/** * Upgrades a connection with transport encryption by the specified symmetric cipher. * * @return * A new {@link Connection} object that includes the transport encryption. */ public Connection encryptConnection(SecretKey sessionKey, String algorithm) throws IOException, GeneralSecurityException { Cipher cout = Cipher.getInstance(algorithm); cout.init(Cipher.ENCRYPT_MODE, sessionKey, new IvParameterSpec(sessionKey.getEncoded())); CipherOutputStream o = new CipherOutputStream(out, cout); Cipher cin = Cipher.getInstance(algorithm); cin.init(Cipher.DECRYPT_MODE, sessionKey, new IvParameterSpec(sessionKey.getEncoded())); CipherInputStream i = new CipherInputStream(in, cin); return new Connection(i,o); }
/** * @param keyLength * Block size of the asymmetric cipher, in bits. I thought I can get it from {@code asym.getBlockSize()} * but that doesn't work with Sun's implementation. */ public CombinedCipherInputStream(InputStream in, Cipher asym, String algorithm, int keyLength) throws IOException, GeneralSecurityException { super(in); String keyAlgorithm = getKeyAlgorithm(algorithm); // first read the symmetric key cipher byte[] symKeyBytes = new byte[keyLength/8]; new DataInputStream(in).readFully(symKeyBytes); SecretKey symKey = new SecretKeySpec(asym.doFinal(symKeyBytes),keyAlgorithm); // the rest of the data will be decrypted by this symmetric cipher Cipher sym = Secret.getCipher(algorithm); sym.init(Cipher.DECRYPT_MODE,symKey, keyAlgorithm.equals(algorithm) ? null : new IvParameterSpec(symKey.getEncoded())); super.in = new CipherInputStream(in,sym); }
@Override public InputStream createDecryptionStream(InputStream in) { if (!initialized) { init(); } return new javax.crypto.CipherInputStream(in, cipher); }
/** * Returns the input stream for reading the previously written encrypted data * * @return the inputstream * @throws IOException if the reading of the underlying file fails */ public InputStream getInputStream() throws IOException { Cipher ciDec = CryptoFunctions.getCipher(skeySpec, cipherAlgorithm, ChainingMode.cbc, ivBytes, Cipher.DECRYPT_MODE, PADDING); return new CipherInputStream(new FileInputStream(tempFile), ciDec); }
@Override protected InputStream decorateInputStream(FileInputStream fis) { Cipher ciDec = CryptoFunctions.getCipher(skeySpec, cipherAlgorithm, ChainingMode.cbc, ivBytes, Cipher.DECRYPT_MODE, "PKCS5Padding"); return new CipherInputStream(fis, ciDec); } }
@Override public InputStream getInputStream(ZipArchiveEntry entry) throws IOException { InputStream is = zipFile.getInputStream(entry); return new CipherInputStream(is, ci); }
private ConsoleAnnotator<T> createAnnotator(StaplerRequest req) throws IOException { try { String base64 = req!=null ? req.getHeader("X-ConsoleAnnotator") : null; if (base64!=null) { Cipher sym = PASSING_ANNOTATOR.decrypt(); ObjectInputStream ois = new ObjectInputStreamEx(new GZIPInputStream( new CipherInputStream(new ByteArrayInputStream(Base64.decode(base64.toCharArray())),sym)), Jenkins.getInstance().pluginManager.uberClassLoader); try { long timestamp = ois.readLong(); if (TimeUnit.HOURS.toMillis(1) > abs(System.currentTimeMillis()-timestamp)) // don't deserialize something too old to prevent a replay attack return (ConsoleAnnotator)ois.readObject(); } finally { ois.close(); } } } catch (ClassNotFoundException e) { throw new IOException(e); } // start from scratch return ConsoleAnnotator.initial(context); }
@Override public final long open(DataSpec dataSpec) throws IOException { Cipher cipher; try { cipher = getCipherInstance(); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { throw new RuntimeException(e); } Key cipherKey = new SecretKeySpec(encryptionKey, "AES"); AlgorithmParameterSpec cipherIV = new IvParameterSpec(encryptionIv); try { cipher.init(Cipher.DECRYPT_MODE, cipherKey, cipherIV); } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { throw new RuntimeException(e); } DataSourceInputStream inputStream = new DataSourceInputStream(upstream, dataSpec); cipherInputStream = new CipherInputStream(inputStream, cipher); inputStream.open(); return C.LENGTH_UNSET; }
/** * Reverse operation of {@link #store(ConfidentialKey, byte[])} * * @return * null the data has not been previously persisted. */ @Override protected byte[] load(ConfidentialKey key) throws IOException { try { File f = getFileFor(key); if (!f.exists()) return null; Cipher sym = Secret.getCipher("AES"); sym.init(Cipher.DECRYPT_MODE, masterKey); try (InputStream fis=Files.newInputStream(f.toPath()); CipherInputStream cis = new CipherInputStream(fis, sym)) { byte[] bytes = IOUtils.toByteArray(cis); return verifyMagic(bytes); } } catch (GeneralSecurityException e) { throw new IOException("Failed to load the key: "+key.getId(),e); } catch (InvalidPathException e) { throw new IOException(e); } catch (IOException x) { if (x.getCause() instanceof BadPaddingException) { return null; // broken somehow } else { throw x; } } }
_cipher.init(Cipher.DECRYPT_MODE, key); _cipherIn = new CipherInputStream(_bodyIn, _cipher); } catch (RuntimeException e) { throw e;
throw new IllegalStateException(e); input = new DataInputStream(new CipherInputStream(inputStream, cipher)); } else if (encrypt) { changed = true; // Force index to be rewritten encrypted after read.
InputStream wrapInputStream() throws IOException { InputStream base64Decoder = new Base64Codec().decodeInputStream(origStream); return new CipherInputStream(base64Decoder, cipher); }
final Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, aesKey, new IvParameterSpec(iv)); cipherInputStream = new CipherInputStream(in, cipher); isInitialized = true; return cipherInputStream;
private void crypt(InputStream in, OutputStream out, byte[] keyBytes, byte[] iv, int cryptMode) throws CryptoException { if (in == null) { throw new NullPointerException("InputStream argument cannot be null."); } if (out == null) { throw new NullPointerException("OutputStream argument cannot be null."); } javax.crypto.Cipher cipher = initNewCipher(cryptMode, keyBytes, iv, true); CipherInputStream cis = new CipherInputStream(in, cipher); int bufSize = getStreamingBufferSize(); byte[] buffer = new byte[bufSize]; int bytesRead; try { while ((bytesRead = cis.read(buffer)) != -1) { out.write(buffer, 0, bytesRead); } } catch (IOException e) { throw new CryptoException(e); } }
public InputStream getDataStream(DirectoryNode dir) throws IOException { DocumentInputStream dis = dir.createDocumentInputStream(DEFAULT_POIFS_ENTRY); _length = dis.readLong(); // limit wrong calculated ole entries - (bug #57080) // standard encryption always uses aes encoding, so blockSize is always 16 // http://stackoverflow.com/questions/3283787/size-of-data-after-aes-encryption int blockSize = builder.getHeader().getCipherAlgorithm().blockSize; long cipherLen = (_length/blockSize + 1) * blockSize; Cipher cipher = getCipher(getSecretKey()); InputStream boundedDis = new BoundedInputStream(dis, cipherLen); return new BoundedInputStream(new CipherInputStream(boundedDis, cipher), _length); }
private void manuallyDecodeAndVerifyBytes(byte[] originalBytes, byte[] encryptedBytes, SimpleCredentialStore credStore) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { // Manually decode InputStream in = new ByteArrayInputStream(encryptedBytes); verifyKeyId(in, 1); Integer ivLen = verifyIvLen(in); byte[] ivBinary = verifyAndExtractIv(in, ivLen); byte[] body = readAndBase64DecodeBody(in); // feed back into cipheroutput stream Cipher inputCipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBinary); inputCipher.init(Cipher.DECRYPT_MODE, credStore.getKey(), ivParameterSpec); CipherInputStream cis = new CipherInputStream(new ByteArrayInputStream(body), inputCipher); byte[] decoded = IOUtils.toByteArray(cis); Assert.assertEquals(decoded, originalBytes, "Expected decoded output to match encoded output"); }
@Override @SuppressWarnings("resource") public InputStream getDataStream(DirectoryNode dir) throws IOException { DocumentInputStream dis = dir.createDocumentInputStream(DEFAULT_POIFS_ENTRY); _length = dis.readLong(); if(getSecretKey() == null) { verifyPassword(null); } // limit wrong calculated ole entries - (bug #57080) // standard encryption always uses aes encoding, so blockSize is always 16 // http://stackoverflow.com/questions/3283787/size-of-data-after-aes-encryption int blockSize = getEncryptionInfo().getHeader().getCipherAlgorithm().blockSize; long cipherLen = (_length/blockSize + 1) * blockSize; Cipher cipher = getCipher(getSecretKey()); InputStream boundedDis = new BoundedInputStream(dis, cipherLen); return new BoundedInputStream(new CipherInputStream(boundedDis, cipher), _length); }
socketStream = cipherInputStream = new CipherInputStream( bufferedInputStream, decryptionCip ); } catch ( InvalidKeyException ex ) { baseStep.logError( "Invalid key was received", ex );
@Override InputStream decrypt(InputStream input) throws IOException { try { return new CipherInputStream(input, decryptCipher); } finally { decryptCipher = null; // Cleanup validate -> decrypt transition. } } }
@Override InputStream decrypt(InputStream in) throws IOException { try { final Cipher cipher = InsecureCipherFactory.create(cryptoAlg); cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec); return new CipherInputStream(in, cipher); } catch (GeneralSecurityException e) { throw error(e); } } }