mirror of https://github.com/MISP/misp-bump
switched to AES/CBC/PKCS5, poster updated
parent
50e275fad4
commit
adfba70f07
|
@ -21,11 +21,13 @@ import android.view.View;
|
||||||
import android.widget.CheckBox;
|
import android.widget.CheckBox;
|
||||||
import android.widget.TextView;
|
import android.widget.TextView;
|
||||||
import de.overview.wg.its.mispbump.adapter.SyncedPartnerAdapter;
|
import de.overview.wg.its.mispbump.adapter.SyncedPartnerAdapter;
|
||||||
|
import de.overview.wg.its.mispbump.auxiliary.AESSecurity;
|
||||||
import de.overview.wg.its.mispbump.auxiliary.PreferenceManager;
|
import de.overview.wg.its.mispbump.auxiliary.PreferenceManager;
|
||||||
import de.overview.wg.its.mispbump.model.SyncedPartner;
|
import de.overview.wg.its.mispbump.model.SyncedPartner;
|
||||||
import de.overview.wg.its.mispbump.preferences.AppPreferenceActivity;
|
import de.overview.wg.its.mispbump.preferences.AppPreferenceActivity;
|
||||||
import de.overview.wg.its.mispbump.preferences.AppPreferenceFragment;
|
import de.overview.wg.its.mispbump.preferences.AppPreferenceFragment;
|
||||||
|
|
||||||
|
import java.security.PublicKey;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -80,6 +82,29 @@ public class MainActivity extends AppCompatActivity {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private void testAESSecurity() {
|
||||||
|
|
||||||
|
String data = "This is the secret message";
|
||||||
|
|
||||||
|
AESSecurity aesA = AESSecurity.getInstance();
|
||||||
|
AESSecurity aesB = AESSecurity.getInstance();
|
||||||
|
|
||||||
|
PublicKey pubA = aesA.getPublicKey();
|
||||||
|
PublicKey pubB = aesB.getPublicKey();
|
||||||
|
|
||||||
|
aesA.setForeignPublicKey(pubB);
|
||||||
|
aesB.setForeignPublicKey(pubA);
|
||||||
|
|
||||||
|
emptyPartnerListView.setText("ORIGINAL: " + data + "\n");
|
||||||
|
|
||||||
|
String encrypted = aesA.encrypt(data);
|
||||||
|
emptyPartnerListView.append("ENCRYPTED BY A: " + encrypted + "\n");
|
||||||
|
|
||||||
|
String decrypted = aesB.decrypt(encrypted);
|
||||||
|
emptyPartnerListView.append("DECRYPTED BY B: " + decrypted);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
private void initializeViews() {
|
private void initializeViews() {
|
||||||
|
|
||||||
Toolbar toolbar = findViewById(R.id.toolbar);
|
Toolbar toolbar = findViewById(R.id.toolbar);
|
||||||
|
@ -149,15 +174,8 @@ public class MainActivity extends AppCompatActivity {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void refreshSyncedPartnerList() {
|
private void refreshSyncedPartnerList() {
|
||||||
// syncedPartnerList = PreferenceManager.Instance(this).getSyncedPartnerList();
|
// todo: uncomment
|
||||||
|
// syncedPartnerList = PreferenceManager.Instance(this).getSyncedPartnerList();
|
||||||
SyncedPartner sp = new SyncedPartner("Example Organisation 1", "https://www.organisationa1.de");
|
|
||||||
sp.generateTimeStamp();
|
|
||||||
syncedPartnerList.add(sp);
|
|
||||||
|
|
||||||
sp = new SyncedPartner("Example Organisation 2", "https://www.organisation2.de");
|
|
||||||
sp.generateTimeStamp();
|
|
||||||
syncedPartnerList.add(sp);
|
|
||||||
|
|
||||||
if (syncedPartnerList == null || syncedPartnerList.size() < 1) {
|
if (syncedPartnerList == null || syncedPartnerList.size() < 1) {
|
||||||
emptyPartnerListView.setVisibility(View.VISIBLE);
|
emptyPartnerListView.setVisibility(View.VISIBLE);
|
||||||
|
|
|
@ -1,40 +1,51 @@
|
||||||
package de.overview.wg.its.mispbump.auxiliary;
|
package de.overview.wg.its.mispbump.auxiliary;
|
||||||
|
|
||||||
import android.util.Base64;
|
import android.util.Base64;
|
||||||
|
import android.util.Log;
|
||||||
|
|
||||||
