예제 #1
0
 /*
  * Generate random salt
  */
 private byte[] getSalt() {
   // Generate a random salt.
   byte[] salt = new byte[SALT_LEN];
   if (random == null) {
     random = new SecureRandom();
   }
   salt = random.generateSeed(SALT_LEN);
   return salt;
 }
예제 #2
0
  /**
   * Encrypts the given input data.
   *
   * @param in input data to encrypt
   * @param k key
   * @param a encryption algorithm
   * @param ivl initialization vector length
   * @return encrypted input data
   * @throws InvalidKeyException ex
   * @throws InvalidAlgorithmParameterException ex
   * @throws NoSuchAlgorithmException ex
   * @throws NoSuchPaddingException ex
   * @throws IllegalBlockSizeException ex
   * @throws BadPaddingException ex
   */
  private static byte[] encrypt(final byte[] in, final byte[] k, final byte[] a, final int ivl)
      throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
          NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {

    final Cipher cipher = Cipher.getInstance(string(ALGN.get(lc(a))));
    final SecretKeySpec kspec = new SecretKeySpec(k, string(a));
    // generate random iv. random iv is necessary to make the encryption of a
    // string look different every time it is encrypted.
    final byte[] iv = new byte[ivl];
    // create new random iv if encrypting
    final SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
    rand.nextBytes(iv);
    final IvParameterSpec ivspec = new IvParameterSpec(iv);

    // encrypt/decrypt
    cipher.init(Cipher.ENCRYPT_MODE, kspec, ivspec);
    final byte[] t = cipher.doFinal(in);
    // initialization vector is appended to the message for later decryption
    return concat(iv, t);
  }
  public void generate_new_aes_key() {

    try {
      KeyGenerator localKeyGenerator = KeyGenerator.getInstance("AES");
      localKeyGenerator.init(128, SecureRandom.getInstance("SHA1PRNG"));
      //        aes_key = Base64.encodeBase64String(localKeyGenerator.generateKey().getEncoded());
      aes_key =
          new String(Base64.encode(localKeyGenerator.generateKey().getEncoded(), Base64.DEFAULT));
    } catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {
      System.out.println(localNoSuchAlgorithmException);
    }
    return;
  }
예제 #4
0
 // actual init() implementation
 private void implInit(int opmode, Key key, byte[] iv, SecureRandom random)
     throws InvalidKeyException, InvalidAlgorithmParameterException {
   cancelOperation();
   switch (opmode) {
     case Cipher.ENCRYPT_MODE:
       encrypt = true;
       break;
     case Cipher.DECRYPT_MODE:
       encrypt = false;
       break;
     default:
       throw new InvalidAlgorithmParameterException("Unsupported mode: " + opmode);
   }
   if (blockMode == MODE_ECB) { // ECB or stream cipher
     if (iv != null) {
       if (blockSize == 0) {
         throw new InvalidAlgorithmParameterException("IV not used with stream ciphers");
       } else {
         throw new InvalidAlgorithmParameterException("IV not used in ECB mode");
       }
     }
   } else { // MODE_CBC or MODE_CTR
     if (iv == null) {
       if (encrypt == false) {
         String exMsg =
             (blockMode == MODE_CBC
                 ? "IV must be specified for decryption in CBC mode"
                 : "IV must be specified for decryption in CTR mode");
         throw new InvalidAlgorithmParameterException(exMsg);
       }
       // generate random IV
       if (random == null) {
         random = new SecureRandom();
       }
       iv = new byte[blockSize];
       random.nextBytes(iv);
     } else {
       if (iv.length != blockSize) {
         throw new InvalidAlgorithmParameterException("IV length must match block size");
       }
     }
   }
   this.iv = iv;
   p11Key = P11SecretKeyFactory.convertKey(token, key, keyAlgorithm);
   try {
     initialize();
   } catch (PKCS11Exception e) {
     throw new InvalidKeyException("Could not initialize cipher", e);
   }
 }
  public static void main(String[] args) throws Exception {
    // prompt user to enter a port number

