@Test public void compareModes() { BlockCipher engine = new AESEngine(); int blockSize = engine.getBlockSize(); BlockCipher ref = new SICBlockCipher(engine); // reference implementation BlockCipher uut = new CtrBlockCipher(engine); // unit under test PBEParametersGenerator gen = new PKCS5S2ParametersGenerator(); byte[] salt = new byte[blockSize]; // used as salt and cipher input new SecureRandom().nextBytes(salt); gen.init("top secret".getBytes(), salt, 1); ParametersWithIV param = (ParametersWithIV) gen.generateDerivedParameters( blockSize * 8, blockSize * 8); ref.init(true, param); uut.init(true, param); assertModes(ref, uut); ref.init(false, param); uut.init(false, param); assertModes(ref, uut); }
private byte[] encryptOrDecrypt(byte[] key, byte[] contents, boolean forEncryption) { // Credstash uses standard AES BlockCipher engine = new AESFastEngine(); // Credstash uses CTR mode StreamBlockCipher cipher = new SICBlockCipher(engine); cipher.init(forEncryption, new ParametersWithIV(new KeyParameter(key), INITIALIZATION_VECTOR)); byte[] resultBytes = new byte[contents.length]; int contentsOffset = 0; int resultOffset = 0; cipher.processBytes(contents, contentsOffset, contents.length, resultBytes, resultOffset); return resultBytes; }
private void testNullSIC() throws InvalidCipherTextException { BufferedBlockCipher b = new BufferedBlockCipher(new SICBlockCipher(new AESEngine())); KeyParameter kp = new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")); b.init(true, new ParametersWithIV(kp, new byte[16])); byte[] out = new byte[b.getOutputSize(tData.length)]; int len = b.processBytes(tData, 0, tData.length, out, 0); len += b.doFinal(out, len); if (!areEqual(outSIC1, out)) { fail("no match on first nullSIC check"); } b.init(true, new ParametersWithIV(null, Hex.decode("000102030405060708090a0b0c0d0e0f"))); len = b.processBytes(tData, 0, tData.length, out, 0); len += b.doFinal(out, len); if (!areEqual(outSIC2, out)) { fail("no match on second nullSIC check"); } }
private void ctrCounterTest() { CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("5F060D3716B345C253F6749ABAC10917")), Hex.decode("000000000000000000000000000000")); SICBlockCipher engine = new SICBlockCipher(new AESEngine()); engine.init(true, params); SecureRandom rand = new SecureRandom(); byte[] cipher = new byte[256 * 16]; byte[] plain = new byte[255 * 16]; rand.nextBytes(plain); engine.processBytes(plain, 0, plain.length, cipher, 0); engine.init(true, params); byte[] fragment = new byte[20]; plain = new byte[256 * 16]; engine.init(true, params); try { engine.processBytes(plain, 0, plain.length, cipher, 0); fail("out of range data not caught"); } catch (IllegalStateException e) { if (!"Counter in CTR/SIC mode out of range.".equals(e.getMessage())) { fail("wrong exception"); } } }
private void performTests() throws Exception { testModes(new BlowfishEngine(), new BlowfishEngine(), 16); testModes(new DESEngine(), new DESEngine(), 8); testModes(new DESedeEngine(), new DESedeEngine(), 24); testModes(new TEAEngine(), new TEAEngine(), 16); testModes(new CAST5Engine(), new CAST5Engine(), 16); testModes(new RC2Engine(), new RC2Engine(), 16); testModes(new XTEAEngine(), new XTEAEngine(), 16); testModes(new AESEngine(), new AESEngine(), 16); testModes(new NoekeonEngine(), new NoekeonEngine(), 16); testModes(new TwofishEngine(), new TwofishEngine(), 16); testModes(new CAST6Engine(), new CAST6Engine(), 16); testModes(new SEEDEngine(), new SEEDEngine(), 16); testModes(new SerpentEngine(), new SerpentEngine(), 16); testModes(new RC6Engine(), new RC6Engine(), 16); testModes(new CamelliaEngine(), new CamelliaEngine(), 16); testModes(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512), new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512), 64); testMode(new RC4Engine(), new KeyParameter(new byte[16])); testMode(new Salsa20Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8])); testMode(new XSalsa20Engine(), new ParametersWithIV(new KeyParameter(new byte[32]), new byte[24])); testMode(new ChaChaEngine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8])); testMode(new Grainv1Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8])); testMode(new Grain128Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[12])); testMode(new HC128Engine(), new KeyParameter(new byte[16])); testMode(new HC256Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testSkipping(new Salsa20Engine(), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[8])); testSkipping(new SICBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); }
