private void Encrypter(String data) throws Exception {
// Security.addProvider(new MainActivity().BouncyCastleProvider());
byte[] input = data.getBytes();
byte[] keyBytes = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
int keySize = keyBytes.length;
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
mTxtInput.setText(new String(data));
// System.out.println(new String(input));
// encryption pass
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] cipherText = new byte[cipher.getOutputSize(input.length)];
int ctLength = cipher.update(input, 0, input.length, cipherText, 0);
ctLength += cipher.doFinal(cipherText, ctLength);
// System.out.println(new String(cipherText));
// System.out.println(ctLength);
mTxtCipher.setText(new String(cipherText));
mTxtCtLenght.setText(String.valueOf(ctLength));
// decryption pass
String x = new String(cipherText);
}
public static byte[] encryptDataBytes(PublicKey publicKey, byte[] data) {
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", new BouncyCastleProvider());
cipher.init(1, publicKey);
int blockSize = cipher.getBlockSize();
int outputSize = cipher.getOutputSize(data.length);
int leavedSize = data.length % blockSize;
int blocksSize = leavedSize != 0 ? data.length / blockSize + 1 : data.length / blockSize;
byte[] raw = new byte[outputSize * blocksSize];
int i = 0;
while (data.length - i * blockSize > 0) {
if (data.length - i * blockSize > blockSize)
cipher.doFinal(data, i * blockSize, blockSize, raw, i * outputSize);
else {
cipher.doFinal(data, i * blockSize, data.length - i * blockSize, raw, i * outputSize);
}
i++;
}
return raw;
} catch (Exception e) {
logger.error(e.getMessage());
return null;
}
}
private static void testEncryptDecryptLong(
Cipher c, Cipher d, String string, long key, long value)
throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
byte[] data = new byte[3 + 8 + 8];
byte[] output = new byte[c.getOutputSize(data.length)];
byte[] result = new byte[3 + 8 + 8];
byte[] salt = string.getBytes();
System.arraycopy(salt, 0, data, 0, salt.length);
longToByteArray2(key, data, 3);
longToByteArray2(value, data, 11);
c.doFinal(data, 0, data.length, output);
d.doFinal(output, 0, output.length, result);
System.out.println("in: " + toHex(data));
System.out.println("enc: " + toHex(output));
System.out.println("dec: " + toHex(result));
for (int i = 0; i < data.length; i++) {
if (data[i] != result[i]) throw new IllegalStateException("darn gosh");
}
}
public static void crypt(String inFilename, String outFilename, int mode) {
InputStream in = null;
OutputStream out = null;
ObjectInputStream keyin = null;
try {
in = new FileInputStream(inFilename);
out = new FileOutputStream(outFilename);
keyin = new ObjectInputStream(new FileInputStream(keyFilename));
// 获取到密钥
Key key = (Key) keyin.readObject();
// 使用AES算法获取密码对象
Cipher cipher = Cipher.getInstance("AES");
// 通过设置模式和密钥来初始化
cipher.init(mode, key);
// 获取密码块大小,16
int blockSize = cipher.getBlockSize();
// 该密码块对应的输出缓存区大小,用于存放密码对象输出的数据块
int outputSize = cipher.getOutputSize(blockSize);
byte[] inBytes = new byte[blockSize];
byte[] outBytes = new byte[outputSize];
int length = 0;
boolean more = true;
while (more) {
length = in.read(inBytes);
// 如果能读到blockSize大小的块
if (length == blockSize) {
// 数据块存入outBytes
int outLength = cipher.update(inBytes, 0, blockSize, outBytes);
out.write(outBytes, 0, outLength);
} else {
more = false;
}
}
// 如果最后一个输入数据块的字节数小于blockSize,剩下的字节将会自动填充
if (length > 0) {
outBytes = cipher.doFinal(inBytes, 0, length);
} else {
outBytes = cipher.doFinal();
}
out.write(outBytes);
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (GeneralSecurityException e) {
e.printStackTrace();
} finally {
Closer.close(in);
Closer.close(out);
Closer.close(keyin);
}
}
public static void main(String args[]) throws Exception {
boolean failedOnce = false;
Exception failedReason = null;
byte[] keyBytes = new byte[8];
random.nextBytes(keyBytes);
SecretKey key = new SecretKeySpec(keyBytes, "DES");
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding", "SunJCE");
cipher.init(Cipher.ENCRYPT_MODE, key);
/*
* Iterate through various sizes to make sure that the code does empty
* blocks, single partial blocks, 1 full block, full + partial blocks,
* multiple full blocks, etc. 5 blocks (using DES) is probably overkill
* but will feel more confident the fix isn't breaking anything.
