bcprov/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java - platform/external/bouncycastle - Git at Google

 package org.bouncycastle.crypto.io;

 import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;

 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.SkippingCipher;
 import org.bouncycastle.crypto.StreamCipher;
 import org.bouncycastle.crypto.modes.AEADBlockCipher;
 import org.bouncycastle.util.Arrays;

 /**
  * A CipherInputStream is composed of an InputStream and a cipher so that read() methods return data
  * that are read in from the underlying InputStream but have been additionally processed by the
  * Cipher. The cipher must be fully initialized before being used by a CipherInputStream.
  * <p>
  * For example, if the Cipher is initialized for decryption, the
  * CipherInputStream will attempt to read in data and decrypt them,
  * before returning the decrypted data.
  */
 public class CipherInputStream
     extends FilterInputStream
 {
     private static final int INPUT_BUF_SIZE = 2048;

     private SkippingCipher skippingCipher;
     private byte[] inBuf;

     private BufferedBlockCipher bufferedBlockCipher;
     private StreamCipher streamCipher;
     private AEADBlockCipher aeadBlockCipher;

     private byte[] buf;
     private byte[] markBuf;


     private int bufOff;
     private int maxBuf;
     private boolean finalized;
     private long markPosition;
     private int markBufOff;

     /**
      * Constructs a CipherInputStream from an InputStream and a
      * BufferedBlockCipher.
      */
     public CipherInputStream(
         InputStream is,
         BufferedBlockCipher cipher)
     {
         this(is, cipher, INPUT_BUF_SIZE);
     }

     /**
      * Constructs a CipherInputStream from an InputStream and a StreamCipher.
      */
     public CipherInputStream(
         InputStream is,
         StreamCipher cipher)
     {
         this(is, cipher, INPUT_BUF_SIZE);
     }

     /**
      * Constructs a CipherInputStream from an InputStream and an AEADBlockCipher.
      */
     public CipherInputStream(
         InputStream is,
         AEADBlockCipher cipher)
     {
         this(is, cipher, INPUT_BUF_SIZE);
     }

     /**
      * Constructs a CipherInputStream from an InputStream, a
      * BufferedBlockCipher, and a specified internal buffer size.
      */
     public CipherInputStream(
         InputStream is,
         BufferedBlockCipher cipher,
         int bufSize)
     {
         super(is);

         this.bufferedBlockCipher = cipher;
         this.inBuf = new byte[bufSize];
         this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
     }

     /**
      * Constructs a CipherInputStream from an InputStream, a StreamCipher, and a specified internal buffer size.
      */
     public CipherInputStream(
         InputStream is,
         StreamCipher cipher,
         int bufSize)
     {
         super(is);

         this.streamCipher = cipher;
         this.inBuf = new byte[bufSize];
         this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
     }

     /**
      * Constructs a CipherInputStream from an InputStream, an AEADBlockCipher, and a specified internal buffer size.
      */
     public CipherInputStream(
         InputStream is,
         AEADBlockCipher cipher,
         int bufSize)
     {
         super(is);

         this.aeadBlockCipher = cipher;
         this.inBuf = new byte[bufSize];
         this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
     }

     /**
      * Read data from underlying stream and process with cipher until end of stream or some data is
      * available after cipher processing.
      *
      * @return -1 to indicate end of stream, or the number of bytes (> 0) available.
      */
     private int nextChunk()
         throws IOException
     {
         if (finalized)
         {
             return -1;
         }

         bufOff = 0;
         maxBuf = 0;

         // Keep reading until EOF or cipher processing produces data
         while (maxBuf == 0)
         {
             int read = in.read(inBuf);
             if (read == -1)
             {
                 finaliseCipher();
                 if (maxBuf == 0)
                 {
                     return -1;
                 }
                 return maxBuf;
             }

             try
             {
                 ensureCapacity(read, false);
                 if (bufferedBlockCipher != null)
                 {
                     maxBuf = bufferedBlockCipher.processBytes(inBuf, 0, read, buf, 0);
                 }
                 else if (aeadBlockCipher != null)
                 {
                     maxBuf = aeadBlockCipher.processBytes(inBuf, 0, read, buf, 0);
                 }
                 else
                 {
                     streamCipher.processBytes(inBuf, 0, read, buf, 0);
                     maxBuf = read;
                 }
             }
             catch (Exception e)
             {
                 throw new CipherIOException("Error processing stream ", e);
             }
         }
         return maxBuf;
     }

