* fixing security issues by encryption

Signed-off-by: CubeBit <denis-seredenko@ukr.net>
2023-08-03 17:42:57 +02:00
parent 3b03b2258a
commit 3b6d18a83b
8 changed files with 74 additions and 19 deletions
--- a/server/src/main/java/org/orinprojects/ClientHandler.java
+++ b/server/src/main/java/org/orinprojects/ClientHandler.java
@@ -57,6 +57,11 @@ public class ClientHandler implements Runnable {
                    out.println("AES" + encryptedAES);
                    out.flush();

+                    String encodedIVKey = EncryptionUtil.ivKeyToString(Server.ivKey);
+                    String encryptedIVKey = EncryptionUtil.encryptWithRSA(encodedIVKey, Server.clientKeys.get(username));
+                    out.println("IVK" + encryptedIVKey);
+                    out.flush();
+
                    aesSent = true;
                    continue;
                }
@@ -64,11 +69,11 @@ public class ClientHandler implements Runnable {
                if (prefix.equals("WLC")) {
                    this.username = restMessage;
                    //TODO: add better logic
-                    if (Server.clientKeys.get(username) != null) {
-                        in.close();
-                        out.close();
-                        clientSocket.close();
-                    }
+//                    if (Server.clientKeys.get(username) != null) {
+//                        in.close();
+//                        out.close();
+//                        clientSocket.close();
+//                    }
                    continue;
                }

--- a/server/src/main/java/org/orinprojects/Server.java
+++ b/server/src/main/java/org/orinprojects/Server.java
@@ -29,8 +29,11 @@ public class Server {

    static SecretKey aesKey;

+    static byte[] ivKey;
+
    public static void main(String[] args) throws IOException, ArgumentsException, NoSuchAlgorithmException {
        Server.serverKeys = EncryptionUtil.generateRSAKeys();
+        Server.ivKey = EncryptionUtil.generateIV();
        Server.aesKey = EncryptionUtil.generateAESKey();

        int portNumber = getPortNumber(args);
--- a/server/src/main/java/org/orinprojects/encryption/EncryptionUtil.java
+++ b/server/src/main/java/org/orinprojects/encryption/EncryptionUtil.java
@@ -1,6 +1,7 @@
 package org.orinprojects.encryption;

 import javax.crypto.*;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.security.*;
 import java.security.spec.InvalidKeySpecException;
@@ -10,10 +11,14 @@ import java.util.Base64;

 public class EncryptionUtil {

-    public static final int RSA_KEY_SIZE = 2048;
+    public static final int RSA_KEY_SIZE = 4096;

    public static final int AES_KEY_SIZE = 256;

+    public static final int GCM_IV_LENGTH = 12;
+
+    public static final int GCM_TAG_LENGTH = 16;
+
    private EncryptionUtil() throws IllegalAccessException {
        throw new IllegalAccessException("Can't be instantiated");
    }
@@ -73,18 +78,34 @@ public class EncryptionUtil {
        return keyGenerator.generateKey();
    }

-    public static String encryptWithAES(String plainText, SecretKey aesKey) throws IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
-        Cipher aesChiper = Cipher.getInstance("AES");
-        aesChiper.init(Cipher.ENCRYPT_MODE, aesKey);
+    public static byte[] generateIV() {
+        byte[] iv = new byte[GCM_IV_LENGTH];
+        SecureRandom random = new SecureRandom();
+        random.nextBytes(iv);
+
+        return iv;
+    }
+
+    public static String encryptWithAES(String plainText, SecretKey aesKey, byte[] ivKey) throws IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
+        Cipher aesChiper = Cipher.getInstance("AES/GCM/NoPadding");
+
+        SecretKeySpec keySpec = new SecretKeySpec(aesKey.getEncoded(), "AES");
+        GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, ivKey);
+
+        aesChiper.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec);

        byte[] byteCipherText = aesChiper.doFinal(plainText.getBytes());

        return Base64.getEncoder().encodeToString(byteCipherText);
    }

-    public static String decryptWithAES(String encryptedMessage, SecretKey aesKey) throws IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
-        Cipher aesChiper = Cipher.getInstance("AES");
-        aesChiper.init(Cipher.DECRYPT_MODE, aesKey);
+    public static String decryptWithAES(String encryptedMessage, SecretKey aesKey, byte[] ivKey) throws IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
+        Cipher aesChiper = Cipher.getInstance("AES/GCM/NoPadding");
+
+        SecretKeySpec keySpec = new SecretKeySpec(aesKey.getEncoded(), "AES");
+        GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, ivKey);
+
+        aesChiper.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);

        byte[] byteCipherText = aesChiper.doFinal(Base64.getDecoder().decode(encryptedMessage));

@@ -100,4 +121,11 @@ public class EncryptionUtil {
        return Base64.getEncoder().encodeToString(secretKey.getEncoded());
    }

+    public static String ivKeyToString(byte[] iv) {
+        return Base64.getEncoder().encodeToString(iv);
+    }
+
+    public static byte[] ivKeyFromString(String ivKey) {
+        return Base64.getDecoder().decode(ivKey);
+    }
 }