*/
System.out.println("Output test results for every " + outputFrequency + " tests...");
for (int size = 0; size <= testSizes; size++) {
boolean output = (size % outputFrequency) == 0;
if (output) {
System.out.print("\nTesting buffer size: " + size + ":");
}
int outSize = cipher.getOutputSize(size);
try {
encrypt(
cipher,
size,
ByteBuffer.allocate(size),
ByteBuffer.allocate(outSize),
ByteBuffer.allocateDirect(size),
ByteBuffer.allocateDirect(outSize),
output);
} catch (Exception e) {
System.out.print("\n Failed with size " + size);
failedOnce = true;
failedReason = e;
// If we got an exception, let's be safe for future
// testing and reset the cipher to a known good state.
cipher.init(Cipher.ENCRYPT_MODE, key);
}
}
if (failedOnce) {
throw failedReason;
}
System.out.println("\nTest Passed...");
}
@Override
public void setup() {
try {
algo = javax.crypto.Cipher.getInstance("AES/CFB8/NoPadding");
java.security.Key key = new SecretKeySpec(publicKey, 0, 16, "AES");
algo.init(javax.crypto.Cipher.ENCRYPT_MODE, key);
} catch (Exception e) {
System.out.println(e);
}
inAlgoBuffer = new byte[algo.getBlockSize()]; // always 0x00's
outAlgoBufferIx = algo.getOutputSize(algo.getBlockSize());
outAlgoBuffer = new byte[outAlgoBufferIx]; // output of encryption
}
private static void crypt(InputStream input, OutputStream out, Cipher cipher)
throws IOException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
int blockSize = cipher.getBlockSize();
int outputSize = cipher.getOutputSize(blockSize);
int inLength;
byte[] inBytes = new byte[blockSize];
byte[] outBytes = new byte[outputSize];
while ((inLength = IOUtils.read(input, inBytes)) != 0) {
int outLength = cipher.update(inBytes, 0, inLength, outBytes);
out.write(outBytes, 0, outLength);
}
IOUtils.write(cipher.doFinal(), out);
}
private void testGCMParameterSpecWithMultipleUpdates(
byte[] K, byte[] N, byte[] A, byte[] P, byte[] C) throws Exception {
Cipher eax = Cipher.getInstance("AES/EAX/NoPadding", "BC");
SecretKeySpec key = new SecretKeySpec(K, "AES");
SecureRandom random = new SecureRandom();
// GCMParameterSpec mapped to AEADParameters and overrides default MAC
// size
GCMParameterSpec spec = new GCMParameterSpec(128, N);
for (int i = 900; i != 1024; i++) {
byte[] message = new byte[i];
random.nextBytes(message);
eax.init(Cipher.ENCRYPT_MODE, key, spec);
byte[] out = new byte[eax.getOutputSize(i)];
int offSet = 0;
int count;
for (count = 0; count < i / 21; count++) {
offSet += eax.update(message, count * 21, 21, out, offSet);
}
offSet += eax.doFinal(message, count * 21, i - (count * 21), out, offSet);
byte[] dec = new byte[i];
int len = offSet;
eax.init(Cipher.DECRYPT_MODE, key, spec);
offSet = 0;
for (count = 0; count < len / 10; count++) {
offSet += eax.update(out, count * 10, 10, dec, offSet);
}
offSet += eax.doFinal(out, count * 10, len - (count * 10), dec, offSet);
if (!Arrays.areEqual(message, dec) || offSet != message.length) {
fail("message mismatch");
}
}
}
private void Decryptor(byte[] cipherText) throws Exception {
byte[] keyBytes = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
int keySize = keyBytes.length;
int x = cipherText.length;
// decryption pass
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] plainText = new byte[cipher.getOutputSize(x)];
int ptLength = cipher.update(cipherText, 0, x, plainText, 0);
ptLength += cipher.doFinal(plainText, ptLength);
mTxtPlainText.setText(new String(plainText));
// mTxtPtLength.setText(String.valueOf(ptLength));
}
/**
* 加密
*
* @param key 加密的密钥
* @param data 待加密的明文数据
* @return 加密后的数据
* @throws Exception
*/
public static byte[] encrypt(Key key, byte[] data) throws Exception {
try {
Cipher cipher =
Cipher.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, key);
