2012-02-03 13:09:28 -08:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
2012-05-24 13:17:46 -07:00
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2011-12-21 08:44:08 -08:00
|
|
|
|
|
|
|
package org.mozilla.gecko.sync.crypto;
|
|
|
|
|
2012-02-15 22:05:53 -08:00
|
|
|
import java.security.GeneralSecurityException;
|
|
|
|
import java.security.InvalidKeyException;
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
import java.util.Arrays;
|
|
|
|
|
|
|
|
import javax.crypto.BadPaddingException;
|
|
|
|
import javax.crypto.Cipher;
|
|
|
|
import javax.crypto.IllegalBlockSizeException;
|
|
|
|
import javax.crypto.Mac;
|
|
|
|
import javax.crypto.NoSuchPaddingException;
|
|
|
|
import javax.crypto.spec.IvParameterSpec;
|
|
|
|
import javax.crypto.spec.SecretKeySpec;
|
|
|
|
|
|
|
|
import org.mozilla.apache.commons.codec.binary.Base64;
|
|
|
|
|
2011-12-21 08:44:08 -08:00
|
|
|
/*
|
|
|
|
* All info in these objects should be decoded (i.e. not BaseXX encoded).
|
|
|
|
*/
|
|
|
|
public class CryptoInfo {
|
2012-02-15 22:05:53 -08:00
|
|
|
private static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";
|
|
|
|
private static final String KEY_ALGORITHM_SPEC = "AES";
|
2011-12-21 08:44:08 -08:00
|
|
|
|
2012-02-03 13:09:28 -08:00
|
|
|
private byte[] message;
|
|
|
|
private byte[] iv;
|
|
|
|
private byte[] hmac;
|
|
|
|
private KeyBundle keys;
|
|
|
|
|
2012-02-15 22:05:53 -08:00
|
|
|
/**
|
|
|
|
* Return a CryptoInfo with given plaintext encrypted using given keys.
|
|
|
|
*/
|
|
|
|
public static CryptoInfo encrypt(byte[] plaintextBytes, KeyBundle keys) throws CryptoException {
|
|
|
|
CryptoInfo info = new CryptoInfo(plaintextBytes, keys);
|
|
|
|
info.encrypt();
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a CryptoInfo with given plaintext encrypted using given keys and initial vector.
|
|
|
|
*/
|
|
|
|
public static CryptoInfo encrypt(byte[] plaintextBytes, byte[] iv, KeyBundle keys) throws CryptoException {
|
|
|
|
CryptoInfo info = new CryptoInfo(plaintextBytes, iv, null, keys);
|
|
|
|
info.encrypt();
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a CryptoInfo with given ciphertext decrypted using given keys and initial vector, verifying that given HMAC validates.
|
|
|
|
*/
|
|
|
|
public static CryptoInfo decrypt(byte[] ciphertext, byte[] iv, byte[] hmac, KeyBundle keys) throws CryptoException {
|
|
|
|
CryptoInfo info = new CryptoInfo(ciphertext, iv, hmac, keys);
|
|
|
|
info.decrypt();
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
2012-02-03 13:09:28 -08:00
|
|
|
/*
|
|
|
|
* Constructor typically used when encrypting.
|
|
|
|
*/
|
|
|
|
public CryptoInfo(byte[] message, KeyBundle keys) {
|
|
|
|
this.setMessage(message);
|
|
|
|
this.setKeys(keys);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Constructor typically used when decrypting.
|
|
|
|
*/
|
|
|
|
public CryptoInfo(byte[] message, byte[] iv, byte[] hmac, KeyBundle keys) {
|
|
|
|
this.setMessage(message);
|
|
|
|
this.setIV(iv);
|
|
|
|
this.setHMAC(hmac);
|
|
|
|
this.setKeys(keys);
|
|
|
|
}
|
|
|
|
|
|
|
|
public byte[] getMessage() {
|
|
|
|
return message;
|
|
|
|
}
|
|
|
|
|
|
|
|
public void setMessage(byte[] message) {
|
|
|
|
this.message = message;
|
|
|
|
}
|
|
|
|
|
|
|
|
public byte[] getIV() {
|
|
|
|
return iv;
|
|
|
|
}
|
|
|
|
|
|
|
|
public void setIV(byte[] iv) {
|
|
|
|
this.iv = iv;
|
|
|
|
}
|
|
|
|
|
|
|
|
public byte[] getHMAC() {
|
|
|
|
return hmac;
|
|
|
|
}
|
|
|
|
|
|
|
|
public void setHMAC(byte[] hmac) {
|
|
|
|
this.hmac = hmac;
|
|
|
|
}
|
|
|
|
|
|
|
|
public KeyBundle getKeys() {
|
|
|
|
return keys;
|
|
|
|
}
|
|
|
|
|
|
|
|
public void setKeys(KeyBundle keys) {
|
|
|
|
this.keys = keys;
|
|
|
|
}
|
2012-02-15 22:05:53 -08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Generate HMAC for given cipher text.
|
|
|
|
*/
|
|
|
|
public static byte[] generatedHMACFor(byte[] message, KeyBundle keys) throws NoSuchAlgorithmException, InvalidKeyException {
|
|
|
|
Mac hmacHasher = HKDF.makeHMACHasher(keys.getHMACKey());
|
|
|
|
return hmacHasher.doFinal(Base64.encodeBase64(message));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return true if generated HMAC is the same as the specified HMAC.
