public AlgorithmParameterSpec getParameterSpec(byte[] iv) { return this == CBC ? new IvParameterSpec(iv) : new GCMParameterSpec(128, iv); }
public AlgorithmParameterSpec getParameterSpec(byte[] iv) { return this == CBC ? new IvParameterSpec(iv) : new GCMParameterSpec(128, iv); }
public byte[] decrypt(byte[] encrypt) throws EncryptionServiceException { try { byte[] myNonce = new byte[GCM_IV_NONCE_SIZE_BYTES]; byte[] mySalt = new byte[PBKDF2_SALT_SIZE_BYTES]; ByteArrayInputStream fileInputStream = new ByteArrayInputStream(encrypt); fileInputStream.read(myNonce); fileInputStream.read(mySalt); SecretKey key = new SecretKeySpec(generateKey(mySalt), CIPHER); Cipher myCipher = Cipher.getInstance(CIPHERSCHEME); GCMParameterSpec spec = new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE_BITS, myNonce); myCipher.init(Cipher.DECRYPT_MODE, key, spec); return myCipher.doFinal(Arrays.copyOfRange(encrypt, GCM_IV_NONCE_SIZE_BYTES + PBKDF2_SALT_SIZE_BYTES, encrypt.length)); } catch (Exception e) { logger.error("Decryption failed", e); throw new EncryptionServiceException(e); } }
private ByteBuf decryptData(SecretKey dataKeySecret, MessageMetadata msgMetadata, ByteBuf payload) { // unpack iv and encrypted data ByteString ivString = msgMetadata.getEncryptionParam(); ivString.copyTo(iv, 0); GCMParameterSpec gcmParams = new GCMParameterSpec(tagLen, iv); ByteBuf targetBuf = null; try { cipher.init(Cipher.DECRYPT_MODE, dataKeySecret, gcmParams); ByteBuffer sourceNioBuf = payload.nioBuffer(payload.readerIndex(), payload.readableBytes()); int maxLength = cipher.getOutputSize(payload.readableBytes()); targetBuf = PooledByteBufAllocator.DEFAULT.buffer(maxLength, maxLength); ByteBuffer targetNioBuf = targetBuf.nioBuffer(0, maxLength); int decryptedSize = cipher.doFinal(sourceNioBuf, targetNioBuf); targetBuf.writerIndex(decryptedSize); } catch (InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | ShortBufferException e) { log.error("{} Failed to decrypt message {}", logCtx, e.getMessage()); if (targetBuf != null) { targetBuf.release(); targetBuf = null; } } return targetBuf; }
public byte[] encrypt(String plaintext) throws EncryptionServiceException { try { byte[] newSalt = generateRandomArray(PBKDF2_SALT_SIZE_BYTES); SecretKey key = new SecretKeySpec(generateKey(newSalt), CIPHER); Cipher myCipher = Cipher.getInstance(CIPHERSCHEME); byte[] newNonce = generateRandomArray(GCM_IV_NONCE_SIZE_BYTES); GCMParameterSpec spec = new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE_BITS, newNonce); myCipher.init(Cipher.ENCRYPT_MODE, key, spec); byte[] bytes = plaintext.getBytes(); return Arrays.concatenate(newNonce, newSalt, myCipher.doFinal(bytes)); } catch (Exception e) { logger.error("Encryption failed", e); throw new EncryptionServiceException(e); } }
GCMParameterSpec gcmParam = new GCMParameterSpec(tagLen, iv);
protected AlgorithmParameterSpec getParameterSpec(byte[] iv) { if (useInsecureCipher) { return new IvParameterSpec(iv); } else { return new GCMParameterSpec(128, iv); } }
private Cipher createCipher(int opmode, char[] password, byte[] salt, byte[] iv) throws GeneralSecurityException { PBEKeySpec keySpec = new PBEKeySpec(password, salt, KDF_ITERS, CIPHER_KEY_BITS); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KDF_ALGO); SecretKey secretKey = keyFactory.generateSecret(keySpec); SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), CIPHER_ALGO); GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_BITS, iv); Cipher cipher = Cipher.getInstance(CIPHER_ALGO + "/" + CIPHER_MODE + "/" + CIPHER_PADDING); cipher.init(opmode, secret, spec); cipher.updateAAD(salt); return cipher; }
@Override public InputStream decryptStream(InputStream inputStream) throws CryptoException { byte[] initVector = new byte[GCM_IV_LENGTH_IN_BYTES]; try { IOUtils.readFully(inputStream, initVector); } catch (IOException e) { throw new CryptoException("Unable to read IV from stream", e); } Cipher cipher; try { cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, fek, new GCMParameterSpec(GCM_TAG_LENGTH_IN_BITS, initVector)); } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException e) { throw new CryptoException("Unable to initialize cipher", e); } CipherInputStream cis = new CipherInputStream(inputStream, cipher); return new BlockedInputStream(cis, cipher.getBlockSize(), 1024); } }
