Example 1 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAead method encrypt.
@Override
public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException {
// Generate a new DEK.
byte[] dek = Registry.newKey(dekTemplate).toByteArray();
// Wrap it with remote.
byte[] encryptedDek = remote.encrypt(dek, EMPTY_AAD);
// Use DEK to encrypt plaintext.
Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek);
byte[] payload = aead.encrypt(plaintext, associatedData);
// Build ciphertext protobuf and return result.
return buildCiphertext(encryptedDek, payload);
}
Also used :
Aead(com.google.crypto.tink.Aead)
Example 2 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAead method decrypt.
@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException {
try {
ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
int encryptedDekSize = buffer.getInt();
if (encryptedDekSize <= 0 || encryptedDekSize > (ciphertext.length - LENGTH_ENCRYPTED_DEK)) {
throw new GeneralSecurityException("invalid ciphertext");
}
byte[] encryptedDek = new byte[encryptedDekSize];
buffer.get(encryptedDek, 0, encryptedDekSize);
byte[] payload = new byte[buffer.remaining()];
buffer.get(payload, 0, buffer.remaining());
// Use remote to decrypt encryptedDek.
byte[] dek = remote.decrypt(encryptedDek, EMPTY_AAD);
// Use DEK to decrypt payload.
Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek);
return aead.decrypt(payload, associatedData);
} catch (IndexOutOfBoundsException | BufferUnderflowException | NegativeArraySizeException e) {
throw new GeneralSecurityException("invalid ciphertext", e);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
ByteBuffer(java.nio.ByteBuffer)
BufferUnderflowException(java.nio.BufferUnderflowException)
Example 3 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAeadKeyManager method getPrimitive.
/**
* @param key {@code KmsEnvelopeAeadKey} proto
*/
@Override
public Aead getPrimitive(MessageLite key) throws GeneralSecurityException {
if (!(key instanceof KmsEnvelopeAeadKey)) {
throw new GeneralSecurityException("expected KmsEnvelopeAeadKey proto");
}
KmsEnvelopeAeadKey keyProto = (KmsEnvelopeAeadKey) key;
validate(keyProto);
String keyUri = keyProto.getParams().getKekUri();
KmsClient kmsClient = KmsClients.get(keyUri);
Aead remote = kmsClient.getAead(keyUri);
return new KmsEnvelopeAead(keyProto.getParams().getDekTemplate(), remote);
}
Also used :
KmsEnvelopeAeadKey(com.google.crypto.tink.proto.KmsEnvelopeAeadKey)
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
ByteString(com.google.protobuf.ByteString)
KmsClient(com.google.crypto.tink.KmsClient)
Example 4 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class EciesAeadHkdfHybridEncrypt method encrypt.
/**
* Encrypts {@code plaintext} using {@code contextInfo} as <b>info</b>-parameter of the underlying
* HKDF.
*
* @return resulting ciphertext.
*/
@Override
public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException {
EciesHkdfSenderKem.KemKey kemKey = senderKem.generateKey(hkdfHmacAlgo, hkdfSalt, contextInfo, demHelper.getSymmetricKeySizeInBytes(), ecPointFormat);
Aead aead = demHelper.getAead(kemKey.getSymmetricKey());
byte[] ciphertext = aead.encrypt(plaintext, EMPTY_AAD);
byte[] header = kemKey.getKemBytes();
return ByteBuffer.allocate(header.length + ciphertext.length).put(header).put(ciphertext).array();
}
Also used :
Aead(com.google.crypto.tink.Aead)
Example 5 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AesEaxKeyManagerTest method testCiphertextSize.
@Test
public void testCiphertextSize() throws Exception {
byte[] keyValue = Random.randBytes(AES_KEY_SIZE);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createAesEaxKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK)));
Aead aead = AeadFactory.getPrimitive(keysetHandle);
byte[] plaintext = "plaintext".getBytes("UTF-8");
byte[] associatedData = "associatedData".getBytes("UTF-8");
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
assertEquals(CryptoFormat.NON_RAW_PREFIX_SIZE + 16 + /* IV_SIZE */
plaintext.length + 16, /* TAG_SIZE */
ciphertext.length);
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
Aead(com.google.crypto.tink.Aead)
Test(org.junit.Test)
Aggregations
Aead (com.google.crypto.tink.Aead)40
Test (org.junit.Test)32
GeneralSecurityException (java.security.GeneralSecurityException)20
KeysetHandle (com.google.crypto.tink.KeysetHandle)9
EncryptRequest (com.amazonaws.services.kms.model.EncryptRequest)4
DecryptRequest (com.amazonaws.services.kms.model.DecryptRequest)3
EncryptResult (com.amazonaws.services.kms.model.EncryptResult)3
Key (com.google.crypto.tink.proto.Keyset.Key)3
AmazonServiceException (com.amazonaws.AmazonServiceException)2
DecryptResult (com.amazonaws.services.kms.model.DecryptResult)2
KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)2
ByteBuffer (java.nio.ByteBuffer)2
AEADBadTagException (javax.crypto.AEADBadTagException)2
BinaryKeysetReader (com.google.crypto.tink.BinaryKeysetReader)1
BinaryKeysetWriter (com.google.crypto.tink.BinaryKeysetWriter)1
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)1
JsonKeysetReader (com.google.crypto.tink.JsonKeysetReader)1
JsonKeysetWriter (com.google.crypto.tink.JsonKeysetWriter)1
KeyManager (com.google.crypto.tink.KeyManager)1
KeysetReader (com.google.crypto.tink.KeysetReader)1
