AES256Options.java

  1. /*
  2.  *  Licensed to the Apache Software Foundation (ASF) under one or more
  3.  *  contributor license agreements.  See the NOTICE file distributed with
  4.  *  this work for additional information regarding copyright ownership.
  5.  *  The ASF licenses this file to You under the Apache License, Version 2.0
  6.  *  (the "License"); you may not use this file except in compliance with
  7.  *  the License.  You may obtain a copy of the License at
  8.  *
  9.  *      http://www.apache.org/licenses/LICENSE-2.0
  10.  *
  11.  *  Unless required by applicable law or agreed to in writing, software
  12.  *  distributed under the License is distributed on an "AS IS" BASIS,
  13.  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14.  *  See the License for the specific language governing permissions and
  15.  *  limitations under the License.
  16.  */
  17. package org.apache.commons.compress.archivers.sevenz;

  18. import java.security.GeneralSecurityException;
  19. import java.security.NoSuchAlgorithmException;
  20. import java.security.SecureRandom;

  21. import javax.crypto.Cipher;
  22. import javax.crypto.SecretKey;
  23. import javax.crypto.spec.IvParameterSpec;
  24. import javax.crypto.spec.SecretKeySpec;

  25. /**
  26.  * Options for {@link SevenZMethod#AES256SHA256} encoder
  27.  *
  28.  * @since 1.23
  29.  * @see AES256SHA256Decoder
  30.  */
  31. final class AES256Options {

  32.     private static final byte[] EMPTY_BYTE_ARRAY = {};

  33.     static final String ALGORITHM = "AES";

  34.     static final String TRANSFORMATION = "AES/CBC/NoPadding";

  35.     static SecretKeySpec newSecretKeySpec(final byte[] bytes) {
  36.         return new SecretKeySpec(bytes, ALGORITHM);
  37.     }

  38.     private static byte[] randomBytes(final int size) {
  39.         final byte[] bytes = new byte[size];
  40.         try {
  41.             SecureRandom.getInstanceStrong().nextBytes(bytes);
  42.         } catch (final NoSuchAlgorithmException e) {
  43.             throw new IllegalStateException("No strong secure random available to generate strong AES key", e);
  44.         }
  45.         return bytes;
  46.     }

  47.     private final byte[] salt;
  48.     private final byte[] iv;

  49.     private final int numCyclesPower;

  50.     private final Cipher cipher;

  51.     /**
  52.      * @param password password used for encryption
  53.      */
  54.     AES256Options(final char[] password) {
  55.         this(password, EMPTY_BYTE_ARRAY, randomBytes(16), 19);
  56.     }

  57.     /**
  58.      * @param password       password used for encryption
  59.      * @param salt           for password hash salting (enforce password security)
  60.      * @param iv             Initialization Vector (IV) used by cipher algorithm
  61.      * @param numCyclesPower another password security enforcer parameter that controls the cycles of password hashing. More the this number is high, more
  62.      *                       security you'll have but also high CPU usage
  63.      */
  64.     AES256Options(final char[] password, final byte[] salt, final byte[] iv, final int numCyclesPower) {
  65.         this.salt = salt;
  66.         this.iv = iv;
  67.         this.numCyclesPower = numCyclesPower;

  68.         // NOTE: for security purposes, password is wrapped in a Cipher as soon as possible to not stay in memory
  69.         final byte[] aesKeyBytes = AES256SHA256Decoder.sha256Password(password, numCyclesPower, salt);
  70.         final SecretKey aesKey = newSecretKeySpec(aesKeyBytes);

  71.         try {
  72.             cipher = Cipher.getInstance(TRANSFORMATION);
  73.             cipher.init(Cipher.ENCRYPT_MODE, aesKey, new IvParameterSpec(iv));
  74.         } catch (final GeneralSecurityException generalSecurityException) {
  75.             throw new IllegalStateException("Encryption error (do you have the JCE Unlimited Strength Jurisdiction Policy Files installed?)",
  76.                     generalSecurityException);
  77.         }
  78.     }

  79.     Cipher getCipher() {
  80.         return cipher;
  81.     }

  82.     byte[] getIv() {
  83.         return iv;
  84.     }

  85.     int getNumCyclesPower() {
  86.         return numCyclesPower;
  87.     }

  88.     byte[] getSalt() {
  89.         return salt;
  90.     }
  91. }