PBKDF2 in Java with Bouncy Castle vs .NET Rfc2898DeriveBytes?

Question

I have some C# code that generates a key using PBKDF2.

//byte[] salt = new RNGCryptoServiceProvider().GetBytes(salt);
byte[] salt = new byte[] { 19, 3, 248, 189, 144, 42, 57, 23 }; // for testing

byte[] bcKey = new Rfc2898DeriveBytes("mypassword", salt, 8192).GetBytes(32);

This works fine. I am trying to implement the same in Java with Bouncy Castle. Can't get it to work (the fact that Java lacks unsigned types makes it further annoying).

SecureRandom random = new SecureRandom();
byte[] salt = u2s(new int[] { 19, 3, 248, 189, 144, 42, 57, 23 });
//random.nextBytes(salt);

PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(("BLK" + password).toCharArray()), salt, keyTransformationRounds);
KeyParameter params = (KeyParameter)generator.generateDerivedParameters(keyLengthBits);
byte[] bcKey = params.getKey();
int[] bcKeyU = s2u(bcKey);
System.out.println(new String(Base64.encode(bcKey), "UTF-8"));

// Helper functions because Java has no unsigned types
//
// EDIT: THESE FUNCTIONS ARE INCORRECT.
// See my answer below for the correct versions.
//
static byte[] u2s(int[] unsignedArray) throws IOException
{
    byte[] signedArray = new byte[unsignedArray.length];
    for (int i = 0; i < signedArray.length; i++)
    {
        if (unsignedArray[i] < 0 || unsignedArray[i] > 255)
        {
            throw new IOException("unsignedArray at " + i + " was not within the range 0 to 255.");
        }

        signedArray[i] = (byte)(unsignedArray[i] - 128);
    }

    return signedArray;
}

static int[] s2u(byte[] signedArray)
{
    int[] unsignedArray = new int[signedArray.length];
    for (int i = 0; i < unsignedArray.length; i++)
    {
        unsignedArray[i] = (int)(signedArray[i] + 128);
    }

    return unsignedArray;
}

The resultant bcKey byte arrays differ. What am I doing wrong? Am I going about handling the conversion from unsigned to signed properly or will that not work as I expect?

Jake Petroules · Accepted Answer · 2011-06-18T14:40:09.483

1

I wasn't handling the signed/unsigned conversion correctly. Here are some helper functions that demonstrate conversion between integer arrays (representing unsigned byte arrays) and signed byte arrays.

The check for integers outside the range 0-255 in intsToBytes is not necessary but might be helpful for debugging.

static byte[] intsToBytes(int[] ints)
{
    byte[] bytes = new byte[ints.length];
    for (int i = 0; i < ints.length; i++)
    {
        if (ints[i] < 0 || ints[i] > 255) System.out.println(String.format("WARNING: ints at index %1$d (%2$d) was not a valid byte value (0-255)", i, ints[i]));

        bytes[i] = (byte)ints[i];
    }

    return bytes;
}

static int[] bytesToInts(byte[] bytes)
{
    int[] ints = new int[bytes.length];
    for (int i = 0; i < bytes.length; i++)
    {
        ints[i] = bytes[i] & 0xff;
    }

    return ints;
}

edited Jun 18 '11 at 14:40

answered Jun 15 '11 at 21:36

Jake Petroules

23,472
35
144
225

Don't do all that, just cast it byte. `signedArray[i] = (byte)unsignedArray[i]` – President James K. Polk Jun 16 '11 at 00:17
It won't just truncate out of range numbers? – Jake Petroules Jun 16 '11 at 01:48
Yes, but that is almost always the behavior you want. In effect it just copies the low order 8 bits from the source to the destination. – President James K. Polk Jun 17 '11 at 11:15
1

You are right... I was thinking (byte)129 == 0 and not -127. The other way around can also be made shorter as & 0xff. I've amended my answer; thanks for your suggestion. :) – Jake Petroules Jun 18 '11 at 14:36

PBKDF2 in Java with Bouncy Castle vs .NET Rfc2898DeriveBytes?

1 Answers1