/** * Return the symmetric key algorithm required to decrypt the data protected by this object. * * @param dataDecryptorFactory decryptor factory to use to recover the session data. * @return the integer encryption algorithm code. * @throws PGPException if the session data cannot be recovered. */ public int getSymmetricAlgorithm(PBEDataDecryptorFactory dataDecryptorFactory) throws PGPException { byte[] key = dataDecryptorFactory.makeKeyFromPassPhrase(keyData.getEncAlgorithm(), keyData.getS2K()); byte[] sessionData = dataDecryptorFactory.recoverSessionData( keyData.getEncAlgorithm(), key, keyData.getSecKeyData()); return sessionData[0]; }
/** * Open an input stream which will provide the decrypted data protected by this object. * * @param dataDecryptorFactory decryptor factory to use to recover the session data and provide * the stream. * @return the resulting input stream * @throws PGPException if the session data cannot be recovered or the stream cannot be created. */ public InputStream getDataStream(PBEDataDecryptorFactory dataDecryptorFactory) throws PGPException { try { int keyAlgorithm = keyData.getEncAlgorithm(); byte[] key = dataDecryptorFactory.makeKeyFromPassPhrase(keyAlgorithm, keyData.getS2K()); boolean withIntegrityPacket = encData instanceof SymmetricEncIntegrityPacket; byte[] sessionData = dataDecryptorFactory.recoverSessionData( keyData.getEncAlgorithm(), key, keyData.getSecKeyData()); byte[] sessionKey = new byte[sessionData.length - 1]; System.arraycopy(sessionData, 1, sessionKey, 0, sessionKey.length); PGPDataDecryptor dataDecryptor = dataDecryptorFactory.createDataDecryptor( withIntegrityPacket, sessionData[0] & 0xff, sessionKey); encStream = new BCPGInputStream(dataDecryptor.getInputStream(encData.getInputStream())); if (withIntegrityPacket) { truncStream = new TruncatedStream(encStream); integrityCalculator = dataDecryptor.getIntegrityCalculator(); encStream = new TeeInputStream(truncStream, integrityCalculator.getOutputStream()); } byte[] iv = new byte[dataDecryptor.getBlockSize()]; for (int i = 0; i != iv.length; i++) { int ch = encStream.read(); if (ch < 0) { throw new EOFException("unexpected end of stream."); } iv[i] = (byte) ch; } int v1 = encStream.read(); int v2 = encStream.read(); if (v1 < 0 || v2 < 0) { throw new EOFException("unexpected end of stream."); } // Note: the oracle attack on "quick check" bytes is not deemed // a security risk for PBE (see PGPPublicKeyEncryptedData) boolean repeatCheckPassed = iv[iv.length - 2] == (byte) v1 && iv[iv.length - 1] == (byte) v2; // Note: some versions of PGP appear to produce 0 for the extra // bytes rather than repeating the two previous bytes boolean zeroesCheckPassed = v1 == 0 && v2 == 0; if (!repeatCheckPassed && !zeroesCheckPassed) { throw new PGPDataValidationException("data check failed."); } return encStream; } catch (PGPException e) { throw e; } catch (Exception e) { throw new PGPException("Exception creating cipher", e); } }