int blockSize = cipher.getBlockSize(); // 获得加密块大小,如:加密前数据为128个byte,而key_size=1024
// 加密块大小为127
// byte,加密后为128个byte;因此共有2个加密块,第一个127
// byte第二个为1个byte
int outputSize = cipher.getOutputSize(data.length); // 获得加密块加密后块大小
int leavedSize = data.length % blockSize;
int blocksSize = leavedSize != 0 ? data.length / blockSize + 1 : data.length / blockSize;
byte[] raw = new byte[outputSize * blocksSize];
int i = 0;
while (data.length - i * blockSize > 0) {
if (data.length - i * blockSize > blockSize)
cipher.doFinal(data, i * blockSize, blockSize, raw, i * outputSize);
else cipher.doFinal(data, i * blockSize, data.length - i * blockSize, raw, i * outputSize);
// 这里面doUpdate方法不可用,查看源代码后发现每次doUpdate后并没有什么实际动作除了把byte[]放到ByteArrayOutputStream中,而最后doFinal的时候才将所有的byte[]进行加密,可是到了此时加密块大小很可能已经超出了OutputSize所以只好用dofinal方法。
i++;
}
return raw;
} catch (Exception e) {
throw new Exception(e.getMessage());
}
}
/**
* Uses a cipher to transform the bytes in an input stream and sends the transformed bytes to an
* output stream.
*
* @param in the input stream
* @param out the output stream
* @param cipher the cipher that transforms the bytes
*/
public static void crypt(InputStream in, OutputStream out, Cipher cipher)
throws IOException, GeneralSecurityException {
int blockSize = cipher.getBlockSize();
int outputSize = cipher.getOutputSize(blockSize);
byte[] inBytes = new byte[blockSize];
byte[] outBytes = new byte[outputSize];
int inLength = 0;
;
boolean more = true;
while (more) {
inLength = in.read(inBytes);
if (inLength == blockSize) {
int outLength = cipher.update(inBytes, 0, blockSize, outBytes);
out.write(outBytes, 0, outLength);
} else more = false;
}
if (inLength > 0) outBytes = cipher.doFinal(inBytes, 0, inLength);
else outBytes = cipher.doFinal();
out.write(outBytes);
}
/**
* Decrypts a given byte stream using the AES cipher, CBC mode, and PKCS5 Padding algorithms.
*
* @param input - Bytes to be decrypted
* @param key - Symmetric key to decrypt
* @param iv - Initialization vector
* @return decrypted byte stream
* @throws NoSuchAlgorithmException
* @throws NoSuchPaddingException
* @throws InvalidKeyException
* @throws InvalidAlgorithmParameterException
* @throws ShortBufferException
* @throws IllegalBlockSizeException
* @throws BadPaddingException
* @throws UnsupportedEncodingException
*/
public static byte[] AESCBCdecrypt(byte[] input, Key key, byte[] iv)
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
InvalidAlgorithmParameterException, ShortBufferException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException {
int plaintext_len;
byte[] keyBytes, plaintext;
SecretKeySpec keySpec;
IvParameterSpec ivSpec;
Cipher cipher;
keyBytes = key.getBytes();
keySpec = new SecretKeySpec(keyBytes, "AES");
ivSpec = new IvParameterSpec(iv);
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
plaintext = new byte[cipher.getOutputSize(input.length)];
plaintext_len = cipher.update(input, 0, input.length, plaintext, 0);
plaintext_len += cipher.doFinal(plaintext, plaintext_len);
return plaintext;
}
/**
* * 加密 *
*
* @param key 加密的密钥 *
* @param data 待加密的明文数据 *
* @return 加密后的数据 *
* @throws Exception
*/
public static byte[] encryptByJs(String publicKey, byte[] data) throws Exception {
try {
// 字符串转key
byte[] keyBytes = Base64Utils.decode(publicKey);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
RSAPublicKey publicK = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
Cipher cipher =
Cipher.getInstance(
KEY_ALGORITHM, new org.bouncycastle.jce.provider.BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, publicK);
int blockSize = cipher.getBlockSize(); // 获得加密块大小,如:加密前数据为128个byte,而key_size=1024
// 加密块大小为127
// byte,加密后为128个byte;因此共有2个加密块,第一个127
// byte第二个为1个byte
int outputSize = cipher.getOutputSize(data.length); // 获得加密块加密后块大小
