// creates an crypto object that uses PBE based DES encryption.... and yeah, DES is horrid, but
// its what we've got right now
Encrypter(String password) {
try {
// key... like the one I don't to the office... which means I get locked out post 5
KeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(keySpec);
encryptionCipher = Cipher.getInstance(key.getAlgorithm());
decryptionCipher = Cipher.getInstance(key.getAlgorithm());
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterationCount);
encryptionCipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
decryptionCipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
} catch (Exception e) {
System.out.println("Encryption Object Error: " + e);
}
}
public static byte[] func_75895_a(String p_75895_0_, PublicKey p_75895_1_, SecretKey p_75895_2_) {
try {
return func_75893_a(
"SHA-1",
new byte[][] {
p_75895_0_.getBytes("ISO_8859_1"), p_75895_2_.getEncoded(), p_75895_1_.getEncoded()
});
} catch (UnsupportedEncodingException unsupportedencodingexception) {
unsupportedencodingexception.printStackTrace();
}
return null;
}
/**
* Reads the raw data from the input File, encrypts and saves its contents to the output File, and
* then save the raw data of the SecretKey used to the SecretKey File.
*
* @param input the File to be read and encrypted
* @param output the File the encrypted data will be saved to
* @param keyFile the File the SecretKey data will be saved to
* @throws InvalidKeyException if the given key is inappropriate for initializing this cipher, or
* if this cipher is being initialized for decryption and requires algorithm parameters that
* cannot be determined from the given key, or if the given key has a keysize that exceeds the
* maximum allowable keysize (as determined from the configured jurisdiction policy files).
* @throws IOException if any of the files do not exist, are a directory rather than a regular
* file, or for some other reason cannot be opened for reading or if an I/O error occurs.
* @throws IllegalBlockSizeException if the cipher is a block cipher, no padding has been
* requested (only in encryption mode), and the total input length of the data processed by
* this cipher is not a multiple of block size; or if this encryption algorithm is unable to
* process the input data provided.
* @throws BadPaddingException if the cipher is in decryption mode, and (un)padding has been
* requested, but the decrypted data is not bounded by the appropriate padding bytes
*/
public void encrypt(File input, File output, File keyFile)
throws InvalidKeyException, IOException, IllegalBlockSizeException, BadPaddingException {
if (debug) {
System.out.println("Initializing encryption...");
}
cipher.init(Cipher.ENCRYPT_MODE, key);
FileInputStream fis = null;
try {
fis = new FileInputStream(input);
data = new byte[(int) input.length()];
if (debug) {
System.out.println("Reading data...");
}
fis.read(data);
} finally {
if (fis != null) {
fis.close();
}
}
if (debug) {
System.out.println("Encrypting data...");
}
data = cipher.doFinal(data);
FileOutputStream fos = null;
try {
fos = new FileOutputStream(output);
if (debug) {
System.out.println("Saving data...");
}
fos.write(data);
} finally {
if (fos != null) {
fos.close();
}
}
if (debug) {
System.out.println("Saving key...");
}
data = key.getEncoded();
fos = null;
try {
fos = new FileOutputStream(keyFile);
fos.write(data);
} finally {
if (fos != null) {
fos.close();
}
}
if (debug) {
System.out.println("Encryption complete!");
}
data = null;
}
public static void main(String[] args) throws Exception {
// prompt user to enter a port number
System.out.print("Enter the port number: ");
Scanner scan = new Scanner(System.in);
int port = scan.nextInt();
scan.nextLine();
System.out.print("Enter the host name: ");
String hostName = scan.nextLine();
// Initialize a key pair generator with the SKIP parameters we sepcified, and genrating a pair
// This will take a while: 5...15 seconrds
System.out.println("Generating a Diffie-Hellman keypair: ");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
kpg.initialize(PARAMETER_SPEC);
KeyPair keyPair = kpg.genKeyPair();
System.out.println("key pair has been made...");
// one the key pair has been generated, we want to listen on
