add some more escaptions

2 files changed, 29 insertions, 8 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index b0d166951..84d40f619 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -22,9 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.util;
 
-import iaik.security.cipher.PBEKey;
-import iaik.security.spec.PBEKeyAndParameterSpec;
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -35,19 +32,26 @@ import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
-
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.security.cipher.PBEKey;
+import iaik.security.spec.PBEKeyAndParameterSpec;
 
 public abstract class AbstractEncrytionUtil {
-	protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+	//protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+	
+	protected static final String CIPHER_MODE = "AES/GCM/NoPadding";
+	public static final int GCM_NONCE_LENGTH = 12; // in bytes
+	public static final int GCM_TAG_LENGTH = 16; // in bytes
+	
 	protected static final String KEYNAME = "AES";
 
 	private SecretKey secret = null;
@@ -114,8 +118,15 @@ public abstract class AbstractEncrytionUtil {
 		
 		if (secret != null) {
 			try {
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
-			    cipher.init(Cipher.ENCRYPT_MODE, secret);
+				final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+				
+//				final byte[] nonce = new byte[GCM_NONCE_LENGTH];				
+//				SecureRandom.getInstanceStrong().nextBytes(nonce);
+		        
+				GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+		        
+				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");				
+			    cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
 				
 			    Logger.debug("Encrypt MOASession");
 			    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index ac2b3c415..38c384c3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -151,6 +151,16 @@ public class Random {
 		
   }
   
+/**
+ * Creates a new random byte[]
+ * 	
+ * @param size Size of random number in byte
+ * @return
+ */
+public static byte[] nextBytes(int size) {
+	return  nextByteRandom(size);
+	
+}
   
   public static void seedRandom() {
 	  
@@ -165,7 +175,7 @@ public class Random {
   /**
    * Generate a new random number
    * 
-   * @param size Size of random number in bits
+   * @param size Size of random number in byte
    * @return
    */
   private static synchronized byte[] nextByteRandom(int size) {