    System.out.print("Enter the port number: ");
    Scanner scan = new Scanner(System.in);
    int port = scan.nextInt();
    scan.nextLine();
    System.out.print("Enter the host name: ");
    String hostName = scan.nextLine();

    // Initialize a key pair generator with the SKIP parameters we sepcified, and genrating a pair
    // This will take a while: 5...15 seconrds

    System.out.println("Generating a Diffie-Hellman keypair: ");
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
    kpg.initialize(PARAMETER_SPEC);
    KeyPair keyPair = kpg.genKeyPair();
    System.out.println("key pair has been made...");

    // one the key pair has been generated, we want to listen on
    // a given port for a connection to come in
    // once we get a connection, we will get two streams, One for input
    // and one for output
    // open a port and wait for a connection

    ServerSocket ss = new ServerSocket(port);
    System.out.println("Listeining on port " + port + " ...");
    Socket socket = ss.accept();

    // use to output and input primitive data type

    DataOutputStream out = new DataOutputStream(socket.getOutputStream());

    // next thing to do is send our public key and receive client's
    // this corresponds to server step 3 and step 4 in the diagram

    System.out.println("Sending my public key...");
    byte[] keyBytes = keyPair.getPublic().getEncoded();
    out.writeInt(keyBytes.length);
    out.write(keyBytes);
    System.out.println("Server public key bytes: " + CryptoUtils.toHex(keyBytes));

    // receive the client's public key

    System.out.println("Receiving client's public key...");
    DataInputStream in = new DataInputStream(socket.getInputStream());
    keyBytes = new byte[in.readInt()];
    in.readFully(keyBytes);

    // create client's public key

    KeyFactory kf = KeyFactory.getInstance("DH");
    X509EncodedKeySpec x509Spec = new X509EncodedKeySpec(keyBytes);
    PublicKey clientPublicKey = kf.generatePublic(x509Spec);

    // print out client's public key bytes

    System.out.println(
        "Client public key bytes: " + CryptoUtils.toHex(clientPublicKey.getEncoded()));

    // we can now use the client's public key and
    // our own private key to perform the key agreement

    System.out.println("Performing the key agreement ... ");
    KeyAgreement ka = KeyAgreement.getInstance("DH");
    ka.init(keyPair.getPrivate());
    ka.doPhase(clientPublicKey, true);

    // in a chat application, each character is sendt over the wire, separetly encrypted,
    // Instead of using ECB, we are goin to use CFB, with a block size of 8 bits(1byte)
    // to send each character. We will encrypt the same character in a different way
    // each time. But in order to use CFB8, we need an IVof 8 bytes. We will create
    // that IV randomly and and send it to the client. It doesn't matter if somoene
    // eavesdrops on the IV when it is sent over the wire. it's not sensitive info

    // creating the IV and sending it corresponds to step 6 and 7

    byte[] iv = new byte[8];
    SecureRandom sr = new SecureRandom();
    sr.nextBytes(iv);
    out.write(iv);

    // we generate the secret byte array we share with the client and use it
    // to create the session key (Step 8)

    byte[] sessionKeyBytes = ka.generateSecret();

    // create the session key

    SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
    DESedeKeySpec DESedeSpec = new DESedeKeySpec(sessionKeyBytes);
    SecretKey sessionKey = skf.generateSecret(DESedeSpec);

    // printout session key bytes

    System.out.println("Session key bytes: " + CryptoUtils.toHex(sessionKey.getEncoded()));

    // now use tha that session key and IV to create a CipherInputStream. We will use them to read
    // all character
    // that are sent to us by the client

    System.out.println("Creating the cipher stream ...");
    Cipher decrypter = Cipher.getInstance("DESede/CFB8/NoPadding");
    IvParameterSpec spec = new IvParameterSpec(iv);
    decrypter.init(Cipher.DECRYPT_MODE, sessionKey, spec);
    CipherInputStream cipherIn = new CipherInputStream(socket.getInputStream(), decrypter);

