private static void validate(KeyData keyData) throws GeneralSecurityException { // This will throw GeneralSecurityException if the keyData is invalid. Registry.getPrimitive(keyData); }
/** * Convenience method for creating a new primitive for the key given in {@code proto}. * * <p>It looks up a {@link KeyManager} identified by {@code type_url}, and calls {@link * KeyManager#getPrimitive} with {@code serialized} as the parameter. * * @return a new primitive */ @SuppressWarnings("TypeParameterUnusedInFormals") public static <P> P getPrimitive(String typeUrl, byte[] serialized) throws GeneralSecurityException { return getPrimitive(typeUrl, ByteString.copyFrom(serialized)); }
/** * Convenience method for creating a new primitive for the key given in {@code proto}. * * <p>It looks up a {@link KeyManager} identified by {@code keyData.type_url}, and calls {@link * KeyManager#getPrimitive} with {@code keyData.value} as the parameter. * * @return a new primitive */ @SuppressWarnings("TypeParameterUnusedInFormals") public static <P> P getPrimitive(KeyData keyData) throws GeneralSecurityException { return getPrimitive(keyData.getTypeUrl(), keyData.getValue()); }
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { try { ByteBuffer buffer = ByteBuffer.wrap(ciphertext); int encryptedDekSize = buffer.getInt(); if (encryptedDekSize <= 0 || encryptedDekSize > (ciphertext.length - LENGTH_ENCRYPTED_DEK)) { throw new GeneralSecurityException("invalid ciphertext"); } byte[] encryptedDek = new byte[encryptedDekSize]; buffer.get(encryptedDek, 0, encryptedDekSize); byte[] payload = new byte[buffer.remaining()]; buffer.get(payload, 0, buffer.remaining()); // Use remote to decrypt encryptedDek. byte[] dek = remote.decrypt(encryptedDek, EMPTY_AAD); // Use DEK to decrypt payload. Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek); return aead.decrypt(payload, associatedData); } catch (IndexOutOfBoundsException | BufferUnderflowException | NegativeArraySizeException e) { throw new GeneralSecurityException("invalid ciphertext", e); } }
/** * @param key {@code AesCtrHmacAeadKey} proto */ @Override public Aead getPrimitive(MessageLite key) throws GeneralSecurityException { if (!(key instanceof AesCtrHmacAeadKey)) { throw new GeneralSecurityException("expected AesCtrHmacAeadKey proto"); } AesCtrHmacAeadKey keyProto = (AesCtrHmacAeadKey) key; validate(keyProto); return new EncryptThenAuthenticate( (IndCpaCipher) Registry.getPrimitive( AesCtrKeyManager.TYPE_URL, keyProto.getAesCtrKey()), (Mac) Registry.getPrimitive(MacConfig.HMAC_TYPE_URL, keyProto.getHmacKey()), keyProto.getHmacKey().getParams().getTagSize()); }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { // Generate a new DEK. byte[] dek = Registry.newKey(dekTemplate).toByteArray(); // Wrap it with remote. byte[] encryptedDek = remote.encrypt(dek, EMPTY_AAD); // Use DEK to encrypt plaintext. Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek); byte[] payload = aead.encrypt(plaintext, associatedData); // Build ciphertext protobuf and return result. return buildCiphertext(encryptedDek, payload); }
.setKeyValue(ByteString.copyFrom(symmetricKeyValue, 0, symmetricKeySize)) .build(); return Registry.getPrimitive(demKeyTypeUrl, aeadKey); } else if (demKeyTypeUrl.equals(AeadConfig.AES_CTR_HMAC_AEAD_TYPE_URL)) { byte[] aesCtrKeyValue = Arrays.copyOfRange(symmetricKeyValue, 0, aesCtrKeySize); .setHmacKey(hmacKey) .build(); return Registry.getPrimitive(demKeyTypeUrl, aeadKey); } else { throw new GeneralSecurityException("unknown DEM key type");
primitive = customManager.getPrimitive(key.getKeyData().getValue()); } else { primitive = getPrimitive(key.getKeyData().getTypeUrl(), key.getKeyData().getValue());