private SaltedSecretKey createSaltedSecretKey(CipherSpec cipherSpec) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException { byte[] salt = CipherUtil.createRandomArray(MultiCipherOutputStream.SALT_SIZE); return createSaltedSecretKey(cipherSpec, salt); }
public static SaltedSecretKey toSaltedSecretKey(byte[] secretKeyBytes, byte[] saltBytes, String algorithm) { return new SaltedSecretKey(toSecretKey(secretKeyBytes, algorithm), saltBytes); }
@Override public String getString(CipherSpec cipherSpec) { return "" + cipherSpec.getId(); } });
@Test public void testCipherSpec2() { CipherSpec twofish128CipherSpec = CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM); assertEquals(twofish128CipherSpec.getId(), 2); assertEquals(twofish128CipherSpec.getAlgorithm(), "Twofish/GCM/NoPadding"); assertEquals(twofish128CipherSpec.getKeySize(), 128); assertEquals(twofish128CipherSpec.getIvSize(), 128); assertEquals(twofish128CipherSpec.needsUnlimitedStrength(), false); assertNotNull(twofish128CipherSpec.toString()); }
@Test public void testCipherSessionReadKeyCacheSizeOfThree() throws Exception { SaltedSecretKey masterKey = createDummyMasterKey(); CipherSession cipherSession = new CipherSession(masterKey, 2, 999); CipherSpec cipherSpecAes128 = CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM); byte[] readKeySalt1 = CipherUtil.createRandomArray(cipherSpecAes128.getKeySize()); byte[] readKeySalt2 = CipherUtil.createRandomArray(cipherSpecAes128.getKeySize()); byte[] readKeySalt3 = CipherUtil.createRandomArray(cipherSpecAes128.getKeySize()); SaltedSecretKey readSecretKey1Aes128 = cipherSession.getReadSecretKey(cipherSpecAes128, readKeySalt1); SaltedSecretKey readSecretKey2Aes128 = cipherSession.getReadSecretKey(cipherSpecAes128, readKeySalt2); SaltedSecretKey readSecretKey3Aes128 = cipherSession.getReadSecretKey(cipherSpecAes128, readKeySalt3); assertNotSame(readSecretKey1Aes128, readSecretKey2Aes128); assertNotSame(readSecretKey1Aes128, readSecretKey3Aes128); assertNotSame(readSecretKey2Aes128, readSecretKey3Aes128); // TODO [medium] This does NOT TEST the actual read cache. How to test this. The cache is completely hidden/private?! }
private InputStream readCipherSpecsAndUpdateHmac(InputStream underlyingInputStream, Mac hmac, CipherSession cipherSession) throws Exception { int cipherSpecCount = readByteAndUpdateHmac(underlyingInputStream, hmac); InputStream nestedCipherInputStream = underlyingInputStream; for (int i=0; i<cipherSpecCount; i++) { int cipherSpecId = readByteAndUpdateHmac(underlyingInputStream, hmac); CipherSpec cipherSpec = CipherSpecs.getCipherSpec(cipherSpecId); if (cipherSpec == null) { throw new IOException("Cannot find cipher spec with ID "+cipherSpecId); } byte[] salt = readAndUpdateHmac(underlyingInputStream, MultiCipherOutputStream.SALT_SIZE, hmac); byte[] iv = readAndUpdateHmac(underlyingInputStream, cipherSpec.getIvSize()/8, hmac); SecretKey secretKey = cipherSession.getReadSecretKey(cipherSpec, salt); nestedCipherInputStream = cipherSpec.newCipherInputStream(nestedCipherInputStream, secretKey.getEncoded(), iv); } return nestedCipherInputStream; }
@Test public void testCipherSpecHashCodeEquals() { CipherSpec cipherSpec1 = CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM); CipherSpec cipherSpec2 = CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM); assertNotSame(cipherSpec1.hashCode(), cipherSpec2.hashCode()); assertNotSame(cipherSpec1, cipherSpec2); assertEquals(0x01, cipherSpec1.getId()); } }
private Mac readHmacSaltAndInitHmac(InputStream inputStream, CipherSession cipherSession) throws Exception { byte[] hmacSalt = readNoHmac(inputStream, MultiCipherOutputStream.SALT_SIZE); SecretKey hmacSecretKey = cipherSession.getReadSecretKey(MultiCipherOutputStream.HMAC_SPEC, hmacSalt); Mac hmac = Mac.getInstance(MultiCipherOutputStream.HMAC_SPEC.getAlgorithm(), CRYPTO_PROVIDER_ID); hmac.init(hmacSecretKey); return hmac; }
public static SaltedSecretKey createMasterKey(String password) throws CipherException { byte[] salt = createRandomArray(MASTER_KEY_SALT_SIZE / 8); return createMasterKey(password, salt); }
private void initCipherSession(String masterKeyStr, String masterKeySaltStr) { byte[] masterKeySalt = StringUtil.fromHex(masterKeySaltStr); byte[] masterKeyBytes = StringUtil.fromHex(masterKeyStr); SaltedSecretKey masterKey = new SaltedSecretKey(new SecretKeySpec(masterKeyBytes, "RAW"), masterKeySalt); cipherSession = new CipherSession(masterKey); }
@Test public void testCipherAes128AndTwofish128() throws Exception { doTestEncryption( Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(1), CipherSpecs.getCipherSpec(2) }) ); }
@Test public void testEncryptShortArrayAes128Twofish128() throws Exception { testEncrypt( new byte[] { 1, 2, 3, 4 }, Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM), CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM) }) ); }
protected String getRandomMachineName() { return CipherUtil.createRandomAlphabeticString(20); }
private SaltedSecretKey createSaltedSecretKey(CipherSpec cipherSpec, byte[] salt) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException { return CipherUtil.createDerivedKey(masterKey, salt, cipherSpec); }
public CipherTransformer(List<CipherSpec> cipherSpecs, SaltedSecretKey masterKey) { this.cipherSpecs = cipherSpecs; this.cipherSession = new CipherSession(masterKey); }
private static SaltedSecretKey getMasterKey() throws Exception { if (!cryptoEnabled) { return null; } else { if (masterKey == null) { masterKey = CipherUtil.createMasterKey("some password"); } return masterKey; } }
public CipherSpec(int id, String algorithm, int keySize, int ivSize, boolean needsUnlimitedStrength) { this.id = id; this.algorithm = algorithm; this.keySize = keySize; this.ivSize = ivSize; this.needsUnlimitedStrength = needsUnlimitedStrength; doSanityChecks(); }
public static SSLContext createUserSSLContext() throws Exception { return CipherUtil.createSSLContext(userKeyStore, userTrustStore); }
@Test public void testCipherAes256AndTwofish256() throws Exception { doTestEncryption( Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(3), CipherSpecs.getCipherSpec(4) }) ); }
@Test public void testEncryptShortArrayAes128Gcm() throws Exception { testEncrypt( new byte[] { 1, 2, 3, 4 }, Arrays.asList(new CipherSpec[] { CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM) }) ); }