     private void finaliseCipher()
         throws IOException
     {
         try
         {
             finalized = true;
             ensureCapacity(0, true);
             if (bufferedBlockCipher != null)
             {
                 maxBuf = bufferedBlockCipher.doFinal(buf, 0);
             }
             else if (aeadBlockCipher != null)
             {
                 maxBuf = aeadBlockCipher.doFinal(buf, 0);
             }
             else
             {
                 maxBuf = 0; // a stream cipher
             }
         }
         catch (final InvalidCipherTextException e)
         {
             throw new InvalidCipherTextIOException("Error finalising cipher", e);
         }
         catch (Exception e)
         {
             throw new IOException("Error finalising cipher " + e);
         }
     }

     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and returns the next available byte.
      * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
      * </p>
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
      * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
      */
     public int read()
         throws IOException
     {
         if (bufOff >= maxBuf)
         {
             if (nextChunk() < 0)
             {
                 return -1;
             }
         }

         return buf[bufOff++] & 0xff;
     }

     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and then returns up to <code>b.length</code> bytes in the provided array.
      * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
      * </p>
      * @param b the buffer into which the data is read.
      * @return the total number of bytes read into the buffer, or <code>-1</code> if there is no
      *         more data because the end of the stream has been reached.
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
      * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
      */
     public int read(
         byte[] b)
         throws IOException
     {
         return read(b, 0, b.length);
     }

     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and then returns up to <code>len</code> bytes in the provided array.
      * <p>
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
      * </p>
      * @param b   the buffer into which the data is read.
      * @param off the start offset in the destination array <code>b</code>
      * @param len the maximum number of bytes read.
      * @return the total number of bytes read into the buffer, or <code>-1</code> if there is no
      *         more data because the end of the stream has been reached.
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
      * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
      */
     public int read(
         byte[] b,
         int off,
         int len)
         throws IOException
     {
         if (bufOff >= maxBuf)
         {
             if (nextChunk() < 0)
             {
                 return -1;
             }
         }

         int toSupply = Math.min(len, available());
         System.arraycopy(buf, bufOff, b, off, toSupply);
         bufOff += toSupply;
         return toSupply;
     }

     public long skip(
         long n)
         throws IOException
     {
         if (n <= 0)
         {
             return 0;
         }

         if (skippingCipher != null)
         {
             int avail = available();
             if (n <= avail)
             {
                 bufOff += n;

                 return n;
             }

             bufOff = maxBuf;

             long skip = in.skip(n - avail);

             long cSkip = skippingCipher.skip(skip);

             if (skip != cSkip)
             {
                 throw new IOException("Unable to skip cipher " + skip + " bytes.");
             }

             return skip + avail;
         }
         else
         {
             int skip = (int)Math.min(n, available());
             bufOff += skip;

             return skip;
         }
     }

     public int available()
         throws IOException
     {
         return maxBuf - bufOff;
     }

     /**
      * Ensure the cipher text buffer has space sufficient to accept an upcoming output.
      *
      * @param updateSize the size of the pending update.
      * @param finalOutput <code>true</code> iff this the cipher is to be finalised.
      */
     private void ensureCapacity(int updateSize, boolean finalOutput)
     {
         int bufLen = updateSize;
         if (finalOutput)
         {
             if (bufferedBlockCipher != null)
             {
                 bufLen = bufferedBlockCipher.getOutputSize(updateSize);
             }
             else if (aeadBlockCipher != null)
             {
                 bufLen = aeadBlockCipher.getOutputSize(updateSize);
             }
         }
         else
         {
             if (bufferedBlockCipher != null)
             {
                 bufLen = bufferedBlockCipher.getUpdateOutputSize(updateSize);
             }
             else if (aeadBlockCipher != null)
             {
                 bufLen = aeadBlockCipher.getUpdateOutputSize(updateSize);
             }
         }

         if ((buf == null) || (buf.length < bufLen))
         {
             buf = new byte[bufLen];
         }
     }

     /**
      * Closes the underlying input stream and finalises the processing of the data by the cipher.
      *
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
      *             (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
      */
     public void close()
         throws IOException
     {
         try
         {
             in.close();
         }
         finally
         {
             if (!finalized)
             {
                 // Reset the cipher, discarding any data buffered in it
                 // Errors in cipher finalisation trump I/O error closing input
                 finaliseCipher();
             }
         }
         maxBuf = bufOff = 0;
         markBufOff = 0;
         markPosition = 0;
         if (markBuf != null)
         {
             Arrays.fill(markBuf, (byte)0);
             markBuf = null;
         }
         if (buf != null)
         {
             Arrays.fill(buf, (byte)0);
             buf = null;
         }
         Arrays.fill(inBuf, (byte)0);
     }

