聊聊jasypt的IVGenerator

2023-09-12 19:53:43 浏览数 (2)

本文主要研究一下jasypt的IVGenerator

IVGenerator

org/jasypt/salt/IVGenerator.java

代码语言:javascript复制
/**
 * <p>
 * Common interface for all IV generators which can be applied in digest
 * or encryption operations.
 * </p>
 * <p>
 * <b>Every implementation of this interface must be thread-safe</b>.
 * </p>
 *
 * @since 1.9.3
 *
 * @author Alex Scal
 *
 */
public interface IVGenerator {

    /**
     * <p>
     * This method will be called for requesting the generation of a new
     * IV of the specified length.
     * </p>
     *
     * @param length the requested length for the IV.
     * @return the generated IV.
     */
    byte[] generateIV(int length);


    /**
     * <p>
     * Determines if the digests and encrypted messages created with a
     * specific IV generator will include (prepended) the unencrypted
     * IV itself, so that it can be used for matching and decryption
     * operations.
     * </p>
     * <p>
     * Generally, including the IV unencrypted in encryption results will
     * be mandatory for randomly generated IVs, or for those generated in a
     * non-predictable manner.
     * Otherwise, digest matching and decryption operations will always fail.
     * </p>
     *
     * @return whether the plain (unencrypted) IV has to be included in
     *         encryption results or not.
     */
    public boolean includePlainIVInEncryptionResults();

}

IVGenerator定义了generateIV及includePlainIVInEncryptionResults方法,它有三个实现类,分别是NoOpIVGenerator、StringFixedIVGenerator、RandomIVGenerator

NoOpIVGenerator

代码语言:javascript复制
public class NoOpIVGenerator implements IVGenerator {

    /**
     * Return IV with the specified byte length.
     *
     * @param lengthBytes length in bytes.
     * @return the generated salt.
     */ 
    @Override
    public byte[] generateIV(final int lengthBytes) {
        return null;
    }

    /**
     * As this salt generator provides a fixed IV, its inclusion
     * unencrypted in encryption results
     * is not necessary, and in fact not desirable (so that it remains hidden).
     *
     * @return false
     */
    @Override
    public boolean includePlainIVInEncryptionResults() {
        return false;
    }

}

主要用于解密旧版(不使用iv)的密码

StringFixedIVGenerator

org/jasypt/salt/StringFixedIVGenerator.java

代码语言:javascript复制
public class StringFixedIVGenerator implements IVGenerator {

    private static final String DEFAULT_CHARSET = "UTF-8";

    private final String iv;
    private final String charset;
    private final byte[] ivBytes;



    /**
     * Creates a new instance of <tt>FixedStringIVGenerator</tt> using
     * the default charset.
     *
     * @param iv the specified salt.
     */
    public StringFixedIVGenerator(final String iv) {
        this(iv, null);
    }


    /**
     * Creates a new instance of <tt>FixedStringIVGenerator</tt>
     *
     * @param iv the specified salt.
     * @param charset the specified charset
     */
    public StringFixedIVGenerator(final String iv, final String charset) {
        super();
        CommonUtils.validateNotNull(iv, "IV cannot be set null");
        this.iv = iv;
        this.charset = (charset != null? charset : DEFAULT_CHARSET);
        try {
            this.ivBytes = this.iv.getBytes(this.charset);
        } catch (UnsupportedEncodingException e) {
            throw new EncryptionInitializationException(
                    "Invalid charset specified: "   this.charset);
        }
    }


    /**
     * Return IV with the specified byte length.
     *
     * @param lengthBytes length in bytes.
     * @return the generated salt.
     */
    public byte[] generateIV(final int lengthBytes) {
        if (this.ivBytes.length < lengthBytes) {
            throw new EncryptionInitializationException(
                    "Requested IV larger than set");
        }
        final byte[] generatedIV = new byte[lengthBytes];
        System.arraycopy(this.ivBytes, 0, generatedIV, 0, lengthBytes);
        return generatedIV;
    }

    /**
     * As this salt generator provides a fixed IV, its inclusion
     * unencrypted in encryption results
     * is not necessary, and in fact not desirable (so that it remains hidden).
     *
     * @return false
     */
    @Override
    public boolean includePlainIVInEncryptionResults() {
        return false;
    }

}

StringFixedIVGenerator根据固定的值和长度来生成iv,如果固定值的长度小于请求生成iv的长度则抛出EncryptionInitializationException,否则从前面取指定长度返回

RandomIVGenerator

org/jasypt/salt/RandomIVGenerator.java

代码语言:javascript复制
public class RandomIVGenerator implements IVGenerator {

    /**
     * The default algorithm to be used for secure random number
     * generation: set to SHA1PRNG.
     */
    private static final String GENERATOR_ALGORITHM = "SHA1PRNG";

    private final SecureRandom random;

    /**
     * Creates a new instance of <tt>RandomIVGenerator</tt> using the
     * default secure random number generation algorithm.
     */
    public RandomIVGenerator() {
        this(GENERATOR_ALGORITHM);
    }

    /**
     * Creates a new instance of <tt>RandomIVGenerator</tt> specifying a
     * secure random number generation algorithm.
     *
     * @since 1.9.3
     *
     */
    public RandomIVGenerator(String secureRandomAlgorithm) {
        super();
        try {
            this.random = SecureRandom.getInstance(secureRandomAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new EncryptionInitializationException(e);
        }
    }

    /**
     * Generate a random IV of the specified length in bytes.
     *
     * @param length length in bytes.
     * @return the generated IV.
     */
    @Override
    public byte[] generateIV(int length) {
        byte[] iv = new byte[length / 8];
        random.nextBytes(iv);
        return iv;
    }

