Bouncy Castle 1.47 Support
This forces us to avoid using CipherOutputStream, and instead use the BlockCiphers directly. As an extra measure for correctness, test the equivalence of the BC implementations against data sizes from 1 to 2048 bytes. Fixes gh-2917
This commit is contained in:
Will Tran
Rob Winch
parent
81c9fa805f
commit
b01437281d
|
|
@ -15,11 +15,8 @@
|
|||
*/
|
||||
package org.springframework.security.crypto.encrypt;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
|
||||
import org.bouncycastle.crypto.PBEParametersGenerator;
|
||||
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
|
||||
import org.bouncycastle.crypto.io.CipherOutputStream;
|
||||
import org.bouncycastle.crypto.params.KeyParameter;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
|
||||
|
|
@ -52,26 +49,4 @@ abstract class BouncyCastleAesBytesEncryptor implements BytesEncryptor {
|
|||
keyGenerator.init(pkcs12PasswordBytes, Hex.decode(salt), 1024);
|
||||
this.secretKey = (KeyParameter) keyGenerator.generateDerivedParameters(256);
|
||||
}
|
||||
|
||||
byte[] process(CipherOutputStream cipherOutputStream,
|
||||
ByteArrayOutputStream byteArrayOutputStream, byte[] bytes) {
|
||||
try {
|
||||
cipherOutputStream.write(bytes);
|
||||
// close() invokes the doFinal method of the encapsulated cipher object
|
||||
// and flushes to the underlying outputStream. It must be called before
|
||||
// we get the output.
|
||||
cipherOutputStream.close();
|
||||
return byteArrayOutputStream.toByteArray();
|
||||
}
|
||||
catch (Throwable e) {
|
||||
try {
|
||||
// attempt release of resources
|
||||
cipherOutputStream.close();
|
||||
}
|
||||
catch (Throwable e1) {
|
||||
}
|
||||
throw new IllegalStateException("unable to encrypt/decrypt", e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,10 +18,9 @@ package org.springframework.security.crypto.encrypt;
|
|||
import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
|
||||
import static org.springframework.security.crypto.util.EncodingUtils.subArray;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
|
||||
import org.bouncycastle.crypto.BufferedBlockCipher;
|
||||
import org.bouncycastle.crypto.InvalidCipherTextException;
|
||||
import org.bouncycastle.crypto.engines.AESFastEngine;
|
||||
import org.bouncycastle.crypto.io.CipherOutputStream;
|
||||
import org.bouncycastle.crypto.modes.CBCBlockCipher;
|
||||
import org.bouncycastle.crypto.paddings.PKCS7Padding;
|
||||
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
|
||||
|
|
@ -55,12 +54,7 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
|
|||
PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
|
||||
new CBCBlockCipher(new AESFastEngine()), new PKCS7Padding());
|
||||
blockCipher.init(true, new ParametersWithIV(secretKey, iv));
|
||||
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(
|
||||
blockCipher.getOutputSize(bytes.length));
|
||||
CipherOutputStream cipherOutputStream = new CipherOutputStream(
|
||||
byteArrayOutputStream, blockCipher);
|
||||
|
||||
byte[] encrypted = process(cipherOutputStream, byteArrayOutputStream, bytes);
|
||||
byte[] encrypted = process(blockCipher, bytes);
|
||||
return iv != null ? concatenate(iv, encrypted) : encrypted;
|
||||
}
|
||||
|
||||
|
|
@ -73,11 +67,23 @@ public class BouncyCastleAesCbcBytesEncryptor extends BouncyCastleAesBytesEncryp
|
|||
PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(
|
||||
new CBCBlockCipher(new AESFastEngine()), new PKCS7Padding());
|
||||
blockCipher.init(false, new ParametersWithIV(secretKey, iv));
|
||||
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(
|
||||
