private Cipher createCipher(int opmode, char[] password, byte[] salt, byte[] iv) throws GeneralSecurityException { PBEKeySpec keySpec = new PBEKeySpec(password, salt, KDF_ITERS, CIPHER_KEY_BITS); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KDF_ALGO); SecretKey secretKey = keyFactory.generateSecret(keySpec); SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), CIPHER_ALGO); GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_BITS, iv); Cipher cipher = Cipher.getInstance(CIPHER_ALGO + "/" + CIPHER_MODE + "/" + CIPHER_PADDING); cipher.init(opmode, secret, spec); cipher.updateAAD(salt); return cipher; }
private void updateAad(Cipher cipher, byte[] aad) { if (aad != null && aad.length > 0) { cipher.updateAAD(aad); } }
@Override public void write(byte[] bytes, int off, int len) throws IOException { cipher.updateAAD(bytes, off, len); }
@Override public void write(byte[] bytes) throws IOException { cipher.updateAAD(bytes); }
@Override public void write(int bb) throws IOException { cipher.updateAAD(new byte[]{(byte) bb}); }
@Override public void write(byte[] bytes) throws IOException { cipher.updateAAD(bytes); }
@Override public void write(byte[] bytes, int off, int len) throws IOException { cipher.updateAAD(bytes, off, len); }
@Override public void write(int bb) throws IOException { cipher.updateAAD(new byte[]{(byte) bb}); }
private Cipher createCipher(int opmode, char[] password, byte[] salt, byte[] iv) throws GeneralSecurityException { PBEKeySpec keySpec = new PBEKeySpec(password, salt, KDF_ITERS, CIPHER_KEY_BITS); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KDF_ALGO); SecretKey secretKey = keyFactory.generateSecret(keySpec); SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), CIPHER_ALGO); GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_BITS, iv); Cipher cipher = Cipher.getInstance(CIPHER_ALGO + "/" + CIPHER_MODE + "/" + CIPHER_PADDING); cipher.init(opmode, secret, spec); cipher.updateAAD(salt); return cipher; }
private int encryptAad( ByteBuffer ciphertext, ByteBuffer plaintext, @Nullable ByteBuffer aad, byte[] nonce) throws GeneralSecurityException { checkArgument(nonce.length == NONCE_LENGTH); cipher.init( Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key, AES), new GCMParameterSpec(TAG_LENGTH * 8, nonce)); if (aad != null) { cipher.updateAAD(aad); } return cipher.doFinal(plaintext, ciphertext); }
private void decryptAad( ByteBuffer plaintext, ByteBuffer ciphertext, @Nullable ByteBuffer aad, byte[] nonce) throws GeneralSecurityException { checkArgument(nonce.length == NONCE_LENGTH); cipher.init( Cipher.DECRYPT_MODE, new SecretKeySpec(this.key, AES), new GCMParameterSpec(TAG_LENGTH * 8, nonce)); if (aad != null) { cipher.updateAAD(aad); } cipher.doFinal(ciphertext, plaintext); }
private Cipher createCipher(int opmode, char[] password, byte[] salt, byte[] iv) throws GeneralSecurityException { PBEKeySpec keySpec = new PBEKeySpec(password, salt, KDF_ITERS, CIPHER_KEY_BITS); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KDF_ALGO); SecretKey secretKey = keyFactory.generateSecret(keySpec); SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), CIPHER_ALGO); GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_BITS, iv); Cipher cipher = Cipher.getInstance(CIPHER_ALGO + "/" + CIPHER_MODE + "/" + CIPHER_PADDING); cipher.init(opmode, secret, spec); cipher.updateAAD(salt); return cipher; }
@Override public byte[] decrypt(byte[] encryptedData, byte[] key) throws Exception { SecretKeySpec secretKeySpec = new SecretKeySpec(key, KEY_SPEC); ByteBuffer byteBuffer = ByteBuffer.wrap(encryptedData); byte[] iv = new byte[IV_SIZE]; byteBuffer.get(iv); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(TAG_BIT_LENGTH, iv); Cipher cipher = Cipher.getInstance(ALGO_TRANSFORMATION_STRING); cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, gcmParamSpec, secureRandom); cipher.updateAAD(TAG.getBytes(StandardCharsets.UTF_8)); byte[] encryptedPayload = new byte[byteBuffer.remaining()]; byteBuffer.get(encryptedPayload); return cipher.doFinal(encryptedPayload); } }
@Override public byte[] decrypt(byte[] encryptedData, byte[] key) throws Exception { SecretKeySpec secretKeySpec = new SecretKeySpec(key, KEY_SPEC); ByteBuffer byteBuffer = ByteBuffer.wrap(encryptedData); byte[] iv = new byte[IV_SIZE]; byteBuffer.get(iv); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(TAG_BIT_LENGTH, iv); Cipher cipher = Cipher.getInstance(ALGO_TRANSFORMATION_STRING); cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, gcmParamSpec, secureRandom); cipher.updateAAD(TAG.getBytes(StandardCharsets.UTF_8)); byte[] encryptedPayload = new byte[byteBuffer.remaining()]; byteBuffer.get(encryptedPayload); return cipher.doFinal(encryptedPayload); } }
@Override public byte[] decrypt(byte[] encryptedData, byte[] key) throws Exception { SecretKeySpec secretKeySpec = new SecretKeySpec(key, KEY_SPEC); ByteBuffer byteBuffer = ByteBuffer.wrap(encryptedData); byte[] iv = new byte[IV_SIZE]; byteBuffer.get(iv); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(TAG_BIT_LENGTH, iv); Cipher cipher = Cipher.getInstance(ALGO_TRANSFORMATION_STRING); cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, gcmParamSpec, secureRandom); cipher.updateAAD(TAG.getBytes(StandardCharsets.UTF_8)); byte[] encryptedPayload = new byte[byteBuffer.remaining()]; byteBuffer.get(encryptedPayload); return cipher.doFinal(encryptedPayload); } }
@Override public byte[] encrypt(byte[] data, byte[] key) throws Exception { SecretKeySpec secretKeySpec = new SecretKeySpec(key, KEY_SPEC); byte[] iv = new byte[IV_SIZE]; secureRandom.nextBytes(iv); GCMParameterSpec gcmParamSpec = new GCMParameterSpec(TAG_BIT_LENGTH, iv); Cipher cipher = Cipher.getInstance(ALGO_TRANSFORMATION_STRING); cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, gcmParamSpec, secureRandom); cipher.updateAAD(TAG.getBytes(StandardCharsets.UTF_8)); ByteArrayOutputStream baos = new ByteArrayOutputStream(); baos.write(iv); try (CipherOutputStream cipherOutputStream = new CipherOutputStream(baos, cipher)) { cipherOutputStream.write(data); } return baos.toByteArray(); }
@Override protected Cipher buildUnwrappingCipher(final Key key, final byte[] extraInfo, final int offset, final Map<String, String> encryptionContext) throws GeneralSecurityException { final GCMParameterSpec spec = bytesToSpec(extraInfo, offset); final Cipher cipher = Cipher.getInstance(TRANSFORMATION); cipher.init(Cipher.DECRYPT_MODE, key, spec); final byte[] aad = EncryptionContextSerializer.serialize(encryptionContext); cipher.updateAAD(aad); return cipher; } }
@Override protected WrappingData buildWrappingCipher(final Key key, final Map<String, String> encryptionContext) throws GeneralSecurityException { final byte[] nonce = new byte[NONCE_LENGTH]; rnd.nextBytes(nonce); final GCMParameterSpec spec = new GCMParameterSpec(TAG_LENGTH, nonce); final Cipher cipher = Cipher.getInstance(TRANSFORMATION); cipher.init(Cipher.ENCRYPT_MODE, key, spec); final byte[] aad = EncryptionContextSerializer.serialize(encryptionContext); cipher.updateAAD(aad); return new WrappingData(cipher, specToBytes(spec)); }
@Override public byte[] encrypt(byte[] iv, int tagLength, byte[] additionAuthenticatedData, byte[] someBytes) throws CryptoException { GCMParameterSpec encryptIv = new GCMParameterSpec(tagLength, iv); try { cipher = Cipher.getInstance(algorithm.getJavaName()); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, algorithm.getJavaName()), encryptIv); cipher.updateAAD(additionAuthenticatedData); byte[] result = cipher.doFinal(someBytes); this.iv = cipher.getIV(); return result; } catch (IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchPaddingException ex) { throw new CryptoException("Could not initialize JavaCipher", ex); } }
public byte[] aesGCM(byte[] nonce, byte[] keyBytes) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException { GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH_BITS, nonce); final SecretKey secretKeySpec = new SecretKeySpec(keyBytes, "AES"); final Cipher aes = Cipher.getInstance("AES/GCM/NoPadding"); aes.init(Cipher.ENCRYPT_MODE, secretKeySpec, gcmParameterSpec); aes.updateAAD(AUTHENTICATED_NOT_ENCRYPTED.getBytes(StandardCharsets.UTF_8)); aes.update(ENCRYPTED_AND_AUTHENTICATED.getBytes(StandardCharsets.UTF_8)); final byte[] cipherText = aes.doFinal(); return cipherText; }