2

I've got a string that's been encrypted by SJCL server-side, and needs to be decrypted in Android using whatever libraries are available. I tried BouncyCastle, until I ran into the problem of not being able to generate a key from PBKDF2. Now I'm using SpongyCastle, and I'm still running into issues. Here's my code so far for generating a key and decrypting the string:

private static byte[] decrypt(SecretKey key, byte[] encrypted, byte[] iv) throws Exception {
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CCM/NoPadding");
    cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
    byte[] decrypted = cipher.doFinal(encrypted);
    return decrypted;
}

public static SecretKey generateKey(char[] passphraseOrPin, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
    // Number of PBKDF2 hardening rounds to use. Larger values increase
    // computation time. You should select a value that causes computation
    // to take >100ms.
    final int iterations = 1000;

    // Generate a 128-bit key
    final int outputKeyLength = 128;

    /*SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
    KeySpec keySpec = new PBEKeySpec(passphraseOrPin, salt, iterations, outputKeyLength);
    SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);*/

    PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(new SHA256Digest());
    generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(passphraseOrPin), salt, iterations);
    KeyParameter key = (KeyParameter) generator.generateDerivedMacParameters(outputKeyLength);
    SecretKey secretKey = new SecretKeySpec(key.getKey(), "AES");
    return secretKey;
}

Here's how I call it in my function:

char[] key = * put PBKDF2 password here *;

// Generate key from password
    SecretKey decryptionKey = null;
    try {
        decryptionKey = generateKey(key, decodedObject.get("salt").getAsString().getBytes());
    } catch (Exception e) {
        Log.e(TAG, e.getMessage());
    }

    byte[] decryptedTicketBytes = null;

    // Decrypt the ticket
    try {
        decryptedTicketBytes = decrypt(decryptionKey, decodedObject.get("ct").getAsString().getBytes(), decodedObject.get("iv").getAsString().getBytes());
    } catch (Exception e) {
        Log.e(TAG, e.getMessage());
    }

The decodedObject is the string from SJCL after being run through a JsonParser with UTF-8 and being Base64 decoded. I took it and ran it through the SJCL Demo with the password and decrypted the string no problem. I must be missing something simple here.

There error I'm getting is on the cipher.doFinal step, and is as follows:

java.security.InvalidKeyException: nonce must have length from 7 to 13 octets

I don't think SJCL uses no padding on their cipher, so I tried using "AES/CCM/PKCS5Padding" on the getInstance but then got this error:

javax.crypto.NoSuchPaddingException: Only NoPadding can be used with AEAD modes.

TLDR: I'm looking for the easiest way to decrypt SJCL strings in Android. Suggestions would be appreciated.

Thanks!

mlimb
  • 61
  • 5
  • You are encrypting communication between a client and a server? That's exactly what [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) is designed for. Note that your scheme doesn't protect anything. Anybody could reverse engineer the client application to obtain the password and proceed to decrypt other clients' communication. – ntoskrnl Aug 04 '14 at 21:24
  • @ntoskrnl, i'm not encrypting communication, just decrypting the string that is returned from a web service call. The password will not be stored like that in the final implementation either, this is just until I can get it working. – mlimb Aug 04 '14 at 21:27
  • I've created a SJCL lib in Java, only to abandon it. Quickly they found a horrible bug in their convenience code - after I could not verify (not verifying the AAD) and I actually don't want SJCL to succeed; it's ill maintained, and JS should not be used for this kind of stuff. – Maarten Bodewes Aug 05 '14 at 00:52
  • @owlstead does your SJCL library still work? I'd love to go ahead and check it out and see if I can't get something working from it. – mlimb Aug 05 '14 at 16:08
  • Uh, don't know :) I'll try and see if I can find/update anything. – Maarten Bodewes Aug 05 '14 at 16:59
  • @owlstead I just used the stuff from your test files and was able to get it working. Thanks! – mlimb Aug 05 '14 at 18:00

3 Answers3

2

While this isn't done in Java, it is in fact done in Android. I know it's not the solution I wanted but it works and is a solution.

