switched to AES/CBC/PKCS5, poster updated

pull/5/head
Felix Prahl-Kamps 2018-09-05 20:02:32 +02:00
parent 50e275fad4
commit adfba70f07
4 changed files with 95 additions and 35 deletions

View File

@ -21,11 +21,13 @@ import android.view.View;
import android.widget.CheckBox; import android.widget.CheckBox;
import android.widget.TextView; import android.widget.TextView;
import de.overview.wg.its.mispbump.adapter.SyncedPartnerAdapter; import de.overview.wg.its.mispbump.adapter.SyncedPartnerAdapter;
import de.overview.wg.its.mispbump.auxiliary.AESSecurity;
import de.overview.wg.its.mispbump.auxiliary.PreferenceManager; import de.overview.wg.its.mispbump.auxiliary.PreferenceManager;
import de.overview.wg.its.mispbump.model.SyncedPartner; import de.overview.wg.its.mispbump.model.SyncedPartner;
import de.overview.wg.its.mispbump.preferences.AppPreferenceActivity; import de.overview.wg.its.mispbump.preferences.AppPreferenceActivity;
import de.overview.wg.its.mispbump.preferences.AppPreferenceFragment; import de.overview.wg.its.mispbump.preferences.AppPreferenceFragment;
import java.security.PublicKey;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -80,6 +82,29 @@ public class MainActivity extends AppCompatActivity {
} }
private void testAESSecurity() {
String data = "This is the secret message";
AESSecurity aesA = AESSecurity.getInstance();
AESSecurity aesB = AESSecurity.getInstance();
PublicKey pubA = aesA.getPublicKey();
PublicKey pubB = aesB.getPublicKey();
aesA.setForeignPublicKey(pubB);
aesB.setForeignPublicKey(pubA);
emptyPartnerListView.setText("ORIGINAL: " + data + "\n");
String encrypted = aesA.encrypt(data);
emptyPartnerListView.append("ENCRYPTED BY A: " + encrypted + "\n");
String decrypted = aesB.decrypt(encrypted);
emptyPartnerListView.append("DECRYPTED BY B: " + decrypted);
}
private void initializeViews() { private void initializeViews() {
Toolbar toolbar = findViewById(R.id.toolbar); Toolbar toolbar = findViewById(R.id.toolbar);
@ -149,15 +174,8 @@ public class MainActivity extends AppCompatActivity {
} }
private void refreshSyncedPartnerList() { private void refreshSyncedPartnerList() {
// syncedPartnerList = PreferenceManager.Instance(this).getSyncedPartnerList(); // todo: uncomment
// syncedPartnerList = PreferenceManager.Instance(this).getSyncedPartnerList();
SyncedPartner sp = new SyncedPartner("Example Organisation 1", "https://www.organisationa1.de");
sp.generateTimeStamp();
syncedPartnerList.add(sp);
sp = new SyncedPartner("Example Organisation 2", "https://www.organisation2.de");
sp.generateTimeStamp();
syncedPartnerList.add(sp);
if (syncedPartnerList == null || syncedPartnerList.size() < 1) { if (syncedPartnerList == null || syncedPartnerList.size() < 1) {
emptyPartnerListView.setVisibility(View.VISIBLE); emptyPartnerListView.setVisibility(View.VISIBLE);