int leavedSize = data.length % blockSize;
int blocksSize = leavedSize != 0 ? data.length / blockSize + 1 : data.length / blockSize;
byte[] raw = new byte[outputSize * blocksSize];
int i = 0;
while (data.length - i * blockSize > 0) {
if (data.length - i * blockSize > blockSize)
cipher.doFinal(data, i * blockSize, blockSize, raw, i * outputSize);
else cipher.doFinal(data, i * blockSize, data.length - i * blockSize, raw, i * outputSize);
// 这里面doUpdate方法不可用,查看源代码后发现每次doUpdate后并没有什么实际动作除了把byte[]放到
// ByteArrayOutputStream中,而最后doFinal的时候才将所有的byte[]进行加密,可是到了此时加密块大小很可能已经超出了
// OutputSize所以只好用dofinal方法。
i++;
}
return raw;
} catch (Exception e) {
throw new Exception(ExceptionUtil.getStackTraceAsString(e));
}
}
public void prepare() {
try {
System.out.println(
"\nalgorithm="
+ algorithm
+ ", mode="
+ mode
+ ", paddingStr="
+ paddingStr
+ ", msgSize="
+ msgSize
+ ", keySize="
+ keySize
+ ", noReinit="
+ noReinit
+ ", checkOutput="
+ checkOutput
+ ", encInputOffset="
+ encInputOffset
+ ", encOutputOffset="
+ encOutputOffset
+ ", decOutputOffset="
+ decOutputOffset
+ ", lastChunkSize="
+ lastChunkSize);
if (encInputOffset % ALIGN != 0
|| encOutputOffset % ALIGN != 0
|| decOutputOffset % ALIGN != 0) testingMisalignment = true;
int keyLenBytes = (keySize == 0 ? 16 : keySize / 8);
byte keyBytes[] = new byte[keyLenBytes];
if (keySize == 128)
keyBytes = new byte[] {-8, -7, -6, -5, -4, -3, -2, -1, 0, 1, 2, 3, 4, 5, 6, 7};
else random.nextBytes(keyBytes);
key = new SecretKeySpec(keyBytes, algorithm);
if (threadId == 0) {
System.out.println(
"Algorithm: " + key.getAlgorithm() + "(" + key.getEncoded().length * 8 + "bit)");
}
cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE");
dCipher = Cipher.getInstance(algorithm + "/" + mode + "/" + paddingStr, "SunJCE");
if (mode.equals("CBC")) {
int ivLen = (algorithm.equals("AES") ? 16 : algorithm.equals("DES") ? 8 : 0);
IvParameterSpec initVector = new IvParameterSpec(new byte[ivLen]);
cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
} else {
algParams = cipher.getParameters();
cipher.init(Cipher.ENCRYPT_MODE, key, algParams);
}
algParams = cipher.getParameters();
dCipher.init(Cipher.DECRYPT_MODE, key, algParams);
if (threadId == 0) {
childShowCipher();
}
inputLength = msgSize + encInputOffset;
if (testingMisalignment) {
encodeLength = cipher.getOutputSize(msgSize - lastChunkSize) + encOutputOffset;
encodeLength += cipher.getOutputSize(lastChunkSize);
decodeLength = dCipher.getOutputSize(encodeLength - lastChunkSize) + decOutputOffset;
decodeLength += dCipher.getOutputSize(lastChunkSize);
} else {
encodeLength = cipher.getOutputSize(msgSize) + encOutputOffset;
decodeLength = dCipher.getOutputSize(encodeLength) + decOutputOffset;
}
input = new byte[inputLength];
for (int i = encInputOffset, j = 0; i < inputLength; i++, j++) {
input[i] = (byte) (j & 0xff);
}
// do one encode and decode in preparation
encode = new byte[encodeLength];
decode = new byte[decodeLength];
if (testingMisalignment) {
decodeMsgSize =
cipher.update(
input, encInputOffset, (msgSize - lastChunkSize), encode, encOutputOffset);
decodeMsgSize +=
cipher.doFinal(
input,
(encInputOffset + msgSize - lastChunkSize),
lastChunkSize,
encode,
(encOutputOffset + decodeMsgSize));
int tempSize =
dCipher.update(
encode, encOutputOffset, (decodeMsgSize - lastChunkSize), decode, decOutputOffset);
dCipher.doFinal(
encode,
(encOutputOffset + decodeMsgSize - lastChunkSize),
lastChunkSize,
decode,
(decOutputOffset + tempSize));
} else {
decodeMsgSize = cipher.doFinal(input, encInputOffset, msgSize, encode, encOutputOffset);
dCipher.doFinal(encode, encOutputOffset, decodeMsgSize, decode, decOutputOffset);
}
if (checkOutput) {
expectedEncode = (byte[]) encode.clone();
expectedDecode = (byte[]) decode.clone();
showArray(key.getEncoded(), "key: ");
