Skip to content

Commit 32b8681

Browse files
committed
Correct use of algorithm key
Based on rogerta/secrets-for-android/54dc84185389db7f3c5128ebb711c5864c5e625f
1 parent 9164128 commit 32b8681

File tree

1 file changed

+27
-8
lines changed

1 file changed

+27
-8
lines changed

PCSecrets/src/com/ceperman/pcsecrets/SecurityUtils.java

Lines changed: 27 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,11 @@
3030
import javax.crypto.BadPaddingException;
3131
import javax.crypto.Cipher;
3232
import javax.crypto.IllegalBlockSizeException;
33+
import javax.crypto.SecretKey;
34+
import javax.crypto.SecretKeyFactory;
35+
import javax.crypto.spec.IvParameterSpec;
36+
import javax.crypto.spec.PBEKeySpec;
37+
import javax.crypto.spec.PBEParameterSpec;
3338
import javax.crypto.spec.SecretKeySpec;
3439

3540
import org.mindrot.jbcrypt.BCrypt;
@@ -70,8 +75,13 @@
7075
public class SecurityUtils {
7176
private static Logger logger = Logger.getLogger(SecurityUtils.class.getName());
7277

73-
/* Blowfish AES encryption with SHA key */
74-
private static final String KEY_FACTORY = "PBEWITHSHA-256AND256BITAES-CBC-BC";
78+
// Factory to use for version 2 of encryption.
79+
private static final String KEY_FACTORY_V2 = "AES";
80+
private static final String CIPHER_FACTORY_V2 = "AES/CBC/PKCS5Padding";
81+
82+
private static final String KEY_FACTORY = "AES";
83+
private static final String CIPHER_FACTORY = "AES/CBC/PKCS5Padding";
84+
7585
/* encrypted file header id */
7686
static final byte[] SIGNATURE = {0x22, 0x34, 0x56, 0x79};
7787

@@ -301,12 +311,16 @@ public static CipherInfo createCiphers(byte[] password, CipherParms cipherParms)
301311
// generate the ciphers
302312
BCrypt bcrypt = new BCrypt();
303313
byte[] rawBytes = bcrypt.crypt_raw(passwordWithDelim, info.parms.salt, info.parms.rounds, plaintext);
304-
SecretKeySpec spec = new SecretKeySpec(rawBytes, KEY_FACTORY);
305-
info.encryptCipher = Cipher.getInstance(KEY_FACTORY);
306-
info.encryptCipher.init(Cipher.ENCRYPT_MODE, spec);
314+
SecretKeySpec spec = new SecretKeySpec(rawBytes, KEY_FACTORY);
315+
// For backwards compatibility with secrets created on Android M and
316+
// earlier, create an initial vector of all zeros.
317+
IvParameterSpec params = new IvParameterSpec(new byte[16]);
318+
319+
info.encryptCipher = Cipher.getInstance(CIPHER_FACTORY);
320+
info.encryptCipher.init(Cipher.ENCRYPT_MODE, spec, params);
307321

308-
info.decryptCipher = Cipher.getInstance(KEY_FACTORY);
309-
info.decryptCipher.init(Cipher.DECRYPT_MODE, spec);
322+
info.decryptCipher = Cipher.getInstance(CIPHER_FACTORY);
323+
info.decryptCipher.init(Cipher.DECRYPT_MODE, spec, params);
310324
} catch (Exception ex) {
311325
String msg = "Error creating ciphers - " + ex;
312326
logger.log(Level.SEVERE, msg, ex);
@@ -339,6 +353,8 @@ public static CipherParms getCipherParms(InputStream input) throws IOException {
339353
byte[] salt = null;
340354
int rounds = 0;
341355

356+
logger.log(Level.INFO, "getCipherParms");
357+
input.reset();
342358
input.read(); // version, not currently used
343359
input.read(signature); // signature bytes
344360
if (Arrays.equals(signature, SIGNATURE)) {
@@ -404,12 +420,15 @@ public static void writeSecurityHeader(CipherParms parms, OutputStream os) throw
404420
public static void main(String[] args) throws UnsupportedEncodingException {
405421

406422
long start = System.currentTimeMillis();
423+
checkBCProvider();
424+
SecretsProperties.getInitialInstance(".", true);
407425

408426
try {
409427
CipherInfo cipherInfo = createCiphers("secretstring".getBytes("UTF-8"), null);
410428

411429
// Our cleartext
412-
byte[] cleartext = "This is another example".getBytes();
430+
byte[] cleartext = "This is another example ".getBytes();
431+
System.out.println("Clear string: " + Strings.toHex(cleartext));
413432

414433
// Encrypt the cleartext
415434
byte[] ciphertext = cipherInfo.encryptCipher.doFinal(cleartext);

0 commit comments

Comments
 (0)