esapi-java-legacy/src/main/java/org/owasp/esapi/Encryptor.java at 2.1 · Java1Dev/esapi-java-legacy

History

450 lines (428 loc) · 20.6 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

/**

* OWASP Enterprise Security API (ESAPI)

* This file is part of the Open Web Application Security Project (OWASP)

* Enterprise Security API (ESAPI) project. For details, please see

* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.

* The ESAPI is published by OWASP under the BSD license. You should read and accept the

* LICENSE before you use, modify, and/or redistribute this software.

* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>

* @author kevin.w.wall@gmail.com

* @created 2007

package org.owasp.esapi;

import javax.crypto.SecretKey;

import org.owasp.esapi.crypto.CipherText;

import org.owasp.esapi.crypto.PlainText;

import org.owasp.esapi.errors.EncryptionException;

import org.owasp.esapi.errors.IntegrityException;

/**

* The Encryptor interface provides a set of methods for performing common

* encryption, random number, and hashing operations. Implementations should

* rely on a strong cryptographic implementation, such as JCE or BouncyCastle.

* Implementors should take care to ensure that they initialize their

* implementation with a strong "master key", and that they protect this secret

* as much as possible.

*

* Possible future enhancements (depending on feedback) might include:

* <UL>

* <LI>encryptFile</LI>

* </UL>

* @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a

* href="http://www.aspectsecurity.com">Aspect Security</a>

* @since June 1, 2007

public interface Encryptor {

/**

* Returns a string representation of the hash of the provided plaintext and

* salt. The salt helps to protect against a rainbow table attack by mixing

* in some extra data with the plaintext. Some good choices for a salt might

* be an account name or some other string that is known to the application

* but not to an attacker.

* See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">

* this article</a> for more information about hashing as it pertains to password schemes.

* @param plaintext

* the plaintext String to encrypt

* @param salt

* the salt to add to the plaintext String before hashing

* @return

* the encrypted hash of 'plaintext' stored as a String

* @throws EncryptionException

* if the specified hash algorithm could not be found or another problem exists with

* the hashing of 'plaintext'

String hash(String plaintext, String salt) throws EncryptionException;

/**

* Returns a string representation of the hash of the provided plaintext and

* salt. The salt helps to protect against a rainbow table attack by mixing

* in some extra data with the plaintext. Some good choices for a salt might

* be an account name or some other string that is known to the application

* but not to an attacker.

* See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">

* this article</a> for more information about hashing as it pertains to password schemes.

* @param plaintext

* the plaintext String to encrypt

* @param salt

* the salt to add to the plaintext String before hashing

* @param iterations

* the number of times to iterate the hash

* @return

* the encrypted hash of 'plaintext' stored as a String

* @throws EncryptionException

* if the specified hash algorithm could not be found or another problem exists with

* the hashing of 'plaintext'

String hash(String plaintext, String salt, int iterations) throws EncryptionException;

/**

* Encrypts the provided plaintext and returns a ciphertext string using the

* master secret key and default cipher transformation.

*

* Compatibility with earlier ESAPI versions: Unlike ESAPI 1.4 version

* of this method which used the Electronic Code Book (ECB)

* cipher mode to encrypt, this method uses the default cipher transformation

* and IV type (which by default is AES/CBC/PKCS5Padding and a random IV). ECB mode

* is not secure for general use and usually should be avoided. If you must

* use ECB mode for backward compatibility, you should do so by specifying

* <pre>

* ESAPI.Encryptor=org.owasp.esapi.reference.LegacyJavaEncryptor

* </pre>

* in your ESAPI.properties file rather than changing the default

* cipher transformation. That will make this method and the

* {@link #decrypt(String)} method use ECB mode in a manner that is compatible

* with ESAPI 1.4 and earlier but not affect the newer encryption / decryption

* methods. However, this should only be used for backward compatibility. You

* should use it to decrypt data that was previous encrypted using ESAPI 1.4 or

* earlier use a newer method that uses the stronger CBC cipher mode

* to re-encrypt it. Once all the previously encrypted data has been re-encrypted

* using this legacy class, you should stop using this legacy class and start

* using the default reference class, as per:

* <pre>

* ESAPI.Encryptor=org.owasp.esapi.reference.LegacyJavaEncryptor

* </pre>

* in your ESAPI.properties file.

*

* Why this method is deprecated: Most cryptographers strongly suggest

* that if you are creating crypto functionality for general-purpose use,

* at a minimum you should ensure that it provides authenticity, integrity,

* and confidentiality. This method only provides confidentiality, but not

* authenticity or integrity. Therefore, you are encouraged to use

* one of the other encryption methods referenced below. Because this

* method provides neither authenticity nor integrity, it may be

* removed in some future ESAPI Java release. Note: there are some cases

* where authenticity / integrity are not that important. For instance, consider

* a case where the encrypted data is never out of your application's control. For

* example, if you receive data that your application is encrypting itself and then

* storing the encrypted data in its own database for later use (and no other

* applications can query or update that column of the database), providing

* confidentiality alone might be sufficient. However, if there are cases

* where your application will be sending or receiving already encrypted data

* over an insecure, unauthenticated channel, in such cases authenticity and

* integrity of the encrypted data likely is important and this method should

* be avoided in favor of one of the other two.

* @param plaintext

* the plaintext {@code String} to encrypt. Note that if you are encrypting

* general bytes, you should encypt that byte array to a String using

* "UTF-8" encoding.

* @return

* the encrypted, base64-encoded String representation of 'plaintext' plus

* the random IV used.

* @throws EncryptionException

* if the specified encryption algorithm could not be found or another problem exists with

* the encryption of 'plaintext'

* @see #encrypt(PlainText)

* @see #encrypt(SecretKey, PlainText)

* @deprecated As of 1.4.2; use {@link #encrypt(PlainText)} instead, which

* also ensures message authenticity. This method will be

* completely removed as of the next major release or point

* release (3.0 or 2.1, whichever comes first) as per OWASP

* deprecation policy.

@Deprecated String encrypt(String plaintext) throws EncryptionException;

/**

* Encrypts the provided plaintext bytes using the cipher transformation

* specified by the property <code>Encryptor.CipherTransformation</code>

* and the master encryption key as specified by the property

* {@code Encryptor.MasterKey} as defined in the <code>ESAPI.properties</code> file.

*

* This method is preferred over {@link #encrypt(String)} because it also

* allows encrypting of general byte streams rather than simply strings and

* also because it returns a {@code CipherText} object and thus supports

* cipher modes that require an Initialization Vector (IV), such as

* Cipher Block Chaining (CBC).

* @param plaintext The {@code PlainText} to be encrypted.

* @return the {@code CipherText} object from which the raw ciphertext, the

* IV, the cipher transformation, and many other aspects about

* the encryption detail may be extracted.

* @throws EncryptionException Thrown if something should go wrong such as

* the JCE provider cannot be found, the cipher algorithm,

* cipher mode, or padding scheme not being supported, specifying

* an unsupported key size, specifying an IV of incorrect length,

* etc.

* @see #encrypt(SecretKey, PlainText)

* @since 2.0

CipherText encrypt(PlainText plaintext) throws EncryptionException;

/**

* Encrypts the provided plaintext bytes using the cipher transformation

* specified by the property <code>Encryptor.CipherTransformation</code>

* as defined in the <code>ESAPI.properties</code> file and the

* specified secret key.

*

* This method is similar to {@link #encrypt(PlainText)} except that it

* permits a specific {@code SecretKey} to be used for encryption.

* @param key The {@code SecretKey} to use for encrypting the plaintext.

* @param plaintext The byte stream to be encrypted. Note if a Java

* {@code String} is to be encrypted, it should be converted

* using {@code "some string".getBytes("UTF-8")}.

* @return the {@code CipherText} object from which the raw ciphertext, the

* IV, the cipher transformation, and many other aspects about

* the encryption detail may be extracted.

* @throws EncryptionException Thrown if something should go wrong such as

* the JCE provider cannot be found, the cipher algorithm,

* cipher mode, or padding scheme not being supported, specifying

* an unsupported key size, specifying an IV of incorrect length,

* etc.

* @see #encrypt(PlainText)

* @since 2.0

CipherText encrypt(SecretKey key, PlainText plaintext)

throws EncryptionException;

/**

* Decrypts the provided ciphertext and returns a plaintext string using the