blockCipher.getOutputSize(encryptedBytes.length));
|
||||
CipherOutputStream cipherOutputStream = new CipherOutputStream(
|
||||
byteArrayOutputStream, blockCipher);
|
||||
return process(blockCipher, encryptedBytes);
|
||||
}
|
||||
|
||||
return process(cipherOutputStream, byteArrayOutputStream, encryptedBytes);
|
||||
private byte[] process(BufferedBlockCipher blockCipher, byte[] in) {
|
||||
byte[] buf = new byte[blockCipher.getOutputSize(in.length)];
|
||||
int bytesWritten = blockCipher.processBytes(in, 0, in.length, buf, 0);
|
||||
try {
|
||||
bytesWritten += blockCipher.doFinal(buf, bytesWritten);
|
||||
}
|
||||
catch (InvalidCipherTextException e) {
|
||||
throw new IllegalStateException("unable to encrypt/decrypt", e);
|
||||
}
|
||||
if (bytesWritten == buf.length) {
|
||||
return buf;
|
||||
}
|
||||
byte[] out = new byte[bytesWritten];
|
||||
System.arraycopy(buf, 0, out, 0, bytesWritten);
|
||||
return out;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,10 +18,9 @@ package org.springframework.security.crypto.encrypt;
|
|||
import static org.springframework.security.crypto.util.EncodingUtils.concatenate;
|
||||
import static org.springframework.security.crypto.util.EncodingUtils.subArray;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
|
||||
import org.bouncycastle.crypto.InvalidCipherTextException;
|
||||
import org.bouncycastle.crypto.engines.AESFastEngine;
|
||||
import org.bouncycastle.crypto.io.CipherOutputStream;
|
||||
import org.bouncycastle.crypto.modes.AEADBlockCipher;
|
||||
import org.bouncycastle.crypto.modes.GCMBlockCipher;
|
||||
import org.bouncycastle.crypto.params.AEADParameters;
|
||||
import org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm;
|
||||
|
|
@ -51,13 +50,9 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
|
|||
byte[] iv = this.ivGenerator.generateKey();
|
||||
|
||||
GCMBlockCipher blockCipher = new GCMBlockCipher(new AESFastEngine());
|
||||
blockCipher.init(true, new AEADParameters(secretKey, 128, iv));
|
||||
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(
|
||||
blockCipher.getOutputSize(bytes.length));
|
||||
CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream,
|
||||
blockCipher);
|
||||
blockCipher.init(true, new AEADParameters(secretKey, 128, iv, null));
|
||||
|
||||
byte[] encrypted = process(cipherOutputStream, byteArrayOutputStream, bytes);
|
||||
byte[] encrypted = process(blockCipher, bytes);
|
||||
return iv != null ? concatenate(iv, encrypted) : encrypted;
|
||||
}
|
||||
|
||||
|
|
@ -68,13 +63,25 @@ public class BouncyCastleAesGcmBytesEncryptor extends BouncyCastleAesBytesEncryp
|
|||
encryptedBytes.length);
|
||||
|
||||
GCMBlockCipher blockCipher = new GCMBlockCipher(new AESFastEngine());
|
||||
blockCipher.init(false, new AEADParameters(secretKey, 128, iv));
|
||||
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(
|
||||
blockCipher.getOutputSize(encryptedBytes.length));
|
||||
CipherOutputStream cipherOutputStream = new CipherOutputStream(
|
||||
byteArrayOutputStream, blockCipher);
|
||||
blockCipher.init(false, new AEADParameters(secretKey, 128, iv, null));
|
||||
return process(blockCipher, encryptedBytes);
|
||||
}
|
||||
|
||||
return process(cipherOutputStream, byteArrayOutputStream, encryptedBytes);
|
||||
private byte[] process(AEADBlockCipher blockCipher, byte[] in) {
|
||||
byte[] buf = new byte[blockCipher.getOutputSize(in.length)];
|
||||
int bytesWritten = blockCipher.processBytes(in, 0, in.length, buf, 0);
|
||||
try {
|
||||
bytesWritten += blockCipher.doFinal(buf, bytesWritten);
|
||||
}
|
||||
catch (InvalidCipherTextException e) {
|
||||
