AES used for encryption

Author: thsc42

src/net/sharksystem/asap/protocol/ASAP_Modem_Impl.java

@@ -2,6 +2,7 @@
 
 import net.sharksystem.asap.ASAPException;
 import net.sharksystem.asap.ASAPSecurityException;
+import net.sharksystem.crypto.ASAPBasicKeyStorage;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -10,13 +11,13 @@
 import java.util.List;
 
 public class ASAP_Modem_Impl implements ASAP_1_0 {
-    private final ASAPReadonlyKeyStorage signAndEncryptionKeyStorage;
+    private final ASAPBasicKeyStorage signAndEncryptionKeyStorage;
 
     public ASAP_Modem_Impl() {
         this.signAndEncryptionKeyStorage = null; // no key storage
     }
 
-    public ASAP_Modem_Impl(ASAPReadonlyKeyStorage signAndEncryptionKeyStorage) {
+    public ASAP_Modem_Impl(ASAPBasicKeyStorage signAndEncryptionKeyStorage) {
         this.signAndEncryptionKeyStorage = signAndEncryptionKeyStorage;
     }
 

src/net/sharksystem/asap/protocol/CryptoSession.java

@@ -1,21 +1,21 @@
 package net.sharksystem.asap.protocol;
 
-import net.sharksystem.Utils;
 import net.sharksystem.asap.ASAPException;
 import net.sharksystem.asap.ASAPSecurityException;
+import net.sharksystem.asap.protocol.ASAP_1_0;
+import net.sharksystem.asap.protocol.PDU_Impl;
+import net.sharksystem.crypto.ASAPBasicKeyStorage;
 
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
+import javax.crypto.*;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.*;
 import java.security.*;
 
 class CryptoSession {
-    public static final int MAX_ENCRYPTION_BLOCK_SIZE = 240;
+    private static final int MAX_ENCRYPTION_BLOCK_SIZE = 128;
     private Signature signature;
     private CharSequence recipient;
-    private ASAPReadonlyKeyStorage keyStorage;
+    private ASAPBasicKeyStorage keyStorage;
     private Cipher cipher = null;
     private PublicKey publicKey;
     private byte cmd;
@@ -25,13 +25,13 @@ class CryptoSession {
     private ByteArrayOutputStream asapMessageOS;
     private InputStreamCopy verifyStream;
 
-    CryptoSession(ASAPReadonlyKeyStorage keyStorage) {
+    CryptoSession(ASAPBasicKeyStorage keyStorage) {
         this.keyStorage = keyStorage;
     }
 
     CryptoSession(byte cmd, OutputStream os, boolean sign, boolean encrypted,
                   CharSequence recipient,
-                  ASAPReadonlyKeyStorage keyStorage)
+                  ASAPBasicKeyStorage keyStorage)
             throws ASAPSecurityException {
 
         this.cmd = cmd;
@@ -113,7 +113,7 @@ byte getCMD() {
         return this.cmd;
     }
 
-    OutputStream getOutputStream() {
+    public OutputStream getOutputStream() {
         return this.effectivOS;
     }
 
@@ -160,20 +160,35 @@ public void finish() throws ASAPSecurityException {
                 // encrypted asap message
                 byte[] asapMessageAsBytes = this.asapMessageOS.toByteArray();
 
-                // TODO: create AES key, encrypt with RSA, send and encrypt rest with that AES key
+                // get symmetric key
+                SecretKey encryptionKey = this.keyStorage.generateSymmetricKey();
+                byte[] encodedSymmetricKey = encryptionKey.getEncoded();
 
