Author: gk
Date: Fri Jan 11 14:44:04 2019
New Revision: 1851055
URL: http://svn.apache.org/viewvc?rev=1851055&view=rev
Log:
- update to AES_256, add a human readable clear header in case of AES_256
Modified:
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoParameters.java
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoStreamFactoryJ8Impl.java
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtil.java
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtilJ8.java
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/cli/MainJ8.java
turbine/fulcrum/trunk/yaafi-crypto/src/test/org/apache/fulcrum/jce/crypto/CryptoUtilJ8Test.java
Modified:
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoParameters.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoParameters.java?rev=1851055&r1=1851054&r2=1851055&view=diff
==============================================================================
---
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoParameters.java
(original)
+++
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoParameters.java
Fri Jan 11 14:44:04 2019
@@ -42,6 +42,20 @@ public interface CryptoParameters
/** The crypto algorithm being used */
String ALGORITHM = "PBEWithMD5AndDES";
- //
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJCEProvider
- String ALGORITHM_J8 = "PBEWithHmacSHA256AndAES_128";
//"PBEWithHmacSHA256AndAES_256";
+ /**
+ * @see
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJCEProvider
+ *
+ * Algo/mode/padding for cipher transformation:
+ * @see
https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html
+ *
+ * PBEWithHmacSHA256AndAES_256/CBC/PKCS5Padding,
PBEWithHmacSHA256AndAES_128/CBC/PKCS5Padding
+ */
+ String ALGORITHM_J8 = "PBEWithHmacSHA256AndAES_256";
//"PBEWithHmacSHA256AndAES_128 ";
+
+ /**
+ * Prefix to decrypted hex hash to get a clue, what to use and what it is.
+ *
+ * This should be always 10 bytes
+ */
+ String CLEAR_CODE_J8 = "J8_AES256;"; //
}
Modified:
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoStreamFactoryJ8Impl.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoStreamFactoryJ8Impl.java?rev=1851055&r1=1851054&r2=1851055&view=diff
==============================================================================
---
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoStreamFactoryJ8Impl.java
(original)
+++
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoStreamFactoryJ8Impl.java
Fri Jan 11 14:44:04 2019
@@ -43,7 +43,7 @@ import javax.crypto.spec.PBEParameterSpe
* implementation uses the JCA (Java Crypto Extension) supplied
* by SUN (using SunJCE 1.42).
*
- * The implementation uses as PBEWithHmacSHA256AndAES_128 for encryption which
+ * The implementation uses as PBEWithHmacSHA256AndAES_256, see {@link
CryptoParameters#ALGORITHM_J8} for encryption which
* should be sufficent for most applications.
*
* The implementation also supplies a default password in the case that
@@ -62,14 +62,15 @@ import javax.crypto.spec.PBEParameterSpe
public final class CryptoStreamFactoryJ8Impl extends CryptoStreamFactoryImpl
implements CryptoStreamFactoryJ8
{
- private static final int salt_size = 128;
- private static final int key_size = 128;
+ private static final int SALT_SIZE = 128;//might increase cipher length
+ private static final int KEY_SIZE = 256;
/** the default instance */
private static CryptoStreamFactoryJ8 instance;
- private AlgorithmParameters algorithmParameters;// used only for debugging
-
+ private AlgorithmParameters algorithmParameters;// used only for debugging
+
+
/**
* Factory method to get a default instance
* @return an instance of the CryptoStreamFactory
@@ -183,7 +184,7 @@ public final class CryptoStreamFactoryJ8
SecretKeyFactory keyFactory;
String algorithm = this.getAlgorithm();
- PBEKeySpec keySpec = new PBEKeySpec(password, (salt == null)?
this.getSalt(): salt, this.getCount(), key_size );
+ PBEKeySpec keySpec = new PBEKeySpec(password, (salt == null)?
