4

I followed much of this post with the objective to implement aes 256 encryption in my software and it works just fine

The key point here is that the whole implementation described in the above link uses the AESEngine class. Looking at the class code and javadoc reference, the AESEngine is a 128bit instead of a 256 bit block cipher

Searching trough the code and docs i could not find the 192 or 256 bits implementations. Where are them?

For completeness, this is the core of my actual ciphering class:

    private void init(String passphrase) {
        try {
            String algorithm = "PBEWithSHA256And256BitAES-CBC-BC"; 

            encryptCipher = createCipher();
            decryptCipher = createCipher();    

            randomGenerator = new RandomGenerator();

            PBEKeySpec keySpec = new PBEKeySpec(passphrase.toCharArray(), KEY_SALT, ITERATIONS);    

            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algorithm);
            key = keyFactory.generateSecret(keySpec);    

        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("NoSuchAlgorithmException occured while trying to generate the crypto key. This error should never occur, check the application code", e);
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("InvalidKeySpecException occured while trying to generate the crypto key. This error should never occur, check the application code", e);
        }
    }    

    private BufferedBlockCipher createCipher() {
        return new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESFastEngine()), new PKCS7Padding());
    }    

    public byte[] encrypt(byte[] data) {
        if (data == null)
            throw new NullPointerException("Cannot encrypt null data");    

        byte[] iv = randomGenerator.generateRandom(IV_SIZE);    

        byte[] encrypted;

        synchronized (encryptCipher) {
            encrypted = runCipher(encryptCipher, true, data, iv);
        }    

        return DataUtil.append(iv, encrypted);
    }    

    public byte[] decrypt(byte[] data) {
        if (data == null)
            throw new NullPointerException("Cannot decrypt null data");    

        byte[] iv = DataUtil.extract(data, 0, IV_SIZE);
        byte[] cipherText = DataUtil.extract(data, IV_SIZE, data.length - IV_SIZE);

        byte[] decrypted;    

        synchronized (decryptCipher) {
            decrypted = runCipher(decryptCipher, false, cipherText, iv);
        }

        return decrypted;
    }

    private byte[] runCipher(BufferedBlockCipher cipher, boolean forEncryption, byte[] data, byte[] iv) {
        String operation = forEncryption ? "encrypt" : "decrypt";

        try {
            KeyParameter keyParam = new KeyParameter(key.getEncoded());
            ParametersWithIV cipherParams = new ParametersWithIV(keyParam, iv);

            cipher.init(forEncryption, cipherParams);

            byte[] result = new byte[cipher.getOutputSize(data.length)];
            int len = cipher.processBytes(data, 0, data.length, result, 0);
            len += cipher.doFinal(result, len);

            //Remove padding se estiver decriptografando
            if(!forEncryption)
                result = DataUtil.extract(result, 0, len);

            return result;
        } catch (DataLengthException e) {
            throw new RuntimeException("DataLengthException occured while trying to " + operation + " data with length " + data.length + ". This error should never occur, check the application code", e);
        } catch (IllegalStateException e) {
            throw new RuntimeException("IllegalStateException occured while trying to " + operation + " data with length " + data.length + ". This error should never occur, check the application code", e);
        } catch (InvalidCipherTextException e) {
            throw new IllegalArgumentException("InvalidCipherTextException occured while trying to " + operation + " data with length " + data.length, e);
        }
    }
Community
  • 1
  • 1
Bruno Penteado
  • 2,234
  • 2
  • 23
  • 26
  • 1
    There is only the 128 bit block size version of AES. There are higher bit versions of Rijndael, the underlying algorithm. The 256 in AES-256 is the *key size* for the algorithm, although it also makes a difference on the internal vectors & the number of rounds. – Maarten Bodewes Sep 24 '12 at 21:39
  • PS I presume you use Bouncy to get a 256 bit AES, otherwise you would not need to use the lightweight API of Bouncy Castle. As a small optimization you could use `BlockCipher.getBlockSize()` instead of the constant for your IV size. – Maarten Bodewes Sep 24 '12 at 21:46
  • Assuming owlstead is correct about your real goal (i.e. using a 256-bit *key*), can I ask if you *must* implement so much of this process from scratch? Just want to double-check that this is an amusing out-of-hours project or school work. Otherwise, we can show you *much* easier routes towards achieving your goal. – Duncan Jones Sep 25 '12 at 12:47
  • @DuncanJones This is not a school project or out of hours project. Im actually building a java crypto lib that facilitates and guarantees secure cryptography usage in the corporation I work. Please show me the much easier routes you mentioned. Thanks – Bruno Penteado Sep 25 '12 at 14:07
  • @Polaco Sorry, please ignore me. I misread what you were doing and thought there was a faster route. I'll slink away now... – Duncan Jones Sep 25 '12 at 14:15
  • @DuncanJones No problem at all :) Actually there are some faster routes like using jasypt, but i didnt like the library itself on first impressions. Maybe i ll reconsider using it in the future time – Bruno Penteado Sep 25 '12 at 14:28

2 Answers2

5

If you want to do AES like encryption with a block size of 256 bit you should use:

http://www.docjar.org/docs/api/org/bouncycastle/crypto/engines/RijndaelEngine.html

But that's probably not what you want; the 256 in AES-256 is about the key size. This key size is then used by the underlying 128 bit AES block cipher. AES is the standardized, 128 bit block version of Rijndael.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
0

AES supports 3 key sizes - Wikipedia, NIST.

You're probably referring the block size, which is fixed at 128 bits.

Also, I tried going through code, it is written assuming different key sizes - 128, 192, and 256. Copy - paste from code - "AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits. This code is written assuming those are the only possible values"

Cipher
  • 1