private void testModes(BlockCipher cipher1, BlockCipher cipher2, int keySize) throws Exception { final KeyParameter key = new KeyParameter(new byte[keySize]); final int blockSize = getBlockSize(cipher1); final CipherParameters withIv = new ParametersWithIV(key, new byte[blockSize]); if (blockSize > 1) { testMode(new PaddedBufferedBlockCipher(cipher1, new PKCS7Padding()), key); testMode(new PaddedBufferedBlockCipher(new CBCBlockCipher(cipher1), new PKCS7Padding()), withIv); testMode(new BufferedBlockCipher(new OFBBlockCipher(cipher1, blockSize)), withIv); testMode(new BufferedBlockCipher(new CFBBlockCipher(cipher1, blockSize)), withIv); testMode(new BufferedBlockCipher(new SICBlockCipher(cipher1)), withIv); } // CTS requires at least one block if (blockSize <= 16 && streamSize >= blockSize) { testMode(new CTSBlockCipher(cipher1), key); } if (blockSize <= 16 && streamSize >= blockSize) { testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS1, cipher1), key); testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS2, cipher1), key); testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS3, cipher1), key); } if (blockSize == 8 || blockSize == 16) { testMode(new EAXBlockCipher(cipher1), withIv); } if (blockSize == 16) { testMode(new CCMBlockCipher(cipher1), new ParametersWithIV(key, new byte[7])); testMode(new GCMBlockCipher(cipher1), withIv); testMode(new OCBBlockCipher(cipher1, cipher2), new ParametersWithIV(key, new byte[15])); } }
/** * Create the AES block ciphers in CTR mode. */ private void initCiphers() { encryptCipher = new SICBlockCipher(new AESEngine()); decryptCipher = new SICBlockCipher(new AESEngine()); // create the IV parameter ParametersWithIV parameterIV = new ParametersWithIV(new KeyParameter( key), IV); encryptCipher.init(true, parameterIV); decryptCipher.init(false, parameterIV); }
public void init( String pwStr, int keySize, byte[] salt, byte[] pwVerification ) throws ZipException { byte[] pwBytes = pwStr.getBytes(); super.saltBytes = salt; PBEParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init( pwBytes, salt, ITERATION_COUNT ); cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT*2 + 16); byte[] keyBytes = ((KeyParameter)cipherParameters).getKey(); this.cryptoKeyBytes = new byte[ KEY_SIZE_BYTE ]; System.arraycopy( keyBytes, 0, cryptoKeyBytes, 0, KEY_SIZE_BYTE ); this.authenticationCodeBytes = new byte[ KEY_SIZE_BYTE ]; System.arraycopy( keyBytes, KEY_SIZE_BYTE, authenticationCodeBytes, 0, KEY_SIZE_BYTE ); // based on SALT + PASSWORD (password is probably correct) this.pwVerificationBytes = new byte[ 2 ]; System.arraycopy( keyBytes, KEY_SIZE_BYTE*2, this.pwVerificationBytes, 0, 2 ); if( !ByteArrayHelper.isEqual( this.pwVerificationBytes, pwVerification ) ) { throw new ZipException("wrong password - " + ByteArrayHelper.toString(this.pwVerificationBytes) + "/ " + ByteArrayHelper.toString(pwVerification)); } // create the first 16 bytes of the key sequence again (using pw+salt) generator.init( pwBytes, salt, ITERATION_COUNT ); cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT); // checksum added to the end of the encrypted data, update on each encryption call this.mac = new HMac( new SHA1Digest() ); mac.init( new KeyParameter(authenticationCodeBytes) ); this.aesCipher = new SICBlockCipher(new AESEngine()); this.blockSize = aesCipher.getBlockSize(); // incremented on each 16 byte block and used as encryption NONCE (ivBytes) nonce = 1; }
public void performTest() throws Exception { // 128 bit block ciphers testReset("AESFastEngine", new AESFastEngine(), new AESFastEngine(), new KeyParameter(new byte[16])); testReset("AESEngine", new AESEngine(), new AESEngine(), new KeyParameter(new byte[16])); testReset("AESLightEngine", new AESLightEngine(), new AESLightEngine(), new KeyParameter(new byte[16])); testReset("Twofish", new TwofishEngine(), new TwofishEngine(), new KeyParameter(new byte[16])); testReset("NoekeonEngine", new NoekeonEngine(), new NoekeonEngine(), new KeyParameter(new byte[16])); testReset("SerpentEngine", new SerpentEngine(), new SerpentEngine(), new KeyParameter(new