forked from Qortal/qortal
Use AES/CBC/PKCS5Padding for encryption, and fall back to just AES for legacy resource support.
Should fix "ECB mode cannot use IV" error due to mode and padding not being stated.
This commit is contained in:
CalDescent
parent
1ddd468c1f
commit
1d77101253
@ -391,13 +391,26 @@ public class ArbitraryDataReader {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void decrypt() throws DataException {
|
private void decrypt() throws DataException {
|
||||||
|
try {
|
||||||
|
// First try with explicit parameters (CBC mode with PKCS5 padding)
|
||||||
|
this.decryptUsingAlgo("AES/CBC/PKCS5Padding");
|
||||||
|
|
||||||
|
} catch (DataException e) {
|
||||||
|
// Something went wrong, so fall back to default AES params (necessary for legacy resource support)
|
||||||
|
this.decryptUsingAlgo("AES");
|
||||||
|
|
||||||
|
// TODO: delete files and block this resource if privateDataEnabled is false and the second attempt fails too
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void decryptUsingAlgo(String algorithm) throws DataException {
|
||||||
// Decrypt if we have the secret key.
|
// Decrypt if we have the secret key.
|
||||||
byte[] secret = this.secret58 != null ? Base58.decode(this.secret58) : null;
|
byte[] secret = this.secret58 != null ? Base58.decode(this.secret58) : null;
|
||||||
if (secret != null && secret.length == Transformer.AES256_LENGTH) {
|
if (secret != null && secret.length == Transformer.AES256_LENGTH) {
|
||||||
try {
|
try {
|
||||||
Path unencryptedPath = Paths.get(this.workingPath.toString(), "zipped.zip");
|
Path unencryptedPath = Paths.get(this.workingPath.toString(), "zipped.zip");
|
||||||
SecretKey aesKey = new SecretKeySpec(secret, 0, secret.length, "AES");
|
SecretKey aesKey = new SecretKeySpec(secret, 0, secret.length, algorithm);
|
||||||
AES.decryptFile("AES", aesKey, this.filePath.toString(), unencryptedPath.toString());
|
AES.decryptFile(algorithm, aesKey, this.filePath.toString(), unencryptedPath.toString());
|
||||||
|
|
||||||
// Replace filePath pointer with the encrypted file path
|
// Replace filePath pointer with the encrypted file path
|
||||||
// Don't delete the original ArbitraryDataFile, as this is handled in the cleanup phase
|
// Don't delete the original ArbitraryDataFile, as this is handled in the cleanup phase
|
||||||
@ -405,7 +418,6 @@ public class ArbitraryDataReader {
|
|||||||
|
|
||||||
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | NoSuchPaddingException
|
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | NoSuchPaddingException
|
||||||
| BadPaddingException | IllegalBlockSizeException | IOException | InvalidKeyException e) {
|
| BadPaddingException | IllegalBlockSizeException | IOException | InvalidKeyException e) {
|
||||||
// TODO: delete files and block this resource if privateDataEnabled is false
|
|
||||||
throw new DataException(String.format("Unable to decrypt file at path %s: %s", this.filePath, e.getMessage()));
|
throw new DataException(String.format("Unable to decrypt file at path %s: %s", this.filePath, e.getMessage()));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -225,7 +225,7 @@ public class ArbitraryDataWriter {
|
|||||||
// Encrypt the file with AES
|
// Encrypt the file with AES
|
||||||
LOGGER.info("Encrypting...");
|
LOGGER.info("Encrypting...");
|
||||||
this.aesKey = AES.generateKey(256);
|
this.aesKey = AES.generateKey(256);
|
||||||
AES.encryptFile("AES", this.aesKey, this.filePath.toString(), this.encryptedPath.toString());
|
AES.encryptFile("AES/CBC/PKCS5Padding", this.aesKey, this.filePath.toString(), this.encryptedPath.toString());
|
||||||
|
|
||||||
// Delete the input file
|
// Delete the input file
|
||||||
if (FilesystemUtils.pathInsideDataOrTempPath(this.filePath)) {
|
if (FilesystemUtils.pathInsideDataOrTempPath(this.filePath)) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user