private List<CipherSpec> getCipherSpecs(boolean encryptionEnabled, boolean advancedModeEnabled) throws Exception { List<CipherSpec> cipherSpecs = new ArrayList<CipherSpec>(); if (encryptionEnabled) { if (advancedModeEnabled) { cipherSpecs = askCipherSpecs(); } else { // Default cipherSpecs = CipherSpecs.getDefaultCipherSpecs(); } } return cipherSpecs; }
/** * Returns the default {@link CipherSpec}s used by the application. */ public static List<CipherSpec> getDefaultCipherSpecs() { List<CipherSpec> cipherSpecs = new ArrayList<CipherSpec>(); for (int cipherSpecId : DEFAULT_CIPHER_SPECS) { cipherSpecs.add(getCipherSpec(cipherSpecId)); } return cipherSpecs; }
@Test public void testCipherSpecs() { Map<Integer, CipherSpec> availableCipherSpecs = CipherSpecs.getAvailableCipherSpecs(); assertEquals(4, availableCipherSpecs.size()); assertEquals(availableCipherSpecs.get(CipherSpecs.AES_128_GCM).getAlgorithm(), "AES/GCM/NoPadding"); }
private List<CipherSpec> askCipherSpecs() throws Exception { List<CipherSpec> cipherSpecs = new ArrayList<CipherSpec>(); Map<Integer, CipherSpec> availableCipherSpecs = CipherSpecs.getAvailableCipherSpecs();
private void initCipherSpecs(String cipherSpecListStr) throws Exception { String[] cipherSpecIdStrs = cipherSpecListStr.split(","); for (String cipherSpecIdStr : cipherSpecIdStrs) { int cipherSpecId = Integer.parseInt(cipherSpecIdStr); CipherSpec cipherSpec = CipherSpecs.getCipherSpec(cipherSpecId); if (cipherSpec == null) { throw new Exception("Cannot find cipher suite with ID '"+cipherSpecId+"'"); } cipherSpecs.add(cipherSpec); } }
public static String encrypt(String decryptedPlainString) throws CipherException { InputStream plaintextInputStream = IOUtils.toInputStream(decryptedPlainString); byte[] encryptedBytes = CipherUtil.encrypt(plaintextInputStream, CipherSpecs.getDefaultCipherSpecs(), UserConfig.getConfigEncryptionKey()); return StringUtil.toHex(encryptedBytes); } }
@Test public void testCipherAes128AndTwofish128() throws Exception { doTestEncryption( Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(1), CipherSpecs.getCipherSpec(2) }) ); }
public String createEncryptedLink(SaltedSecretKey masterKey) throws Exception { byte[] plaintextStorageXml = getPlaintextStorageXml(); List<CipherSpec> cipherSpecs = CipherSpecs.getDefaultCipherSpecs(); // TODO [low] Shouldn't this be the same as the application?! byte[] masterKeySalt = masterKey.getSalt(); byte[] encryptedPluginBytes = CipherUtil.encrypt(new ByteArrayInputStream(plaintextStorageXml), cipherSpecs, masterKey); String masterKeySaltEncodedStr = Base58.encode(masterKeySalt); String encryptedEncodedPlugin = Base58.encode(encryptedPluginBytes); String applicationLink = String.format(LINK_FORMAT_ENCRYPTED, masterKeySaltEncodedStr, encryptedEncodedPlugin); if (shortUrl) { return shortenLink(applicationLink); } else { return applicationLink; } }
@Test public void testCipherAes256AndTwofish256() throws Exception { doTestEncryption( Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(3), CipherSpecs.getCipherSpec(4) }) ); }
public static InitOperationOptions createTestInitOperationOptions(String machineName) throws Exception { File tempLocalDir = TestFileUtil.createTempDirectoryInSystemTemp(createUniqueName("client-" + machineName, machineName)); File tempRepoDir = TestFileUtil.createTempDirectoryInSystemTemp(createUniqueName("repo", machineName)); tempLocalDir.mkdirs(); tempRepoDir.mkdirs(); RepoTO repoTO = createRepoTO(); // Create config TO ConfigTO configTO = new ConfigTO(); configTO.setMachineName(machineName + Math.abs(new Random().nextInt())); // Get Masterkey SaltedSecretKey masterKey = getMasterKey(); configTO.setMasterKey(masterKey); // Generic connection settings wont work anymore, because they are plugin dependent now. LocalTransferSettings transferSettings = Plugins.get("local", TransferPlugin.class).createEmptySettings(); transferSettings.setPath(tempRepoDir); configTO.setTransferSettings(transferSettings); InitOperationOptions operationOptions = new InitOperationOptions(); operationOptions.setLocalDir(tempLocalDir); operationOptions.setConfigTO(configTO); operationOptions.setRepoTO(repoTO); operationOptions.setEncryptionEnabled(cryptoEnabled); operationOptions.setCipherSpecs(CipherSpecs.getDefaultCipherSpecs()); operationOptions.setPassword(cryptoEnabled ? "some password" : null); return operationOptions; }