    // we just keep reading the input and print int to the screen, until -1 sent over

    int theCharacter = 0;
    theCharacter = cipherIn.read();
    while (theCharacter != -1) {
      System.out.print((char) theCharacter);
      theCharacter = cipherIn.read();
    }
    // once -1 is received we want to close up our stream and exit

    cipherIn.close();
    in.close();
    out.close();
    socket.close();
  }
예제 #6
0
  void implInit(
      int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random, CipherSpi cipherImpl)
      throws InvalidKeyException, InvalidAlgorithmParameterException {
    char[] passwdChars = null;
    salt = null;
    iCount = 0;
    if (key instanceof javax.crypto.interfaces.PBEKey) {
      javax.crypto.interfaces.PBEKey pbeKey = (javax.crypto.interfaces.PBEKey) key;
      passwdChars = pbeKey.getPassword();
      salt = pbeKey.getSalt(); // maybe null if unspecified
      iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
    } else if (key instanceof SecretKey) {
      byte[] passwdBytes = key.getEncoded();
      if ((passwdBytes == null) || !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
        throw new InvalidKeyException("Missing password");
      }
      passwdChars = new char[passwdBytes.length];
      for (int i = 0; i < passwdChars.length; i++) {
        passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
      }
    } else {
      throw new InvalidKeyException("SecretKey of PBE type required");
    }

    if (((opmode == Cipher.DECRYPT_MODE) || (opmode == Cipher.UNWRAP_MODE))
        && ((params == null) && ((salt == null) || (iCount == 0)))) {
      throw new InvalidAlgorithmParameterException("Parameters missing");
    }

    if (params == null) {
      // generate default for salt and iteration count if necessary
      if (salt == null) {
        salt = new byte[DEFAULT_SALT_LENGTH];
        if (random != null) {
          random.nextBytes(salt);
        } else {
          SunJCE.getRandom().nextBytes(salt);
        }
      }
      if (iCount == 0) iCount = DEFAULT_COUNT;
    } else if (!(params instanceof PBEParameterSpec)) {
      throw new InvalidAlgorithmParameterException("PBEParameterSpec type required");
    } else {
      PBEParameterSpec pbeParams = (PBEParameterSpec) params;
      // make sure the parameter values are consistent
      if (salt != null) {
        if (!Arrays.equals(salt, pbeParams.getSalt())) {
          throw new InvalidAlgorithmParameterException(
              "Inconsistent value of salt between key and params");
        }
      } else {
        salt = pbeParams.getSalt();
      }
      if (iCount != 0) {
        if (iCount != pbeParams.getIterationCount()) {
          throw new InvalidAlgorithmParameterException(
              "Different iteration count between key and params");
        }
      } else {
        iCount = pbeParams.getIterationCount();
      }
    }
    // salt is recommended to be ideally as long as the output
    // of the hash function. However, it may be too strict to
    // force this; so instead, we'll just require the minimum
    // salt length to be 8-byte which is what PKCS#5 recommends
    // and openssl does.
    if (salt.length < 8) {
      throw new InvalidAlgorithmParameterException("Salt must be at least 8 bytes long");
    }
    if (iCount <= 0) {
      throw new InvalidAlgorithmParameterException("IterationCount must be a positive number");
    }
    byte[] derivedKey = derive(passwdChars, salt, iCount, keySize, CIPHER_KEY);
    SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);

    if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
      ((ARCFOURCipher) cipherImpl).engineInit(opmode, cipherKey, random);

    } else {
      byte[] derivedIv = derive(passwdChars, salt, iCount, 8, CIPHER_IV);
      IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);

      // initialize the underlying cipher
      cipher.init(opmode, cipherKey, ivSpec, random);
    }
  }