this.getSalt(): salt, this.getCount(), KEY_SIZE );
byte[] encodedTmp = null;
try {
if( this.getProviderName() == null )
@@ -231,8 +232,8 @@ public final class CryptoStreamFactoryJ8
byte[] salt = null;
byte[] iv = null;
- if (mode == Cipher.DECRYPT_MODE) {
- salt = Arrays.copyOfRange(input, 0, salt_size / 8);
+ if (mode == Cipher.DECRYPT_MODE) {
+ salt = Arrays.copyOfRange(input, 0, SALT_SIZE / 8);
iv = Arrays.copyOfRange(input, salt.length, salt.length + 128 / 8);
ciphertext = Arrays.copyOfRange(input, salt.length + iv.length,
input.length);// cut out salt and iv
}
@@ -249,11 +250,11 @@ public final class CryptoStreamFactoryJ8
}
// save
- if (mode == Cipher.DECRYPT_MODE) {
+ if (mode == Cipher.DECRYPT_MODE) {
paramSpec = new PBEParameterSpec( salt, this.getCount(), new
IvParameterSpec(iv) );
cipher.init( mode, key, paramSpec );
//cipher.init( mode, key, algorithmParameters );
- ciphertext = cipher.doFinal(ciphertext);
+ ciphertext = cipher.doFinal(ciphertext); // actually the
unencrypted bytes
}
// save
@@ -264,10 +265,11 @@ public final class CryptoStreamFactoryJ8
//algorithmParameters = cipher.getParameters();
byte[] result = cipher.doFinal(input);
- iv = cipher.getIV();
+ iv = cipher.getIV(); // AES has 128bit block size
// Salt and IV need to be stored with the result, otherwise we
can't decrypt the message later.
ciphertext = new byte[salt.length + iv.length + result.length];
+
System.arraycopy(salt, 0, ciphertext, 0, salt.length);
System.arraycopy(iv, 0, ciphertext, salt.length, iv.length);
System.arraycopy(result, 0, ciphertext, salt.length + iv.length,
result.length);// push after salt and iv
@@ -279,13 +281,12 @@ public final class CryptoStreamFactoryJ8
SecureRandom random;
try {
random = SecureRandom.getInstance("SHA1PRNG");
- byte[] salt = new byte[salt_size / 8];
+ byte[] salt = new byte[SALT_SIZE / 8];
random.nextBytes(salt);
return salt;
} catch (NoSuchAlgorithmException e) {
throw new GeneralSecurityException(e);
}
-
}
}
Modified:
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtil.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtil.java?rev=1851055&r1=1851054&r2=1851055&view=diff
==============================================================================
---
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtil.java
(original)
+++
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtil.java
Fri Jan 11 14:44:04 2019
@@ -39,7 +39,9 @@ public class CryptoUtil {
/** the default instance */
private static CryptoUtil instance;
-
+
+ protected boolean useClearTextHeader = false; // backward compatible
+
/**
* Factory method to get a default instance
*
@@ -145,7 +147,8 @@ public class CryptoUtil {
throws GeneralSecurityException, IOException {
ByteArrayOutputStream bais = new ByteArrayOutputStream();
encrypt(factory, plainText, bais, password);
- return HexConverter.toString(bais.toByteArray());
+ return (useClearTextHeader)? CryptoParameters.CLEAR_CODE_J8 +
HexConverter.toString(bais.toByteArray()):
+ HexConverter.toString(bais.toByteArray());
}
/**
@@ -159,7 +162,9 @@ public class CryptoUtil {
* @throws IOException accessing the souce failed
*/
public String decryptString(String cipherText, char[] password) throws
GeneralSecurityException, IOException {
- return decryptString(getCryptoStreamFactory(), cipherText, password);
+ return decryptString(getCryptoStreamFactory(), (useClearTextHeader)?
+ cipherText.substring(CryptoParameters.CLEAR_CODE_J8.length()):
+ cipherText, password);
}
/**
Modified:
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtilJ8.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtilJ8.java?rev=1851055&r1=1851054&r2=1851055&view=diff
==============================================================================
---
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtilJ8.java
(original)
+++
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/CryptoUtilJ8.java
Fri Jan 11 14:44:04 2019
@@ -41,6 +41,7 @@ public final class CryptoUtilJ8 extends
/** the default instance */
private static CryptoUtilJ8 instance;
+
/**
* Factory method to get a default instance
* @return an instance of the CryptoStreamFactory
@@ -55,6 +56,10 @@ public final class CryptoUtilJ8 extends
return CryptoUtilJ8.instance;
}
+ public CryptoUtilJ8() {
+ useClearTextHeader = true;
+ }
+
/**
* Copies from a source to a target object using encryption and a caller
* supplied CryptoStreamFactory.