@Test public void testEncryptShortArrayAes128Twofish128() throws Exception { testEncrypt( new byte[] { 1, 2, 3, 4 }, Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM), CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM) }) ); }
@Test public void testEncryptLongArrayAes258Twofish256UnlimitedStrength() throws Exception { testEncrypt( TestFileUtil.createRandomArray(1024*1024), Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(CipherSpecs.AES_256_GCM), CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_256_GCM) }) ); }
@Test public void testEncryptLongArrayAes128Twofish128() throws Exception { testEncrypt( TestFileUtil.createRandomArray(1024*1024), Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM), CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM) }) ); }
@Test public void testEncryptShortArrayAes128Gcm() throws Exception { testEncrypt( new byte[] { 1, 2, 3, 4 }, Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM) }) ); }
private InputStream readCipherSpecsAndUpdateHmac(InputStream underlyingInputStream, Mac hmac, CipherSession cipherSession) throws Exception { int cipherSpecCount = readByteAndUpdateHmac(underlyingInputStream, hmac); InputStream nestedCipherInputStream = underlyingInputStream; for (int i=0; i<cipherSpecCount; i++) { int cipherSpecId = readByteAndUpdateHmac(underlyingInputStream, hmac); CipherSpec cipherSpec = CipherSpecs.getCipherSpec(cipherSpecId); if (cipherSpec == null) { throw new IOException("Cannot find cipher spec with ID "+cipherSpecId); } byte[] salt = readAndUpdateHmac(underlyingInputStream, MultiCipherOutputStream.SALT_SIZE, hmac); byte[] iv = readAndUpdateHmac(underlyingInputStream, cipherSpec.getIvSize()/8, hmac); SecretKey secretKey = cipherSession.getReadSecretKey(cipherSpec, salt); nestedCipherInputStream = cipherSpec.newCipherInputStream(nestedCipherInputStream, secretKey.getEncoded(), iv); } return nestedCipherInputStream; }
@Test public void testEncryptLongArrayAes128Gcm() throws Exception { testEncrypt( TestFileUtil.createRandomArray(1024*1024), Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM) }) ); }
@Test public void testCipherSpecHashCodeEquals() { CipherSpec cipherSpec1 = CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM); CipherSpec cipherSpec2 = CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM); assertNotSame(cipherSpec1.hashCode(), cipherSpec2.hashCode()); assertNotSame(cipherSpec1, cipherSpec2); assertEquals(0x01, cipherSpec1.getId()); } }
cipherSpecs.add(CipherSpecs.getCipherSpec(1)); cipherSpecs.add(CipherSpecs.getCipherSpec(2));
@Test(expected = Exception.class) public void testIntegrityTwofishGcmCiphertext() throws Exception { SaltedSecretKey masterKey = createDummyMasterKey(); byte[] originalPlaintext = TestFileUtil.createRandomArray(50); byte[] ciphertext = CipherUtil.encrypt( new ByteArrayInputStream(originalPlaintext), Arrays.asList(CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM)), masterKey ); // Alter ciphertext (after header!); ciphertext starts after 75 bytes ciphertext[80] = (byte) (ciphertext[80] ^ 0x01); byte[] plaintext = CipherUtil.decrypt(new ByteArrayInputStream(ciphertext), masterKey); System.out.println(StringUtil.toHex(originalPlaintext)); System.out.println(StringUtil.toHex(plaintext)); fail("TEST FAILED: Ciphertext was altered without exception."); }
@Test(expected = CipherException.class) public void testIntegrityAesGcmCiphertext() throws Exception { SaltedSecretKey masterKey = createDummyMasterKey(); byte[] originalPlaintext = TestFileUtil.createRandomArray(50); byte[] ciphertext = CipherUtil.encrypt( new ByteArrayInputStream(originalPlaintext), Arrays.asList(CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM)), masterKey ); // Alter ciphertext (after header!); ciphertext starts after 75 bytes ciphertext[80] = (byte) (ciphertext[80] ^ 0x01); ciphertext[81] = (byte) (ciphertext[81] ^ 0x02); ciphertext[82] = (byte) (ciphertext[82] ^ 0x03); CipherUtil.decrypt(new ByteArrayInputStream(ciphertext), masterKey); fail("TEST FAILED: Ciphertext was altered without exception."); }