private void attemptDecrypt() { mPlaintextView.setError(null); mPlaintextView.setText(""); mCiphertextView.setError(null); try { byte[] ciphertext = base64Decode(mCiphertextView.getText().toString()); byte[] plaintext = mApplication.aead.decrypt(ciphertext, EMPTY_ASSOCIATED_DATA); mPlaintextView.setText(new String(plaintext, "UTF-8")); } catch (UnsupportedEncodingException | GeneralSecurityException | IllegalArgumentException e) { mPlaintextView.setError( String.format("%s: %s", getString(R.string.error_cannot_decrypt), e.toString())); mCiphertextView.requestFocus(); } }
private byte[] decrypt(KeysetHandle keysetHandle, byte[] cipherText) throws GeneralSecurityException { Aead aead = AeadFactory.getPrimitive(keysetHandle); return aead.decrypt(cipherText, ASSOCIATED_DATA.getBytes()); } }
private byte[] decrypt(KeysetHandle keysetHandle, byte[] cipherText) throws GeneralSecurityException { Aead aead = AeadFactory.getPrimitive(keysetHandle); return aead.decrypt(cipherText, ASSOCIATED_DATA.getBytes()); } }
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { try { ByteBuffer buffer = ByteBuffer.wrap(ciphertext); int encryptedDekSize = buffer.getInt(); if (encryptedDekSize <= 0 || encryptedDekSize > (ciphertext.length - LENGTH_ENCRYPTED_DEK)) { throw new GeneralSecurityException("invalid ciphertext"); } byte[] encryptedDek = new byte[encryptedDekSize]; buffer.get(encryptedDek, 0, encryptedDekSize); byte[] payload = new byte[buffer.remaining()]; buffer.get(payload, 0, buffer.remaining()); // Use remote to decrypt encryptedDek. byte[] dek = remote.decrypt(encryptedDek, EMPTY_AAD); // Use DEK to decrypt payload. Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek); return aead.decrypt(payload, associatedData); } catch (IndexOutOfBoundsException | BufferUnderflowException | NegativeArraySizeException e) { throw new GeneralSecurityException("invalid ciphertext", e); } }
/** Decrypts the encrypted keyset with the {@link Aead} master key. */ private static Keyset decrypt(EncryptedKeyset encryptedKeyset, Aead masterKey) throws GeneralSecurityException { try { Keyset keyset = Keyset.parseFrom( masterKey.decrypt( encryptedKeyset.getEncryptedKeyset().toByteArray(), /* associatedData= */ new byte[0])); // check emptiness here too, in case the encrypted keys unwrapped to nothing? assertEnoughKeyMaterial(keyset); return keyset; } catch (InvalidProtocolBufferException e) { throw new GeneralSecurityException("invalid keyset, corrupted key material"); } }
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<Aead>> entries = pset.getPrimitive(prefix); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, associatedData); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<Aead>> entries = pset.getRawPrimitives(); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, associatedData); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
return aead.decrypt(payloadCiphertext, emptyEad);
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws GeneralSecurityException { EllipticCurve curve = recipientPrivateKey.getParams().getCurve(); int headerSize = EllipticCurves.encodingSizeInBytes(curve, ecPointFormat); if (ciphertext.length < headerSize) { throw new GeneralSecurityException("ciphertext too short"); } byte[] kemBytes = Arrays.copyOfRange(ciphertext, 0, headerSize); byte[] symmetricKey = recipientKem.generateKey( kemBytes, hkdfHmacAlgo, hkdfSalt, contextInfo, demHelper.getSymmetricKeySizeInBytes(), ecPointFormat); Aead aead = demHelper.getAead(symmetricKey); return aead.decrypt(Arrays.copyOfRange(ciphertext, headerSize, ciphertext.length), EMPTY_AAD); } }
return aead.decrypt(payloadCiphertext, emptyEad);
/** Encrypts the keyset with the {@link Aead} master key. */ private static EncryptedKeyset encrypt(Keyset keyset, Aead masterKey) throws GeneralSecurityException { byte[] encryptedKeyset = masterKey.encrypt(keyset.toByteArray(), /* associatedData= */ new byte[0]); // Check if we can decrypt, to detect errors try { final Keyset keyset2 = Keyset.parseFrom(masterKey.decrypt(encryptedKeyset, /* associatedData= */ new byte[0])); if (!keyset2.equals(keyset)) { throw new GeneralSecurityException("cannot encrypt keyset"); } } catch (InvalidProtocolBufferException e) { throw new GeneralSecurityException("invalid keyset, corrupted key material"); } return EncryptedKeyset.newBuilder() .setEncryptedKeyset(ByteString.copyFrom(encryptedKeyset)) .setKeysetInfo(Util.getKeysetInfo(keyset)) .build(); }