throw new IllegalStateException("unable to encrypt/decrypt", e);
|
||||
}
|
||||
if (bytesWritten == buf.length) {
|
||||
return buf;
|
||||
}
|
||||
byte[] out = new byte[bytesWritten];
|
||||
System.arraycopy(buf, 0, out, 0, bytesWritten);
|
||||
return out;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,17 +32,15 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
|
|||
private byte[] testData;
|
||||
private String password;
|
||||
private String salt;
|
||||
private SecureRandom secureRandom = new SecureRandom();
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
// generate random password, salt, and test data
|
||||
SecureRandom secureRandom = new SecureRandom();
|
||||
password = UUID.randomUUID().toString();
|
||||
byte[] saltBytes = new byte[16];
|
||||
secureRandom.nextBytes(saltBytes);
|
||||
salt = new String(Hex.encode(saltBytes));
|
||||
testData = new byte[1024 * 1024];
|
||||
secureRandom.nextBytes(testData);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -87,30 +85,38 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
|
|||
|
||||
private void testEquivalence(BytesEncryptor left, BytesEncryptor right)
|
||||
throws Exception {
|
||||
// tests that right and left generate the same encrypted bytes
|
||||
// and can decrypt back to the original input
|
||||
byte[] leftEncrypted = left.encrypt(testData);
|
||||
byte[] rightEncrypted = right.encrypt(testData);
|
||||
Assert.assertArrayEquals(leftEncrypted, rightEncrypted);
|
||||
byte[] leftDecrypted = left.decrypt(leftEncrypted);
|
||||
byte[] rightDecrypted = right.decrypt(rightEncrypted);
|
||||
Assert.assertArrayEquals(testData, leftDecrypted);
|
||||
Assert.assertArrayEquals(testData, rightDecrypted);
|
||||
for (int size = 1; size < 2048; size++) {
|
||||
testData = new byte[size];
|
||||
secureRandom.nextBytes(testData);
|
||||
// tests that right and left generate the same encrypted bytes
|
||||
// and can decrypt back to the original input
|
||||
byte[] leftEncrypted = left.encrypt(testData);
|
||||
byte[] rightEncrypted = right.encrypt(testData);
|
||||
Assert.assertArrayEquals(leftEncrypted, rightEncrypted);
|
||||
byte[] leftDecrypted = left.decrypt(leftEncrypted);
|
||||
byte[] rightDecrypted = right.decrypt(rightEncrypted);
|
||||
Assert.assertArrayEquals(testData, leftDecrypted);
|
||||
Assert.assertArrayEquals(testData, rightDecrypted);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private void testCompatibility(BytesEncryptor left, BytesEncryptor right)
|
||||
throws Exception {
|
||||
// tests that right can decrypt what left encrypted and vice versa
|
||||
// and that the decypted data is the same as the original
|
||||
byte[] leftEncrypted = left.encrypt(testData);
|
||||
byte[] rightEncrypted = right.encrypt(testData);
|
||||
byte[] leftDecrypted = left.decrypt(rightEncrypted);
|
||||
byte[] rightDecrypted = right.decrypt(leftEncrypted);
|
||||
Assert.assertArrayEquals(testData, leftDecrypted);
|
||||
Assert.assertArrayEquals(testData, rightDecrypted);
|
||||
for (int size = 1; size < 2048; size++) {
|
||||
testData = new byte[size];
|
||||
secureRandom.nextBytes(testData);
|
||||
byte[] leftEncrypted = left.encrypt(testData);
|
||||
byte[] rightEncrypted = right.encrypt(testData);
|
||||
byte[] leftDecrypted = left.decrypt(rightEncrypted);
|
||||
byte[] rightDecrypted = right.decrypt(leftEncrypted);
|
||||
Assert.assertArrayEquals(testData, leftDecrypted);
|
||||
Assert.assertArrayEquals(testData, rightDecrypted);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* A BytesKeyGenerator that always generates the same sequence of values
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue