public AlgorithmParameterSpec getParameterSpec(byte[] iv) { return this == CBC ? new IvParameterSpec(iv) : new GCMParameterSpec(128, iv); }
/** * Convert from platform's GCMParameterSpec to our internal version. */ @SuppressWarnings("unused") static GCMParameters fromGCMParameterSpec(AlgorithmParameterSpec params) { if (params instanceof GCMParameterSpec) { GCMParameterSpec gcmParams = (GCMParameterSpec) params; return new GCMParameters(gcmParams.getTLen(), gcmParams.getIV()); } return null; }
/** * Convert from platform's GCMParameterSpec to our internal version. */ @SuppressWarnings("unused") static GCMParameters fromGCMParameterSpec(AlgorithmParameterSpec params) { if (params instanceof GCMParameterSpec) { GCMParameterSpec gcmParams = (GCMParameterSpec) params; return new GCMParameters(gcmParams.getTLen(), gcmParams.getIV()); } return null; }
public AlgorithmParameterSpec getParameterSpec(byte[] iv) { return this == CBC ? new IvParameterSpec(iv) : new GCMParameterSpec(128, iv); }
private static byte[] specToBytes(final GCMParameterSpec spec) { final byte[] nonce = spec.getIV(); final ByteArrayOutputStream baos = new ByteArrayOutputStream(); try (final DataOutputStream dos = new DataOutputStream(baos)) { dos.writeInt(spec.getTLen()); dos.writeInt(nonce.length); dos.write(nonce); dos.close(); baos.close(); } catch (final IOException ex) { throw new AssertionError("Impossible exception", ex); } return baos.toByteArray(); }
public byte[] decrypt(byte[] encrypt) throws EncryptionServiceException { try { byte[] myNonce = new byte[GCM_IV_NONCE_SIZE_BYTES]; byte[] mySalt = new byte[PBKDF2_SALT_SIZE_BYTES]; ByteArrayInputStream fileInputStream = new ByteArrayInputStream(encrypt); fileInputStream.read(myNonce); fileInputStream.read(mySalt); SecretKey key = new SecretKeySpec(generateKey(mySalt), CIPHER); Cipher myCipher = Cipher.getInstance(CIPHERSCHEME); GCMParameterSpec spec = new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE_BITS, myNonce); myCipher.init(Cipher.DECRYPT_MODE, key, spec); return myCipher.doFinal(Arrays.copyOfRange(encrypt, GCM_IV_NONCE_SIZE_BYTES + PBKDF2_SALT_SIZE_BYTES, encrypt.length)); } catch (Exception e) { logger.error("Decryption failed", e); throw new EncryptionServiceException(e); } }
/** * Retrieves the actual algorithm parameters and validates them. * * @param cipher The cipher to interrogate for the parameters it * actually used. * * @return The IV used by the specified cipher. * * @throws JOSEException If retrieval of the algorithm parameters from * the cipher failed, or the parameters are * deemed unusable. * * @see {@link #actualParamsOf(Cipher)} * @see #validate(byte[], int) */ private static byte[] actualIVOf(final Cipher cipher) throws JOSEException { GCMParameterSpec actualParams = actualParamsOf(cipher); byte[] iv = actualParams.getIV(); int tLen = actualParams.getTLen(); validate(iv, tLen); return iv; }
private ByteBuf decryptData(SecretKey dataKeySecret, MessageMetadata msgMetadata, ByteBuf payload) { // unpack iv and encrypted data ByteString ivString = msgMetadata.getEncryptionParam(); ivString.copyTo(iv, 0); GCMParameterSpec gcmParams = new GCMParameterSpec(tagLen, iv); ByteBuf targetBuf = null; try { cipher.init(Cipher.DECRYPT_MODE, dataKeySecret, gcmParams); ByteBuffer sourceNioBuf = payload.nioBuffer(payload.readerIndex(), payload.readableBytes()); int maxLength = cipher.getOutputSize(payload.readableBytes()); targetBuf = PooledByteBufAllocator.DEFAULT.buffer(maxLength, maxLength); ByteBuffer targetNioBuf = targetBuf.nioBuffer(0, maxLength); int decryptedSize = cipher.doFinal(sourceNioBuf, targetNioBuf); targetBuf.writerIndex(decryptedSize); } catch (InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | ShortBufferException e) { log.error("{} Failed to decrypt message {}", logCtx, e.getMessage()); if (targetBuf != null) { targetBuf.release(); targetBuf = null; } } return targetBuf; }
