Skip to content

Feature 32: add AES/GCM #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aeugster wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature 32: add AES/GCM #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2bc0828
Feature 32: add AES/GCM
Sep 22, 2023
6e4c5ec
Merge remote-tracking branch 'origin/main' into 32-gcm-cypher
aeugster Nov 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions src/main/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocket.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;

/**
* Encrypted socket for client and server use
Expand All @@ -23,14 +24,13 @@ public class SecureTcpSocket extends Socket {

private final String transformation;
private final SecretKey key;
private final IvParameterSpec dynamicInitVector;
private final AlgorithmParameterSpec dynamicInitVector;
private boolean useIV = true;

/**
* 'Creates a stream socket and connects it to the specified port number on the named host'
*
* @param dynamicInitVector dynamically-generated IV
* @throws IOException
*/
public static SecureTcpSocket connect(String host, int port, String algorithm, SecretKey key, IvParameterSpec dynamicInitVector) throws IOException {
return new SecureTcpSocket(host, port, algorithm, key, dynamicInitVector);
Expand All @@ -50,14 +50,14 @@ private SecureTcpSocket(String host, int port, String transformation, SecretKey
/**
* Creates a {@link SecureTcpSocket} based on the provided socket
*/
public static SecureTcpSocket of(Socket providedSocket, String transformation, SecretKey key, IvParameterSpec initVector) {
public static SecureTcpSocket of(Socket providedSocket, String transformation, SecretKey key, AlgorithmParameterSpec initVector) {
return new SecureTcpSocket(providedSocket, transformation, key, initVector);
}

/**
* 'Providing' constructor
*/
private SecureTcpSocket(Socket providedSocket, String transformation, SecretKey key, IvParameterSpec dynamicInitVector) {
private SecureTcpSocket(Socket providedSocket, String transformation, SecretKey key, AlgorithmParameterSpec dynamicInitVector) {
this.providedSocket = providedSocket;

this.transformation = transformation;
Expand Down Expand Up @@ -145,4 +145,4 @@ public static IvParameterSpec getInitVector(String algorithm) {
throw new SecureSocketTechnicalException("Could not setup cipher", e);
}
}
}
}
4 changes: 2 additions & 2 deletions src/main/java/tools/nexus/secure_tcp_socket/dto/Message.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public boolean isListRequest() {
}

/**
* Hash with all fields
* Hash with all fields (except storedHash)
*/
@Override
public int hashCode() {
Expand All @@ -79,7 +79,7 @@ public int hashCode() {
}

/**
* Equals wit all fields
* Equals with all fields (except storedHash)
*/
@SuppressWarnings({"squid:S3776", "squid:S1126", "squid:S3973"})
// Cognitive Complexity, return boolean not with if-else, use curly braces or indentation
Expand Down
13 changes: 11 additions & 2 deletions src/test/java/tools/nexus/secure_tcp_socket/common/SecureTcpSocketTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
Expand All @@ -19,6 +20,7 @@
import java.net.ServerSocket;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.stream.Stream;

Expand Down Expand Up @@ -61,6 +63,10 @@ private static Stream<Arguments> provideParameters() {

Arguments.of(NONE, NONE /* */, false /* skip IV */),
Arguments.of("AES", "AES/CTR/NoPadding" /* */, false),

// WIP
Arguments.of("AES", "AES/GCM/NoPadding" /* */, false),

Arguments.of("ARCFOUR", "ARCFOUR" /* */, true),
Arguments.of("Blowfish", "Blowfish/CTR/NoPadding", false)
);
Expand Down Expand Up @@ -201,13 +207,16 @@ public void tearDown() throws Exception {
}

@SuppressWarnings("java:S3329") // IV's should be random and unique
public static IvParameterSpec getInitVectorForTesting(String algorithm) {
public static AlgorithmParameterSpec getInitVectorForTesting(String algorithm) {
try {
Cipher cipher = Cipher.getInstance(algorithm);
int size = cipher.getBlockSize();
byte[] tmp = new byte[size];

Arrays.fill(tmp, (byte) 15);

if (algorithm.contains("GCM")) {
return new GCMParameterSpec(128, tmp);
}
return new IvParameterSpec(tmp);

} catch (Exception e) {
Expand Down
7 changes: 2 additions & 5 deletions src/test/java/tools/nexus/secure_tcp_socket/dto/MessageTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,8 @@ class MessageTest {
Message otherMessage = new Message("tbd");
Message nonEqMessage = new Message("nonEq");

/**
* test created on Windows machine
*/
@Test
void testHashCode() {
void testHashCode_detectMessageChanges() {
assertThat(testee.hashCode()).isEqualTo(-638242825);

testee.name = "hello";
Expand All @@ -33,4 +30,4 @@ void testEqual() {
assertThat(testee).isEqualTo(otherMessage);
assertThat(testee).isNotEqualTo(nonEqMessage);
}
}
}
Loading