@Override public void verifyMac(final byte[] mac, final byte[] data) throws GeneralSecurityException { if (!Bytes.equal(computeMac(data), mac)) { throw new GeneralSecurityException("invalid MAC"); } } }
static void verifyMac(final byte[] key, byte[] data, byte[] mac) throws GeneralSecurityException { if (!Bytes.equal(computeMac(key, data), mac)) { throw new GeneralSecurityException("invalid MAC"); } } }
@Override public void verifyMac(final byte[] mac, byte[] data) throws GeneralSecurityException { if (!Bytes.equal(mac, this.computeMac(data))) { throw new GeneralSecurityException("invalid MAC"); } }
tagBuffer.get(expectedTag); assert expectedTag.length == tag.length; if (!Bytes.equal(expectedTag, tag)) { throw new GeneralSecurityException("Tag mismatch");
if (Bytes.equal(expectedIv, computedIv)) { return decryptedPt; } else {
/** * Validates public key and clear its most significant bit. * * @throws InvalidKeyException iff the {@code pubKey} is in the banned list or its length is not * 32-byte. */ private static void validatePubKeyAndClearMsb(byte[] pubKey) throws InvalidKeyException { if (pubKey.length != 32) { throw new InvalidKeyException("Public key length is not 32-byte"); } // Clears the most significant bit as in the method decodeUCoordinate() of RFC7748. pubKey[31] &= (byte) 0x7f; for (int i = 0; i < BANNED_PUBLIC_KEYS.length; i++) { if (Bytes.equal(BANNED_PUBLIC_KEYS[i], pubKey)) { throw new InvalidKeyException("Banned public key: " + Hex.encode(BANNED_PUBLIC_KEYS[i])); } } }
/** Checks that the point is on curve */ boolean isOnCurve() { long[] x2 = new long[LIMB_CNT]; Field25519.square(x2, x); long[] y2 = new long[LIMB_CNT]; Field25519.square(y2, y); long[] z2 = new long[LIMB_CNT]; Field25519.square(z2, z); long[] z4 = new long[LIMB_CNT]; Field25519.square(z4, z2); long[] lhs = new long[LIMB_CNT]; // lhs = y^2 - x^2 Field25519.sub(lhs, y2, x2); // lhs = z^2 * (y2 - x2) Field25519.mult(lhs, lhs, z2); long[] rhs = new long[LIMB_CNT]; // rhs = x^2 * y^2 Field25519.mult(rhs, x2, y2); // rhs = D * x^2 * y^2 Field25519.mult(rhs, rhs, D); // rhs = z^4 + D * x^2 * y^2 Field25519.sum(rhs, z4); // z^2 (y^2 - x^2) == z^4 + D * x^2 * y^2 return Bytes.equal(Field25519.contract(lhs), Field25519.contract(rhs)); } }
return Bytes.equal(Field25519.contract(lhs), Field25519.contract(t));