View File

@ -1,40 +1,51 @@
package de.overview.wg.its.mispbump.auxiliary; package de.overview.wg.its.mispbump.auxiliary;
import android.util.Base64; import android.util.Base64;
import android.util.Log;
import javax.crypto.*; import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.security.*; import java.security.*;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec; import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
public class AESSecurity { public class AESSecurity {
private static final String TAG = "MISP_LOGGING"; private static final String TAG = "MISP_LOGGING";
private static final String ALGORITHM = "AES";
private static final String ENCRYPT_ALGORITHM = "AES/CBC/PKCS5Padding";
private static final String KEY_PAIR_ALGORITHM = "EC";
private static final int KEY_SIZE = 521; // 224 | 256 | 384 | 521
private static final String KEY_AGREEMENT_ALGORITHM = "ECDH";
private static AESSecurity instance; private static AESSecurity instance;
private PublicKey publickey; private PublicKey publickey;
private KeyAgreement keyAgreement; private KeyAgreement keyAgreement;
private byte[] sharedSecret; private byte[] sharedSecret;
private IvParameterSpec ivParameterSpec;
private AESSecurity() { private AESSecurity() {
initialize(); initialize();
} }
/***
* Generates a public and a private key using an elliptic curve algorithm (256 bit)
* The private key is fed into the key agreement instance
*/
private void initialize() { private void initialize() {
KeyPairGenerator kpg = null;
try { try {
kpg = KeyPairGenerator.getInstance("EC"); KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
kpg.initialize(256); kpg.initialize(KEY_SIZE);
KeyPair kp = kpg.generateKeyPair(); KeyPair kp = kpg.generateKeyPair();
publickey = kp.getPublic(); publickey = kp.getPublic();
keyAgreement = KeyAgreement.getInstance("ECDH"); keyAgreement = KeyAgreement.getInstance(KEY_AGREEMENT_ALGORITHM);
keyAgreement.init(kp.getPrivate()); keyAgreement.init(kp.getPrivate());
} catch (NoSuchAlgorithmException | InvalidKeyException e) { } catch (NoSuchAlgorithmException | InvalidKeyException e) {
@ -42,10 +53,24 @@ public class AESSecurity {
} }
} }
/***
* Generates a shared secret with a given public key
* @param publickey
*/
public void setForeignPublicKey(PublicKey publickey) { public void setForeignPublicKey(PublicKey publickey) {
try { try {
keyAgreement.doPhase(publickey, true); keyAgreement.doPhase(publickey, true);
sharedSecret = keyAgreement.generateSecret();
byte[] tmpSharedSecret = keyAgreement.generateSecret();
sharedSecret = Arrays.copyOfRange(tmpSharedSecret, 0, 32);
byte[] inputVector = Arrays.copyOfRange(sharedSecret, 32, 48);
ivParameterSpec = new IvParameterSpec(inputVector);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
e.printStackTrace(); e.printStackTrace();
} }
@ -53,12 +78,17 @@ public class AESSecurity {
public String encrypt(String data) { public String encrypt(String data) {
try { try {
Key key = generateKey(); Key key = generateKey();
Cipher c = Cipher.getInstance(ALGORITHM); Cipher c = Cipher.getInstance(ENCRYPT_ALGORITHM);
c.init(Cipher.ENCRYPT_MODE, key);
try {
c.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
byte[] encVal = c.doFinal(data.getBytes()); byte[] encVal = c.doFinal(data.getBytes());
return Base64.encodeToString(encVal, 0); return Base64.encodeToString(encVal, 0);
} catch (BadPaddingException | InvalidKeyException | NoSuchPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException e) { } catch (BadPaddingException | InvalidKeyException | NoSuchPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException e) {
@ -70,8 +100,14 @@ public class AESSecurity {
public String decrypt(String data) { public String decrypt(String data) {
try { try {
Key key = generateKey(); Key key = generateKey();
Cipher c = Cipher.getInstance(ALGORITHM);
c.init(Cipher.DECRYPT_MODE, key); Cipher c = Cipher.getInstance(ENCRYPT_ALGORITHM);
try {
c.init(Cipher.DECRYPT_MODE, key, ivParameterSpec);
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
byte[] decoded = Base64.decode(data, 0); byte[] decoded = Base64.decode(data, 0);
byte[] decValue = c.doFinal(decoded); byte[] decValue = c.doFinal(decoded);
@ -87,21 +123,22 @@ public class AESSecurity {
} }
private Key generateKey() { private Key generateKey() {
return new SecretKeySpec(sharedSecret, ALGORITHM);
return new SecretKeySpec(sharedSecret, ENCRYPT_ALGORITHM);
} }
public static String publicKeyToString(PublicKey key) { public static String publicKeyToString(PublicKey key) {
return Base64.encodeToString(key.getEncoded(), Base64.DEFAULT); return Base64.encodeToString(key.getEncoded(), Base64.DEFAULT);
} }
public static PublicKey publicKeyFromString(String key) { public static PublicKey publicKeyFromString(String key) {
KeyFactory kf = null; try {
byte[] input = Base64.decode(key, Base64.DEFAULT); byte[] input = Base64.decode(key, Base64.DEFAULT);
return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(input));
try {
kf = KeyFactory.getInstance("EC"); // normal: DH
return kf.generatePublic(new X509EncodedKeySpec(input));
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace(); e.printStackTrace();
} }
@ -110,10 +147,15 @@ public class AESSecurity {
} }
public static AESSecurity getInstance() { public static AESSecurity getInstance() {
if(instance == null) {
instance = new AESSecurity();
}
return instance; //todo: make singleton again
// if(instance == null) {
// instance = new AESSecurity();
// }
//
// return instance;
return new AESSecurity();
} }
} }

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 516 KiB