import javax.crypto.*;
|
import javax.crypto.*;
|
||||||
|
import javax.crypto.spec.IvParameterSpec;
|
||||||
import javax.crypto.spec.SecretKeySpec;
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
import java.security.*;
|
import java.security.*;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import java.security.spec.X509EncodedKeySpec;
|
import java.security.spec.X509EncodedKeySpec;
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
public class AESSecurity {
|
public class AESSecurity {
|
||||||
|
|
||||||
private static final String TAG = "MISP_LOGGING";
|
private static final String TAG = "MISP_LOGGING";
|
||||||
private static final String ALGORITHM = "AES";
|
|
||||||
|
private static final String ENCRYPT_ALGORITHM = "AES/CBC/PKCS5Padding";
|
||||||
|
private static final String KEY_PAIR_ALGORITHM = "EC";
|
||||||
|
private static final int KEY_SIZE = 521; // 224 | 256 | 384 | 521
|
||||||
|
private static final String KEY_AGREEMENT_ALGORITHM = "ECDH";
|
||||||
|
|
||||||
private static AESSecurity instance;
|
private static AESSecurity instance;
|
||||||
|
|
||||||
private PublicKey publickey;
|
private PublicKey publickey;
|
||||||
private KeyAgreement keyAgreement;
|
private KeyAgreement keyAgreement;
|
||||||
|
|
||||||
private byte[] sharedSecret;
|
private byte[] sharedSecret;
|
||||||
|
private IvParameterSpec ivParameterSpec;
|
||||||
|
|
||||||
private AESSecurity() {
|
private AESSecurity() {
|
||||||
initialize();
|
initialize();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Generates a public and a private key using an elliptic curve algorithm (256 bit)
|
||||||
|
* The private key is fed into the key agreement instance
|
||||||
|
*/
|
||||||
private void initialize() {
|
private void initialize() {
|
||||||
KeyPairGenerator kpg = null;
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
kpg = KeyPairGenerator.getInstance("EC");
|
KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
|
||||||
kpg.initialize(256);
|
kpg.initialize(KEY_SIZE);
|
||||||
|
|
||||||
KeyPair kp = kpg.generateKeyPair();
|
KeyPair kp = kpg.generateKeyPair();
|
||||||
|
|
||||||
publickey = kp.getPublic();
|
publickey = kp.getPublic();
|
||||||
|
|
||||||
keyAgreement = KeyAgreement.getInstance("ECDH");
|
keyAgreement = KeyAgreement.getInstance(KEY_AGREEMENT_ALGORITHM);
|
||||||
keyAgreement.init(kp.getPrivate());
|
keyAgreement.init(kp.getPrivate());
|
||||||
|
|
||||||
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
|
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
|
||||||
|
@ -42,10 +53,24 @@ public class AESSecurity {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Generates a shared secret with a given public key
|
||||||
|
* @param publickey
|
||||||
|
*/
|
||||||
public void setForeignPublicKey(PublicKey publickey) {
|
public void setForeignPublicKey(PublicKey publickey) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
keyAgreement.doPhase(publickey, true);
|
keyAgreement.doPhase(publickey, true);
|
||||||
sharedSecret = keyAgreement.generateSecret();
|
|
||||||
|
byte[] tmpSharedSecret = keyAgreement.generateSecret();
|
||||||
|
|
||||||
|
sharedSecret = Arrays.copyOfRange(tmpSharedSecret, 0, 32);
|
||||||
|
|
||||||
|
byte[] inputVector = Arrays.copyOfRange(sharedSecret, 32, 48);
|
||||||
|
|
||||||
|
ivParameterSpec = new IvParameterSpec(inputVector);
|
||||||
|
|
||||||
} catch (InvalidKeyException e) {
|
} catch (InvalidKeyException e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
|
@ -53,12 +78,17 @@ public class AESSecurity {
|
||||||
|
|
||||||
public String encrypt(String data) {
|