cipher = Cipher.getInstance(transformation); cipher.init(Cipher.ENCRYPT_MODE, fek, new GCMParameterSpec(GCM_TAG_LENGTH_IN_BITS, initVector)); } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException e) {
/** * Creates a platform version of {@code GCMParameterSpec}. */ @SuppressWarnings("unused") static AlgorithmParameterSpec toGCMParameterSpec(int tagLenInBits, byte[] iv) { return new GCMParameterSpec(tagLenInBits, iv); }
/** * Creates a platform version of {@code GCMParameterSpec}. */ @SuppressWarnings("unused") static AlgorithmParameterSpec toGCMParameterSpec(int tagLenInBits, byte[] iv) { return new GCMParameterSpec(tagLenInBits, iv); }
private void initParameterSpec() { if(operationMode.equals("GCM")) { this.spec = new GCMParameterSpec(tagBigLength, iv); } }
private GCMParameterSpec paramsForSegment(byte[] prefix, int segmentNr, boolean last) { ByteBuffer nonce = ByteBuffer.allocate(NONCE_SIZE_IN_BYTES); nonce.order(ByteOrder.BIG_ENDIAN); nonce.put(prefix); nonce.putInt(segmentNr); nonce.put((byte) (last ? 1 : 0)); return new GCMParameterSpec(8 * TAG_SIZE_IN_BYTES, nonce.array()); }
private static GCMParameterSpec bytesToSpec(final byte[] data, final int offset) { final ByteArrayInputStream bais = new ByteArrayInputStream(data, offset, data.length - offset); try (final DataInputStream dis = new DataInputStream(bais)) { final int tagLen = dis.readInt(); final int nonceLen = dis.readInt(); final byte[] nonce = new byte[nonceLen]; dis.readFully(nonce); return new GCMParameterSpec(tagLen, nonce); } catch (final IOException ex) { throw new AssertionError("Impossible exception", ex); } }
private byte[] encrypt(final byte[] key, final byte[] nonce, final byte[] plaintext) throws GeneralSecurityException { Cipher cipher = EngineFactory.CIPHER.getInstance("AES/GCM/NoPadding"); GCMParameterSpec params = new GCMParameterSpec(8 * WebPushConstants.TAG_SIZE, nonce); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), params); byte[] paddedPlaintext = new byte[plaintext.length + 1]; paddedPlaintext[paddedPlaintext.length - 1] = WebPushConstants.PADDING_DELIMITER_BYTE; System.arraycopy(plaintext, 0, paddedPlaintext, 0, plaintext.length); return cipher.doFinal(paddedPlaintext); } }
private byte[] decrypt(final byte[] key, final byte[] nonce, final byte[] ciphertext) throws GeneralSecurityException { Cipher cipher = EngineFactory.CIPHER.getInstance("AES/GCM/NoPadding"); GCMParameterSpec params = new GCMParameterSpec(8 * WebPushConstants.TAG_SIZE, nonce); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), params); byte[] plaintext = cipher.doFinal(ciphertext); if (plaintext[plaintext.length - 1] != WebPushConstants.PADDING_DELIMITER_BYTE) { throw new GeneralSecurityException("decryption failed"); } return Arrays.copyOfRange(plaintext, 0, plaintext.length - 1); } }
public String encrypt(String data) throws EncryptionException { try { Cipher cipher = Cipher.getInstance(AES_CIPHER); cipher.init( Cipher.ENCRYPT_MODE, mKey.getKey(), new GCMParameterSpec(GCM_TAG_LENGTH, mKey.getIv())); byte[] encrypted = cipher.doFinal(data.getBytes(Charset.forName(DEFAULT_CHARSET))); return Base64.encodeToString(encrypted, Base64.DEFAULT); } catch (Exception e) { throw new EncryptionException("Failed to encrypt data: ", e); } }
public String decrypt(String data) throws EncryptionException { try { Cipher cipher = Cipher.getInstance(AES_CIPHER); cipher.init( Cipher.DECRYPT_MODE, mKey.getKey(), new GCMParameterSpec(GCM_TAG_LENGTH, mKey.getIv())); byte[] decrypted = cipher.doFinal(Base64.decode(data, Base64.DEFAULT)); return new String(decrypted, Charset.forName(DEFAULT_CHARSET)); } catch (Exception e) { throw new EncryptionException("Failed to decrypt data: ", e); } }
static byte[] decrypt(final String string) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException { final String iv = string.split(":")[0]; final String property = string.split(":")[1]; final Cipher cipher = getCipher(); cipher.init(Cipher.DECRYPT_MODE, createSecretKey(), new GCMParameterSpec(128, base64Decode(iv))); return cipher.doFinal(base64Decode(property)); }