protected void initKey(byte[] salt) { key = SHA256.getHashWithSalt(key, salt); for (int i = 0; i < keyIterations; i++) { key = SHA256.getHash(key, true); } cipher.setKey(key); key = SHA256.getHash(key, true); cipherForInitVector.setKey(key); }
public SecureFileStorage(DataHandler handler, String name, String mode, String cipher, byte[] key, int keyIterations) { super(handler, name, mode); this.key = key; this.cipher = CipherFactory.getBlockCipher(cipher); this.cipherForInitVector = CipherFactory.getBlockCipher(cipher); this.keyIterations = keyIterations; bufferForInitVector = new byte[Constants.FILE_BLOCK_SIZE]; }
@Override public void decrypt(byte[] bytes, int off, int len) { for (int i = off; i < off + len; i += 16) { decryptBlock(bytes, bytes, i); } }
private static byte[] decrypt(String algorithm, byte[] key, byte[] data) { BlockCipher cipher = CipherFactory.getBlockCipher(algorithm); byte[] newKey = getPaddedArrayCopy(key, cipher.getKeyLength()); cipher.setKey(newKey); byte[] newData = getPaddedArrayCopy(data, BlockCipher.ALIGN); cipher.decrypt(newData, 0, newData.length); return newData; }
private static byte[] encrypt(String algorithm, byte[] key, byte[] data) { BlockCipher cipher = CipherFactory.getBlockCipher(algorithm); byte[] newKey = getPaddedArrayCopy(key, cipher.getKeyLength()); cipher.setKey(newKey); byte[] newData = getPaddedArrayCopy(data, BlockCipher.ALIGN); cipher.encrypt(newData, 0, newData.length); return newData; }
public void readFully(byte[] b, int off, int len) { super.readFully(b, off, len); for (int i = 0; i < len; i++) { if (b[i] != 0) { cipher.decrypt(b, off, len); xorInitVector(b, off, len, pos); break; } } pos += len; }
public static byte[] createUserPasswordHash(String userName, char[] passwordChars) { // 不能用用户名和密码组成hash,否则重命名用户后将不能通过原来的密码登录 // TODO 如果不用固定的名称是否还有更好办法? userName = Constants.PROJECT_NAME; if (userName.length() == 0 && passwordChars.length == 0) { return new byte[0]; } return SHA256.getKeyPasswordHash(userName, passwordChars); }
/** * Get a new block cipher object for the given algorithm. * * @param algorithm the algorithm * @return a new cipher object */ public static BlockCipher getBlockCipher(String algorithm) { if ("XTEA".equalsIgnoreCase(algorithm)) { return new XTEA(); } else if ("AES".equalsIgnoreCase(algorithm)) { return new AES(); } else if ("FOG".equalsIgnoreCase(algorithm)) { return new Fog(); } throw DbException.get(ErrorCode.UNSUPPORTED_CIPHER, algorithm); } }
public void write(byte[] b, int off, int len) { if (buffer.length < b.length) { buffer = new byte[len]; } System.arraycopy(b, off, buffer, 0, len); xorInitVector(buffer, 0, len, pos); cipher.encrypt(buffer, 0, len); super.write(buffer, 0, len); pos += len; }
private static byte[] normalizeKeyForHMAC(byte[] key) { if (key.length > 64) { key = getHash(key, false); } if (key.length < 64) { key = Arrays.copyOf(key, 64); } return key; }
private byte[] initTweak(long id) { byte[] tweak = new byte[CIPHER_BLOCK_SIZE]; for (int j = 0; j < CIPHER_BLOCK_SIZE; j++, id >>>= 8) { tweak[j] = (byte) (id & 0xff); } cipher.encrypt(tweak, 0, CIPHER_BLOCK_SIZE); return tweak; }
private void calculateHMAC(byte[] key, byte[] message, int len, byte[] iKey, byte[] oKey, byte[] byteBuff, int[] intBuff) { Arrays.fill(iKey, 0, 64, (byte) 0x36); xor(iKey, key, 64); System.arraycopy(message, 0, iKey, 64, len); calculateHash(iKey, 64 + len, byteBuff, intBuff); Arrays.fill(oKey, 0, 64, (byte) 0x5c); xor(oKey, key, 64); System.arraycopy(result, 0, oKey, 64, 32); calculateHash(oKey, 64 + 32, byteBuff, intBuff); }
@Override public void encrypt(byte[] bytes, int off, int len) { for (int i = off; i < off + len; i += 16) { encryptBlock(bytes, bytes, i); } }
@Override public void decrypt(byte[] bytes, int off, int len) { for (int i = off; i < off + len; i += 16) { decryptBlock(bytes, bytes, i); } }
@Override public void encrypt(byte[] bytes, int off, int len) { for (int i = off; i < off + len; i += 16) { encryptBlock(bytes, bytes, i); } }
@Override public void encrypt(byte[] bytes, int off, int len) { if (SysProperties.CHECK) { if (len % ALIGN != 0) { DbException.throwInternalError("unaligned len " + len); } } for (int i = off; i < off + len; i += 8) { encryptBlock(bytes, bytes, i); } }
@Override public void decrypt(byte[] bytes, int off, int len) { if (SysProperties.CHECK) { if (len % ALIGN != 0) { DbException.throwInternalError("unaligned len " + len); } } for (int i = off; i < off + len; i += 8) { decryptBlock(bytes, bytes, i); } }
/** * Calculate the hash code by using the given salt. The salt is appended * after the data before the hash code is calculated. After generating the * hash code, the data and all internal buffers are filled with zeros to avoid * keeping insecure data in memory longer than required (and possibly * swapped to disk). * * @param data the data to hash * @param salt the salt to use * @return the hash code */ public static byte[] getHashWithSalt(byte[] data, byte[] salt) { byte[] buff = new byte[data.length + salt.length]; System.arraycopy(data, 0, buff, 0, data.length); System.arraycopy(salt, 0, buff, data.length, salt.length); return getHash(buff, true); }
private void xorInitVector(byte[] b, int off, int len, long p) { byte[] iv = bufferForInitVector; while (len > 0) { for (int i = 0; i < Constants.FILE_BLOCK_SIZE; i += 8) { long block = (p + i) >>> 3; iv[i] = (byte) (block >> 56); iv[i + 1] = (byte) (block >> 48); iv[i + 2] = (byte) (block >> 40); iv[i + 3] = (byte) (block >> 32); iv[i + 4] = (byte) (block >> 24); iv[i + 5] = (byte) (block >> 16); iv[i + 6] = (byte) (block >> 8); iv[i + 7] = (byte) block; } cipherForInitVector.encrypt(iv, 0, Constants.FILE_BLOCK_SIZE); for (int i = 0; i < Constants.FILE_BLOCK_SIZE; i++) { b[off + i] ^= iv[i]; } p += Constants.FILE_BLOCK_SIZE; off += Constants.FILE_BLOCK_SIZE; len -= Constants.FILE_BLOCK_SIZE; } }
private static byte[] getHash(String algorithm, byte[] bytes, int iterations) { if (!"SHA256".equalsIgnoreCase(algorithm)) { throw DbException.getInvalidValueException("algorithm", algorithm); } for (int i = 0; i < iterations; i++) { bytes = SHA256.getHash(bytes, false); } return bytes; }