Class CtrCryptoInputStream
- All Implemented Interfaces:
Closeable
,AutoCloseable
,Channel
,ReadableByteChannel
- Direct Known Subclasses:
PositionedCryptoInputStream
CtrCryptoInputStream decrypts data. AES CTR mode is required in order to ensure that the plain text and cipher text have a 1:1 mapping. CTR crypto stream has stream characteristic which is useful for implement features like random seek. The decryption is buffer based. The key points of the decryption are (1) calculating the counter and (2) padding through stream position:
counter = base + pos/(algorithm blocksize); padding = pos%(algorithm blocksize);
The underlying stream offset is maintained as state. It is not thread-safe.-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate boolean
Flag to mark whether the cipher has been resetprivate final byte[]
The initial IV.private final byte[]
Initialization vector for the cipher.private byte
Padding = pos%(algorithm blocksize); Padding is put intoCryptoInputStream.inBuffer
before any other data goes in.private long
Underlying stream offsetFields inherited from class org.apache.commons.crypto.stream.CryptoInputStream
cipher, EOS, inBuffer, input, key, outBuffer, STREAM_BUFFER_SIZE_KEY
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
CtrCryptoInputStream
(InputStream inputStream, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv) Constructs aCtrCryptoInputStream
.protected
CtrCryptoInputStream
(InputStream inputStream, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv, long streamOffset) Constructs aCtrCryptoInputStream
.protected
CtrCryptoInputStream
(ReadableByteChannel channel, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv) Constructs aCtrCryptoInputStream
.protected
CtrCryptoInputStream
(ReadableByteChannel channel, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv, long streamOffset) Constructs aCtrCryptoInputStream
.CtrCryptoInputStream
(Properties properties, InputStream inputStream, byte[] key, byte[] iv) Constructs aCtrCryptoInputStream
.CtrCryptoInputStream
(Properties properties, InputStream inputStream, byte[] key, byte[] iv, long streamOffset) Constructs aCtrCryptoInputStream
.CtrCryptoInputStream
(Properties properties, ReadableByteChannel channel, byte[] key, byte[] iv) Constructs aCtrCryptoInputStream
.CtrCryptoInputStream
(Properties properties, ReadableByteChannel in, byte[] key, byte[] iv, long streamOffset) Constructs aCtrCryptoInputStream
.protected
CtrCryptoInputStream
(Input input, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv) Constructs aCtrCryptoInputStream
.protected
CtrCryptoInputStream
(Input input, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv, long streamOffset) Constructs aCtrCryptoInputStream
. -
Method Summary
Modifier and TypeMethodDescription(package private) static void
calculateIV
(byte[] initIV, long counter, byte[] IV) This method is only for Counter (CTR) mode.protected void
decrypt()
Does the decryption using inBuffer as input and outBuffer as output.protected void
decrypt
(ByteBuffer buf, int offset, int len) Decrypts all data in buf: total n bytes from given start position.protected void
decryptBuffer
(ByteBuffer out) Does the decryption using out as output.protected void
decryptInPlace
(ByteBuffer buf) Does the decryption using inBuffer as input and buf as output.protected int
Decrypts more data by reading the under layer stream.protected long
getCounter
(long position) Gets the counter for input stream position.protected byte[]
Gets the initialization vector.protected byte
getPadding
(long position) Gets the padding for input stream position.protected long
Gets the offset of the stream.protected long
Gets the position of the stream.protected void
Overrides theinitCipher()
.protected byte
postDecryption
(long position) This method is executed immediately after decryption.int
read
(ByteBuffer buf) Overrides theread(ByteBuffer)
.protected void
resetCipher
(long position) Calculates the counter and iv, resets the cipher.protected void
resetStreamOffset
(long offset) Resets the underlying stream offset; clearCryptoInputStream.inBuffer
andCryptoInputStream.outBuffer
.void
seek
(long position) Seeks the stream to a specific position relative to start of the under layer stream.protected void
setStreamOffset
(long streamOffset) Sets the offset of stream.long
skip
(long n) Overrides theCryptoInputStream.skip(long)
.Methods inherited from class org.apache.commons.crypto.stream.CryptoInputStream
available, checkBufferSize, checkStream, checkStreamCipher, close, decryptFinal, freeBuffers, freeDirectBuffer, getBufferSize, getBufferSize, getCipher, getInput, getKey, getParams, isOpen, markSupported, read, read
Methods inherited from class java.io.InputStream
mark, read, reset
-
