问基于Bouncy城堡的Java格式保护加密(FPE)
EN

Stack Overflow用户

提问于 2021-09-17 07:48:26

回答 2查看 842关注 0票数 0

发行说明发布: 1.69 (2021年6月7日)

将SP80038G中的两个FPE算法FF1和FF3-1的实现添加到轻量级API和JCE中。

这些都可以在bcprov-jdk15on JAR中找到。

下面是试图使用它的代码：

import lombok.extern.slf4j.Slf4j;
import org.bouncycastle.crypto.AlphabetMapper;
import org.bouncycastle.crypto.util.BasicAlphabetMapper;
import org.bouncycastle.jcajce.spec.FPEParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.testng.annotations.Test;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;

import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.MatcherAssert.assertThat;

@Slf4j
public class AesFpe {

    @Test
    public void testAesFpe() throws Exception {
        SecretKey key = generateKey();
        byte[] tweak = getTweak();
        int radix = getRadix("0123456789");
        Charset encoding = StandardCharsets.UTF_8;
        byte[] plaintext = "510123456".getBytes(encoding);
        Cipher cipher = Cipher.getInstance("AES/FF3-1/NoPadding", new BouncyCastleProvider());
        byte[] ciphertext = encrypt(cipher, key, tweak, radix, plaintext);
        log.info("Ciphertext: {}", new String(ciphertext));
        byte[] decrypted = decrypt(cipher, key, tweak, radix, ciphertext);
        assertThat(decrypted, equalTo(plaintext));
    }

    public byte[] encrypt(Cipher cipher, SecretKey key, byte[] tweak, int radix, byte[] plaintext) throws Exception {
        AlgorithmParameterSpec fpeParameterSpec = new FPEParameterSpec(radix, tweak);
        cipher.init(Cipher.ENCRYPT_MODE, key, fpeParameterSpec);
        return cipher.doFinal(plaintext);
    }

    public byte[] decrypt(Cipher cipher, SecretKey key, byte[] tweak, int radix, byte[] ciphertext) throws Exception {
        AlgorithmParameterSpec fpeParameterSpec = new FPEParameterSpec(radix, tweak);
        cipher.init(Cipher.DECRYPT_MODE, key, fpeParameterSpec);
        return cipher.doFinal(ciphertext);
    }

    private SecretKey generateKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        int keyLength = 256;
        keyGenerator.init(keyLength);
        return keyGenerator.generateKey();
    }

    private byte[] getTweak() {
        int tweakLength = 7;
        byte[] tweak = new byte[tweakLength];
        new SecureRandom().nextBytes(tweak);
        return tweak;
    }

    private int getRadix(String alphabet) {
        AlphabetMapper alphabetMapper = new BasicAlphabetMapper(alphabet);
        int radix = alphabetMapper.getRadix();
        log.info("Radix: {}", radix);
        return radix;
    }
}

我还没有遇到一个如何正确使用它的例子。问题似乎与基数有关。使用以下堆栈跟踪执行上述结果：

java.lang.IllegalArgumentException: input data outside of radix
    at org.bouncycastle.crypto.fpe.SP80038G.checkData(Unknown Source)
    at org.bouncycastle.crypto.fpe.SP80038G.checkArgs(Unknown Source)
    at org.bouncycastle.crypto.fpe.SP80038G.encryptFF3_1(Unknown Source)
    at org.bouncycastle.crypto.fpe.FPEFF3_1Engine.encryptBlock(Unknown Source)
    at org.bouncycastle.crypto.fpe.FPEEngine.processBlock(Unknown Source)
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$BufferedFPEBlockCipher.doFinal(Unknown Source)
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
    at javax.crypto.Cipher.doFinal(Cipher.java:2164)

如果基数设置为例如64或更高，此代码可以工作，但这不再是FPE -密文包含0-9范围外的字符。怎么解决这个问题？

java

encryption

cryptography

bouncycastle

encryption-symmetric

游戏社交场景解决方案

整合腾讯在社交娱乐及游戏体验方面的技术能力，满足玩家对游戏内即时通信和语音互动的社交刚性需求，提升游戏黏性

回答 2

Stack Overflow用户

发布于 2021-09-29 21:02:14

BouncyCastle可能不支持原始的FF3，但是NIST已经发布了使用基10和256位键进行8字节调整的示例：

样本#11

来自https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/FF3samples.pdf

FF3-美学256

关键是EF 43 59 D8 D5 80 AA 4F 7F 03 6D 6F 04 FC 6A 94 2B 7E 15 16 28

AE D2 A6 AB F7 15 88 09 CF 4F 3C

基= 10

D8 E7 92 0A FA 33 0A73

纯文本为890121234567890000

密码文本是922011205562777495

FF3-1仍然是一个草案，没有公布的测试示例。

对于FF3-1，测试类SP80038GTest.java似乎还未完成。它们为FF1在ff1 Samples[]中提供了所有九个NIST测试用例，但对于FF3-1只有一个测试用例，ff3_1 Samples[]中有一个256位键。您可以考虑切换到BouncyCastles的FF1以获得适当的测试覆盖率或使用我的Mysto FF3 & FF3-1实现。

下面是BouncyCastle FF3-1中的一个测试示例，其基为10、7字节和256位键：

private FFSample(int radix, byte[] key, byte[] plaintext, byte[] ciphertext, byte[] tweak)
    {
        ...
    } 

FFSample.from(10, "1A58964B681384806A5A7639915ED0BE837C9C50C150AFD8F73445C0438CACF3", "4752683571", "2234571788", "CE3EBD69454984")

票数 1

Stack Overflow用户

发布于 2022-07-28 19:19:12

你可以试试我的密码。我可以成功地运行这个测试案例。

@Test
public void testAesFpe() throws Exception {
    SecretKey key = generateKey();
    byte[] tweak = getTweak();
    AlphabetMapper alphabetMapper = new BasicAlphabetMapper("0123456789");
    int radix = alphabetMapper.getRadix();
    char[] plaintext = "510123456".toCharArray();

    byte[] plain_bytes = alphabetMapper.convertToIndexes(plaintext);

    Cipher cipher = Cipher.getInstance("AES/FF1/NoPadding", new BouncyCastleProvider());
    byte[] cipher_bytes = encrypt(cipher, key, tweak, radix, plain_bytes);

    byte[] decrypted = decrypt(cipher, key, tweak, radix, cipher_bytes);
    char[] cipher_chars = alphabetMapper.convertToChars(cipher_bytes);
    System.out.println(new String(cipher_chars));

    char[] plain_chars = alphabetMapper.convertToChars(decrypted);
    System.out.println(new String(plain_chars));
}