private byte[] computeMac(KeysetHandle keysetHandle) throws GeneralSecurityException { Mac mac = MacFactory.getPrimitive(keysetHandle); return mac.computeMac(INITIAL_TEXT.getBytes()); }
private boolean verifyMac(KeysetHandle keysetHandle, byte[] tag) { try { Mac mac = MacFactory.getPrimitive(keysetHandle); mac.verifyMac(tag, INITIAL_TEXT.getBytes()); return true; } catch (GeneralSecurityException ex) { log.error("MAC is invalid", ex); } return false; }
/** * Decrypts {@code ciphertext} with {@code aad} as additional authenticated data. The decryption * verifies the authenticity and integrity of additional data ({@code aad}), but there are no * guarantees wrt. secrecy of that data. * * <p>The ciphertext format is ciphertext || mac. The MAC is verified against (aad || ciphertext|| * t) where t is aad's length in bits represented as 64-bit bigendian unsigned integer. * * @return resulting plaintext. */ @Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { if (ciphertext.length < macLength) { throw new GeneralSecurityException("ciphertext too short"); } byte[] rawCiphertext = Arrays.copyOfRange(ciphertext, 0, ciphertext.length - macLength); byte[] macValue = Arrays.copyOfRange(ciphertext, ciphertext.length - macLength, ciphertext.length); byte[] aad = associatedData; if (aad == null) { aad = new byte[0]; } byte[] aadLengthInBits = Arrays.copyOf(ByteBuffer.allocate(8).putLong(8L * aad.length).array(), 8); mac.verifyMac(macValue, Bytes.concat(aad, rawCiphertext, aadLengthInBits)); return cipher.decrypt(rawCiphertext); } }
/** * Encrypts {@code plaintext} with {@code aad} as additional authenticated data. The resulting * ciphertext allows for checking authenticity and integrity of additional data ({@code aad}), but * does not guarantee its secrecy. * * <p>The plaintext is encrypted with an {@code IndCpaCipher}, then MAC is computed over (aad || * ciphertext || t) where t is aad's length in bits represented as 64-bit bigendian unsigned * integer. The final ciphertext format is (ind-cpa ciphertext || mac). * * @return resulting ciphertext. */ @Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { byte[] ciphertext = cipher.encrypt(plaintext); byte[] aad = associatedData; if (aad == null) { aad = new byte[0]; } byte[] aadLengthInBits = Arrays.copyOf(ByteBuffer.allocate(8).putLong(8L * aad.length).array(), 8); byte[] macValue = mac.computeMac(Bytes.concat(aad, ciphertext, aadLengthInBits)); return Bytes.concat(ciphertext, macValue); }
try { if (entry.getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { entry.getPrimitive().verifyMac(macNoPrefix, Bytes.concat(data, formatVersion)); } else { entry.getPrimitive().verifyMac(macNoPrefix, data); for (PrimitiveSet.Entry<Mac> entry : entries) { try { entry.getPrimitive().verifyMac(mac, data);
@Override public byte[] computeMac(final byte[] data) throws GeneralSecurityException { if (primitives.getPrimary().getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().computeMac(Bytes.concat(data, formatVersion))); } return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().computeMac(data)); }