예제 #1
0
 /**
  * Takes ciphertexts and decrypts it
  *
  * @param data correctly padded data
  * @return
  * @throws CryptoException
  */
 public byte[] decrypt(byte[] data) throws CryptoException {
   try {
     byte[] plaintext;
     if (useExplicitIv) {
       decryptIv = new IvParameterSpec(Arrays.copyOf(data, decryptCipher.getBlockSize()));
     }
     if (tlsContext.getMyConnectionEnd() == ConnectionEnd.CLIENT) {
       decryptCipher.init(
           Cipher.DECRYPT_MODE,
           new SecretKeySpec(serverWriteKey, bulkCipherAlg.getJavaName()),
           decryptIv);
     } else {
       decryptCipher.init(
           Cipher.DECRYPT_MODE,
           new SecretKeySpec(clientWriteKey, bulkCipherAlg.getJavaName()),
           decryptIv);
     }
     if (useExplicitIv) {
       plaintext =
           decryptCipher.doFinal(
               Arrays.copyOfRange(data, decryptCipher.getBlockSize(), data.length));
     } else {
       plaintext = decryptCipher.doFinal(data);
       decryptIv =
           new IvParameterSpec(
               Arrays.copyOfRange(data, data.length - decryptCipher.getBlockSize(), data.length));
     }
     return plaintext;
   } catch (BadPaddingException
       | IllegalBlockSizeException
       | InvalidAlgorithmParameterException
       | InvalidKeyException
       | UnsupportedOperationException ex) {
     throw new CryptoException(ex);
   }
 }
예제 #2
0
  public TlsRecordBlockCipher(TlsContext tlsContext)
      throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
          InvalidAlgorithmParameterException {
    this.tlsContext = tlsContext;
    ProtocolVersion protocolVersion = tlsContext.getProtocolVersion();
    CipherSuite cipherSuite = tlsContext.getSelectedCipherSuite();
    if (protocolVersion == ProtocolVersion.TLS11
        || protocolVersion == ProtocolVersion.TLS12
        || protocolVersion == ProtocolVersion.DTLS10
        || protocolVersion == ProtocolVersion.DTLS12) {
      useExplicitIv = true;
    }
    bulkCipherAlg = BulkCipherAlgorithm.getBulkCipherAlgorithm(cipherSuite);
    CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite);
    int keySize = cipherAlg.getKeySize();
    encryptCipher = Cipher.getInstance(cipherAlg.getJavaName());
    decryptCipher = Cipher.getInstance(cipherAlg.getJavaName());

    MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(cipherSuite);
    readMac = Mac.getInstance(macAlg.getJavaName());
    writeMac = Mac.getInstance(macAlg.getJavaName());

    int secretSetSize = (2 * keySize) + readMac.getMacLength() + writeMac.getMacLength();

    if (!useExplicitIv) {
      secretSetSize += encryptCipher.getBlockSize() + decryptCipher.getBlockSize();
    }

    byte[] masterSecret = tlsContext.getMasterSecret();
    byte[] seed = tlsContext.getServerClientRandom();

    PRFAlgorithm prfAlgorithm =
        AlgorithmResolver.getPRFAlgorithm(
            tlsContext.getProtocolVersion(), tlsContext.getSelectedCipherSuite());
    byte[] keyBlock =
        PseudoRandomFunction.compute(
            prfAlgorithm,
            masterSecret,
            PseudoRandomFunction.KEY_EXPANSION_LABEL,
            seed,
            secretSetSize);

    LOGGER.debug("A new key block was generated: {}", ArrayConverter.bytesToHexString(keyBlock));

    int offset = 0;
    byte[] clientMacWriteSecret =
        Arrays.copyOfRange(keyBlock, offset, offset + readMac.getMacLength());
    offset += readMac.getMacLength();
    LOGGER.debug(
        "Client MAC write Secret: {}", ArrayConverter.bytesToHexString(clientMacWriteSecret));

    byte[] serverMacWriteSecret =
        Arrays.copyOfRange(keyBlock, offset, offset + writeMac.getMacLength());
    offset += writeMac.getMacLength();
    LOGGER.debug(
        "Server MAC write Secret:  {}", ArrayConverter.bytesToHexString(serverMacWriteSecret));

    clientWriteKey = Arrays.copyOfRange(keyBlock, offset, offset + keySize);
    offset += keySize;
    LOGGER.debug("Client write key: {}", ArrayConverter.bytesToHexString(clientWriteKey));

    serverWriteKey = Arrays.copyOfRange(keyBlock, offset, offset + keySize);
    offset += keySize;
    LOGGER.debug("Server write key: {}", ArrayConverter.bytesToHexString(serverWriteKey));

    byte[] clientWriteIv, serverWriteIv;
    if (useExplicitIv) {
      clientWriteIv = new byte[encryptCipher.getBlockSize()];
      RandomHelper.getRandom().nextBytes(clientWriteIv);
      serverWriteIv = new byte[decryptCipher.getBlockSize()];
      RandomHelper.getRandom().nextBytes(serverWriteIv);
    } else {
      clientWriteIv = Arrays.copyOfRange(keyBlock, offset, offset + encryptCipher.getBlockSize());
      offset += encryptCipher.getBlockSize();
      LOGGER.debug("Client write IV: {}", ArrayConverter.bytesToHexString(clientWriteIv));
      serverWriteIv = Arrays.copyOfRange(keyBlock, offset, offset + decryptCipher.getBlockSize());
      offset += decryptCipher.getBlockSize();
      LOGGER.debug("Server write IV: {}", ArrayConverter.bytesToHexString(serverWriteIv));
    }

    if (tlsContext.getMyConnectionEnd() == ConnectionEnd.CLIENT) {
      encryptIv = new IvParameterSpec(clientWriteIv);
      decryptIv = new IvParameterSpec(serverWriteIv);
      encryptKey = new SecretKeySpec(clientWriteKey, bulkCipherAlg.getJavaName());
      decryptKey = new SecretKeySpec(serverWriteKey, bulkCipherAlg.getJavaName());
      encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey, encryptIv);
      decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey, decryptIv);
      readMac.init(new SecretKeySpec(serverMacWriteSecret, macAlg.getJavaName()));
      writeMac.init(new SecretKeySpec(clientMacWriteSecret, macAlg.getJavaName()));
    } else {
      decryptIv = new IvParameterSpec(clientWriteIv);
      encryptIv = new IvParameterSpec(serverWriteIv);
      // todo check if this correct???
      encryptCipher.init(
          Cipher.ENCRYPT_MODE,
          new SecretKeySpec(serverWriteKey, bulkCipherAlg.getJavaName()),
          encryptIv);
      decryptCipher.init(
          Cipher.DECRYPT_MODE,
          new SecretKeySpec(clientWriteKey, bulkCipherAlg.getJavaName()),
          decryptIv);
      readMac.init(new SecretKeySpec(clientMacWriteSecret, macAlg.getJavaName()));
      writeMac.init(new SecretKeySpec(serverMacWriteSecret, macAlg.getJavaName()));
    }

    if (offset != keyBlock.length) {
      throw new CryptoException("Offset exceeded the generated key block length");
    }

    // mac has to be put into one or more blocks, depending on the MAC/block
    // length
    // additionally, there is a need for one explicit IV block
    minimalEncryptedRecordLength =
        ((readMac.getMacLength() / decryptCipher.getBlockSize()) + 2)
            * decryptCipher.getBlockSize();
  }