New verisoned AES ciphertext format.

Author: thesquaregroot

format-tests/.gitignore

@@ -0,0 +1,132 @@
+
+## Node.js
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+© 2020 GitHub, Inc.
+Terms
+Privacy
+Security
+Status
+Help
+Contact GitHub
+Pricing
+API
+Training
+Blog
+About
+

format-tests/README

@@ -0,0 +1,11 @@
+This directory contains code purely used for testing cryptography formats in
+other languages.
+
+For python, the cryptography library is used, installed via:
+
+    pip3 install cryptography
+
+For javascript, the crypto-js and buffer libraries are used, installed via:
+
+    npm install
+

format-tests/aes_decrypt.js

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+
+// adapted from https://gist.github.com/rjz/15baffeab434b8125ca4d783f4116d81
+
+const buffer = require('buffer');
+const crypto = require('crypto');
+
+var keyHex = '23B3E2B8FFB06B330750AABF727B55E3D31E19AA1AAA77D0E70988F57FE2FD82'
+var ciphertextHex = '010C1A6CB9E30EEDB700FD101B03109266C9A8D67FD85D405C6FA9620D0954F8FF64E1'
+var plaintext = 'Test'
+
+const ALGO = 'aes-256-gcm';
+const decrypt = (key, enc, iv, authTag) => {
+    const decipher = crypto.createDecipheriv(ALGO, key, iv);
+    decipher.setAuthTag(authTag);
+    let str = decipher.update(enc, 'base64', 'utf8');
+    str += decipher.final('utf8');
+    return str;
+};
+
+const key = Buffer.from(keyHex, 'hex');
+const ciphertext = Buffer.from(ciphertextHex, 'hex')
+
+const formatVersion = ciphertext.readInt8(0);
+const ivLength = ciphertext.readInt8(1);
+const ivEnd = 2+ivLength;
+
+const iv = ciphertext.slice(2, ivEnd);
+const tagLength = ciphertext.readInt8(ivEnd);
+const tagEnd = ivEnd + tagLength + 1;
+const authenticationTag = ciphertext.slice(ivEnd+1, tagEnd);
+const encryptedData = ciphertext.slice(tagEnd);
+
+var decrypted;
+try {
+    decrypted = decrypt(key, encryptedData, iv, authenticationTag);
+}
+catch (error) {
+    console.error(error);
+}
+console.log((decrypted == plaintext) ? "Pass" : "Fail");
+
+

format-tests/aes_decrypt.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+
+import binascii
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+key = binascii.unhexlify('23B3E2B8FFB06B330750AABF727B55E3D31E19AA1AAA77D0E70988F57FE2FD82')
+ciphertext = binascii.unhexlify('010C1A6CB9E30EEDB700FD101B03109266C9A8D67FD85D405C6FA9620D0954F8FF64E1')
+plaintext = b'Test'
+
+formatVersion = int(ciphertext[0])
+ivLength = int(ciphertext[1])
+ivEnd = 2 + ivLength
+
+iv = ciphertext[2:ivEnd]
+tagLength = int(ciphertext[ivEnd])
+tagEnd = ivEnd + tagLength + 1
+authenticationTag = ciphertext[ivEnd+1:tagEnd]
+encryptedData = ciphertext[tagEnd:]
+
+aesGcmKey = AESGCM(key)
+message = aesGcmKey.decrypt(iv, encryptedData + authenticationTag, None)
+print('Pass' if (plaintext == message) else 'Fail')

format-tests/aes_encrypt.py

@@ -0,0 +1,20 @@
+#!/usr/bin/env python3
+
+import binascii
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+key = binascii.unhexlify('23B3E2B8FFB06B330750AABF727B55E3D31E19AA1AAA77D0E70988F57FE2FD82')
+iv = binascii.unhexlify('1A6CB9E30EEDB700FD101B03')
+plaintext = b'Test'
+expected= binascii.unhexlify('010C1A6CB9E30EEDB700FD101B03109266C9A8D67FD85D405C6FA9620D0954F8FF64E1')
+
+aesGcmKey = AESGCM(key)
+ciphertext = aesGcmKey.encrypt(iv, plaintext, None)
+
+encryptedData = ciphertext[:-16]
+authenticationTag = ciphertext[-16:]
+
+output = bytes([1]) + bytes([len(iv)]) + iv + bytes([len(authenticationTag)]) + authenticationTag + encryptedData
+
+print('Pass' if (output == expected) else 'Fail')
+

format-tests/package-lock.json

@@ -0,0 +1,17 @@
+{
+  "name": "format-tests",
+  "version": "1.0.0",
+  "description": "This directory contains code purely used for testing cryptography formats in other languages.",
+  "main": "aes_decrypt.js",
+  "dependencies": {
+    "buffer": "^5.6.0",
+    "crypto-js": "^4.0.0"
+  },
+  "devDependencies": {},
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
+}

format-tests/package.json

@@ -3,6 +3,7 @@
 import com.softwareverde.logging.Logger;
 import com.softwareverde.util.ByteUtil;
 import com.softwareverde.util.bytearray.ByteArrayBuilder;
+import com.softwareverde.util.bytearray.ByteArrayReader;
 