showArray(input, "input: ");
showArray(encode, "encode: ");
showArray(decode, "decode: ");
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
private void testGP(int size, int privateValueSize, BigInteger g, BigInteger p) throws Exception {
DHParameterSpec elParams = new DHParameterSpec(p, g, privateValueSize);
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ElGamal", "BC");
byte[] in = "This is a test".getBytes();
keyGen.initialize(elParams);
KeyPair keyPair = keyGen.generateKeyPair();
SecureRandom rand = new SecureRandom();
checkKeySize(privateValueSize, keyPair);
Cipher cipher = Cipher.getInstance("ElGamal", "BC");
cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic(), rand);
if (cipher.getOutputSize(in.length) != (size / 8) * 2) {
fail("getOutputSize wrong on encryption");
}
byte[] out = cipher.doFinal(in);
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
if (cipher.getOutputSize(out.length) != (size / 8) - 1) {
fail("getOutputSize wrong on decryption");
}
//
// No Padding - maximum length
//
byte[] modBytes = ((DHPublicKey) keyPair.getPublic()).getParams().getP().toByteArray();
byte[] maxInput = new byte[modBytes.length - 1];
maxInput[0] |= 0x7f;
cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic(), rand);
out = cipher.doFinal(maxInput);
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
out = cipher.doFinal(out);
if (!areEqual(out, maxInput)) {
fail(
"NoPadding test failed on decrypt expected "
+ new String(Hex.encode(maxInput))
+ " got "
+ new String(Hex.encode(out)));
}
//
// encrypt/decrypt
//
Cipher c1 = Cipher.getInstance("ElGamal", "BC");
Cipher c2 = Cipher.getInstance("ElGamal", "BC");
c1.init(Cipher.ENCRYPT_MODE, keyPair.getPublic(), rand);
byte[] out1 = c1.doFinal(in);
c2.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] out2 = c2.doFinal(out1);
if (!areEqual(in, out2)) {
fail(size + " encrypt test failed");
}
//
// encrypt/decrypt with update
//
int outLen = c1.update(in, 0, 2, out1, 0);
outLen += c1.doFinal(in, 2, in.length - 2, out1, outLen);
outLen = c2.update(out1, 0, 2, out2, 0);
outLen += c2.doFinal(out1, 2, out1.length - 2, out2, outLen);
if (!areEqual(in, out2)) {
fail(size + " encrypt with update test failed");
}
//
// public key encoding test
//
byte[] pubEnc = keyPair.getPublic().getEncoded();
KeyFactory keyFac = KeyFactory.getInstance("ElGamal", "BC");
X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc);
DHPublicKey pubKey = (DHPublicKey) keyFac.generatePublic(pubX509);
DHParameterSpec spec = pubKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit public key encoding/decoding test failed on parameters");
}
if (!((DHPublicKey) keyPair.getPublic()).getY().equals(pubKey.getY())) {
fail(size + " bit public key encoding/decoding test failed on y value");
}
//
// public key serialisation test
//
pubKey = (DHPublicKey) serializeDeserialize(keyPair.getPublic());
spec = pubKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit public key serialisation test failed on parameters");
}
if (!((DHPublicKey) keyPair.getPublic()).getY().equals(pubKey.getY())) {
fail(size + " bit public key serialisation test failed on y value");
}
if (!keyPair.getPublic().equals(pubKey)) {
fail("equals test failed");
}
if (keyPair.getPublic().hashCode() != pubKey.hashCode()) {
fail("hashCode test failed");
}
//
// private key encoding test
//
byte[] privEnc = keyPair.getPrivate().getEncoded();
PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc);
DHPrivateKey privKey = (DHPrivateKey) keyFac.generatePrivate(privPKCS8);
spec = privKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit private key encoding/decoding test failed on parameters");
}
if (!((DHPrivateKey) keyPair.getPrivate()).getX().equals(privKey.getX())) {
