'[commons-jcs] 02/03: Use new SecureRandom() instead of SecureRandom.getStrongInstance() to'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jakarta-commons-dev
Subject:    [commons-jcs] 02/03: Use new SecureRandom() instead of SecureRandom.getStrongInstance() to
From:       tv () apache ! org
Date:       2021-12-31 9:44:26
Message-ID: 20211231094424.B9A5081FF9 () gitbox ! apache ! org
[Download RAW message or body]

This is an automated email from the ASF dual-hosted git repository.

tv pushed a commit to branch release-3.1
in repository https://gitbox.apache.org/repos/asf/commons-jcs.git

commit ab5ac9a5f1f752731e503e33072874319eb6eb35
Author: Thomas Vandahl <tv@apache.org>
AuthorDate: Fri Dec 31 10:40:38 2021 +0100

    Use new SecureRandom() instead of SecureRandom.getStrongInstance() to
    
    avoid performance problems on Linux
---
 .../utils/serialization/EncryptingSerializer.java  | 27 ++++++++++++++++------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java \
b/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
 index 3137bb5..bbe9b8d 100644
--- a/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
                
+++ b/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
 @@ -21,11 +21,16 @@ package org.apache.commons.jcs3.utils.serialization;
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.spec.InvalidKeySpecException;
 
+import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.GCMParameterSpec;
@@ -42,7 +47,10 @@ import org.apache.commons.jcs3.engine.behavior.IElementSerializer;
  */
 public class EncryptingSerializer extends StandardSerializer
 {
+    private static final String DEFAULT_SECRET_KEY_ALGORITHM = \
"PBKDF2WithHmacSHA256";  private static final String DEFAULT_CIPHER = \
"AES/ECB/PKCS5Padding"; +    private static final int KEYHASH_ITERATION_COUNT = 1000;
+    private static final int KEY_LENGTH = 256;
     private static final int TAG_LENGTH = 128;
     private static final int IV_LENGTH = 12;
     private static final int SALT_LENGTH = 16;
@@ -82,8 +90,8 @@ public class EncryptingSerializer extends StandardSerializer
 
         try
         {
-            this.secureRandom = SecureRandom.getInstanceStrong();
-            this.secretKeyFactory = \
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); +            this.secureRandom \
= new SecureRandom(); +            this.secretKeyFactory = \
SecretKeyFactory.getInstance(DEFAULT_SECRET_KEY_ALGORITHM);  }
         catch (NoSuchAlgorithmException e)
         {
@@ -112,7 +120,7 @@ public class EncryptingSerializer extends StandardSerializer
         this.cipherTransformation = transformation;
     }
 
-    private byte[] getRandomBytes(int length) throws NoSuchAlgorithmException
+    private byte[] getRandomBytes(int length)
     {
         byte[] bytes = new byte[length];
         secureRandom.nextBytes(bytes);
@@ -120,10 +128,11 @@ public class EncryptingSerializer extends StandardSerializer
         return bytes;
     }
 
-    private SecretKey createSecretKey(String password, byte[] salt) throws \
NoSuchAlgorithmException, InvalidKeySpecException +    private SecretKey \
createSecretKey(String password, byte[] salt) throws InvalidKeySpecException  {
         /* Derive the key, given password and salt. */
-        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1000, 256);
+        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt,
+                KEYHASH_ITERATION_COUNT, KEY_LENGTH);
         SecretKey tmp = secretKeyFactory.generateSecret(spec);
         return new SecretKeySpec(tmp.getEncoded(), "AES");
     }
@@ -155,7 +164,9 @@ public class EncryptingSerializer extends StandardSerializer
                     .put(encrypted)
                     .array();
         }
-        catch (Exception e)
+        catch (NoSuchAlgorithmException | NoSuchPaddingException | \
BadPaddingException | +                IllegalBlockSizeException | \
InvalidKeyException | InvalidKeySpecException | +                \
InvalidAlgorithmParameterException e)  {
             throw new IOException("Error while encrypting", e);
         }
@@ -191,7 +202,9 @@ public class EncryptingSerializer extends StandardSerializer
 
             return cipher.doFinal(encrypted);
         }
-        catch (Exception e)
+        catch (NoSuchAlgorithmException | NoSuchPaddingException | \
BadPaddingException | +                IllegalBlockSizeException | \
InvalidKeyException | InvalidKeySpecException | +                \
InvalidAlgorithmParameterException e)  {
             throw new IOException("Error while decrypting", e);
         }


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic