mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-25 04:17:59 +01:00
Kotlin conversion: KeyRingProtectionSettings
This commit is contained in:
parent
55f5bb2645
commit
17abaad186
2 changed files with 56 additions and 99 deletions
|
@ -1,99 +0,0 @@
|
|||
// SPDX-FileCopyrightText: 2018 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.key.protection;
|
||||
|
||||
import javax.annotation.Nonnull;
|
||||
|
||||
import org.pgpainless.algorithm.HashAlgorithm;
|
||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||
|
||||
/**
|
||||
* Secret key protection settings for iterated and salted S2K.
|
||||
*/
|
||||
public class KeyRingProtectionSettings {
|
||||
|
||||
private final SymmetricKeyAlgorithm encryptionAlgorithm;
|
||||
private final HashAlgorithm hashAlgorithm;
|
||||
private final int s2kCount;
|
||||
|
||||
/**
|
||||
* Create a {@link KeyRingProtectionSettings} object using the given encryption algorithm, SHA1 and
|
||||
* 65536 iterations.
|
||||
*
|
||||
* @param encryptionAlgorithm encryption algorithm
|
||||
*/
|
||||
public KeyRingProtectionSettings(@Nonnull SymmetricKeyAlgorithm encryptionAlgorithm) {
|
||||
this(encryptionAlgorithm, HashAlgorithm.SHA1, 0x60); // Same s2kCount (encoded) as used in BC.
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor for custom salted and iterated S2K protection settings.
|
||||
* The salt gets randomly chosen by the library each time.
|
||||
*
|
||||
* Note, that the s2kCount is the already encoded single-octet number.
|
||||
*
|
||||
* @see <a href="https://www.rfc-editor.org/rfc/rfc4880#section-3.7.1.3">Encoding Formula</a>
|
||||
*
|
||||
* @param encryptionAlgorithm encryption algorithm
|
||||
* @param hashAlgorithm hash algorithm
|
||||
* @param s2kCount encoded s2k iteration count
|
||||
*/
|
||||
public KeyRingProtectionSettings(@Nonnull SymmetricKeyAlgorithm encryptionAlgorithm, @Nonnull HashAlgorithm hashAlgorithm, int s2kCount) {
|
||||
this.encryptionAlgorithm = validateEncryptionAlgorithm(encryptionAlgorithm);
|
||||
this.hashAlgorithm = hashAlgorithm;
|
||||
if (s2kCount < 1) {
|
||||
throw new IllegalArgumentException("s2kCount cannot be less than 1.");
|
||||
}
|
||||
this.s2kCount = s2kCount;
|
||||
}
|
||||
|
||||
private static SymmetricKeyAlgorithm validateEncryptionAlgorithm(SymmetricKeyAlgorithm encryptionAlgorithm) {
|
||||
switch (encryptionAlgorithm) {
|
||||
case NULL:
|
||||
throw new IllegalArgumentException("Unencrypted is not allowed here!");
|
||||
default:
|
||||
return encryptionAlgorithm;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Secure default settings using {@link SymmetricKeyAlgorithm#AES_256}, {@link HashAlgorithm#SHA256}
|
||||
* and an iteration count of 65536.
|
||||
*
|
||||
* @return secure protection settings
|
||||
*/
|
||||
public static KeyRingProtectionSettings secureDefaultSettings() {
|
||||
return new KeyRingProtectionSettings(SymmetricKeyAlgorithm.AES_256, HashAlgorithm.SHA256, 0x60);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the encryption algorithm.
|
||||
*
|
||||
* @return encryption algorithm
|
||||
*/
|
||||
public @Nonnull SymmetricKeyAlgorithm getEncryptionAlgorithm() {
|
||||
return encryptionAlgorithm;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the hash algorithm.
|
||||
*
|
||||
* @return hash algorithm
|
||||
*/
|
||||
public @Nonnull HashAlgorithm getHashAlgorithm() {
|
||||
return hashAlgorithm;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the (encoded!) s2k iteration count.
|
||||
*
|
||||
* @see <a href="https://www.rfc-editor.org/rfc/rfc4880#section-3.7.1.3">Encoding Formula</a>
|
||||
*
|
||||
* @return encoded s2k count
|
||||
*/
|
||||
public int getS2kCount() {
|
||||
return s2kCount;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.key.protection
|
||||
|
||||
import org.pgpainless.algorithm.HashAlgorithm
|
||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm
|
||||
|
||||
/**
|
||||
* Secret key protection settings for iterated and salted S2K.
|
||||
* The salt gets randomly chosen by the library each time.
|
||||
* Note, that the s2kCount is the already encoded single-octet number.
|
||||
*
|
||||
* @see <a href="https://www.rfc-editor.org/rfc/rfc4880#section-3.7.1.3">Encoding Formula</a>
|
||||
*
|
||||
* @param encryptionAlgorithm encryption algorithm
|
||||
* @param hashAlgorithm hash algorithm
|
||||
* @param s2kCount encoded (!) s2k iteration count
|
||||
*/
|
||||
data class KeyRingProtectionSettings(
|
||||
val encryptionAlgorithm: SymmetricKeyAlgorithm,
|
||||
val hashAlgorithm: HashAlgorithm,
|
||||
val s2kCount: Int
|
||||
) {
|
||||
|
||||
/**
|
||||
* Create a [KeyRingProtectionSettings] object using the given encryption algorithm, [HashAlgorithm.SHA1] and
|
||||
* 65536 iterations.
|
||||
* It is okay to use SHA1 here, since we don't care about collisions.
|
||||
*
|
||||
* @param encryptionAlgorithm encryption algorithm
|
||||
*/
|
||||
constructor(encryptionAlgorithm: SymmetricKeyAlgorithm): this(encryptionAlgorithm, HashAlgorithm.SHA1, 0x60)
|
||||
|
||||
init {
|
||||
require(encryptionAlgorithm != SymmetricKeyAlgorithm.NULL) {
|
||||
"Unencrypted is not allowed here!"
|
||||
}
|
||||
require(s2kCount > 0) {
|
||||
"s2kCount cannot be less than 1."
|
||||
}
|
||||
}
|
||||
|
||||
companion object {
|
||||
|
||||
/**
|
||||
* Secure default settings using [SymmetricKeyAlgorithm.AES_256], [HashAlgorithm.SHA256]
|
||||
* and an iteration count of 65536.
|
||||
*
|
||||
* @return secure protection settings
|
||||
*/
|
||||
@JvmStatic
|
||||
fun secureDefaultSettings() = KeyRingProtectionSettings(SymmetricKeyAlgorithm.AES_256, HashAlgorithm.SHA256, 0x60)
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue