Repository: commons-crypto Updated Branches: refs/heads/master 617318bf6 -> 9bbbe4a57
CRYPTO-13: The API differences between apache.commons.crypto and JCE 1.use the java Key and ParameterSpec class to pass the parameters for Cipher, CryptoInputStream and CryptoOutputStream. 2. While for CTRCryptoInputStream and CTRCryptoOutputStream, as it is specific to CTR mode whose parameter is known. So keep as it is. 3. move iv & initIV to CTRCipherInputStream/CTRCipherOutputStream Project: http://git-wip-us.apache.org/repos/asf/commons-crypto/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-crypto/commit/9bbbe4a5 Tree: http://git-wip-us.apache.org/repos/asf/commons-crypto/tree/9bbbe4a5 Diff: http://git-wip-us.apache.org/repos/asf/commons-crypto/diff/9bbbe4a5 Branch: refs/heads/master Commit: 9bbbe4a5792c84446ca456fca7fe8427b1ac5acd Parents: 617318b Author: Xianda Ke <xianda...@intel.com> Authored: Wed Apr 27 09:53:08 2016 +0800 Committer: Xianda Ke <xianda...@intel.com> Committed: Thu Apr 28 13:28:17 2016 +0800 ---------------------------------------------------------------------- README.md | 6 +- .../apache/commons/crypto/cipher/Cipher.java | 6 +- .../apache/commons/crypto/cipher/JceCipher.java | 11 ++-- .../commons/crypto/cipher/OpensslCipher.java | 22 +++++-- .../crypto/stream/CTRCipherInputStream.java | 28 +++++++- .../crypto/stream/CTRCipherOutputStream.java | 18 +++++- .../crypto/stream/CipherInputStream.java | 68 +++++++++----------- .../crypto/stream/CipherOutputStream.java | 56 ++++++++-------- .../stream/PositionedCipherInputStream.java | 3 +- .../crypto/cipher/AbstractCipherTest.java | 10 +-- .../crypto/stream/AbstractCipherStreamTest.java | 16 +++-- .../stream/PositionedCipherInputStreamTest.java | 5 +- 12 files changed, 157 insertions(+), 92 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/README.md ---------------------------------------------------------------------- diff --git a/README.md b/README.md index adc9d63..fdde241 100644 --- a/README.md +++ b/README.md @@ -47,13 +47,15 @@ String input = "hello world!"; byte[] decryptedData = new byte[1024]; // Encrypt ByteArrayOutputStream os = new ByteArrayOutputStream(); -CipherOutputStream cos = new CipherOutputStream(os, cipher, bufferSize, key, iv); +CipherOutputStream cos = new CipherOutputStream(os, cipher, bufferSize, + new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); cos.write(input.getBytes("UTF-8")); cos.flush(); cos.close(); // Decrypt -CipherInputStream cis = new CipherInputStream(new ByteArrayInputStream(os.toByteArray()), cipher, bufferSize, key, iv); +CipherInputStream cis = new CipherInputStream(new ByteArrayInputStream(os.toByteArray()), cipher, bufferSize, + new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); int decryptedLen = cis.read(decryptedData, 0, 1024); ``` http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/cipher/Cipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/Cipher.java b/src/main/java/org/apache/commons/crypto/cipher/Cipher.java index 5f0f42b..8ba2380 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/Cipher.java +++ b/src/main/java/org/apache/commons/crypto/cipher/Cipher.java @@ -21,6 +21,8 @@ import java.io.Closeable; import java.nio.ByteBuffer; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; +import java.security.Key; +import java.security.spec.AlgorithmParameterSpec; import java.util.Properties; import javax.crypto.BadPaddingException; @@ -63,7 +65,7 @@ public interface Cipher extends Closeable { * * @param mode {@link #ENCRYPT_MODE} or {@link #DECRYPT_MODE} * @param key crypto key for the cipher - * @param iv Initialization vector for the cipher + * @param params the algorithm parameters * @throws InvalidKeyException if the given key is inappropriate for * initializing this cipher, or its keysize exceeds the maximum allowable * keysize (as determined from the configured jurisdiction policy files). @@ -74,7 +76,7 @@ public interface Cipher extends Closeable { * the legal limits (as determined from the configured jurisdiction * policy files). */ - void init(int mode, byte[] key, byte[] iv) + void init(int mode, Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException; /** http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java b/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java index 99a70bd..4ec3fc2 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java +++ b/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java @@ -21,6 +21,8 @@ import java.nio.ByteBuffer; import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; +import java.security.Key; +import java.security.spec.AlgorithmParameterSpec; import java.util.Properties; import javax.crypto.BadPaddingException; @@ -84,7 +86,7 @@ public class JceCipher implements Cipher { * * @param mode {@link #ENCRYPT_MODE} or {@link #DECRYPT_MODE} * @param key crypto key for the cipher - * @param iv Initialization vector for the cipher + * @param params the algorithm parameters * @throws InvalidAlgorithmParameterException if the given algorithm * parameters are inappropriate for this cipher, or this cipher requires * algorithm parameters and <code>params</code> is null, or the given @@ -93,17 +95,16 @@ public class JceCipher implements Cipher { * policy files). */ @Override - public void init(int mode, byte[] key, byte[] iv) + public void init(int mode, Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterException { Utils.checkNotNull(key); - Utils.checkNotNull(iv); + Utils.checkNotNull(params); int cipherMode = javax.crypto.Cipher.DECRYPT_MODE; if (mode == ENCRYPT_MODE) cipherMode = javax.crypto.Cipher.ENCRYPT_MODE; - cipher.init(cipherMode, new SecretKeySpec(key, "AES"), - new IvParameterSpec(iv)); + cipher.init(cipherMode, key, params); } /** http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/cipher/OpensslCipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpensslCipher.java b/src/main/java/org/apache/commons/crypto/cipher/OpensslCipher.java index 52b2bf3..d1a621f 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/OpensslCipher.java +++ b/src/main/java/org/apache/commons/crypto/cipher/OpensslCipher.java @@ -20,11 +20,16 @@ package org.apache.commons.crypto.cipher; import java.io.IOException; import java.nio.ByteBuffer; import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.spec.AlgorithmParameterSpec; import java.util.Properties; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; import org.apache.commons.crypto.utils.Utils; @@ -80,19 +85,26 @@ public class OpensslCipher implements Cipher { * Initializes the cipher with mode, key and iv. * @param mode {@link #ENCRYPT_MODE} or {@link #DECRYPT_MODE} * @param key crypto key for the cipher - * @param iv Initialization vector for the cipher + * @param params the algorithm parameters * @throws IOException if cipher initialize fails */ @Override - public void init(int mode, byte[] key, byte[] iv) { + public void init(int mode, Key key, AlgorithmParameterSpec params) + throws InvalidKeyException, InvalidAlgorithmParameterException { Utils.checkNotNull(key); - Utils.checkNotNull(iv); + Utils.checkNotNull(params); int cipherMode = Openssl.DECRYPT_MODE; if (mode == ENCRYPT_MODE) cipherMode = Openssl.ENCRYPT_MODE; - - cipher.init(cipherMode, key, iv); + byte[] iv; + if (params instanceof IvParameterSpec) { + iv = ((IvParameterSpec) params).getIV(); + } else { + //other AlgorithmParameterSpec such as GCMParameterSpec is not supported now. + throw new InvalidAlgorithmParameterException("Illegal parameters"); + } + cipher.init(cipherMode, key.getEncoded(), iv); } /** http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/stream/CTRCipherInputStream.