byte[16])); testReset("SEEDEngine", new SEEDEngine(), new SEEDEngine(), new KeyParameter(new byte[16])); testReset("CAST6Engine", new CAST6Engine(), new CAST6Engine(), new KeyParameter(new byte[16])); testReset("RC6Engine", new RC6Engine(), new RC6Engine(), new KeyParameter(new byte[16])); // 64 bit block ciphers testReset("DESEngine", new DESEngine(), new DESEngine(), new KeyParameter(new byte[8])); testReset("BlowfishEngine", new BlowfishEngine(), new BlowfishEngine(), new KeyParameter(new byte[8])); testReset("CAST5Engine", new CAST5Engine(), new CAST5Engine(), new KeyParameter(new byte[8])); testReset("DESedeEngine", new DESedeEngine(), new DESedeEngine(), new KeyParameter(new byte[24])); testReset("TEAEngine", new TEAEngine(), new TEAEngine(), new KeyParameter(new byte[16])); testReset("XTEAEngine", new XTEAEngine(), new XTEAEngine(), new KeyParameter(new byte[16])); // primitive block cipher modes (don't reset on processBlock) testModeReset("AES/CBC", new CBCBlockCipher(new AESEngine()), new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/SIC", new SICBlockCipher(new AESEngine()), new SICBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/CFB", new CFBBlockCipher(new AESEngine(), 128), new CFBBlockCipher(new AESEngine(), 128), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/OFB", new OFBBlockCipher(new AESEngine(), 128), new OFBBlockCipher(new AESEngine(), 128), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/GCTR", new GOFBBlockCipher(new DESEngine()), new GOFBBlockCipher(new DESEngine()), new ParametersWithIV(new KeyParameter(new byte[8]), new byte[8])); testModeReset("AES/OpenPGPCFB", new OpenPGPCFBBlockCipher(new AESEngine()), new OpenPGPCFBBlockCipher( new AESEngine()), new KeyParameter(new byte[16])); testModeReset("AES/PGPCFB", new PGPCFBBlockCipher(new AESEngine(), false), new PGPCFBBlockCipher( new AESEngine(), false), new KeyParameter(new byte[16])); // PGPCFB with IV is broken (it's also not a PRP, so probably shouldn't be a BlockCipher) // testModeReset("AES/PGPCFBwithIV", new PGPCFBBlockCipher(new AESEngine(), true), new // PGPCFBBlockCipher( // new AESEngine(), true), new ParametersWithIV(new KeyParameter(new byte[16]), new // byte[16])); // testModeReset("AES/PGPCFBwithIV_NoIV", new PGPCFBBlockCipher(new AESEngine(), true), new // PGPCFBBlockCipher( // new AESEngine(), true), new KeyParameter(new byte[16])); }
private static void initBlockCipherModes() { blockCipherMode.put("CBC", CBCBlockCipher.class); blockCipherMode.put("CFB", CFBBlockCipher.class); blockCipherMode.put("OFB", OFBBlockCipher.class); blockCipherMode.put("CTR", SICBlockCipher.class); }
/** * Setup AES encryption based on pwBytes using WinZipAES approach * with SALT and pwVerification bytes based on password+salt. */ public void init( String pwStr, int keySize ) throws ZipException { byte[] pwBytes = pwStr.getBytes(); PBEParametersGenerator generator = new PKCS5S2ParametersGenerator(); this.saltBytes = createSalt(); generator.init( pwBytes, saltBytes, ITERATION_COUNT ); // create 2 byte[16] for two keys and one byte[2] for pwVerification // 1. encryption / 2. athentication (via HMAC/hash) / cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT*2 + 16); byte[] keyBytes = ((KeyParameter)cipherParameters).getKey(); this.cryptoKeyBytes = new byte[ KEY_SIZE_BYTE ]; System.arraycopy( keyBytes, 0, cryptoKeyBytes, 0, KEY_SIZE_BYTE ); this.authenticationCodeBytes = new byte[ KEY_SIZE_BYTE ]; System.arraycopy( keyBytes, KEY_SIZE_BYTE, authenticationCodeBytes, 0, KEY_SIZE_BYTE ); // based on SALT + PASSWORD (password is probably correct) this.pwVerificationBytes = new byte[ 2 ]; System.arraycopy( keyBytes, KEY_SIZE_BYTE*2, pwVerificationBytes, 0, 2 ); // create the first 16 bytes of the key sequence again (using pw+salt) generator.init( pwBytes, saltBytes, ITERATION_COUNT ); cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT); // checksum added to the end of the encrypted data, update on each encryption call this.mac = new HMac( new SHA1Digest() ); mac.init( new KeyParameter(authenticationCodeBytes) ); this.aesCipher = new SICBlockCipher(new AESEngine()); this.blockSize = aesCipher.getBlockSize(); // incremented on each 16 byte block and used as encryption NONCE (ivBytes) nonce = 1; if( LOG.isLoggable(Level.FINEST) ) { LOG.finest( "pwBytes = " + ByteArrayHelper.toString(pwBytes) + " - " + pwBytes.length ); LOG.finest( "salt = " + ByteArrayHelper.toString(saltBytes) + " - " + saltBytes.length ); LOG.finest( "pwVerif = " + ByteArrayHelper.toString(pwVerificationBytes) + " - " + pwVerificationBytes.length ); } }