     /**
      * Mark the current position.
      * <p>
      * This method only works if markSupported() returns true - which means the underlying stream supports marking, and the cipher passed
      * in to this stream's constructor is a SkippingCipher (so capable of being reset to an arbitrary point easily).
      * </p>
      * @param readlimit the maximum read ahead required before a reset() may be called.
      */
     public void mark(int readlimit)
     {
         in.mark(readlimit);
         if (skippingCipher != null)
         {
             markPosition = skippingCipher.getPosition();
         }

         if (buf != null)
         {
             markBuf = new byte[buf.length];
             System.arraycopy(buf, 0, markBuf, 0, buf.length);
         }

         markBufOff = bufOff;
     }

     /**
      * Reset to the last marked position, if supported.
      *
      * @throws IOException if marking not supported by the cipher used, or the underlying stream.
      */
     public void reset()
         throws IOException
     {
         if (skippingCipher == null)
         {
             throw new IOException("cipher must implement SkippingCipher to be used with reset()");
         }

         in.reset();

         skippingCipher.seekTo(markPosition);

         if (markBuf != null)
         {
             buf = markBuf;
         }

         bufOff = markBufOff;
      }

     /**
      * Return true if mark(readlimit) is supported. This will be true if the underlying stream supports marking and the
      * cipher used is a SkippingCipher,
      *
      * @return true if mark(readlimit) supported, false otherwise.
      */
     public boolean markSupported()
     {
         if (skippingCipher != null)
         {
             return in.markSupported();
         }

         return false;
     }

 }
	package org.bouncycastle.crypto.io;

	import java.io.FilterInputStream;
	import java.io.IOException;
	import java.io.InputStream;

	import org.bouncycastle.crypto.BufferedBlockCipher;
	import org.bouncycastle.crypto.InvalidCipherTextException;
	import org.bouncycastle.crypto.SkippingCipher;
	import org.bouncycastle.crypto.StreamCipher;
	import org.bouncycastle.crypto.modes.AEADBlockCipher;
	import org.bouncycastle.util.Arrays;

	/**
	* A CipherInputStream is composed of an InputStream and a cipher so that read() methods return data
	* that are read in from the underlying InputStream but have been additionally processed by the
	* Cipher. The cipher must be fully initialized before being used by a CipherInputStream.
	* <p>
	* For example, if the Cipher is initialized for decryption, the
	* CipherInputStream will attempt to read in data and decrypt them,
	* before returning the decrypted data.
	*/
	public class CipherInputStream
	extends FilterInputStream
	{
	private static final int INPUT_BUF_SIZE = 2048;

	private SkippingCipher skippingCipher;
	private byte[] inBuf;

	private BufferedBlockCipher bufferedBlockCipher;
	private StreamCipher streamCipher;
	private AEADBlockCipher aeadBlockCipher;

	private byte[] buf;
	private byte[] markBuf;


	private int bufOff;
	private int maxBuf;
	private boolean finalized;
	private long markPosition;
	private int markBufOff;

	/**
	* Constructs a CipherInputStream from an InputStream and a
	* BufferedBlockCipher.
	*/
	public CipherInputStream(
	InputStream is,
	BufferedBlockCipher cipher)
	{
	this(is, cipher, INPUT_BUF_SIZE);
	}

	/**
	* Constructs a CipherInputStream from an InputStream and a StreamCipher.
	*/
	public CipherInputStream(
	InputStream is,
	StreamCipher cipher)
	{
	this(is, cipher, INPUT_BUF_SIZE);
	}

	/**
	* Constructs a CipherInputStream from an InputStream and an AEADBlockCipher.
	*/
	public CipherInputStream(
	InputStream is,
	AEADBlockCipher cipher)
	{
	this(is, cipher, INPUT_BUF_SIZE);
	}

	/**
	* Constructs a CipherInputStream from an InputStream, a
	* BufferedBlockCipher, and a specified internal buffer size.
	*/
	public CipherInputStream(
	InputStream is,
	BufferedBlockCipher cipher,
	int bufSize)
	{
	super(is);

	this.bufferedBlockCipher = cipher;
	this.inBuf = new byte[bufSize];
	this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
	}

	/**
	* Constructs a CipherInputStream from an InputStream, a StreamCipher, and a specified internal buffer size.
	*/
	public CipherInputStream(
	InputStream is,
	StreamCipher cipher,
	int bufSize)
	{
	super(is);

	this.streamCipher = cipher;
	this.inBuf = new byte[bufSize];
	this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
	}

	/**
	* Constructs a CipherInputStream from an InputStream, an AEADBlockCipher, and a specified internal buffer size.
	*/
	public CipherInputStream(
	InputStream is,
	AEADBlockCipher cipher,
	int bufSize)
	{
	super(is);

	this.aeadBlockCipher = cipher;
	this.inBuf = new byte[bufSize];
	this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null;
	}

	/**
	* Read data from underlying stream and process with cipher until end of stream or some data is
	* available after cipher processing.
	*
	* @return -1 to indicate end of stream, or the number of bytes (> 0) available.
	*/
	private int nextChunk()
	throws IOException
	{
	if (finalized)
	{
	return -1;
	}

	bufOff = 0;
	maxBuf = 0;

	// Keep reading until EOF or cipher processing produces data
	while (maxBuf == 0)
	{
	int read = in.read(inBuf);
	if (read == -1)
	{
	finaliseCipher();
	if (maxBuf == 0)
	{
	return -1;
	}
	return maxBuf;
	}

	try
	{
	ensureCapacity(read, false);
	if (bufferedBlockCipher != null)
	{
	maxBuf = bufferedBlockCipher.processBytes(inBuf, 0, read, buf, 0);
	}
	else if (aeadBlockCipher != null)
	{
	maxBuf = aeadBlockCipher.processBytes(inBuf, 0, read, buf, 0);
	}
	else
	{
	streamCipher.processBytes(inBuf, 0, read, buf, 0);
	maxBuf = read;
	}
	}
	catch (Exception e)
	{
	throw new CipherIOException("Error processing stream ", e);
	}
	}
	return maxBuf;
	}

	private void finaliseCipher()
	throws IOException
	{
	try
	{
	finalized = true;
	ensureCapacity(0, true);
	if (bufferedBlockCipher != null)
	{
	maxBuf = bufferedBlockCipher.doFinal(buf, 0);
	}
	else if (aeadBlockCipher != null)
	{
	maxBuf = aeadBlockCipher.doFinal(buf, 0);
	}
	else
	{
	maxBuf = 0; // a stream cipher
	}
	}
	catch (final InvalidCipherTextException e)
	{
	throw new InvalidCipherTextIOException("Error finalising cipher", e);
	}
	catch (Exception e)
	{
	throw new IOException("Error finalising cipher " + e);
	}
	}

	/**
	* Reads data from the underlying stream and processes it with the cipher until the cipher
	* outputs data, and returns the next available byte.
	* <p>
	* If the underlying stream is exhausted by this call, the cipher will be finalised.
	* </p>
	* @throws IOException if there was an error closing the input stream.
	* @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
	* (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
	*/
	public int read()
	throws IOException
	{
	if (bufOff >= maxBuf)
	{
	if (nextChunk() < 0)
	{
	return -1;
	}
	}

	return buf[bufOff++] & 0xff;
	}

	/**
	* Reads data from the underlying stream and processes it with the cipher until the cipher
	* outputs data, and then returns up to <code>b.length</code> bytes in the provided array.
	* <p>
	* If the underlying stream is exhausted by this call, the cipher will be finalised.
	* </p>
	* @param b the buffer into which the data is read.
	* @return the total number of bytes read into the buffer, or <code>-1</code> if there is no
	* more data because the end of the stream has been reached.
	* @throws IOException if there was an error closing the input stream.
	* @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
	* (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
	*/
	public int read(
	byte[] b)
	throws IOException
	{
	return read(b, 0, b.length);
	}

	/**
	* Reads data from the underlying stream and processes it with the cipher until the cipher
	* outputs data, and then returns up to <code>len</code> bytes in the provided array.
	* <p>
	* If the underlying stream is exhausted by this call, the cipher will be finalised.
	* </p>
	* @param b the buffer into which the data is read.
	* @param off the start offset in the destination array <code>b</code>
	* @param len the maximum number of bytes read.
	* @return the total number of bytes read into the buffer, or <code>-1</code> if there is no
	* more data because the end of the stream has been reached.
	* @throws IOException if there was an error closing the input stream.
	* @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
	* (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
	*/
	public int read(
	byte[] b,
	int off,
	int len)
	throws IOException
	{
	if (bufOff >= maxBuf)
	{
	if (nextChunk() < 0)
	{
	return -1;
	}
	}

