Example 31 with DigestOutputStream
use of java.security.DigestOutputStream in project KeePassDX by Kunzisoft.
the class ImporterV3 method openDatabase.
public PwDatabaseV3 openDatabase(InputStream inStream, String password, InputStream kfIs, UpdateStatus status, long roundsFix) throws IOException, InvalidDBException {
PwDatabaseV3 newManager;
// Load entire file, most of it's encrypted.
int fileSize = inStream.available();
// Pad with a blocksize (Twofish uses 128 bits), since Android 4.3 tries to write more to the buffer
byte[] filebuf = new byte[fileSize + 16];
inStream.read(filebuf, 0, fileSize);
inStream.close();
// Parse header (unencrypted)
if (fileSize < PwDbHeaderV3.BUF_SIZE)
throw new IOException("File too short for header");
PwDbHeaderV3 hdr = new PwDbHeaderV3();
hdr.loadFromFile(filebuf, 0);
if ((hdr.signature1 != PwDbHeader.PWM_DBSIG_1) || (hdr.signature2 != PwDbHeaderV3.DBSIG_2)) {
throw new InvalidDBSignatureException();
}
if (!hdr.matchesVersion()) {
throw new InvalidDBVersionException();
}
status.updateMessage(R.string.creating_db_key);
newManager = createDB();
newManager.setMasterKey(password, kfIs);
// Select algorithm
if ((hdr.flags & PwDbHeaderV3.FLAG_RIJNDAEL) != 0) {
newManager.algorithm = PwEncryptionAlgorithm.Rjindal;
} else if ((hdr.flags & PwDbHeaderV3.FLAG_TWOFISH) != 0) {
newManager.algorithm = PwEncryptionAlgorithm.Twofish;
} else {
throw new InvalidAlgorithmException();
}
// Copy for testing
newManager.copyHeader(hdr);
newManager.numKeyEncRounds = hdr.numKeyEncRounds;
newManager.name = "KeePass Password Manager";
// Generate transformedMasterKey from masterKey
newManager.makeFinalKey(hdr.masterSeed, hdr.transformSeed, newManager.numKeyEncRounds);
status.updateMessage(R.string.decrypting_db);
// Initialize Rijndael algorithm
Cipher cipher;
try {
if (newManager.algorithm == PwEncryptionAlgorithm.Rjindal) {
cipher = CipherFactory.getInstance("AES/CBC/PKCS5Padding");
} else if (newManager.algorithm == PwEncryptionAlgorithm.Twofish) {
cipher = CipherFactory.getInstance("Twofish/CBC/PKCS7PADDING");
} else {
throw new IOException("Encryption algorithm is not supported");
}
} catch (NoSuchAlgorithmException e1) {
throw new IOException("No such algorithm");
} catch (NoSuchPaddingException e1) {
throw new IOException("No such pdading");
}
try {
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(newManager.finalKey, "AES"), new IvParameterSpec(hdr.encryptionIV));
} catch (InvalidKeyException e1) {
throw new IOException("Invalid key");
} catch (InvalidAlgorithmParameterException e1) {
throw new IOException("Invalid algorithm parameter.");
}
// Decrypt! The first bytes aren't encrypted (that's the header)
int encryptedPartSize;
try {
encryptedPartSize = cipher.doFinal(filebuf, PwDbHeaderV3.BUF_SIZE, fileSize - PwDbHeaderV3.BUF_SIZE, filebuf, PwDbHeaderV3.BUF_SIZE);
} catch (ShortBufferException e1) {
throw new IOException("Buffer too short");
} catch (IllegalBlockSizeException e1) {
throw new IOException("Invalid block size");
} catch (BadPaddingException e1) {
throw new InvalidPasswordException();
}
// Copy decrypted data for testing
newManager.copyEncrypted(filebuf, PwDbHeaderV3.BUF_SIZE, encryptedPartSize);
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
throw new IOException("No SHA-256 algorithm");
}
NullOutputStream nos = new NullOutputStream();
DigestOutputStream dos = new DigestOutputStream(nos, md);
dos.write(filebuf, PwDbHeaderV3.BUF_SIZE, encryptedPartSize);
dos.close();
byte[] hash = md.digest();
if (!Arrays.equals(hash, hdr.contentsHash)) {
Log.w("KeePassDroid", "Database file did not decrypt correctly. (checksum code is broken)");
throw new InvalidPasswordException();
}
// Import all groups
int pos = PwDbHeaderV3.BUF_SIZE;
PwGroupV3 newGrp = new PwGroupV3();
for (int i = 0; i < hdr.numGroups; ) {
int fieldType = LEDataInputStream.readUShort(filebuf, pos);
pos += 2;
int fieldSize = LEDataInputStream.readInt(filebuf, pos);
pos += 4;
if (fieldType == 0xFFFF) {
// End-Group record. Save group and count it.
