.java 13 Apr 2006 21:07:03 -0000 1.2
+++ PBKDF2.java 19 Apr 2006 11:53:15 -0000
@@ -127,23 +127,34 @@
salt = s;
}
+ byte[] macKeyMaterial;
char[] password = (char[]) attributes.get(IPBE.PASSWORD);
if (password != null)
{
+ String encoding = (String) attributes.get(IPBE.PASSWORD_ENCODING);
+ if (encoding == null || encoding.trim().length() == 0)
+ encoding = IPBE.DEFAULT_PASSWORD_ENCODING;
+ else
+ encoding = encoding.trim();
+
try
{
- macAttrib.put(IMac.MAC_KEY_MATERIAL,
- new String(password).getBytes("UTF-8"));
+ macKeyMaterial = new String(password).getBytes(encoding);
}
catch (UnsupportedEncodingException uee)
{
- throw new Error(uee.getMessage());
+ throw new IllegalArgumentException("Unknown or unsupported
encoding: "
+ + encoding, uee);
}
}
+ else
+ macKeyMaterial = (byte[]) attributes.get(IMac.MAC_KEY_MATERIAL);
+
+ if (macKeyMaterial != null)
+ macAttrib.put(IMac.MAC_KEY_MATERIAL, macKeyMaterial);
else if (!initialised)
- {
- throw new IllegalArgumentException("no password specified");
- } // otherwise re-use previous password.
+ throw new IllegalArgumentException("Neither password nor key-material
were specified");
+ // otherwise re-use previous password/key-material
try
{
pgpgXuTYYmyM9.pgp
Description: PGP signature