	int toSupply = Math.min(len, available());
	System.arraycopy(buf, bufOff, b, off, toSupply);
	bufOff += toSupply;
	return toSupply;
	}

	public long skip(
	long n)
	throws IOException
	{
	if (n <= 0)
	{
	return 0;
	}

	if (skippingCipher != null)
	{
	int avail = available();
	if (n <= avail)
	{
	bufOff += n;

	return n;
	}

	bufOff = maxBuf;

	long skip = in.skip(n - avail);

	long cSkip = skippingCipher.skip(skip);

	if (skip != cSkip)
	{
	throw new IOException("Unable to skip cipher " + skip + " bytes.");
	}

	return skip + avail;
	}
	else
	{
	int skip = (int)Math.min(n, available());
	bufOff += skip;

	return skip;
	}
	}

	public int available()
	throws IOException
	{
	return maxBuf - bufOff;
	}

	/**
	* Ensure the cipher text buffer has space sufficient to accept an upcoming output.
	*
	* @param updateSize the size of the pending update.
	* @param finalOutput <code>true</code> iff this the cipher is to be finalised.
	*/
	private void ensureCapacity(int updateSize, boolean finalOutput)
	{
	int bufLen = updateSize;
	if (finalOutput)
	{
	if (bufferedBlockCipher != null)
	{
	bufLen = bufferedBlockCipher.getOutputSize(updateSize);
	}
	else if (aeadBlockCipher != null)
	{
	bufLen = aeadBlockCipher.getOutputSize(updateSize);
	}
	}
	else
	{
	if (bufferedBlockCipher != null)
	{
	bufLen = bufferedBlockCipher.getUpdateOutputSize(updateSize);
	}
	else if (aeadBlockCipher != null)
	{
	bufLen = aeadBlockCipher.getUpdateOutputSize(updateSize);
	}
	}

	if ((buf == null) \|\| (buf.length < bufLen))
	{
	buf = new byte[bufLen];
	}
	}

	/**
	* Closes the underlying input stream and finalises the processing of the data by the cipher.
	*
	* @throws IOException if there was an error closing the input stream.
	* @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
	* (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
	*/
	public void close()
	throws IOException
	{
	try
	{
	in.close();
	}
	finally
	{
	if (!finalized)
	{
	// Reset the cipher, discarding any data buffered in it
	// Errors in cipher finalisation trump I/O error closing input
	finaliseCipher();
	}
	}
	maxBuf = bufOff = 0;
	markBufOff = 0;
	markPosition = 0;
	if (markBuf != null)
	{
	Arrays.fill(markBuf, (byte)0);
	markBuf = null;
	}
	if (buf != null)
	{
	Arrays.fill(buf, (byte)0);
	buf = null;
	}
	Arrays.fill(inBuf, (byte)0);
	}

	/**
	* Mark the current position.
	* <p>
	* This method only works if markSupported() returns true - which means the underlying stream supports marking, and the cipher passed
	* in to this stream's constructor is a SkippingCipher (so capable of being reset to an arbitrary point easily).
	* </p>
	* @param readlimit the maximum read ahead required before a reset() may be called.
	*/
	public void mark(int readlimit)
	{
	in.mark(readlimit);
	if (skippingCipher != null)
	{
	markPosition = skippingCipher.getPosition();
	}

	if (buf != null)
	{
	markBuf = new byte[buf.length];
	System.arraycopy(buf, 0, markBuf, 0, buf.length);
	}

	markBufOff = bufOff;
	}

	/**
	* Reset to the last marked position, if supported.
	*
	* @throws IOException if marking not supported by the cipher used, or the underlying stream.
	*/
	public void reset()
	throws IOException
	{
	if (skippingCipher == null)
	{
	throw new IOException("cipher must implement SkippingCipher to be used with reset()");
	}

	in.reset();

	skippingCipher.seekTo(markPosition);

	if (markBuf != null)
	{
	buf = markBuf;
	}

	bufOff = markBufOff;
	}

	/**
	* Return true if mark(readlimit) is supported. This will be true if the underlying stream supports marking and the
	* cipher used is a SkippingCipher,
	*
	* @return true if mark(readlimit) supported, false otherwise.
	*/
	public boolean markSupported()
	{
	if (skippingCipher != null)
	{
	return in.markSupported();
	}

	return false;
	}

	}