newGrp.populateBlankFields(newManager);
newManager.groups.add(newGrp);
newGrp = new PwGroupV3();
i++;
} else {
readGroupField(newManager, newGrp, fieldType, filebuf, pos);
}
pos += fieldSize;
}
// Import all entries
PwEntryV3 newEnt = new PwEntryV3();
for (int i = 0; i < hdr.numEntries; ) {
int fieldType = LEDataInputStream.readUShort(filebuf, pos);
int fieldSize = LEDataInputStream.readInt(filebuf, pos + 2);
if (fieldType == 0xFFFF) {
// End-Group record. Save group and count it.
newEnt.populateBlankFields(newManager);
newManager.entries.add(newEnt);
newEnt = new PwEntryV3();
i++;
} else {
readEntryField(newManager, newEnt, filebuf, pos);
}
pos += 2 + 4 + fieldSize;
}
newManager.constructTree(null);
return newManager;
}
Also used :
PwEntryV3(com.keepassdroid.database.PwEntryV3)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PwDbHeaderV3(com.keepassdroid.database.PwDbHeaderV3)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
InvalidDBSignatureException(com.keepassdroid.database.exception.InvalidDBSignatureException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeyException(java.security.InvalidKeyException)
InvalidDBVersionException(com.keepassdroid.database.exception.InvalidDBVersionException)
PwDatabaseV3(com.keepassdroid.database.PwDatabaseV3)
InvalidAlgorithmException(com.keepassdroid.database.exception.InvalidAlgorithmException)
PwGroupV3(com.keepassdroid.database.PwGroupV3)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
DigestOutputStream(java.security.DigestOutputStream)
ShortBufferException(javax.crypto.ShortBufferException)
InvalidPasswordException(com.keepassdroid.database.exception.InvalidPasswordException)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
MessageDigest(java.security.MessageDigest)
NullOutputStream(com.keepassdroid.stream.NullOutputStream)
Example 32 with DigestOutputStream
use of java.security.DigestOutputStream in project KeePassDX by Kunzisoft.
the class HmacBlockStream method GetHmacKey64.
public static byte[] GetHmacKey64(byte[] key, long blockIndex) {
MessageDigest hash;
try {
hash = MessageDigest.getInstance("SHA-512");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
NullOutputStream nos = new NullOutputStream();
DigestOutputStream dos = new DigestOutputStream(nos, hash);
LEDataOutputStream leos = new LEDataOutputStream(dos);
try {
leos.writeLong(blockIndex);
leos.write(key);
leos.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
byte[] hashKey = hash.digest();
assert (hashKey.length == 64);
return hashKey;
}
Also used :
DigestOutputStream(java.security.DigestOutputStream)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
Example 33 with DigestOutputStream
use of java.security.DigestOutputStream in project Bytecoder by mirkosertic.
the class JceKeyStore method engineStore.
/**
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
*
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity
* algorithm could not be found
* @exception CertificateException if any of the certificates included in
* the keystore data could not be stored
*/
public void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
synchronized (entries) {
// password is mandatory when storing
if (password == null) {
throw new IllegalArgumentException("password can't be null");
}
// the certificate encoding
byte[] encoded;
MessageDigest md = getPreKeyedHash(password);
DataOutputStream dos = new DataOutputStream(new DigestOutputStream(stream, md));
// NOTE: don't pass dos to oos at this point or it'll corrupt
// the keystore!!!
ObjectOutputStream oos = null;
try {
dos.writeInt(JCEKS_MAGIC);
// always write the latest version
dos.writeInt(VERSION_2);
dos.writeInt(entries.size());
Enumeration<String> e = entries.keys();
while (e.hasMoreElements()) {
String alias = e.nextElement();
Object entry = entries.get(alias);
if (entry instanceof PrivateKeyEntry) {
PrivateKeyEntry pentry = (PrivateKeyEntry) entry;
// write PrivateKeyEntry tag
dos.writeInt(1);
// write the alias
dos.writeUTF(alias);
// write the (entry creation) date
dos.writeLong(pentry.date.getTime());
// write the protected private key
dos.writeInt(pentry.protectedKey.length);
dos.write(pentry.protectedKey);
// write the certificate chain
int chainLen;
if (pentry.chain == null) {
chainLen = 0;
} else {
chainLen = pentry.chain.length;
}
dos.writeInt(chainLen);
for (int i = 0; i < chainLen; i++) {
encoded = pentry.chain[i].getEncoded();
dos.writeUTF(pentry.chain[i].getType());
dos.writeInt(encoded.length);
dos.write(encoded);
}
} else if (entry instanceof TrustedCertEntry) {
// write TrustedCertEntry tag
dos.writeInt(2);
// write the alias
dos.writeUTF(alias);
// write the (entry creation) date
dos.writeLong(((TrustedCertEntry) entry).date.getTime());
// write the trusted certificate
encoded = ((TrustedCertEntry) entry).cert.getEncoded();
dos.writeUTF(((TrustedCertEntry) entry).cert.getType());
dos.writeInt(encoded.length);
dos.write(encoded);
} else {
// write SecretKeyEntry tag
dos.writeInt(3);
// write the alias
dos.writeUTF(alias);
// write the (entry creation) date
dos.writeLong(((SecretKeyEntry) entry).date.getTime());
// write the sealed key
oos = new ObjectOutputStream(dos);
oos.writeObject(((SecretKeyEntry) entry).sealedKey);
// NOTE: don't close oos here since we are still
// using dos!!!
}
}
/*
* Write the keyed hash which is used to detect tampering with
* the keystore (such as deleting or modifying key or
* certificate entries).
*/
byte[] digest = md.digest();
dos.write(digest);
dos.flush();
} finally {
if (oos != null) {
oos.close();
} else {
dos.close();
}
}
}
}
Also used :
DigestOutputStream(java.security.DigestOutputStream)
SealedObject(javax.crypto.SealedObject)
MessageDigest(java.security.MessageDigest)
Example 34 with DigestOutputStream
use of java.security.DigestOutputStream in project keepass2android by PhilippC.
the class ImporterV3 method openDatabase.
public PwDatabaseV3 openDatabase(InputStream inStream, String password, InputStream keyfileStream, UpdateStatus status) throws IOException, InvalidDBException {
PwDatabaseV3 newManager;
// Load entire file, most of it's encrypted.
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
int nRead;
byte[] data = new byte[16384];
while ((nRead = inStream.read(data, 0, data.length)) != -1) {
buffer.write(data, 0, nRead);
}
buffer.flush();
int fileSize = buffer.size();
// Pad with a blocksize (Twofish uses 128 bits), since Android 4.3 tries to write more to the buffer
for (int i = 0; i < 16; i++) {
buffer.write(0);
}
inStream.close();
byte[] filebuf = buffer.toByteArray();
// Parse header (unencrypted)
if (fileSize < PwDbHeaderV3.BUF_SIZE)
throw new IOException("File too short for header: " + fileSize + "<" + PwDbHeaderV3.BUF_SIZE);
PwDbHeaderV3 hdr = new PwDbHeaderV3();
hdr.loadFromFile(filebuf, 0);
if ((hdr.signature1 != PwDbHeader.PWM_DBSIG_1) || (hdr.signature2 != PwDbHeaderV3.DBSIG_2)) {
throw new InvalidDBSignatureException();
}
if (!hdr.matchesVersion()) {
throw new InvalidDBVersionException();