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
@@ -17,9 +18,10 @@
 public class AesKey {
     public static final int DEFAULT_KEY_SIZE = 256;
 
+    protected static final byte FORMAT_VERSION = 1;
+
     private static final String KEY_ALGORITHM = "AES";
     private static final String ENCRYPTION_CIPHER = "AES/GCM/NoPadding"; // Using GCM instead of CBC as it provides authentication
-    private static final int LEGACY_AUTHENTICATION_TAG_LENGTH = 12; // default is tag length is not specified
     private static final int AUTHENTICATION_TAG_LENGTH = 16; // max allowed value
     private static final int INITIALIZATION_VECTOR_LENGTH = 12; // IV size of 12-bytes is specifically recommended for AES-GCM (more efficient than other lengths)
 
@@ -81,17 +83,19 @@ public byte[] encrypt(byte[] plainText) {
             final byte[] initializationVectorBytes = _createInitializationVector();
             final AlgorithmParameterSpec initializationVector = new GCMParameterSpec(AUTHENTICATION_TAG_LENGTH * Byte.SIZE, initializationVectorBytes);
             aesCipher.init(Cipher.ENCRYPT_MODE, _key, initializationVector);
-            final byte[] cipherText = aesCipher.doFinal(plainText);
+            final byte[] javaCipherText = aesCipher.doFinal(plainText);
+            final byte[] cipherText = Arrays.copyOfRange(javaCipherText, 0, javaCipherText.length - AUTHENTICATION_TAG_LENGTH);
+            final byte[] authenticationTag = Arrays.copyOfRange(javaCipherText, javaCipherText.length - AUTHENTICATION_TAG_LENGTH, javaCipherText.length);
 
             // prefix cipher text with initialization vector
             final ByteArrayBuilder byteArrayBuilder = new ByteArrayBuilder();
-            byteArrayBuilder.appendByte((byte) (0x80 | initializationVectorBytes.length));
-            byteArrayBuilder.appendByte((byte) AUTHENTICATION_TAG_LENGTH);
+            byteArrayBuilder.appendByte(FORMAT_VERSION);
+            byteArrayBuilder.appendByte((byte) initializationVectorBytes.length);
             byteArrayBuilder.appendBytes(initializationVectorBytes);
+            byteArrayBuilder.appendByte((byte) AUTHENTICATION_TAG_LENGTH);
+            byteArrayBuilder.appendBytes(authenticationTag);
             byteArrayBuilder.appendBytes(cipherText);
 
-            Arrays.fill(initializationVectorBytes, (byte) 0);
-
             return byteArrayBuilder.build();
         }
         catch (final Exception e) {
@@ -103,24 +107,23 @@ public byte[] encrypt(byte[] plainText) {
     public byte[] decrypt(byte[] cipherText) {
         try {
             // remove initialization vector from cipher text
-            byte initializationVectorLength = cipherText[0];
-            int authenticationTagLength = LEGACY_AUTHENTICATION_TAG_LENGTH;
-            int ivStartIndex = 1;
-            if ((initializationVectorLength & 0x80) != 0) {
-                initializationVectorLength = (byte) (initializationVectorLength ^ 0x80);
-                authenticationTagLength = cipherText[1];
-                ivStartIndex = 2;
-            }
-            int cipherTextOffset = ByteUtil.byteToInteger(initializationVectorLength) + ivStartIndex;
-            final byte[] initializationVectorBytes = Arrays.copyOfRange(cipherText, ivStartIndex, cipherTextOffset);
+            final ByteArrayReader byteArrayReader = new ByteArrayReader(cipherText);
+            byte formatVersion = byteArrayReader.readByte();
+            byte initializationVectorLength = byteArrayReader.readByte();
+            final byte[] initializationVectorBytes = byteArrayReader.readBytes((int) initializationVectorLength);
+            byte authenticationTagLength = byteArrayReader.readByte();
+            byte[] authenticationTag = byteArrayReader.readBytes((int) authenticationTagLength);
+            final byte[] encryptedData = byteArrayReader.readBytes(byteArrayReader.remainingByteCount());
+
+            final byte[] javaCipherText = new byte[encryptedData.length + authenticationTagLength];
+            ByteUtil.setBytes(javaCipherText, encryptedData, 0);
+            ByteUtil.setBytes(javaCipherText, authenticationTag, encryptedData.length);
+
             final AlgorithmParameterSpec initializationVector = new GCMParameterSpec(authenticationTagLength * Byte.SIZE, initializationVectorBytes);
-            final byte[] encryptedData = Arrays.copyOfRange(cipherText, cipherTextOffset, cipherText.length);
 
             final Cipher aesCipher = Cipher.getInstance(ENCRYPTION_CIPHER);
             aesCipher.init(Cipher.DECRYPT_MODE, _key, initializationVector);
-            final byte[] plainText = aesCipher.doFinal(encryptedData);
-
-            Arrays.fill(initializationVectorBytes, (byte) 0);
+            final byte[] plainText = aesCipher.doFinal(javaCipherText);
 
             return plainText;
         }