samedi 18 avril 2015

Porting javax.crypto to Gcrypt

I have a Java app (not written by me) that uses javax.crypto to encrypt and decrypt file.



public static final String PROVIDER = "BC";
public static final int SALT_LENGTH = 32;
public static final int IV_LENGTH = 16;
public static final int PBE_ITERATION_COUNT = 2048;

private static final String RANDOM_ALGORITHM = "SHA1PRNG";
private static final String HASH_ALGORITHM = "SHA-512";
private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS7Padding";
private static final String SECRET_KEY_ALGORITHM = "AES";

private static final int VERSION = 1;
private static final String HEADER = "SCAES";

private byte[] iv = new byte[IV_LENGTH];
private byte[] salt = new byte[SALT_LENGTH];
private int currentVersion = 1;

private static SecretKey getSecretKey(String password, byte[] salt) throws AESCryptException {
    try {
        PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
        SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM, PROVIDER);
        SecretKey tmp = factory.generateSecret(pbeKeySpec);
        return new SecretKeySpec(tmp.getEncoded(), SECRET_KEY_ALGORITHM);
    }
    catch (Exception e) {
        throw new AESCryptException("Unable to get secret key");
    }
}


I'm developing a C application using Gcrypt which is able to decrypt file encrypted by the above Java app.

I'm very familiar with Gcrypt because I've developed various software with it but, on the other side, I'm not familiar neither with Java nor with javax.crypto.

So, basically, I need help to understand how to "translate" the above requirements from javax.crypto to Gcrypt.

I setup my C program like this:



algo = gcry_cipher_map_name("aes256");
derived_key = gcry_malloc_secure(64);
gcry_cipher_open(&hd, algo, GCRY_CIPHER_MODE_CBC, 0);
gcry_kdf_derive (input_key, pwd_len, GCRY_KDF_PBKDF2, GCRY_MD_SHA512, salt, 32, 2048, 64, derived_key)
gcry_cipher_setkey(hd, derived_key, keyLength);
gcry_cipher_setiv(hd, iv, blkLength);
//decrypt and chekc pkcs_7


but I'm not able to obtain the original file. What am I missing?


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)