1 files changed, 18 insertions, 7 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index b0d166951..84d40f619 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -22,9 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.util;
 
-import iaik.security.cipher.PBEKey;
-import iaik.security.spec.PBEKeyAndParameterSpec;
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -35,19 +32,26 @@ import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
-
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.security.cipher.PBEKey;
+import iaik.security.spec.PBEKeyAndParameterSpec;
 
 public abstract class AbstractEncrytionUtil {
-	protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+	//protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+	
+	protected static final String CIPHER_MODE = "AES/GCM/NoPadding";
+	public static final int GCM_NONCE_LENGTH = 12; // in bytes
+	public static final int GCM_TAG_LENGTH = 16; // in bytes
+	
 	protected static final String KEYNAME = "AES";
 
 	private SecretKey secret = null;
@@ -114,8 +118,15 @@ public abstract class AbstractEncrytionUtil {
 		
 		if (secret != null) {
 			try {
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
-			    cipher.init(Cipher.ENCRYPT_MODE, secret);
+				final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+				
+//				final byte[] nonce = new byte[GCM_NONCE_LENGTH];				
+//				SecureRandom.getInstanceStrong().nextBytes(nonce);
+		        
+				GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+		        
+				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");				
+			    cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
 				
 			    Logger.debug("Encrypt MOASession");