You can use a WebView to run the SJCL in Android to decrypt the file. You need an interface that the WebView JavaScript can talk to.

public static class JavaScriptInterface {
    Context mContext;

    /** Instantiate the interface and set the context */
    JavaScriptInterface(Context c) {
        mContext = c;
    }

    //This is the function that is callable from the Javascript.
    @JavascriptInterface
    public void doJavaStuff(String dycryptedData)
    {
        //Do what you want with the decrypted data
    }
}

From there you will need to create a method to get a script with the SJCL

public static String getSJCL() { return "<script>\n" + "SJCL_HERE" + "<script>\n";

Then create the HTML to run the code. This all could be done with .html files and .script files, but I wanted my key and encrypted files to be dynamic.

 public static String getHtmlForDecrypting(String encryptedData, String key) {
    return "<html>\n" +
            "    <head>\n" +
                    getSJCL() +
            "        <script type=\"text/javascript\">\n" +
            "            function displaymessage()\n" +
            "            {\n" +
            "                var obj = " + encryptedData + ";\n" +
            "                var objString = JSON.stringify(obj);\n" +
            "                var data = sjcl.decrypt(\"" + key + "\", objString);\n" +
            "                JSInterface.doJavaStuff(data);\n" +
            "            }\n" +
            "        </script>\n" +
            "    </head>\n" +
            "    <body onload=\"displaymessage()\"></body>\n" +
            "</html>\n";
}

Next create the decrypt method. 

private static WebView wv;

private static JavaScriptInterface JSInterface;

private static String key1 = "YOURKEY";

public static void decrypt(Context context, String data) {
    JSInterface = new JavaScriptInterface(context);
    wv = new WebView(context);
    wv.addJavascriptInterface(JSInterface, "JSInterface");
    wv.getSettings().setJavaScriptEnabled(true);

    wv.loadData(getHtmlForDecrypting(data, key1), "text/html", null);
}
CMcAllister
  • 176
  • 1
  • 5
  • I got this working eventually and have amended this answer as to save others time. Works well. – mylogon Mar 31 '17 at 14:23
  • 1
    Just as a thought as I maintained this code in my own project. The JavaScriptInterface can be used not only for getting the answer, but also for passing the encryptedData along with the key. All you have to do is add a few more @JavascriptInterface methods and call those from the javascript passing in the variables you need. – CMcAllister Sep 08 '17 at 19:20
0

The problem is that Java does not work with the default sclj iv number, that uses 4 words. The solution is to tell sclj to generate the iv value with 3 words:

aesEncrypt:function (pass,data) {
var param = { // Java does not accepts the default 4 word size
        iv: sjcl.random.randomWords(3, 0)
};
return sjcl.encrypt(pass,data,param);
}

don´t forget to pass the iv and salt values along with the encrypted message. If you can´t tell sclj to generate a smaller iv number, you will have to change the java implementation, or try to find one that supports iv with 16 bytes.

atorres
  • 402
  • 4
  • 11
  • The bouncy castle source code, line 98, checks the maximum size to iv:https://android.googlesource.com/platform/external/bouncycastle/+/5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96/bcprov/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java – atorres Oct 06 '14 at 17:39
0

While using a WebView could help, I prefer to use a ScriptEngine (SE) along with its ScriptEngineManager (SEM) , which will also load a WebView in the end but at least the code looks much easier to understand and maintain.

First thing to do, since SE and SEM aren't natively available on Android, you can import 'rhino-library' that solves this issue. I've found out about this here, for reference.

So first step, add the dependence in your build.gradle file :

    implementation 'io.apisense:rhino-android:1.0'

Once done, the rest is pretty straightforward, here the commented code on how I did it. : 

package com.example;

import android.content.Context;

import java.io.InputStream;

import javax.script.Invocable;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import javax.script.ScriptException;

import com.example.Constants;

public class SJCL {

    private Invocable invocable;

    public SJCL() {

    }

    public void init(Context c) {
        ScriptEngineManager manager = new ScriptEngineManager();
        ScriptEngine engine = manager.getEngineByName("JavaScript");
        try {
            //in this case the constant points to assets/SJCL.js
            InputStream is = c.getAssets().open(Constants.SJCL_FILE_PATH);
            //put that into a string (function further) 
            String sjcl = convertStreamToString(is);

            // read script file
            engine.evals(sjcl);

            invocable = (Invocable) engine;

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    //call js function from wrapper function, this is just one as example
    public String encrypt(Object password, String plainText, String[] params) {
    try {
        //first argument is the function name, second is a Object... with your arguments
        return invocable.invokeFunction("encrypt",password,plainText,params).toString();
    } catch (ScriptException | NoSuchMethodException e) {
        return null;
    }
}

    public String convertStreamToString(InputStream is) throws Exception {
        BufferedReader reader = new BufferedReader(new InputStreamReader(is));
        StringBuilder sb = new StringBuilder();
        String line = null;
        while ((line = reader.readLine()) != null) {
            sb.append(line).append("\n");
        }
        reader.close();`enter code here
        return sb.toString();
    }
}

I've also posted that as a gist on github, you can have a look here

Hope that helps

2lazy2debug
  • 71
  • 1
  • 6