1 files changed, 222 insertions, 0 deletions

diff --git a/libraries/spongycastle/jce/src/main/java/javax/crypto/spec/PBEKeySpec.java b/libraries/spongycastle/jce/src/main/java/javax/crypto/spec/PBEKeySpec.java
new file mode 100644
index 000000000..3727031bc
--- /dev/null
+++ b/libraries/spongycastle/jce/src/main/java/javax/crypto/spec/PBEKeySpec.java
@@ -0,0 +1,222 @@
+package javax.crypto.spec;
+
+import java.security.spec.KeySpec;
+
+import javax.crypto.SecretKeyFactory;
+
+/**
+ * A user-chosen password that can be used with password-based encryption (PBE).
+ * <p>
+ * The password can be viewed as some kind of raw key material, from which the
+ * encryption mechanism that uses it derives a cryptographic key.
+ * <p>
+ * Different PBE mechanisms may consume different bits of each password
+ * character. For example, the PBE mechanism defined in PKCS #5 looks at only
+ * the low order 8 bits of each character, whereas PKCS #12 looks at all 16 bits
+ * of each character.
+ * <p>
+ * You convert the password characters to a PBE key by creating an instance of
+ * the appropriate secret-key factory. For example, a secret-key factory for
+ * PKCS #5 will construct a PBE key from only the low order 8 bits of each
+ * password character, whereas a secret-key factory for PKCS #12 will take all
+ * 16 bits of each character.
+ * <p>
+ * Also note that this class stores passwords as char arrays instead of String
+ * objects (which would seem more logical), because the String class is
+ * immutable and there is no way to overwrite its internal value when the
+ * password stored in it is no longer needed. Hence, this class requests the
+ * password as a char array, so it can be overwritten when done.
+ * 
+ * @see SecretKeyFactory
+ * @see PBEParameterSpec
+ */
+public class PBEKeySpec
+    implements KeySpec
+{
+
+    private char[] password;
+
+    private byte[] salt;
+
+    private int iterationCount;
+
+    private int keyLength;
+
+    private boolean isPasswordCleared;
+
+    /**
+     * Constructor that takes a password. An empty char[] is used if null is
+     * specified.
+     * <p>
+     * Note: password is cloned before it is stored in the new PBEKeySpec
+     * object.
+     * 
+     * @param password -
+     *            the password.
+     */
+    public PBEKeySpec(char[] password)
+    {
+        if (password == null)
+        {
+            this.password = new char[0];
+        }
+        else
+        {
+            this.password = new char[password.length];
+
+            System.arraycopy(password, 0, this.password, 0, password.length);
+        }
+    }
+
+    /**
+     * Returns a copy of the password.
+     * <p>
+     * Note: this method returns a copy of the password. It is the caller's
+     * responsibility to zero out the password information after it is no longer
+     * needed.
+     * 
+     * @return the password
+     * @throws IllegalStateException -
+     *             if password has been cleared by calling clearPassword method.
+     */
+    public final char[] getPassword()
+    {
+        if (isPasswordCleared)
+        {
+            throw new IllegalStateException("Password has been cleared");
+        }
+        return password;
+    }
+
+    /**
+     * Constructor that takes a password, salt, iteration count, and
+     * to-be-derived key length for generating PBEKey of variable-key-size PBE
+     * ciphers. An empty char[] is used if null is specified for password.
+     * <p>
+     * Note: the password and salt are cloned before they are stored in the new
+     * PBEKeySpec object.
+     * 
+     * 
+     * @param password
+     *            password - the password.
+     * @param salt
+     *            salt - the salt.
+     * @param iterationCount
+     *            iterationCount - the iteration count.
+     * @param keyLength
+     *            keyLength - the to-be-derived key length.
+     * @throws NullPointerException -
+     *             if salt is null.
+     * @throws IllegalArgumentException -
+     *             if salt is empty, i.e. 0-length, iterationCount or keyLength
+     *             is not positive.
+     */
+    public PBEKeySpec(char[] password, byte[] salt, int iterationCount, int keyLength)
+    {
+        this(password);
+        if (salt == null)
+        {
+            throw new NullPointerException("salt is null");
+        }
+        if (salt.length == 0)
+        {
+            throw new IllegalArgumentException("salt is empty");
+        }
+        if (iterationCount < 0)
+        {
+            throw new IllegalArgumentException("iterationCount is not positive");
+        }
+        if (keyLength < 0)
+        {
+            throw new IllegalArgumentException("keyLength is not positive");
+        }
+        this.keyLength = keyLength;
+        this.iterationCount = iterationCount;
+        this.salt = (byte[]) salt.clone();
+    }
+
+    /**
+     * Constructor that takes a password, salt, iteration count for generating
+     * PBEKey of fixed-key-size PBE ciphers. An empty char[] is used if null is
+     * specified for password.
+     * <p>
+     * Note: the password and salt are cloned before they are stored in the new
+     * PBEKeySpec object.
+     * 
+     * @param password -
+     *            the password.
+     * @param salt -
+     *            the salt.
+     * @param iterationCount -
+     *            the iteration count.
+     * @throws NullPointerException -
+     *             if salt is null.
+     * @throws IllegalArgumentException -
+     *             if salt is empty, i.e. 0-length, or iterationCount is not
+     *             positive.
+     */
+    public PBEKeySpec(char[] password, byte[] salt, int iterationCount)
+    {
+        this(password, salt, iterationCount, 0);
+    }
+
+    /**
+     * Clears the internal copy of the password.
+     */
+    public final void clearPassword()
+    {
+        for (int i = 0; i < password.length; i++)
+        {
+            password[i] = 0;
+        }
+        password = null;
+        isPasswordCleared = true;
+    }
+
+    /**
+     * Returns a copy of the salt or null if not specified.
+     * 
+     * Note: this method should return a copy of the salt. It is the caller's
+     * responsibility to zero out the salt information after it is no longer
+     * needed.
+     * 
+     * @return the salt.
+     */
+    public final byte[] getSalt()
+    {
+        if (salt != null)
+        {
+            byte[] tmp = new byte[salt.length];
+
+            System.arraycopy(salt, 0, tmp, 0, salt.length);
+
+            return tmp;
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns the iteration count or 0 if not specified.
+     * 
+     * @return the iteration count.
+     */
+    public final int getIterationCount()
+    {
+        return iterationCount;
+    }
+
+    /**
+     * Returns the to-be-derived key length or 0 if not specified.
+     * <p>
+     * Note: this is used to indicate the preference on key length for
+     * variable-key-size ciphers. The actual key size depends on each provider's
+     * implementation.
+     * 
+     * @return the to-be-derived key length.
+     */
+    public final int getKeyLength()
+    {
+        return keyLength;
+    }
+}