密码的doFinal()不写字节

时间:2018-10-24 13:44:55

标签: java aes-gcm

这是我的完整代码:

import static java.nio.file.StandardOpenOption.READ;
import static java.nio.file.StandardOpenOption.TRUNCATE_EXISTING;
import static java.nio.file.StandardOpenOption.WRITE;

import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.MessageDigest;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class Test {

    public static void main(String[] args) throws Exception {
        encrypt();
        decrypt();
    }

    void encrypt() throws Exception {
        Path file = Paths.get("path/to/file");
        Path backupFile = file.getParent().resolve(file.getFileName().toString() + ".bak");
        Files.deleteIfExists(backupFile);
        Files.copy(file, backupFile);

        SecureRandom secureRandom = new SecureRandom();
        byte[] initializeVector = new byte[96 / Byte.SIZE];
        secureRandom.nextBytes(initializeVector);

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        GCMParameterSpec p = new GCMParameterSpec(128, initializeVector);

        try (FileChannel src = FileChannel.open(backupFile, READ);
             FileChannel dest = FileChannel.open(file, WRITE, TRUNCATE_EXISTING)) {

            SecretKeySpec secretKeySpec =
                new SecretKeySpec(MessageDigest.getInstance("MD5").digest(new byte[]{0x00}), "AES");

            cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, p);

            ByteBuffer ivBuffer = ByteBuffer.allocate(Integer.BYTES + cipher.getIV().length);
            ivBuffer.putInt(cipher.getIV().length);
            ivBuffer.put(cipher.getIV());
            ivBuffer.flip();
            dest.write(ivBuffer);

            ByteBuffer readBuf = ByteBuffer.allocateDirect(8192);
            ByteBuffer writeBuf = ByteBuffer.allocateDirect(cipher.getOutputSize(8192));
            while (src.read(readBuf) >= 0) {
                if (cipher.getOutputSize(8192) > writeBuf.capacity()) {
                    writeBuf = ByteBuffer.allocateDirect(cipher.getOutputSize(8192));
                }
                readBuf.flip();

                cipher.update(readBuf, writeBuf);
                writeBuf.flip();
                dest.write(writeBuf);

                readBuf.clear();
                writeBuf.clear();
            }

            if (cipher.getOutputSize(0) > writeBuf.capacity()) {
                writeBuf = ByteBuffer.allocateDirect(cipher.getOutputSize(0));
            }

            cipher.doFinal(ByteBuffer.allocate(0), writeBuf);

            writeBuf.flip();
            dest.write(writeBuf);

            Files.delete(backupFile);
        } catch (ShortBufferException e) {
            //Should not happen!
            throw new RuntimeException(e);
        }
    }

    void decrypt() throws Exception {
        Path file = Paths.get("path/to/file");
        Path backupFile = file.getParent().resolve(file.getFileName().toString() + ".bak");
        Files.deleteIfExists(backupFile);
        Files.copy(file, backupFile);

        try (FileChannel src = FileChannel.open(backupFile, READ);
             FileChannel dest = FileChannel.open(file, WRITE, TRUNCATE_EXISTING)) {

            ByteBuffer ivLengthBuffer = ByteBuffer.allocate(Integer.BYTES);
            src.read(ivLengthBuffer);
            ivLengthBuffer.flip();
            int ivLength = ivLengthBuffer.getInt();

            ByteBuffer ivBuffer = ByteBuffer.allocate(ivLength);
            src.read(ivBuffer);
            ivBuffer.flip();
            byte[] iv = new byte[ivBuffer.limit()];
            ivBuffer.get(iv);

            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            GCMParameterSpec p = new GCMParameterSpec(128, iv);

            SecretKeySpec secretKeySpec =
                new SecretKeySpec(MessageDigest.getInstance("MD5").digest(new byte[]{0x00}), "AES");

            cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, p);

            ByteBuffer readBuf = ByteBuffer.allocateDirect(8192);
            ByteBuffer writeBuf = ByteBuffer.allocateDirect(cipher.getOutputSize(8192));
            while (src.read(readBuf) >= 0) {
                if (cipher.getOutputSize(8192) > writeBuf.capacity()) {
                    writeBuf = ByteBuffer.allocateDirect(cipher.getOutputSize(8192));
                }
                readBuf.flip();
                cipher.update(readBuf, writeBuf);

                writeBuf.flip();
                dest.write(writeBuf);

                readBuf.clear();
                writeBuf.clear();
            }

            if (cipher.getOutputSize(0) > writeBuf.capacity()) {
                writeBuf = ByteBuffer.allocateDirect(cipher.getOutputSize(0));
            }
            cipher.doFinal(ByteBuffer.allocate(0), writeBuf);
            writeBuf.flip();
            dest.write(writeBuf);

            Files.deleteIfExists(backupFile);
        }
    }

}

我发现了一个奇怪的问题:如果原始文件(未加密)大于4KB,则解密后,cipher.update(readBuf, writeBuf)不会向缓冲区写入任何内容,cipher.doFinal(ByteBuffer.allocate(0), writeBuf)也不会写入任何内容,并且最终我丢失了数据。每次致电cipher.getOutputSize(8192)都会增加结果,我不知道为什么会发生,但可能会有所帮助。

为什么会发生,我该如何解决?

1 个答案:

答案 0 :(得分:0)

.update()很简单; SunJCE实施了GCM(和CCM)要求,即如果身份验证失败,则经过身份验证的解密不会释放(任何)明文。参见How come putting the GCM authentication tag at the end of a cipher stream require internal buffering during decryption?https://moxie.org/blog/the-cryptographic-doom-principle/。因为标记位于密文的结尾,所以这意味着它必须缓冲所有密文,直到调用doFinal()(的重载之一)为止。 (这就是为什么对于大文件,随着您不断读取和缓冲更多数据,您从writeBufcipher.getOutputSize(8192)的重新分配不断增长的原因。)

.doFinal()很难;它应该工作。但是,我已经缩小了失败的范围:仅当您使用ByteBuffer而不是原始的byte[]数组时才会发生这种情况-它是在javax.crypto.CipherSpi.bufferCrypt中实现的,而不是分派给实现类的;并且输出ByteBuffer没有后备数组(即已直接分配);明文超过4096个字节。我将尝试更深入地研究导致失败的原因,但与此同时更改前两个解决方法(或将数据限制为4096字节,但大概您不希望这样做)。

相关问题
最新问题