}
newManager = createDB();
newManager.setMasterKey(password, keyfileStream);
// Select algorithm
if ((hdr.flags & PwDbHeaderV3.FLAG_RIJNDAEL) != 0) {
newManager.algorithm = PwEncryptionAlgorithm.Rjindal;
} else if ((hdr.flags & PwDbHeaderV3.FLAG_TWOFISH) != 0) {
newManager.algorithm = PwEncryptionAlgorithm.Twofish;
} else {
throw new InvalidAlgorithmException();
}
// Copy for testing
newManager.copyHeader(hdr);
newManager.numKeyEncRounds = hdr.numKeyEncRounds;
newManager.name = "KeePass Password Manager";
// Generate transformedMasterKey from masterKey
newManager.makeFinalKey(hdr.masterSeed, hdr.transformSeed, newManager.numKeyEncRounds);
// Initialize Rijndael algorithm
Cipher cipher;
try {
if (newManager.algorithm == PwEncryptionAlgorithm.Rjindal) {
cipher = CipherFactory.getInstance("AES/CBC/PKCS5Padding");
} else if (newManager.algorithm == PwEncryptionAlgorithm.Twofish) {
cipher = CipherFactory.getInstance("TWOFISH/CBC/PKCS7PADDING");
} else {
throw new IOException("Encryption algorithm is not supported");
}
} catch (NoSuchAlgorithmException e1) {
throw new IOException("No such algorithm");
} catch (NoSuchPaddingException e1) {
throw new IOException("No such pdading");
}
try {
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(newManager.finalKey, "AES"), new IvParameterSpec(hdr.encryptionIV));
} catch (InvalidKeyException e1) {
throw new IOException("Invalid key");
} catch (InvalidAlgorithmParameterException e1) {
throw new IOException("Invalid algorithm parameter.");
}
// Decrypt! The first bytes aren't encrypted (that's the header)
int encryptedPartSize;
try {
encryptedPartSize = cipher.doFinal(filebuf, PwDbHeaderV3.BUF_SIZE, fileSize - PwDbHeaderV3.BUF_SIZE, filebuf, PwDbHeaderV3.BUF_SIZE);
} catch (ShortBufferException e1) {
throw new IOException("Buffer too short");
} catch (IllegalBlockSizeException e1) {
throw new IOException("Invalid block size");
} catch (BadPaddingException e1) {
throw new InvalidPasswordException("Invalid key!");
}
// Copy decrypted data for testing
newManager.copyEncrypted(filebuf, PwDbHeaderV3.BUF_SIZE, encryptedPartSize);
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
throw new IOException("No SHA-256 algorithm");
}
NullOutputStream nos = new NullOutputStream();
DigestOutputStream dos = new DigestOutputStream(nos, md);
dos.write(filebuf, PwDbHeaderV3.BUF_SIZE, encryptedPartSize);
dos.close();
byte[] hash = md.digest();
if (!Arrays.equals(hash, hdr.contentsHash)) {
Log.w("KeePassDroid", "Database file did not decrypt correctly. (checksum code is broken)");
throw new InvalidPasswordException("Invalid key!");
}
// Import all groups
int pos = PwDbHeaderV3.BUF_SIZE;
PwGroupV3 newGrp = new PwGroupV3();
for (int i = 0; i < hdr.numGroups; ) {
int fieldType = LEDataInputStream.readUShort(filebuf, pos);
pos += 2;
int fieldSize = LEDataInputStream.readInt(filebuf, pos);
pos += 4;
if (fieldType == 0xFFFF) {
// End-Group record. Save group and count it.
newGrp.populateBlankFields(newManager);
newManager.groups.add(newGrp);
newGrp = new PwGroupV3();
i++;
} else {
readGroupField(newManager, newGrp, fieldType, filebuf, pos);
}
pos += fieldSize;
}
// Import all entries
PwEntryV3 newEnt = new PwEntryV3();
for (int i = 0; i < hdr.numEntries; ) {
int fieldType = LEDataInputStream.readUShort(filebuf, pos);
int fieldSize = LEDataInputStream.readInt(filebuf, pos + 2);
if (fieldType == 0xFFFF) {
// End-Group record. Save group and count it.