    /**
     * This IV generator needs the salt to be included unencrypted in
     * encryption results, because of its being random. This method will always
     * return true.
     *
     * @return true
     */
    @Override
    public boolean includePlainIVInEncryptionResults() {
        return true;
    }
}

RandomIVGenerator可以根据传入的secureRandomAlgorithm来生成iv,如果不传默认是SHA1PRNG

PBES2Core

com/sun/crypto/provider/PBES2Core.java

代码语言:javascript复制
protected void engineInit(int opmode, Key key,
                              AlgorithmParameterSpec params,
                              SecureRandom random)
        throws InvalidKeyException, InvalidAlgorithmParameterException {

        if (key == null) {
            throw new InvalidKeyException("Null key");
        }

        byte[] passwdBytes = key.getEncoded();
        char[] passwdChars = null;
        PBEKeySpec pbeSpec;
        try {
            if ((passwdBytes == null) ||
                    !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
                throw new InvalidKeyException("Missing password");
            }

            // TBD: consolidate the salt, ic and IV parameter checks below

            // Extract salt and iteration count from the key, if present
            if (key instanceof javax.crypto.interfaces.PBEKey) {
                salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
                if (salt != null && salt.length < 8) {
                    throw new InvalidAlgorithmParameterException(
                            "Salt must be at least 8 bytes long");
                }
                iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
                if (iCount == 0) {
                    iCount = DEFAULT_COUNT;
                } else if (iCount < 0) {
                    throw new InvalidAlgorithmParameterException(
                            "Iteration count must be a positive number");
                }
            }

            // Extract salt, iteration count and IV from the params, if present
            if (params == null) {
                if (salt == null) {
                    // generate random salt and use default iteration count
                    salt = new byte[DEFAULT_SALT_LENGTH];
                    random.nextBytes(salt);
                    iCount = DEFAULT_COUNT;
                }
                if ((opmode == Cipher.ENCRYPT_MODE) ||
                        (opmode == Cipher.WRAP_MODE)) {
                    // generate random IV
                    byte[] ivBytes = new byte[blkSize];
                    random.nextBytes(ivBytes);
                    ivSpec = new IvParameterSpec(ivBytes);
                }
            } else {
                if (!(params instanceof PBEParameterSpec)) {
                    throw new InvalidAlgorithmParameterException
                            ("Wrong parameter type: PBE expected");
                }
                // salt and iteration count from the params take precedence
                byte[] specSalt = ((PBEParameterSpec) params).getSalt();
                if (specSalt != null && specSalt.length < 8) {
                    throw new InvalidAlgorithmParameterException(
                            "Salt must be at least 8 bytes long");
                }
                salt = specSalt;
                int specICount = ((PBEParameterSpec) params).getIterationCount();
                if (specICount == 0) {
                    specICount = DEFAULT_COUNT;
                } else if (specICount < 0) {
                    throw new InvalidAlgorithmParameterException(
                            "Iteration count must be a positive number");
                }
                iCount = specICount;

                AlgorithmParameterSpec specParams =
                        ((PBEParameterSpec) params).getParameterSpec();
                if (specParams != null) {
                    if (specParams instanceof IvParameterSpec) {
                        ivSpec = (IvParameterSpec)specParams;
                    } else {
                        throw new InvalidAlgorithmParameterException(
                                "Wrong parameter type: IV expected");
                    }
                } else if ((opmode == Cipher.ENCRYPT_MODE) ||
                        (opmode == Cipher.WRAP_MODE)) {
                    // generate random IV
                    byte[] ivBytes = new byte[blkSize];
                    random.nextBytes(ivBytes);
                    ivSpec = new IvParameterSpec(ivBytes);
                } else {
                    throw new InvalidAlgorithmParameterException(
                            "Missing parameter type: IV expected");
                }
            }

            passwdChars = new char[passwdBytes.length];
            for (int i = 0; i < passwdChars.length; i  )
                passwdChars[i] = (char) (passwdBytes[i] & 0x7f);

            pbeSpec = new PBEKeySpec(passwdChars, salt, iCount, keyLength);
            // password char[] was cloned in PBEKeySpec constructor,
            // so we can zero it out here
        } finally {
            if (passwdChars != null) Arrays.fill(passwdChars, '');
            if (passwdBytes != null) Arrays.fill(passwdBytes, (byte)0x00);
        }

        SecretKey s = null;

        try {
            s = kdf.engineGenerateSecret(pbeSpec);

        } catch (InvalidKeySpecException ikse) {
            InvalidKeyException ike =
                new InvalidKeyException("Cannot construct PBE key");
            ike.initCause(ikse);
            throw ike;
        }
        byte[] derivedKey = s.getEncoded();
        SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);

        // initialize the underlying cipher
        cipher.init(opmode, cipherKey, ivSpec, random);
    }

PBES2Core的engineInit在PBEParameterSpec的PBEParameterSpec不为null但又不是IvParameterSpec类型时抛出InvalidAlgorithmParameterException(“Wrong parameter type: IV expected”)异常;如果是encrypt或者wrap模式,如果不传iv则会自动生成,而不是encrypt或者wrap模式(一般是decrypt模式),则在iv为null时抛出InvalidAlgorithmParameterException(“Missing parameter type: IV expected”)异常

小结

IVGenerator定义了generateIV及includePlainIVInEncryptionResults方法,它有三个实现类,分别是NoOpIVGenerator、StringFixedIVGenerator、RandomIVGenerator;对于PBE算法,如果iv不传,在decrypt模式会抛出InvalidAlgorithmParameterException(“Missing parameter type: IV expected”)异常。

0 人点赞