Field Details
-
streamOffset
private long streamOffsetUnderlying stream offset -
initIV
private final byte[] initIVThe initial IV. -
iv
private final byte[] ivInitialization vector for the cipher. -
padding
private byte paddingPadding = pos%(algorithm blocksize); Padding is put intoCryptoInputStream.inBuffer
before any other data goes in. The purpose of padding is to put the input data at proper position. -
cipherReset
private boolean cipherResetFlag to mark whether the cipher has been reset
-
-
Constructor Details
-
CtrCryptoInputStream
protected CtrCryptoInputStream(Input input, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
input
- the input data.cipher
- the CryptoCipher instance.bufferSize
- the bufferSize.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
protected CtrCryptoInputStream(Input input, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv, long streamOffset) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
input
- the input data.cipher
- the CryptoCipher instance.bufferSize
- the bufferSize.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.streamOffset
- the start offset in the stream.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
protected CtrCryptoInputStream(InputStream inputStream, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
inputStream
- the input stream.cipher
- the CryptoCipher instance.bufferSize
- the bufferSize.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
protected CtrCryptoInputStream(InputStream inputStream, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv, long streamOffset) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
inputStream
- the InputStream instance.cipher
- the CryptoCipher instance.bufferSize
- the bufferSize.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.streamOffset
- the start offset in the stream.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
public CtrCryptoInputStream(Properties properties, InputStream inputStream, byte[] key, byte[] iv) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
properties
- TheProperties
class represents a set of properties.inputStream
- the input stream.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
public CtrCryptoInputStream(Properties properties, InputStream inputStream, byte[] key, byte[] iv, long streamOffset) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
properties
- TheProperties
class represents a set of properties.inputStream
- the InputStream instance.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.streamOffset
- the start offset in the stream.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
public CtrCryptoInputStream(Properties properties, ReadableByteChannel channel, byte[] key, byte[] iv) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
properties
- TheProperties
class represents a set of properties.channel
- the ReadableByteChannel instance.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
public CtrCryptoInputStream(Properties properties, ReadableByteChannel in, byte[] key, byte[] iv, long streamOffset) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
properties
- TheProperties
class represents a set of properties.in
- the ReadableByteChannel instance.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.streamOffset
- the start offset in the stream.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
protected CtrCryptoInputStream(ReadableByteChannel channel, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
channel
- the ReadableByteChannel instance.cipher
- the cipher instance.bufferSize
- the bufferSize.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.- Throws:
IOException
- if an I/O error occurs.
-
CtrCryptoInputStream
protected CtrCryptoInputStream(ReadableByteChannel channel, CryptoCipher cipher, int bufferSize, byte[] key, byte[] iv, long streamOffset) throws IOException Constructs aCtrCryptoInputStream
.- Parameters:
channel
- the ReadableByteChannel instance.cipher
- the CryptoCipher instance.bufferSize
- the bufferSize.key
- crypto key for the cipher.iv
- Initialization vector for the cipher.streamOffset
- the start offset in the stream.- Throws:
IOException
- if an I/O error occurs.
-
-
Method Details
-
calculateIV
static void calculateIV(byte[] initIV, long counter, byte[] IV) This method is only for Counter (CTR) mode. Generally the CryptoCipher calculates the IV and maintain encryption context internally.For example a Cipher will maintain its encryption context internally when we do encryption/decryption using the CryptoCipher#update interface.
Encryption/Decryption is not always on the entire file. For example, in Hadoop, a node may only decrypt a portion of a file (i.e. a split). In these situations, the counter is derived from the file position.
