private static void validate(final PrimitiveSet<HybridDecrypt> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<HybridDecrypt>> entries : pset.getAll()) { for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { if (!(entry.getPrimitive() instanceof HybridDecrypt)) { throw new GeneralSecurityException("invalid HybridDecrypt key material"); } } } } }
private static void validate(final PrimitiveSet<DeterministicAead> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<DeterministicAead>> entries : pset.getAll()) { for (PrimitiveSet.Entry<DeterministicAead> entry : entries) { if (!(entry.getPrimitive() instanceof DeterministicAead)) { throw new GeneralSecurityException("invalid Deterministic AEAD key material"); } } } } }
private static void validate(final PrimitiveSet<PublicKeyVerify> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<PublicKeyVerify>> entries : pset.getAll()) { for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { if (!(entry.getPrimitive() instanceof PublicKeyVerify)) { throw new GeneralSecurityException("invalid PublicKeyVerify key material"); } } } } }
final byte[] formatVersion = new byte[] {CryptoFormat.LEGACY_START_BYTE}; final byte[] dataWithFormatVersion = Bytes.concat(data, formatVersion); entry.getPrimitive().verify(sigNoPrefix, dataWithFormatVersion); } else { entry.getPrimitive().verify(sigNoPrefix, data); for (PrimitiveSet.Entry<PublicKeyVerify> entry : entries) { try { entry.getPrimitive().verify(signature, data);
try { if (entry.getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { entry.getPrimitive().verifyMac(macNoPrefix, Bytes.concat(data, formatVersion)); } else { entry.getPrimitive().verifyMac(macNoPrefix, data); for (PrimitiveSet.Entry<Mac> entry : entries) { try { entry.getPrimitive().verifyMac(mac, data);
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<HybridDecrypt>> entries = primitives.getPrimitive(prefix); for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, contextInfo); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<HybridDecrypt>> entries = primitives.getRawPrimitives(); for (PrimitiveSet.Entry<HybridDecrypt> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, contextInfo); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
try { return entry .getPrimitive() .decryptDeterministically(ciphertextNoPrefix, associatedData); } catch (GeneralSecurityException e) { for (PrimitiveSet.Entry<DeterministicAead> entry : entries) { try { return entry.getPrimitive().decryptDeterministically(ciphertext, associatedData); } catch (GeneralSecurityException e) { continue;
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { if (ciphertext.length > CryptoFormat.NON_RAW_PREFIX_SIZE) { byte[] prefix = Arrays.copyOfRange(ciphertext, 0, CryptoFormat.NON_RAW_PREFIX_SIZE); byte[] ciphertextNoPrefix = Arrays.copyOfRange(ciphertext, CryptoFormat.NON_RAW_PREFIX_SIZE, ciphertext.length); List<PrimitiveSet.Entry<Aead>> entries = pset.getPrimitive(prefix); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertextNoPrefix, associatedData); } catch (GeneralSecurityException e) { logger.info("ciphertext prefix matches a key, but cannot decrypt: " + e.toString()); continue; } } } // Let's try all RAW keys. List<PrimitiveSet.Entry<Aead>> entries = pset.getRawPrimitives(); for (PrimitiveSet.Entry<Aead> entry : entries) { try { return entry.getPrimitive().decrypt(ciphertext, associatedData); } catch (GeneralSecurityException e) { continue; } } // nothing works. throw new GeneralSecurityException("decryption failed"); } };
private static void validate(final PrimitiveSet<StreamingAead> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<StreamingAead>> entries : pset.getAll()) { for (PrimitiveSet.Entry<StreamingAead> entry : entries) { if (!(entry.getPrimitive() instanceof StreamingAead)) { throw new GeneralSecurityException("invalid StreamingAead key material"); } } } } }
@Override public byte[] encryptDeterministically(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives .getPrimary() .getPrimitive() .encryptDeterministically(plaintext, associatedData)); }
private static void validate(final PrimitiveSet<Aead> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<Aead>> entries : pset.getAll()) { for (PrimitiveSet.Entry<Aead> entry : entries) { if (!(entry.getPrimitive() instanceof Aead)) { throw new GeneralSecurityException("invalid AEAD key material"); } } } } }
private static void validate(final PrimitiveSet<HybridEncrypt> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<HybridEncrypt>> entries : pset.getAll()) { for (PrimitiveSet.Entry<HybridEncrypt> entry : entries) { if (!(entry.getPrimitive() instanceof HybridEncrypt)) { throw new GeneralSecurityException("invalid HybridEncrypt key material"); } } } } }
private static void validate(final PrimitiveSet<Mac> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<Mac>> entries : pset.getAll()) { for (PrimitiveSet.Entry<Mac> entry : entries) { if (!(entry.getPrimitive() instanceof Mac)) { throw new GeneralSecurityException("invalid MAC key material"); } } } } }
@Override public OutputStream newEncryptingStream( OutputStream ciphertext, byte[] associatedData) throws GeneralSecurityException, IOException { return primitives.getPrimary().getPrimitive() .newEncryptingStream(ciphertext, associatedData); } }
@Override public byte[] sign(final byte[] data) throws GeneralSecurityException { if (primitives.getPrimary().getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { byte[] formatVersion = new byte[] {CryptoFormat.LEGACY_START_BYTE}; return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().sign(Bytes.concat(data, formatVersion))); } return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().sign(data)); } };
private static void validate(final PrimitiveSet<PublicKeySign> pset) throws GeneralSecurityException { for (Collection<PrimitiveSet.Entry<PublicKeySign>> entries : pset.getAll()) { for (PrimitiveSet.Entry<PublicKeySign> entry : entries) { if (!(entry.getPrimitive() instanceof PublicKeySign)) { throw new GeneralSecurityException("invalid PublicKeySign key material"); } } } } }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { return Bytes.concat( pset.getPrimary().getIdentifier(), pset.getPrimary().getPrimitive().encrypt(plaintext, associatedData)); }
@Override public byte[] computeMac(final byte[] data) throws GeneralSecurityException { if (primitives.getPrimary().getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().computeMac(Bytes.concat(data, formatVersion))); } return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().computeMac(data)); }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException { return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().encrypt(plaintext, contextInfo)); } };
@Override public WritableByteChannel newEncryptingChannel( WritableByteChannel ciphertextDestination, byte[] associatedData) throws GeneralSecurityException, IOException { return primitives.getPrimary().getPrimitive() .newEncryptingChannel(ciphertextDestination, associatedData); }