-                // that stuff will not work.
-                int i = 0;
-                while(i +  MAX_ENCRYPTION_BLOCK_SIZE < asapMessageAsBytes.length) {
-                    this.cipher.update(asapMessageAsBytes, i, MAX_ENCRYPTION_BLOCK_SIZE);
-                    i += MAX_ENCRYPTION_BLOCK_SIZE;
-                }
+                // encrypt key
+                byte[] encryptedSymmetricKeyBytes = this.cipher.doFinal(encodedSymmetricKey);
+
+                // send encrypted key
+                this.writeByteArray(encryptedSymmetricKeyBytes, this.realOS);
+
+                // encrypt message with symmetric key
+                try {
+                    this.cipher = Cipher.getInstance(keyStorage.getSymmetricEncryptionAlgorithm());
+                    this.cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
+
+                    // block by block
+                    int i = 0;
+                    while(i +  MAX_ENCRYPTION_BLOCK_SIZE < asapMessageAsBytes.length) {
+                        this.cipher.update(asapMessageAsBytes, i, MAX_ENCRYPTION_BLOCK_SIZE);
+                        i += MAX_ENCRYPTION_BLOCK_SIZE;
+                    }
 
-                int lastStepLen = asapMessageAsBytes.length - i;
-                byte[] encryptedBytes = this.cipher.doFinal(asapMessageAsBytes, i, lastStepLen);
+                    int lastStepLen = asapMessageAsBytes.length - i;
+                    byte[] encryptedContent = this.cipher.doFinal(asapMessageAsBytes, i, lastStepLen);
 
-                this.writeByteArray(encryptedBytes, this.realOS);
-                this.realOS.write(encryptedBytes);
+                    this.writeByteArray(encryptedContent, this.realOS);
+                } catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchPaddingException e) {
+                    throw new ASAPSecurityException(this.getLogStart(), e);
+                }
             } catch (IllegalBlockSizeException | BadPaddingException | IOException e) {
                 throw new ASAPSecurityException(this.getLogStart(), e);
             }
@@ -236,30 +251,32 @@ public boolean verify(String sender, InputStream is) throws IOException, ASAPExc
 
     ////////////////////////////////// decrypt
 
-    InputStream decrypt(InputStream is) throws ASAPSecurityException {
+    public InputStream decrypt(InputStream is) throws ASAPSecurityException {
         return this.decrypt(is, this.keyStorage.getPrivateKey());
     }
 
-    // parameter private key is usually no option. There is just one - burt was good for debugging
+    // parameter private key is usually not an option. Good entry for testing / debugging, though
     private InputStream decrypt(InputStream is, PrivateKey privateKey) throws ASAPSecurityException {
         try {
+            // read encrypted symmetric key
+            byte[] encryptedSymmetricKey = this.readByteArray(is);
+
+            // decrypt encoded symmetric key
             this.cipher = Cipher.getInstance(keyStorage.getRSAEncryptionAlgorithm());
             this.cipher.init(Cipher.DECRYPT_MODE, privateKey);
+            byte[] encodedSymmetricKey = this.cipher.doFinal(encryptedSymmetricKey);
 
-            // read encrypted message
-            byte[] messageBytes = this.readByteArray(is);
-
-            /*
-            // read len
-            int len = PDU_Impl.readIntegerParameter(is);
-            byte[] messageBytes = new byte[len];
+            // create symmetric key object
+            SecretKey symmetricKey =
+                    new SecretKeySpec(encodedSymmetricKey, this.keyStorage.getSymmetricKeyType());
 
-            // read encrypted bytes from stream
-            is.read(messageBytes);
-             */
+            // read content
+            byte[] encryptedContent = this.readByteArray(is);
 
-            // decrypt
-            byte[] decryptedBytes = this.cipher.doFinal(messageBytes);
+            // decrypt content
+            Cipher symmetricCipher = Cipher.getInstance(keyStorage.getSymmetricEncryptionAlgorithm());
+            symmetricCipher.init(Cipher.DECRYPT_MODE, symmetricKey);
+            byte[] decryptedBytes = symmetricCipher.doFinal(encryptedContent);
             return new ByteArrayInputStream(decryptedBytes);
         } catch (BadPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException |
                 NoSuchPaddingException | InvalidKeyException | IOException | ASAPException e) {

src/net/sharksystem/asap/protocol/PDU_Impl.java

@@ -89,11 +89,11 @@ protected static void sendHeader(byte cmd, int flags, OutputStream os) throws IO
         PDU_Impl.sendByteParameter((byte)flags, os); // mand
     }
 