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/stream/CTRCipherInputStream.java b/src/main/java/org/apache/commons/crypto/stream/CTRCipherInputStream.java index 89f107e..0d1c546 100644 --- a/src/main/java/org/apache/commons/crypto/stream/CTRCipherInputStream.java +++ b/src/main/java/org/apache/commons/crypto/stream/CTRCipherInputStream.java @@ -27,6 +27,8 @@ import java.util.Properties; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; import org.apache.commons.crypto.cipher.Cipher; import org.apache.commons.crypto.cipher.CipherTransformation; @@ -55,6 +57,16 @@ public class CTRCipherInputStream extends CipherInputStream { protected long streamOffset = 0; /** + * The initial IV. + */ + protected final byte[] initIV; + + /** + * Initialization vector for the cipher. + */ + protected byte[] iv; + + /** * Padding = pos%(algorithm blocksize); Padding is put into {@link #inBuffer} * before any other data goes in. The purpose of padding is to put the input * data at proper position. @@ -233,7 +245,10 @@ public class CTRCipherInputStream extends CipherInputStream { byte[] key, byte[] iv, long streamOffset) throws IOException { - super(input, cipher, bufferSize, key, iv); + super(input, cipher, bufferSize, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); + + this.initIV = iv.clone(); + this.iv = iv.clone(); Utils.checkStreamCipher(cipher); @@ -500,6 +515,15 @@ public class CTRCipherInputStream extends CipherInputStream { } /** + * Gets the initialization vector. + * + * @return the initIV. + */ + protected byte[] getInitIV() { + return initIV; + } + + /** * Gets the counter for input stream position. * * @param position the given position in the data. @@ -540,7 +564,7 @@ public class CTRCipherInputStream extends CipherInputStream { final long counter = getCounter(position); Utils.calculateIV(initIV, counter, iv); try { - cipher.init(Cipher.DECRYPT_MODE, key, iv); + cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv)); } catch (InvalidKeyException e) { throw new IOException(e); } catch (InvalidAlgorithmParameterException e) { http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/stream/CTRCipherOutputStream.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/stream/CTRCipherOutputStream.java b/src/main/java/org/apache/commons/crypto/stream/CTRCipherOutputStream.java index 5577b08..b3dc7c9 100644 --- a/src/main/java/org/apache/commons/crypto/stream/CTRCipherOutputStream.java +++ b/src/main/java/org/apache/commons/crypto/stream/CTRCipherOutputStream.java @@ -28,6 +28,8 @@ import java.util.Properties; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; import org.apache.commons.crypto.cipher.Cipher; import org.apache.commons.crypto.cipher.CipherTransformation; @@ -54,6 +56,16 @@ public class CTRCipherOutputStream extends CipherOutputStream { protected long streamOffset = 0; /** + * The initial IV. + */ + protected final byte[] initIV; + + /** + * Initialization vector for the cipher. + */ + protected byte[] iv; + + /** * Padding = pos%(algorithm blocksize); Padding is put into {@link #inBuffer} * before any other data goes in. The purpose of padding is to put input data * at proper position. @@ -228,10 +240,12 @@ public class CTRCipherOutputStream extends CipherOutputStream { public CTRCipherOutputStream(Output output, Cipher cipher, int bufferSize, byte[] key, byte[] iv, long streamOffset) throws IOException { - super(output, cipher, bufferSize, key, iv); + super(output, cipher, bufferSize, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); Utils.checkStreamCipher(cipher); this.streamOffset = streamOffset; + this.initIV = iv.clone(); + this.iv = iv.clone(); resetCipher(); } @@ -313,7 +327,7 @@ public class CTRCipherOutputStream extends CipherOutputStream { Utils.calculateIV(initIV, counter, iv); try { - cipher.init(Cipher.ENCRYPT_MODE, key, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv)); } catch (InvalidKeyException e) { throw new IOException(e); }catch (InvalidAlgorithmParameterException e) { http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/stream/CipherInputStream.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/stream/CipherInputStream.java b/src/main/java/org/apache/commons/crypto/stream/CipherInputStream.java index 0692550..f556153 100644 --- a/src/main/java/org/apache/commons/crypto/stream/CipherInputStream.java +++ b/src/main/java/org/apache/commons/crypto/stream/CipherInputStream.java @@ -24,10 +24,13 @@ import java.nio.channels.Channel; import java.nio.channels.ReadableByteChannel; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; +import java.security.Key; +import java.security.spec.AlgorithmParameterSpec; import java.util.Properties; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; import org.apache.commons.crypto.cipher.Cipher; import org.apache.commons.crypto.cipher.CipherTransformation; @@ -53,13 +56,10 @@ public class CipherInputStream extends InputStream implements protected final int bufferSize; /**Crypto key for the cipher.*/ - protected final byte[] key; + protected final Key key; - /**The initial IV.*/ - protected final byte[] initIV; - - /** Initialization vector for the cipher.*/ - protected byte[] iv; + /** the algorithm parameters */ + protected final AlgorithmParameterSpec params; /** Flag to mark whether the input stream is closed.*/ protected boolean closed; @@ -90,15 +90,14 @@ public class CipherInputStream extends InputStream implements * properties. * @param in the input stream. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherInputStream(CipherTransformation transformation, - Properties props, InputStream in, byte[] key, - byte[] iv) + Properties props, InputStream in, Key key, AlgorithmParameterSpec params) throws IOException { this(in, Utils.getCipherInstance(transformation, props), - Utils.getBufferSize(props), key, iv); + Utils.getBufferSize(props), key, params); } /** @@ -109,15 +108,14 @@ public class CipherInputStream extends InputStream implements * properties. * @param in the ReadableByteChannel object. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherInputStream(CipherTransformation transformation, - Properties props, ReadableByteChannel in, byte[] key, - byte[] iv) + Properties props, ReadableByteChannel in, Key key, AlgorithmParameterSpec params) throws IOException { this(in, Utils.getCipherInstance(transformation, props), - Utils.getBufferSize(props), key, iv); + Utils.getBufferSize(props), key, params); } /** @@ -127,12 +125,12 @@ public class CipherInputStream extends InputStream implements * @param in the input stream. * @param bufferSize the bufferSize. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherInputStream(InputStream in, Cipher cipher, int bufferSize, - byte[] key, byte[] iv) throws IOException { - this(new StreamInput(in, bufferSize), cipher, bufferSize, key, iv); + Key key, AlgorithmParameterSpec params) throws IOException { + this(new StreamInput(in, bufferSize), cipher, bufferSize, key, params); } /** @@ -142,12 +140,12 @@ public class CipherInputStream extends InputStream implements * @param cipher the cipher instance. * @param bufferSize the bufferSize. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherInputStream(ReadableByteChannel in, Cipher cipher, - int bufferSize, byte[] key, byte[] iv) throws IOException { - this(new ChannelInput(in), cipher, bufferSize, key, iv); + int bufferSize, Key key, AlgorithmParameterSpec params) throws IOException { + this(new ChannelInput(in), cipher, bufferSize, key, params); } /** @@ -157,17 +155,21 @@ public class CipherInputStream extends InputStream implements * @param cipher the cipher instance. * @param bufferSize the bufferSize. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherInputStream(Input input, Cipher cipher, int bufferSize, - byte[] key, byte[] iv) throws IOException { + Key key, AlgorithmParameterSpec params) throws IOException { this.input = input; this.cipher = cipher; this.bufferSize = Utils.checkBufferSize(cipher, bufferSize); - this.key = key.clone(); - this.initIV = iv.clone(); - this.iv = iv.clone(); + + this.key = key; + this.params = params; + if (!