/** * Creates an entry in the primitive table. * * @return the added entry */ protected Entry<P> addPrimitive(final P primitive, Keyset.Key key) throws GeneralSecurityException { Entry<P> entry = new Entry<P>( primitive, CryptoFormat.getOutputPrefix(key), key.getStatus(), key.getOutputPrefixType()); List<Entry<P>> list = new ArrayList<Entry<P>>(); list.add(entry); // Cannot use [] as keys in hash map, convert to string. String identifier = new String(entry.getIdentifier(), UTF_8); List<Entry<P>> existing = primitives.put(identifier, Collections.unmodifiableList(list)); if (existing != null) { List<Entry<P>> newList = new ArrayList<Entry<P>>(); newList.addAll(existing); newList.add(entry); primitives.put(identifier, Collections.unmodifiableList(newList)); } return entry; } }
try { InputStream attemptedStream = entry.getPrimitive().newDecryptingStream(ciphertextStream, associatedData); int retValue = attemptedStream.read(b, offset, len); if (retValue == 0) {
try { SeekableByteChannel attemptedChannel = entry.getPrimitive().newSeekableDecryptingChannel(ciphertextChannel, associatedData); if (cachedPosition >= 0) { // Caller did set new position before 1st read(). attemptedChannel.position(cachedPosition);
try { ReadableByteChannel attemptedChannel = entry.getPrimitive().newDecryptingChannel(ciphertextChannel, associatedData); int retValue = attemptedChannel.read(dst); if (retValue > 0) {
for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { try { if (entry.getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { final byte[] formatVersion = new byte[] {CryptoFormat.LEGACY_START_BYTE}; final byte[] dataWithFormatVersion = Bytes.concat(data, formatVersion); entry.getPrimitive().verify(sigNoPrefix, dataWithFormatVersion); } else { entry.getPrimitive().verify(sigNoPrefix, data); for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { try { entry.getPrimitive().verify(signature, data);
for (PrimitiveSet.Entry<Mac> entry : entries) { try { if (entry.getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { entry.getPrimitive().verifyMac(macNoPrefix, Bytes.concat(data, formatVersion)); } else { entry.getPrimitive().verifyMac(macNoPrefix, data); for (PrimitiveSet.Entry<Mac> entry : entries) { try { entry.getPrimitive().verifyMac(mac, data);
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<HybridDecrypt>> entries = primitives.getPrimitive(prefix); for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, contextInfo); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<HybridDecrypt>> entries = primitives.getRawPrimitives(); for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, contextInfo); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
try { return entry .getPrimitive() .decryptDeterministically(ciphertextNoPrefix, associatedData); } catch (GeneralSecurityException e) { for (PrimitiveSet.Entry<DeterministicAead> entry : entries) { try { return entry.getPrimitive().decryptDeterministically(ciphertext, associatedData); } catch (GeneralSecurityException e) { continue;
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<Aead>> entries = pset.getPrimitive(prefix); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, associatedData); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<Aead>> entries = pset.getRawPrimitives(); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, associatedData); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
private static void validate(final PrimitiveSet<StreamingAead> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<StreamingAead>> entries : pset.getAll()) { for (PrimitiveSet.Entry<StreamingAead> entry : entries) { if (!(entry.getPrimitive() instanceof StreamingAead)) { throw new GeneralSecurityException("invalid StreamingAead key material"); } } } } }
private static void validate(final PrimitiveSet<Aead> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<Aead>> entries : pset.getAll()) { for (PrimitiveSet.Entry<Aead> entry : entries) { if (!(entry.getPrimitive() instanceof Aead)) { throw new GeneralSecurityException("invalid AEAD key material"); } } } } }
private static void validate(final PrimitiveSet<HybridEncrypt> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<HybridEncrypt>> entries : pset.getAll()) { for (PrimitiveSet.Entry<HybridEncrypt> entry : entries) { if (!(entry.getPrimitive() instanceof HybridEncrypt)) { throw new GeneralSecurityException("invalid HybridEncrypt key material"); } } } } }
private static void validate(final PrimitiveSet<Mac> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<Mac>> entries : pset.getAll()) { for (PrimitiveSet.Entry<Mac> entry : entries) { if (!(entry.getPrimitive() instanceof Mac)) { throw new GeneralSecurityException("invalid MAC key material"); } } } } }
@Override public OutputStream newEncryptingStream( OutputStream ciphertext, byte[] associatedData) throws GeneralSecurityException, IOException { return primitives.getPrimary().getPrimitive() .newEncryptingStream(ciphertext, associatedData); } }
@Override public byte[] encryptDeterministically(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives .getPrimary() .getPrimitive() .encryptDeterministically(plaintext, associatedData)); }
@Override public byte[] sign(final byte[] data) throws GeneralSecurityException { if (primitives.getPrimary().getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { byte[] formatVersion = new byte[] {CryptoFormat.LEGACY_START_BYTE}; return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().sign(Bytes.concat(data, formatVersion))); } return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().sign(data)); } };
private static void validate(final PrimitiveSet<PublicKeySign> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<PublicKeySign>> entries : pset.getAll()) { for (PrimitiveSet.Entry<PublicKeySign> entry : entries) { if (!(entry.getPrimitive() instanceof PublicKeySign)) { throw new GeneralSecurityException("invalid PublicKeySign key material"); } } } } }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { return Bytes.concat( pset.getPrimary().getIdentifier(), pset.getPrimary().getPrimitive().encrypt(plaintext, associatedData)); }
private static void validate(final PrimitiveSet<DeterministicAead> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<DeterministicAead>> entries : pset.getAll()) { for (PrimitiveSet.Entry<DeterministicAead> entry : entries) { if (!(entry.getPrimitive() instanceof DeterministicAead)) { throw new GeneralSecurityException("invalid Deterministic AEAD key material"); } } } } }
private static void validate(final PrimitiveSet<PublicKeyVerify> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<PublicKeyVerify>> entries : pset.getAll()) { for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { if (!(entry.getPrimitive() instanceof PublicKeyVerify)) { throw new GeneralSecurityException("invalid PublicKeyVerify key material"); } } } } }