-    protected static void sendFlags(int flags, OutputStream os) throws IOException {
+    public static void sendFlags(int flags, OutputStream os) throws IOException {
         PDU_Impl.sendByteParameter((byte)flags, os); // mand
     }
 
-    protected static void sendCmd(byte cmd, OutputStream os) throws IOException {
+    public static void sendCmd(byte cmd, OutputStream os) throws IOException {
         PDU_Impl.sendByteParameter(cmd, os); // mand
     }
 
@@ -106,58 +106,6 @@ protected void evaluateFlags(int flag) {
         this.eraTo = flagSet(ERA_TO_BIT_POSITION, flag);
         this.offsetsSet = flagSet(OFFSETS_BIT_POSITION, flag);
         this.signed = flagSet(SIGNED_TO_BIT_POSITION, flag);
-
-        /*
-        // sender parameter set ?
-        int testFlag = 1;
-        testFlag = testFlag << SENDER_BIT_POSITION;
-        int result = flag & testFlag;
-        senderSet = result != 0;
-
-        // recipient peer parameter set ?
-        testFlag = 1;
-        testFlag = testFlag << RECIPIENT_BIT_POSITION;
-        result = flag & testFlag;
-        recipientSet = result != 0;
-
-
-        // channel parameter set ?
-        testFlag = 1;
-        testFlag = testFlag << CHANNEL_BIT_POSITION;
-        result = flag & testFlag;
-        channelSet = result != 0;
-
-        // era parameter set ?
-        testFlag = 1;
-        testFlag = testFlag << ERA_BIT_POSITION;
-        result = flag & testFlag;
-        eraSet = result != 0;
-
-        // era from parameter set ?
-        testFlag = 1;
-        testFlag = testFlag << ERA_FROM_BIT_POSITION;
-        result = flag & testFlag;
-        eraFrom = result != 0;
-
-        // era from parameter set ?
-        testFlag = 1;
-        testFlag = testFlag << ERA_TO_BIT_POSITION;
-        result = flag & testFlag;
-        eraTo = result != 0;
-
-        // offsets parameter set ?
-        testFlag = 1;
-        testFlag = testFlag << OFFSETS_BIT_POSITION;
-        result = flag & testFlag;
-        offsetsSet = result != 0;
-
-        // signed parameter set ?
-        testFlag = 1;
-        testFlag = testFlag << SIGNED_TO_BIT_POSITION;
-        result = flag & testFlag;
-        this.signed = result != 0;
-         */
-
     }
 
     static boolean flagSet(int bitPosition, int flags) {

…sap/protocol/ASAPReadonlyKeyStorage.java …rksystem/crypto/ASAPBasicKeyStorage.javasrc/net/sharksystem/asap/protocol/ASAPReadonlyKeyStorage.java renamed to src/net/sharksystem/crypto/ASAPBasicKeyStorage.java src/net/sharksystem/asap/protocol/ASAPReadonlyKeyStorage.java renamed to src/net/sharksystem/crypto/ASAPBasicKeyStorage.java

@@ -1,11 +1,12 @@
-package net.sharksystem.asap.protocol;
+package net.sharksystem.crypto;
 
 import net.sharksystem.asap.ASAPSecurityException;
 
+import javax.crypto.SecretKey;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 
-public interface ASAPReadonlyKeyStorage {
+public interface ASAPBasicKeyStorage {
     /**
      *
      * @return private key of local device - for signing
@@ -33,4 +34,10 @@ public interface ASAPReadonlyKeyStorage {
     String getRSAEncryptionAlgorithm();
 
     String getRSASigningAlgorithm();
+
+    SecretKey generateSymmetricKey() throws ASAPSecurityException;
+
+    String getSymmetricEncryptionAlgorithm();
+
+    String getSymmetricKeyType();
 }

…em/asap/protocol/TestASAPKeyStorage.java …arksystem/crypto/TestASAPKeyStorage.javatest/net/sharksystem/asap/protocol/TestASAPKeyStorage.java renamed to src/net/sharksystem/crypto/TestASAPKeyStorage.java test/net/sharksystem/asap/protocol/TestASAPKeyStorage.java renamed to src/net/sharksystem/crypto/TestASAPKeyStorage.java