(params instanceof IvParameterSpec)) { + //other AlgorithmParameterSpec such as GCMParameterSpec is not supported now. + throw new IOException("Illegal parameters"); + } inBuffer = ByteBuffer.allocateDirect(this.bufferSize); outBuffer = ByteBuffer.allocateDirect(this.bufferSize + @@ -340,7 +342,7 @@ public class CipherInputStream extends InputStream implements /** * Overrides the {@link InputStream#markSupported()}. * - * @return false,the {@link CTRCryptoInputStream} don't support the mark method. + * @return false,the {@link CTRCipherInputStream} don't support the mark method. */ @Override public boolean markSupported() { @@ -407,18 +409,10 @@ public class CipherInputStream extends InputStream implements * * @return the key. */ - protected byte[] getKey() { + protected Key getKey() { return key; } - /** - * Gets the initialization vector. - * - * @return the initIV. - */ - protected byte[] getInitIV() { - return initIV; - } /** * Gets the internal Cipher. @@ -437,7 +431,7 @@ public class CipherInputStream extends InputStream implements protected void initCipher() throws IOException { try { - cipher.init(Cipher.DECRYPT_MODE, key, iv); + cipher.init(Cipher.DECRYPT_MODE, key, params); } catch (InvalidKeyException e) { throw new IOException(e); } catch(InvalidAlgorithmParameterException e) { @@ -544,4 +538,4 @@ public class CipherInputStream extends InputStream implements Utils.freeDirectBuffer(inBuffer); Utils.freeDirectBuffer(outBuffer); } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/stream/CipherOutputStream.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/stream/CipherOutputStream.java b/src/main/java/org/apache/commons/crypto/stream/CipherOutputStream.java index 2418841..5cadbb6 100644 --- a/src/main/java/org/apache/commons/crypto/stream/CipherOutputStream.java +++ b/src/main/java/org/apache/commons/crypto/stream/CipherOutputStream.java @@ -25,11 +25,14 @@ import java.nio.channels.Channel; import java.nio.channels.WritableByteChannel; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; +import java.security.Key; +import java.security.spec.AlgorithmParameterSpec; import java.util.Properties; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; import org.apache.commons.crypto.cipher.Cipher; import org.apache.commons.crypto.cipher.CipherTransformation; @@ -58,13 +61,10 @@ public class CipherOutputStream extends OutputStream implements protected final int bufferSize; /**Crypto key for the cipher.*/ - protected final byte[] key; + protected final Key key; - /**The initial IV.*/ - protected final byte[] initIV; - - /** Initialization vector for the cipher.*/ - protected byte[] iv; + /** the algorithm parameters */ + protected final AlgorithmParameterSpec params; /** Flag to mark whether the output stream is closed.*/ protected boolean closed; @@ -89,15 +89,14 @@ public class CipherOutputStream extends OutputStream implements * properties. * @param out the output stream. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherOutputStream(CipherTransformation transformation, - Properties props, OutputStream out, byte[] key, - byte[] iv) + Properties props, OutputStream out, Key key, AlgorithmParameterSpec params) throws IOException { this(out, Utils.getCipherInstance(transformation, props), - Utils.getBufferSize(props), key, iv); + Utils.getBufferSize(props), key, params); } /** @@ -108,15 +107,14 @@ public class CipherOutputStream extends OutputStream implements * properties. * @param out the WritableByteChannel instance. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherOutputStream(CipherTransformation transformation, - Properties props, WritableByteChannel out, - byte[] key, byte[] iv) + Properties props, WritableByteChannel out, Key key, AlgorithmParameterSpec params) throws IOException { this(out, Utils.getCipherInstance(transformation, props), - Utils.getBufferSize(props), key, iv); + Utils.getBufferSize(props), key, params); } /** @@ -126,12 +124,12 @@ public class CipherOutputStream extends OutputStream implements * @param cipher the Cipher instance. * @param bufferSize the bufferSize. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherOutputStream(OutputStream out, Cipher cipher, int bufferSize, - byte[] key, byte[] iv) throws IOException { - this(new StreamOutput(out, bufferSize), cipher, bufferSize, key, iv); + Key key, AlgorithmParameterSpec params) throws IOException { + this(new StreamOutput(out, bufferSize), cipher, bufferSize, key, params); } /** @@ -141,12 +139,12 @@ public class CipherOutputStream extends OutputStream implements * @param cipher the cipher instance. * @param bufferSize the bufferSize. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ public CipherOutputStream(WritableByteChannel channel, Cipher cipher, - int bufferSize, byte[] key, byte[] iv) throws IOException { - this(new ChannelOutput(channel), cipher, bufferSize, key, iv); + int bufferSize, Key key, AlgorithmParameterSpec params) throws IOException { + this(new ChannelOutput(channel), cipher, bufferSize, key, params); } /** @@ -156,19 +154,25 @@ public class CipherOutputStream extends OutputStream implements * @param cipher the Cipher instance. * @param bufferSize the bufferSize. * @param key crypto key for the cipher. - * @param iv Initialization vector for the cipher. + * @param params the algorithm parameters. * @throws IOException if an I/O error occurs. */ protected CipherOutputStream(Output output, Cipher cipher, int bufferSize, - byte[] key, byte[] iv) + Key key, AlgorithmParameterSpec params) throws IOException { this.output = output; this.bufferSize = Utils.checkBufferSize(cipher, bufferSize); this.cipher = cipher; - this.key = key.clone(); - this.initIV = iv.clone(); - this.iv = iv.clone(); + + this.key = key; + this.params = params; + + if (!(params instanceof IvParameterSpec)) { + //other AlgorithmParameterSpec such as GCMParameterSpec is not supported now. + throw new IOException("Illegal parameters"); + } + inBuffer = ByteBuffer.allocateDirect(this.bufferSize); outBuffer = ByteBuffer.allocateDirect(this.bufferSize + cipher.getTransformation().getAlgorithmBlockSize()); @@ -320,7 +324,7 @@ public class CipherOutputStream extends OutputStream implements protected void initCipher() throws IOException { try { - cipher.init(Cipher.ENCRYPT_MODE, key, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, params); } catch (InvalidKeyException e) { throw new IOException(e); } catch(InvalidAlgorithmParameterException e) { http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/main/java/org/apache/commons/crypto/stream/PositionedCipherInputStream.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/stream/PositionedCipherInputStream.java b/src/main/java/org/apache/commons/crypto/stream/PositionedCipherInputStream.java index 27b6a28..0a7c09b 100644 --- a/src/main/java/org/apache/commons/crypto/stream/PositionedCipherInputStream.java +++ b/src/main/java/org/apache/commons/crypto/stream/PositionedCipherInputStream.java @@ -29,6 +29,7 @@ import java.util.concurrent.ConcurrentLinkedQueue; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; import org.apache.commons.crypto.cipher.Cipher; import org.apache.commons.crypto.cipher.CipherFactory; @@ -261,7 +262,7 @@ public class PositionedCipherInputStream extends CTRCipherInputStream { final long counter = getCounter(position); Utils.calculateIV(getInitIV(), counter, iv); try { - state.getCipher().init(Cipher.DECRYPT_MODE, getKey(), iv); + state.getCipher().init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv)); } catch (InvalidKeyException e) { throw new IOException(e); } catch (InvalidAlgorithmParameterException e) { http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/test/java/org/apache/commons/crypto/cipher/AbstractCipherTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/crypto/cipher/AbstractCipherTest.java b/src/test/java/org/apache/commons/crypto/cipher/AbstractCipherTest.java index 0d02bfc..67ab5c0 100644 --- a/src/test/java/org/apache/commons/crypto/cipher/AbstractCipherTest.java +++ b/src/test/java/org/apache/commons/crypto/cipher/AbstractCipherTest.java @@ -23,6 +23,8 @@ import java.security.GeneralSecurityException; import java.security.SecureRandom; import java.util.Properties; import java.util.Random; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; import javax.xml.bind.DatatypeConverter; import org.apache.commons.crypto.conf.ConfigurationKeys; @@ -100,13 +102,13 @@ public abstract class AbstractCipherTest { dec = getCipher(transformation); try { - enc.init(Cipher.ENCRYPT_MODE, key, iv); + enc.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } catch (Exception e) { Assert.fail("AES failed initialisation - " + e.toString()); } try { - dec.init(Cipher.DECRYPT_MODE, key, iv); + dec.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } catch (Exception e) { Assert.fail("AES failed initialisation - " + e.toString()); } @@ -217,13 +219,13 @@ public abstract class AbstractCipherTest { dec = getCipher(transformation); try { - enc.init(Cipher.ENCRYPT_MODE, key, iv); + enc.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } catch (Exception e) { Assert.fail("AES failed initialisation - " + e.toString()); } try { - dec.init(Cipher.DECRYPT_MODE, key, iv); + dec.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } catch (Exception e) { Assert.fail("AES failed initialisation - " + e.toString()); } http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/test/java/org/apache/commons/crypto/stream/AbstractCipherStreamTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/crypto/stream/AbstractCipherStreamTest.java b/src/test/java/org/apache/commons/crypto/stream/AbstractCipherStreamTest.java index 6e2d864..40b1487 100644 --- a/src/test/java/org/apache/commons/crypto/stream/AbstractCipherStreamTest.java +++ b/src/test/java/org/apache/commons/crypto/stream/AbstractCipherStreamTest.java @@ -43,6 +43,9 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + public abstract class AbstractCipherStreamTest { private static final Log LOG= LogFactory.getLog(AbstractCipherStreamTest.class); @@ -248,7 +251,8 @@ public abstract class AbstractCipherStreamTest { } ByteArrayOutputStream baos = new ByteArrayOutputStream(); - OutputStream out = new CipherOutputStream(baos, cipher, defaultBufferSize, key, iv); + OutputStream out = new CipherOutputStream(baos, cipher, defaultBufferSize, + new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); out.write(data); out.flush(); out.close(); @@ -262,9 +266,10 @@ public abstract class AbstractCipherStreamTest { IOException { if (withChannel) { return new CipherInputStream(Channels.newChannel(bais), cipher, - bufferSize, key, iv); + bufferSize, new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } else { - return new CipherInputStream(bais, cipher, bufferSize, key, iv); + return new CipherInputStream(bais, cipher, bufferSize, + new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } } @@ -275,9 +280,10 @@ public abstract class AbstractCipherStreamTest { IOException { if (withChannel) { return new CipherOutputStream(Channels.newChannel(baos), cipher, - bufferSize, key, iv); + bufferSize, new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } else { - return new CipherOutputStream(baos, cipher, bufferSize, key, iv); + return new CipherOutputStream(baos, cipher, bufferSize, + new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); } } http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/9bbbe4a5/src/test/java/org/apache/commons/crypto/stream/PositionedCipherInputStreamTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/crypto/stream/PositionedCipherInputStreamTest.java b/src/test/java/org/apache/commons/crypto/stream/PositionedCipherInputStreamTest.java index 617f1e3..35bbf7a 100644 --- a/src/test/java/org/apache/commons/crypto/stream/PositionedCipherInputStreamTest.java +++ b/src/test/java/org/apache/commons/crypto/stream/PositionedCipherInputStreamTest.java @@ -28,6 +28,8 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.OutputStream; @@ -78,7 +80,8 @@ public class PositionedCipherInputStreamTest { ByteArrayOutputStream baos = new ByteArrayOutputStream(); // encryption data - OutputStream out = new CipherOutputStream(baos, cipher, bufferSize, key, iv); + OutputStream out = new CipherOutputStream(baos, cipher, bufferSize, + new SecretKeySpec(key,"AES"), new IvParameterSpec(iv)); out.write(testData); out.flush(); out.close();
