1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
package org.bouncycastle.crypto.paddings;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.params.ParametersWithRandom;
/**
* A wrapper class that allows block ciphers to be used to process data in
* a piecemeal fashion with padding. The PaddedBufferedBlockCipher
* outputs a block only when the buffer is full and more data is being added,
* or on a doFinal (unless the current block in the buffer is a pad block).
* The default padding mechanism used is the one outlined in PKCS5/PKCS7.
*/
public class PaddedBufferedBlockCipher
extends BufferedBlockCipher
{
BlockCipherPadding padding;
/**
* Create a buffered block cipher with the desired padding.
*
* @param cipher the underlying block cipher this buffering object wraps.
* @param padding the padding type.
*/
public PaddedBufferedBlockCipher(
BlockCipher cipher,
BlockCipherPadding padding)
{
this.cipher = cipher;
this.padding = padding;
buf = new byte[cipher.getBlockSize()];
bufOff = 0;
}
/**
* Create a buffered block cipher PKCS7 padding
*
* @param cipher the underlying block cipher this buffering object wraps.
*/
public PaddedBufferedBlockCipher(
BlockCipher cipher)
{
this(cipher, new PKCS7Padding());
}
/**
* initialise the cipher.
*
* @param forEncryption if true the cipher is initialised for
* encryption, if false for decryption.
* @param params the key and other data required by the cipher.
* @exception IllegalArgumentException if the params argument is
* inappropriate.
*/
public void init(
boolean forEncryption,
CipherParameters params)
throws IllegalArgumentException
{
this.forEncryption = forEncryption;
reset();
if (params instanceof ParametersWithRandom)
{
ParametersWithRandom p = (ParametersWithRandom)params;
padding.init(p.getRandom());
cipher.init(forEncryption, p.getParameters());
}
else
{
padding.init(null);
cipher.init(forEncryption, params);
}
}
/**
* return the minimum size of the output buffer required for an update
* plus a doFinal with an input of len bytes.
*
* @param len the length of the input.
* @return the space required to accommodate a call to update and doFinal
* with len bytes of input.
*/
public int getOutputSize(
int len)
{
int total = len + bufOff;
int leftOver = total % buf.length;
if (leftOver == 0)
{
if (forEncryption)
{
return total + buf.length;
}
return total;
}
return total - leftOver + buf.length;
}
/**
* return the size of the output buffer required for an update
* an input of len bytes.
*
* @param len the length of the input.
* @return the space required to accommodate a call to update
* with len bytes of input.
*/
public int getUpdateOutputSize(
int len)
{
int total = len + bufOff;
int leftOver = total % buf.length;
if (leftOver == 0)
{
return Math.max(0, total - buf.length);
}
return total - leftOver;
}
/**
* process a single byte, producing an output block if neccessary.
*
* @param in the input byte.
* @param out the space for any output that might be produced.
* @param outOff the offset from which the output will be copied.
* @return the number of output bytes copied to out.
* @exception DataLengthException if there isn't enough space in out.
* @exception IllegalStateException if the cipher isn't initialised.
*/
public int processByte(
byte in,
byte[] out,
int outOff)
throws DataLengthException, IllegalStateException
{
int resultLen = 0;
if (bufOff == buf.length)
{
resultLen = cipher.processBlock(buf, 0, out, outOff);
bufOff = 0;
}
buf[bufOff++] = in;
return resultLen;
}
/**
* process an array of bytes, producing output if necessary.
*
* @param in the input byte array.
* @param inOff the offset at which the input data starts.
* @param len the number of bytes to be copied out of the input array.
* @param out the space for any output that might be produced.
* @param outOff the offset from which the output will be copied.
* @return the number of output bytes copied to out.
* @exception DataLengthException if there isn't enough space in out.
* @exception IllegalStateException if the cipher isn't initialised.
*/
public int processBytes(
byte[] in,
int inOff,
int len,
byte[] out,
int outOff)
throws DataLengthException, IllegalStateException
{
if (len < 0)
{
throw new IllegalArgumentException("Can't have a negative input length!");
}
int blockSize = getBlockSize();
int length = getUpdateOutputSize(len);
if (length > 0)
{
if ((outOff + length) > out.length)
{
throw new OutputLengthException("output buffer too short");
}
}
int resultLen = 0;
int gapLen = buf.length - bufOff;
if (len > gapLen)
{
System.arraycopy(in, inOff, buf, bufOff, gapLen);
resultLen += cipher.processBlock(buf, 0, out, outOff);
bufOff = 0;
len -= gapLen;
inOff += gapLen;
while (len > buf.length)
{
resultLen += cipher.processBlock(in, inOff, out, outOff + resultLen);
len -= blockSize;
inOff += blockSize;
}
}
System.arraycopy(in, inOff, buf, bufOff, len);
bufOff += len;
return resultLen;
}
/**
* Process the last block in the buffer. If the buffer is currently
* full and padding needs to be added a call to doFinal will produce
* 2 * getBlockSize() bytes.
*
* @param out the array the block currently being held is copied into.
* @param outOff the offset at which the copying starts.
* @return the number of output bytes copied to out.
* @exception DataLengthException if there is insufficient space in out for
* the output or we are decrypting and the input is not block size aligned.
* @exception IllegalStateException if the underlying cipher is not
* initialised.
* @exception InvalidCipherTextException if padding is expected and not found.
*/
public int doFinal(
byte[] out,
int outOff)
throws DataLengthException, IllegalStateException, InvalidCipherTextException
{
int blockSize = cipher.getBlockSize();
int resultLen = 0;
if (forEncryption)
{
if (bufOff == blockSize)
{
if ((outOff + 2 * blockSize) > out.length)
{
reset();
throw new OutputLengthException("output buffer too short");
}
resultLen = cipher.processBlock(buf, 0, out, outOff);
bufOff = 0;
}
padding.addPadding(buf, bufOff);
resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen);
reset();
}
else
{
if (bufOff == blockSize)
{
resultLen = cipher.processBlock(buf, 0, buf, 0);
bufOff = 0;
}
else
{
reset();
throw new DataLengthException("last block incomplete in decryption");
}
try
{
resultLen -= padding.padCount(buf);
System.arraycopy(buf, 0, out, outOff, resultLen);
}
finally
{
reset();
}
}
return resultLen;
}
}
|