// a given port for a connection to come in
// once we get a connection, we will get two streams, One for input
// and one for output
// open a port and wait for a connection
ServerSocket ss = new ServerSocket(port);
System.out.println("Listeining on port " + port + " ...");
Socket socket = ss.accept();
// use to output and input primitive data type
DataOutputStream out = new DataOutputStream(socket.getOutputStream());
// next thing to do is send our public key and receive client's
// this corresponds to server step 3 and step 4 in the diagram
System.out.println("Sending my public key...");
byte[] keyBytes = keyPair.getPublic().getEncoded();
out.writeInt(keyBytes.length);
out.write(keyBytes);
System.out.println("Server public key bytes: " + CryptoUtils.toHex(keyBytes));
// receive the client's public key
System.out.println("Receiving client's public key...");
DataInputStream in = new DataInputStream(socket.getInputStream());
keyBytes = new byte[in.readInt()];
in.readFully(keyBytes);
// create client's public key
KeyFactory kf = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509Spec = new X509EncodedKeySpec(keyBytes);
PublicKey clientPublicKey = kf.generatePublic(x509Spec);
// print out client's public key bytes
System.out.println(
"Client public key bytes: " + CryptoUtils.toHex(clientPublicKey.getEncoded()));
// we can now use the client's public key and
// our own private key to perform the key agreement
System.out.println("Performing the key agreement ... ");
KeyAgreement ka = KeyAgreement.getInstance("DH");
ka.init(keyPair.getPrivate());
ka.doPhase(clientPublicKey, true);
// in a chat application, each character is sendt over the wire, separetly encrypted,
// Instead of using ECB, we are goin to use CFB, with a block size of 8 bits(1byte)
// to send each character. We will encrypt the same character in a different way
// each time. But in order to use CFB8, we need an IVof 8 bytes. We will create
// that IV randomly and and send it to the client. It doesn't matter if somoene
// eavesdrops on the IV when it is sent over the wire. it's not sensitive info
// creating the IV and sending it corresponds to step 6 and 7
byte[] iv = new byte[8];
SecureRandom sr = new SecureRandom();
sr.nextBytes(iv);
out.write(iv);
// we generate the secret byte array we share with the client and use it
// to create the session key (Step 8)
byte[] sessionKeyBytes = ka.generateSecret();
// create the session key
SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
DESedeKeySpec DESedeSpec = new DESedeKeySpec(sessionKeyBytes);
SecretKey sessionKey = skf.generateSecret(DESedeSpec);
// printout session key bytes
System.out.println("Session key bytes: " + CryptoUtils.toHex(sessionKey.getEncoded()));
// now use tha that session key and IV to create a CipherInputStream. We will use them to read
// all character
// that are sent to us by the client
System.out.println("Creating the cipher stream ...");
Cipher decrypter = Cipher.getInstance("DESede/CFB8/NoPadding");
IvParameterSpec spec = new IvParameterSpec(iv);
decrypter.init(Cipher.DECRYPT_MODE, sessionKey, spec);
CipherInputStream cipherIn = new CipherInputStream(socket.getInputStream(), decrypter);
// we just keep reading the input and print int to the screen, until -1 sent over
int theCharacter = 0;
theCharacter = cipherIn.read();
while (theCharacter != -1) {
System.out.print((char) theCharacter);
theCharacter = cipherIn.read();
}
// once -1 is received we want to close up our stream and exit
cipherIn.close();
in.close();
out.close();
socket.close();
}
/*
* Calculate the keys needed for this connection, once the session's
* master secret has been calculated. Uses the master key and nonces;
* the amount of keying material generated is a function of the cipher
* suite that's been negotiated.
*
* This gets called both on the "full handshake" (where we exchanged
* a premaster secret and started a new session) as well as on the
* "fast handshake" (where we just resumed a pre-existing session).
*/
void calculateConnectionKeys(SecretKey masterKey) {
/*
* For both the read and write sides of the protocol, we use the
* master to generate MAC secrets and cipher keying material. Block
* ciphers need initialization vectors, which we also generate.
