diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 15:33:37 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 15:33:37 +0100 |
commit | e392f06a8e1920e4404f11f74c8f51795ad590a6 (patch) | |
tree | 74d06da7d89582d1448cbb0a3c0c8d1858318b06 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util | |
parent | 813e08137530dba321db7807bd1bb5a53af80541 (diff) | |
download | moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.tar.gz moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.tar.bz2 moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.zip |
add some more escaptions
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java | 25 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java | 12 |
2 files changed, 29 insertions, 8 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index b0d166951..84d40f619 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -22,9 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.util; -import iaik.security.cipher.PBEKey; -import iaik.security.spec.PBEKeyAndParameterSpec; - import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; @@ -35,19 +32,26 @@ import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; - import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.security.cipher.PBEKey; +import iaik.security.spec.PBEKeyAndParameterSpec; public abstract class AbstractEncrytionUtil { - protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding"; + //protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding"; + + protected static final String CIPHER_MODE = "AES/GCM/NoPadding"; + public static final int GCM_NONCE_LENGTH = 12; // in bytes + public static final int GCM_TAG_LENGTH = 16; // in bytes + protected static final String KEYNAME = "AES"; private SecretKey secret = null; @@ -114,8 +118,15 @@ public abstract class AbstractEncrytionUtil { if (secret != null) { try { - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.ENCRYPT_MODE, secret); + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + +// final byte[] nonce = new byte[GCM_NONCE_LENGTH]; +// SecureRandom.getInstanceStrong().nextBytes(nonce); + + GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + + cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); Logger.debug("Encrypt MOASession"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index ac2b3c415..38c384c3a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -151,6 +151,16 @@ public class Random { } +/** + * Creates a new random byte[] + * + * @param size Size of random number in byte + * @return + */ +public static byte[] nextBytes(int size) { + return nextByteRandom(size); + +} public static void seedRandom() { @@ -165,7 +175,7 @@ public class Random { /** * Generate a new random number * - * @param size Size of random number in bits + * @param size Size of random number in byte * @return */ private static synchronized byte[] nextByteRandom(int size) { |