@@ -64,7 +69,7 @@ public final class CryptoUtilJ8 extends
* @param target the target object
* @param password the password to use for encryption
* @throws GeneralSecurityException accessing JCE failed
- * @throws IOException accessing the souce failed
+ * @throws IOException accessing the source failed
*/
@Override
public void encrypt(CryptoStreamFactory factory, Object source, Object
target, char[] password)
@@ -84,7 +89,7 @@ public final class CryptoUtilJ8 extends
* @param target the target object
* @param password the password to use for decryption
* @throws GeneralSecurityException accessing JCE failed
- * @throws IOException accessing the souce failed
+ * @throws IOException accessing the source failed
*/
@Override
public void decrypt(CryptoStreamFactory factory, Object source, Object
target, char[] password)
Modified:
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/cli/MainJ8.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/cli/MainJ8.java?rev=1851055&r1=1851054&r2=1851055&view=diff
==============================================================================
---
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/cli/MainJ8.java
(original)
+++
turbine/fulcrum/trunk/yaafi-crypto/src/java/org/apache/fulcrum/jce/crypto/cli/MainJ8.java
Fri Jan 11 14:44:04 2019
@@ -33,6 +33,13 @@ import org.apache.fulcrum.jce.crypto.Cry
*
* file [enc|dec] passwd [file]*
* string [enc|dec] passwd plaintext
+ *
+ * Example :
+ *
+ * java -classpath target/classes org.apache.fulcrum.jce.crypto.cli.Main
string enc changeit mysecretgeheim
+ * ...
+ *
+ * java -classpath target/classes org.apache.fulcrum.jce.crypto.cli.Main
string dec changeit J8_AES256;<hashcode>
*
* @author <a href="mailto:[email protected]";>Siegfried Goeschl</a>
*/
Modified:
turbine/fulcrum/trunk/yaafi-crypto/src/test/org/apache/fulcrum/jce/crypto/CryptoUtilJ8Test.java
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi-crypto/src/test/org/apache/fulcrum/jce/crypto/CryptoUtilJ8Test.java?rev=1851055&r1=1851054&r2=1851055&view=diff
==============================================================================
---
turbine/fulcrum/trunk/yaafi-crypto/src/test/org/apache/fulcrum/jce/crypto/CryptoUtilJ8Test.java
(original)
+++
turbine/fulcrum/trunk/yaafi-crypto/src/test/org/apache/fulcrum/jce/crypto/CryptoUtilJ8Test.java
Fri Jan 11 14:44:04 2019
@@ -131,7 +131,7 @@ public class CryptoUtilJ8Test {
String source = new String(testVector);
String cipherText = cryptoUtilJ8.encryptString(source,
this.getPassword());
String plainText = cryptoUtilJ8.decryptString(cipherText,
this.getPassword());
- assertEquals(source, plainText);
+ assertEquals(source +" is not equal with " + plainText, source,
plainText);
}
/** Test encryption and decryption of Strings
@@ -194,8 +194,8 @@ public class CryptoUtilJ8Test {
char[] password = "57cb-4a23-d838-45222".toCharArray();
String source = "e02c-3b76-ff1e-5d9a1";
String cipherText = cryptoUtilJ8.encryptString(source, password);
- System.out.println(cipherText);// 128bit
- assertEquals(128, cipherText.length());
+ System.out.println(cipherText);// about 128
+ assertEquals(138, cipherText.length()); // 128bytes + 10 bytes for
cleartext
CryptoStreamFactoryJ8Impl.setInstance(null);
String plainText = cryptoUtilJ8.decryptString(cipherText, password);
assertEquals(source, plainText);