newEnt.populateBlankFields(newManager);
newManager.entries.add(newEnt);
newEnt = new PwEntryV3();
i++;
} else {
readEntryField(newManager, newEnt, filebuf, pos);
}
pos += 2 + 4 + fieldSize;
}
newManager.constructTree(null);
return newManager;
}
Also used :
PwEntryV3(com.keepassdroid.database.PwEntryV3)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
InvalidDBSignatureException(com.keepassdroid.database.exception.InvalidDBSignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidDBVersionException(com.keepassdroid.database.exception.InvalidDBVersionException)
PwDatabaseV3(com.keepassdroid.database.PwDatabaseV3)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
DigestOutputStream(java.security.DigestOutputStream)
InvalidPasswordException(com.keepassdroid.database.exception.InvalidPasswordException)
MessageDigest(java.security.MessageDigest)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PwDbHeaderV3(com.keepassdroid.database.PwDbHeaderV3)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
InvalidAlgorithmException(com.keepassdroid.database.exception.InvalidAlgorithmException)
PwGroupV3(com.keepassdroid.database.PwGroupV3)
ShortBufferException(javax.crypto.ShortBufferException)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
NullOutputStream(com.keepassdroid.stream.NullOutputStream)
Example 35 with DigestOutputStream
use of java.security.DigestOutputStream in project Pix-Art-Messenger by kriztan.
the class FileBackend method getStoredPepAvatar.
public Avatar getStoredPepAvatar(String hash) {
if (hash == null) {
return null;
}
Avatar avatar = new Avatar();
File file = new File(getAvatarPath(hash));
FileInputStream is = null;
try {
avatar.size = file.length();
BitmapFactory.Options options = new BitmapFactory.Options();
options.inJustDecodeBounds = true;
BitmapFactory.decodeFile(file.getAbsolutePath(), options);
is = new FileInputStream(file);
ByteArrayOutputStream mByteArrayOutputStream = new ByteArrayOutputStream();
Base64OutputStream mBase64OutputStream = new Base64OutputStream(mByteArrayOutputStream, Base64.DEFAULT);
MessageDigest digest = MessageDigest.getInstance("SHA-1");
DigestOutputStream os = new DigestOutputStream(mBase64OutputStream, digest);
byte[] buffer = new byte[4096];
int length;
while ((length = is.read(buffer)) > 0) {
os.write(buffer, 0, length);
}
os.flush();
os.close();
avatar.sha1sum = CryptoHelper.bytesToHex(digest.digest());
avatar.image = new String(mByteArrayOutputStream.toByteArray());
avatar.height = options.outHeight;
avatar.width = options.outWidth;
avatar.type = options.outMimeType;
return avatar;
} catch (IOException e) {
return null;
} catch (NoSuchAlgorithmException e) {
return null;
} finally {
close(is);
}
}
Also used :
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Base64OutputStream(android.util.Base64OutputStream)
Avatar(de.pixart.messenger.xmpp.pep.Avatar)
FileInputStream(java.io.FileInputStream)
Paint(android.graphics.Paint)
DigestOutputStream(java.security.DigestOutputStream)
BitmapFactory(android.graphics.BitmapFactory)
MessageDigest(java.security.MessageDigest)
DownloadableFile(de.pixart.messenger.entities.DownloadableFile)
File(java.io.File)
Aggregations
DigestOutputStream (java.security.DigestOutputStream)106
MessageDigest (java.security.MessageDigest)86
ByteArrayOutputStream (java.io.ByteArrayOutputStream)53
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)44
IOException (java.io.IOException)41
OutputStream (java.io.OutputStream)26
FileOutputStream (java.io.FileOutputStream)14
File (java.io.File)13
Support_OutputStream (tests.support.Support_OutputStream)9
NullOutputStream (com.keepassdroid.stream.NullOutputStream)8
BufferedOutputStream (java.io.BufferedOutputStream)8
InputStream (java.io.InputStream)8
ByteArrayInputStream (java.io.ByteArrayInputStream)7
Map (java.util.Map)7
NullOutputStream (org.apache.commons.io.output.NullOutputStream)7
Base64OutputStream (android.util.Base64OutputStream)6
DigestInputStream (java.security.DigestInputStream)6
DataOutputStream (java.io.DataOutputStream)5
FileInputStream (java.io.FileInputStream)5
Attributes (java.util.jar.Attributes)5