*
* First we figure out how much keying material is needed.
*/
int hashSize = cipherSuite.macAlg.size;
boolean is_exportable = cipherSuite.exportable;
BulkCipher cipher = cipherSuite.cipher;
int expandedKeySize = is_exportable ? cipher.expandedKeySize : 0;
// Which algs/params do we need to use?
String keyMaterialAlg;
PRF prf;
if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
keyMaterialAlg = "SunTls12KeyMaterial";
prf = cipherSuite.prfAlg;
} else {
keyMaterialAlg = "SunTlsKeyMaterial";
prf = P_NONE;
}
String prfHashAlg = prf.getPRFHashAlg();
int prfHashLength = prf.getPRFHashLength();
int prfBlockSize = prf.getPRFBlockSize();
TlsKeyMaterialParameterSpec spec =
new TlsKeyMaterialParameterSpec(
masterKey,
protocolVersion.major,
protocolVersion.minor,
clnt_random.random_bytes,
svr_random.random_bytes,
cipher.algorithm,
cipher.keySize,
expandedKeySize,
cipher.ivSize,
hashSize,
prfHashAlg,
prfHashLength,
prfBlockSize);
try {
KeyGenerator kg = JsseJce.getKeyGenerator(keyMaterialAlg);
kg.init(spec);
TlsKeyMaterialSpec keySpec = (TlsKeyMaterialSpec) kg.generateKey();
clntWriteKey = keySpec.getClientCipherKey();
svrWriteKey = keySpec.getServerCipherKey();
// Return null if IVs are not supposed to be generated.
// e.g. TLS 1.1+.
clntWriteIV = keySpec.getClientIv();
svrWriteIV = keySpec.getServerIv();
clntMacSecret = keySpec.getClientMacKey();
svrMacSecret = keySpec.getServerMacKey();
} catch (GeneralSecurityException e) {
throw new ProviderException(e);
}
//
// Dump the connection keys as they're generated.
//
if (debug != null && Debug.isOn("keygen")) {
synchronized (System.out) {
HexDumpEncoder dump = new HexDumpEncoder();
System.out.println("CONNECTION KEYGEN:");
// Inputs:
System.out.println("Client Nonce:");
printHex(dump, clnt_random.random_bytes);
System.out.println("Server Nonce:");
printHex(dump, svr_random.random_bytes);
System.out.println("Master Secret:");
printHex(dump, masterKey.getEncoded());
// Outputs:
System.out.println("Client MAC write Secret:");
printHex(dump, clntMacSecret.getEncoded());
System.out.println("Server MAC write Secret:");
printHex(dump, svrMacSecret.getEncoded());
if (clntWriteKey != null) {
System.out.println("Client write key:");
printHex(dump, clntWriteKey.getEncoded());
System.out.println("Server write key:");
printHex(dump, svrWriteKey.getEncoded());
} else {
System.out.println("... no encryption keys used");
}
if (clntWriteIV != null) {
System.out.println("Client write IV:");
printHex(dump, clntWriteIV.getIV());
System.out.println("Server write IV:");
printHex(dump, svrWriteIV.getIV());
} else {
if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
System.out.println("... no IV derived for this protocol");
} else {
System.out.println("... no IV used for this cipher");
}
}
System.out.flush();
}
}
}
/*
* Calculate the master secret from its various components. This is
* used for key exchange by all cipher suites.
*
* The master secret is the catenation of three MD5 hashes, each
* consisting of the pre-master secret and a SHA1 hash. Those three
* SHA1 hashes are of (different) constant strings, the pre-master
* secret, and the nonces provided by the client and the server.
*/
private SecretKey calculateMasterSecret(
SecretKey preMasterSecret, ProtocolVersion requestedVersion) {
if (debug != null && Debug.isOn("keygen")) {
HexDumpEncoder dump = new HexDumpEncoder();
System.out.println("SESSION KEYGEN:");
System.out.println("PreMaster Secret:");
printHex(dump, preMasterSecret.getEncoded());
// Nonces are dumped with connection keygen, no
// benefit to doing it twice
}
// What algs/params do we need to use?
