From 2bc0828732efc6879c61073a83cd0b8e201e0e85 Mon Sep 17 00:00:00 2001 From: "Eugster Andres (Puzzle)" Date: Fri, 22 Sep 2023 16:37:52 +0200 Subject: [PATCH] Feature 32: add AES/GCM --- .../secure_tcp_socket/common/SecureTcpSocket.java | 10 +++++----- .../tools/nexus/secure_tcp_socket/dto/Message.java | 4 ++-- .../common/SecureTcpSocketTest.java | 13 +++++++++++-- .../nexus/secure_tcp_socket/dto/MessageTest.java | 7 ++----- 4 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/main/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocket.java b/src/main/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocket.java index 88405b2..9d292d9 100644 --- a/src/main/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocket.java +++ b/src/main/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocket.java @@ -13,6 +13,7 @@ import java.net.Socket; import java.security.GeneralSecurityException; import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; /** * Encrypted socket for client and server use @@ -23,14 +24,13 @@ public class SecureTcpSocket extends Socket { private final String transformation; private final SecretKey key; - private final IvParameterSpec dynamicInitVector; + private final AlgorithmParameterSpec dynamicInitVector; private boolean useIV = true; /** * 'Creates a stream socket and connects it to the specified port number on the named host' * * @param dynamicInitVector dynamically-generated IV - * @throws IOException */ public static SecureTcpSocket connect(String host, int port, String algorithm, SecretKey key, IvParameterSpec dynamicInitVector) throws IOException { return new SecureTcpSocket(host, port, algorithm, key, dynamicInitVector); @@ -50,14 +50,14 @@ private SecureTcpSocket(String host, int port, String transformation, SecretKey /** * Creates a {@link SecureTcpSocket} based on the provided socket */ - public static SecureTcpSocket of(Socket providedSocket, String transformation, SecretKey key, IvParameterSpec initVector) { + public static SecureTcpSocket of(Socket providedSocket, String transformation, SecretKey key, AlgorithmParameterSpec initVector) { return new SecureTcpSocket(providedSocket, transformation, key, initVector); } /** * 'Providing' constructor */ - private SecureTcpSocket(Socket providedSocket, String transformation, SecretKey key, IvParameterSpec dynamicInitVector) { + private SecureTcpSocket(Socket providedSocket, String transformation, SecretKey key, AlgorithmParameterSpec dynamicInitVector) { this.providedSocket = providedSocket; this.transformation = transformation; @@ -145,4 +145,4 @@ public static IvParameterSpec getInitVector(String algorithm) { throw new SecureSocketTechnicalException("Could not setup cipher", e); } } -} \ No newline at end of file +} diff --git a/src/main/java/tools/nexus/secure_tcp_socket/dto/Message.java b/src/main/java/tools/nexus/secure_tcp_socket/dto/Message.java index b0e5672..7992de1 100644 --- a/src/main/java/tools/nexus/secure_tcp_socket/dto/Message.java +++ b/src/main/java/tools/nexus/secure_tcp_socket/dto/Message.java @@ -57,7 +57,7 @@ public boolean isListRequest() { } /** - * Hash with all fields + * Hash with all fields (except storedHash) */ @Override public int hashCode() { @@ -79,7 +79,7 @@ public int hashCode() { } /** - * Equals wit all fields + * Equals with all fields (except storedHash) */ @SuppressWarnings({"squid:S3776", "squid:S1126", "squid:S3973"}) // Cognitive Complexity, return boolean not with if-else, use curly braces or indentation diff --git a/src/test/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocketTest.java b/src/test/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocketTest.java index 6fe764e..8a4395d 100644 --- a/src/test/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocketTest.java +++ b/src/test/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocketTest.java @@ -11,6 +11,7 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.io.IOException; @@ -19,6 +20,7 @@ import java.net.ServerSocket; import java.net.Socket; import java.nio.charset.StandardCharsets; +import java.security.spec.AlgorithmParameterSpec; import java.util.Arrays; import java.util.stream.Stream; @@ -61,6 +63,10 @@ private static Stream provideParameters() { Arguments.of(NONE, NONE /* */, false /* skip IV */), Arguments.of("AES", "AES/CTR/NoPadding" /* */, false), + + // WIP + Arguments.of("AES", "AES/GCM/NoPadding" /* */, false), + Arguments.of("ARCFOUR", "ARCFOUR" /* */, true), Arguments.of("Blowfish", "Blowfish/CTR/NoPadding", false) ); @@ -201,13 +207,16 @@ public void tearDown() throws Exception { } @SuppressWarnings("java:S3329") // IV's should be random and unique - public static IvParameterSpec getInitVectorForTesting(String algorithm) { + public static AlgorithmParameterSpec getInitVectorForTesting(String algorithm) { try { Cipher cipher = Cipher.getInstance(algorithm); int size = cipher.getBlockSize(); byte[] tmp = new byte[size]; - Arrays.fill(tmp, (byte) 15); + + if (algorithm.contains("GCM")) { + return new GCMParameterSpec(128, tmp); + } return new IvParameterSpec(tmp); } catch (Exception e) { diff --git a/src/test/java/tools/nexus/secure_tcp_socket/dto/MessageTest.java b/src/test/java/tools/nexus/secure_tcp_socket/dto/MessageTest.java index 7331ac9..10e021c 100644 --- a/src/test/java/tools/nexus/secure_tcp_socket/dto/MessageTest.java +++ b/src/test/java/tools/nexus/secure_tcp_socket/dto/MessageTest.java @@ -13,11 +13,8 @@ class MessageTest { Message otherMessage = new Message("tbd"); Message nonEqMessage = new Message("nonEq"); - /** - * test created on Windows machine - */ @Test - void testHashCode() { + void testHashCode_detectMessageChanges() { assertThat(testee.hashCode()).isEqualTo(-638242825); testee.name = "hello"; @@ -33,4 +30,4 @@ void testEqual() { assertThat(testee).isEqualTo(otherMessage); assertThat(testee).isNotEqualTo(nonEqMessage); } -} \ No newline at end of file +}