|
|
|
|
*/
|
|
|
|
public boolean generatedHMACIsHMAC() throws NoSuchAlgorithmException, InvalidKeyException {
|
|
|
|
byte[] generatedHMAC = generatedHMACFor(getMessage(), getKeys());
|
|
|
|
byte[] expectedHMAC = getHMAC();
|
|
|
|
return Arrays.equals(generatedHMAC, expectedHMAC);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Performs functionality common to both encryption and decryption.
|
|
|
|
*
|
|
|
|
* @param cipher
|
|
|
|
* @param inputMessage non-BaseXX-encoded message
|
|
|
|
* @return encrypted/decrypted message
|
|
|
|
* @throws CryptoException
|
|
|
|
*/
|
|
|
|
private static byte[] commonCrypto(Cipher cipher, byte[] inputMessage)
|
|
|
|
throws CryptoException {
|
|
|
|
byte[] outputMessage = null;
|
|
|
|
try {
|
|
|
|
outputMessage = cipher.doFinal(inputMessage);
|
|
|
|
} catch (IllegalBlockSizeException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
} catch (BadPaddingException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
}
|
|
|
|
return outputMessage;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Encrypt a CryptoInfo in-place.
|
|
|
|
*
|
|
|
|
* @throws CryptoException
|
|
|
|
*/
|
|
|
|
public void encrypt() throws CryptoException {
|
|
|
|
|
|
|
|
Cipher cipher = CryptoInfo.getCipher(TRANSFORMATION);
|
|
|
|
try {
|
|
|
|
byte[] encryptionKey = getKeys().getEncryptionKey();
|
|
|
|
SecretKeySpec spec = new SecretKeySpec(encryptionKey, KEY_ALGORITHM_SPEC);
|
|
|
|
|
|
|
|
// If no IV is provided, we allow the cipher to provide one.
|
|
|
|
if (getIV() == null || getIV().length == 0) {
|
|
|
|
cipher.init(Cipher.ENCRYPT_MODE, spec);
|
|
|
|
} else {
|
|
|
|
cipher.init(Cipher.ENCRYPT_MODE, spec, new IvParameterSpec(getIV()));
|
|
|
|
}
|
|
|
|
} catch (GeneralSecurityException ex) {
|
|
|
|
throw new CryptoException(ex);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Encrypt.
|
|
|
|
byte[] encryptedBytes = commonCrypto(cipher, getMessage());
|
|
|
|
byte[] iv = cipher.getIV();
|
|
|
|
|
|
|
|
byte[] hmac;
|
|
|
|
// Generate HMAC.
|
|
|
|
try {
|
|
|
|
hmac = generatedHMACFor(encryptedBytes, keys);
|
|
|
|
} catch (NoSuchAlgorithmException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
} catch (InvalidKeyException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Update in place. keys is already set.
|
|
|
|
this.setHMAC(hmac);
|
|
|
|
this.setIV(iv);
|
|
|
|
this.setMessage(encryptedBytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Decrypt a CryptoInfo in-place.
|
|
|
|
*
|
|
|
|
* @throws CryptoException
|
|
|
|
*/
|
|
|
|
public void decrypt() throws CryptoException {
|
|
|
|
|
|
|
|
// Check HMAC.
|
|
|
|
try {
|
|
|
|
if (!generatedHMACIsHMAC()) {
|
|
|
|
throw new HMACVerificationException();
|
|
|
|
}
|
|
|
|
} catch (NoSuchAlgorithmException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
} catch (InvalidKeyException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
}
|
|
|
|
|
|
|
|
Cipher cipher = CryptoInfo.getCipher(TRANSFORMATION);
|
|
|
|
try {
|
|
|
|
byte[] encryptionKey = getKeys().getEncryptionKey();
|
|
|
|
SecretKeySpec spec = new SecretKeySpec(encryptionKey, KEY_ALGORITHM_SPEC);
|
|
|
|
cipher.init(Cipher.DECRYPT_MODE, spec, new IvParameterSpec(getIV()));
|
|
|
|
} catch (GeneralSecurityException ex) {
|
|
|
|
throw new CryptoException(ex);
|
|
|
|
}
|
|
|
|
byte[] decryptedBytes = commonCrypto(cipher, getMessage());
|
|
|
|
byte[] iv = cipher.getIV();
|
|
|
|
|
|
|
|
// Update in place. keys is already set.
|
|
|
|
this.setHMAC(null);
|
|
|
|
this.setIV(iv);
|
|
|
|
this.setMessage(decryptedBytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Helper to get a Cipher object.
|
|
|
|
*
|
|
|
|
* @param transformation The type of Cipher to get.
|
|
|
|
*/
|
|
|
|
private static Cipher getCipher(String transformation) throws CryptoException {
|
|
|
|
try {
|
|
|
|
return Cipher.getInstance(transformation);
|
|
|
|
} catch (NoSuchAlgorithmException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
} catch (NoSuchPaddingException e) {
|
|
|
|
throw new CryptoException(e);
|
|
|
|
}
|
|
|
|
}
|
2011-12-21 08:44:08 -08:00
|
|
|
}
|