fail(size + " bit private key encoding/decoding test failed on y value");
}
//
// private key serialisation test
//
privKey = (DHPrivateKey) serializeDeserialize(keyPair.getPrivate());
spec = privKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit private key serialisation test failed on parameters");
}
if (!((DHPrivateKey) keyPair.getPrivate()).getX().equals(privKey.getX())) {
fail(size + " bit private key serialisation test failed on y value");
}
if (!keyPair.getPrivate().equals(privKey)) {
fail("equals test failed");
}
if (keyPair.getPrivate().hashCode() != privKey.hashCode()) {
fail("hashCode test failed");
}
if (!(privKey instanceof PKCS12BagAttributeCarrier)) {
fail("private key not implementing PKCS12 attribute carrier");
}
}
public static Message decode(Session session, String text) {
Logger logger = LoggerFactory.getLogger(KrakenMessageDecoder.class.getName());
Charset utf8 = Charset.forName("utf-8");
// remove potential control characters
text = text.trim();
if (text.length() == 0) return null;
if (logger.isDebugEnabled())
logger.debug(
"kraken webconsole: debug websocket frame length {}, json [{}]", text.length(), text);
if (text.equals("ping")) return null;
// decrypt if msg is encrypted
if (session.has("enc_key")) {
try {
JSONTokener tokenizer = new JSONTokener(new StringReader(text));
JSONArray container = (JSONArray) tokenizer.nextValue();
JSONObject header = container.getJSONObject(0);
JSONObject body = container.getJSONObject(1);
if (header.has("iv") && body.has("data")) {
String data = body.getString("data");
byte[] iv =
ByteUtil.asArray(
Base64.decode(ChannelBuffers.wrappedBuffer(header.getString("iv").getBytes())));
byte[] buf =
ByteUtil.asArray(Base64.decode(ChannelBuffers.wrappedBuffer(data.getBytes())));
byte[] key = ByteUtil.asByteArray(UUID.fromString(session.getString("enc_key")));
SecretKeySpec secret = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));
byte[] plain = new byte[cipher.getOutputSize(buf.length)];
int plainLength = cipher.update(buf, 0, buf.length, plain, 0);
plainLength += cipher.doFinal(plain, plainLength);
text = new String(plain, 0, plainLength, utf8);
logger.trace("kraken webconsole: decrypted msg [{}]", text);
}
} catch (Exception e) {
logger.error("kraken webconsole: cannot decode encrypted msg [" + text + "]", e);
}
}
try {
JSONTokener tokenizer = new JSONTokener(new StringReader(text));
JSONArray container = (JSONArray) tokenizer.nextValue();
JSONObject header = container.getJSONObject(0);
JSONObject body = container.getJSONObject(1);
Message msg = new Message();
msg.setGuid(header.getString("guid").trim());
msg.setType(Message.Type.valueOf(header.getString("type").trim()));
msg.setSource(header.getString("source"));
msg.setTarget(header.getString("target"));
msg.setMethod(header.getString("method").trim());
msg.setParameters(parse(body));
return msg;
} catch (JSONException e) {
logger.error("kraken webconsole: invalid json => " + text, e);
}
return null;
}
private void testDefault(int privateValueSize, BigInteger g, BigInteger p) throws Exception {
DHParameterSpec elParams = new DHParameterSpec(p, g, privateValueSize);
int size = p.bitLength();
new BouncyCastleProvider().setParameter(ConfigurableProvider.DH_DEFAULT_PARAMS, elParams);
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ElGamal", "BC");
byte[] in = "This is a test".getBytes();
keyGen.initialize(p.bitLength());
KeyPair keyPair = keyGen.generateKeyPair();
new BouncyCastleProvider().setParameter(ConfigurableProvider.DH_DEFAULT_PARAMS, elParams);
SecureRandom rand = new SecureRandom();
checkKeySize(privateValueSize, keyPair);
Cipher cipher = Cipher.getInstance("ElGamal", "BC");
cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic(), rand);
if (cipher.getOutputSize(in.length) != (size / 8) * 2) {
fail("getOutputSize wrong on encryption");
}
byte[] out = cipher.doFinal(in);
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
if (cipher.getOutputSize(out.length) != (size / 8) - 1) {
fail("getOutputSize wrong on decryption");
}
//
// No Padding - maximum length
//
byte[] modBytes = ((DHPublicKey) keyPair.getPublic()).getParams().getP().toByteArray();
byte[] maxInput = new byte[modBytes.length - 1];
maxInput[0] |= 0x7f;
cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic(), rand);
out = cipher.doFinal(maxInput);
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
out = cipher.doFinal(out);
if (!areEqual(out, maxInput)) {
fail(
"NoPadding test failed on decrypt expected "
+ new String(Hex.encode(maxInput))
+ " got "
+ new String(Hex.encode(out)));
}
//
// encrypt/decrypt
//
Cipher c1 = Cipher.getInstance("ElGamal", "BC");
Cipher c2 = Cipher.getInstance("ElGamal", "BC");
c1.init(Cipher.ENCRYPT_MODE, keyPair.getPublic(), rand);
byte[] out1 = c1.doFinal(in);
c2.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] out2 = c2.doFinal(out1);
if (!areEqual(in, out2)) {
fail(size + " encrypt test failed");
}
//
// encrypt/decrypt with update
//
int outLen = c1.update(in, 0, 2, out1, 0);
outLen += c1.doFinal(in, 2, in.length - 2, out1, outLen);
outLen = c2.update(out1, 0, 2, out2, 0);
outLen += c2.doFinal(out1, 2, out1.length - 2, out2, outLen);
if (!areEqual(in, out2)) {
fail(size + " encrypt with update test failed");
}
//
// public key encoding test
//
byte[] pubEnc = keyPair.getPublic().getEncoded();
KeyFactory keyFac = KeyFactory.getInstance("ElGamal", "BC");
X509EncodedKeySpec pubX509 = new X509EncodedKeySpec(pubEnc);
DHPublicKey pubKey = (DHPublicKey) keyFac.generatePublic(pubX509);
DHParameterSpec spec = pubKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit public key encoding/decoding test failed on parameters");
}
if (!((DHPublicKey) keyPair.getPublic()).getY().equals(pubKey.getY())) {
fail(size + " bit public key encoding/decoding test failed on y value");
}
//
// public key serialisation test
//
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ObjectOutputStream oOut = new ObjectOutputStream(bOut);
oOut.writeObject(keyPair.getPublic());
ByteArrayInputStream bIn = new ByteArrayInputStream(bOut.toByteArray());
ObjectInputStream oIn = new ObjectInputStream(bIn);
pubKey = (DHPublicKey) oIn.readObject();
spec = pubKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit public key serialisation test failed on parameters");
}
if (!((DHPublicKey) keyPair.getPublic()).getY().equals(pubKey.getY())) {
fail(size + " bit public key serialisation test failed on y value");
}
//
// private key encoding test
//
byte[] privEnc = keyPair.getPrivate().getEncoded();
PKCS8EncodedKeySpec privPKCS8 = new PKCS8EncodedKeySpec(privEnc);
DHPrivateKey privKey = (DHPrivateKey) keyFac.generatePrivate(privPKCS8);
spec = privKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit private key encoding/decoding test failed on parameters");
}
if (!((DHPrivateKey) keyPair.getPrivate()).getX().equals(privKey.getX())) {
fail(size + " bit private key encoding/decoding test failed on y value");
}
//
// private key serialisation test
//
bOut = new ByteArrayOutputStream();
oOut = new ObjectOutputStream(bOut);
oOut.writeObject(keyPair.getPrivate());
bIn = new ByteArrayInputStream(bOut.toByteArray());
oIn = new ObjectInputStream(bIn);
privKey = (DHPrivateKey) oIn.readObject();
spec = privKey.getParams();
if (!spec.getG().equals(elParams.getG()) || !spec.getP().equals(elParams.getP())) {
fail(size + " bit private key serialisation test failed on parameters");
}
if (!((DHPrivateKey) keyPair.getPrivate()).getX().equals(privKey.getX())) {
fail(size + " bit private key serialisation test failed on y value");
}
}