public String encrypt(String data) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
Key key = generateKey();
|
Key key = generateKey();
|
||||||
Cipher c = Cipher.getInstance(ALGORITHM);
|
Cipher c = Cipher.getInstance(ENCRYPT_ALGORITHM);
|
||||||
c.init(Cipher.ENCRYPT_MODE, key);
|
|
||||||
|
try {
|
||||||
|
c.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
|
||||||
|
} catch (InvalidAlgorithmParameterException e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
|
||||||
byte[] encVal = c.doFinal(data.getBytes());
|
byte[] encVal = c.doFinal(data.getBytes());
|
||||||
|
|
||||||
return Base64.encodeToString(encVal, 0);
|
return Base64.encodeToString(encVal, 0);
|
||||||
|
|
||||||
} catch (BadPaddingException | InvalidKeyException | NoSuchPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException e) {
|
} catch (BadPaddingException | InvalidKeyException | NoSuchPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException e) {
|
||||||
|
@ -70,8 +100,14 @@ public class AESSecurity {
|
||||||
public String decrypt(String data) {
|
public String decrypt(String data) {
|
||||||
try {
|
try {
|
||||||
Key key = generateKey();
|
Key key = generateKey();
|
||||||
Cipher c = Cipher.getInstance(ALGORITHM);
|
|
||||||
c.init(Cipher.DECRYPT_MODE, key);
|
Cipher c = Cipher.getInstance(ENCRYPT_ALGORITHM);
|
||||||
|
|
||||||
|
try {
|
||||||
|
c.init(Cipher.DECRYPT_MODE, key, ivParameterSpec);
|
||||||
|
} catch (InvalidAlgorithmParameterException e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
|
||||||
byte[] decoded = Base64.decode(data, 0);
|
byte[] decoded = Base64.decode(data, 0);
|
||||||
byte[] decValue = c.doFinal(decoded);
|
byte[] decValue = c.doFinal(decoded);
|
||||||
|
@ -87,21 +123,22 @@ public class AESSecurity {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Key generateKey() {
|
private Key generateKey() {
|
||||||
return new SecretKeySpec(sharedSecret, ALGORITHM);
|
|
||||||
|
return new SecretKeySpec(sharedSecret, ENCRYPT_ALGORITHM);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String publicKeyToString(PublicKey key) {
|
public static String publicKeyToString(PublicKey key) {
|
||||||
return Base64.encodeToString(key.getEncoded(), Base64.DEFAULT);
|
return Base64.encodeToString(key.getEncoded(), Base64.DEFAULT);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static PublicKey publicKeyFromString(String key) {
|
public static PublicKey publicKeyFromString(String key) {
|
||||||
|
|
||||||
KeyFactory kf = null;
|
try {
|
||||||
|
|
||||||
byte[] input = Base64.decode(key, Base64.DEFAULT);
|
byte[] input = Base64.decode(key, Base64.DEFAULT);
|
||||||
|
return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(input));
|
||||||
|
|
||||||
try {
|
|
||||||
kf = KeyFactory.getInstance("EC"); // normal: DH
|
|
||||||
return kf.generatePublic(new X509EncodedKeySpec(input));
|
|
||||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
|
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
|
@ -110,10 +147,15 @@ public class AESSecurity {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static AESSecurity getInstance() {
|
public static AESSecurity getInstance() {
|
||||||
if(instance == null) {
|
|
||||||
instance = new AESSecurity();
|
|
||||||
}
|
|
||||||
|
|
||||||
return instance;
|
//todo: make singleton again
|
||||||
|
|
||||||
|
// if(instance == null) {
|
||||||
|
// instance = new AESSecurity();
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// return instance;
|
||||||
|
|
||||||
|
return new AESSecurity();
|
||||||
}
|
}
|
||||||
}
|
}
|
Binary file not shown.
Binary file not shown.
After Width: | Height: | Size: 516 KiB |
Loading…
Reference in New Issue