@Override public void performTest() throws Exception { // 128 bit block ciphers testReset("AESFastEngine", new AESFastEngine(), new AESFastEngine(), new KeyParameter(new byte[16])); testReset("AESEngine", new AESEngine(), new AESEngine(), new KeyParameter(new byte[16])); testReset("AESLightEngine", new AESLightEngine(), new AESLightEngine(), new KeyParameter(new byte[16])); testReset("Twofish", new TwofishEngine(), new TwofishEngine(), new KeyParameter(new byte[16])); testReset("NoekeonEngine", new NoekeonEngine(), new NoekeonEngine(), new KeyParameter(new byte[16])); testReset("SerpentEngine", new SerpentEngine(), new SerpentEngine(), new KeyParameter(new byte[16])); testReset("SEEDEngine", new SEEDEngine(), new SEEDEngine(), new KeyParameter(new byte[16])); testReset("CAST6Engine", new CAST6Engine(), new CAST6Engine(), new KeyParameter(new byte[16])); testReset("RC6Engine", new RC6Engine(), new RC6Engine(), new KeyParameter(new byte[16])); // 64 bit block ciphers testReset("DESEngine", new DESEngine(), new DESEngine(), new KeyParameter(new byte[8])); testReset("BlowfishEngine", new BlowfishEngine(), new BlowfishEngine(), new KeyParameter(new byte[8])); testReset("CAST5Engine", new CAST5Engine(), new CAST5Engine(), new KeyParameter(new byte[8])); testReset("DESedeEngine", new DESedeEngine(), new DESedeEngine(), new KeyParameter(new byte[24])); testReset("TEAEngine", new TEAEngine(), new TEAEngine(), new KeyParameter(new byte[16])); testReset("XTEAEngine", new XTEAEngine(), new XTEAEngine(), new KeyParameter(new byte[16])); // primitive block cipher modes (don't reset on processBlock) testModeReset("AES/CBC", new CBCBlockCipher(new AESEngine()), new CBCBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/SIC", new SICBlockCipher(new AESEngine()), new SICBlockCipher(new AESEngine()), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/CFB", new CFBBlockCipher(new AESEngine(), 128), new CFBBlockCipher(new AESEngine(), 128), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/OFB", new OFBBlockCipher(new AESEngine(), 128), new OFBBlockCipher(new AESEngine(), 128), new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16])); testModeReset("AES/GCTR", new GOFBBlockCipher(new DESEngine()), new GOFBBlockCipher(new DESEngine()), new ParametersWithIV(new KeyParameter(new byte[8]), new byte[8])); testModeReset("AES/OpenPGPCFB", new OpenPGPCFBBlockCipher(new AESEngine()), new OpenPGPCFBBlockCipher( new AESEngine()), new KeyParameter(new byte[16])); testModeReset("AES/PGPCFB", new PGPCFBBlockCipher(new AESEngine(), false), new PGPCFBBlockCipher( new AESEngine(), false), new KeyParameter(new byte[16])); // PGPCFB with IV is broken (it's also not a PRP, so probably shouldn't be a BlockCipher) // testModeReset("AES/PGPCFBwithIV", new PGPCFBBlockCipher(new AESEngine(), true), new // PGPCFBBlockCipher( // new AESEngine(), true), new ParametersWithIV(new KeyParameter(new byte[16]), new // byte[16])); // testModeReset("AES/PGPCFBwithIV_NoIV", new PGPCFBBlockCipher(new AESEngine(), true), new // PGPCFBBlockCipher( // new AESEngine(), true), new KeyParameter(new byte[16])); }
/** * Generates a Bouncy Castle PaddedBufferedBlockCipher. * * Generally it is advisable to use AESInputStream, AESOutputStream, or * the static encrypt / decrypt methods rather than calling this directly. * @param encrypt {@code true} for encrypt, {@code false} for decrypt. * @param key AES encryption key * @param iv AES SIC initialization vector. Should be unique for each invocation. * @return a cipher instance */ public static PaddedBufferedBlockCipher makeCipher(boolean encrypt, byte[] key, byte[] iv) { //AESFastEngine uses a few KB extra RAM to contain static lookup tables //of data which the other implementations need to compute on the fly. BlockCipher underlyingAESCipher = new AESFastEngine(); BlockCipher cipherWithSICWrapping = new SICBlockCipher(underlyingAESCipher); PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(cipherWithSICWrapping); cipher.init(encrypt, new ParametersWithIV(new KeyParameter(key), iv)); return cipher; }
