Package org.silverpeas.core.security.encryption.cipher

Class BlockCipherWithPadding

  • All Implemented Interfaces:
    Cipher
    Direct Known Subclasses:
    AESCipher, CAST5Cipher
    public abstract class BlockCipherWithPadding
extends Object
implements Cipher
    In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data. A block cipher by itself allows encryption only of a single data block of the cipher's block length. For a variable-length message, the data must first be partitioned into separate cipher blocks. In the simplest case, known as the electronic codebook (ECB) mode, a message is first split into separate blocks of the cipher's block size (possibly extending the last block with padding bits), and then each block is encrypted and decrypted independently. However, such a naive method is generally insecure because equal plaintext blocks will always generate equal ciphertext blocks (for the same key), so patterns in the plaintext message become evident in the ciphertext output. To overcome this limitation, several so-called block cipher modes of operation have been designed and specified in national recommendations such as NIST 800-38A and BSI TR-02102 and international standards such as ISO/IEC 10116. The general concept is to use randomization of the plaintext data based on an additional input value, frequently called an initialization vector (IV), to create what is termed probabilistic encryption. In the popular cipher block chaining (CBC) mode, for encryption to be secure the initialization vector passed along with the plaintext message must be a random or pseudo-random value, which is added in an exclusive-or manner to the first plaintext block before it is being encrypted. The resultant ciphertext block is then used as the new initialization vector for the next plaintext block. In the cipher feedback (CFB) mode, which emulates a self-synchronizing stream cipher, the initialization vector is first encrypted and then added to the plaintext block. The output feedback (OFB) mode repeatedly encrypts the initialization vector to create a key stream for the emulation of a synchronous stream cipher. The newer counter (CTR) mode similarly creates a key stream, but has the advantage of only needing unique and not (pseudo-)random values as initialization vectors; the needed randomness is derived internally by using the initialization vector as a block counter and encrypting this counter for each block. Some modes such as the CBC mode only operate on complete plaintext blocks. Simply extending the last block of a message with zero-bits is insufficient since it does not allow a receiver to easily distinguish messages that differ only in the amount of padding bits. More importantly, such a simple solution gives rise to very efficient padding oracle attacks. A suitable padding scheme is therefore needed to extend the last plaintext block to the cipher's block size. While many popular schemes described in standards and in the literature have been shown to be vulnerable to padding oracle attacks, a solution which adds a one-bit and then extends the last block with zero-bits, standardized as "padding method 2" in ISO/IEC 9797-1, has been proven secure against these attacks. This class is the base one of all block ciphers which use a padding scheme to complete the data to encrypt when it is not divisible into blocks of expected size. All the subclasses will use the CBC operation mode with the PKCS#5 padding scheme. The encrypted data computed by this cipher is a combination of both the ciphertext and the initialization vector (IV) used in the encryption. So this block cipher implementation can retrieve both the ciphertext to decrypt and the IV that was used in the encryption and that is required by the decryption. This characteristic is important because the encrypted data cannot therefore be directly decrypted by another implementation of the same algorithm, even it uses the same operation mode and padding scheme, and this implementation cannot anymore to decrypt a ciphertext coming from another implementation. Nevertheless, to facilitate the encryption/decryption of a ciphertext between two implementation of the same cryptographic algorithm, this class provides two methods to combine or to extract the IV and the ciphertext to/from an encrypted data.

    • Constructor Detail

      • BlockCipherWithPadding

        protected BlockCipherWithPadding()

    • Method Detail

      • combineEncryptionData

        public static byte[] combineEncryptionData​(byte[] cipherText,
                                           byte[] iv)
        An helper method to produce a unique encrypted data by combining the specified ciphertext and the IV (Initialization Vector) used in the ciphertext computation. This method is for using this AES cipher implementation to decrypt ciphertexts that were computed by another AES cipher implementation (only if they use the same mode of cryptographic operation).
        Parameters:
        cipherText - the ciphertext produced by an AES cipher.
        iv - the IV used in the ciphertext computation.
        Returns:
        the resulting encrypted data understandable by this AES cipher implementation.

      • extractEncryptionData

        public static byte[][] extractEncryptionData​(byte[] encryptedData,
                                             BlockCipherWithPadding cipher)
                                      throws CryptoException
        A helper method to retrieve both the ciphertext and the IV (Initialization Vector) from the encrypted data that was produced by the specified block cipher instance. This method consists in extracting the necessary information to other implementations of AES encryption can decrypt the ciphertext (only if they use the same mode of cryptographic operation).
        Parameters:
        encryptedData - the encrypted data computed by this AES cipher implementation.
        Returns:
        an array with both the ciphertext (at index 0) and the IV that was used in the ciphertext computation (at index 1).
        Throws:
        CryptoException - if the extraction of the ciphertext and of the IV failed.

      • encrypt

        public byte[] encrypt​(String data,
                      CipherKey keyCode)
               throws CryptoException
        Encrypts the specified data by using the specified cryptographic key.

        The String objects handled by the encryption is done according the UTF-8 charset.

        Specified by:
        encrypt in interface Cipher
        Parameters:
        data - the data to encode.
        keyCode - the key to use in the encryption.
        Returns:
        the encrypted data in bytes.
        Throws:
        CryptoException - if an error has occurred in the data encryption.

      • decrypt

        public String decrypt​(byte[] encryptedData,
                      CipherKey keyCode)
               throws CryptoException
        Decrypt the specified code or cipher by using the specified cryptographic key.

        The String objects handled by the encryption is done according the UTF-8 charset.

        Specified by:
        decrypt in interface Cipher
        Parameters:
        encryptedData - the data in bytes encrypted by this cipher.
        keyCode - the key to use in the decryption.
        Returns:
        the decrypted data.
        Throws:
        CryptoException - if an error has occurred in the data decryption.

      • generateCipherKey

        public CipherKey generateCipherKey()
                            throws CryptoException
        Description copied from interface: Cipher
        Generates randomly a cipher key that can be used in the encryption and in the decryption of data with this cipher.
        Specified by:
        generateCipherKey in interface Cipher
        Returns:
        a computed key that can be used with this cipher in the encryption and in the decryption of data.
        Throws:
        CryptoException - if an error has occurred in the key generation.