-
Notifications
You must be signed in to change notification settings - Fork 32
/
Elgamal.java
253 lines (219 loc) · 7.09 KB
/
Elgamal.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
package cryptography.ciphers.elgamal;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import cryptography.Logging;
import cryptography.Mode;
/**
* ElGamal encryption system is an asymmetric key encryption algorithm for
* public-key cryptography. ElGamal cryptosystem is usually used as part of a
* hybrid cryptosystem where the message itself is encrypted using a symmetric
* cryptosystem and ElGamal is then used to encrypt only the symmetric key.
*
* This file is very deeply based on http://www.bouncycastle.org/docs/ examples
* chapter 4 -> RSA example with OAEP Padding and random key generation. It's
* implementing Elgamal OAEP => "Optimal asymmetric encryption padding"
*
* CTR => Counter mode for encryption PKCS1 => Public-Key Cryptography
* Standards, #1 is the first of a family of standards
*
* Note: usually these tutorials uses Hex encoding as output but this is using
* Base64
*/
public class Elgamal {
private static final String PROVIDER = "BC";
private Logging logging = Logging.DISABLED;
private SecureRandom random = null;
private KeyPair keypair = null;
private Cipher xCipher = null;
private Cipher sCipher = null;
private IvParameterSpec sIvSpec = null;
private Key sKey = null;
private byte[] keyBlock = null;
private Base64 base64 = new Base64();
// Provider
static {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
}
// Constructor
public Elgamal(Logging logging_) {
logging = logging_;
random = new SecureRandom();
keypair = createKeyPair();
if (logging == Logging.ENABLED) {
System.out.println("Elgamal generated secure random: " + random.toString());
System.out.print("Elgamal keypair generation: ");
System.out.println(keypair != null ? "success" : "failed");
}
// Get instances
xCipher = getCipherInstance("ElGamal/None/PKCS1Padding");
sCipher = getCipherInstance("AES/CTR/NoPadding");
}
/**
* Generate the ElGamal Key Pair Note that some tutorials have BC and SC, that
* means provider, BC is BouncyCastle and SC is SpongyCastle provider.
*
* @return KeyPair object
*/
private KeyPair createKeyPair() {
try {
KeyPairGenerator generator = KeyPairGenerator.getInstance("ELGamal", PROVIDER);
generator.initialize(512, random);
return generator.generateKeyPair();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
System.out.println(e.toString());
return null;
}
}
/**
* Symmetric key/iv wrapping step
*
* @return
*/
private Cipher getCipherInstance(final String cipherInstance) {
try {
return Cipher.getInstance(cipherInstance, PROVIDER);
} catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
System.out.println(e.toString());
return null;
}
}
public String elgamal(Mode mode, String input) {
try {
if (mode == Mode.ENCRYPT) {
// Create the symmetric key and iv
sKey = createKeyForAES(256, random);
sIvSpec = createCtrIvForAES(0, random);
xCipher.init(Cipher.ENCRYPT_MODE, keypair.getPublic(), random);
keyBlock = xCipher.doFinal(packKeyAndIv(sKey, sIvSpec));
// Encryption step
sCipher.init(Cipher.ENCRYPT_MODE, sKey, sIvSpec);
byte[] cipherText = sCipher.doFinal(input.getBytes());
if (logging == Logging.ENABLED) {
System.out.println("Elgamal keyBlock length: " + keyBlock.length);
System.out.println("Elgamal cipherText length: " + cipherText.length);
}
return base64.encodeToString(cipherText);
}
if (mode == Mode.DECRYPT) {
byte[] inputBytes = base64.decode(input.getBytes(StandardCharsets.UTF_8));
// Symmetric key/iv unwrapping step
xCipher.init(Cipher.DECRYPT_MODE, keypair.getPrivate());
Object[] keyIv = unpackKeyAndIV(xCipher.doFinal(keyBlock));
// Decryption step
sCipher.init(Cipher.DECRYPT_MODE, (Key) keyIv[0], (IvParameterSpec) keyIv[1]);
byte[] plainText = sCipher.doFinal(inputBytes);
return new String(plainText, StandardCharsets.UTF_8);
}
} catch (Exception e) {
System.out.println(e.toString());
}
return null;
}
/**
* Create a key for use with AES.
*
* @param bitLength
* @param random
* @return an AES key.
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
*/
public static SecretKey createKeyForAES(int bitLength, SecureRandom random) {
try {
KeyGenerator generator = KeyGenerator.getInstance("AES", PROVIDER);
generator.init(256, random);
return generator.generateKey();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
System.out.println(e.toString());
return null;
}
}
/**
* Create an IV suitable for using with AES in CTR mode. The IV will be composed
* of 4 bytes of message number, 4 bytes of random data, and a counter of 8
* bytes.
*
* @param messageNumber the number of the message.
* @param random a source of randomness
* @return an initialized IvParameterSpec
*/
public static IvParameterSpec createCtrIvForAES(int messageNumber, SecureRandom random) {
byte[] ivBytes = new byte[16];
// initially randomize
random.nextBytes(ivBytes);
// set the message number bytes
ivBytes[0] = (byte) (messageNumber >> 24);
ivBytes[1] = (byte) (messageNumber >> 16);
ivBytes[2] = (byte) (messageNumber >> 8);
ivBytes[3] = (byte) (messageNumber >> 0);
// set the counter bytes to 1
for (int i = 0; i != 7; i++) {
ivBytes[8 + i] = 0;
}
ivBytes[15] = 1;
return new IvParameterSpec(ivBytes);
}
/**
* packKeyAndIv
*
* @param key
* @param ivSpec
* @return
* @throws IOException
*/
private static byte[] packKeyAndIv(Key key, IvParameterSpec ivSpec) throws IOException {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
bOut.write(ivSpec.getIV());
bOut.write(key.getEncoded());
return bOut.toByteArray();
}
/**
* unpackKeyAndIV
*
* @param data
* @return
*/
private static Object[] unpackKeyAndIV(byte[] data) {
return new Object[] { new SecretKeySpec(data, 16, data.length - 16, "AES"), new IvParameterSpec(data, 0, 16) };
}
/**
* Returns public key as base 64 for viewing purposes
*
* @return base64 public key
*/
public String getPublicKeyStr() {
return base64.encodeToString(keypair.getPublic().getEncoded());
}
/**
* Returns private key as base 64 for viewing purposes
*
* @return base64 private key
*/
public String getPrivateKeyStr() {
return base64.encodeToString(keypair.getPrivate().getEncoded());
}
/**
* Get key block length
*
* @return integer
*/
public int getKeyBlockLength() {
return keyBlock.length;
}
}