The IV can be calculated by combining the initial IV and the counter with a lossless operation (concatenation, addition, or XOR).- Parameters:
initIV
- initial IVcounter
- counter for input stream positionIV
- the IV for input stream position- See Also:
-
decrypt
Does the decryption using inBuffer as input and outBuffer as output. Upon return, inBuffer is cleared; the decrypted data starts at outBuffer.position() and ends at outBuffer.limit().- Overrides:
decrypt
in classCryptoInputStream
- Throws:
IOException
- if an I/O error occurs.
-
decrypt
Decrypts all data in buf: total n bytes from given start position. Output is also buf and same start position. buf.position() and buf.limit() should be unchanged after decryption.- Parameters:
buf
- The buffer into which bytes are to be transferred.offset
- the start offset in the data.len
- the maximum number of decrypted data bytes to read.- Throws:
IOException
- if an I/O error occurs.
-
decryptBuffer
Does the decryption using out as output.- Parameters:
out
- the output ByteBuffer.- Throws:
IOException
- if an I/O error occurs.
-
decryptInPlace
Does the decryption using inBuffer as input and buf as output. Upon return, inBuffer is cleared; the buf's position will be equal to p+
n where p is the position before decryption, n is the number of bytes decrypted. The buf's limit will not have changed.- Parameters:
buf
- The buffer into which bytes are to be transferred.- Throws:
IOException
- if an I/O error occurs.
-
decryptMore
Decrypts more data by reading the under layer stream. The decrypted data will be put in the output buffer.- Overrides:
decryptMore
in classCryptoInputStream
- Returns:
- The number of decrypted data. -1 if end of the decrypted stream.
- Throws:
IOException
- if an I/O error occurs.
-
getCounter
protected long getCounter(long position) Gets the counter for input stream position.- Parameters:
position
- the given position in the data.- Returns:
- the counter for input stream position.
-
getInitIV
protected byte[] getInitIV()Gets the initialization vector.- Returns:
- the initIV.
-
getPadding
protected byte getPadding(long position) Gets the padding for input stream position.- Parameters:
position
- the given position in the data.- Returns:
- the padding for input stream position.
-
getStreamOffset
protected long getStreamOffset()Gets the offset of the stream.- Returns:
- the stream offset.
-
getStreamPosition
protected long getStreamPosition()Gets the position of the stream.- Returns:
- the position of the stream.
-
initCipher
protected void initCipher()Overrides theinitCipher()
. Initializes the cipher.- Overrides:
initCipher
in classCryptoInputStream
-
postDecryption
This method is executed immediately after decryption. Checks whether cipher should be updated and recalculate padding if needed.- Parameters:
position
- the given position in the data..- Returns:
- the byte.
- Throws:
IOException
- if an I/O error occurs.
-
read
Overrides theread(ByteBuffer)
. Reads a sequence of bytes from this channel into the given buffer.- Specified by:
read
in interfaceReadableByteChannel
- Overrides:
read
in classCryptoInputStream
- Parameters:
buf
- The buffer into which bytes are to be transferred.- Returns:
- The number of bytes read, possibly zero, or
-1
if the channel has reached end-of-stream. - Throws:
IOException
- if an I/O error occurs.
-
resetCipher
Calculates the counter and iv, resets the cipher.- Parameters:
position
- the given position in the data.- Throws:
IOException
- if an I/O error occurs.
-
resetStreamOffset
Resets the underlying stream offset; clearCryptoInputStream.inBuffer
andCryptoInputStream.outBuffer
. This Typically happens duringskip(long)
.- Parameters:
offset
- the offset of the stream.- Throws:
IOException
- if an I/O error occurs.
-
seek
Seeks the stream to a specific position relative to start of the under layer stream.- Parameters:
position
- the given position in the data.- Throws:
IOException
- if an I/O error occurs.
-
setStreamOffset
protected void setStreamOffset(long streamOffset) Sets the offset of stream.- Parameters:
streamOffset
- the stream offset.
-
skip
Overrides theCryptoInputStream.skip(long)
. Skips over and discardsn
bytes of data from this input stream.- Overrides:
skip
in classCryptoInputStream
- Parameters:
n
- the number of bytes to be skipped.- Returns:
- the actual number of bytes skipped.
- Throws:
IOException
- if an I/O error occurs.
-