@@ -1,22 +1,28 @@
-package net.sharksystem.asap.protocol;
+package net.sharksystem.crypto;
 
 import net.sharksystem.asap.ASAPSecurityException;
 import net.sharksystem.asap.util.Log;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import java.security.*;
 import java.util.HashMap;
 
-public class TestASAPKeyStorage implements ASAPReadonlyKeyStorage {
+public class TestASAPKeyStorage implements ASAPBasicKeyStorage {
     private final KeyPair keyPair;
     private final String name;
     private long timeInMillis = 0;
 
     public static final String DEFAULT_RSA_ENCRYPTION_ALGORITHM = "RSA/ECB/PKCS1Padding";
-    public static final String DEFAULT_SIGNATURE_METHOD = "SHA256withRSA";
+    public static final String DEFAULT_SYMMETRIC_KEY_TYPE = "AES";
+    public static final String DEFAULT_SYMMETRIC_ENCRYPTION_ALGORITHM = "AES/ECB/PKCS5Padding";
+//    public static int DEFAULT_AES_KEY_SIZE = 256; TODO we need a better one
+    public static int DEFAULT_AES_KEY_SIZE = 128;
+    public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256withRSA";
 
     private HashMap<String, KeyPair> peerKeyPairs = new HashMap<>();
 
-    TestASAPKeyStorage(String name) throws ASAPSecurityException {
+    public TestASAPKeyStorage(String name) throws ASAPSecurityException {
         // generate owners key pair;
         this.name = name;
         this.keyPair = this.generateKeyPair();
@@ -28,6 +34,21 @@ public TestASAPKeyStorage(String name, KeyPair ownerKeyPair) {
         this.keyPair = ownerKeyPair;
     }
 
+    public SecretKey generateSymmetricKey() throws ASAPSecurityException {
+        try {
+            KeyGenerator gen = KeyGenerator.getInstance(DEFAULT_SYMMETRIC_KEY_TYPE);
+            gen.init(DEFAULT_AES_KEY_SIZE);
+            SecretKey secretKey = gen.generateKey();
+            return secretKey;
+        } catch (NoSuchAlgorithmException e) {
+            throw new ASAPSecurityException(this.getLogStart(), e);
+        }
+    }
+
+    private String getLogStart() {
+        return this.getClass().getSimpleName() + ": ";
+    }
+
     private KeyPair generateKeyPair() throws ASAPSecurityException {
         Log.writeLog(this, "create key pair");
         KeyPairGenerator keyGen = null;
@@ -97,9 +118,19 @@ public String getRSAEncryptionAlgorithm() {
         return DEFAULT_RSA_ENCRYPTION_ALGORITHM;
     }
 
+    @Override
+    public String getSymmetricEncryptionAlgorithm() {
+        return DEFAULT_SYMMETRIC_ENCRYPTION_ALGORITHM;
+    }
+
+    @Override
+    public String getSymmetricKeyType() {
+        return DEFAULT_SYMMETRIC_KEY_TYPE;
+    }
+
     @Override
     public String getRSASigningAlgorithm() {
-        return DEFAULT_SIGNATURE_METHOD;
+        return DEFAULT_SIGNATURE_ALGORITHM;
     }
 
     public void addKeyPair(String peerID, KeyPair keyPair) {

test/net/sharksystem/asap/protocol/PDUTests.java

@@ -1,6 +1,7 @@
 package net.sharksystem.asap.protocol;
 
 import net.sharksystem.asap.ASAPException;
+import net.sharksystem.crypto.TestASAPKeyStorage;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -9,8 +10,6 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import static net.sharksystem.asap.protocol.ASAP_1_0.ERA_NOT_DEFINED;
-
 public class PDUTests {
     public static final String ALICE_ID = "Alice";
     public static final String BOB_ID = "Bob";

test/net/sharksystem/asap/protocol/Workbench.java

@@ -1,6 +1,7 @@
 package net.sharksystem.asap.protocol;
 
 import net.sharksystem.asap.ASAPException;
+import net.sharksystem.crypto.TestASAPKeyStorage;
 import org.junit.Assert;
 import org.junit.Test;