You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by tv...@apache.org on 2021/12/31 09:44:26 UTC
[commons-jcs] 02/03: Use new SecureRandom() instead of SecureRandom.getStrongInstance() to
This is an automated email from the ASF dual-hosted git repository.
tv pushed a commit to branch release-3.1
in repository https://gitbox.apache.org/repos/asf/commons-jcs.git
commit ab5ac9a5f1f752731e503e33072874319eb6eb35
Author: Thomas Vandahl <tv...@apache.org>
AuthorDate: Fri Dec 31 10:40:38 2021 +0100
Use new SecureRandom() instead of SecureRandom.getStrongInstance() to
avoid performance problems on Linux
---
.../utils/serialization/EncryptingSerializer.java | 27 ++++++++++++++++------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java b/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
index 3137bb5..bbe9b8d 100644
--- a/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
+++ b/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
@@ -21,11 +21,16 @@ package org.apache.commons.jcs3.utils.serialization;
import java.io.IOException;
import java.nio.ByteBuffer;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
+import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
@@ -42,7 +47,10 @@ import org.apache.commons.jcs3.engine.behavior.IElementSerializer;
*/
public class EncryptingSerializer extends StandardSerializer
{
+ private static final String DEFAULT_SECRET_KEY_ALGORITHM = "PBKDF2WithHmacSHA256";
private static final String DEFAULT_CIPHER = "AES/ECB/PKCS5Padding";
+ private static final int KEYHASH_ITERATION_COUNT = 1000;
+ private static final int KEY_LENGTH = 256;
private static final int TAG_LENGTH = 128;
private static final int IV_LENGTH = 12;
private static final int SALT_LENGTH = 16;
@@ -82,8 +90,8 @@ public class EncryptingSerializer extends StandardSerializer
try
{
- this.secureRandom = SecureRandom.getInstanceStrong();
- this.secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
+ this.secureRandom = new SecureRandom();
+ this.secretKeyFactory = SecretKeyFactory.getInstance(DEFAULT_SECRET_KEY_ALGORITHM);
}
catch (NoSuchAlgorithmException e)
{
@@ -112,7 +120,7 @@ public class EncryptingSerializer extends StandardSerializer
this.cipherTransformation = transformation;
}
- private byte[] getRandomBytes(int length) throws NoSuchAlgorithmException
+ private byte[] getRandomBytes(int length)
{
byte[] bytes = new byte[length];
secureRandom.nextBytes(bytes);
@@ -120,10 +128,11 @@ public class EncryptingSerializer extends StandardSerializer
return bytes;
}
- private SecretKey createSecretKey(String password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException
+ private SecretKey createSecretKey(String password, byte[] salt) throws InvalidKeySpecException
{
/* Derive the key, given password and salt. */
- PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1000, 256);
+ PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt,
+ KEYHASH_ITERATION_COUNT, KEY_LENGTH);
SecretKey tmp = secretKeyFactory.generateSecret(spec);
return new SecretKeySpec(tmp.getEncoded(), "AES");
}
@@ -155,7 +164,9 @@ public class EncryptingSerializer extends StandardSerializer
.put(encrypted)
.array();
}
- catch (Exception e)
+ catch (NoSuchAlgorithmException | NoSuchPaddingException | BadPaddingException |
+ IllegalBlockSizeException | InvalidKeyException | InvalidKeySpecException |
+ InvalidAlgorithmParameterException e)
{
throw new IOException("Error while encrypting", e);
}
@@ -191,7 +202,9 @@ public class EncryptingSerializer extends StandardSerializer
return cipher.doFinal(encrypted);
}
- catch (Exception e)
+ catch (NoSuchAlgorithmException | NoSuchPaddingException | BadPaddingException |
+ IllegalBlockSizeException | InvalidKeyException | InvalidKeySpecException |
+ InvalidAlgorithmParameterException e)
{
throw new IOException("Error while decrypting", e);
}