private void attemptDecrypt() { mPlaintextView.setError(null); mPlaintextView.setText(""); mCiphertextView.setError(null); try { byte[] ciphertext = base64Decode(mCiphertextView.getText().toString()); byte[] plaintext = mApplication.aead.decrypt(ciphertext, EMPTY_ASSOCIATED_DATA); mPlaintextView.setText(new String(plaintext, "UTF-8")); } catch (UnsupportedEncodingException | GeneralSecurityException | IllegalArgumentException e) { mPlaintextView.setError( String.format("%s: %s", getString(R.string.error_cannot_decrypt), e.toString())); mCiphertextView.requestFocus(); } }
private void attemptEncrypt() { mPlaintextView.setError(null); mCiphertextView.setError(null); mCiphertextView.setText(""); try { byte[] plaintext = mPlaintextView.getText().toString().getBytes("UTF-8"); byte[] ciphertext = mApplication.aead.encrypt(plaintext, EMPTY_ASSOCIATED_DATA); mCiphertextView.setText(base64Encode(ciphertext)); } catch (UnsupportedEncodingException | GeneralSecurityException | IllegalArgumentException e) { mCiphertextView.setError( String.format("%s: %s", getString(R.string.error_cannot_encrypt), e.toString())); mPlaintextView.requestFocus(); } }
/** Encrypts the keyset with the {@link Aead} master key. */ private static EncryptedKeyset encrypt(Keyset keyset, Aead masterKey) throws GeneralSecurityException { byte[] encryptedKeyset = masterKey.encrypt(keyset.toByteArray(), /* associatedData= */ new byte[0]); // Check if we can decrypt, to detect errors try { final Keyset keyset2 = Keyset.parseFrom(masterKey.decrypt(encryptedKeyset, /* associatedData= */ new byte[0])); if (!keyset2.equals(keyset)) { throw new GeneralSecurityException("cannot encrypt keyset"); } } catch (InvalidProtocolBufferException e) { throw new GeneralSecurityException("invalid keyset, corrupted key material"); } return EncryptedKeyset.newBuilder() .setEncryptedKeyset(ByteString.copyFrom(encryptedKeyset)) .setKeysetInfo(Util.getKeysetInfo(keyset)) .build(); }
private byte[] decrypt(KeysetHandle keysetHandle, byte[] cipherText) throws GeneralSecurityException { Aead aead = AeadFactory.getPrimitive(keysetHandle); return aead.decrypt(cipherText, ASSOCIATED_DATA.getBytes()); } }
private byte[] encrypt(KeysetHandle keysetHandle) throws GeneralSecurityException { Aead aead = AeadFactory.getPrimitive(keysetHandle); return aead.encrypt(INITIAL_TEXT.getBytes(), ASSOCIATED_DATA.getBytes()); }
private byte[] decrypt(KeysetHandle keysetHandle, byte[] cipherText) throws GeneralSecurityException { Aead aead = AeadFactory.getPrimitive(keysetHandle); return aead.decrypt(cipherText, ASSOCIATED_DATA.getBytes()); } }
private byte[] encrypt(KeysetHandle keysetHandle) throws GeneralSecurityException { Aead aead = AeadFactory.getPrimitive(keysetHandle); return aead.encrypt(INITIAL_TEXT.getBytes(), ASSOCIATED_DATA.getBytes()); }
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { try { ByteBuffer buffer = ByteBuffer.wrap(ciphertext); int encryptedDekSize = buffer.getInt(); if (encryptedDekSize <= 0 || encryptedDekSize > (ciphertext.length - LENGTH_ENCRYPTED_DEK)) { throw new GeneralSecurityException("invalid ciphertext"); } byte[] encryptedDek = new byte[encryptedDekSize]; buffer.get(encryptedDek, 0, encryptedDekSize); byte[] payload = new byte[buffer.remaining()]; buffer.get(payload, 0, buffer.remaining()); // Use remote to decrypt encryptedDek. byte[] dek = remote.decrypt(encryptedDek, EMPTY_AAD); // Use DEK to decrypt payload. Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek); return aead.decrypt(payload, associatedData); } catch (IndexOutOfBoundsException | BufferUnderflowException | NegativeArraySizeException e) { throw new GeneralSecurityException("invalid ciphertext", e); } }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { // Generate a new DEK. byte[] dek = Registry.newKey(dekTemplate).toByteArray(); // Wrap it with remote. byte[] encryptedDek = remote.encrypt(dek, EMPTY_AAD); // Use DEK to encrypt plaintext. Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek); byte[] payload = aead.encrypt(plaintext, associatedData); // Build ciphertext protobuf and return result. return buildCiphertext(encryptedDek, payload); }
/** Decrypts the encrypted keyset with the {@link Aead} master key. */ private static Keyset decrypt(EncryptedKeyset encryptedKeyset, Aead masterKey) throws GeneralSecurityException { try { Keyset keyset = Keyset.parseFrom( masterKey.decrypt( encryptedKeyset.getEncryptedKeyset().toByteArray(), /* associatedData= */ new byte[0])); // check emptiness here too, in case the encrypted keys unwrapped to nothing? assertEnoughKeyMaterial(keyset); return keyset; } catch (InvalidProtocolBufferException e) { throw new GeneralSecurityException("invalid keyset, corrupted key material"); } }
/** * Encrypts {@code plaintext} using {@code contextInfo} as <b>info</b>-parameter of the underlying * HKDF. * * @return resulting ciphertext. */ @Override public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException { EciesHkdfSenderKem.KemKey kemKey = senderKem.generateKey( hkdfHmacAlgo, hkdfSalt, contextInfo, demHelper.getSymmetricKeySizeInBytes(), ecPointFormat); Aead aead = demHelper.getAead(kemKey.getSymmetricKey()); byte[] ciphertext = aead.encrypt(plaintext, EMPTY_AAD); byte[] header = kemKey.getKemBytes(); return ByteBuffer.allocate(header.length + ciphertext.length) .put(header) .put(ciphertext) .array(); } }
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<Aead>> entries = pset.getPrimitive(prefix); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, associatedData); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<Aead>> entries = pset.getRawPrimitives(); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, associatedData); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
byte[] payloadCiphertext = aead.encrypt(plaintext, emptyEad);
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws GeneralSecurityException { EllipticCurve curve = recipientPrivateKey.getParams().getCurve(); int headerSize = EllipticCurves.encodingSizeInBytes(curve, ecPointFormat); if (ciphertext.length < headerSize) { throw new GeneralSecurityException("ciphertext too short"); } byte[] kemBytes = Arrays.copyOfRange(ciphertext, 0, headerSize); byte[] symmetricKey = recipientKem.generateKey( kemBytes, hkdfHmacAlgo, hkdfSalt, contextInfo, demHelper.getSymmetricKeySizeInBytes(), ecPointFormat); Aead aead = demHelper.getAead(symmetricKey); return aead.decrypt(Arrays.copyOfRange(ciphertext, headerSize, ciphertext.length), EMPTY_AAD); } }
byte[] payloadCiphertext = aead.encrypt(plaintext, emptyEad);
return aead.decrypt(payloadCiphertext, emptyEad);
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { return Bytes.concat( pset.getPrimary().getIdentifier(), pset.getPrimary().getPrimitive().encrypt(plaintext, associatedData)); }
return aead.decrypt(payloadCiphertext, emptyEad);