CODEWITHSUNDEEP
javaandroidsecurityencryptionobjectinputstream
g_tech
g_tech

Reputation: 251

Socket and ObjectInputStream in Java - Android

I have a problem with the Socket and ObjectInputStream using the Cipher class of Java. I use a client Android, that write an ObjectOutputStream on Socket, and a client Java that read this ObjectInputStream from the same Socket. This is the code client/server

CLIENT

[CODE]

 public static void functionRegistration(String usr, String pwd) throws UnknownHostException, IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException{

    Socket socket = new Socket(SERVER_ADDRESS_STRING, PORT_NO);
    BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
    BufferedReader br = new BufferedReader(new InputStreamReader(socket.getInputStream()));

    socket.setSoTimeout(DEFAULT_TIMEOUT);

    if(!socket.isConnected()){
        System.out.println("[!] [Client] Connection problem!");
        socket.close();
        return;
    }

    //Diffie-Hellman
    BigInteger shared_key = DiffieHellmanExchangeClient(socket, br, bw);
    byte[] hash = ObjectHash.getByteHashCode(shared_key, SECURE_HASH_TYPE.SHA384);

    //Extract IV and cipherKey
    byte[] IV = new byte[16];
    byte[] cipherKey = new byte[32];

    int i, limit;

    for(i = 0; i < IV.length; i++)
        IV[i] = hash[i];

    limit = i;

    for(; i < hash.length; i++)
        cipherKey[i - limit] = hash[i];

    //Send username
    bw.write(usr);
    bw.write("\r\n");
    bw.flush();


    ObjectOutputStream oos = new ObjectOutputStream(socket.getOutputStream());

    //Hash password
    String passwordHash = new String(ObjectHash.getByteHashCode(pwd, SECURE_HASH_TYPE.SHA512));

    //Cipher password
    String encryptedPasswordHash = new String(cipherMessage(passwordHash, cipherKey));

    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    IvParameterSpec ivparameters = new IvParameterSpec(IV);
    cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(cipherKey, "AES"), ivparameters);


    oos.writeObject(new SealedObject(encryptedPasswordHash, cipher));
    oos.flush();


    if(br.readLine().compareTo("ACK") == 0)
        Log.d("ACK", "ACK_RECEIVED");

    else
        Log.d("ACK","Something was wrong");

    br.close();
    bw.close();
    socket.close();
}

[\CODE]

SERVER

[CODE]

  private void getRegistrationUser() throws IOException, InvalidKeyException, InvalidAlgorithmParameterException{
    String username = br.readLine();

    System.out.println("[+] [Server - Thread " + Thread.currentThread().getId() + "] Username received");

    //SHA384 of shared key
    byte[] hash = ObjectHash.getByteHashCode(shared_key, SECURE_HASH_TYPE.SHA384);

    byte[] IV = new byte[16];
    byte[] cipherKey = new byte[32];

    int j, limit;

    for(j = 0; j < IV.length; j++)
        IV[j] = hash[j];

    limit = j;

    for(; j < hash.length; j++)
        cipherKey[j - limit] = hash[j];

    try{

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        IvParameterSpec ivparameters = new IvParameterSpec(IV);
        cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cipherKey, "AES"), ivparameters);

        ObjectInputStream ois = new ObjectInputStream(client.getInputStream());
        String encryptedHashPassword = (String)((SealedObject)ois.readObject()).getObject(cipher);

        String decryptedHashPassword = decipherMessage(encryptedHashPassword, cipherKey);

        ois.close();

        sendACK();

    }
    catch (IOException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (NoSuchPaddingException e) {
        e.printStackTrace();
    } catch (ClassNotFoundException e) {
        e.printStackTrace();
    } catch (IllegalBlockSizeException e) {
        e.printStackTrace();
    } catch (BadPaddingException e) {
        e.printStackTrace();
    }   
}

[\CODE]

The two functions in the code cipherMessage and decipherMessage use a Twofish Cipher for encrypt and decrypt data with the respectively key

The problem is that: I note in debug phase that the server is blocking on newObjectInputStream and it is impossibilitate to read the object written by client

How can I solve my problem?

Upvotes: 0

Views: 555

Answers (1)

user207421
user207421

Reputation: 311040

You can't use multiple buffered streams on the same socket. They will steal data from each other. Use the object streams for everything.

Upvotes: 1

Related Questions