All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.sshd.common.cipher.BaseCipher Maven / Gradle / Ivy

Go to download

This artifact provides a single jar that contains all classes required to use remote EJB and JMS, including all dependencies. It is intended for use by those not using maven, maven users should just import the EJB and JMS BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).

The newest version!
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.sshd.common.cipher;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.spec.AlgorithmParameterSpec;

import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.security.SecurityUtils;

/**
 * Base class for all Cipher implementations delegating to the JCE provider.
 *
 * @author Apache MINA SSHD Project
 */
public class BaseCipher implements Cipher {

    // For tests
    interface CipherFactory {
        javax.crypto.Cipher getCipher(String transformation) throws GeneralSecurityException;
    }

    static CipherFactory factory = SecurityUtils::getCipher;

    static boolean alwaysReInit;

    protected Mode mode;

    private javax.crypto.Cipher cipher;
    private final int ivsize;
    private final int authSize;
    private final int kdfSize;
    private final String algorithm;
    private final int keySize;
    private final int blkSize;
    private final String transformation;
    private String s;
    private SecretKey secretKey;

    public BaseCipher(int ivsize, int authSize, int kdfSize, String algorithm,
                      int keySize, String transformation, int blkSize) {
        this.ivsize = ivsize;
        this.authSize = authSize;
        this.kdfSize = kdfSize;
        this.algorithm = ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No algorithm");
        this.keySize = keySize;
        this.transformation = ValidateUtils.checkNotNullAndNotEmpty(transformation, "No transformation");
        this.blkSize = blkSize;
    }

    @Override
    public String getAlgorithm() {
        return algorithm;
    }

    @Override
    public int getKeySize() {
        return keySize;
    }

    @Override
    public String getTransformation() {
        return transformation;
    }

    @Override
    public int getIVSize() {
        return ivsize;
    }

    @Override
    public int getAuthenticationTagSize() {
        return authSize;
    }

    @Override
    public int getKdfSize() {
        return kdfSize;
    }

    @Override
    public int getCipherBlockSize() {
        return blkSize;
    }

    @Override
    public void init(Mode mode, byte[] key, byte[] iv) throws Exception {
        key = initializeKeyData(mode, key, getKdfSize());
        iv = initializeIVData(mode, iv, getIVSize());
        cipher = createCipherInstance(mode, key, iv);
    }

    protected javax.crypto.Cipher getCipherInstance() {
        return cipher;
    }

    protected javax.crypto.Cipher createCipherInstance(Mode mode, byte[] key, byte[] iv) throws Exception {
        javax.crypto.Cipher instance = factory.getCipher(getTransformation());
        this.mode = mode;
        this.secretKey = new SecretKeySpec(key, getAlgorithm());
        instance.init(
                Mode.Encrypt.equals(mode)
                        ? javax.crypto.Cipher.ENCRYPT_MODE
                        : javax.crypto.Cipher.DECRYPT_MODE,
                secretKey,
                new IvParameterSpec(iv));
        return instance;
    }

    protected byte[] initializeKeyData(Mode mode, byte[] key, int reqLen) {
        return resize(key, reqLen);
    }

    protected byte[] initializeIVData(Mode mode, byte[] iv, int reqLen) {
        return resize(iv, reqLen);
    }

    @Override
    public void update(byte[] input, int inputOffset, int inputLen) throws Exception {
        try {
            int stored = cipher.update(input, inputOffset, inputLen, input, inputOffset);
            if (stored < inputLen || alwaysReInit) {
                // Cipher.update() may buffer. We need all. Call doFinal and re-init the cipher.
                // This works because in SSH inputLen is always a multiple of the cipher's block size.
                stored += cipher.doFinal(input, inputOffset + stored);
                // Now stored had better be inputLen
                if (stored != inputLen) {
                    throw new GeneralSecurityException(
                            "Cipher.doFinal() did not return all bytes: " + stored + " != " + inputLen);
                }
                reInit(input, inputOffset, inputLen);
            }
        } catch (GeneralSecurityException e) {
            // Add algorithm information
            throw new GeneralSecurityException(
                    "BaseCipher.update() for " + getTransformation() + '/' + getKeySize() + " failed (" + mode + ')', e);
        }
    }

    protected void reInit(byte[] processed, int offset, int length)
            throws InvalidKeyException, InvalidAlgorithmParameterException {
        cipher.init(Mode.Encrypt.equals(mode)
                ? javax.crypto.Cipher.ENCRYPT_MODE
                : javax.crypto.Cipher.DECRYPT_MODE,
                secretKey,
                determineNewParameters(processed, offset, length));
    }

    protected AlgorithmParameterSpec determineNewParameters(byte[] processed, int offset, int length) {
        // Default implementation; overridden as appropriate in subclasses
        throw new UnsupportedOperationException(getClass() + " needs to override determineNewParameters()");
    }

    @Override
    public void updateAAD(byte[] data, int offset, int length) throws Exception {
        throw new UnsupportedOperationException(getClass() + " does not support AAD operations");
    }

    protected static byte[] resize(byte[] data, int size) {
        if (data.length > size) {
            byte[] tmp = new byte[size];
            System.arraycopy(data, 0, tmp, 0, size);
            data = tmp;
        }
        return data;
    }

    @Override
    public String toString() {
        synchronized (this) {
            if (s == null) {
                s = getClass().getSimpleName()
                    + "[" + getAlgorithm()
                    + ", ivSize=" + getIVSize()
                    + ", kdfSize=" + getKdfSize()
                    + "," + getTransformation()
                    + ", blkSize=" + getCipherBlockSize()
                    + "]";
            }
        }

        return s;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy