protected static <P> PrimitiveSet<P> newPrimitiveSet() { return new PrimitiveSet<P>(); }
private static void validate(final PrimitiveSet<PublicKeyVerify> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<PublicKeyVerify>> entries : pset.getAll()) { for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { if (!(entry.getPrimitive() instanceof PublicKeyVerify)) { throw new GeneralSecurityException("invalid PublicKeyVerify key material"); } } } } }
/** * Creates a helper that uses the provided primitives for encryption * and decryption of data provided via channels. * For encryption it uses the primitive corresponding to the primary key. * For decryption it uses an enabled primitive that matches the given ciphertext. */ public StreamingAeadHelper(PrimitiveSet<StreamingAead> primitives) throws GeneralSecurityException { if (primitives.getPrimary() == null) { throw new GeneralSecurityException("Missing primary primitive."); } this.primitives = primitives; }
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<Aead>> entries = pset.getPrimitive(prefix); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, associatedData); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<Aead>> entries = pset.getRawPrimitives(); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, associatedData); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
throws GeneralSecurityException { Util.validateKeyset(keysetHandle.getKeyset()); PrimitiveSet<P> primitives = PrimitiveSet.newPrimitiveSet(); for (Keyset.Key key : keysetHandle.getKeyset().getKeyList()) { if (key.getStatus() == KeyStatusType.ENABLED) { primitive = getPrimitive(key.getKeyData().getTypeUrl(), key.getKeyData().getValue()); PrimitiveSet.Entry<P> entry = primitives.addPrimitive(primitive, key); if (key.getKeyId() == keysetHandle.getKeyset().getPrimaryKeyId()) { primitives.setPrimary(entry);
List<PrimitiveSet.Entry<StreamingAead>> entries; try { entries = primitives.getRawPrimitives(); } catch (GeneralSecurityException e) { throw new IOException("Keyset failure: ", e);
/** @return all primitives using RAW prefix. */ public List<Entry<P>> getRawPrimitives() throws GeneralSecurityException { return getPrimitive(CryptoFormat.RAW_PREFIX); }
byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<DeterministicAead>> entries = primitives.getPrimitive(prefix); for (PrimitiveSet.Entry<DeterministicAead> entry : entries) { try { List<PrimitiveSet.Entry<DeterministicAead>> entries = primitives.getRawPrimitives(); for (PrimitiveSet.Entry<DeterministicAead> entry : entries) { try {
List<PrimitiveSet.Entry<StreamingAead>> entries; try { entries = primitives.getRawPrimitives(); } catch (GeneralSecurityException e) { throw new IOException("Keyset failure: ", e);
/** @return the entries with primitives identified by the ciphertext prefix of {@code key}. */ protected List<Entry<P>> getPrimitive(Keyset.Key key) throws GeneralSecurityException { return getPrimitive(CryptoFormat.getOutputPrefix(key)); }
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<HybridDecrypt>> entries = primitives.getPrimitive(prefix); for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, contextInfo); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<HybridDecrypt>> entries = primitives.getRawPrimitives(); for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, contextInfo); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
private static void validate(final PrimitiveSet<DeterministicAead> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<DeterministicAead>> entries : pset.getAll()) { for (PrimitiveSet.Entry<DeterministicAead> entry : entries) { if (!(entry.getPrimitive() instanceof DeterministicAead)) { throw new GeneralSecurityException("invalid Deterministic AEAD key material"); } } } } }
@Override public WritableByteChannel newEncryptingChannel( WritableByteChannel ciphertextDestination, byte[] associatedData) throws GeneralSecurityException, IOException { return primitives.getPrimary().getPrimitive() .newEncryptingChannel(ciphertextDestination, associatedData); }
List<PrimitiveSet.Entry<StreamingAead>> entries; try { entries = primitives.getRawPrimitives(); } catch (GeneralSecurityException e) { throw new IOException("Keyset failure: ", e);
List<PrimitiveSet.Entry<Mac>> entries = primitives.getPrimitive(prefix); for (PrimitiveSet.Entry<Mac> entry : entries) { try { entries = primitives.getRawPrimitives(); for (PrimitiveSet.Entry<Mac> entry : entries) { try {
private static void validate(final PrimitiveSet<HybridDecrypt> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<HybridDecrypt>> entries : pset.getAll()) { for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { if (!(entry.getPrimitive() instanceof HybridDecrypt)) { throw new GeneralSecurityException("invalid HybridDecrypt key material"); } } } } }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException { return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().encrypt(plaintext, contextInfo)); } };
byte[] sigNoPrefix = Arrays.copyOfRange(signature, CryptoFormat.NON_RAW_PREFIX_SIZE, signature.length); List<PrimitiveSet.Entry<PublicKeyVerify>> entries = primitives.getPrimitive(prefix); for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { try { entries = primitives.getRawPrimitives(); for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { try {
private static void validate(final PrimitiveSet<PublicKeySign> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<PublicKeySign>> entries : pset.getAll()) { for (PrimitiveSet.Entry<PublicKeySign> entry : entries) { if (!(entry.getPrimitive() instanceof PublicKeySign)) { throw new GeneralSecurityException("invalid PublicKeySign key material"); } } } } }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { return Bytes.concat( pset.getPrimary().getIdentifier(), pset.getPrimary().getPrimitive().encrypt(plaintext, associatedData)); }