public byte[] encrypt(String plaintext) throws EncryptionServiceException { try { byte[] newSalt = generateRandomArray(PBKDF2_SALT_SIZE_BYTES); SecretKey key = new SecretKeySpec(generateKey(newSalt), CIPHER); Cipher myCipher = Cipher.getInstance(CIPHERSCHEME); byte[] newNonce = generateRandomArray(GCM_IV_NONCE_SIZE_BYTES); GCMParameterSpec spec = new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE_BITS, newNonce); myCipher.init(Cipher.ENCRYPT_MODE, key, spec); byte[] bytes = plaintext.getBytes(); return Arrays.concatenate(newNonce, newSalt, myCipher.doFinal(bytes)); } catch (Exception e) { logger.error("Encryption failed", e); throw new EncryptionServiceException(e); } }
GCMParameterSpec gcmParam = new GCMParameterSpec(tagLen, iv);
protected AlgorithmParameterSpec getParameterSpec(byte[] iv) { if (useInsecureCipher) { return new IvParameterSpec(iv); } else { return new GCMParameterSpec(128, iv); } }
private Cipher createCipher(int opmode, char[] password, byte[] salt, byte[] iv) throws GeneralSecurityException { PBEKeySpec keySpec = new PBEKeySpec(password, salt, KDF_ITERS, CIPHER_KEY_BITS); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KDF_ALGO); SecretKey secretKey = keyFactory.generateSecret(keySpec); SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), CIPHER_ALGO); GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_BITS, iv); Cipher cipher = Cipher.getInstance(CIPHER_ALGO + "/" + CIPHER_MODE + "/" + CIPHER_PADDING); cipher.init(opmode, secret, spec); cipher.updateAAD(salt); return cipher; }
@Override public InputStream decryptStream(InputStream inputStream) throws CryptoException { byte[] initVector = new byte[GCM_IV_LENGTH_IN_BYTES]; try { IOUtils.readFully(inputStream, initVector); } catch (IOException e) { throw new CryptoException("Unable to read IV from stream", e); } Cipher cipher; try { cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, fek, new GCMParameterSpec(GCM_TAG_LENGTH_IN_BITS, initVector)); } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException e) { throw new CryptoException("Unable to initialize cipher", e); } CipherInputStream cis = new CipherInputStream(inputStream, cipher); return new BlockedInputStream(cis, cipher.getBlockSize(), 1024); } }
cipher = Cipher.getInstance(transformation); cipher.init(Cipher.ENCRYPT_MODE, fek, new GCMParameterSpec(GCM_TAG_LENGTH_IN_BITS, initVector)); } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException e) {
/** * Creates a platform version of {@code GCMParameterSpec}. */ @SuppressWarnings("unused") static AlgorithmParameterSpec toGCMParameterSpec(int tagLenInBits, byte[] iv) { return new GCMParameterSpec(tagLenInBits, iv); }
/** * Creates a platform version of {@code GCMParameterSpec}. */ @SuppressWarnings("unused") static AlgorithmParameterSpec toGCMParameterSpec(int tagLenInBits, byte[] iv) { return new GCMParameterSpec(tagLenInBits, iv); }
@Override protected AlgorithmParameterSpec generateIV(byte[] bytes, int offset, int length) { // See class javadoc for explanation of this magic number (128) return new GCMParameterSpec(128, bytes, offset, length); } }
public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) { return new GCMParameterSpec(authTagLength, iv); }
private GCMParameterSpec gcmParameterSpec(byte[] nonce) { return new GCMParameterSpec(GCM_TAG_SIZE_IN_BYTES * Byte.SIZE, nonce); }
public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) { return new GCMParameterSpec(authTagLength, iv); }