String masterAlg;
PRF prf;
if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
masterAlg = "SunTls12MasterSecret";
prf = cipherSuite.prfAlg;
} else {
masterAlg = "SunTlsMasterSecret";
prf = P_NONE;
}
String prfHashAlg = prf.getPRFHashAlg();
int prfHashLength = prf.getPRFHashLength();
int prfBlockSize = prf.getPRFBlockSize();
TlsMasterSecretParameterSpec spec =
new TlsMasterSecretParameterSpec(
preMasterSecret,
protocolVersion.major,
protocolVersion.minor,
clnt_random.random_bytes,
svr_random.random_bytes,
prfHashAlg,
prfHashLength,
prfBlockSize);
SecretKey masterSecret;
try {
KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
kg.init(spec);
masterSecret = kg.generateKey();
} catch (GeneralSecurityException e) {
// For RSA premaster secrets, do not signal a protocol error
// due to the Bleichenbacher attack. See comments further down.
if (!preMasterSecret.getAlgorithm().equals("TlsRsaPremasterSecret")) {
throw new ProviderException(e);
}
if (debug != null && Debug.isOn("handshake")) {
System.out.println("RSA master secret generation error:");
e.printStackTrace(System.out);
System.out.println("Generating new random premaster secret");
}
if (requestedVersion != null) {
preMasterSecret = RSAClientKeyExchange.generateDummySecret(requestedVersion);
} else {
preMasterSecret = RSAClientKeyExchange.generateDummySecret(protocolVersion);
}
// recursive call with new premaster secret
return calculateMasterSecret(preMasterSecret, null);
}
// if no version check requested (client side handshake), or version
// information is not available (not an RSA premaster secret),
// return master secret immediately.
if ((requestedVersion == null) || !(masterSecret instanceof TlsMasterSecret)) {
return masterSecret;
}
// we have checked the ClientKeyExchange message when reading TLS
// record, the following check is necessary to ensure that
// JCE provider does not ignore the checking, or the previous
// checking process bypassed the premaster secret version checking.
TlsMasterSecret tlsKey = (TlsMasterSecret) masterSecret;
int major = tlsKey.getMajorVersion();
int minor = tlsKey.getMinorVersion();
if ((major < 0) || (minor < 0)) {
return masterSecret;
}
// check if the premaster secret version is ok
// the specification says that it must be the maximum version supported
// by the client from its ClientHello message. However, many
// implementations send the negotiated version, so accept both
// for SSL v3.0 and TLS v1.0.
// NOTE that we may be comparing two unsupported version numbers, which
// is why we cannot use object reference equality in this special case.
ProtocolVersion premasterVersion = ProtocolVersion.valueOf(major, minor);
boolean versionMismatch = (premasterVersion.v != requestedVersion.v);
/*
* we never checked the client_version in server side
* for TLS v1.0 and SSL v3.0. For compatibility, we
* maintain this behavior.
*/
if (versionMismatch && requestedVersion.v <= ProtocolVersion.TLS10.v) {
versionMismatch = (premasterVersion.v != protocolVersion.v);
}
if (versionMismatch == false) {
// check passed, return key
return masterSecret;
}
// Due to the Bleichenbacher attack, do not signal a protocol error.
// Generate a random premaster secret and continue with the handshake,
// which will fail when verifying the finished messages.
// For more information, see comments in PreMasterSecret.
if (debug != null && Debug.isOn("handshake")) {
System.out.println(
"RSA PreMasterSecret version error: expected"
+ protocolVersion
+ " or "
+ requestedVersion
+ ", decrypted: "
+ premasterVersion);
System.out.println("Generating new random premaster secret");
}
preMasterSecret = RSAClientKeyExchange.generateDummySecret(requestedVersion);
// recursive call with new premaster secret
return calculateMasterSecret(preMasterSecret, null);
}